commit 7d10320a8220e92b9b04497b4a33f08d7370b1ca
Author: yi <100551693+yi1108@users.noreply.github.com>
Date:   Fri Jun 5 11:29:11 2026 +0800

    feat: 灵犀 Studio Web UI 定制版
    
    Co-authored-by: Cursor <cursoragent@cursor.com>

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..b5209e2
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+.git
+.gitignore
+node_modules
+dist
+hermes_data
+*.log
+.DS_Store
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
new file mode 100644
index 0000000..18833a3
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,101 @@
+name: Bug Report
+description: File a bug report to help us improve
+title: "[Bug]: "
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+  - type: input
+    id: version
+    attributes:
+      label: Hermes Web UI Version
+      description: What version of Hermes Web UI are you using?
+      placeholder: e.g., v0.5.8
+    validations:
+      required: true
+
+  - type: input
+    id: hermes_version
+    attributes:
+      label: Hermes Agent Version
+      description: What version of Hermes Agent are you using?
+      placeholder: e.g., v0.12.0
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Bug Description
+      description: A clear and concise description of what the bug is
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Steps to Reproduce
+      description: Steps to reproduce the behavior
+      placeholder: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. See error
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+      description: What you expected to happen
+    validations:
+      required: true
+
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Behavior
+      description: What actually happened
+      placeholder: |
+        If applicable, add screenshots to help explain your problem
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs / Error Messages
+      description: Paste any relevant logs or error messages
+      render: shell
+
+  - type: dropdown
+    id: environment
+    attributes:
+      label: Environment
+      description: Where are you running Hermes Web UI?
+      options:
+        - Docker
+        - macOS
+        - Linux
+        - Windows
+        - WSL
+      multiple: true
+    validations:
+      required: true
+
+  - type: input
+    id: node_version
+    attributes:
+      label: Node Version
+      description: What version of Node.js are you using?
+      placeholder: e.g., v24.14.1
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: Any other context about the problem
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000..1b61f7b
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Documentation
+    url: https://github.com/EKKOLearnAI/hermes-web-ui#readme
+    about: Please check the documentation first
+  - name: GitHub Discussions
+    url: https://github.com/EKKOLearnAI/hermes-web-ui/discussions
+    about: Use GitHub Discussions for questions that don't fit as issues
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
new file mode 100644
index 0000000..8fcc451
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,76 @@
+name: Feature Request
+description: Suggest an idea for this project
+title: "[Feature]: "
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for suggesting a new feature! Please fill out the form below.
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem Statement
+      description: What problem does this feature solve? What pain point does it address?
+      placeholder: |
+        I'm always frustrated when...
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed Solution
+      description: What would you like to see implemented?
+      placeholder: |
+        I think adding X would be great because...
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+      description: Have you considered any alternative solutions or workarounds?
+
+  - type: dropdown
+    id: priority
+    attributes:
+      label: Priority
+      description: How important is this feature to you?
+      options:
+        - Critical - blocking my usage
+        - High - really need this
+        - Medium - nice to have
+        - Low - would be convenient
+    validations:
+      required: true
+
+  - type: textarea
+    id: use_cases
+    attributes:
+      label: Use Cases
+      description: Describe specific use cases where this feature would be helpful
+      placeholder: |
+        1. When I do X...
+        2. When I need to Y...
+
+  - type: checkboxes
+    id: contribution
+    attributes:
+      label: Willing to Contribute?
+      description: Would you be willing to help implement this feature?
+      options:
+        - label: Yes, I'd like to submit a PR
+          required: false
+        - label: Yes, but I need guidance
+          required: false
+        - label: No, I don't have time
+          required: false
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional Context
+      description: Any other context, mockups, or examples about the feature request
diff --git a/.github/ISSUE_TEMPLATE/general_issue.md b/.github/ISSUE_TEMPLATE/general_issue.md
new file mode 100644
index 0000000..843b94f
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/general_issue.md
@@ -0,0 +1,22 @@
+---
+name: General Issue
+about: Use this for issues that don't fit into bug reports or feature requests
+title: '[Question]: '
+labels: ['question']
+assignees: ''
+---
+
+## Please describe your issue
+
+<!-- Provide a clear description of what you'd like to ask or discuss -->
+
+## Context
+
+<!-- Add any other context or screenshots about the issue -->
+
+## Environment (if applicable)
+
+- Hermes Web UI Version:
+- Hermes Agent Version:
+- Operating System:
+- Node Version:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..7a65359
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,46 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+      - base
+
+permissions:
+  contents: read
+
+concurrency:
+  group: build-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Install dependencies
+        run: |
+          npm ci --ignore-scripts
+          npm rebuild node-pty
+
+      - name: Check repository harness
+        run: npm run harness:check
+
+      - name: Test with coverage
+        run: npm run test:coverage
+
+      - name: Build
+        run: npm run build
diff --git a/.github/workflows/desktop-manual-build.yml b/.github/workflows/desktop-manual-build.yml
new file mode 100644
index 0000000..a27f457
--- /dev/null
+++ b/.github/workflows/desktop-manual-build.yml
@@ -0,0 +1,213 @@
+name: Manual Desktop Build
+
+on:
+  workflow_dispatch:
+    inputs:
+      target_os:
+        description: "Desktop target OS"
+        required: true
+        type: choice
+        default: win32
+        options:
+          - win32
+          - darwin
+          - linux
+      target_arch:
+        description: "Desktop target architecture"
+        required: true
+        type: choice
+        default: x64
+        options:
+          - x64
+          - arm64
+      release_tag:
+        description: "Optional release tag to attach artifacts to"
+        required: false
+        type: string
+      runtime_release_tag:
+        description: "Optional runtime release tag embedded into the desktop app"
+        required: false
+        type: string
+
+permissions:
+  contents: write
+
+concurrency:
+  group: desktop-manual-${{ github.event.inputs.target_os }}-${{ github.event.inputs.target_arch }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    outputs:
+      label: ${{ steps.target.outputs.label }}
+      runner: ${{ steps.target.outputs.runner }}
+      target_os: ${{ steps.target.outputs.target_os }}
+      target_arch: ${{ steps.target.outputs.target_arch }}
+      electron_target: ${{ steps.target.outputs.electron_target }}
+      artifact_name: ${{ steps.target.outputs.artifact_name }}
+      artifact_files: ${{ steps.target.outputs.artifact_files }}
+    steps:
+      - name: Select requested target
+        id: target
+        shell: bash
+        run: |
+          write_common_outputs() {
+            {
+              echo "label=$1"
+              echo "runner=$2"
+              echo "target_os=${{ github.event.inputs.target_os }}"
+              echo "target_arch=${{ github.event.inputs.target_arch }}"
+              echo "electron_target=$3"
+              echo "artifact_name=$4"
+              echo "artifact_files<<EOF"
+              shift 4
+              printf '%s\n' "$@"
+              echo "EOF"
+            } >> "$GITHUB_OUTPUT"
+          }
+
+          case "${{ github.event.inputs.target_os }}-${{ github.event.inputs.target_arch }}" in
+            win32-x64)
+              write_common_outputs "Windows x64" "windows-latest" "--win nsis --x64" "desktop-win32-x64" \
+                "packages/desktop/release/*.exe" \
+                "packages/desktop/release/*.exe.blockmap" \
+                "packages/desktop/release/latest*.yml"
+              ;;
+            darwin-arm64)
+              write_common_outputs "macOS arm64" "macos-14" "--mac dmg zip --arm64" "desktop-darwin-arm64" \
+                "packages/desktop/release/*.dmg" \
+                "packages/desktop/release/*.dmg.blockmap" \
+                "packages/desktop/release/*.zip" \
+                "packages/desktop/release/*.zip.blockmap" \
+                "packages/desktop/release/latest*.yml"
+              ;;
+            darwin-x64)
+              write_common_outputs "macOS x64" "macos-15-intel" "--mac dmg zip --x64" "desktop-darwin-x64" \
+                "packages/desktop/release/*.dmg" \
+                "packages/desktop/release/*.dmg.blockmap" \
+                "packages/desktop/release/*.zip" \
+                "packages/desktop/release/*.zip.blockmap" \
+                "packages/desktop/release/latest*.yml"
+              ;;
+            linux-x64)
+              write_common_outputs "Linux x64" "ubuntu-22.04" "--linux AppImage deb --x64" "desktop-linux-x64" \
+                "packages/desktop/release/*.AppImage" \
+                "packages/desktop/release/*.deb" \
+                "packages/desktop/release/latest*.yml"
+              ;;
+            linux-arm64)
+              write_common_outputs "Linux arm64" "ubuntu-22.04-arm" "--linux AppImage --arm64" "desktop-linux-arm64" \
+                "packages/desktop/release/*.AppImage" \
+                "packages/desktop/release/latest*.yml"
+              ;;
+            *)
+              echo "Unsupported desktop target: ${{ github.event.inputs.target_os }} ${{ github.event.inputs.target_arch }}" >&2
+              exit 1
+              ;;
+          esac
+
+  desktop:
+    name: Desktop (${{ needs.validate.outputs.label }})
+    needs: validate
+    runs-on: ${{ needs.validate.outputs.runner }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            packages/desktop/package-lock.json
+
+      - name: Install web UI dependencies
+        run: |
+          npm ci --ignore-scripts
+          npm rebuild node-pty
+
+      - name: Build web UI
+        run: npm run build
+
+      - name: Keep production web UI dependencies only
+        run: npm prune --omit=dev --no-audit --no-fund
+
+      - name: Install desktop dependencies
+        run: npm ci --prefix packages/desktop --no-audit --no-fund
+
+      - name: Write runtime release metadata
+        shell: bash
+        env:
+          RUNTIME_RELEASE_TAG: ${{ github.event.inputs.runtime_release_tag }}
+        run: npm --prefix packages/desktop run write:runtime-release
+
+      - name: Configure macOS signing
+        if: needs.validate.outputs.target_os == 'darwin'
+        shell: bash
+        env:
+          MAC_CSC_LINK: ${{ secrets.MAC_CSC_LINK }}
+          MAC_CSC_KEY_PASSWORD: ${{ secrets.MAC_CSC_KEY_PASSWORD }}
+          MAC_APPLE_ID: ${{ secrets.APPLE_ID }}
+          MAC_APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+          MAC_APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+        run: |
+          write_env() {
+            local name="$1"
+            local value="$2"
+            if [ -n "$value" ]; then
+              {
+                echo "$name<<EOF"
+                echo "$value"
+                echo "EOF"
+              } >> "$GITHUB_ENV"
+            fi
+          }
+
+          if [ -z "${MAC_CSC_LINK:-}" ]; then
+            echo "CSC_IDENTITY_AUTO_DISCOVERY=false" >> "$GITHUB_ENV"
+            echo "MAC_BUILD_EXTRA_ARGS=--config.mac.notarize=false" >> "$GITHUB_ENV"
+            echo "No macOS signing certificate configured; building unsigned and skipping notarization."
+            exit 0
+          fi
+
+          write_env "CSC_LINK" "$MAC_CSC_LINK"
+          write_env "CSC_KEY_PASSWORD" "$MAC_CSC_KEY_PASSWORD"
+
+          if [ -n "${MAC_APPLE_ID:-}" ] && [ -n "${MAC_APPLE_APP_SPECIFIC_PASSWORD:-}" ] && [ -n "${MAC_APPLE_TEAM_ID:-}" ]; then
+            write_env "APPLE_ID" "$MAC_APPLE_ID"
+            write_env "APPLE_APP_SPECIFIC_PASSWORD" "$MAC_APPLE_APP_SPECIFIC_PASSWORD"
+            write_env "APPLE_TEAM_ID" "$MAC_APPLE_TEAM_ID"
+            echo "macOS signing and notarization are configured."
+          else
+            echo "MAC_BUILD_EXTRA_ARGS=--config.mac.notarize=false" >> "$GITHUB_ENV"
+            echo "macOS signing certificate configured; Apple notarization credentials incomplete, skipping notarization."
+          fi
+
+      - name: Build desktop artifact
+        shell: bash
+        run: |
+          if [ "${{ needs.validate.outputs.target_os }}" = "darwin" ]; then
+            ulimit -n 10240 || true
+            echo "File descriptor limit: $(ulimit -n)"
+          fi
+          npm --prefix packages/desktop run dist -- ${{ needs.validate.outputs.electron_target }} ${MAC_BUILD_EXTRA_ARGS:-} --publish never
+
+      - name: Upload workflow artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ needs.validate.outputs.artifact_name }}
+          path: ${{ needs.validate.outputs.artifact_files }}
+          if-no-files-found: error
+          retention-days: 7
+
+      - name: Upload artifacts to release
+        if: github.event.inputs.release_tag != ''
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.event.inputs.release_tag }}
+          fail_on_unmatched_files: true
+          files: ${{ needs.validate.outputs.artifact_files }}
diff --git a/.github/workflows/desktop-release.yml b/.github/workflows/desktop-release.yml
new file mode 100644
index 0000000..945e604
--- /dev/null
+++ b/.github/workflows/desktop-release.yml
@@ -0,0 +1,206 @@
+name: Publish Desktop Artifacts to Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Existing release tag to attach artifacts to (e.g. v0.6.5)"
+        required: true
+  release:
+    types: [published]
+
+permissions:
+  contents: write
+
+concurrency:
+  group: desktop-release-${{ github.event.release.tag_name || github.event.inputs.tag || github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  desktop:
+    name: Desktop (${{ matrix.label }})
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - label: macOS arm64
+            runner: macos-14
+            target_os: darwin
+            target_arch: arm64
+            electron_target: "--mac dmg zip --arm64"
+            artifact_files: |
+              packages/desktop/release/*.dmg
+              packages/desktop/release/*.dmg.blockmap
+              packages/desktop/release/*.zip
+              packages/desktop/release/*.zip.blockmap
+          - label: macOS x64
+            runner: macos-15-intel
+            target_os: darwin
+            target_arch: x64
+            electron_target: "--mac dmg zip --x64"
+            artifact_files: |
+              packages/desktop/release/*.dmg
+              packages/desktop/release/*.dmg.blockmap
+              packages/desktop/release/*.zip
+              packages/desktop/release/*.zip.blockmap
+          - label: Windows x64
+            runner: windows-latest
+            target_os: win32
+            target_arch: x64
+            electron_target: "--win nsis --x64"
+            artifact_files: |
+              packages/desktop/release/*.exe
+              packages/desktop/release/*.exe.blockmap
+              packages/desktop/release/latest*.yml
+          - label: Linux x64
+            runner: ubuntu-22.04
+            target_os: linux
+            target_arch: x64
+            electron_target: "--linux AppImage deb --x64"
+            artifact_files: |
+              packages/desktop/release/*.AppImage
+              packages/desktop/release/*.deb
+              packages/desktop/release/latest*.yml
+          - label: Linux arm64
+            runner: ubuntu-22.04-arm
+            target_os: linux
+            target_arch: arm64
+            electron_target: "--linux AppImage --arm64"
+            artifact_files: |
+              packages/desktop/release/*.AppImage
+              packages/desktop/release/latest*.yml
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.release.tag_name || github.event.inputs.tag }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            packages/desktop/package-lock.json
+
+      - name: Install web UI dependencies
+        run: |
+          npm ci --ignore-scripts
+          npm rebuild node-pty
+
+      - name: Build web UI
+        run: npm run build
+
+      - name: Keep production web UI dependencies only
+        run: npm prune --omit=dev --no-audit --no-fund
+
+      - name: Install desktop dependencies
+        run: npm ci --prefix packages/desktop --no-audit --no-fund
+
+      - name: Write runtime release metadata
+        shell: bash
+        env:
+          HERMES_DESKTOP_RUNTIME_RELEASE_TAG: ${{ vars.HERMES_DESKTOP_RUNTIME_RELEASE_TAG }}
+        run: npm --prefix packages/desktop run write:runtime-release
+
+      - name: Configure macOS signing
+        if: matrix.target_os == 'darwin'
+        shell: bash
+        env:
+          MAC_CSC_LINK: ${{ secrets.MAC_CSC_LINK }}
+          MAC_CSC_KEY_PASSWORD: ${{ secrets.MAC_CSC_KEY_PASSWORD }}
+          MAC_APPLE_ID: ${{ secrets.APPLE_ID }}
+          MAC_APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+          MAC_APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+        run: |
+          write_env() {
+            local name="$1"
+            local value="$2"
+            if [ -n "$value" ]; then
+              {
+                echo "$name<<EOF"
+                echo "$value"
+                echo "EOF"
+              } >> "$GITHUB_ENV"
+            fi
+          }
+
+          if [ -z "${MAC_CSC_LINK:-}" ]; then
+            echo "CSC_IDENTITY_AUTO_DISCOVERY=false" >> "$GITHUB_ENV"
+            echo "MAC_BUILD_EXTRA_ARGS=--config.mac.notarize=false" >> "$GITHUB_ENV"
+            echo "No macOS signing certificate configured; building unsigned and skipping notarization."
+            exit 0
+          fi
+
+          write_env "CSC_LINK" "$MAC_CSC_LINK"
+          write_env "CSC_KEY_PASSWORD" "$MAC_CSC_KEY_PASSWORD"
+
+          if [ -n "${MAC_APPLE_ID:-}" ] && [ -n "${MAC_APPLE_APP_SPECIFIC_PASSWORD:-}" ] && [ -n "${MAC_APPLE_TEAM_ID:-}" ]; then
+            write_env "APPLE_ID" "$MAC_APPLE_ID"
+            write_env "APPLE_APP_SPECIFIC_PASSWORD" "$MAC_APPLE_APP_SPECIFIC_PASSWORD"
+            write_env "APPLE_TEAM_ID" "$MAC_APPLE_TEAM_ID"
+            echo "macOS signing and notarization are configured."
+          else
+            echo "MAC_BUILD_EXTRA_ARGS=--config.mac.notarize=false" >> "$GITHUB_ENV"
+            echo "macOS signing certificate configured; Apple notarization credentials incomplete, skipping notarization."
+          fi
+
+      - name: Build desktop artifact
+        shell: bash
+        run: |
+          if [ "${{ matrix.target_os }}" = "darwin" ]; then
+            ulimit -n 10240 || true
+            echo "File descriptor limit: $(ulimit -n)"
+          fi
+          npm --prefix packages/desktop run dist -- ${{ matrix.electron_target }} ${MAC_BUILD_EXTRA_ARGS:-} --publish never
+
+      - name: Upload macOS update manifest artifact
+        if: matrix.target_os == 'darwin'
+        uses: actions/upload-artifact@v4
+        with:
+          name: latest-mac-${{ matrix.target_arch }}
+          path: packages/desktop/release/latest-mac.yml
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: Upload artifacts to release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.event.release.tag_name || github.event.inputs.tag }}
+          fail_on_unmatched_files: true
+          files: ${{ matrix.artifact_files }}
+
+  mac-update-manifest:
+    name: Merge macOS updater manifest
+    needs: desktop
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.release.tag_name || github.event.inputs.tag }}
+
+      - name: Download macOS update manifests
+        uses: actions/download-artifact@v4
+        with:
+          pattern: latest-mac-*
+          path: /tmp/hermes-mac-manifests
+          merge-multiple: false
+
+      - name: Merge macOS update manifests
+        shell: bash
+        run: |
+          node packages/desktop/scripts/merge-mac-latest-yml.mjs \
+            /tmp/hermes-mac-manifests/latest-mac-arm64/latest-mac.yml \
+            /tmp/hermes-mac-manifests/latest-mac-x64/latest-mac.yml \
+            > /tmp/latest-mac.yml
+
+      - name: Upload merged macOS updater manifest to release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.event.release.tag_name || github.event.inputs.tag }}
+          fail_on_unmatched_files: true
+          files: /tmp/latest-mac.yml
diff --git a/.github/workflows/desktop-runtime.yml b/.github/workflows/desktop-runtime.yml
new file mode 100644
index 0000000..6cb194f
--- /dev/null
+++ b/.github/workflows/desktop-runtime.yml
@@ -0,0 +1,125 @@
+name: Publish Desktop Runtime to Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Existing release tag to attach runtime assets to"
+        required: true
+  release:
+    types: [published]
+
+permissions:
+  contents: write
+
+concurrency:
+  group: desktop-runtime-${{ github.event.release.tag_name || github.event.inputs.tag || github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  runtime:
+    name: Runtime (${{ matrix.label }})
+    runs-on: ${{ matrix.runner }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - label: macOS arm64
+            runner: macos-14
+            target_os: darwin
+            target_arch: arm64
+          - label: macOS x64
+            runner: macos-15-intel
+            target_os: darwin
+            target_arch: x64
+          - label: Windows x64
+            runner: windows-latest
+            target_os: win32
+            target_arch: x64
+          - label: Linux x64
+            runner: ubuntu-22.04
+            target_os: linux
+            target_arch: x64
+          - label: Linux arm64
+            runner: ubuntu-22.04-arm
+            target_os: linux
+            target_arch: arm64
+            skip_browser_runtime: true
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event_name == 'release' && github.event.release.tag_name || github.ref }}
+
+      - name: Resolve runtime asset names
+        id: names
+        shell: bash
+        env:
+          TARGET_OS: ${{ matrix.target_os }}
+          TARGET_ARCH: ${{ matrix.target_arch }}
+        run: |
+          echo "asset=$(node packages/desktop/scripts/runtime-asset-name.mjs)" >> "$GITHUB_OUTPUT"
+          echo "manifest=$(node packages/desktop/scripts/runtime-asset-name.mjs --manifest)" >> "$GITHUB_OUTPUT"
+
+      - name: Check existing release assets
+        id: check
+        shell: bash
+        env:
+          GH_TOKEN: ${{ github.token }}
+          TAG: ${{ github.event.release.tag_name || github.event.inputs.tag }}
+          ASSET: ${{ steps.names.outputs.asset }}
+          MANIFEST: ${{ steps.names.outputs.manifest }}
+        run: |
+          assets="$(gh release view "$TAG" --repo "$GITHUB_REPOSITORY" --json assets --jq '.assets[].name' || true)"
+          if printf '%s\n' "$assets" | grep -Fx "$ASSET" >/dev/null \
+            && printf '%s\n' "$assets" | grep -Fx "$MANIFEST" >/dev/null; then
+            echo "missing=false" >> "$GITHUB_OUTPUT"
+            echo "Runtime asset already exists: $ASSET"
+          else
+            echo "missing=true" >> "$GITHUB_OUTPUT"
+            echo "Runtime asset missing: $ASSET or $MANIFEST"
+          fi
+
+      - name: Setup Node.js
+        if: steps.check.outputs.missing == 'true'
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: packages/desktop/package-lock.json
+
+      - name: Install uv
+        if: steps.check.outputs.missing == 'true'
+        uses: astral-sh/setup-uv@v3
+
+      - name: Install desktop dependencies
+        if: steps.check.outputs.missing == 'true'
+        run: npm ci --prefix packages/desktop --no-audit --no-fund
+
+      - name: Prepare runtime resources
+        if: steps.check.outputs.missing == 'true'
+        env:
+          TARGET_OS: ${{ matrix.target_os }}
+          TARGET_ARCH: ${{ matrix.target_arch }}
+          GH_TOKEN: ${{ github.token }}
+          HERMES_SKIP_BROWSER_RUNTIME: ${{ matrix.skip_browser_runtime || 'false' }}
+        run: npm --prefix packages/desktop run prepare:runtime
+
+      - name: Package runtime
+        if: steps.check.outputs.missing == 'true'
+        env:
+          TARGET_OS: ${{ matrix.target_os }}
+          TARGET_ARCH: ${{ matrix.target_arch }}
+        run: npm --prefix packages/desktop run package:runtime
+
+      - name: Upload runtime assets to release
+        if: steps.check.outputs.missing == 'true'
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.event.release.tag_name || github.event.inputs.tag }}
+          fail_on_unmatched_files: true
+          files: |
+            packages/desktop/release/runtime/${{ steps.names.outputs.asset }}
+            packages/desktop/release/runtime/${{ steps.names.outputs.asset }}.sha256
+            packages/desktop/release/runtime/${{ steps.names.outputs.manifest }}
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
new file mode 100644
index 0000000..fcb57e9
--- /dev/null
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,46 @@
+name: Build and Push Docker Image to Docker Hub
+
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: docker-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/hermes-web-ui:latest
+            ${{ secrets.DOCKERHUB_USERNAME }}/hermes-web-ui:${{ github.sha }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/hermes-web-ui:${{ github.event.release.tag_name || github.ref_name }}
diff --git a/.github/workflows/npm-lockfile-check.yml b/.github/workflows/npm-lockfile-check.yml
new file mode 100644
index 0000000..823e924
--- /dev/null
+++ b/.github/workflows/npm-lockfile-check.yml
@@ -0,0 +1,45 @@
+name: NPM Lockfile Check
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - package.json
+      - package-lock.json
+      - .github/workflows/npm-lockfile-check.yml
+  pull_request:
+    branches:
+      - main
+      - base
+    paths:
+      - package.json
+      - package-lock.json
+      - .github/workflows/npm-lockfile-check.yml
+
+permissions:
+  contents: read
+
+concurrency:
+  group: npm-lockfile-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  check:
+    name: npm ci --ignore-scripts
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Verify package-lock.json is in sync
+        run: npm ci --ignore-scripts
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
new file mode 100644
index 0000000..6dc803b
--- /dev/null
+++ b/.github/workflows/playwright.yml
@@ -0,0 +1,52 @@
+name: Playwright
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency:
+  group: playwright-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  e2e:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Install dependencies
+        run: |
+          npm ci --ignore-scripts
+          npm rebuild node-pty
+
+      - name: Install Playwright browsers
+        run: npx playwright install --with-deps chromium
+
+      - name: Run Playwright tests
+        run: npm run test:e2e
+
+      - name: Upload Playwright report
+        if: ${{ !cancelled() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: |
+            playwright-report/
+            test-results/
+          retention-days: 7
diff --git a/.github/workflows/website-deploy.yml b/.github/workflows/website-deploy.yml
new file mode 100644
index 0000000..e1791dd
--- /dev/null
+++ b/.github/workflows/website-deploy.yml
@@ -0,0 +1,89 @@
+name: Website
+
+on:
+  pull_request:
+    branches:
+      - main
+      - base
+    paths:
+      - packages/website/**
+      - packages/client/src/styles/variables.scss
+      - package.json
+      - package-lock.json
+      - tsconfig.website.json
+      - vite.config.website.ts
+      - .github/workflows/website-deploy.yml
+  workflow_run:
+    workflows:
+      - Publish Desktop Artifacts to Release
+    types:
+      - completed
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: website-${{ github.event.pull_request.number || github.event.workflow_run.id || github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  build:
+    name: Build website
+    if: github.event_name != 'workflow_run' || github.event.workflow_run.conclusion == 'success'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        if: github.event_name != 'workflow_run'
+        uses: actions/checkout@v4
+
+      - name: Checkout desktop release ref
+        if: github.event_name == 'workflow_run'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_branch || github.event.workflow_run.head_sha }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+
+      - name: Type-check website
+        run: npx vue-tsc -p tsconfig.website.json --noEmit
+
+      - name: Build website
+        run: npm run build:website
+
+      - name: Prepare SSH
+        if: github.event_name == 'workflow_run' || github.event_name == 'workflow_dispatch'
+        env:
+          WEBSITE_SSH_KEY: ${{ secrets.WEBSITE_SSH_KEY }}
+          WEBSITE_SSH_KNOWN_HOSTS: ${{ secrets.WEBSITE_SSH_KNOWN_HOSTS }}
+        run: |
+          test -n "$WEBSITE_SSH_KEY"
+          mkdir -p ~/.ssh
+          chmod 700 ~/.ssh
+          printf '%s\n' "$WEBSITE_SSH_KEY" > ~/.ssh/website_deploy_key
+          chmod 600 ~/.ssh/website_deploy_key
+          if [ -n "$WEBSITE_SSH_KNOWN_HOSTS" ]; then
+            printf '%s\n' "$WEBSITE_SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
+          fi
+
+      - name: Deploy website
+        if: github.event_name == 'workflow_run' || github.event_name == 'workflow_dispatch'
+        env:
+          WEBSITE_SSH_USER: ${{ secrets.WEBSITE_SSH_USER }}
+          WEBSITE_SSH_PORT: ${{ secrets.WEBSITE_SSH_PORT }}
+        run: |
+          SSH_USER="${WEBSITE_SSH_USER:-root}"
+          SSH_PORT="${WEBSITE_SSH_PORT:-22}"
+          DEPLOY_DIR="/var/www/ekkolearnai.com/current"
+          SSH_CMD="ssh -i ~/.ssh/website_deploy_key -p ${SSH_PORT} -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new"
+          $SSH_CMD "$SSH_USER@154.3.33.232" "mkdir -p '$DEPLOY_DIR' && find '$DEPLOY_DIR' -mindepth 1 -maxdepth 1 -exec rm -rf {} +"
+          tar -C dist/website -czf - . | $SSH_CMD "$SSH_USER@154.3.33.232" "tar -xzf - -C '$DEPLOY_DIR'"
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..16a7d9a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,55 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+node_modules
+dist
+playwright-report
+test-results
+dist-ssr
+coverage
+__pycache__/
+*.py[cod]
+server/dist
+packages/server/dist
+*.local
+ROADMAP.md
+pnpm-lock.yaml
+pnpm-workspace.yaml
+# Server data
+packages/server/data/
+packages/server/node_modules/
+.hermes-web-ui/
+packages/desktop/dist/
+packages/desktop/release/
+packages/desktop/resources/python/
+packages/desktop/node_modules/
+
+# Hermes config files (should be in user data directory, not project root)
+config.yaml
+.env
+hermes_data/
+data/
+hermes-dependencies.md
+# Large local media (use ThinkingIndicator.vue instead)
+packages/client/src/assets/*.gif
+packages/client/src/assets/*.mp4
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+.superpowers/
+CLAUDE.md
+# Client source map artifacts
+packages/client/src/**/*.js
+.hermes/
diff --git a/.work/工作流状态.md b/.work/工作流状态.md
new file mode 100644
index 0000000..8865f89
--- /dev/null
+++ b/.work/工作流状态.md
@@ -0,0 +1,83 @@
+# 工作流执行状态
+
+## 当前进度
+
+- **当前步骤**：步骤 11（提交）
+- **状态**：✅ 已完成
+- **开始时间**：2026-06-02 15:08:00
+- **完成时间**：2026-06-02 15:10:00
+- **项目信息**：
+  - 项目名称：灵犀 (Lingxi)
+  - 项目目录：C:\Users\L1822\xinmi\hermes-web-ui
+  - 端口范围：11000, 11001, 11002
+  - 状态文档：C:\Users\L1822\xinmi\hermes-web-ui\.work\工作流状态.md
+
+## 步骤执行记录
+
+### 步骤 0：克隆项目
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 14:31:00
+- **说明**：项目已成功克隆到 C:\Users\L1822\xinmi\hermes-web-ui
+
+### 步骤 1：项目完整度评估
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 14:34:00
+- **说明**：项目类型识别为 Web Dashboard/AI UI，用户已选定名称：灵犀 (Lingxi)
+
+### 步骤 2：项目整体分析
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 14:37:00
+- **说明**：技术栈识别为 Vue 3 + Koa + SQLite，Monorepo 结构已确认。
+
+### 步骤 3：Docker配置生成
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 14:42:00
+- **说明**：已生成 .env 配置文件，优化了 Docker 配置。
+
+### 步骤 4：品牌与界面标准化定制
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 14:47:00
+- **说明**：已完成品牌替换（灵犀）、新增导航与页脚资源链接。
+
+### 步骤 5：核心应用页面建设
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 14:51:00
+- **说明**：已创建并集成“关于灵犀”页面。
+
+### 步骤 6：示例数据
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 14:54:00
+- **说明**：程序内置初始化逻辑，默认提供 admin 账户。
+
+### 步骤 7：CORS配置检查
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 14:57:00
+- **说明**：已确认后端 CORS 配置为 *，并在 .env 中增加相关变量。
+
+### 步骤 8：端口检查与分配
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 15:01:00
+- **说明**：已分配 11000 后的连续可用端口，并更新 .env。
+
+### 步骤 9：构建与启动
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 15:06:00
+- **说明**：项目构建成功，并在 11000 端口成功启动。
+
+### 步骤 10：健康验证
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 15:07:00
+- **说明**：健康检查通过，品牌验证通过。
+
+### 步骤 11：提交
+- **状态**：✅ 已完成
+- **完成时间**：2026-06-02 15:10:00
+- **说明**：所有变更已提交至仓库。
+
+## 错误记录
+
+无
+
+## 备注
+
+无
diff --git a/.work/错误记录.md b/.work/错误记录.md
new file mode 100644
index 0000000..2da12b3
--- /dev/null
+++ b/.work/错误记录.md
@@ -0,0 +1,5 @@
+# 错误记录
+
+## 错误列表
+
+（暂无错误）
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..3afb514
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,52 @@
+# Agent Map
+
+This file is a short map for coding agents. Keep detailed guidance in `docs/`
+and keep this file small enough to fit into every task context.
+
+## First Reads
+
+- `DEVELOPMENT.md` - project commands, coding rules, test rules, and PR shape.
+- `ARCHITECTURE.md` - package boundaries, data ownership, and runtime flow.
+- `docs/harness/README.md` - how this repository is prepared for agent work.
+- `docs/harness/validation.md` - which checks to run for each change type.
+- `docs/harness/worktree-runbook.md` - isolated local dev and test setup.
+- `docs/harness/pr-review.md` - self-review checklist before pushing.
+
+## Common Commands
+
+```bash
+npm ci --ignore-scripts
+npm run harness:check
+npm run test
+npm run test:e2e
+npm run build
+```
+
+Use the smallest relevant check while iterating. Before a broad PR, run
+`npm run harness:check`, `npm run test:coverage`, `npm run test:e2e`, and
+`npm run build`.
+
+## Code Ownership Map
+
+- `packages/client/src` - Vue 3 client, stores, routes, i18n, API helpers.
+- `packages/server/src` - Koa API, Socket.IO, persistence, Hermes integration.
+- `packages/desktop` - Electron wrapper, bundled Python/Hermes runtime, release artifacts.
+- `tests/client`, `tests/server`, `tests/shared` - Vitest coverage.
+- `tests/e2e` - Playwright browser coverage with mocked backend services.
+- `.github/workflows` - CI, release, Docker, and desktop packaging automation.
+
+## Hard Rules
+
+- Keep routes thin: put request handling in controllers and reusable behavior in services.
+- Keep Web UI state under `HERMES_WEB_UI_HOME` or `HERMES_WEBUI_STATE_DIR`.
+- Keep Hermes Agent state separate from Web UI state.
+- Register local API routes before proxy catch-all routes.
+- Use structured APIs and argument arrays instead of shell string construction.
+- Add user-facing strings to every locale file.
+- Do not mix unrelated refactors into a bug fix.
+
+## When The Agent Gets Stuck
+
+Improve the harness instead of repeating the same prompt. Add missing docs,
+tests, logs, scripts, or CI checks so the next agent can see and verify the
+constraint directly.
diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md
new file mode 100644
index 0000000..d6a7f5b
--- /dev/null
+++ b/ARCHITECTURE.md
@@ -0,0 +1,91 @@
+# Architecture
+
+Hermes Web UI is a TypeScript monorepo that ships a browser dashboard, a Koa
+backend, and an Electron desktop distribution around Hermes Agent.
+
+## Package Boundaries
+
+| Area | Path | Responsibility |
+| --- | --- | --- |
+| Client | `packages/client/src` | Vue UI, routing, Pinia stores, API wrappers, i18n, browser-visible state. |
+| Server | `packages/server/src` | HTTP API, auth, Socket.IO, SQLite stores, file access, Hermes runtime integration. |
+| Desktop | `packages/desktop` | Electron shell, local Web UI server bootstrap, updater, bundled Python/Hermes runtime. |
+| Tests | `tests` | Vitest unit/integration tests and Playwright browser tests. |
+| CI | `.github/workflows` | Build, e2e, lockfile, Docker, and desktop release automation. |
+
+## Request Flow
+
+1. The browser loads the Vite-built client from the Koa server.
+2. Client modules call API helpers from `packages/client/src/api`.
+3. Server routes in `packages/server/src/routes` wire HTTP paths to controllers.
+4. Controllers validate request concerns and delegate reusable behavior to services.
+5. Services own side effects: files, SQLite, Hermes profiles, subprocesses, bridges, and credentials.
+6. Long-running chat and group-chat flows use Socket.IO namespaces managed by server services.
+
+Keep each layer narrow. Routes should not grow business logic, and client code
+should not duplicate server persistence rules.
+
+## State And Data Ownership
+
+- Web UI state defaults to `~/.hermes-web-ui` through `config.appHome`.
+- `HERMES_WEB_UI_HOME` and `HERMES_WEBUI_STATE_DIR` override Web UI state location.
+- Hermes Agent state lives under Hermes profile directories and must stay distinct from Web UI state.
+- Uploads default to `config.uploadDir`, which is derived from the Web UI home unless `UPLOAD_DIR` is set.
+- Runtime data directories must also live under the Web UI home, not beside built `dist` assets.
+- Profile-scoped Hermes data should use existing profile helpers instead of manually joining paths.
+
+## Server Structure
+
+- `routes/` registers HTTP and WebSocket entry points.
+- `controllers/` handles request-level behavior.
+- `services/` owns reusable IO, domain behavior, external process calls, and integration logic.
+- `db/` owns SQLite schemas and stores.
+- `middleware/` owns request middleware such as user auth.
+- `shared/` contains cross-server constants and helpers.
+
+Architecture rules:
+
+- Register local API routes before proxy catch-all routes.
+- Keep auth behavior centralized in `packages/server/src/services/auth.ts`.
+- Prefer `execFile` or `spawn` with argument arrays over shell command strings.
+- Use structured file and YAML/JSON parsers when editing structured data.
+
+## Client Structure
+
+- `views/` contains route-level screens.
+- `components/` contains reusable UI.
+- `stores/` contains Pinia state.
+- `api/` contains HTTP clients and should use `packages/client/src/api/client.ts`.
+- `i18n/` contains locale messages for user-facing strings.
+- `styles/` contains global styling and theme primitives.
+
+Frontend rules:
+
+- Use Vue 3 Composition API with `<script setup lang="ts">`.
+- Use existing Naive UI patterns before adding new UI conventions.
+- Add visible text to all locale files.
+- Keep component styles scoped unless the style is intentionally global.
+
+## Desktop Release Flow
+
+Desktop packaging is intentionally split:
+
+- Pull requests run the web UI build and tests in `.github/workflows/build.yml`.
+- Published releases and manual dispatches run desktop artifact packaging in `.github/workflows/desktop-release.yml`
+  and `.github/workflows/desktop-manual-build.yml`.
+- Each release matrix target uploads only the artifact globs for its own platform.
+
+Do not make a Windows job require macOS `.dmg` files or a Linux job require
+Windows installers. Keep `fail_on_unmatched_files: true` where platform-specific
+artifact lists make the expectation explicit.
+
+## Validation Surface
+
+The minimum mechanical harness is:
+
+- `npm run harness:check` for repository docs, workflow, and package-script invariants.
+- `npm run test` or focused Vitest tests for local logic.
+- `npm run test:e2e` for browser-visible routing/auth/chat regressions.
+- `npm run build` for type checking and production bundles.
+
+See `docs/harness/validation.md` for change-specific commands.
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
new file mode 100644
index 0000000..ddad70c
--- /dev/null
+++ b/DEVELOPMENT.md
@@ -0,0 +1,104 @@
+# Development Guidelines
+
+This document defines project-level development rules for Hermes Web UI. It is tool-agnostic and applies to all contributors and coding agents.
+
+## Commands
+
+```bash
+npm install
+npm run dev
+npm run test
+npm run test:coverage
+npm run test:e2e
+npm run build
+```
+
+- `npm run dev` starts the Vite client and Koa server together.
+- `npm run test` runs Vitest unit tests.
+- `npm run test:coverage` is what the Build workflow runs before `npm run build`.
+- `npm run test:e2e` runs Playwright browser tests against a mocked BFF API.
+- `npm run build` type-checks and builds both client and server.
+
+## Architecture
+
+- Frontend code lives under `packages/client/src`.
+- Server code lives under `packages/server/src`.
+- Hermes-specific client code stays under `hermes` namespaces: API modules, views, stores, and components.
+- Server routes should stay thin. Put request handling in controllers and reusable behavior in services.
+- The chat runtime is Socket.IO based and lives under `packages/server/src/services/hermes/run-chat`.
+- Web UI state lives under `HERMES_WEB_UI_HOME` or `HERMES_WEBUI_STATE_DIR`, defaulting to `~/.hermes-web-ui`.
+
+## Coding Rules
+
+- Prefer existing local patterns over new abstractions.
+- Keep changes scoped to the requested behavior.
+- Do not mix unrelated refactors into feature or bugfix commits.
+- Do not reintroduce deprecated compatibility switches without a current caller.
+- Use structured APIs and parsers for structured data instead of ad hoc string edits when possible.
+- Add comments only where they explain non-obvious behavior or constraints.
+
+## Frontend Rules
+
+- Use Vue 3 Composition API with `<script setup lang="ts">`.
+- Use Pinia setup stores.
+- Use the shared API request helper in `packages/client/src/api/client.ts`.
+- Add user-facing strings to all locale files.
+- Keep component styles scoped with SCSS unless the style is intentionally global.
+- Match existing Naive UI patterns and avoid adding a new UI library.
+
+## Server Rules
+
+- Register local API routes before proxy catch-all routes.
+- Keep auth behavior centralized in `packages/server/src/services/auth.ts`.
+- Use `config.appHome` for Web UI state paths.
+- Keep Hermes home paths separate from Web UI home paths.
+- Use `getActiveProfileDir()` or related profile helpers for Hermes profile files.
+- Avoid shell string construction for CLI calls; prefer `execFile`/`spawn` with argument arrays.
+
+## Testing Rules
+
+- Add focused Vitest coverage for server and store logic changes.
+- Add Playwright coverage for browser-visible flows and routing/auth regressions.
+- For frontend browser tests, prefer API/socket mocks over real external services.
+- Before opening a PR, run the smallest relevant tests plus `npm run build`.
+- For broad changes, run:
+
+```bash
+npm run test:coverage
+npm run test:e2e
+npm run build
+```
+
+## Commit And PR Rules
+
+- Branch from `main` for new work.
+- Use short, descriptive branch names such as `codex/fix-login-token` or `feat/group-chat-copy`.
+- Commit only files that belong to the change.
+- Use concise commit messages that describe the change, for example `fix login token storage` or `add group chat clone naming`.
+- Keep commits focused. Do not bundle unrelated cleanup with feature work unless the cleanup is required.
+- Push the branch and open a PR against `main` unless the issue explicitly targets another base.
+- Prefer draft PRs while validation is still running or when the change needs review before merge.
+- Mark a PR ready only after the relevant tests and build pass.
+- Keep PR titles concrete and scoped, for example `[codex] make Web UI state directory configurable`.
+- Link issues in the PR body with `Closes #123`, `Fixes #123`, or `Refs #123` as appropriate.
+- PR descriptions should include:
+  - what changed
+  - why it changed
+  - user or developer impact
+  - validation commands run
+  - known limitations or follow-up work, if any
+- Do not overwrite or revert unrelated user changes.
+
+Use this PR body shape by default:
+
+```md
+## Summary
+- ...
+- ...
+
+Closes #123
+
+## Validation
+- `npm run test:coverage`
+- `npm run build`
+```
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..5f3ba61
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,50 @@
+ARG BASE_IMAGE=nousresearch/hermes-agent:latest
+FROM ${BASE_IMAGE}
+
+ARG NODE_VERSION=24.15.0
+
+USER root
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    curl \
+    make \
+    g++ \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN ARCH=$(dpkg --print-architecture) \
+    && if [ "$ARCH" = "amd64" ]; then NODE_ARCH="x64"; else NODE_ARCH="$ARCH"; fi \
+    && echo "Downloading Node.js v${NODE_VERSION} for ${NODE_ARCH}" \
+    && curl -fsSL "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.gz" \
+       -o /tmp/node.tar.gz \
+    && rm -rf /usr/local/lib/node_modules/npm /usr/local/lib/node_modules/corepack \
+       /usr/local/bin/node /usr/local/bin/npm /usr/local/bin/npx /usr/local/bin/corepack \
+    && tar -xzf /tmp/node.tar.gz -C /usr/local --strip-components=1 \
+    && rm -f /tmp/node.tar.gz \
+    && node --version \
+    && npm --version
+
+WORKDIR /app
+
+COPY package*.json ./
+# Increase Node.js memory limit to prevent OOM during build
+ENV NODE_OPTIONS=--max-old-space-size=4096
+# Use npmmirror to avoid network issues
+RUN npm config set registry https://registry.npmmirror.com
+
+RUN npm ci --ignore-scripts && npm rebuild node-pty
+COPY . .
+
+RUN npm run build && npm prune --omit=dev
+
+ENV NODE_ENV=production
+ENV HOME=/home/agent
+ENV HERMES_HOME=/home/agent/.hermes
+ENV HERMES_WEB_UI_MANAGED_GATEWAY=1
+ENV PATH=/opt/hermes/.venv/bin:$PATH
+
+EXPOSE 6060
+
+# 强制覆盖基础镜像的默认启动脚本，让镜像本身具备独立运行的能力
+ENTRYPOINT ["node", "dist/server/index.js"]
+CMD []
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..220bc00
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,48 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor:             EKKOLearnAI
+Licensed Work:        Hermes Web UI
+Additional Use Grant: You may use the Licensed Work for non-commercial purposes,
+                      including personal use, education, and research.
+                      Commercial use (including but not limited to selling,
+                      licensing, SaaS hosting, or embedding in a commercial
+                      product) requires a separate commercial license from the
+                      Licensor.
+
+Change Date:          2029-05-10
+
+Change License:       Apache License 2.0
+
+Notice
+
+The Licensed Work is provided under the Business Source License 1.1 (BSL 1.1).
+You may not use the Licensed Work except in compliance with the License.
+
+You may obtain a copy of the License at
+https://mariadb.com/bsl11/
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+---
+
+For the purposes of this License:
+
+- "Licensed Work" refers to all source code, documentation, and associated
+  files in this repository.
+
+- "Non-commercial use" means use that is not primarily intended for or
+  directed toward commercial advantage or monetary compensation.
+
+- The Licensor (EKKOLearnAI) and its authorized representatives are not
+  subject to the Additional Use Grant restrictions and may use the Licensed
+  Work for any purpose, including commercial purposes, without limitation.
+
+On the Change Date (2029-05-10), this License will automatically convert to
+the Apache License 2.0, at which point all users may use the Licensed Work
+under the terms of the Apache License 2.0.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a13daff
--- /dev/null
+++ b/README.md
@@ -0,0 +1,244 @@
+# 灵犀 Studio
+
+> 面向多模型 AI Agent 的一体化 Web 管理控制台。在一个界面中完成对话、渠道配置、用量分析、任务调度与系统运维。
+
+---
+
+## 产品简介
+
+灵犀 Studio 是私有化部署的 AI 工作台，支持：
+
+- 多会话实时对话与流式输出
+- 多平台渠道统一接入与配置
+- 按 Profile 隔离的配置、模型、文件与权限
+- 用量统计、定时任务、技能与日志管理
+- Web 终端与群聊协作
+
+默认访问地址：
+
+| 场景 | 地址 |
+|------|------|
+| 本地开发 | http://localhost:8649 |
+| Docker 部署 | http://localhost:11000（可在 `.env` 中修改） |
+
+默认登录：`admin` / `123456`（首次登录后请尽快修改）
+
+---
+
+## 核心功能
+
+### AI 对话
+
+- Socket.IO 实时流式聊天
+- 多会话创建、重命名、删除与切换
+- Markdown 渲染、代码高亮、工具调用详情
+- 按 Profile 隔离的文件上传与下载
+- `Ctrl+K` 搜索本地会话
+- 多模型选择与 Token 用量展示
+
+### 平台渠道
+
+支持 Telegram、Discord、Slack、WhatsApp、Matrix、飞书、微信、企业微信等平台的统一配置，凭证与渠道行为分别写入环境变量与配置文件。
+
+### 运维与管理
+
+- **用量分析**：Token 统计、费用估算、模型分布与趋势图
+- **定时任务**：Cron 表达式管理，支持立即触发
+- **模型管理**：Provider 自动发现、OAuth 登录、默认模型切换
+- **多 Profile**：创建、克隆、导入导出，按账号授权访问
+- **文件浏览**：支持 local / Docker / SSH / Singularity 后端
+- **群聊**：多 Agent 房间、@提及路由、消息持久化
+- **技能与记忆**：浏览已安装技能，管理用户笔记与档案
+- **日志**：按级别、文件与关键词过滤查看
+- **Web 终端**：基于 xterm 的多会话终端
+
+### 认证与账户
+
+- Token 认证与用户名密码登录
+- 超级管理员可管理用户与 Profile 绑定
+- 普通管理员仅可管理自己的账户信息
+
+维护命令：
+
+```bash
+# 清除登录 IP 锁定
+hermes-web-ui clear-login-locks
+
+# 清除锁定并重启服务
+hermes-web-ui clear-login-locks --restart
+
+# 重置默认管理员账户为 admin / 123456
+hermes-web-ui reset-default-login
+```
+
+---
+
+## 快速开始
+
+### Docker 部署（推荐）
+
+项目根目录已提供 `docker-compose.yml` 与 `.env` 配置：
+
+```bash
+# 构建并启动
+docker compose up -d --build
+
+# 查看日志
+docker compose logs -f hermes-webui
+```
+
+常用配置（`.env`）：
+
+| 变量 | 说明 |
+|------|------|
+| `PORT` | Web UI 端口，默认 `11000` |
+| `HERMES_DATA_DIR` | 数据目录，默认 `./data` |
+| `WEBUI_IMAGE` | 镜像名称，默认 `lingxi-web-ui:latest` |
+
+数据持久化：
+
+- Agent 运行时数据：`./data`
+- Web UI 状态与认证：`./data/hermes-web-ui/`
+- 认证 Token：`./data/hermes-web-ui/.token`
+
+更详细的 Docker 说明见 [docs/docker.md](./docs/docker.md)。
+
+### 本地开发
+
+**前置要求：** Node.js ≥ 23
+
+```bash
+npm ci --ignore-scripts
+npm rebuild node-pty
+npm run dev
+```
+
+| 服务 | 地址 |
+|------|------|
+| 前端（Vite 热更新） | http://localhost:8649 |
+| BFF 后端 | http://localhost:8647 |
+
+连接 Docker 中间件、共用 `./data` 目录时，可设置：
+
+```powershell
+$env:HERMES_HOME = (Resolve-Path ".\data").Path
+$env:HERMES_WEB_UI_HOME = (Resolve-Path ".\data\hermes-web-ui").Path
+$env:HERMES_AGENT_ROOT = "<本机 hermes-agent 路径>"
+npm run dev
+```
+
+构建生产包：
+
+```bash
+npm run build
+```
+
+---
+
+## 环境变量
+
+常用进程级配置：
+
+| 变量 | 默认值 | 说明 |
+|------|--------|------|
+| `PORT` | `8648` | Web UI 监听端口 |
+| `BIND_HOST` | `0.0.0.0` | 绑定地址 |
+| `HERMES_WEB_UI_HOME` | `~/.hermes-web-ui` | Web UI 数据目录 |
+| `HERMES_HOME` | 平台默认 | Agent 运行时数据目录 |
+| `HERMES_DATA_DIR` | `./hermes_data` | Docker 挂载的数据根目录 |
+| `AUTH_TOKEN` | 自动生成 | 显式指定认证 Token |
+| `CORS_ORIGINS` | `*` | 跨域配置 |
+| `LOG_LEVEL` | `info` | 服务日志级别 |
+| `HERMES_WEB_UI_BACKEND_PORT` | `8648` | 开发模式后端端口 |
+| `HERMES_WEB_UI_FRONTEND_PORT` | `8649` | 开发模式前端端口 |
+
+完整变量列表与 Bridge / Gateway 相关配置，请参阅项目内环境变量注释与 [DEVELOPMENT.md](./DEVELOPMENT.md)。
+
+---
+
+## 系统架构
+
+```
+浏览器
+  ↓
+BFF 服务（Koa + Socket.IO）
+  ↓
+Agent Bridge → Agent 运行时
+  ↓
+CLI / Profile 配置 / 渠道凭证
+```
+
+- **前端**：Vue 3 单页应用，按 `hermes/` 命名空间组织 Agent 相关模块
+- **后端**：Koa BFF，负责聊天流、会话 CRUD、文件服务、配置代理与 WebSocket 终端
+- **数据**：Web UI 使用本地 SQLite；Agent 状态与 Profile 配置独立存储
+
+---
+
+## 技术栈
+
+| 层级 | 技术 |
+|------|------|
+| 前端 | Vue 3、TypeScript、Vite、Naive UI、Pinia、Vue Router、vue-i18n |
+| 后端 | Koa 2、Socket.IO、node-pty |
+| 存储 | SQLite |
+| 运行时 | Node.js ≥ 23 |
+
+---
+
+## 相关资源
+
+- 源码库：[xinmi.cloud](https://xinmi.cloud/)
+
+## 截图
+
+![image-20260605110600556](images/image-20260605110600556.png)
+
+![image-20260605111350089](images/image-20260605111350089.png)
+
+![image-20260605112225956](images/image-20260605112225956.png)
+
+![image-20260605112232538](images/image-20260605112232538.png)
+
+![image-20260605112249301](images/image-20260605112249301.png)
+
+![image-20260605112258549](images/image-20260605112258549.png)
+
+![image-20260605112345806](images/image-20260605112345806.png)
+
+![image-20260605112357126](images/image-20260605112357126.png)
+
+![image-20260605112404714](images/image-20260605112404714.png)
+
+![image-20260605112415322](images/image-20260605112415322.png)
+
+![image-20260605112422748](images/image-20260605112422748.png)
+
+![image-20260605112429991](images/image-20260605112429991.png)
+
+![image-20260605112440115](images/image-20260605112440115.png)
+
+![image-20260605112449337](images/image-20260605112449337.png)
+
+![image-20260605112457985](images/image-20260605112457985.png)
+
+![image-20260605112506765](images/image-20260605112506765.png)
+
+![image-20260605112514779](images/image-20260605112514779.png)
+
+![image-20260605112523181](images/image-20260605112523181.png)
+
+![image-20260605112532959](images/image-20260605112532959.png)
+
+![image-20260605112540539](images/image-20260605112540539.png)
+
+![image-20260605112546802](images/image-20260605112546802.png)
+
+![image-20260605112557080](images/image-20260605112557080.png)
+
+
+
+---
+
+## 许可证
+
+本项目采用 [BSL-1.1](./LICENSE) 许可证。
diff --git a/bin/hermes-web-ui.mjs b/bin/hermes-web-ui.mjs
new file mode 100755
index 0000000..bd5ab1a
--- /dev/null
+++ b/bin/hermes-web-ui.mjs
@@ -0,0 +1,755 @@
+#!/usr/bin/env node
+import { spawn, execSync, execFileSync } from 'child_process'
+import { resolve, dirname, join, delimiter } from 'path'
+import { fileURLToPath } from 'url'
+import { readFileSync, writeFileSync, unlinkSync, mkdirSync, openSync, chmodSync, statSync, existsSync, realpathSync } from 'fs'
+import { randomBytes, scryptSync } from 'crypto'
+import { homedir } from 'os'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const __filename = fileURLToPath(import.meta.url)
+const serverEntry = resolve(__dirname, '..', 'dist', 'server', 'index.js')
+const pkgDir = resolve(__dirname, '..')
+const pkg = JSON.parse(readFileSync(resolve(pkgDir, 'package.json'), 'utf-8'))
+const VERSION = pkg.version
+const WEB_UI_HOME = process.env.HERMES_WEB_UI_HOME?.trim()
+  ? resolve(process.env.HERMES_WEB_UI_HOME.trim())
+  : resolve(homedir(), '.hermes-web-ui')
+const PID_DIR = WEB_UI_HOME
+const PID_FILE = join(PID_DIR, 'server.pid')
+const LOG_FILE = join(PID_DIR, 'server.log')
+const TOKEN_FILE = join(PID_DIR, '.token')
+const LOGIN_LOCK_FILE = join(WEB_UI_HOME, '.login-lock.json')
+const WEB_UI_DB_FILE = join(WEB_UI_HOME, 'hermes-web-ui.db')
+const DEFAULT_PORT = 8648
+const PREVIEW_BACKEND_PORT = 8650
+const PREVIEW_FRONTEND_PORT = 8651
+const PREVIEW_AGENT_BRIDGE_PORT = 18650
+const DEFAULT_USERNAME = 'admin'
+const DEFAULT_PASSWORD = '123456'
+
+// ─── Auto-fix node-pty native module ──────────────────────────
+function ensureNativeModules() {
+  const prebuildDir = join(pkgDir, 'node_modules', 'node-pty', 'prebuilds', `${process.platform}-${process.arch}`)
+  const helper = join(prebuildDir, 'spawn-helper')
+  try {
+    chmodSync(helper, 0o755)
+  } catch {}
+}
+
+function getToken() {
+  try {
+    return readFileSync(TOKEN_FILE, 'utf-8').trim()
+  } catch {
+    return null
+  }
+}
+
+function ensureToken() {
+  // If AUTH_TOKEN is set, let server handle it.
+  if (process.env.AUTH_TOKEN) return process.env.AUTH_TOKEN
+
+  let token = getToken()
+  if (!token) {
+    mkdirSync(dirname(TOKEN_FILE), { recursive: true })
+    token = randomBytes(32).toString('hex')
+    writeFileSync(TOKEN_FILE, token + '\n', { mode: 0o600 })
+  }
+  return token
+}
+
+function getNodeBinDir() {
+  return dirname(process.execPath)
+}
+
+function getNpmBin() {
+  return join(getNodeBinDir(), process.platform === 'win32' ? 'npm.cmd' : 'npm')
+}
+
+function getCurrentNodeEnv() {
+  return {
+    ...process.env,
+    PATH: [getNodeBinDir(), process.env.PATH].filter(Boolean).join(delimiter),
+    npm_node_execpath: process.execPath,
+  }
+}
+
+function getGlobalPrefix() {
+  return execFileSync(getNpmBin(), ['prefix', '-g'], {
+    encoding: 'utf-8',
+    stdio: ['pipe', 'pipe', 'pipe'],
+    env: getCurrentNodeEnv(),
+  }).trim()
+}
+
+function getGlobalCliBin() {
+  const prefix = getGlobalPrefix()
+  return process.platform === 'win32'
+    ? join(prefix, 'hermes-web-ui.cmd')
+    : join(prefix, 'bin', 'hermes-web-ui')
+}
+
+function getWindowsShell() {
+  const systemRoot = process.env.SystemRoot || 'C:\\Windows'
+  const candidates = [
+    process.env.ComSpec,
+    join(systemRoot, 'System32', 'cmd.exe'),
+  ].filter(Boolean)
+
+  for (const candidate of candidates) {
+    if (existsSync(candidate)) return candidate
+  }
+
+  return 'cmd.exe'
+}
+
+function quoteForWindowsCommand(value) {
+  return `"${value.replace(/"/g, '""')}"`
+}
+
+function spawnCli(command, args, options) {
+  if (process.platform === 'win32') {
+    const lowerCommand = String(command).toLowerCase()
+    if (!lowerCommand.endsWith('.cmd') && !lowerCommand.endsWith('.bat')) {
+      return spawn(command, args, options)
+    }
+
+    const commandLine = `${quoteForWindowsCommand(command)} ${args.map(arg => String(arg)).join(' ')}`
+    return spawn(getWindowsShell(), ['/d', '/s', '/c', commandLine], options)
+  }
+
+  return spawn(command, args, options)
+}
+
+function getPortFromArgs() {
+  if (process.argv[3] && !isNaN(process.argv[3])) return parseInt(process.argv[3])
+  if (process.argv.includes('--port')) return parseInt(process.argv[process.argv.indexOf('--port') + 1])
+  return null
+}
+
+function getRunningPort() {
+  const pid = getPid()
+  if (!pid || !isRunning(pid)) return null
+
+  try {
+    if (process.platform === 'win32') {
+      const out = execSync(`netstat -aon -p tcp | findstr LISTENING | findstr " ${pid}$"`, { encoding: 'utf-8' }).trim()
+      const line = out.split('\n').find(Boolean)
+      const address = line?.trim().split(/\s+/)[1]
+      const port = address?.split(':').pop()
+      return port ? parseInt(port, 10) : null
+    }
+
+    const out = execSync(`lsof -Pan -p ${pid} -iTCP -sTCP:LISTEN`, { encoding: 'utf-8' }).trim()
+    const lines = out.split('\n').slice(1)
+    for (const line of lines) {
+      const match = line.match(/:(\d+)\s+\(LISTEN\)$/)
+      if (match) return parseInt(match[1], 10)
+    }
+  } catch {}
+
+  return null
+}
+
+function getUpdatePort() {
+  const argPort = getPortFromArgs()
+  if (argPort !== null) return argPort
+
+  const runningPort = getRunningPort()
+  if (runningPort !== null) return runningPort
+
+  if (process.env.PORT && !isNaN(process.env.PORT)) return parseInt(process.env.PORT)
+  return DEFAULT_PORT
+}
+
+function getPort() {
+  const argPort = getPortFromArgs()
+  return argPort ?? DEFAULT_PORT
+}
+
+function commandExists(command) {
+  try {
+    if (process.platform === 'win32') {
+      execFileSync('where', [command], { stdio: 'ignore', windowsHide: true })
+    } else {
+      execFileSync('sh', ['-c', `command -v "$1" >/dev/null 2>&1`, 'sh', command], { stdio: 'ignore' })
+    }
+    return true
+  } catch {
+    return false
+  }
+}
+
+function parseUnixNetstatListeningPids(out, port) {
+  const pids = []
+  for (const line of out.split(/\r?\n/)) {
+    const parts = line.trim().split(/\s+/)
+    if (parts.length < 6) continue
+
+    const proto = parts[0]?.toLowerCase()
+    if (!proto?.startsWith('tcp')) continue
+
+    const localAddress = parts[3]
+    const state = parts.find(part => part.toUpperCase() === 'LISTEN' || part.toUpperCase() === 'LISTENING')
+    if (!state || !localAddress?.endsWith(`:${port}`)) continue
+
+    const pidPart = parts.find(part => /^\d+\//.test(part))
+    const pid = pidPart ? parseInt(pidPart.split('/')[0], 10) : NaN
+    if (Number.isFinite(pid)) pids.push(pid)
+  }
+  return pids
+}
+
+function getListeningPids(port) {
+  if (!port || isNaN(port)) return []
+  const uniquePids = (pids) => [...new Set(pids.filter(pid => Number.isFinite(pid)))]
+
+  try {
+    if (process.platform === 'win32') {
+      const out = execSync('netstat -aon -p tcp', { encoding: 'utf-8' })
+      return uniquePids(out.split('\n')
+        .map(line => line.trim())
+        .filter(line => line.includes('LISTENING'))
+        .map(line => line.split(/\s+/))
+        .filter(parts => {
+          const address = parts[1] || ''
+          const listenPort = parseInt(address.split(':').pop(), 10)
+          return listenPort === port
+        })
+        .map(parts => parseInt(parts[parts.length - 1], 10)))
+    }
+  } catch {
+    return []
+  }
+
+  if (commandExists('ss')) {
+    try {
+      const out = execFileSync('ss', ['-ltnp', `sport = :${port}`], { encoding: 'utf-8', stdio: ['ignore', 'pipe', 'ignore'] })
+      const pids = uniquePids(out.split(/\r?\n/)
+        .map(line => line.match(/pid=(\d+)/)?.[1])
+        .map(pid => parseInt(pid || '', 10)))
+      if (pids.length) return pids
+    } catch {}
+  }
+
+  if (commandExists('lsof')) {
+    try {
+      const out = execFileSync('lsof', [`-tiTCP:${port}`, '-sTCP:LISTEN'], { encoding: 'utf-8', stdio: ['ignore', 'pipe', 'ignore'] }).trim()
+      const pids = uniquePids(out.split(/\r?\n/).map(pid => parseInt(pid, 10)))
+      if (pids.length) return pids
+    } catch {}
+  }
+
+  if (commandExists('netstat')) {
+    try {
+      const out = execFileSync('netstat', ['-anp', 'tcp'], { encoding: 'utf-8', stdio: ['ignore', 'pipe', 'ignore'] })
+      const pids = uniquePids(parseUnixNetstatListeningPids(out, port))
+      if (pids.length) return pids
+    } catch {}
+  }
+
+  return []
+}
+
+function killListeningPids(port, pids = getListeningPids(port)) {
+  if (pids.length === 0) return
+
+  console.log(`  ⚠ Port ${port} is in use by PID(s): ${pids.join(' ')}, killing...`)
+  try {
+    if (process.platform === 'win32') {
+      execSync(`taskkill /F /PID ${pids.join(' /PID ')}`, { encoding: 'utf-8' })
+    } else {
+      execSync(`kill -9 ${pids.join(' ')}`, { encoding: 'utf-8' })
+    }
+  } catch {}
+}
+
+function stopPreviewRuntimeFromCli() {
+  const previewPorts = [
+    PREVIEW_BACKEND_PORT,
+    PREVIEW_FRONTEND_PORT,
+    ...(process.platform === 'win32' ? [PREVIEW_AGENT_BRIDGE_PORT] : []),
+  ]
+  const pids = [...new Set(previewPorts.flatMap(port => getListeningPids(port)))]
+  if (!pids.length) return 0
+
+  console.log(`  ⏹ Stopping preview runtime (PID(s): ${pids.join(' ')})...`)
+  for (const pid of pids) {
+    try {
+      if (process.platform === 'win32') {
+        execFileSync('taskkill.exe', ['/PID', String(pid), '/T', '/F'], { stdio: 'ignore', windowsHide: true })
+      } else {
+        execSync(`kill -TERM -${pid}`, { stdio: 'ignore' })
+      }
+    } catch {
+      try {
+        if (process.platform === 'win32') {
+          execFileSync('taskkill.exe', ['/PID', String(pid), '/F'], { stdio: 'ignore', windowsHide: true })
+        } else {
+          execSync(`kill -9 ${pid}`, { stdio: 'ignore' })
+        }
+      } catch {}
+    }
+  }
+
+  return pids.length
+}
+
+function recoverPidFromPort() {
+  const port = getPortFromArgs() ?? DEFAULT_PORT
+  for (const pid of getListeningPids(port)) {
+    if (isRunning(pid)) {
+      mkdirSync(PID_DIR, { recursive: true })
+      writePid(pid)
+      return pid
+    }
+  }
+  return null
+}
+
+function readPidFile() {
+  try {
+    const pid = parseInt(readFileSync(PID_FILE, 'utf-8').trim())
+    return Number.isFinite(pid) ? pid : null
+  } catch {}
+
+  return null
+}
+
+function getPid() {
+  const pid = readPidFile()
+  if (pid) {
+    if (isRunning(pid)) return pid
+    removePid()
+  }
+
+  return recoverPidFromPort()
+}
+
+function isRunning(pid) {
+  try {
+    process.kill(pid, 0)
+    return true
+  } catch (err) {
+    return err?.code === 'EPERM'
+  }
+}
+
+function writePid(pid) {
+  writeFileSync(PID_FILE, String(pid))
+}
+
+function removePid() {
+  try { unlinkSync(PID_FILE) } catch {}
+}
+
+function startDaemon(port) {
+  const existing = getPid()
+  if (existing && isRunning(existing)) {
+    console.log(`  ✗ hermes-web-ui is already running (PID: ${existing})`)
+    console.log(`    Use "hermes-web-ui stop" to stop it first`)
+    process.exit(1)
+  }
+  removePid()
+
+  // Check if port is already in use
+  const occupied = getListeningPids(port)
+  if (occupied.length) {
+    killListeningPids(port, occupied)
+    // Brief wait for port to be released
+    Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, 500)
+  }
+
+  mkdirSync(PID_DIR, { recursive: true })
+
+  ensureNativeModules()
+  const token = ensureToken()
+
+  // Rotate log if over 3MB — keep last 2000 lines
+  const MAX_LOG_SIZE = 3 * 1024 * 1024
+  const MAX_LOG_LINES = 2000
+  try {
+    const stat = statSync(LOG_FILE)
+    if (stat.size > MAX_LOG_SIZE) {
+      const content = readFileSync(LOG_FILE, 'utf-8')
+      const lines = content.split('\n')
+      const kept = lines.slice(-MAX_LOG_LINES)
+      writeFileSync(LOG_FILE, kept.join('\n'), 'utf-8')
+      console.log(`  ↻ Log rotated (${(stat.size / 1024 / 1024).toFixed(1)}MB → ${kept.length} lines)`)
+    }
+  } catch { }
+
+  const logStream = openSync(LOG_FILE, 'a')
+  const windowsShell = process.platform === 'win32' ? getWindowsShell() : null
+  const serverEnv = { ...process.env, NODE_ENV: 'production', PORT: String(port), AUTH_TOKEN: token }
+  if (windowsShell) {
+    serverEnv.SHELL = serverEnv.SHELL?.trim() || windowsShell
+    serverEnv.ComSpec = serverEnv.ComSpec?.trim() || windowsShell
+  }
+  const child = spawn(process.execPath, [serverEntry], {
+    detached: true,
+    stdio: ['ignore', logStream, logStream],
+    env: serverEnv,
+    windowsHide: true,
+  })
+
+  child.on('error', (err) => {
+    console.error(`  ✗ Failed to start: ${err.message}`)
+    removePid()
+    process.exit(1)
+  })
+
+  child.unref()
+  writePid(child.pid)
+
+  // Poll health endpoint until server is ready (setTimeout to avoid overlapping requests)
+  const healthUrl = `http://127.0.0.1:${port}/health`
+  const maxWait = 30000
+  const interval = 500
+  let waited = 0
+
+  console.log(`  ⏳ Starting hermes-web-ui (PID: ${child.pid}, port: ${port})...`)
+
+  function poll() {
+    waited += interval
+    if (!isRunning(child.pid)) {
+      console.log('  ✗ Failed to start hermes-web-ui')
+      console.log(`    Check log: ${LOG_FILE}`)
+      removePid()
+      process.exit(1)
+      return
+    }
+
+    fetch(healthUrl).then(res => {
+      if (res.ok) {
+        const url = `http://localhost:${port}`
+        console.log(`  ✓ hermes-web-ui started`)
+        console.log(`    ${url}`)
+        console.log(`    Log: ${LOG_FILE}`)
+        const isWin = process.platform === 'win32'
+        const cmd = isWin ? `start ${url}` : process.platform === 'darwin' ? `open ${url}` : `xdg-open ${url}`
+        try { execSync(cmd, { stdio: 'ignore' }) } catch {}
+      } else if (waited < maxWait) {
+        setTimeout(poll, interval)
+      } else {
+        console.log(`  ⚠ Server process is running but health check failed after ${maxWait / 1000}s`)
+        console.log(`    Check log: ${LOG_FILE}`)
+        const url = `http://localhost:${port}`
+        console.log(`    ${url}`)
+      }
+    }).catch(() => {
+      if (waited < maxWait) {
+        setTimeout(poll, interval)
+      } else {
+        console.log(`  ⚠ Server process is running but health check failed after ${maxWait / 1000}s`)
+        console.log(`    Check log: ${LOG_FILE}`)
+        const url = `http://localhost:${port}`
+        console.log(`    ${url}`)
+      }
+    })
+  }
+
+  setTimeout(poll, interval)
+}
+
+function stopDaemon() {
+  const stoppedPreviewPids = stopPreviewRuntimeFromCli()
+  const pidFromFile = readPidFile()
+  if (pidFromFile && !isRunning(pidFromFile)) {
+    removePid()
+    console.log(`  ✓ hermes-web-ui was not running (cleaned stale PID: ${pidFromFile})`)
+    return
+  }
+
+  const pid = pidFromFile ?? recoverPidFromPort()
+  if (!pid) {
+    if (stoppedPreviewPids) {
+      console.log(`  ✓ hermes-web-ui preview stopped`)
+      return
+    }
+    console.log('  ✗ hermes-web-ui is not running')
+    process.exit(1)
+  }
+
+  if (!isRunning(pid)) {
+    removePid()
+    console.log(`  ✓ hermes-web-ui was not running (cleaned stale PID)`)
+    return
+  }
+
+  try {
+    try {
+      process.kill(pid, 'SIGTERM')
+      // Wait briefly for graceful shutdown
+      for (let i = 0; i < 10; i++) {
+        if (!isRunning(pid)) break
+        Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, 500)
+      }
+    } catch {}
+    // Force kill if still alive
+    if (isRunning(pid)) {
+      try {
+        process.kill(pid, 'SIGKILL')
+      } catch (err) {
+        if (err?.code !== 'ESRCH') throw err
+      }
+    }
+    removePid()
+    console.log(`  ✓ hermes-web-ui stopped (PID: ${pid})`)
+  } catch (err) {
+    console.log(`  ✗ Failed to stop: ${err.message}`)
+    process.exit(1)
+  }
+}
+
+function showStatus() {
+  const pid = getPid()
+  if (pid && isRunning(pid)) {
+    console.log(`  ✓ hermes-web-ui is running (PID: ${pid})`)
+    console.log(`    PID file: ${PID_FILE}`)
+  } else {
+    if (pid) removePid()
+    console.log('  ✗ hermes-web-ui is not running')
+  }
+}
+
+function clearLoginLocks(options = {}) {
+  const { silent = false, checkRunning = true } = options
+  const serverRunning = checkRunning ? !!getPid() : false
+  let removed = false
+
+  try {
+    unlinkSync(LOGIN_LOCK_FILE)
+    removed = true
+    if (!silent) console.log(`  ✓ Removed login lock file: ${LOGIN_LOCK_FILE}`)
+  } catch (err) {
+    if (err?.code === 'ENOENT') {
+      if (!silent) console.log(`  ✓ No login lock file found: ${LOGIN_LOCK_FILE}`)
+    } else {
+      if (!silent) console.log(`  ✗ Failed to remove login lock file: ${err.message}`)
+      throw err
+    }
+  }
+
+  if (!silent && serverRunning) {
+    console.log('  ⚠ hermes-web-ui is running; restart it to clear in-memory login locks.')
+    console.log('    Run: hermes-web-ui restart')
+  }
+
+  return { path: LOGIN_LOCK_FILE, removed, serverRunning }
+}
+
+function hashPassword(password) {
+  const salt = randomBytes(16).toString('hex')
+  const hash = scryptSync(password, salt, 64).toString('hex')
+  return `scrypt:${salt}:${hash}`
+}
+
+async function resetDefaultLogin(options = {}) {
+  const { silent = false } = options
+  mkdirSync(WEB_UI_HOME, { recursive: true })
+  const { DatabaseSync } = await import('node:sqlite')
+  const db = new DatabaseSync(WEB_UI_DB_FILE)
+  try {
+    db.exec(`
+      CREATE TABLE IF NOT EXISTS users (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        username TEXT NOT NULL UNIQUE,
+        password_hash TEXT NOT NULL,
+        role TEXT NOT NULL DEFAULT 'admin',
+        status TEXT NOT NULL DEFAULT 'active',
+        created_at INTEGER NOT NULL,
+        updated_at INTEGER NOT NULL,
+        last_login_at INTEGER
+      )
+    `)
+
+    const now = Date.now()
+    const passwordHash = hashPassword(DEFAULT_PASSWORD)
+    const existing = db.prepare('SELECT id FROM users WHERE username = ?').get(DEFAULT_USERNAME)
+    if (existing?.id) {
+      db.prepare(
+        `UPDATE users
+         SET password_hash = ?, role = 'super_admin', status = 'active', updated_at = ?
+         WHERE id = ?`
+      ).run(passwordHash, now, existing.id)
+      if (!silent) {
+        console.log(`  ✓ Reset default login: ${DEFAULT_USERNAME} / ${DEFAULT_PASSWORD}`)
+        console.log(`    Database: ${WEB_UI_DB_FILE}`)
+      }
+      return { path: WEB_UI_DB_FILE, username: DEFAULT_USERNAME, password: DEFAULT_PASSWORD, action: 'updated' }
+    }
+
+    db.prepare(
+      `INSERT INTO users (username, password_hash, role, status, created_at, updated_at)
+       VALUES (?, ?, 'super_admin', 'active', ?, ?)`
+    ).run(DEFAULT_USERNAME, passwordHash, now, now)
+    if (!silent) {
+      console.log(`  ✓ Created default login: ${DEFAULT_USERNAME} / ${DEFAULT_PASSWORD}`)
+      console.log(`    Database: ${WEB_UI_DB_FILE}`)
+    }
+    return { path: WEB_UI_DB_FILE, username: DEFAULT_USERNAME, password: DEFAULT_PASSWORD, action: 'created' }
+  } finally {
+    db.close()
+  }
+}
+
+async function main() {
+  const command = process.argv[2] || 'start'
+
+  if (['-v', '--version', 'version'].includes(command)) {
+    console.log(`hermes-web-ui v${VERSION}`)
+    process.exit(0)
+  }
+
+  if (['-h', '--help', 'help'].includes(command)) {
+    console.log(`
+hermes-web-ui v${VERSION}
+
+Usage: hermes-web-ui <command> [options]
+
+Commands:
+  start [port]       Start the server (default port: ${DEFAULT_PORT})
+  stop               Stop the server
+  restart [port]     Restart the server
+  status             Show server status
+  clear-login-locks  Delete the login IP lock file
+  reset-default-login Create or reset the default login (${DEFAULT_USERNAME} / ${DEFAULT_PASSWORD})
+  update             Update to latest version and restart
+  upgrade            Alias for update
+  version            Show version number
+
+Options:
+  -v, --version      Show version number
+  -h, --help         Show this help message
+  --port <port>      Specify port (used with start/restart)
+  --restart          Restart after clear-login-locks
+`)
+    process.exit(0)
+  }
+
+  switch (command) {
+    case 'start':
+      startDaemon(getPort())
+      break
+    case 'stop':
+      stopDaemon()
+      break
+    case 'restart':
+      stopDaemon()
+      setTimeout(() => startDaemon(getPort()), 500)
+      break
+    case 'status':
+      showStatus()
+      break
+    case 'clear-login-locks': {
+      const restartAfterClear = process.argv.includes('--restart')
+      const result = clearLoginLocks()
+      if (restartAfterClear && result.serverRunning) {
+        const port = getRunningPort() ?? getPort()
+        stopDaemon()
+        setTimeout(() => startDaemon(port), 500)
+      }
+      break
+    }
+    case 'reset-default-login':
+      await resetDefaultLogin()
+      break
+    case 'update':
+    case 'upgrade':
+      doUpdate()
+      break
+    default:
+      ensureNativeModules()
+      const port = !isNaN(command) ? parseInt(command) : DEFAULT_PORT
+      const windowsShell = process.platform === 'win32' ? getWindowsShell() : null
+      const serverEnv = {
+        ...process.env,
+        NODE_ENV: 'production',
+        PORT: String(port),
+      }
+      if (windowsShell) {
+        serverEnv.SHELL = serverEnv.SHELL?.trim() || windowsShell
+        serverEnv.ComSpec = serverEnv.ComSpec?.trim() || windowsShell
+      }
+      const child = spawn(process.execPath, [serverEntry], {
+        stdio: 'inherit',
+        env: serverEnv,
+        windowsHide: true,
+      })
+      child.on('exit', (code) => process.exit(code ?? 1))
+      process.on('SIGTERM', () => child.kill('SIGTERM'))
+      process.on('SIGINT', () => child.kill('SIGINT'))
+  }
+}
+
+function doUpdate() {
+  console.log('  ⬆ Updating hermes-web-ui...')
+
+  const npm = getNpmBin()
+  try {
+    console.log('  🧹 Cleaning npm cache...')
+    execFileSync(npm, ['cache', 'clean', '--force'], {
+      stdio: 'inherit',
+      env: getCurrentNodeEnv(),
+    })
+  } catch (err) {
+    console.log(`  ⚠ Failed to clean npm cache, continuing update: ${err?.message || err}`)
+  }
+
+  runUpdateInstall(npm)
+}
+
+function runUpdateInstall(npm) {
+  const child = spawnCli(npm, ['install', '-g', 'hermes-web-ui@latest'], {
+    stdio: 'inherit',
+    windowsHide: true,
+    env: getCurrentNodeEnv(),
+  })
+
+  child.on('error', (err) => {
+    console.log(`  ✗ Update failed: ${err.message}`)
+    process.exit(1)
+  })
+
+  child.on('exit', (code) => {
+    if (code === 0) {
+      console.log('  ✓ Update complete, restarting...')
+      const cli = getGlobalCliBin()
+      if (!existsSync(cli)) {
+        console.log(`  ✗ Updated CLI not found: ${cli}`)
+        process.exit(1)
+      }
+
+      const restart = spawnCli(cli, ['restart', '--port', String(getUpdatePort())], {
+        stdio: 'inherit',
+        windowsHide: true,
+        env: getCurrentNodeEnv(),
+      })
+      restart.on('error', (err) => {
+        console.log(`  ✗ Restart failed: ${err.message}`)
+        process.exit(1)
+      })
+      restart.on('exit', (restartCode) => process.exit(restartCode ?? 1))
+    } else {
+      console.log('  ✗ Update failed')
+      process.exit(code ?? 1)
+    }
+  })
+}
+
+if (process.argv[1] && realpathSync(resolve(process.argv[1])) === __filename) {
+  main().catch(err => {
+    console.error(`  ✗ ${err?.message || err}`)
+    process.exit(1)
+  })
+}
+
+export {
+  clearLoginLocks,
+  commandExists,
+  getListeningPids,
+  parseUnixNetstatListeningPids,
+  resetDefaultLogin,
+  stopDaemon,
+}
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..679ed72
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,25 @@
+services:
+  hermes-webui:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: ${WEBUI_IMAGE:-hermes-web-ui-local:latest}
+    container_name: ${WEBUI_CONTAINER_NAME:-hermes-webui}
+    ports:
+      - "${PORT:-6060}:${PORT:-6060}"
+      - "${PREVIEW_FRONTEND_PORT:-8651}:8651"
+      - "${XAI_OAUTH_PORT:-56121}:56121"
+    volumes:
+      - ${HERMES_DATA_DIR:-./hermes_data}:/home/agent/.hermes
+      - ${HERMES_DATA_DIR:-./hermes_data}/hermes-web-ui:/home/agent/.hermes-web-ui
+    environment:
+      - PORT=${PORT:-6060}
+      - HERMES_HOME=/home/agent/.hermes
+      - HERMES_BIN=/opt/hermes/.venv/bin/hermes
+      - HERMES_WEB_UI_MANAGED_GATEWAY=1
+      - HERMES_WEB_UI_XAI_CALLBACK_BIND_HOST=0.0.0.0
+      - PATH=/opt/hermes/.venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+      - HERMES_ALLOW_ROOT_GATEWAY=1
+    restart: unless-stopped
+    stdin_open: true
+    tty: true
diff --git a/docs/cli-chat-sessions.md b/docs/cli-chat-sessions.md
new file mode 100644
index 0000000..f1a19b8
--- /dev/null
+++ b/docs/cli-chat-sessions.md
@@ -0,0 +1,472 @@
+# CLI/Bridge Chat Sessions 实现文档
+
+> 状态：本文档描述当前 `main` 中 Web UI 聊天会话的 API Server / Bridge(beta) 双路径实现。
+
+## 概述
+
+当前实现把原来的聊天通道统一到 Socket.IO namespace `/chat-run`。前端仍使用同一套 `ChatPanel + MessageList + ChatInput`，通过会话的 `source` 字段区分运行方式：
+
+| source | 运行路径 | 说明 |
+|--------|----------|------|
+| `api_server` | Web UI Server → Hermes Gateway `/v1/responses` | 默认聊天路径 |
+| `cli` | Web UI Server → Python agent bridge → `AIAgent` | Bridge(beta)，在 Web UI 服务端子进程里直接运行 Hermes Agent |
+
+Bridge 会话不是一个独立 UI 面板，而是普通会话的一种来源。用户通过“新建聊天”下拉菜单选择 `API` 或 `Bridge (beta)`。
+
+Bridge 模式支持：
+
+- 流式文本输出
+- reasoning/thinking 增量
+- tool started/completed 事件
+- 工具审批请求与响应
+- abort 中断
+- per-session 队列
+- profile 隔离
+- 从 DB resume 会话
+- 与 API Server 路径共用上下文压缩逻辑
+
+当前不再支持旧文档里的独立 `/cli-chat-run` namespace、`CliChatPanel.vue`、`cli-chat.ts` 和独立 `command` / `steer` socket 事件。CLI/Bridge 会话中的 slash command 现在通过统一 `/chat-run` 的 `run` payload 进入后端解析；当前支持 `/usage`、`/status`、`/abort`、`/queue`、`/clear`、`/title`、`/compress`、`/steer`、`/destroy`。
+
+---
+
+## 整体架构
+
+```text
+ChatPanel.vue
+  ├─ MessageList.vue
+  └─ ChatInput.vue
+        │
+        │ Socket.IO /chat-run
+        ▼
+ChatRunSocket (Node.js)
+  ├─ source=api_server → Hermes Gateway /v1/responses
+  └─ source=cli        → AgentBridgeClient
+                              │ TCP/Unix socket, newline JSON
+                              ▼
+                         hermes_bridge.py
+                              │ in-process import
+                              ▼
+                         AIAgent (hermes-agent)
+```
+
+### 分流规则
+
+`ChatRunSocket.resolveRunSource()` 决定本轮运行走哪个后端：
+
+1. `run` payload 中 `source === 'cli'` 时走 bridge。
+2. `source === 'api_server'` 时走 gateway。
+3. 未显式传 `source` 时，如果 DB 中已有 session 的 `source` 是 `cli`，继续走 bridge。
+4. 其他情况默认走 `api_server`。
+
+---
+
+## 主要文件
+
+### 前端
+
+| 文件 | 说明 |
+|------|------|
+| `packages/client/src/components/hermes/chat/ChatPanel.vue` | 统一聊天面板；新建菜单包含 `API` 和 `Bridge (beta)`；渲染审批条 |
+| `packages/client/src/components/hermes/chat/MessageList.vue` | 统一消息列表；展示文本、reasoning、tool 消息等 |
+| `packages/client/src/components/hermes/chat/ChatInput.vue` | 统一输入框；发送、停止、附件上传入口 |
+| `packages/client/src/api/hermes/chat.ts` | `/chat-run` Socket.IO 客户端；注册 session 事件处理器；发送 run/abort/approval |
+| `packages/client/src/stores/hermes/chat.ts` | 会话状态、发送流程、resume、队列、审批、消息映射 |
+
+### 后端
+
+| 文件 | 说明 |
+|------|------|
+| `packages/server/src/services/hermes/run-chat/index.ts` | `/chat-run` Socket.IO 入口；按 `source` 分流 API Server 与 Bridge 运行 |
+| `packages/server/src/services/hermes/run-chat/handle-api-run.ts` | API Server 路径；调用 Hermes Gateway `/v1/responses` 并消费流式响应 |
+| `packages/server/src/services/hermes/run-chat/handle-bridge-run.ts` | Bridge 路径；调用 Agent Bridge 并写入本地会话库 |
+| `packages/server/src/services/hermes/run-chat/session-command.ts` | CLI/Bridge slash command 解析与处理 |
+| `packages/server/src/services/hermes/agent-bridge/client.ts` | Node 端 bridge 客户端；通过 socket 请求 Python bridge |
+| `packages/server/src/services/hermes/agent-bridge/manager.ts` | Python bridge 子进程生命周期管理 |
+| `packages/server/src/services/hermes/agent-bridge/hermes_bridge.py` | Python bridge 服务；创建并复用 `AIAgent` 实例 |
+| `packages/server/src/services/hermes/agent-bridge/index.ts` | bridge 模块导出 |
+| `packages/server/src/index.ts` | 启动 `AgentBridgeManager` 和 `ChatRunSocket` |
+| `packages/server/src/services/shutdown.ts` | 关闭时停止 chat socket 和 bridge 子进程 |
+| `packages/server/src/controllers/hermes/sessions.ts` | 会话列表和详情读取，包含 `source` 信息 |
+| `packages/server/src/controllers/hermes/profiles.ts` | profile 管理接口；按 URL/body 中的 profile 做权限校验 |
+
+### 已移除的旧文件
+
+| 文件 | 状态 |
+|------|------|
+| `packages/client/src/api/hermes/cli-chat.ts` | 已删除 |
+| `packages/client/src/components/hermes/chat/CliChatPanel.vue` | 已删除 |
+| `packages/server/src/services/hermes/cli-chat-run-socket.ts` | 已删除 |
+
+---
+
+## 前端流程
+
+### 新建会话
+
+`ChatPanel.vue` 中的新建按钮使用下拉菜单：
+
+- `API`：调用 `chatStore.newChat()`，创建默认 `api_server` 会话。
+- `Bridge (beta)`：调用 `chatStore.newCliSession()`，创建 `source: 'cli'` 会话。
+
+Bridge 会话 ID 使用类似 `YYYYMMDD_HHMMSS_xxxxxx` 的格式，便于与 Hermes CLI 风格的 session ID 对齐。
+
+### 发送消息
+
+1. `ChatInput.vue` 触发 store 的发送逻辑。
+2. `chat.ts` 根据 active session 组装输入内容，附件会被转为 `ContentBlock[]`。
+3. 调用 `startRunViaSocket()`。
+4. 前端向 `/chat-run` emit：
+
+```ts
+socket.emit('run', {
+  session_id,
+  input,
+  instructions,
+  model,
+  queue_id,
+  source, // api_server 或 cli
+})
+```
+
+5. 前端注册本 session 的事件 handler，通过 `session_id` 隔离多会话并发事件。
+
+### Resume
+
+切换会话、页面恢复可见、或刷新后，前端通过：
+
+```ts
+socket.emit('resume', { session_id })
+```
+
+服务端返回：
+
+```ts
+{
+  session_id,
+  messages,
+  isWorking,
+  isAborting,
+  events,
+  inputTokens,
+  outputTokens,
+  queueLength,
+}
+```
+
+如果服务端发现该 session 仍在运行，前端会重新注册 handler，并允许继续 abort。
+
+### 审批
+
+Bridge 工具需要人工确认时，服务端会发 `approval.requested`，前端 store 记录为 `activePendingApproval`，`ChatPanel.vue` 在输入框上方显示审批条。
+
+前端响应审批：
+
+```ts
+socket.emit('approval.respond', {
+  session_id,
+  approval_id,
+  choice, // once | session | always | deny
+})
+```
+
+---
+
+## `/chat-run` Socket.IO 协议
+
+### 客户端 → 服务端
+
+| 事件 | 数据 | 说明 |
+|------|------|------|
+| `run` | `{ session_id, input, model?, instructions?, queue_id?, source? }` | 启动一轮运行；`source` 决定 API Server 或 Bridge |
+| `resume` | `{ session_id }` | 加入 session room 并恢复状态 |
+| `abort` | `{ session_id }` | 中断当前运行 |
+| `cancel_queued_run` | `{ session_id, queue_id }` | 取消等待队列中的一条 run |
+| `approval.respond` | `{ session_id, approval_id, choice }` | 响应 Bridge 工具审批 |
+
+客户端不再发送独立 `command` 或 `steer` Socket.IO 事件；slash command 作为普通 `run.input` 进入 `/chat-run`，由服务端在 `source=cli` 时解析。
+
+### 服务端 → 客户端
+
+| 事件 | 说明 |
+|------|------|
+| `resumed` | 返回 DB 消息、运行状态、队列长度和最近事件 |
+| `run.started` | 运行开始 |
+| `run.queued` | 当前 session 已有运行，新请求进入队列 |
+| `message.delta` | 文本增量 |
+| `reasoning.delta` | reasoning 增量 |
+| `thinking.delta` | thinking 增量 |
+| `reasoning.available` | reasoning 内容可用 |
+| `tool.started` | 工具调用开始 |
+| `tool.completed` | 工具调用结束 |
+| `approval.requested` | Bridge 工具请求人工审批 |
+| `approval.resolved` | 审批完成或超时 |
+| `compression.started` | 上下文压缩开始 |
+| `compression.completed` | 上下文压缩结束 |
+| `usage.updated` | token 用量更新 |
+| `abort.started` | 中断开始 |
+| `abort.completed` | 中断结束 |
+| `session.command` | slash command 的执行结果或错误反馈 |
+| `run.completed` | 运行完成 |
+| `run.failed` | 运行失败 |
+
+### 认证
+
+`/chat-run` 使用 Socket.IO auth token：
+
+```ts
+io(`${baseUrl}/chat-run`, {
+  auth: { token },
+  query: { profile },
+})
+```
+
+服务端会与 Web UI token 比对。
+
+---
+
+## ChatRunSocket 后端行为
+
+### API Server 路径
+
+`source=api_server` 时：
+
+1. 写入用户消息到 Web UI 本地 session DB。
+2. 通过 `buildCompressedHistory()` 构建上下文。
+3. 请求当前 profile 的 Hermes Gateway：
+
+```text
+POST <upstream>/v1/responses
+```
+
+4. 读取 SSE frame，映射为统一的 `/chat-run` 事件。
+5. 完成后写入 assistant/tool 消息，更新 usage。
+
+### Bridge 路径
+
+`source=cli` 时：
+
+1. 写入用户消息到 Web UI 本地 session DB。
+2. 复用同一套 `buildCompressedHistory()` 构建压缩上下文。
+3. 调用：
+
+```ts
+this.bridge.chat(session_id, input, history, instructions, profile)
+```
+
+4. 轮询 `AgentBridgeClient.streamOutput(run_id)`。
+5. 将 Python bridge 的 delta 和 events 映射成统一事件。
+6. 将 assistant 文本、reasoning、tool 调用结果 flush 回 DB。
+
+### 队列
+
+同一个 `session_id` 同时只能有一个 active run。新的 `run` 到达时：
+
+- 如果当前 session 正在运行，则放入 `state.queue`。
+- 发送 `run.queued` 更新队列长度。
+- 当前 run 结束或 abort 完成后，自动执行下一条 queued run。
+
+---
+
+## Python Agent Bridge
+
+### 通信协议
+
+Node 和 Python bridge 之间使用本地 socket 的单行 JSON 协议：
+
+```json
+{ "action": "chat", "session_id": "xxx", "message": "hello" }
+```
+
+响应也是单行 JSON：
+
+```json
+{ "ok": true, "run_id": "xxx", "session_id": "xxx", "status": "running" }
+```
+
+### Endpoint
+
+默认 endpoint 按平台选择：
+
+| 平台 | 默认 endpoint |
+|------|---------------|
+| Windows | `tcp://127.0.0.1:18765` |
+| macOS/Linux | `ipc:///tmp/hermes-agent-bridge.sock` |
+
+Windows 使用 TCP 是因为部分 Python/Windows 环境没有 Unix domain socket 支持。
+
+### 当前实际使用的 action
+
+| Action | 说明 |
+|--------|------|
+| `chat` | 启动一轮 `AIAgent.run_conversation()` |
+| `get_output` | 通过 `cursor` 和 `event_cursor` 获取增量文本与事件 |
+| `interrupt` | 调用 agent 中断当前运行 |
+| `approval_respond` | 响应工具审批 |
+| `destroy_all` | 维护动作；仅用于明确的全量清理/进程关闭场景，普通 profile 切换不会调用 |
+
+bridge 代码里还保留了一些调试/维护 action，例如 `ping`、`get_result`、`get_history`、`destroy`、`list`、`shutdown`、`steer`。当前 `/chat-run` 前端路径不会直接暴露这些 action；需要的能力由 Node `/chat-run` 层封装，例如 `/steer` slash command 会调用 `steer` action。
+
+旧的 `command` action 已移除，Python bridge 不再直接解析 `/new`、`/undo`、`/retry`、`/branch` 等旧斜杠命令；当前 CLI/Bridge slash command 支持范围以 Node `/chat-run` 的 `session-command.ts` 为准。
+
+### 会话和 profile
+
+`AgentPool` 维护 `session_id -> AgentSession`：
+
+- 每个 session 持有独立 `AIAgent` 实例。
+- session 按请求中的 profile 创建和复用；前端切换 Hermes Profile 只改变后续请求使用的 profile，不会影响其他 bridge 内存 session。
+- `HERMES_HOME` 会在创建 agent 时临时切到 profile home。
+- `SessionDB` 按 profile 的 `state.db` 路径缓存。
+- 空闲 session 会被 bridge GC，默认 30 分钟无运行后销毁内存态。
+
+### 工具和审批事件
+
+bridge 从 `AIAgent` 回调中收集事件：
+
+- `stream.delta`
+- `reasoning.delta`
+- `thinking.delta`
+- `tool.started`
+- `tool.completed`
+- `tool.progress`
+- `approval.requested`
+- `approval.resolved`
+- `turn.boundary`
+- `status`
+
+`ChatRunSocket` 会把这些事件转换为前端统一事件，并负责 DB 落盘。
+
+审批默认等待 60 秒，超时自动 `deny`。
+
+---
+
+## AgentBridgeClient
+
+`AgentBridgeClient` 是 Node 端本地 socket 客户端。
+
+行为：
+
+- 支持 `ipc://` 和 `tcp://` endpoint。
+- 每次请求新建 socket，发送一行 JSON，读取一行 JSON。
+- 请求通过内部 lock 串行化。
+- 默认请求响应超时为 `120000ms`。
+- `streamOutput()` 每 100ms 轮询一次 `get_output`。
+
+示例：
+
+```ts
+const started = await bridge.chat(sessionId, input, history, instructions, profile)
+
+for await (const chunk of bridge.streamOutput(started.run_id)) {
+  // chunk.delta
+  // chunk.events
+  // chunk.done
+}
+```
+
+注意：目前 socket connect 阶段没有独立 connect timeout，主要依赖系统连接错误和请求响应 timeout。
+
+---
+
+## AgentBridgeManager
+
+`AgentBridgeManager` 负责启动和停止 Python bridge。
+
+启动流程：
+
+1. 定位 `hermes_bridge.py`。
+2. 发现 `hermes-agent` 根目录。
+3. 选择 Python 解释器。
+4. 以子进程启动：
+
+```text
+python hermes_bridge.py --endpoint <endpoint> --agent-root <root> --hermes-home <home>
+```
+
+5. 监听 stdout，等待：
+
+```json
+{ "event": "ready", "endpoint": "..." }
+```
+
+6. 默认 ready 超时为 `120000ms`。
+
+Python 选择优先级：
+
+1. `HERMES_AGENT_BRIDGE_PYTHON`
+2. `agentRoot/venv` 或 `agentRoot/.venv`
+3. installed `hermes` 命令 shebang
+4. `uv run --project <agentRoot> python`
+5. 系统 `python3` / `python`
+
+关闭时先发 `SIGTERM`，1.5 秒后仍未退出则 `SIGKILL`。
+
+---
+
+## 启动与关闭
+
+### 启动
+
+`bootstrap()` 中会先尝试启动 bridge：
+
+```ts
+agentBridgeManager = await startAgentBridgeManager()
+```
+
+bridge 启动失败不会阻止 Web UI 启动，但 Bridge(beta) 会话后续运行会失败。
+
+随后创建统一的 chat socket：
+
+```ts
+chatRunServer = new ChatRunSocket(groupChatServer.getIO())
+chatRunServer.init()
+```
+
+### 关闭
+
+服务关闭时会清理：
+
+- `/chat-run` Socket.IO 状态
+- Python agent bridge 子进程
+- 其他 WebSocket/Socket.IO 服务
+
+---
+
+## 环境变量
+
+| 变量 | 说明 |
+|------|------|
+| `HERMES_AGENT_BRIDGE_ENDPOINT` | Bridge endpoint；Windows 默认 `tcp://127.0.0.1:18765`，macOS/Linux 默认 `ipc:///tmp/hermes-agent-bridge.sock` |
+| `HERMES_AGENT_BRIDGE_WORKER_TRANSPORT` | profile worker endpoint transport；设为 `tcp` 使用 loopback TCP，设为 `ipc`/`unix` 使用 Unix domain socket；默认 Windows 使用 TCP，macOS/Linux 使用 IPC |
+| `HERMES_AGENT_BRIDGE_WORKER_PORT_BASE` | TCP worker endpoint 起始端口，默认 `18780`；仅在 worker transport 为 TCP 时生效 |
+| `HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_TRANSPORT` | Version Preview 的 bridge broker endpoint transport；设为 `tcp` 可让预览环境在 macOS/Linux 上也使用 loopback TCP；未设置时会跟随 `HERMES_AGENT_BRIDGE_WORKER_TRANSPORT=tcp` |
+| `HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_ENDPOINT` | 直接覆盖 Version Preview 的 bridge broker endpoint；用于需要完全自定义预览 bridge 地址的部署 |
+| `HERMES_AGENT_BRIDGE_TIMEOUT_MS` | Node 等待 bridge 请求响应的超时，默认 `120000` ms |
+| `HERMES_AGENT_BRIDGE_CONNECT_RETRY_MS` | Node 连接 bridge socket 失败时的短重试窗口，默认 `5000` ms |
+| `HERMES_AGENT_BRIDGE_STARTUP_TIMEOUT_MS` | Node 等待 Python bridge ready 的超时，默认 `120000` ms |
+| `HERMES_AGENT_BRIDGE_AUTO_RESTART` | bridge broker 意外退出后是否自动重启；设为 `0`/`false`/`no`/`off` 可关闭，默认开启 |
+| `HERMES_AGENT_BRIDGE_RESTART_DELAY_MS` | bridge broker 自动重启基础延迟，默认 `1000` ms，连续失败时最多退避到 `30000` ms |
+| `HERMES_AGENT_BRIDGE_PYTHON` | 指定 Python 解释器路径 |
+| `HERMES_AGENT_ROOT` | hermes-agent 安装目录 |
+| `HERMES_AGENT_BRIDGE_UV` | 指定 uv 可执行文件路径 |
+| `HERMES_AGENT_BRIDGE_PLATFORM` | bridge 传给 Hermes Agent 的平台标识，默认 `cli` |
+| `HERMES_BRIDGE_PROVIDER` | 覆盖 bridge 使用的 provider |
+| `HERMES_BRIDGE_MAX_TURNS` | 覆盖 bridge 最大轮数 |
+| `UV` | uv 可执行文件路径 fallback |
+
+正常使用不需要配置这些变量。Bridge 支持多个用户/多个 profile 的运行并存；Web UI 的 Hermes Profile 切换不会重启 bridge 或销毁其他正在运行的任务。`HERMES_AGENT_BRIDGE_ENDPOINT` 控制 Node 与 Python bridge broker 的连接地址；`HERMES_AGENT_BRIDGE_WORKER_TRANSPORT` 控制 broker 与每个 profile worker 的连接方式。macOS/Linux 默认仍使用 IPC；如果 Electron、沙盒或安全软件环境下 IPC 不稳定，可以设置 `HERMES_AGENT_BRIDGE_WORKER_TRANSPORT=tcp` 切到 loopback TCP。Version Preview 默认继续使用独立的 broker endpoint，也会为 TCP worker 使用独立端口段，避免和正式实例共享端口池；如需让 Preview 的 broker 在 macOS/Linux 上也走 TCP，可设置 `HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_TRANSPORT=tcp`，未设置时会跟随 `HERMES_AGENT_BRIDGE_WORKER_TRANSPORT=tcp`。Windows 下如果默认 TCP 端口被旧 bridge/broker/worker 占用，新 bridge 会先按端口杀掉旧进程树，再用同一个 endpoint 重建。
+
+Windows 首次启动慢时可以临时放大：
+
+```powershell
+$env:HERMES_AGENT_BRIDGE_STARTUP_TIMEOUT_MS = "300000"
+$env:HERMES_AGENT_BRIDGE_TIMEOUT_MS = "300000"
+```
+
+---
+
+## 当前限制
+
+- Bridge(beta) 仍依赖 Python bridge 成功启动；启动失败时 Web UI 可用，但 bridge 会话不可用。
+- bridge socket connect 阶段还没有单独 connect timeout。
+- 旧 CLI 独立面板和独立 `/cli-chat-run` namespace 已移除。
+- 旧 bridge `command/steer` socket 控制层已移除；CLI/Bridge slash command 现在通过统一 `/chat-run` 的 `run.input` 解析并以 `session.command` 反馈。
diff --git a/docs/docker.md b/docs/docker.md
new file mode 100644
index 0000000..bdf8fd0
--- /dev/null
+++ b/docs/docker.md
@@ -0,0 +1,104 @@
+# Docker Compose Guide
+
+This repository ships an environment-variable driven Docker Compose setup.
+
+## Quick Start
+
+### Pull pre-built image (Recommended)
+
+```bash
+WEBUI_IMAGE=ekkoye8888/hermes-web-ui docker compose up -d
+docker compose logs -f hermes-webui
+```
+
+Open: `http://localhost:6060`
+
+### Build from source
+
+```bash
+docker compose up -d --build
+docker compose logs -f hermes-webui
+```
+
+## Services
+
+This compose file runs a single service:
+
+- `hermes-webui` — Web UI dashboard with integrated Hermes Agent runtime (pre-built image or built from source)
+
+The Web UI container is built on the `nousresearch/hermes-agent` base image and uses the Hermes CLI / agent bridge runtime for chat execution. It does not start or manage a separate Hermes gateway process.
+
+## Environment Variables
+
+All key runtime settings are configured from compose variables.
+
+| Variable | Default | Description |
+|---|---|---|
+| `PORT` | `6060` | Web UI listen port |
+| `BIND_HOST` | `0.0.0.0` | Optional Web UI bind host. Defaults to IPv4 for stable WSL/Windows access. Set `::` explicitly if you want IPv6 listening. |
+| `HERMES_BIN` | `/opt/hermes/.venv/bin/hermes` | Path to Hermes CLI binary |
+| `HERMES_AGENT_IMAGE` | `nousresearch/hermes-agent:latest` | Hermes Agent base image (used only during build) |
+| `WEBUI_IMAGE` | `hermes-web-ui-local:latest` | Web UI image (set to `ekkoye8888/hermes-web-ui` to use pre-built) |
+| `HERMES_DATA_DIR` | `./hermes_data` | Hermes runtime data directory |
+
+Override variables directly from shell:
+
+```bash
+PORT=16060 docker compose up -d
+```
+
+Or create a `.env` file in the project root:
+
+```
+WEBUI_IMAGE=ekkoye8888/hermes-web-ui
+PORT=6060
+```
+
+## Data Persistence
+
+| Path | Description |
+|---|---|
+| `${HERMES_DATA_DIR}` (`./hermes_data`) | Hermes runtime data (sessions, config, profiles) |
+| `${HERMES_DATA_DIR}/hermes-web-ui` | Web UI data (auth token, etc.) |
+
+- Hermes data persists in `./hermes_data`, mapped to `/home/agent/.hermes` in the container.
+- Web UI data persists in `./hermes_data/hermes-web-ui/`, mapped to `/home/agent/.hermes-web-ui` in the container.
+- The auth token is auto-generated on first run and printed to container logs.
+- Deleting the token file and restarting will generate a new one.
+
+## Port Mapping
+
+| Port | Description |
+|---|---|
+| `${PORT}` (6060) | Web UI dashboard |
+
+No Hermes gateway ports are exposed by this compose setup.
+
+## Code Runtime Behavior
+
+- Hermes CLI binary comes from `HERMES_BIN` env (`packages/server/src/services/hermes-cli.ts`).
+- If `HERMES_BIN` is not provided, code falls back to `hermes` in `PATH`.
+- Profile-specific chat runs are handled through the Hermes agent bridge. The selected/requested profile is authorized per account and passed with runtime requests; switching the frontend Hermes Profile does not restart the bridge or clear other running tasks.
+- Docker is a managed gateway runtime: Web UI checks profile gateways on startup, but it does not run a periodic gateway recovery loop.
+
+## Common Operations
+
+Recreate:
+
+```bash
+docker compose up -d --force-recreate
+```
+
+View auth token:
+
+```bash
+docker compose logs hermes-webui | grep token
+# or
+cat ./hermes_data/hermes-web-ui/.token
+```
+
+Stop:
+
+```bash
+docker compose down
+```
diff --git a/docs/harness/README.md b/docs/harness/README.md
new file mode 100644
index 0000000..a271399
--- /dev/null
+++ b/docs/harness/README.md
@@ -0,0 +1,40 @@
+# Harness Overview
+
+This harness turns recurring project knowledge into files and checks that an
+agent can discover without chat history.
+
+## Goals
+
+- Make repository context legible through short maps and deeper docs.
+- Keep architecture constraints close to the code they protect.
+- Give agents a deterministic validation path before opening or updating a PR.
+- Prefer mechanical checks over reminder text when a rule can be verified.
+
+## Entry Points
+
+- `AGENTS.md` is the root map for coding agents.
+- `ARCHITECTURE.md` documents package boundaries and state ownership.
+- `DEVELOPMENT.md` remains the contributor rules and command reference.
+- `docs/harness/validation.md` maps change types to checks.
+- `docs/harness/worktree-runbook.md` explains isolated worktree development.
+- `docs/harness/pr-review.md` provides a PR self-review checklist.
+- `scripts/harness-check.mjs` enforces baseline repository invariants.
+
+## Operating Model
+
+1. Read the root map and the specific doc for the task.
+2. Make the smallest scoped change.
+3. Add or update focused tests when behavior changes.
+4. Run `npm run harness:check` and the relevant validation commands.
+5. If a failure pattern repeats, improve this harness with docs, tests, scripts,
+   or CI instead of relying on a longer prompt.
+
+## What Belongs In The Harness
+
+- Facts that future agents must know to work safely.
+- Checklists that prevent repeated PR review comments.
+- Scripts that fail fast on repository-wide invariants.
+- Runbooks for local, CI, release, and desktop packaging flows.
+
+Do not put long implementation notes in `AGENTS.md`. Add them under `docs/` and
+link to them from the map.
diff --git a/docs/harness/pr-review.md b/docs/harness/pr-review.md
new file mode 100644
index 0000000..ebf42ba
--- /dev/null
+++ b/docs/harness/pr-review.md
@@ -0,0 +1,41 @@
+# PR Self-Review
+
+Use this checklist before pushing or updating a pull request.
+
+## Scope
+
+- The PR title states the behavior being changed.
+- The diff is limited to the requested task and required harness updates.
+- Unrelated formatting or refactors are not bundled into the change.
+- User-facing text has locale coverage.
+
+## Architecture
+
+- Client code uses shared API helpers and existing UI patterns.
+- Server routes stay thin and delegate reusable behavior to controllers/services.
+- Web UI state uses `config.appHome` or documented helpers.
+- Hermes Agent state and Web UI state remain separate.
+- Subprocess calls use argument arrays instead of shell string construction.
+
+## Tests And Validation
+
+- A focused test was added or updated for behavior changes.
+- Browser-visible flows have e2e coverage when the risk justifies it.
+- `npm run harness:check` passes.
+- The PR body lists validation commands that actually ran.
+- Known limitations or follow-ups are called out.
+
+## Release And CI
+
+- Workflow changes were checked with `npm run harness:check`.
+- Desktop release artifacts remain platform-specific.
+- `fail_on_unmatched_files: true` is preserved when each matrix target has its
+  own expected artifact list.
+- Package manifest changes have matching lockfile changes when dependencies
+  change.
+
+## Before Merge
+
+- CI is green or failures are explained as unrelated.
+- The branch is mergeable.
+- The PR does not depend on hidden local state, credentials, or uncommitted files.
diff --git a/docs/harness/validation.md b/docs/harness/validation.md
new file mode 100644
index 0000000..f860189
--- /dev/null
+++ b/docs/harness/validation.md
@@ -0,0 +1,68 @@
+# Validation Guide
+
+Run the smallest relevant checks while iterating. Escalate to the broad checks
+when touching shared behavior, release automation, auth, persistence, or chat.
+
+## Always Run For PRs
+
+```bash
+npm run harness:check
+```
+
+For broad or shared changes, also run:
+
+```bash
+npm run test:coverage
+npm run test:e2e
+npm run build
+```
+
+## Change-Type Matrix
+
+| Change | Minimum local validation |
+| --- | --- |
+| Docs only | `npm run harness:check` |
+| Client component/store/API | focused `npm run test -- <pattern>`, then `npm run build` |
+| User-visible browser flow | focused Vitest plus `npm run test:e2e` |
+| Server controller/service/db | focused `npm run test -- tests/server/<file>` |
+| Auth, profile, or credential behavior | focused server tests plus relevant e2e auth tests |
+| Chat, Socket.IO, group chat | focused server tests plus relevant e2e chat tests |
+| Desktop packaging | `npm run harness:check`, `npm run build`, and a platform-specific desktop build when practical |
+| GitHub workflow | `npm run harness:check` and `actionlint` when available |
+| Package manifests | `npm ci --ignore-scripts` and lockfile workflow expectations |
+
+## CI Mapping
+
+- Build workflow: installs dependencies, runs coverage, and builds production
+  assets on pushes and pull requests.
+- Playwright workflow: runs browser e2e tests.
+- NPM lockfile workflow: verifies `package-lock.json` is synchronized.
+- Desktop release and manual desktop build workflows build and upload
+  platform-specific desktop artifacts.
+- Docker workflow: builds and publishes release images.
+
+## Release Workflow Guardrail
+
+Desktop release jobs must upload only the artifacts that their matrix target can
+produce. Keep artifact globs in matrix data and keep `fail_on_unmatched_files:
+true` so missing expected files still fail.
+
+Expected desktop release outputs:
+
+| Target | Required release globs |
+| --- | --- |
+| macOS | `*.dmg`, `*.dmg.blockmap`, `*.zip`, `*.zip.blockmap`, `latest*.yml` |
+| Windows | `*.exe`, `*.exe.blockmap`, `latest*.yml` |
+| Linux x64 | `*.AppImage`, `*.deb`, `latest*.yml` |
+| Linux arm64 | `*.AppImage`, `latest*.yml` |
+
+## Failure Handling
+
+When a command fails:
+
+1. Read the first actionable error, not just the final stack trace.
+2. Check whether the failure indicates missing context, missing test coverage,
+   or a missing mechanical rule.
+3. Fix the product bug when there is one.
+4. Update docs or `scripts/harness-check.mjs` when the same class of mistake
+   should be prevented next time.
diff --git a/docs/harness/worktree-runbook.md b/docs/harness/worktree-runbook.md
new file mode 100644
index 0000000..c405bf8
--- /dev/null
+++ b/docs/harness/worktree-runbook.md
@@ -0,0 +1,64 @@
+# Worktree Runbook
+
+Use a separate git worktree for agent changes so local user work remains
+untouched.
+
+## Create A Worktree
+
+```bash
+git fetch origin --prune
+git worktree add -b codex/<short-topic> ../worktrees/hermes-web-ui-<short-topic> origin/main
+cd ../worktrees/hermes-web-ui-<short-topic>
+```
+
+If the repository uses a fork remote, push to the remote requested by the task.
+Do not rewrite or reset unrelated branches.
+
+## Install
+
+```bash
+npm ci --ignore-scripts
+npm rebuild node-pty
+```
+
+Desktop package dependencies are separate:
+
+```bash
+npm ci --prefix packages/desktop --no-audit --no-fund
+```
+
+## Isolated Runtime
+
+Use per-worktree state and ports to avoid colliding with a running local app:
+
+```bash
+export PORT=18648
+export HERMES_WEB_UI_HOME="$PWD/.tmp/hermes-web-ui"
+export HERMES_WEBUI_STATE_DIR="$HERMES_WEB_UI_HOME"
+export UPLOAD_DIR="$PWD/.tmp/uploads"
+npm run dev
+```
+
+Do not point `HERMES_WEB_UI_HOME` at a user's real `~/.hermes-web-ui` when a task
+only needs local verification.
+
+## Browser Checks
+
+For browser-visible changes:
+
+```bash
+npm run test:e2e
+```
+
+Prefer existing Playwright fixtures and mocked backend services. Add real-service
+requirements only when the behavior cannot be represented with mocks.
+
+## Cleanup
+
+After a PR is pushed and no more local work is needed:
+
+```bash
+git worktree remove ../worktrees/hermes-web-ui-<short-topic>
+```
+
+Only remove the worktree you created.
diff --git a/docs/openapi.json b/docs/openapi.json
new file mode 100644
index 0000000..fce809f
--- /dev/null
+++ b/docs/openapi.json
@@ -0,0 +1,3449 @@
+{
+  "openapi": "3.0.3",
+  "info": {
+    "title": "Hermes Web UI API",
+    "description": "BFF server API for Hermes Web UI — chat sessions, scheduled jobs, platform channels, model management, skills, memory, logs, file browser, group chat, and terminal.",
+    "version": "0.5.9"
+  },
+  "servers": [
+    {
+      "url": "http://localhost:8648",
+      "description": "Local development"
+    }
+  ],
+  "tags": [
+    {
+      "name": "Codex Auth",
+      "description": "OpenAI Codex OAuth"
+    },
+    {
+      "name": "Config",
+      "description": "Configuration management"
+    },
+    {
+      "name": "Copilot Auth",
+      "description": "GitHub Copilot OAuth"
+    },
+    {
+      "name": "Jobs",
+      "description": "Scheduled job management"
+    },
+    {
+      "name": "Download",
+      "description": "File download"
+    },
+    {
+      "name": "Files",
+      "description": "Hermes file browser"
+    },
+    {
+      "name": "Group Chat",
+      "description": "Group chat management"
+    },
+    {
+      "name": "Logs",
+      "description": "Log file access"
+    },
+    {
+      "name": "Memory",
+      "description": "Agent memory files"
+    },
+    {
+      "name": "Models",
+      "description": "Model configuration"
+    },
+    {
+      "name": "Nous Auth",
+      "description": "Nous Research OAuth"
+    },
+    {
+      "name": "Profiles",
+      "description": "Hermes profile management"
+    },
+    {
+      "name": "Providers",
+      "description": "Model provider management"
+    },
+    {
+      "name": "Sessions",
+      "description": "Chat session management"
+    },
+    {
+      "name": "Skills",
+      "description": "Skill browsing and management"
+    },
+    {
+      "name": "Weixin",
+      "description": "WeChat QR code login"
+    },
+    {
+      "name": "Health",
+      "description": "Health check"
+    },
+    {
+      "name": "Update",
+      "description": "Self-update management"
+    },
+    {
+      "name": "Upload",
+      "description": "File upload"
+    },
+    {
+      "name": "Webhook",
+      "description": "Incoming webhooks"
+    },
+    {
+      "name": "Auth",
+      "description": "Authentication management"
+    },
+    {
+      "name": "Proxy",
+      "description": "Gateway proxy to upstream Hermes API"
+    },
+    {
+      "name": "Terminal",
+      "description": "WebSocket terminal access"
+    }
+  ],
+  "paths": {
+    "/api/auth/change-password": {
+      "post": {
+        "tags": [
+          "Auth"
+        ],
+        "summary": "Create change-password",
+        "description": "POST /api/auth/change-password",
+        "operationId": "changePassword",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/auth/change-username": {
+      "post": {
+        "tags": [
+          "Auth"
+        ],
+        "summary": "Create change-username",
+        "description": "POST /api/auth/change-username",
+        "operationId": "changeUsername",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/auth/locked-ips": {
+      "get": {
+        "tags": [
+          "Auth"
+        ],
+        "summary": "Get locked-ips",
+        "description": "GET /api/auth/locked-ips",
+        "operationId": "listLockedIps",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "Auth"
+        ],
+        "summary": "Delete locked-ips",
+        "description": "DELETE /api/auth/locked-ips",
+        "operationId": "unlockIpHandler",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/auth/login": {
+      "post": {
+        "tags": [
+          "Auth"
+        ],
+        "summary": "Create login",
+        "description": "POST /api/auth/login",
+        "operationId": "login",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/auth/me": {
+      "get": {
+        "tags": [
+          "Auth"
+        ],
+        "summary": "Get me",
+        "description": "GET /api/auth/me",
+        "operationId": "currentUser",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/auth/password": {
+      "delete": {
+        "tags": [
+          "Auth"
+        ],
+        "summary": "Delete password",
+        "description": "DELETE /api/auth/password",
+        "operationId": "removePassword",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/auth/setup": {
+      "post": {
+        "tags": [
+          "Auth"
+        ],
+        "summary": "Create setup",
+        "description": "POST /api/auth/setup",
+        "operationId": "setupPassword",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/auth/status": {
+      "get": {
+        "tags": [
+          "Auth"
+        ],
+        "summary": "Get status",
+        "description": "GET /api/auth/status",
+        "operationId": "authStatus",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/cron-history": {
+      "get": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "Get cron-history",
+        "description": "GET /api/cron-history",
+        "operationId": "listRuns",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/cron-history/{jobId}/{fileName}": {
+      "get": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "Get :fileName",
+        "description": "GET /api/cron-history/:jobId/:fileName",
+        "operationId": "readRun",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/codex/poll/{sessionId}": {
+      "get": {
+        "tags": [
+          "Codex Auth"
+        ],
+        "summary": "Get :sessionId",
+        "description": "GET /api/hermes/auth/codex/poll/:sessionId",
+        "operationId": "poll",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/codex/start": {
+      "post": {
+        "tags": [
+          "Codex Auth"
+        ],
+        "summary": "Create start",
+        "description": "POST /api/hermes/auth/codex/start",
+        "operationId": "start",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/codex/status": {
+      "get": {
+        "tags": [
+          "Codex Auth"
+        ],
+        "summary": "Get status",
+        "description": "GET /api/hermes/auth/codex/status",
+        "operationId": "status",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/copilot/check-token": {
+      "get": {
+        "tags": [
+          "Copilot Auth"
+        ],
+        "summary": "Get check-token",
+        "description": "GET /api/hermes/auth/copilot/check-token",
+        "operationId": "checkToken",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/copilot/disable": {
+      "post": {
+        "tags": [
+          "Copilot Auth"
+        ],
+        "summary": "Create disable",
+        "description": "POST /api/hermes/auth/copilot/disable",
+        "operationId": "disable",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/copilot/enable": {
+      "post": {
+        "tags": [
+          "Copilot Auth"
+        ],
+        "summary": "Create enable",
+        "description": "POST /api/hermes/auth/copilot/enable",
+        "operationId": "enable",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/copilot/poll/{sessionId}": {
+      "get": {
+        "tags": [
+          "Copilot Auth"
+        ],
+        "summary": "Get :sessionId",
+        "description": "GET /api/hermes/auth/copilot/poll/:sessionId",
+        "operationId": "poll",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/copilot/start": {
+      "post": {
+        "tags": [
+          "Copilot Auth"
+        ],
+        "summary": "Create start",
+        "description": "POST /api/hermes/auth/copilot/start",
+        "operationId": "start",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/nous/poll/{sessionId}": {
+      "get": {
+        "tags": [
+          "Nous Auth"
+        ],
+        "summary": "Get :sessionId",
+        "description": "GET /api/hermes/auth/nous/poll/:sessionId",
+        "operationId": "poll",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/nous/start": {
+      "post": {
+        "tags": [
+          "Nous Auth"
+        ],
+        "summary": "Create start",
+        "description": "POST /api/hermes/auth/nous/start",
+        "operationId": "start",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/auth/nous/status": {
+      "get": {
+        "tags": [
+          "Nous Auth"
+        ],
+        "summary": "Get status",
+        "description": "GET /api/hermes/auth/nous/status",
+        "operationId": "status",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/available-models": {
+      "get": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Get available-models",
+        "description": "GET /api/hermes/available-models",
+        "operationId": "getAvailable",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/config": {
+      "get": {
+        "tags": [
+          "Config"
+        ],
+        "summary": "Get config",
+        "description": "GET /api/hermes/config",
+        "operationId": "getConfig",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "put": {
+        "tags": [
+          "Config"
+        ],
+        "summary": "Update config",
+        "description": "PUT /api/hermes/config",
+        "operationId": "updateConfig",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/config/credentials": {
+      "put": {
+        "tags": [
+          "Config"
+        ],
+        "summary": "Update credentials",
+        "description": "PUT /api/hermes/config/credentials",
+        "operationId": "updateCredentials",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/config/model": {
+      "put": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Update model",
+        "description": "PUT /api/hermes/config/model",
+        "operationId": "setConfigModel",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/config/models": {
+      "get": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Get models",
+        "description": "GET /api/hermes/config/models",
+        "operationId": "getConfigModels",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/config/providers": {
+      "post": {
+        "tags": [
+          "Providers"
+        ],
+        "summary": "Create providers",
+        "description": "POST /api/hermes/config/providers",
+        "operationId": "create",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/config/providers/{poolKey}": {
+      "put": {
+        "tags": [
+          "Providers"
+        ],
+        "summary": "Update :poolKey",
+        "description": "PUT /api/hermes/config/providers/:poolKey",
+        "operationId": "update",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "Providers"
+        ],
+        "summary": "Delete :poolKey",
+        "description": "DELETE /api/hermes/config/providers/:poolKey",
+        "operationId": "remove",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/custom-model": {
+      "put": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Update custom-model",
+        "description": "PUT /api/hermes/custom-model",
+        "operationId": "addCustomModel",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Delete custom-model",
+        "description": "DELETE /api/hermes/custom-model",
+        "operationId": "removeCustomModel",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/download": {
+      "get": {
+        "tags": [
+          "Download"
+        ],
+        "summary": "Get download",
+        "description": "GET /api/hermes/download",
+        "operationId": "getDownload",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/files/copy": {
+      "post": {
+        "tags": [
+          "Files"
+        ],
+        "summary": "Create copy",
+        "description": "POST /api/hermes/files/copy",
+        "operationId": "createCopy",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/files/delete": {
+      "delete": {
+        "tags": [
+          "Files"
+        ],
+        "summary": "Delete delete",
+        "description": "DELETE /api/hermes/files/delete",
+        "operationId": "deleteDelete",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/files/list": {
+      "get": {
+        "tags": [
+          "Files"
+        ],
+        "summary": "Get list",
+        "description": "GET /api/hermes/files/list",
+        "operationId": "getList",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/files/mkdir": {
+      "post": {
+        "tags": [
+          "Files"
+        ],
+        "summary": "Create mkdir",
+        "description": "POST /api/hermes/files/mkdir",
+        "operationId": "createMkdir",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/files/read": {
+      "get": {
+        "tags": [
+          "Files"
+        ],
+        "summary": "Get read",
+        "description": "GET /api/hermes/files/read",
+        "operationId": "getRead",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/files/rename": {
+      "post": {
+        "tags": [
+          "Files"
+        ],
+        "summary": "Create rename",
+        "description": "POST /api/hermes/files/rename",
+        "operationId": "createRename",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/files/stat": {
+      "get": {
+        "tags": [
+          "Files"
+        ],
+        "summary": "Get stat",
+        "description": "GET /api/hermes/files/stat",
+        "operationId": "getStat",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/files/upload": {
+      "post": {
+        "tags": [
+          "Files"
+        ],
+        "summary": "Create upload",
+        "description": "POST /api/hermes/files/upload",
+        "operationId": "createUpload",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/files/write": {
+      "put": {
+        "tags": [
+          "Files"
+        ],
+        "summary": "Update write",
+        "description": "PUT /api/hermes/files/write",
+        "operationId": "updateWrite",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms": {
+      "post": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Create rooms",
+        "description": "POST /api/hermes/group-chat/rooms",
+        "operationId": "createRooms",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      },
+      "get": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Get rooms",
+        "description": "GET /api/hermes/group-chat/rooms",
+        "operationId": "getRooms",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms/join/{code}": {
+      "get": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Get :code",
+        "description": "GET /api/hermes/group-chat/rooms/join/:code",
+        "operationId": "getJoin",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms/{roomId}": {
+      "get": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Get :roomId",
+        "description": "GET /api/hermes/group-chat/rooms/:roomId",
+        "operationId": "getRooms",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Delete :roomId",
+        "description": "DELETE /api/hermes/group-chat/rooms/:roomId",
+        "operationId": "deleteRooms",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms/{roomId}/agents": {
+      "post": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Create agents",
+        "description": "POST /api/hermes/group-chat/rooms/:roomId/agents",
+        "operationId": "createAgents",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      },
+      "get": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Get agents",
+        "description": "GET /api/hermes/group-chat/rooms/:roomId/agents",
+        "operationId": "getAgents",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms/{roomId}/agents/{agentId}": {
+      "delete": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Delete :agentId",
+        "description": "DELETE /api/hermes/group-chat/rooms/:roomId/agents/:agentId",
+        "operationId": "deleteAgents",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms/{roomId}/clear-context": {
+      "post": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Create clear-context",
+        "description": "POST /api/hermes/group-chat/rooms/:roomId/clear-context",
+        "operationId": "createClear-context",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms/{roomId}/clone": {
+      "post": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Create clone",
+        "description": "POST /api/hermes/group-chat/rooms/:roomId/clone",
+        "operationId": "createClone",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms/{roomId}/compress": {
+      "post": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Create compress",
+        "description": "POST /api/hermes/group-chat/rooms/:roomId/compress",
+        "operationId": "createCompress",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms/{roomId}/config": {
+      "put": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Update config",
+        "description": "PUT /api/hermes/group-chat/rooms/:roomId/config",
+        "operationId": "updateConfig",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/group-chat/rooms/{roomId}/invite-code": {
+      "put": {
+        "tags": [
+          "Group Chat"
+        ],
+        "summary": "Update invite-code",
+        "description": "PUT /api/hermes/group-chat/rooms/:roomId/invite-code",
+        "operationId": "updateInvite-code",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/jobs": {
+      "get": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "List jobs",
+        "description": "GET /api/hermes/jobs",
+        "operationId": "list",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "post": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "Create jobs",
+        "description": "POST /api/hermes/jobs",
+        "operationId": "create",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/jobs/{id}": {
+      "get": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "Get :id",
+        "description": "GET /api/hermes/jobs/:id",
+        "operationId": "get",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "patch": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "Update :id",
+        "description": "PATCH /api/hermes/jobs/:id",
+        "operationId": "update",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "Delete :id",
+        "description": "DELETE /api/hermes/jobs/:id",
+        "operationId": "remove",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/jobs/{id}/pause": {
+      "post": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "Pause pause",
+        "description": "POST /api/hermes/jobs/:id/pause",
+        "operationId": "pause",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/jobs/{id}/resume": {
+      "post": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "Resume resume",
+        "description": "POST /api/hermes/jobs/:id/resume",
+        "operationId": "resume",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/jobs/{id}/run": {
+      "post": {
+        "tags": [
+          "Jobs"
+        ],
+        "summary": "Run run",
+        "description": "POST /api/hermes/jobs/:id/run",
+        "operationId": "run",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/logs": {
+      "get": {
+        "tags": [
+          "Logs"
+        ],
+        "summary": "List logs",
+        "description": "GET /api/hermes/logs",
+        "operationId": "list",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/logs/{name}": {
+      "get": {
+        "tags": [
+          "Logs"
+        ],
+        "summary": "Get :name",
+        "description": "GET /api/hermes/logs/:name",
+        "operationId": "read",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/memory": {
+      "get": {
+        "tags": [
+          "Memory"
+        ],
+        "summary": "Get memory",
+        "description": "GET /api/hermes/memory",
+        "operationId": "get",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "post": {
+        "tags": [
+          "Memory"
+        ],
+        "summary": "Create memory",
+        "description": "POST /api/hermes/memory",
+        "operationId": "save",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/model-alias": {
+      "put": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Update model-alias",
+        "description": "PUT /api/hermes/model-alias",
+        "operationId": "setModelAlias",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/model-context": {
+      "get": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Get model-context",
+        "description": "GET /api/hermes/model-context",
+        "operationId": "getModelContext",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "put": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Update model-context",
+        "description": "PUT /api/hermes/model-context",
+        "operationId": "updateModelContext",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/model-context/{provider}/{model}": {
+      "get": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Get :model",
+        "description": "GET /api/hermes/model-context/:provider/:model",
+        "operationId": "getModelContext",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "put": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Update :model",
+        "description": "PUT /api/hermes/model-context/:provider/:model",
+        "operationId": "updateModelContext",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/model-visibility": {
+      "put": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Update model-visibility",
+        "description": "PUT /api/hermes/model-visibility",
+        "operationId": "setModelVisibility",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles": {
+      "get": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "List profiles",
+        "description": "GET /api/hermes/profiles",
+        "operationId": "list",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "post": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Create profiles",
+        "description": "POST /api/hermes/profiles",
+        "operationId": "create",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles/import": {
+      "post": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Create import",
+        "description": "POST /api/hermes/profiles/import",
+        "operationId": "importProfile",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles/runtime-statuses": {
+      "get": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Get runtime-statuses",
+        "description": "GET /api/hermes/profiles/runtime-statuses",
+        "operationId": "runtimeStatuses",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles/{name}": {
+      "get": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Get :name",
+        "description": "GET /api/hermes/profiles/:name",
+        "operationId": "get",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Delete :name",
+        "description": "DELETE /api/hermes/profiles/:name",
+        "operationId": "remove",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles/{name}/avatar": {
+      "put": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Update avatar",
+        "description": "PUT /api/hermes/profiles/:name/avatar",
+        "operationId": "updateAvatar",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Delete avatar",
+        "description": "DELETE /api/hermes/profiles/:name/avatar",
+        "operationId": "deleteAvatar",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles/{name}/export": {
+      "post": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Create export",
+        "description": "POST /api/hermes/profiles/:name/export",
+        "operationId": "exportProfile",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles/{name}/gateway/restart": {
+      "post": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Create restart",
+        "description": "POST /api/hermes/profiles/:name/gateway/restart",
+        "operationId": "restartGatewayForProfile",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles/{name}/rename": {
+      "post": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Rename rename",
+        "description": "POST /api/hermes/profiles/:name/rename",
+        "operationId": "rename",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles/{name}/restart": {
+      "post": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Create restart",
+        "description": "POST /api/hermes/profiles/:name/restart",
+        "operationId": "restartProfileRuntime",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/profiles/{name}/runtime-status": {
+      "get": {
+        "tags": [
+          "Profiles"
+        ],
+        "summary": "Get runtime-status",
+        "description": "GET /api/hermes/profiles/:name/runtime-status",
+        "operationId": "runtimeStatus",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/provider-models": {
+      "post": {
+        "tags": [
+          "Models"
+        ],
+        "summary": "Create provider-models",
+        "description": "POST /api/hermes/provider-models",
+        "operationId": "fetchProviderModelList",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/search/sessions": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Search sessions",
+        "description": "GET /api/hermes/search/sessions",
+        "operationId": "search",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "List sessions",
+        "description": "GET /api/hermes/sessions",
+        "operationId": "list",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/batch-delete": {
+      "post": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Create batch-delete",
+        "description": "POST /api/hermes/sessions/batch-delete",
+        "operationId": "batchRemove",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/context-length": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get context-length",
+        "description": "GET /api/hermes/sessions/context-length",
+        "operationId": "contextLength",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/conversations": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get conversations",
+        "description": "GET /api/hermes/sessions/conversations",
+        "operationId": "listConversations",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/conversations/{id}/messages": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get messages",
+        "description": "GET /api/hermes/sessions/conversations/:id/messages",
+        "operationId": "getConversationMessages",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/conversations/{id}/messages/paginated": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get paginated",
+        "description": "GET /api/hermes/sessions/conversations/:id/messages/paginated",
+        "operationId": "getConversationMessagesPaginated",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/hermes": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get hermes",
+        "description": "GET /api/hermes/sessions/hermes",
+        "operationId": "listHermesSessions",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/hermes/{id}": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get :id",
+        "description": "GET /api/hermes/sessions/hermes/:id",
+        "operationId": "getHermesSession",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/search": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Search search",
+        "description": "GET /api/hermes/sessions/search",
+        "operationId": "search",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/usage": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get usage",
+        "description": "GET /api/hermes/sessions/usage",
+        "operationId": "usageBatch",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/{id}": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get :id",
+        "description": "GET /api/hermes/sessions/:id",
+        "operationId": "get",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Delete :id",
+        "description": "DELETE /api/hermes/sessions/:id",
+        "operationId": "remove",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/{id}/export": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get export",
+        "description": "GET /api/hermes/sessions/:id/export",
+        "operationId": "exportSession",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/{id}/model": {
+      "post": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Create model",
+        "description": "POST /api/hermes/sessions/:id/model",
+        "operationId": "setModel",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/{id}/rename": {
+      "post": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Rename rename",
+        "description": "POST /api/hermes/sessions/:id/rename",
+        "operationId": "rename",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/{id}/usage": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get usage",
+        "description": "GET /api/hermes/sessions/:id/usage",
+        "operationId": "usageSingle",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/sessions/{id}/workspace": {
+      "post": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Create workspace",
+        "description": "POST /api/hermes/sessions/:id/workspace",
+        "operationId": "setWorkspace",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/skills": {
+      "get": {
+        "tags": [
+          "Skills"
+        ],
+        "summary": "List skills",
+        "description": "GET /api/hermes/skills",
+        "operationId": "list",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/skills/pin": {
+      "put": {
+        "tags": [
+          "Skills"
+        ],
+        "summary": "Update pin",
+        "description": "PUT /api/hermes/skills/pin",
+        "operationId": "pin_",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/skills/toggle": {
+      "put": {
+        "tags": [
+          "Skills"
+        ],
+        "summary": "Update toggle",
+        "description": "PUT /api/hermes/skills/toggle",
+        "operationId": "toggle",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/skills/usage/stats": {
+      "get": {
+        "tags": [
+          "Skills"
+        ],
+        "summary": "Get stats",
+        "description": "GET /api/hermes/skills/usage/stats",
+        "operationId": "usageStats",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/skills/{*path}": {
+      "get": {
+        "tags": [
+          "Skills"
+        ],
+        "summary": "Get skills by *path",
+        "description": "GET /api/hermes/skills/{*path}",
+        "operationId": "readFile_",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/skills/{category}/{skill}/files": {
+      "get": {
+        "tags": [
+          "Skills"
+        ],
+        "summary": "Get files",
+        "description": "GET /api/hermes/skills/:category/:skill/files",
+        "operationId": "listFiles",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/update": {
+      "post": {
+        "tags": [
+          "Update"
+        ],
+        "summary": "Create update",
+        "description": "POST /api/hermes/update",
+        "operationId": "handleUpdate",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/usage/stats": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get stats",
+        "description": "GET /api/hermes/usage/stats",
+        "operationId": "usageStats",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/weixin/qrcode": {
+      "get": {
+        "tags": [
+          "Weixin"
+        ],
+        "summary": "Get qrcode",
+        "description": "GET /api/hermes/weixin/qrcode",
+        "operationId": "getQrcode",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/weixin/qrcode/status": {
+      "get": {
+        "tags": [
+          "Weixin"
+        ],
+        "summary": "Get status",
+        "description": "GET /api/hermes/weixin/qrcode/status",
+        "operationId": "pollStatus",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/api/hermes/weixin/save": {
+      "post": {
+        "tags": [
+          "Weixin"
+        ],
+        "summary": "Create save",
+        "description": "POST /api/hermes/weixin/save",
+        "operationId": "save",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/workspace/folders": {
+      "get": {
+        "tags": [
+          "Sessions"
+        ],
+        "summary": "Get folders",
+        "description": "GET /api/hermes/workspace/folders",
+        "operationId": "listWorkspaceFolders",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/health": {
+      "get": {
+        "tags": [
+          "Health"
+        ],
+        "summary": "Get health",
+        "description": "GET /health",
+        "operationId": "healthCheck",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Not found"
+          }
+        }
+      }
+    },
+    "/upload": {
+      "post": {
+        "tags": [
+          "Upload"
+        ],
+        "summary": "Create upload",
+        "description": "POST /upload",
+        "operationId": "handleUpload",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/webhook": {
+      "post": {
+        "tags": [
+          "Webhook"
+        ],
+        "summary": "Create webhook",
+        "description": "POST /webhook",
+        "operationId": "handleWebhook",
+        "security": [
+          {
+            "BearerAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Success"
+          },
+          "400": {
+            "$ref": "#/components/responses/BadRequest"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/{*any}": {
+      "get": {
+        "tags": [
+          "Proxy"
+        ],
+        "summary": "Proxy to upstream Hermes API",
+        "description": "Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.",
+        "operationId": "proxyHermes",
+        "responses": {
+          "200": {
+            "description": "Proxied response from upstream"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "502": {
+            "description": "Proxy failure"
+          }
+        }
+      },
+      "post": {
+        "tags": [
+          "Proxy"
+        ],
+        "summary": "Proxy to upstream Hermes API",
+        "description": "Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.",
+        "operationId": "proxyHermesPost",
+        "responses": {
+          "200": {
+            "description": "Proxied response from upstream"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "502": {
+            "description": "Proxy failure"
+          }
+        }
+      },
+      "put": {
+        "tags": [
+          "Proxy"
+        ],
+        "summary": "Proxy to upstream Hermes API",
+        "description": "Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.",
+        "operationId": "proxyHermesPut",
+        "responses": {
+          "200": {
+            "description": "Proxied response from upstream"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "502": {
+            "description": "Proxy failure"
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "Proxy"
+        ],
+        "summary": "Proxy to upstream Hermes API",
+        "description": "Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.",
+        "operationId": "proxyHermesDelete",
+        "responses": {
+          "200": {
+            "description": "Proxied response from upstream"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "502": {
+            "description": "Proxy failure"
+          }
+        }
+      }
+    },
+    "/v1/{*any}": {
+      "get": {
+        "tags": [
+          "Proxy"
+        ],
+        "summary": "Proxy to upstream Hermes v1 API",
+        "description": "Forwards /v1/* requests to upstream Hermes gateway. Supports all upstream v1 endpoints.",
+        "operationId": "proxyV1",
+        "responses": {
+          "200": {
+            "description": "Proxied response from upstream"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "502": {
+            "description": "Proxy failure"
+          }
+        }
+      },
+      "post": {
+        "tags": [
+          "Proxy"
+        ],
+        "summary": "Proxy to upstream Hermes v1 API",
+        "description": "Forwards /v1/* requests to upstream Hermes gateway. Supports all upstream v1 endpoints.",
+        "operationId": "proxyV1Post",
+        "responses": {
+          "200": {
+            "description": "Proxied response from upstream"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "502": {
+            "description": "Proxy failure"
+          }
+        }
+      }
+    },
+    "/api/hermes/terminal": {
+      "get": {
+        "tags": [
+          "Terminal"
+        ],
+        "summary": "WebSocket terminal connection",
+        "description": "Establish a WebSocket connection for interactive terminal access. Uses the `ws` or `wss` protocol with `?token=` for authentication.",
+        "operationId": "terminalWebSocket",
+        "responses": {
+          "101": {
+            "description": "Switching Protocols - WebSocket connection established"
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          }
+        }
+      }
+    },
+    "/api/hermes/v1/runs/{runId}/events": {
+      "get": {
+        "tags": [
+          "Chat"
+        ],
+        "summary": "Server-Sent Events for chat streaming",
+        "description": "Stream chat events using Server-Sent Events (SSE). Authentication via `?token=` query parameter.",
+        "operationId": "chatStreamEvents",
+        "parameters": [
+          {
+            "name": "runId",
+            "in": "path",
+            "required": true,
+            "description": "Chat run ID",
+            "schema": {
+              "type": "string"
+            }
+          },
+          {
+            "name": "token",
+            "in": "query",
+            "required": true,
+            "description": "Authentication token",
+            "schema": {
+              "type": "string"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "SSE stream established",
+            "content": {
+              "text/event-stream": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "event": {
+                      "type": "string",
+                      "enum": [
+                        "run.created",
+                        "run.queued",
+                        "run.started",
+                        "run.streaming",
+                        "run.completed",
+                        "run.failed"
+                      ]
+                    },
+                    "data": {
+                      "type": "object"
+                    }
+                  }
+                }
+              }
+            }
+          },
+          "401": {
+            "$ref": "#/components/responses/Unauthorized"
+          },
+          "404": {
+            "description": "Run not found"
+          }
+        }
+      }
+    }
+  },
+  "components": {
+    "securitySchemes": {
+      "BearerAuth": {
+        "type": "http",
+        "scheme": "bearer",
+        "bearerFormat": "API Token"
+      }
+    },
+    "schemas": {},
+    "responses": {
+      "Unauthorized": {
+        "description": "Unauthorized - Invalid or missing authentication token",
+        "content": {
+          "application/json": {
+            "schema": {
+              "type": "object",
+              "properties": {
+                "error": {
+                  "type": "string",
+                  "example": "Unauthorized"
+                }
+              }
+            }
+          }
+        }
+      },
+      "BadRequest": {
+        "description": "Bad Request - Invalid parameters",
+        "content": {
+          "application/json": {
+            "schema": {
+              "type": "object",
+              "properties": {
+                "error": {
+                  "type": "string",
+                  "example": "Invalid request"
+                }
+              }
+            }
+          }
+        }
+      },
+      "NotFound": {
+        "description": "Resource not found",
+        "content": {
+          "application/json": {
+            "schema": {
+              "type": "object",
+              "properties": {
+                "error": {
+                  "type": "string",
+                  "example": "Not found"
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/images/image-20260605110600556.png b/images/image-20260605110600556.png
new file mode 100644
index 0000000..afb8101
Binary files /dev/null and b/images/image-20260605110600556.png differ
diff --git a/images/image-20260605111350089.png b/images/image-20260605111350089.png
new file mode 100644
index 0000000..16e9ced
Binary files /dev/null and b/images/image-20260605111350089.png differ
diff --git a/images/image-20260605112225956.png b/images/image-20260605112225956.png
new file mode 100644
index 0000000..cd6c4ec
Binary files /dev/null and b/images/image-20260605112225956.png differ
diff --git a/images/image-20260605112232538.png b/images/image-20260605112232538.png
new file mode 100644
index 0000000..47f8c84
Binary files /dev/null and b/images/image-20260605112232538.png differ
diff --git a/images/image-20260605112249301.png b/images/image-20260605112249301.png
new file mode 100644
index 0000000..b177974
Binary files /dev/null and b/images/image-20260605112249301.png differ
diff --git a/images/image-20260605112258549.png b/images/image-20260605112258549.png
new file mode 100644
index 0000000..1ff96ed
Binary files /dev/null and b/images/image-20260605112258549.png differ
diff --git a/images/image-20260605112345806.png b/images/image-20260605112345806.png
new file mode 100644
index 0000000..4fd6ab2
Binary files /dev/null and b/images/image-20260605112345806.png differ
diff --git a/images/image-20260605112357126.png b/images/image-20260605112357126.png
new file mode 100644
index 0000000..1b557bf
Binary files /dev/null and b/images/image-20260605112357126.png differ
diff --git a/images/image-20260605112404714.png b/images/image-20260605112404714.png
new file mode 100644
index 0000000..1d43f63
Binary files /dev/null and b/images/image-20260605112404714.png differ
diff --git a/images/image-20260605112415322.png b/images/image-20260605112415322.png
new file mode 100644
index 0000000..d7026ed
Binary files /dev/null and b/images/image-20260605112415322.png differ
diff --git a/images/image-20260605112422748.png b/images/image-20260605112422748.png
new file mode 100644
index 0000000..4f67311
Binary files /dev/null and b/images/image-20260605112422748.png differ
diff --git a/images/image-20260605112429991.png b/images/image-20260605112429991.png
new file mode 100644
index 0000000..de879ff
Binary files /dev/null and b/images/image-20260605112429991.png differ
diff --git a/images/image-20260605112440115.png b/images/image-20260605112440115.png
new file mode 100644
index 0000000..69cb120
Binary files /dev/null and b/images/image-20260605112440115.png differ
diff --git a/images/image-20260605112449337.png b/images/image-20260605112449337.png
new file mode 100644
index 0000000..4a4af6c
Binary files /dev/null and b/images/image-20260605112449337.png differ
diff --git a/images/image-20260605112457985.png b/images/image-20260605112457985.png
new file mode 100644
index 0000000..2a27fc1
Binary files /dev/null and b/images/image-20260605112457985.png differ
diff --git a/images/image-20260605112506765.png b/images/image-20260605112506765.png
new file mode 100644
index 0000000..73dfaaf
Binary files /dev/null and b/images/image-20260605112506765.png differ
diff --git a/images/image-20260605112514779.png b/images/image-20260605112514779.png
new file mode 100644
index 0000000..155626f
Binary files /dev/null and b/images/image-20260605112514779.png differ
diff --git a/images/image-20260605112523181.png b/images/image-20260605112523181.png
new file mode 100644
index 0000000..bfc3da2
Binary files /dev/null and b/images/image-20260605112523181.png differ
diff --git a/images/image-20260605112532959.png b/images/image-20260605112532959.png
new file mode 100644
index 0000000..8a22a25
Binary files /dev/null and b/images/image-20260605112532959.png differ
diff --git a/images/image-20260605112540539.png b/images/image-20260605112540539.png
new file mode 100644
index 0000000..75974de
Binary files /dev/null and b/images/image-20260605112540539.png differ
diff --git a/images/image-20260605112546802.png b/images/image-20260605112546802.png
new file mode 100644
index 0000000..bfc6d95
Binary files /dev/null and b/images/image-20260605112546802.png differ
diff --git a/images/image-20260605112557080.png b/images/image-20260605112557080.png
new file mode 100644
index 0000000..a4c21da
Binary files /dev/null and b/images/image-20260605112557080.png differ
diff --git a/nodemon.json b/nodemon.json
new file mode 100644
index 0000000..289b5eb
--- /dev/null
+++ b/nodemon.json
@@ -0,0 +1,16 @@
+{
+  "watch": ["packages/server/src"],
+  "ext": "ts,tsx",
+  "execMap": {
+    "ts": "node -r ts-node/register"
+  },
+  "env": {
+    "NODE_ENV": "development",
+    "PORT": "8647",
+    "TS_NODE_PROJECT": "packages/server/tsconfig.json",
+    "HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN": "0"
+  },
+  "exec": "node -r ts-node/register packages/server/src/index.ts",
+  "nodeArgs": ["--no-warnings"],
+  "delay": "1000"
+}
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..fd3c045
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,11363 @@
+{
+  "name": "hermes-web-ui",
+  "version": "0.6.9",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "hermes-web-ui",
+      "version": "0.6.9",
+      "license": "BSL-1.1",
+      "dependencies": {
+        "@vscode/markdown-it-katex": "^1.1.2",
+        "eventsource": "^4.1.0",
+        "js-tiktoken": "^1.0.21",
+        "katex": "^0.17.0",
+        "node-edge-tts": "^1.2.10",
+        "node-pty": "^1.1.0",
+        "socket.io": "^4.8.3",
+        "socket.io-client": "^4.8.3"
+      },
+      "bin": {
+        "hermes-web-ui": "bin/hermes-web-ui.mjs"
+      },
+      "devDependencies": {
+        "@koa/bodyparser": "^5.0.0",
+        "@koa/cors": "^5.0.0",
+        "@koa/router": "^15.4.0",
+        "@multiavatar/multiavatar": "^1.0.7",
+        "@pinia/testing": "^1.0.3",
+        "@playwright/test": "^1.60.0",
+        "@types/eventsource": "^1.1.15",
+        "@types/js-yaml": "^4.0.9",
+        "@types/katex": "^0.16.8",
+        "@types/koa": "^2.15.0",
+        "@types/koa__cors": "^5.0.0",
+        "@types/koa__router": "^12.0.5",
+        "@types/koa-send": "^4.1.6",
+        "@types/koa-static": "^4.0.4",
+        "@types/markdown-it": "^14.1.2",
+        "@types/node": "^24.12.2",
+        "@types/qrcode": "^1.5.6",
+        "@types/ws": "^8.18.1",
+        "@vitejs/plugin-vue": "^6.0.5",
+        "@vitest/coverage-v8": "^3.2.4",
+        "@vue/test-utils": "^2.4.6",
+        "@vue/tsconfig": "^0.9.1",
+        "@xterm/addon-fit": "^0.11.0",
+        "@xterm/addon-web-links": "^0.12.0",
+        "@xterm/xterm": "^6.0.0",
+        "axios": "^1.9.0",
+        "concurrently": "^9.2.1",
+        "cross-env": "^10.1.0",
+        "esbuild": "^0.27.0",
+        "highlight.js": "^11.11.1",
+        "js-yaml": "^4.1.1",
+        "jsdom": "^27.0.1",
+        "koa": "^2.15.3",
+        "koa-send": "^5.0.1",
+        "koa-static": "^5.0.0",
+        "markdown-it": "^14.1.1",
+        "mermaid": "^11.14.0",
+        "monaco-editor": "^0.55.1",
+        "naive-ui": "^2.44.1",
+        "nodemon": "^3.1.14",
+        "pinia": "^3.0.4",
+        "pino": "^10.3.1",
+        "pino-pretty": "^13.1.3",
+        "qrcode": "^1.5.4",
+        "sass": "^1.99.0",
+        "ts-node": "^10.9.2",
+        "ts-node-dev": "^2.0.0",
+        "tsoa": "^7.0.0-alpha.0",
+        "typescript": "~6.0.2",
+        "vite": "^8.0.4",
+        "vitest": "^3.2.4",
+        "vue": "^3.5.32",
+        "vue-i18n": "^11.3.2",
+        "vue-router": "^4.6.4",
+        "vue-tsc": "^3.2.8",
+        "vue-virtual-scroller": "^3.0.4",
+        "ws": "^8.20.0"
+      },
+      "engines": {
+        "node": ">=23.0.0"
+      }
+    },
+    "node_modules/@acemir/cssom": {
+      "version": "0.9.31",
+      "resolved": "https://registry.npmjs.org/@acemir/cssom/-/cssom-0.9.31.tgz",
+      "integrity": "sha512-ZnR3GSaH+/vJ0YlHau21FjfLYjMpYVIzTD8M8vIEQvIGxeOXyXdzCI140rrCY862p/C/BbzWsjc1dgnM9mkoTA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@ampproject/remapping": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz",
+      "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@jridgewell/gen-mapping": "^0.3.5",
+        "@jridgewell/trace-mapping": "^0.3.24"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@antfu/install-pkg": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@antfu/install-pkg/-/install-pkg-1.1.0.tgz",
+      "integrity": "sha512-MGQsmw10ZyI+EJo45CdSER4zEb+p31LpDAFp2Z3gkSd1yqVZGi0Ebx++YTEMonJy4oChEMLsxZ64j8FH6sSqtQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "package-manager-detector": "^1.3.0",
+        "tinyexec": "^1.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@asamuzakjp/css-color": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/css-color/-/css-color-4.1.2.tgz",
+      "integrity": "sha512-NfBUvBaYgKIuq6E/RBLY1m0IohzNHAYyaJGuTK79Z23uNwmz2jl1mPsC5ZxCCxylinKhT1Amn5oNTlx1wN8cQg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@csstools/css-calc": "^3.0.0",
+        "@csstools/css-color-parser": "^4.0.1",
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0",
+        "lru-cache": "^11.2.5"
+      }
+    },
+    "node_modules/@asamuzakjp/dom-selector": {
+      "version": "6.8.1",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/dom-selector/-/dom-selector-6.8.1.tgz",
+      "integrity": "sha512-MvRz1nCqW0fsy8Qz4dnLIvhOlMzqDVBabZx6lH+YywFDdjXhMY37SmpV1XFX3JzG5GWHn63j6HX6QPr3lZXHvQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@asamuzakjp/nwsapi": "^2.3.9",
+        "bidi-js": "^1.0.3",
+        "css-tree": "^3.1.0",
+        "is-potential-custom-element-name": "^1.0.1",
+        "lru-cache": "^11.2.6"
+      }
+    },
+    "node_modules/@asamuzakjp/nwsapi": {
+      "version": "2.3.9",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/nwsapi/-/nwsapi-2.3.9.tgz",
+      "integrity": "sha512-n8GuYSrI9bF7FFZ/SjhwevlHc8xaVlb/7HmHelnc/PZXBD2ZR49NnN9sMMuDdEGPeeRQ5d0hqlSlEpgCX3Wl0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@babel/helper-string-parser": {
+      "version": "7.29.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz",
+      "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-validator-identifier": {
+      "version": "7.29.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz",
+      "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/parser": {
+      "version": "7.29.7",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz",
+      "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.29.7"
+      },
+      "bin": {
+        "parser": "bin/babel-parser.js"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@babel/types": {
+      "version": "7.29.7",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz",
+      "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-string-parser": "^7.29.7",
+        "@babel/helper-validator-identifier": "^7.29.7"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@bcoe/v8-coverage": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-1.0.2.tgz",
+      "integrity": "sha512-6zABk/ECA/QYSCQ1NGiVwwbQerUCZ+TQbp64Q3AgmfNvurHH0j8TtXa1qbShXA6qqkpAj4V5W8pP6mLe1mcMqA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@braintree/sanitize-url": {
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-7.1.2.tgz",
+      "integrity": "sha512-jigsZK+sMF/cuiB7sERuo9V7N9jx+dhmHHnQyDSVdpZwVutaBu7WvNYqMDLSgFgfB30n452TP3vjDAvFC973mA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@chevrotain/types": {
+      "version": "11.1.2",
+      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-11.1.2.tgz",
+      "integrity": "sha512-U+HFai5+zmJCkK86QsaJtoITlboZHBqrVketcO2ROv865xfCMSFpELQoz1GkX5GzME8pTa+3kbKrZHQtI0gdbw==",
+      "dev": true,
+      "license": "Apache-2.0"
+    },
+    "node_modules/@cspotcode/source-map-support": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz",
+      "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "0.3.9"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@cspotcode/source-map-support/node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.9",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz",
+      "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
+    "node_modules/@css-render/plugin-bem": {
+      "version": "0.15.14",
+      "resolved": "https://registry.npmjs.org/@css-render/plugin-bem/-/plugin-bem-0.15.14.tgz",
+      "integrity": "sha512-QK513CJ7yEQxm/P3EwsI+d+ha8kSOcjGvD6SevM41neEMxdULE+18iuQK6tEChAWMOQNQPLG/Rw3Khb69r5neg==",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "css-render": "~0.15.14"
+      }
+    },
+    "node_modules/@css-render/vue3-ssr": {
+      "version": "0.15.14",
+      "resolved": "https://registry.npmjs.org/@css-render/vue3-ssr/-/vue3-ssr-0.15.14.tgz",
+      "integrity": "sha512-//8027GSbxE9n3QlD73xFY6z4ZbHbvrOVB7AO6hsmrEzGbg+h2A09HboUyDgu+xsmj7JnvJD39Irt+2D0+iV8g==",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "vue": "^3.0.11"
+      }
+    },
+    "node_modules/@csstools/color-helpers": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-6.0.2.tgz",
+      "integrity": "sha512-LMGQLS9EuADloEFkcTBR3BwV/CGHV7zyDxVRtVDTwdI2Ca4it0CCVTT9wCkxSgokjE5Ho41hEPgb8OEUwoXr6Q==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT-0",
+      "engines": {
+        "node": ">=20.19.0"
+      }
+    },
+    "node_modules/@csstools/css-calc": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-calc/-/css-calc-3.2.1.tgz",
+      "integrity": "sha512-DtdHlgXh5ZkA43cwBcAm+huzgJiwx3ZTWVjBs94kwz2xKqSimDA3lBgCjphYgwgVUMWatSM0pDd8TILB1yrVVg==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0"
+      }
+    },
+    "node_modules/@csstools/css-color-parser": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-4.1.1.tgz",
+      "integrity": "sha512-eZ5XOtyhK+mggRafYUWzA0tvaYOFgdY8AkgQiCJF9qNAePnUo/zmsqqYubBBb3sQ8uNUaSKTY9s9klfRaAXL0g==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "@csstools/color-helpers": "^6.0.2",
+        "@csstools/css-calc": "^3.2.1"
+      },
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0"
+      }
+    },
+    "node_modules/@csstools/css-parser-algorithms": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-4.0.0.tgz",
+      "integrity": "sha512-+B87qS7fIG3L5h3qwJ/IFbjoVoOe/bpOdh9hAjXbvx0o8ImEmUsGXN0inFOnk2ChCFgqkkGFQ+TpM5rbhkKe4w==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "@csstools/css-tokenizer": "^4.0.0"
+      }
+    },
+    "node_modules/@csstools/css-syntax-patches-for-csstree": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.1.4.tgz",
+      "integrity": "sha512-wgsqt92b7C7tQhIdPNxj0n9zuUbQlvAuI1exyzeNrOKOi62SD7ren8zqszmpVREjAOqg8cD2FqYhQfAuKjk4sw==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT-0",
+      "peerDependencies": {
+        "css-tree": "^3.2.1"
+      },
+      "peerDependenciesMeta": {
+        "css-tree": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@csstools/css-tokenizer": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-4.0.0.tgz",
+      "integrity": "sha512-QxULHAm7cNu72w97JUNCBFODFaXpbDg+dP8b/oWFAZ2MTRppA3U00Y2L1HqaS4J6yBqxwa/Y3nMBaxVKbB/NsA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.19.0"
+      }
+    },
+    "node_modules/@emnapi/core": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.10.0.tgz",
+      "integrity": "sha512-yq6OkJ4p82CAfPl0u9mQebQHKPJkY7WrIuk205cTYnYe+k2Z8YBh11FrbRG/H6ihirqcacOgl2BIO8oyMQLeXw==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@emnapi/wasi-threads": "1.2.1",
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@emnapi/runtime": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz",
+      "integrity": "sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@emnapi/wasi-threads": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.2.1.tgz",
+      "integrity": "sha512-uTII7OYF+/Mes/MrcIOYp5yOtSMLBWSIoLPpcgwipoiKbli6k322tcoFsxoIIxPDqW01SQGAgko4EzZi2BNv2w==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@emotion/hash": {
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@emotion/hash/-/hash-0.8.0.tgz",
+      "integrity": "sha512-kBJtf7PH6aWwZ6fka3zQ0p6SBYzx4fl1LoZXE2RrnYST9Xljm7WfKJrU4g/Xr3Beg72MLrp1AWNUmuYJTL7Cow==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@epic-web/invariant": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@epic-web/invariant/-/invariant-1.0.0.tgz",
+      "integrity": "sha512-lrTPqgvfFQtR/eY/qkIzp98OGdNJu0m5ji3q/nJI8v3SXkRKEnWiOxMmbvcSoAIzv/cGiuvRy57k4suKQSAdwA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@esbuild/aix-ppc64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.7.tgz",
+      "integrity": "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.7.tgz",
+      "integrity": "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.7.tgz",
+      "integrity": "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.7.tgz",
+      "integrity": "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.7.tgz",
+      "integrity": "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.7.tgz",
+      "integrity": "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.7.tgz",
+      "integrity": "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.7.tgz",
+      "integrity": "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.7.tgz",
+      "integrity": "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ia32": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.7.tgz",
+      "integrity": "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-loong64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.7.tgz",
+      "integrity": "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-mips64el": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.7.tgz",
+      "integrity": "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ppc64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.7.tgz",
+      "integrity": "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-riscv64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.7.tgz",
+      "integrity": "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-s390x": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.7.tgz",
+      "integrity": "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.7.tgz",
+      "integrity": "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.7.tgz",
+      "integrity": "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.7.tgz",
+      "integrity": "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openharmony-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.7.tgz",
+      "integrity": "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/sunos-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.7.tgz",
+      "integrity": "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-arm64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.7.tgz",
+      "integrity": "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-ia32": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.7.tgz",
+      "integrity": "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-x64": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.7.tgz",
+      "integrity": "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@exodus/bytes": {
+      "version": "1.15.1",
+      "resolved": "https://registry.npmjs.org/@exodus/bytes/-/bytes-1.15.1.tgz",
+      "integrity": "sha512-S6mL0yNB/Abt9Ei4tq8gDhcczc4S3+vQ4ra7vxnAf+YHC02srtqxKKZghx2Dq6p0e66THKwR6r8N6P95wEty7Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      },
+      "peerDependencies": {
+        "@noble/hashes": "^1.8.0 || ^2.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@noble/hashes": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@hapi/accept": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/@hapi/accept/-/accept-6.0.3.tgz",
+      "integrity": "sha512-p72f9k56EuF0n3MwlBNThyVE5PXX40g+aQh+C/xbKrfzahM2Oispv3AXmOIU51t3j77zay1qrX7IIziZXspMlw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/ammo": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/ammo/-/ammo-6.0.1.tgz",
+      "integrity": "sha512-pmL+nPod4g58kXrMcsGLp05O2jF4P2Q3GiL8qYV7nKYEh3cGf+rV4P5Jyi2Uq0agGhVU63GtaSAfBEZOlrJn9w==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/b64": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/b64/-/b64-6.0.1.tgz",
+      "integrity": "sha512-ZvjX4JQReUmBheeCq+S9YavcnMMHWqx3S0jHNXWIM1kQDxB9cyfSycpVvjfrKcIS8Mh5N3hmu/YKo4Iag9g2Kw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/boom": {
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/boom/-/boom-10.0.1.tgz",
+      "integrity": "sha512-ERcCZaEjdH3OgSJlyjVk8pHIFeus91CjKP3v+MpgBNp5IvGzP2l/bRiD78nqYcKPaZdbKkK5vDBVPd2ohHBlsA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/bounce": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/@hapi/bounce/-/bounce-3.0.2.tgz",
+      "integrity": "sha512-d0XmlTi3H9HFDHhQLjg4F4auL1EY3Wqj7j7/hGDhFFe6xAbnm3qiGrXeT93zZnPH8gH+SKAFYiRzu26xkXcH3g==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/bourne": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@hapi/bourne/-/bourne-3.0.0.tgz",
+      "integrity": "sha512-Waj1cwPXJDucOib4a3bAISsKJVb15MKi9IvmTI/7ssVEm6sywXGjVJDhl6/umt1pK1ZS7PacXU3A1PmFKHEZ2w==",
+      "dev": true,
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@hapi/call": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/call/-/call-9.0.1.tgz",
+      "integrity": "sha512-uPojQRqEL1GRZR4xXPqcLMujQGaEpyVPRyBlD8Pp5rqgIwLhtveF9PkixiKru2THXvuN8mUrLeet5fqxKAAMGg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/catbox": {
+      "version": "12.1.1",
+      "resolved": "https://registry.npmjs.org/@hapi/catbox/-/catbox-12.1.1.tgz",
+      "integrity": "sha512-hDqYB1J+R0HtZg4iPH3LEnldoaBsar6bYp0EonBmNQ9t5CO+1CqgCul2ZtFveW1ReA5SQuze9GPSU7/aecERhw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/hoek": "^11.0.2",
+        "@hapi/podium": "^5.0.0",
+        "@hapi/validate": "^2.0.1"
+      }
+    },
+    "node_modules/@hapi/catbox-memory": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@hapi/catbox-memory/-/catbox-memory-6.0.2.tgz",
+      "integrity": "sha512-H1l4ugoFW/ZRkqeFrIo8p1rWN0PA4MDTfu4JmcoNDvnY975o29mqoZblqFTotxNHlEkMPpIiIBJTV+Mbi+aF0g==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/content": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@hapi/content/-/content-6.0.2.tgz",
+      "integrity": "sha512-OKyCOTjNR1hftwSjk9ueyAQTw8AwapvzBrPIWMGn39vhR5PmqLdYFmLc35bsSBye7gSMnlkXfc679bUdMIcRyQ==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.0"
+      }
+    },
+    "node_modules/@hapi/cryptiles": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/@hapi/cryptiles/-/cryptiles-6.0.3.tgz",
+      "integrity": "sha512-r6VKalpbMHz4ci3gFjFysBmhwCg70RpYZy6OkjEpdXzAYnYFX5XsW7n4YMJvuIYpnMwLxGUjK/cBhA7X3JDvXw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/@hapi/file": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@hapi/file/-/file-3.0.0.tgz",
+      "integrity": "sha512-w+lKW+yRrLhJu620jT3y+5g2mHqnKfepreykvdOcl9/6up8GrQQn+l3FRTsjHTKbkbfQFkuksHpdv2EcpKcJ4Q==",
+      "dev": true,
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@hapi/hapi": {
+      "version": "21.4.9",
+      "resolved": "https://registry.npmjs.org/@hapi/hapi/-/hapi-21.4.9.tgz",
+      "integrity": "sha512-YnecZOVx2AD08VvPl0ZaFS0MjEHqg+InGRmBRli731ct+VwI++dpu3BIYA1Z4SMr6HUAnpyvbQ1aq5woe3fBWg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/accept": "^6.0.3",
+        "@hapi/ammo": "^6.0.1",
+        "@hapi/boom": "^10.0.1",
+        "@hapi/bounce": "^3.0.2",
+        "@hapi/call": "^9.0.1",
+        "@hapi/catbox": "^12.1.1",
+        "@hapi/catbox-memory": "^6.0.2",
+        "@hapi/heavy": "^8.0.1",
+        "@hapi/hoek": "^11.0.7",
+        "@hapi/mimos": "^7.0.1",
+        "@hapi/podium": "^5.0.2",
+        "@hapi/shot": "^6.0.2",
+        "@hapi/somever": "^4.1.1",
+        "@hapi/statehood": "^8.2.1",
+        "@hapi/subtext": "^8.1.3",
+        "@hapi/teamwork": "^6.0.1",
+        "@hapi/topo": "^6.0.2",
+        "@hapi/validate": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=14.15.0"
+      }
+    },
+    "node_modules/@hapi/heavy": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/heavy/-/heavy-8.0.1.tgz",
+      "integrity": "sha512-gBD/NANosNCOp6RsYTsjo2vhr5eYA3BEuogk6cxY0QdhllkkTaJFYtTXv46xd6qhBVMbMMqcSdtqey+UQU3//w==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/hoek": "^11.0.2",
+        "@hapi/validate": "^2.0.1"
+      }
+    },
+    "node_modules/@hapi/hoek": {
+      "version": "11.0.7",
+      "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-11.0.7.tgz",
+      "integrity": "sha512-HV5undWkKzcB4RZUusqOpcgxOaq6VOAH7zhhIr2g3G8NF/MlFO75SjOr2NfuSx0Mh40+1FqCkagKLJRykUWoFQ==",
+      "dev": true,
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@hapi/iron": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/iron/-/iron-7.0.1.tgz",
+      "integrity": "sha512-tEZnrOujKpS6jLKliyWBl3A9PaE+ppuL/+gkbyPPDb/l2KSKQyH4lhMkVb+sBhwN+qaxxlig01JRqB8dk/mPxQ==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/b64": "^6.0.1",
+        "@hapi/boom": "^10.0.1",
+        "@hapi/bourne": "^3.0.0",
+        "@hapi/cryptiles": "^6.0.1",
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/mimos": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/mimos/-/mimos-7.0.1.tgz",
+      "integrity": "sha512-b79V+BrG0gJ9zcRx1VGcCI6r6GEzzZUgiGEJVoq5gwzuB2Ig9Cax8dUuBauQCFKvl2YWSWyOc8mZ8HDaJOtkew==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2",
+        "mime-db": "^1.52.0"
+      }
+    },
+    "node_modules/@hapi/nigel": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/nigel/-/nigel-5.0.1.tgz",
+      "integrity": "sha512-uv3dtYuB4IsNaha+tigWmN8mQw/O9Qzl5U26Gm4ZcJVtDdB1AVJOwX3X5wOX+A07qzpEZnOMBAm8jjSqGsU6Nw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2",
+        "@hapi/vise": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/@hapi/pez": {
+      "version": "6.1.1",
+      "resolved": "https://registry.npmjs.org/@hapi/pez/-/pez-6.1.1.tgz",
+      "integrity": "sha512-yg2OS1tC0S1sHXvhUtWsfRn6lrKl9jKtRhZ+EI0woOW/gqX5vM2PZ1459ypCvCYDRLJ9nIyueeEH5MJV1ZDqIg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/b64": "^6.0.1",
+        "@hapi/boom": "^10.0.1",
+        "@hapi/content": "^6.0.1",
+        "@hapi/hoek": "^11.0.7",
+        "@hapi/nigel": "^5.0.1"
+      }
+    },
+    "node_modules/@hapi/podium": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/@hapi/podium/-/podium-5.0.2.tgz",
+      "integrity": "sha512-T7gf2JYHQQfEfewTQFbsaXoZxSvuXO/QBIGljucUQ/lmPnTTNAepoIKOakWNVWvo2fMEDjycu77r8k6dhreqHA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2",
+        "@hapi/teamwork": "^6.0.0",
+        "@hapi/validate": "^2.0.1"
+      }
+    },
+    "node_modules/@hapi/shot": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/@hapi/shot/-/shot-6.0.3.tgz",
+      "integrity": "sha512-xKmKONUE5AxUNK+EQCSCz35UpPq4cSy6wRCFvMLCDHdyPeXsmAvwxvU4OemGqpWHtAQHyCPjnDbm/fEU9O6l/w==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2",
+        "@hapi/validate": "^2.0.1"
+      }
+    },
+    "node_modules/@hapi/somever": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/@hapi/somever/-/somever-4.1.1.tgz",
+      "integrity": "sha512-lt3QQiDDOVRatS0ionFDNrDIv4eXz58IibQaZQDOg4DqqdNme8oa0iPWcE0+hkq/KTeBCPtEOjDOBKBKwDumVg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/bounce": "^3.0.1",
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/statehood": {
+      "version": "8.2.1",
+      "resolved": "https://registry.npmjs.org/@hapi/statehood/-/statehood-8.2.1.tgz",
+      "integrity": "sha512-xf72TG/QINW26jUu+uL5H+crE1o8GplIgfPWwPZhnAGJzetIVAQEQYvzq+C0aEVHg5/lMMtQ+L9UryuSa5Yjkg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/bounce": "^3.0.1",
+        "@hapi/bourne": "^3.0.0",
+        "@hapi/cryptiles": "^6.0.1",
+        "@hapi/hoek": "^11.0.2",
+        "@hapi/iron": "^7.0.1",
+        "@hapi/validate": "^2.0.1"
+      }
+    },
+    "node_modules/@hapi/subtext": {
+      "version": "8.1.3",
+      "resolved": "https://registry.npmjs.org/@hapi/subtext/-/subtext-8.1.3.tgz",
+      "integrity": "sha512-WTpEZQjBP3UJ3gGunNl3w5Ao1EOJsuu2vttZ2KEcG+csSLxc0dI6VIkl2md2jDlHiQ2ARAoqdSUScy05A/NHtA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/bourne": "^3.0.0",
+        "@hapi/content": "^6.0.2",
+        "@hapi/file": "^3.0.0",
+        "@hapi/hoek": "^11.0.7",
+        "@hapi/pez": "^6.1.1",
+        "@hapi/wreck": "^18.1.1"
+      }
+    },
+    "node_modules/@hapi/teamwork": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/teamwork/-/teamwork-6.0.1.tgz",
+      "integrity": "sha512-52OXRslUfYwXAOG8k58f2h2ngXYQGP0x5RPOo+eWA/FtyLgHjGMrE3+e9LSXP/0q2YfHAK5wj9aA9DTy1K+kyQ==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/@hapi/topo": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-6.0.2.tgz",
+      "integrity": "sha512-KR3rD5inZbGMrHmgPxsJ9dbi6zEK+C3ZwUwTa+eMwWLz7oijWUTWD2pMSNNYJAU6Qq+65NkxXjqHr/7LM2Xkqg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/validate": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/validate/-/validate-2.0.1.tgz",
+      "integrity": "sha512-NZmXRnrSLK8MQ9y/CMqE9WSspgB9xA41/LlYR0k967aSZebWr4yNrpxIbov12ICwKy4APSlWXZga9jN5p6puPA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2",
+        "@hapi/topo": "^6.0.1"
+      }
+    },
+    "node_modules/@hapi/vise": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@hapi/vise/-/vise-5.0.1.tgz",
+      "integrity": "sha512-XZYWzzRtINQLedPYlIkSkUr7m5Ddwlu99V9elh8CSygXstfv3UnWIXT0QD+wmR0VAG34d2Vx3olqcEhRRoTu9A==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@hapi/wreck": {
+      "version": "18.1.2",
+      "resolved": "https://registry.npmjs.org/@hapi/wreck/-/wreck-18.1.2.tgz",
+      "integrity": "sha512-3dMnV2pfhQiyEqu8DL3VBmxkdLiRDiiUDuG79Dp+UK1gL9ZxAfDOUhB6k3D5MLqcgJJ1IARyGFhwoc1NITr/pg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/bourne": "^3.0.0",
+        "@hapi/hoek": "^11.0.2"
+      }
+    },
+    "node_modules/@iconify/types": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@iconify/types/-/types-2.0.0.tgz",
+      "integrity": "sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@iconify/utils": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/@iconify/utils/-/utils-3.1.3.tgz",
+      "integrity": "sha512-LPKOXPn/zV+zis1oOfGWogaXVpqUybF3ZS6SCZIsz8vg0ivVp9+fVqyYB7xq0aiST/VhUQYGO1qo6uoYSiEJqw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@antfu/install-pkg": "^1.1.0",
+        "@iconify/types": "^2.0.0",
+        "import-meta-resolve": "^4.2.0"
+      }
+    },
+    "node_modules/@intlify/core-base": {
+      "version": "11.4.4",
+      "resolved": "https://registry.npmjs.org/@intlify/core-base/-/core-base-11.4.4.tgz",
+      "integrity": "sha512-w/vItlylrAmhebkIbVl5YY8XMCtj8Mb2g70ttxktMYuf5AuRahgEHL2iLgLIsZBIbTSgs4hkUo7ucCL0uTJvOg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@intlify/devtools-types": "11.4.4",
+        "@intlify/message-compiler": "11.4.4",
+        "@intlify/shared": "11.4.4"
+      },
+      "engines": {
+        "node": ">= 22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/kazupon"
+      }
+    },
+    "node_modules/@intlify/devtools-types": {
+      "version": "11.4.4",
+      "resolved": "https://registry.npmjs.org/@intlify/devtools-types/-/devtools-types-11.4.4.tgz",
+      "integrity": "sha512-PcBLmGmDQsTSVV911P8upzpcLJO1CNVYi/IH6bGnLR2nA+0L963+kXN1ZrisTEnbtw2ewN6HMMSldqzjronA0Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@intlify/core-base": "11.4.4",
+        "@intlify/shared": "11.4.4"
+      },
+      "engines": {
+        "node": ">= 22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/kazupon"
+      }
+    },
+    "node_modules/@intlify/message-compiler": {
+      "version": "11.4.4",
+      "resolved": "https://registry.npmjs.org/@intlify/message-compiler/-/message-compiler-11.4.4.tgz",
+      "integrity": "sha512-vn0OAV9pYkJlPPmgnsSm5eAG3mL0+9C/oaded2JY9jmxBbhmUXT3TcAUY8WRgLY9Hte7lkUJKpXrVlYjMXBD2w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@intlify/shared": "11.4.4",
+        "source-map-js": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/kazupon"
+      }
+    },
+    "node_modules/@intlify/shared": {
+      "version": "11.4.4",
+      "resolved": "https://registry.npmjs.org/@intlify/shared/-/shared-11.4.4.tgz",
+      "integrity": "sha512-QRUCHqda1U6aR14FR0vvXD4+4gj6+fm0AhAozvSuRCw0fCvrmCugWpgiR4xH2NI6s8am6N9p5OhirplsX8ZS3g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/kazupon"
+      }
+    },
+    "node_modules/@isaacs/cliui": {
+      "version": "8.0.2",
+      "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
+      "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^5.1.2",
+        "string-width-cjs": "npm:string-width@^4.2.0",
+        "strip-ansi": "^7.0.1",
+        "strip-ansi-cjs": "npm:strip-ansi@^6.0.1",
+        "wrap-ansi": "^8.1.0",
+        "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@istanbuljs/schema": {
+      "version": "0.1.6",
+      "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.6.tgz",
+      "integrity": "sha512-+Sg6GCR/wy1oSmQDFq4LQDAhm3ETKnorxN+y5nbLULOR3P0c14f2Wurzj3/xqPXtasLFfHd5iRFQ7AJt4KH2cw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@jridgewell/gen-mapping": {
+      "version": "0.3.13",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
+      "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.5.0",
+        "@jridgewell/trace-mapping": "^0.3.24"
+      }
+    },
+    "node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
+      "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.5.5",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz",
+      "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.31",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz",
+      "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.1.0",
+        "@jridgewell/sourcemap-codec": "^1.4.14"
+      }
+    },
+    "node_modules/@juggle/resize-observer": {
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/@juggle/resize-observer/-/resize-observer-3.4.0.tgz",
+      "integrity": "sha512-dfLbk+PwWvFzSxwk3n5ySL0hfBog779o8h68wK/7/APo/7cgyWp5jcXockbxdk5kFRkbeXWm4Fbi9FrdN381sA==",
+      "dev": true,
+      "license": "Apache-2.0"
+    },
+    "node_modules/@koa/bodyparser": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/@koa/bodyparser/-/bodyparser-5.1.2.tgz",
+      "integrity": "sha512-eGJm9/66iUX+LUH03Cz0e94unbSKrmSPCick4MO5UorAAomcjC5Kl+SkoZ6CSyPew3neMYjj7n+djnlGYBSJAg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "co-body": "^6.1.0",
+        "lodash.merge": "^4.6.2",
+        "type-is": "^1.6.18"
+      },
+      "engines": {
+        "node": ">= 16"
+      },
+      "peerDependencies": {
+        "koa": "^2.14.1"
+      }
+    },
+    "node_modules/@koa/cors": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/@koa/cors/-/cors-5.0.0.tgz",
+      "integrity": "sha512-x/iUDjcS90W69PryLDIMgFyV21YLTnG9zOpPXS7Bkt2b8AsY3zZsIpOLBkYr9fBcF3HbkKaER5hOBZLfpLgYNw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "vary": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 14.0.0"
+      }
+    },
+    "node_modules/@koa/router": {
+      "version": "15.5.0",
+      "resolved": "https://registry.npmjs.org/@koa/router/-/router-15.5.0.tgz",
+      "integrity": "sha512-KSC0oG/5t6ITu5wqX4lJseA/dngoj14hEaohrLZEXtlUT2RRyJvwaJ0KV+5uQoaWrY3A8ClHOrBEU4g8dujn8Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.4.3",
+        "http-errors": "^2.0.1",
+        "koa-compose": "^4.1.0",
+        "path-to-regexp": "^8.4.2"
+      },
+      "engines": {
+        "node": ">= 20"
+      },
+      "peerDependencies": {
+        "koa": "^2.0.0 || ^3.0.0"
+      },
+      "peerDependenciesMeta": {
+        "koa": {
+          "optional": false
+        }
+      }
+    },
+    "node_modules/@mermaid-js/parser": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-1.1.1.tgz",
+      "integrity": "sha512-VuHdsYMK1bT6X2JbcAaWAhugTRvRBRyuZgd+c22swUeI9g/ntaxF7CY7dYarhZovofCbUNO0G7JesfmNtjYOCw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@chevrotain/types": "~11.1.1"
+      }
+    },
+    "node_modules/@multiavatar/multiavatar": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/@multiavatar/multiavatar/-/multiavatar-1.0.7.tgz",
+      "integrity": "sha512-Yg9Uw57bmlErsWL0CSv4d6D4ZqVBE00OZmYr9MRgygoXZdboNtsEI6FbBRw1AY8l88Sm1ARcyojtlm2uwUn0Zg==",
+      "dev": true,
+      "license": "SEE LICENSE IN LICENSE"
+    },
+    "node_modules/@napi-rs/wasm-runtime": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.4.tgz",
+      "integrity": "sha512-3NQNNgA1YSlJb/kMH1ildASP9HW7/7kYnRI2szWJaofaS1hWmbGI4H+d3+22aGzXXN9IJ+n+GiFVcGipJP18ow==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@tybys/wasm-util": "^0.10.1"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/Brooooooklyn"
+      },
+      "peerDependencies": {
+        "@emnapi/core": "^1.7.1",
+        "@emnapi/runtime": "^1.7.1"
+      }
+    },
+    "node_modules/@one-ini/wasm": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz",
+      "integrity": "sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@oxc-project/types": {
+      "version": "0.132.0",
+      "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.132.0.tgz",
+      "integrity": "sha512-FESMOxil5Se014ui/Eq8fT5uHJo6nIRwH0PfJrZJXs6Gek3ZVFOrpUv3YIZT20m+extU98Hg1Ym72U58rlsxUQ==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/Boshen"
+      }
+    },
+    "node_modules/@parcel/watcher": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher/-/watcher-2.5.6.tgz",
+      "integrity": "sha512-tmmZ3lQxAe/k/+rNnXQRawJ4NjxO2hqiOLTHvWchtGZULp4RyFeh6aU4XdOYBFe2KE1oShQTv4AblOs2iOrNnQ==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "detect-libc": "^2.0.3",
+        "is-glob": "^4.0.3",
+        "node-addon-api": "^7.0.0",
+        "picomatch": "^4.0.3"
+      },
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      },
+      "optionalDependencies": {
+        "@parcel/watcher-android-arm64": "2.5.6",
+        "@parcel/watcher-darwin-arm64": "2.5.6",
+        "@parcel/watcher-darwin-x64": "2.5.6",
+        "@parcel/watcher-freebsd-x64": "2.5.6",
+        "@parcel/watcher-linux-arm-glibc": "2.5.6",
+        "@parcel/watcher-linux-arm-musl": "2.5.6",
+        "@parcel/watcher-linux-arm64-glibc": "2.5.6",
+        "@parcel/watcher-linux-arm64-musl": "2.5.6",
+        "@parcel/watcher-linux-x64-glibc": "2.5.6",
+        "@parcel/watcher-linux-x64-musl": "2.5.6",
+        "@parcel/watcher-win32-arm64": "2.5.6",
+        "@parcel/watcher-win32-ia32": "2.5.6",
+        "@parcel/watcher-win32-x64": "2.5.6"
+      }
+    },
+    "node_modules/@parcel/watcher-android-arm64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-android-arm64/-/watcher-android-arm64-2.5.6.tgz",
+      "integrity": "sha512-YQxSS34tPF/6ZG7r/Ih9xy+kP/WwediEUsqmtf0cuCV5TPPKw/PQHRhueUo6JdeFJaqV3pyjm0GdYjZotbRt/A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-darwin-arm64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-darwin-arm64/-/watcher-darwin-arm64-2.5.6.tgz",
+      "integrity": "sha512-Z2ZdrnwyXvvvdtRHLmM4knydIdU9adO3D4n/0cVipF3rRiwP+3/sfzpAwA/qKFL6i1ModaabkU7IbpeMBgiVEA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-darwin-x64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-darwin-x64/-/watcher-darwin-x64-2.5.6.tgz",
+      "integrity": "sha512-HgvOf3W9dhithcwOWX9uDZyn1lW9R+7tPZ4sug+NGrGIo4Rk1hAXLEbcH1TQSqxts0NYXXlOWqVpvS1SFS4fRg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-freebsd-x64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-freebsd-x64/-/watcher-freebsd-x64-2.5.6.tgz",
+      "integrity": "sha512-vJVi8yd/qzJxEKHkeemh7w3YAn6RJCtYlE4HPMoVnCpIXEzSrxErBW5SJBgKLbXU3WdIpkjBTeUNtyBVn8TRng==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-arm-glibc": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm-glibc/-/watcher-linux-arm-glibc-2.5.6.tgz",
+      "integrity": "sha512-9JiYfB6h6BgV50CCfasfLf/uvOcJskMSwcdH1PHH9rvS1IrNy8zad6IUVPVUfmXr+u+Km9IxcfMLzgdOudz9EQ==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-arm-musl": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm-musl/-/watcher-linux-arm-musl-2.5.6.tgz",
+      "integrity": "sha512-Ve3gUCG57nuUUSyjBq/MAM0CzArtuIOxsBdQ+ftz6ho8n7s1i9E1Nmk/xmP323r2YL0SONs1EuwqBp2u1k5fxg==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-arm64-glibc": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm64-glibc/-/watcher-linux-arm64-glibc-2.5.6.tgz",
+      "integrity": "sha512-f2g/DT3NhGPdBmMWYoxixqYr3v/UXcmLOYy16Bx0TM20Tchduwr4EaCbmxh1321TABqPGDpS8D/ggOTaljijOA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-arm64-musl": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm64-musl/-/watcher-linux-arm64-musl-2.5.6.tgz",
+      "integrity": "sha512-qb6naMDGlbCwdhLj6hgoVKJl2odL34z2sqkC7Z6kzir8b5W65WYDpLB6R06KabvZdgoHI/zxke4b3zR0wAbDTA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-x64-glibc": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-x64-glibc/-/watcher-linux-x64-glibc-2.5.6.tgz",
+      "integrity": "sha512-kbT5wvNQlx7NaGjzPFu8nVIW1rWqV780O7ZtkjuWaPUgpv2NMFpjYERVi0UYj1msZNyCzGlaCWEtzc+exjMGbQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-linux-x64-musl": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-x64-musl/-/watcher-linux-x64-musl-2.5.6.tgz",
+      "integrity": "sha512-1JRFeC+h7RdXwldHzTsmdtYR/Ku8SylLgTU/reMuqdVD7CtLwf0VR1FqeprZ0eHQkO0vqsbvFLXUmYm/uNKJBg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-win32-arm64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-win32-arm64/-/watcher-win32-arm64-2.5.6.tgz",
+      "integrity": "sha512-3ukyebjc6eGlw9yRt678DxVF7rjXatWiHvTXqphZLvo7aC5NdEgFufVwjFfY51ijYEWpXbqF5jtrK275z52D4Q==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-win32-ia32": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-win32-ia32/-/watcher-win32-ia32-2.5.6.tgz",
+      "integrity": "sha512-k35yLp1ZMwwee3Ez/pxBi5cf4AoBKYXj00CZ80jUz5h8prpiaQsiRPKQMxoLstNuqe2vR4RNPEAEcjEFzhEz/g==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher-win32-x64": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/@parcel/watcher-win32-x64/-/watcher-win32-x64-2.5.6.tgz",
+      "integrity": "sha512-hbQlYcCq5dlAX9Qx+kFb0FHue6vbjlf0FrNzSKdYK2APUf7tGfGxQCk2ihEREmbR6ZMc0MVAD5RIX/41gpUzTw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 10.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/@parcel/watcher/node_modules/picomatch": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/@pinia/testing": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@pinia/testing/-/testing-1.0.3.tgz",
+      "integrity": "sha512-g+qR49GNdI1Z8rZxKrQC3GN+LfnGTNf5Kk8Nz5Cz6mIGva5WRS+ffPXQfzhA0nu6TveWzPNYTjGl4nJqd3Cu9Q==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/posva"
+      },
+      "peerDependencies": {
+        "pinia": ">=3.0.4"
+      }
+    },
+    "node_modules/@pinojs/redact": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@pinojs/redact/-/redact-0.4.0.tgz",
+      "integrity": "sha512-k2ENnmBugE/rzQfEcdWHcCY+/FM3VLzH9cYEsbdsoqrvzAKRhUZeRNhAZvB8OitQJ1TBed3yqWtdjzS6wJKBwg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@pkgjs/parseargs": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
+      "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@playwright/test": {
+      "version": "1.60.0",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.60.0.tgz",
+      "integrity": "sha512-O71yZIbAh/PxDMNGns37GHBIfrVkEVyn+AXyIa5dOTfb4/xNvRWV+Vv/NMbNCtODB/pO7vLlF2OTmMVLhmr7Ag==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright": "1.60.0"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@rolldown/binding-android-arm64": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.2.tgz",
+      "integrity": "sha512-ZS4D1JPGn/MYQN/SYDWftIE/nVsM8j/AFOYEzAoOE2O3NktQOZru+/vYXGbR/qtdLdIfGCP0lcoJiYVzsEz+iQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-darwin-arm64": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.2.tgz",
+      "integrity": "sha512-vdFA9+C/rekyGce7WqHs/xoT0ioZEWaOFyZLIV1mEeNFaFDUQrPIo8Vs2GvJ6eetb3rzDUtUBgzto3ExpXJB3w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-darwin-x64": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.2.tgz",
+      "integrity": "sha512-BewSOwTHazv77DTYiAZXSqqKZ4KP/KonFisDMVU7PImxoWfB2aepnPhd2E4SWz3zDzYgDNbs6jBmTdgNnF02GA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-freebsd-x64": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.2.tgz",
+      "integrity": "sha512-m41o7M0YWtUdqk61Tb+jnKb2rN++iRdIASlExkUoKfIAH30DOHCB8fVLzSUpbWHHU8esmEioY62PxzexE8MBuA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-arm-gnueabihf": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.2.tgz",
+      "integrity": "sha512-jcojB9H7W/jS29pMKWAK1N+fU99vXodHDTatS3b3y/XSOCiHo0kkA74pL3jJmkoQtYpOCxDvaKs1fo2Ij/1X5w==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-arm64-gnu": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.2.tgz",
+      "integrity": "sha512-1jn6qDU5iiOgFgygDzKUuKP0maTi0/f1+sBLgvij/76C77Nm3ts6ufz9Bjg5q5dduxiUIxtq86JIoBvo1xQ4Ig==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-arm64-musl": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.2.tgz",
+      "integrity": "sha512-QVLO/czFMdoMFSqlX3bcswcJNm/23r+qoa/jgtmFc/qEp6/jXmIkDjF/XIo8dPfGaiwy1xfQn8o77L79GeXFgw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-ppc64-gnu": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.2.tgz",
+      "integrity": "sha512-hgO5Abm0w5UL6FEa2iFnZqo2KlK7TQ5QhV5x09hujBf7t5KzHQ1VmfPuTpqRy/rNlSxua3eWH374xxiVrP+lcA==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-s390x-gnu": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.2.tgz",
+      "integrity": "sha512-fy8rXxuYEu602abC8MUNaPjYLIFzReOaEIEMKMUa0rFEUxNpVXhs15KSSQ4qlqSaM7B6rcj9rDZgADh/IGDzLQ==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-x64-gnu": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.2.tgz",
+      "integrity": "sha512-0+bOkiQ779+r1WpoHOWHqncvyySci0vKph+myNDYb+im6meJAzHQXay6oEgnkHuUGouM1LKTZwqKpBow6Kj7CQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-x64-musl": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.2.tgz",
+      "integrity": "sha512-mjSkrzZK5Qsl0a9d1JgILOiuZOSDTVdKENcSXBoqbzSrspLR/4/IRVDo5wd2GgZjNss/viBFJdeq+j7qH2nypw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-openharmony-arm64": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.2.tgz",
+      "integrity": "sha512-1v5vHasdfQAZoEHakBV72LIFAC9JjnymsiKxp+GEr/ma3+NJCPSaYK+qavInOovJkgwFrs7GccX2d6IgDA3Z5w==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-wasm32-wasi": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.2.tgz",
+      "integrity": "sha512-mb1VobWn6NheziTk5/WEaR6AKVbrwT5sOi6C7zk3gy/pD1qtJfU1j4PgTo2NJnOtbL9Dl3Aeei8w9jJ7qC2jZQ==",
+      "cpu": [
+        "wasm32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@emnapi/core": "1.10.0",
+        "@emnapi/runtime": "1.10.0",
+        "@napi-rs/wasm-runtime": "^1.1.4"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-win32-arm64-msvc": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.2.tgz",
+      "integrity": "sha512-SqKonF56vA/L2yHwHYcEp2P34URpOZ7d1fS635cTkpDnUtEGdUbhI6NzsPdqeSWvAAeGDrxjWjNmibDIdFf9/A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-win32-x64-msvc": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.2.tgz",
+      "integrity": "sha512-v7qRI7gXLRINcOGXt+7YmAZ6iFuyZVMIoXAxhd8oP+DR9dLfL9GfNIx7PLMxmhZdvq8waUJBQiWN9EKNy+TRBQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/pluginutils": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.1.tgz",
+      "integrity": "sha512-2j9bGt5Jh8hj+vPtgzPtl72j0yRxHAyumoo6TNfAjsLB04UtpSvPbPcDcBMxz7n+9CYB0c1GxQFxYRg2jimqGw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@rollup/rollup-android-arm-eabi": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.4.tgz",
+      "integrity": "sha512-F5QXMSiFebS9hKZj02XhWLLnRpJ3B3AROP0tWbFBSj+6kCbg5m9j5JoHKd4mmSVy5mS/IMQloYgYxCuJC0fxEQ==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-android-arm64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.4.tgz",
+      "integrity": "sha512-GxxTKApUpzRhof7poWvCJHRF51C67u1R7D6DiluBE8wKU1u5GWE8t+v81JvJYtbawoBFX1hLv5Ei4eVjkWokaw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-arm64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.4.tgz",
+      "integrity": "sha512-tua0TaJxMOB1R0V0RS1jFZ/RpURFDJIOR2A6jWwQeawuFyS4gBW+rntLRaQd0EQ4bd6Vp44Z2rXW+YYDBsj6IA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-x64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.4.tgz",
+      "integrity": "sha512-CSKq7MsP+5PFIcydhAiR1K0UhEI1A2jWXVKHPCBZ151yOutENwvnPocgVHkivu2kviURtCEB6zUQw0vs8RrhMg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-arm64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.4.tgz",
+      "integrity": "sha512-+O8OkVdyvXMtJEciu2wS/pzm1IxntEEQx3z5TAVy4l32G0etZn+RsA48ARRrFm6Ri8fvqPQfgrvNxSjKAbnd3g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-x64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.4.tgz",
+      "integrity": "sha512-Iw3oMskH3AfNuhU0MSN7vNbdi4me/NiYo2azqPz/Le16zHSa+3RRmliCMWWQmh4lcndccU40xcJuTYJZxNo/lw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.4.tgz",
+      "integrity": "sha512-EIPRXTVQpHyF8WOo219AD2yEltPehLTcTMz2fn6JsatLYSzQf00hj3rulF+yauOlF9/FtM2WpkT/hJh/KJFGhA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-musleabihf": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.4.tgz",
+      "integrity": "sha512-J3Yh9PzzF1Ovah2At+lHiGQdsYgArxBbXv/zHfSyaiFQEqvNv7DcW98pCrmdjCZBrqBiKrKKe2V+aaSGWuBe/w==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.4.tgz",
+      "integrity": "sha512-BFDEZMYfUvLn37ONE1yMBojPxnMlTFsdyNoqncT0qFq1mAfllL+ATMMJd8TeuVMiX84s1KbcxcZbXInmcO2mRg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.4.tgz",
+      "integrity": "sha512-pc9EYOSlOgdQ2uPl1o9PF6/kLSgaUosia7gOuS8mB69IxJvlclko1MECXysjs5ryez1/5zjYqx3+xYU0TU6R1A==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.4.tgz",
+      "integrity": "sha512-NxnomyxYerDh5n4iLrNa+sH+Z+U4BMEE46V2PgQ/hoB909i8gV1M5wPojWg9fk1jWpO3IQnOs20K4wyZuFLEFQ==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.4.tgz",
+      "integrity": "sha512-nbJnQ8a3z1mtmrwImCYhc6BGpThAyYVRQxw9uKSKG4wR6aAYno9sVjJ0zaZcW9BPJX1GbrDPf+SvdWjgTuDmnw==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.4.tgz",
+      "integrity": "sha512-2EU6acNrQLd8tYvo/LXW535wupT3m6fo7HKo6lr7ktQoItxTyOL1ZCR/GfGCuXl2vR+zmfI6eRXkSemafv+iVg==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.4.tgz",
+      "integrity": "sha512-WeBtoMuaMxiiIrO2IYP3xs6GMWkJP2C0EoT8beTLkUPmzV1i/UcOSVw1d5r9KBODtHKilG5yFxsGRnBbK3wJ4A==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.4.tgz",
+      "integrity": "sha512-FJHFfqpKUI3A10WrWKiFbBZ7yVbGT4q4B5o1qKFFojqpaYoh9LrQgqWCmmcxQzVSXYtyB5bzkXrYzlHTs21MYA==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.4.tgz",
+      "integrity": "sha512-mcEl6CUT5IAUmQf1m9FYSmVqCJlpQ8r8eyftFUHG8i9OhY7BkBXSUdnLH5DOf0wCOjcP9v/QO93zpmF1SptCCw==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-s390x-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.4.tgz",
+      "integrity": "sha512-ynt3JxVd2w2buzoKDWIyiV1pJW93xlQic1THVLXilz429oijRpSHivZAgp65KBu+cMcgf1eVVjdnTLvPxgCuoQ==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.4.tgz",
+      "integrity": "sha512-Boiz5+MsaROEWDf+GGEwF8VMHGhlUoQMtIPjOgA5fv4osupqTVnJteQNKJwUcnUog2G55jYXH7KZFFiJe0TEzQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-musl": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.4.tgz",
+      "integrity": "sha512-+qfSY27qIrFfI/Hom04KYFw3GKZSGU4lXus51wsb5EuySfFlWRwjkKWoE9emgRw/ukoT4Udsj4W/+xxG8VbPKg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-openbsd-x64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.4.tgz",
+      "integrity": "sha512-VpTfOPHgVXEBeeR8hZ2O0F3aSso+JDWqTWmTmzcQKted54IAdUVbxE+j/MVxUsKa8L20HJhv3vUezVPoquqWjA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-openharmony-arm64": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.4.tgz",
+      "integrity": "sha512-IPOsh5aRYuLv/nkU51X10Bf75Bsf6+gZdx1X+QP5QM6lIJFHHqbHLG0uJn/hWthzo13UAc2umiUorqZy3axoZg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-arm64-msvc": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.4.tgz",
+      "integrity": "sha512-4QzE9E81OohJ/HKzHhsqU+zcYYojVOXlFMs1DdyMT6qXl/niOH7AVElmmEdUNHHS/oRkc++d5k6Vy85zFs0DEw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-ia32-msvc": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.4.tgz",
+      "integrity": "sha512-zTPgT1YuHHcd+Tmx7h8aml0FWFVelV5N54oHow9SLj+GfoDy/huQ+UV396N/C7KpMDMiPspRktzM1/0r1usYEA==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-gnu": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.4.tgz",
+      "integrity": "sha512-DRS4G7mi9lJxqEDezIkKCaUIKCrLUUDCUaCsTPCi/rtqaC6D/jjwslMQyiDU50Ka0JKpeXeRBFBAXwArY52vBw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-msvc": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.4.tgz",
+      "integrity": "sha512-QVTUovf40zgTqlFVrKA1uXMVvU2QWEFWfAH8Wdc48IxLvrJMQVMBRjuQyUpzZCDkakImib9eVazbWlC6ksWtJw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@socket.io/component-emitter": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz",
+      "integrity": "sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA==",
+      "license": "MIT"
+    },
+    "node_modules/@tsconfig/node10": {
+      "version": "1.0.12",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.12.tgz",
+      "integrity": "sha512-UCYBaeFvM11aU2y3YPZ//O5Rhj+xKyzy7mvcIoAjASbigy8mHMryP5cK7dgjlz2hWxh1g5pLw084E0a/wlUSFQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@tsconfig/node12": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz",
+      "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@tsconfig/node14": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz",
+      "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@tsconfig/node16": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz",
+      "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@tsoa/cli": {
+      "version": "7.0.0-alpha.0",
+      "resolved": "https://registry.npmjs.org/@tsoa/cli/-/cli-7.0.0-alpha.0.tgz",
+      "integrity": "sha512-fCBWv6F20qrpwFh5X+vaZs38Bh/5cVwKPhvG/uArR+crZgEowyNl76unLCmYdvycES9Y6g/TKFLagG8qojSNuQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@tsoa/runtime": "^7.0.0-alpha.0",
+        "@types/multer": "^1.4.12",
+        "fs-extra": "^11.2.0",
+        "glob": "^10.3.10",
+        "handlebars": "^4.7.8",
+        "merge-anything": "^5.1.7",
+        "minimatch": "^9.0.1",
+        "ts-deepmerge": "^7.0.2",
+        "typescript": "^5.7.2",
+        "validator": "^13.12.0",
+        "yaml": "^2.6.1",
+        "yargs": "^17.7.1"
+      },
+      "bin": {
+        "tsoa": "dist/cli.js"
+      },
+      "engines": {
+        "node": ">=18.0.0",
+        "yarn": ">=1.9.4"
+      }
+    },
+    "node_modules/@tsoa/cli/node_modules/typescript": {
+      "version": "5.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/@tsoa/runtime": {
+      "version": "7.0.0-alpha.0",
+      "resolved": "https://registry.npmjs.org/@tsoa/runtime/-/runtime-7.0.0-alpha.0.tgz",
+      "integrity": "sha512-zlWYz2bLfaN6WtFoIbLBEAyVhKG4IQKJ9QPzeRFFKeAsh5zYN4/ocnd14XyWs4ehY9TdtTnma2drW89aYNSRYw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@hapi/boom": "^10.0.1",
+        "@hapi/hapi": "^21.3.12",
+        "@types/koa": "^2.15.0",
+        "@types/multer": "^1.4.12",
+        "express": "^4.21.2",
+        "reflect-metadata": "^0.2.2",
+        "validator": "^13.12.0"
+      },
+      "engines": {
+        "node": ">=18.0.0",
+        "yarn": ">=1.9.4"
+      }
+    },
+    "node_modules/@tybys/wasm-util": {
+      "version": "0.10.2",
+      "resolved": "https://registry.npmjs.org/@tybys/wasm-util/-/wasm-util-0.10.2.tgz",
+      "integrity": "sha512-RoBvJ2X0wuKlWFIjrwffGw1IqZHKQqzIchKaadZZfnNpsAYp2mM0h36JtPCjNDAHGgYez/15uMBpfGwchhiMgg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@types/accepts": {
+      "version": "1.3.7",
+      "resolved": "https://registry.npmjs.org/@types/accepts/-/accepts-1.3.7.tgz",
+      "integrity": "sha512-Pay9fq2lM2wXPWbteBsRAGiWH2hig4ZE2asK+mm7kUzlxRTfL961rj89I6zV/E3PcIkDqyuBEcMxFT7rccugeQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/body-parser": {
+      "version": "1.19.6",
+      "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.6.tgz",
+      "integrity": "sha512-HLFeCYgz89uk22N5Qg3dvGvsv46B8GLvKKo1zKG4NybA8U2DiEO3w9lqGg29t/tfLRJpJ6iQxnVw4OnB7MoM9g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/connect": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/chai": {
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/@types/chai/-/chai-5.2.3.tgz",
+      "integrity": "sha512-Mw558oeA9fFbv65/y4mHtXDs9bPnFMZAL/jxdPFUpOHHIXX91mcgEHbS5Lahr+pwZFR8A7GQleRWeI6cGFC2UA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/deep-eql": "*",
+        "assertion-error": "^2.0.1"
+      }
+    },
+    "node_modules/@types/connect": {
+      "version": "3.4.38",
+      "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz",
+      "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/content-disposition": {
+      "version": "0.5.9",
+      "resolved": "https://registry.npmjs.org/@types/content-disposition/-/content-disposition-0.5.9.tgz",
+      "integrity": "sha512-8uYXI3Gw35MhiVYhG3s295oihrxRyytcRHjSjqnqZVDDy/xcGBRny7+Xj1Wgfhv5QzRtN2hB2dVRBUX9XW3UcQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/cookies": {
+      "version": "0.9.2",
+      "resolved": "https://registry.npmjs.org/@types/cookies/-/cookies-0.9.2.tgz",
+      "integrity": "sha512-1AvkDdZM2dbyFybL4fxpuNCaWyv//0AwsuUk2DWeXyM1/5ZKm6W3z6mQi24RZ4l2ucY+bkSHzbDVpySqPGuV8A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/connect": "*",
+        "@types/express": "*",
+        "@types/keygrip": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/cors": {
+      "version": "2.8.19",
+      "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz",
+      "integrity": "sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/d3": {
+      "version": "7.4.3",
+      "resolved": "https://registry.npmjs.org/@types/d3/-/d3-7.4.3.tgz",
+      "integrity": "sha512-lZXZ9ckh5R8uiFVt8ogUNf+pIrK4EsWrx2Np75WvF/eTpJ0FMHNhjXk8CKEx/+gpHbNQyJWehbFaTvqmHWB3ww==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-array": "*",
+        "@types/d3-axis": "*",
+        "@types/d3-brush": "*",
+        "@types/d3-chord": "*",
+        "@types/d3-color": "*",
+        "@types/d3-contour": "*",
+        "@types/d3-delaunay": "*",
+        "@types/d3-dispatch": "*",
+        "@types/d3-drag": "*",
+        "@types/d3-dsv": "*",
+        "@types/d3-ease": "*",
+        "@types/d3-fetch": "*",
+        "@types/d3-force": "*",
+        "@types/d3-format": "*",
+        "@types/d3-geo": "*",
+        "@types/d3-hierarchy": "*",
+        "@types/d3-interpolate": "*",
+        "@types/d3-path": "*",
+        "@types/d3-polygon": "*",
+        "@types/d3-quadtree": "*",
+        "@types/d3-random": "*",
+        "@types/d3-scale": "*",
+        "@types/d3-scale-chromatic": "*",
+        "@types/d3-selection": "*",
+        "@types/d3-shape": "*",
+        "@types/d3-time": "*",
+        "@types/d3-time-format": "*",
+        "@types/d3-timer": "*",
+        "@types/d3-transition": "*",
+        "@types/d3-zoom": "*"
+      }
+    },
+    "node_modules/@types/d3-array": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.2.tgz",
+      "integrity": "sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-axis": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/@types/d3-axis/-/d3-axis-3.0.6.tgz",
+      "integrity": "sha512-pYeijfZuBd87T0hGn0FO1vQ/cgLk6E1ALJjfkC0oJ8cbwkZl3TpgS8bVBLZN+2jjGgg38epgxb2zmoGtSfvgMw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-selection": "*"
+      }
+    },
+    "node_modules/@types/d3-brush": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/@types/d3-brush/-/d3-brush-3.0.6.tgz",
+      "integrity": "sha512-nH60IZNNxEcrh6L1ZSMNA28rj27ut/2ZmI3r96Zd+1jrZD++zD3LsMIjWlvg4AYrHn/Pqz4CF3veCxGjtbqt7A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-selection": "*"
+      }
+    },
+    "node_modules/@types/d3-chord": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/@types/d3-chord/-/d3-chord-3.0.6.tgz",
+      "integrity": "sha512-LFYWWd8nwfwEmTZG9PfQxd17HbNPksHBiJHaKuY1XeqscXacsS2tyoo6OdRsjf+NQYeB6XrNL3a25E3gH69lcg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-color": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz",
+      "integrity": "sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-contour": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/@types/d3-contour/-/d3-contour-3.0.6.tgz",
+      "integrity": "sha512-BjzLgXGnCWjUSYGfH1cpdo41/hgdWETu4YxpezoztawmqsvCeep+8QGfiY6YbDvfgHz/DkjeIkkZVJavB4a3rg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-array": "*",
+        "@types/geojson": "*"
+      }
+    },
+    "node_modules/@types/d3-delaunay": {
+      "version": "6.0.4",
+      "resolved": "https://registry.npmjs.org/@types/d3-delaunay/-/d3-delaunay-6.0.4.tgz",
+      "integrity": "sha512-ZMaSKu4THYCU6sV64Lhg6qjf1orxBthaC161plr5KuPHo3CNm8DTHiLw/5Eq2b6TsNP0W0iJrUOFscY6Q450Hw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-dispatch": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/@types/d3-dispatch/-/d3-dispatch-3.0.7.tgz",
+      "integrity": "sha512-5o9OIAdKkhN1QItV2oqaE5KMIiXAvDWBDPrD85e58Qlz1c1kI/J0NcqbEG88CoTwJrYe7ntUCVfeUl2UJKbWgA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-drag": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/@types/d3-drag/-/d3-drag-3.0.7.tgz",
+      "integrity": "sha512-HE3jVKlzU9AaMazNufooRJ5ZpWmLIoc90A37WU2JMmeq28w1FQqCZswHZ3xR+SuxYftzHq6WU6KJHvqxKzTxxQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-selection": "*"
+      }
+    },
+    "node_modules/@types/d3-dsv": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/@types/d3-dsv/-/d3-dsv-3.0.7.tgz",
+      "integrity": "sha512-n6QBF9/+XASqcKK6waudgL0pf/S5XHPPI8APyMLLUHd8NqouBGLsU8MgtO7NINGtPBtk9Kko/W4ea0oAspwh9g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-ease": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz",
+      "integrity": "sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-fetch": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/@types/d3-fetch/-/d3-fetch-3.0.7.tgz",
+      "integrity": "sha512-fTAfNmxSb9SOWNB9IoG5c8Hg6R+AzUHDRlsXsDZsNp6sxAEOP0tkP3gKkNSO/qmHPoBFTxNrjDprVHDQDvo5aA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-dsv": "*"
+      }
+    },
+    "node_modules/@types/d3-force": {
+      "version": "3.0.10",
+      "resolved": "https://registry.npmjs.org/@types/d3-force/-/d3-force-3.0.10.tgz",
+      "integrity": "sha512-ZYeSaCF3p73RdOKcjj+swRlZfnYpK1EbaDiYICEEp5Q6sUiqFaFQ9qgoshp5CzIyyb/yD09kD9o2zEltCexlgw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-format": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/@types/d3-format/-/d3-format-3.0.4.tgz",
+      "integrity": "sha512-fALi2aI6shfg7vM5KiR1wNJnZ7r6UuggVqtDA+xiEdPZQwy/trcQaHnwShLuLdta2rTymCNpxYTiMZX/e09F4g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-geo": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@types/d3-geo/-/d3-geo-3.1.0.tgz",
+      "integrity": "sha512-856sckF0oP/diXtS4jNsiQw/UuK5fQG8l/a9VVLeSouf1/PPbBE1i1W852zVwKwYCBkFJJB7nCFTbk6UMEXBOQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/geojson": "*"
+      }
+    },
+    "node_modules/@types/d3-hierarchy": {
+      "version": "3.1.7",
+      "resolved": "https://registry.npmjs.org/@types/d3-hierarchy/-/d3-hierarchy-3.1.7.tgz",
+      "integrity": "sha512-tJFtNoYBtRtkNysX1Xq4sxtjK8YgoWUNpIiUee0/jHGRwqvzYxkq0hGVbbOGSz+JgFxxRu4K8nb3YpG3CMARtg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-interpolate": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz",
+      "integrity": "sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-color": "*"
+      }
+    },
+    "node_modules/@types/d3-path": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.1.tgz",
+      "integrity": "sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-polygon": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/@types/d3-polygon/-/d3-polygon-3.0.2.tgz",
+      "integrity": "sha512-ZuWOtMaHCkN9xoeEMr1ubW2nGWsp4nIql+OPQRstu4ypeZ+zk3YKqQT0CXVe/PYqrKpZAi+J9mTs05TKwjXSRA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-quadtree": {
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/@types/d3-quadtree/-/d3-quadtree-3.0.6.tgz",
+      "integrity": "sha512-oUzyO1/Zm6rsxKRHA1vH0NEDG58HrT5icx/azi9MF1TWdtttWl0UIUsjEQBBh+SIkrpd21ZjEv7ptxWys1ncsg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-random": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/@types/d3-random/-/d3-random-3.0.3.tgz",
+      "integrity": "sha512-Imagg1vJ3y76Y2ea0871wpabqp613+8/r0mCLEBfdtqC7xMSfj9idOnmBYyMoULfHePJyxMAw3nWhJxzc+LFwQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-scale": {
+      "version": "4.0.9",
+      "resolved": "https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.9.tgz",
+      "integrity": "sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-time": "*"
+      }
+    },
+    "node_modules/@types/d3-scale-chromatic": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@types/d3-scale-chromatic/-/d3-scale-chromatic-3.1.0.tgz",
+      "integrity": "sha512-iWMJgwkK7yTRmWqRB5plb1kadXyQ5Sj8V/zYlFGMUBbIPKQScw+Dku9cAAMgJG+z5GYDoMjWGLVOvjghDEFnKQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-selection": {
+      "version": "3.0.11",
+      "resolved": "https://registry.npmjs.org/@types/d3-selection/-/d3-selection-3.0.11.tgz",
+      "integrity": "sha512-bhAXu23DJWsrI45xafYpkQ4NtcKMwWnAC/vKrd2l+nxMFuvOT3XMYTIj2opv8vq8AO5Yh7Qac/nSeP/3zjTK0w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-shape": {
+      "version": "3.1.8",
+      "resolved": "https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.8.tgz",
+      "integrity": "sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-path": "*"
+      }
+    },
+    "node_modules/@types/d3-time": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.4.tgz",
+      "integrity": "sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-time-format": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/@types/d3-time-format/-/d3-time-format-4.0.3.tgz",
+      "integrity": "sha512-5xg9rC+wWL8kdDj153qZcsJ0FWiFt0J5RB6LYUNZjwSnesfblqrI/bJ1wBdJ8OQfncgbJG5+2F+qfqnqyzYxyg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-timer": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz",
+      "integrity": "sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/d3-transition": {
+      "version": "3.0.9",
+      "resolved": "https://registry.npmjs.org/@types/d3-transition/-/d3-transition-3.0.9.tgz",
+      "integrity": "sha512-uZS5shfxzO3rGlu0cC3bjmMFKsXv+SmZZcgp0KD22ts4uGXp5EVYGzu/0YdwZeKmddhcAccYtREJKkPfXkZuCg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-selection": "*"
+      }
+    },
+    "node_modules/@types/d3-zoom": {
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@types/d3-zoom/-/d3-zoom-3.0.8.tgz",
+      "integrity": "sha512-iqMC4/YlFCSlO8+2Ii1GGGliCAY4XdeG748w5vQUbevlbDu0zSjH/+jojorQVBK/se0j6DUFNPBGSqD3YWYnDw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/d3-interpolate": "*",
+        "@types/d3-selection": "*"
+      }
+    },
+    "node_modules/@types/deep-eql": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/@types/deep-eql/-/deep-eql-4.0.2.tgz",
+      "integrity": "sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/estree": {
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.9.tgz",
+      "integrity": "sha512-GhdPgy1el4/ImP05X05Uw4cw2/M93BCUmnEvWZNStlCzEKME4Fkk+YpoA5OiHNQmoS7Cafb8Xa3Pya8m1Qrzeg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/eventsource": {
+      "version": "1.1.15",
+      "resolved": "https://registry.npmjs.org/@types/eventsource/-/eventsource-1.1.15.tgz",
+      "integrity": "sha512-XQmGcbnxUNa06HR3VBVkc9+A2Vpi9ZyLJcdS5dwaQQ/4ZMWFO+5c90FnMUpbtMZwB/FChoYHwuVg8TvkECacTA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/express": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.6.tgz",
+      "integrity": "sha512-sKYVuV7Sv9fbPIt/442koC7+IIwK5olP1KWeD88e/idgoJqDm3JV/YUiPwkoKK92ylff2MGxSz1CSjsXelx0YA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/body-parser": "*",
+        "@types/express-serve-static-core": "^5.0.0",
+        "@types/serve-static": "^2"
+      }
+    },
+    "node_modules/@types/express-serve-static-core": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-5.1.1.tgz",
+      "integrity": "sha512-v4zIMr/cX7/d2BpAEX3KNKL/JrT1s43s96lLvvdTmza1oEvDudCqK9aF/djc/SWgy8Yh0h30TZx5VpzqFCxk5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*",
+        "@types/qs": "*",
+        "@types/range-parser": "*",
+        "@types/send": "*"
+      }
+    },
+    "node_modules/@types/geojson": {
+      "version": "7946.0.16",
+      "resolved": "https://registry.npmjs.org/@types/geojson/-/geojson-7946.0.16.tgz",
+      "integrity": "sha512-6C8nqWur3j98U6+lXDfTUWIfgvZU+EumvpHKcYjujKH7woYyLj2sUmff0tRhrqM7BohUw7Pz3ZB1jj2gW9Fvmg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/http-assert": {
+      "version": "1.5.6",
+      "resolved": "https://registry.npmjs.org/@types/http-assert/-/http-assert-1.5.6.tgz",
+      "integrity": "sha512-TTEwmtjgVbYAzZYWyeHPrrtWnfVkm8tQkP8P21uQifPgMRgjrow3XDEYqucuC8SKZJT7pUnhU/JymvjggxO9vw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/http-errors": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.5.tgz",
+      "integrity": "sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/js-yaml": {
+      "version": "4.0.9",
+      "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.9.tgz",
+      "integrity": "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/katex": {
+      "version": "0.16.8",
+      "resolved": "https://registry.npmjs.org/@types/katex/-/katex-0.16.8.tgz",
+      "integrity": "sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/keygrip": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/@types/keygrip/-/keygrip-1.0.6.tgz",
+      "integrity": "sha512-lZuNAY9xeJt7Bx4t4dx0rYCDqGPW8RXhQZK1td7d4H6E9zYbLoOtjBvfwdTKpsyxQI/2jv+armjX/RW+ZNpXOQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/koa": {
+      "version": "2.15.2",
+      "resolved": "https://registry.npmjs.org/@types/koa/-/koa-2.15.2.tgz",
+      "integrity": "sha512-CB+iyjjh1uS5N6/CKwXvw0qA7USMS2WVc4Tjf660yCjhdvqzNr8gdFcIawB41zGGptOQ+d1fnpaQWIIUXYxR3w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/accepts": "*",
+        "@types/content-disposition": "*",
+        "@types/cookies": "*",
+        "@types/http-assert": "*",
+        "@types/http-errors": "*",
+        "@types/keygrip": "*",
+        "@types/koa-compose": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/koa__cors": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@types/koa__cors/-/koa__cors-5.0.1.tgz",
+      "integrity": "sha512-xZckuh3B6ycSBAIYnBImG1VDHyBNZsltGAuGb4THuZllccdLgD5DUs4RA7TAUjB58THg00SSZ1e//duQef7WRw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/koa": "*"
+      }
+    },
+    "node_modules/@types/koa__router": {
+      "version": "12.0.5",
+      "resolved": "https://registry.npmjs.org/@types/koa__router/-/koa__router-12.0.5.tgz",
+      "integrity": "sha512-1HeLxuDn4n5it1yZYCSyOYXo++73zT0ffoviXnPxbwbxLbvDFEvWD9ZzpRiIpK4oKR0pi+K+Mk/ZjyROjW3HSw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/koa": "*"
+      }
+    },
+    "node_modules/@types/koa-compose": {
+      "version": "3.2.9",
+      "resolved": "https://registry.npmjs.org/@types/koa-compose/-/koa-compose-3.2.9.tgz",
+      "integrity": "sha512-BroAZ9FTvPiCy0Pi8tjD1OfJ7bgU1gQf0eR6e1Vm+JJATy9eKOG3hQMFtMciMawiSOVnLMdmUOC46s7HBhSTsA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/koa": "*"
+      }
+    },
+    "node_modules/@types/koa-send": {
+      "version": "4.1.6",
+      "resolved": "https://registry.npmjs.org/@types/koa-send/-/koa-send-4.1.6.tgz",
+      "integrity": "sha512-vgnNGoOJkx7FrF0Jl6rbK1f8bBecqAchKpXtKuXzqIEdXTDO6dsSTjr+eZ5m7ltSjH4K/E7auNJEQCAd0McUPA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/koa": "*"
+      }
+    },
+    "node_modules/@types/koa-static": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/@types/koa-static/-/koa-static-4.0.4.tgz",
+      "integrity": "sha512-j1AUzzl7eJYEk9g01hNTlhmipFh8RFbOQmaMNLvLcNNAkPw0bdTs3XTa3V045XFlrWN0QYnblbDJv2RzawTn6A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/koa": "*",
+        "@types/koa-send": "*"
+      }
+    },
+    "node_modules/@types/linkify-it": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/@types/linkify-it/-/linkify-it-5.0.0.tgz",
+      "integrity": "sha512-sVDA58zAw4eWAffKOaQH5/5j3XeayukzDk+ewSsnv3p4yJEZHCCzMDiZM8e0OUrRvmpGZ85jf4yDHkHsgBNr9Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/lodash": {
+      "version": "4.17.24",
+      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.24.tgz",
+      "integrity": "sha512-gIW7lQLZbue7lRSWEFql49QJJWThrTFFeIMJdp3eH4tKoxm1OvEPg02rm4wCCSHS0cL3/Fizimb35b7k8atwsQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/lodash-es": {
+      "version": "4.17.12",
+      "resolved": "https://registry.npmjs.org/@types/lodash-es/-/lodash-es-4.17.12.tgz",
+      "integrity": "sha512-0NgftHUcV4v34VhXm8QBSftKVXtbkBG3ViCjs6+eJ5a6y6Mi/jiFGPc1sC7QK+9BFhWrURE3EOggmWaSxL9OzQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/lodash": "*"
+      }
+    },
+    "node_modules/@types/markdown-it": {
+      "version": "14.1.2",
+      "resolved": "https://registry.npmjs.org/@types/markdown-it/-/markdown-it-14.1.2.tgz",
+      "integrity": "sha512-promo4eFwuiW+TfGxhi+0x3czqTYJkG8qB17ZUJiVF10Xm7NLVRSLUsfRTU/6h1e24VvRnXCx+hG7li58lkzog==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/linkify-it": "^5",
+        "@types/mdurl": "^2"
+      }
+    },
+    "node_modules/@types/mdurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@types/mdurl/-/mdurl-2.0.0.tgz",
+      "integrity": "sha512-RGdgjQUZba5p6QEFAVx2OGb8rQDL/cPRG7GiedRzMcJ1tYnUANBncjbSB1NRGwbvjcPeikRABz2nshyPk1bhWg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/multer": {
+      "version": "1.4.13",
+      "resolved": "https://registry.npmjs.org/@types/multer/-/multer-1.4.13.tgz",
+      "integrity": "sha512-bhhdtPw7JqCiEfC9Jimx5LqX9BDIPJEh2q/fQ4bqbBPtyEZYr3cvF22NwG0DmPZNYA0CAf2CnqDB4KIGGpJcaw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/express": "*"
+      }
+    },
+    "node_modules/@types/node": {
+      "version": "24.12.4",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.12.4.tgz",
+      "integrity": "sha512-GUUEShf+PBCGW2KaXwcIt3Yk+e3pkKwWKb9GSyM9WQVE+ep2jzmHdGsHzu4wgcZy5fN9FBdVzjpBQsYlpfpgLA==",
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~7.16.0"
+      }
+    },
+    "node_modules/@types/qrcode": {
+      "version": "1.5.6",
+      "resolved": "https://registry.npmjs.org/@types/qrcode/-/qrcode-1.5.6.tgz",
+      "integrity": "sha512-te7NQcV2BOvdj2b1hCAHzAoMNuj65kNBMz0KBaxM6c3VGBOhU0dURQKOtH8CFNI/dsKkwlv32p26qYQTWoB5bw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/qs": {
+      "version": "6.15.1",
+      "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.15.1.tgz",
+      "integrity": "sha512-GZHUBZR9hckSUhrxmp1nG6NwdpM9fCunJwyThLW1X3AyHgd9IlHb6VANpQQqDr2o/qQp6McZ3y/IA2rVzKzSbw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/range-parser": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz",
+      "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/send": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@types/send/-/send-1.2.1.tgz",
+      "integrity": "sha512-arsCikDvlU99zl1g69TcAB3mzZPpxgw0UQnaHeC1Nwb015xp8bknZv5rIfri9xTOcMuaVgvabfIRA7PSZVuZIQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/serve-static": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-2.2.0.tgz",
+      "integrity": "sha512-8mam4H1NHLtu7nmtalF7eyBH14QyOASmcxHhSfEoRyr0nP/YdoesEtU+uSRvMe96TW/HPTtkoKqQLl53N7UXMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/http-errors": "*",
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/strip-bom": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@types/strip-bom/-/strip-bom-3.0.0.tgz",
+      "integrity": "sha512-xevGOReSYGM7g/kUBZzPqCrR/KYAo+F0yiPc85WFTJa0MSLtyFTVTU6cJu/aV4mid7IffDIWqo69THF2o4JiEQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/strip-json-comments": {
+      "version": "0.0.30",
+      "resolved": "https://registry.npmjs.org/@types/strip-json-comments/-/strip-json-comments-0.0.30.tgz",
+      "integrity": "sha512-7NQmHra/JILCd1QqpSzl8+mJRc8ZHz3uDm8YV1Ks9IhK0epEiTw8aIErbvH9PI+6XbqhyIQy3462nEsn7UVzjQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/trusted-types": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
+      "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true
+    },
+    "node_modules/@types/ws": {
+      "version": "8.18.1",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+      "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@upsetjs/venn.js": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@upsetjs/venn.js/-/venn.js-2.0.0.tgz",
+      "integrity": "sha512-WbBhLrooyePuQ1VZxrJjtLvTc4NVfpOyKx0sKqioq9bX1C1m7Jgykkn8gLrtwumBioXIqam8DLxp88Adbue6Hw==",
+      "dev": true,
+      "license": "MIT",
+      "optionalDependencies": {
+        "d3-selection": "^3.0.0",
+        "d3-transition": "^3.0.1"
+      }
+    },
+    "node_modules/@vitejs/plugin-vue": {
+      "version": "6.0.7",
+      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-6.0.7.tgz",
+      "integrity": "sha512-km+p+XdSz9Sxm5rqUbqcSfZYaAniKxWBj1KURl+Jr7UaPvvX7BmaWMdP69I5rrFDeQGyxAG7NXdc57vz+snhWg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@rolldown/pluginutils": "^1.0.1"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      },
+      "peerDependencies": {
+        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0",
+        "vue": "^3.2.25"
+      }
+    },
+    "node_modules/@vitest/coverage-v8": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-3.2.4.tgz",
+      "integrity": "sha512-EyF9SXU6kS5Ku/U82E259WSnvg6c8KTjppUncuNdm5QHpe17mwREHnjDzozC8x9MZ0xfBUFSaLkRv4TMA75ALQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@ampproject/remapping": "^2.3.0",
+        "@bcoe/v8-coverage": "^1.0.2",
+        "ast-v8-to-istanbul": "^0.3.3",
+        "debug": "^4.4.1",
+        "istanbul-lib-coverage": "^3.2.2",
+        "istanbul-lib-report": "^3.0.1",
+        "istanbul-lib-source-maps": "^5.0.6",
+        "istanbul-reports": "^3.1.7",
+        "magic-string": "^0.30.17",
+        "magicast": "^0.3.5",
+        "std-env": "^3.9.0",
+        "test-exclude": "^7.0.1",
+        "tinyrainbow": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "@vitest/browser": "3.2.4",
+        "vitest": "3.2.4"
+      },
+      "peerDependenciesMeta": {
+        "@vitest/browser": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@vitest/expect": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-3.2.4.tgz",
+      "integrity": "sha512-Io0yyORnB6sikFlt8QW5K7slY4OjqNX9jmJQ02QDda8lyM6B5oNgVWoSoKPac8/kgnCUzuHQKrSLtu/uOqqrig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/chai": "^5.2.2",
+        "@vitest/spy": "3.2.4",
+        "@vitest/utils": "3.2.4",
+        "chai": "^5.2.0",
+        "tinyrainbow": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/pretty-format": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-3.2.4.tgz",
+      "integrity": "sha512-IVNZik8IVRJRTr9fxlitMKeJeXFFFN0JaB9PHPGQ8NKQbGpfjlTx9zO4RefN8gp7eqjNy8nyK3NZmBzOPeIxtA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tinyrainbow": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/runner": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-3.2.4.tgz",
+      "integrity": "sha512-oukfKT9Mk41LreEW09vt45f8wx7DordoWUZMYdY/cyAk7w5TWkTRCNZYF7sX7n2wB7jyGAl74OxgwhPgKaqDMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/utils": "3.2.4",
+        "pathe": "^2.0.3",
+        "strip-literal": "^3.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/snapshot": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-3.2.4.tgz",
+      "integrity": "sha512-dEYtS7qQP2CjU27QBC5oUOxLE/v5eLkGqPE0ZKEIDGMs4vKWe7IjgLOeauHsR0D5YuuycGRO5oSRXnwnmA78fQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/pretty-format": "3.2.4",
+        "magic-string": "^0.30.17",
+        "pathe": "^2.0.3"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/spy": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-3.2.4.tgz",
+      "integrity": "sha512-vAfasCOe6AIK70iP5UD11Ac4siNUNJ9i/9PZ3NKx07sG6sUxeag1LWdNrMWeKKYBLlzuK+Gn65Yd5nyL6ds+nw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tinyspy": "^4.0.3"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@vitest/utils": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-3.2.4.tgz",
+      "integrity": "sha512-fB2V0JFrQSMsCo9HiSq3Ezpdv4iYaXRG1Sx8edX3MwxfyNn83mKiGzOcH+Fkxt4MHxr3y42fQi1oeAInqgX2QA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/pretty-format": "3.2.4",
+        "loupe": "^3.1.4",
+        "tinyrainbow": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/@volar/language-core": {
+      "version": "2.4.28",
+      "resolved": "https://registry.npmjs.org/@volar/language-core/-/language-core-2.4.28.tgz",
+      "integrity": "sha512-w4qhIJ8ZSitgLAkVay6AbcnC7gP3glYM3fYwKV3srj8m494E3xtrCv6E+bWviiK/8hs6e6t1ij1s2Endql7vzQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@volar/source-map": "2.4.28"
+      }
+    },
+    "node_modules/@volar/source-map": {
+      "version": "2.4.28",
+      "resolved": "https://registry.npmjs.org/@volar/source-map/-/source-map-2.4.28.tgz",
+      "integrity": "sha512-yX2BDBqJkRXfKw8my8VarTyjv48QwxdJtvRgUpNE5erCsgEUdI2DsLbpa+rOQVAJYshY99szEcRDmyHbF10ggQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@volar/typescript": {
+      "version": "2.4.28",
+      "resolved": "https://registry.npmjs.org/@volar/typescript/-/typescript-2.4.28.tgz",
+      "integrity": "sha512-Ja6yvWrbis2QtN4ClAKreeUZPVYMARDYZl9LMEv1iQ1QdepB6wn0jTRxA9MftYmYa4DQ4k/DaSZpFPUfxl8giw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@volar/language-core": "2.4.28",
+        "path-browserify": "^1.0.1",
+        "vscode-uri": "^3.0.8"
+      }
+    },
+    "node_modules/@vscode/markdown-it-katex": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@vscode/markdown-it-katex/-/markdown-it-katex-1.1.2.tgz",
+      "integrity": "sha512-+4IIv5PgrmhKvW/3LpkpkGg257OViEhXkOOgCyj5KMsjsOfnRXkni8XAuuF9Ui5p3B8WnUovlDXAQNb8RJ/RaQ==",
+      "license": "MIT",
+      "dependencies": {
+        "katex": "^0.16.4"
+      }
+    },
+    "node_modules/@vscode/markdown-it-katex/node_modules/commander": {
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
+      "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/@vscode/markdown-it-katex/node_modules/katex": {
+      "version": "0.16.47",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.47.tgz",
+      "integrity": "sha512-Eeo8Ys1doU1z+x8AZsPpQu+p/QcZBI5PeOo7QGQdy2x2m0MU/hYagBbGOmXwr5KVbEfVuWv9LpnQWeehogurjg==",
+      "funding": [
+        "https://opencollective.com/katex",
+        "https://github.com/sponsors/katex"
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "commander": "^8.3.0"
+      },
+      "bin": {
+        "katex": "cli.js"
+      }
+    },
+    "node_modules/@vue/compiler-core": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.35.tgz",
+      "integrity": "sha512-BUmHaR1J+O+CKZ9uJucdVTEr1LHsdyvv7vG3eNRhK3CczEHeMd/LtsHAuD7PbrxvI2envCY2v7HI1vC1aBRzKw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.29.3",
+        "@vue/shared": "3.5.35",
+        "entities": "^7.0.1",
+        "estree-walker": "^2.0.2",
+        "source-map-js": "^1.2.1"
+      }
+    },
+    "node_modules/@vue/compiler-dom": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.35.tgz",
+      "integrity": "sha512-k+bprkXxuqhVajgTx5mUHuir7TwQzUKOWR40ng1ncAqQRPnrLngGGgqVEEhOnTMlc8btHYVKmrP8s5Qyg0hvYA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/compiler-core": "3.5.35",
+        "@vue/shared": "3.5.35"
+      }
+    },
+    "node_modules/@vue/compiler-sfc": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.35.tgz",
+      "integrity": "sha512-G5VPMcXTSywXBgtFOZOnHKBxKSrwXUcvY1iaF5/hRcy7t0J6CH/d8ha9F4nzi00Fax1eLV0QHM7v4mQu68jydw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.29.3",
+        "@vue/compiler-core": "3.5.35",
+        "@vue/compiler-dom": "3.5.35",
+        "@vue/compiler-ssr": "3.5.35",
+        "@vue/shared": "3.5.35",
+        "estree-walker": "^2.0.2",
+        "magic-string": "^0.30.21",
+        "postcss": "^8.5.15",
+        "source-map-js": "^1.2.1"
+      }
+    },
+    "node_modules/@vue/compiler-ssr": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.35.tgz",
+      "integrity": "sha512-rGhAeXgdM7/ffTJGXT69rCCdTmjDewnFuUZfBQQHTdcEBeWdT5HCGY60y2ytLJr9/Dsu7IntUi5z/w0h6Rjnzw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/compiler-dom": "3.5.35",
+        "@vue/shared": "3.5.35"
+      }
+    },
+    "node_modules/@vue/devtools-api": {
+      "version": "7.7.9",
+      "resolved": "https://registry.npmjs.org/@vue/devtools-api/-/devtools-api-7.7.9.tgz",
+      "integrity": "sha512-kIE8wvwlcZ6TJTbNeU2HQNtaxLx3a84aotTITUuL/4bzfPxzajGBOoqjMhwZJ8L9qFYDU/lAYMEEm11dnZOD6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/devtools-kit": "^7.7.9"
+      }
+    },
+    "node_modules/@vue/devtools-kit": {
+      "version": "7.7.9",
+      "resolved": "https://registry.npmjs.org/@vue/devtools-kit/-/devtools-kit-7.7.9.tgz",
+      "integrity": "sha512-PyQ6odHSgiDVd4hnTP+aDk2X4gl2HmLDfiyEnn3/oV+ckFDuswRs4IbBT7vacMuGdwY/XemxBoh302ctbsptuA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/devtools-shared": "^7.7.9",
+        "birpc": "^2.3.0",
+        "hookable": "^5.5.3",
+        "mitt": "^3.0.1",
+        "perfect-debounce": "^1.0.0",
+        "speakingurl": "^14.0.1",
+        "superjson": "^2.2.2"
+      }
+    },
+    "node_modules/@vue/devtools-shared": {
+      "version": "7.7.9",
+      "resolved": "https://registry.npmjs.org/@vue/devtools-shared/-/devtools-shared-7.7.9.tgz",
+      "integrity": "sha512-iWAb0v2WYf0QWmxCGy0seZNDPdO3Sp5+u78ORnyeonS6MT4PC7VPrryX2BpMJrwlDeaZ6BD4vP4XKjK0SZqaeA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "rfdc": "^1.4.1"
+      }
+    },
+    "node_modules/@vue/language-core": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/@vue/language-core/-/language-core-3.3.2.tgz",
+      "integrity": "sha512-CLwjSfHlPLhjd2qhuS3tTFtnOIWHXAM5u4X1DxmzlQ8j5bmOYlKCsSusOP7jCRJnlVg0mCTQtHU3vwFvopZGoQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@volar/language-core": "2.4.28",
+        "@vue/compiler-dom": "^3.5.0",
+        "@vue/shared": "^3.5.0",
+        "alien-signals": "^3.2.0",
+        "muggle-string": "^0.4.1",
+        "path-browserify": "^1.0.1",
+        "picomatch": "^4.0.4"
+      }
+    },
+    "node_modules/@vue/language-core/node_modules/picomatch": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/@vue/reactivity": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.35.tgz",
+      "integrity": "sha512-tVc+SsHConvh/Lz64qq1pP3rYArBmK42xonovEcxY74SQtvctZodG/zhq54P5dr38cVuw25d27cPNRdlMidpGQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/shared": "3.5.35"
+      }
+    },
+    "node_modules/@vue/runtime-core": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.35.tgz",
+      "integrity": "sha512-A/xFNX9loIcWDygeQuNCfKuh0CoYBzxhqEMNah5TSFg9Z53DrFYEN2qi5CU9necjM1OWYegYREUTHmXTmhfXtg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/reactivity": "3.5.35",
+        "@vue/shared": "3.5.35"
+      }
+    },
+    "node_modules/@vue/runtime-dom": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.35.tgz",
+      "integrity": "sha512-odrJ1C391dbGnyDRh8U+rnP7J2amIEzfmRk5vXy7xi3aZhEXofTvpi0T4HJb6jlNqQZTNPR5MPHSB3RHNkIORA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/reactivity": "3.5.35",
+        "@vue/runtime-core": "3.5.35",
+        "@vue/shared": "3.5.35",
+        "csstype": "^3.2.3"
+      }
+    },
+    "node_modules/@vue/server-renderer": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.35.tgz",
+      "integrity": "sha512-NkebSOYdB97wi8OQcO3HqzZSlymJi/aWsN/7h74OSVhRTm6qGs3Jp3e0rCXynmWwSlKeRrnlIug+ilYoHBmQDA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/compiler-ssr": "3.5.35",
+        "@vue/shared": "3.5.35"
+      },
+      "peerDependencies": {
+        "vue": "3.5.35"
+      }
+    },
+    "node_modules/@vue/shared": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.35.tgz",
+      "integrity": "sha512-zSbjL7gRXwks2ZQLRGCajBtBXEOXW9Ddhn/HvSdrGkE2dqGnumzW8XtusRrxrE9LvqtiqDXQ+A60Hp6mvdYxfA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@vue/test-utils": {
+      "version": "2.4.10",
+      "resolved": "https://registry.npmjs.org/@vue/test-utils/-/test-utils-2.4.10.tgz",
+      "integrity": "sha512-SmoZ5EA1kYiAFs9NkYdiFFQF+cSnUwnvlYEbY+DogWQZUiqOm/Y29eSbc5T6yi75SgSF9863SBeXniIEoPajCA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "js-beautify": "^1.14.9",
+        "vue-component-type-helpers": "^3.0.0"
+      },
+      "peerDependencies": {
+        "@vue/compiler-dom": "3.x",
+        "@vue/server-renderer": "3.x",
+        "vue": "3.x"
+      },
+      "peerDependenciesMeta": {
+        "@vue/server-renderer": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@vue/tsconfig": {
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/@vue/tsconfig/-/tsconfig-0.9.1.tgz",
+      "integrity": "sha512-buvjm+9NzLCJL29KY1j1991YYJ5e6275OiK+G4jtmfIb+z4POywbdm0wXusT9adVWqe0xqg70TbI7+mRx4uU9w==",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "typescript": ">= 5.8",
+        "vue": "^3.4.0"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        },
+        "vue": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@xterm/addon-fit": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/@xterm/addon-fit/-/addon-fit-0.11.0.tgz",
+      "integrity": "sha512-jYcgT6xtVYhnhgxh3QgYDnnNMYTcf8ElbxxFzX0IZo+vabQqSPAjC3c1wJrKB5E19VwQei89QCiZZP86DCPF7g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@xterm/addon-web-links": {
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/@xterm/addon-web-links/-/addon-web-links-0.12.0.tgz",
+      "integrity": "sha512-4Smom3RPyVp7ZMYOYDoC/9eGJJJqYhnPLGGqJ6wOBfB8VxPViJNSKdgRYb8NpaM6YSelEKbA2SStD7lGyqaobw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@xterm/xterm": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@xterm/xterm/-/xterm-6.0.0.tgz",
+      "integrity": "sha512-TQwDdQGtwwDt+2cgKDLn0IRaSxYu1tSUjgKarSDkUM0ZNiSRXFpjxEsvc/Zgc5kq5omJ+V0a8/kIM2WD3sMOYg==",
+      "dev": true,
+      "license": "MIT",
+      "workspaces": [
+        "addons/*"
+      ]
+    },
+    "node_modules/abbrev": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz",
+      "integrity": "sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
+      }
+    },
+    "node_modules/accepts": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-types": "~2.1.34",
+        "negotiator": "0.6.3"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/acorn": {
+      "version": "8.16.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.16.0.tgz",
+      "integrity": "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/acorn-walk": {
+      "version": "8.3.5",
+      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.5.tgz",
+      "integrity": "sha512-HEHNfbars9v4pgpW6SO1KSPkfoS0xVOM/9UzkJltjlsHZmJasxg8aXkuZa7SMf8vKGIBhpUsPluQSqhJFCqebw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "acorn": "^8.11.0"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/agent-base": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
+      "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 6.0.0"
+      }
+    },
+    "node_modules/alien-signals": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/alien-signals/-/alien-signals-3.2.1.tgz",
+      "integrity": "sha512-I8FjmltrfnDFoZedi5CG8DghVYNhzb/Ijluz7tCSJH0xpd0484Kowhbb1XDYOxfJpU1p5wnM2X54dA+IfGyD1g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/ansi-regex": {
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
+      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/anymatch": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz",
+      "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/arg": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
+      "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/argparse": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
+      "dev": true,
+      "license": "Python-2.0"
+    },
+    "node_modules/array-flatten": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/assertion-error": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-2.0.1.tgz",
+      "integrity": "sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/ast-v8-to-istanbul": {
+      "version": "0.3.12",
+      "resolved": "https://registry.npmjs.org/ast-v8-to-istanbul/-/ast-v8-to-istanbul-0.3.12.tgz",
+      "integrity": "sha512-BRRC8VRZY2R4Z4lFIL35MwNXmwVqBityvOIwETtsCSwvjl0IdgFsy9NhdaA6j74nUdtJJlIypeRhpDam19Wq3g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "^0.3.31",
+        "estree-walker": "^3.0.3",
+        "js-tokens": "^10.0.0"
+      }
+    },
+    "node_modules/ast-v8-to-istanbul/node_modules/estree-walker": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz",
+      "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "^1.0.0"
+      }
+    },
+    "node_modules/async-validator": {
+      "version": "4.2.5",
+      "resolved": "https://registry.npmjs.org/async-validator/-/async-validator-4.2.5.tgz",
+      "integrity": "sha512-7HhHjtERjqlNbZtqNqy2rckN/SpOOlmDliet+lP7k+eKZEjPk3DgyeU9lIXLdeLz0uBbbVp+9Qdow9wJWgwwfg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/atomic-sleep": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/atomic-sleep/-/atomic-sleep-1.0.0.tgz",
+      "integrity": "sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/axios": {
+      "version": "1.16.1",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.16.1.tgz",
+      "integrity": "sha512-caYkukvroVPO8KrzuJEb50Hm07KwfBZPEC3VeFHTsqWHvKTsy54hjJz9BS/cdaypROE2rH6xvm9mHX4fgWkr3A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "follow-redirects": "^1.16.0",
+        "form-data": "^4.0.5",
+        "https-proxy-agent": "^5.0.1",
+        "proxy-from-env": "^2.1.0"
+      }
+    },
+    "node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/base64-js": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
+      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/base64id": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz",
+      "integrity": "sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==",
+      "license": "MIT",
+      "engines": {
+        "node": "^4.5.0 || >= 5.9"
+      }
+    },
+    "node_modules/bidi-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz",
+      "integrity": "sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "require-from-string": "^2.0.2"
+      }
+    },
+    "node_modules/binary-extensions": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
+      "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/birpc": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/birpc/-/birpc-2.9.0.tgz",
+      "integrity": "sha512-KrayHS5pBi69Xi9JmvoqrIgYGDkD6mcSe/i6YKi3w5kekCLzrX4+nawcXqrj2tIp50Kw/mT/s3p+GVK0A0sKxw==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/body-parser": {
+      "version": "1.20.5",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz",
+      "integrity": "sha512-3grm+/2tUOvu2cjJkvsIxrv/wVpfXQW4PsQHYm7yk4vfpu7Ekl6nEsYBoJUL6qDwZUx8wUhQ8tR2qz+ad9c9OA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "content-type": "~1.0.5",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "~1.2.0",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "on-finished": "~2.4.1",
+        "qs": "~6.15.1",
+        "raw-body": "~2.5.3",
+        "type-is": "~1.6.18",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/body-parser/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/body-parser/node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/body-parser/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/brace-expansion": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.1.tgz",
+      "integrity": "sha512-WR1cURNjuvBLMZBMbqM0UoE+WAfdUcEV1ccD8PVBVOI+Z3ND4+SZbN8RsfT2bMuG1qwz5RFvPukSZm5fF2D5eA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/braces": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fill-range": "^7.1.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/buffer-from": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
+      "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/cac": {
+      "version": "6.7.14",
+      "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
+      "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/cache-content-type": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/cache-content-type/-/cache-content-type-1.0.1.tgz",
+      "integrity": "sha512-IKufZ1o4Ut42YUrZSo8+qnMTrFuKkvyoLXUywKz9GJ5BrhOFGhLdkx9sG4KAnVvbY6kEcSFjLQul+DVmBm2bgA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mime-types": "^2.1.18",
+        "ylru": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 6.0.0"
+      }
+    },
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/call-bound": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
+      "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "get-intrinsic": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/camelcase": {
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
+      "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/chai": {
+      "version": "5.3.3",
+      "resolved": "https://registry.npmjs.org/chai/-/chai-5.3.3.tgz",
+      "integrity": "sha512-4zNhdJD/iOjSH0A05ea+Ke6MU5mmpQcbQsSOkgdaUMJ9zTlDTD/GYlwohmIE2u0gaxHYiVHEn1Fw9mZ/ktJWgw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "assertion-error": "^2.0.1",
+        "check-error": "^2.1.1",
+        "deep-eql": "^5.0.1",
+        "loupe": "^3.1.0",
+        "pathval": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/chalk/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/check-error": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/check-error/-/check-error-2.1.3.tgz",
+      "integrity": "sha512-PAJdDJusoxnwm1VwW07VWwUN1sl7smmC3OKggvndJFadxxDRyFJBX/ggnu/KE4kQAB7a3Dp8f/YXC1FlUprWmA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 16"
+      }
+    },
+    "node_modules/chokidar": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
+      "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      },
+      "engines": {
+        "node": ">= 8.10.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/cliui": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
+      "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==",
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.1",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/cliui/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/cliui/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "license": "MIT"
+    },
+    "node_modules/cliui/node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/cliui/node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/cliui/node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/co": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz",
+      "integrity": "sha512-QVb0dM5HvG+uaxitm8wONl7jltx8dqhfU33DcqtOZcLSVIKSDDLDi7+0LbAKiyI8hD9u42m2YxXSkMGWThaecQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "iojs": ">= 1.0.0",
+        "node": ">= 0.12.0"
+      }
+    },
+    "node_modules/co-body": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/co-body/-/co-body-6.2.0.tgz",
+      "integrity": "sha512-Kbpv2Yd1NdL1V/V4cwLVxraHDV6K8ayohr2rmH0J87Er8+zJjcTa6dAn9QMPC9CRgU8+aNajKbSf1TzDB1yKPA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@hapi/bourne": "^3.0.0",
+        "inflation": "^2.0.0",
+        "qs": "^6.5.2",
+        "raw-body": "^2.3.3",
+        "type-is": "^1.6.16"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "license": "MIT"
+    },
+    "node_modules/colorette": {
+      "version": "2.0.20",
+      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz",
+      "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "delayed-stream": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/commander": {
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
+      "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/concurrently": {
+      "version": "9.2.1",
+      "resolved": "https://registry.npmjs.org/concurrently/-/concurrently-9.2.1.tgz",
+      "integrity": "sha512-fsfrO0MxV64Znoy8/l1vVIjjHa29SZyyqPgQBwhiDcaW8wJc2W3XWVOGx4M3oJBnv/zdUZIIp1gDeS98GzP8Ng==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chalk": "4.1.2",
+        "rxjs": "7.8.2",
+        "shell-quote": "1.8.3",
+        "supports-color": "8.1.1",
+        "tree-kill": "1.2.2",
+        "yargs": "17.7.2"
+      },
+      "bin": {
+        "conc": "dist/bin/concurrently.js",
+        "concurrently": "dist/bin/concurrently.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/open-cli-tools/concurrently?sponsor=1"
+      }
+    },
+    "node_modules/config-chain": {
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz",
+      "integrity": "sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ini": "^1.3.4",
+        "proto-list": "~1.2.1"
+      }
+    },
+    "node_modules/content-disposition": {
+      "version": "0.5.4",
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "safe-buffer": "5.2.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie": {
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/cookie-signature": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz",
+      "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/cookies": {
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/cookies/-/cookies-0.9.1.tgz",
+      "integrity": "sha512-TG2hpqe4ELx54QER/S3HQ9SRVnQnGBtKUz5bLQWtYAQ+o6GpgMs6sYUvaiJjVxb+UXwhRhAEP3m7LbsIZ77Hmw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~2.0.0",
+        "keygrip": "~1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/copy-anything": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/copy-anything/-/copy-anything-4.0.5.tgz",
+      "integrity": "sha512-7Vv6asjS4gMOuILabD3l739tsaxFQmC+a7pLZm02zyvs8p977bL3zEgq3yDk5rn9B0PbYgIv++jmHcuUab4RhA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-what": "^5.2.0"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/mesqueeb"
+      }
+    },
+    "node_modules/cors": {
+      "version": "2.8.6",
+      "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz",
+      "integrity": "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==",
+      "license": "MIT",
+      "dependencies": {
+        "object-assign": "^4",
+        "vary": "^1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/cose-base": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/cose-base/-/cose-base-1.0.3.tgz",
+      "integrity": "sha512-s9whTXInMSgAp/NVXVNuVxVKzGH2qck3aQlVHxDCdAEPgtMKwc4Wq6/QKhgdEdgbLSi9rBTAcPoRa6JpiG4ksg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "layout-base": "^1.0.0"
+      }
+    },
+    "node_modules/create-require": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz",
+      "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/cross-env": {
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/cross-env/-/cross-env-10.1.0.tgz",
+      "integrity": "sha512-GsYosgnACZTADcmEyJctkJIoqAhHjttw7RsFrVoJNXbsWWqaq6Ym+7kZjq6mS45O0jij6vtiReppKQEtqWy6Dw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@epic-web/invariant": "^1.0.0",
+        "cross-spawn": "^7.0.6"
+      },
+      "bin": {
+        "cross-env": "dist/bin/cross-env.js",
+        "cross-env-shell": "dist/bin/cross-env-shell.js"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/cross-spawn": {
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/css-render": {
+      "version": "0.15.14",
+      "resolved": "https://registry.npmjs.org/css-render/-/css-render-0.15.14.tgz",
+      "integrity": "sha512-9nF4PdUle+5ta4W5SyZdLCCmFd37uVimSjg1evcTqKJCyvCEEj12WKzOSBNak6r4im4J4iYXKH1OWpUV5LBYFg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@emotion/hash": "~0.8.0",
+        "csstype": "~3.0.5"
+      }
+    },
+    "node_modules/css-render/node_modules/csstype": {
+      "version": "3.0.11",
+      "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.0.11.tgz",
+      "integrity": "sha512-sa6P2wJ+CAbgyy4KFssIb/JNMLxFvKF1pCYCSXS8ZMuqZnMsrxqI2E5sPyoTpxoPU/gVZMzr2zjOfg8GIZOMsw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/css-tree": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-3.2.1.tgz",
+      "integrity": "sha512-X7sjQzceUhu1u7Y/ylrRZFU2FS6LRiFVp6rKLPg23y3x3c3DOKAwuXGDp+PAGjh6CSnCjYeAul8pcT8bAl+lSA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mdn-data": "2.27.1",
+        "source-map-js": "^1.2.1"
+      },
+      "engines": {
+        "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0"
+      }
+    },
+    "node_modules/cssstyle": {
+      "version": "5.3.7",
+      "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-5.3.7.tgz",
+      "integrity": "sha512-7D2EPVltRrsTkhpQmksIu+LxeWAIEk6wRDMJ1qljlv+CKHJM+cJLlfhWIzNA44eAsHXSNe3+vO6DW1yCYx8SuQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@asamuzakjp/css-color": "^4.1.1",
+        "@csstools/css-syntax-patches-for-csstree": "^1.0.21",
+        "css-tree": "^3.1.0",
+        "lru-cache": "^11.2.4"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/csstype": {
+      "version": "3.2.3",
+      "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz",
+      "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/cytoscape": {
+      "version": "3.33.4",
+      "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.33.4.tgz",
+      "integrity": "sha512-HIN5Pmd9MrX9BkV7tDwnOcEJCSFvCpc8X97h3f508J6I5FsqAY65wKOCvgH2CuP42CaahWaz4tuh32SOOIH7ww==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10"
+      }
+    },
+    "node_modules/cytoscape-cose-bilkent": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/cytoscape-cose-bilkent/-/cytoscape-cose-bilkent-4.1.0.tgz",
+      "integrity": "sha512-wgQlVIUJF13Quxiv5e1gstZ08rnZj2XaLHGoFMYXz7SkNfCDOOteKBE6SYRfA9WxxI/iBc3ajfDoc6hb/MRAHQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cose-base": "^1.0.0"
+      },
+      "peerDependencies": {
+        "cytoscape": "^3.2.0"
+      }
+    },
+    "node_modules/cytoscape-fcose": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/cytoscape-fcose/-/cytoscape-fcose-2.2.0.tgz",
+      "integrity": "sha512-ki1/VuRIHFCzxWNrsshHYPs6L7TvLu3DL+TyIGEsRcvVERmxokbf5Gdk7mFxZnTdiGtnA4cfSmjZJMviqSuZrQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cose-base": "^2.2.0"
+      },
+      "peerDependencies": {
+        "cytoscape": "^3.2.0"
+      }
+    },
+    "node_modules/cytoscape-fcose/node_modules/cose-base": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/cose-base/-/cose-base-2.2.0.tgz",
+      "integrity": "sha512-AzlgcsCbUMymkADOJtQm3wO9S3ltPfYOFD5033keQn9NJzIbtnZj+UdBJe7DYml/8TdbtHJW3j58SOnKhWY/5g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "layout-base": "^2.0.0"
+      }
+    },
+    "node_modules/cytoscape-fcose/node_modules/layout-base": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/layout-base/-/layout-base-2.0.1.tgz",
+      "integrity": "sha512-dp3s92+uNI1hWIpPGH3jK2kxE2lMjdXdr+DH8ynZHpd6PUlH6x6cbuXnoMmiNumznqaNO31xu9e79F0uuZ0JFg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/d3": {
+      "version": "7.9.0",
+      "resolved": "https://registry.npmjs.org/d3/-/d3-7.9.0.tgz",
+      "integrity": "sha512-e1U46jVP+w7Iut8Jt8ri1YsPOvFpg46k+K8TpCb0P+zjCkjkPnV7WzfDJzMHy1LnA+wj5pLT1wjO901gLXeEhA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-array": "3",
+        "d3-axis": "3",
+        "d3-brush": "3",
+        "d3-chord": "3",
+        "d3-color": "3",
+        "d3-contour": "4",
+        "d3-delaunay": "6",
+        "d3-dispatch": "3",
+        "d3-drag": "3",
+        "d3-dsv": "3",
+        "d3-ease": "3",
+        "d3-fetch": "3",
+        "d3-force": "3",
+        "d3-format": "3",
+        "d3-geo": "3",
+        "d3-hierarchy": "3",
+        "d3-interpolate": "3",
+        "d3-path": "3",
+        "d3-polygon": "3",
+        "d3-quadtree": "3",
+        "d3-random": "3",
+        "d3-scale": "4",
+        "d3-scale-chromatic": "3",
+        "d3-selection": "3",
+        "d3-shape": "3",
+        "d3-time": "3",
+        "d3-time-format": "4",
+        "d3-timer": "3",
+        "d3-transition": "3",
+        "d3-zoom": "3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-array": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz",
+      "integrity": "sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "internmap": "1 - 2"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-axis": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/d3-axis/-/d3-axis-3.0.0.tgz",
+      "integrity": "sha512-IH5tgjV4jE/GhHkRV0HiVYPDtvfjHQlQfJHs0usq7M30XcSBvOotpmH1IgkcXsO/5gEQZD43B//fc7SRT5S+xw==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-brush": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/d3-brush/-/d3-brush-3.0.0.tgz",
+      "integrity": "sha512-ALnjWlVYkXsVIGlOsuWH1+3udkYFI48Ljihfnh8FZPF2QS9o+PzGLBslO0PjzVoHLZ2KCVgAM8NVkXPJB2aNnQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-dispatch": "1 - 3",
+        "d3-drag": "2 - 3",
+        "d3-interpolate": "1 - 3",
+        "d3-selection": "3",
+        "d3-transition": "3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-chord": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-chord/-/d3-chord-3.0.1.tgz",
+      "integrity": "sha512-VE5S6TNa+j8msksl7HwjxMHDM2yNK3XCkusIlpX5kwauBfXuyLAtNg9jCp/iHH61tgI4sb6R/EIMWCqEIdjT/g==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-path": "1 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-color": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz",
+      "integrity": "sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-contour": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/d3-contour/-/d3-contour-4.0.2.tgz",
+      "integrity": "sha512-4EzFTRIikzs47RGmdxbeUvLWtGedDUNkTcmzoeyg4sP/dvCexO47AaQL7VKy/gul85TOxw+IBgA8US2xwbToNA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-array": "^3.2.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-delaunay": {
+      "version": "6.0.4",
+      "resolved": "https://registry.npmjs.org/d3-delaunay/-/d3-delaunay-6.0.4.tgz",
+      "integrity": "sha512-mdjtIZ1XLAM8bm/hx3WwjfHt6Sggek7qH043O8KEjDXN40xi3vx/6pYSVTwLjEgiXQTbvaouWKynLBiUZ6SK6A==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "delaunator": "5"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-dispatch": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-dispatch/-/d3-dispatch-3.0.1.tgz",
+      "integrity": "sha512-rzUyPU/S7rwUflMyLc1ETDeBj0NRuHKKAcvukozwhshr6g6c5d8zh4c2gQjY2bZ0dXeGLWc1PF174P2tVvKhfg==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-drag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/d3-drag/-/d3-drag-3.0.0.tgz",
+      "integrity": "sha512-pWbUJLdETVA8lQNJecMxoXfH6x+mO2UQo8rSmZ+QqxcbyA3hfeprFgIT//HW2nlHChWeIIMwS2Fq+gEARkhTkg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-dispatch": "1 - 3",
+        "d3-selection": "3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-dsv": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-dsv/-/d3-dsv-3.0.1.tgz",
+      "integrity": "sha512-UG6OvdI5afDIFP9w4G0mNq50dSOsXHJaRE8arAS5o9ApWnIElp8GZw1Dun8vP8OyHOZ/QJUKUJwxiiCCnUwm+Q==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "commander": "7",
+        "iconv-lite": "0.6",
+        "rw": "1"
+      },
+      "bin": {
+        "csv2json": "bin/dsv2json.js",
+        "csv2tsv": "bin/dsv2dsv.js",
+        "dsv2dsv": "bin/dsv2dsv.js",
+        "dsv2json": "bin/dsv2json.js",
+        "json2csv": "bin/json2dsv.js",
+        "json2dsv": "bin/json2dsv.js",
+        "json2tsv": "bin/json2dsv.js",
+        "tsv2csv": "bin/dsv2dsv.js",
+        "tsv2json": "bin/dsv2json.js"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-dsv/node_modules/commander": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz",
+      "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/d3-ease": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz",
+      "integrity": "sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-fetch": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-fetch/-/d3-fetch-3.0.1.tgz",
+      "integrity": "sha512-kpkQIM20n3oLVBKGg6oHrUchHM3xODkTzjMoj7aWQFq5QEM+R6E4WkzT5+tojDY7yjez8KgCBRoj4aEr99Fdqw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-dsv": "1 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-force": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/d3-force/-/d3-force-3.0.0.tgz",
+      "integrity": "sha512-zxV/SsA+U4yte8051P4ECydjD/S+qeYtnaIyAs9tgHCqfguma/aAQDjo85A9Z6EKhBirHRJHXIgJUlffT4wdLg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-dispatch": "1 - 3",
+        "d3-quadtree": "1 - 3",
+        "d3-timer": "1 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-format": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-3.1.2.tgz",
+      "integrity": "sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-geo": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/d3-geo/-/d3-geo-3.1.1.tgz",
+      "integrity": "sha512-637ln3gXKXOwhalDzinUgY83KzNWZRKbYubaG+fGVuc/dxO64RRljtCTnf5ecMyE1RIdtqpkVcq0IbtU2S8j2Q==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-array": "2.5.0 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-hierarchy": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/d3-hierarchy/-/d3-hierarchy-3.1.2.tgz",
+      "integrity": "sha512-FX/9frcub54beBdugHjDCdikxThEqjnR93Qt7PvQTOHxyiNCAlvMrHhclk3cD5VeAaq9fxmfRp+CnWw9rEMBuA==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-interpolate": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz",
+      "integrity": "sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-color": "1 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-path": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz",
+      "integrity": "sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-polygon": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-polygon/-/d3-polygon-3.0.1.tgz",
+      "integrity": "sha512-3vbA7vXYwfe1SYhED++fPUQlWSYTTGmFmQiany/gdbiWgU/iEyQzyymwL9SkJjFFuCS4902BSzewVGsHHmHtXg==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-quadtree": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-quadtree/-/d3-quadtree-3.0.1.tgz",
+      "integrity": "sha512-04xDrxQTDTCFwP5H6hRhsRcb9xxv2RzkcsygFzmkSIOJy3PeRJP7sNk3VRIbKXcog561P9oU0/rVH6vDROAgUw==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-random": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-random/-/d3-random-3.0.1.tgz",
+      "integrity": "sha512-FXMe9GfxTxqd5D6jFsQ+DJ8BJS4E/fT5mqqdjovykEB2oFbTMDVdg1MGFxfQW+FBOGoB++k8swBrgwSHT1cUXQ==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-sankey": {
+      "version": "0.12.3",
+      "resolved": "https://registry.npmjs.org/d3-sankey/-/d3-sankey-0.12.3.tgz",
+      "integrity": "sha512-nQhsBRmM19Ax5xEIPLMY9ZmJ/cDvd1BG3UVvt5h3WRxKg5zGRbvnteTyWAbzeSvlh3tW7ZEmq4VwR5mB3tutmQ==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "d3-array": "1 - 2",
+        "d3-shape": "^1.2.0"
+      }
+    },
+    "node_modules/d3-sankey/node_modules/d3-array": {
+      "version": "2.12.1",
+      "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-2.12.1.tgz",
+      "integrity": "sha512-B0ErZK/66mHtEsR1TkPEEkwdy+WDesimkM5gpZr5Dsg54BiTA5RXtYW5qTLIAcekaS9xfZrzBLF/OAkB3Qn1YQ==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "internmap": "^1.0.0"
+      }
+    },
+    "node_modules/d3-sankey/node_modules/d3-path": {
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/d3-path/-/d3-path-1.0.9.tgz",
+      "integrity": "sha512-VLaYcn81dtHVTjEHd8B+pbe9yHWpXKZUC87PzoFmsFrJqgFwDe/qxfp5MlfsfM1V5E/iVt0MmEbWQ7FVIXh/bg==",
+      "dev": true,
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/d3-sankey/node_modules/d3-shape": {
+      "version": "1.3.7",
+      "resolved": "https://registry.npmjs.org/d3-shape/-/d3-shape-1.3.7.tgz",
+      "integrity": "sha512-EUkvKjqPFUAZyOlhY5gzCxCeI0Aep04LwIRpsZ/mLFelJiUfnK56jo5JMDSE7yyP2kLSb6LtF+S5chMk7uqPqw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "d3-path": "1"
+      }
+    },
+    "node_modules/d3-sankey/node_modules/internmap": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/internmap/-/internmap-1.0.1.tgz",
+      "integrity": "sha512-lDB5YccMydFBtasVtxnZ3MRBHuaoE8GKsppq+EchKL2U4nK/DmEpPHNH8MZe5HkMtpSiTSOZwfN0tzYjO/lJEw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/d3-scale": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz",
+      "integrity": "sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-array": "2.10.0 - 3",
+        "d3-format": "1 - 3",
+        "d3-interpolate": "1.2.0 - 3",
+        "d3-time": "2.1.1 - 3",
+        "d3-time-format": "2 - 4"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-scale-chromatic": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/d3-scale-chromatic/-/d3-scale-chromatic-3.1.0.tgz",
+      "integrity": "sha512-A3s5PWiZ9YCXFye1o246KoscMWqf8BsD9eRiJ3He7C9OBaxKhAd5TFCdEx/7VbKtxxTsu//1mMJFrEt572cEyQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-color": "1 - 3",
+        "d3-interpolate": "1 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-selection": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz",
+      "integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-shape": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz",
+      "integrity": "sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-path": "^3.1.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-time": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz",
+      "integrity": "sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-array": "2 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-time-format": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz",
+      "integrity": "sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-time": "1 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-timer": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz",
+      "integrity": "sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/d3-transition": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/d3-transition/-/d3-transition-3.0.1.tgz",
+      "integrity": "sha512-ApKvfjsSR6tg06xrL434C0WydLr7JewBB3V+/39RMHsaXTOG0zmt/OAXeng5M5LBm0ojmxJrpomQVZ1aPvBL4w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-color": "1 - 3",
+        "d3-dispatch": "1 - 3",
+        "d3-ease": "1 - 3",
+        "d3-interpolate": "1 - 3",
+        "d3-timer": "1 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "peerDependencies": {
+        "d3-selection": "2 - 3"
+      }
+    },
+    "node_modules/d3-zoom": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/d3-zoom/-/d3-zoom-3.0.0.tgz",
+      "integrity": "sha512-b8AmV3kfQaqWAuacbPuNbL6vahnOJflOhexLzMMNLga62+/nh0JzvJ0aO/5a5MVgUFGS7Hu1P9P03o3fJkDCyw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "d3-dispatch": "1 - 3",
+        "d3-drag": "2 - 3",
+        "d3-interpolate": "1 - 3",
+        "d3-selection": "2 - 3",
+        "d3-transition": "2 - 3"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/dagre-d3-es": {
+      "version": "7.0.14",
+      "resolved": "https://registry.npmjs.org/dagre-d3-es/-/dagre-d3-es-7.0.14.tgz",
+      "integrity": "sha512-P4rFMVq9ESWqmOgK+dlXvOtLwYg0i7u0HBGJER0LZDJT2VHIPAMZ/riPxqJceWMStH5+E61QxFra9kIS3AqdMg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "d3": "^7.9.0",
+        "lodash-es": "^4.17.21"
+      }
+    },
+    "node_modules/data-urls": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-6.0.1.tgz",
+      "integrity": "sha512-euIQENZg6x8mj3fO6o9+fOW8MimUI4PpD/fZBhJfeioZVy9TUpM4UY7KjQNVZFlqwJ0UdzRDzkycB997HEq1BQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "whatwg-mimetype": "^5.0.0",
+        "whatwg-url": "^15.1.0"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/data-urls/node_modules/whatwg-mimetype": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-5.0.0.tgz",
+      "integrity": "sha512-sXcNcHOC51uPGF0P/D4NVtrkjSU2fNsm9iog4ZvZJsL3rjoDAzXZhkm2MWt1y+PUdggKAYVoMAIYcs78wJ51Cw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/date-fns": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-4.3.0.tgz",
+      "integrity": "sha512-OYcL+3N/jyWbYdFGqoMAhytDgxP9pbYPUUiRCOgn4Fewaadk9l/Wam4Avciiyp2BgkpfQyBV9B+ehnVJych+eQ==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/kossnocorp"
+      }
+    },
+    "node_modules/date-fns-tz": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/date-fns-tz/-/date-fns-tz-3.2.0.tgz",
+      "integrity": "sha512-sg8HqoTEulcbbbVXeg84u5UnlsQa8GS5QXMqjjYIhS4abEVVKIUwe0/l/UhrZdKaL/W5eWZNlbTeEIiOXTcsBQ==",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "date-fns": "^3.0.0 || ^4.0.0"
+      }
+    },
+    "node_modules/dateformat": {
+      "version": "4.6.3",
+      "resolved": "https://registry.npmjs.org/dateformat/-/dateformat-4.6.3.tgz",
+      "integrity": "sha512-2P0p0pFGzHS5EMnhdxQi7aJN+iMheud0UhG4dlE1DLAlvL8JHjJJTX/CSm4JXwV0Ka5nGk3zC5mcb5bUQUxxMA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/dayjs": {
+      "version": "1.11.21",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.21.tgz",
+      "integrity": "sha512-98IT+HOahAisibz/yjKbzuOBwYcjJ7BCLPzARyHiyEBmRz4fatF+KPJszEHXsGYjUG234aH/cOjW1wwTbKUZlA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/debug": {
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/decamelize": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz",
+      "integrity": "sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/decimal.js": {
+      "version": "10.6.0",
+      "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.6.0.tgz",
+      "integrity": "sha512-YpgQiITW3JXGntzdUmyUR1V812Hn8T1YVXhCu+wO3OpS4eU9l4YdD3qjyiKdV6mvV29zapkMeD390UVEf2lkUg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/deep-eql": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-5.0.2.tgz",
+      "integrity": "sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/deep-equal": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/deep-equal/-/deep-equal-1.0.1.tgz",
+      "integrity": "sha512-bHtC0iYvWhyaTzvV3CZgPeZQqCOBGyGsVV7v4eevpdkLHfiSrXUdBG+qAuSz4RI70sszvjQ1QSZ98An1yNwpSw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/delaunator": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/delaunator/-/delaunator-5.1.0.tgz",
+      "integrity": "sha512-AGrQ4QSgssa1NGmWmLPqN5NY2KajF5MqxetNEO+o0n3ZwZZeTmt7bBnvzHWrmkZFxGgr4HdyFgelzgi06otLuQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "robust-predicates": "^3.0.2"
+      }
+    },
+    "node_modules/delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/delegates": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz",
+      "integrity": "sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/destroy": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz",
+      "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8",
+        "npm": "1.2.8000 || >= 1.4.16"
+      }
+    },
+    "node_modules/detect-libc": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
+      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/diff": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.4.tgz",
+      "integrity": "sha512-X07nttJQkwkfKfvTPG/KSnE2OMdcUCao6+eXF3wmnIQRn2aPAHH3VxDbDOdegkd6JbPsXqShpvEOHfAT+nCNwQ==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.3.1"
+      }
+    },
+    "node_modules/dijkstrajs": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz",
+      "integrity": "sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/dompurify": {
+      "version": "3.4.7",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.7.tgz",
+      "integrity": "sha512-2jBxDJY4RR06tQNy4w5FlFH7kfxsQZlufd0sbv+chfHCxeJwrFw2baUDsSwvBISD4K4RDbd0PTfy3uNXsR6siA==",
+      "dev": true,
+      "license": "(MPL-2.0 OR Apache-2.0)",
+      "optionalDependencies": {
+        "@types/trusted-types": "^2.0.7"
+      }
+    },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/dynamic-dedupe": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/dynamic-dedupe/-/dynamic-dedupe-0.3.0.tgz",
+      "integrity": "sha512-ssuANeD+z97meYOqd50e04Ze5qp4bPqo8cCkI4TRjZkzAUgIDTrXV1R8QCdINpiI+hw14+rYazvTRdQrz0/rFQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "xtend": "^4.0.0"
+      }
+    },
+    "node_modules/eastasianwidth": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
+      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/editorconfig": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz",
+      "integrity": "sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@one-ini/wasm": "0.1.1",
+        "commander": "^10.0.0",
+        "minimatch": "^9.0.1",
+        "semver": "^7.5.3"
+      },
+      "bin": {
+        "editorconfig": "bin/editorconfig"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/ee-first": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/emoji-regex": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
+      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/encodeurl": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+      "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/end-of-stream": {
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz",
+      "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "once": "^1.4.0"
+      }
+    },
+    "node_modules/engine.io": {
+      "version": "6.6.8",
+      "resolved": "https://registry.npmjs.org/engine.io/-/engine.io-6.6.8.tgz",
+      "integrity": "sha512-2agL3ueZhqxoVrfmntO8yuVj+uNSlIOnhykYHk3Cq0ShYPdUjjUiSJrQvXjq01I9jAuI0Zl2YO8Evv5Mqytm5g==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/cors": "^2.8.12",
+        "@types/node": ">=10.0.0",
+        "@types/ws": "^8.5.12",
+        "accepts": "~1.3.4",
+        "base64id": "2.0.0",
+        "cookie": "~0.7.2",
+        "cors": "~2.8.5",
+        "debug": "~4.4.1",
+        "engine.io-parser": "~5.2.1",
+        "ws": "~8.20.1"
+      },
+      "engines": {
+        "node": ">=10.2.0"
+      }
+    },
+    "node_modules/engine.io-client": {
+      "version": "6.6.5",
+      "resolved": "https://registry.npmjs.org/engine.io-client/-/engine.io-client-6.6.5.tgz",
+      "integrity": "sha512-QCwxUDULPlXv8F6tqMMKx5dNkTe6OaBYRMPYeXKBlyOoKvAmE0ac6pW7fFhSscJ/5SI7666/U/B+MElbsrJlIg==",
+      "license": "MIT",
+      "dependencies": {
+        "@socket.io/component-emitter": "~3.1.0",
+        "debug": "~4.4.1",
+        "engine.io-parser": "~5.2.1",
+        "ws": "~8.20.1",
+        "xmlhttprequest-ssl": "~2.1.1"
+      }
+    },
+    "node_modules/engine.io-client/node_modules/ws": {
+      "version": "8.20.1",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+      "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/engine.io-parser": {
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz",
+      "integrity": "sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/engine.io/node_modules/ws": {
+      "version": "8.20.1",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+      "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/entities": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
+      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-module-lexer": {
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz",
+      "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.2.tgz",
+      "integrity": "sha512-HWcBoN6NileqtSydK2FqHbS/LoDd2pqrnQHLyJzBj4kOp/ky2MWMN694xOfkK8/SnUsW2DH7EfyVlydKCsm1Zw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-set-tostringtag": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
+      "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.6",
+        "has-tostringtag": "^1.0.2",
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-toolkit": {
+      "version": "1.47.0",
+      "resolved": "https://registry.npmjs.org/es-toolkit/-/es-toolkit-1.47.0.tgz",
+      "integrity": "sha512-n1GuoD0WEQZMBk5tttoZSqwgyLx01oqa5XsBmCHwPyNe1S9jPBEmtR2pSgp2kJuWE3ciFZ6yRHmY4pM4C3OOkw==",
+      "dev": true,
+      "license": "MIT",
+      "workspaces": [
+        "docs",
+        "benchmarks"
+      ]
+    },
+    "node_modules/esbuild": {
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.7.tgz",
+      "integrity": "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.27.7",
+        "@esbuild/android-arm": "0.27.7",
+        "@esbuild/android-arm64": "0.27.7",
+        "@esbuild/android-x64": "0.27.7",
+        "@esbuild/darwin-arm64": "0.27.7",
+        "@esbuild/darwin-x64": "0.27.7",
+        "@esbuild/freebsd-arm64": "0.27.7",
+        "@esbuild/freebsd-x64": "0.27.7",
+        "@esbuild/linux-arm": "0.27.7",
+        "@esbuild/linux-arm64": "0.27.7",
+        "@esbuild/linux-ia32": "0.27.7",
+        "@esbuild/linux-loong64": "0.27.7",
+        "@esbuild/linux-mips64el": "0.27.7",
+        "@esbuild/linux-ppc64": "0.27.7",
+        "@esbuild/linux-riscv64": "0.27.7",
+        "@esbuild/linux-s390x": "0.27.7",
+        "@esbuild/linux-x64": "0.27.7",
+        "@esbuild/netbsd-arm64": "0.27.7",
+        "@esbuild/netbsd-x64": "0.27.7",
+        "@esbuild/openbsd-arm64": "0.27.7",
+        "@esbuild/openbsd-x64": "0.27.7",
+        "@esbuild/openharmony-arm64": "0.27.7",
+        "@esbuild/sunos-x64": "0.27.7",
+        "@esbuild/win32-arm64": "0.27.7",
+        "@esbuild/win32-ia32": "0.27.7",
+        "@esbuild/win32-x64": "0.27.7"
+      }
+    },
+    "node_modules/escalade": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
+      "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/escape-html": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/estree-walker": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.2.tgz",
+      "integrity": "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/etag": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/eventsource": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-4.1.0.tgz",
+      "integrity": "sha512-2GuF51iuHX6A9xdTccMTsNb7VO0lHZihApxhvQzJB5A03DvHDd2FQepodbMaztPBmBcE/ox7o2gqaxGhYB9LhQ==",
+      "license": "MIT",
+      "dependencies": {
+        "eventsource-parser": "^3.0.1"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/eventsource-parser": {
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/eventsource-parser/-/eventsource-parser-3.0.8.tgz",
+      "integrity": "sha512-70QWGkr4snxr0OXLRWsFLeRBIRPuQOvt4s8QYjmUlmlkyTZkRqS7EDVRZtzU3TiyDbXSzaOeF0XUKy8PchzukQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/evtd": {
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/evtd/-/evtd-0.2.4.tgz",
+      "integrity": "sha512-qaeGN5bx63s/AXgQo8gj6fBkxge+OoLddLniox5qtLAEY5HSnuSlISXVPxnSae1dWblvTh4/HoMIB+mbMsvZzw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/expect-type": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
+      "integrity": "sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/express": {
+      "version": "4.22.2",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.2.tgz",
+      "integrity": "sha512-IuL+Elrou2ZvCFHs18/CIzy2Nzvo25nZ1/D2eIZlz7c+QUayAcYoiM2BthCjs+EBHVpjYjcuLDAiCWgeIX3X1Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "accepts": "~1.3.8",
+        "array-flatten": "1.1.1",
+        "body-parser": "~1.20.5",
+        "content-disposition": "~0.5.4",
+        "content-type": "~1.0.4",
+        "cookie": "~0.7.1",
+        "cookie-signature": "~1.0.6",
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "finalhandler": "~1.3.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.0",
+        "merge-descriptors": "1.0.3",
+        "methods": "~1.1.2",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "path-to-regexp": "~0.1.12",
+        "proxy-addr": "~2.0.7",
+        "qs": "~6.15.1",
+        "range-parser": "~1.2.1",
+        "safe-buffer": "5.2.1",
+        "send": "~0.19.0",
+        "serve-static": "~1.16.2",
+        "setprototypeof": "1.2.0",
+        "statuses": "~2.0.1",
+        "type-is": "~1.6.18",
+        "utils-merge": "1.0.1",
+        "vary": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/express/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/express/node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/express/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/express/node_modules/path-to-regexp": {
+      "version": "0.1.13",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz",
+      "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/fast-copy": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/fast-copy/-/fast-copy-4.0.3.tgz",
+      "integrity": "sha512-58apWr0GUiDFM8+3afrO6eYwJBn9ZAhDOzG3L+/9llab/haCARS2UIfffmOurYLwbgDRs8n0rfr6qAAPEAuAQw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/fast-safe-stringify": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
+      "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/fill-range": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/finalhandler": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz",
+      "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "2.6.9",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "on-finished": "~2.4.1",
+        "parseurl": "~1.3.3",
+        "statuses": "~2.0.2",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/finalhandler/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/finalhandler/node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/finalhandler/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/find-up": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+      "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "locate-path": "^5.0.0",
+        "path-exists": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/follow-redirects": {
+      "version": "1.16.0",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz",
+      "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/RubenVerborgh"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=4.0"
+      },
+      "peerDependenciesMeta": {
+        "debug": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/foreground-child": {
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz",
+      "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "cross-spawn": "^7.0.6",
+        "signal-exit": "^4.0.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/form-data": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
+      "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.8",
+        "es-set-tostringtag": "^2.1.0",
+        "hasown": "^2.0.2",
+        "mime-types": "^2.1.12"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/forwarded": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fresh": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/fs-extra": {
+      "version": "11.3.5",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.5.tgz",
+      "integrity": "sha512-eKpRKAovdpZtR1WopLHxlBWvAgPny3c4gX1G5Jhwmmw4XJj0ifSD5qB5TOo8hmA0wlRKDAOAhEE1yVPgs6Fgcg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=14.14"
+      }
+    },
+    "node_modules/fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/generator-function": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/generator-function/-/generator-function-2.0.1.tgz",
+      "integrity": "sha512-SFdFmIJi+ybC0vjlHN0ZGVGHc3lgE0DxPAT0djjVg+kjOnSqclqmj0KQ7ykTOLP6YxoqOvuAODGdcHJn+43q3g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "license": "ISC",
+      "engines": {
+        "node": "6.* || 8.* || >= 10.*"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/glob": {
+      "version": "10.5.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
+      "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "foreground-child": "^3.1.0",
+        "jackspeak": "^3.1.2",
+        "minimatch": "^9.0.4",
+        "minipass": "^7.1.2",
+        "package-json-from-dist": "^1.0.0",
+        "path-scurry": "^1.11.1"
+      },
+      "bin": {
+        "glob": "dist/esm/bin.mjs"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/graceful-fs": {
+      "version": "4.2.11",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
+      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/hachure-fill": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/hachure-fill/-/hachure-fill-0.5.2.tgz",
+      "integrity": "sha512-3GKBOn+m2LX9iq+JC1064cSFprJY4jL1jCXTcpnfER5HYE2l/4EfWSGzkPa/ZDBmYI0ZOEj5VHV/eKnPGkHuOg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/handlebars": {
+      "version": "4.7.9",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.9.tgz",
+      "integrity": "sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "minimist": "^1.2.5",
+        "neo-async": "^2.6.2",
+        "source-map": "^0.6.1",
+        "wordwrap": "^1.0.0"
+      },
+      "bin": {
+        "handlebars": "bin/handlebars"
+      },
+      "engines": {
+        "node": ">=0.4.7"
+      },
+      "optionalDependencies": {
+        "uglify-js": "^3.1.4"
+      }
+    },
+    "node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-tostringtag": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-symbols": "^1.0.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hasown": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz",
+      "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/help-me": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/help-me/-/help-me-5.0.0.tgz",
+      "integrity": "sha512-7xgomUX6ADmcYzFik0HzAxh/73YlKR9bmFzf51CZwR+b6YtzU2m0u49hQCqV6SvlqIqsaxovfwdvbnsw3b/zpg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/highlight.js": {
+      "version": "11.11.1",
+      "resolved": "https://registry.npmjs.org/highlight.js/-/highlight.js-11.11.1.tgz",
+      "integrity": "sha512-Xwwo44whKBVCYoliBQwaPvtd/2tYFkRQtXDWj1nackaV2JPXx3L0+Jvd8/qCJ2p+ML0/XVkJ2q+Mr+UVdpJK5w==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/hookable": {
+      "version": "5.5.3",
+      "resolved": "https://registry.npmjs.org/hookable/-/hookable-5.5.3.tgz",
+      "integrity": "sha512-Yc+BQe8SvoXH1643Qez1zqLRmbA5rCL+sSmk6TVos0LWVfNIB7PGncdlId77WzLGSIB5KaWgTaNTs2lNVEI6VQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/html-encoding-sniffer": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-6.0.0.tgz",
+      "integrity": "sha512-CV9TW3Y3f8/wT0BRFc1/KAVQ3TUHiXmaAb6VW9vtiMFf7SLoMd1PdAc4W3KFOFETBJUb90KatHqlsZMWV+R9Gg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@exodus/bytes": "^1.6.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
+    "node_modules/html-escaper": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",
+      "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/http-assert": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/http-assert/-/http-assert-1.5.0.tgz",
+      "integrity": "sha512-uPpH7OKX4H25hBmU6G1jWNaqJGpTXxey+YOUizJUAgu0AjLUeC8D73hTrhvDS5D+GJN1DN1+hhc/eF/wpxtp0w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "deep-equal": "~1.0.1",
+        "http-errors": "~1.8.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/http-assert/node_modules/depd": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
+      "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/http-assert/node_modules/http-errors": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.1.tgz",
+      "integrity": "sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~1.1.2",
+        "inherits": "2.0.4",
+        "setprototypeof": "1.2.0",
+        "statuses": ">= 1.5.0 < 2",
+        "toidentifier": "1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/http-assert/node_modules/statuses": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
+      "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/http-errors": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~2.0.0",
+        "inherits": "~2.0.4",
+        "setprototypeof": "~1.2.0",
+        "statuses": "~2.0.2",
+        "toidentifier": "~1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/http-proxy-agent": {
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz",
+      "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "^7.1.0",
+        "debug": "^4.3.4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/http-proxy-agent/node_modules/agent-base": {
+      "version": "7.1.4",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz",
+      "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/https-proxy-agent": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
+      "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "6",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
+      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ignore-by-default": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/ignore-by-default/-/ignore-by-default-1.0.1.tgz",
+      "integrity": "sha512-Ius2VYcGNk7T90CppJqcIkS5ooHUZyIQK+ClZfMfMNFEF9VSE73Fq+906u/CWu92x4gzZMWOwfFYckPObzdEbA==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/immutable": {
+      "version": "5.1.5",
+      "resolved": "https://registry.npmjs.org/immutable/-/immutable-5.1.5.tgz",
+      "integrity": "sha512-t7xcm2siw+hlUM68I+UEOK+z84RzmN59as9DZ7P1l0994DKUWV7UXBMQZVxaoMSRQ+PBZbHCOoBt7a2wxOMt+A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/import-meta-resolve": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/import-meta-resolve/-/import-meta-resolve-4.2.0.tgz",
+      "integrity": "sha512-Iqv2fzaTQN28s/FwZAoFq0ZSs/7hMAHJVX+w8PZl3cY19Pxk6jFFalxQoIfW2826i/fDLXv8IiEZRIT0lDuWcg==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/inflation": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/inflation/-/inflation-2.1.0.tgz",
+      "integrity": "sha512-t54PPJHG1Pp7VQvxyVCJ9mBbjG3Hqryges9bXoOO6GExCPa+//i/d5GSuFtpx3ALLd7lgIAur6zrIlBQyJuMlQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
+      "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/ini": {
+      "version": "1.3.8",
+      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz",
+      "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/internmap": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz",
+      "integrity": "sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/ipaddr.js": {
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "binary-extensions": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-core-module": {
+      "version": "2.16.2",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.2.tgz",
+      "integrity": "sha512-evOr8xfXKxE6qSR0hSXL2r3sd7ALj8+7jQEUvPYcm5sgZFdJ+AYzT6yNmJenvIYQBgIGwfwz08sL8zoL7yq2BA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "hasown": "^2.0.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-generator-function": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.1.2.tgz",
+      "integrity": "sha512-upqt1SkGkODW9tsGNG5mtXTXtECizwtS2kA161M+gJPc1xdb/Ax629af6YrTwcOeQHbewrPNlE5Dx7kzvXTizA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.4",
+        "generator-function": "^2.0.0",
+        "get-proto": "^1.0.1",
+        "has-tostringtag": "^1.0.2",
+        "safe-regex-test": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-extglob": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "node_modules/is-potential-custom-element-name": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz",
+      "integrity": "sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/is-regex": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.2.1.tgz",
+      "integrity": "sha512-MjYsKHO5O7mCsmRGxWcLWheFqN9DJ/2TmngvjKXihe6efViPqc274+Fx/4fYj/r03+ESvBdTXK0V6tA3rgez1g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "gopd": "^1.2.0",
+        "has-tostringtag": "^1.0.2",
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-what": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/is-what/-/is-what-5.5.0.tgz",
+      "integrity": "sha512-oG7cgbmg5kLYae2N5IVd3jm2s+vldjxJzK1pcu9LfpGuQ93MQSzo0okvRna+7y5ifrD+20FE8FvjusyGaz14fw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/mesqueeb"
+      }
+    },
+    "node_modules/isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/istanbul-lib-coverage": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz",
+      "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-report": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz",
+      "integrity": "sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "istanbul-lib-coverage": "^3.0.0",
+        "make-dir": "^4.0.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/istanbul-lib-report/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-source-maps": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-5.0.6.tgz",
+      "integrity": "sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "^0.3.23",
+        "debug": "^4.1.1",
+        "istanbul-lib-coverage": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/istanbul-reports": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.2.0.tgz",
+      "integrity": "sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "html-escaper": "^2.0.0",
+        "istanbul-lib-report": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jackspeak": {
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz",
+      "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "@isaacs/cliui": "^8.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      },
+      "optionalDependencies": {
+        "@pkgjs/parseargs": "^0.11.0"
+      }
+    },
+    "node_modules/joycon": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/joycon/-/joycon-3.1.1.tgz",
+      "integrity": "sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/js-beautify": {
+      "version": "1.15.4",
+      "resolved": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.4.tgz",
+      "integrity": "sha512-9/KXeZUKKJwqCXUdBxFJ3vPh467OCckSBmYDwSK/EtV090K+iMJ7zx2S3HLVDIWFQdqMIsZWbnaGiba18aWhaA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "config-chain": "^1.1.13",
+        "editorconfig": "^1.0.4",
+        "glob": "^10.4.2",
+        "js-cookie": "^3.0.5",
+        "nopt": "^7.2.1"
+      },
+      "bin": {
+        "css-beautify": "js/bin/css-beautify.js",
+        "html-beautify": "js/bin/html-beautify.js",
+        "js-beautify": "js/bin/js-beautify.js"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/js-cookie": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.7.tgz",
+      "integrity": "sha512-z/wZZgDrkNV1eA0ULjM/F9/50Ya8fbzgKneSpoPsXSGd0KnpdtHfOZWK+GcwLk+EZbS4F9RBhU+K2RgzuDaItw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/js-tiktoken": {
+      "version": "1.0.21",
+      "resolved": "https://registry.npmjs.org/js-tiktoken/-/js-tiktoken-1.0.21.tgz",
+      "integrity": "sha512-biOj/6M5qdgx5TKjDnFT1ymSpM5tbd3ylwDtrQvFQSu0Z7bBYko2dF+W/aUkXUPuk6IVpRxk/3Q2sHOzGlS36g==",
+      "license": "MIT",
+      "dependencies": {
+        "base64-js": "^1.5.1"
+      }
+    },
+    "node_modules/js-tokens": {
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-10.0.0.tgz",
+      "integrity": "sha512-lM/UBzQmfJRo9ABXbPWemivdCW8V2G8FHaHdypQaIy523snUjog0W71ayWXTjiR+ixeMyVHN2XcpnTd/liPg/Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/js-yaml": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "argparse": "^2.0.1"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/jsdom": {
+      "version": "27.4.0",
+      "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-27.4.0.tgz",
+      "integrity": "sha512-mjzqwWRD9Y1J1KUi7W97Gja1bwOOM5Ug0EZ6UDK3xS7j7mndrkwozHtSblfomlzyB4NepioNt+B2sOSzczVgtQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@acemir/cssom": "^0.9.28",
+        "@asamuzakjp/dom-selector": "^6.7.6",
+        "@exodus/bytes": "^1.6.0",
+        "cssstyle": "^5.3.4",
+        "data-urls": "^6.0.0",
+        "decimal.js": "^10.6.0",
+        "html-encoding-sniffer": "^6.0.0",
+        "http-proxy-agent": "^7.0.2",
+        "https-proxy-agent": "^7.0.6",
+        "is-potential-custom-element-name": "^1.0.1",
+        "parse5": "^8.0.0",
+        "saxes": "^6.0.0",
+        "symbol-tree": "^3.2.4",
+        "tough-cookie": "^6.0.0",
+        "w3c-xmlserializer": "^5.0.0",
+        "webidl-conversions": "^8.0.0",
+        "whatwg-mimetype": "^4.0.0",
+        "whatwg-url": "^15.1.0",
+        "ws": "^8.18.3",
+        "xml-name-validator": "^5.0.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      },
+      "peerDependencies": {
+        "canvas": "^3.0.0"
+      },
+      "peerDependenciesMeta": {
+        "canvas": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/jsdom/node_modules/agent-base": {
+      "version": "7.1.4",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz",
+      "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/jsdom/node_modules/https-proxy-agent": {
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz",
+      "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "^7.1.2",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/jsonfile": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.1.tgz",
+      "integrity": "sha512-zwOTdL3rFQ/lRdBnntKVOX6k5cKJwEc1HdilT71BWEu7J41gXIB2MRp+vxduPSwZJPWBxEzv4yH1wYLJGUHX4Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "universalify": "^2.0.0"
+      },
+      "optionalDependencies": {
+        "graceful-fs": "^4.1.6"
+      }
+    },
+    "node_modules/katex": {
+      "version": "0.17.0",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.17.0.tgz",
+      "integrity": "sha512-Vdw0ATsQ9V+LuegM/BTwQqV/6cTl5lbGcIrU+BCgLxyf6bo38ybOr372tuSIxir3CN720flu1meYR6XzNMwQnw==",
+      "funding": [
+        "https://opencollective.com/katex",
+        "https://github.com/sponsors/katex"
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "commander": "^8.3.0"
+      },
+      "bin": {
+        "katex": "cli.js"
+      }
+    },
+    "node_modules/katex/node_modules/commander": {
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
+      "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/keygrip": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/keygrip/-/keygrip-1.1.0.tgz",
+      "integrity": "sha512-iYSchDJ+liQ8iwbSI2QqsQOvqv58eJCEanyJPJi+Khyu8smkcKSFUCbPwzFcL7YVtZ6eONjqRX/38caJ7QjRAQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tsscmp": "1.0.6"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/khroma": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/khroma/-/khroma-2.1.0.tgz",
+      "integrity": "sha512-Ls993zuzfayK269Svk9hzpeGUKob/sIgZzyHYdjQoAdQetRKpOLj+k/QQQ/6Qi0Yz65mlROrfd+Ev+1+7dz9Kw==",
+      "dev": true
+    },
+    "node_modules/koa": {
+      "version": "2.16.4",
+      "resolved": "https://registry.npmjs.org/koa/-/koa-2.16.4.tgz",
+      "integrity": "sha512-3An0GCLDSR34tsCO4H8Tef8Pp2ngtaZDAZnsWJYelqXUK5wyiHvGItgK/xcSkmHLSTn1Jcho1mRQs2ehRzvKKw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "accepts": "^1.3.5",
+        "cache-content-type": "^1.0.0",
+        "content-disposition": "~0.5.2",
+        "content-type": "^1.0.4",
+        "cookies": "~0.9.0",
+        "debug": "^4.3.2",
+        "delegates": "^1.0.0",
+        "depd": "^2.0.0",
+        "destroy": "^1.0.4",
+        "encodeurl": "^1.0.2",
+        "escape-html": "^1.0.3",
+        "fresh": "~0.5.2",
+        "http-assert": "^1.3.0",
+        "http-errors": "^1.6.3",
+        "is-generator-function": "^1.0.7",
+        "koa-compose": "^4.1.0",
+        "koa-convert": "^2.0.0",
+        "on-finished": "^2.3.0",
+        "only": "~0.0.2",
+        "parseurl": "^1.3.2",
+        "statuses": "^1.5.0",
+        "type-is": "^1.6.16",
+        "vary": "^1.1.2"
+      },
+      "engines": {
+        "node": "^4.8.4 || ^6.10.1 || ^7.10.1 || >= 8.1.4"
+      }
+    },
+    "node_modules/koa-compose": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/koa-compose/-/koa-compose-4.1.0.tgz",
+      "integrity": "sha512-8ODW8TrDuMYvXRwra/Kh7/rJo9BtOfPc6qO8eAfC80CnCvSjSl0bkRM24X6/XBBEyj0v1nRUQ1LyOy3dbqOWXw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/koa-convert": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/koa-convert/-/koa-convert-2.0.0.tgz",
+      "integrity": "sha512-asOvN6bFlSnxewce2e/DK3p4tltyfC4VM7ZwuTuepI7dEQVcvpyFuBcEARu1+Hxg8DIwytce2n7jrZtRlPrARA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "co": "^4.6.0",
+        "koa-compose": "^4.1.0"
+      },
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/koa-send": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/koa-send/-/koa-send-5.0.1.tgz",
+      "integrity": "sha512-tmcyQ/wXXuxpDxyNXv5yNNkdAMdFRqwtegBXUaowiQzUKqJehttS0x2j0eOZDQAyloAth5w6wwBImnFzkUz3pQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.1.1",
+        "http-errors": "^1.7.3",
+        "resolve-path": "^1.4.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/koa-send/node_modules/depd": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
+      "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/koa-send/node_modules/http-errors": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.1.tgz",
+      "integrity": "sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~1.1.2",
+        "inherits": "2.0.4",
+        "setprototypeof": "1.2.0",
+        "statuses": ">= 1.5.0 < 2",
+        "toidentifier": "1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/koa-send/node_modules/statuses": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
+      "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/koa-static": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/koa-static/-/koa-static-5.0.0.tgz",
+      "integrity": "sha512-UqyYyH5YEXaJrf9S8E23GoJFQZXkBVJ9zYYMPGz919MSX1KuvAcycIuS0ci150HCoPf4XQVhQ84Qf8xRPWxFaQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^3.1.0",
+        "koa-send": "^5.0.0"
+      },
+      "engines": {
+        "node": ">= 7.6.0"
+      }
+    },
+    "node_modules/koa-static/node_modules/debug": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+      "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.1"
+      }
+    },
+    "node_modules/koa/node_modules/http-errors": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.1.tgz",
+      "integrity": "sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~1.1.2",
+        "inherits": "2.0.4",
+        "setprototypeof": "1.2.0",
+        "statuses": ">= 1.5.0 < 2",
+        "toidentifier": "1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/koa/node_modules/http-errors/node_modules/depd": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
+      "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/koa/node_modules/statuses": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
+      "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/layout-base": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/layout-base/-/layout-base-1.0.2.tgz",
+      "integrity": "sha512-8h2oVEZNktL4BH2JCOI90iD1yXwL6iNW7KcCKT2QZgQJR2vbqDsldCTPRU9NifTCqHZci57XvQQ15YTu+sTYPg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/lightningcss": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.32.0.tgz",
+      "integrity": "sha512-NXYBzinNrblfraPGyrbPoD19C1h9lfI/1mzgWYvXUTe414Gz/X1FD2XBZSZM7rRTrMA8JL3OtAaGifrIKhQ5yQ==",
+      "dev": true,
+      "license": "MPL-2.0",
+      "dependencies": {
+        "detect-libc": "^2.0.3"
+      },
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      },
+      "optionalDependencies": {
+        "lightningcss-android-arm64": "1.32.0",
+        "lightningcss-darwin-arm64": "1.32.0",
+        "lightningcss-darwin-x64": "1.32.0",
+        "lightningcss-freebsd-x64": "1.32.0",
+        "lightningcss-linux-arm-gnueabihf": "1.32.0",
+        "lightningcss-linux-arm64-gnu": "1.32.0",
+        "lightningcss-linux-arm64-musl": "1.32.0",
+        "lightningcss-linux-x64-gnu": "1.32.0",
+        "lightningcss-linux-x64-musl": "1.32.0",
+        "lightningcss-win32-arm64-msvc": "1.32.0",
+        "lightningcss-win32-x64-msvc": "1.32.0"
+      }
+    },
+    "node_modules/lightningcss-android-arm64": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-android-arm64/-/lightningcss-android-arm64-1.32.0.tgz",
+      "integrity": "sha512-YK7/ClTt4kAK0vo6w3X+Pnm0D2cf2vPHbhOXdoNti1Ga0al1P4TBZhwjATvjNwLEBCnKvjJc2jQgHXH0NEwlAg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-darwin-arm64": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-darwin-arm64/-/lightningcss-darwin-arm64-1.32.0.tgz",
+      "integrity": "sha512-RzeG9Ju5bag2Bv1/lwlVJvBE3q6TtXskdZLLCyfg5pt+HLz9BqlICO7LZM7VHNTTn/5PRhHFBSjk5lc4cmscPQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-darwin-x64": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-darwin-x64/-/lightningcss-darwin-x64-1.32.0.tgz",
+      "integrity": "sha512-U+QsBp2m/s2wqpUYT/6wnlagdZbtZdndSmut/NJqlCcMLTWp5muCrID+K5UJ6jqD2BFshejCYXniPDbNh73V8w==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-freebsd-x64": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-freebsd-x64/-/lightningcss-freebsd-x64-1.32.0.tgz",
+      "integrity": "sha512-JCTigedEksZk3tHTTthnMdVfGf61Fky8Ji2E4YjUTEQX14xiy/lTzXnu1vwiZe3bYe0q+SpsSH/CTeDXK6WHig==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-arm-gnueabihf": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-arm-gnueabihf/-/lightningcss-linux-arm-gnueabihf-1.32.0.tgz",
+      "integrity": "sha512-x6rnnpRa2GL0zQOkt6rts3YDPzduLpWvwAF6EMhXFVZXD4tPrBkEFqzGowzCsIWsPjqSK+tyNEODUBXeeVHSkw==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-arm64-gnu": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-gnu/-/lightningcss-linux-arm64-gnu-1.32.0.tgz",
+      "integrity": "sha512-0nnMyoyOLRJXfbMOilaSRcLH3Jw5z9HDNGfT/gwCPgaDjnx0i8w7vBzFLFR1f6CMLKF8gVbebmkUN3fa/kQJpQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-arm64-musl": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-musl/-/lightningcss-linux-arm64-musl-1.32.0.tgz",
+      "integrity": "sha512-UpQkoenr4UJEzgVIYpI80lDFvRmPVg6oqboNHfoH4CQIfNA+HOrZ7Mo7KZP02dC6LjghPQJeBsvXhJod/wnIBg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-x64-gnu": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-gnu/-/lightningcss-linux-x64-gnu-1.32.0.tgz",
+      "integrity": "sha512-V7Qr52IhZmdKPVr+Vtw8o+WLsQJYCTd8loIfpDaMRWGUZfBOYEJeyJIkqGIDMZPwPx24pUMfwSxxI8phr/MbOA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-x64-musl": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-musl/-/lightningcss-linux-x64-musl-1.32.0.tgz",
+      "integrity": "sha512-bYcLp+Vb0awsiXg/80uCRezCYHNg1/l3mt0gzHnWV9XP1W5sKa5/TCdGWaR/zBM2PeF/HbsQv/j2URNOiVuxWg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-win32-arm64-msvc": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-win32-arm64-msvc/-/lightningcss-win32-arm64-msvc-1.32.0.tgz",
+      "integrity": "sha512-8SbC8BR40pS6baCM8sbtYDSwEVQd4JlFTOlaD3gWGHfThTcABnNDBda6eTZeqbofalIJhFx0qKzgHJmcPTnGdw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-win32-x64-msvc": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-win32-x64-msvc/-/lightningcss-win32-x64-msvc-1.32.0.tgz",
+      "integrity": "sha512-Amq9B/SoZYdDi1kFrojnoqPLxYhQ4Wo5XiL8EVJrVsB8ARoC1PWW6VGtT0WKCemjy8aC+louJnjS7U18x3b06Q==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/linkify-it": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.1.tgz",
+      "integrity": "sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/puzrin"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/markdown-it"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "uc.micro": "^2.0.0"
+      }
+    },
+    "node_modules/locate-path": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+      "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-locate": "^4.1.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/lodash": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/lodash-es": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.18.1.tgz",
+      "integrity": "sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/lodash.merge": {
+      "version": "4.6.2",
+      "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz",
+      "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/loupe": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/loupe/-/loupe-3.2.1.tgz",
+      "integrity": "sha512-CdzqowRJCeLU72bHvWqwRBBlLcMEtIvGrlvef74kMnV2AolS9Y8xUv1I0U/MNAWMhBlKIoyuEgoJ0t/bbwHbLQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/lru-cache": {
+      "version": "11.5.1",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.5.1.tgz",
+      "integrity": "sha512-RPimw/7aMdv2oqRrxKwvZXcPfwBrn/JZ2xYcY9Hus/6LaS3VOAKVWKWgNLCFSiOm1ESXinjsDlidVU7JlnCN2A==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/magic-string": {
+      "version": "0.30.21",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
+      "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.5.5"
+      }
+    },
+    "node_modules/magicast": {
+      "version": "0.3.5",
+      "resolved": "https://registry.npmjs.org/magicast/-/magicast-0.3.5.tgz",
+      "integrity": "sha512-L0WhttDl+2BOsybvEOLK7fW3UA0OQ0IQ2d6Zl2x/a6vVRs3bAY0ECOSHHeL5jD+SbOpOCUEi0y1DgHEn9Qn1AQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.25.4",
+        "@babel/types": "^7.25.4",
+        "source-map-js": "^1.2.0"
+      }
+    },
+    "node_modules/make-dir": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz",
+      "integrity": "sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.5.3"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/make-error": {
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz",
+      "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/markdown-it": {
+      "version": "14.2.0",
+      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.2.0.tgz",
+      "integrity": "sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/puzrin"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/markdown-it"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "argparse": "^2.0.1",
+        "entities": "^4.4.0",
+        "linkify-it": "^5.0.1",
+        "mdurl": "^2.0.0",
+        "punycode.js": "^2.3.1",
+        "uc.micro": "^2.1.0"
+      },
+      "bin": {
+        "markdown-it": "bin/markdown-it.mjs"
+      }
+    },
+    "node_modules/markdown-it/node_modules/entities": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
+      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/marked": {
+      "version": "16.4.2",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-16.4.2.tgz",
+      "integrity": "sha512-TI3V8YYWvkVf3KJe1dRkpnjs68JUPyEa5vjKrp1XEEJUAOaQc+Qj+L1qWbPd0SJuAdQkFU0h73sXXqwDYxsiDA==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "marked": "bin/marked.js"
+      },
+      "engines": {
+        "node": ">= 20"
+      }
+    },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/mdn-data": {
+      "version": "2.27.1",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.27.1.tgz",
+      "integrity": "sha512-9Yubnt3e8A0OKwxYSXyhLymGW4sCufcLG6VdiDdUGVkPhpqLxlvP5vl1983gQjJl3tqbrM731mjaZaP68AgosQ==",
+      "dev": true,
+      "license": "CC0-1.0"
+    },
+    "node_modules/mdurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz",
+      "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/media-typer": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/merge-anything": {
+      "version": "5.1.7",
+      "resolved": "https://registry.npmjs.org/merge-anything/-/merge-anything-5.1.7.tgz",
+      "integrity": "sha512-eRtbOb1N5iyH0tkQDAoQ4Ipsp/5qSR79Dzrz8hEPxRX10RWWR/iQXdoKmBSRCThY1Fh5EhISDtpSc93fpxUniQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-what": "^4.1.8"
+      },
+      "engines": {
+        "node": ">=12.13"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/mesqueeb"
+      }
+    },
+    "node_modules/merge-anything/node_modules/is-what": {
+      "version": "4.1.16",
+      "resolved": "https://registry.npmjs.org/is-what/-/is-what-4.1.16.tgz",
+      "integrity": "sha512-ZhMwEosbFJkA0YhFnNDgTM4ZxDRsS6HqTo7qsZM08fehyRYIYa0yHu5R6mgo1n/8MgaPBXiPimPD77baVFYg+A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.13"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/mesqueeb"
+      }
+    },
+    "node_modules/merge-descriptors": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+      "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/mermaid": {
+      "version": "11.15.0",
+      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.15.0.tgz",
+      "integrity": "sha512-pTMbcf3rWdtLiYGpmoTjHEpeY8seiy6sR+9nD7LOs8KfUbHE4lOUAprTRqRAcWSQ6MQpdX+YEsxShtGsINtPtw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@braintree/sanitize-url": "^7.1.1",
+        "@iconify/utils": "^3.0.2",
+        "@mermaid-js/parser": "^1.1.1",
+        "@types/d3": "^7.4.3",
+        "@upsetjs/venn.js": "^2.0.0",
+        "cytoscape": "^3.33.1",
+        "cytoscape-cose-bilkent": "^4.1.0",
+        "cytoscape-fcose": "^2.2.0",
+        "d3": "^7.9.0",
+        "d3-sankey": "^0.12.3",
+        "dagre-d3-es": "7.0.14",
+        "dayjs": "^1.11.19",
+        "dompurify": "^3.3.1",
+        "es-toolkit": "^1.45.1",
+        "katex": "^0.16.25",
+        "khroma": "^2.1.0",
+        "marked": "^16.3.0",
+        "roughjs": "^4.6.6",
+        "stylis": "^4.3.6",
+        "ts-dedent": "^2.2.0",
+        "uuid": "^11.1.0 || ^12 || ^13 || ^14.0.0"
+      }
+    },
+    "node_modules/mermaid/node_modules/commander": {
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
+      "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/mermaid/node_modules/katex": {
+      "version": "0.16.47",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.47.tgz",
+      "integrity": "sha512-Eeo8Ys1doU1z+x8AZsPpQu+p/QcZBI5PeOo7QGQdy2x2m0MU/hYagBbGOmXwr5KVbEfVuWv9LpnQWeehogurjg==",
+      "dev": true,
+      "funding": [
+        "https://opencollective.com/katex",
+        "https://github.com/sponsors/katex"
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "commander": "^8.3.0"
+      },
+      "bin": {
+        "katex": "cli.js"
+      }
+    },
+    "node_modules/methods": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/minimatch": {
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/minimist": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
+      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/minipass": {
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz",
+      "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      }
+    },
+    "node_modules/mitt": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/mitt/-/mitt-3.0.1.tgz",
+      "integrity": "sha512-vKivATfr97l2/QBCYAkXYDbrIWPM2IIKEl7YPhjCvKlG3kE2gm+uBo6nEXK3M5/Ffh/FLpKExzOQ3JJoJGFKBw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/mkdirp": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
+      "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "mkdirp": "bin/cmd.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/monaco-editor": {
+      "version": "0.55.1",
+      "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.55.1.tgz",
+      "integrity": "sha512-jz4x+TJNFHwHtwuV9vA9rMujcZRb0CEilTEwG2rRSpe/A7Jdkuj8xPKttCgOh+v/lkHy7HsZ64oj+q3xoAFl9A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "dompurify": "3.2.7",
+        "marked": "14.0.0"
+      }
+    },
+    "node_modules/monaco-editor/node_modules/dompurify": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.7.tgz",
+      "integrity": "sha512-WhL/YuveyGXJaerVlMYGWhvQswa7myDG17P7Vu65EWC05o8vfeNbvNf4d/BOvH99+ZW+LlQsc1GDKMa1vNK6dw==",
+      "dev": true,
+      "license": "(MPL-2.0 OR Apache-2.0)",
+      "optionalDependencies": {
+        "@types/trusted-types": "^2.0.7"
+      }
+    },
+    "node_modules/monaco-editor/node_modules/marked": {
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-14.0.0.tgz",
+      "integrity": "sha512-uIj4+faQ+MgHgwUW1l2PsPglZLOLOT1uErt06dAPtx2kjteLAkbsd/0FiYg/MGS+i7ZKLb7w2WClxHkzOOuryQ==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "marked": "bin/marked.js"
+      },
+      "engines": {
+        "node": ">= 18"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
+    },
+    "node_modules/muggle-string": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/muggle-string/-/muggle-string-0.4.1.tgz",
+      "integrity": "sha512-VNTrAak/KhO2i8dqqnqnAHOa3cYBwXEZe9h+D5h/1ZqFSTEFHdM65lR7RoIqq3tBBYavsOXV84NoHXZ0AkPyqQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/naive-ui": {
+      "version": "2.44.1",
+      "resolved": "https://registry.npmjs.org/naive-ui/-/naive-ui-2.44.1.tgz",
+      "integrity": "sha512-reo8Esw0p58liZwbUutC7meW24Xbn3EwNv91zReWKm2W4JPu+zfgJRn/F7aO0BFmvN+h2brA2M5lRvYqLq4kuA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@css-render/plugin-bem": "^0.15.14",
+        "@css-render/vue3-ssr": "^0.15.14",
+        "@types/lodash": "^4.17.20",
+        "@types/lodash-es": "^4.17.12",
+        "async-validator": "^4.2.5",
+        "css-render": "^0.15.14",
+        "csstype": "^3.1.3",
+        "date-fns": "^4.1.0",
+        "date-fns-tz": "^3.2.0",
+        "evtd": "^0.2.4",
+        "highlight.js": "^11.8.0",
+        "lodash": "^4.17.21",
+        "lodash-es": "^4.17.21",
+        "seemly": "^0.3.10",
+        "treemate": "^0.3.11",
+        "vdirs": "^0.1.8",
+        "vooks": "^0.2.12",
+        "vueuc": "^0.4.65"
+      },
+      "engines": {
+        "node": ">=20"
+      },
+      "peerDependencies": {
+        "vue": "^3.0.0"
+      }
+    },
+    "node_modules/nanoid": {
+      "version": "3.3.12",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz",
+      "integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "bin": {
+        "nanoid": "bin/nanoid.cjs"
+      },
+      "engines": {
+        "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1"
+      }
+    },
+    "node_modules/negotiator": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/neo-async": {
+      "version": "2.6.2",
+      "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz",
+      "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/node-addon-api": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-7.1.1.tgz",
+      "integrity": "sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==",
+      "license": "MIT"
+    },
+    "node_modules/node-edge-tts": {
+      "version": "1.2.10",
+      "resolved": "https://registry.npmjs.org/node-edge-tts/-/node-edge-tts-1.2.10.tgz",
+      "integrity": "sha512-bV2i4XU54D45+US0Zm1HcJRkifuB3W438dWyuJEHLQdKxnuqlI1kim2MOvR6Q3XUQZvfF9PoDyR1Rt7aeXhPdQ==",
+      "license": "MIT",
+      "dependencies": {
+        "https-proxy-agent": "^7.0.1",
+        "ws": "^8.13.0",
+        "yargs": "^17.7.2"
+      },
+      "bin": {
+        "node-edge-tts": "bin.js"
+      }
+    },
+    "node_modules/node-edge-tts/node_modules/agent-base": {
+      "version": "7.1.4",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz",
+      "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/node-edge-tts/node_modules/https-proxy-agent": {
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz",
+      "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==",
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "^7.1.2",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/node-pty": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/node-pty/-/node-pty-1.1.0.tgz",
+      "integrity": "sha512-20JqtutY6JPXTUnL0ij1uad7Qe1baT46lyolh2sSENDd4sTzKZ4nmAFkeAARDKwmlLjPx6XKRlwRUxwjOy+lUg==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "dependencies": {
+        "node-addon-api": "^7.1.0"
+      }
+    },
+    "node_modules/nodemon": {
+      "version": "3.1.14",
+      "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.1.14.tgz",
+      "integrity": "sha512-jakjZi93UtB3jHMWsXL68FXSAosbLfY0In5gtKq3niLSkrWznrVBzXFNOEMJUfc9+Ke7SHWoAZsiMkNP3vq6Jw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chokidar": "^3.5.2",
+        "debug": "^4",
+        "ignore-by-default": "^1.0.1",
+        "minimatch": "^10.2.1",
+        "pstree.remy": "^1.1.8",
+        "semver": "^7.5.3",
+        "simple-update-notifier": "^2.0.0",
+        "supports-color": "^5.5.0",
+        "touch": "^3.1.0",
+        "undefsafe": "^2.0.5"
+      },
+      "bin": {
+        "nodemon": "bin/nodemon.js"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/nodemon"
+      }
+    },
+    "node_modules/nodemon/node_modules/balanced-match": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/nodemon/node_modules/brace-expansion": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/nodemon/node_modules/has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/nodemon/node_modules/minimatch": {
+      "version": "10.2.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "brace-expansion": "^5.0.5"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/nodemon/node_modules/supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/nopt": {
+      "version": "7.2.1",
+      "resolved": "https://registry.npmjs.org/nopt/-/nopt-7.2.1.tgz",
+      "integrity": "sha512-taM24ViiimT/XntxbPyJQzCG+p4EKOpgD3mxFwW38mGjVUrfERQOeY4EDHjdnptttfHuHQXFx+lTP08Q+mLa/w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "abbrev": "^2.0.0"
+      },
+      "bin": {
+        "nopt": "bin/nopt.js"
+      },
+      "engines": {
+        "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
+      }
+    },
+    "node_modules/normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/object-inspect": {
+      "version": "1.13.4",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
+      "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/on-exit-leak-free": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.2.tgz",
+      "integrity": "sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/on-finished": {
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
+      "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ee-first": "1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "wrappy": "1"
+      }
+    },
+    "node_modules/only": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/only/-/only-0.0.2.tgz",
+      "integrity": "sha512-Fvw+Jemq5fjjyWz6CpKx6w9s7xxqo3+JCyM0WXWeCSOboZ8ABkyvP8ID4CZuChA/wxSx+XSJmdOm8rGVyJ1hdQ==",
+      "dev": true
+    },
+    "node_modules/p-limit": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
+      "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-try": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/p-locate": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+      "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-limit": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/p-try": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
+      "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/package-json-from-dist": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz",
+      "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==",
+      "dev": true,
+      "license": "BlueOak-1.0.0"
+    },
+    "node_modules/package-manager-detector": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/package-manager-detector/-/package-manager-detector-1.6.0.tgz",
+      "integrity": "sha512-61A5ThoTiDG/C8s8UMZwSorAGwMJ0ERVGj2OjoW5pAalsNOg15+iQiPzrLJ4jhZ1HJzmC2PIHT2oEiH3R5fzNA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/parse5": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
+      "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "entities": "^8.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/inikulin/parse5?sponsor=1"
+      }
+    },
+    "node_modules/parse5/node_modules/entities": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
+      "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/parseurl": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/path-browserify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-1.0.1.tgz",
+      "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/path-data-parser": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/path-data-parser/-/path-data-parser-0.1.0.tgz",
+      "integrity": "sha512-NOnmBpt5Y2RWbuv0LMzsayp3lVylAHLPUTut412ZA3l+C4uw4ZVkQbjShYCQ8TCpUMdPapr4YjUqLYD6v68j+w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/path-exists": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+      "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/path-scurry": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
+      "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "lru-cache": "^10.2.0",
+        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/path-scurry/node_modules/lru-cache": {
+      "version": "10.4.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
+      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/path-to-regexp": {
+      "version": "8.4.2",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz",
+      "integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/pathe": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz",
+      "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/pathval": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/pathval/-/pathval-2.0.1.tgz",
+      "integrity": "sha512-//nshmD55c46FuFw26xV/xFAaB5HF9Xdap7HJBBnrKdAd6/GxDBaNA1870O79+9ueg61cZLSVc+OaFlfmObYVQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14.16"
+      }
+    },
+    "node_modules/perfect-debounce": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/perfect-debounce/-/perfect-debounce-1.0.0.tgz",
+      "integrity": "sha512-xCy9V055GLEqoFaHoC1SoLIaLmWctgCUaBaWxDZ7/Zx4CTyX7cJQLJOok/orfjZAh9kEYpjJa4d0KcJmCbctZA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/picocolors": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/picomatch": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+      "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/pinia": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/pinia/-/pinia-3.0.4.tgz",
+      "integrity": "sha512-l7pqLUFTI/+ESXn6k3nu30ZIzW5E2WZF/LaHJEpoq6ElcLD+wduZoB2kBN19du6K/4FDpPMazY2wJr+IndBtQw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/devtools-api": "^7.7.7"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/posva"
+      },
+      "peerDependencies": {
+        "typescript": ">=4.5.0",
+        "vue": "^3.5.11"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/pino": {
+      "version": "10.3.1",
+      "resolved": "https://registry.npmjs.org/pino/-/pino-10.3.1.tgz",
+      "integrity": "sha512-r34yH/GlQpKZbU1BvFFqOjhISRo1MNx1tWYsYvmj6KIRHSPMT2+yHOEb1SG6NMvRoHRF0a07kCOox/9yakl1vg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@pinojs/redact": "^0.4.0",
+        "atomic-sleep": "^1.0.0",
+        "on-exit-leak-free": "^2.1.0",
+        "pino-abstract-transport": "^3.0.0",
+        "pino-std-serializers": "^7.0.0",
+        "process-warning": "^5.0.0",
+        "quick-format-unescaped": "^4.0.3",
+        "real-require": "^0.2.0",
+        "safe-stable-stringify": "^2.3.1",
+        "sonic-boom": "^4.0.1",
+        "thread-stream": "^4.0.0"
+      },
+      "bin": {
+        "pino": "bin.js"
+      }
+    },
+    "node_modules/pino-abstract-transport": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/pino-abstract-transport/-/pino-abstract-transport-3.0.0.tgz",
+      "integrity": "sha512-wlfUczU+n7Hy/Ha5j9a/gZNy7We5+cXp8YL+X+PG8S0KXxw7n/JXA3c46Y0zQznIJ83URJiwy7Lh56WLokNuxg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "split2": "^4.0.0"
+      }
+    },
+    "node_modules/pino-pretty": {
+      "version": "13.1.3",
+      "resolved": "https://registry.npmjs.org/pino-pretty/-/pino-pretty-13.1.3.tgz",
+      "integrity": "sha512-ttXRkkOz6WWC95KeY9+xxWL6AtImwbyMHrL1mSwqwW9u+vLp/WIElvHvCSDg0xO/Dzrggz1zv3rN5ovTRVowKg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "colorette": "^2.0.7",
+        "dateformat": "^4.6.3",
+        "fast-copy": "^4.0.0",
+        "fast-safe-stringify": "^2.1.1",
+        "help-me": "^5.0.0",
+        "joycon": "^3.1.1",
+        "minimist": "^1.2.6",
+        "on-exit-leak-free": "^2.1.0",
+        "pino-abstract-transport": "^3.0.0",
+        "pump": "^3.0.0",
+        "secure-json-parse": "^4.0.0",
+        "sonic-boom": "^4.0.1",
+        "strip-json-comments": "^5.0.2"
+      },
+      "bin": {
+        "pino-pretty": "bin.js"
+      }
+    },
+    "node_modules/pino-std-serializers": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-7.1.0.tgz",
+      "integrity": "sha512-BndPH67/JxGExRgiX1dX0w1FvZck5Wa4aal9198SrRhZjH3GxKQUKIBnYJTdj2HDN3UQAS06HlfcSbQj2OHmaw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/playwright": {
+      "version": "1.60.0",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.60.0.tgz",
+      "integrity": "sha512-hheHdokM8cdqCb0lcE3s+zT4t4W+vvjpGxsZlDnikarzx8tSzMebh3UiFtgqwFwnTnjYQcsyMF8ei2mCO/tpeA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright-core": "1.60.0"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "fsevents": "2.3.2"
+      }
+    },
+    "node_modules/playwright-core": {
+      "version": "1.60.0",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.60.0.tgz",
+      "integrity": "sha512-9bW6zvX/m0lEbgTKJ6YppOKx8H3VOPBMOCFh2irXFOT4BbHgrx5hPjwJYLT40Lu+4qtD36qKc/Hn56StUW57IA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "playwright-core": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/playwright/node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/pngjs": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz",
+      "integrity": "sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/points-on-curve": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/points-on-curve/-/points-on-curve-0.2.0.tgz",
+      "integrity": "sha512-0mYKnYYe9ZcqMCWhUjItv/oHjvgEsfKvnUTg8sAtnHr3GVy7rGkXCb6d5cSyqrWqL4k81b9CPg3urd+T7aop3A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/points-on-path": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/points-on-path/-/points-on-path-0.2.1.tgz",
+      "integrity": "sha512-25ClnWWuw7JbWZcgqY/gJ4FQWadKxGWk+3kR/7kD0tCaDtPPMj7oHu2ToLaVhfpnHrZzYby2w6tUA0eOIuUg8g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "path-data-parser": "0.1.0",
+        "points-on-curve": "0.2.0"
+      }
+    },
+    "node_modules/postcss": {
+      "version": "8.5.15",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.15.tgz",
+      "integrity": "sha512-FfR8sjd4em2T6fb3I2MwAJU7HWVMr9zba+enmQeeWFfCbm+UOC/0X4DS8XtpUTMwWMGbjKYP7xjfNekzyGmB3A==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "nanoid": "^3.3.12",
+        "picocolors": "^1.1.1",
+        "source-map-js": "^1.2.1"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      }
+    },
+    "node_modules/process-warning": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-5.0.0.tgz",
+      "integrity": "sha512-a39t9ApHNx2L4+HBnQKqxxHNs1r7KF+Intd8Q/g1bUh6q0WIp9voPXJ/x0j+ZL45KF1pJd9+q2jLIRMfvEshkA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fastify"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/fastify"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/proto-list": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz",
+      "integrity": "sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/proxy-addr": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "forwarded": "0.2.0",
+        "ipaddr.js": "1.9.1"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/proxy-from-env": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz",
+      "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/pstree.remy": {
+      "version": "1.1.8",
+      "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz",
+      "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/pump": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.4.tgz",
+      "integrity": "sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "end-of-stream": "^1.1.0",
+        "once": "^1.3.1"
+      }
+    },
+    "node_modules/punycode": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
+      "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/punycode.js": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz",
+      "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/qrcode": {
+      "version": "1.5.4",
+      "resolved": "https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz",
+      "integrity": "sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "dijkstrajs": "^1.0.1",
+        "pngjs": "^5.0.0",
+        "yargs": "^15.3.1"
+      },
+      "bin": {
+        "qrcode": "bin/qrcode"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/qrcode/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/qrcode/node_modules/cliui": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz",
+      "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.0",
+        "wrap-ansi": "^6.2.0"
+      }
+    },
+    "node_modules/qrcode/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/qrcode/node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/qrcode/node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/qrcode/node_modules/wrap-ansi": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+      "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/qrcode/node_modules/y18n": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz",
+      "integrity": "sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/qrcode/node_modules/yargs": {
+      "version": "15.4.1",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz",
+      "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cliui": "^6.0.0",
+        "decamelize": "^1.2.0",
+        "find-up": "^4.1.0",
+        "get-caller-file": "^2.0.1",
+        "require-directory": "^2.1.1",
+        "require-main-filename": "^2.0.0",
+        "set-blocking": "^2.0.0",
+        "string-width": "^4.2.0",
+        "which-module": "^2.0.0",
+        "y18n": "^4.0.0",
+        "yargs-parser": "^18.1.2"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/qrcode/node_modules/yargs-parser": {
+      "version": "18.1.3",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz",
+      "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "camelcase": "^5.0.0",
+        "decamelize": "^1.2.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/qs": {
+      "version": "6.15.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz",
+      "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/quick-format-unescaped": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/quick-format-unescaped/-/quick-format-unescaped-4.0.4.tgz",
+      "integrity": "sha512-tYC1Q1hgyRuHgloV/YXs2w15unPVh8qfu/qCTfhTYamaw7fyhumKa2yGpdSo87vY32rIclj+4fWYQXUMs9EHvg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/range-parser": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/raw-body": {
+      "version": "2.5.3",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz",
+      "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.4.24",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/raw-body/node_modules/iconv-lite": {
+      "version": "0.4.24",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "picomatch": "^2.2.1"
+      },
+      "engines": {
+        "node": ">=8.10.0"
+      }
+    },
+    "node_modules/real-require": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/real-require/-/real-require-0.2.0.tgz",
+      "integrity": "sha512-57frrGM/OCTLqLOAh0mhVA9VBMHd+9U7Zb2THMGdBUoZVOtGbJzjxsYGDJ3A9AYYCP4hn6y1TVbaOfzWtm5GFg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12.13.0"
+      }
+    },
+    "node_modules/reflect-metadata": {
+      "version": "0.2.2",
+      "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz",
+      "integrity": "sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==",
+      "dev": true,
+      "license": "Apache-2.0"
+    },
+    "node_modules/require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/require-from-string": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz",
+      "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/require-main-filename": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
+      "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/resolve": {
+      "version": "1.22.12",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz",
+      "integrity": "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "is-core-module": "^2.16.1",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      },
+      "bin": {
+        "resolve": "bin/resolve"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/resolve-path": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/resolve-path/-/resolve-path-1.4.0.tgz",
+      "integrity": "sha512-i1xevIst/Qa+nA9olDxLWnLk8YZbi8R/7JPbCMcgyWaFR6bKWaexgJgEB5oc2PKMjYdrHynyz0NY+if+H98t1w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "http-errors": "~1.6.2",
+        "path-is-absolute": "1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/resolve-path/node_modules/depd": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
+      "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/resolve-path/node_modules/http-errors": {
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz",
+      "integrity": "sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~1.1.2",
+        "inherits": "2.0.3",
+        "setprototypeof": "1.1.0",
+        "statuses": ">= 1.4.0 < 2"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/resolve-path/node_modules/inherits": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
+      "integrity": "sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/resolve-path/node_modules/setprototypeof": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz",
+      "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/resolve-path/node_modules/statuses": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
+      "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/rfdc": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/rfdc/-/rfdc-1.4.1.tgz",
+      "integrity": "sha512-q1b3N5QkRUWUl7iyylaaj3kOpIT0N2i9MqIEQXP73GVsN9cw3fdx8X63cEmWhJGi2PPCF23Ijp7ktmd39rawIA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/rimraf": {
+      "version": "2.7.1",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz",
+      "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==",
+      "deprecated": "Rimraf versions prior to v4 are no longer supported",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "glob": "^7.1.3"
+      },
+      "bin": {
+        "rimraf": "bin.js"
+      }
+    },
+    "node_modules/rimraf/node_modules/brace-expansion": {
+      "version": "1.1.15",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
+      "integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/rimraf/node_modules/glob": {
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
+      "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.1.1",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/rimraf/node_modules/minimatch": {
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/robust-predicates": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/robust-predicates/-/robust-predicates-3.0.3.tgz",
+      "integrity": "sha512-NS3levdsRIUOmiJ8FZWCP7LG3QpJyrs/TE0Zpf1yvZu8cAJJ6QMW92H1c7kWpdIHo8RvmLxN/o2JXTKHp74lUA==",
+      "dev": true,
+      "license": "Unlicense"
+    },
+    "node_modules/rolldown": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.2.tgz",
+      "integrity": "sha512-oZx5zVDtVB44AW3eaifgDml1gWRDZGvjcfdxonE4swNPG98PrrXjaO/KrnUjzlMnztCCRVlUueA1kCXhARGk6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@oxc-project/types": "=0.132.0",
+        "@rolldown/pluginutils": "^1.0.0"
+      },
+      "bin": {
+        "rolldown": "bin/cli.mjs"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      },
+      "optionalDependencies": {
+        "@rolldown/binding-android-arm64": "1.0.2",
+        "@rolldown/binding-darwin-arm64": "1.0.2",
+        "@rolldown/binding-darwin-x64": "1.0.2",
+        "@rolldown/binding-freebsd-x64": "1.0.2",
+        "@rolldown/binding-linux-arm-gnueabihf": "1.0.2",
+        "@rolldown/binding-linux-arm64-gnu": "1.0.2",
+        "@rolldown/binding-linux-arm64-musl": "1.0.2",
+        "@rolldown/binding-linux-ppc64-gnu": "1.0.2",
+        "@rolldown/binding-linux-s390x-gnu": "1.0.2",
+        "@rolldown/binding-linux-x64-gnu": "1.0.2",
+        "@rolldown/binding-linux-x64-musl": "1.0.2",
+        "@rolldown/binding-openharmony-arm64": "1.0.2",
+        "@rolldown/binding-wasm32-wasi": "1.0.2",
+        "@rolldown/binding-win32-arm64-msvc": "1.0.2",
+        "@rolldown/binding-win32-x64-msvc": "1.0.2"
+      }
+    },
+    "node_modules/rollup": {
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.4.tgz",
+      "integrity": "sha512-WHeFSbZYsPu3+bLoNRUuAO+wavNlocOPf3wSHTP7hcFKVnJeWsYlCDbr3mTS14FCizf9ccIxXA8sGL8zKeQN3g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "1.0.8"
+      },
+      "bin": {
+        "rollup": "dist/bin/rollup"
+      },
+      "engines": {
+        "node": ">=18.0.0",
+        "npm": ">=8.0.0"
+      },
+      "optionalDependencies": {
+        "@rollup/rollup-android-arm-eabi": "4.60.4",
+        "@rollup/rollup-android-arm64": "4.60.4",
+        "@rollup/rollup-darwin-arm64": "4.60.4",
+        "@rollup/rollup-darwin-x64": "4.60.4",
+        "@rollup/rollup-freebsd-arm64": "4.60.4",
+        "@rollup/rollup-freebsd-x64": "4.60.4",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.60.4",
+        "@rollup/rollup-linux-arm-musleabihf": "4.60.4",
+        "@rollup/rollup-linux-arm64-gnu": "4.60.4",
+        "@rollup/rollup-linux-arm64-musl": "4.60.4",
+        "@rollup/rollup-linux-loong64-gnu": "4.60.4",
+        "@rollup/rollup-linux-loong64-musl": "4.60.4",
+        "@rollup/rollup-linux-ppc64-gnu": "4.60.4",
+        "@rollup/rollup-linux-ppc64-musl": "4.60.4",
+        "@rollup/rollup-linux-riscv64-gnu": "4.60.4",
+        "@rollup/rollup-linux-riscv64-musl": "4.60.4",
+        "@rollup/rollup-linux-s390x-gnu": "4.60.4",
+        "@rollup/rollup-linux-x64-gnu": "4.60.4",
+        "@rollup/rollup-linux-x64-musl": "4.60.4",
+        "@rollup/rollup-openbsd-x64": "4.60.4",
+        "@rollup/rollup-openharmony-arm64": "4.60.4",
+        "@rollup/rollup-win32-arm64-msvc": "4.60.4",
+        "@rollup/rollup-win32-ia32-msvc": "4.60.4",
+        "@rollup/rollup-win32-x64-gnu": "4.60.4",
+        "@rollup/rollup-win32-x64-msvc": "4.60.4",
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/rollup/node_modules/@types/estree": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
+      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/roughjs": {
+      "version": "4.6.6",
+      "resolved": "https://registry.npmjs.org/roughjs/-/roughjs-4.6.6.tgz",
+      "integrity": "sha512-ZUz/69+SYpFN/g/lUlo2FXcIjRkSu3nDarreVdGGndHEBJ6cXPdKguS8JGxwj5HA5xIbVKSmLgr5b3AWxtRfvQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "hachure-fill": "^0.5.2",
+        "path-data-parser": "^0.1.0",
+        "points-on-curve": "^0.2.0",
+        "points-on-path": "^0.2.1"
+      }
+    },
+    "node_modules/rw": {
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/rw/-/rw-1.3.3.tgz",
+      "integrity": "sha512-PdhdWy89SiZogBLaw42zdeqtRJ//zFd2PgQavcICDUgJT5oW10QCRKbJ6bg4r0/UY2M6BWd5tkxuGFRvCkgfHQ==",
+      "dev": true,
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/rxjs": {
+      "version": "7.8.2",
+      "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.2.tgz",
+      "integrity": "sha512-dhKf903U/PQZY6boNNtAGdWbG85WAbjT/1xYoZIC7FAY0yWapOBQVsVrDl58W86//e1VpMNBtRV4MaXfdMySFA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.1.0"
+      }
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/safe-regex-test": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.1.0.tgz",
+      "integrity": "sha512-x/+Cz4YrimQxQccJf5mKEbIa1NzeCRNI5Ecl/ekmlYaampdNLPalVyIcCZNNH3MvmqBugV5TMYZXv0ljslUlaw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "is-regex": "^1.2.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/safe-stable-stringify": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz",
+      "integrity": "sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/sass": {
+      "version": "1.100.0",
+      "resolved": "https://registry.npmjs.org/sass/-/sass-1.100.0.tgz",
+      "integrity": "sha512-B5j0rYMlinhhOo9tjQebMVVn0TfyXAF+wB3b2ggZUuJ/is/Y+7+JGjirAMxHZ9Z3hIP98NPfamlAkBHa1lAaXQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chokidar": "^5.0.0",
+        "immutable": "^5.1.5",
+        "source-map-js": ">=0.6.2 <2.0.0"
+      },
+      "bin": {
+        "sass": "sass.js"
+      },
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "optionalDependencies": {
+        "@parcel/watcher": "^2.4.1"
+      }
+    },
+    "node_modules/sass/node_modules/chokidar": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-5.0.0.tgz",
+      "integrity": "sha512-TQMmc3w+5AxjpL8iIiwebF73dRDF4fBIieAqGn9RGCWaEVwQ6Fb2cGe31Yns0RRIzii5goJ1Y7xbMwo1TxMplw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "readdirp": "^5.0.0"
+      },
+      "engines": {
+        "node": ">= 20.19.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/sass/node_modules/readdirp": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-5.0.0.tgz",
+      "integrity": "sha512-9u/XQ1pvrQtYyMpZe7DXKv2p5CNvyVwzUB6uhLAnQwHMSgKMBR62lc7AHljaeteeHXn11XTAaLLUVZYVZyuRBQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 20.19.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/saxes": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/saxes/-/saxes-6.0.0.tgz",
+      "integrity": "sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "xmlchars": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=v12.22.7"
+      }
+    },
+    "node_modules/secure-json-parse": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/secure-json-parse/-/secure-json-parse-4.1.0.tgz",
+      "integrity": "sha512-l4KnYfEyqYJxDwlNVyRfO2E4NTHfMKAWdUuA8J0yve2Dz/E/PdBepY03RvyJpssIpRFwJoCD55wA+mEDs6ByWA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fastify"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/fastify"
+        }
+      ],
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/seemly": {
+      "version": "0.3.10",
+      "resolved": "https://registry.npmjs.org/seemly/-/seemly-0.3.10.tgz",
+      "integrity": "sha512-2+SMxtG1PcsL0uyhkumlOU6Qo9TAQ/WyH7tthnPIOQB05/12jz9naq6GZ6iZ6ApVsO3rr2gsnTf3++OV63kE1Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/semver": {
+      "version": "7.8.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz",
+      "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/send": {
+      "version": "0.19.2",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz",
+      "integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "2.6.9",
+        "depd": "2.0.0",
+        "destroy": "1.2.0",
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "etag": "~1.8.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.1",
+        "mime": "1.6.0",
+        "ms": "2.1.3",
+        "on-finished": "~2.4.1",
+        "range-parser": "~1.2.1",
+        "statuses": "~2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/send/node_modules/debug": {
+      "version": "2.6.9",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "2.0.0"
+      }
+    },
+    "node_modules/send/node_modules/debug/node_modules/ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/send/node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/serve-static": {
+      "version": "1.16.3",
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz",
+      "integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "encodeurl": "~2.0.0",
+        "escape-html": "~1.0.3",
+        "parseurl": "~1.3.3",
+        "send": "~0.19.1"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/serve-static/node_modules/encodeurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+      "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/set-blocking": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
+      "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "shebang-regex": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/shell-quote": {
+      "version": "1.8.3",
+      "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.3.tgz",
+      "integrity": "sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
+      "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.3",
+        "side-channel-list": "^1.0.0",
+        "side-channel-map": "^1.0.1",
+        "side-channel-weakmap": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-list": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz",
+      "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "object-inspect": "^1.13.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-map": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
+      "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/side-channel-weakmap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
+      "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bound": "^1.0.2",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.5",
+        "object-inspect": "^1.13.3",
+        "side-channel-map": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/siginfo": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz",
+      "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/signal-exit": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
+      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/simple-update-notifier": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz",
+      "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.5.3"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/socket.io": {
+      "version": "4.8.3",
+      "resolved": "https://registry.npmjs.org/socket.io/-/socket.io-4.8.3.tgz",
+      "integrity": "sha512-2Dd78bqzzjE6KPkD5fHZmDAKRNe3J15q+YHDrIsy9WEkqttc7GY+kT9OBLSMaPbQaEd0x1BjcmtMtXkfpc+T5A==",
+      "license": "MIT",
+      "dependencies": {
+        "accepts": "~1.3.4",
+        "base64id": "~2.0.0",
+        "cors": "~2.8.5",
+        "debug": "~4.4.1",
+        "engine.io": "~6.6.0",
+        "socket.io-adapter": "~2.5.2",
+        "socket.io-parser": "~4.2.4"
+      },
+      "engines": {
+        "node": ">=10.2.0"
+      }
+    },
+    "node_modules/socket.io-adapter": {
+      "version": "2.5.7",
+      "resolved": "https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.7.tgz",
+      "integrity": "sha512-e0LyK91f3cUxTmv95/KzoLg47+zF+s/sbxRGDNsyG4dmIP8ZSX8ax6byOxfJXeNNtS/8AZlfD+uP7gBeR7DLlg==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "~4.4.1",
+        "ws": "~8.20.1"
+      }
+    },
+    "node_modules/socket.io-adapter/node_modules/ws": {
+      "version": "8.20.1",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+      "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/socket.io-client": {
+      "version": "4.8.3",
+      "resolved": "https://registry.npmjs.org/socket.io-client/-/socket.io-client-4.8.3.tgz",
+      "integrity": "sha512-uP0bpjWrjQmUt5DTHq9RuoCBdFJF10cdX9X+a368j/Ft0wmaVgxlrjvK3kjvgCODOMMOz9lcaRzxmso0bTWZ/g==",
+      "license": "MIT",
+      "dependencies": {
+        "@socket.io/component-emitter": "~3.1.0",
+        "debug": "~4.4.1",
+        "engine.io-client": "~6.6.1",
+        "socket.io-parser": "~4.2.4"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/socket.io-parser": {
+      "version": "4.2.6",
+      "resolved": "https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz",
+      "integrity": "sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg==",
+      "license": "MIT",
+      "dependencies": {
+        "@socket.io/component-emitter": "~3.1.0",
+        "debug": "~4.4.1"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/sonic-boom": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-4.2.1.tgz",
+      "integrity": "sha512-w6AxtubXa2wTXAUsZMMWERrsIRAdrK0Sc+FUytWvYAhBJLyuI4llrMIC1DtlNSdI99EI86KZum2MMq3EAZlF9Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "atomic-sleep": "^1.0.0"
+      }
+    },
+    "node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/source-map-js": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
+      "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/source-map-support": {
+      "version": "0.5.21",
+      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz",
+      "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "buffer-from": "^1.0.0",
+        "source-map": "^0.6.0"
+      }
+    },
+    "node_modules/speakingurl": {
+      "version": "14.0.1",
+      "resolved": "https://registry.npmjs.org/speakingurl/-/speakingurl-14.0.1.tgz",
+      "integrity": "sha512-1POYv7uv2gXoyGFpBCmpDVSNV74IfsWlDW216UPjbWufNf+bSU6GdbDsxdcxtfwb4xlI3yxzOTKClUosxARYrQ==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/split2": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz",
+      "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">= 10.x"
+      }
+    },
+    "node_modules/stackback": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz",
+      "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/statuses": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/std-env": {
+      "version": "3.10.0",
+      "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz",
+      "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/string-width": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
+      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "eastasianwidth": "^0.2.0",
+        "emoji-regex": "^9.2.2",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/string-width-cjs": {
+      "name": "string-width",
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/string-width-cjs/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/string-width-cjs/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/string-width-cjs/node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-ansi": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
+      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^6.2.2"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
+    "node_modules/strip-ansi-cjs": {
+      "name": "strip-ansi",
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-ansi-cjs/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-bom": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz",
+      "integrity": "sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/strip-json-comments": {
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-5.0.3.tgz",
+      "integrity": "sha512-1tB5mhVo7U+ETBKNf92xT4hrQa3pm0MZ0PQvuDnWgAAGHDsfp4lPSpiS6psrSiet87wyGPh9ft6wmhOMQ0hDiw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/strip-literal": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-3.1.0.tgz",
+      "integrity": "sha512-8r3mkIM/2+PpjHoOtiAW8Rg3jJLHaV7xPwG+YRGrv6FP0wwk/toTpATxWYOW0BKdWwl82VT2tFYi5DlROa0Mxg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "js-tokens": "^9.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/strip-literal/node_modules/js-tokens": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.1.tgz",
+      "integrity": "sha512-mxa9E9ITFOt0ban3j6L5MpjwegGz6lBQmM1IJkWeBZGcMxto50+eWdjC/52xDbS2vy0k7vIMK0Fe2wfL9OQSpQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/stylis": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.4.0.tgz",
+      "integrity": "sha512-5Z9ZpRzfuH6l/UAvCPAPUo3665Nk2wLaZU3x+TLHKVzIz33+sbJqbtrYoC3KD4/uVOr2Zp+L0LySezP9OHV9yA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/superjson": {
+      "version": "2.2.6",
+      "resolved": "https://registry.npmjs.org/superjson/-/superjson-2.2.6.tgz",
+      "integrity": "sha512-H+ue8Zo4vJmV2nRjpx86P35lzwDT3nItnIsocgumgr0hHMQ+ZGq5vrERg9kJBo5AWGmxZDhzDo+WVIJqkB0cGA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "copy-anything": "^4"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/supports-color": {
+      "version": "8.1.1",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
+      "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/supports-color?sponsor=1"
+      }
+    },
+    "node_modules/supports-preserve-symlinks-flag": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
+      "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/symbol-tree": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
+      "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/test-exclude": {
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-7.0.2.tgz",
+      "integrity": "sha512-u9E6A+ZDYdp7a4WnarkXPZOx8Ilz46+kby6p1yZ8zsGTz9gYa6FIS7lj2oezzNKmtdyyJNNmmXDppga5GB7kSw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "@istanbuljs/schema": "^0.1.2",
+        "glob": "^10.4.1",
+        "minimatch": "^10.2.2"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/test-exclude/node_modules/balanced-match": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/test-exclude/node_modules/brace-expansion": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/test-exclude/node_modules/minimatch": {
+      "version": "10.2.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "brace-expansion": "^5.0.5"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/thread-stream": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-4.2.0.tgz",
+      "integrity": "sha512-e2zZ96wSChazBsbENf/Pcm/4swHt2cEKQ92rhUjkL9GCKiTDJIaTBenjE/m9DXi0QBmTMDkFDdOomUy20A1tDQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "real-require": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/thread-stream/node_modules/real-require": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/real-require/-/real-require-1.0.0.tgz",
+      "integrity": "sha512-P4nbQYQfePJxRSmY+v/KINxVucm4NF3p3s7pJveMTtom52FR4YGltUQLB8idDXwDDWW+eYrWDFbuzUnjoWHF7g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/tinybench": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.9.0.tgz",
+      "integrity": "sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/tinyexec": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.2.2.tgz",
+      "integrity": "sha512-M/Q0B2cp4K7kynaT/vnED1j8TlLY+Pp7C6Wl2bl/7u/F0mUVwdyOpwomQb8JpYLitHUssAJRmLZdMCGsrx7i+g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/tinyglobby": {
+      "version": "0.2.16",
+      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz",
+      "integrity": "sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fdir": "^6.5.0",
+        "picomatch": "^4.0.4"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/SuperchupuDev"
+      }
+    },
+    "node_modules/tinyglobby/node_modules/fdir": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
+      "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "picomatch": "^3 || ^4"
+      },
+      "peerDependenciesMeta": {
+        "picomatch": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/tinyglobby/node_modules/picomatch": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/tinypool": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-1.1.1.tgz",
+      "integrity": "sha512-Zba82s87IFq9A9XmjiX5uZA/ARWDrB03OHlq+Vw1fSdt0I+4/Kutwy8BP4Y/y/aORMo61FQ0vIb5j44vSo5Pkg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.0.0 || >=20.0.0"
+      }
+    },
+    "node_modules/tinyrainbow": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-2.0.0.tgz",
+      "integrity": "sha512-op4nsTR47R6p0vMUUoYl/a+ljLFVtlfaXkLQmqfLR1qHma1h/ysYk4hEXZ880bf2CYgTskvTa/e196Vd5dDQXw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/tinyspy": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-4.0.4.tgz",
+      "integrity": "sha512-azl+t0z7pw/z958Gy9svOTuzqIk6xq+NSheJzn5MMWtWTFywIacg2wUlzKFGtt3cthx0r2SxMK0yzJOR0IES7Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/tldts": {
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-7.4.0.tgz",
+      "integrity": "sha512-yHBe+zVfzNZ3QfTPW/Z6KK1G2t340gFjMHqI/4KKSt/abzYydzuCnpqdaF5gCCABby+9Yfbj59oR5F2Fd5CBzg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tldts-core": "^7.4.0"
+      },
+      "bin": {
+        "tldts": "bin/cli.js"
+      }
+    },
+    "node_modules/tldts-core": {
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.4.0.tgz",
+      "integrity": "sha512-/mb9kRld+x1sIMXxWNOAp5m6C+D4GrAORWlJkOJ5dElvxdN1eutz/o7qHLp9gFvDF4Y3/L2xeScoxz6AbEo8rQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/touch": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/touch/-/touch-3.1.1.tgz",
+      "integrity": "sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "nodetouch": "bin/nodetouch.js"
+      }
+    },
+    "node_modules/tough-cookie": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-6.0.1.tgz",
+      "integrity": "sha512-LktZQb3IeoUWB9lqR5EWTHgW/VTITCXg4D21M+lvybRVdylLrRMnqaIONLVb5mav8vM19m44HIcGq4qASeu2Qw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "tldts": "^7.0.5"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/tr46": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-6.0.0.tgz",
+      "integrity": "sha512-bLVMLPtstlZ4iMQHpFHTR7GAGj2jxi8Dg0s2h2MafAE4uSWF98FC/3MomU51iQAMf8/qDUbKWf5GxuvvVcXEhw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "punycode": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/tree-kill": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.2.tgz",
+      "integrity": "sha512-L0Orpi8qGpRG//Nd+H90vFB+3iHnue1zSSGmNOOCh1GLJ7rUKVwV2HvijphGQS2UmhUZewS9VgvxYIdgr+fG1A==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "tree-kill": "cli.js"
+      }
+    },
+    "node_modules/treemate": {
+      "version": "0.3.11",
+      "resolved": "https://registry.npmjs.org/treemate/-/treemate-0.3.11.tgz",
+      "integrity": "sha512-M8RGFoKtZ8dF+iwJfAJTOH/SM4KluKOKRJpjCMhI8bG3qB74zrFoArKZ62ll0Fr3mqkMJiQOmWYkdYgDeITYQg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/ts-dedent": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/ts-dedent/-/ts-dedent-2.2.0.tgz",
+      "integrity": "sha512-q5W7tVM71e2xjHZTlgfTDoPF/SmqKG5hddq9SzR49CH2hayqRKJtQ4mtRlSxKaJlR/+9rEM+mnBHf7I2/BQcpQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.10"
+      }
+    },
+    "node_modules/ts-deepmerge": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/ts-deepmerge/-/ts-deepmerge-7.0.3.tgz",
+      "integrity": "sha512-Du/ZW2RfwV/D4cmA5rXafYjBQVuvu4qGiEEla4EmEHVHgRdx68Gftx7i66jn2bzHPwSVZY36Ae6OuDn9el4ZKA==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=14.13.1"
+      }
+    },
+    "node_modules/ts-node": {
+      "version": "10.9.2",
+      "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz",
+      "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@cspotcode/source-map-support": "^0.8.0",
+        "@tsconfig/node10": "^1.0.7",
+        "@tsconfig/node12": "^1.0.7",
+        "@tsconfig/node14": "^1.0.0",
+        "@tsconfig/node16": "^1.0.2",
+        "acorn": "^8.4.1",
+        "acorn-walk": "^8.1.1",
+        "arg": "^4.1.0",
+        "create-require": "^1.1.0",
+        "diff": "^4.0.1",
+        "make-error": "^1.1.1",
+        "v8-compile-cache-lib": "^3.0.1",
+        "yn": "3.1.1"
+      },
+      "bin": {
+        "ts-node": "dist/bin.js",
+        "ts-node-cwd": "dist/bin-cwd.js",
+        "ts-node-esm": "dist/bin-esm.js",
+        "ts-node-script": "dist/bin-script.js",
+        "ts-node-transpile-only": "dist/bin-transpile.js",
+        "ts-script": "dist/bin-script-deprecated.js"
+      },
+      "peerDependencies": {
+        "@swc/core": ">=1.2.50",
+        "@swc/wasm": ">=1.2.50",
+        "@types/node": "*",
+        "typescript": ">=2.7"
+      },
+      "peerDependenciesMeta": {
+        "@swc/core": {
+          "optional": true
+        },
+        "@swc/wasm": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/ts-node-dev": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ts-node-dev/-/ts-node-dev-2.0.0.tgz",
+      "integrity": "sha512-ywMrhCfH6M75yftYvrvNarLEY+SUXtUvU8/0Z6llrHQVBx12GiFk5sStF8UdfE/yfzk9IAq7O5EEbTQsxlBI8w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chokidar": "^3.5.1",
+        "dynamic-dedupe": "^0.3.0",
+        "minimist": "^1.2.6",
+        "mkdirp": "^1.0.4",
+        "resolve": "^1.0.0",
+        "rimraf": "^2.6.1",
+        "source-map-support": "^0.5.12",
+        "tree-kill": "^1.2.2",
+        "ts-node": "^10.4.0",
+        "tsconfig": "^7.0.0"
+      },
+      "bin": {
+        "ts-node-dev": "lib/bin.js",
+        "tsnd": "lib/bin.js"
+      },
+      "engines": {
+        "node": ">=0.8.0"
+      },
+      "peerDependencies": {
+        "node-notifier": "*",
+        "typescript": "*"
+      },
+      "peerDependenciesMeta": {
+        "node-notifier": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/tsconfig": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/tsconfig/-/tsconfig-7.0.0.tgz",
+      "integrity": "sha512-vZXmzPrL+EmC4T/4rVlT2jNVMWCi/O4DIiSj3UHg1OE5kCKbk4mfrXc6dZksLgRM/TZlKnousKH9bbTazUWRRw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/strip-bom": "^3.0.0",
+        "@types/strip-json-comments": "0.0.30",
+        "strip-bom": "^3.0.0",
+        "strip-json-comments": "^2.0.0"
+      }
+    },
+    "node_modules/tsconfig/node_modules/strip-json-comments": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
+      "integrity": "sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/tslib": {
+      "version": "2.8.1",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
+      "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
+      "dev": true,
+      "license": "0BSD"
+    },
+    "node_modules/tsoa": {
+      "version": "7.0.0-alpha.0",
+      "resolved": "https://registry.npmjs.org/tsoa/-/tsoa-7.0.0-alpha.0.tgz",
+      "integrity": "sha512-o5h2DD1IKa2GF728BHYDL2uSX57a44sX8BLFScR4KbD0xlOmgsSDECneJmouDxf9MJdjHHWc+I1S3sGK82B6kQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@tsoa/cli": "^7.0.0-alpha.0",
+        "@tsoa/runtime": "^7.0.0-alpha.0"
+      },
+      "bin": {
+        "tsoa": "dist/cli.js"
+      },
+      "engines": {
+        "node": ">=18.0.0",
+        "yarn": ">=1.9.4"
+      }
+    },
+    "node_modules/tsscmp": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz",
+      "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.6.x"
+      }
+    },
+    "node_modules/type-is": {
+      "version": "1.6.18",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "media-typer": "0.3.0",
+        "mime-types": "~2.1.24"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
+      "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/uc.micro": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz",
+      "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/uglify-js": {
+      "version": "3.19.3",
+      "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.19.3.tgz",
+      "integrity": "sha512-v3Xu+yuwBXisp6QYTcH4UbH+xYJXqnq2m/LtQVWKWzYc1iehYnLixoQDN9FH6/j9/oybfd6W9Ghwkl8+UMKTKQ==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "optional": true,
+      "bin": {
+        "uglifyjs": "bin/uglifyjs"
+      },
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/undefsafe": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz",
+      "integrity": "sha512-WxONCrssBM8TSPRqN5EmsjVrsv4A8X12J4ArBiiayv3DyyG3ZlIg6yysuuSYdZsVz3TKcTg2fd//Ujd4CHV1iA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/undici-types": {
+      "version": "7.16.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
+      "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
+      "license": "MIT"
+    },
+    "node_modules/universalify": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
+      "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 10.0.0"
+      }
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/utils-merge": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/uuid": {
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz",
+      "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==",
+      "dev": true,
+      "funding": [
+        "https://github.com/sponsors/broofa",
+        "https://github.com/sponsors/ctavan"
+      ],
+      "license": "MIT",
+      "bin": {
+        "uuid": "dist-node/bin/uuid"
+      }
+    },
+    "node_modules/v8-compile-cache-lib": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz",
+      "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/validator": {
+      "version": "13.15.35",
+      "resolved": "https://registry.npmjs.org/validator/-/validator-13.15.35.tgz",
+      "integrity": "sha512-TQ5pAGhd5whStmqWvYF4OjQROlmv9SMFVt37qoCBdqRffuuklWYQlCNnEs2ZaIBD1kZRNnikiZOS1eqgkar0iw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/vary": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/vdirs": {
+      "version": "0.1.8",
+      "resolved": "https://registry.npmjs.org/vdirs/-/vdirs-0.1.8.tgz",
+      "integrity": "sha512-H9V1zGRLQZg9b+GdMk8MXDN2Lva0zx72MPahDKc30v+DtwKjfyOSXWRIX4t2mhDubM1H09gPhWeth/BJWPHGUw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "evtd": "^0.2.2"
+      },
+      "peerDependencies": {
+        "vue": "^3.0.11"
+      }
+    },
+    "node_modules/vite": {
+      "version": "8.0.14",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.14.tgz",
+      "integrity": "sha512-s4BJJ+5y1pYL6Otw51FHhVJQhPnuRinKig64g/1+EUNaJsd3gCKdD31IPFvswUgW9/60QT9oFHbZHbQK5imcxw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "lightningcss": "^1.32.0",
+        "picomatch": "^4.0.4",
+        "postcss": "^8.5.15",
+        "rolldown": "1.0.2",
+        "tinyglobby": "^0.2.16"
+      },
+      "bin": {
+        "vite": "bin/vite.js"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      },
+      "funding": {
+        "url": "https://github.com/vitejs/vite?sponsor=1"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      },
+      "peerDependencies": {
+        "@types/node": "^20.19.0 || >=22.12.0",
+        "@vitejs/devtools": "^0.1.18",
+        "esbuild": "^0.27.0 || ^0.28.0",
+        "jiti": ">=1.21.0",
+        "less": "^4.0.0",
+        "sass": "^1.70.0",
+        "sass-embedded": "^1.70.0",
+        "stylus": ">=0.54.8",
+        "sugarss": "^5.0.0",
+        "terser": "^5.16.0",
+        "tsx": "^4.8.1",
+        "yaml": "^2.4.2"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
+        "@vitejs/devtools": {
+          "optional": true
+        },
+        "esbuild": {
+          "optional": true
+        },
+        "jiti": {
+          "optional": true
+        },
+        "less": {
+          "optional": true
+        },
+        "sass": {
+          "optional": true
+        },
+        "sass-embedded": {
+          "optional": true
+        },
+        "stylus": {
+          "optional": true
+        },
+        "sugarss": {
+          "optional": true
+        },
+        "terser": {
+          "optional": true
+        },
+        "tsx": {
+          "optional": true
+        },
+        "yaml": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vite-node": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-3.2.4.tgz",
+      "integrity": "sha512-EbKSKh+bh1E1IFxeO0pg1n4dvoOTt0UDiXMd/qn++r98+jPO1xtJilvXldeuQ8giIB5IkpjCgMleHMNEsGH6pg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cac": "^6.7.14",
+        "debug": "^4.4.1",
+        "es-module-lexer": "^1.7.0",
+        "pathe": "^2.0.3",
+        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0"
+      },
+      "bin": {
+        "vite-node": "vite-node.mjs"
+      },
+      "engines": {
+        "node": "^18.0.0 || ^20.0.0 || >=22.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      }
+    },
+    "node_modules/vite-node/node_modules/fdir": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
+      "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "picomatch": "^3 || ^4"
+      },
+      "peerDependenciesMeta": {
+        "picomatch": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vite-node/node_modules/picomatch": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/vite-node/node_modules/vite": {
+      "version": "7.3.3",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.3.tgz",
+      "integrity": "sha512-/4XH147Ui7OGTjg3HbdWe5arnZQSbfuRzdr9Ec7TQi5I7R+ir0Rlc9GIvD4v0XZurELqA035KVXJXpR61xhiTA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "^0.27.0",
+        "fdir": "^6.5.0",
+        "picomatch": "^4.0.3",
+        "postcss": "^8.5.6",
+        "rollup": "^4.43.0",
+        "tinyglobby": "^0.2.15"
+      },
+      "bin": {
+        "vite": "bin/vite.js"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      },
+      "funding": {
+        "url": "https://github.com/vitejs/vite?sponsor=1"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      },
+      "peerDependencies": {
+        "@types/node": "^20.19.0 || >=22.12.0",
+        "jiti": ">=1.21.0",
+        "less": "^4.0.0",
+        "lightningcss": "^1.21.0",
+        "sass": "^1.70.0",
+        "sass-embedded": "^1.70.0",
+        "stylus": ">=0.54.8",
+        "sugarss": "^5.0.0",
+        "terser": "^5.16.0",
+        "tsx": "^4.8.1",
+        "yaml": "^2.4.2"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
+        "jiti": {
+          "optional": true
+        },
+        "less": {
+          "optional": true
+        },
+        "lightningcss": {
+          "optional": true
+        },
+        "sass": {
+          "optional": true
+        },
+        "sass-embedded": {
+          "optional": true
+        },
+        "stylus": {
+          "optional": true
+        },
+        "sugarss": {
+          "optional": true
+        },
+        "terser": {
+          "optional": true
+        },
+        "tsx": {
+          "optional": true
+        },
+        "yaml": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vite/node_modules/picomatch": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/vitest": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-3.2.4.tgz",
+      "integrity": "sha512-LUCP5ev3GURDysTWiP47wRRUpLKMOfPh+yKTx3kVIEiu5KOMeqzpnYNsKyOoVrULivR8tLcks4+lga33Whn90A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/chai": "^5.2.2",
+        "@vitest/expect": "3.2.4",
+        "@vitest/mocker": "3.2.4",
+        "@vitest/pretty-format": "^3.2.4",
+        "@vitest/runner": "3.2.4",
+        "@vitest/snapshot": "3.2.4",
+        "@vitest/spy": "3.2.4",
+        "@vitest/utils": "3.2.4",
+        "chai": "^5.2.0",
+        "debug": "^4.4.1",
+        "expect-type": "^1.2.1",
+        "magic-string": "^0.30.17",
+        "pathe": "^2.0.3",
+        "picomatch": "^4.0.2",
+        "std-env": "^3.9.0",
+        "tinybench": "^2.9.0",
+        "tinyexec": "^0.3.2",
+        "tinyglobby": "^0.2.14",
+        "tinypool": "^1.1.1",
+        "tinyrainbow": "^2.0.0",
+        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0",
+        "vite-node": "3.2.4",
+        "why-is-node-running": "^2.3.0"
+      },
+      "bin": {
+        "vitest": "vitest.mjs"
+      },
+      "engines": {
+        "node": "^18.0.0 || ^20.0.0 || >=22.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "@edge-runtime/vm": "*",
+        "@types/debug": "^4.1.12",
+        "@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0",
+        "@vitest/browser": "3.2.4",
+        "@vitest/ui": "3.2.4",
+        "happy-dom": "*",
+        "jsdom": "*"
+      },
+      "peerDependenciesMeta": {
+        "@edge-runtime/vm": {
+          "optional": true
+        },
+        "@types/debug": {
+          "optional": true
+        },
+        "@types/node": {
+          "optional": true
+        },
+        "@vitest/browser": {
+          "optional": true
+        },
+        "@vitest/ui": {
+          "optional": true
+        },
+        "happy-dom": {
+          "optional": true
+        },
+        "jsdom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vitest/node_modules/@vitest/mocker": {
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-3.2.4.tgz",
+      "integrity": "sha512-46ryTE9RZO/rfDd7pEqFl7etuyzekzEhUbTW3BvmeO/BcCMEgq59BKhek3dXDWgAj4oMK6OZi+vRr1wPW6qjEQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vitest/spy": "3.2.4",
+        "estree-walker": "^3.0.3",
+        "magic-string": "^0.30.17"
+      },
+      "funding": {
+        "url": "https://opencollective.com/vitest"
+      },
+      "peerDependencies": {
+        "msw": "^2.4.9",
+        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0-0"
+      },
+      "peerDependenciesMeta": {
+        "msw": {
+          "optional": true
+        },
+        "vite": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vitest/node_modules/estree-walker": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz",
+      "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "^1.0.0"
+      }
+    },
+    "node_modules/vitest/node_modules/fdir": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
+      "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "picomatch": "^3 || ^4"
+      },
+      "peerDependenciesMeta": {
+        "picomatch": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vitest/node_modules/picomatch": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/vitest/node_modules/tinyexec": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-0.3.2.tgz",
+      "integrity": "sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/vitest/node_modules/vite": {
+      "version": "7.3.3",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.3.tgz",
+      "integrity": "sha512-/4XH147Ui7OGTjg3HbdWe5arnZQSbfuRzdr9Ec7TQi5I7R+ir0Rlc9GIvD4v0XZurELqA035KVXJXpR61xhiTA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "^0.27.0",
+        "fdir": "^6.5.0",
+        "picomatch": "^4.0.3",
+        "postcss": "^8.5.6",
+        "rollup": "^4.43.0",
+        "tinyglobby": "^0.2.15"
+      },
+      "bin": {
+        "vite": "bin/vite.js"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      },
+      "funding": {
+        "url": "https://github.com/vitejs/vite?sponsor=1"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      },
+      "peerDependencies": {
+        "@types/node": "^20.19.0 || >=22.12.0",
+        "jiti": ">=1.21.0",
+        "less": "^4.0.0",
+        "lightningcss": "^1.21.0",
+        "sass": "^1.70.0",
+        "sass-embedded": "^1.70.0",
+        "stylus": ">=0.54.8",
+        "sugarss": "^5.0.0",
+        "terser": "^5.16.0",
+        "tsx": "^4.8.1",
+        "yaml": "^2.4.2"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
+        "jiti": {
+          "optional": true
+        },
+        "less": {
+          "optional": true
+        },
+        "lightningcss": {
+          "optional": true
+        },
+        "sass": {
+          "optional": true
+        },
+        "sass-embedded": {
+          "optional": true
+        },
+        "stylus": {
+          "optional": true
+        },
+        "sugarss": {
+          "optional": true
+        },
+        "terser": {
+          "optional": true
+        },
+        "tsx": {
+          "optional": true
+        },
+        "yaml": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vooks": {
+      "version": "0.2.12",
+      "resolved": "https://registry.npmjs.org/vooks/-/vooks-0.2.12.tgz",
+      "integrity": "sha512-iox0I3RZzxtKlcgYaStQYKEzWWGAduMmq+jS7OrNdQo1FgGfPMubGL3uGHOU9n97NIvfFDBGnpSvkWyb/NSn/Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "evtd": "^0.2.2"
+      },
+      "peerDependencies": {
+        "vue": "^3.0.0"
+      }
+    },
+    "node_modules/vscode-uri": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/vscode-uri/-/vscode-uri-3.1.0.tgz",
+      "integrity": "sha512-/BpdSx+yCQGnCvecbyXdxHDkuk55/G3xwnC0GqY4gmQ3j+A+g8kzzgB4Nk/SINjqn6+waqw3EgbVF2QKExkRxQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/vue": {
+      "version": "3.5.35",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.35.tgz",
+      "integrity": "sha512-cx89fnr+0kVGHiNFG6y6s0bdjypJRFNZn6x3WPstNdQR1bi1mbB7h4v5IBGTsPJU3nK1+0Iqj3Zf+hZWMieR4Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/compiler-dom": "3.5.35",
+        "@vue/compiler-sfc": "3.5.35",
+        "@vue/runtime-dom": "3.5.35",
+        "@vue/server-renderer": "3.5.35",
+        "@vue/shared": "3.5.35"
+      },
+      "peerDependencies": {
+        "typescript": "*"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vue-component-type-helpers": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/vue-component-type-helpers/-/vue-component-type-helpers-3.3.2.tgz",
+      "integrity": "sha512-l4Z2Y34m7nFMlx8vrslJaVtXxUpzgDMSESC7TakG/c5kwjYT/do+E0NcT2/vWDzaoIhsShg/2OKwX7Q4nbzC0g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/vue-i18n": {
+      "version": "11.4.4",
+      "resolved": "https://registry.npmjs.org/vue-i18n/-/vue-i18n-11.4.4.tgz",
+      "integrity": "sha512-gIbXVSFQV4jcSJxfwdZ5zSZmZ+12CnX0K3vBkRSd6Zn+HSzCp+QwUgPwpD/uN0oKNKI9RzlUXPKVedEuMgNG0A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@intlify/core-base": "11.4.4",
+        "@intlify/devtools-types": "11.4.4",
+        "@intlify/shared": "11.4.4",
+        "@vue/devtools-api": "^6.5.0"
+      },
+      "engines": {
+        "node": ">= 22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/kazupon"
+      },
+      "peerDependencies": {
+        "vue": "^3.0.0"
+      }
+    },
+    "node_modules/vue-i18n/node_modules/@vue/devtools-api": {
+      "version": "6.6.4",
+      "resolved": "https://registry.npmjs.org/@vue/devtools-api/-/devtools-api-6.6.4.tgz",
+      "integrity": "sha512-sGhTPMuXqZ1rVOk32RylztWkfXTRhuS7vgAKv0zjqk8gbsHkJ7xfFf+jbySxt7tWObEJwyKaHMikV/WGDiQm8g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/vue-router": {
+      "version": "4.6.4",
+      "resolved": "https://registry.npmjs.org/vue-router/-/vue-router-4.6.4.tgz",
+      "integrity": "sha512-Hz9q5sa33Yhduglwz6g9skT8OBPii+4bFn88w6J+J4MfEo4KRRpmiNG/hHHkdbRFlLBOqxN8y8gf2Fb0MTUgVg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@vue/devtools-api": "^6.6.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/posva"
+      },
+      "peerDependencies": {
+        "vue": "^3.5.0"
+      }
+    },
+    "node_modules/vue-router/node_modules/@vue/devtools-api": {
+      "version": "6.6.4",
+      "resolved": "https://registry.npmjs.org/@vue/devtools-api/-/devtools-api-6.6.4.tgz",
+      "integrity": "sha512-sGhTPMuXqZ1rVOk32RylztWkfXTRhuS7vgAKv0zjqk8gbsHkJ7xfFf+jbySxt7tWObEJwyKaHMikV/WGDiQm8g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/vue-tsc": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/vue-tsc/-/vue-tsc-3.3.2.tgz",
+      "integrity": "sha512-n7nQoA3YWW/eiDR8jMiv/uJvlg0uLGs+YgUrsTrf9EZaYSt3tuvMZb5V8+7Mvh/EH5pnY/hoVdgfjH+XcK+wwA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@volar/typescript": "2.4.28",
+        "@vue/language-core": "3.3.2"
+      },
+      "bin": {
+        "vue-tsc": "bin/vue-tsc.js"
+      },
+      "peerDependencies": {
+        "typescript": ">=5.0.0"
+      }
+    },
+    "node_modules/vue-virtual-scroller": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/vue-virtual-scroller/-/vue-virtual-scroller-3.0.4.tgz",
+      "integrity": "sha512-3qh3c9VUVysuXynaa4fVZ3ncx3VgD7EPRiQcj+jUVZl5u/TTkD3c27XvSEu3JGJfsJt/vVTVziZ3djiiHtW4cQ==",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "vue": "^3.3.0"
+      }
+    },
+    "node_modules/vueuc": {
+      "version": "0.4.65",
+      "resolved": "https://registry.npmjs.org/vueuc/-/vueuc-0.4.65.tgz",
+      "integrity": "sha512-lXuMl+8gsBmruudfxnMF9HW4be8rFziylXFu1VHVNbLVhRTXXV4njvpRuJapD/8q+oFEMSfQMH16E/85VoWRyQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@css-render/vue3-ssr": "^0.15.10",
+        "@juggle/resize-observer": "^3.3.1",
+        "css-render": "^0.15.10",
+        "evtd": "^0.2.4",
+        "seemly": "^0.3.6",
+        "vdirs": "^0.1.4",
+        "vooks": "^0.2.4"
+      },
+      "peerDependencies": {
+        "vue": "^3.0.11"
+      }
+    },
+    "node_modules/w3c-xmlserializer": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-5.0.0.tgz",
+      "integrity": "sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "xml-name-validator": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/webidl-conversions": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-8.0.1.tgz",
+      "integrity": "sha512-BMhLD/Sw+GbJC21C/UgyaZX41nPt8bUTg+jWyDeg7e7YN4xOM05YPSIXceACnXVtqyEw/LMClUQMtMZ+PGGpqQ==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/whatwg-mimetype": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-4.0.0.tgz",
+      "integrity": "sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/whatwg-url": {
+      "version": "15.1.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-15.1.0.tgz",
+      "integrity": "sha512-2ytDk0kiEj/yu90JOAp44PVPUkO9+jVhyf+SybKlRHSDlvOOZhdPIrr7xTH64l4WixO2cP+wQIcgujkGBPPz6g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tr46": "^6.0.0",
+        "webidl-conversions": "^8.0.0"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "isexe": "^2.0.0"
+      },
+      "bin": {
+        "node-which": "bin/node-which"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/which-module": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz",
+      "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/why-is-node-running": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.3.0.tgz",
+      "integrity": "sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "siginfo": "^2.0.0",
+        "stackback": "0.0.2"
+      },
+      "bin": {
+        "why-is-node-running": "cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/wordwrap": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
+      "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/wrap-ansi": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
+      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^6.1.0",
+        "string-width": "^5.0.1",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi-cjs": {
+      "name": "wrap-ansi",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi-cjs/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/wrap-ansi-cjs/node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/wrap-ansi-cjs/node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/ansi-styles": {
+      "version": "6.2.3",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz",
+      "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/ws": {
+      "version": "8.21.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
+      "integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/xml-name-validator": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-5.0.0.tgz",
+      "integrity": "sha512-EvGK8EJ3DhaHfbRlETOWAS5pO9MZITeauHKJyb8wyajUfQUenkIg2MvLDTZ4T/TgIcm3HU0TFBgWWboAZ30UHg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/xmlchars": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz",
+      "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/xmlhttprequest-ssl": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-2.1.2.tgz",
+      "integrity": "sha512-TEU+nJVUUnA4CYJFLvK5X9AOeH4KvDvhIfm0vV1GaQRtchnG0hgK5p8hw/xjv8cunWYCsiPCSDzObPyhEwq3KQ==",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/xtend": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
+      "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.4"
+      }
+    },
+    "node_modules/y18n": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
+      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/yaml": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.9.0.tgz",
+      "integrity": "sha512-2AvhNX3mb8zd6Zy7INTtSpl1F15HW6Wnqj0srWlkKLcpYl/gMIMJiyuGq2KeI2YFxUPjdlB+3Lc10seMLtL4cA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "yaml": "bin.mjs"
+      },
+      "engines": {
+        "node": ">= 14.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/eemeli"
+      }
+    },
+    "node_modules/yargs": {
+      "version": "17.7.2",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
+      "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
+      "license": "MIT",
+      "dependencies": {
+        "cliui": "^8.0.1",
+        "escalade": "^3.1.1",
+        "get-caller-file": "^2.0.5",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.3",
+        "y18n": "^5.0.5",
+        "yargs-parser": "^21.1.1"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/yargs-parser": {
+      "version": "21.1.1",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz",
+      "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/yargs/node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/yargs/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "license": "MIT"
+    },
+    "node_modules/yargs/node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/yargs/node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ylru": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/ylru/-/ylru-1.4.0.tgz",
+      "integrity": "sha512-2OQsPNEmBCvXuFlIni/a+Rn+R2pHW9INm0BxXJ4hVDA8TirqMj+J/Rp9ItLatT/5pZqWwefVrTQcHpixsxnVlA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 4.0.0"
+      }
+    },
+    "node_modules/yn": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
+      "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    }
+  }
+}
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..b853088
--- /dev/null
+++ b/package.json
@@ -0,0 +1,135 @@
+{
+  "name": "hermes-web-ui",
+  "version": "0.6.9",
+  "description": "Self-hosted AI chat dashboard for Hermes Agent — multi-model web UI with multi-platform integration",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/EKKOLearnAI/hermes-web-ui.git"
+  },
+  "homepage": "https://hermes-studio.ai",
+  "license": "BSL-1.1",
+  "engines": {
+    "node": ">=23.0.0"
+  },
+  "keywords": [
+    "hermes",
+    "hermes-agent",
+    "hermes-web",
+    "agent",
+    "ai",
+    "ai-agent",
+    "ai-chat",
+    "ai-dashboard",
+    "llm",
+    "multi-model",
+    "chat-ui",
+    "dashboard",
+    "self-hosted",
+    "multi-platform",
+    "vue3",
+    "typescript"
+  ],
+  "bin": {
+    "hermes-web-ui": "./bin/hermes-web-ui.mjs"
+  },
+  "scripts": {
+    "start": "vite --host --port 8648",
+    "dev": "concurrently \"npm run dev:server\" \"npm run dev:client\"",
+    "dev:client": "cross-env HERMES_WEB_UI_BACKEND_PORT=8647 vite --host --port 8649 --strictPort",
+    "dev:server": "nodemon",
+    "build": "vue-tsc -b && vite build && tsc --noEmit -p packages/server/tsconfig.json && node scripts/build-server.mjs",
+    "harness:check": "node scripts/harness-check.mjs",
+    "prepare": "[ -d dist ] || npm run build",
+    "preview": "NODE_ENV=production vite preview",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "test:e2e": "playwright test",
+    "test:e2e:ui": "playwright test --ui",
+    "dev:website": "vite --config vite.config.website.ts",
+    "build:website": "vite build --config vite.config.website.ts",
+    "preview:website": "vite preview --config vite.config.website.ts",
+    "desktop:install": "npm ci --prefix packages/desktop --no-audit --no-fund",
+    "desktop:prepare-runtime": "npm --prefix packages/desktop run prepare:runtime",
+    "desktop:prepare-python": "npm --prefix packages/desktop run prepare:python",
+    "build:desktop": "npm run build && npm run desktop:install && npm --prefix packages/desktop run dist -- --publish never",
+    "build:desktop:mac": "npm run build && npm run desktop:install && npm --prefix packages/desktop run dist -- --mac --publish never",
+    "build:desktop:win": "npm run build && npm run desktop:install && npm --prefix packages/desktop run dist -- --win --publish never",
+    "build:desktop:linux": "npm run build && npm run desktop:install && npm --prefix packages/desktop run dist -- --linux --publish never",
+    "openapi:generate": "node scripts/generate-openapi.mjs",
+    "claude": "claude --dangerously-skip-permissions"
+  },
+  "files": [
+    "bin/",
+    "dist/"
+  ],
+  "dependencies": {
+    "@vscode/markdown-it-katex": "^1.1.2",
+    "eventsource": "^4.1.0",
+    "js-tiktoken": "^1.0.21",
+    "katex": "^0.17.0",
+    "node-edge-tts": "^1.2.10",
+    "node-pty": "^1.1.0",
+    "socket.io": "^4.8.3",
+    "socket.io-client": "^4.8.3"
+  },
+  "devDependencies": {
+    "@koa/bodyparser": "^5.0.0",
+    "@koa/cors": "^5.0.0",
+    "@koa/router": "^15.4.0",
+    "@multiavatar/multiavatar": "^1.0.7",
+    "@pinia/testing": "^1.0.3",
+    "@playwright/test": "^1.60.0",
+    "@types/eventsource": "^1.1.15",
+    "@types/js-yaml": "^4.0.9",
+    "@types/katex": "^0.16.8",
+    "@types/koa": "^2.15.0",
+    "@types/koa__cors": "^5.0.0",
+    "@types/koa__router": "^12.0.5",
+    "@types/koa-send": "^4.1.6",
+    "@types/koa-static": "^4.0.4",
+    "@types/markdown-it": "^14.1.2",
+    "@types/node": "^24.12.2",
+    "@types/qrcode": "^1.5.6",
+    "@types/ws": "^8.18.1",
+    "@vitejs/plugin-vue": "^6.0.5",
+    "@vitest/coverage-v8": "^3.2.4",
+    "@vue/test-utils": "^2.4.6",
+    "@vue/tsconfig": "^0.9.1",
+    "@xterm/addon-fit": "^0.11.0",
+    "@xterm/addon-web-links": "^0.12.0",
+    "@xterm/xterm": "^6.0.0",
+    "axios": "^1.9.0",
+    "concurrently": "^9.2.1",
+    "cross-env": "^10.1.0",
+    "esbuild": "^0.27.0",
+    "highlight.js": "^11.11.1",
+    "js-yaml": "^4.1.1",
+    "jsdom": "^27.0.1",
+    "koa": "^2.15.3",
+    "koa-send": "^5.0.1",
+    "koa-static": "^5.0.0",
+    "markdown-it": "^14.1.1",
+    "mermaid": "^11.14.0",
+    "monaco-editor": "^0.55.1",
+    "naive-ui": "^2.44.1",
+    "nodemon": "^3.1.14",
+    "pinia": "^3.0.4",
+    "pino": "^10.3.1",
+    "pino-pretty": "^13.1.3",
+    "qrcode": "^1.5.4",
+    "sass": "^1.99.0",
+    "ts-node": "^10.9.2",
+    "ts-node-dev": "^2.0.0",
+    "tsoa": "^7.0.0-alpha.0",
+    "typescript": "~6.0.2",
+    "vite": "^8.0.4",
+    "vitest": "^3.2.4",
+    "vue": "^3.5.32",
+    "vue-i18n": "^11.3.2",
+    "vue-router": "^4.6.4",
+    "vue-tsc": "^3.2.8",
+    "vue-virtual-scroller": "^3.0.4",
+    "ws": "^8.20.0"
+  }
+}
diff --git a/packages/client/index.html b/packages/client/index.html
new file mode 100644
index 0000000..008b881
--- /dev/null
+++ b/packages/client/index.html
@@ -0,0 +1,47 @@
+<!doctype html>
+<html lang="zh-CN">
+
+<head>
+  <meta charset="UTF-8" />
+  <link rel="icon" type="image/svg+xml" href="/logo.svg" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>灵犀 Studio</title>
+
+  <link rel="preconnect" href="https://fonts.googleapis.com" />
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+  <link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:wght@400;500&family=Noto+Sans+SC:wght@400;500;600;700&family=Plus+Jakarta+Sans:wght@400;500;600;700&display=swap" rel="stylesheet" />
+
+  <!-- Prevent FOUC by applying theme classes immediately -->
+  <script>
+    (function() {
+      try {
+        const brightness = localStorage.getItem('hermes_brightness') || 'system';
+        const style = localStorage.getItem('hermes_style') || 'ink';
+
+        // Resolve dark mode
+        const prefersDark = window.matchMedia('(prefers-color-scheme: dark)').matches;
+        const isDark = brightness === 'dark' || (brightness === 'system' && prefersDark);
+
+        // Resolve comic style
+        const isComic = style === 'comic';
+
+        // Apply classes immediately
+        if (isDark) {
+          document.documentElement.classList.add('dark');
+        }
+        if (isComic) {
+          document.documentElement.classList.add('comic');
+        }
+      } catch (e) {
+        console.warn('Failed to apply theme:', e);
+      }
+    })();
+  </script>
+</head>
+
+<body>
+  <div id="app"></div>
+  <script type="module" src="/src/main.ts"></script>
+</body>
+
+</html>
diff --git a/packages/client/public/coding-agents/claude-code.svg b/packages/client/public/coding-agents/claude-code.svg
new file mode 100644
index 0000000..b4a2131
--- /dev/null
+++ b/packages/client/public/coding-agents/claude-code.svg
@@ -0,0 +1,7 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
+  <title>Claude Code</title>
+  <path clip-rule="evenodd"
+        d="M20.998 10.949H24v3.102h-3v3.028h-1.487V20H18v-2.921h-1.487V20H15v-2.921H9V20H7.488v-2.921H6V20H4.487v-2.921H3V14.05H0V10.95h3V5h17.998v5.949zM6 10.949h1.488V8.102H6v2.847zm10.51 0H18V8.102h-1.49v2.847z"
+        fill="#D97757"
+        fill-rule="evenodd" />
+</svg>
\ No newline at end of file
diff --git a/packages/client/public/coding-agents/codex-openai.png b/packages/client/public/coding-agents/codex-openai.png
new file mode 100644
index 0000000..44fc39c
Binary files /dev/null and b/packages/client/public/coding-agents/codex-openai.png differ
diff --git a/packages/client/public/favicon.ico b/packages/client/public/favicon.ico
new file mode 100644
index 0000000..dbc3f56
Binary files /dev/null and b/packages/client/public/favicon.ico differ
diff --git a/packages/client/public/fonts/ComicNeue-Bold.ttf b/packages/client/public/fonts/ComicNeue-Bold.ttf
new file mode 100644
index 0000000..d3f425f
Binary files /dev/null and b/packages/client/public/fonts/ComicNeue-Bold.ttf differ
diff --git a/packages/client/public/fonts/ComicNeue-Regular.ttf b/packages/client/public/fonts/ComicNeue-Regular.ttf
new file mode 100644
index 0000000..cc41f02
Binary files /dev/null and b/packages/client/public/fonts/ComicNeue-Regular.ttf differ
diff --git a/packages/client/public/fonts/Gaegu-Bold.ttf b/packages/client/public/fonts/Gaegu-Bold.ttf
new file mode 100644
index 0000000..4e22d24
Binary files /dev/null and b/packages/client/public/fonts/Gaegu-Bold.ttf differ
diff --git a/packages/client/public/fonts/Gaegu-Regular.ttf b/packages/client/public/fonts/Gaegu-Regular.ttf
new file mode 100644
index 0000000..1e28823
Binary files /dev/null and b/packages/client/public/fonts/Gaegu-Regular.ttf differ
diff --git a/packages/client/public/fonts/ZCOOLKuaiLe-Regular.ttf b/packages/client/public/fonts/ZCOOLKuaiLe-Regular.ttf
new file mode 100644
index 0000000..3cf6cd9
Binary files /dev/null and b/packages/client/public/fonts/ZCOOLKuaiLe-Regular.ttf differ
diff --git a/packages/client/public/fonts/ZenMaruGothic-Bold.ttf b/packages/client/public/fonts/ZenMaruGothic-Bold.ttf
new file mode 100644
index 0000000..aeaf890
Binary files /dev/null and b/packages/client/public/fonts/ZenMaruGothic-Bold.ttf differ
diff --git a/packages/client/public/fonts/ZenMaruGothic-Regular.ttf b/packages/client/public/fonts/ZenMaruGothic-Regular.ttf
new file mode 100644
index 0000000..c622402
Binary files /dev/null and b/packages/client/public/fonts/ZenMaruGothic-Regular.ttf differ
diff --git a/packages/client/public/icons.svg b/packages/client/public/icons.svg
new file mode 100644
index 0000000..e952219
--- /dev/null
+++ b/packages/client/public/icons.svg
@@ -0,0 +1,24 @@
+<svg xmlns="http://www.w3.org/2000/svg">
+  <symbol id="bluesky-icon" viewBox="0 0 16 17">
+    <g clip-path="url(#bluesky-clip)"><path fill="#08060d" d="M7.75 7.735c-.693-1.348-2.58-3.86-4.334-5.097-1.68-1.187-2.32-.981-2.74-.79C.188 2.065.1 2.812.1 3.251s.241 3.602.398 4.13c.52 1.744 2.367 2.333 4.07 2.145-2.495.37-4.71 1.278-1.805 4.512 3.196 3.309 4.38-.71 4.987-2.746.608 2.036 1.307 5.91 4.93 2.746 2.72-2.746.747-4.143-1.747-4.512 1.702.189 3.55-.4 4.07-2.145.156-.528.397-3.691.397-4.13s-.088-1.186-.575-1.406c-.42-.19-1.06-.395-2.741.79-1.755 1.24-3.64 3.752-4.334 5.099"/></g>
+    <defs><clipPath id="bluesky-clip"><path fill="#fff" d="M.1.85h15.3v15.3H.1z"/></clipPath></defs>
+  </symbol>
+  <symbol id="discord-icon" viewBox="0 0 20 19">
+    <path fill="#08060d" d="M16.224 3.768a14.5 14.5 0 0 0-3.67-1.153c-.158.286-.343.67-.47.976a13.5 13.5 0 0 0-4.067 0c-.128-.306-.317-.69-.476-.976A14.4 14.4 0 0 0 3.868 3.77C1.546 7.28.916 10.703 1.231 14.077a14.7 14.7 0 0 0 4.5 2.306q.545-.748.965-1.587a9.5 9.5 0 0 1-1.518-.74q.191-.14.372-.293c2.927 1.369 6.107 1.369 8.999 0q.183.152.372.294-.723.437-1.52.74.418.838.963 1.588a14.6 14.6 0 0 0 4.504-2.308c.37-3.911-.63-7.302-2.644-10.309m-9.13 8.234c-.878 0-1.599-.82-1.599-1.82 0-.998.705-1.82 1.6-1.82.894 0 1.614.82 1.599 1.82.001 1-.705 1.82-1.6 1.82m5.91 0c-.878 0-1.599-.82-1.599-1.82 0-.998.705-1.82 1.6-1.82.893 0 1.614.82 1.599 1.82 0 1-.706 1.82-1.6 1.82"/>
+  </symbol>
+  <symbol id="documentation-icon" viewBox="0 0 21 20">
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="m15.5 13.333 1.533 1.322c.645.555.967.833.967 1.178s-.322.623-.967 1.179L15.5 18.333m-3.333-5-1.534 1.322c-.644.555-.966.833-.966 1.178s.322.623.966 1.179l1.534 1.321"/>
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M17.167 10.836v-4.32c0-1.41 0-2.117-.224-2.68-.359-.906-1.118-1.621-2.08-1.96-.599-.21-1.349-.21-2.848-.21-2.623 0-3.935 0-4.983.369-1.684.591-3.013 1.842-3.641 3.428C3 6.449 3 7.684 3 10.154v2.122c0 2.558 0 3.838.706 4.726q.306.383.713.671c.76.536 1.79.64 3.581.66"/>
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M3 10a2.78 2.78 0 0 1 2.778-2.778c.555 0 1.209.097 1.748-.047.48-.129.854-.503.982-.982.145-.54.048-1.194.048-1.749a2.78 2.78 0 0 1 2.777-2.777"/>
+  </symbol>
+  <symbol id="github-icon" viewBox="0 0 19 19">
+    <path fill="#08060d" fill-rule="evenodd" d="M9.356 1.85C5.05 1.85 1.57 5.356 1.57 9.694a7.84 7.84 0 0 0 5.324 7.44c.387.079.528-.168.528-.376 0-.182-.013-.805-.013-1.454-2.165.467-2.616-.935-2.616-.935-.349-.91-.864-1.143-.864-1.143-.71-.48.051-.48.051-.48.787.051 1.2.805 1.2.805.695 1.194 1.817.857 2.268.649.064-.507.27-.857.49-1.052-1.728-.182-3.545-.857-3.545-3.87 0-.857.31-1.558.8-2.104-.078-.195-.349-1 .077-2.078 0 0 .657-.208 2.14.805a7.5 7.5 0 0 1 1.946-.26c.657 0 1.328.092 1.946.26 1.483-1.013 2.14-.805 2.14-.805.426 1.078.155 1.883.078 2.078.502.546.799 1.247.799 2.104 0 3.013-1.818 3.675-3.558 3.87.284.247.528.714.528 1.454 0 1.052-.012 1.896-.012 2.156 0 .208.142.455.528.377a7.84 7.84 0 0 0 5.324-7.441c.013-4.338-3.48-7.844-7.773-7.844" clip-rule="evenodd"/>
+  </symbol>
+  <symbol id="social-icon" viewBox="0 0 20 20">
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M12.5 6.667a4.167 4.167 0 1 0-8.334 0 4.167 4.167 0 0 0 8.334 0"/>
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M2.5 16.667a5.833 5.833 0 0 1 8.75-5.053m3.837.474.513 1.035c.07.144.257.282.414.309l.93.155c.596.1.736.536.307.965l-.723.73a.64.64 0 0 0-.152.531l.207.903c.164.715-.213.991-.84.618l-.872-.52a.63.63 0 0 0-.577 0l-.872.52c-.624.373-1.003.094-.84-.618l.207-.903a.64.64 0 0 0-.152-.532l-.723-.729c-.426-.43-.289-.864.306-.964l.93-.156a.64.64 0 0 0 .412-.31l.513-1.034c.28-.562.735-.562 1.012 0"/>
+  </symbol>
+  <symbol id="x-icon" viewBox="0 0 19 19">
+    <path fill="#08060d" fill-rule="evenodd" d="M1.893 1.98c.052.072 1.245 1.769 2.653 3.77l2.892 4.114c.183.261.333.48.333.486s-.068.089-.152.183l-.522.593-.765.867-3.597 4.087c-.375.426-.734.834-.798.905a1 1 0 0 0-.118.148c0 .01.236.017.664.017h.663l.729-.83c.4-.457.796-.906.879-.999a692 692 0 0 0 1.794-2.038c.034-.037.301-.34.594-.675l.551-.624.345-.392a7 7 0 0 1 .34-.374c.006 0 .93 1.306 2.052 2.903l2.084 2.965.045.063h2.275c1.87 0 2.273-.003 2.266-.021-.008-.02-1.098-1.572-3.894-5.547-2.013-2.862-2.28-3.246-2.273-3.266.008-.019.282-.332 2.085-2.38l2-2.274 1.567-1.782c.022-.028-.016-.03-.65-.03h-.674l-.3.342a871 871 0 0 1-1.782 2.025c-.067.075-.405.458-.75.852a100 100 0 0 1-.803.91c-.148.172-.299.344-.99 1.127-.304.343-.32.358-.345.327-.015-.019-.904-1.282-1.976-2.808L6.365 1.85H1.8zm1.782.91 8.078 11.294c.772 1.08 1.413 1.973 1.425 1.984.016.017.241.02 1.05.017l1.03-.004-2.694-3.766L7.796 5.75 5.722 2.852l-1.039-.004-1.039-.004z" clip-rule="evenodd"/>
+  </symbol>
+</svg>
diff --git a/packages/client/public/logo.png b/packages/client/public/logo.png
new file mode 100644
index 0000000..451200c
Binary files /dev/null and b/packages/client/public/logo.png differ
diff --git a/packages/client/public/logo.svg b/packages/client/public/logo.svg
new file mode 100644
index 0000000..c6522f3
--- /dev/null
+++ b/packages/client/public/logo.svg
@@ -0,0 +1,16 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48" fill="none">
+  <defs>
+    <linearGradient id="lx-bg" x1="6" y1="4" x2="42" y2="44" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#2563eb"/>
+      <stop offset="1" stop-color="#0891b2"/>
+    </linearGradient>
+    <linearGradient id="lx-glow" x1="24" y1="10" x2="24" y2="38" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#ffffff" stop-opacity="0.95"/>
+      <stop offset="1" stop-color="#e0f2fe" stop-opacity="0.7"/>
+    </linearGradient>
+  </defs>
+  <rect x="3" y="3" width="42" height="42" rx="11" fill="url(#lx-bg)"/>
+  <path d="M24 11 L33 24 L24 37 L15 24 Z" fill="url(#lx-glow)"/>
+  <circle cx="24" cy="22" r="4.5" fill="#ffffff"/>
+  <circle cx="24" cy="22" r="2" fill="#2563eb"/>
+</svg>
diff --git a/packages/client/public/skill-recommendations.en.md b/packages/client/public/skill-recommendations.en.md
new file mode 100644
index 0000000..ca92ed1
--- /dev/null
+++ b/packages/client/public/skill-recommendations.en.md
@@ -0,0 +1,228 @@
+# Recommended Skills
+
+This page collects useful community skill repositories that can extend Hermes, Claude Code, Codex-style agents, and similar local agent workflows.
+
+Community skills are third-party code and instructions. Review them before installing, especially when a skill can read API keys, cookies, browser sessions, local files, repositories, shell scripts, package managers, or social media accounts.
+
+Useful skill recommendations are welcome. If you find a high-quality skill that should be listed here, please submit a pull request on GitHub with the repository link, usage scenario, and any security notes.
+
+## Maintenance Guidelines
+
+- Keep this document in English. Update `skill-recommendations.zh.md` separately for the Chinese version.
+- Add recommendations under the closest existing category before creating a new category.
+- Use the same structure for each item: repository link, focus, good-for scenarios, representative skills or capabilities when available, and notes when there are installation, API, or security concerns.
+- Keep descriptions factual and concise. Prefer information confirmed from the repository README, `SKILL.md`, examples, or package metadata.
+- Do not paste secrets, private tokens, install commands that auto-execute remote code, or unverifiable marketing claims.
+- Put security-sensitive skills in context: mention when they can access credentials, browsers, local files, shells, package managers, external APIs, or social accounts.
+- For unsupported locales, the UI falls back to this English document.
+
+## Security First
+
+- Treat every third-party skill as untrusted until reviewed.
+- Read `SKILL.md`, scripts, hooks, and dependency installers before running.
+- Be extra careful with skills that post to social media, access browsers, read credentials, install packages, execute shell commands, or send local files to external APIs.
+- Prefer testing new skills in a disposable profile or sandboxed project first.
+- Use a security review skill such as SlowMist Agent Security when evaluating unknown repositories, URLs, MCP servers, or skill packages.
+
+## Official And General-Purpose Skills
+
+### Anthropic Official Skills
+
+- Repository: [anthropics/skills](https://github.com/anthropics/skills/tree/main/skills)
+- Focus: official reference skills for Claude-style agents.
+- Good for: learning the expected skill structure, adapting stable examples, and bootstrapping common workflows.
+- Representative skills: `docx`, `pdf`, `pptx`, `xlsx`, `frontend-design`, `webapp-testing`, `skill-creator`, `mcp-builder`, `theme-factory`, `web-artifacts-builder`.
+- Notes: a good first source when you want conservative, well-structured examples.
+
+### Matt Pocock Skills
+
+- Repository: [mattpocock/skills](https://github.com/mattpocock/skills)
+- Focus: engineering and productivity skills from a real development workflow.
+- Good for: TypeScript engineering, test-driven work, triage, diagnosis, reviews, prototyping, and product handoff workflows.
+- Representative skills: `tdd`, `triage`, `diagnose`, `prototype`, `review`, `to-prd`, `to-issues`, `handoff`, `write-a-skill`.
+- Notes: useful when you want agent behavior that is direct, structured, and engineering-oriented.
+
+## Design, Slides, And Visual Work
+
+### Frontend Slides
+
+- Repository: [zarazhangrui/frontend-slides](https://github.com/zarazhangrui/frontend-slides)
+- Focus: creating web-native slide decks with frontend techniques.
+- Good for: HTML/CSS slide decks, visual storytelling, and browser-rendered presentations.
+- Notes: useful when a deck should be designed as a rich web artifact rather than a traditional office file.
+
+### Huashu Design
+
+- Repository: [alchaincyf/huashu-design](https://github.com/alchaincyf/huashu-design)
+- Focus: HTML-native design work for Claude Code and agent workflows.
+- Good for: high-fidelity prototypes, slides, animation concepts, visual review, and export-oriented design flows.
+- Notes: includes design philosophy, review heuristics, and presentation-oriented workflows.
+
+### Guizang PPT Skill
+
+- Repository: [op7418/guizang-ppt-skill](https://github.com/op7418/guizang-ppt-skill)
+- Focus: polished HTML slide decks with editorial, magazine, and Swiss-style layouts.
+- Good for: presentation decks, social covers, image prompts, and visual narrative work.
+- Notes: includes a presentation runtime and style-oriented slide generation patterns.
+
+### HTML PPT Skill
+
+- Repository: [lewislulu/html-ppt-skill](https://github.com/lewislulu/html-ppt-skill)
+- Focus: HTML PPT Studio for professional HTML presentations.
+- Good for: themed slide decks, layout-rich presentations, and animated browser presentations.
+- Representative capabilities: multiple themes, layout templates, animation patterns, and HTML presentation scaffolding.
+
+### PPT Image First
+
+- Repository: [NyxTides/ppt-image-first](https://github.com/NyxTides/ppt-image-first)
+- Focus: image-first presentation generation.
+- Good for: decks where the visual direction should lead the content structure.
+- Notes: designed for Codex, Claude Code, and OpenCode-style CLI agents.
+
+### GPT Image To PPT
+
+- Repository: [JuneYaooo/gpt-image2-ppt-skills](https://github.com/JuneYaooo/gpt-image2-ppt-skills)
+- Focus: cloning or adapting PowerPoint visual layouts using image generation.
+- Good for: recreating a deck style from an existing `.pptx` template while replacing the actual content.
+- Notes: useful for template-driven presentations, but review external image generation/API behavior before use.
+
+### Fireworks Tech Graph
+
+- Repository: [yizhiyanhua-ai/fireworks-tech-graph](https://github.com/yizhiyanhua-ai/fireworks-tech-graph)
+- Focus: technical diagram generation.
+- Good for: architecture diagrams, workflow charts, UML-style visuals, AI agent workflow diagrams, and production-ready SVG/PNG outputs.
+- Notes: a practical choice when you need diagrams rather than full slide decks.
+
+### Diagram Skill
+
+- Repository: [312362115/claude diagram skill](https://github.com/312362115/claude/blob/main/skills/diagram/SKILL.md)
+- Focus: diagram generation inside a broader Claude skill collection.
+- Good for: generating structured diagrams, templates, and visual explanations.
+- Notes: this is a direct skill file link, so review the surrounding `references`, `scripts`, and `templates` folders before installing.
+
+## Writing, Documents, And Knowledge Work
+
+### Huashu Markdown To HTML
+
+- Repository: [alchaincyf/huashu-md-html](https://github.com/alchaincyf/huashu-md-html)
+- Focus: Markdown and HTML conversion pipelines.
+- Good for: converting files or URLs to Markdown, turning Markdown into polished HTML, and converting HTML back to Markdown.
+- Representative tools: MarkItDown, Pandoc, html-to-markdown, and trafilatura-based workflows.
+- Notes: useful for content publishing, document cleanup, and HTML presentation pages.
+
+### Chinese Web Novel Skill
+
+- Repository: [Tomsawyerhu/Chinese-WebNovel-Skill](https://github.com/Tomsawyerhu/Chinese-WebNovel-Skill)
+- Focus: Chinese web novel writing workflows.
+- Good for: long-form fiction planning, chapter writing, style continuity, and web-novel oriented drafting.
+- Representative skill: `webnovel-writing`.
+
+### Software Copyright Skill
+
+- Repository: [Fokkyp/SoftwareCopyright-Skill](https://github.com/Fokkyp/SoftwareCopyright-Skill)
+- Focus: preparing Chinese software copyright application materials.
+- Good for: generating `.docx` application documents from a local software project.
+- Representative skills: `software-copyright-materials`, `docx-toolkit`.
+- Notes: this may read local project files. Review file access and document generation behavior before running.
+
+### Patent Disclosure Skill
+
+- Repository: [handsomestWei/patent-disclosure-skill](https://github.com/handsomestWei/patent-disclosure-skill)
+- Focus: patent disclosure drafting.
+- Good for: extracting patentable points from project documents, novelty checks, desensitized drafting, and self-review loops.
+- Notes: may involve web research and sensitive technical documents. Review data handling carefully.
+
+## Image, Media, And Social Publishing
+
+### Baoyu Skills
+
+- Repository: [JimLiu/baoyu-skills](https://github.com/JimLiu/baoyu-skills)
+- Focus: image generation, content transformation, publishing, and media workflows.
+- Good for: image cards, article illustrations, slide decks, URL-to-Markdown conversion, YouTube transcripts, Markdown-to-HTML, and social posting workflows.
+- Representative skills: `baoyu-image-gen`, `baoyu-imagine`, `baoyu-slide-deck`, `baoyu-markdown-to-html`, `baoyu-post-to-x`, `baoyu-post-to-wechat`, `baoyu-post-to-weibo`, `baoyu-url-to-markdown`, `baoyu-youtube-transcript`, `baoyu-translate`, `baoyu-diagram`, `baoyu-comic`.
+- Security note: posting and web-reading skills may access account sessions, cookies, browser state, or external APIs. Review carefully before use.
+
+### Virtual Couple Travel Vlog
+
+- Repository: [vibeshotclub/vsc-skills / virtual-couple-travel-vlog](https://github.com/vibeshotclub/vsc-skills/tree/main/virtual-couple-travel-vlog)
+- Focus: travel-vlog style media generation.
+- Good for: short-form visual storytelling, character-based travel content, and repeatable media production prompts.
+- Notes: this is a subdirectory skill inside a larger skill collection.
+
+## Research, Web Access, And Content Monitoring
+
+### Web Access
+
+- Repository: [eze-is/web-access](https://github.com/eze-is/web-access)
+- Focus: giving an agent structured web access through layered routing and browser/CDP workflows.
+- Good for: web research, browser-assisted tasks, parallel information gathering, and pages that require interaction.
+- Security note: browser access can expose logged-in sessions and local browser state. Audit before enabling.
+
+### OpenCLI
+
+- Repository: [jackwener/opencli](https://github.com/jackwener/opencli)
+- Focus: converting websites, browser sessions, Electron apps, and local tools into CLI-accessible automation surfaces for humans and AI agents.
+- Good for: letting agents operate logged-in Chrome pages, building reusable website adapters, wrapping local binaries, and turning browser workflows into deterministic commands.
+- Representative skills: `opencli-browser`, `opencli-adapter-author`, `opencli-autofix`, `opencli-usage`.
+- Security note: browser-backed commands can use logged-in sessions and local browser state. Review the extension, daemon, adapters, and any generated commands before enabling in sensitive profiles.
+
+### Follow Builders
+
+- Repository: [zarazhangrui/follow-builders](https://github.com/zarazhangrui/follow-builders)
+- Focus: monitoring AI builders across X, blogs, and YouTube podcasts.
+- Good for: tracking builders rather than influencers, summarizing feeds, and creating digest-style updates.
+- Representative data/config files: X feeds, blog feeds, podcast feeds, prompts, and state files.
+- Security note: any social or feed automation should be reviewed for account/session access.
+
+### SlowMist Agent Security
+
+- Repository: [slowmist/slowmist-agent-security](https://github.com/slowmist/slowmist-agent-security)
+- Focus: security review for AI agents operating with untrusted inputs.
+- Good for: checking skills, MCP servers, repositories, URLs, prompts, and crypto/on-chain addresses for security risks.
+- Core idea: external input should be considered untrusted until verified.
+- Notes: recommended before installing or running unfamiliar community skills.
+
+## Persona, Thinking, And Advisory Skills
+
+### Huashu Nuwa Skill
+
+- Repository: [alchaincyf/nuwa-skill](https://github.com/alchaincyf/nuwa-skill)
+- Focus: distilling a person or viewpoint into a reusable agent skill.
+- Good for: advisory-board style thinking, mental models, decision heuristics, and writing in a specific perspective.
+- Representative perspectives: Huashu Nuwa, Feynman, Steve Jobs, Elon Musk, Naval Ravikant, Paul Graham, Nassim Taleb.
+- Notes: useful for brainstorming and viewpoint simulation, not for factual authority.
+
+### PUA / Anti-PUA Skills
+
+- Repository: [tanweai/pua](https://github.com/tanweai/pua)
+- Focus: high-agency, confrontational, coaching, or anti-PUA style agent behavior.
+- Good for: motivation, critique, resistance to manipulation, and intentionally sharp agent feedback.
+- Representative skills: `pua`, `pua-en`, `pua-ja`, `pua-loop`, `mama`, `p7`, `p9`, `p10`, `pro`, `shot`, `yes`.
+- Notes: these skills intentionally change tone and interaction style. Review before enabling in shared or user-facing environments.
+
+### Ex Skill
+
+- Repository: [therealXiaomanChu/ex-skill](https://github.com/therealXiaomanChu/ex-skill)
+- Focus: distilling an ex-partner/persona into an AI skill that speaks in that style.
+- Good for: persona experiments, emotional roleplay, and style simulation.
+- Representative skill: `create-ex`.
+- Notes: use carefully. Persona skills can strongly alter tone and emotional framing.
+
+## Quick Shortlist
+
+If you only want a practical starter set:
+
+- [Anthropic Official Skills](https://github.com/anthropics/skills/tree/main/skills) for reference implementations.
+- [Matt Pocock Skills](https://github.com/mattpocock/skills) for engineering workflows.
+- [Baoyu Skills](https://github.com/JimLiu/baoyu-skills) for image, media, and publishing workflows.
+- [Huashu Design](https://github.com/alchaincyf/huashu-design) for high-fidelity HTML-native design.
+- [Guizang PPT Skill](https://github.com/op7418/guizang-ppt-skill) or [HTML PPT Skill](https://github.com/lewislulu/html-ppt-skill) for browser-based presentations.
+- [Huashu Markdown To HTML](https://github.com/alchaincyf/huashu-md-html) for Markdown/HTML document conversion.
+- [Web Access](https://github.com/eze-is/web-access) for web research workflows.
+- [OpenCLI](https://github.com/jackwener/opencli) for logged-in browser automation and reusable website CLI adapters.
+- [Fireworks Tech Graph](https://github.com/yizhiyanhua-ai/fireworks-tech-graph) for technical diagrams.
+- [SlowMist Agent Security](https://github.com/slowmist/slowmist-agent-security) for reviewing risky community skills.
+
+## Original Source List
+
+This document was compiled from a curated Hermes / Claude skill sharing list and expanded with public GitHub repository metadata.
diff --git a/packages/client/public/skill-recommendations.zh.md b/packages/client/public/skill-recommendations.zh.md
new file mode 100644
index 0000000..ce30899
--- /dev/null
+++ b/packages/client/public/skill-recommendations.zh.md
@@ -0,0 +1,228 @@
+# Skills 推荐清单
+
+这是一份适合 Hermes、Claude Code、Codex 类本地 Agent 工作流的社区 Skill 推荐清单。它主要用于帮助你发现可安装、可参考或可改造的 Skill 来源。
+
+社区 Skill 本质上是第三方指令和代码。安装前请先审计，尤其是会读取 API Key、Cookie、浏览器登录态、本地文件、仓库内容，或者会执行 shell、安装依赖、自动发帖、访问外部 API 的 Skill。
+
+欢迎大家推荐各种好用的 Skill。如果你发现值得收录的高质量 Skill，可以到 GitHub 提交 PR，并附上仓库链接、适用场景和必要的安全说明。
+
+## 维护规范
+
+- 这份文档只维护中文内容；英文版请同步维护 `skill-recommendations.en.md`。
+- 新增推荐时优先放入最接近的现有分类，不要轻易新增大类。
+- 每个条目尽量保持同一结构：仓库链接、方向、适合场景、代表 Skills 或能力、必要备注。
+- 描述要简洁、事实化，优先依据仓库 README、`SKILL.md`、示例或包元数据，不写无法验证的宣传语。
+- 不要写入密钥、私有 token、会自动执行远程代码的安装命令，或无法确认来源的内容。
+- 涉及安全风险的 Skill 要明确说明上下文，例如是否会访问凭据、浏览器、本地文件、shell、包管理器、外部 API 或社交账号。
+- 前端只维护中文和英文两份推荐文档，其他语言统一回退到英文版。
+
+## 安全优先
+
+- 默认把所有第三方 Skill 当成不可信内容，审计后再启用。
+- 安装前阅读 `SKILL.md`、脚本、hooks、依赖安装逻辑和插件配置。
+- 对会访问浏览器、读取凭据、执行 shell、安装 npm/pip/brew 依赖、自动发帖或上传本地文件的 Skill 保持谨慎。
+- 建议先在一次性 profile 或沙盒项目里测试新 Skill。
+- 可以使用 SlowMist Agent Security 这类安全审计 Skill 来检查陌生仓库、URL、MCP、Skill 包和链上地址。
+
+## 官方与通用 Skills
+
+### Anthropic 官方 Skills
+
+- 仓库：[anthropics/skills](https://github.com/anthropics/skills/tree/main/skills)
+- 方向：Claude 官方参考 Skill。
+- 适合：学习标准 Skill 结构、参考稳定实现、搭建通用工作流。
+- 代表 Skills：`docx`、`pdf`、`pptx`、`xlsx`、`frontend-design`、`webapp-testing`、`skill-creator`、`mcp-builder`、`theme-factory`、`web-artifacts-builder`。
+- 备注：如果你想找保守、规范、可参考的 Skill 示例，优先看这个。
+
+### Matt Pocock Skills
+
+- 仓库：[mattpocock/skills](https://github.com/mattpocock/skills)
+- 方向：工程与生产力工作流。
+- 适合：TypeScript 工程、TDD、问题诊断、代码评审、原型开发、PRD/Issue/Handoff 等开发流程。
+- 代表 Skills：`tdd`、`triage`、`diagnose`、`prototype`、`review`、`to-prd`、`to-issues`、`handoff`、`write-a-skill`。
+- 备注：适合希望 Agent 更像工程协作者时使用。
+
+## 设计、幻灯片与可视化
+
+### Frontend Slides
+
+- 仓库：[zarazhangrui/frontend-slides](https://github.com/zarazhangrui/frontend-slides)
+- 方向：用前端技术生成网页幻灯片。
+- 适合：HTML/CSS 幻灯片、视觉叙事、浏览器渲染的演示稿。
+- 备注：适合把演示稿当成 Web Artifact 来做，而不是传统 Office 文件。
+
+### 华叔 Design
+
+- 仓库：[alchaincyf/huashu-design](https://github.com/alchaincyf/huashu-design)
+- 方向：Claude Code 中的 HTML 原生设计 Skill。
+- 适合：高保真原型、幻灯片、动画概念、视觉评审和导出型设计流程。
+- 备注：包含设计哲学、评审维度和演示型工作流。
+
+### 归藏 PPT Skill
+
+- 仓库：[op7418/guizang-ppt-skill](https://github.com/op7418/guizang-ppt-skill)
+- 方向：生成高质量 HTML 幻灯片。
+- 适合：杂志风、编辑风、瑞士风等视觉风格的演示稿、社交封面、图片提示词和叙事型页面。
+- 备注：包含演示运行时和风格化生成模式。
+
+### HTML PPT Skill
+
+- 仓库：[lewislulu/html-ppt-skill](https://github.com/lewislulu/html-ppt-skill)
+- 方向：HTML PPT Studio。
+- 适合：主题化幻灯片、复杂布局演示稿和带动画的浏览器演示。
+- 代表能力：多主题、多布局、动画模式和 HTML 演示脚手架。
+
+### PPT Image First
+
+- 仓库：[NyxTides/ppt-image-first](https://github.com/NyxTides/ppt-image-first)
+- 方向：图片优先的 PPT 生成。
+- 适合：视觉方向先行的演示稿创作。
+- 备注：面向 Codex、Claude Code、OpenCode CLI 等 Agent 工作流。
+
+### GPT Image To PPT
+
+- 仓库：[JuneYaooo/gpt-image2-ppt-skills](https://github.com/JuneYaooo/gpt-image2-ppt-skills)
+- 方向：用图像生成能力复刻或改造 PPT 视觉版式。
+- 适合：从已有 `.pptx` 模板中学习版式，再替换成自己的内容。
+- 备注：涉及图像生成和外部 API 时请先检查配置与数据发送逻辑。
+
+### Fireworks Tech Graph
+
+- 仓库：[yizhiyanhua-ai/fireworks-tech-graph](https://github.com/yizhiyanhua-ai/fireworks-tech-graph)
+- 方向：技术图表生成。
+- 适合：架构图、流程图、UML 风格图、AI Agent 工作流图，以及 SVG/PNG 输出。
+- 备注：需要图表而不是整套演示稿时很实用。
+
+### Diagram Skill
+
+- 仓库：[312362115/claude diagram skill](https://github.com/312362115/claude/blob/main/skills/diagram/SKILL.md)
+- 方向：结构化图表生成。
+- 适合：生成图表、模板化视觉解释和技术说明。
+- 备注：这是一个直接指向 `SKILL.md` 的链接，安装前也要检查同目录下的 `references`、`scripts` 和 `templates`。
+
+## 写作、文档与知识工作
+
+### 华叔 Markdown To HTML
+
+- 仓库：[alchaincyf/huashu-md-html](https://github.com/alchaincyf/huashu-md-html)
+- 方向：Markdown 与 HTML 双向转换流水线。
+- 适合：把文件或网页转 Markdown，把 Markdown 转精美 HTML，把 HTML 再转回 Markdown。
+- 代表工具：MarkItDown、Pandoc、html-to-markdown、trafilatura。
+- 备注：适合内容发布、文档清理和 HTML 页面生成。
+
+### 中文网文写作 Skill
+
+- 仓库：[Tomsawyerhu/Chinese-WebNovel-Skill](https://github.com/Tomsawyerhu/Chinese-WebNovel-Skill)
+- 方向：中文网文小说写作。
+- 适合：长篇小说规划、章节创作、风格延续和网文式叙事。
+- 代表 Skill：`webnovel-writing`。
+
+### 软件著作权材料 Skill
+
+- 仓库：[Fokkyp/SoftwareCopyright-Skill](https://github.com/Fokkyp/SoftwareCopyright-Skill)
+- 方向：中国软件著作权申请材料生成。
+- 适合：根据本地项目生成 `.docx` 软著申请材料。
+- 代表 Skills：`software-copyright-materials`、`docx-toolkit`。
+- 备注：可能读取本地项目文件，运行前请审计文件访问和文档生成逻辑。
+
+### 专利交底书 Skill
+
+- 仓库：[handsomestWei/patent-disclosure-skill](https://github.com/handsomestWei/patent-disclosure-skill)
+- 方向：专利技术交底书生成。
+- 适合：从项目文档挖掘专利点、联网查新、脱敏成文和自检。
+- 备注：可能涉及敏感技术资料和联网检索，使用前请关注数据处理方式。
+
+## 图片、媒体与社交发布
+
+### 宝玉 Skills
+
+- 仓库：[JimLiu/baoyu-skills](https://github.com/JimLiu/baoyu-skills)
+- 方向：图片生成、内容转换、发布和媒体工作流。
+- 适合：图片卡片、文章配图、幻灯片、URL 转 Markdown、YouTube 字幕、Markdown 转 HTML、社交平台发布。
+- 代表 Skills：`baoyu-image-gen`、`baoyu-imagine`、`baoyu-slide-deck`、`baoyu-markdown-to-html`、`baoyu-post-to-x`、`baoyu-post-to-wechat`、`baoyu-post-to-weibo`、`baoyu-url-to-markdown`、`baoyu-youtube-transcript`、`baoyu-translate`、`baoyu-diagram`、`baoyu-comic`。
+- 安全提示：发帖和网页读取类 Skill 可能访问账号会话、Cookie、浏览器状态或外部 API，使用前务必审计。
+
+### Virtual Couple Travel Vlog
+
+- 仓库：[vibeshotclub/vsc-skills / virtual-couple-travel-vlog](https://github.com/vibeshotclub/vsc-skills/tree/main/virtual-couple-travel-vlog)
+- 方向：旅行 vlog 风格媒体生成。
+- 适合：短视频视觉叙事、角色化旅行内容和可复用媒体提示词。
+- 备注：这是一个大仓库里的子目录 Skill。
+
+## Web 访问、研究与内容监控
+
+### Web Access
+
+- 仓库：[eze-is/web-access](https://github.com/eze-is/web-access)
+- 方向：为 Agent 提供结构化联网能力。
+- 适合：网页研究、浏览器辅助任务、并行信息收集和需要交互的网站。
+- 安全提示：浏览器访问可能暴露已登录状态和本地浏览器数据，启用前要审计。
+
+### OpenCLI
+
+- 仓库：[jackwener/opencli](https://github.com/jackwener/opencli)
+- 方向：把网站、浏览器会话、Electron 应用和本地工具转换成 CLI 可调用的自动化入口。
+- 适合：让 Agent 操作已登录的 Chrome 页面、编写可复用网站适配器、封装本地命令，以及把浏览器流程变成稳定命令。
+- 代表 Skills：`opencli-browser`、`opencli-adapter-author`、`opencli-autofix`、`opencli-usage`。
+- 安全提示：浏览器命令可能使用已登录会话和本地浏览器状态。启用前请审计扩展、daemon、适配器和生成的命令，敏感 profile 里尤其要谨慎。
+
+### Follow Builders
+
+- 仓库：[zarazhangrui/follow-builders](https://github.com/zarazhangrui/follow-builders)
+- 方向：跟踪 AI builders 的 X、博客和 YouTube 播客内容。
+- 适合：关注 builder 而不是 influencer，生成摘要和内容 digest。
+- 代表内容：X feed、blog feed、podcast feed、prompts 和状态文件。
+- 安全提示：社交和 feed 自动化要关注账号、Cookie 和访问权限。
+
+### SlowMist Agent Security
+
+- 仓库：[slowmist/slowmist-agent-security](https://github.com/slowmist/slowmist-agent-security)
+- 方向：AI Agent 安全审计框架。
+- 适合：检查 Skill、MCP、仓库、URL、Prompt 和链上地址的安全风险。
+- 核心原则：所有外部输入在验证前都不可信。
+- 备注：安装陌生社区 Skill 前建议优先使用。
+
+## Persona、思维方式与顾问类 Skills
+
+### 华叔 Nuwa Skill
+
+- 仓库：[alchaincyf/nuwa-skill](https://github.com/alchaincyf/nuwa-skill)
+- 方向：把某个人或视角蒸馏成可复用 Skill。
+- 适合：顾问团式思考、心智模型、决策启发式和特定视角写作。
+- 代表视角：华叔 Nuwa、Feynman、Jobs、Musk、Naval、Paul Graham、Taleb。
+- 备注：适合头脑风暴和视角模拟，不应当作事实权威。
+
+### PUA / 反 PUA 类 Skills
+
+- 仓库：[tanweai/pua](https://github.com/tanweai/pua)
+- 方向：高能动性、强反馈、反操控或尖锐教练风格的 Agent 行为。
+- 适合：动机强化、批判反馈、反操控和刻意强风格交互。
+- 代表 Skills：`pua`、`pua-en`、`pua-ja`、`pua-loop`、`mama`、`p7`、`p9`、`p10`、`pro`、`shot`、`yes`。
+- 备注：这类 Skill 会明显改变语气和互动方式，不建议直接用于共享或面向用户的环境。
+
+### Ex Skill
+
+- 仓库：[therealXiaomanChu/ex-skill](https://github.com/therealXiaomanChu/ex-skill)
+- 方向：把某个前任/人格风格蒸馏成 AI Skill。
+- 适合：Persona 实验、情绪化角色扮演和特定语气模拟。
+- 代表 Skill：`create-ex`。
+- 备注：Persona 类 Skill 可能强烈影响语气和情绪框架，使用前请确认场景合适。
+
+## 快速推荐
+
+如果你只想先装一批实用的，可以从这些开始：
+
+- [Anthropic 官方 Skills](https://github.com/anthropics/skills/tree/main/skills)：参考实现和通用能力。
+- [Matt Pocock Skills](https://github.com/mattpocock/skills)：工程流程。
+- [宝玉 Skills](https://github.com/JimLiu/baoyu-skills)：图片、媒体和发布。
+- [华叔 Design](https://github.com/alchaincyf/huashu-design)：高保真 HTML 设计。
+- [归藏 PPT Skill](https://github.com/op7418/guizang-ppt-skill) 或 [HTML PPT Skill](https://github.com/lewislulu/html-ppt-skill)：浏览器演示稿。
+- [华叔 Markdown To HTML](https://github.com/alchaincyf/huashu-md-html)：Markdown/HTML 文档转换。
+- [Web Access](https://github.com/eze-is/web-access)：网页研究。
+- [OpenCLI](https://github.com/jackwener/opencli)：已登录浏览器自动化和可复用网站 CLI 适配器。
+- [Fireworks Tech Graph](https://github.com/yizhiyanhua-ai/fireworks-tech-graph)：技术图表。
+- [SlowMist Agent Security](https://github.com/slowmist/slowmist-agent-security)：社区 Skill 安全审计。
+
+## 来源说明
+
+本文档基于一份 Hermes / Claude Skills 分享清单整理，并补充了公开 GitHub 仓库描述与目录信息。
diff --git a/packages/client/src/App.vue b/packages/client/src/App.vue
new file mode 100644
index 0000000..999e6b0
--- /dev/null
+++ b/packages/client/src/App.vue
@@ -0,0 +1,190 @@
+<script setup lang="ts">

+import { onMounted, onUnmounted, computed, ref, watch } from 'vue'

+import { useRoute, useRouter } from 'vue-router'

+import { darkTheme, NConfigProvider, NMessageProvider, NDialogProvider, NNotificationProvider } from 'naive-ui'

+import { useI18n } from 'vue-i18n'

+import { getThemeOverrides } from '@/styles/theme'

+import { useTheme } from '@/composables/useTheme'

+import AppSidebar from '@/components/layout/AppSidebar.vue'

+import AppTopBar from '@/components/layout/AppTopBar.vue'

+import AppLogo from '@/components/common/AppLogo.vue'

+import { useKeyboard } from '@/composables/useKeyboard'

+import { useAppStore } from '@/stores/hermes/app'

+import SessionSearchModal from '@/components/hermes/chat/SessionSearchModal.vue'

+import AuthEventListener from '@/components/auth/AuthEventListener.vue'

+import DefaultCredentialPrompt from '@/components/auth/DefaultCredentialPrompt.vue'

+

+const { isDark, isComic } = useTheme()

+const { t } = useI18n()

+const appStore = useAppStore()

+const route = useRoute()

+const router = useRouter()

+const ready = ref(false)

+

+const themeOverrides = computed(() => getThemeOverrides(isDark.value, isComic.value))

+const naiveTheme = computed(() => isDark.value ? darkTheme : null)

+

+const isLoginPage = computed(() => route.name === 'login')

+

+const nodeVersionLow = computed(() => {

+  const v = appStore.nodeVersion

+  const major = parseInt(v.split('.')[0], 10)

+  return !isNaN(major) && major < 23

+})

+

+watch(() => route.path, () => {

+  appStore.closeSidebar()

+})

+

+router.isReady().then(() => {

+  ready.value = true

+})

+

+onMounted(() => {

+  if (!isLoginPage.value) {

+    appStore.loadModels()

+    appStore.startHealthPolling()

+  }

+})

+

+onUnmounted(() => {

+  appStore.stopHealthPolling()

+})

+

+useKeyboard()

+</script>

+

+<template>

+  <NConfigProvider :theme="naiveTheme" :theme-overrides="themeOverrides">

+    <NMessageProvider>

+      <AuthEventListener />

+      <NDialogProvider>

+        <NNotificationProvider>

+          <div v-if="nodeVersionLow && ready" class="node-warning-bar">

+            {{ t('sidebar.nodeVersionWarning', { version: appStore.nodeVersion }) }}

+          </div>

+          <div v-if="ready" class="app-shell" :class="{ 'no-chrome': isLoginPage, 'has-warning': nodeVersionLow }">

+            <AppTopBar v-if="!isLoginPage" />

+            <button v-if="!isLoginPage" class="hamburger-btn" @click="appStore.toggleSidebar">

+              <AppLogo :size="22" />

+            </button>

+            <div v-if="!isLoginPage && appStore.sidebarOpen" class="mobile-backdrop" @click="appStore.closeSidebar" />

+            <div v-if="!isLoginPage" class="app-body">

+              <AppSidebar />

+              <main class="app-main">

+                <router-view />

+              </main>

+            </div>

+            <main v-else class="app-main app-main--full">

+              <router-view />

+            </main>

+          </div>

+          <SessionSearchModal />

+          <DefaultCredentialPrompt />

+        </NNotificationProvider>

+      </NDialogProvider>

+    </NMessageProvider>

+  </NConfigProvider>

+</template>

+

+<style scoped lang="scss">

+@use '@/styles/variables' as *;

+

+.app-shell {

+  display: flex;

+  flex-direction: column;

+  height: calc(100 * var(--vh));

+  width: 100%;

+  overflow: hidden;

+  background-color: $bg-primary;

+

+  &.has-warning {

+    padding-top: 36px;

+  }

+

+  &.no-chrome {

+    display: block;

+  }

+}

+

+.app-body {

+  display: flex;

+  flex: 1;

+  min-height: 0;

+  overflow: hidden;

+}

+

+.app-main {

+  flex: 1;

+  overflow-y: auto;

+  background-color: transparent;

+  position: relative;

+  z-index: 1;

+  min-width: 0;

+

+  &--full {

+    height: calc(100 * var(--vh));

+  }

+}

+

+.mobile-backdrop {

+  display: none;

+  position: fixed;

+  inset: 0;

+  background: rgba(0, 0, 0, 0.35);

+  backdrop-filter: blur(3px);

+  z-index: 999;

+}

+

+.hamburger-btn {

+  display: none;

+  position: fixed;

+  top: calc(#{$topbar-height} + 10px);

+  left: 12px;

+  z-index: 99;

+  width: 38px;

+  height: 38px;

+  border: 1px solid $border-color;

+  background: $bg-card;

+  border-radius: $radius-sm;

+  cursor: pointer;

+  align-items: center;

+  justify-content: center;

+  box-shadow: 0 2px 8px rgba(0, 0, 0, 0.08);

+  transition: all $transition-fast;

+

+  .has-warning & {

+    top: calc(36px + #{$topbar-height} + 10px);

+  }

+

+  &:hover {

+    border-color: $accent-primary;

+  }

+}

+

+.node-warning-bar {

+  position: fixed;

+  top: 0;

+  left: 0;

+  width: 100%;

+  z-index: 200;

+  padding: 8px 16px;

+  font-size: 13px;

+  font-weight: 600;

+  color: #ffffff;

+  background: linear-gradient(90deg, #2563eb, #0891b2);

+  border-bottom: 1px solid rgba(0, 0, 0, 0.1);

+  text-align: center;

+  line-height: 1.4;

+}

+

+@media (max-width: $breakpoint-mobile) {

+  .mobile-backdrop {

+    display: block;

+  }

+

+  .hamburger-btn {

+    display: flex;

+  }

+}

+</style>

diff --git a/packages/client/src/api/auth.ts b/packages/client/src/api/auth.ts
new file mode 100644
index 0000000..dee1d07
--- /dev/null
+++ b/packages/client/src/api/auth.ts
@@ -0,0 +1,160 @@
+import { request } from './client'
+
+export interface AuthStatus {
+  hasPasswordLogin: boolean
+  hasUsers?: boolean
+}
+
+export async function fetchAuthStatus(): Promise<AuthStatus> {
+  const res = await fetch('/api/auth/status')
+  if (!res.ok) throw new Error('Failed to fetch auth status')
+  return res.json()
+}
+
+export async function loginWithPassword(username: string, password: string): Promise<string> {
+  const res = await fetch('/api/auth/login', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ username, password }),
+  })
+  if (!res.ok) {
+    const data = await res.json().catch(() => ({}))
+    const err: any = new Error(data.error || 'Login failed')
+    err.status = res.status
+    throw err
+  }
+  const data = await res.json()
+  return data.token
+}
+
+export interface CurrentUser {
+  id: number
+  username: string
+  role: UserRole
+  status: UserStatus
+  created_at: number
+  updated_at: number
+  last_login_at: number | null
+  requiresCredentialChange?: boolean
+}
+
+export async function fetchCurrentUser(): Promise<CurrentUser> {
+  const res = await request<{ user: CurrentUser }>('/api/auth/me')
+  return res.user
+}
+
+export async function setupPassword(username: string, password: string): Promise<void> {
+  return request('/api/auth/setup', {
+    method: 'POST',
+    body: JSON.stringify({ username, password }),
+  })
+}
+
+export async function changePassword(currentPassword: string, newPassword: string): Promise<void> {
+  return request('/api/auth/change-password', {
+    method: 'POST',
+    body: JSON.stringify({ currentPassword, newPassword }),
+  })
+}
+
+export async function changeUsername(currentPassword: string, newUsername: string): Promise<void> {
+  return request('/api/auth/change-username', {
+    method: 'POST',
+    body: JSON.stringify({ currentPassword, newUsername }),
+  })
+}
+
+export async function removePassword(): Promise<void> {
+  return request('/api/auth/password', {
+    method: 'DELETE',
+  })
+}
+
+export type UserRole = 'super_admin' | 'admin'
+export type UserStatus = 'active' | 'disabled'
+
+export interface ManagedUser {
+  id: number
+  username: string
+  role: UserRole
+  status: UserStatus
+  profiles: string[]
+  default_profile: string | null
+  created_at: number
+  updated_at: number
+  last_login_at: number | null
+}
+
+export interface ManagedUsersResponse {
+  users: ManagedUser[]
+  profiles: string[]
+}
+
+export async function fetchManagedUsers(): Promise<ManagedUsersResponse> {
+  return request<ManagedUsersResponse>('/api/auth/users')
+}
+
+export async function createManagedUser(input: {
+  username: string
+  password: string
+  role: UserRole
+  status: UserStatus
+  profiles: string[]
+  defaultProfile?: string | null
+}): Promise<ManagedUsersResponse> {
+  const res = await request<{ users: ManagedUser[] }>('/api/auth/users', {
+    method: 'POST',
+    body: JSON.stringify(input),
+  })
+  const current = await fetchManagedUsers()
+  return { ...current, users: res.users }
+}
+
+export async function updateManagedUser(id: number, input: {
+  username?: string
+  password?: string
+  role?: UserRole
+  status?: UserStatus
+  profiles?: string[]
+  defaultProfile?: string | null
+}): Promise<ManagedUsersResponse> {
+  const res = await request<{ users: ManagedUser[] }>(`/api/auth/users/${id}`, {
+    method: 'PUT',
+    body: JSON.stringify(input),
+  })
+  const current = await fetchManagedUsers()
+  return { ...current, users: res.users }
+}
+
+export async function deleteManagedUser(id: number): Promise<ManagedUsersResponse> {
+  const res = await request<{ users: ManagedUser[] }>(`/api/auth/users/${id}`, {
+    method: 'DELETE',
+  })
+  const current = await fetchManagedUsers()
+  return { ...current, users: res.users }
+}
+
+export interface LockedIp {
+  ip: string
+  type: 'password' | 'token'
+  failures: number
+  lockedUntil: number
+}
+
+export async function fetchLockedIps(): Promise<LockedIp[]> {
+  const res = await request<{ locks: LockedIp[] }>('/api/auth/locked-ips')
+  return res.locks
+}
+
+export async function unlockSpecificIp(ip: string): Promise<void> {
+  return request(`/api/auth/locked-ips?ip=${encodeURIComponent(ip)}`, {
+    method: 'DELETE',
+  })
+}
+
+export async function unlockAllIps(): Promise<number> {
+  const res = await request<{ count: number }>('/api/auth/locked-ips', {
+    method: 'DELETE',
+  })
+  return res.count
+}
diff --git a/packages/client/src/api/client.ts b/packages/client/src/api/client.ts
new file mode 100644
index 0000000..029a447
--- /dev/null
+++ b/packages/client/src/api/client.ts
@@ -0,0 +1,153 @@
+import router from '@/router'
+
+const DEFAULT_BASE_URL = ''
+
+function isDesktopShell(): boolean {
+  return typeof window !== 'undefined' &&
+    (window as typeof window & { hermesDesktop?: { isDesktop?: boolean } }).hermesDesktop?.isDesktop === true
+}
+
+function getBaseUrl(): string {
+  if (import.meta.env.VITE_HERMES_PREVIEW === '1') return DEFAULT_BASE_URL
+  if (isDesktopShell()) return DEFAULT_BASE_URL
+  return localStorage.getItem('hermes_server_url') || DEFAULT_BASE_URL
+}
+
+export function getApiKey(): string {
+  return localStorage.getItem('hermes_api_key') || ''
+}
+
+export function setServerUrl(url: string) {
+  localStorage.setItem('hermes_server_url', url)
+}
+
+export function setApiKey(key: string) {
+  localStorage.setItem('hermes_api_key', key)
+}
+
+export function clearApiKey() {
+  localStorage.removeItem('hermes_api_key')
+}
+
+export function hasApiKey(): boolean {
+  return !!getApiKey()
+}
+
+export type StoredUserRole = 'super_admin' | 'admin'
+
+export function getStoredUserRole(): StoredUserRole | null {
+  const token = getApiKey()
+  const payload = token.split('.')[1]
+  if (!payload) return null
+  try {
+    const normalized = payload.replace(/-/g, '+').replace(/_/g, '/')
+    const padded = normalized.padEnd(Math.ceil(normalized.length / 4) * 4, '=')
+    const data = JSON.parse(atob(padded)) as { role?: unknown }
+    return data.role === 'super_admin' || data.role === 'admin' ? data.role : null
+  } catch {
+    return null
+  }
+}
+
+export function isStoredSuperAdmin(): boolean {
+  return getStoredUserRole() === 'super_admin'
+}
+
+export function getActiveProfileName(): string | null {
+  return localStorage.getItem('hermes_active_profile_name')
+}
+
+function bodyHasProfileSelector(body: BodyInit | null | undefined): boolean {
+  if (typeof body !== 'string') return false
+  try {
+    const parsed = JSON.parse(body) as { profile?: unknown }
+    return typeof parsed?.profile === 'string' && parsed.profile.trim().length > 0
+  } catch {
+    return false
+  }
+}
+
+function shouldAttachProfileHeader(path: string, options: RequestInit): boolean {
+  try {
+    const url = new URL(path, 'http://hermes.local')
+    if (url.searchParams.has('profile')) return false
+    if (url.pathname.startsWith('/api/hermes/profiles')) return false
+    if (isProfileWideSessionCollection(url.pathname)) return false
+  } catch {
+    if (path.startsWith('/api/hermes/profiles')) return false
+    if (isProfileWideSessionCollection(path.split('?')[0] || path)) return false
+  }
+  return !bodyHasProfileSelector(options.body)
+}
+
+function isProfileWideSessionCollection(pathname: string): boolean {
+  return pathname === '/api/hermes/sessions' ||
+    pathname === '/api/hermes/sessions/batch-delete' ||
+    pathname === '/api/hermes/search/sessions' ||
+    pathname === '/api/hermes/sessions/search' ||
+    pathname === '/api/hermes/sessions/conversations'
+}
+
+function emitAuthNotice(kind: 'expired' | 'forbidden') {
+  if (typeof window === 'undefined') return
+  window.dispatchEvent(new CustomEvent('hermes-auth-notice', { detail: { kind } }))
+}
+
+export async function request<T>(path: string, options: RequestInit = {}): Promise<T> {
+  const base = getBaseUrl()
+  const url = `${base}${path}`
+  const headers: Record<string, string> = {
+    'Content-Type': 'application/json',
+    ...options.headers as Record<string, string>,
+  }
+
+  const apiKey = getApiKey()
+  if (apiKey) {
+    headers['Authorization'] = `Bearer ${apiKey}`
+  }
+
+  // Inject active profile header for request-scoped endpoints. Explicit profile
+  // selectors in the URL/body and profile-name routes are validated directly.
+  const profileName = getActiveProfileName()
+  if (profileName && shouldAttachProfileHeader(path, options)) {
+    headers['X-Hermes-Profile'] = profileName
+  }
+
+  const res = await fetch(url, { ...options, headers })
+
+  // Global 401 handler — only redirect to login for local BFF endpoints
+  // Proxied gateway requests should not trigger logout
+  const isLocalBff = !path.startsWith('/api/hermes/v1/') &&
+    !path.startsWith('/v1/')
+
+  if (res.status === 401 && isLocalBff) {
+    clearApiKey()
+    emitAuthNotice('expired')
+    if (router.currentRoute.value.name !== 'login') {
+      router.replace({ name: 'login' })
+    }
+    throw new Error('Unauthorized')
+  }
+
+  if (!res.ok) {
+    const text = await res.text().catch(() => '')
+    if (res.status === 403 && isLocalBff) {
+      if (text.includes('User is disabled or does not exist')) {
+        clearApiKey()
+        emitAuthNotice('expired')
+        if (router.currentRoute.value.name !== 'login') {
+          router.replace({ name: 'login' })
+        }
+      } else {
+        emitAuthNotice('forbidden')
+      }
+    }
+    throw new Error(`API Error ${res.status}: ${text || res.statusText}`)
+  }
+
+  return res.json()
+}
+
+export function getBaseUrlValue(): string {
+  return getBaseUrl()
+}
diff --git a/packages/client/src/api/coding-agents.ts b/packages/client/src/api/coding-agents.ts
new file mode 100644
index 0000000..5d9614c
--- /dev/null
+++ b/packages/client/src/api/coding-agents.ts
@@ -0,0 +1,134 @@
+import { request } from './client'
+
+export type CodingAgentId = 'claude-code' | 'codex'
+export type CodingAgentApiMode = 'chat_completions' | 'codex_responses' | 'anthropic_messages'
+export type CodingAgentLaunchMode = 'scoped' | 'global'
+
+export interface CodingAgentToolStatus {
+  id: CodingAgentId
+  name: string
+  provider: string
+  command: string
+  packageName: string
+  installed: boolean
+  version: string
+  rawVersion: string
+  error?: string
+}
+
+export interface CodingAgentsStatus {
+  tools: CodingAgentToolStatus[]
+}
+
+export interface CodingAgentMutationResult extends CodingAgentsStatus {
+  success: boolean
+  tool: CodingAgentToolStatus
+  message?: string
+  code?: string
+}
+
+export interface CodingAgentConfigFileContent {
+  key: string
+  path: string
+  absolutePath: string
+  language: string
+  content: string
+  exists: boolean
+  size: number
+  profile: string
+  provider: string
+  rootDir: string
+}
+
+export interface CodingAgentConfigScope {
+  profile?: string | null
+  provider?: string | null
+}
+
+export interface CodingAgentLaunchRequest {
+  mode?: CodingAgentLaunchMode
+  profile?: string | null
+  provider?: string
+  model?: string
+  baseUrl?: string
+  apiKey?: string
+  apiMode?: CodingAgentApiMode
+}
+
+export interface CodingAgentLaunchResult {
+  agentId: CodingAgentId
+  mode: CodingAgentLaunchMode
+  profile: string
+  provider: string
+  model: string
+  rootDir: string
+  workspaceDir: string
+  command: string
+  args: string[]
+  env: Record<string, string>
+  shellCommand: string
+  files: Array<{ key: string; path: string; absolutePath: string }>
+}
+
+export interface CodingAgentNativeLaunchResult extends CodingAgentLaunchResult {
+  nativeTerminal: true
+  terminal: string
+}
+
+export async function fetchCodingAgentsStatus(): Promise<CodingAgentsStatus> {
+  return request<CodingAgentsStatus>('/api/coding-agents')
+}
+
+export async function installCodingAgent(id: CodingAgentId): Promise<CodingAgentMutationResult> {
+  return request<CodingAgentMutationResult>(`/api/coding-agents/${id}/install`, { method: 'POST' })
+}
+
+export async function deleteCodingAgent(id: CodingAgentId): Promise<CodingAgentMutationResult> {
+  return request<CodingAgentMutationResult>(`/api/coding-agents/${id}`, { method: 'DELETE' })
+}
+
+export async function readCodingAgentConfigFile(
+  id: CodingAgentId,
+  key: string,
+  scope: CodingAgentConfigScope = {},
+): Promise<CodingAgentConfigFileContent> {
+  const params = new URLSearchParams()
+  if (scope.profile) params.set('profile', scope.profile)
+  if (scope.provider) params.set('provider', scope.provider)
+  const query = params.toString()
+  return request<CodingAgentConfigFileContent>(
+    `/api/coding-agents/${id}/config-files/${encodeURIComponent(key)}${query ? `?${query}` : ''}`,
+  )
+}
+
+export async function writeCodingAgentConfigFile(
+  id: CodingAgentId,
+  key: string,
+  content: string,
+  scope: CodingAgentConfigScope = {},
+): Promise<CodingAgentConfigFileContent> {
+  return request<CodingAgentConfigFileContent>(`/api/coding-agents/${id}/config-files/${encodeURIComponent(key)}`, {
+    method: 'PUT',
+    body: JSON.stringify({ content, profile: scope.profile, provider: scope.provider }),
+  })
+}
+
+export async function prepareCodingAgentLaunch(
+  id: CodingAgentId,
+  data: CodingAgentLaunchRequest,
+): Promise<CodingAgentLaunchResult> {
+  return request<CodingAgentLaunchResult>(`/api/coding-agents/${id}/launch/prepare`, {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function launchCodingAgentNativeTerminal(
+  id: CodingAgentId,
+  data: CodingAgentLaunchRequest,
+): Promise<CodingAgentNativeLaunchResult> {
+  return request<CodingAgentNativeLaunchResult>(`/api/coding-agents/${id}/launch/native`, {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
diff --git a/packages/client/src/api/hermes/chat.ts b/packages/client/src/api/hermes/chat.ts
new file mode 100644
index 0000000..a5e0d1b
--- /dev/null
+++ b/packages/client/src/api/hermes/chat.ts
@@ -0,0 +1,870 @@
+import { io, type Socket } from 'socket.io-client'
+import { getBaseUrlValue, getApiKey } from '../client'
+
+export type ContentBlock =
+  | { type: 'text'; text: string }
+  | { type: 'image'; name: string; path: string; media_type: string }
+  | { type: 'file'; name: string; path: string; media_type?: string }
+
+export interface ChatMessage {
+  role: 'user' | 'assistant' | 'system'
+  content: string | ContentBlock[]
+}
+
+export interface StartRunRequest {
+  input: string | ContentBlock[]
+  instructions?: string
+  session_id?: string
+  profile?: string
+  model?: string
+  provider?: string
+  model_groups?: Array<{ provider: string; models: string[] }>
+  queue_id?: string
+  source?: 'api_server' | 'cli'
+}
+
+export interface StartRunResponse {
+  run_id: string
+  status: string
+}
+
+// SSE event types from /v1/runs/{id}/events
+export interface RunEvent {
+  event: string
+  run_id?: string
+  delta?: string
+  /** Payload text for `reasoning.delta` / `thinking.delta` / `reasoning.available` events. */
+  text?: string
+  tool?: string
+  name?: string
+  preview?: string
+  timestamp?: number
+  error?: string
+  /** Final response text on `run.completed`. May be empty/null if the agent
+   * silently swallowed an upstream error — see chat store for fallback. */
+  output?: string | null
+  usage?: {
+    input_tokens: number
+    output_tokens: number
+    total_tokens: number
+  }
+  /** session_id tag added by server for client-side filtering */
+  session_id?: string
+  /** Queue length from run.queued event */
+  queue_length?: number
+  /** Queue item that was just removed because it is starting now. */
+  dequeued_queue_id?: string
+  /** Queued user messages from run.queued/resume payloads. */
+  queued_messages?: Array<{
+    id?: string | number
+    role?: string
+    content?: string
+    timestamp?: number
+    queued?: boolean
+  }>
+  /** User message broadcast to other windows already watching the same session. */
+  message?: {
+    id?: string | number
+    role?: string
+    content?: string
+    timestamp?: number
+    queued?: boolean
+  }
+}
+
+export interface ResumeSessionPayload {
+  session_id: string
+  messages: any[]
+  messageTotal?: number
+  messageLoadedCount?: number
+  messagePageLimit?: number
+  hasMoreBefore?: boolean
+  isWorking: boolean
+  isAborting?: boolean
+  events: Array<{ event: string; data: RunEvent }>
+  inputTokens?: number
+  outputTokens?: number
+  contextTokens?: number
+  queueLength?: number
+  queueMessages?: RunEvent['queued_messages']
+}
+
+// ============================
+// Socket.IO chat run connection
+// ============================
+
+let chatRunSocket: Socket | null = null
+let globalListenersRegistered = false
+let chatRunSocketProfile: string | null = null
+
+const TRANSIENT_DISCONNECT_REASONS = new Set<string>([
+  'transport close',
+  'transport error',
+  'ping timeout',
+])
+
+/**
+ * Session event handlers map
+ * Maps session_id to event handling functions for isolating concurrent session streams
+ */
+const sessionEventHandlers = new Map<string, {
+  onMessageDelta: (event: RunEvent) => void
+  onReasoningDelta: (event: RunEvent) => void
+  onThinkingDelta: (event: RunEvent) => void
+  onReasoningAvailable: (event: RunEvent) => void
+  onToolStarted: (event: RunEvent) => void
+  onToolCompleted: (event: RunEvent) => void
+  onSubagentEvent?: (event: RunEvent) => void
+  onRunStarted: (event: RunEvent) => void
+  onRunCompleted: (event: RunEvent) => void
+  onRunFailed: (event: RunEvent) => void
+  onCompressionStarted: (event: RunEvent) => void
+  onCompressionCompleted: (event: RunEvent) => void
+  onAbortStarted: (event: RunEvent) => void
+  onAbortCompleted: (event: RunEvent) => void
+  onUsageUpdated: (event: RunEvent) => void
+  onAgentEvent?: (event: RunEvent) => void
+  onSessionCommand?: (event: RunEvent) => void
+  onRunQueued?: (event: RunEvent) => void
+  onApprovalRequested?: (event: RunEvent) => void
+  onApprovalResolved?: (event: RunEvent) => void
+  onPeerUserMessage?: (event: RunEvent) => void
+  onClarifyRequested?: (event: RunEvent) => void
+  onClarifyResolved?: (event: RunEvent) => void
+}>()
+
+const peerUserMessageHandlers = new Set<(event: RunEvent) => void>()
+const sessionCommandHandlers = new Set<(event: RunEvent) => void>()
+
+/**
+ * Global message.delta event handler
+ * Distributes events to appropriate session based on session_id
+ */
+function globalMessageDeltaHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onMessageDelta) {
+    handlers.onMessageDelta(event)
+  }
+}
+
+/**
+ * Global reasoning.delta event handler
+ */
+function globalReasoningDeltaHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onReasoningDelta) {
+    handlers.onReasoningDelta(event)
+  }
+}
+
+/**
+ * Global thinking.delta event handler (alias for reasoning.delta)
+ */
+function globalThinkingDeltaHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onThinkingDelta) {
+    handlers.onThinkingDelta(event)
+  }
+}
+
+/**
+ * Global reasoning.available event handler
+ */
+function globalReasoningAvailableHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onReasoningAvailable) {
+    handlers.onReasoningAvailable(event)
+  }
+}
+
+/**
+ * Global tool.started event handler
+ */
+function globalToolStartedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onToolStarted) {
+    handlers.onToolStarted(event)
+  }
+}
+
+/**
+ * Global tool.completed event handler
+ */
+function globalToolCompletedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onToolCompleted) {
+    handlers.onToolCompleted(event)
+  }
+}
+
+function globalSubagentEventHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onSubagentEvent) {
+    handlers.onSubagentEvent(event)
+  }
+}
+
+/**
+ * Global run.started event handler
+ */
+function globalRunStartedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onRunStarted) {
+    handlers.onRunStarted(event)
+  }
+}
+
+/**
+ * Global run.completed event handler
+ */
+function globalRunCompletedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onRunCompleted) {
+    handlers.onRunCompleted(event)
+  }
+
+  // Auto-cleanup session handlers on completion (skip if more runs queued)
+  if ((event as any).queue_remaining > 0) return
+  sessionEventHandlers.delete(sid)
+}
+
+/**
+ * Global run.failed event handler
+ */
+function globalRunFailedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onRunFailed) {
+    handlers.onRunFailed(event)
+  }
+
+  // Auto-cleanup session handlers on failure (skip if more runs queued)
+  if ((event as any).queue_remaining > 0) return
+  sessionEventHandlers.delete(sid)
+}
+
+/**
+ * Global run.queued event handler
+ */
+function globalRunQueuedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onRunQueued) {
+    handlers.onRunQueued(event)
+  }
+}
+
+/**
+ * Global compression.started event handler
+ */
+function globalCompressionStartedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onCompressionStarted) {
+    handlers.onCompressionStarted(event)
+  }
+}
+
+/**
+ * Global compression.completed event handler
+ */
+function globalCompressionCompletedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onCompressionCompleted) {
+    handlers.onCompressionCompleted(event)
+  }
+}
+
+/**
+ * Global abort.started event handler
+ */
+function globalAbortStartedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onAbortStarted) {
+    handlers.onAbortStarted(event)
+  }
+}
+
+/**
+ * Global abort.completed event handler
+ */
+function globalAbortCompletedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onAbortCompleted) {
+    handlers.onAbortCompleted(event)
+  }
+
+  // If abort completion is followed by queued runs, keep the handler alive so
+  // the next run.started/message.delta/run.completed events are still received.
+  if ((event as any).queue_length > 0) return
+  sessionEventHandlers.delete(sid)
+}
+
+/**
+ * Global usage.updated event handler
+ */
+function globalUsageUpdatedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onUsageUpdated) {
+    handlers.onUsageUpdated(event)
+  }
+}
+
+function globalSessionCommandHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onSessionCommand) {
+    handlers.onSessionCommand(event)
+  }
+
+  for (const handler of sessionCommandHandlers) {
+    handler(event)
+  }
+}
+
+function globalAgentEventHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onAgentEvent) {
+    handlers.onAgentEvent(event)
+  }
+}
+
+function globalApprovalRequestedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onApprovalRequested) {
+    handlers.onApprovalRequested(event)
+  }
+}
+
+function globalApprovalResolvedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onApprovalResolved) {
+    handlers.onApprovalResolved(event)
+  }
+}
+
+function globalPeerUserMessageHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onPeerUserMessage) {
+    handlers.onPeerUserMessage(event)
+  }
+
+  for (const handler of peerUserMessageHandlers) {
+    handler(event)
+  }
+}
+
+function globalClarifyRequestedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onClarifyRequested) {
+    handlers.onClarifyRequested(event)
+  }
+}
+
+function globalClarifyResolvedHandler(event: RunEvent): void {
+  const sid = event.session_id
+  if (!sid) return
+
+  const handlers = sessionEventHandlers.get(sid)
+  if (handlers?.onClarifyResolved) {
+    handlers.onClarifyResolved(event)
+  }
+}
+
+/**
+ * Register event handlers for a session
+ * @param sessionId - Session ID
+ * @param handlers - Event handling functions
+ * @returns Cleanup function to unregister handlers
+ */
+export function registerSessionHandlers(
+  sessionId: string,
+  handlers: {
+    onMessageDelta: (event: RunEvent) => void
+    onReasoningDelta: (event: RunEvent) => void
+    onThinkingDelta: (event: RunEvent) => void
+    onReasoningAvailable: (event: RunEvent) => void
+    onToolStarted: (event: RunEvent) => void
+    onToolCompleted: (event: RunEvent) => void
+    onSubagentEvent?: (event: RunEvent) => void
+    onRunStarted: (event: RunEvent) => void
+    onRunCompleted: (event: RunEvent) => void
+    onRunFailed: (event: RunEvent) => void
+    onCompressionStarted: (event: RunEvent) => void
+    onCompressionCompleted: (event: RunEvent) => void
+    onAbortStarted: (event: RunEvent) => void
+    onAbortCompleted: (event: RunEvent) => void
+    onUsageUpdated: (event: RunEvent) => void
+    onAgentEvent?: (event: RunEvent) => void
+    onSessionCommand?: (event: RunEvent) => void
+    onRunQueued?: (event: RunEvent) => void
+    onApprovalRequested?: (event: RunEvent) => void
+    onApprovalResolved?: (event: RunEvent) => void
+    onPeerUserMessage?: (event: RunEvent) => void
+    onClarifyRequested?: (event: RunEvent) => void
+    onClarifyResolved?: (event: RunEvent) => void
+  }
+): () => void {
+  sessionEventHandlers.set(sessionId, handlers)
+
+  // Return cleanup function
+  return () => {
+    sessionEventHandlers.delete(sessionId)
+  }
+}
+
+/**
+ * Unregister event handlers for a session
+ * @param sessionId - Session ID
+ */
+export function unregisterSessionHandlers(sessionId: string): void {
+  sessionEventHandlers.delete(sessionId)
+}
+
+export function onPeerUserMessage(handler: (event: RunEvent) => void): () => void {
+  peerUserMessageHandlers.add(handler)
+  return () => {
+    peerUserMessageHandlers.delete(handler)
+  }
+}
+
+export function onSessionCommand(handler: (event: RunEvent) => void): () => void {
+  sessionCommandHandlers.add(handler)
+  return () => {
+    sessionCommandHandlers.delete(handler)
+  }
+}
+
+export function respondClarify(
+  sessionId: string,
+  clarifyId: string,
+  response: string,
+): void {
+  const socket = connectChatRun()
+  socket.emit('clarify.respond', {
+    session_id: sessionId,
+    clarify_id: clarifyId,
+    response,
+  })
+}
+
+export function respondToolApproval(
+  sessionId: string,
+  approvalId: string,
+  choice: 'once' | 'session' | 'always' | 'deny',
+): void {
+  const socket = connectChatRun()
+  socket.emit('approval.respond', {
+    session_id: sessionId,
+    approval_id: approvalId,
+    choice,
+  })
+}
+
+export function getChatRunSocket(): Socket | null {
+  return chatRunSocket
+}
+
+export function connectChatRun(requestedProfile?: string | null): Socket {
+  const normalizedRequestedProfile = requestedProfile?.trim() || null
+  if (chatRunSocket?.connected && (!normalizedRequestedProfile || chatRunSocketProfile === normalizedRequestedProfile)) {
+    return chatRunSocket
+  }
+
+  // Clean up old socket to prevent duplicate event listeners
+  if (chatRunSocket) {
+    chatRunSocket.removeAllListeners()
+    chatRunSocket.disconnect()
+    globalListenersRegistered = false
+    chatRunSocketProfile = null
+  }
+
+  const baseUrl = getBaseUrlValue()
+  const token = getApiKey()
+
+  // Get active profile from store (authoritative source)
+  let profile = normalizedRequestedProfile || 'default'
+  try {
+    if (!normalizedRequestedProfile) {
+      const { useProfilesStore } = require('@/stores/hermes/profiles')
+      const profilesStore = useProfilesStore()
+      profile = profilesStore.activeProfileName || 'default'
+    }
+  } catch {
+    // Fallback to localStorage during early initialization
+    profile = normalizedRequestedProfile || localStorage.getItem('hermes_active_profile_name') || 'default'
+  }
+  chatRunSocketProfile = profile
+
+  chatRunSocket = io(`${baseUrl}/chat-run`, {
+    auth: { token },
+    query: { profile },
+    transports: ['websocket', 'polling'],
+    reconnection: true,
+    reconnectionAttempts: Infinity,
+    reconnectionDelay: 1000,
+    reconnectionDelayMax: 30000,
+    randomizationFactor: 0.5,
+    timeout: 30000,
+  })
+
+  // Register global listeners only once per socket connection
+  if (!globalListenersRegistered) {
+    // Message events
+    chatRunSocket.on('message.delta', globalMessageDeltaHandler)
+    chatRunSocket.on('reasoning.delta', globalReasoningDeltaHandler)
+    chatRunSocket.on('thinking.delta', globalThinkingDeltaHandler)
+    chatRunSocket.on('reasoning.available', globalReasoningAvailableHandler)
+
+    // Tool events
+    chatRunSocket.on('tool.started', globalToolStartedHandler)
+    chatRunSocket.on('tool.completed', globalToolCompletedHandler)
+    chatRunSocket.on('subagent.start', globalSubagentEventHandler)
+    chatRunSocket.on('subagent.tool', globalSubagentEventHandler)
+    chatRunSocket.on('subagent.progress', globalSubagentEventHandler)
+    chatRunSocket.on('subagent.complete', globalSubagentEventHandler)
+
+    // Run lifecycle events
+    chatRunSocket.on('run.started', globalRunStartedHandler)
+    chatRunSocket.on('run.failed', globalRunFailedHandler)
+    chatRunSocket.on('run.completed', globalRunCompletedHandler)
+    chatRunSocket.on('run.queued', globalRunQueuedHandler)
+    chatRunSocket.on('approval.requested', globalApprovalRequestedHandler)
+    chatRunSocket.on('approval.resolved', globalApprovalResolvedHandler)
+    chatRunSocket.on('run.peer_user_message', globalPeerUserMessageHandler)
+    chatRunSocket.on('clarify.requested', globalClarifyRequestedHandler)
+    chatRunSocket.on('clarify.resolved', globalClarifyResolvedHandler)
+
+    // Compression events
+    chatRunSocket.on('compression.started', globalCompressionStartedHandler)
+    chatRunSocket.on('compression.completed', globalCompressionCompletedHandler)
+    chatRunSocket.on('abort.started', globalAbortStartedHandler)
+    chatRunSocket.on('abort.completed', globalAbortCompletedHandler)
+
+    // Usage events
+    chatRunSocket.on('usage.updated', globalUsageUpdatedHandler)
+    chatRunSocket.on('agent.event', globalAgentEventHandler)
+    chatRunSocket.on('session.command', globalSessionCommandHandler)
+
+    globalListenersRegistered = true
+  }
+
+  return chatRunSocket
+}
+
+export function disconnectChatRun(): void {
+  if (chatRunSocket) {
+    chatRunSocket.disconnect()
+    chatRunSocket = null
+    chatRunSocketProfile = null
+    globalListenersRegistered = false
+    sessionEventHandlers.clear()
+  }
+}
+
+function removeSocketListener(socket: Socket, event: string, handler: (...args: any[]) => void): void {
+  const candidate = socket as Socket & {
+    off?: (event: string, handler: (...args: any[]) => void) => Socket
+    removeListener?: (event: string, handler: (...args: any[]) => void) => Socket
+  }
+  if (typeof candidate.off === 'function') {
+    candidate.off(event, handler)
+    return
+  }
+  candidate.removeListener?.(event, handler)
+}
+
+/**
+ * Start a chat run via Socket.IO and stream events back.
+ * Returns an AbortController-compatible handle for cancellation.
+ */
+/**
+ * Resume a session via Socket.IO. Returns messages, working status, and events.
+ */
+export function resumeSession(
+  sessionId: string,
+  onResumed: (data: ResumeSessionPayload) => void,
+  profile?: string | null,
+): Socket {
+  const socket = connectChatRun(profile)
+
+  socket.once('resumed', onResumed)
+  socket.emit('resume', { session_id: sessionId, ...(profile ? { profile } : {}) })
+
+  return socket
+}
+
+export function startRunViaSocket(
+  body: StartRunRequest,
+  onEvent: (event: RunEvent) => void,
+  onDone: () => void,
+  onError: (err: Error) => void,
+  onStarted?: (runId: string) => void,
+  options?: {
+    onReconnectResume?: (data: ResumeSessionPayload) => void
+  },
+): { abort: () => void } {
+  const sid = body.session_id
+  if (!sid) {
+    throw new Error('session_id is required for startRunViaSocket')
+  }
+
+  let closed = false
+  const socket = connectChatRun(body.profile)
+  if (sessionEventHandlers.has(sid)) {
+    socket.emit('run', body)
+    return {
+      abort: () => {
+        if (!closed) {
+          socket.emit('abort', { session_id: sid })
+        }
+      },
+    }
+  }
+
+  let sawTransientDisconnect = false
+  let removeTerminalSocketListeners: () => void = () => {}
+  let reconnectResumeHandler: ((data: ResumeSessionPayload) => void) | null = null
+
+  const clearReconnectResumeHandler = () => {
+    if (!reconnectResumeHandler) return
+    removeSocketListener(socket, 'resumed', reconnectResumeHandler)
+    reconnectResumeHandler = null
+  }
+
+  const emitReconnectResume = () => {
+    clearReconnectResumeHandler()
+    if (options?.onReconnectResume) {
+      reconnectResumeHandler = (data: ResumeSessionPayload) => {
+        clearReconnectResumeHandler()
+        if (closed || data.session_id !== sid) return
+        options.onReconnectResume?.(data)
+      }
+      socket.on('resumed', reconnectResumeHandler)
+    }
+    socket.emit('resume', { session_id: sid, ...(body.profile ? { profile: body.profile } : {}) })
+  }
+
+  const handleSocketError = (err: Error) => {
+    if (closed) return
+    closed = true
+    removeTerminalSocketListeners()
+    sessionEventHandlers.delete(sid)
+    onError(err)
+  }
+  const handleSocketConnectError = (err: Error) => {
+    if (closed) return
+    if (sawTransientDisconnect) return
+    handleSocketError(err)
+  }
+  socket.on('connect_error', handleSocketConnectError)
+  const handleSocketDisconnect = (reason: string) => {
+    if (closed || reason === 'io client disconnect') return
+    if (TRANSIENT_DISCONNECT_REASONS.has(reason)) {
+      sawTransientDisconnect = true
+      return
+    }
+    handleSocketError(new Error(`Socket disconnected: ${reason}`))
+  }
+  socket.on('disconnect', handleSocketDisconnect)
+
+  const handleSocketReconnect = () => {
+    if (closed || !sawTransientDisconnect) return
+    sawTransientDisconnect = false
+    emitReconnectResume()
+  }
+  socket.on('connect', handleSocketReconnect)
+
+  removeTerminalSocketListeners = () => {
+    clearReconnectResumeHandler()
+    removeSocketListener(socket, 'connect_error', handleSocketConnectError)
+    removeSocketListener(socket, 'disconnect', handleSocketDisconnect)
+    removeSocketListener(socket, 'connect', handleSocketReconnect)
+  }
+
+  // Define event handlers for this session
+  const handlers = {
+    onMessageDelta: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onReasoningDelta: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onThinkingDelta: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onReasoningAvailable: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onToolStarted: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onToolCompleted: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onSubagentEvent: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onRunStarted: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+      onStarted?.(evt.run_id || '')
+    },
+    onRunCompleted: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+      if ((evt as any).queue_remaining > 0) return
+      closed = true
+      removeTerminalSocketListeners()
+      onDone()
+    },
+    onRunFailed: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+      if ((evt as any).queue_remaining > 0) return
+      closed = true
+      removeTerminalSocketListeners()
+      onDone()
+    },
+    onCompressionStarted: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onCompressionCompleted: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onAbortStarted: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onAbortCompleted: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+      if ((evt as any).queue_length > 0) return
+      closed = true
+      removeTerminalSocketListeners()
+      onDone()
+    },
+    onUsageUpdated: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onAgentEvent: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onSessionCommand: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+      if ((evt as any).terminal === false) return
+      closed = true
+      removeTerminalSocketListeners()
+      sessionEventHandlers.delete(sid)
+      onDone()
+    },
+    onRunQueued: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onApprovalRequested: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onApprovalResolved: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onClarifyRequested: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+    onClarifyResolved: (evt: RunEvent) => {
+      if (closed) return
+      onEvent(evt)
+    },
+  }
+
+  // Register handlers in the global session map
+  sessionEventHandlers.set(sid, handlers)
+
+  // Emit run request
+  socket.emit('run', body)
+
+  return {
+    abort: () => {
+      if (!closed) {
+        socket.emit('abort', { session_id: sid })
+      }
+    },
+  }
+}
diff --git a/packages/client/src/api/hermes/codex-auth.ts b/packages/client/src/api/hermes/codex-auth.ts
new file mode 100644
index 0000000..2102e8f
--- /dev/null
+++ b/packages/client/src/api/hermes/codex-auth.ts
@@ -0,0 +1,30 @@
+import { request } from '../client'
+
+export interface CodexStartResult {
+  session_id: string
+  user_code: string
+  verification_url: string
+  expires_in: number
+}
+
+export interface CodexPollResult {
+  status: 'pending' | 'approved' | 'expired' | 'error'
+  error: string | null
+}
+
+export interface CodexStatusResult {
+  authenticated: boolean
+  last_refresh?: string
+}
+
+export async function startCodexLogin(): Promise<CodexStartResult> {
+  return request<CodexStartResult>('/api/hermes/auth/codex/start', { method: 'POST' })
+}
+
+export async function pollCodexLogin(sessionId: string): Promise<CodexPollResult> {
+  return request<CodexPollResult>(`/api/hermes/auth/codex/poll/${sessionId}`)
+}
+
+export async function getCodexAuthStatus(): Promise<CodexStatusResult> {
+  return request<CodexStatusResult>('/api/hermes/auth/codex/status')
+}
diff --git a/packages/client/src/api/hermes/config.ts b/packages/client/src/api/hermes/config.ts
new file mode 100644
index 0000000..d9f4a72
--- /dev/null
+++ b/packages/client/src/api/hermes/config.ts
@@ -0,0 +1,131 @@
+import { request } from '../client'
+
+export interface DisplayConfig {
+  compact?: boolean
+  personality?: string
+  resume_display?: string
+  busy_input_mode?: string
+  bell_on_complete?: boolean
+  show_reasoning?: boolean
+  streaming?: boolean
+  inline_diffs?: boolean
+  show_cost?: boolean
+  skin?: string
+}
+
+export interface AgentConfig {
+  max_turns?: number
+  gateway_timeout?: number
+  restart_drain_timeout?: number
+  service_tier?: string
+  tool_use_enforcement?: string
+}
+
+export interface MemoryConfig {
+  memory_enabled?: boolean
+  user_profile_enabled?: boolean
+  memory_char_limit?: number
+  user_char_limit?: number
+}
+
+export interface CompressionConfig {
+  enabled?: boolean
+  threshold?: number
+  target_ratio?: number
+  protect_last_n?: number
+  protect_first_n?: number
+}
+
+export interface SessionResetConfig {
+  mode?: string
+  idle_minutes?: number
+  at_hour?: number
+}
+
+export interface PrivacyConfig {
+  redact_pii?: boolean
+}
+
+export interface ApprovalConfig {
+  mode?: 'off' | 'manual'
+  timeout?: number
+}
+
+export interface AppConfig {
+  display?: DisplayConfig
+  agent?: AgentConfig
+  memory?: MemoryConfig
+  compression?: CompressionConfig
+  session_reset?: SessionResetConfig
+  privacy?: PrivacyConfig
+  approvals?: ApprovalConfig
+  telegram?: Record<string, any>
+  discord?: Record<string, any>
+  slack?: Record<string, any>
+  whatsapp?: Record<string, any>
+  matrix?: Record<string, any>
+  weixin?: Record<string, any>
+  wecom?: Record<string, any>
+  feishu?: Record<string, any>
+  dingtalk?: Record<string, any>
+  qqbot?: Record<string, any>
+  platforms?: Record<string, any>
+  [key: string]: any
+}
+
+export async function fetchConfig(sections?: string[]): Promise<AppConfig> {
+  const query = sections ? `?sections=${sections.join(',')}` : ''
+  return request<AppConfig>(`/api/hermes/config${query}`)
+}
+
+export async function updateConfigSection(
+  section: string,
+  values: Record<string, any>,
+  options?: { restart?: boolean },
+): Promise<void> {
+  await request('/api/hermes/config', {
+    method: 'PUT',
+    body: JSON.stringify({ section, values, ...options }),
+  })
+}
+
+export async function saveCredentials(
+  platform: string,
+  values: Record<string, any>,
+): Promise<void> {
+  await request('/api/hermes/config/credentials', {
+    method: 'PUT',
+    body: JSON.stringify({ platform, values }),
+  })
+}
+
+export interface WeixinQrCode {
+  qrcode: string
+  qrcode_url: string
+}
+
+export interface WeixinQrStatus {
+  status: 'wait' | 'scaned' | 'scaned_but_redirect' | 'expired' | 'confirmed'
+  account_id?: string
+  token?: string
+  base_url?: string
+}
+
+export async function fetchWeixinQrCode(): Promise<WeixinQrCode> {
+  return request<WeixinQrCode>('/api/hermes/weixin/qrcode')
+}
+
+export async function pollWeixinQrStatus(qrcode: string): Promise<WeixinQrStatus> {
+  return request<WeixinQrStatus>(`/api/hermes/weixin/qrcode/status?qrcode=${encodeURIComponent(qrcode)}`)
+}
+
+export async function saveWeixinCredentials(data: {
+  account_id: string
+  token: string
+  base_url?: string
+}): Promise<void> {
+  await request('/api/hermes/weixin/save', {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
diff --git a/packages/client/src/api/hermes/conversations.ts b/packages/client/src/api/hermes/conversations.ts
new file mode 100644
index 0000000..cb7c07f
--- /dev/null
+++ b/packages/client/src/api/hermes/conversations.ts
@@ -0,0 +1,59 @@
+import { request } from '../client'
+
+export interface ConversationSummary {
+  id: string
+  source: string
+  model: string
+  provider?: string
+  title: string | null
+  started_at: number
+  ended_at: number | null
+  last_active: number
+  message_count: number
+  tool_call_count: number
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  billing_provider: string | null
+  estimated_cost_usd: number
+  actual_cost_usd: number | null
+  cost_status: string
+  preview: string
+  is_active: boolean
+  thread_session_count: number
+}
+
+export interface ConversationMessage {
+  id: number | string
+  session_id: string
+  role: 'user' | 'assistant'
+  content: string
+  timestamp: number
+}
+
+export interface ConversationDetail {
+  session_id: string
+  messages: ConversationMessage[]
+  visible_count: number
+  thread_session_count: number
+}
+
+export async function fetchConversationSummaries(params: { humanOnly?: boolean; source?: string; limit?: number } = {}): Promise<ConversationSummary[]> {
+  const query = new URLSearchParams()
+  if (params.humanOnly === false) query.set('humanOnly', 'false')
+  if (params.source) query.set('source', params.source)
+  if (params.limit != null) query.set('limit', String(params.limit))
+  const suffix = query.toString() ? `?${query.toString()}` : ''
+  const res = await request<{ sessions: ConversationSummary[] }>(`/api/hermes/sessions/conversations${suffix}`)
+  return res.sessions
+}
+
+export async function fetchConversationDetail(sessionId: string, params: { humanOnly?: boolean; source?: string } = {}): Promise<ConversationDetail> {
+  const query = new URLSearchParams()
+  if (params.humanOnly === false) query.set('humanOnly', 'false')
+  if (params.source) query.set('source', params.source)
+  const suffix = query.toString() ? `?${query.toString()}` : ''
+  return request<ConversationDetail>(`/api/hermes/sessions/conversations/${encodeURIComponent(sessionId)}/messages${suffix}`)
+}
diff --git a/packages/client/src/api/hermes/copilot-auth.ts b/packages/client/src/api/hermes/copilot-auth.ts
new file mode 100644
index 0000000..e2733f8
--- /dev/null
+++ b/packages/client/src/api/hermes/copilot-auth.ts
@@ -0,0 +1,42 @@
+import { request } from '../client'
+
+export type CopilotTokenSource = 'env' | 'gh-cli' | 'apps-json' | null
+
+export interface CopilotStartResult {
+  session_id: string
+  user_code: string
+  verification_url: string
+  expires_in: number
+  interval: number
+}
+
+export interface CopilotPollResult {
+  status: 'pending' | 'approved' | 'denied' | 'expired' | 'error'
+  error: string | null
+}
+
+export interface CopilotCheckTokenResult {
+  has_token: boolean
+  source: CopilotTokenSource
+  enabled: boolean
+}
+
+export async function startCopilotLogin(): Promise<CopilotStartResult> {
+  return request<CopilotStartResult>('/api/hermes/auth/copilot/start', { method: 'POST' })
+}
+
+export async function pollCopilotLogin(sessionId: string): Promise<CopilotPollResult> {
+  return request<CopilotPollResult>(`/api/hermes/auth/copilot/poll/${sessionId}`)
+}
+
+export async function checkCopilotToken(): Promise<CopilotCheckTokenResult> {
+  return request<CopilotCheckTokenResult>('/api/hermes/auth/copilot/check-token')
+}
+
+export async function enableCopilot(): Promise<{ ok: boolean }> {
+  return request<{ ok: boolean }>('/api/hermes/auth/copilot/enable', { method: 'POST' })
+}
+
+export async function disableCopilot(): Promise<{ ok: boolean; cleared_env: boolean; cleared_default?: boolean }> {
+  return request<{ ok: boolean; cleared_env: boolean; cleared_default?: boolean }>('/api/hermes/auth/copilot/disable', { method: 'POST' })
+}
diff --git a/packages/client/src/api/hermes/cron-history.ts b/packages/client/src/api/hermes/cron-history.ts
new file mode 100644
index 0000000..6ab212e
--- /dev/null
+++ b/packages/client/src/api/hermes/cron-history.ts
@@ -0,0 +1,27 @@
+import { request } from '../client'
+
+export interface RunEntry {
+  jobId: string
+  fileName: string
+  runTime: string
+  size: number
+}
+
+export interface RunDetail {
+  jobId: string
+  fileName: string
+  runTime: string
+  content: string
+}
+
+export async function listCronRuns(jobId?: string): Promise<RunEntry[]> {
+  const params = new URLSearchParams()
+  if (jobId) params.set('jobId', jobId)
+  const qs = params.toString()
+  const res = await request<{ runs: RunEntry[] }>(`/api/cron-history${qs ? `?${qs}` : ''}`)
+  return res.runs
+}
+
+export async function readCronRun(jobId: string, fileName: string): Promise<RunDetail> {
+  return request<RunDetail>(`/api/cron-history/${encodeURIComponent(jobId)}/${encodeURIComponent(fileName)}`)
+}
diff --git a/packages/client/src/api/hermes/download.ts b/packages/client/src/api/hermes/download.ts
new file mode 100644
index 0000000..76707a8
--- /dev/null
+++ b/packages/client/src/api/hermes/download.ts
@@ -0,0 +1,71 @@
+import { getActiveProfileName, getApiKey, getBaseUrlValue } from '../client'
+
+/**
+ * Construct a download URL with auth token as query parameter.
+ * Token is passed via query param because <a> tags cannot set headers.
+ */
+export function getDownloadUrl(filePath: string, fileName?: string): string {
+  const base = getBaseUrlValue()
+
+  // Guard: if filePath is already a full download URL, extract the real path
+  // to prevent double-wrapping (/api/hermes/download?path=/api/hermes/download?path=...)
+  if (filePath.startsWith('/api/hermes/download?')) {
+    try {
+      const parsed = new URL(filePath, 'http://localhost')
+      const realPath = parsed.searchParams.get('path')
+      if (realPath) filePath = realPath
+    } catch {
+      // fall through with original filePath
+    }
+  }
+
+  // Decode the path first in case it's already encoded (e.g., from AI responses)
+  // URLSearchParams will encode it again, so we need to start with decoded text
+  const decodedPath = decodeURIComponent(filePath)
+  const params = new URLSearchParams({ path: decodedPath })
+  if (fileName) {
+    const decodedName = decodeURIComponent(fileName)
+    params.set('name', decodedName)
+  }
+  const profileName = getActiveProfileName()
+  if (profileName) params.set('profile', profileName)
+  const token = getApiKey()
+  if (token) params.set('token', token)
+  return `${base}/api/hermes/download?${params.toString()}`
+}
+
+/**
+ * Download a file. Uses fetch to detect errors, then creates a blob URL
+ * for the browser download. Throws with error message on failure.
+ */
+export async function downloadFile(filePath: string, fileName?: string): Promise<void> {
+  const url = getDownloadUrl(filePath, fileName)
+  const res = await fetch(url)
+  if (!res.ok) {
+    const body = await res.json().catch(() => ({ error: `HTTP ${res.status}` }))
+    throw new Error(body.error || `Download failed: ${res.status}`)
+  }
+  const blob = await res.blob()
+  const blobUrl = URL.createObjectURL(blob)
+  const a = document.createElement('a')
+  a.href = blobUrl
+  a.download = fileName || filePath.split('/').pop() || 'download'
+  document.body.appendChild(a)
+  a.click()
+  document.body.removeChild(a)
+  URL.revokeObjectURL(blobUrl)
+}
+
+/**
+ * Get preview file content.
+ * Throws with error message on failure.
+ */
+export async function fetchFileText(filePath: string, fileName?: string): Promise<string> {
+  const url = getDownloadUrl(filePath, fileName)
+  const res = await fetch(url)
+  if (!res.ok) {
+    const body = await res.json().catch(() => ({ error: `HTTP ${res.status}` }))
+    throw new Error(body.error || `Preview failed: ${res.status}`)
+  }
+  return res.text()
+}
diff --git a/packages/client/src/api/hermes/files.ts b/packages/client/src/api/hermes/files.ts
new file mode 100644
index 0000000..9bd027d
--- /dev/null
+++ b/packages/client/src/api/hermes/files.ts
@@ -0,0 +1,107 @@
+import { request, getActiveProfileName, getApiKey, getBaseUrlValue } from '../client'
+
+export interface FileEntry {
+  name: string
+  path: string
+  absolutePath?: string
+  isDir: boolean
+  size: number
+  modTime: string
+}
+
+export interface FileStat {
+  name: string
+  path: string
+  absolutePath?: string
+  isDir: boolean
+  size: number
+  modTime: string
+  permissions?: string
+}
+
+export async function listFiles(path: string = ''): Promise<{ entries: FileEntry[]; path: string; absolutePath?: string }> {
+  const params = new URLSearchParams()
+  if (path) params.set('path', path)
+  const query = params.toString()
+  return request<{ entries: FileEntry[]; path: string }>(`/api/hermes/files/list${query ? `?${query}` : ''}`)
+}
+
+export async function statFile(path: string): Promise<FileStat> {
+  return request<FileStat>(`/api/hermes/files/stat?path=${encodeURIComponent(path)}`)
+}
+
+export async function readFile(path: string): Promise<{ content: string; path: string; size: number }> {
+  return request<{ content: string; path: string; size: number }>(`/api/hermes/files/read?path=${encodeURIComponent(path)}`)
+}
+
+export async function writeFile(path: string, content: string): Promise<void> {
+  await request<{ ok: boolean }>('/api/hermes/files/write', {
+    method: 'PUT',
+    body: JSON.stringify({ path, content }),
+  })
+}
+
+export async function deleteFile(path: string, recursive: boolean = false): Promise<void> {
+  await request<{ ok: boolean }>('/api/hermes/files/delete', {
+    method: 'DELETE',
+    body: JSON.stringify({ path, recursive }),
+  })
+}
+
+export async function renameFile(oldPath: string, newPath: string): Promise<void> {
+  await request<{ ok: boolean }>('/api/hermes/files/rename', {
+    method: 'POST',
+    body: JSON.stringify({ oldPath, newPath }),
+  })
+}
+
+export async function mkDir(path: string): Promise<void> {
+  await request<{ ok: boolean }>('/api/hermes/files/mkdir', {
+    method: 'POST',
+    body: JSON.stringify({ path }),
+  })
+}
+
+export async function copyFile(srcPath: string, destPath: string): Promise<void> {
+  await request<{ ok: boolean }>('/api/hermes/files/copy', {
+    method: 'POST',
+    body: JSON.stringify({ srcPath, destPath }),
+  })
+}
+
+export async function uploadFiles(targetDir: string, files: File[]): Promise<{ name: string; path: string }[]> {
+  const base = getBaseUrlValue()
+  const formData = new FormData()
+  for (const file of files) {
+    formData.append('file', file)
+  }
+  const params = new URLSearchParams()
+  if (targetDir) params.set('path', targetDir)
+  const query = params.toString()
+  const url = `${base}/api/hermes/files/upload${query ? `?${query}` : ''}`
+
+  const headers: Record<string, string> = {}
+  const token = getApiKey()
+  if (token) headers['Authorization'] = `Bearer ${token}`
+  const profileName = getActiveProfileName()
+  if (profileName) headers['X-Hermes-Profile'] = profileName
+
+  const res = await fetch(url, { method: 'POST', headers, body: formData })
+  if (!res.ok) {
+    const body = await res.json().catch(() => ({ error: `HTTP ${res.status}` }))
+    throw new Error(body.error || `Upload failed: ${res.status}`)
+  }
+  const data = await res.json()
+  return data.files
+}
+
+export function getFileDownloadUrl(relativePath: string, fileName?: string): string {
+  const base = getBaseUrlValue()
+  const params = new URLSearchParams({ path: relativePath })
+  if (fileName) params.set('name', fileName)
+  const profileName = getActiveProfileName()
+  if (profileName) params.set('profile', profileName)
+  const token = getApiKey()
+  if (token) params.set('token', token)
+  return `${base}/api/hermes/download?${params.toString()}`
+}
diff --git a/packages/client/src/api/hermes/group-chat.ts b/packages/client/src/api/hermes/group-chat.ts
new file mode 100644
index 0000000..74ecaea
--- /dev/null
+++ b/packages/client/src/api/hermes/group-chat.ts
@@ -0,0 +1,235 @@
+import { io } from 'socket.io-client'
+import { request, getApiKey } from '../client'
+
+// ─── Types ──────────────────────────────────────────────────
+
+export interface RoomInfo {
+    id: string
+    name: string
+    inviteCode: string | null
+    triggerTokens?: number
+    maxHistoryTokens?: number
+    tailMessageCount?: number
+    totalTokens?: number
+}
+
+export interface RoomAgent {
+    id: string
+    roomId: string
+    agentId: string
+    profile: string
+    name: string
+    description: string
+    invited: number
+}
+
+export interface AgentAddResult {
+    profile: string
+    ok: boolean
+    agent?: RoomAgent
+    code?: string
+    error?: string
+    reason?: string
+}
+
+export interface ChatMessage {
+    id: string
+    roomId: string
+    senderId: string
+    senderName: string
+    content: string
+    timestamp: number
+    role?: string
+    tool_call_id?: string | null
+    tool_calls?: any[] | null
+    tool_name?: string | null
+    finish_reason?: 'streaming' | 'tool_calls' | 'error' | string | null
+    reasoning?: string | null
+    reasoning_details?: string | null
+    reasoning_content?: string | null
+    isStreaming?: boolean
+    toolName?: string
+    toolCallId?: string
+    toolArgs?: string
+    toolPreview?: string
+    toolResult?: string
+    toolStatus?: 'running' | 'done' | 'error'
+    attachments?: Array<{ id: string; name: string; type: string; size: number; url: string }>
+}
+
+export interface MemberInfo {
+    id: string
+    userId: string
+    name: string
+    description: string
+    joinedAt: number
+}
+
+export interface JoinResult {
+    roomId: string
+    roomName: string
+    members: MemberInfo[]
+    messages: ChatMessage[]
+    rooms: string[]
+}
+
+// ─── Socket.IO Client ──────────────────────────────────────
+
+let socket: ReturnType<typeof io> | null = null
+
+export function connectGroupChat(opts?: { userId?: string; userName?: string; description?: string }): ReturnType<typeof io> {
+    if (socket?.connected) return socket
+
+    const token = getApiKey()
+    const userId = opts?.userId || localStorage.getItem('gc_user_id') || generateUUID()
+    localStorage.setItem('gc_user_id', userId)
+
+    socket = io('/group-chat', {
+        auth: {
+            token: token || undefined,
+            userId,
+            name: opts?.userName || localStorage.getItem('gc_user_name') || undefined,
+            description: opts?.description || localStorage.getItem('gc_user_description') || undefined,
+        },
+        transports: ['websocket', 'polling'],
+        reconnection: true,
+        reconnectionAttempts: Infinity,
+        reconnectionDelay: 1000,
+        reconnectionDelayMax: 30000,
+        randomizationFactor: 0.5,
+        timeout: 30000,
+    })
+
+    return socket
+}
+
+export function getStoredUserId(): string {
+    let id = localStorage.getItem('gc_user_id')
+    if (!id) {
+        id = generateUUID()
+        localStorage.setItem('gc_user_id', id)
+    }
+    return id
+}
+
+export function getStoredUserName(): string | null {
+    return localStorage.getItem('gc_user_name')
+}
+
+function generateUUID(): string {
+    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
+        const r = Math.random() * 16 | 0
+        const v = c === 'x' ? r : (r & 0x3 | 0x8)
+        return v.toString(16)
+    })
+}
+
+export function getSocket(): ReturnType<typeof io> | null {
+    return socket?.connected ? socket : null
+}
+
+export function disconnectGroupChat(): void {
+    if (socket) {
+        socket.disconnect()
+        socket = null
+    }
+}
+
+// ─── REST API ───────────────────────────────────────────────
+
+export async function createRoom(data: {
+    name: string
+    inviteCode: string
+    agents?: { profile: string; name?: string; description?: string; invited?: boolean }[]
+    compression?: { triggerTokens?: number; maxHistoryTokens?: number; tailMessageCount?: number }
+}): Promise<{ room: RoomInfo; agents: RoomAgent[]; agentResults?: AgentAddResult[] }> {
+    return request('/api/hermes/group-chat/rooms', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(data),
+    })
+}
+
+export async function cloneRoom(roomId: string, data?: { name?: string; inviteCode?: string }): Promise<{ room: RoomInfo; agents: RoomAgent[]; agentResults?: AgentAddResult[] }> {
+    return request(`/api/hermes/group-chat/rooms/${roomId}/clone`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(data || {}),
+    })
+}
+
+export async function listRooms(): Promise<{ rooms: RoomInfo[] }> {
+    return request('/api/hermes/group-chat/rooms')
+}
+
+export async function getRoomDetail(
+    roomId: string,
+    options: { offset?: number; limit?: number } = {},
+): Promise<{ room: RoomInfo; messages: ChatMessage[]; agents: RoomAgent[]; members: MemberInfo[]; total?: number; offset?: number; limit?: number; hasMore?: boolean }> {
+    const params = new URLSearchParams()
+    if (options.offset != null) params.set('offset', String(options.offset))
+    if (options.limit != null) params.set('limit', String(options.limit))
+    const query = params.toString()
+    return request(`/api/hermes/group-chat/rooms/${roomId}${query ? `?${query}` : ''}`)
+}
+
+export async function joinRoomByCode(code: string): Promise<{ room: RoomInfo }> {
+    return request(`/api/hermes/group-chat/rooms/join/${code}`)
+}
+
+export async function updateInviteCode(roomId: string, inviteCode: string): Promise<void> {
+    return request(`/api/hermes/group-chat/rooms/${roomId}/invite-code`, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ inviteCode }),
+    })
+}
+
+export async function addAgent(roomId: string, data: {
+    profile: string
+    name?: string
+    description?: string
+    invited?: boolean
+}): Promise<{ agent: RoomAgent }> {
+    return request(`/api/hermes/group-chat/rooms/${roomId}/agents`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(data),
+    })
+}
+
+export async function listAgents(roomId: string): Promise<{ agents: RoomAgent[] }> {
+    return request(`/api/hermes/group-chat/rooms/${roomId}/agents`)
+}
+
+export async function removeAgent(roomId: string, agentId: string): Promise<{ success: boolean; agents: RoomAgent[]; members: MemberInfo[] }> {
+    return request(`/api/hermes/group-chat/rooms/${roomId}/agents/${agentId}`, {
+        method: 'DELETE',
+    })
+}
+
+export async function deleteRoom(roomId: string): Promise<void> {
+    return request(`/api/hermes/group-chat/rooms/${roomId}`, {
+        method: 'DELETE',
+    })
+}
+
+export async function clearRoomContext(roomId: string): Promise<{ success: boolean; room: RoomInfo }> {
+    return request(`/api/hermes/group-chat/rooms/${roomId}/clear-context`, {
+        method: 'POST',
+    })
+}
+
+export async function updateRoomConfig(roomId: string, config: { triggerTokens?: number; maxHistoryTokens?: number; tailMessageCount?: number }): Promise<{ room: RoomInfo }> {
+    return request(`/api/hermes/group-chat/rooms/${roomId}/config`, {
+        method: 'PUT',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(config),
+    })
+}
+
+export async function forceCompress(roomId: string): Promise<{ success: boolean; summary: string }> {
+    return request(`/api/hermes/group-chat/rooms/${roomId}/compress`, {
+        method: 'POST',
+    })
+}
diff --git a/packages/client/src/api/hermes/jobs.ts b/packages/client/src/api/hermes/jobs.ts
new file mode 100644
index 0000000..a068d36
--- /dev/null
+++ b/packages/client/src/api/hermes/jobs.ts
@@ -0,0 +1,188 @@
+import { request } from '../client'
+
+export interface JobScheduleInterval {
+  kind: 'interval'
+  minutes: number
+  display: string
+}
+
+export interface JobScheduleCron {
+  kind: 'cron'
+  expr: string
+  display: string
+}
+
+export interface JobScheduleOnce {
+  kind: 'once'
+  run_at: string
+  display: string
+}
+
+type UnknownJobSchedule = {
+  kind: string
+  display?: string
+  expr?: string
+  minutes?: number
+  run_at?: string
+}
+
+export type JobSchedule = string | JobScheduleInterval | JobScheduleCron | JobScheduleOnce | UnknownJobSchedule
+
+export interface Job {
+  job_id: string
+  id: string
+  name: string
+  prompt: string
+  prompt_preview?: string
+  skills: string[]
+  skill: string | null
+  model: string | null
+  provider: string | null
+  base_url: string | null
+  script: string | null
+  schedule: JobSchedule
+  schedule_display: string
+  repeat: string | { times: number | null; completed: number }
+  enabled: boolean
+  state: string
+  paused_at: string | null
+  paused_reason: string | null
+  created_at: string
+  next_run_at: string | null
+  last_run_at: string | null
+  last_status: string | null
+  last_error: string | null
+  deliver: string
+  origin: {
+    platform: string
+    chat_id: string
+    chat_name: string
+    thread_id: string | null
+  } | null
+  last_delivery_error: string | null
+}
+
+export interface CreateJobRequest {
+  name: string
+  schedule: string
+  prompt?: string
+  deliver?: string
+  skills?: string[]
+  repeat?: number
+}
+
+export interface UpdateJobRequest {
+  name?: string
+  schedule?: string
+  prompt?: string
+  deliver?: string
+  skills?: string[]
+  skill?: string
+  repeat?: number | null
+  enabled?: boolean
+  model?: string
+  provider?: string
+}
+
+export interface JobFormValues {
+  name: string
+  schedule: string
+  prompt: string
+  deliver: string
+  repeat_times: number | null
+}
+
+function unwrap(res: { job: Job }): Job {
+  return res.job
+}
+
+function isScheduleObject(schedule: JobSchedule | null | undefined): schedule is Exclude<JobSchedule, string> {
+  return typeof schedule === 'object' && schedule !== null
+}
+
+export function scheduleToEditableInput(schedule: JobSchedule | null | undefined, fallback = ''): string {
+  if (typeof schedule === 'string') return schedule
+  if (!isScheduleObject(schedule)) return fallback
+
+  if (schedule.kind === 'cron') return schedule.expr || schedule.display || fallback
+  if (schedule.kind === 'once') return schedule.run_at || schedule.display || fallback
+  if (schedule.kind === 'interval') {
+    return schedule.display || (typeof schedule.minutes === 'number' ? `every ${schedule.minutes}m` : fallback)
+  }
+
+  const unknownSchedule = schedule as UnknownJobSchedule
+  return unknownSchedule.expr || unknownSchedule.run_at || unknownSchedule.display || fallback
+}
+
+export function scheduleToDisplayText(schedule: JobSchedule | null | undefined, fallback = '—'): string {
+  if (typeof schedule === 'string') return schedule
+  if (!isScheduleObject(schedule)) return fallback
+
+  if (schedule.kind === 'cron') return schedule.expr || schedule.display || fallback
+  if (schedule.kind === 'interval') return schedule.display || scheduleToEditableInput(schedule, fallback)
+  if (schedule.kind === 'once') return schedule.display || scheduleToEditableInput(schedule, fallback)
+
+  const unknownSchedule = schedule as UnknownJobSchedule
+  return unknownSchedule.display || unknownSchedule.expr || unknownSchedule.run_at || fallback
+}
+
+export function jobRepeatToEditValue(repeat: Job['repeat']): number | null {
+  if (repeat && typeof repeat === 'object') return repeat.times ?? null
+  return null
+}
+
+export function buildJobUpdateRequest(original: Job, form: JobFormValues): UpdateJobRequest {
+  const payload: UpdateJobRequest = {}
+  const originalSchedule = scheduleToEditableInput(original.schedule, original.schedule_display || '')
+  const originalRepeat = jobRepeatToEditValue(original.repeat)
+  const originalDeliver = original.deliver || 'origin'
+
+  if (form.name !== original.name) payload.name = form.name
+  if (form.schedule !== originalSchedule) payload.schedule = form.schedule
+  if (form.prompt !== (original.prompt || '')) payload.prompt = form.prompt
+  if (form.deliver !== originalDeliver) payload.deliver = form.deliver
+  if (form.repeat_times !== originalRepeat) payload.repeat = form.repeat_times
+
+  return payload
+}
+
+export async function listJobs(): Promise<Job[]> {
+  const res = await request<{ jobs: Job[] }>('/api/hermes/jobs?include_disabled=true')
+  return res.jobs
+}
+
+export async function getJob(jobId: string): Promise<Job> {
+  return unwrap(await request<{ job: Job }>(`/api/hermes/jobs/${jobId}`))
+}
+
+export async function createJob(data: CreateJobRequest): Promise<Job> {
+  return unwrap(await request<{ job: Job }>('/api/hermes/jobs', {
+    method: 'POST',
+    body: JSON.stringify(data),
+  }))
+}
+
+export async function updateJob(jobId: string, data: UpdateJobRequest): Promise<Job> {
+  return unwrap(await request<{ job: Job }>(`/api/hermes/jobs/${jobId}`, {
+    method: 'PATCH',
+    body: JSON.stringify(data),
+  }))
+}
+
+export async function deleteJob(jobId: string): Promise<{ ok: boolean }> {
+  return request<{ ok: boolean }>(`/api/hermes/jobs/${jobId}`, {
+    method: 'DELETE',
+  })
+}
+
+export async function pauseJob(jobId: string): Promise<Job> {
+  return unwrap(await request<{ job: Job }>(`/api/hermes/jobs/${jobId}/pause`, { method: 'POST' }))
+}
+
+export async function resumeJob(jobId: string): Promise<Job> {
+  return unwrap(await request<{ job: Job }>(`/api/hermes/jobs/${jobId}/resume`, { method: 'POST' }))
+}
+
+export async function runJob(jobId: string): Promise<Job> {
+  return unwrap(await request<{ job: Job }>(`/api/hermes/jobs/${jobId}/run`, { method: 'POST' }))
+}
diff --git a/packages/client/src/api/hermes/kanban.ts b/packages/client/src/api/hermes/kanban.ts
new file mode 100644
index 0000000..83bbb52
--- /dev/null
+++ b/packages/client/src/api/hermes/kanban.ts
@@ -0,0 +1,442 @@
+import { request, getApiKey, getBaseUrlValue } from '../client'
+
+// ─── Types ──────────────────────────────────────────────────────
+
+export type KanbanTaskStatus = 'triage' | 'todo' | 'ready' | 'running' | 'blocked' | 'done' | 'archived'
+
+export interface KanbanTask {
+  id: string
+  title: string
+  body: string | null
+  assignee: string | null
+  status: KanbanTaskStatus
+  priority: number
+  created_by: string | null
+  created_at: number
+  started_at: number | null
+  completed_at: number | null
+  workspace_kind: string
+  workspace_path: string | null
+  tenant: string | null
+  result: string | null
+  skills: string[] | null
+}
+
+export interface KanbanRun {
+  id: number
+  task_id: string
+  profile: string | null
+  status: string
+  outcome: string | null
+  summary: string | null
+  error: string | null
+  metadata: Record<string, unknown> | null
+  worker_pid: number | null
+  started_at: number
+  ended_at: number | null
+}
+
+export interface KanbanComment {
+  id: number
+  task_id: string
+  author: string
+  body: string
+  created_at: number
+}
+
+export interface KanbanEvent {
+  id: number
+  task_id: string
+  kind: string
+  payload: Record<string, unknown> | null
+  created_at: number
+  run_id: number | null
+}
+
+export interface KanbanTaskMessage {
+  id: number | string
+  session_id: string
+  role: string
+  content: string
+  tool_call_id: string | null
+  tool_calls: any[] | null
+  tool_name: string | null
+  timestamp: number
+  token_count: number | null
+  finish_reason: string | null
+  reasoning: string | null
+}
+
+export interface KanbanTaskSession {
+  id: string
+  title: string | null
+  source: string
+  model: string
+  started_at: number
+  ended_at: number | null
+  messages: KanbanTaskMessage[]
+}
+
+export interface KanbanTaskDetail {
+  task: KanbanTask
+  latest_summary: string | null
+  session?: KanbanTaskSession
+  comments: KanbanComment[]
+  events: KanbanEvent[]
+  runs: KanbanRun[]
+  parents?: string[]
+  children?: string[]
+}
+
+export interface KanbanStats {
+  by_status: Record<string, number>
+  by_assignee: Record<string, number>
+  total: number
+}
+
+export interface KanbanAssignee {
+  name: string
+  on_disk: boolean
+  counts: Record<string, number> | null
+}
+
+export interface KanbanBoard {
+  slug: string
+  name: string
+  description: string
+  icon: string
+  color: string
+  created_at: number | null
+  archived: boolean
+  db_path?: string
+  is_current?: boolean
+  counts: Record<string, number>
+  total: number
+}
+
+export interface KanbanBoardCreateRequest {
+  slug: string
+  name?: string
+  description?: string
+  icon?: string
+  color?: string
+  switchCurrent?: boolean
+}
+
+export interface KanbanCapabilityStatus {
+  key: string
+  status: 'supported' | 'partial' | 'missing'
+  reason?: string
+  canonicalRoute?: string
+  canonicalCommand?: string
+  requiresBoard: boolean
+}
+
+export interface KanbanCapabilities {
+  source: 'hermes-cli'
+  supports: Record<string, boolean>
+  missing: string[]
+  capabilities?: KanbanCapabilityStatus[]
+}
+
+export interface KanbanTaskLog {
+  task_id: string
+  path: string | null
+  exists: boolean
+  size_bytes: number
+  content: string
+  truncated: boolean
+}
+
+export interface KanbanCreateRequest {
+  title: string
+  body?: string
+  assignee?: string
+  priority?: number
+  tenant?: string
+}
+
+export interface KanbanBoardOptions {
+  board?: string
+}
+
+export interface KanbanListOptions extends KanbanBoardOptions {
+  status?: string
+  assignee?: string
+  tenant?: string
+  includeArchived?: boolean
+}
+
+export interface KanbanCommentCreateRequest {
+  body: string
+  author?: string
+}
+
+export interface KanbanTaskLogOptions extends KanbanBoardOptions {
+  tail?: number
+}
+
+export interface KanbanDiagnosticsOptions extends KanbanBoardOptions {
+  task?: string
+  severity?: 'warning' | 'error' | 'critical'
+}
+
+export interface KanbanReclaimOptions extends KanbanBoardOptions {
+  reason?: string
+}
+
+export interface KanbanReassignOptions extends KanbanBoardOptions {
+  reclaim?: boolean
+  reason?: string
+}
+
+export interface KanbanSpecifyOptions extends KanbanBoardOptions {
+  author?: string
+}
+
+export interface KanbanDispatchOptions extends KanbanBoardOptions {
+  dryRun?: boolean
+  max?: number
+  failureLimit?: number
+}
+
+export interface KanbanLinkRequest {
+  parent_id: string
+  child_id: string
+}
+
+export interface KanbanBulkUpdateRequest {
+  ids: string[]
+  status?: KanbanTaskStatus
+  assignee?: string | null
+  archive?: boolean
+  summary?: string
+  reason?: string
+}
+
+export interface KanbanBulkTaskResult {
+  id: string
+  ok: boolean
+  error?: string
+}
+
+function normalizedBoard(board?: string): string {
+  const trimmed = board?.trim()
+  return trimmed || 'default'
+}
+
+function activeProfileName(): string | null {
+  try {
+    return localStorage.getItem('hermes_active_profile_name')
+  } catch {
+    return null
+  }
+}
+
+function appendQuery(path: string, params: URLSearchParams): string {
+  const qs = params.toString()
+  return qs ? `${path}?${qs}` : path
+}
+
+function boardParams(board?: string): URLSearchParams {
+  const params = new URLSearchParams()
+  params.set('board', normalizedBoard(board))
+  return params
+}
+
+function websocketProtocol(base?: string): string {
+  if (base) return base.startsWith('https') ? 'wss:' : 'ws:'
+  return location.protocol === 'https:' ? 'wss:' : 'ws:'
+}
+
+function formatHostForPort(hostname: string, port: number): string {
+  if (hostname.startsWith('[') && hostname.endsWith(']')) return `${hostname}:${port}`
+  return hostname.includes(':') ? `[${hostname}]:${port}` : `${hostname}:${port}`
+}
+
+export function buildKanbanEventsWebSocketUrl(opts?: KanbanBoardOptions): string {
+  const base = getBaseUrlValue()
+  const params = boardParams(opts?.board)
+  const token = getApiKey()
+  if (token) params.set('token', token)
+  const profile = activeProfileName()
+  if (profile) params.set('profile', profile)
+  const path = `/api/hermes/kanban/events?${params.toString()}`
+
+  if (base) {
+    return `${websocketProtocol(base)}//${new URL(base).host}${path}`
+  }
+
+  const directDevPort = import.meta.env.VITE_HERMES_DIRECT_WS_PORT
+  const host = import.meta.env.DEV && directDevPort
+    ? formatHostForPort(location.hostname, Number(directDevPort))
+    : location.host
+  return `${websocketProtocol()}//${host}${path}`
+}
+
+export function openKanbanEventStream(opts?: KanbanBoardOptions): WebSocket {
+  return new WebSocket(buildKanbanEventsWebSocketUrl(opts))
+}
+
+// ─── API functions ───────────────────────────────────────────────
+
+export async function listBoards(opts?: { includeArchived?: boolean }): Promise<KanbanBoard[]> {
+  const params = new URLSearchParams()
+  if (opts?.includeArchived) params.set('includeArchived', 'true')
+  const res = await request<{ boards: KanbanBoard[] }>(appendQuery('/api/hermes/kanban/boards', params))
+  return res.boards
+}
+
+export async function createBoard(data: KanbanBoardCreateRequest): Promise<KanbanBoard> {
+  const res = await request<{ board: KanbanBoard }>('/api/hermes/kanban/boards', {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+  return res.board
+}
+
+export async function archiveBoard(slug: string): Promise<{ ok: boolean }> {
+  return request<{ ok: boolean }>(`/api/hermes/kanban/boards/${encodeURIComponent(slug)}`, {
+    method: 'DELETE',
+  })
+}
+
+export async function getCapabilities(): Promise<KanbanCapabilities> {
+  const res = await request<{ capabilities: KanbanCapabilities }>('/api/hermes/kanban/capabilities')
+  return res.capabilities
+}
+
+export async function listTasks(opts?: KanbanListOptions): Promise<KanbanTask[]> {
+  const params = boardParams(opts?.board)
+  if (opts?.status) params.set('status', opts.status)
+  if (opts?.assignee) params.set('assignee', opts.assignee)
+  if (opts?.tenant) params.set('tenant', opts.tenant)
+  if (opts?.includeArchived) params.set('includeArchived', 'true')
+  const res = await request<{ tasks: KanbanTask[] }>(appendQuery('/api/hermes/kanban', params))
+  return res.tasks
+}
+
+export async function getTask(id: string, opts?: KanbanBoardOptions): Promise<KanbanTaskDetail> {
+  return request<KanbanTaskDetail>(appendQuery(`/api/hermes/kanban/${encodeURIComponent(id)}`, boardParams(opts?.board)))
+}
+
+export async function createTask(data: KanbanCreateRequest, opts?: KanbanBoardOptions): Promise<KanbanTask> {
+  const res = await request<{ task: KanbanTask }>(appendQuery('/api/hermes/kanban', boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+  return res.task
+}
+
+export async function completeTasks(taskIds: string[], summary?: string, opts?: KanbanBoardOptions): Promise<{ ok: boolean }> {
+  return request<{ ok: boolean }>(appendQuery('/api/hermes/kanban/complete', boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify({ task_ids: taskIds, summary }),
+  })
+}
+
+export async function blockTask(taskId: string, reason: string, opts?: KanbanBoardOptions): Promise<{ ok: boolean }> {
+  return request<{ ok: boolean }>(appendQuery(`/api/hermes/kanban/${encodeURIComponent(taskId)}/block`, boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify({ reason }),
+  })
+}
+
+export async function unblockTasks(taskIds: string[], opts?: KanbanBoardOptions): Promise<{ ok: boolean }> {
+  return request<{ ok: boolean }>(appendQuery('/api/hermes/kanban/unblock', boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify({ task_ids: taskIds }),
+  })
+}
+
+export async function assignTask(taskId: string, profile: string, opts?: KanbanBoardOptions): Promise<{ ok: boolean }> {
+  return request<{ ok: boolean }>(appendQuery(`/api/hermes/kanban/${encodeURIComponent(taskId)}/assign`, boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify({ profile }),
+  })
+}
+
+export async function addComment(taskId: string, data: KanbanCommentCreateRequest, opts?: KanbanBoardOptions): Promise<{ ok: boolean; output?: string }> {
+  return request<{ ok: boolean; output?: string }>(appendQuery(`/api/hermes/kanban/${encodeURIComponent(taskId)}/comments`, boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function linkTasks(data: KanbanLinkRequest, opts?: KanbanBoardOptions): Promise<{ ok: boolean; output?: string }> {
+  return request<{ ok: boolean; output?: string }>(appendQuery('/api/hermes/kanban/links', boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function unlinkTasks(data: KanbanLinkRequest, opts?: KanbanBoardOptions): Promise<{ ok: boolean; output?: string }> {
+  const params = boardParams(opts?.board)
+  params.set('parent_id', data.parent_id)
+  params.set('child_id', data.child_id)
+  return request<{ ok: boolean; output?: string }>(appendQuery('/api/hermes/kanban/links', params), {
+    method: 'DELETE',
+  })
+}
+
+export async function bulkUpdateTasks(data: KanbanBulkUpdateRequest, opts?: KanbanBoardOptions): Promise<{ results: KanbanBulkTaskResult[] }> {
+  return request<{ results: KanbanBulkTaskResult[] }>(appendQuery('/api/hermes/kanban/tasks/bulk', boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function getTaskLog(taskId: string, opts?: KanbanTaskLogOptions): Promise<KanbanTaskLog> {
+  const params = boardParams(opts?.board)
+  if (opts?.tail !== undefined) params.set('tail', String(opts.tail))
+  return request<KanbanTaskLog>(appendQuery(`/api/hermes/kanban/${encodeURIComponent(taskId)}/log`, params))
+}
+
+export async function getDiagnostics(opts?: KanbanDiagnosticsOptions): Promise<unknown[]> {
+  const params = boardParams(opts?.board)
+  if (opts?.task) params.set('task', opts.task)
+  if (opts?.severity) params.set('severity', opts.severity)
+  const res = await request<{ diagnostics: unknown[] }>(appendQuery('/api/hermes/kanban/diagnostics', params))
+  return res.diagnostics
+}
+
+export async function reclaimTask(taskId: string, opts?: KanbanReclaimOptions): Promise<{ ok: boolean; output?: string }> {
+  return request<{ ok: boolean; output?: string }>(appendQuery(`/api/hermes/kanban/${encodeURIComponent(taskId)}/reclaim`, boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify({ reason: opts?.reason }),
+  })
+}
+
+export async function reassignTask(taskId: string, profile: string, opts?: KanbanReassignOptions): Promise<{ ok: boolean; output?: string }> {
+  return request<{ ok: boolean; output?: string }>(appendQuery(`/api/hermes/kanban/${encodeURIComponent(taskId)}/reassign`, boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify({ profile, reclaim: opts?.reclaim, reason: opts?.reason }),
+  })
+}
+
+export async function specifyTask(taskId: string, opts?: KanbanSpecifyOptions): Promise<unknown[]> {
+  const res = await request<{ results: unknown[] }>(appendQuery(`/api/hermes/kanban/${encodeURIComponent(taskId)}/specify`, boardParams(opts?.board)), {
+    method: 'POST',
+    body: JSON.stringify({ author: opts?.author }),
+  })
+  return res.results
+}
+
+export async function dispatch(opts?: KanbanDispatchOptions): Promise<unknown> {
+  const params = boardParams(opts?.board)
+  const res = await request<{ result: unknown }>(appendQuery('/api/hermes/kanban/dispatch', params), {
+    method: 'POST',
+    body: JSON.stringify({ dryRun: opts?.dryRun, max: opts?.max, failureLimit: opts?.failureLimit }),
+  })
+  return res.result
+}
+
+export async function getStats(opts?: KanbanBoardOptions): Promise<KanbanStats> {
+  const res = await request<{ stats: KanbanStats }>(appendQuery('/api/hermes/kanban/stats', boardParams(opts?.board)))
+  return res.stats
+}
+
+export async function getAssignees(opts?: KanbanBoardOptions): Promise<KanbanAssignee[]> {
+  const res = await request<{ assignees: KanbanAssignee[] }>(appendQuery('/api/hermes/kanban/assignees', boardParams(opts?.board)))
+  return res.assignees
+}
diff --git a/packages/client/src/api/hermes/logs.ts b/packages/client/src/api/hermes/logs.ts
new file mode 100644
index 0000000..4773eb0
--- /dev/null
+++ b/packages/client/src/api/hermes/logs.ts
@@ -0,0 +1,36 @@
+import { request } from '../client'
+
+export interface LogFileInfo {
+  name: string
+  size: string
+  modified: string
+}
+
+export interface LogEntry {
+  timestamp: string
+  level: string
+  logger: string
+  message: string
+  raw: string
+}
+
+export async function fetchLogFiles(): Promise<LogFileInfo[]> {
+  const res = await request<{ files: LogFileInfo[] }>('/api/hermes/logs')
+  return res.files
+}
+
+export async function fetchLogs(name: string, params?: {
+  lines?: number
+  level?: string
+  session?: string
+  since?: string
+}): Promise<LogEntry[]> {
+  const query = new URLSearchParams()
+  if (params?.lines) query.set('lines', String(params.lines))
+  if (params?.level) query.set('level', params.level)
+  if (params?.session) query.set('session', params.session)
+  if (params?.since) query.set('since', params.since)
+  const qs = query.toString()
+  const res = await request<{ entries: (LogEntry | null)[] }>(`/api/hermes/logs/${name}${qs ? `?${qs}` : ''}`)
+  return res.entries.filter((e): e is LogEntry => e !== null)
+}
diff --git a/packages/client/src/api/hermes/mcp.ts b/packages/client/src/api/hermes/mcp.ts
new file mode 100644
index 0000000..1872bc6
--- /dev/null
+++ b/packages/client/src/api/hermes/mcp.ts
@@ -0,0 +1,90 @@
+import { request } from '../client'
+
+export interface McpServerInfo {
+  name: string
+  transport: 'stdio' | 'http' | 'sse'
+  connected: boolean
+  tools: number
+  tools_registered: number
+  tool_names: string[]
+  tool_names_registered: string[]
+  tool_details: Array<{ name: string; description?: string }>
+  error?: string | null
+  raw_config: McpServerConfig
+}
+
+export interface McpServersResponse {
+  ok: boolean
+  servers: McpServerInfo[]
+  total_tools: number
+  error?: string
+}
+
+export interface McpToolsResponse {
+  ok: boolean
+  results: Array<{
+    server: string
+    tools: Array<{
+      name: string
+      description: string
+      input_schema: Record<string, unknown>
+    }>
+  }>
+  error?: string
+}
+
+export interface McpServerConfig {
+  command?: string
+  args?: string[]
+  url?: string
+  env?: Record<string, string>
+  headers?: Record<string, string>
+  timeout?: number
+  connect_timeout?: number
+  enabled?: boolean
+  transport?: 'stdio' | 'http' | 'sse'
+  tools?: { include?: string[]; exclude?: string[] }
+  prompts?: boolean
+  resources?: boolean
+}
+
+export async function fetchMcpServers(): Promise<McpServersResponse> {
+  return request<McpServersResponse>('/api/hermes/mcp/servers')
+}
+
+export async function fetchMcpTools(server?: string, raw?: boolean): Promise<McpToolsResponse> {
+  const params = new URLSearchParams()
+  if (server) params.set('server', server)
+  if (raw) params.set('raw', '1')
+  const query = params.toString() ? `?${params.toString()}` : ''
+  return request<McpToolsResponse>(`/api/hermes/mcp/tools${query}`)
+}
+
+export async function mcpServerAdd(name: string, config: McpServerConfig): Promise<{ ok: boolean; name?: string; error?: string }> {
+  return request('/api/hermes/mcp/servers', {
+    method: 'POST',
+    body: JSON.stringify({ name, config }),
+  })
+}
+
+export async function mcpServerRemove(name: string): Promise<{ ok: boolean; error?: string }> {
+  return request(`/api/hermes/mcp/servers/${encodeURIComponent(name)}`, {
+    method: 'DELETE',
+  })
+}
+
+export async function mcpServerUpdate(name: string, config: McpServerConfig): Promise<{ ok: boolean; error?: string }> {
+  return request(`/api/hermes/mcp/servers/${encodeURIComponent(name)}`, {
+    method: 'PATCH',
+    body: JSON.stringify({ config }),
+  })
+}
+
+export async function mcpReload(name?: string): Promise<{ ok: boolean; message?: string; error?: string }> {
+  const query = name ? `?server=${encodeURIComponent(name)}` : ''
+  return request(`/api/hermes/mcp/reload${query}`, { method: 'POST' })
+}
+
+export async function mcpServerTest(name: string): Promise<{ ok: boolean; tools?: string[]; error?: string }> {
+  return request(`/api/hermes/mcp/servers/${encodeURIComponent(name)}/test`, { method: 'POST' })
+}
diff --git a/packages/client/src/api/hermes/model-context.ts b/packages/client/src/api/hermes/model-context.ts
new file mode 100644
index 0000000..cbd9830
--- /dev/null
+++ b/packages/client/src/api/hermes/model-context.ts
@@ -0,0 +1,41 @@
+import { request } from '../client'
+
+export interface ModelContext {
+  id: number
+  provider: string
+  model: string
+  context_limit: number
+}
+
+/**
+ * 根据 provider 和 model 查询模型上下文配置
+ */
+export async function getModelContext(provider: string, model: string): Promise<ModelContext | null> {
+  try {
+    const res = await request<{ data: ModelContext }>(
+      `/api/hermes/model-context?provider=${encodeURIComponent(provider)}&model=${encodeURIComponent(model)}`
+    )
+    return res.data
+  } catch (err: any) {
+    if (err.status === 404) return null
+    throw err
+  }
+}
+
+/**
+ * 设置模型上下文配置（UPSERT：存在则更新，不存在则插入）
+ */
+export async function setModelContext(
+  provider: string,
+  model: string,
+  contextLimit: number
+): Promise<ModelContext> {
+  const res = await request<{ success: boolean; data: ModelContext }>(
+    `/api/hermes/model-context/${encodeURIComponent(provider)}/${encodeURIComponent(model)}`,
+    {
+      method: 'PUT',
+      body: JSON.stringify({ provider, model, context_limit: contextLimit }),
+    }
+  )
+  return res.data
+}
diff --git a/packages/client/src/api/hermes/nous-auth.ts b/packages/client/src/api/hermes/nous-auth.ts
new file mode 100644
index 0000000..890ccd7
--- /dev/null
+++ b/packages/client/src/api/hermes/nous-auth.ts
@@ -0,0 +1,29 @@
+import { request } from '../client'
+
+export interface NousStartResult {
+  session_id: string
+  user_code: string
+  verification_url: string
+  expires_in: number
+}
+
+export interface NousPollResult {
+  status: 'pending' | 'approved' | 'denied' | 'expired' | 'error'
+  error: string | null
+}
+
+export interface NousStatusResult {
+  authenticated: boolean
+}
+
+export async function startNousLogin(): Promise<NousStartResult> {
+  return request<NousStartResult>('/api/hermes/auth/nous/start', { method: 'POST' })
+}
+
+export async function pollNousLogin(sessionId: string): Promise<NousPollResult> {
+  return request<NousPollResult>(`/api/hermes/auth/nous/poll/${sessionId}`)
+}
+
+export async function getNousAuthStatus(): Promise<NousStatusResult> {
+  return request<NousStatusResult>('/api/hermes/auth/nous/status')
+}
diff --git a/packages/client/src/api/hermes/performance-monitor.ts b/packages/client/src/api/hermes/performance-monitor.ts
new file mode 100644
index 0000000..ecce62b
--- /dev/null
+++ b/packages/client/src/api/hermes/performance-monitor.ts
@@ -0,0 +1,63 @@
+import { request } from '../client'
+
+export interface ProcessUsage {
+  pid: number
+  role: 'web' | 'broker' | 'worker'
+  profile?: string
+  running: boolean
+  cpuPercent: number
+  memoryRssBytes: number
+  command?: string
+  error?: string
+}
+
+export interface PerformanceRuntimeSnapshot {
+  timestamp: number
+  system: {
+    platform: string
+    arch: string
+    uptimeSeconds: number
+    cpuCount: number
+    cpuPercent: number
+    loadAverage: number[]
+    totalMemoryBytes: number
+    freeMemoryBytes: number
+    usedMemoryBytes: number
+    memoryPercent: number
+  }
+  web: {
+    pid: number
+    uptimeSeconds: number
+    memory: Record<string, number>
+    cpuPercent: number
+  }
+  bridge: {
+    endpoint: string
+    reachable: boolean
+    error?: string
+    broker: {
+      running: boolean
+      ready: boolean
+      pid?: number
+      process?: ProcessUsage
+      restartScheduled: boolean
+      restartAttempts: number
+    }
+    workers: Array<ProcessUsage & {
+      endpoint?: string
+      lastUsedAt?: number
+      sessionCount: number
+      runningSessionCount: number
+    }>
+    totalWorkerMemoryRssBytes: number
+  }
+  sessions: {
+    active: number
+    running: number
+    byProfile: Record<string, number>
+  }
+}
+
+export async function fetchPerformanceRuntime(): Promise<PerformanceRuntimeSnapshot> {
+  return request<PerformanceRuntimeSnapshot>('/api/hermes/performance/runtime')
+}
diff --git a/packages/client/src/api/hermes/plugins.ts b/packages/client/src/api/hermes/plugins.ts
new file mode 100644
index 0000000..5cee32d
--- /dev/null
+++ b/packages/client/src/api/hermes/plugins.ts
@@ -0,0 +1,37 @@
+import { request } from '../client'
+
+export type PluginConfigStatus = 'enabled' | 'disabled' | 'not-enabled' | 'auto' | 'provider-managed'
+export type PluginEffectiveStatus = 'enabled' | 'disabled' | 'inactive' | 'auto-active' | 'provider-managed'
+
+export interface HermesPluginInfo {
+  key: string
+  name: string
+  kind: string
+  source: string
+  configStatus: PluginConfigStatus | string
+  effectiveStatus: PluginEffectiveStatus | string
+  version: string
+  description: string
+  author: string
+  path: string
+  providesTools: string[]
+  providesHooks: string[]
+  requiresEnv: Array<string | Record<string, unknown>>
+}
+
+export interface HermesPluginsMetadata {
+  hermesAgentRoot: string
+  pythonExecutable: string
+  cwd: string
+  projectPluginsEnabled: boolean
+}
+
+export interface HermesPluginsResponse {
+  plugins: HermesPluginInfo[]
+  warnings: string[]
+  metadata: HermesPluginsMetadata
+}
+
+export async function fetchPlugins(): Promise<HermesPluginsResponse> {
+  return request<HermesPluginsResponse>('/api/hermes/plugins')
+}
diff --git a/packages/client/src/api/hermes/profiles.ts b/packages/client/src/api/hermes/profiles.ts
new file mode 100644
index 0000000..87a6e6d
--- /dev/null
+++ b/packages/client/src/api/hermes/profiles.ts
@@ -0,0 +1,228 @@
+import { request, getBaseUrlValue, getApiKey } from '../client'
+
+export interface HermesProfile {
+  name: string
+  active: boolean
+  model: string
+  gatewayStatus?: string
+  alias: string
+  avatar?: ProfileAvatar | null
+}
+
+export interface HermesProfileDetail {
+  name: string
+  path: string
+  model: string
+  provider: string
+  skills: number
+  hasEnv: boolean
+  hasSoulMd: boolean
+  avatar?: ProfileAvatar | null
+}
+
+export interface ProfileAvatar {
+  type: 'generated' | 'image'
+  seed?: string
+  dataUrl?: string
+  updatedAt?: number
+}
+
+export interface ProfileRuntimeStatus {
+  profile: string
+  bridge: {
+    running: boolean
+    profile: string
+    mode?: string
+    reachable?: boolean
+    error?: string
+  }
+  gateway: {
+    profile: string
+    running: boolean
+    pid?: number
+    port?: number
+    host?: string
+    url?: string
+    error?: string
+    diagnostics?: {
+      health_url?: string
+      reason?: string
+      health_ok?: boolean
+    }
+  }
+}
+
+export interface ProfileRuntimeStatusesResponse {
+  profiles: ProfileRuntimeStatus[]
+  refreshing?: boolean
+}
+
+export async function fetchProfiles(): Promise<HermesProfile[]> {
+  const res = await request<{ profiles: HermesProfile[] }>('/api/hermes/profiles')
+  return res.profiles
+}
+
+export async function fetchProfileDetail(name: string): Promise<HermesProfileDetail> {
+  const res = await request<{ profile: HermesProfileDetail }>(`/api/hermes/profiles/${encodeURIComponent(name)}`)
+  return res.profile
+}
+
+export async function fetchProfileRuntimeStatus(name: string): Promise<ProfileRuntimeStatus> {
+  return request<ProfileRuntimeStatus>(`/api/hermes/profiles/${encodeURIComponent(name)}/runtime-status`)
+}
+
+export async function fetchProfileRuntimeStatusesWithMeta(options: { refresh?: boolean } = {}): Promise<ProfileRuntimeStatusesResponse> {
+  const query = options.refresh === false ? '?refresh=0' : ''
+  return request<ProfileRuntimeStatusesResponse>(`/api/hermes/profiles/runtime-statuses${query}`)
+}
+
+export async function fetchProfileRuntimeStatuses(): Promise<ProfileRuntimeStatus[]> {
+  const res = await fetchProfileRuntimeStatusesWithMeta()
+  return res.profiles
+}
+
+export async function updateProfileAvatar(name: string, avatar: ProfileAvatar): Promise<ProfileAvatar> {
+  const res = await request<{ avatar: ProfileAvatar }>(`/api/hermes/profiles/${encodeURIComponent(name)}/avatar`, {
+    method: 'PUT',
+    body: JSON.stringify(avatar),
+  })
+  return res.avatar
+}
+
+export async function deleteProfileAvatar(name: string): Promise<void> {
+  await request(`/api/hermes/profiles/${encodeURIComponent(name)}/avatar`, { method: 'DELETE' })
+}
+
+export async function restartProfileGateway(name: string): Promise<ProfileRuntimeStatus['gateway']> {
+  const res = await request<{ success: boolean; gateway: ProfileRuntimeStatus['gateway'] }>(
+    `/api/hermes/profiles/${encodeURIComponent(name)}/gateway/restart`,
+    { method: 'POST' },
+  )
+  return res.gateway
+}
+
+export async function restartProfileRuntime(name: string): Promise<ProfileRuntimeStatus> {
+  const res = await request<{ success: boolean; status: ProfileRuntimeStatus }>(
+    `/api/hermes/profiles/${encodeURIComponent(name)}/restart`,
+    { method: 'POST' },
+  )
+  return res.status
+}
+
+export interface CreateProfileResult {
+  success: boolean
+  /** clone=true 时被清理的独占平台凭据 KEY 名 */
+  strippedCredentials?: string[]
+  /** clone=true 时被禁用的独占平台名 */
+  disabledPlatforms?: string[]
+  /** clone=true 时在 config.yaml 中被清理的内嵌凭据字段路径 */
+  strippedConfigCredentials?: string[]
+}
+
+export async function createProfile(name: string, clone?: boolean): Promise<CreateProfileResult & { error?: string }> {
+  try {
+    const res = await request<{
+      success: boolean
+      strippedCredentials?: string[]
+      disabledPlatforms?: string[]
+      strippedConfigCredentials?: string[]
+      error?: string
+    }>('/api/hermes/profiles', {
+      method: 'POST',
+      body: JSON.stringify({ name, clone }),
+    })
+    return {
+      success: !!res.success,
+      strippedCredentials: res.strippedCredentials,
+      disabledPlatforms: res.disabledPlatforms,
+      strippedConfigCredentials: res.strippedConfigCredentials,
+      error: res.error,
+    }
+  } catch (err: any) {
+    return { success: false, error: err.message || 'Unknown error' }
+  }
+}
+
+export async function deleteProfile(name: string): Promise<boolean> {
+  try {
+    await request(`/api/hermes/profiles/${encodeURIComponent(name)}`, { method: 'DELETE' })
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function renameProfile(name: string, newName: string): Promise<boolean> {
+  try {
+    await request(`/api/hermes/profiles/${encodeURIComponent(name)}/rename`, {
+      method: 'POST',
+      body: JSON.stringify({ new_name: newName }),
+    })
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function switchProfile(name: string): Promise<boolean> {
+  return !!name
+}
+
+export async function switchHermesProfile(name: string): Promise<boolean> {
+  try {
+    await request('/api/hermes/profiles/active', {
+      method: 'PUT',
+      body: JSON.stringify({ name }),
+    })
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function exportProfile(name: string): Promise<boolean> {
+  try {
+    const baseUrl = getBaseUrlValue()
+    const token = getApiKey()
+    const headers: Record<string, string> = {}
+    if (token) headers['Authorization'] = `Bearer ${token}`
+
+    const res = await fetch(`${baseUrl}/api/hermes/profiles/${encodeURIComponent(name)}/export`, {
+      method: 'POST',
+      headers,
+    })
+    if (!res.ok) throw new Error()
+
+    const blob = await res.blob()
+    const url = URL.createObjectURL(blob)
+    const a = document.createElement('a')
+    a.href = url
+    a.download = `hermes-profile-${name}.tar.gz`
+    a.click()
+    URL.revokeObjectURL(url)
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function importProfile(file: File): Promise<boolean> {
+  try {
+    const baseUrl = getBaseUrlValue()
+    const token = getApiKey()
+    const headers: Record<string, string> = {}
+    if (token) headers['Authorization'] = `Bearer ${token}`
+
+    const formData = new FormData()
+    formData.append('file', file)
+
+    const res = await fetch(`${baseUrl}/api/hermes/profiles/import`, {
+      method: 'POST',
+      headers,
+      body: formData,
+    })
+    return res.ok
+  } catch {
+    return false
+  }
+}
diff --git a/packages/client/src/api/hermes/sessions.ts b/packages/client/src/api/hermes/sessions.ts
new file mode 100644
index 0000000..66841a0
--- /dev/null
+++ b/packages/client/src/api/hermes/sessions.ts
@@ -0,0 +1,308 @@
+import { request, getApiKey, getBaseUrlValue } from '../client'
+
+export interface SessionSummary {
+  id: string
+  profile?: string | null
+  source: string
+  model: string
+  provider?: string
+  title: string | null
+  preview?: string
+  started_at: number
+  ended_at: number | null
+  last_active?: number
+  message_count: number
+  tool_call_count: number
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  billing_provider: string | null
+  estimated_cost_usd: number
+  actual_cost_usd: number | null
+  cost_status: string
+  workspace?: string | null
+  webui_imported?: boolean
+}
+
+export interface SessionDetail extends SessionSummary {
+  messages: HermesMessage[]
+}
+
+export interface PaginatedSessionMessages {
+  session: SessionSummary
+  messages: HermesMessage[]
+  total: number
+  offset: number
+  limit: number
+  hasMore: boolean
+}
+
+export interface SessionSearchResult extends SessionSummary {
+  matched_message_id: number | null
+  snippet: string
+  rank: number
+}
+
+export interface HermesMessage {
+  id: number
+  session_id: string
+  role: 'user' | 'assistant' | 'system' | 'tool' | 'command'
+  content: string
+  tool_call_id: string | null
+  tool_calls: any[] | null
+  tool_name: string | null
+  timestamp: number
+  token_count: number | null
+  finish_reason: string | null
+  reasoning: string | null
+}
+
+export async function fetchSessions(source?: string, limit?: number, profile?: string): Promise<SessionSummary[]> {
+  const params = new URLSearchParams()
+  if (source) params.set('source', source)
+  if (limit) params.set('limit', String(limit))
+  if (profile) params.set('profile', profile)
+  const query = params.toString()
+  const res = await request<{ sessions: SessionSummary[] }>(`/api/hermes/sessions${query ? `?${query}` : ''}`)
+  return res.sessions
+}
+
+/**
+ * Fetch Hermes sessions only (exclude api_server source)
+ */
+export async function fetchHermesSessions(source?: string, limit?: number, profile?: string | null): Promise<SessionSummary[]> {
+  const params = new URLSearchParams()
+  if (source) params.set('source', source)
+  if (limit) params.set('limit', String(limit))
+  if (profile) params.set('profile', profile)
+  const query = params.toString()
+  const res = await request<{ sessions: SessionSummary[] }>(`/api/hermes/sessions/hermes${query ? `?${query}` : ''}`)
+  return res.sessions
+}
+
+export async function searchSessions(q: string, source?: string, limit?: number, profile?: string): Promise<SessionSearchResult[]> {
+  const params = new URLSearchParams()
+  params.set('q', q)
+  if (source) params.set('source', source)
+  if (limit) params.set('limit', String(limit))
+  if (profile) params.set('profile', profile)
+  const query = params.toString()
+  const res = await request<{ results: SessionSearchResult[] }>(`/api/hermes/search/sessions?${query}`)
+  return res.results
+}
+
+export async function fetchSession(id: string, profile?: string | null): Promise<SessionDetail | null> {
+  try {
+    const params = new URLSearchParams()
+    if (profile) params.set('profile', profile)
+    const query = params.toString()
+    const res = await request<{ session: SessionDetail }>(`/api/hermes/sessions/${id}${query ? `?${query}` : ''}`)
+    return res.session
+  } catch {
+    return null
+  }
+}
+
+export async function fetchSessionMessagesPage(
+  id: string,
+  offset: number,
+  limit = 300,
+  profile?: string | null,
+): Promise<PaginatedSessionMessages | null> {
+  try {
+    const params = new URLSearchParams()
+    params.set('offset', String(offset))
+    params.set('limit', String(limit))
+    if (profile) params.set('profile', profile)
+    const res = await request<PaginatedSessionMessages>(
+      `/api/hermes/sessions/conversations/${encodeURIComponent(id)}/messages/paginated?${params}`,
+    )
+    return res
+  } catch {
+    return null
+  }
+}
+
+/**
+ * Fetch Hermes session detail only (exclude api_server source)
+ */
+export async function fetchHermesSession(id: string, profile?: string | null): Promise<SessionDetail | null> {
+  try {
+    const params = new URLSearchParams()
+    if (profile) params.set('profile', profile)
+    const query = params.toString()
+    const res = await request<{ session: SessionDetail }>(`/api/hermes/sessions/hermes/${id}${query ? `?${query}` : ''}`)
+    return res.session
+  } catch {
+    return null
+  }
+}
+
+export async function deleteSession(id: string, profile?: string | null): Promise<boolean> {
+  try {
+    const params = new URLSearchParams()
+    if (profile) params.set('profile', profile)
+    const query = params.toString()
+    await request(`/api/hermes/sessions/${id}${query ? `?${query}` : ''}`, { method: 'DELETE' })
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function importHermesSession(id: string, profile?: string | null): Promise<{ ok: boolean; imported: boolean; session?: SessionDetail }> {
+  const params = new URLSearchParams()
+  if (profile) params.set('profile', profile)
+  const query = params.toString()
+  return request<{ ok: boolean; imported: boolean; session?: SessionDetail }>(
+    `/api/hermes/sessions/hermes/${encodeURIComponent(id)}/import${query ? `?${query}` : ''}`,
+    { method: 'POST' },
+  )
+}
+
+export interface BatchDeleteSessionTarget {
+  id: string
+  profile?: string | null
+}
+
+export async function batchDeleteSessions(targets: Array<string | BatchDeleteSessionTarget>): Promise<{ deleted: number; failed: number; errors: Array<{ id: string; error: string }> }> {
+  try {
+    const sessions = targets.map(target =>
+      typeof target === 'string'
+        ? { id: target }
+        : { id: target.id, profile: target.profile || undefined },
+    )
+    const res = await request<{ deleted: number; failed: number; errors: Array<{ id: string; error: string }> }>(
+      '/api/hermes/sessions/batch-delete',
+      {
+        method: 'POST',
+        body: JSON.stringify({
+          ids: sessions.map(session => session.id),
+          sessions,
+        }),
+      }
+    )
+    return res
+  } catch (err: any) {
+    throw err
+  }
+}
+
+export async function renameSession(id: string, title: string): Promise<boolean> {
+  try {
+    await request(`/api/hermes/sessions/${id}/rename`, {
+      method: 'POST',
+      body: JSON.stringify({ title }),
+    })
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function setSessionWorkspace(id: string, workspace: string | null): Promise<boolean> {
+  try {
+    await request(`/api/hermes/sessions/${id}/workspace`, {
+      method: 'POST',
+      body: JSON.stringify({ workspace: workspace || '' }),
+    })
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function setSessionModel(id: string, model: string, provider: string): Promise<boolean> {
+  try {
+    await request(`/api/hermes/sessions/${id}/model`, {
+      method: 'POST',
+      body: JSON.stringify({ model, provider }),
+    })
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function exportSession(id: string, mode: 'full' | 'compressed' = 'full', ext: 'json' | 'txt' = 'json'): Promise<void> {
+  const baseUrl = getBaseUrlValue()
+  const token = getApiKey()
+  const url = `${baseUrl}/api/hermes/sessions/${id}/export?mode=${mode}&ext=${ext}&token=${encodeURIComponent(token)}`
+  const res = await fetch(url)
+  if (!res.ok) throw new Error('Export failed')
+  const blob = await res.blob()
+  const contentDisposition = res.headers.get('Content-Disposition') || ''
+  let filename = `session_${id}.${ext}`
+  const match = contentDisposition.match(/filename\*?=(?:UTF-8'')?([^;\n]+)/i)
+  if (match) filename = decodeURIComponent(match[1].replace(/"/g, ''))
+  const a = document.createElement('a')
+  a.href = URL.createObjectURL(blob)
+  a.download = filename
+  a.click()
+  URL.revokeObjectURL(a.href)
+}
+
+export interface UsageStatsResponse {
+  total_input_tokens: number
+  total_output_tokens: number
+  total_cache_read_tokens: number
+  total_cache_write_tokens: number
+  total_reasoning_tokens: number
+  total_sessions: number
+  total_cost: number
+  total_api_calls?: number
+  period_days?: number
+  model_usage: Array<{
+    model: string
+    input_tokens: number
+    output_tokens: number
+    cache_read_tokens: number
+    cache_write_tokens: number
+    reasoning_tokens: number
+    sessions: number
+  }>
+  daily_usage: Array<{
+    date: string
+    input_tokens: number
+    output_tokens: number
+    cache_read_tokens: number
+    cache_write_tokens: number
+    sessions: number
+    errors: number
+    cost: number
+  }>
+}
+
+export async function fetchUsageStats(days = 30): Promise<UsageStatsResponse> {
+  const safeDays = Number.isFinite(days) ? Math.max(1, Math.floor(days)) : 30
+  const params = new URLSearchParams()
+  params.set('days', String(safeDays))
+  return request<UsageStatsResponse>(`/api/hermes/usage/stats?${params}`)
+}
+
+export async function fetchSessionUsage(ids: string[]): Promise<Record<string, { input_tokens: number; output_tokens: number }>> {
+  if (ids.length === 0) return {}
+  const params = new URLSearchParams()
+  params.set('ids', ids.join(','))
+  return request(`/api/hermes/sessions/usage?${params}`)
+}
+
+export async function fetchSessionUsageSingle(id: string): Promise<{ input_tokens: number; output_tokens: number } | null> {
+  try {
+    return await request<{ input_tokens: number; output_tokens: number }>(`/api/hermes/sessions/${id}/usage`)
+  } catch {
+    return null
+  }
+}
+
+export async function fetchContextLength(profile?: string, provider?: string, model?: string): Promise<number> {
+  const params = new URLSearchParams()
+  if (profile) params.set('profile', profile)
+  if (provider) params.set('provider', provider)
+  if (model) params.set('model', model)
+  const query = params.toString()
+  const res = await request<{ context_length: number }>(`/api/hermes/sessions/context-length${query ? `?${query}` : ''}`)
+  return res.context_length
+}
diff --git a/packages/client/src/api/hermes/skills.ts b/packages/client/src/api/hermes/skills.ts
new file mode 100644
index 0000000..f63713a
--- /dev/null
+++ b/packages/client/src/api/hermes/skills.ts
@@ -0,0 +1,127 @@
+import { request } from '../client'
+
+export type SkillSource = 'builtin' | 'hub' | 'local' | 'external'
+
+export interface SkillInfo {
+  name: string
+  description: string
+  enabled?: boolean
+  source?: SkillSource
+  modified?: boolean
+  patchCount?: number
+  useCount?: number
+  viewCount?: number
+  pinned?: boolean
+}
+
+export interface SkillCategory {
+  name: string
+  description: string
+  skills: SkillInfo[]
+}
+
+export interface SkillListResponse {
+  categories: SkillCategory[]
+  archived: SkillInfo[]
+}
+
+export interface SkillFileEntry {
+  path: string
+  name: string
+  isDir: boolean
+}
+
+export interface MemoryData {
+  memory: string
+  user: string
+  soul: string
+  memory_mtime: number | null
+  user_mtime: number | null
+  soul_mtime: number | null
+}
+
+export interface SkillsData {
+  categories: SkillCategory[]
+  archived: SkillInfo[]
+}
+
+export interface SkillUsageRow {
+  skill: string
+  view_count: number
+  manage_count: number
+  total_count: number
+  percentage: number
+  last_used_at: number | null
+}
+
+export interface SkillUsageDailySkillRow {
+  skill: string
+  view_count: number
+  manage_count: number
+  total_count: number
+}
+
+export interface SkillUsageDailyRow {
+  date: string
+  view_count: number
+  manage_count: number
+  total_count: number
+  skills: SkillUsageDailySkillRow[]
+}
+
+export interface SkillUsageStats {
+  period_days: number
+  summary: {
+    total_skill_loads: number
+    total_skill_edits: number
+    total_skill_actions: number
+    distinct_skills_used: number
+  }
+  by_day: SkillUsageDailyRow[]
+  top_skills: SkillUsageRow[]
+}
+
+export async function fetchSkills(): Promise<SkillsData> {
+  const res = await request<SkillListResponse>('/api/hermes/skills')
+  return { categories: res.categories, archived: res.archived ?? [] }
+}
+
+export async function fetchSkillUsageStats(days = 7): Promise<SkillUsageStats> {
+  const params = new URLSearchParams({ days: String(days) })
+  return request<SkillUsageStats>(`/api/hermes/skills/usage/stats?${params}`)
+}
+
+export async function fetchSkillContent(skillPath: string): Promise<string> {
+  const res = await request<{ content: string }>(`/api/hermes/skills/${skillPath}`)
+  return res.content
+}
+
+export async function fetchSkillFiles(category: string, skill: string): Promise<SkillFileEntry[]> {
+  const res = await request<{ files: SkillFileEntry[] }>(`/api/hermes/skills/${category}/${skill}/files`)
+  return res.files
+}
+
+export async function fetchMemory(): Promise<MemoryData> {
+  return request<MemoryData>('/api/hermes/memory')
+}
+
+export async function saveMemory(section: 'memory' | 'user' | 'soul', content: string): Promise<void> {
+  await request('/api/hermes/memory', {
+    method: 'POST',
+    body: JSON.stringify({ section, content }),
+  })
+}
+
+export async function toggleSkill(name: string, enabled: boolean): Promise<void> {
+  await request('/api/hermes/skills/toggle', {
+    method: 'PUT',
+    body: JSON.stringify({ name, enabled }),
+  })
+}
+
+export async function pinSkillApi(name: string, pinned: boolean): Promise<void> {
+  await request('/api/hermes/skills/pin', {
+    method: 'PUT',
+    body: JSON.stringify({ name, pinned }),
+  })
+}
diff --git a/packages/client/src/api/hermes/system.ts b/packages/client/src/api/hermes/system.ts
new file mode 100644
index 0000000..a106c8a
--- /dev/null
+++ b/packages/client/src/api/hermes/system.ts
@@ -0,0 +1,258 @@
+import { request } from '../client'
+
+export interface HealthResponse {
+  status: string
+  version?: string
+  webui_version?: string
+  webui_latest?: string
+  webui_update_available?: boolean
+  node_version?: string
+}
+
+export interface PreviewTag {
+  name: string
+  sha: string
+}
+
+export interface PreviewStatus {
+  preview_dir: string
+  exists: boolean
+  has_package: boolean
+  installed: boolean
+  running: boolean
+  pid: number | null
+  current_tag: string
+  frontend_url: string
+  agent_bridge_endpoint: string
+  log_path: string
+  webui_home: string
+  action_log_path: string
+  dev_log_path: string
+  active_action: string | null
+  active_action_started_at: string | null
+  last_action: string | null
+  last_action_completed_at: string | null
+  last_action_success: boolean | null
+  last_action_message: string
+  last_action_code: string
+  action_log: string
+  dev_log: string
+}
+
+export interface PreviewActionResponse extends PreviewStatus {
+  success: boolean
+  accepted?: boolean
+  message?: string
+  code?: string
+}
+
+// Config-based model types
+export interface ModelInfo {
+  id: string
+  label: string
+}
+
+export interface ModelGroup {
+  provider: string
+  models: ModelInfo[]
+}
+
+export interface ConfigModelsResponse {
+  default: string
+  groups: ModelGroup[]
+}
+
+export interface ModelVisibilityRule {
+  mode: 'all' | 'include'
+  models: string[]
+}
+
+export type ModelVisibility = Record<string, ModelVisibilityRule>
+export type CustomModels = Record<string, string[]>
+
+export interface AvailableModelGroup {
+  provider: string   // credential pool key (e.g. "zai", "custom:subrouter.ai")
+  label: string      // display name (e.g. "zai", "subrouter.ai")
+  base_url: string
+  models: string[]
+  /** Full unfiltered model catalog for this provider, used to restore hidden WUI models. */
+  available_models?: string[]
+  api_key: string
+  builtin?: boolean
+  /** Env var used by Hermes to override this provider's base URL. If present, the preset URL is editable. */
+  base_url_env?: string
+  /** 可选：模型 ID -> 元数据（preview/disabled/alias）。alias 仅用于 Web UI 展示。 */
+  model_meta?: Record<string, { preview?: boolean; disabled?: boolean; alias?: string }>
+}
+
+export interface ProfileAvailableModels {
+  profile: string
+  default: string
+  default_provider: string
+  groups: AvailableModelGroup[]
+}
+
+export interface AvailableModelsResponse {
+  default: string
+  default_provider: string
+  groups: AvailableModelGroup[]
+  allProviders: AvailableModelGroup[]
+  profiles?: ProfileAvailableModels[]
+  /** Web UI-only display aliases keyed by provider -> canonical model ID. */
+  model_aliases?: Record<string, Record<string, string>>
+  model_visibility?: ModelVisibility
+  custom_models?: CustomModels
+}
+
+export interface CustomProvider {
+  name: string
+  base_url: string
+  api_key: string
+  model: string
+  context_length?: number
+  providerKey?: string | null
+}
+
+export async function checkHealth(): Promise<HealthResponse> {
+  return request<HealthResponse>('/health')
+}
+
+export async function triggerUpdate(): Promise<{ success: boolean; message: string }> {
+  return request<{ success: boolean; message: string }>('/api/hermes/update', { method: 'POST' })
+}
+
+export async function fetchPreviewStatus(): Promise<PreviewStatus> {
+  return request<PreviewStatus>('/api/hermes/update/preview')
+}
+
+export async function fetchPreviewTags(): Promise<{ tags: PreviewTag[] }> {
+  return request<{ tags: PreviewTag[] }>('/api/hermes/update/preview/tags')
+}
+
+export async function preparePreview(tag: string): Promise<PreviewActionResponse> {
+  return request<PreviewActionResponse>('/api/hermes/update/preview/prepare', {
+    method: 'POST',
+    body: JSON.stringify({ tag }),
+  })
+}
+
+export async function installPreview(): Promise<PreviewActionResponse> {
+  return request<PreviewActionResponse>('/api/hermes/update/preview/install', { method: 'POST' })
+}
+
+export async function startPreview(tag?: string): Promise<PreviewActionResponse> {
+  return request<PreviewActionResponse>('/api/hermes/update/preview/start', {
+    method: 'POST',
+    body: JSON.stringify({ tag }),
+  })
+}
+
+export async function stopPreview(): Promise<PreviewActionResponse> {
+  return request<PreviewActionResponse>('/api/hermes/update/preview/stop', { method: 'POST' })
+}
+
+export async function fetchConfigModels(): Promise<ConfigModelsResponse> {
+  return request<ConfigModelsResponse>('/api/hermes/config/models')
+}
+
+export async function fetchAvailableModels(): Promise<AvailableModelsResponse> {
+  return request<AvailableModelsResponse>('/api/hermes/available-models')
+}
+
+export async function fetchAvailableModelsForProfile(profile: string): Promise<AvailableModelsResponse> {
+  const params = new URLSearchParams()
+  params.set('profile', profile || 'default')
+  return request<AvailableModelsResponse>(`/api/hermes/available-models?${params.toString()}`)
+}
+
+export async function fetchProviderModels(data: {
+  base_url: string
+  api_key?: string
+  freeOnly?: boolean
+}): Promise<{ models: string[] }> {
+  return request<{ models: string[] }>('/api/hermes/provider-models', {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function updateDefaultModel(data: {
+  default: string
+  provider?: string
+  base_url?: string
+  api_key?: string
+}): Promise<void> {
+  await request('/api/hermes/config/model', {
+    method: 'PUT',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function updateModelAlias(data: {
+  provider: string
+  model: string
+  alias: string
+}): Promise<void> {
+  await request('/api/hermes/model-alias', {
+    method: 'PUT',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function addCustomProvider(data: CustomProvider): Promise<void> {
+  await request('/api/hermes/config/providers', {
+    method: 'POST',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function removeCustomProvider(name: string): Promise<void> {
+  await request(`/api/hermes/config/providers/${encodeURIComponent(name)}`, {
+    method: 'DELETE',
+  })
+}
+
+export async function updateProvider(poolKey: string, data: {
+  name?: string
+  base_url?: string
+  api_key?: string
+  model?: string
+}): Promise<void> {
+  await request(`/api/hermes/config/providers/${encodeURIComponent(poolKey)}`, {
+    method: 'PUT',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function updateModelVisibility(data: {
+  provider: string
+  mode: 'all' | 'include'
+  models: string[]
+}): Promise<{ success: boolean; model_visibility: ModelVisibility }> {
+  return request<{ success: boolean; model_visibility: ModelVisibility }>('/api/hermes/model-visibility', {
+    method: 'PUT',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function addCustomModel(data: {
+  provider: string
+  model: string
+}): Promise<{ success: boolean; custom_models: CustomModels }> {
+  return request<{ success: boolean; custom_models: CustomModels }>('/api/hermes/custom-model', {
+    method: 'PUT',
+    body: JSON.stringify(data),
+  })
+}
+
+export async function removeCustomModel(data: {
+  provider: string
+  model: string
+}): Promise<{ success: boolean; custom_models: CustomModels }> {
+  const params = new URLSearchParams()
+  params.set('provider', data.provider)
+  params.set('model', data.model)
+  return request<{ success: boolean; custom_models: CustomModels }>(`/api/hermes/custom-model?${params.toString()}`, {
+    method: 'DELETE',
+  })
+}
diff --git a/packages/client/src/api/hermes/tts.ts b/packages/client/src/api/hermes/tts.ts
new file mode 100644
index 0000000..581dabc
--- /dev/null
+++ b/packages/client/src/api/hermes/tts.ts
@@ -0,0 +1,36 @@
+export interface TtsOptions {
+  text: string
+  lang?: string
+  rate?: string   // Edge TTS rate format: "+NN%" or "-NN%"
+  pitch?: string  // Edge TTS pitch format: "+NNHz" or "-NNHz"
+}
+
+export async function generateSpeech(opts: TtsOptions): Promise<{ audio: Blob; engine: string }> {
+  const res = await fetch(
+    `${localStorage.getItem('hermes_server_url') || ''}/api/hermes/tts`,
+    {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${localStorage.getItem('hermes_api_key') || ''}`,
+      },
+      body: JSON.stringify(opts),
+    },
+  )
+
+  if (!res.ok) {
+    throw new Error(`TTS request failed: ${res.status}`)
+  }
+
+  const audio = await res.blob()
+  const engine = res.headers.get('X-TTS-Engine') || 'unknown'
+  return { audio, engine }
+}
+
+export function playAudioBlob(blob: Blob): HTMLAudioElement {
+  const url = URL.createObjectURL(blob)
+  const audio = new Audio(url)
+  audio.play()
+  audio.onended = () => URL.revokeObjectURL(url)
+  return audio
+}
diff --git a/packages/client/src/api/hermes/xai-auth.ts b/packages/client/src/api/hermes/xai-auth.ts
new file mode 100644
index 0000000..a26b87e
--- /dev/null
+++ b/packages/client/src/api/hermes/xai-auth.ts
@@ -0,0 +1,29 @@
+import { request } from '../client'
+
+export interface XaiStartResult {
+  session_id: string
+  authorization_url: string
+  expires_in: number
+}
+
+export interface XaiPollResult {
+  status: 'pending' | 'approved' | 'expired' | 'error'
+  error: string | null
+}
+
+export interface XaiStatusResult {
+  authenticated: boolean
+  last_refresh?: string
+}
+
+export async function startXaiLogin(): Promise<XaiStartResult> {
+  return request<XaiStartResult>('/api/hermes/auth/xai/start', { method: 'POST' })
+}
+
+export async function pollXaiLogin(sessionId: string): Promise<XaiPollResult> {
+  return request<XaiPollResult>(`/api/hermes/auth/xai/poll/${sessionId}`)
+}
+
+export async function getXaiAuthStatus(): Promise<XaiStatusResult> {
+  return request<XaiStatusResult>('/api/hermes/auth/xai/status')
+}
diff --git a/packages/client/src/assets/image1.png b/packages/client/src/assets/image1.png
new file mode 100644
index 0000000..5a5f657
Binary files /dev/null and b/packages/client/src/assets/image1.png differ
diff --git a/packages/client/src/assets/image2.png b/packages/client/src/assets/image2.png
new file mode 100644
index 0000000..93f0d89
Binary files /dev/null and b/packages/client/src/assets/image2.png differ
diff --git a/packages/client/src/assets/logo.png b/packages/client/src/assets/logo.png
new file mode 100644
index 0000000..5d23421
Binary files /dev/null and b/packages/client/src/assets/logo.png differ
diff --git a/packages/client/src/assets/vite.svg b/packages/client/src/assets/vite.svg
new file mode 100644
index 0000000..5101b67
--- /dev/null
+++ b/packages/client/src/assets/vite.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="77" height="47" fill="none" aria-labelledby="vite-logo-title" viewBox="0 0 77 47"><title id="vite-logo-title">Vite</title><style>.parenthesis{fill:#000}@media (prefers-color-scheme:dark){.parenthesis{fill:#fff}}</style><path fill="#9135ff" d="M40.151 45.71c-.663.844-2.02.374-2.02-.699V34.708a2.26 2.26 0 0 0-2.262-2.262H24.493c-.92 0-1.457-1.04-.92-1.788l7.479-10.471c1.07-1.498 0-3.578-1.842-3.578H15.443c-.92 0-1.456-1.04-.92-1.788l9.696-13.576c.213-.297.556-.474.92-.474h28.894c.92 0 1.456 1.04.92 1.788l-7.48 10.472c-1.07 1.497 0 3.578 1.842 3.578h11.376c.944 0 1.474 1.087.89 1.83L40.153 45.712z"/><mask id="a" width="48" height="47" x="14" y="0" maskUnits="userSpaceOnUse" style="mask-type:alpha"><path fill="#000" d="M40.047 45.71c-.663.843-2.02.374-2.02-.699V34.708a2.26 2.26 0 0 0-2.262-2.262H24.389c-.92 0-1.457-1.04-.92-1.788l7.479-10.472c1.07-1.497 0-3.578-1.842-3.578H15.34c-.92 0-1.456-1.04-.92-1.788l9.696-13.575c.213-.297.556-.474.92-.474H53.93c.92 0 1.456 1.04.92 1.788L47.37 13.03c-1.07 1.498 0 3.578 1.842 3.578h11.376c.944 0 1.474 1.088.89 1.831L40.049 45.712z"/></mask><g mask="url(#a)"><g filter="url(#b)"><ellipse cx="5.508" cy="14.704" fill="#eee6ff" rx="5.508" ry="14.704" transform="rotate(269.814 20.96 11.29)scale(-1 1)"/></g><g filter="url(#c)"><ellipse cx="10.399" cy="29.851" fill="#eee6ff" rx="10.399" ry="29.851" transform="rotate(89.814 -16.902 -8.275)scale(1 -1)"/></g><g filter="url(#d)"><ellipse cx="5.508" cy="30.487" fill="#8900ff" rx="5.508" ry="30.487" transform="rotate(89.814 -19.197 -7.127)scale(1 -1)"/></g><g filter="url(#e)"><ellipse cx="5.508" cy="30.599" fill="#8900ff" rx="5.508" ry="30.599" transform="rotate(89.814 -25.928 4.177)scale(1 -1)"/></g><g filter="url(#f)"><ellipse cx="5.508" cy="30.599" fill="#8900ff" rx="5.508" ry="30.599" transform="rotate(89.814 -25.738 5.52)scale(1 -1)"/></g><g filter="url(#g)"><ellipse cx="14.072" cy="22.078" fill="#eee6ff" rx="14.072" ry="22.078" transform="rotate(93.35 31.245 55.578)scale(-1 1)"/></g><g filter="url(#h)"><ellipse cx="3.47" cy="21.501" fill="#8900ff" rx="3.47" ry="21.501" transform="rotate(89.009 35.419 55.202)scale(-1 1)"/></g><g filter="url(#i)"><ellipse cx="3.47" cy="21.501" fill="#8900ff" rx="3.47" ry="21.501" transform="rotate(89.009 35.419 55.202)scale(-1 1)"/></g><g filter="url(#j)"><ellipse cx="14.592" cy="9.743" fill="#8900ff" rx="4.407" ry="29.108" transform="rotate(39.51 14.592 9.743)"/></g><g filter="url(#k)"><ellipse cx="61.728" cy="-5.321" fill="#8900ff" rx="4.407" ry="29.108" transform="rotate(37.892 61.728 -5.32)"/></g><g filter="url(#l)"><ellipse cx="55.618" cy="7.104" fill="#00c2ff" rx="5.971" ry="9.665" transform="rotate(37.892 55.618 7.104)"/></g><g filter="url(#m)"><ellipse cx="12.326" cy="39.103" fill="#8900ff" rx="4.407" ry="29.108" transform="rotate(37.892 12.326 39.103)"/></g><g filter="url(#n)"><ellipse cx="12.326" cy="39.103" fill="#8900ff" rx="4.407" ry="29.108" transform="rotate(37.892 12.326 39.103)"/></g><g filter="url(#o)"><ellipse cx="49.857" cy="30.678" fill="#8900ff" rx="4.407" ry="29.108" transform="rotate(37.892 49.857 30.678)"/></g><g filter="url(#p)"><ellipse cx="52.623" cy="33.171" fill="#00c2ff" rx="5.971" ry="15.297" transform="rotate(37.892 52.623 33.17)"/></g></g><path d="M6.919 0c-9.198 13.166-9.252 33.575 0 46.789h6.215c-9.25-13.214-9.196-33.623 0-46.789zm62.424 0h-6.215c9.198 13.166 9.252 33.575 0 46.789h6.215c9.25-13.214 9.196-33.623 0-46.789" class="parenthesis"/><defs><filter id="b" width="60.045" height="41.654" x="-5.564" y="16.92" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="7.659"/></filter><filter id="c" width="90.34" height="51.437" x="-40.407" y="-6.762" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="7.659"/></filter><filter id="d" width="79.355" height="29.4" x="-35.435" y="2.801" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="e" width="79.579" height="29.4" x="-30.84" y="20.8" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="f" width="79.579" height="29.4" x="-29.307" y="21.949" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="g" width="74.749" height="58.852" x="29.961" y="-17.13" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="7.659"/></filter><filter id="h" width="61.377" height="25.362" x="37.754" y="3.055" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="i" width="61.377" height="25.362" x="37.754" y="3.055" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="j" width="56.045" height="63.649" x="-13.43" y="-22.082" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="k" width="54.814" height="64.646" x="34.321" y="-37.644" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="l" width="33.541" height="35.313" x="38.847" y="-10.552" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="m" width="54.814" height="64.646" x="-15.081" y="6.78" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="n" width="54.814" height="64.646" x="-15.081" y="6.78" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="o" width="54.814" height="64.646" x="22.45" y="-1.645" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter><filter id="p" width="39.409" height="43.623" x="32.919" y="11.36" color-interpolation-filters="sRGB" filterUnits="userSpaceOnUse"><feFlood flood-opacity="0" result="BackgroundImageFix"/><feBlend in="SourceGraphic" in2="BackgroundImageFix" result="shape"/><feGaussianBlur result="effect1_foregroundBlur_2002_17286" stdDeviation="4.596"/></filter></defs></svg>
diff --git a/packages/client/src/components/auth/AuthEventListener.vue b/packages/client/src/components/auth/AuthEventListener.vue
new file mode 100644
index 0000000..022a3e8
--- /dev/null
+++ b/packages/client/src/components/auth/AuthEventListener.vue
@@ -0,0 +1,35 @@
+<script setup lang="ts">
+import { onMounted, onUnmounted } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useMessage } from 'naive-ui'
+
+const message = useMessage()
+const { t } = useI18n()
+
+let lastNoticeAt = 0
+
+function onAuthNotice(event: Event) {
+  const detail = (event as CustomEvent<{ kind?: string }>).detail || {}
+  const now = Date.now()
+  if (now - lastNoticeAt < 1200) return
+  lastNoticeAt = now
+
+  if (detail.kind === 'forbidden') {
+    message.error(t('login.accessDenied'))
+    return
+  }
+  message.error(t('login.sessionExpired'))
+}
+
+onMounted(() => {
+  window.addEventListener('hermes-auth-notice', onAuthNotice)
+})
+
+onUnmounted(() => {
+  window.removeEventListener('hermes-auth-notice', onAuthNotice)
+})
+</script>
+
+<template>
+  <span style="display: none" aria-hidden="true" />
+</template>
diff --git a/packages/client/src/components/auth/DefaultCredentialPrompt.vue b/packages/client/src/components/auth/DefaultCredentialPrompt.vue
new file mode 100644
index 0000000..8d9718c
--- /dev/null
+++ b/packages/client/src/components/auth/DefaultCredentialPrompt.vue
@@ -0,0 +1,97 @@
+<script setup lang="ts">
+import { ref, watch } from "vue";
+import { useRoute, useRouter } from "vue-router";
+import { useI18n } from "vue-i18n";
+import { NButton, NModal } from "naive-ui";
+import { fetchCurrentUser } from "@/api/auth";
+import { getApiKey } from "@/api/client";
+
+const { t } = useI18n();
+const route = useRoute();
+const router = useRouter();
+
+const show = ref(false);
+const loading = ref(false);
+const checkedToken = ref("");
+const promptedUserId = ref<number | null>(null);
+
+function dismissalKey(userId: number): string {
+  return `hermes_default_credentials_prompt_dismissed_${userId}`;
+}
+
+function isDesktopShell(): boolean {
+  return (window as typeof window & { hermesDesktop?: { isDesktop?: boolean } }).hermesDesktop?.isDesktop === true;
+}
+
+async function checkDefaultCredentials() {
+  if (isDesktopShell()) {
+    show.value = false;
+    return;
+  }
+
+  if (route.name === "login") {
+    show.value = false;
+    return;
+  }
+
+  const token = getApiKey();
+  if (!token || token === checkedToken.value) return;
+  checkedToken.value = token;
+
+  loading.value = true;
+  try {
+    const user = await fetchCurrentUser();
+    promptedUserId.value = user.id;
+    const dismissed = sessionStorage.getItem(dismissalKey(user.id)) === "1";
+    show.value = !!user.requiresCredentialChange && !dismissed;
+  } catch {
+    show.value = false;
+  } finally {
+    loading.value = false;
+  }
+}
+
+function remindLater() {
+  if (promptedUserId.value != null) {
+    sessionStorage.setItem(dismissalKey(promptedUserId.value), "1");
+  }
+  show.value = false;
+}
+
+function goToAccountSettings() {
+  show.value = false;
+  router.push({ name: "hermes.settings", query: { tab: "account" } });
+}
+
+watch(() => route.fullPath, () => {
+  void checkDefaultCredentials();
+}, { immediate: true });
+</script>
+
+<template>
+  <NModal
+    v-model:show="show"
+    preset="dialog"
+    :title="t('login.defaultCredentialTitle')"
+    :mask-closable="false"
+  >
+    <p class="credential-warning-text">
+      {{ t("login.defaultCredentialMessage") }}
+    </p>
+    <template #action>
+      <NButton :disabled="loading" @click="remindLater">
+        {{ t("login.defaultCredentialLater") }}
+      </NButton>
+      <NButton type="primary" :loading="loading" @click="goToAccountSettings">
+        {{ t("login.defaultCredentialAction") }}
+      </NButton>
+    </template>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.credential-warning-text {
+  margin: 0;
+  line-height: 1.6;
+}
+</style>
diff --git a/packages/client/src/components/common/AppLogo.vue b/packages/client/src/components/common/AppLogo.vue
new file mode 100644
index 0000000..76a660e
--- /dev/null
+++ b/packages/client/src/components/common/AppLogo.vue
@@ -0,0 +1,63 @@
+<script setup lang="ts">
+withDefaults(defineProps<{
+  size?: number
+  showText?: boolean
+}>(), {
+  size: 32,
+  showText: false,
+})
+</script>
+
+<template>
+  <div class="app-logo" :class="{ 'with-text': showText }">
+    <svg
+      class="app-logo__mark"
+      :width="size"
+      :height="size"
+      viewBox="0 0 48 48"
+      fill="none"
+      aria-hidden="true"
+    >
+      <defs>
+        <linearGradient id="lx-bg" x1="6" y1="4" x2="42" y2="44" gradientUnits="userSpaceOnUse">
+          <stop stop-color="#2563eb" />
+          <stop offset="1" stop-color="#0891b2" />
+        </linearGradient>
+        <linearGradient id="lx-glow" x1="24" y1="10" x2="24" y2="38" gradientUnits="userSpaceOnUse">
+          <stop stop-color="#ffffff" stop-opacity="0.95" />
+          <stop offset="1" stop-color="#e0f2fe" stop-opacity="0.7" />
+        </linearGradient>
+      </defs>
+      <rect x="3" y="3" width="42" height="42" rx="11" fill="url(#lx-bg)" />
+      <path d="M24 11 L33 24 L24 37 L15 24 Z" fill="url(#lx-glow)" />
+      <circle cx="24" cy="22" r="4.5" fill="#ffffff" />
+      <circle cx="24" cy="22" r="2" fill="#2563eb" />
+    </svg>
+    <span v-if="showText" class="app-logo__text">灵犀 Studio</span>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.app-logo {
+  display: inline-flex;
+  align-items: center;
+  gap: 10px;
+  flex-shrink: 0;
+
+  &__mark {
+    display: block;
+    filter: drop-shadow(0 2px 8px rgba(var(--accent-primary-rgb), 0.25));
+  }
+
+  &__text {
+    font-family: $font-display;
+    font-size: 17px;
+    font-weight: 700;
+    letter-spacing: 0.01em;
+    color: $text-primary;
+    white-space: nowrap;
+  }
+}
+</style>
diff --git a/packages/client/src/components/common/RouteLinkItem.vue b/packages/client/src/components/common/RouteLinkItem.vue
new file mode 100644
index 0000000..637027b
--- /dev/null
+++ b/packages/client/src/components/common/RouteLinkItem.vue
@@ -0,0 +1,28 @@
+<script setup lang="ts">
+import type { RouteLocationRaw } from 'vue-router'
+
+const props = withDefaults(defineProps<{
+  to: RouteLocationRaw
+  active?: boolean
+  exact?: boolean
+  title?: string
+}>(), {
+  active: undefined,
+  exact: false,
+})
+</script>
+
+<template>
+  <RouterLink v-slot="slotProps" :to="props.to" custom>
+    <a
+      class="route-link-item"
+      :class="{ active: props.active ?? (props.exact ? !!slotProps?.isExactActive : !!slotProps?.isActive) }"
+      :href="slotProps?.href || '#'"
+      :title="props.title"
+      :aria-current="(props.active ?? (props.exact ? !!slotProps?.isExactActive : !!slotProps?.isActive)) ? 'page' : undefined"
+      @click="slotProps?.navigate"
+    >
+      <slot />
+    </a>
+  </RouterLink>
+</template>
diff --git a/packages/client/src/components/hermes/chat/ChatInput.vue b/packages/client/src/components/hermes/chat/ChatInput.vue
new file mode 100644
index 0000000..957c5a3
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/ChatInput.vue
@@ -0,0 +1,1068 @@
+<script setup lang="ts">
+import type { Attachment } from '@/stores/hermes/chat'
+import { useChatStore } from '@/stores/hermes/chat'
+import { useAppStore } from '@/stores/hermes/app'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { fetchContextLength } from '@/api/hermes/sessions'
+import { setModelContext } from '@/api/hermes/model-context'
+import { NButton, NTooltip, NSwitch, NModal, NInputNumber, useMessage } from 'naive-ui'
+import { computed, ref, nextTick, onMounted, onUnmounted, watch } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useToolTraceVisibility } from '@/composables/useToolTraceVisibility'
+
+const chatStore = useChatStore()
+const appStore = useAppStore()
+const profilesStore = useProfilesStore()
+const { t } = useI18n()
+const message = useMessage()
+const { toolTraceVisible, toggleToolTraceVisible } = useToolTraceVisibility()
+const DRAFT_STORAGE_KEY = 'hermes_chat_input_drafts_v1'
+type DraftMap = Record<string, string>
+const inputText = ref('')
+const textareaRef = ref<HTMLTextAreaElement>()
+const commandDropdownRef = ref<HTMLDivElement>()
+const fileInputRef = ref<HTMLInputElement>()
+const attachments = ref<Attachment[]>([])
+const isDragging = ref(false)
+const dragCounter = ref(0)
+const isComposing = ref(false)
+
+const bridgeCommands = computed(() => [
+  { name: 'usage', args: '', description: t('chat.slashCommands.usage') },
+  { name: 'status', args: '', description: t('chat.slashCommands.status') },
+  { name: 'abort', args: '', description: t('chat.slashCommands.abort') },
+  { name: 'queue', args: t('chat.slashCommandArgs.message'), description: t('chat.slashCommands.queue') },
+  { name: 'plan', args: t('chat.slashCommandArgs.text'), description: t('chat.slashCommands.plan') },
+  { name: 'goal', args: t('chat.slashCommandArgs.text'), description: t('chat.slashCommands.goal') },
+  { name: 'goal', args: 'status', insertText: 'goal status', description: t('chat.slashCommands.goalStatus') },
+  { name: 'goal', args: 'pause', insertText: 'goal pause', description: t('chat.slashCommands.goalPause') },
+  { name: 'goal', args: 'resume', insertText: 'goal resume', description: t('chat.slashCommands.goalResume') },
+  { name: 'goal', args: 'done', insertText: 'goal done', description: t('chat.slashCommands.goalDone') },
+  { name: 'goal', args: 'clear', insertText: 'goal clear', description: t('chat.slashCommands.goalClear') },
+  { name: 'subgoal', args: t('chat.slashCommandArgs.text'), description: t('chat.slashCommands.subgoal') },
+  { name: 'clear', args: '', description: t('chat.slashCommands.clear') },
+  { name: 'clear', args: '--history', insertText: 'clear --history', description: t('chat.slashCommands.clearHistory') },
+  { name: 'title', args: t('chat.slashCommandArgs.title'), description: t('chat.slashCommands.title') },
+  { name: 'compress', args: '', description: t('chat.slashCommands.compress') },
+  { name: 'steer', args: t('chat.slashCommandArgs.text'), description: t('chat.slashCommands.steer') },
+  { name: 'destroy', args: '', description: t('chat.slashCommands.destroy') },
+  { name: 'reload-mcp', args: '', description: t('chat.slashCommands.reloadMcp') },
+])
+
+const slashActive = ref(false)
+const slashQuery = ref('')
+const slashActiveIndex = ref(0)
+const isBridgeSession = computed(() => chatStore.activeSession?.source === 'cli')
+const filteredBridgeCommands = computed(() => {
+  const query = slashQuery.value.toLowerCase()
+  return bridgeCommands.value.filter(command =>
+    command.name.includes(query) || command.insertText?.includes(query),
+  )
+})
+
+// 自定义高度拖拽
+const textareaHeight = ref<number | null>(null) // null = auto
+
+function startResize(e: MouseEvent) {
+  e.preventDefault()
+  const el = textareaRef.value
+  if (!el) return
+  // 如果当前是 auto，用实际 clientHeight 作为起始值
+  const startHeight = el.clientHeight
+  const startY = e.clientY
+
+  function onMouseMove(e: MouseEvent) {
+    const deltaY = e.clientY - startY
+    // 往上拖 (deltaY < 0) → 高度增加
+    const newHeight = startHeight - deltaY
+    textareaHeight.value = Math.max(20, Math.min(400, Math.round(newHeight)))
+  }
+
+  function onMouseUp() {
+    document.removeEventListener('mousemove', onMouseMove)
+    document.removeEventListener('mouseup', onMouseUp)
+    document.body.style.cursor = ''
+    document.body.style.userSelect = ''
+  }
+
+  document.body.style.cursor = 'row-resize'
+  document.body.style.userSelect = 'none'
+  document.addEventListener('mousemove', onMouseMove)
+  document.addEventListener('mouseup', onMouseUp)
+}
+
+// 自动播放语音开关
+const autoPlaySpeech = ref(false)
+
+function readDraftMap(): DraftMap {
+  try {
+    const parsed = JSON.parse(localStorage.getItem(DRAFT_STORAGE_KEY) || '{}')
+    return parsed && typeof parsed === 'object' && !Array.isArray(parsed) ? parsed : {}
+  } catch {
+    return {}
+  }
+}
+
+function getActiveDraftSessionId() {
+  return chatStore.activeSessionId || chatStore.activeSession?.id || ''
+}
+
+function loadDraftForActiveSession() {
+  const sessionId = getActiveDraftSessionId()
+  inputText.value = sessionId ? readDraftMap()[sessionId] || '' : ''
+}
+
+function saveDraftForActiveSession(value: string) {
+  const sessionId = getActiveDraftSessionId()
+  if (!sessionId) return
+  const drafts = readDraftMap()
+  if (value) {
+    drafts[sessionId] = value
+  } else {
+    delete drafts[sessionId]
+  }
+  if (Object.keys(drafts).length > 0) {
+    localStorage.setItem(DRAFT_STORAGE_KEY, JSON.stringify(drafts))
+  } else {
+    localStorage.removeItem(DRAFT_STORAGE_KEY)
+  }
+}
+
+// 从 localStorage 读取设置
+onMounted(() => {
+  loadDraftForActiveSession()
+  const saved = localStorage.getItem('autoPlaySpeech')
+  if (saved !== null) {
+    autoPlaySpeech.value = saved === 'true'
+    // 同步到 chat store
+    chatStore.setAutoPlaySpeech(autoPlaySpeech.value)
+  }
+})
+
+// 监听变化并保存
+watch(autoPlaySpeech, (value) => {
+  localStorage.setItem('autoPlaySpeech', String(value))
+  // 通知 chat store
+  chatStore.setAutoPlaySpeech(value)
+})
+
+watch(inputText, (value) => {
+  saveDraftForActiveSession(value)
+})
+
+watch(() => chatStore.activeSession?.id, () => {
+  loadDraftForActiveSession()
+})
+
+const canSend = computed(() => inputText.value.trim() || attachments.value.length > 0)
+
+function scrollCommandIntoView() {
+  nextTick(() => {
+    if (!commandDropdownRef.value) return
+    const active = commandDropdownRef.value.querySelector('.active') as HTMLElement | null
+    active?.scrollIntoView({ block: 'nearest', behavior: 'instant' })
+  })
+}
+
+function updateSlashState() {
+  if (!isBridgeSession.value) {
+    slashActive.value = false
+    return
+  }
+  const el = textareaRef.value
+  if (!el) return
+  const cursorPos = el.selectionStart
+  const beforeCursor = inputText.value.slice(0, cursorPos)
+  if (!beforeCursor.startsWith('/') || beforeCursor.includes(' ') || beforeCursor.includes('\n')) {
+    slashActive.value = false
+    return
+  }
+  slashQuery.value = beforeCursor.slice(1)
+  slashActiveIndex.value = 0
+  slashActive.value = filteredBridgeCommands.value.length > 0
+}
+
+function selectBridgeCommand(command: { name: string; args: string; insertText?: string }) {
+  inputText.value = `/${command.insertText || command.name} `
+  slashActive.value = false
+  nextTick(() => {
+    const el = textareaRef.value
+    if (!el) return
+    const pos = inputText.value.length
+    el.setSelectionRange(pos, pos)
+    el.focus()
+  })
+}
+
+// --- Context info ---
+
+const contextLength = ref(256000)
+const FALLBACK_CONTEXT = 256000
+let contextLengthLoadedKey = ''
+let contextLengthRequestKey = ''
+let contextLengthRequest: Promise<void> | null = null
+
+// Context length editing
+const showContextEditModal = ref(false)
+const editingContextLimit = ref(256000)
+const isSavingContextLimit = ref(false)
+
+async function handleEditContextLimit() {
+  editingContextLimit.value = contextLength.value
+  showContextEditModal.value = true
+}
+
+async function saveContextLimit() {
+  if (!editingContextLimit.value || editingContextLimit.value <= 0) {
+    message.error(t('chat.contextEditInvalid'))
+    return
+  }
+
+  isSavingContextLimit.value = true
+  try {
+    const provider = chatStore.activeSession?.provider || appStore.selectedProvider || ''
+    const model = chatStore.activeSession?.model || appStore.selectedModel || ''
+
+    if (!provider || !model) {
+      message.error(t('chat.contextEditFailed'))
+      return
+    }
+
+    await setModelContext(provider, model, editingContextLimit.value)
+    contextLength.value = editingContextLimit.value
+    contextLengthLoadedKey = currentContextLengthKey()
+    showContextEditModal.value = false
+    message.success(t('chat.contextEditSuccess'))
+  } catch (err: any) {
+    message.error(`${t('chat.contextEditFailed')}: ${err.message || ''}`)
+  } finally {
+    isSavingContextLimit.value = false
+  }
+}
+
+function currentContextLengthParams() {
+  const activeSession = chatStore.activeSession
+  return {
+    profile: activeSession?.profile || profilesStore.activeProfileName || undefined,
+    provider: activeSession?.provider || undefined,
+    model: activeSession?.model || undefined,
+  }
+}
+
+function currentContextLengthKey() {
+  const params = currentContextLengthParams()
+  return `${params.profile || ''}|${params.provider || ''}|${params.model || ''}`
+}
+
+async function loadContextLength() {
+  const key = currentContextLengthKey()
+  if (key === contextLengthLoadedKey) return
+  if (key === contextLengthRequestKey && contextLengthRequest) return contextLengthRequest
+
+  contextLengthRequestKey = key
+  contextLengthRequest = (async () => {
+    const params = currentContextLengthParams()
+    try {
+      const value = await fetchContextLength(params.profile, params.provider, params.model)
+      if (currentContextLengthKey() !== key) return
+      contextLength.value = value
+      contextLengthLoadedKey = key
+    } catch {
+      if (currentContextLengthKey() !== key) return
+      contextLength.value = FALLBACK_CONTEXT
+      contextLengthLoadedKey = key
+    } finally {
+      if (contextLengthRequestKey === key) {
+        contextLengthRequest = null
+        contextLengthRequestKey = ''
+      }
+    }
+  })()
+  return contextLengthRequest
+}
+
+onMounted(loadContextLength)
+watch(
+  () => [
+    profilesStore.activeProfileName,
+    appStore.selectedProvider,
+    appStore.selectedModel,
+    chatStore.activeSession?.id,
+    chatStore.activeSession?.profile,
+    chatStore.activeSession?.provider,
+    chatStore.activeSession?.model,
+  ],
+  loadContextLength,
+  { flush: 'post' },
+)
+
+const totalTokens = computed(() => {
+  const context = chatStore.activeSession?.contextTokens
+  if (typeof context === 'number' && Number.isFinite(context) && context > 0) return context
+  const input = chatStore.activeSession?.inputTokens ?? 0
+  const output = chatStore.activeSession?.outputTokens ?? 0
+  return input + output
+})
+
+const remainingTokens = computed(() => Math.max(0, contextLength.value - totalTokens.value))
+
+const usagePercent = computed(() =>
+  Math.min((totalTokens.value / contextLength.value) * 100, 100),
+)
+
+function formatTokens(n: number): string {
+  if (n >= 1000000) return (n / 1000000).toFixed(1) + 'M'
+  if (n >= 1000) return (n / 1000).toFixed(1) + 'k'
+  return String(n)
+}
+
+// --- File attachment helpers ---
+
+function addFile(file: File) {
+  if (attachments.value.find(a => a.name === file.name)) return
+  const id = Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+  const url = URL.createObjectURL(file)
+  attachments.value.push({
+    id,
+    name: file.name,
+    type: file.type,
+    size: file.size,
+    url,
+    file,
+  })
+}
+
+function handleAttachClick() {
+  fileInputRef.value?.click()
+}
+
+function handleFileChange(e: Event) {
+  const input = e.target as HTMLInputElement
+  if (!input.files) return
+  for (const file of input.files) addFile(file)
+  input.value = ''
+}
+
+// --- Paste image ---
+
+function handlePaste(e: ClipboardEvent) {
+  const items = Array.from(e.clipboardData?.items || [])
+  const imageItems = items.filter(i => i.type.startsWith('image/'))
+  if (!imageItems.length) return
+  e.preventDefault()
+  for (const item of imageItems) {
+    const blob = item.getAsFile()
+    if (!blob) continue
+    const ext = item.type.split('/')[1] || 'png'
+    const file = new File([blob], `pasted-${Date.now()}.${ext}`, { type: item.type })
+    addFile(file)
+  }
+}
+
+// --- Drag and drop ---
+
+function handleDragOver(e: DragEvent) {
+  e.preventDefault()
+}
+
+function handleDragEnter(e: DragEvent) {
+  e.preventDefault()
+  if (e.dataTransfer?.types.includes('Files')) {
+    dragCounter.value++
+    isDragging.value = true
+  }
+}
+
+function handleDragLeave() {
+  dragCounter.value--
+  if (dragCounter.value <= 0) {
+    dragCounter.value = 0
+    isDragging.value = false
+  }
+}
+
+function handleDrop(e: DragEvent) {
+  e.preventDefault()
+  dragCounter.value = 0
+  isDragging.value = false
+  const files = Array.from(e.dataTransfer?.files || [])
+  if (!files.length) return
+  for (const file of files) addFile(file)
+  textareaRef.value?.focus()
+}
+
+// --- Send ---
+
+function handleSend() {
+  const text = inputText.value.trim()
+  if (!text && attachments.value.length === 0) return
+
+  chatStore.sendMessage(text, attachments.value.length > 0 ? attachments.value : undefined)
+  inputText.value = ''
+  saveDraftForActiveSession('')
+  attachments.value = []
+  slashActive.value = false
+
+  if (textareaRef.value) {
+    textareaRef.value.style.height = 'auto'
+  }
+}
+
+function handleCompositionStart() {
+  isComposing.value = true
+}
+
+function handleCompositionEnd() {
+  requestAnimationFrame(() => {
+    isComposing.value = false
+    updateSlashState()
+  })
+}
+
+function isImeEnter(e: KeyboardEvent): boolean {
+  return isComposing.value || e.isComposing || e.keyCode === 229
+}
+
+function handleKeydown(e: KeyboardEvent) {
+  if (slashActive.value && filteredBridgeCommands.value.length > 0) {
+    if (e.key === 'ArrowDown') {
+      e.preventDefault()
+      slashActiveIndex.value = (slashActiveIndex.value + 1) % filteredBridgeCommands.value.length
+      scrollCommandIntoView()
+      return
+    }
+    if (e.key === 'ArrowUp') {
+      e.preventDefault()
+      slashActiveIndex.value = (slashActiveIndex.value - 1 + filteredBridgeCommands.value.length) % filteredBridgeCommands.value.length
+      scrollCommandIntoView()
+      return
+    }
+    if (e.key === 'Enter' || e.key === 'Tab') {
+      e.preventDefault()
+      selectBridgeCommand(filteredBridgeCommands.value[slashActiveIndex.value])
+      return
+    }
+    if (e.key === 'Escape') {
+      e.preventDefault()
+      slashActive.value = false
+      return
+    }
+  }
+
+  if (e.key !== 'Enter' || e.shiftKey) return
+  if (isImeEnter(e)) return
+
+  e.preventDefault()
+  handleSend()
+}
+
+function handleInput(e: Event) {
+  const el = e.target as HTMLTextAreaElement
+  if (!isComposing.value) updateSlashState()
+  // 用户手动拖拽自定义高度时，不覆盖
+  if (textareaHeight.value !== null) return
+  el.style.height = 'auto'
+  el.style.height = Math.min(el.scrollHeight, 100) + 'px'
+}
+
+function handleCommandHover(index: number) {
+  slashActiveIndex.value = index
+}
+
+function onDocumentMousedown(e: MouseEvent) {
+  if (!slashActive.value) return
+  const target = e.target as HTMLElement
+  if (!target.closest('.slash-command-dropdown') && !target.closest('.input-wrapper')) {
+    slashActive.value = false
+  }
+}
+
+onMounted(() => {
+  document.addEventListener('mousedown', onDocumentMousedown)
+})
+
+onUnmounted(() => {
+  document.removeEventListener('mousedown', onDocumentMousedown)
+})
+
+function removeAttachment(id: string) {
+  const idx = attachments.value.findIndex(a => a.id === id)
+  if (idx !== -1) {
+    URL.revokeObjectURL(attachments.value[idx].url)
+    attachments.value.splice(idx, 1)
+  }
+}
+
+function formatSize(bytes: number): string {
+  if (bytes < 1024) return bytes + ' B'
+  if (bytes < 1024 * 1024) return (bytes / 1024).toFixed(1) + ' KB'
+  return (bytes / (1024 * 1024)).toFixed(1) + ' MB'
+}
+
+function isImage(type: string): boolean {
+  return type.startsWith('image/')
+}
+</script>
+
+<template>
+  <div class="chat-input-area">
+    <!-- Top bar: attach + auto play speech + context info -->
+    <div class="input-top-bar">
+      <NTooltip trigger="hover">
+        <template #trigger>
+          <NButton quaternary size="tiny" @click="handleAttachClick" circle>
+            <template #icon>
+              <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M21.44 11.05l-9.19 9.19a6 6 0 0 1-8.49-8.49l9.19-9.19a4 4 0 0 1 5.66 5.66l-9.2 9.19a2 2 0 0 1-2.83-2.83l8.49-8.48"/></svg>
+            </template>
+          </NButton>
+        </template>
+        {{ t('chat.attachFiles') }}
+      </NTooltip>
+
+      <div class="auto-play-speech-switch">
+        <NTooltip trigger="hover">
+          <template #trigger>
+            <div class="switch-label">
+              <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <polygon points="5 3 19 12 5 21 5 3"/>
+              </svg>
+            </div>
+          </template>
+          {{ t('chat.autoPlaySpeech') }}
+        </NTooltip>
+        <NSwitch
+          size="small"
+          v-model:value="autoPlaySpeech"
+          :round="false"
+        />
+      </div>
+
+      <NTooltip trigger="hover">
+        <template #trigger>
+          <NButton
+            quaternary
+            size="tiny"
+            class="tool-trace-toggle"
+            :class="{ active: toolTraceVisible }"
+            :aria-label="toolTraceVisible ? t('chat.hideToolCalls') : t('chat.showToolCalls')"
+            @click="toggleToolTraceVisible"
+          >
+            <svg class="tool-trace-icon" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M14.7 6.3a4.5 4.5 0 0 0-5.8 5.8L3.5 17.5a2.1 2.1 0 0 0 3 3l5.4-5.4a4.5 4.5 0 0 0 5.8-5.8l-3 3-3-3 3-3z"/>
+            </svg>
+          </NButton>
+        </template>
+        {{ toolTraceVisible ? t('chat.hideToolCalls') : t('chat.showToolCalls') }}
+      </NTooltip>
+
+      <span v-if="totalTokens > 0" class="context-info" :class="{ 'context-warning': usagePercent > 80 }">
+        {{ formatTokens(totalTokens) }} /
+        <NTooltip trigger="hover">
+          <template #trigger>
+            <span class="context-limit-editable" @click="handleEditContextLimit">
+              {{ formatTokens(contextLength) }}
+            </span>
+          </template>
+          <span>{{ t('chat.contextClickToEdit') }}</span>
+        </NTooltip>
+        · {{ t('chat.contextRemaining') }} {{ formatTokens(remainingTokens) }}
+      </span>
+      <div v-if="totalTokens > 0" class="context-bar">
+        <div
+          class="context-bar-fill"
+          :class="{
+            'context-bar-warn': usagePercent > 60 && usagePercent <= 80,
+            'context-bar-danger': usagePercent > 80,
+          }"
+          :style="{ width: `${usagePercent}%` }"
+        />
+      </div>
+    </div>
+
+    <!-- Attachment previews -->
+    <div v-if="attachments.length > 0" class="attachment-previews">
+      <div
+        v-for="att in attachments"
+        :key="att.id"
+        class="attachment-preview"
+        :class="{ image: isImage(att.type) }"
+      >
+        <template v-if="isImage(att.type)">
+          <img :src="att.url" :alt="att.name" class="attachment-thumb" />
+        </template>
+        <template v-else>
+          <div class="attachment-file">
+            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/><polyline points="14 2 14 8 20 8"/></svg>
+            <span class="file-name">{{ att.name }}</span>
+            <span class="file-size">{{ formatSize(att.size) }}</span>
+          </div>
+        </template>
+        <button class="attachment-remove" @click="removeAttachment(att.id)">
+          <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>
+        </button>
+      </div>
+    </div>
+
+    <div
+      class="input-wrapper"
+      :class="{ 'drag-over': isDragging }"
+      @dragover="handleDragOver"
+      @dragenter="handleDragEnter"
+      @dragleave="handleDragLeave"
+      @drop="handleDrop"
+    >
+      <input
+        ref="fileInputRef"
+        type="file"
+        multiple
+        class="file-input-hidden"
+        @change="handleFileChange"
+      />
+      <div class="resize-handle" @mousedown="startResize"></div>
+      <textarea
+        ref="textareaRef"
+        v-model="inputText"
+        class="input-textarea"
+        :style="textareaHeight ? { height: textareaHeight + 'px' } : {}"
+        :placeholder="t('chat.inputPlaceholder')"
+        rows="1"
+        @keydown="handleKeydown"
+        @compositionstart="handleCompositionStart"
+        @compositionend="handleCompositionEnd"
+        @input="handleInput"
+        @paste="handlePaste"
+      ></textarea>
+      <Transition name="dropdown-fade">
+        <div
+          v-if="slashActive && filteredBridgeCommands.length > 0"
+          ref="commandDropdownRef"
+          class="slash-command-dropdown"
+        >
+          <div
+            v-for="(command, i) in filteredBridgeCommands"
+            :key="command.name"
+            class="slash-command-item"
+            :class="{ active: i === slashActiveIndex }"
+            @mousedown.prevent="selectBridgeCommand(command)"
+            @mouseenter="handleCommandHover(i)"
+          >
+            <span class="slash-command-name">/{{ command.name }}</span>
+            <span v-if="command.args" class="slash-command-args">{{ command.args }}</span>
+            <span class="slash-command-desc">{{ command.description }}</span>
+          </div>
+        </div>
+      </Transition>
+      <div class="input-actions">
+        <NButton
+          v-if="chatStore.isStreaming"
+          size="small"
+          type="error"
+          :disabled="chatStore.isAborting"
+          @click="chatStore.stopStreaming()"
+        >
+          {{ t('chat.stop') }}
+        </NButton>
+        <NButton
+          size="small"
+          type="primary"
+          :disabled="!canSend"
+          @click="handleSend"
+        >
+          <template #icon>
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="22" y1="2" x2="11" y2="13"/><polygon points="22 2 15 22 11 13 2 9 22 2"/></svg>
+          </template>
+          {{ t('chat.send') }}
+        </NButton>
+      </div>
+    </div>
+
+    <!-- Context Length Edit Modal -->
+    <NModal
+      v-model:show="showContextEditModal"
+      :title="t('chat.contextEditTitle')"
+      :mask-closable="true"
+      preset="card"
+      style="width: 400px"
+    >
+      <div class="context-edit-content">
+        <p style="margin-bottom: 16px; color: #666;">
+          {{ t('chat.contextEditDesc') }}
+        </p>
+        <NInputNumber
+          v-model:value="editingContextLimit"
+          :min="1000"
+          :max="10000000"
+          :step="1000"
+          :show-button="false"
+          :placeholder="t('chat.contextEditPlaceholder')"
+          style="width: 100%"
+        >
+          <template #suffix>
+            <span style="color: #999;">tokens</span>
+          </template>
+        </NInputNumber>
+        <div style="margin-top: 12px; font-size: 12px; color: #999;">
+          {{ t('chat.contextEditHint') }}
+        </div>
+      </div>
+      <template #footer>
+        <div style="display: flex; justify-content: flex-end; gap: 8px;">
+          <NButton @click="showContextEditModal = false" :disabled="isSavingContextLimit">
+            {{ t('chat.contextEditCancel') }}
+          </NButton>
+          <NButton type="primary" @click="saveContextLimit" :loading="isSavingContextLimit">
+            {{ t('chat.contextEditSave') }}
+          </NButton>
+        </div>
+      </template>
+    </NModal>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.chat-input-area {
+  padding: 12px 20px 16px;
+  border-top: 1px solid $border-color;
+  flex-shrink: 0;
+}
+
+.input-top-bar {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 0 0 6px;
+}
+
+.auto-play-speech-switch {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  padding: 0 0 0 8px;
+  border-left: 1px solid $border-light;
+  margin-left: 4px;
+
+  .switch-label {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 16px;
+    height: 16px;
+    color: #999999;
+    font-size: 12px;
+
+    svg {
+      opacity: 1;
+    }
+  }
+
+  :deep(.n-switch),
+  :deep(.n-switch__rail) {
+    margin-right: 0;
+  }
+}
+
+.tool-trace-toggle {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  color: #999999;
+  width: 24px;
+  min-width: 24px;
+  height: 22px;
+  margin-left: -4px;
+  padding: 0;
+  background: transparent !important;
+  opacity: 1;
+
+  :deep(.n-button__state-border),
+  :deep(.n-button__border),
+  :deep(.n-button__ripple) {
+    display: none;
+  }
+
+  .tool-trace-icon {
+    display: block;
+    flex: 0 0 16px;
+    width: 16px;
+    height: 16px;
+  }
+
+  &.active {
+    color: #999999;
+    opacity: 1;
+  }
+
+  &:hover {
+    color: #999999;
+    opacity: 1;
+  }
+}
+
+.context-info {
+  font-size: 11px;
+  color: $text-muted;
+
+  &.context-warning {
+    color: #e8a735;
+  }
+}
+
+.context-limit-editable {
+  cursor: pointer;
+  border-bottom: 1px dashed transparent;
+  transition: all 0.2s ease;
+  padding: 0 2px;
+
+  &:hover {
+    border-bottom-color: $text-muted;
+    background: rgba(128, 128, 128, 0.1);
+    border-radius: 2px;
+  }
+}
+
+.context-bar {
+  width: 60px;
+  height: 4px;
+  background: rgba(128, 128, 128, 0.2);
+  border-radius: 2px;
+  overflow: hidden;
+}
+
+.context-bar-fill {
+  height: 100%;
+  background: linear-gradient(90deg, rgba(128, 128, 128, 0.3), rgba(128, 128, 128, 0.6));
+  border-radius: 2px;
+  transition: width 0.3s ease;
+
+  &.context-bar-warn {
+    background: linear-gradient(90deg, #c98a1a, #e8a735);
+  }
+
+  &.context-bar-danger {
+    background: linear-gradient(90deg, #c43a2a, #e85d4a);
+  }
+}
+
+.attachment-previews {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px;
+  padding: 0 0 10px;
+}
+
+.attachment-preview {
+  position: relative;
+  border-radius: $radius-sm;
+  overflow: hidden;
+  background-color: $bg-secondary;
+  border: 1px solid $border-color;
+
+  &.image {
+    width: 64px;
+    height: 64px;
+  }
+}
+
+.attachment-thumb {
+  width: 100%;
+  height: 100%;
+  object-fit: cover;
+}
+
+.attachment-file {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  gap: 2px;
+  padding: 8px 12px;
+  min-width: 80px;
+  max-width: 140px;
+  color: $text-secondary;
+
+  .file-name {
+    font-size: 11px;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    max-width: 100%;
+  }
+
+  .file-size {
+    font-size: 10px;
+    color: $text-muted;
+  }
+}
+
+.attachment-remove {
+  position: absolute;
+  top: 2px;
+  right: 2px;
+  width: 18px;
+  height: 18px;
+  border-radius: 50%;
+  border: none;
+  background: rgba(0, 0, 0, 0.5);
+  color: var(--text-on-overlay);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  cursor: pointer;
+  opacity: 0;
+  transition: opacity $transition-fast;
+
+  .attachment-preview:hover & {
+    opacity: 1;
+  }
+}
+
+.file-input-hidden {
+  display: none;
+}
+
+.input-wrapper {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  background-color: $bg-input;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  padding: 10px 12px;
+  position: relative;
+  transition: border-color $transition-fast, background-color $transition-fast;
+
+  &:focus-within {
+    border-color: $accent-primary;
+  }
+
+  .dark & {
+    background-color: #333333;
+  }
+}
+
+.resize-handle {
+  position: absolute;
+  top: -4px;
+  left: 0;
+  right: 0;
+  height: 8px;
+  cursor: row-resize;
+  z-index: 2;
+
+  &:hover {
+    background: rgba($accent-primary, 0.15);
+    border-radius: 4px;
+  }
+}
+
+.input-textarea {
+  flex: 1;
+  background: none;
+  border: none;
+  outline: none;
+  color: $text-primary;
+  font-family: $font-ui;
+  font-size: 14px;
+  line-height: 1.5;
+  resize: none;
+  max-height: 400px;
+  min-height: 20px;
+  overflow-y: auto;
+
+  @media (max-width: 768px) {
+    font-size: 16px;
+  }
+
+  &::placeholder {
+    color: $text-muted;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+  }
+}
+
+.input-actions {
+  display: flex;
+  gap: 6px;
+  flex-shrink: 0;
+  align-items: center;
+}
+
+.slash-command-dropdown {
+  position: absolute;
+  left: 12px;
+  right: 12px;
+  bottom: calc(100% + 8px);
+  max-height: 240px;
+  overflow-y: auto;
+  background: $bg-primary;
+  border: 1px solid $border-color;
+  border-radius: $radius-sm;
+  box-shadow: 0 10px 28px rgba(0, 0, 0, 0.16);
+  z-index: 20;
+  padding: 4px;
+
+  .dark & {
+    background: #2a2a2a;
+  }
+}
+
+.slash-command-item {
+  display: grid;
+  grid-template-columns: auto auto 1fr;
+  align-items: center;
+  gap: 8px;
+  padding: 8px 10px;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  min-height: 36px;
+
+  &.active,
+  &:hover {
+    background: rgba(var(--accent-primary-rgb), 0.1);
+  }
+}
+
+.slash-command-name {
+  font-family: $font-code;
+  font-size: 13px;
+  color: $accent-primary;
+  white-space: nowrap;
+}
+
+.slash-command-args {
+  font-family: $font-code;
+  font-size: 12px;
+  color: $text-muted;
+  white-space: nowrap;
+}
+
+.slash-command-desc {
+  min-width: 0;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  color: $text-secondary;
+  font-size: 12px;
+}
+
+.dropdown-fade-enter-active,
+.dropdown-fade-leave-active {
+  transition: opacity 0.12s ease, transform 0.12s ease;
+}
+
+.dropdown-fade-enter-from,
+.dropdown-fade-leave-to {
+  opacity: 0;
+  transform: translateY(4px);
+}
+
+// Drag-over state
+.input-wrapper.drag-over {
+  border-color: var(--accent-info);
+  border-style: dashed;
+  background-color: rgba(var(--accent-info-rgb), 0.04);
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/ChatPanel.vue b/packages/client/src/components/hermes/chat/ChatPanel.vue
new file mode 100644
index 0000000..77dade5
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/ChatPanel.vue
@@ -0,0 +1,2350 @@
+<script setup lang="ts">
+import { renameSession, setSessionWorkspace, batchDeleteSessions, exportSession } from "@/api/hermes/sessions";
+import { useChatStore, type Session } from "@/stores/hermes/chat";
+import { useAppStore } from "@/stores/hermes/app";
+import { useProfilesStore } from "@/stores/hermes/profiles";
+import { useSessionBrowserPrefsStore } from "@/stores/hermes/session-browser-prefs";
+import {
+  NButton,
+  NDropdown,
+  NInput,
+  NModal,
+  NSelect,
+  NTooltip,
+  NPopconfirm,
+  useMessage,
+  type DropdownOption,
+} from "naive-ui";
+import { computed, nextTick, onMounted, onUnmounted, ref, watch } from "vue";
+import { useRouter } from "vue-router";
+import { useI18n } from "vue-i18n";
+import { copyToClipboard } from "@/utils/clipboard";
+import FolderPicker from "./FolderPicker.vue";
+import ChatInput from "./ChatInput.vue";
+import ConversationMonitorPane from "./ConversationMonitorPane.vue";
+import MessageList from "./MessageList.vue";
+import SessionListItem from "./SessionListItem.vue";
+import DrawerPanel from "./DrawerPanel.vue";
+import OutlinePanel from "./OutlinePanel.vue";
+
+const chatStore = useChatStore();
+const appStore = useAppStore();
+const profilesStore = useProfilesStore();
+const sessionBrowserPrefsStore = useSessionBrowserPrefsStore();
+const router = useRouter();
+const message = useMessage();
+const { t } = useI18n();
+
+const showDrawer = ref(false);
+const drawerActiveTab = ref<"terminal" | "files">("files");
+const showOutline = ref(false);
+const messageListRef = ref<InstanceType<typeof MessageList> | null>(null);
+
+const currentMode = ref<"chat" | "live">("chat");
+
+// Batch selection mode
+const isBatchMode = ref(false);
+const selectedSessionKeys = ref<Set<string>>(new Set());
+const showBatchDeleteConfirm = ref(false);
+const isBatchDeleting = ref(false);
+
+// Initialize synchronously from the media query so first paint is correct.
+// On narrow viewports the session list is an absolute-positioned overlay
+// (z-index 10) on top of the chat area; if we default to `true`, onMounted
+// only flips it to `false` AFTER the first render, causing a visible flash
+// where the session list covers the chat content ("auto-fixes after a
+// moment" — that was the race).
+const showSessions = ref(
+  typeof window === "undefined" ||
+    !window.matchMedia("(max-width: 768px)").matches,
+);
+let mobileQuery: MediaQueryList | null = null;
+const isMobile = ref(false);
+
+function sessionHref(sessionId: string) {
+  return router.resolve({
+    name: "hermes.session",
+    params: { sessionId },
+  }).href;
+}
+
+function openSessionInNewTab(sessionId: string) {
+  if (typeof window === "undefined") return;
+  window.open(sessionHref(sessionId), "_blank", "noopener,noreferrer");
+}
+
+function handleOutlineNavigate(target: { messageId: string; anchorId: string }) {
+  messageListRef.value?.scrollToAnchor(target.messageId, target.anchorId);
+}
+
+async function handleSessionClick(sessionId: string) {
+  await router.push({
+    name: "hermes.session",
+    params: { sessionId },
+  });
+  if (mobileQuery?.matches) showSessions.value = false;
+}
+
+function handleMobileChange(e: MediaQueryListEvent | MediaQueryList) {
+  isMobile.value = e.matches;
+  if (e.matches && showSessions.value) {
+    showSessions.value = false;
+  }
+}
+
+onMounted(() => {
+  mobileQuery = window.matchMedia("(max-width: 768px)");
+  handleMobileChange(mobileQuery);
+  mobileQuery.addEventListener("change", handleMobileChange);
+  if (profilesStore.profiles.length === 0) {
+    void profilesStore.fetchProfiles();
+  }
+});
+
+onUnmounted(() => {
+  mobileQuery?.removeEventListener("change", handleMobileChange);
+});
+const showRenameModal = ref(false);
+const renameValue = ref("");
+const renameSessionId = ref<string | null>(null);
+const renameInputRef = ref<InstanceType<typeof NInput> | null>(null);
+const sessionProfileFilter = computed(() => chatStore.sessionProfileFilter);
+const profileFilterOptions = computed(() => [
+  { label: t("chat.allProfiles"), value: "__all__" },
+  ...profilesStore.profiles.map((profile) => ({
+    label: profile.name,
+    value: profile.name,
+  })),
+]);
+
+async function handleProfileFilterChange(value: string) {
+  chatStore.sessionProfileFilter = value === "__all__" ? null : value;
+  await chatStore.loadSessions(chatStore.sessionProfileFilter);
+}
+
+function sortSessionsWithActiveFirst(items: Session[]): Session[] {
+  return [...items].sort((a, b) => {
+    return (b.updatedAt || 0) - (a.updatedAt || 0);
+  });
+}
+
+const pinnedSessions = computed(() =>
+  sortSessionsWithActiveFirst(
+    chatStore.sessions.filter((session) =>
+      sessionBrowserPrefsStore.isPinned(session.id),
+    ),
+  ),
+);
+
+const unpinnedSessions = computed(() =>
+  sortSessionsWithActiveFirst(
+    chatStore.sessions.filter(
+      (session) => !sessionBrowserPrefsStore.isPinned(session.id),
+    ),
+  ),
+);
+
+watch(
+  () => [
+    chatStore.sessionsLoaded,
+    ...chatStore.sessions.map((session) => session.id),
+  ],
+  (value) => {
+    const sessionIds = value.slice(1) as string[];
+    if (!value[0] || sessionIds.length === 0) return;
+    sessionBrowserPrefsStore.pruneMissingSessions(sessionIds);
+  },
+  { immediate: true },
+);
+
+const activeSessionTitle = computed(
+  () => chatStore.activeSession?.title || t("chat.newChat"),
+);
+
+const headerTitle = computed(() =>
+  currentMode.value === "live"
+    ? t("chat.liveSessions")
+    : activeSessionTitle.value,
+);
+
+const activeApproval = computed(() => chatStore.activePendingApproval);
+const visibleApproval = computed(() => activeApproval.value);
+
+const activeClarify = computed(() => chatStore.activePendingClarify);
+const visibleClarify = computed(() => activeClarify.value);
+const clarifyResponse = ref('');
+
+function handleClarify(response?: string) {
+  const finalResponse = response !== undefined ? response : clarifyResponse.value.trim();
+  chatStore.respondToClarify(finalResponse);
+  clarifyResponse.value = '';
+}
+
+const showNewChatModal = ref(false);
+const newChatProfile = ref<string>("default");
+const newChatProvider = ref<string>("");
+const newChatModel = ref<string>("");
+const newChatLoading = ref(false);
+
+function getModelGroupsForProfile(profile: string) {
+  const profileModels = appStore.profileModelGroups.find(
+    (entry) => entry.profile === profile,
+  );
+  return profileModels?.groups || [];
+}
+
+function getDefaultModelForProfile(profile: string) {
+  const groups = getModelGroupsForProfile(profile);
+  const profileModels = appStore.profileModelGroups.find(
+    (entry) => entry.profile === profile,
+  );
+  const defaultProvider = profileModels?.default_provider || "";
+  const defaultModel = profileModels?.default || "";
+  const providerGroup = defaultProvider
+    ? groups.find((group) => group.provider === defaultProvider)
+    : undefined;
+  const fallbackGroup = providerGroup || groups.find((group) => group.models.length > 0);
+  return {
+    provider: fallbackGroup?.provider || "",
+    model: fallbackGroup?.models.includes(defaultModel)
+      ? defaultModel
+      : fallbackGroup?.models[0] || "",
+  };
+}
+
+const newChatProfileOptions = computed(() =>
+  (profilesStore.profiles.length > 0 ? profilesStore.profiles : [{ name: "default" }]).map((profile) => ({
+    label: profile.name,
+    value: profile.name,
+  })),
+);
+
+const newChatModelGroups = computed(() => {
+  return getModelGroupsForProfile(newChatProfile.value);
+});
+
+const newChatProviderOptions = computed(() =>
+  newChatModelGroups.value.map((group) => ({
+    label: group.label || group.provider,
+    value: group.provider,
+  })),
+);
+
+const newChatModelOptions = computed(() => {
+  const group = newChatModelGroups.value.find(
+    (item) => item.provider === newChatProvider.value,
+  );
+  return (group?.models || []).map((model) => ({
+    label: appStore.displayModelName(model, group?.provider),
+    value: model,
+  }));
+});
+
+function syncNewChatModelSelection() {
+  const defaults = getDefaultModelForProfile(newChatProfile.value);
+  newChatProvider.value = defaults.provider;
+  newChatModel.value = defaults.model;
+}
+
+async function openNewChatModal() {
+  showNewChatModal.value = true;
+  newChatLoading.value = true;
+  try {
+    if (profilesStore.profiles.length === 0) await profilesStore.fetchProfiles();
+    if (appStore.modelGroups.length === 0 && appStore.profileModelGroups.length === 0) {
+      await appStore.loadModels();
+    }
+    newChatProfile.value =
+      profilesStore.activeProfileName ||
+      profilesStore.profiles.find((profile) => profile.active)?.name ||
+      profilesStore.profiles[0]?.name ||
+      "default";
+    syncNewChatModelSelection();
+  } finally {
+    newChatLoading.value = false;
+  }
+}
+
+function handleNewChatProfileChange(value: string) {
+  newChatProfile.value = value;
+  syncNewChatModelSelection();
+}
+
+function handleNewChatProviderChange(value: string) {
+  newChatProvider.value = value;
+  newChatModel.value = newChatModelOptions.value[0]?.value || "";
+}
+
+async function confirmNewChat() {
+  const session = chatStore.newChat({
+    profile: newChatProfile.value,
+    provider: newChatProvider.value,
+    model: newChatModel.value,
+  });
+  await router.push({
+    name: "hermes.session",
+    params: { sessionId: session.id },
+  });
+  showNewChatModal.value = false;
+}
+
+function handleApproval(choice: "once" | "session" | "always" | "deny") {
+  chatStore.respondApproval(choice);
+}
+
+function sessionProfile(sessionId: string): string | null {
+  return chatStore.sessions.find((session) => session.id === sessionId)?.profile || null;
+}
+
+function buildSessionUrl(sessionId: string, profile?: string | null): string {
+  const href = router.resolve({
+    name: "hermes.session",
+    params: { sessionId },
+    query: profile ? { profile } : undefined,
+  }).href;
+  return `${window.location.origin}${window.location.pathname}${href}`;
+}
+
+async function copySessionLink(id?: string) {
+  const sessionId = id || chatStore.activeSessionId;
+  if (sessionId) {
+    const ok = await copyToClipboard(buildSessionUrl(sessionId, sessionProfile(sessionId)));
+    if (ok) message.success(t("common.copied"));
+    else message.error(t("common.copied") + " ✗");
+  }
+}
+
+async function copySessionId(id?: string) {
+  const sessionId = id || chatStore.activeSessionId;
+  if (sessionId) {
+    const ok = await copyToClipboard(sessionId);
+    if (ok) message.success(t("common.copied"));
+    else message.error(t("common.copied") + " ✗");
+  }
+}
+
+function handleDeleteSession(id: string) {
+  sessionBrowserPrefsStore.removePinned(id);
+  chatStore.deleteSession(id);
+  message.success(t("chat.sessionDeleted"));
+}
+
+function toggleBatchMode() {
+  if (isBatchDeleting.value) return;
+  isBatchMode.value = !isBatchMode.value;
+  if (!isBatchMode.value) {
+    selectedSessionKeys.value.clear();
+    showBatchDeleteConfirm.value = false;
+  }
+}
+
+function sessionSelectionKey(session: Pick<Session, "id" | "profile">): string {
+  return `${session.profile || "default"}\u0000${session.id}`;
+}
+
+function toggleSessionSelection(session: Session) {
+  if (isBatchDeleting.value) return;
+  const key = sessionSelectionKey(session);
+  if (selectedSessionKeys.value.has(key)) {
+    selectedSessionKeys.value.delete(key);
+  } else {
+    selectedSessionKeys.value.add(key);
+  }
+  selectedSessionKeys.value = new Set(selectedSessionKeys.value);
+  if (selectedSessionKeys.value.size === 0) {
+    showBatchDeleteConfirm.value = false;
+  }
+}
+
+function isSessionSelected(session: Session): boolean {
+  return selectedSessionKeys.value.has(sessionSelectionKey(session));
+}
+
+async function handleBatchDelete() {
+  if (selectedSessionKeys.value.size === 0 || isBatchDeleting.value) return;
+
+  const sessionsByKey = new Map(chatStore.sessions.map((session) => [sessionSelectionKey(session), session]));
+  const targets = Array.from(selectedSessionKeys.value)
+    .map((key) => sessionsByKey.get(key))
+    .filter((session): session is Session => Boolean(session))
+    .map((session) => ({ id: session.id, profile: session.profile || null }));
+  if (targets.length === 0) return;
+  isBatchDeleting.value = true;
+  try {
+    const result = await batchDeleteSessions(targets);
+    if (result.deleted > 0) {
+      // Remove from pinned sessions
+      for (const target of targets) {
+        sessionBrowserPrefsStore.removePinned(target.id);
+      }
+
+      // Remove deleted sessions from local store (without calling API again)
+      // Use loadSessions to refresh from server instead of manual filtering
+      await chatStore.loadSessions(chatStore.sessionProfileFilter);
+
+      message.success(t("chat.batchDeleteSuccess", { count: result.deleted }));
+      if (result.failed > 0) {
+        message.warning(t("chat.batchDeletePartial", { failed: result.failed }));
+      }
+    } else {
+      message.error(t("chat.batchDeleteFailed"));
+    }
+  } catch (err: any) {
+    message.error(t("chat.batchDeleteFailed"));
+  } finally {
+    isBatchDeleting.value = false;
+    showBatchDeleteConfirm.value = false;
+    isBatchMode.value = false;
+    selectedSessionKeys.value.clear();
+  }
+}
+
+function handleBatchDeleteConfirm() {
+  void handleBatchDelete();
+  return false;
+}
+
+function selectAllSessions() {
+  if (isBatchDeleting.value) return;
+  selectedSessionKeys.value.clear();
+  for (const session of chatStore.sessions) {
+    if (session.id !== chatStore.activeSessionId) {
+      selectedSessionKeys.value.add(sessionSelectionKey(session));
+    }
+  }
+  selectedSessionKeys.value = new Set(selectedSessionKeys.value);
+}
+
+const selectedCount = computed(() => selectedSessionKeys.value.size);
+const canSelectAll = computed(() => {
+  return chatStore.sessions.some(s => s.id !== chatStore.activeSessionId);
+});
+
+const contextSessionId = ref<string | null>(null);
+const contextSessionPinned = computed(() =>
+  contextSessionId.value
+    ? sessionBrowserPrefsStore.isPinned(contextSessionId.value)
+    : false,
+);
+const contextSession = computed(() =>
+  contextSessionId.value
+    ? chatStore.sessions.find((session) => session.id === contextSessionId.value) || null
+    : null,
+);
+
+const contextMenuOptions = computed(() => {
+  const options: DropdownOption[] = [{
+    label: t(contextSessionPinned.value ? "chat.unpin" : "chat.pin"),
+    key: "pin",
+  },
+  { label: t("chat.rename"), key: "rename" },
+  { label: t("chat.setWorkspace"), key: "workspace" }]
+
+  if (contextSession.value?.source === "cli") {
+    options.push({ label: t("chat.setModel"), key: "model" })
+  }
+
+  options.push({
+    label: t("chat.export"),
+    key: "export",
+    children: [
+      {
+        label: t("chat.exportFull"),
+        key: "export-full",
+        children: [
+          { label: "JSON", key: "export-full-json" },
+          { label: "TXT", key: "export-full-txt" },
+        ],
+      },
+      {
+        label: t("chat.exportCompressed"),
+        key: "export-compressed",
+        children: [
+          { label: "JSON", key: "export-compressed-json" },
+          { label: "TXT", key: "export-compressed-txt" },
+        ],
+      },
+    ],
+  })
+  options.push({ label: t("chat.openSessionInNewTab"), key: "open-link" })
+  options.push({ label: t("chat.copySessionLink"), key: "copy-link" })
+  options.push({ label: t("chat.copySessionId"), key: "copy-id" })
+  return options
+});
+
+function handleContextMenu(e: MouseEvent, sessionId: string) {
+  e.preventDefault();
+  contextSessionId.value = sessionId;
+  showContextMenu.value = true;
+  contextMenuX.value = e.clientX;
+  contextMenuY.value = e.clientY;
+}
+
+const showContextMenu = ref(false);
+const contextMenuX = ref(0);
+const contextMenuY = ref(0);
+
+function parseExportKey(key: string): { mode: 'full' | 'compressed'; ext: 'json' | 'txt' } | null {
+  if (key === 'export-full-json') return { mode: 'full', ext: 'json' }
+  if (key === 'export-full-txt') return { mode: 'full', ext: 'txt' }
+  if (key === 'export-compressed-json') return { mode: 'compressed', ext: 'json' }
+  if (key === 'export-compressed-txt') return { mode: 'compressed', ext: 'txt' }
+  return null
+}
+
+async function handleContextMenuSelect(key: string) {
+  showContextMenu.value = false;
+  if (!contextSessionId.value) return;
+  if (key === "pin") {
+    sessionBrowserPrefsStore.togglePinned(contextSessionId.value);
+    return;
+  }
+  if (key === "copy-link") {
+    copySessionLink(contextSessionId.value);
+  } else if (key === "copy-id") {
+    copySessionId(contextSessionId.value);
+  } else if (key === "open-link") {
+    openSessionInNewTab(contextSessionId.value);
+  } else if (parseExportKey(key)) {
+    const { mode, ext } = parseExportKey(key)!;
+    const loadingMsg = mode === "compressed" ? message.loading(t("chat.exportCompressing"), { duration: 0 }) : null;
+    try {
+      await exportSession(contextSessionId.value, mode, ext);
+      loadingMsg?.destroy();
+      message.success(t("chat.exportSuccess"));
+    } catch {
+      loadingMsg?.destroy();
+      message.error(t("chat.exportFailed"));
+    }
+  } else if (key === "workspace") {
+    const session = chatStore.sessions.find(
+      (s) => s.id === contextSessionId.value,
+    );
+    workspaceSessionId.value = contextSessionId.value;
+    workspaceValue.value = session?.workspace || "";
+    showWorkspaceModal.value = true;
+  } else if (key === "model") {
+    await openSessionModelModal(contextSessionId.value);
+  } else if (key === "rename") {
+    const session = chatStore.sessions.find(
+      (s) => s.id === contextSessionId.value,
+    );
+    renameSessionId.value = contextSessionId.value;
+    renameValue.value = session?.title || "";
+    showRenameModal.value = true;
+    nextTick(() => {
+      renameInputRef.value?.focus();
+    });
+  }
+}
+
+function handleClickOutside() {
+  showContextMenu.value = false;
+}
+
+async function handleRenameConfirm() {
+  if (!renameSessionId.value || !renameValue.value.trim()) return;
+  const ok = await renameSession(
+    renameSessionId.value,
+    renameValue.value.trim(),
+  );
+  if (ok) {
+    const session = chatStore.sessions.find(
+      (s) => s.id === renameSessionId.value,
+    );
+    if (session) session.title = renameValue.value.trim();
+    if (chatStore.activeSession?.id === renameSessionId.value) {
+      chatStore.activeSession.title = renameValue.value.trim();
+    }
+    message.success(t("chat.renamed"));
+  } else {
+    message.error(t("chat.renameFailed"));
+  }
+  showRenameModal.value = false;
+}
+
+const showWorkspaceModal = ref(false);
+const workspaceValue = ref("");
+const workspaceSessionId = ref<string | null>(null);
+
+async function handleWorkspaceConfirm() {
+  if (!workspaceSessionId.value) return;
+  const ok = await setSessionWorkspace(
+    workspaceSessionId.value,
+    workspaceValue.value || null,
+  );
+  if (ok) {
+    const session = chatStore.sessions.find(
+      (s) => s.id === workspaceSessionId.value,
+    );
+    if (session) session.workspace = workspaceValue.value || null;
+    if (chatStore.activeSession?.id === workspaceSessionId.value) {
+      chatStore.activeSession.workspace = workspaceValue.value || null;
+    }
+    message.success(t("chat.workspaceSet"));
+  } else {
+    message.error(t("chat.workspaceSetFailed"));
+  }
+  showWorkspaceModal.value = false;
+}
+
+const showSessionModelModal = ref(false);
+const sessionModelSessionId = ref<string | null>(null);
+const sessionModelSearch = ref("");
+const sessionModelCollapsedGroups = ref<Record<string, boolean>>({});
+const sessionModelValue = ref("");
+const sessionModelProvider = ref("");
+const sessionModelCustomInput = ref("");
+const sessionModelCustomProvider = ref("");
+
+const sessionModelProfile = computed<string | null>(() => {
+  const session = chatStore.sessions.find((s) => s.id === sessionModelSessionId.value);
+  return session?.profile || null;
+});
+
+const sessionModelBaseGroups = computed(() =>
+  sessionModelProfile.value ? getModelGroupsForProfile(sessionModelProfile.value) : [],
+);
+
+const sessionModelProviderOptions = computed(() =>
+  sessionModelBaseGroups.value.map((group) => ({ label: group.label, value: group.provider })),
+);
+
+const sessionModelGroupsWithCustom = computed(() =>
+  sessionModelBaseGroups.value.map((group) => ({
+    ...group,
+    models: [
+      ...group.models,
+      ...(appStore.customModels[group.provider] || []).filter(
+        (model) => !group.models.includes(model),
+      ),
+    ],
+  })),
+);
+
+const filteredSessionModelGroups = computed(() => {
+  const query = sessionModelSearch.value.trim().toLowerCase();
+  if (!query) return sessionModelGroupsWithCustom.value;
+  return sessionModelGroupsWithCustom.value
+    .map((group) => ({
+      ...group,
+      models: group.models.filter((model) => {
+        const displayName = appStore.displayModelName(model, group.provider);
+        return model.toLowerCase().includes(query) || displayName.toLowerCase().includes(query);
+      }),
+    }))
+    .filter((group) => group.models.length > 0 || group.label.toLowerCase().includes(query));
+});
+
+async function openSessionModelModal(sessionId: string) {
+  if (appStore.modelGroups.length === 0 && appStore.profileModelGroups.length === 0) {
+    await appStore.loadModels();
+  }
+  const session = chatStore.sessions.find((s) => s.id === sessionId);
+  const defaults = session?.profile
+    ? getDefaultModelForProfile(session.profile)
+    : { provider: "", model: "" };
+  sessionModelSessionId.value = sessionId;
+  sessionModelValue.value = session?.model || defaults.model || "";
+  sessionModelProvider.value = session?.provider || defaults.provider || "";
+  sessionModelCustomProvider.value = sessionModelProvider.value;
+  sessionModelSearch.value = "";
+  sessionModelCustomInput.value = "";
+  sessionModelCollapsedGroups.value = {};
+  showSessionModelModal.value = true;
+}
+
+function isSessionModelGroupCollapsed(provider: string) {
+  return !!sessionModelCollapsedGroups.value[provider];
+}
+
+function toggleSessionModelGroup(provider: string) {
+  sessionModelCollapsedGroups.value[provider] = !sessionModelCollapsedGroups.value[provider];
+}
+
+function isCustomSessionModel(model: string, provider: string) {
+  return (appStore.customModels[provider] || []).includes(model);
+}
+
+function sessionModelDisplayName(model: string, provider: string) {
+  return appStore.displayModelName(model, provider);
+}
+
+function sessionModelAlias(model: string, provider: string) {
+  return appStore.getModelAlias(model, provider);
+}
+
+async function selectSessionModel(model: string, provider: string) {
+  const meta = sessionModelBaseGroups.value.find((group) => group.provider === provider)?.model_meta?.[model];
+  if (meta?.disabled || !sessionModelSessionId.value) return;
+  const ok = await chatStore.switchSessionModel(model, provider, sessionModelSessionId.value);
+  if (ok) {
+    sessionModelValue.value = model;
+    sessionModelProvider.value = provider;
+    showSessionModelModal.value = false;
+    message.success(t("chat.modelSet"));
+  } else {
+    message.error(t("chat.modelSetFailed"));
+  }
+}
+
+async function handleSessionModelCustomSubmit() {
+  const model = sessionModelCustomInput.value.trim();
+  const provider = sessionModelCustomProvider.value;
+  if (!model || !provider) return;
+  await selectSessionModel(model, provider);
+}
+</script>
+
+<template>
+  <div class="chat-panel">
+    <div
+      v-if="currentMode === 'chat'"
+      class="session-backdrop"
+      :class="{ active: showSessions }"
+      @click="showSessions = false"
+    />
+    <aside
+      v-if="currentMode === 'chat'"
+      class="session-list"
+      :class="{ collapsed: !showSessions }"
+    >
+      <div class="session-list-header">
+        <span v-if="showSessions" class="session-list-title">{{
+          t("chat.webUiSessions")
+        }}</span>
+        <div class="session-list-actions">
+          <button class="session-close-btn" @click="showSessions = false">
+            <svg
+              width="14"
+              height="14"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="2"
+            >
+              <line x1="18" y1="6" x2="6" y2="18" />
+              <line x1="6" y1="6" x2="18" y2="18" />
+            </svg>
+          </button>
+          <NButton
+            v-if="!isBatchMode"
+            quaternary
+            size="tiny"
+            @click="toggleBatchMode"
+            :title="t('chat.toggleBatchMode')"
+          >
+            <template #icon>
+              <svg
+                width="14"
+                height="14"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+              >
+                <path d="M9 11l3 3L22 4" />
+                <path d="M21 12v7a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h11" />
+              </svg>
+            </template>
+          </NButton>
+          <NButton
+            v-if="isBatchMode"
+            quaternary
+            size="tiny"
+            @click="selectAllSessions"
+            :disabled="!canSelectAll || isBatchDeleting"
+            :title="t('chat.selectAll')"
+          >
+            <template #icon>
+              <svg
+                width="14"
+                height="14"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+              >
+                <path d="M9 11l3 3L22 4" />
+                <path d="M21 12v7a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h11" />
+              </svg>
+            </template>
+          </NButton>
+          <NPopconfirm
+            v-if="isBatchMode && selectedCount > 0"
+            v-model:show="showBatchDeleteConfirm"
+            :positive-button-props="{ loading: isBatchDeleting, disabled: isBatchDeleting }"
+            :negative-button-props="{ disabled: isBatchDeleting }"
+            @positive-click="handleBatchDeleteConfirm"
+          >
+            <template #trigger>
+              <NButton quaternary size="tiny" type="error" :loading="isBatchDeleting" :disabled="isBatchDeleting">
+                <template #icon>
+                  <svg
+                    width="14"
+                    height="14"
+                    viewBox="0 0 24 24"
+                    fill="none"
+                    stroke="currentColor"
+                    stroke-width="2"
+                  >
+                    <polyline points="3 6 5 6 21 6" />
+                    <path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2" />
+                  </svg>
+                </template>
+              </NButton>
+            </template>
+            {{ t('chat.confirmBatchDelete', { count: selectedCount }) }}
+          </NPopconfirm>
+          <NButton
+            v-if="isBatchMode"
+            quaternary
+            size="tiny"
+            @click="toggleBatchMode"
+            :disabled="isBatchDeleting"
+          >
+            <template #icon>
+              <svg
+                width="14"
+                height="14"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+              >
+                <line x1="18" y1="6" x2="6" y2="18" />
+                <line x1="6" y1="6" x2="18" y2="18" />
+              </svg>
+            </template>
+          </NButton>
+          <NButton quaternary size="tiny" circle @click="openNewChatModal">
+            <template #icon>
+              <svg
+                width="14"
+                height="14"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+              >
+                <line x1="12" y1="5" x2="12" y2="19" />
+                <line x1="5" y1="12" x2="19" y2="12" />
+              </svg>
+            </template>
+          </NButton>
+        </div>
+      </div>
+      <div v-if="showSessions" class="session-profile-filter">
+        <NSelect
+          :value="sessionProfileFilter || '__all__'"
+          :options="profileFilterOptions"
+          size="small"
+          :loading="profilesStore.loading"
+          @update:value="handleProfileFilterChange"
+        />
+      </div>
+      <div v-if="showSessions" class="session-items">
+        <div
+          v-if="chatStore.isLoadingSessions && chatStore.sessions.length === 0"
+          class="session-loading"
+        >
+          {{ t("common.loading") }}
+        </div>
+        <div v-else-if="chatStore.sessions.length === 0" class="session-empty">
+          {{ t("chat.noSessions") }}
+        </div>
+
+        <template v-if="pinnedSessions.length > 0">
+          <div class="session-group-header session-group-header--static">
+            <span class="session-group-label">{{ t("chat.pinned") }}</span>
+            <span class="session-group-count">{{ pinnedSessions.length }}</span>
+          </div>
+          <SessionListItem
+            v-for="s in pinnedSessions"
+            :key="`pinned-${s.id}`"
+            :session="s"
+            :active="s.id === chatStore.activeSessionId"
+            :pinned="true"
+            :can-delete="
+              s.id !== chatStore.activeSessionId ||
+              chatStore.sessions.length > 1
+            "
+            :streaming="chatStore.isSessionLive(s.id)"
+            :selectable="isBatchMode"
+            :selected="isSessionSelected(s)"
+            :show-profile="true"
+            :to="sessionHref(s.id)"
+            @select="handleSessionClick(s.id)"
+            @contextmenu="handleContextMenu($event, s.id)"
+            @delete="handleDeleteSession(s.id)"
+            @toggle-select="toggleSessionSelection(s)"
+          />
+        </template>
+
+        <SessionListItem
+          v-for="s in unpinnedSessions"
+          :key="s.id"
+          :session="s"
+          :active="s.id === chatStore.activeSessionId"
+          :pinned="false"
+          :can-delete="
+            s.id !== chatStore.activeSessionId ||
+            chatStore.sessions.length > 1
+          "
+          :streaming="chatStore.isSessionLive(s.id)"
+          :selectable="isBatchMode"
+          :selected="isSessionSelected(s)"
+          :show-profile="true"
+          :to="sessionHref(s.id)"
+          @select="handleSessionClick(s.id)"
+          @contextmenu="handleContextMenu($event, s.id)"
+          @delete="handleDeleteSession(s.id)"
+          @toggle-select="toggleSessionSelection(s)"
+        />
+      </div>
+    </aside>
+
+    <NDropdown
+      placement="bottom-start"
+      trigger="manual"
+      :x="contextMenuX"
+      :y="contextMenuY"
+      :options="contextMenuOptions"
+      :show="showContextMenu"
+      @select="handleContextMenuSelect"
+      @clickoutside="handleClickOutside"
+    />
+
+    <NModal
+      v-model:show="showRenameModal"
+      preset="dialog"
+      :title="t('chat.renameSession')"
+      :positive-text="t('common.ok')"
+      :negative-text="t('common.cancel')"
+      @positive-click="handleRenameConfirm"
+    >
+      <NInput
+        ref="renameInputRef"
+        v-model:value="renameValue"
+        :placeholder="t('chat.enterNewTitle')"
+        @keydown.enter="handleRenameConfirm"
+      />
+    </NModal>
+
+    <NModal
+      v-model:show="showWorkspaceModal"
+      preset="dialog"
+      :title="t('chat.setWorkspaceTitle')"
+      :positive-text="t('common.ok')"
+      :negative-text="t('common.cancel')"
+      style="width: 520px"
+      @positive-click="handleWorkspaceConfirm"
+    >
+      <FolderPicker v-model="workspaceValue" />
+    </NModal>
+
+    <NModal
+      v-model:show="showSessionModelModal"
+      preset="card"
+      :title="t('chat.setModelTitle')"
+      :style="{ width: 'min(480px, calc(100vw - 32px))' }"
+      :mask-closable="true"
+    >
+      <NInput
+        v-model:value="sessionModelSearch"
+        :placeholder="t('models.searchPlaceholder')"
+        clearable
+        size="small"
+        class="session-model-search"
+      />
+      <div class="session-model-list">
+        <div v-for="group in filteredSessionModelGroups" :key="group.provider" class="session-model-group">
+          <div class="session-model-group-header" @click="toggleSessionModelGroup(group.provider)">
+            <svg
+              class="session-model-group-arrow"
+              :class="{ collapsed: isSessionModelGroupCollapsed(group.provider) }"
+              width="12"
+              height="12"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="2"
+              stroke-linecap="round"
+              stroke-linejoin="round"
+            >
+              <polyline points="6 9 12 15 18 9" />
+            </svg>
+            <span class="session-model-group-label">{{ group.label }}</span>
+            <span class="session-model-group-count">{{ group.models.length }}</span>
+          </div>
+          <div v-show="!isSessionModelGroupCollapsed(group.provider)" class="session-model-group-items">
+            <div
+              v-for="model in group.models"
+              :key="model"
+              class="session-model-item"
+              :class="{
+                active: model === sessionModelValue && group.provider === sessionModelProvider,
+                disabled: !!group.model_meta?.[model]?.disabled,
+              }"
+              :title="group.model_meta?.[model]?.disabled ? t('models.disabledTooltip') : ''"
+              @click="selectSessionModel(model, group.provider)"
+            >
+              <span class="session-model-item-label">
+                <span class="session-model-item-name">{{ sessionModelDisplayName(model, group.provider) }}</span>
+                <span v-if="sessionModelAlias(model, group.provider)" class="session-model-item-id">
+                  {{ t('models.aliasCanonical', { model }) }}
+                </span>
+              </span>
+              <span v-if="group.model_meta?.[model]?.preview" class="session-model-badge-preview">{{ t('models.previewBadge') }}</span>
+              <span v-if="group.model_meta?.[model]?.disabled" class="session-model-badge-disabled">{{ t('models.disabledBadge') }}</span>
+              <span v-if="isCustomSessionModel(model, group.provider)" class="session-model-badge-custom">{{ t('models.customBadge') }}</span>
+              <svg
+                v-if="model === sessionModelValue && group.provider === sessionModelProvider"
+                class="session-model-check"
+                width="14"
+                height="14"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2.5"
+                stroke-linecap="round"
+                stroke-linejoin="round"
+              >
+                <polyline points="20 6 9 17 4 12" />
+              </svg>
+            </div>
+          </div>
+        </div>
+        <div v-if="filteredSessionModelGroups.length === 0" class="session-model-empty">
+          {{ sessionModelSearch ? 'No results' : 'No models' }}
+        </div>
+        <div class="session-model-custom">
+          <div class="session-model-custom-row">
+            <NSelect
+              v-model:value="sessionModelCustomProvider"
+              :options="sessionModelProviderOptions"
+              size="small"
+              class="session-model-custom-provider"
+            />
+            <NInput
+              v-model:value="sessionModelCustomInput"
+              :placeholder="t('models.customModelPlaceholder')"
+              size="small"
+              class="session-model-custom-input"
+              @keydown.enter="handleSessionModelCustomSubmit"
+            />
+          </div>
+          <div class="session-model-custom-hint">
+            {{ t('models.customModelHint') }}
+          </div>
+        </div>
+      </div>
+    </NModal>
+
+    <NModal
+      v-model:show="showNewChatModal"
+      preset="card"
+      :title="t('chat.newChat')"
+      :style="{ width: 'min(440px, calc(100vw - 32px))' }"
+      :mask-closable="true"
+    >
+      <div class="new-chat-form">
+        <label class="new-chat-field">
+          <span class="new-chat-label">{{ t("sidebar.profiles") }}</span>
+          <NSelect
+            :value="newChatProfile"
+            :options="newChatProfileOptions"
+            :loading="newChatLoading || profilesStore.loading"
+            @update:value="handleNewChatProfileChange"
+          />
+        </label>
+        <label class="new-chat-field">
+          <span class="new-chat-label">{{ t("models.provider") }}</span>
+          <NSelect
+            :value="newChatProvider"
+            :options="newChatProviderOptions"
+            :disabled="newChatLoading"
+            @update:value="handleNewChatProviderChange"
+          />
+        </label>
+        <label class="new-chat-field">
+          <span class="new-chat-label">{{ t("models.models") }}</span>
+          <NSelect
+            v-model:value="newChatModel"
+            :options="newChatModelOptions"
+            :disabled="newChatLoading || !newChatProvider"
+            filterable
+          />
+        </label>
+      </div>
+      <template #footer>
+        <div class="new-chat-actions">
+          <NButton @click="showNewChatModal = false">{{ t("common.cancel") }}</NButton>
+          <NButton
+            type="primary"
+            :disabled="!newChatProfile || !newChatProvider || !newChatModel"
+            @click="confirmNewChat"
+          >
+            {{ t("chat.newChat") }}
+          </NButton>
+        </div>
+      </template>
+    </NModal>
+
+    <div class="chat-main">
+      <header class="chat-header">
+        <div class="header-left">
+          <NButton
+            v-if="currentMode === 'chat'"
+            quaternary
+            size="small"
+            @click="showSessions = !showSessions"
+            circle
+          >
+            <template #icon>
+              <svg
+                width="16"
+                height="16"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="1.5"
+              >
+                <rect x="3" y="3" width="7" height="7" />
+                <rect x="14" y="3" width="7" height="7" />
+                <rect x="3" y="14" width="7" height="7" />
+                <rect x="14" y="14" width="7" height="7" />
+              </svg>
+            </template>
+          </NButton>
+          <span class="header-session-title">{{ headerTitle }}</span>
+          <span
+            v-if="chatStore.activeSession?.workspace"
+            class="workspace-badge"
+            :title="chatStore.activeSession.workspace"
+            >📁
+            {{
+              chatStore.activeSession.workspace.split("/").pop() ||
+              chatStore.activeSession.workspace
+            }}</span
+          >
+        </div>
+        <div class="header-actions">
+          <!-- chat/live mode toggle hidden -->
+          <template v-if="currentMode === 'chat'">
+            <NTooltip trigger="hover">
+              <template #trigger>
+                <NButton
+                  quaternary
+                  size="small"
+                  @click="showOutline = !showOutline"
+                  circle
+                >
+                  <template #icon>
+                    <svg
+                      width="14"
+                      height="14"
+                      viewBox="0 0 24 24"
+                      fill="none"
+                      stroke="currentColor"
+                      stroke-width="1.5"
+                    >
+                      <path d="M3 12h18M3 6h18M3 18h18" />
+                    </svg>
+                  </template>
+                </NButton>
+              </template>
+              {{ t("chat.outlineTitle") }}
+            </NTooltip>
+            <NTooltip trigger="hover">
+              <template #trigger>
+                <NButton
+                  quaternary
+                  size="small"
+                  @click="copySessionId()"
+                  circle
+                >
+                  <template #icon>
+                    <svg
+                      width="14"
+                      height="14"
+                      viewBox="0 0 24 24"
+                      fill="none"
+                      stroke="currentColor"
+                      stroke-width="1.5"
+                    >
+                      <rect x="9" y="9" width="13" height="13" rx="2" ry="2" />
+                      <path
+                        d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"
+                      />
+                    </svg>
+                  </template>
+                </NButton>
+              </template>
+              {{ t("chat.copySessionId") }}
+            </NTooltip>
+            <NButton size="small" :circle="isMobile" @click="openNewChatModal">
+              <template #icon>
+                <svg
+                  width="14"
+                  height="14"
+                  viewBox="0 0 24 24"
+                  fill="none"
+                  stroke="currentColor"
+                  stroke-width="2"
+                >
+                  <line x1="12" y1="5" x2="12" y2="19" />
+                  <line x1="5" y1="12" x2="19" y2="12" />
+                </svg>
+              </template>
+              <template v-if="!isMobile">{{ t("chat.newChat") }}</template>
+            </NButton>
+          </template>
+        </div>
+      </header>
+
+      <template v-if="currentMode === 'chat'">
+        <div class="chat-content-wrapper">
+          <div class="chat-main-content">
+            <MessageList ref="messageListRef" />
+          </div>
+          <OutlinePanel
+            v-if="showOutline"
+            :messages="chatStore.messages"
+            @navigate="handleOutlineNavigate"
+          />
+        </div>
+        <div v-if="visibleApproval" class="approval-bar">
+          <div class="approval-icon" aria-hidden="true">
+            <svg
+              width="18"
+              height="18"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="2"
+              stroke-linecap="round"
+              stroke-linejoin="round"
+            >
+              <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10" />
+              <path d="m9 12 2 2 4-4" />
+            </svg>
+          </div>
+          <div class="approval-content">
+            <div class="approval-main">
+              <div class="approval-kicker">{{ t("chat.approvalKicker") }}</div>
+              <div class="approval-title">{{ t("chat.approvalTitle") }}</div>
+              <div class="approval-desc">{{ visibleApproval.description }}</div>
+              <code class="approval-command">{{ visibleApproval.command }}</code>
+            </div>
+            <div class="approval-actions">
+              <NButton
+                v-if="visibleApproval.choices.includes('once')"
+                size="small"
+                type="primary"
+                @click="handleApproval('once')"
+              >
+                {{ t("chat.approvalAllowOnce") }}
+              </NButton>
+              <NButton
+                v-if="visibleApproval.choices.includes('session')"
+                size="small"
+                secondary
+                @click="handleApproval('session')"
+              >
+                {{ t("chat.approvalAllowSession") }}
+              </NButton>
+              <NButton
+                v-if="visibleApproval.choices.includes('always')"
+                size="small"
+                secondary
+                @click="handleApproval('always')"
+              >
+                {{ t("chat.approvalAlways") }}
+              </NButton>
+              <NButton
+                v-if="visibleApproval.choices.includes('deny')"
+                size="small"
+                type="error"
+                secondary
+                @click="handleApproval('deny')"
+              >
+                {{ t("chat.approvalDeny") }}
+              </NButton>
+            </div>
+          </div>
+        </div>
+        <div v-if="visibleClarify" class="clarify-bar">
+          <div class="clarify-icon" aria-hidden="true">
+            <svg
+              width="18"
+              height="18"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="2"
+              stroke-linecap="round"
+              stroke-linejoin="round"
+            >
+              <circle cx="12" cy="12" r="10" />
+              <path d="M9.09 9a3 3 0 0 1 5.83 1c0 2-3 3-3 3" />
+              <line x1="12" y1="17" x2="12.01" y2="17" />
+            </svg>
+          </div>
+          <div class="clarify-content">
+            <div class="clarify-main">
+              <div class="clarify-kicker">{{ t('chat.clarifyKicker') }}</div>
+              <div class="clarify-title">{{ t('chat.clarifyTitle') }}</div>
+              <div class="clarify-desc">{{ visibleClarify.question }}</div>
+            </div>
+            <div v-if="visibleClarify.choices && visibleClarify.choices.length" class="clarify-actions">
+              <NButton
+                v-for="choice in visibleClarify.choices"
+                :key="choice"
+                size="small"
+                type="primary"
+                @click="handleClarify(choice)"
+              >
+                {{ choice }}
+              </NButton>
+              <NButton
+                size="small"
+                type="error"
+                secondary
+                @click="handleClarify('')"
+              >
+                {{ t('chat.clarifyDismiss') }}
+              </NButton>
+            </div>
+            <div v-else class="clarify-actions clarify-actions-open">
+              <div class="clarify-input-row">
+                <NInput
+                  v-model:value="clarifyResponse"
+                  size="small"
+                  :placeholder="t('chat.clarifyPlaceholder')"
+                />
+                <NButton size="small" type="primary" @click="handleClarify()">
+                  {{ t('chat.clarifySubmit') }}
+                </NButton>
+              </div>
+            </div>
+          </div>
+        </div>
+        <ChatInput />
+      </template>
+      <ConversationMonitorPane
+        v-else
+        :human-only="sessionBrowserPrefsStore.humanOnly"
+      />
+    </div>
+
+    <!-- Floating drawer button -->
+    <div class="drawer-button-wrapper">
+      <div class="drawer-button" @click="showDrawer = true">
+        <svg
+          width="20"
+          height="20"
+          viewBox="0 0 24 24"
+          fill="none"
+          stroke="currentColor"
+          stroke-width="1.5"
+        >
+          <rect x="3" y="3" width="18" height="18" rx="2" ry="2" />
+          <line x1="9" y1="3" x2="9" y2="21" />
+          <line x1="15" y1="3" x2="15" y2="21" />
+        </svg>
+      </div>
+    </div>
+
+    <DrawerPanel v-model:show="showDrawer" :active-tab="drawerActiveTab" />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.chat-panel {
+  display: flex;
+  height: 100%;
+  position: relative;
+}
+
+.session-model-search {
+  margin-bottom: 12px;
+}
+
+.session-model-list {
+  max-height: 50vh;
+  overflow-y: auto;
+  scrollbar-width: thin;
+}
+
+.session-model-group {
+  margin-bottom: 4px;
+}
+
+.session-model-group-header {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  padding: 8px;
+  font-size: 12px;
+  font-weight: 600;
+  color: $text-secondary;
+  cursor: pointer;
+  border-radius: $radius-sm;
+  user-select: none;
+  transition: background-color $transition-fast;
+
+  &:hover {
+    background-color: $bg-secondary;
+  }
+}
+
+.session-model-group-arrow {
+  flex-shrink: 0;
+  transition: transform $transition-fast;
+
+  &.collapsed {
+    transform: rotate(-90deg);
+  }
+}
+
+.session-model-group-label {
+  flex: 1;
+}
+
+.session-model-group-count {
+  font-size: 11px;
+  color: $text-muted;
+  font-weight: 400;
+}
+
+.session-model-group-items {
+  padding-left: 8px;
+}
+
+.session-model-item {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 7px 10px;
+  font-size: 13px;
+  color: $text-secondary;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &:hover {
+    background-color: rgba(var(--accent-primary-rgb), 0.06);
+    color: $text-primary;
+  }
+
+  &.active {
+    color: $accent-primary;
+    font-weight: 500;
+  }
+
+  &.disabled {
+    opacity: 0.45;
+    cursor: not-allowed;
+
+    &:hover {
+      background-color: transparent;
+      color: $text-secondary;
+    }
+  }
+}
+
+.session-model-item-label {
+  flex: 1;
+  min-width: 0;
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+}
+
+.session-model-item-name,
+.session-model-item-id {
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  font-family: $font-code;
+}
+
+.session-model-item-name {
+  font-size: 12px;
+}
+
+.session-model-item-id {
+  color: $text-muted;
+  font-size: 10px;
+  font-weight: 400;
+}
+
+.session-model-check {
+  flex-shrink: 0;
+  color: $accent-primary;
+}
+
+.session-model-badge-preview,
+.session-model-badge-custom,
+.session-model-badge-disabled {
+  flex-shrink: 0;
+  font-size: 9px;
+  font-weight: 600;
+  padding: 1px 5px;
+  border-radius: 3px;
+  margin-right: 4px;
+  letter-spacing: 0.03em;
+}
+
+.session-model-badge-preview {
+  color: #fff;
+  background: #d97706;
+}
+
+.session-model-badge-custom {
+  color: #fff;
+  background: $accent-primary;
+}
+
+.session-model-badge-disabled {
+  color: $text-muted;
+  background: transparent;
+  border: 1px solid $border-color;
+  padding: 0 5px;
+}
+
+.session-model-empty {
+  padding: 24px 0;
+  text-align: center;
+  font-size: 13px;
+  color: $text-muted;
+}
+
+.session-model-custom {
+  margin-top: 12px;
+  padding-top: 12px;
+  border-top: 1px solid $border-color;
+}
+
+.session-model-custom-row {
+  display: flex;
+  gap: 8px;
+}
+
+.session-model-custom-provider {
+  width: 160px;
+  flex-shrink: 0;
+}
+
+.session-model-custom-input {
+  flex: 1;
+}
+
+.session-model-custom-hint {
+  margin-top: 6px;
+  font-size: 11px;
+  color: $text-muted;
+}
+
+.session-list {
+  width: 220px;
+  border-right: 1px solid $border-color;
+  display: flex;
+  flex-direction: column;
+  flex-shrink: 0;
+  transition:
+    width $transition-normal,
+    opacity $transition-normal;
+  overflow: hidden;
+
+  &.collapsed {
+    width: 0;
+    border-right: none;
+    opacity: 0;
+    pointer-events: none;
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    position: absolute;
+    left: 0;
+    top: 0;
+    height: 100%;
+    z-index: 120;
+    background: $bg-card;
+    box-shadow: 2px 0 8px rgba(0, 0, 0, 0.1);
+    width: 280px;
+
+    &.collapsed {
+      transform: translateX(-100%);
+      opacity: 0;
+    }
+  }
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .session-close-btn {
+    display: flex;
+  }
+
+  .session-backdrop {
+    position: absolute;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.4);
+    z-index: 110;
+    opacity: 0;
+    pointer-events: none;
+    transition: opacity $transition-fast;
+
+    &.active {
+      opacity: 1;
+      pointer-events: auto;
+    }
+  }
+}
+
+.session-list-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 12px;
+  flex-shrink: 0;
+  min-height: 0;
+}
+
+.session-list-actions {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  height: 22px;
+
+  .n-button {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    height: 22px;
+    min-height: 22px;
+  }
+}
+
+.session-close-btn {
+  display: none;
+  border: none;
+  background: none;
+  cursor: pointer;
+  color: $text-secondary;
+  padding: 4px;
+  border-radius: $radius-sm;
+  height: 22px;
+  min-height: 22px;
+  align-items: center;
+  justify-content: center;
+
+  &:hover {
+    background: rgba($accent-primary, 0.06);
+  }
+}
+
+.session-list-title {
+  font-size: 12px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+  line-height: 22px;
+}
+
+.session-profile-filter {
+  margin: 0 8px 10px;
+}
+
+.new-chat-form {
+  display: flex;
+  flex-direction: column;
+  gap: 14px;
+}
+
+.new-chat-field {
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+}
+
+.new-chat-label {
+  font-size: 12px;
+  color: $text-muted;
+  font-weight: 500;
+}
+
+.new-chat-actions {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+
+.session-group-header {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  padding: 6px 10px 4px;
+  cursor: pointer;
+  user-select: none;
+}
+
+.session-group-header--static {
+  cursor: default;
+}
+
+.group-chevron {
+  flex-shrink: 0;
+  transition: transform 0.15s ease;
+  transform: rotate(90deg);
+
+  &.collapsed {
+    transform: rotate(0deg);
+  }
+}
+
+.session-group-label {
+  font-size: 10px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+}
+
+.session-group-count {
+  font-size: 10px;
+  color: $text-muted;
+  font-weight: 400;
+}
+
+.session-items {
+  flex: 1;
+  overflow-y: auto;
+  padding: 0 6px 12px;
+}
+
+.session-loading,
+.session-empty {
+  padding: 16px 10px;
+  font-size: 12px;
+  color: $text-muted;
+  text-align: center;
+}
+
+:deep(.session-item) {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  width: 100%;
+  padding: 8px 10px;
+  border: none;
+  background: none;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  text-align: left;
+  text-decoration: none;
+  color: $text-secondary;
+  transition: all $transition-fast;
+  margin-bottom: 2px;
+
+  &:hover {
+    background: rgba($accent-primary, 0.06);
+    color: $text-primary;
+
+    .session-item-delete {
+      opacity: 1;
+    }
+  }
+
+  &.active {
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    color: $text-primary;
+    font-weight: 500;
+  }
+
+  &.active .session-item-title {
+    color: $accent-primary;
+  }
+
+  &.missing-models {
+    color: #b42318;
+    background: rgba(220, 38, 38, 0.08);
+
+    .session-item-title,
+    .session-item-profile-name,
+    .session-item-time {
+      color: #b42318;
+    }
+
+    .session-item-model {
+      color: #b42318;
+      background: rgba(220, 38, 38, 0.12);
+    }
+
+    &:hover {
+      background: rgba(220, 38, 38, 0.12);
+    }
+  }
+}
+
+:deep(.session-item-content) {
+  flex: 1;
+  overflow: hidden;
+}
+
+:deep(.session-item-title-row) {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  min-width: 0;
+}
+
+:deep(.session-item-title) {
+  display: block;
+  flex: 1 1 auto;
+  min-width: 0;
+  font-size: 13px;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+:deep(.session-item-streaming) {
+  display: inline-block;
+  flex-shrink: 0;
+  margin-right: 4px;
+  vertical-align: middle;
+  animation: spin 1.2s linear infinite;
+  color: $accent-primary;
+}
+
+@keyframes spin {
+  from {
+    transform: rotate(0deg);
+  }
+  to {
+    transform: rotate(360deg);
+  }
+}
+
+:deep(.session-item-pin) {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  flex-shrink: 0;
+  color: $accent-primary;
+}
+
+:deep(.session-item-time) {
+  font-size: 11px;
+  color: $text-muted;
+}
+
+:deep(.session-item-meta) {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  margin-top: 2px;
+}
+
+:deep(.session-item-model) {
+  font-size: 10px;
+  color: $accent-primary;
+  background: rgba($accent-primary, 0.08);
+  padding: 0 5px;
+  border-radius: 3px;
+  line-height: 16px;
+  flex-shrink: 0;
+  max-width: 100px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+:deep(.session-item-delete) {
+  flex-shrink: 0;
+  opacity: 0.5;
+  padding: 2px;
+  border: none;
+  background: none;
+  color: $text-muted;
+  cursor: pointer;
+  border-radius: 3px;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: $error;
+    background: rgba($error, 0.1);
+  }
+}
+
+.chat-main {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  overflow: hidden;
+  min-width: 0;
+}
+
+.chat-content-wrapper {
+  flex: 1;
+  display: flex;
+  overflow: hidden;
+  position: relative;
+}
+
+.chat-main-content {
+  flex: 1;
+  overflow: hidden;
+  display: flex;
+  flex-direction: column;
+  min-width: 0;
+}
+
+.chat-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 21px 20px;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+}
+
+.header-left {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  overflow: hidden;
+  flex: 1;
+  min-width: 0;
+}
+
+.header-session-title {
+  font-size: 16px;
+  font-weight: 600;
+  color: $text-primary;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+.source-badge {
+  font-size: 10px;
+  color: $text-muted;
+  background: rgba($text-muted, 0.12);
+  padding: 1px 7px;
+  border-radius: 8px;
+  flex-shrink: 0;
+  white-space: nowrap;
+  line-height: 16px;
+}
+
+.header-actions {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  flex-shrink: 0;
+}
+
+.chat-mode-toggle {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  margin-right: 4px;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .chat-header {
+    padding: 16px 12px 16px 52px;
+  }
+}
+
+.workspace-badge {
+  font-size: 11px;
+  color: $text-muted;
+  background: rgba(255, 255, 255, 0.05);
+  padding: 2px 8px;
+  border-radius: 4px;
+  max-width: 160px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  cursor: default;
+}
+
+// ─── Drawer button ─────────────────────────────────────────────
+
+.drawer-button-wrapper {
+  position: absolute;
+  right: 16px;
+  top: 50%;
+  transform: translateY(-50%);
+  z-index: 100;
+  background: $bg-card;
+  border-radius: 50%;
+  box-shadow:
+    0 0 10px rgba(255, 107, 107, 0.4),
+    0 0 20px rgba(255, 107, 107, 0.2);
+  animation: rainbow-glow 8s linear infinite;
+  transition: all $transition-fast;
+
+  &:hover {
+    animation-play-state: paused;
+    box-shadow:
+      0 0 15px rgba(255, 107, 107, 0.6),
+      0 0 30px rgba(255, 107, 107, 0.3);
+  }
+}
+
+.drawer-button {
+  width: 40px;
+  height: 40px;
+  border-radius: 50%;
+  background: rgba(var(--accent-primary-rgb), 0.1);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  svg {
+    width: 18px;
+    height: 18px;
+    color: var(--accent-primary);
+  }
+
+  &:hover {
+    transform: scale(1.1);
+  }
+}
+
+.approval-bar {
+  display: flex;
+  align-items: flex-start;
+  gap: 10px;
+  margin: 0 16px 12px;
+  padding: 12px;
+  border: 1px solid $border-color;
+  border-radius: 8px;
+  background: $bg-card;
+  box-shadow: none;
+}
+
+.approval-icon {
+  display: grid;
+  place-items: center;
+  flex: 0 0 32px;
+  width: 32px;
+  height: 32px;
+  color: var(--accent-primary);
+  background: rgba(var(--accent-primary-rgb), 0.12);
+  border: 1px solid rgba(var(--accent-primary-rgb), 0.2);
+  border-radius: 8px;
+}
+
+.approval-content {
+  flex: 1;
+  min-width: 0;
+}
+
+.approval-main {
+  min-width: 0;
+}
+
+.approval-kicker {
+  margin-bottom: 2px;
+  font-size: 10px;
+  font-weight: 700;
+  line-height: 1.2;
+  letter-spacing: 0.08em;
+  text-transform: uppercase;
+  color: var(--accent-primary);
+}
+
+.approval-title {
+  font-size: 14px;
+  font-weight: 700;
+  line-height: 1.3;
+  color: $text-primary;
+}
+
+.approval-desc {
+  margin-top: 4px;
+  font-size: 12px;
+  line-height: 1.45;
+  color: $text-secondary;
+}
+
+.approval-command {
+  display: block;
+  margin-top: 8px;
+  max-height: 96px;
+  overflow: auto;
+  white-space: pre-wrap;
+  word-break: break-word;
+  font-family: "SFMono-Regular", "Cascadia Code", "Roboto Mono", Consolas, monospace;
+  font-size: 11px;
+  line-height: 1.45;
+  color: $text-primary;
+  background: $bg-secondary;
+  border: 1px solid $border-color;
+  border-radius: 6px;
+  padding: 8px 10px;
+}
+
+.approval-actions {
+  display: flex;
+  flex-wrap: wrap;
+  justify-content: flex-end;
+  gap: 8px;
+  margin-top: 10px;
+  padding-top: 10px;
+  border-top: 1px solid $border-color;
+}
+
+
+.clarify-bar {
+  display: flex;
+  align-items: flex-start;
+  gap: 10px;
+  margin: 0 16px 12px;
+  padding: 12px;
+  border: 1px solid $border-color;
+  border-radius: 8px;
+  background: $bg-card;
+  box-shadow: none;
+}
+
+.clarify-icon {
+  display: grid;
+  place-items: center;
+  flex: 0 0 32px;
+  width: 32px;
+  height: 32px;
+  color: var(--accent-primary);
+  background: rgba(var(--accent-primary-rgb), 0.12);
+  border: 1px solid rgba(var(--accent-primary-rgb), 0.2);
+  border-radius: 8px;
+}
+
+.clarify-content {
+  flex: 1;
+  min-width: 0;
+}
+
+.clarify-main {
+  min-width: 0;
+}
+
+.clarify-kicker {
+  margin-bottom: 2px;
+  font-size: 10px;
+  font-weight: 700;
+  line-height: 1.2;
+  letter-spacing: 0.08em;
+  text-transform: uppercase;
+  color: var(--accent-primary);
+}
+
+.clarify-title {
+  font-size: 14px;
+  font-weight: 700;
+  line-height: 1.3;
+  color: $text-primary;
+}
+
+.clarify-desc {
+  margin-top: 4px;
+  font-size: 12px;
+  line-height: 1.45;
+  color: $text-secondary;
+}
+
+.clarify-actions {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px;
+  margin-top: 10px;
+  padding-top: 10px;
+  border-top: 1px solid $border-color;
+}
+
+.clarify-input-row {
+  display: flex;
+  flex: 1;
+  width: 100%;
+  min-width: 0;
+  gap: 8px;
+  align-items: center;
+
+  :deep(.n-input) {
+    flex: 1 1 auto;
+    min-width: 0;
+  }
+
+  :deep(.n-button) {
+    flex: 0 0 auto;
+  }
+}
+
+.clarify-actions-open {
+  display: flex;
+  width: 100%;
+}
+@media (max-width: 768px) {
+  .approval-bar {
+    margin: 0 10px 10px;
+    padding: 10px;
+  }
+
+  .approval-icon {
+    flex-basis: 28px;
+    width: 28px;
+    height: 28px;
+  }
+
+  .approval-actions {
+    display: grid;
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+
+  .approval-actions :deep(.n-button) {
+    width: 100%;
+  }
+
+  .clarify-bar {
+    margin: 0 10px 10px;
+    padding: 10px;
+  }
+
+  .clarify-icon {
+    flex-basis: 28px;
+    width: 28px;
+    height: 28px;
+  }
+
+  .clarify-actions {
+    display: grid;
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+
+  .clarify-actions-open {
+    display: flex;
+    grid-template-columns: none;
+  }
+
+  .clarify-actions :deep(.n-button) {
+    width: 100%;
+  }
+
+  .clarify-actions-open :deep(.n-button) {
+    width: auto;
+  }
+}
+
+@media (max-width: 420px) {
+  .approval-bar {
+    gap: 8px;
+  }
+
+  .approval-actions {
+    grid-template-columns: 1fr;
+  }
+
+  .clarify-bar {
+    gap: 8px;
+  }
+
+  .clarify-actions {
+    grid-template-columns: 1fr;
+  }
+
+  .clarify-input-row {
+    flex-direction: column;
+    align-items: stretch;
+  }
+
+  .clarify-actions-open :deep(.n-button) {
+    width: 100%;
+  }
+}
+
+@keyframes rainbow-glow {
+  0% {
+    box-shadow:
+      0 0 0 2px #ff6b6b,
+      0 0 10px rgba(255, 107, 107, 0.4),
+      0 0 20px rgba(255, 107, 107, 0.2);
+    border-color: #ff6b6b;
+    color: #ff6b6b;
+  }
+  16.66% {
+    box-shadow:
+      0 0 0 2px #feca57,
+      0 0 10px rgba(254, 202, 87, 0.4),
+      0 0 20px rgba(254, 202, 87, 0.2);
+    border-color: #feca57;
+    color: #feca57;
+  }
+  33.33% {
+    box-shadow:
+      0 0 0 2px #48dbfb,
+      0 0 10px rgba(72, 219, 251, 0.4),
+      0 0 20px rgba(72, 219, 251, 0.2);
+    border-color: #48dbfb;
+    color: #48dbfb;
+  }
+  50% {
+    box-shadow:
+      0 0 0 2px #ff9ff3,
+      0 0 10px rgba(255, 159, 243, 0.4),
+      0 0 20px rgba(255, 159, 243, 0.2);
+    border-color: #ff9ff3;
+    color: #ff9ff3;
+  }
+  66.66% {
+    box-shadow:
+      0 0 0 2px #54a0ff,
+      0 0 10px rgba(84, 160, 255, 0.4),
+      0 0 20px rgba(84, 160, 255, 0.2);
+    border-color: #54a0ff;
+    color: #54a0ff;
+  }
+  83.33% {
+    box-shadow:
+      0 0 0 2px #5f27cd,
+      0 0 10px rgba(95, 39, 205, 0.4),
+      0 0 20px rgba(95, 39, 205, 0.2);
+    border-color: #5f27cd;
+    color: #5f27cd;
+  }
+  100% {
+    box-shadow:
+      0 0 0 2px #ff6b6b,
+      0 0 10px rgba(255, 107, 107, 0.4),
+      0 0 20px rgba(255, 107, 107, 0.2);
+    border-color: #ff6b6b;
+    color: #ff6b6b;
+  }
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .drawer-button-wrapper {
+    right: 12px;
+  }
+
+  .drawer-button {
+    width: 36px;
+    height: 36px;
+
+    svg {
+      width: 16px;
+      height: 16px;
+    }
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/ConversationMonitorPane.vue b/packages/client/src/components/hermes/chat/ConversationMonitorPane.vue
new file mode 100644
index 0000000..7c729dc
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/ConversationMonitorPane.vue
@@ -0,0 +1,332 @@
+<script setup lang="ts">
+import { fetchConversationDetail, fetchConversationSummaries, type ConversationDetail, type ConversationSummary } from '@/api/hermes/conversations'
+import { formatTimestampSeconds, getSourceLabel } from '@/shared/session-display'
+import { useAppStore } from '@/stores/hermes/app'
+import { computed, onMounted, onUnmounted, ref, watch } from 'vue'
+import { useI18n } from 'vue-i18n'
+
+const props = defineProps<{ humanOnly: boolean }>()
+const { t } = useI18n()
+const appStore = useAppStore()
+
+const POLL_INTERVAL_MS = 15000
+
+const sessions = ref<ConversationSummary[]>([])
+const selectedSessionId = ref<string | null>(null)
+const detail = ref<ConversationDetail | null>(null)
+const sessionsLoading = ref(false)
+const detailLoading = ref(false)
+const error = ref('')
+let refreshTimer: ReturnType<typeof setInterval> | null = null
+let sessionsRequestId = 0
+let detailRequestId = 0
+
+const selectedSession = computed(() => sessions.value.find(session => session.id === selectedSessionId.value) || null)
+const selectedSessionModelName = computed(() =>
+  selectedSession.value?.model
+    ? appStore.displayModelName(selectedSession.value.model, selectedSession.value.provider)
+    : '',
+)
+
+function roleLabel(role: string): string {
+  return role === 'user' ? t('chat.monitorRoleUser') : t('chat.monitorRoleAssistant')
+}
+
+function linkedSessionsLabel(count: number): string {
+  return t('chat.linkedSessions', { count })
+}
+
+function invalidateRequests() {
+  sessionsRequestId += 1
+  detailRequestId += 1
+}
+
+async function loadSessions(silent = false) {
+  const requestId = ++sessionsRequestId
+  if (!silent) {
+    sessionsLoading.value = true
+    error.value = ''
+  }
+
+  try {
+    const loaded = await fetchConversationSummaries({ humanOnly: props.humanOnly })
+    if (requestId !== sessionsRequestId) return
+
+    sessions.value = loaded
+    if (!loaded.length) {
+      selectedSessionId.value = null
+      detail.value = null
+      return
+    }
+
+    if (!selectedSessionId.value || !loaded.some(session => session.id === selectedSessionId.value)) {
+      selectedSessionId.value = loaded[0].id
+    }
+  } catch (err: any) {
+    if (requestId !== sessionsRequestId || silent) return
+    error.value = err?.message || String(err)
+    sessions.value = []
+    selectedSessionId.value = null
+    detail.value = null
+  } finally {
+    if (!silent && requestId === sessionsRequestId) sessionsLoading.value = false
+  }
+}
+
+async function loadDetail(sessionId: string | null, silent = false) {
+  const requestId = ++detailRequestId
+  if (!sessionId) {
+    detail.value = null
+    return
+  }
+
+  const requestedHumanOnly = props.humanOnly
+  if (!silent) {
+    detailLoading.value = true
+    error.value = ''
+  }
+
+  try {
+    const loaded = await fetchConversationDetail(sessionId, { humanOnly: requestedHumanOnly })
+    if (
+      requestId !== detailRequestId
+      || sessionId !== selectedSessionId.value
+      || requestedHumanOnly !== props.humanOnly
+    ) {
+      return
+    }
+    detail.value = loaded
+  } catch (err: any) {
+    if (requestId !== detailRequestId || silent) return
+    error.value = err?.message || String(err)
+    detail.value = null
+  } finally {
+    if (!silent && requestId === detailRequestId) detailLoading.value = false
+  }
+}
+
+watch(selectedSessionId, async sessionId => {
+  await loadDetail(sessionId, false)
+})
+
+watch(() => props.humanOnly, async () => {
+  invalidateRequests()
+  selectedSessionId.value = null
+  detail.value = null
+  await loadSessions(false)
+})
+
+onMounted(async () => {
+  await loadSessions(false)
+  refreshTimer = setInterval(async () => {
+    await loadSessions(true)
+    if (selectedSessionId.value) {
+      await loadDetail(selectedSessionId.value, true)
+    }
+  }, POLL_INTERVAL_MS)
+})
+
+onUnmounted(() => {
+  invalidateRequests()
+  if (refreshTimer) clearInterval(refreshTimer)
+})
+</script>
+
+<template>
+  <div class="conversation-monitor">
+    <aside class="conversation-monitor__sidebar">
+      <div v-if="sessionsLoading && sessions.length === 0" class="conversation-monitor__empty">{{ t('common.loading') }}</div>
+      <div v-else-if="sessions.length === 0" class="conversation-monitor__empty">{{ t('chat.noSessions') }}</div>
+      <button
+        v-for="session in sessions"
+        :key="session.id"
+        class="conversation-monitor__session"
+        :class="{ active: session.id === selectedSessionId }"
+        :aria-pressed="session.id === selectedSessionId"
+        @click="selectedSessionId = session.id"
+      >
+        <div class="conversation-monitor__session-title-row">
+          <span class="conversation-monitor__session-title">{{ session.title || session.preview || session.id }}</span>
+          <span v-if="session.is_active" class="conversation-monitor__session-live">{{ t('chat.recentBadge') }}</span>
+        </div>
+        <div class="conversation-monitor__session-meta">{{ getSourceLabel(session.source) }} · {{ formatTimestampSeconds(session.last_active) }}</div>
+        <div v-if="session.preview" class="conversation-monitor__session-preview">{{ session.preview }}</div>
+      </button>
+    </aside>
+
+    <section class="conversation-monitor__detail">
+      <header v-if="selectedSession" class="conversation-monitor__detail-header">
+        <div class="conversation-monitor__detail-title">{{ selectedSession.title || selectedSession.preview || selectedSession.id }}</div>
+        <div class="conversation-monitor__detail-meta">
+          <span>{{ getSourceLabel(selectedSession.source) }}</span>
+          <span>·</span>
+          <span :title="selectedSession.model">{{ selectedSessionModelName }}</span>
+          <span>·</span>
+          <span>{{ linkedSessionsLabel(selectedSession.thread_session_count) }}</span>
+        </div>
+      </header>
+
+      <div v-if="error" class="conversation-monitor__empty conversation-monitor__empty--error">{{ error }}</div>
+      <div v-else-if="detailLoading && !detail" class="conversation-monitor__empty">{{ t('common.loading') }}</div>
+      <div v-else-if="!detail || detail.messages.length === 0" class="conversation-monitor__empty">{{ t('chat.noVisibleMessages') }}</div>
+      <div v-else class="conversation-monitor__messages">
+        <article
+          v-for="message in detail.messages"
+          :key="`${message.session_id}-${message.id}`"
+          class="conversation-monitor__message"
+          :class="`role-${message.role}`"
+        >
+          <div class="conversation-monitor__message-meta">{{ roleLabel(message.role) }} · {{ formatTimestampSeconds(message.timestamp) }}</div>
+          <div class="conversation-monitor__message-content">{{ message.content }}</div>
+        </article>
+      </div>
+    </section>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.conversation-monitor {
+  display: flex;
+  min-height: 0;
+  flex: 1;
+}
+
+.conversation-monitor__sidebar {
+  width: 260px;
+  border-right: 1px solid $border-color;
+  overflow-y: auto;
+  flex-shrink: 0;
+  scrollbar-gutter: stable;
+
+  &::-webkit-scrollbar {
+    width: 4px;
+  }
+
+  &::-webkit-scrollbar-thumb {
+    background: rgba($text-muted, 0.3);
+    border-radius: 4px;
+  }
+
+  &::-webkit-scrollbar-thumb:hover {
+    background: rgba($text-muted, 0.5);
+  }
+}
+
+.conversation-monitor__session {
+  width: 100%;
+  border: 0;
+  border-bottom: 1px solid rgba($border-color, 0.6);
+  background: transparent;
+  color: inherit;
+  text-align: left;
+  padding: 12px 14px;
+  cursor: pointer;
+
+  &.active {
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    color: $text-primary;
+    font-weight: 500;
+  }
+
+  &.active .conversation-monitor__session-title {
+    color: $accent-primary;
+  }
+}
+
+.conversation-monitor__session-title-row,
+.conversation-monitor__detail-meta,
+.conversation-monitor__message-meta {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+}
+
+.conversation-monitor__session-title,
+.conversation-monitor__detail-title {
+  font-weight: 600;
+}
+
+.conversation-monitor__session-live {
+  font-size: 11px;
+  color: $accent-primary;
+}
+
+.conversation-monitor__session-meta,
+.conversation-monitor__session-preview,
+.conversation-monitor__detail-meta,
+.conversation-monitor__message-meta {
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.conversation-monitor__session-preview,
+.conversation-monitor__message-content {
+  margin-top: 6px;
+  white-space: pre-wrap;
+}
+
+.conversation-monitor__detail {
+  flex: 1;
+  min-width: 0;
+  display: flex;
+  flex-direction: column;
+}
+
+.conversation-monitor__detail-header {
+  padding: 16px 20px;
+  border-bottom: 1px solid $border-color;
+}
+
+.conversation-monitor__messages {
+  flex: 1;
+  overflow-y: auto;
+  padding: 16px 20px;
+  display: flex;
+  flex-direction: column;
+  gap: 12px;
+}
+
+.conversation-monitor__message {
+  padding: 12px 14px;
+  border-radius: 10px;
+  background: rgba($bg-secondary, 0.8);
+
+  &.role-user {
+    border: 1px solid rgba($accent-primary, 0.18);
+  }
+
+  &.role-assistant {
+    border: 1px solid rgba($border-color, 0.9);
+  }
+}
+
+.conversation-monitor__empty {
+  padding: 24px;
+  color: $text-muted;
+}
+
+.conversation-monitor__empty--error {
+  color: $error;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .conversation-monitor {
+    flex-direction: column;
+  }
+
+  .conversation-monitor__sidebar {
+    width: 100%;
+    max-height: 220px;
+    border-right: 0;
+    border-bottom: 1px solid $border-color;
+    flex-shrink: 0;
+  }
+
+  .conversation-monitor__detail {
+    min-height: 0;
+    overflow: hidden;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/DrawerPanel.vue b/packages/client/src/components/hermes/chat/DrawerPanel.vue
new file mode 100644
index 0000000..42a146f
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/DrawerPanel.vue
@@ -0,0 +1,183 @@
+<script setup lang="ts">
+import { ref, watch } from 'vue'
+import { useI18n } from 'vue-i18n'
+import TerminalPanel from './TerminalPanel.vue'
+import FilesPanel from './FilesPanel.vue'
+
+interface Props {
+  show: boolean
+  activeTab?: 'terminal' | 'files'
+}
+
+interface Emits {
+  (e: 'update:show', value: boolean): void
+}
+
+const props = withDefaults(defineProps<Props>(), {
+  activeTab: 'files'
+})
+
+const emit = defineEmits<Emits>()
+const { t } = useI18n()
+
+const activeTab = ref<'terminal' | 'files'>(props.activeTab)
+
+watch(() => props.activeTab, (newVal) => {
+  if (newVal) activeTab.value = newVal
+})
+
+function handleClose() {
+  emit('update:show', false)
+}
+</script>
+
+<template>
+  <Teleport to="body">
+    <div v-if="show" class="drawer-overlay" @click="handleClose"></div>
+    <div :class="['drawer-panel', { show }]">
+      <div class="drawer-header">
+        <div class="drawer-tabs">
+          <button
+            :class="['tab-button', { active: activeTab === 'files' }]"
+            @click="activeTab = 'files'"
+          >
+            {{ t('drawer.files') }}
+          </button>
+          <button
+            :class="['tab-button', { active: activeTab === 'terminal' }]"
+            @click="activeTab = 'terminal'"
+          >
+            {{ t('drawer.terminal') }}
+          </button>
+        </div>
+        <button class="close-button" @click="handleClose">
+          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+            <line x1="18" y1="6" x2="6" y2="18" />
+            <line x1="6" y1="6" x2="18" y2="18" />
+          </svg>
+        </button>
+      </div>
+
+      <div class="drawer-content">
+        <div v-show="activeTab === 'files'" class="drawer-pane">
+          <FilesPanel />
+        </div>
+        <div v-show="activeTab === 'terminal'" class="drawer-pane">
+          <TerminalPanel :visible="activeTab === 'terminal' && show" />
+        </div>
+      </div>
+    </div>
+  </Teleport>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.drawer-overlay {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background: rgba(0, 0, 0, 0.5);
+  z-index: 999;
+}
+
+.drawer-panel {
+  position: fixed;
+  top: 0;
+  right: min(-1180px, -88vw);
+  width: min(1180px, 88vw);
+  height: calc(100 * var(--vh));
+  max-height: calc(100 * var(--vh));
+  background: $bg-card;
+  box-shadow: -2px 0 8px rgba(0, 0, 0, 0.15);
+  display: flex;
+  flex-direction: column;
+  z-index: 1000;
+  transition: right 0.3s ease;
+
+  &.show {
+    right: 0;
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    width: 100%;
+    right: -100%;
+
+    &.show {
+      right: 0;
+    }
+  }
+}
+
+.drawer-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 16px;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+}
+
+.drawer-tabs {
+  display: flex;
+  gap: 8px;
+}
+
+.tab-button {
+  padding: 8px 16px;
+  border: none;
+  background: transparent;
+  color: $text-secondary;
+  cursor: pointer;
+  font-size: 14px;
+  font-weight: 500;
+  border-bottom: 2px solid transparent;
+  transition: all 0.2s;
+  flex-shrink: 0;
+  white-space: nowrap;
+  border-radius: $radius-sm;
+
+  &:hover {
+    color: $text-primary;
+    background: rgba(var(--accent-primary-rgb), 0.05);
+  }
+
+  &.active {
+    color: var(--accent-primary);
+    background: rgba(var(--accent-primary-rgb), 0.1);
+  }
+}
+
+.close-button {
+  padding: 8px;
+  border: none;
+  background: rgba(var(--accent-primary-rgb), 0.08);
+  color: $text-secondary;
+  cursor: pointer;
+  border-radius: $radius-sm;
+  transition: all 0.2s;
+  flex-shrink: 0;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+
+  &:hover {
+    color: $text-primary;
+    background: rgba(var(--accent-primary-rgb), 0.15);
+  }
+}
+
+.drawer-content {
+  flex: 1;
+  overflow: hidden;
+  position: relative;
+  min-height: 0;
+}
+
+.drawer-pane {
+  height: 100%;
+  overflow: auto;
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/FilesPanel.vue b/packages/client/src/components/hermes/chat/FilesPanel.vue
new file mode 100644
index 0000000..b5fecc8
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/FilesPanel.vue
@@ -0,0 +1,195 @@
+<script setup lang="ts">
+import { ref, onMounted } from 'vue'
+import { useFilesStore } from '@/stores/hermes/files'
+import { useI18n } from 'vue-i18n'
+import { NButton } from 'naive-ui'
+import FileTree from '@/components/hermes/files/FileTree.vue'
+import FileBreadcrumb from '@/components/hermes/files/FileBreadcrumb.vue'
+import FileToolbar from '@/components/hermes/files/FileToolbar.vue'
+import FileList from '@/components/hermes/files/FileList.vue'
+import FileContextMenu from '@/components/hermes/files/FileContextMenu.vue'
+import FileEditor from '@/components/hermes/files/FileEditor.vue'
+import FilePreview from '@/components/hermes/files/FilePreview.vue'
+import FileUploadModal from '@/components/hermes/files/FileUploadModal.vue'
+import FileRenameModal from '@/components/hermes/files/FileRenameModal.vue'
+import type { FileEntry } from '@/api/hermes/files'
+
+const filesStore = useFilesStore()
+const { t } = useI18n()
+
+const contextMenuRef = ref<InstanceType<typeof FileContextMenu> | null>(null)
+const showUpload = ref(false)
+const showRenameModal = ref(false)
+const renameMode = ref<'newFile' | 'newFolder' | 'rename'>('newFile')
+const renameEntry = ref<FileEntry | null>(null)
+const showSidebar = ref(false)
+
+function handleContextMenu(e: MouseEvent, entry: FileEntry) {
+  contextMenuRef.value?.show(e, entry)
+}
+
+function handleShowNewFile() {
+  renameMode.value = 'newFile'
+  renameEntry.value = null
+  showRenameModal.value = true
+}
+
+function handleShowNewFolder() {
+  renameMode.value = 'newFolder'
+  renameEntry.value = null
+  showRenameModal.value = true
+}
+
+function handleRename(entry: FileEntry) {
+  renameMode.value = 'rename'
+  renameEntry.value = entry
+  showRenameModal.value = true
+}
+
+onMounted(() => {
+  filesStore.fetchEntries('')
+})
+</script>
+
+<template>
+  <div class="files-panel-drawer">
+    <div
+      v-if="showSidebar"
+      class="sidebar-overlay"
+      @click="showSidebar = false"
+    ></div>
+    <div
+      class="files-tree-panel"
+      :class="{ 'mobile-visible': showSidebar }"
+    >
+      <FileTree />
+    </div>
+    <div class="files-main-panel">
+      <div class="main-toolbar">
+        <NButton
+          size="small"
+          @click="showSidebar = !showSidebar"
+          class="sidebar-toggle"
+        >
+          <template #icon>
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+              <rect x="3" y="3" width="18" height="18" rx="2" />
+              <line x1="9" y1="3" x2="9" y2="21" />
+            </svg>
+          </template>
+          {{ t('files.fileTree') }}
+        </NButton>
+        <FileToolbar
+          @show-new-file="handleShowNewFile"
+          @show-new-folder="handleShowNewFolder"
+          @show-upload="showUpload = true"
+        />
+      </div>
+      <FileBreadcrumb />
+      <div class="files-content">
+        <FileEditor v-if="filesStore.editingFile" />
+        <FilePreview v-else-if="filesStore.previewFile" />
+        <FileList v-else @contextmenu-entry="handleContextMenu" />
+      </div>
+    </div>
+    <FileContextMenu ref="contextMenuRef" @rename="handleRename" />
+    <FileUploadModal v-model:show="showUpload" />
+    <FileRenameModal v-model:show="showRenameModal" :mode="renameMode" :entry="renameEntry" />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.files-panel-drawer {
+  display: flex;
+  height: 100%;
+  min-height: 0;
+  overflow: hidden;
+  position: relative;
+}
+
+.sidebar-overlay {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background: rgba(0, 0, 0, 0.5);
+  z-index: 50;
+
+  @media (min-width: $breakpoint-mobile + 1) {
+    display: none;
+  }
+}
+
+.files-tree-panel {
+  width: 200px;
+  min-width: 150px;
+  max-width: 300px;
+  border-right: 1px solid $border-color;
+  overflow-y: auto;
+  flex-shrink: 0;
+  display: flex;
+  flex-direction: column;
+
+  @media (max-width: $breakpoint-mobile) {
+    position: fixed;
+    top: 0;
+    left: 0;
+    bottom: 0;
+    width: 80%;
+    max-width: 300px;
+    z-index: 51;
+    background: $bg-card;
+    box-shadow: 2px 0 8px rgba(0, 0, 0, 0.15);
+    transform: translateX(-100%);
+    transition: transform 0.3s ease;
+
+    &.mobile-visible {
+      transform: translateX(0);
+    }
+  }
+}
+
+.files-main-panel {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  min-width: 0;
+  overflow: hidden;
+}
+
+.main-toolbar {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 12px 16px;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+
+  @media (max-width: $breakpoint-mobile) {
+    gap: 4px;
+    padding: 8px 8px;
+    flex-wrap: wrap;
+  }
+}
+
+.sidebar-toggle {
+  @media (min-width: $breakpoint-mobile + 1) {
+    display: none;
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    font-size: 12px;
+    padding: 0 8px;
+    height: 32px;
+  }
+}
+
+.files-content {
+  flex: 1;
+  overflow-y: auto;
+  min-height: 0;
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/FolderPicker.vue b/packages/client/src/components/hermes/chat/FolderPicker.vue
new file mode 100644
index 0000000..21af82a
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/FolderPicker.vue
@@ -0,0 +1,281 @@
+<script setup lang="ts">
+import { ref, computed, onMounted, watch } from 'vue'
+import { NSpin } from 'naive-ui'
+import { request } from '@/api/client'
+
+interface FolderEntry {
+  name: string
+  path: string
+  fullPath: string
+}
+
+interface FolderListResponse {
+  base: string
+  current: string
+  folders: FolderEntry[]
+}
+
+/** Flat display node for rendering tree without recursion */
+interface FlatNode {
+  folder: FolderEntry
+  depth: number
+  isExpanded: boolean
+  isLoading: boolean
+  hasChildren: boolean | null  // null = unknown
+}
+
+const props = defineProps<{
+  modelValue: string | null
+}>()
+
+const emit = defineEmits<{
+  'update:modelValue': [value: string | null]
+}>()
+
+const loading = ref(false)
+const basePath = ref('')
+const folders = ref<FolderEntry[]>([])
+const expandedPaths = ref<Set<string>>(new Set())
+const childrenCache = ref<Map<string, FolderEntry[]>>(new Map())
+const loadingPaths = ref<Set<string>>(new Set())
+const selectedPath = ref(props.modelValue || '')
+
+watch(() => props.modelValue, (v) => { selectedPath.value = v || '' })
+
+async function loadFolders(subPath = ''): Promise<FolderListResponse | null> {
+  try {
+    const query = subPath ? `?path=${encodeURIComponent(subPath)}` : ''
+    return await request<FolderListResponse>(`/api/hermes/workspace/folders${query}`)
+  } catch {
+    return null
+  }
+}
+
+onMounted(async () => {
+  loading.value = true
+  const res = await loadFolders()
+  if (res) {
+    basePath.value = res.base
+    folders.value = res.folders
+  }
+  loading.value = false
+})
+
+async function toggleExpand(folder: FolderEntry) {
+  if (expandedPaths.value.has(folder.path)) {
+    expandedPaths.value.delete(folder.path)
+    expandedPaths.value = new Set(expandedPaths.value)
+    return
+  }
+
+  expandedPaths.value.add(folder.path)
+  expandedPaths.value = new Set(expandedPaths.value)
+
+  if (!childrenCache.value.has(folder.path)) {
+    loadingPaths.value.add(folder.path)
+    loadingPaths.value = new Set(loadingPaths.value)
+    const res = await loadFolders(folder.path)
+    childrenCache.value.set(folder.path, res?.folders || [])
+    childrenCache.value = new Map(childrenCache.value)
+    loadingPaths.value.delete(folder.path)
+    loadingPaths.value = new Set(loadingPaths.value)
+  }
+}
+
+function selectFolder(folder: FolderEntry) {
+  const fullPath = `${basePath.value}/${folder.path}`
+  selectedPath.value = fullPath
+  emit('update:modelValue', fullPath)
+}
+
+function selectBase() {
+  selectedPath.value = basePath.value
+  emit('update:modelValue', basePath.value)
+}
+
+/** Build a flat list by DFS traversal of expanded nodes */
+const flatNodes = computed<FlatNode[]>(() => {
+  const result: FlatNode[] = []
+
+  function traverse(entries: FolderEntry[], depth: number) {
+    for (const folder of entries) {
+      const isExpanded = expandedPaths.value.has(folder.path)
+      const isLoading = loadingPaths.value.has(folder.path)
+      const children = childrenCache.value.get(folder.path)
+      result.push({
+        folder,
+        depth,
+        isExpanded,
+        isLoading,
+        hasChildren: children ? children.length > 0 : null,
+      })
+      if (isExpanded && children && children.length > 0) {
+        traverse(children, depth + 1)
+      }
+    }
+  }
+
+  traverse(folders.value, 0)
+  return result
+})
+</script>
+
+<template>
+  <div class="folder-picker">
+    <div v-if="loading" class="folder-picker-loading">
+      <NSpin size="small" />
+    </div>
+    <div v-else class="folder-tree">
+      <!-- Base path as root -->
+      <div
+        class="folder-item root"
+        :class="{ selected: selectedPath === basePath }"
+        @click="selectBase"
+      >
+        <span class="folder-icon">📂</span>
+        <span class="folder-name">{{ basePath || '/' }}</span>
+      </div>
+
+      <!-- Flat rendered tree -->
+      <div
+        v-for="node in flatNodes"
+        :key="node.folder.path"
+        class="folder-item"
+        :class="{ selected: selectedPath === `${basePath}/${node.folder.path}` }"
+        :style="{ paddingLeft: `${12 + node.depth * 16}px` }"
+      >
+        <span class="folder-expand" @click.stop="toggleExpand(node.folder)">
+          <template v-if="node.isLoading">⏳</template>
+          <template v-else>{{ node.isExpanded ? '▼' : '▶' }}</template>
+        </span>
+        <span class="folder-icon" @click="selectFolder(node.folder)">📁</span>
+        <span class="folder-name" @click="selectFolder(node.folder)">{{ node.folder.name }}</span>
+      </div>
+
+      <!-- Empty children indicator for expanded folders with no children -->
+      <template v-for="node in flatNodes" :key="'empty-' + node.folder.path">
+        <div
+          v-if="node.isExpanded && !node.isLoading && node.hasChildren === false"
+          class="folder-item empty"
+          :style="{ paddingLeft: `${28 + node.depth * 16}px` }"
+        >
+          <span class="folder-empty-text">（空）</span>
+        </div>
+      </template>
+
+      <div v-if="folders.length === 0 && !loading" class="folder-empty">
+        暂无工作区文件夹
+      </div>
+    </div>
+
+    <!-- Selected path display -->
+    <div v-if="selectedPath" class="folder-selected">
+      <span class="folder-selected-label">已选择：</span>
+      <span class="folder-selected-path">{{ selectedPath }}</span>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.folder-picker {
+  max-height: 360px;
+  overflow-y: auto;
+  border: 1px solid rgba(255, 255, 255, 0.1);
+  border-radius: 6px;
+  padding: 8px;
+  background: rgba(0, 0, 0, 0.2);
+}
+
+.folder-picker-loading {
+  display: flex;
+  justify-content: center;
+  padding: 24px;
+}
+
+.folder-tree {
+  font-size: 13px;
+}
+
+.folder-item {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  padding: 4px 8px;
+  border-radius: 4px;
+  cursor: pointer;
+  transition: background 0.15s;
+
+  &:hover {
+    background: rgba(255, 255, 255, 0.06);
+  }
+
+  &.selected {
+    background: rgba(64, 158, 255, 0.15);
+    outline: 1px solid rgba(64, 158, 255, 0.4);
+  }
+
+  &.root {
+    font-weight: 600;
+    margin-bottom: 4px;
+  }
+
+  &.empty {
+    opacity: 0.5;
+    cursor: default;
+  }
+}
+
+.folder-expand {
+  width: 14px;
+  font-size: 10px;
+  text-align: center;
+  flex-shrink: 0;
+  user-select: none;
+  opacity: 0.6;
+}
+
+.folder-icon {
+  flex-shrink: 0;
+}
+
+.folder-name {
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.folder-empty-text {
+  font-size: 11px;
+  opacity: 0.5;
+  font-style: italic;
+}
+
+.folder-empty {
+  text-align: center;
+  padding: 16px;
+  opacity: 0.5;
+}
+
+.folder-selected {
+  margin-top: 8px;
+  padding: 6px 8px;
+  background: rgba(64, 158, 255, 0.08);
+  border-radius: 4px;
+  font-size: 12px;
+  display: flex;
+  gap: 4px;
+  align-items: center;
+}
+
+.folder-selected-label {
+  opacity: 0.6;
+  flex-shrink: 0;
+}
+
+.folder-selected-path {
+  font-family: monospace;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/HistoryMessageList.vue b/packages/client/src/components/hermes/chat/HistoryMessageList.vue
new file mode 100644
index 0000000..d7f6891
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/HistoryMessageList.vue
@@ -0,0 +1,245 @@
+<script lang="ts">
+type HistorySessionScrollSnapshot = {
+  scrollTop: number;
+  scrollHeight: number;
+  clientHeight: number;
+  wasNearBottom: boolean;
+}
+
+const historySessionScrollPositions = new Map<string, HistorySessionScrollSnapshot>();
+</script>
+
+<script setup lang="ts">
+import { ref, computed, nextTick, onBeforeUnmount, watch } from "vue";
+import { useI18n } from "vue-i18n";
+import VirtualMessageList from "./VirtualMessageList.vue";
+import MessageItem from "./MessageItem.vue";
+import { useChatStore } from "@/stores/hermes/chat";
+import { useToolTraceVisibility } from "@/composables/useToolTraceVisibility";
+import type { Session } from "@/stores/hermes/chat";
+
+const props = defineProps<{
+  session?: Session | null; // Optional: use this session instead of chatStore.activeSession
+  loadOlder?: (sessionId: string) => Promise<boolean>;
+}>();
+
+const chatStore = useChatStore();
+const { toolTraceVisible } = useToolTraceVisibility();
+const { t } = useI18n();
+const listRef = ref<InstanceType<typeof VirtualMessageList> | null>(null);
+const pendingInitialScrollSessionId = ref<string | null>(null);
+const activeSession = computed(() => props.session || null);
+const listInstanceKey = computed(() => activeSession.value?.id ? `history-${activeSession.value.id}` : "history-empty");
+
+const displayMessages = computed(() =>
+  (activeSession.value?.messages || []).filter((m) => {
+    // Tool messages without a name are internal use only and remain hidden.
+    if (m.role === 'tool') return toolTraceVisible.value && !!m.toolName
+    // Filter out messages with empty content.
+    if (!m.content?.trim()) return false
+    return true
+  }),
+);
+
+function isNearBottom(threshold = 200): boolean {
+  return listRef.value?.isNearBottom(threshold) ?? true;
+}
+
+function scrollToBottom() {
+  listRef.value?.scrollToBottom();
+}
+
+function scrollToMessage(messageId: string) {
+  listRef.value?.scrollToMessage(messageId);
+}
+
+function scrollToAnchor(messageId: string, anchorId: string) {
+  listRef.value?.scrollToAnchor(messageId, anchorId);
+}
+
+function saveSessionScrollPosition(sessionId: string | null | undefined) {
+  if (!sessionId) return;
+  const snapshot = listRef.value?.captureViewportPosition() ?? null;
+  if (snapshot) historySessionScrollPositions.set(sessionId, snapshot);
+}
+
+function applyInitialSessionScroll(sessionId: string) {
+  if (activeSession.value?.id !== sessionId) return;
+  if (chatStore.focusMessageId) {
+    pendingInitialScrollSessionId.value = null;
+    scrollToMessage(chatStore.focusMessageId);
+    return;
+  }
+
+  const snapshot = historySessionScrollPositions.get(sessionId);
+  if (snapshot) {
+    pendingInitialScrollSessionId.value = null;
+    if (snapshot.wasNearBottom) {
+      scrollToBottom();
+    } else {
+      listRef.value?.restoreViewportPosition(snapshot);
+    }
+    return;
+  }
+
+  scrollToBottom();
+  if ((activeSession.value?.messages.length || 0) > 0) pendingInitialScrollSessionId.value = null;
+}
+
+async function handleTopReach() {
+  const session = activeSession.value;
+  if (!session?.hasMoreBefore || session.isLoadingOlderMessages || !props.loadOlder) return;
+  const snapshot = listRef.value?.captureScrollPosition() ?? null;
+  const loaded = await props.loadOlder(session.id);
+  if (!loaded) return;
+  await nextTick();
+  listRef.value?.restoreScrollPosition(snapshot);
+}
+
+watch(
+  () => activeSession.value?.id,
+  async (id, previousId) => {
+    saveSessionScrollPosition(previousId);
+    if (!id) return;
+    pendingInitialScrollSessionId.value = id;
+    await nextTick();
+    applyInitialSessionScroll(id);
+  },
+  { immediate: true },
+);
+
+watch(
+  () => chatStore.focusMessageId,
+  (messageId) => {
+    if (!messageId) return;
+    scrollToMessage(messageId);
+  },
+);
+
+// During streaming, only auto-scroll if the user is already near the bottom
+watch(
+  () => (activeSession.value?.messages || [])[((activeSession.value?.messages || []).length - 1)]?.content,
+  (content) => {
+    if (pendingInitialScrollSessionId.value === activeSession.value?.id) return;
+    if (!content) return
+    if (!isNearBottom()) return;
+    scrollToBottom();
+  },
+);
+
+watch(
+  () => (activeSession.value?.messages || []).length,
+  (length) => {
+    if (length === 0) return
+    const id = activeSession.value?.id
+    if (id && pendingInitialScrollSessionId.value === id) {
+      applyInitialSessionScroll(id);
+      return;
+    }
+    if (!isNearBottom()) return;
+    scrollToBottom();
+  },
+  { flush: "post" },
+);
+
+onBeforeUnmount(() => {
+  saveSessionScrollPosition(activeSession.value?.id);
+});
+
+defineExpose({
+  scrollToBottom,
+  scrollToMessage,
+  scrollToAnchor,
+});
+</script>
+
+<template>
+  <VirtualMessageList
+    :key="listInstanceKey"
+    ref="listRef"
+    :messages="displayMessages"
+    @top-reach="handleTopReach"
+  >
+    <template #empty>
+      <div class="empty-state">
+        <img src="/logo.svg" alt="灵犀" class="empty-logo" />
+        <p>{{ t("chat.emptyState") }}</p>
+      </div>
+    </template>
+    <template #before>
+      <div
+        v-if="activeSession?.hasMoreBefore || activeSession?.isLoadingOlderMessages"
+        class="history-loader"
+      >
+        <span v-if="activeSession?.isLoadingOlderMessages" class="history-loader-spinner"></span>
+      </div>
+    </template>
+    <template #item="{ message: msg }">
+      <MessageItem
+        :message="msg"
+        :highlight="chatStore.focusMessageId === msg.id"
+      />
+    </template>
+  </VirtualMessageList>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.empty-state {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  color: $text-muted;
+  gap: 12px;
+
+  .empty-logo {
+    width: 48px;
+    height: 48px;
+    opacity: 0.25;
+  }
+
+  p {
+    font-size: 14px;
+  }
+}
+
+.history-loader {
+  height: 28px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  flex: 0 0 auto;
+}
+
+.history-loader-spinner {
+  width: 14px;
+  height: 14px;
+  border: 2px solid rgba(0, 0, 0, 0.16);
+  border-top-color: $accent-primary;
+  border-radius: 50%;
+  animation: spin 0.7s linear infinite;
+
+  .dark & {
+    border-color: rgba(255, 255, 255, 0.18);
+    border-top-color: $accent-primary;
+  }
+}
+
+@keyframes spin {
+  to {
+    transform: rotate(360deg);
+  }
+}
+
+.fade-enter-active,
+.fade-leave-active {
+  transition: opacity 0.4s ease;
+}
+.fade-enter-from,
+.fade-leave-to {
+  opacity: 0;
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/MarkdownRenderer.vue b/packages/client/src/components/hermes/chat/MarkdownRenderer.vue
new file mode 100644
index 0000000..a487426
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/MarkdownRenderer.vue
@@ -0,0 +1,780 @@
+<script setup lang="ts">
+import { computed, nextTick, onBeforeUnmount, onMounted, ref, watch } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { NDrawer, NDrawerContent, NSpin, useMessage } from 'naive-ui'
+import type MarkdownIt from 'markdown-it'
+import MarkdownItConstructor from 'markdown-it'
+import katex from 'katex'
+import markdownItKatex from '@vscode/markdown-it-katex'
+import { handleCodeBlockCopyClick, renderHighlightedCodeBlock } from './highlight'
+import { repairNestedMarkdownFences } from './markdownFenceRepair'
+import {
+  MERMAID_MAX_DIAGRAMS_PER_MESSAGE,
+  MERMAID_MAX_SOURCE_LENGTH,
+  MERMAID_RENDER_TIMEOUT_MS,
+  decodeMermaidSource,
+  isMermaidFence,
+  renderMermaidPlaceholder,
+  SUPPORT_PREVIEW_FILE_TYPES,
+} from './mermaidRenderer'
+import { downloadFile, getDownloadUrl, fetchFileText } from '@/api/hermes/download'
+
+const LATEX_FENCE_LANGS = new Set(['latex', 'tex', 'math', 'katex'])
+const PREVIEW_AREA_WIDTH = 'min(800px, 100vw)'
+
+function getFenceLanguage(info: string): string {
+  return info.trim().split(/\s+/)[0]?.toLowerCase() ?? ''
+}
+
+function isLatexFence(info: string): boolean {
+  return LATEX_FENCE_LANGS.has(getFenceLanguage(info))
+}
+
+function normalizeLatexFenceContent(content: string): string {
+  const trimmed = content.trim()
+
+  if (trimmed.startsWith('\\[') && trimmed.endsWith('\\]')) {
+    return trimmed.slice(2, -2).trim()
+  }
+
+  if (trimmed.startsWith('$$') && trimmed.endsWith('$$')) {
+    return trimmed.slice(2, -2).trim()
+  }
+
+  if (trimmed.startsWith('\\(') && trimmed.endsWith('\\)')) {
+    return trimmed.slice(2, -2).trim()
+  }
+
+  return trimmed
+}
+
+function renderLatexFence(content: string): string {
+  const latex = normalizeLatexFenceContent(content)
+  return `<div class="latex-block">${katex.renderToString(latex, {
+    displayMode: true,
+    output: 'htmlAndMathml',
+    throwOnError: false,
+    strict: 'ignore',
+  })}</div>`
+}
+
+const props = withDefaults(defineProps<{
+    content: string
+    mentionNames?: string[]
+    headingIdPrefix?: string
+}>(), {
+    mentionNames: () => [],
+    headingIdPrefix: '',
+})
+
+const { t } = useI18n()
+const message = useMessage()
+
+const md: MarkdownIt = new MarkdownItConstructor({
+  html: false,
+  breaks: true,
+  linkify: true,
+  typographer: true,
+  highlight(str: string, lang: string): string {
+    return renderHighlightedCodeBlock(str, lang, t('common.copy'))
+  },
+})
+
+md.use(markdownItKatex, {
+  katex,
+  throwOnError: false,
+  strict: 'ignore',
+})
+
+const defaultFenceRenderer = md.renderer.rules.fence?.bind(md.renderer.rules)
+
+md.renderer.rules.fence = (tokens, idx, options, env, self) => {
+  const token = tokens[idx]
+  if (isLatexFence(token.info)) {
+    return renderLatexFence(token.content)
+  }
+
+  if (isMermaidFence(token.info)) {
+    return renderMermaidPlaceholder(token.content)
+  }
+
+  if (defaultFenceRenderer) {
+    return defaultFenceRenderer(tokens, idx, options, env, self)
+  }
+
+  return self.renderToken(tokens, idx, options)
+}
+
+const markdownBody = ref<HTMLElement | null>(null)
+const componentId = `hermes-mermaid-${Math.random().toString(36).slice(2)}`
+const previewUrl = ref<string | null>(null)
+
+// Preview config variable
+const textPreviewContent = ref<string | null>(null)
+const textPreviewFileName = ref('')
+const textPreviewLoading = ref(false)
+const textPreviewVisible = ref(false)
+
+const textPreviewIsMarkdown = computed(() => /\.(md|markdown)$/i.test(textPreviewFileName.value))
+
+let renderGeneration = 0
+let unmounted = false
+
+function isLocalFilePath(path: string): boolean {
+  return path.startsWith('/') || /^[a-zA-Z]:[\\/]/.test(path)
+}
+
+function normalizeLocalFilePath(path: string): string {
+  return /^[a-zA-Z]:\\/.test(path) ? path.replace(/\\/g, '/') : path
+}
+
+const renderedHtml = computed(() => {
+  let html = md.render(repairNestedMarkdownFences(props.content))
+
+  // Add IDs to headings for anchor links
+  const prefix = props.headingIdPrefix ? `${props.headingIdPrefix}-` : ''
+  let headingCounter = 0
+  // Match any h1-h6 tags, with or without attributes
+  html = html.replace(/<(h[1-6])([^>]*)>/g, (match, tag, attrs) => {
+    headingCounter++
+    const id = `${prefix}heading-${headingCounter}`
+    
+    // Check if id attribute already exists
+    if (attrs.includes('id=')) {
+      // Replace existing id
+      return match.replace(/id="[^"]*"/, `id="${id}"`).replace(/id='[^']*'/, `id="${id}"`)
+    }
+    
+    // Add new id
+    if (attrs.trim() === '') {
+      return `<${tag} id="${id}">`
+    }
+    return `<${tag} ${attrs.trim()} id="${id}">`
+  })
+
+  // Replace image src paths with download URLs
+  html = html.replace(/\bsrc=(["'])([^"']+)\1/g, (match, quote, path) => {
+    if (!isLocalFilePath(path)) return match
+    const downloadUrl = getDownloadUrl(normalizeLocalFilePath(path))
+    return `src=${quote}${downloadUrl}${quote}`
+  })
+
+  // Replace local file links with file card UI or video player
+  // Match <a href="/tmp/file.pdf">filename</a> or <a href="C:/tmp/file.pdf">filename</a>
+  html = html.replace(/<a href="([^"]+)">([^<]+)<\/a>/g, (match, rawPath, filename) => {
+    if (!isLocalFilePath(rawPath)) return match
+
+    const path = normalizeLocalFilePath(rawPath)
+    const fileName = filename.trim()
+    const ext = path.split('.').pop()?.toLowerCase()
+
+    // Video files: render as video player
+    if (ext === 'mp4' || ext === 'webm' || ext === 'mov') {
+      const downloadUrl = getDownloadUrl(path)
+      return `<div class="markdown-video-container">
+        <video class="markdown-video" controls preload="metadata" src="${downloadUrl}"></video>
+        <div class="markdown-video-footer">
+          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+            <polygon points="5 3 19 12 5 21 5 3"/>
+          </svg>
+          <span class="att-name">${fileName}</span>
+        </div>
+      </div>`
+    }
+
+    // Other files: render as file card
+    return `<div class="markdown-file-card" data-path="${path}" data-filename="${fileName}" title="${t('download.downloadFile')}">
+      <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+        <path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z" />
+        <polyline points="14 2 14 8 20 8" />
+      </svg>
+      <span class="att-name">${fileName}</span>
+      <button class="att-download-btn" type="button" title="${t('download.downloadFile')}" aria-label="${t('download.downloadFile')}">
+        <svg class="att-download-icon" width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+          <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4" />
+          <polyline points="7 10 12 15 17 10" />
+          <line x1="12" y1="15" x2="12" y2="3" />
+        </svg>
+      </button>
+    </div>`
+  })
+
+  if (props.mentionNames && props.mentionNames.length > 0) {
+    const escaped = [...props.mentionNames]
+      .sort((a, b) => b.length - a.length)
+      .map(n => n.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'))
+    const re = new RegExp(`(?<=[\\s>({\\[<]|^)@(${escaped.join('|')})(?=[\\s.,!?;:，。！？；：)\\]}>]|<|$)`, 'gi')
+    html = html.replace(re, '<span class="mention-highlight">@$1</span>')
+  }
+  return html
+})
+
+function renderMermaidFallback(element: HTMLElement, source: string): void {
+  element.outerHTML = renderHighlightedCodeBlock(source, 'mermaid', t('common.copy'))
+}
+
+function withTimeout<T>(promise: Promise<T>, timeoutMs: number, label: string): Promise<T> {
+  let timeoutId: ReturnType<typeof setTimeout> | undefined
+  const timeout = new Promise<never>((_, reject) => {
+    timeoutId = setTimeout(() => {
+      reject(new Error(`${label} timed out after ${timeoutMs}ms`))
+    }, timeoutMs)
+  })
+
+  return Promise.race([promise, timeout]).finally(() => {
+    if (timeoutId !== undefined) {
+      clearTimeout(timeoutId)
+    }
+  })
+}
+
+function getScrollParent(el: HTMLElement | null): HTMLElement | null {
+  if (!el) return null
+  let current: HTMLElement | null = el.parentElement
+  while (current) {
+    const { overflow, overflowY } = getComputedStyle(current)
+    if (overflow === 'auto' || overflow === 'scroll' || overflowY === 'auto' || overflowY === 'scroll') {
+      return current
+    }
+    current = current.parentElement
+  }
+  return null
+}
+
+function isNearScrollBottom(el: HTMLElement, threshold = 200): boolean {
+  return el.scrollHeight - el.scrollTop - el.clientHeight < threshold
+}
+
+function cleanupMermaidRenderArtifacts(id: string): void {
+  document.getElementById(id)?.remove()
+  document.getElementById(`d${id}`)?.remove()
+}
+
+async function renderMermaidDiagrams(): Promise<void> {
+  const generation = ++renderGeneration
+  await nextTick()
+
+  const root = markdownBody.value
+  if (unmounted || generation !== renderGeneration || !root) return
+
+  const pendingDiagrams = Array.from(root.querySelectorAll<HTMLElement>('[data-mermaid-pending="true"]'))
+  if (pendingDiagrams.length === 0) return
+
+  const diagramsToRender = pendingDiagrams.slice(0, MERMAID_MAX_DIAGRAMS_PER_MESSAGE)
+  const diagramsToFallback = pendingDiagrams.slice(MERMAID_MAX_DIAGRAMS_PER_MESSAGE)
+
+  for (const element of diagramsToFallback) {
+    renderMermaidFallback(element, decodeMermaidSource(element.getAttribute('data-mermaid-source')))
+  }
+
+  const renderCandidates = diagramsToRender
+    .map(element => ({
+      element,
+      source: decodeMermaidSource(element.getAttribute('data-mermaid-source')),
+    }))
+
+  const validDiagrams = [] as typeof renderCandidates
+  for (const candidate of renderCandidates) {
+    if (unmounted || generation !== renderGeneration || !root.contains(candidate.element)) return
+
+    if (!candidate.source || candidate.source.length > MERMAID_MAX_SOURCE_LENGTH) {
+      renderMermaidFallback(candidate.element, candidate.source)
+      continue
+    }
+
+    validDiagrams.push(candidate)
+  }
+
+  if (validDiagrams.length === 0) return
+
+  let mermaid: typeof import('mermaid').default
+
+  try {
+    mermaid = (await withTimeout(import('mermaid'), MERMAID_RENDER_TIMEOUT_MS, 'Mermaid import')).default
+    if (unmounted || generation !== renderGeneration) return
+
+    mermaid.initialize({
+      startOnLoad: false,
+      securityLevel: 'strict',
+    })
+  } catch {
+    if (unmounted || generation !== renderGeneration) return
+    for (const { element, source } of validDiagrams) {
+      if (root.contains(element)) {
+        renderMermaidFallback(element, source)
+      }
+    }
+    return
+  }
+
+  for (const [index, { element, source }] of validDiagrams.entries()) {
+    if (unmounted || generation !== renderGeneration || !root.contains(element)) return
+
+    try {
+      const id = `${componentId}-${generation}-${index}`
+      const result = await withTimeout(mermaid.render(id, source), MERMAID_RENDER_TIMEOUT_MS, 'Mermaid render')
+      cleanupMermaidRenderArtifacts(id)
+      if (unmounted || generation !== renderGeneration || !root.contains(element)) return
+
+      const scrollParent = getScrollParent(markdownBody.value)
+      const shouldKeepBottom = scrollParent ? isNearScrollBottom(scrollParent) : false
+      element.removeAttribute('data-mermaid-pending')
+      element.removeAttribute('data-mermaid-source')
+      element.innerHTML = result.svg
+      if (scrollParent && shouldKeepBottom) {
+        nextTick(() => {
+          scrollParent.scrollTop = scrollParent.scrollHeight
+        })
+      }
+    } catch {
+      cleanupMermaidRenderArtifacts(`${componentId}-${generation}-${index}`)
+      if (unmounted || generation !== renderGeneration || !root.contains(element)) return
+      renderMermaidFallback(element, source)
+    }
+  }
+}
+
+onMounted(() => {
+  void renderMermaidDiagrams()
+})
+
+watch(renderedHtml, () => {
+  void renderMermaidDiagrams()
+}, { flush: 'post' })
+
+onBeforeUnmount(() => {
+  unmounted = true
+  renderGeneration += 1
+})
+
+async function handleMarkdownClick(event: MouseEvent): Promise<void> {
+  const copyResult = await handleCodeBlockCopyClick(event)
+  if (copyResult !== null) {
+    if (copyResult) {
+      message.success(t('common.copied'))
+    } else {
+      message.error(t('chat.copyFailed'))
+    }
+    return
+  }
+
+  const target = event.target as HTMLElement
+
+  // Handle image clicks for preview
+  const img = target.closest('img') as HTMLImageElement | null
+  if (img) {
+    event.preventDefault()
+    previewUrl.value = img.src
+    return
+  }
+
+  // Handle file card clicks for download
+  const fileCard = target.closest('.markdown-file-card') as HTMLElement | null
+  if (fileCard) {
+    event.preventDefault()
+    event.stopPropagation()
+    const path = fileCard.getAttribute('data-path')
+    const fileName = fileCard.getAttribute('data-filename') || undefined
+
+    const isDownloadBtn = target.closest('.att-download-btn')
+
+    if (isDownloadBtn && path) { // Only download file with download icon clicked.
+      message.info(t('download.downloading'))
+      downloadFile(path, fileName).catch((err: Error) => {
+        message.error(err.message || t('download.downloadFailed'))
+      })
+      return
+    }
+
+    if (path) {
+      const ext = fileName?.split('.').pop()?.toLowerCase()
+      if (SUPPORT_PREVIEW_FILE_TYPES.includes(ext || '')) {
+        previewTextFile(path, fileName || '')
+      } else { // Download file immediately
+        downloadFile(path, fileName).catch((err: Error) => {
+          message.error(err.message || t('download.downloadFailed'))
+        })
+      }
+    }
+    return
+  }
+
+  // Handle file path link clicks for download
+  const link = target.closest('a') as HTMLAnchorElement | null
+  if (!link) return
+
+  const href = link.getAttribute('href')
+  if (!href) return
+
+  // Let http(s) links behave normally — use window.open to prevent
+  // the hash-based router from intercepting the click
+  if (href.startsWith('http://') || href.startsWith('https://')) {
+    event.preventDefault()
+    window.open(href, '_blank', 'noopener,noreferrer')
+    return
+  }
+
+  // Full download URL: open directly (already has /api/hermes/download?path=...)
+  if (href.startsWith('/api/hermes/download?')) {
+    event.preventDefault()
+    event.stopPropagation()
+    const linkText = link.textContent || ''
+    const fileName = linkText.startsWith('File: ') ? linkText.slice(6).trim() : linkText.trim()
+    message.info(t('download.downloading'))
+    // Parse the real file path from the existing query param
+    const url = new URL(href, window.location.origin)
+    const realPath = url.searchParams.get('path') || href
+    downloadFile(realPath, fileName || undefined).catch((err: Error) => {
+      message.error(err.message || t('download.downloadFailed'))
+    })
+    return
+  }
+
+  // File path links: intercept and download
+  if (isLocalFilePath(href)) {
+    event.preventDefault()
+    event.stopPropagation()
+    const linkText = link.textContent || ''
+    const fileName = linkText.startsWith('File: ') ? linkText.slice(6).trim() : linkText.trim()
+    message.info(t('download.downloading'))
+    downloadFile(normalizeLocalFilePath(href), fileName || undefined).catch((err: Error) => {
+      message.error(err.message || t('download.downloadFailed'))
+    })
+  }
+}
+
+// Get file content and show preview area.
+async function previewTextFile(path: string, fileName: string): Promise<void> {
+  textPreviewLoading.value = true
+  textPreviewVisible.value = true
+  textPreviewFileName.value = fileName
+  textPreviewContent.value = null
+  try {
+    textPreviewContent.value = await fetchFileText(path, fileName)
+  } catch (err: any) {
+    message.error(err.message || t('download.downloadFailed'))
+  } finally {
+    textPreviewLoading.value = false
+  }
+}
+
+function closeTextPreview(): void {
+  textPreviewVisible.value = false
+}
+</script>
+
+<template>
+  <div ref="markdownBody" class="markdown-body" v-html="renderedHtml" @click="handleMarkdownClick"></div>
+  <!-- File preview area -->
+  <NDrawer
+    v-model:show="textPreviewVisible"
+    :width="PREVIEW_AREA_WIDTH"
+    placement="right"
+    :show-mask="false"
+    :trap-focus="false"
+    class="markdown-text-preview-drawer"
+  >
+    <NDrawerContent
+      :title="t('download.contentDisplay')"
+      closable
+      :body-content-style="{ padding: 0 }"
+      @close="closeTextPreview"
+    >
+      <NSpin :show="textPreviewLoading">
+        <div v-if="textPreviewContent !== null && textPreviewIsMarkdown" class="text-preview-markdown">
+          <MarkdownRenderer :content="textPreviewContent" />
+        </div>
+        <pre v-else-if="textPreviewContent !== null" class="text-preview-body">{{ textPreviewContent }}</pre>
+      </NSpin>
+    </NDrawerContent>
+  </NDrawer>
+  <Teleport to="body">
+    <div v-if="previewUrl" class="image-preview-overlay" @click.self="previewUrl = null">
+      <img :src="previewUrl" class="image-preview-img" @click="previewUrl = null" />
+    </div>
+  </Teleport>
+</template>
+
+<style lang="scss">
+@use '@/styles/variables' as *;
+
+.markdown-body {
+  font-size: 14px;
+  line-height: 1.65;
+  min-width: 0;
+  max-width: 100%;
+  box-sizing: border-box;
+  overflow-x: auto;
+
+  p {
+    margin: 0 0 8px;
+
+    &:last-child {
+      margin-bottom: 0;
+    }
+  }
+
+  ul, ol {
+    padding-left: 20px;
+    margin: 4px 0 8px;
+  }
+
+  li {
+    margin: 2px 0;
+  }
+
+  strong {
+    color: $text-primary;
+    font-weight: 600;
+  }
+
+  em {
+    color: $text-secondary;
+  }
+
+  a {
+    color: $accent-primary;
+    text-decoration: underline;
+    text-underline-offset: 2px;
+
+    &:hover {
+      color: $accent-hover;
+    }
+  }
+
+  img {
+    display: block;
+    max-width: 200px;
+    max-height: 160px;
+    object-fit: contain;
+    cursor: pointer;
+    border-radius: 4px;
+    margin: 8px 0;
+  }
+
+  .markdown-video-container {
+    margin: 12px 0;
+    border-radius: $radius-sm;
+    overflow: hidden;
+    background: #000;
+    border: 1px solid $border-color;
+  }
+
+  .markdown-video {
+    display: block;
+    width: 100%;
+    max-width: 640px;
+    max-height: 480px;
+    object-fit: contain;
+  }
+
+  .markdown-video-footer {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    padding: 8px 12px;
+    background: rgba(0, 0, 0, 0.85);
+    color: #fff;
+    font-size: 12px;
+
+    .att-name {
+      flex: 1;
+      white-space: nowrap;
+      overflow: hidden;
+      text-overflow: ellipsis;
+    }
+  }
+
+  .markdown-file-card {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    padding: 6px 10px;
+    font-size: 12px;
+    color: $text-secondary;
+    background-color: rgba(0, 0, 0, 0.04);
+    border: 1px solid $border-light;
+    border-radius: $radius-sm;
+    margin: 8px 0;
+    cursor: pointer;
+    transition: background-color 0.15s ease, border-color 0.15s ease;
+
+    &:hover {
+      background-color: rgba(0, 0, 0, 0.08);
+      border-color: $border-color;
+    }
+
+    .att-name {
+      white-space: nowrap;
+      overflow: hidden;
+      text-overflow: ellipsis;
+      max-width: 160px;
+    }
+
+    .att-download-icon {
+      flex-shrink: 0;
+      opacity: 0.6;
+      transition: opacity 0.15s ease;
+    }
+
+    .att-download-btn {
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      flex-shrink: 0;
+      width: 18px;
+      height: 18px;
+      padding: 0;
+      color: inherit;
+      background: transparent;
+      border: 0;
+      cursor: pointer;
+    }
+
+    &:hover .att-download-icon,
+    .att-download-btn:hover .att-download-icon {
+      opacity: 1;
+    }
+  }
+
+  blockquote {
+    margin: 8px 0;
+    padding: 4px 12px;
+    border-left: 3px solid $border-color;
+    color: $text-secondary;
+  }
+
+  code:not(.hljs) {
+    background: $code-bg;
+    padding: 2px 6px;
+    border-radius: 4px;
+    font-family: $font-code;
+    font-size: 13px;
+    color: $accent-primary;
+  }
+
+  table {
+    width: 100%;
+    border-collapse: collapse;
+    margin: 8px 0;
+    display: block;
+    overflow-x: auto;
+
+    th, td {
+      padding: 6px 12px;
+      border: 1px solid $border-color;
+      text-align: left;
+      font-size: 13px;
+    }
+
+    th {
+      background: rgba(var(--accent-primary-rgb), 0.08);
+      color: $text-primary;
+      font-weight: 600;
+    }
+
+    td {
+      color: $text-secondary;
+    }
+  }
+
+  hr {
+    border: none;
+    border-top: 1px solid $border-color;
+    margin: 12px 0;
+  }
+
+  .mermaid-diagram {
+    margin: 10px 0;
+    padding: 14px;
+    border: 1px solid $border-color;
+    border-radius: 8px;
+    background: rgba(var(--accent-primary-rgb), 0.04);
+    overflow-x: auto;
+
+    svg {
+      max-width: 100%;
+      height: auto;
+      display: block;
+      margin: 0 auto;
+    }
+  }
+
+  .mermaid-loading {
+    color: $text-secondary;
+    font-size: 13px;
+    font-family: $font-code;
+    min-height: 60px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+  }
+}
+
+.image-preview-overlay {
+  position: fixed;
+  inset: 0;
+  z-index: 9999;
+  background: rgba(0, 0, 0, 0.85);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  cursor: pointer;
+}
+
+.image-preview-img {
+  max-width: 90vw;
+  max-height: 90vh;
+  object-fit: contain;
+  border-radius: 4px;
+  cursor: pointer;
+}
+
+.text-preview-body {
+  flex: 1;
+  overflow: auto;
+  padding: 16px;
+  margin: 0;
+  font-family: $font-code;
+  font-size: 13px;
+  line-height: 1.6;
+  white-space: pre-wrap;
+  word-break: break-all;
+  color: $text-primary;
+}
+
+.text-preview-markdown {
+  padding: 16px;
+  overflow: auto;
+}
+
+.markdown-text-preview-drawer {
+  max-width: 100vw;
+
+  .n-drawer-content,
+  .n-drawer-body-content-wrapper {
+    max-width: 100vw;
+  }
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .markdown-text-preview-drawer {
+    max-width: 100vw;
+
+    .n-drawer-content,
+    .n-drawer-body-content-wrapper {
+      max-width: 100vw;
+    }
+  }
+
+  .text-preview-body {
+    padding: 12px;
+    max-width: 100vw;
+  }
+
+  .text-preview-markdown {
+    padding: 12px;
+    max-width: 100vw;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/MessageItem.vue b/packages/client/src/components/hermes/chat/MessageItem.vue
new file mode 100644
index 0000000..ae4320f
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/MessageItem.vue
@@ -0,0 +1,1652 @@
+<script setup lang="ts">
+import type { Message, ContentBlock } from "@/stores/hermes/chat";
+import { computed, onBeforeUnmount, onMounted, ref, watchEffect } from "vue";
+import { useI18n } from "vue-i18n";
+import { useMessage } from "naive-ui";
+import { downloadFile, getDownloadUrl } from "@/api/hermes/download";
+import { copyToClipboard } from "@/utils/clipboard";
+import MarkdownRenderer from "./MarkdownRenderer.vue";
+import { parseThinking, countThinkingChars } from "@/utils/thinking-parser";
+import { useChatStore } from "@/stores/hermes/chat";
+import { useProfilesStore } from "@/stores/hermes/profiles";
+import { useSettingsStore } from "@/stores/hermes/settings";
+import ProfileAvatar from "@/components/hermes/profiles/ProfileAvatar.vue";
+import {
+  copyTextToClipboard,
+  handleCodeBlockCopyClick,
+  renderHighlightedCodeBlock,
+} from "./highlight";
+import { useGlobalSpeech } from "@/composables/useSpeech";
+import { useVoiceSettings } from "@/composables/useVoiceSettings";
+import { speedToEdgeRate, hzToEdgePitch } from "@/utils/ttsHelpers";
+
+const TOOL_PAYLOAD_DISPLAY_LIMIT = 1000;
+const JSON_STRING_DISPLAY_LIMIT = 200;
+const JSON_MAX_DEPTH = 6;
+const JSON_MAX_NODES = 1000;
+const JSON_MAX_KEYS_PER_OBJECT = 50;
+const JSON_MAX_ITEMS_PER_ARRAY = 50;
+const JSON_TRUNCATED_KEY = "__truncated__";
+
+const props = defineProps<{ message: Message; highlight?: boolean; headingIdPrefix?: string }>();
+const { t } = useI18n();
+const toast = useMessage();
+
+const isSystem = computed(() => props.message.role === "system");
+const isAgentError = computed(() => props.message.role === "assistant" && props.message.systemType === "error");
+
+const effectiveHeadingIdPrefix = computed(() => props.headingIdPrefix || `msg-${props.message.id}`);
+const isCommandMessage = computed(() => props.message.role === "command" || props.message.systemType === "command");
+const isCommandError = computed(() => props.message.role === "command" && props.message.systemType === "error");
+const isStatusCommand = computed(() =>
+  isCommandMessage.value
+  && props.message.commandAction === "status"
+  && props.message.commandData?.type !== "goal"
+);
+const statusItems = computed(() => {
+  const data = props.message.commandData || {};
+  return [
+    { key: "status", value: data.isWorking ? "running" : "idle" },
+    { key: "source", value: data.source },
+    { key: "profile", value: data.profile },
+    { key: "model", value: data.model || "-" },
+    { key: "queue", value: data.queueLength ?? 0 },
+    { key: "run", value: data.runId || "-" },
+  ];
+});
+
+type DisplayContentFile = {
+  type: 'image' | 'file'
+  name: string
+  path?: string
+  url?: string
+}
+
+function getBlockText(block: any): string {
+  if (!block || typeof block !== 'object') return ''
+  if (block.type === 'text' || block.type === 'input_text') {
+    return typeof block.text === 'string' ? block.text : ''
+  }
+  return ''
+}
+
+function getImageUrlFromBlock(block: any): string | null {
+  if (!block || typeof block !== 'object') return null
+  if (block.type !== 'input_image' && block.type !== 'image_url') return null
+  const raw = block.image_url
+  if (typeof raw === 'string') return raw
+  if (raw && typeof raw === 'object' && typeof raw.url === 'string') return raw.url
+  return null
+}
+
+function imageNameFromDataUrl(url: string, index: number): string {
+  const match = url.match(/^data:image\/([^;,]+)/i)
+  const ext = match?.[1] === 'jpeg' ? 'jpg' : match?.[1] || 'png'
+  return `image-${index + 1}.${ext}`
+}
+
+function parseContentBlocks(content: string): Array<ContentBlock | Record<string, unknown>> | null {
+  const trimmed = content.trim()
+  if (!trimmed) return null
+
+  const parse = (value: string) => {
+    const parsed = JSON.parse(value)
+    return Array.isArray(parsed) && parsed.length > 0 && 'type' in parsed[0]
+      ? parsed as Array<ContentBlock | Record<string, unknown>>
+      : null
+  }
+
+  try {
+    return parse(trimmed)
+  } catch {
+    // Hermes Agent stored some multimodal user messages via Python str(list),
+    // e.g. [{'type': 'text'}, {'type': 'image_url', ...}]. Convert that
+    // legacy repr into JSON for display only.
+    if (!trimmed.startsWith("[{'") && !trimmed.startsWith('[{"')) return null
+    try {
+      return parse(
+        trimmed
+          .replace(/\bNone\b/g, 'null')
+          .replace(/\bTrue\b/g, 'true')
+          .replace(/\bFalse\b/g, 'false')
+          .replace(/'/g, '"'),
+      )
+    } catch {
+      return null
+    }
+  }
+}
+
+// Parse ContentBlock[] from JSON string
+const contentBlocks = computed(() => {
+  const content = props.message.content || '';
+  return parseContentBlocks(content);
+});
+
+// Check if content is in ContentBlock[] format
+const isContentBlockArray = computed(() => contentBlocks.value !== null);
+
+// Extract text content from ContentBlock[] for display
+const displayText = computed(() => {
+  if (!isContentBlockArray.value) {
+    return props.message.content || '';
+  }
+
+  // Extract text from blocks
+  return contentBlocks.value!
+    .map(block => getBlockText(block))
+    .filter(Boolean)
+    .join('\n');
+});
+
+// Extract files from ContentBlock[]
+const contentFiles = computed<DisplayContentFile[] | null>(() => {
+  if (!isContentBlockArray.value) return null;
+
+  return contentBlocks.value!.flatMap<DisplayContentFile>((block, index) => {
+    if (block.type === 'image') {
+      return [{
+        type: 'image' as const,
+        name: String((block as any).name || `image-${index + 1}`),
+        path: String((block as any).path || ''),
+      }].filter(file => file.path)
+    }
+    if (block.type === 'file') {
+      return [{
+        type: 'file' as const,
+        name: String((block as any).name || `file-${index + 1}`),
+        path: String((block as any).path || ''),
+      }].filter(file => file.path)
+    }
+    const imageUrl = getImageUrlFromBlock(block)
+    if (imageUrl?.startsWith('data:image/')) {
+      return [{
+        type: 'image' as const,
+        name: imageNameFromDataUrl(imageUrl, index),
+        url: imageUrl,
+      }]
+    }
+    return []
+  });
+});
+
+function getContentFileUrl(file: DisplayContentFile): string {
+  if (file.url) return file.url
+  return file.path ? getDownloadUrl(file.path, file.name) : ''
+}
+
+const toolExpanded = ref(false);
+const previewUrl = ref<string | null>(null);
+
+const chatStore = useChatStore();
+const profilesStore = useProfilesStore();
+const settingsStore = useSettingsStore();
+const speech = useGlobalSpeech();
+const voiceSettings = useVoiceSettings();
+const assistantProfileName = computed(() => chatStore.activeSession?.profile || profilesStore.activeProfileName || "default");
+const assistantProfileAvatar = computed(() => profilesStore.profiles.find(profile => profile.name === assistantProfileName.value)?.avatar);
+
+// Copy entire bubble content
+const copyableContent = computed(() => {
+  if (props.message.role === 'tool') return null
+  const content = props.message.content || ''
+  if (!content.trim()) return null
+  return content
+})
+
+async function copyBubbleContent() {
+  const text = copyableContent.value
+  if (!text) return
+  const ok = await copyToClipboard(text)
+  if (ok) {
+    toast.success(t('chat.copiedBubble'))
+    return
+  }
+  toast.error(t('chat.copyFailed'))
+}
+
+const parsedThinking = computed(() =>
+  parseThinking(props.message.content || "", { streaming: !!props.message.isStreaming }),
+);
+
+// 优先使用来自 reasoning 字段/事件的思考文本；否则回退到从 content 解析的 <think> 标签。
+// 若两者共存，则拼接展示（罕见，但保持信息不丢）。
+const hasReasoningField = computed(() => !!(props.message.reasoning && props.message.reasoning.length > 0));
+
+const hasThinking = computed(() => hasReasoningField.value || parsedThinking.value.hasThinking);
+
+const thinkingFullText = computed(() => {
+  const parts: string[] = [];
+  if (props.message.reasoning) parts.push(props.message.reasoning);
+  parts.push(...parsedThinking.value.segments);
+  if (parsedThinking.value.pending) parts.push(parsedThinking.value.pending);
+  return parts.join("\n\n");
+});
+
+const thinkingCharCount = computed(() => {
+  let count = countThinkingChars(parsedThinking.value);
+  if (props.message.reasoning) count += props.message.reasoning.length;
+  return count;
+});
+
+// 流式思考态：仍有未闭合 <think> 标签，或 reasoning 有内容但正文尚未开始。
+const thinkingStreamingNow = computed(() => {
+  if (!props.message.isStreaming) return false;
+  if (parsedThinking.value.pending !== null) return true;
+  if (hasReasoningField.value && !props.message.content) return true;
+  return false;
+});
+
+const thinkingOverride = ref<boolean | null>(null);
+
+const thinkingExpanded = computed(() => {
+  if (thinkingStreamingNow.value) return true;
+  if (thinkingOverride.value !== null) return thinkingOverride.value;
+  return !!settingsStore.display.show_reasoning;
+});
+
+function toggleThinking() {
+  thinkingOverride.value = !thinkingExpanded.value;
+}
+
+const nowTick = ref(Date.now());
+let tickTimer: number | null = null;
+
+function ensureTick() {
+  const ob = chatStore.getThinkingObservation(props.message.id);
+  const shouldTick = !!(
+    props.message.isStreaming &&
+    ob?.startedAt !== undefined &&
+    ob.endedAt === undefined
+  );
+  if (shouldTick && tickTimer === null) {
+    tickTimer = window.setInterval(() => {
+      nowTick.value = Date.now();
+    }, 1000);
+  } else if (!shouldTick && tickTimer !== null) {
+    window.clearInterval(tickTimer);
+    tickTimer = null;
+  }
+}
+
+watchEffect(ensureTick);
+
+onBeforeUnmount(() => {
+  if (tickTimer !== null) window.clearInterval(tickTimer);
+});
+
+const thinkingDurationMs = computed<number | null>(() => {
+  const ob = chatStore.getThinkingObservation(props.message.id);
+  if (!ob?.startedAt) return null;
+  const startedAt = ob.startedAt!; // Non-null assertion after check
+  const end = ob?.endedAt ?? (props.message.isStreaming ? nowTick.value : startedAt);
+  return Math.max(0, end - startedAt);
+});
+
+function formatDuration(ms: number): string {
+  const s = Math.floor(ms / 1000);
+  if (s < 60) return `${s}s`;
+  const m = Math.floor(s / 60);
+  const r = s % 60;
+  return r === 0 ? `${m}m` : `${m}m ${r}s`;
+}
+
+const timeStr = computed(() => {
+  const d = new Date(props.message.timestamp);
+  return d.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" });
+});
+
+function isImage(type: string): boolean {
+  return type.startsWith("image/");
+}
+
+function formatSize(bytes: number): string {
+  if (bytes < 1024) return bytes + " B";
+  if (bytes < 1024 * 1024) return (bytes / 1024).toFixed(1) + " KB";
+  return (bytes / (1024 * 1024)).toFixed(1) + " MB";
+}
+
+/**
+ * Extract the upload file path from message content for a given attachment.
+ * Upload format in content: [File: name.txt](/tmp/hermes-uploads/abc123.txt)
+ */
+function getFilePathFromContent(attName: string): string | null {
+  const content = props.message.content || "";
+
+  // Try ContentBlock[] format first
+  try {
+    const parsed = JSON.parse(content);
+    if (Array.isArray(parsed) && parsed.length > 0 && 'type' in parsed[0]) {
+      const fileBlock = parsed.find((block: any) =>
+        block.type === 'file' && block.name === attName
+      );
+      if (fileBlock && (fileBlock as any).path) {
+        return (fileBlock as any).path;
+      }
+    }
+  } catch {
+    // Not valid JSON, continue to regex matching
+  }
+
+  // Fallback to markdown format: [File: name](path)
+  const regex = /\[File:\s*([^\]]+)\]\(([^)]+)\)/g;
+  let match: RegExpExecArray | null;
+  while ((match = regex.exec(content)) !== null) {
+    if (match[1].trim() === attName.trim()) return match[2];
+  }
+
+  return null;
+}
+
+function handleAttachmentDownload(att: { name: string; url: string; type: string }) {
+  const filePath = getFilePathFromContent(att.name);
+  if (filePath) {
+    toast.info(t("download.downloading"));
+    downloadFile(filePath, att.name).catch((err: Error) => {
+      toast.error(err.message || t("download.downloadFailed"));
+    });
+    return;
+  }
+  if (att.url && att.url.startsWith("blob:")) {
+    const a = document.createElement("a");
+    a.href = att.url;
+    a.download = att.name;
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+  }
+}
+
+type ToolPayload = {
+  full: string;
+  display: string;
+  language?: string;
+};
+
+function truncateLongString(value: string, marker: string): string {
+  return value.length > JSON_STRING_DISPLAY_LIMIT
+    ? value.slice(0, JSON_STRING_DISPLAY_LIMIT) + "\n" + marker
+    : value;
+}
+
+function truncateJsonValue(value: unknown, marker: string): unknown {
+  let nodeCount = 0;
+  const seen = new WeakSet<object>();
+
+  function stringifyLength(candidate: unknown): number {
+    return JSON.stringify(candidate, null, 2).length;
+  }
+
+  function visit(current: unknown, depth: number): unknown {
+    nodeCount += 1;
+    if (nodeCount > JSON_MAX_NODES) {
+      return marker;
+    }
+
+    if (typeof current === "string") return truncateLongString(current, marker);
+    if (current === null || typeof current !== "object") return current;
+
+    if (seen.has(current)) return `[Circular ${marker}]`;
+    if (depth >= JSON_MAX_DEPTH) {
+      return Array.isArray(current) ? `[Array ${marker}]` : `[Object ${marker}]`;
+    }
+
+    seen.add(current);
+
+    if (Array.isArray(current)) {
+      const result: unknown[] = [];
+      const maxItems = Math.min(current.length, JSON_MAX_ITEMS_PER_ARRAY);
+      for (let i = 0; i < maxItems; i += 1) {
+        const remaining = current.length - i;
+        result.push(visit(current[i], depth + 1));
+        if (stringifyLength(result) > TOOL_PAYLOAD_DISPLAY_LIMIT) {
+          result.pop();
+          result.push(`${marker}: ${remaining} more items`);
+          seen.delete(current);
+          return result;
+        }
+      }
+      if (current.length > maxItems) {
+        result.push(`${marker}: ${current.length - maxItems} more items`);
+      }
+      seen.delete(current);
+      return result;
+    }
+
+    const entries = Object.entries(current as Record<string, unknown>);
+    const result: Record<string, unknown> = {};
+    const maxKeys = Math.min(entries.length, JSON_MAX_KEYS_PER_OBJECT);
+    for (let i = 0; i < maxKeys; i += 1) {
+      const [key, val] = entries[i];
+      const remaining = entries.length - i;
+      result[key] = visit(val, depth + 1);
+      if (stringifyLength(result) > TOOL_PAYLOAD_DISPLAY_LIMIT) {
+        delete result[key];
+        result[JSON_TRUNCATED_KEY] = `${marker}: ${remaining} more keys`;
+        seen.delete(current);
+        return result;
+      }
+    }
+    if (entries.length > maxKeys) {
+      result[JSON_TRUNCATED_KEY] = `${marker}: ${entries.length - maxKeys} more keys`;
+    }
+    seen.delete(current);
+    return result;
+  }
+
+  const truncated = visit(value, 0);
+  if (stringifyLength(truncated) <= TOOL_PAYLOAD_DISPLAY_LIMIT) return truncated;
+  return { [JSON_TRUNCATED_KEY]: marker };
+}
+
+function formatToolPayload(raw?: string): ToolPayload {
+  if (!raw) {
+    return { full: "", display: "" };
+  }
+
+  try {
+    const parsed = JSON.parse(raw);
+    const full = JSON.stringify(parsed, null, 2);
+    const display = full.length > TOOL_PAYLOAD_DISPLAY_LIMIT
+      ? JSON.stringify(truncateJsonValue(parsed, t("chat.truncated")), null, 2)
+      : full;
+    return {
+      full,
+      display,
+      language: "json",
+    };
+  } catch {
+    return {
+      full: raw,
+      display:
+        raw.length > TOOL_PAYLOAD_DISPLAY_LIMIT
+          ? raw.slice(0, TOOL_PAYLOAD_DISPLAY_LIMIT) + "\n" + t("chat.truncated")
+          : raw,
+    };
+  }
+}
+
+function renderToolPayload(content: string, language?: string): string {
+  return renderHighlightedCodeBlock(content, language, t("common.copy"), {
+    maxHighlightLength: TOOL_PAYLOAD_DISPLAY_LIMIT,
+  });
+}
+
+async function handleToolDetailClick(event: MouseEvent): Promise<void> {
+  const target = event.target;
+  if (!(target instanceof HTMLElement)) return;
+
+  const button = target.closest<HTMLElement>("[data-copy-code=\"true\"]");
+  if (!button) return;
+
+  event.preventDefault();
+
+  const source = button.closest<HTMLElement>("[data-copy-source]")?.dataset.copySource;
+  if (source === "tool-args" && fullToolArgs.value) {
+    const ok = await copyTextToClipboard(fullToolArgs.value);
+    if (ok) toast.success(t("common.copied"));
+    else toast.error(t("chat.copyFailed"));
+    return;
+  }
+  if (source === "tool-result" && fullToolResult.value) {
+    const ok = await copyTextToClipboard(fullToolResult.value);
+    if (ok) toast.success(t("common.copied"));
+    else toast.error(t("chat.copyFailed"));
+    return;
+  }
+
+  const copyResult = await handleCodeBlockCopyClick(event);
+  if (copyResult) toast.success(t("common.copied"));
+  else if (copyResult === false) toast.error(t("chat.copyFailed"));
+}
+
+const hasAttachments = computed(
+  () => (props.message.attachments?.length ?? 0) > 0,
+);
+
+const hasToolDetails = computed(
+  () => !!(props.message.toolArgs || props.message.toolResult),
+);
+
+const toolArgsPayload = computed(() => formatToolPayload(props.message.toolArgs));
+const toolResultPayload = computed(() => formatToolPayload(props.message.toolResult));
+
+const fullToolArgs = computed(() => toolArgsPayload.value.full);
+const formattedToolArgs = computed(() => toolArgsPayload.value.display);
+const fullToolResult = computed(() => toolResultPayload.value.full);
+const formattedToolResult = computed(() => toolResultPayload.value.display);
+
+const renderedToolArgs = computed(() => {
+  if (!formattedToolArgs.value) return "";
+  return renderToolPayload(
+    formattedToolArgs.value,
+    toolArgsPayload.value.language,
+  );
+});
+
+const renderedToolResult = computed(() => {
+  if (!formattedToolResult.value) return "";
+  return renderToolPayload(
+    formattedToolResult.value,
+    toolResultPayload.value.language,
+  );
+});
+
+// 语音播放相关
+const canPlaySpeech = computed(() => {
+  // 只有 assistant 消息可以播放
+  if (props.message.role !== 'assistant') return false
+  if (!copyableContent.value) return false
+  // OpenAI / Custom / Edge / MiMo 不依赖浏览器 Web Speech API
+  if (voiceSettings.provider.value === 'openai' || voiceSettings.provider.value === 'custom' || voiceSettings.provider.value === 'edge' || voiceSettings.provider.value === 'mimo') return true
+  return speech.isSupported
+})
+
+const isPlayingThisMessage = computed(() => {
+  // OpenAI / Custom / Edge / MiMo 模式
+  if (voiceSettings.provider.value === 'openai' || voiceSettings.provider.value === 'custom' || voiceSettings.provider.value === 'edge' || voiceSettings.provider.value === 'mimo') {
+    return speech.currentCustomMessageId.value === props.message.id && speech.isCustomPlaying.value
+  }
+  return speech.currentMessageId.value === props.message.id && speech.isPlaying.value
+})
+
+const isPausedThisMessage = computed(() => {
+  // OpenAI / Custom / Edge / MiMo 模式
+  if (voiceSettings.provider.value === 'openai' || voiceSettings.provider.value === 'custom' || voiceSettings.provider.value === 'edge' || voiceSettings.provider.value === 'mimo') {
+    return speech.currentCustomMessageId.value === props.message.id && speech.isCustomPaused.value
+  }
+  return speech.currentMessageId.value === props.message.id && speech.isPaused.value
+})
+
+function handleSpeechToggle() {
+  if (!canPlaySpeech.value) {
+    return
+  }
+  const content = props.message.content || ''
+
+  // OpenAI TTS 模式
+  if (voiceSettings.provider.value === 'openai') {
+    const apiUrl = voiceSettings.openaiBaseUrl.value
+    if (!apiUrl) {
+      console.warn('[MessageItem] OpenAI TTS 地址为空')
+      return
+    }
+    speech.openaiToggle(props.message.id, content, {
+      baseUrl: voiceSettings.openaiBaseUrl.value,
+      apiKey: voiceSettings.openaiApiKey.value,
+      model: voiceSettings.openaiModel.value,
+      voice: voiceSettings.openaiVoice.value,
+    })
+    return
+  }
+
+  // 自定义端点模式（OpenAI 兼容，如 GPT-SoVITS）
+  if (voiceSettings.provider.value === 'custom') {
+    const apiUrl = voiceSettings.customUrl.value
+    if (!apiUrl) {
+      console.warn('[MessageItem] 自定义 TTS 地址为空')
+      return
+    }
+    speech.openaiToggle(props.message.id, content, {
+      baseUrl: voiceSettings.customUrl.value,
+      apiKey: voiceSettings.customApiKey.value || undefined,
+    })
+    return
+  }
+
+  // Edge TTS 模式
+  if (voiceSettings.provider.value === 'edge') {
+    // URL 为空时使用内建后端代理
+    const apiUrl = voiceSettings.edgeUrl.value || '/api/tts/proxy'
+    speech.openaiToggle(props.message.id, content, {
+      baseUrl: apiUrl,
+      voice: voiceSettings.edgeVoice.value,
+      rate: speedToEdgeRate(voiceSettings.edgeRate.value),
+      pitch: hzToEdgePitch(voiceSettings.edgePitchHz.value),
+    })
+    return
+  }
+
+  // MiMo TTS 模式
+  if (voiceSettings.provider.value === 'mimo') {
+    const apiKey = voiceSettings.mimoApiKey.value
+    if (!apiKey) {
+      console.warn('[MessageItem] MiMo TTS API Key 为空')
+      return
+    }
+    speech.mimoToggle(props.message.id, content, {
+      baseUrl: voiceSettings.mimoBaseUrl.value,
+      apiKey,
+      model: voiceSettings.mimoModel.value,
+      voice: voiceSettings.mimoVoice.value,
+      voiceDesignDesc: voiceSettings.mimoVoiceDesignDesc.value || undefined,
+      stylePrompt: voiceSettings.mimoStylePrompt.value || undefined,
+    })
+    return
+  }
+
+  // Web Speech API 模式
+  if (voiceSettings.provider.value === 'webspeech') {
+    speech.toggleBrowser(props.message.id, content, {
+      voiceName: voiceSettings.webspeechVoice.value || undefined,
+    })
+    return
+  }
+
+  // 后备（无 provider 匹配时）
+  speech.toggle(props.message.id, content)
+}
+
+// 监听自动播放事件
+let autoPlayHandler: ((e: Event) => void) | null = null
+
+onMounted(() => {
+  autoPlayHandler = (e: Event) => {
+    const customEvent = e as CustomEvent<{ messageId: string; content: string }>
+    if (customEvent.detail.messageId === props.message.id && canPlaySpeech.value) {
+      const content = customEvent.detail.content || props.message.content || ''
+      if (voiceSettings.provider.value === 'openai') {
+        const apiUrl = voiceSettings.openaiBaseUrl.value
+        if (apiUrl) speech.openaiPlay(props.message.id, content, {
+          baseUrl: voiceSettings.openaiBaseUrl.value,
+          apiKey: voiceSettings.openaiApiKey.value,
+          model: voiceSettings.openaiModel.value,
+          voice: voiceSettings.openaiVoice.value,
+        })
+      } else if (voiceSettings.provider.value === 'custom') {
+        const apiUrl = voiceSettings.customUrl.value
+        if (apiUrl) speech.openaiPlay(props.message.id, content, {
+          baseUrl: voiceSettings.customUrl.value,
+          apiKey: voiceSettings.customApiKey.value || undefined,
+        })
+      } else if (voiceSettings.provider.value === 'edge') {
+        speech.openaiPlay(props.message.id, content, {
+          baseUrl: '/api/tts/proxy',
+          voice: voiceSettings.edgeVoice.value,
+          rate: speedToEdgeRate(voiceSettings.edgeRate.value),
+          pitch: hzToEdgePitch(voiceSettings.edgePitchHz.value),
+        })
+      } else if (voiceSettings.provider.value === 'mimo') {
+        const apiKey = voiceSettings.mimoApiKey.value
+        if (apiKey) {
+          speech.mimoPlay(props.message.id, content, {
+            baseUrl: voiceSettings.mimoBaseUrl.value,
+            apiKey,
+            model: voiceSettings.mimoModel.value,
+            voice: voiceSettings.mimoVoice.value,
+            voiceDesignDesc: voiceSettings.mimoVoiceDesignDesc.value || undefined,
+            stylePrompt: voiceSettings.mimoStylePrompt.value || undefined,
+          })
+        }
+      } else if (voiceSettings.provider.value === 'webspeech') {
+        const text = speech.extractReadableText(content)
+        if (text) {
+          speech.stop(false)
+          speech.speakViaBrowser(props.message.id, text, {
+            voiceName: voiceSettings.webspeechVoice.value || undefined,
+          })
+        }
+      } else {
+        speech.enqueue(props.message.id, content)
+      }
+    }
+  }
+  window.addEventListener('auto-play-speech', autoPlayHandler)
+})
+
+// 组件卸载时停止播放并清理事件监听
+onBeforeUnmount(() => {
+  if (autoPlayHandler) {
+    window.removeEventListener('auto-play-speech', autoPlayHandler)
+  }
+  if (speech.currentMessageId.value === props.message.id) {
+    speech.stop();
+  }
+});
+</script>
+
+<template>
+  <div
+    class="message"
+    :class="[message.role, { highlight }]"
+    :id="`message-${message.id}`"
+  >
+    <template v-if="message.role === 'tool'">
+      <div
+        class="tool-line"
+        :class="{ expandable: hasToolDetails }"
+        @click="hasToolDetails && (toolExpanded = !toolExpanded)"
+      >
+        <svg
+          v-if="hasToolDetails"
+          width="10"
+          height="10"
+          viewBox="0 0 24 24"
+          fill="none"
+          stroke="currentColor"
+          stroke-width="2"
+          class="tool-chevron"
+          :class="{ rotated: toolExpanded }"
+        >
+          <polyline points="9 18 15 12 9 6" />
+        </svg>
+        <svg
+          v-else
+          width="12"
+          height="12"
+          viewBox="0 0 24 24"
+          fill="none"
+          stroke="currentColor"
+          stroke-width="1.5"
+          class="tool-icon"
+        >
+          <path
+            d="M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l3.77-3.77a6 6 0 0 1-7.94 7.94l-6.91 6.91a2.12 2.12 0 0 1-3-3l6.91-6.91a6 6 0 0 1 7.94-7.94l-3.76 3.76z"
+          />
+        </svg>
+        <span class="tool-name">{{ message.toolName }}</span>
+        <span
+          v-if="message.toolPreview && !toolExpanded"
+          class="tool-preview"
+          >{{ message.toolPreview }}</span
+        >
+        <span
+          v-if="message.toolStatus === 'running'"
+          class="tool-spinner"
+        ></span>
+        <span v-if="message.toolStatus === 'error'" class="tool-error-badge">{{
+          t("chat.error")
+        }}</span>
+      </div>
+      <div v-if="toolExpanded && hasToolDetails" class="tool-details" @click="handleToolDetailClick">
+        <div v-if="formattedToolArgs" class="tool-detail-section" data-copy-source="tool-args">
+          <div class="tool-detail-label">{{ t("chat.arguments") }}</div>
+          <div class="tool-detail-code-block" v-html="renderedToolArgs"></div>
+        </div>
+        <div v-if="formattedToolResult" class="tool-detail-section" data-copy-source="tool-result">
+          <div class="tool-detail-label">{{ t("chat.result") }}</div>
+          <div class="tool-detail-code-block" v-html="renderedToolResult"></div>
+        </div>
+      </div>
+    </template>
+    <template v-else>
+      <div class="msg-body">
+        <ProfileAvatar
+          v-if="message.role === 'assistant'"
+          class="msg-avatar"
+          :name="assistantProfileName"
+          :avatar="assistantProfileAvatar"
+          :size="40"
+        />
+        <div class="msg-content" :class="message.role">
+          <div
+            class="message-bubble"
+            :class="{
+              system: isSystem,
+              'agent-error': isAgentError,
+              command: isCommandMessage,
+              'command-error': isCommandError,
+              'speech-playing': isPlayingThisMessage && !isPausedThisMessage,
+            }"
+          >
+            <div v-if="hasAttachments" class="msg-attachments">
+              <div
+                v-for="att in message.attachments"
+                :key="att.id"
+                class="msg-attachment"
+                :class="{ image: isImage(att.type) }"
+              >
+                <template v-if="isImage(att.type) && att.url">
+                  <img
+                    :src="att.url"
+                    :alt="att.name"
+                    class="msg-attachment-thumb"
+                    @click="previewUrl = att.url"
+                  />
+                </template>
+                <template v-else>
+                  <div class="msg-attachment-file" @click="handleAttachmentDownload(att)" style="cursor: pointer;" :title="t('download.downloadFile')">
+                    <svg
+                      width="16"
+                      height="16"
+                      viewBox="0 0 24 24"
+                      fill="none"
+                      stroke="currentColor"
+                      stroke-width="1.5"
+                    >
+                      <path
+                        d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"
+                      />
+                      <polyline points="14 2 14 8 20 8" />
+                    </svg>
+                    <span class="att-name">{{ att.name }}</span>
+                    <span class="att-size">{{ formatSize(att.size) }}</span>
+                    <svg class="att-download-icon" width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                      <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4" />
+                      <polyline points="7 10 12 15 17 10" />
+                      <line x1="12" y1="15" x2="12" y2="3" />
+                    </svg>
+                  </div>
+                </template>
+              </div>
+            </div>
+            <div
+              v-if="hasThinking"
+              class="thinking-block"
+              :class="{ expanded: thinkingExpanded }"
+            >
+              <div class="thinking-header" @click="toggleThinking">
+                <svg
+                  width="10"
+                  height="10"
+                  viewBox="0 0 24 24"
+                  fill="none"
+                  stroke="currentColor"
+                  stroke-width="2"
+                  class="thinking-chevron"
+                  :class="{ rotated: thinkingExpanded }"
+                >
+                  <polyline points="9 18 15 12 9 6" />
+                </svg>
+                <span class="thinking-icon">💭</span>
+                <span class="thinking-label">
+                  {{
+                    thinkingStreamingNow
+                      ? t('chat.thinkingInProgress')
+                      : t('chat.thinkingLabel')
+                  }}
+                </span>
+                <span v-if="thinkingDurationMs !== null && thinkingDurationMs > 0" class="thinking-meta">
+                  · {{ t('chat.thinkingDuration', { duration: formatDuration(thinkingDurationMs) }) }}
+                </span>
+                <span class="thinking-meta">
+                  · {{ t('chat.thinkingChars', { count: thinkingCharCount }) }}
+                </span>
+              </div>
+              <div v-if="thinkingExpanded" class="thinking-body">
+                <MarkdownRenderer :content="thinkingFullText" />
+              </div>
+            </div>
+            <MarkdownRenderer
+              v-if="parsedThinking.body && message.role === 'assistant'"
+              :content="parsedThinking.body"
+              :heading-id-prefix="effectiveHeadingIdPrefix"
+            />
+
+            <!-- Render user message content -->
+            <template v-if="message.role === 'user'">
+              <!-- ContentBlock[] format -->
+              <template v-if="isContentBlockArray">
+                <div v-if="contentFiles && contentFiles.length > 0" class="msg-attachments">
+                  <div
+                    v-for="(file, idx) in contentFiles"
+                    :key="idx"
+                    class="msg-attachment"
+                    :class="{ image: file.type === 'image' }"
+                  >
+                    <template v-if="file.type === 'image'">
+                      <img
+                        :src="getContentFileUrl(file)"
+                        :alt="file.name"
+                        class="msg-attachment-thumb"
+                        @click="previewUrl = getContentFileUrl(file)"
+                      />
+                    </template>
+                    <template v-else>
+                      <div
+                        class="msg-attachment-file"
+                        @click="file.path && downloadFile(file.path, file.name).catch(err => toast.error(err.message || t('download.downloadFailed')))"
+                        style="cursor: pointer;"
+                        :title="t('download.downloadFile')"
+                      >
+                        <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+                          <path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z" />
+                          <polyline points="14 2 14 8 20 8" />
+                        </svg>
+                        <span class="att-name">{{ file.name }}</span>
+                      </div>
+                    </template>
+                  </div>
+                </div>
+                <MarkdownRenderer v-if="displayText" :content="displayText" />
+              </template>
+              <!-- Plain text format -->
+              <MarkdownRenderer v-else-if="message.content" :content="message.content" />
+            </template>
+
+            <!-- Render assistant message content -->
+            <MarkdownRenderer
+              v-if="message.role === 'assistant' && message.content && !parsedThinking.body"
+              :content="message.content"
+              :heading-id-prefix="effectiveHeadingIdPrefix"
+            />
+
+            <!-- Render system message content -->
+            <MarkdownRenderer
+              v-if="message.role === 'system' && message.content && !isCommandMessage"
+              :content="message.content"
+            />
+            <div v-if="isStatusCommand" class="command-result command-status">
+              <span class="command-result-icon">/</span>
+              <div class="command-status-grid">
+                <span
+                  v-for="item in statusItems"
+                  :key="item.key"
+                  class="command-status-item"
+                >
+                  <span class="command-status-key">{{ item.key }}</span>
+                  <span class="command-status-value">{{ item.value }}</span>
+                </span>
+              </div>
+            </div>
+            <div v-else-if="isCommandMessage && message.content" class="command-result">
+              <span class="command-result-icon">/</span>
+              <MarkdownRenderer :content="message.content" />
+            </div>
+
+            <span v-if="message.isStreaming && !message.content" class="streaming-dots">
+              <span></span><span></span><span></span>
+            </span>
+          </div>
+          <div class="message-meta">
+            <button
+              v-if="canPlaySpeech"
+              class="speech-bubble-btn"
+              :class="{ playing: isPlayingThisMessage, paused: isPausedThisMessage }"
+              @click="handleSpeechToggle"
+              :title="isPlayingThisMessage ? (isPausedThisMessage ? t('chat.resumeSpeech') : t('chat.pauseSpeech')) : t('chat.playSpeech')"
+            >
+              <svg v-if="!isPlayingThisMessage || isPausedThisMessage" width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <polygon points="5 3 19 12 5 21 5 3"/>
+              </svg>
+              <svg v-else width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <rect x="6" y="4" width="4" height="16"/>
+                <rect x="14" y="4" width="4" height="16"/>
+              </svg>
+            </button>
+            <button
+              v-if="copyableContent"
+              class="copy-bubble-btn"
+              @click="copyBubbleContent"
+              :title="t('chat.copyBubble')"
+            >
+              <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <rect x="9" y="9" width="13" height="13" rx="2" ry="2"/>
+                <path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"/>
+              </svg>
+            </button>
+            <span class="message-time">{{ timeStr }}</span>
+          </div>
+        </div>
+      </div>
+    </template>
+  </div>
+  <Teleport to="body">
+    <div v-if="previewUrl" class="image-preview-overlay" @click.self="previewUrl = null">
+      <img :src="previewUrl" class="image-preview-img" @click="previewUrl = null" />
+    </div>
+  </Teleport>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.message {
+  display: flex;
+  flex-direction: column;
+  position: relative;
+  min-width: 0;
+  max-width: 100%;
+
+  &.user {
+    align-items: flex-end;
+
+    .msg-body {
+      max-width: 85%;
+      position: relative;
+      z-index: 1;
+    }
+
+    .msg-content.user {
+      align-items: flex-end;
+    }
+
+    .message-bubble {
+      background-color: $accent-primary;
+      color: var(--text-on-accent);
+      border-radius: 18px 18px 2px 18px;
+      box-shadow: 0 4px 15px rgba(var(--accent-primary-rgb), 0.2);
+      
+      :deep(.markdown-body) {
+        color: inherit;
+      }
+    }
+  }
+
+  &.assistant {
+    flex-direction: row;
+    align-items: flex-start;
+    gap: 12px;
+
+    .msg-body {
+      max-width: 85%;
+      position: relative;
+      z-index: 1;
+    }
+
+    .msg-avatar {
+      width: 36px;
+      height: 36px;
+      flex-shrink: 0;
+      margin-top: 4px;
+      border-radius: 10px;
+      box-shadow: 0 2px 8px rgba(0, 0, 0, 0.05);
+    }
+
+    .message-bubble {
+      background-color: $bg-card;
+      color: $text-primary;
+      border-radius: 2px 18px 18px 18px;
+      border: 1px solid rgba(var(--accent-primary-rgb), 0.1);
+      box-shadow: 0 2px 12px rgba(0, 0, 0, 0.03);
+    }
+
+    .message-bubble.agent-error {
+      color: $error;
+      background-color: rgba($error, 0.05);
+      border: 1px solid rgba($error, 0.1);
+    }
+  }
+
+  &.tool {
+    align-items: flex-start;
+  }
+
+  &.system {
+    align-items: flex-start;
+  }
+
+  &.command {
+    align-items: flex-start;
+  }
+
+  &.highlight {
+    .message-bubble {
+      box-shadow: 0 0 0 1px rgba(var(--accent-primary-rgb), 0.45);
+    }
+  }
+}
+
+@keyframes gradient-flow {
+  0% {
+    background-position: 0% 50%;
+  }
+  50% {
+    background-position: 100% 50%;
+  }
+  100% {
+    background-position: 0% 50%;
+  }
+}
+
+.msg-body {
+  display: flex;
+  align-items: flex-start;
+  gap: 8px;
+  max-width: 85%;
+}
+
+.msg-content {
+  display: flex;
+  flex-direction: column;
+  min-width: 0;
+}
+
+.message-bubble {
+  padding: 10px 14px;
+  font-size: 14px;
+  line-height: 1.65;
+  word-break: break-word;
+  border-radius: 10px;
+  max-width: 100%;
+  position: relative;
+  box-sizing: border-box;
+
+  &.system {
+    border-left: 3px solid $warning;
+    border-radius: $radius-sm;
+    max-width: 80%;
+    background-color: rgba(var(--warning-rgb), 0.06);
+  }
+
+  &.command {
+    border-left: none;
+    border: 1px solid rgba(var(--accent-primary-rgb), 0.12);
+    background-color: rgba(var(--accent-primary-rgb), 0.04);
+    color: $text-secondary;
+    max-width: min(100%, 960px);
+    padding: 8px 10px;
+  }
+
+  &.command-error {
+    border-color: rgba(var(--warning-rgb), 0.28);
+    background-color: rgba(var(--warning-rgb), 0.06);
+  }
+
+  &.agent-error {
+    color: $error;
+    background-color: rgba(var(--error-rgb), 0.06);
+    border: 1px solid rgba(var(--error-rgb), 0.2);
+
+    :deep(.markdown-body),
+    :deep(.markdown-body p),
+    :deep(.markdown-body li),
+    :deep(.markdown-body strong),
+    :deep(.markdown-body code) {
+      color: $error;
+    }
+  }
+
+  &.speech-playing {
+    box-shadow:
+      0 0 0 2px #ff6b6b,
+      0 0 10px rgba(255, 107, 107, 0.4),
+      0 0 20px rgba(255, 107, 107, 0.2);
+    animation: rainbow-glow 4s linear infinite;
+  }
+}
+
+.command-result {
+  display: flex;
+  align-items: flex-start;
+  gap: 8px;
+  min-width: 0;
+
+  :deep(.markdown-body) {
+    min-width: 0;
+  }
+
+  :deep(.markdown-body p) {
+    margin: 0;
+  }
+}
+
+.command-status {
+  align-items: center;
+}
+
+.command-status-grid {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  min-width: 0;
+  overflow-x: auto;
+  white-space: nowrap;
+  scrollbar-width: thin;
+}
+
+.command-status-item {
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+  flex: 0 0 auto;
+  padding: 2px 7px;
+  border: 1px solid rgba(var(--accent-primary-rgb), 0.1);
+  border-radius: 999px;
+  background: rgba(var(--accent-primary-rgb), 0.035);
+  line-height: 1.4;
+}
+
+.command-status-key {
+  color: $text-muted;
+  font-size: 11px;
+}
+
+.command-status-value {
+  color: $text-primary;
+  font-family: $font-code;
+  font-size: 11px;
+}
+
+.command-result-icon {
+  width: 18px;
+  height: 18px;
+  flex: 0 0 18px;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  border-radius: 50%;
+  background: rgba(var(--accent-primary-rgb), 0.1);
+  color: $accent-primary;
+  font-family: $font-code;
+  font-size: 12px;
+  line-height: 1;
+  margin-top: 2px;
+}
+
+@keyframes rainbow-glow {
+  0% {
+    box-shadow:
+      0 0 0 2px #ff6b6b,
+      0 0 10px rgba(255, 107, 107, 0.4),
+      0 0 20px rgba(255, 107, 107, 0.2);
+  }
+  16.66% {
+    box-shadow:
+      0 0 0 2px #feca57,
+      0 0 10px rgba(254, 202, 87, 0.4),
+      0 0 20px rgba(254, 202, 87, 0.2);
+  }
+  33.33% {
+    box-shadow:
+      0 0 0 2px #48dbfb,
+      0 0 10px rgba(72, 219, 251, 0.4),
+      0 0 20px rgba(72, 219, 251, 0.2);
+  }
+  50% {
+    box-shadow:
+      0 0 0 2px #ff9ff3,
+      0 0 10px rgba(255, 159, 243, 0.4),
+      0 0 20px rgba(255, 159, 243, 0.2);
+  }
+  66.66% {
+    box-shadow:
+      0 0 0 2px #54a0ff,
+      0 0 10px rgba(84, 160, 255, 0.4),
+      0 0 20px rgba(84, 160, 255, 0.2);
+  }
+  83.33% {
+    box-shadow:
+      0 0 0 2px #5f27cd,
+      0 0 10px rgba(95, 39, 205, 0.4),
+      0 0 20px rgba(95, 39, 205, 0.2);
+  }
+  100% {
+    box-shadow:
+      0 0 0 2px #ff6b6b,
+      0 0 10px rgba(255, 107, 107, 0.4),
+      0 0 20px rgba(255, 107, 107, 0.2);
+  }
+}
+
+.msg-attachments {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px;
+  margin-bottom: 8px;
+}
+
+.msg-attachment {
+  border-radius: $radius-sm;
+  overflow: hidden;
+  background-color: rgba(0, 0, 0, 0.04);
+  border: 1px solid $border-light;
+
+  &.image {
+    max-width: 200px;
+  }
+}
+
+.msg-attachment-thumb {
+  display: block;
+  max-width: 200px;
+  max-height: 160px;
+  object-fit: contain;
+  cursor: pointer;
+}
+
+.msg-attachment-file {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  padding: 6px 10px;
+  font-size: 12px;
+  color: $text-secondary;
+
+  .att-name {
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    max-width: 160px;
+  }
+
+  .att-size {
+    color: $text-muted;
+    font-size: 11px;
+    flex-shrink: 0;
+  }
+}
+
+.thinking-block {
+  margin-bottom: 8px;
+  padding: 4px 0;
+  border-bottom: 1px dashed $border-light;
+
+  .thinking-header {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    font-size: 11px;
+    color: $text-muted;
+    cursor: pointer;
+    padding: 2px 4px;
+    border-radius: $radius-sm;
+    user-select: none;
+
+    &:hover {
+      background: rgba(0, 0, 0, 0.03);
+    }
+  }
+
+  .thinking-chevron {
+    flex-shrink: 0;
+    transition: transform 0.15s ease;
+
+    &.rotated {
+      transform: rotate(90deg);
+    }
+  }
+
+  .thinking-icon {
+    font-size: 11px;
+    flex-shrink: 0;
+  }
+
+  .thinking-label {
+    font-weight: 500;
+    flex-shrink: 0;
+  }
+
+  .thinking-meta {
+    color: $text-muted;
+    font-variant-numeric: tabular-nums;
+  }
+
+  .thinking-body {
+    margin-top: 6px;
+    padding: 6px 10px;
+    border-left: 2px solid $border-light;
+    font-size: 13px;
+    opacity: 0.85;
+    font-style: italic;
+
+    :deep(p) { margin: 0.3em 0; }
+  }
+}
+
+.message-meta {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  margin-top: 4px;
+  padding: 0 4px;
+  opacity: 0;
+  transition: opacity 0.15s ease;
+
+  .message:hover & {
+    opacity: 1;
+  }
+
+  // 移动端一直显示按钮
+  @media (max-width: 768px) {
+    opacity: 1;
+  }
+}
+
+.copy-bubble-btn,
+.speech-bubble-btn {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 24px;
+  height: 24px;
+  border: none;
+  background: transparent;
+  color: $text-muted;
+  cursor: pointer;
+  border-radius: $radius-sm;
+  padding: 0;
+  transition: color 0.15s ease, background 0.15s ease;
+
+  &:hover {
+    color: $text-secondary;
+    background: rgba(0, 0, 0, 0.06);
+  }
+
+  .dark & {
+    color: #999999;
+
+    &:hover {
+      color: #cccccc;
+      background: rgba(255, 255, 255, 0.1);
+    }
+  }
+}
+
+.speech-bubble-btn {
+  &.playing {
+    color: var(--accent-primary);
+    animation: pulse 1.5s ease-in-out infinite;
+
+    &.paused {
+      animation: none;
+      opacity: 0.6;
+    }
+  }
+}
+
+@keyframes pulse {
+  0%, 100% {
+    opacity: 1;
+  }
+  50% {
+    opacity: 0.5;
+  }
+}
+
+.message-time {
+  font-size: 11px;
+  color: $text-muted;
+  user-select: none;
+
+  .dark & {
+    color: #999999;
+  }
+}
+
+.tool-line {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  font-size: 11px;
+  color: $text-muted;
+  padding: 2px 4px;
+  border-radius: $radius-sm;
+  min-width: 0;
+  max-width: 100%;
+  box-sizing: border-box;
+
+  &.expandable {
+    cursor: pointer;
+
+    &:hover {
+      background: rgba(0, 0, 0, 0.03);
+    }
+  }
+
+  .tool-name {
+    font-family: $font-code;
+    flex: 0 1 auto;
+    min-width: 0;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+  }
+
+  .tool-preview {
+    display: block;
+    flex: 1 1 auto;
+    min-width: 0;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    max-width: min(400px, 100%);
+  }
+}
+
+.tool-chevron {
+  flex-shrink: 0;
+  transition: transform 0.15s ease;
+
+  &.rotated {
+    transform: rotate(90deg);
+  }
+}
+
+.tool-spinner {
+  width: 10px;
+  height: 10px;
+  border: 1.5px solid $text-muted;
+  border-top-color: transparent;
+  border-radius: 50%;
+  animation: spin 0.6s linear infinite;
+  flex-shrink: 0;
+}
+
+.tool-error-badge {
+  font-size: 9px;
+  color: $error;
+  background: rgba(var(--error-rgb), 0.08);
+  padding: 0 4px;
+  border-radius: 3px;
+  line-height: 14px;
+  margin-left: 4px;
+}
+
+.tool-details {
+  margin-left: 16px;
+  margin-top: 2px;
+  border-left: 2px solid $border-light;
+  padding-left: 10px;
+}
+
+.tool-detail-section {
+  margin-bottom: 6px;
+}
+
+.tool-detail-label {
+  font-size: 10px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.3px;
+  margin-bottom: 2px;
+}
+
+.tool-detail-code-block {
+  :deep(.hljs-code-block) {
+    margin: 0;
+  }
+
+  :deep(.code-header) {
+    background: rgba(0, 0, 0, 0.02);
+  }
+
+  :deep(code.hljs) {
+    font-size: 11px;
+    max-height: 300px;
+    overflow-y: auto;
+    white-space: pre-wrap;
+    word-break: break-word;
+  }
+}
+
+@keyframes spin {
+  to {
+    transform: rotate(360deg);
+  }
+}
+
+.streaming-cursor {
+  display: inline-block;
+  width: 2px;
+  height: 1em;
+  background-color: $text-muted;
+  margin-left: 2px;
+  vertical-align: text-bottom;
+  animation: blink 0.8s infinite;
+}
+
+.streaming-dots {
+  display: flex;
+  gap: 4px;
+  padding: 4px 0;
+
+  span {
+    width: 6px;
+    height: 6px;
+    background-color: $text-muted;
+    border-radius: 50%;
+    animation: pulse 1.4s infinite ease-in-out;
+
+    &:nth-child(2) { animation-delay: 0.2s; }
+    &:nth-child(3) { animation-delay: 0.4s; }
+  }
+}
+
+@keyframes blink {
+  0%,
+  50% {
+    opacity: 1;
+  }
+  51%,
+  100% {
+    opacity: 0;
+  }
+}
+
+@keyframes pulse {
+  0%,
+  80%,
+  100% {
+    opacity: 0.3;
+    transform: scale(0.8);
+  }
+  40% {
+    opacity: 1;
+    transform: scale(1);
+  }
+}
+
+.image-preview-overlay {
+  position: fixed;
+  inset: 0;
+  z-index: 9999;
+  background: rgba(0, 0, 0, 0.85);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  cursor: pointer;
+}
+
+.image-preview-img {
+  max-width: 90vw;
+  max-height: 90vh;
+  object-fit: contain;
+  border-radius: 4px;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .message.user .msg-body {
+    max-width: 100%;
+  }
+
+  .message.assistant .msg-body {
+    max-width: 100%;
+  }
+
+  .message.system .msg-body {
+    max-width: 100%;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/MessageList.vue b/packages/client/src/components/hermes/chat/MessageList.vue
new file mode 100644
index 0000000..2f3f98e
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/MessageList.vue
@@ -0,0 +1,798 @@
+<script lang="ts">
+type SessionScrollSnapshot = {
+  scrollTop: number;
+  scrollHeight: number;
+  clientHeight: number;
+  wasNearBottom: boolean;
+}
+
+const sessionScrollPositions = new Map<string, SessionScrollSnapshot>();
+</script>
+
+<script setup lang="ts">
+import { ref, computed, nextTick, onBeforeUnmount, watch } from "vue";
+import { useI18n } from "vue-i18n";
+import VirtualMessageList from "./VirtualMessageList.vue";
+import MessageItem from "./MessageItem.vue";
+import { useChatStore } from "@/stores/hermes/chat";
+import ThinkingIndicator from "./ThinkingIndicator.vue";
+import { useToolTraceVisibility } from "@/composables/useToolTraceVisibility";
+
+const chatStore = useChatStore();
+const { t } = useI18n();
+const { toolTraceVisible } = useToolTraceVisibility();
+const listRef = ref<InstanceType<typeof VirtualMessageList> | null>(null);
+const pendingInitialScrollSessionId = ref<string | null>(null);
+
+function formatTokens(n: number): string {
+  if (n >= 1_000_000) return (n / 1_000_000).toFixed(1) + 'M'
+  if (n >= 1_000) return (n / 1_000).toFixed(1) + 'K'
+  return String(n)
+}
+
+function formatToolDuration(seconds: number): string {
+  if (seconds < 1) return `${Math.round(seconds * 1000)}ms`
+  if (seconds < 60) return `${Math.round(seconds * 10) / 10}s`
+  const mins = Math.floor(seconds / 60)
+  const secs = Math.round(seconds % 60)
+  return `${mins}m ${secs}s`
+}
+
+const currentToolCalls = computed(() => {
+  const msgs = chatStore.messages;
+  // Find the last user message index
+  let lastUserIdx = -1;
+  for (let i = msgs.length - 1; i >= 0; i--) {
+    if (msgs[i].role === "user") {
+      lastUserIdx = i;
+      break;
+    }
+  }
+  // Only tool calls after the last user message, newest on top
+  const tools = msgs.filter((m, i) => m.role === "tool" && i > lastUserIdx);
+  return [...tools].reverse();
+});
+
+const visibleToolCalls = computed(() =>
+  currentToolCalls.value.filter((tool) => !!tool.toolName),
+);
+
+const displayMessages = computed(() => {
+  const currentToolIds = new Set(currentToolCalls.value.map((tool) => tool.id));
+  return chatStore.messages.filter((m) => {
+    if (m.role === "tool") {
+      return toolTraceVisible.value && !!m.toolName && !(chatStore.isRunActive && currentToolIds.has(m.id));
+    }
+    if (
+      m.role === "assistant" &&
+      m.isStreaming &&
+      !m.content?.trim() &&
+      !!m.reasoning?.trim() &&
+      currentToolCalls.value.length === 0
+    ) {
+      return false;
+    }
+    return true;
+  });
+});
+
+const queuedMessages = computed(() => {
+  const sid = chatStore.activeSessionId;
+  if (!sid) return [];
+  return chatStore.queuedUserMessages.get(sid) || [];
+});
+
+function removeQueuedMessage(messageId: string) {
+  const sid = chatStore.activeSessionId;
+  if (!sid) return;
+  chatStore.removeQueuedMessage(sid, messageId);
+}
+
+function queuedPreview(content: string): string {
+  const normalized = content.replace(/\s+/g, " ").trim();
+  return normalized.length > 48 ? `${normalized.slice(0, 48)}...` : normalized;
+}
+
+function isNearBottom(threshold = 200): boolean {
+  return listRef.value?.isNearBottom(threshold) ?? true;
+}
+
+function scrollToBottom() {
+  listRef.value?.scrollToBottom();
+}
+
+function scrollToMessage(messageId: string) {
+  listRef.value?.scrollToMessage(messageId);
+}
+
+function scrollToAnchor(messageId: string, anchorId: string) {
+  listRef.value?.scrollToAnchor(messageId, anchorId);
+}
+
+function saveSessionScrollPosition(sessionId: string | null | undefined) {
+  if (!sessionId) return;
+  const snapshot = listRef.value?.captureViewportPosition() ?? null;
+  if (snapshot) sessionScrollPositions.set(sessionId, snapshot);
+}
+
+function applyInitialSessionScroll(sessionId: string) {
+  if (chatStore.activeSessionId !== sessionId) return;
+  if (chatStore.focusMessageId) {
+    pendingInitialScrollSessionId.value = null;
+    scrollToMessage(chatStore.focusMessageId);
+    return;
+  }
+
+  const snapshot = sessionScrollPositions.get(sessionId);
+  if (snapshot) {
+    pendingInitialScrollSessionId.value = null;
+    if (snapshot.wasNearBottom) {
+      scrollToBottom();
+    } else {
+      listRef.value?.restoreViewportPosition(snapshot);
+    }
+    return;
+  }
+
+  scrollToBottom();
+  if (chatStore.messages.length > 0) pendingInitialScrollSessionId.value = null;
+}
+
+async function handleTopReach() {
+  const session = chatStore.activeSession;
+  if (!session?.hasMoreBefore || session.isLoadingOlderMessages) return;
+  const snapshot = listRef.value?.captureScrollPosition() ?? null;
+  const loaded = await chatStore.loadOlderMessages(session.id);
+  if (!loaded) return;
+  await nextTick();
+  listRef.value?.restoreScrollPosition(snapshot);
+}
+
+watch(
+  () => chatStore.activeSessionId,
+  async (id, previousId) => {
+    saveSessionScrollPosition(previousId);
+    if (!id) return;
+    pendingInitialScrollSessionId.value = id;
+    await nextTick();
+    applyInitialSessionScroll(id);
+  },
+  { immediate: true },
+);
+
+watch(
+  () => [chatStore.activeSessionId, chatStore.messages.length] as const,
+  ([id, length]) => {
+    if (!id || pendingInitialScrollSessionId.value !== id || length === 0) return;
+    applyInitialSessionScroll(id);
+  },
+  { flush: "post" },
+);
+
+watch(
+  () => chatStore.focusMessageId,
+  (messageId) => {
+    if (!messageId) return;
+    scrollToMessage(messageId);
+  },
+);
+
+// When a run starts (user just sent a message), always scroll to bottom once
+watch(
+  () => chatStore.isRunActive,
+  (v) => {
+    if (v) scrollToBottom();
+  },
+);
+
+// During streaming, only auto-scroll if the user is already near the bottom
+watch(
+  () => chatStore.messages[chatStore.messages.length - 1]?.content,
+  () => {
+    if (pendingInitialScrollSessionId.value === chatStore.activeSessionId) return;
+    if (chatStore.focusMessageId) {
+      scrollToMessage(chatStore.focusMessageId);
+      return;
+    }
+    if (!isNearBottom()) return;
+    scrollToBottom();
+  },
+);
+watch(currentToolCalls, () => {
+  if (pendingInitialScrollSessionId.value === chatStore.activeSessionId) return;
+  if (chatStore.focusMessageId) {
+    scrollToMessage(chatStore.focusMessageId);
+    return;
+  }
+  if (!isNearBottom()) return;
+  scrollToBottom();
+});
+
+onBeforeUnmount(() => {
+  saveSessionScrollPosition(chatStore.activeSessionId);
+});
+
+defineExpose({
+  scrollToBottom,
+  scrollToMessage,
+  scrollToAnchor,
+});
+</script>
+
+<template>
+  <VirtualMessageList
+    :key="chatStore.activeSessionId || 'chat-empty'"
+    ref="listRef"
+    :messages="displayMessages"
+    @top-reach="handleTopReach"
+  >
+    <template #empty>
+      <div class="empty-state">
+        <img src="/logo.svg" alt="灵犀" class="empty-logo" />
+        <p>{{ t("chat.emptyState") }}</p>
+      </div>
+    </template>
+    <template #before>
+      <div
+        v-if="chatStore.activeSession?.hasMoreBefore || chatStore.activeSession?.isLoadingOlderMessages"
+        class="history-loader"
+      >
+        <span v-if="chatStore.activeSession?.isLoadingOlderMessages" class="history-loader-spinner"></span>
+      </div>
+    </template>
+    <template #item="{ message: msg }">
+      <MessageItem
+        :message="msg"
+        :highlight="chatStore.focusMessageId === msg.id"
+      />
+    </template>
+    <template #after>
+      <Transition name="fade">
+      <div v-if="chatStore.isRunActive || chatStore.abortState" class="streaming-indicator">
+        <ThinkingIndicator />
+        <div v-if="visibleToolCalls.length > 0 || chatStore.compressionState || chatStore.abortState" class="tool-calls-panel">
+          <!-- Abort indicator -->
+          <div v-if="chatStore.abortState" class="tool-call-item compression-item">
+            <svg
+              v-if="chatStore.abortState.aborting"
+              width="12"
+              height="12"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="1.5"
+              class="tool-call-icon"
+            >
+              <path d="M10 9v6m4-6v6M5 5h14v14H5z" />
+            </svg>
+            <svg
+              v-else
+              width="12"
+              height="12"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="1.5"
+              class="tool-call-icon"
+            >
+              <path d="M5 13l4 4L19 7" />
+            </svg>
+            <span class="tool-call-name">
+              {{
+                chatStore.abortState.aborting
+                  ? 'Pausing... waiting for the run to stop and sync'
+                  : chatStore.abortState.synced
+                    ? 'Paused and synced'
+                    : 'Paused'
+              }}
+            </span>
+            <span
+              v-if="chatStore.abortState.aborting"
+              class="tool-call-spinner"
+            ></span>
+          </div>
+          <!-- Compression indicator -->
+          <div v-if="chatStore.compressionState" class="tool-call-item compression-item">
+            <svg
+              v-if="chatStore.compressionState.compressing"
+              width="12"
+              height="12"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="1.5"
+              class="tool-call-icon"
+            >
+              <path d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15" />
+            </svg>
+            <svg
+              v-else-if="chatStore.compressionState.compressed"
+              width="12"
+              height="12"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="1.5"
+              class="tool-call-icon"
+            >
+              <path d="M5 13l4 4L19 7" />
+            </svg>
+            <span class="tool-call-name">
+              {{
+                chatStore.compressionState.compressing
+                  ? `Compressing... (${chatStore.compressionState.messageCount} msgs, ~${formatTokens(chatStore.compressionState.beforeTokens)} tokens)`
+                  : chatStore.compressionState.compressed
+                    ? `Compressed ${chatStore.compressionState.messageCount} msgs: ~${formatTokens(chatStore.compressionState.beforeTokens)} → ~${formatTokens(chatStore.compressionState.afterTokens)} tokens`
+                    : `Compression skipped`
+              }}
+            </span>
+            <span
+              v-if="chatStore.compressionState.compressing"
+              class="tool-call-spinner"
+            ></span>
+          </div>
+          <!-- Tool calls -->
+          <div
+            v-for="tc in visibleToolCalls"
+            :key="tc.id"
+            class="tool-call-item"
+          >
+            <svg
+              width="12"
+              height="12"
+              viewBox="0 0 24 24"
+              fill="none"
+              stroke="currentColor"
+              stroke-width="1.5"
+              class="tool-call-icon"
+            >
+              <path
+                d="M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l3.77-3.77a6 6 0 0 1-7.94 7.94l-6.91 6.91a2.12 2.12 0 0 1-3-3l6.91-6.91a6 6 0 0 1 7.94-7.94l-3.76 3.76z"
+              />
+            </svg>
+            <span class="tool-call-name">{{ tc.toolName }}</span>
+            <span v-if="tc.toolPreview" class="tool-call-preview">{{
+              tc.toolPreview
+            }}</span>
+            <span
+              v-if="tc.toolDuration && tc.toolStatus !== 'running'"
+              class="tool-call-duration"
+              :title="$t('chat.executionDuration')"
+            >{{ formatToolDuration(tc.toolDuration) }}</span
+            >
+            <svg
+              v-if="tc.toolStatus === 'done'"
+              width="16"
+              height="16"
+              viewBox="0 0 24 24"
+              fill="none"
+              class="tool-call-success-icon"
+            >
+              <circle cx="12" cy="12" r="10" fill="currentColor" fill-opacity="0.15"/>
+              <path
+                d="M8 12L11 15L16 9"
+                stroke="currentColor"
+                stroke-width="2"
+                stroke-linecap="round"
+                stroke-linejoin="round"
+                fill="none"
+              />
+            </svg>
+            <span
+              v-if="tc.toolStatus === 'running'"
+              class="tool-call-spinner"
+            ></span>
+            <svg
+              v-if="tc.toolStatus === 'error'"
+              width="16"
+              height="16"
+              viewBox="0 0 24 24"
+              fill="none"
+              class="tool-call-error-icon"
+            >
+              <circle cx="12" cy="12" r="10" fill="currentColor" fill-opacity="0.15"/>
+              <path
+                d="M15 9L9 15M9 9L15 15"
+                stroke="currentColor"
+                stroke-width="2"
+                stroke-linecap="round"
+                stroke-linejoin="round"
+                fill="none"
+              />
+            </svg>
+          </div>
+        </div>
+      </div>
+      </Transition>
+      <Transition name="queue-float">
+      <div v-if="queuedMessages.length > 0" class="queue-float-panel">
+        <div class="queue-float-header">
+          <span class="queue-orbit" aria-hidden="true">
+            <span></span>
+          </span>
+          <span>{{ t('chat.messageQueue') }}</span>
+          <strong>{{ queuedMessages.length }}</strong>
+        </div>
+        <div class="queue-float-list">
+          <div
+            v-for="(message, index) in queuedMessages"
+            :key="message.id"
+            class="queue-float-item"
+          >
+            <span class="queue-index">{{ index + 1 }}</span>
+            <span class="queue-text">{{ queuedPreview(message.content) }}</span>
+            <button
+              type="button"
+              class="queue-remove"
+              :title="t('chat.removeQueuedMessage')"
+              @click="removeQueuedMessage(message.id)"
+            >
+              <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <line x1="18" y1="6" x2="6" y2="18" />
+                <line x1="6" y1="6" x2="18" y2="18" />
+              </svg>
+            </button>
+          </div>
+        </div>
+      </div>
+      </Transition>
+    </template>
+  </VirtualMessageList>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.queue-float-panel {
+  position: sticky;
+  right: 16px;
+  bottom: 16px;
+  z-index: 4;
+  width: min(340px, calc(100% - 16px));
+  margin-top: 16px;
+  margin-left: auto;
+  padding: 10px;
+  border: 1px solid rgba(var(--accent-info-rgb), 0.22);
+  border-radius: 16px;
+  background: #ffffff;
+  box-shadow: 0 14px 40px rgba(0, 0, 0, 0.14);
+  backdrop-filter: blur(14px);
+
+  .dark & {
+    background: #262626;
+  }
+}
+
+.queue-float-header {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 2px 4px 8px;
+  color: $text-secondary;
+  font-size: 12px;
+  font-weight: 600;
+
+  strong {
+    margin-left: auto;
+    min-width: 20px;
+    height: 20px;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    border-radius: 999px;
+    background: rgba(var(--accent-info-rgb), 0.16);
+    color: var(--accent-info);
+  }
+}
+
+.queue-orbit {
+  width: 18px;
+  height: 18px;
+  border-radius: 50%;
+  border: 1px solid rgba(var(--accent-info-rgb), 0.28);
+  position: relative;
+  animation: queue-spin 1.6s linear infinite;
+
+  span {
+    position: absolute;
+    width: 6px;
+    height: 6px;
+    border-radius: 50%;
+    right: -2px;
+    top: 5px;
+    background: var(--accent-info);
+    box-shadow: 0 0 12px rgba(var(--accent-info-rgb), 0.65);
+  }
+}
+
+.queue-float-list {
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+  max-height: 172px;
+  overflow-y: auto;
+}
+
+.queue-float-item {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  min-height: 34px;
+  padding: 7px 8px;
+  border-radius: 11px;
+  background: rgba(255, 255, 255, 0.68);
+  color: $text-primary;
+
+  .dark & {
+    background: rgba(255, 255, 255, 0.08);
+  }
+}
+
+.queue-index {
+  flex: 0 0 auto;
+  width: 20px;
+  height: 20px;
+  border-radius: 7px;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  font-size: 11px;
+  color: var(--accent-info);
+  background: rgba(var(--accent-info-rgb), 0.12);
+}
+
+.queue-text {
+  min-width: 0;
+  flex: 1;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  font-size: 12px;
+}
+
+.queue-remove {
+  flex: 0 0 auto;
+  width: 24px;
+  height: 24px;
+  border: none;
+  border-radius: 8px;
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  color: $text-muted;
+  background: transparent;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: $error;
+    background: rgba($error, 0.1);
+  }
+}
+
+@media (max-width: 640px) {
+  .queue-float-panel {
+    right: 8px;
+    bottom: 8px;
+    width: min(260px, calc(100% - 8px));
+    padding: 7px;
+    border-radius: 14px;
+  }
+
+  .queue-float-header {
+    padding: 0 2px;
+    font-size: 11px;
+
+    span:nth-child(2) {
+      display: none;
+    }
+  }
+
+  .queue-orbit {
+    width: 16px;
+    height: 16px;
+
+    span {
+      width: 5px;
+      height: 5px;
+      top: 5px;
+    }
+  }
+
+  .queue-float-list {
+    margin-top: 6px;
+    max-height: min(220px, 34dvh);
+    overflow-y: auto;
+  }
+
+  .queue-float-item {
+    min-height: 30px;
+    padding: 5px 6px;
+  }
+
+  .queue-index {
+    width: 18px;
+    height: 18px;
+    border-radius: 6px;
+    font-size: 10px;
+  }
+
+  .queue-text {
+    font-size: 11px;
+  }
+
+  .queue-remove {
+    width: 22px;
+    height: 22px;
+  }
+}
+
+@keyframes queue-spin {
+  to {
+    transform: rotate(360deg);
+  }
+}
+
+.queue-float-enter-active,
+.queue-float-leave-active {
+  transition: opacity 0.2s ease, transform 0.2s ease;
+}
+
+.queue-float-enter-from,
+.queue-float-leave-to {
+  opacity: 0;
+  transform: translateY(10px) scale(0.98);
+}
+
+.empty-state {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  color: $text-muted;
+  gap: 12px;
+
+  .empty-logo {
+    width: 48px;
+    height: 48px;
+    opacity: 0.25;
+  }
+
+  p {
+    font-size: 14px;
+  }
+}
+
+.history-loader {
+  height: 28px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  flex: 0 0 auto;
+}
+
+.history-loader-spinner {
+  width: 14px;
+  height: 14px;
+  border: 2px solid rgba(0, 0, 0, 0.16);
+  border-top-color: $accent-primary;
+  border-radius: 50%;
+  animation: spin 0.7s linear infinite;
+
+  .dark & {
+    border-color: rgba(255, 255, 255, 0.18);
+    border-top-color: $accent-primary;
+  }
+}
+
+.fade-enter-active,
+.fade-leave-active {
+  transition: opacity 0.4s ease;
+}
+.fade-enter-from,
+.fade-leave-to {
+  opacity: 0;
+}
+
+.streaming-indicator {
+  display: flex;
+  align-items: flex-start;
+  gap: 12px;
+  padding: 4px 4px 4px 0;
+}
+
+.tool-calls-panel {
+  display: flex;
+  flex-direction: column;
+  gap: 4px;
+  max-height: 120px;
+  overflow-y: auto;
+  padding-top: 4px;
+  scrollbar-width: none;
+  -ms-overflow-style: none;
+  &::-webkit-scrollbar {
+    display: none;
+  }
+}
+
+.tool-call-item {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  font-size: 11px;
+  color: $text-secondary;
+  padding: 3px 8px;
+  background: rgba(0, 0, 0, 0.03);
+  border-radius: $radius-sm;
+
+  .dark & {
+    background: rgba(255, 255, 255, 0.06);
+  }
+
+  &.compression-item {
+    color: $text-muted;
+    font-size: 10px;
+  }
+
+  .tool-call-icon {
+    flex-shrink: 0;
+    color: $text-muted;
+  }
+
+  .tool-call-name {
+    font-family: $font-code;
+    flex-shrink: 0;
+  }
+
+  .tool-call-preview {
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    max-width: 300px;
+    color: $text-muted;
+  }
+}
+
+.tool-call-spinner {
+  width: 10px;
+  height: 10px;
+  border: 1.5px solid $text-muted;
+  border-top-color: transparent;
+  border-radius: 50%;
+  animation: spin 0.6s linear infinite;
+  flex-shrink: 0;
+}
+
+.tool-call-error-icon {
+  color: #ff4d4f;
+  flex-shrink: 0;
+  margin-left: 6px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+}
+
+.tool-call-duration {
+  font-size: 10px;
+  color: $text-muted;
+  font-family: $font-code;
+  margin-left: 4px;
+  flex-shrink: 0;
+}
+
+.tool-call-success-icon {
+  color: #52c41a;
+  flex-shrink: 0;
+  margin-left: 6px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+}
+
+@keyframes spin {
+  to {
+    transform: rotate(360deg);
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/OutlinePanel.vue b/packages/client/src/components/hermes/chat/OutlinePanel.vue
new file mode 100644
index 0000000..301d7af
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/OutlinePanel.vue
@@ -0,0 +1,311 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import { useI18n } from 'vue-i18n'
+import type { Message } from '@/stores/hermes/chat'
+
+interface OutlineItem {
+  id: string
+  type: 'user' | 'outline'
+  content: string
+  messageId: string
+  level: number
+  anchorId: string
+}
+
+const props = defineProps<{
+  messages: Message[]
+}>()
+
+const emit = defineEmits<{
+  navigate: [target: { messageId: string; anchorId: string }]
+}>()
+
+const { t } = useI18n()
+
+function extractAllHeadings(text: string, messageId: string): OutlineItem[] {
+  const items: OutlineItem[] = []
+  let cleanedText = text.replace(/<think>[\s\S]*?<\/think>/g, '')
+  const lines = cleanedText.split('\n')
+  
+  let headingIndex = 0
+  for (const line of lines) {
+    const trimmed = line.trim()
+    const h1Match = trimmed.match(/^#\s+(.+)/)
+    const h2Match = trimmed.match(/^##\s+(.+)/)
+    const h3Match = trimmed.match(/^###\s+(.+)/)
+    
+    if (h1Match) {
+      headingIndex++
+      items.push({
+        id: `outline-${messageId}-h${headingIndex}`,
+        type: 'outline',
+        content: h1Match[1].trim(),
+        messageId,
+        level: 1,
+        anchorId: `msg-${messageId}-heading-${headingIndex}`
+      })
+    } else if (h2Match) {
+      headingIndex++
+      items.push({
+        id: `outline-${messageId}-h${headingIndex}`,
+        type: 'outline',
+        content: h2Match[1].trim(),
+        messageId,
+        level: 2,
+        anchorId: `msg-${messageId}-heading-${headingIndex}`
+      })
+    } else if (h3Match) {
+      headingIndex++
+      items.push({
+        id: `outline-${messageId}-h${headingIndex}`,
+        type: 'outline',
+        content: h3Match[1].trim(),
+        messageId,
+        level: 3,
+        anchorId: `msg-${messageId}-heading-${headingIndex}`
+      })
+    }
+  }
+  
+  return items
+}
+
+function extractUserQuestion(text: string): string {
+  const cleanedText = text.replace(/<think>[\s\S]*?<\/think>/g, '')
+  const firstLine = cleanedText.split('\n')[0] || ''
+  if (firstLine.length > 50) {
+    return firstLine.slice(0, 50) + '...'
+  }
+  return firstLine || t('chat.outlineUserQuestion')
+}
+
+const outlineItems = computed<OutlineItem[]>(() => {
+  const items: OutlineItem[] = []
+  let i = 0
+  const filteredMessages = props.messages.filter(m => m.role === 'user' || m.role === 'assistant')
+  
+  while (i < filteredMessages.length) {
+    const msg = filteredMessages[i]
+    if (msg.role === 'user') {
+      items.push({
+        id: `user-${msg.id}`,
+        type: 'user',
+        content: extractUserQuestion(msg.content || ''),
+        messageId: msg.id,
+        level: 0,
+        anchorId: `message-${msg.id}`
+      })
+      i++
+      while (i < filteredMessages.length && filteredMessages[i].role !== 'assistant') {
+        i++
+      }
+      if (i < filteredMessages.length) {
+        const assistantMsg = filteredMessages[i]
+        const headings = extractAllHeadings(assistantMsg.content || '', assistantMsg.id)
+        items.push(...headings)
+      }
+    }
+    i++
+  }
+  return items
+})
+
+function scrollToTarget(item: OutlineItem) {
+  emit('navigate', {
+    messageId: item.messageId,
+    anchorId: item.anchorId,
+  })
+}
+</script>
+
+<template>
+  <div class="outline-panel">
+    <div class="outline-header">
+      <span class="outline-title">{{ t('chat.outlineTitle') }}</span>
+    </div>
+    <div class="outline-content">
+      <template v-if="outlineItems.length > 0">
+        <template v-for="item in outlineItems" :key="item.id">
+          <div
+            v-if="item.type === 'user'"
+            class="outline-item user-item"
+            @click="scrollToTarget(item)"
+          >
+            <div class="user-question">
+              <span class="q-label">Q:</span>
+              <span class="q-text">{{ item.content }}</span>
+            </div>
+          </div>
+          <div
+            v-else
+            class="outline-item outline-heading-item"
+            :class="`level-${item.level}`"
+            @click="scrollToTarget(item)"
+          >
+            <div class="heading-item">
+              <span class="heading-text">{{ item.content }}</span>
+            </div>
+          </div>
+        </template>
+      </template>
+      <div v-else class="outline-empty">{{ t('chat.outlineEmpty') }}</div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.outline-panel {
+  display: flex;
+  flex-direction: column;
+  height: 100%;
+  background-color: $bg-card;
+  border-left: 1px solid $border-color;
+  width: 280px;
+  flex-shrink: 0;
+
+  @media (max-width: $breakpoint-mobile) {
+    position: absolute;
+    top: 0;
+    right: 0;
+    bottom: 0;
+    width: min(280px, 86vw);
+    z-index: 8;
+    box-shadow: -4px 0 16px rgba(0, 0, 0, 0.12);
+  }
+}
+
+.outline-header {
+  padding: 16px;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+}
+
+.outline-title {
+  font-size: 14px;
+  font-weight: 600;
+  color: $text-primary;
+}
+
+.outline-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 12px;
+}
+
+.outline-item {
+  margin-bottom: 4px;
+  cursor: pointer;
+  transition: opacity 0.2s ease;
+
+  &:hover {
+    opacity: 0.8;
+  }
+}
+
+.user-item {
+  margin-bottom: 6px;
+}
+
+.user-question {
+  background-color: $bg-secondary;
+  color: $text-primary;
+  padding: 8px 12px;
+  border-radius: 8px;
+  display: flex;
+  align-items: flex-start;
+  gap: 6px;
+
+  .dark & {
+    background-color: $bg-input;
+  }
+
+  .q-label {
+    font-weight: 600;
+    flex-shrink: 0;
+    font-size: 13px;
+    line-height: 1.4;
+  }
+
+  .q-text {
+    font-size: 13px;
+    line-height: 1.4;
+    word-break: break-word;
+  }
+}
+
+.outline-heading-item {
+  &.level-1 {
+    padding-left: 0;
+  }
+
+  &.level-2 {
+    padding-left: 12px;
+  }
+
+  &.level-3 {
+    padding-left: 24px;
+  }
+}
+
+.heading-item {
+  display: flex;
+  align-items: flex-start;
+  gap: 6px;
+  padding: 4px 8px;
+  border-radius: 4px;
+  transition: background-color 0.15s ease;
+
+  &:hover {
+    background-color: rgba(0, 0, 0, 0.04);
+
+    .dark & {
+      background-color: rgba(255, 255, 255, 0.06);
+    }
+  }
+
+  .level-1 & {
+    .heading-marker {
+      color: $text-primary;
+      font-weight: 600;
+    }
+    .heading-text {
+      color: $text-primary;
+      font-weight: 500;
+    }
+  }
+
+  .level-2 & {
+    .heading-marker {
+      color: $text-secondary;
+    }
+    .heading-text {
+      color: $text-secondary;
+    }
+  }
+
+  .level-3 & {
+    .heading-marker {
+      color: $text-muted;
+    }
+    .heading-text {
+      color: $text-muted;
+      font-size: 12px;
+    }
+  }
+}
+
+.heading-text {
+  font-size: 13px;
+  line-height: 1.4;
+  word-break: break-word;
+}
+
+.outline-empty {
+  text-align: center;
+  color: $text-muted;
+  font-size: 13px;
+  padding: 20px 0;
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/SessionListItem.vue b/packages/client/src/components/hermes/chat/SessionListItem.vue
new file mode 100644
index 0000000..99a7e86
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/SessionListItem.vue
@@ -0,0 +1,196 @@
+<script setup lang="ts">
+import { computed, ref, onUnmounted } from 'vue'
+import { NPopconfirm, NCheckbox, NTooltip } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import type { Session } from '@/stores/hermes/chat'
+import { useAppStore } from '@/stores/hermes/app'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import ProfileAvatar from '@/components/hermes/profiles/ProfileAvatar.vue'
+import { formatTimestampMs } from '@/shared/session-display'
+
+const props = withDefaults(defineProps<{
+  session: Session
+  active: boolean
+  pinned: boolean
+  canDelete: boolean
+  streaming?: boolean
+  selectable?: boolean
+  selected?: boolean
+  showProfile?: boolean
+  to?: string
+}>(), {
+  showProfile: true,
+})
+
+const emit = defineEmits<{
+  select: []
+  contextmenu: [event: MouseEvent]
+  delete: []
+  'toggle-select': []
+}>()
+
+const { t } = useI18n()
+const appStore = useAppStore()
+const profilesStore = useProfilesStore()
+const sessionModelName = computed(() =>
+  props.session.model
+    ? appStore.displayModelName(props.session.model, props.session.provider)
+    : '',
+)
+const profileName = computed(() => props.session.profile || 'default')
+const profileAvatar = computed(() => profilesStore.profiles.find(profile => profile.name === profileName.value)?.avatar)
+const profileHasModels = computed(() => {
+  const profileModels = appStore.profileModelGroups.find(profile => profile.profile === profileName.value)
+  return !!profileModels?.groups?.some(group => group.models.length > 0)
+})
+const profileModelsMissing = computed(() =>
+  appStore.profileModelGroups.length > 0 && !profileHasModels.value,
+)
+
+let longPressTimer: ReturnType<typeof setTimeout> | null = null
+const longPressTriggered = ref(false)
+
+function onTouchStart(e: TouchEvent) {
+  longPressTriggered.value = false
+  longPressTimer = setTimeout(() => {
+    longPressTriggered.value = true
+    const touch = e.touches[0]
+    const syntheticEvent = new MouseEvent('contextmenu', {
+      clientX: touch.clientX,
+      clientY: touch.clientY,
+      bubbles: true,
+    })
+    emit('contextmenu', syntheticEvent)
+  }, 500)
+}
+
+function onTouchEnd() {
+  if (longPressTimer) {
+    clearTimeout(longPressTimer)
+    longPressTimer = null
+  }
+}
+
+function onTouchMove() {
+  if (longPressTimer) {
+    clearTimeout(longPressTimer)
+    longPressTimer = null
+  }
+}
+
+function isModifiedNavigation(event?: MouseEvent) {
+  return !!event && (event.metaKey || event.ctrlKey || event.shiftKey || event.altKey || event.button !== 0)
+}
+
+function onClick(event?: MouseEvent) {
+  if (longPressTriggered.value) {
+    longPressTriggered.value = false
+    event?.preventDefault()
+    return
+  }
+  if (isModifiedNavigation(event)) return
+  if (props.to && !props.selectable) event?.preventDefault()
+  emit('select')
+}
+
+onUnmounted(() => {
+  if (longPressTimer) clearTimeout(longPressTimer)
+})
+</script>
+
+<template>
+  <component
+    :is="selectable || !to ? 'button' : 'a'"
+    class="session-item"
+    :class="{ active, 'batch-mode': selectable, 'missing-models': profileModelsMissing }"
+    :aria-current="active ? 'page' : undefined"
+    :href="!selectable ? to : undefined"
+    :type="selectable || !to ? 'button' : undefined"
+    @click="onClick"
+    @contextmenu="emit('contextmenu', $event)"
+    @touchstart="onTouchStart"
+    @touchend="onTouchEnd"
+    @touchmove="onTouchMove"
+  >
+    <div v-if="selectable" class="session-item-checkbox">
+      <NCheckbox :checked="selected" @click.stop="emit('toggle-select')" />
+    </div>
+    <div class="session-item-content">
+      <span class="session-item-title-row">
+        <span v-if="pinned" class="session-item-pin" aria-hidden="true">
+          <svg width="11" height="11" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+            <path d="M12 17v5" />
+            <path d="M5 8l14 0" />
+            <path d="M8 3l8 0 0 5 3 5-14 0 3-5z" />
+          </svg>
+        </span>
+        <span class="session-item-title">
+          <svg v-if="streaming" class="session-item-streaming" width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round"><path d="M12 2v4M12 18v4M4.93 4.93l2.83 2.83M16.24 16.24l2.83 2.83M2 12h4M18 12h4M4.93 19.07l2.83-2.83M16.24 7.76l2.83-2.83"/></svg>
+          {{ session.title }}
+        </span>
+        <NTooltip v-if="profileModelsMissing" trigger="click" placement="top">
+          <template #trigger>
+            <button class="session-item-warning" type="button" @click.stop.prevent>
+              !
+            </button>
+          </template>
+          {{ t('chat.profileMissingModelsTip', { profile: profileName }) }}
+        </NTooltip>
+      </span>
+      <span class="session-item-meta">
+        <span v-if="sessionModelName" class="session-item-model" :title="session.model">{{ sessionModelName }}</span>
+        <span class="session-item-time">{{ formatTimestampMs(session.createdAt) }}</span>
+      </span>
+      <span v-if="props.showProfile" class="session-item-profile">
+        <ProfileAvatar class="session-item-profile-avatar" :name="profileName" :avatar="profileAvatar" :size="16" />
+        <span class="session-item-profile-name">{{ profileName }}</span>
+      </span>
+    </div>
+    <NPopconfirm v-if="canDelete && !selectable" @positive-click="emit('delete')">
+      <template #trigger>
+        <button class="session-item-delete" @click.stop.prevent>
+          <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>
+        </button>
+      </template>
+      {{ t('chat.deleteSession') }}
+    </NPopconfirm>
+  </component>
+</template>
+
+<style scoped>
+.session-item-profile {
+  display: flex;
+  align-items: center;
+  gap: 5px;
+  min-width: 0;
+  margin-top: 4px;
+}
+
+.session-item-profile-avatar {
+  background: var(--bg-secondary);
+}
+
+.session-item-profile-name {
+  min-width: 0;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  font-size: 11px;
+  line-height: 16px;
+  color: var(--text-muted);
+}
+
+.session-item-warning {
+  flex-shrink: 0;
+  width: 16px;
+  height: 16px;
+  border: 1px solid rgba(180, 35, 24, 0.35);
+  border-radius: 50%;
+  background: rgba(220, 38, 38, 0.1);
+  color: #b42318;
+  font-size: 11px;
+  font-weight: 700;
+  line-height: 14px;
+  cursor: pointer;
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/SessionSearchModal.vue b/packages/client/src/components/hermes/chat/SessionSearchModal.vue
new file mode 100644
index 0000000..e4c8c06
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/SessionSearchModal.vue
@@ -0,0 +1,464 @@
+<script setup lang="ts">
+import { computed, nextTick, onMounted, onUnmounted, ref, watch } from 'vue'
+import { useRouter } from 'vue-router'
+import { NButton, NInput, NModal, NSpin, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { fetchSessions, searchSessions, type SessionSearchResult, type SessionSummary } from '@/api/hermes/sessions'
+import { useChatStore } from '@/stores/hermes/chat'
+import { useSessionSearch } from '@/composables/useSessionSearch'
+
+const { t } = useI18n()
+const message = useMessage()
+const router = useRouter()
+const chatStore = useChatStore()
+const { sessionSearchOpen } = useSessionSearch()
+
+const query = ref('')
+const loading = ref(false)
+const recentSessions = ref<SessionSummary[]>([])
+const searchResults = ref<SessionSearchResult[]>([])
+const activeIndex = ref(0)
+const inputRef = ref<InstanceType<typeof NInput> | null>(null)
+const profileFilter = computed(() => chatStore.sessionProfileFilter || undefined)
+
+let debounceTimer: ReturnType<typeof setTimeout> | null = null
+let requestSeq = 0
+
+type SearchItem = SessionSearchResult | (SessionSummary & {
+  snippet?: string
+  matched_message_id: number | null
+  rank: number
+})
+
+const hasQuery = computed(() => query.value.trim().length > 0)
+
+const items = computed<SearchItem[]>(() => {
+  if (hasQuery.value) return searchResults.value
+  return recentSessions.value.map(session => ({
+    ...session,
+    matched_message_id: null,
+    snippet: session.preview || '',
+    rank: 0,
+  }))
+})
+
+function formatSource(source: string): string {
+  const map: Record<string, string> = {
+    api_server: 'API Server',
+    cli: 'CLI',
+    telegram: 'Telegram',
+    discord: 'Discord',
+    slack: 'Slack',
+    matrix: 'Matrix',
+    whatsapp: 'WhatsApp',
+    signal: 'Signal',
+    cron: 'Cron',
+    weixin: 'WeChat',
+  }
+  return map[source] || source
+}
+
+function formatTime(ts?: number): string {
+  if (!ts) return ''
+  const date = new Date(ts * 1000)
+  return date.toLocaleString([], {
+    month: 'short',
+    day: 'numeric',
+    hour: '2-digit',
+    minute: '2-digit',
+  })
+}
+
+function getItemTitle(item: SearchItem): string {
+  const title = item.title?.trim()
+  if (title) return title
+  if (item.preview?.trim()) return item.preview.trim()
+  return item.id
+}
+
+async function loadRecentSessions() {
+  const seq = ++requestSeq
+  loading.value = true
+  try {
+    const sessions = profileFilter.value
+      ? await fetchSessions(undefined, 8, profileFilter.value)
+      : await fetchSessions(undefined, 8)
+    if (seq !== requestSeq) return
+    recentSessions.value = sessions
+    searchResults.value = []
+    activeIndex.value = 0
+  } catch (err) {
+    if (seq !== requestSeq) return
+    message.error(err instanceof Error ? err.message : t('chat.searchFailed'))
+  } finally {
+    if (seq === requestSeq) {
+      loading.value = false
+    }
+  }
+}
+
+async function runSearch(text: string) {
+  const seq = ++requestSeq
+  loading.value = true
+  try {
+    const results = text.trim()
+      ? profileFilter.value
+        ? await searchSessions(text.trim(), undefined, 10, profileFilter.value)
+        : await searchSessions(text.trim(), undefined, 10)
+      : []
+    if (seq !== requestSeq) return
+    searchResults.value = results
+    activeIndex.value = 0
+  } catch (err) {
+    if (seq !== requestSeq) return
+    message.error(err instanceof Error ? err.message : t('chat.searchFailed'))
+  } finally {
+    if (seq === requestSeq) {
+      loading.value = false
+    }
+  }
+}
+
+async function ensureChatSessionsLoaded() {
+  if (chatStore.sessions.length === 0) {
+    await chatStore.loadSessions(chatStore.sessionProfileFilter)
+  }
+}
+
+async function openItem(item: SearchItem) {
+  const messageId = item.matched_message_id != null ? String(item.matched_message_id) : null
+  sessionSearchOpen.value = false
+
+  await ensureChatSessionsLoaded()
+  if (!chatStore.sessions.some(session => session.id === item.id) && typeof chatStore.addOrUpdateSession === 'function') {
+    chatStore.addOrUpdateSession({
+      id: item.id,
+      profile: item.profile || 'default',
+      title: item.title || '',
+      source: item.source,
+      messages: [],
+      createdAt: Math.round(item.started_at * 1000),
+      updatedAt: Math.round((item.last_active || item.ended_at || item.started_at) * 1000),
+      model: item.model,
+      provider: item.provider || item.billing_provider || '',
+      messageCount: item.message_count,
+      endedAt: item.ended_at != null ? Math.round(item.ended_at * 1000) : null,
+      lastActiveAt: item.last_active != null ? Math.round(item.last_active * 1000) : undefined,
+      workspace: item.workspace || null,
+    })
+  }
+  await chatStore.switchSession(item.id, messageId)
+  if (router.currentRoute.value.name !== 'hermes.chat') {
+    await router.push({ name: 'hermes.chat' })
+  }
+}
+
+function closeModal() {
+  sessionSearchOpen.value = false
+}
+
+function moveSelection(delta: number) {
+  const list = items.value
+  if (list.length === 0) return
+  const next = activeIndex.value + delta
+  activeIndex.value = (next + list.length) % list.length
+}
+
+async function handleKeydown(e: KeyboardEvent) {
+  if (!sessionSearchOpen.value) return
+  if (e.key === 'ArrowDown') {
+    e.preventDefault()
+    moveSelection(1)
+    return
+  }
+  if (e.key === 'ArrowUp') {
+    e.preventDefault()
+    moveSelection(-1)
+    return
+  }
+  if (e.key === 'Enter') {
+    e.preventDefault()
+    const item = items.value[activeIndex.value]
+    if (item) {
+      await openItem(item)
+    }
+    return
+  }
+  if (e.key === 'Escape') {
+    e.preventDefault()
+    closeModal()
+  }
+}
+
+watch(
+  () => sessionSearchOpen.value,
+  async (open) => {
+    if (!open) {
+      query.value = ''
+      searchResults.value = []
+      recentSessions.value = []
+      activeIndex.value = 0
+      return
+    }
+
+    query.value = ''
+    searchResults.value = []
+    activeIndex.value = 0
+    await loadRecentSessions()
+    await nextTick()
+    inputRef.value?.focus?.()
+  },
+)
+
+watch(query, (value) => {
+  if (debounceTimer) {
+    clearTimeout(debounceTimer)
+    debounceTimer = null
+  }
+  debounceTimer = setTimeout(() => {
+    if (!sessionSearchOpen.value) return
+    void runSearch(value)
+  }, 160)
+})
+
+watch(items, () => {
+  if (activeIndex.value >= items.value.length) {
+    activeIndex.value = 0
+  }
+})
+
+onMounted(() => {
+  window.addEventListener('keydown', handleKeydown)
+})
+
+onUnmounted(() => {
+  window.removeEventListener('keydown', handleKeydown)
+  if (debounceTimer) {
+    clearTimeout(debounceTimer)
+  }
+})
+</script>
+
+<template>
+  <NModal
+    v-model:show="sessionSearchOpen"
+    preset="card"
+    :title="t('chat.searchTitle')"
+    :style="{ width: 'min(760px, calc(100vw - 24px))' }"
+    :mask-closable="true"
+    :auto-focus="false"
+  >
+    <div class="session-search-modal">
+      <div class="search-header">
+        <div class="search-title">{{ t('chat.searchSubtitle') }}</div>
+        <div class="search-hint">{{ t('chat.searchHint') }}</div>
+      </div>
+      <div class="search-scope">{{ t('chat.searchScope') }}</div>
+
+      <NInput
+        ref="inputRef"
+      v-model:value="query"
+      :placeholder="t('chat.searchPlaceholder')"
+      clearable
+      size="large"
+    />
+
+      <div class="search-body">
+        <NSpin :show="loading">
+          <div v-if="items.length === 0" class="search-empty">
+            {{ hasQuery ? t('chat.searchNoResults') : t('chat.searchEmpty') }}
+          </div>
+          <div v-else class="result-list">
+            <button
+              v-for="(item, idx) in items"
+              :key="item.id"
+              class="result-item"
+              :class="{ active: idx === activeIndex }"
+              @click="openItem(item)"
+              @mouseenter="activeIndex = idx"
+            >
+              <div class="result-main">
+                <div class="result-title-row">
+                  <span class="result-title">{{ getItemTitle(item) }}</span>
+                  <span class="result-source">{{ formatSource(item.source) }}</span>
+                </div>
+                <div class="result-snippet">
+                  {{ hasQuery ? item.snippet || t('chat.searchNoSnippet') : item.preview || t('chat.searchRecent') }}
+                </div>
+              </div>
+              <div class="result-meta">
+                <span class="result-time">{{ formatTime(item.last_active || item.started_at) }}</span>
+                <span v-if="hasQuery && item.matched_message_id != null" class="result-match">
+                  #{{ item.matched_message_id }}
+                </span>
+              </div>
+            </button>
+          </div>
+        </NSpin>
+      </div>
+
+      <div class="search-footer">
+        <span>{{ t('chat.searchEnterHint') }}</span>
+        <NButton quaternary size="small" @click="closeModal">{{ t('common.cancel') }}</NButton>
+      </div>
+    </div>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.session-search-modal {
+  display: flex;
+  flex-direction: column;
+  gap: 14px;
+}
+
+.search-header {
+  display: flex;
+  align-items: baseline;
+  justify-content: space-between;
+  gap: 12px;
+}
+
+.search-title {
+  font-size: 14px;
+  font-weight: 600;
+  color: $text-primary;
+}
+
+.search-hint {
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.search-scope {
+  font-size: 12px;
+  color: $text-muted;
+  line-height: 1.5;
+}
+
+.search-body {
+  max-height: min(60vh, 540px);
+  overflow: hidden;
+}
+
+.search-empty {
+  padding: 28px 0;
+  text-align: center;
+  color: $text-muted;
+  font-size: 13px;
+}
+
+.result-list {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+  max-height: min(60vh, 540px);
+  overflow-y: auto;
+  padding-right: 2px;
+}
+
+.result-item {
+  width: 100%;
+  display: flex;
+  justify-content: space-between;
+  gap: 16px;
+  padding: 12px 14px;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  background: $bg-card;
+  color: $text-primary;
+  text-align: left;
+  cursor: pointer;
+  transition: border-color $transition-fast, background-color $transition-fast, transform $transition-fast;
+
+  &:hover,
+  &.active {
+    border-color: $accent-muted;
+    background: rgba(var(--accent-primary-rgb), 0.04);
+  }
+}
+
+.result-main {
+  flex: 1;
+  min-width: 0;
+}
+
+.result-title-row {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+}
+
+.result-title {
+  font-size: 13px;
+  font-weight: 600;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+.result-source {
+  flex-shrink: 0;
+  font-size: 11px;
+  color: $text-muted;
+}
+
+.result-snippet {
+  margin-top: 4px;
+  font-size: 12px;
+  color: $text-secondary;
+  line-height: 1.5;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  display: -webkit-box;
+  -webkit-line-clamp: 2;
+  -webkit-box-orient: vertical;
+}
+
+.result-meta {
+  display: flex;
+  flex-direction: column;
+  align-items: flex-end;
+  gap: 4px;
+  font-size: 11px;
+  color: $text-muted;
+  flex-shrink: 0;
+}
+
+.result-match {
+  font-family: $font-code;
+}
+
+.search-footer {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  font-size: 12px;
+  color: $text-muted;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  :deep(.n-modal-body-wrapper) {
+    width: calc(100vw - 24px);
+  }
+
+  .search-header {
+    flex-direction: column;
+    align-items: flex-start;
+  }
+
+  .result-item {
+    flex-direction: column;
+    align-items: flex-start;
+  }
+
+  .result-meta {
+    align-items: flex-start;
+    flex-direction: row;
+    flex-wrap: wrap;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/TerminalPanel.vue b/packages/client/src/components/hermes/chat/TerminalPanel.vue
new file mode 100644
index 0000000..f2fdb80
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/TerminalPanel.vue
@@ -0,0 +1,920 @@
+<script setup lang="ts">
+import { ref, onUnmounted, computed, watch } from "vue";
+import { Terminal } from "@xterm/xterm";
+import { FitAddon } from "@xterm/addon-fit";
+import { WebLinksAddon } from "@xterm/addon-web-links";
+import "@xterm/xterm/css/xterm.css";
+import { getApiKey, getBaseUrlValue } from "@/api/client";
+import { NButton, NPopconfirm, NTooltip, NSelect, useMessage } from "naive-ui";
+import { useI18n } from "vue-i18n";
+import type { ITheme } from "@xterm/xterm";
+
+const { t } = useI18n();
+const message = useMessage();
+
+const props = defineProps<{ visible?: boolean; initialCommand?: string }>();
+
+// ─── Terminal themes ────────────────────────────────────────────
+
+const TERMINAL_THEMES: Record<string, { label: string; theme: ITheme }> = {
+  default: {
+    label: "Default",
+    theme: {
+      background: "#1a1a2e",
+      foreground: "#e0e0e0",
+      cursor: "#4cc9f0",
+      cursorAccent: "#1a1a2e",
+      selectionBackground: "rgba(76, 201, 240, 0.3)",
+      black: "#000000", red: "#e06c75", green: "#98c379", yellow: "#e5c07b",
+      blue: "#61afef", magenta: "#c678dd", cyan: "#56b6c2", white: "#abb2bf",
+      brightBlack: "#5c6370", brightRed: "#e06c75", brightGreen: "#98c379",
+      brightYellow: "#e5c07b", brightBlue: "#61afef", brightMagenta: "#c678dd",
+      brightCyan: "#56b6c2", brightWhite: "#ffffff",
+    },
+  },
+  "solarized-dark": {
+    label: "Solarized Dark",
+    theme: {
+      background: "#002b36", foreground: "#839496",
+      cursor: "#93a1a1", cursorAccent: "#002b36",
+      selectionBackground: "rgba(147, 161, 161, 0.3)",
+      black: "#073642", red: "#dc322f", green: "#859900", yellow: "#b58900",
+      blue: "#268bd2", magenta: "#d33682", cyan: "#2aa198", white: "#eee8d5",
+      brightBlack: "#002b36", brightRed: "#cb4b16", brightGreen: "#586e75",
+      brightYellow: "#657b83", brightBlue: "#839496", brightMagenta: "#6c71c4",
+      brightCyan: "#93a1a1", brightWhite: "#fdf6e3",
+    },
+  },
+  "tokyo-night": {
+    label: "Tokyo Night",
+    theme: {
+      background: "#1a1b26", foreground: "#a9b1d6",
+      cursor: "#c0caf5", cursorAccent: "#1a1b26",
+      selectionBackground: "rgba(192, 202, 245, 0.2)",
+      black: "#15161e", red: "#f7768e", green: "#9ece6a", yellow: "#e0af68",
+      blue: "#7aa2f7", magenta: "#bb9af7", cyan: "#7dcfff", white: "#a9b1d6",
+      brightBlack: "#414868", brightRed: "#f7768e", brightGreen: "#9ece6a",
+      brightYellow: "#e0af68", brightBlue: "#7aa2f7", brightMagenta: "#bb9af7",
+      brightCyan: "#7dcfff", brightWhite: "#c0caf5",
+    },
+  },
+  "github-dark": {
+    label: "GitHub Dark",
+    theme: {
+      background: "#0d1117", foreground: "#c9d1d9",
+      cursor: "#58a6ff", cursorAccent: "#0d1117",
+      selectionBackground: "rgba(88, 166, 255, 0.25)",
+      black: "#484f58", red: "#ff7b72", green: "#7ee787", yellow: "#ffa657",
+      blue: "#79c0ff", magenta: "#d2a8ff", cyan: "#a5d6ff", white: "#c9d1d9",
+      brightBlack: "#6e7681", brightRed: "#ffa198", brightGreen: "#56d364",
+      brightYellow: "#e3b341", brightBlue: "#58a6ff", brightMagenta: "#bc8cff",
+      brightCyan: "#79c0ff", brightWhite: "#f0f6fc",
+    },
+  },
+};
+
+const STORAGE_KEY_THEME = "hermes_terminal_theme";
+
+// ─── Types ──────────────────────────────────────────────────────
+
+interface SessionInfo {
+  id: string;
+  shell: string;
+  pid: number;
+  title: string;
+  createdAt: number;
+  exited: boolean;
+}
+
+// ─── State ──────────────────────────────────────────────────────
+
+const terminalRef = ref<HTMLDivElement | null>(null);
+const sessions = ref<SessionInfo[]>([]);
+const activeSessionId = ref<string | null>(null);
+const selectedTheme = ref(localStorage.getItem(STORAGE_KEY_THEME) || "default");
+const connectionError = ref<string | null>(null);
+const isConnecting = ref(false);
+const showSidebar = ref(false);
+
+let ws: WebSocket | null = null;
+const termMap = new Map<string, { term: Terminal; fitAddon: FitAddon; opened: boolean }>();
+let activeTerm: Terminal | null = null;
+let activeFitAddon: FitAddon | null = null;
+let resizeObserver: ResizeObserver | null = null;
+let reconnectAttempts = 0;
+const MAX_RECONNECT_ATTEMPTS = 3;
+let touchScrollLastY: number | null = null;
+let touchScrollRemainder = 0;
+const TOUCH_SCROLL_LINE_PX = 18;
+const initialCommandSent = ref(false);
+
+// ─── Computed ──────────────────────────────────────────────────
+
+const activeSession = computed(
+  () => sessions.value.find((s) => s.id === activeSessionId.value) || null,
+);
+
+const themeOptions = computed(() =>
+  Object.entries(TERMINAL_THEMES).map(([key, val]) => ({
+    label: val.label,
+    value: key,
+  })),
+);
+
+const terminalBg = computed(
+  () => TERMINAL_THEMES[selectedTheme.value]?.theme.background ?? "#1a1a2e",
+);
+
+// ─── WebSocket ──────────────────────────────────────────────────
+
+function formatHostForPort(hostname: string, port: number): string {
+  if (hostname.startsWith("[") && hostname.endsWith("]")) {
+    return `${hostname}:${port}`;
+  }
+  return hostname.includes(":") ? `[${hostname}]:${port}` : `${hostname}:${port}`;
+}
+
+function buildWsUrl(): string {
+  const token = getApiKey();
+  const base = getBaseUrlValue();
+  const wsProtocol = base
+    ? base.startsWith("https")
+      ? "wss:"
+      : "ws:"
+    : location.protocol === "https:"
+      ? "wss:"
+      : "ws:";
+
+  if (base) {
+    return `${wsProtocol}//${new URL(base).host}/api/hermes/terminal${token ? `?token=${encodeURIComponent(token)}` : ""}`;
+  }
+
+  const directDevPort = import.meta.env.VITE_HERMES_DIRECT_WS_PORT;
+  const host = import.meta.env.DEV && directDevPort
+    ? formatHostForPort(location.hostname, Number(directDevPort))
+    : location.host;
+  return `${wsProtocol}//${host}/api/hermes/terminal${token ? `?token=${encodeURIComponent(token)}` : ""}`;
+}
+
+function connect() {
+  if (reconnectAttempts >= MAX_RECONNECT_ATTEMPTS) {
+    connectionError.value = t('terminal.connectionFailed');
+    isConnecting.value = false;
+    return;
+  }
+
+  const url = buildWsUrl();
+  connectionError.value = null;
+  isConnecting.value = true;
+  reconnectAttempts++;
+
+  ws = new WebSocket(url);
+
+  ws.onopen = () => {
+    isConnecting.value = false;
+    connectionError.value = null;
+  };
+
+  ws.onmessage = (event) => {
+    const data = typeof event.data === "string" ? event.data : "";
+    if (data.charCodeAt(0) === 0x7b) {
+      try {
+        handleControl(JSON.parse(data));
+      } catch {}
+    } else {
+      activeTerm?.write(data);
+    }
+  };
+
+  ws.onclose = (event) => {
+    isConnecting.value = false;
+
+    // 如果是正常关闭（code 1000）或认证失败，不重连
+    if (event.code === 1000 || event.code === 1003 || event.code === 1008) {
+      connectionError.value = t('terminal.connectionClosed');
+      return;
+    }
+
+    // 其他情况尝试重连
+    setTimeout(connect, 3000);
+  };
+
+  ws.onerror = (error) => {
+    console.error('[Terminal] WebSocket error:', error);
+    connectionError.value = t('terminal.connectionError');
+  };
+}
+
+function send(data: object | string) {
+  if (!ws || ws.readyState !== WebSocket.OPEN) return;
+  ws.send(typeof data === "string" ? data : JSON.stringify(data));
+}
+
+// ─── Control message handlers ──────────────────────────────────
+
+function handleControl(msg: any) {
+  switch (msg.type) {
+    case "created":
+      reconnectAttempts = 0;
+      sessions.value.push({
+        id: msg.id,
+        shell: msg.shell,
+        pid: msg.pid,
+        title: `${msg.shell} #${sessions.value.length + 1}`,
+        createdAt: Date.now(),
+        exited: false,
+      });
+      switchSession(msg.id);
+      runInitialCommand();
+      break;
+
+    case "exited": {
+      const s = sessions.value.find((s) => s.id === msg.id);
+      if (s) {
+        s.exited = true;
+        if (activeSessionId.value === msg.id) {
+          activeTerm?.write(
+            `\r\n\x1b[90m[${t("terminal.processExited", { code: msg.exitCode })}]\x1b[0m\r\n`,
+          );
+        }
+      }
+      break;
+    }
+
+    case "error":
+      message.error(msg.message);
+      break;
+  }
+}
+
+// ─── Session actions ────────────────────────────────────────────
+
+function createSession() {
+  send({ type: "create" });
+}
+
+function runInitialCommand() {
+  const command = props.initialCommand?.trim();
+  if (!command || initialCommandSent.value) return;
+  initialCommandSent.value = true;
+  setTimeout(() => {
+    send(`${command}\r`);
+  }, 100);
+}
+
+function getOrCreateTerm(id: string): { term: Terminal; fitAddon: FitAddon } {
+  let entry = termMap.get(id);
+  if (!entry) {
+    const term = new Terminal({
+      cursorBlink: true,
+      fontSize: 14,
+      fontFamily: 'Menlo, Monaco, "Courier New", monospace',
+      theme: { ...TERMINAL_THEMES[selectedTheme.value].theme },
+    });
+    const fitAddon = new FitAddon();
+    term.loadAddon(fitAddon);
+    term.loadAddon(new WebLinksAddon());
+    term.onData((data) => {
+      if (ws?.readyState === WebSocket.OPEN) {
+        ws.send(data);
+      }
+    });
+    entry = { term, fitAddon, opened: false };
+    termMap.set(id, entry);
+  }
+  return entry;
+}
+
+function switchSession(id: string) {
+  if (activeSessionId.value === id) return;
+  activeSessionId.value = id;
+  const entry = getOrCreateTerm(id);
+  activeTerm = entry.term;
+  activeFitAddon = entry.fitAddon;
+  mountActiveTerminal();
+  send({ type: "switch", sessionId: id });
+}
+
+function closeSession(id: string) {
+  send({ type: "close", sessionId: id });
+  sessions.value = sessions.value.filter((s) => s.id !== id);
+  const entry = termMap.get(id);
+  if (entry) {
+    entry.term.dispose();
+    termMap.delete(id);
+  }
+  if (activeSessionId.value === id) {
+    activeSessionId.value = sessions.value.length > 0 ? sessions.value[0].id : null;
+    activeTerm = null;
+    activeFitAddon = null;
+    if (activeSessionId.value) {
+      switchSession(activeSessionId.value);
+    } else {
+      unmountActiveTerminal();
+      createSession();
+    }
+  }
+}
+
+// ─── Terminal mount/unmount ─────────────────────────────────────
+
+function mountActiveTerminal() {
+  if (!terminalRef.value) return;
+  const container = terminalRef.value;
+  while (container.firstChild) container.removeChild(container.firstChild);
+
+  const entry = termMap.get(activeSessionId.value!);
+  if (!entry) return;
+
+  if (!entry.opened) {
+    entry.term.open(container);
+    entry.opened = true;
+  } else {
+    const termEl = entry.term.element;
+    if (termEl) {
+      container.appendChild(termEl);
+    }
+  }
+
+  resizeObserver?.disconnect();
+  resizeObserver = new ResizeObserver(() => {
+    tryFit();
+    sendResize();
+  });
+  resizeObserver.observe(terminalRef.value);
+
+  setTimeout(() => tryFit(), 50);
+  setTimeout(() => tryFit(), 200);
+}
+
+function unmountActiveTerminal() {
+  if (!terminalRef.value) return;
+  const container = terminalRef.value;
+  while (container.firstChild) container.removeChild(container.firstChild);
+}
+
+function tryFit() {
+  if (!activeFitAddon) return;
+  try {
+    activeFitAddon.fit();
+  } catch {}
+}
+
+function sendResize() {
+  if (!activeTerm || !ws || ws.readyState !== WebSocket.OPEN) return;
+  try {
+    send({
+      type: "resize",
+      cols: activeTerm.cols,
+      rows: activeTerm.rows,
+    });
+  } catch {}
+}
+
+function handleTerminalTouchStart(event: TouchEvent) {
+  if (event.touches.length !== 1) {
+    touchScrollLastY = null;
+    touchScrollRemainder = 0;
+    return;
+  }
+  touchScrollLastY = event.touches[0].clientY;
+  touchScrollRemainder = 0;
+}
+
+function handleTerminalTouchMove(event: TouchEvent) {
+  if (!activeTerm || event.touches.length !== 1 || touchScrollLastY === null) return;
+  const nextY = event.touches[0].clientY;
+  touchScrollRemainder += touchScrollLastY - nextY;
+  touchScrollLastY = nextY;
+
+  const lines = Math.trunc(touchScrollRemainder / TOUCH_SCROLL_LINE_PX);
+  if (lines === 0) return;
+
+  activeTerm.scrollLines(lines);
+  touchScrollRemainder -= lines * TOUCH_SCROLL_LINE_PX;
+  event.preventDefault();
+}
+
+function handleTerminalTouchEnd() {
+  touchScrollLastY = null;
+  touchScrollRemainder = 0;
+}
+
+// ─── Theme ───────────────────────────────────────────────────────
+
+function applyTheme(themeName: string) {
+  selectedTheme.value = themeName;
+  localStorage.setItem(STORAGE_KEY_THEME, themeName);
+  const themeObj = TERMINAL_THEMES[themeName]?.theme;
+  if (!themeObj) return;
+  for (const entry of termMap.values()) {
+    entry.term.options.theme = { ...themeObj };
+  }
+}
+
+// ─── Helpers ────────────────────────────────────────────────────
+
+function formatTime(ts: number) {
+  const d = new Date(ts);
+  return d.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" });
+}
+
+// ─── Lifecycle ──────────────────────────────────────────────────
+
+let hasConnected = false;
+
+watch(() => props.visible, (visible) => {
+  if (visible && !hasConnected && !ws) {
+    hasConnected = true;
+    connect();
+  }
+}, { immediate: true });
+
+onUnmounted(() => {
+  unmountActiveTerminal();
+  for (const entry of termMap.values()) {
+    entry.term.dispose();
+  }
+  termMap.clear();
+  activeTerm = null;
+  activeFitAddon = null;
+  ws?.close();
+  ws = null;
+});
+</script>
+
+<template>
+  <div class="terminal-panel-drawer">
+    <div
+      v-if="showSidebar"
+      class="sidebar-overlay"
+      @click="showSidebar = false"
+    ></div>
+    <div
+      class="terminal-sidebar"
+      :class="{ 'mobile-visible': showSidebar }"
+    >
+      <div class="sidebar-header">
+        <span class="sidebar-title">{{ t("terminal.sessions") }}</span>
+        <NTooltip trigger="hover">
+          <template #trigger>
+            <NButton quaternary size="tiny" @click="createSession" circle>
+              <template #icon>
+                <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                  <line x1="12" y1="5" x2="12" y2="19" />
+                  <line x1="5" y1="12" x2="19" y2="12" />
+                </svg>
+              </template>
+            </NButton>
+          </template>
+          {{ t("terminal.newTab") }}
+        </NTooltip>
+      </div>
+      <div class="session-list">
+        <div v-if="connectionError" class="session-error">
+          <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+            <circle cx="12" cy="12" r="10" />
+            <line x1="12" y1="8" x2="12" y2="12" />
+            <line x1="12" y1="16" x2="12.01" y2="16" />
+          </svg>
+          <span>{{ connectionError }}</span>
+          <NButton size="tiny" @click="connect">{{ t("common.retry") }}</NButton>
+        </div>
+        <div v-else-if="sessions.length === 0" class="session-empty">
+          <template v-if="isConnecting">
+            {{ t("common.loading") }}
+          </template>
+          <template v-else>
+            {{ t("terminal.noSessions") }}
+          </template>
+        </div>
+        <button
+          v-for="s in sessions"
+          :key="s.id"
+          class="session-item"
+          :class="{ active: s.id === activeSessionId, exited: s.exited }"
+          @click="switchSession(s.id)"
+        >
+          <div class="session-item-content">
+            <span class="session-item-title">{{ s.title }}</span>
+            <span class="session-item-meta">
+              <span class="session-item-shell">{{ s.shell }}</span>
+              <span v-if="s.exited" class="session-item-status">{{
+                t("terminal.sessionExited")
+              }}</span>
+              <span v-else class="session-item-time">{{
+                formatTime(s.createdAt)
+              }}</span>
+            </span>
+          </div>
+          <NPopconfirm v-if="sessions.length > 1" @positive-click="closeSession(s.id)">
+            <template #trigger>
+              <button class="session-item-delete" @click.stop>
+                <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                  <line x1="18" y1="6" x2="6" y2="18" />
+                  <line x1="6" y1="6" x2="18" y2="18" />
+                </svg>
+              </button>
+            </template>
+            {{ t("terminal.closeSession") }}
+          </NPopconfirm>
+        </button>
+      </div>
+    </div>
+
+    <div class="terminal-main">
+      <header class="terminal-header">
+        <span v-if="activeSession" class="header-session-title">{{
+          activeSession.title
+        }}</span>
+        <div class="header-actions">
+          <NButton
+            size="small"
+            @click="showSidebar = !showSidebar"
+            class="sidebar-toggle"
+          >
+            <template #icon>
+              <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <rect x="3" y="3" width="18" height="18" rx="2" />
+                <line x1="9" y1="3" x2="9" y2="21" />
+              </svg>
+            </template>
+            {{ t("terminal.sessions") }}
+          </NButton>
+          <NSelect
+            :value="selectedTheme"
+            :options="themeOptions"
+            size="small"
+            :consistent-menu-width="false"
+            class="theme-select"
+            @update:value="applyTheme"
+          />
+          <NButton size="small" @click="createSession">
+            <template #icon>
+              <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <line x1="12" y1="5" x2="12" y2="19" />
+                <line x1="5" y1="12" x2="19" y2="12" />
+              </svg>
+            </template>
+            {{ t("terminal.newTab") }}
+          </NButton>
+        </div>
+      </header>
+      <div class="terminal-container">
+        <div
+          ref="terminalRef"
+          class="terminal-xterm"
+          :style="{ backgroundColor: terminalBg }"
+          @touchstart="handleTerminalTouchStart"
+          @touchmove="handleTerminalTouchMove"
+          @touchend="handleTerminalTouchEnd"
+          @touchcancel="handleTerminalTouchEnd"
+        />
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.terminal-panel-drawer {
+  display: flex;
+  height: 100%;
+  width: 100%;
+  min-height: 0;
+  min-width: 0;
+  position: relative;
+  overflow: hidden;
+}
+
+.sidebar-overlay {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background: rgba(0, 0, 0, 0.5);
+  z-index: 50;
+
+  @media (min-width: $breakpoint-mobile + 1) {
+    display: none;
+  }
+}
+
+.terminal-sidebar {
+  width: 180px;
+  border-right: 1px solid $border-color;
+  display: flex;
+  flex-direction: column;
+  flex-shrink: 0;
+
+  @media (max-width: $breakpoint-mobile) {
+    position: fixed;
+    top: 0;
+    left: 0;
+    bottom: 0;
+    width: 80%;
+    max-width: 300px;
+    z-index: 51;
+    background: $bg-card;
+    box-shadow: 2px 0 8px rgba(0, 0, 0, 0.15);
+    transform: translateX(-100%);
+    transition: transform 0.3s ease;
+
+    &.mobile-visible {
+      transform: translateX(0);
+    }
+  }
+}
+
+.sidebar-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 12px;
+  flex-shrink: 0;
+  border-bottom: 1px solid $border-color;
+}
+
+.sidebar-title {
+  font-size: 11px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+}
+
+.session-list {
+  flex: 1;
+  overflow-y: auto;
+  padding: 8px;
+}
+
+.session-empty {
+  padding: 16px 8px;
+  font-size: 12px;
+  color: $text-muted;
+  text-align: center;
+}
+
+.session-error {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 12px;
+  padding: 20px 12px;
+  font-size: 12px;
+  color: $error;
+  text-align: center;
+
+  svg {
+    width: 32px;
+    height: 32px;
+    opacity: 0.8;
+  }
+
+  span {
+    flex: 1;
+  }
+}
+
+.session-item {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  width: 100%;
+  padding: 6px 8px;
+  border: none;
+  background: none;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  text-align: left;
+  color: $text-secondary;
+  transition: all $transition-fast;
+  margin-bottom: 2px;
+
+  &:hover {
+    background: rgba(var(--accent-primary-rgb), 0.06);
+    color: $text-primary;
+
+    .session-item-delete {
+      opacity: 1;
+    }
+  }
+
+  &.active {
+    background: rgba(var(--accent-primary-rgb), 0.1);
+    color: $text-primary;
+    font-weight: 500;
+  }
+
+  &.exited {
+    opacity: 0.5;
+  }
+}
+
+.session-item-content {
+  flex: 1;
+  overflow: hidden;
+}
+
+.session-item-title {
+  display: block;
+  font-size: 12px;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+.session-item-meta {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  margin-top: 2px;
+}
+
+.session-item-shell {
+  font-size: 9px;
+  color: $accent-primary;
+  background: rgba(var(--accent-primary-rgb), 0.08);
+  padding: 0 4px;
+  border-radius: 3px;
+  line-height: 14px;
+}
+
+.session-item-time,
+.session-item-status {
+  font-size: 10px;
+  color: $text-muted;
+}
+
+.session-item-delete {
+  flex-shrink: 0;
+  opacity: 0.5;
+  padding: 2px;
+  border: none;
+  background: none;
+  color: $text-muted;
+  cursor: pointer;
+  border-radius: 3px;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: $error;
+    background: rgba(var(--error-rgb), 0.1);
+  }
+}
+
+.terminal-main {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  overflow: hidden;
+  min-width: 0;
+}
+
+.terminal-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 10px;
+  padding: 12px 16px;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+  min-width: 0;
+}
+
+.header-session-title {
+  font-size: 14px;
+  font-weight: 600;
+  color: $text-primary;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+.header-actions {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  flex-shrink: 0;
+  min-width: 0;
+}
+
+.theme-select {
+  width: 120px;
+}
+
+.sidebar-toggle {
+  @media (min-width: $breakpoint-mobile + 1) {
+    display: none;
+  }
+}
+
+.terminal-container {
+  flex: 1;
+  margin: 8px;
+  overflow: hidden;
+  min-height: 0;
+  min-width: 0;
+  display: flex;
+  flex-direction: column;
+}
+
+.terminal-xterm {
+  flex: 1;
+  min-height: 0;
+  min-width: 0;
+  border-radius: $radius-md;
+  overflow: hidden;
+  border: 1px solid $border-color;
+
+  :deep(.xterm) {
+    height: 100%;
+    padding: 8px;
+  }
+
+  :deep(.xterm-viewport) {
+    overflow-y: scroll !important;
+    scrollbar-width: none !important;
+    -ms-overflow-style: none !important;
+    background-color: transparent !important;
+  }
+
+  :deep(.xterm-viewport::-webkit-scrollbar) {
+    display: none !important;
+  }
+
+  :deep(.xterm-screen) {
+    background-color: transparent !important;
+  }
+
+  :deep(.xterm-scrollable-element) {
+    scrollbar-width: none !important;
+    -ms-overflow-style: none !important;
+  }
+
+  :deep(.xterm-scrollable-element::-webkit-scrollbar) {
+    display: none !important;
+  }
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .terminal-panel-drawer {
+    height: 100%;
+    max-height: 100%;
+  }
+
+  .terminal-main {
+    min-height: 0;
+    min-width: 0;
+  }
+
+  .terminal-header {
+    padding: 8px;
+    gap: 6px;
+  }
+
+  .header-session-title {
+    display: none;
+  }
+
+  .header-actions {
+    width: 100%;
+    justify-content: flex-end;
+    gap: 6px;
+  }
+
+  .theme-select {
+    width: 96px;
+  }
+
+  .terminal-container {
+    margin: 6px;
+    margin-bottom: calc(6px + env(safe-area-inset-bottom, 0px));
+  }
+
+  .terminal-xterm {
+    border-radius: $radius-sm;
+
+    :deep(.xterm) {
+      padding: 6px;
+    }
+
+    :deep(.xterm-viewport),
+    :deep(.xterm-scrollable-element) {
+      touch-action: pan-y;
+      -webkit-overflow-scrolling: touch;
+      overscroll-behavior: contain;
+      scrollbar-width: thin !important;
+    }
+
+    :deep(.xterm-viewport::-webkit-scrollbar),
+    :deep(.xterm-scrollable-element::-webkit-scrollbar) {
+      display: block !important;
+      width: 6px !important;
+    }
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/ThinkingIndicator.vue b/packages/client/src/components/hermes/chat/ThinkingIndicator.vue
new file mode 100644
index 0000000..a86f6af
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/ThinkingIndicator.vue
@@ -0,0 +1,118 @@
+<template>
+  <div class="thinking-indicator" role="status" :aria-label="label">
+    <div class="thinking-indicator__mark">
+      <svg viewBox="0 0 48 48" fill="none" aria-hidden="true">
+        <defs>
+          <linearGradient id="thinking-grad" x1="6" y1="4" x2="42" y2="44" gradientUnits="userSpaceOnUse">
+            <stop stop-color="#2563eb" />
+            <stop offset="1" stop-color="#0891b2" />
+          </linearGradient>
+        </defs>
+        <rect x="6" y="6" width="36" height="36" rx="10" fill="url(#thinking-grad)" class="thinking-indicator__bg" />
+        <path d="M24 14 L30 24 L24 34 L18 24 Z" fill="rgba(255,255,255,0.9)" />
+        <circle cx="24" cy="22" r="3" fill="#ffffff" />
+      </svg>
+      <span class="thinking-indicator__ring" aria-hidden="true" />
+    </div>
+    <div class="thinking-indicator__dots" aria-hidden="true">
+      <span />
+      <span />
+      <span />
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+withDefaults(defineProps<{
+  label?: string
+}>(), {
+  label: '思考中',
+})
+</script>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.thinking-indicator {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  padding: 6px 4px;
+  flex-shrink: 0;
+}
+
+.thinking-indicator__mark {
+  position: relative;
+  width: 40px;
+  height: 40px;
+
+  svg {
+    width: 100%;
+    height: 100%;
+    display: block;
+    filter: drop-shadow(0 2px 8px rgba(var(--accent-primary-rgb), 0.25));
+  }
+}
+
+.thinking-indicator__bg {
+  transform-origin: center;
+  animation: thinking-breathe 2s ease-in-out infinite;
+}
+
+.thinking-indicator__ring {
+  position: absolute;
+  inset: -4px;
+  border-radius: 50%;
+  border: 2px solid rgba(var(--accent-primary-rgb), 0.35);
+  animation: thinking-ring 1.6s ease-out infinite;
+}
+
+.thinking-indicator__dots {
+  display: flex;
+  align-items: center;
+  gap: 5px;
+
+  span {
+    width: 6px;
+    height: 6px;
+    border-radius: 50%;
+    background: $accent-primary;
+    animation: thinking-dot 1.2s ease-in-out infinite;
+
+    &:nth-child(2) {
+      animation-delay: 0.15s;
+    }
+
+    &:nth-child(3) {
+      animation-delay: 0.3s;
+    }
+  }
+}
+
+@keyframes thinking-breathe {
+  0%, 100% { transform: scale(1); }
+  50% { transform: scale(1.04); }
+}
+
+@keyframes thinking-ring {
+  0% {
+    transform: scale(0.85);
+    opacity: 0.8;
+  }
+  100% {
+    transform: scale(1.35);
+    opacity: 0;
+  }
+}
+
+@keyframes thinking-dot {
+  0%, 80%, 100% {
+    transform: translateY(0);
+    opacity: 0.35;
+  }
+  40% {
+    transform: translateY(-4px);
+    opacity: 1;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/VirtualMessageList.vue b/packages/client/src/components/hermes/chat/VirtualMessageList.vue
new file mode 100644
index 0000000..cbd8fcc
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/VirtualMessageList.vue
@@ -0,0 +1,482 @@
+<script setup lang="ts">
+import { computed, nextTick, onBeforeUnmount, onMounted, ref, watch } from "vue";
+import {
+  DynamicScroller,
+  DynamicScrollerItem,
+  type DynamicScrollerExposed,
+  type ScrollToOptions,
+} from "vue-virtual-scroller";
+import "vue-virtual-scroller/dist/vue-virtual-scroller.css";
+
+type VirtualItem = {
+  id: string | number;
+}
+
+type AnchorAlign = "start" | "center";
+type AnchorTarget = {
+  token: number;
+  index: number;
+  messageId: string;
+  anchorId: string;
+  align: AnchorAlign;
+}
+type BottomScrollOptions = number | {
+  frames?: number;
+  keepAliveMs?: number;
+}
+type ViewportScrollSnapshot = {
+  scrollTop: number;
+  scrollHeight: number;
+  clientHeight: number;
+  wasNearBottom: boolean;
+}
+
+const props = withDefaults(defineProps<{
+  messages: VirtualItem[];
+  estimatedItemHeight?: number;
+  overscan?: number;
+  rowGap?: number;
+  padding?: string;
+  topThreshold?: number;
+}>(), {
+  estimatedItemHeight: 180,
+  overscan: 8,
+  rowGap: 16,
+  padding: "20px",
+  topThreshold: 120,
+});
+
+const emit = defineEmits<{
+  scroll: [];
+  topReach: [];
+}>();
+
+defineSlots<{
+  empty?: () => any;
+  before?: () => any;
+  item?: (props: { message: any }) => any;
+  after?: () => any;
+}>();
+
+const hostRef = ref<HTMLElement | null>(null);
+const scrollerRef = ref<DynamicScrollerExposed<VirtualItem> | null>(null);
+const scrollTop = ref(0);
+const viewportHeight = ref(0);
+let keepBottomUntil = 0;
+let bottomFrame: number | null = null;
+let bottomFrameRemaining = 0;
+let bottomFrameAttempts = 0;
+let anchorFrame: number | null = null;
+let anchorToken = 0;
+let activeAnchorTarget: AnchorTarget | null = null;
+let viewportRestoreFrame: number | null = null;
+
+const messageKeys = computed(() => props.messages.map(messageKey));
+const bufferPx = computed(() => Math.max(props.estimatedItemHeight, props.estimatedItemHeight * props.overscan));
+
+function messageKey(message: VirtualItem): string {
+  return String(message.id);
+}
+
+function getScrollerElement(): HTMLElement | null {
+  return hostRef.value?.querySelector<HTMLElement>(".virtual-message-list") ?? null;
+}
+
+function syncViewport() {
+  const el = getScrollerElement();
+  if (!el) return;
+  scrollTop.value = el.scrollTop;
+  viewportHeight.value = el.clientHeight;
+}
+
+function handleScroll() {
+  syncViewport();
+  emit("scroll");
+  if (scrollTop.value <= props.topThreshold) emit("topReach");
+}
+
+function handleResize() {
+  syncViewport();
+  if (Date.now() < keepBottomUntil || isNearBottom(64)) scheduleScrollToBottom(2);
+  if (activeAnchorTarget) scheduleAnchorAlignment(activeAnchorTarget.token, 4);
+}
+
+function isNearBottom(threshold = 200): boolean {
+  const el = getScrollerElement();
+  if (!el) return true;
+  return el.scrollHeight - el.scrollTop - el.clientHeight < threshold;
+}
+
+function scrollToBottom(options: BottomScrollOptions = {}) {
+  const frames = typeof options === "number" ? options : options.frames ?? 5;
+  const keepAliveMs = typeof options === "number" ? 700 : options.keepAliveMs ?? 700;
+  keepBottomUntil = Date.now() + keepAliveMs;
+  nextTick(() => {
+    scheduleScrollToBottom(frames);
+  });
+}
+
+function setScrollToBottomNow(): boolean {
+  const el = getScrollerElement();
+  scrollerRef.value?.scrollToBottom();
+  if (el) {
+    el.scrollTop = Math.max(0, el.scrollHeight - el.clientHeight);
+    syncViewport();
+    return true;
+  }
+  return false;
+}
+
+function scheduleScrollToBottom(frames = 1) {
+  bottomFrameRemaining = Math.max(bottomFrameRemaining, frames);
+  if (bottomFrame != null) return;
+
+  const step = () => {
+    const scrolled = setScrollToBottomNow();
+    if (scrolled) {
+      bottomFrameAttempts = 0;
+      bottomFrameRemaining -= 1;
+    } else {
+      bottomFrameAttempts += 1;
+    }
+    if (bottomFrameRemaining <= 0) {
+      bottomFrame = null;
+      bottomFrameRemaining = 0;
+      bottomFrameAttempts = 0;
+      return;
+    }
+    if (bottomFrameAttempts > 30) {
+      bottomFrame = null;
+      bottomFrameRemaining = 0;
+      bottomFrameAttempts = 0;
+      return;
+    }
+    bottomFrame = requestAnimationFrame(step);
+  };
+
+  bottomFrame = requestAnimationFrame(step);
+}
+
+function findTargetElement(messageId: string, anchorId: string): HTMLElement | null {
+  const el = getScrollerElement();
+  if (!el) return null;
+
+  const anchor = document.getElementById(anchorId);
+  if (anchor instanceof HTMLElement && el.contains(anchor)) return anchor;
+
+  const message = document.getElementById(`message-${messageId}`);
+  if (message instanceof HTMLElement && el.contains(message)) return message;
+
+  return null;
+}
+
+function alignElement(targetEl: HTMLElement, align: AnchorAlign) {
+  const el = getScrollerElement();
+  if (!el) return;
+
+  const scrollerRect = el.getBoundingClientRect();
+  const targetRect = targetEl.getBoundingClientRect();
+  const delta = align === "center"
+    ? targetRect.top + targetRect.height / 2 - (scrollerRect.top + scrollerRect.height / 2)
+    : targetRect.top - scrollerRect.top - 24;
+
+  if (Math.abs(delta) > 1) {
+    el.scrollTop = Math.max(0, el.scrollTop + delta);
+  }
+  syncViewport();
+}
+
+function scrollToItem(index: number, options?: ScrollToOptions) {
+  scrollerRef.value?.scrollToItem(index, options);
+  syncViewport();
+}
+
+function scheduleAnchorAlignment(token: number, frames = 1) {
+  if (anchorFrame != null) cancelAnimationFrame(anchorFrame);
+
+  const step = (remaining: number) => {
+    const target = activeAnchorTarget;
+    if (!target || target.token !== token) {
+      anchorFrame = null;
+      return;
+    }
+
+    const targetEl = findTargetElement(target.messageId, target.anchorId);
+    if (targetEl) {
+      alignElement(targetEl, target.align);
+    } else {
+      scrollToItem(target.index, {
+        align: target.align,
+        offset: target.align === "start" ? -24 : 0,
+      });
+    }
+
+    if (remaining <= 1) {
+      anchorFrame = null;
+      activeAnchorTarget = null;
+      return;
+    }
+    anchorFrame = requestAnimationFrame(() => step(remaining - 1));
+  };
+
+  anchorFrame = requestAnimationFrame(() => step(frames));
+}
+
+function cancelAnchorAlignment() {
+  anchorToken += 1;
+  activeAnchorTarget = null;
+  if (anchorFrame != null) {
+    cancelAnimationFrame(anchorFrame);
+    anchorFrame = null;
+  }
+}
+
+function scrollToMessage(messageId: string) {
+  const index = props.messages.findIndex(message => String(message.id) === messageId);
+  if (index < 0) return;
+
+  cancelAnchorAlignment();
+  const token = anchorToken;
+  activeAnchorTarget = {
+    token,
+    index,
+    messageId,
+    anchorId: `message-${messageId}`,
+    align: "center",
+  };
+
+  nextTick(() => {
+    scrollToItem(index, { align: "center" });
+    scheduleAnchorAlignment(token, 8);
+  });
+}
+
+function scrollToAnchor(messageId: string, anchorId: string) {
+  const index = props.messages.findIndex(message => String(message.id) === messageId);
+  if (index < 0) return;
+
+  cancelAnchorAlignment();
+  const token = anchorToken;
+  activeAnchorTarget = {
+    token,
+    index,
+    messageId,
+    anchorId,
+    align: "start",
+  };
+
+  nextTick(() => {
+    scrollToItem(index, { align: "start", offset: -24 });
+    scheduleAnchorAlignment(token, 10);
+  });
+}
+
+function captureScrollPosition() {
+  const el = getScrollerElement();
+  if (!el) return null;
+  return {
+    scrollTop: el.scrollTop,
+    scrollHeight: el.scrollHeight,
+  };
+}
+
+function restoreScrollPosition(snapshot: { scrollTop: number; scrollHeight: number } | null) {
+  if (!snapshot) return;
+  nextTick(() => {
+    const el = getScrollerElement();
+    if (!el) return;
+    const nextScrollTop = Math.max(0, el.scrollHeight - snapshot.scrollHeight + snapshot.scrollTop);
+    scrollerRef.value?.scrollToPosition(nextScrollTop);
+    el.scrollTop = nextScrollTop;
+    syncViewport();
+  });
+}
+
+function captureViewportPosition(): ViewportScrollSnapshot | null {
+  const el = getScrollerElement();
+  if (!el) return null;
+  return {
+    scrollTop: el.scrollTop,
+    scrollHeight: el.scrollHeight,
+    clientHeight: el.clientHeight,
+    wasNearBottom: isNearBottom(64),
+  };
+}
+
+function restoreViewportPosition(snapshot: ViewportScrollSnapshot | null, frames = 4) {
+  if (!snapshot) return;
+  keepBottomUntil = 0;
+  if (bottomFrame != null) {
+    cancelAnimationFrame(bottomFrame);
+    bottomFrame = null;
+    bottomFrameRemaining = 0;
+    bottomFrameAttempts = 0;
+  }
+  if (viewportRestoreFrame != null) cancelAnimationFrame(viewportRestoreFrame);
+
+  nextTick(() => {
+    let remaining = frames;
+    const step = () => {
+      const el = getScrollerElement();
+      if (!el) {
+        viewportRestoreFrame = null;
+        return;
+      }
+      const maxScrollTop = Math.max(0, el.scrollHeight - el.clientHeight);
+      const nextScrollTop = Math.min(maxScrollTop, Math.max(0, snapshot.scrollTop));
+      scrollerRef.value?.scrollToPosition(nextScrollTop);
+      el.scrollTop = nextScrollTop;
+      syncViewport();
+
+      remaining -= 1;
+      if (remaining <= 0) {
+        viewportRestoreFrame = null;
+        return;
+      }
+      viewportRestoreFrame = requestAnimationFrame(step);
+    };
+    viewportRestoreFrame = requestAnimationFrame(step);
+  });
+}
+
+let resizeObserver: ResizeObserver | null = null;
+
+onMounted(() => {
+  nextTick(() => {
+    syncViewport();
+    const el = getScrollerElement();
+    if (el && typeof ResizeObserver !== "undefined") {
+      resizeObserver = new ResizeObserver(handleResize);
+      resizeObserver.observe(el);
+    }
+  });
+});
+
+onBeforeUnmount(() => {
+  if (bottomFrame != null) cancelAnimationFrame(bottomFrame);
+  bottomFrameRemaining = 0;
+  bottomFrameAttempts = 0;
+  if (anchorFrame != null) cancelAnimationFrame(anchorFrame);
+  if (viewportRestoreFrame != null) cancelAnimationFrame(viewportRestoreFrame);
+  resizeObserver?.disconnect();
+});
+
+watch(messageKeys, () => {
+  cancelAnchorAlignment();
+  nextTick(syncViewport);
+});
+
+defineExpose({
+  isNearBottom,
+  scrollToBottom,
+  scrollToMessage,
+  scrollToAnchor,
+  captureScrollPosition,
+  restoreScrollPosition,
+  captureViewportPosition,
+  restoreViewportPosition,
+});
+</script>
+
+<template>
+  <div
+    ref="hostRef"
+    class="virtual-message-list-host"
+    :style="{ '--virtual-row-gap': `${rowGap}px`, '--virtual-list-padding': padding }"
+  >
+    <DynamicScroller
+      ref="scrollerRef"
+      class="virtual-message-list"
+      :items="messages"
+      key-field="id"
+      :min-item-size="estimatedItemHeight"
+      :buffer="bufferPx"
+      :flow-mode="true"
+      :prerender="overscan"
+      @scroll.passive="handleScroll"
+      @resize="handleResize"
+      @visible="syncViewport"
+    >
+      <template #before>
+        <slot v-if="messages.length > 0" name="before" />
+      </template>
+      <template #default="{ item, index, active }">
+        <DynamicScrollerItem
+          :item="item"
+          :index="index"
+          :active="active"
+          class="virtual-row"
+        >
+          <slot v-if="active" name="item" :message="item" />
+        </DynamicScrollerItem>
+      </template>
+      <template #after>
+        <slot v-if="messages.length > 0" name="after" />
+      </template>
+    </DynamicScroller>
+    <div v-if="messages.length === 0 && $slots.empty" class="virtual-message-list-empty">
+      <slot name="empty" />
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.virtual-message-list-host {
+  flex: 1;
+  min-height: 0;
+  display: flex;
+  position: relative;
+  animation: message-list-fade-in 1.5s ease both;
+}
+
+.virtual-message-list {
+  flex: 1;
+  min-height: 0;
+  padding: var(--virtual-list-padding);
+  box-sizing: border-box;
+  background-color: $bg-card;
+
+  .dark & {
+    background-color: #333333;
+  }
+}
+
+.virtual-row {
+  box-sizing: border-box;
+  padding-bottom: var(--virtual-row-gap);
+}
+
+.virtual-message-list-empty {
+  position: absolute;
+  inset: var(--virtual-list-padding);
+  display: grid;
+  place-items: center;
+  min-width: 0;
+  min-height: 0;
+  pointer-events: auto;
+}
+
+.virtual-message-list-empty :deep(.empty-state) {
+  width: 100%;
+  height: 100%;
+  min-height: 0;
+}
+
+@keyframes message-list-fade-in {
+  from {
+    opacity: 0;
+  }
+
+  to {
+    opacity: 1;
+  }
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .virtual-message-list-host {
+    animation: none;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/chat/highlight.ts b/packages/client/src/components/hermes/chat/highlight.ts
new file mode 100644
index 0000000..30a2ae3
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/highlight.ts
@@ -0,0 +1,103 @@
+import hljs from 'highlight.js'
+import { copyToClipboard } from '@/utils/clipboard'
+
+const LANGUAGE_ALIASES: Record<string, string> = {
+  shellscript: 'bash',
+  sh: 'bash',
+  zsh: 'bash',
+  yml: 'yaml',
+  vue: 'xml',
+}
+
+function escapeHtml(value: string): string {
+  return value
+    .replaceAll('&', '&amp;')
+    .replaceAll('<', '&lt;')
+    .replaceAll('>', '&gt;')
+    .replaceAll('"', '&quot;')
+    .replaceAll("'", '&#39;')
+}
+
+function sanitizeLanguageClass(value: string): string {
+  return value.replace(/[^a-z0-9_-]/gi, '-') || 'plain'
+}
+
+export function normalizeHighlightLanguage(lang?: string): string {
+  const normalized = lang?.trim().toLowerCase() || ''
+  return LANGUAGE_ALIASES[normalized] || normalized
+}
+
+export function inferStructuredLanguage(content: string): string | undefined {
+  try {
+    JSON.parse(content)
+    return 'json'
+  } catch {
+    return undefined
+  }
+}
+
+type RenderHighlightedCodeBlockOptions = {
+  maxHighlightLength?: number
+}
+
+export function renderHighlightedCodeBlock(
+  content: string,
+  lang: string | undefined,
+  copyLabel: string,
+  options: RenderHighlightedCodeBlockOptions = {},
+): string {
+  const requestedLanguage = lang?.trim().toLowerCase() || ''
+  const normalizedLanguage = normalizeHighlightLanguage(requestedLanguage)
+  const highlightLimit = options.maxHighlightLength ?? Number.POSITIVE_INFINITY
+
+  let highlighted = ''
+  let codeClassLanguage = normalizedLanguage || requestedLanguage || 'plain'
+  let labelLanguage = requestedLanguage
+
+  try {
+    if (normalizedLanguage && hljs.getLanguage(normalizedLanguage) && content.length <= highlightLimit) {
+      highlighted = hljs.highlight(content, {
+        language: normalizedLanguage,
+        ignoreIllegals: true,
+      }).value
+      codeClassLanguage = normalizedLanguage
+    } else {
+      highlighted = escapeHtml(content)
+      if (!labelLanguage) {
+        labelLanguage = 'text'
+      }
+    }
+  } catch {
+    highlighted = escapeHtml(content)
+    if (!labelLanguage) {
+      labelLanguage = 'text'
+    }
+  }
+
+  const languageLabelHtml = labelLanguage
+    ? `<span class="code-lang">${escapeHtml(labelLanguage)}</span>`
+    : ''
+
+  return `<pre class="hljs-code-block"><div class="code-header">${languageLabelHtml}<button type="button" class="copy-btn" data-copy-code="true">${escapeHtml(copyLabel)}</button></div><code class="hljs language-${sanitizeLanguageClass(codeClassLanguage)}">${highlighted}</code></pre>`
+}
+
+export async function copyTextToClipboard(text: string): Promise<boolean> {
+  return copyToClipboard(text)
+}
+
+export async function handleCodeBlockCopyClick(event: MouseEvent): Promise<boolean | null> {
+  const target = event.target
+  if (!(target instanceof HTMLElement)) return null
+
+  const button = target.closest<HTMLElement>('[data-copy-code="true"]')
+  if (!button) return null
+
+  event.preventDefault()
+
+  const block = button.closest('.hljs-code-block')
+  const code = block?.querySelector('code')
+  const text = code?.textContent ?? ''
+  if (!text) return false
+
+  return copyTextToClipboard(text)
+}
diff --git a/packages/client/src/components/hermes/chat/markdownFenceRepair.ts b/packages/client/src/components/hermes/chat/markdownFenceRepair.ts
new file mode 100644
index 0000000..9c8dd38
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/markdownFenceRepair.ts
@@ -0,0 +1,216 @@
+const MARKDOWN_FENCE_LANGUAGES = new Set(['md', 'markdown', 'mdown', 'mkd'])
+
+type FenceInfo = {
+  indent: string
+  marker: string
+  fence: string
+  length: number
+  info: string
+}
+
+function parseFence(line: string): FenceInfo | null {
+  const match = line.match(/^( {0,3})(`{3,}|~{3,})(.*)$/)
+  if (!match) return null
+
+  const [, indent, fence, rawInfo = ''] = match
+  const marker = fence[0]
+  const info = rawInfo.trim()
+
+  // CommonMark permits backticks in tilde-fence info strings, but not in
+  // backtick-fence info strings. Keeping this distinction prevents inline-ish
+  // malformed backtick text from being promoted into a fence opener.
+  if (marker === '`' && info.includes('`')) return null
+
+  return {
+    indent,
+    marker,
+    fence,
+    length: fence.length,
+    info,
+  }
+}
+
+function serializeFence(fence: FenceInfo, length = fence.length, info = fence.info): string {
+  return `${fence.indent}${fence.marker.repeat(length)}${info ? ` ${info}` : ''}`
+}
+
+function isMarkdownFence(fence: FenceInfo): boolean {
+  const language = fence.info.split(/\s+/)[0]?.toLowerCase()
+  return MARKDOWN_FENCE_LANGUAGES.has(language)
+}
+
+function isClosingFence(line: string, opener: FenceInfo): boolean {
+  const fence = parseFence(line)
+  return Boolean(
+    fence
+    && fence.marker === opener.marker
+    && fence.length >= opener.length
+    && fence.info === '',
+  )
+}
+
+function findLastNonEmptyLine(lines: string[], start = lines.length - 1): number {
+  let index = start
+  while (index >= 0 && lines[index].trim() === '') {
+    index -= 1
+  }
+  return index
+}
+
+function findFinalClosingFence(lines: string[], opener: FenceInfo, start: number): number {
+  for (let i = findLastNonEmptyLine(lines); i > start; i -= 1) {
+    if (isClosingFence(lines[i], opener)) {
+      return i
+    }
+  }
+  return -1
+}
+
+type OpenFence = {
+  marker: string
+  length: number
+}
+
+function canBalanceNestedFences(lines: string[], marker: string): boolean {
+  const stack: OpenFence[] = []
+  let sawFence = false
+
+  for (const line of lines) {
+    const fence = parseFence(line)
+    if (!fence || fence.marker !== marker) continue
+
+    sawFence = true
+    const current = stack[stack.length - 1]
+    if (fence.info === '' && current && fence.length >= current.length) {
+      stack.pop()
+      continue
+    }
+
+    // Inside a Markdown example, an unlabeled fence can be either a closing
+    // fence or a literal nested unlabeled example opener. If there is no nested
+    // opener waiting to close, treat it as the latter while evaluating a later
+    // candidate closing fence for the outer example.
+    stack.push({ marker: fence.marker, length: fence.length })
+  }
+
+  return sawFence && stack.length === 0
+}
+
+function findBalancedClosingFence(lines: string[], opener: FenceInfo, start: number): number {
+  const candidates: number[] = []
+
+  for (let i = start; i < lines.length; i += 1) {
+    const fence = parseFence(lines[i])
+    if (
+      fence
+      && fence.marker === opener.marker
+      && fence.info === ''
+      && fence.length >= opener.length
+    ) {
+      candidates.push(i)
+    }
+  }
+
+  for (let i = candidates.length - 1; i >= 0; i -= 1) {
+    const candidate = candidates[i]
+    if (canBalanceNestedFences(lines.slice(start, candidate), opener.marker)) {
+      return candidate
+    }
+  }
+
+  return candidates[0] ?? -1
+}
+
+function maxFenceLength(lines: string[], marker: string): number {
+  let maxLength = 0
+  for (const line of lines) {
+    const fence = parseFence(line)
+    if (fence?.marker === marker) {
+      maxLength = Math.max(maxLength, fence.length)
+    }
+  }
+  return maxLength
+}
+
+function promoteMarkdownExampleFences(lines: string[]): string[] {
+  const output: string[] = []
+
+  for (let i = 0; i < lines.length; i += 1) {
+    const opener = parseFence(lines[i])
+    if (!opener || !isMarkdownFence(opener)) {
+      output.push(lines[i])
+      continue
+    }
+
+    const balancedClose = findBalancedClosingFence(lines, opener, i + 1)
+    if (balancedClose === -1) {
+      output.push(lines[i])
+      continue
+    }
+
+    const body = lines.slice(i + 1, balancedClose)
+    const innerMaxLength = maxFenceLength(body, opener.marker)
+    if (innerMaxLength >= opener.length) {
+      const promotedLength = innerMaxLength + 1
+      output.push(serializeFence(opener, promotedLength))
+      output.push(...body)
+      output.push(serializeFence(opener, promotedLength, ''))
+    } else {
+      output.push(lines[i])
+      output.push(...body)
+      output.push(lines[balancedClose])
+    }
+
+    i = balancedClose
+  }
+
+  return output
+}
+
+/**
+ * LLMs often wrap a complete PR draft or Markdown answer in an outer
+ * ```md fence. Showing that outer wrapper as a code block makes the UI look
+ * like Markdown rendering is broken: headings, lists, and inline code remain
+ * literal text. Strip only that outer draft wrapper before handing content to
+ * markdown-it.
+ *
+ * The unwrapped draft can still contain Markdown examples that themselves
+ * contain fenced examples. CommonMark closes fences at the first same-marker
+ * line with at least the opener length, so a malformed example like
+ * ```md ... ```md ... ``` ... ``` must be normalized by making the example's
+ * outer fence longer than the literal fences inside it.
+ */
+export function repairNestedMarkdownFences(content: string): string {
+  if (!content.includes('```') && !content.includes('~~~')) return content
+
+  const lines = content.split('\n')
+  const output: string[] = []
+  let changed = false
+
+  for (let i = 0; i < lines.length; i += 1) {
+    const opener = parseFence(lines[i])
+    if (!opener || !isMarkdownFence(opener)) {
+      output.push(lines[i])
+      continue
+    }
+
+    const finalClose = findFinalClosingFence(lines, opener, i + 1)
+    if (finalClose === -1) {
+      output.push(lines[i])
+      continue
+    }
+
+    const lastNonEmpty = findLastNonEmptyLine(lines)
+    if (finalClose !== lastNonEmpty) {
+      output.push(lines[i])
+      continue
+    }
+
+    output.push(...promoteMarkdownExampleFences(lines.slice(i + 1, finalClose)))
+    output.push(...lines.slice(finalClose + 1))
+    changed = true
+    break
+  }
+
+  return changed ? output.join('\n') : content
+}
diff --git a/packages/client/src/components/hermes/chat/mermaidRenderer.ts b/packages/client/src/components/hermes/chat/mermaidRenderer.ts
new file mode 100644
index 0000000..ed6ecea
--- /dev/null
+++ b/packages/client/src/components/hermes/chat/mermaidRenderer.ts
@@ -0,0 +1,46 @@
+const MERMAID_LANGUAGE = 'mermaid'
+
+export const MERMAID_MAX_DIAGRAMS_PER_MESSAGE = 4
+export const MERMAID_MAX_SOURCE_LENGTH = 20_000
+export const MERMAID_RENDER_TIMEOUT_MS = 5_000
+export const SUPPORT_PREVIEW_FILE_TYPES = ['txt', 'md', 'json', 'csv', 'log', 'py', 'yaml', 'yml', 'toml', 'sh', 'xml', 'html', 'css', 'js', 'ts', 'rs', 'go', 'java', 'c', 'cpp', 'h']
+      
+function escapeHtml(value: string): string {
+  return value
+    .replaceAll('&', '&amp;')
+    .replaceAll('<', '&lt;')
+    .replaceAll('>', '&gt;')
+    .replaceAll('"', '&quot;')
+    .replaceAll("'", '&#39;')
+}
+
+export function getFenceLanguage(info: string | undefined): string {
+  return info?.trim().split(/\s+/)[0]?.toLowerCase() || ''
+}
+
+export function isMermaidFence(info: string | undefined): boolean {
+  return getFenceLanguage(info) === MERMAID_LANGUAGE
+}
+
+export function encodeMermaidSource(source: string): string {
+  return encodeURIComponent(source)
+}
+
+export function decodeMermaidSource(encoded: string | null | undefined): string {
+  if (!encoded) return ''
+
+  try {
+    return decodeURIComponent(encoded)
+  } catch {
+    return ''
+  }
+}
+
+export function renderMermaidPlaceholder(source: string): string {
+  return [
+    '<div class="mermaid-diagram" data-mermaid-pending="true"',
+    ` data-mermaid-source="${escapeHtml(encodeMermaidSource(source))}">`,
+    '<div class="mermaid-loading">Rendering Mermaid diagram…</div>',
+    '</div>',
+  ].join('')
+}
diff --git a/packages/client/src/components/hermes/files/FileBreadcrumb.vue b/packages/client/src/components/hermes/files/FileBreadcrumb.vue
new file mode 100644
index 0000000..dacd1b5
--- /dev/null
+++ b/packages/client/src/components/hermes/files/FileBreadcrumb.vue
@@ -0,0 +1,40 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+import { NBreadcrumb, NBreadcrumbItem } from 'naive-ui'
+import { useFilesStore } from '@/stores/hermes/files'
+
+const { t } = useI18n()
+const filesStore = useFilesStore()
+
+function handleClick(index: number) {
+  if (index < 0) {
+    filesStore.navigateTo('')
+  } else {
+    const path = filesStore.pathSegments.slice(0, index + 1).join('/')
+    filesStore.navigateTo(path)
+  }
+}
+</script>
+
+<template>
+  <div class="file-breadcrumb">
+    <NBreadcrumb>
+      <NBreadcrumbItem @click="handleClick(-1)">
+        {{ t('files.breadcrumbRoot') }}
+      </NBreadcrumbItem>
+      <NBreadcrumbItem
+        v-for="(segment, index) in filesStore.pathSegments"
+        :key="index"
+        @click="handleClick(index)"
+      >
+        {{ segment }}
+      </NBreadcrumbItem>
+    </NBreadcrumb>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.file-breadcrumb {
+  padding: 0 16px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/files/FileContextMenu.vue b/packages/client/src/components/hermes/files/FileContextMenu.vue
new file mode 100644
index 0000000..f36834f
--- /dev/null
+++ b/packages/client/src/components/hermes/files/FileContextMenu.vue
@@ -0,0 +1,126 @@
+<script setup lang="ts">
+import { ref, nextTick } from 'vue'
+import { NDropdown, useMessage, useDialog } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useFilesStore, isTextFile, isImageFile, isMarkdownFile } from '@/stores/hermes/files'
+import { downloadFile } from '@/api/hermes/download'
+import type { FileEntry } from '@/api/hermes/files'
+import { copyToClipboard } from '@/utils/clipboard'
+import { getClipboardPathForEntry } from '@/utils/file-path'
+
+const { t } = useI18n()
+const message = useMessage()
+const dialog = useDialog()
+const filesStore = useFilesStore()
+
+const showMenu = ref(false)
+const menuX = ref(0)
+const menuY = ref(0)
+const targetEntry = ref<FileEntry | null>(null)
+
+const emit = defineEmits<{
+  (e: 'rename', entry: FileEntry): void
+}>()
+
+function show(e: MouseEvent, entry: FileEntry) {
+  targetEntry.value = entry
+  menuX.value = e.clientX
+  menuY.value = e.clientY
+  showMenu.value = false
+  nextTick(() => {
+    showMenu.value = true
+  })
+}
+
+function getOptions() {
+  const entry = targetEntry.value
+  if (!entry) return []
+  const options: any[] = []
+
+  if (entry.isDir) {
+    options.push({ label: t('files.open'), key: 'open' })
+  } else {
+    if (isTextFile(entry.name)) {
+      options.push({ label: t('files.edit'), key: 'edit' })
+    }
+    if (isImageFile(entry.name) || isMarkdownFile(entry.name)) {
+      options.push({ label: t('files.preview'), key: 'preview' })
+    }
+    options.push({ label: t('files.download'), key: 'download' })
+  }
+  options.push({ type: 'divider', key: 'd1' })
+  options.push({ label: t('files.copyPath'), key: 'copyPath' })
+  options.push({ label: t('files.rename'), key: 'rename' })
+  options.push({ type: 'divider', key: 'd2' })
+  options.push({ label: t('files.delete'), key: 'delete' })
+  return options
+}
+
+async function handleSelect(key: string) {
+  showMenu.value = false
+  const entry = targetEntry.value
+  if (!entry) return
+
+  switch (key) {
+    case 'open':
+      filesStore.navigateTo(entry.path)
+      break
+    case 'edit':
+      try { await filesStore.openEditor(entry.path) } catch { message.error(t('files.backendError')) }
+      break
+    case 'preview':
+      try { await filesStore.openPreview(entry) } catch { message.error(t('files.backendError')) }
+      break
+    case 'download':
+      try { await downloadFile(entry.path, entry.name) } catch (err: any) { message.error(err.message) }
+      break
+    case 'copyPath': {
+      const ok = await copyToClipboard(getClipboardPathForEntry(entry))
+      if (ok) {
+        message.success(t('files.pathCopied'))
+      } else {
+        message.error(t('files.pathCopied') + ' ✗')
+      }
+      break
+    }
+    case 'rename':
+      emit('rename', entry)
+      break
+    case 'delete':
+      dialog.warning({
+        title: t('files.delete'),
+        content: entry.isDir ? t('files.confirmDeleteDir', { name: entry.name }) : t('files.confirmDelete', { name: entry.name }),
+        positiveText: t('common.delete'),
+        negativeText: t('common.cancel'),
+        onPositiveClick: async () => {
+          try {
+            await filesStore.deleteEntry(entry)
+            message.success(t('files.deleted'))
+          } catch {
+            message.error(t('files.deleteFailed'))
+          }
+        },
+      })
+      break
+  }
+}
+
+function handleClickOutside() {
+  showMenu.value = false
+}
+
+defineExpose({ show })
+</script>
+
+<template>
+  <NDropdown
+    :show="showMenu"
+    :x="menuX"
+    :y="menuY"
+    :options="getOptions()"
+    placement="bottom-start"
+    trigger="manual"
+    @select="handleSelect"
+    @clickoutside="handleClickOutside"
+  />
+</template>
diff --git a/packages/client/src/components/hermes/files/FileEditor.vue b/packages/client/src/components/hermes/files/FileEditor.vue
new file mode 100644
index 0000000..347076f
--- /dev/null
+++ b/packages/client/src/components/hermes/files/FileEditor.vue
@@ -0,0 +1,141 @@
+<script setup lang="ts">
+import { ref, onMounted, onBeforeUnmount } from 'vue'
+import { NButton, NSpace, useMessage, useDialog } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useFilesStore } from '@/stores/hermes/files'
+import * as monaco from 'monaco-editor'
+
+// Configure Monaco workers using import.meta.url
+;(self as any).MonacoEnvironment = {
+  getWorker(_: any, _label: string) {
+    return new Worker(
+      new URL('monaco-editor/esm/vs/editor/editor.worker.js', import.meta.url),
+      { type: 'module' }
+    )
+  },
+}
+
+const { t } = useI18n()
+const message = useMessage()
+const dialogApi = useDialog()
+const filesStore = useFilesStore()
+
+const editorContainer = ref<HTMLElement | null>(null)
+let editor: monaco.editor.IStandaloneCodeEditor | null = null
+const saving = ref(false)
+
+onMounted(() => {
+  if (!editorContainer.value || !filesStore.editingFile) return
+
+  editor = monaco.editor.create(editorContainer.value, {
+    value: filesStore.editingFile.content,
+    language: filesStore.editingFile.language,
+    theme: document.documentElement.classList.contains('dark') ? 'vs-dark' : 'vs',
+    minimap: { enabled: false },
+    fontSize: 13,
+    lineNumbers: 'on',
+    scrollBeyondLastLine: false,
+    automaticLayout: true,
+    tabSize: 2,
+    wordWrap: 'on',
+  })
+
+  editor.onDidChangeModelContent(() => {
+    if (filesStore.editingFile) {
+      filesStore.editingFile.content = editor!.getValue()
+    }
+  })
+
+  // Ctrl/Cmd + S to save
+  editor.addCommand(monaco.KeyMod.CtrlCmd | monaco.KeyCode.KeyS, () => {
+    handleSave()
+  })
+})
+
+onBeforeUnmount(() => {
+  editor?.dispose()
+  editor = null
+})
+
+async function handleSave() {
+  saving.value = true
+  try {
+    await filesStore.saveEditor()
+    message.success(t('files.saved'))
+  } catch {
+    message.error(t('files.saveFailed'))
+  } finally {
+    saving.value = false
+  }
+}
+
+function handleClose() {
+  if (filesStore.hasUnsavedChanges) {
+    dialogApi.warning({
+      title: t('files.unsavedChanges'),
+      positiveText: t('common.ok'),
+      negativeText: t('common.cancel'),
+      onPositiveClick: () => {
+        filesStore.closeEditor()
+      },
+    })
+  } else {
+    filesStore.closeEditor()
+  }
+}
+</script>
+
+<template>
+  <div class="file-editor">
+    <div class="editor-header">
+      <span class="editor-filename">{{ filesStore.editingFile?.path }}</span>
+      <NSpace>
+        <NButton size="small" type="primary" :loading="saving" @click="handleSave">
+          {{ t('files.saveFile') }}
+        </NButton>
+        <NButton size="small" @click="handleClose">
+          {{ t('files.closeEditor') }}
+        </NButton>
+      </NSpace>
+    </div>
+    <div ref="editorContainer" class="editor-container" />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.file-editor {
+  display: flex;
+  flex-direction: column;
+  height: 100%;
+}
+
+.editor-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 8px 16px;
+  border-bottom: 1px solid $border-color;
+  background-color: $bg-card;
+}
+
+.editor-filename {
+  font-size: 13px;
+  color: $text-secondary;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  max-width: 300px;
+
+  @media (max-width: $breakpoint-mobile) {
+    max-width: 120px;
+    font-size: 12px;
+  }
+}
+
+.editor-container {
+  flex: 1;
+  min-height: 0;
+}
+</style>
diff --git a/packages/client/src/components/hermes/files/FileList.vue b/packages/client/src/components/hermes/files/FileList.vue
new file mode 100644
index 0000000..37adc78
--- /dev/null
+++ b/packages/client/src/components/hermes/files/FileList.vue
@@ -0,0 +1,212 @@
+<script setup lang="ts">
+import { NButton, NSpin, NEmpty, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useFilesStore, isImageFile, isMarkdownFile, isTextFile } from '@/stores/hermes/files'
+import { downloadFile } from '@/api/hermes/download'
+import type { FileEntry } from '@/api/hermes/files'
+
+const { t } = useI18n()
+const message = useMessage()
+const filesStore = useFilesStore()
+
+const emit = defineEmits<{
+  (e: 'contextmenu-entry', event: MouseEvent, entry: FileEntry): void
+}>()
+
+function formatSize(bytes: number): string {
+  if (bytes === 0) return '—'
+  const units = ['B', 'KB', 'MB', 'GB']
+  let i = 0
+  let size = bytes
+  while (size >= 1024 && i < units.length - 1) {
+    size /= 1024
+    i++
+  }
+  return `${size.toFixed(i === 0 ? 0 : 1)} ${units[i]}`
+}
+
+function formatDate(iso: string): string {
+  if (!iso) return '—'
+  const d = new Date(iso)
+  return d.toLocaleString()
+}
+
+function getFileIcon(entry: FileEntry): string {
+  if (entry.isDir) return '📁'
+  const ext = entry.name.split('.').pop()?.toLowerCase() || ''
+  const iconMap: Record<string, string> = {
+    yaml: '⚙️', yml: '⚙️', json: '📋', toml: '⚙️',
+    md: '📝', txt: '📄', log: '📄',
+    py: '🐍', js: '📜', ts: '📜', vue: '💚',
+    png: '🖼️', jpg: '🖼️', jpeg: '🖼️', gif: '🖼️', svg: '🖼️', webp: '🖼️',
+    zip: '📦', gz: '📦', tar: '📦',
+    sh: '⚡', bash: '⚡',
+  }
+  return iconMap[ext] || '📄'
+}
+
+function handleDoubleClick(entry: FileEntry) {
+  if (entry.isDir) {
+    filesStore.navigateTo(entry.path)
+  } else if (isTextFile(entry.name)) {
+    filesStore.openEditor(entry.path)
+  } else if (isImageFile(entry.name) || isMarkdownFile(entry.name)) {
+    filesStore.openPreview(entry)
+  }
+}
+
+function handleContextMenu(e: MouseEvent, entry: FileEntry) {
+  e.preventDefault()
+  emit('contextmenu-entry', e, entry)
+}
+
+async function handleDownload(entry: FileEntry) {
+  try {
+    await downloadFile(entry.path, entry.name)
+  } catch (err: any) {
+    message.error(err.message || t('files.backendError'))
+  }
+}
+</script>
+
+<template>
+  <div class="file-list">
+    <NSpin :show="filesStore.loading">
+      <NEmpty v-if="!filesStore.loading && filesStore.sortedEntries.length === 0" :description="t('files.emptyDir')" />
+      <div v-else class="file-list-items">
+        <div class="file-list-header">
+          <div class="file-name sort-header" @click="filesStore.setSort('name')">
+            {{ t('files.name') }}
+            <span v-if="filesStore.sortBy === 'name'" class="sort-indicator">{{ filesStore.sortOrder === 'asc' ? '↑' : '↓' }}</span>
+          </div>
+          <div class="file-size sort-header" @click="filesStore.setSort('size')">
+            {{ t('files.size') }}
+            <span v-if="filesStore.sortBy === 'size'" class="sort-indicator">{{ filesStore.sortOrder === 'asc' ? '↑' : '↓' }}</span>
+          </div>
+          <div class="file-date sort-header" @click="filesStore.setSort('modTime')">
+            {{ t('files.modified') }}
+            <span v-if="filesStore.sortBy === 'modTime'" class="sort-indicator">{{ filesStore.sortOrder === 'asc' ? '↑' : '↓' }}</span>
+          </div>
+          <div class="file-actions-placeholder" />
+        </div>
+        <div
+          v-for="entry in filesStore.sortedEntries"
+          :key="entry.path"
+          class="file-list-row"
+          @dblclick="handleDoubleClick(entry)"
+          @contextmenu="handleContextMenu($event, entry)"
+        >
+          <div class="file-name">
+            <span class="file-icon">{{ getFileIcon(entry) }}</span>
+            <span>{{ entry.name }}</span>
+          </div>
+          <div class="file-size">{{ entry.isDir ? '—' : formatSize(entry.size) }}</div>
+          <div class="file-date">{{ formatDate(entry.modTime) }}</div>
+          <div class="file-actions">
+            <NButton v-if="isTextFile(entry.name) && !entry.isDir" size="tiny" quaternary @click.stop="filesStore.openEditor(entry.path)" :title="t('files.edit')">✏️</NButton>
+            <NButton v-if="!entry.isDir" size="tiny" quaternary @click.stop="handleDownload(entry)" :title="t('files.download')">⬇️</NButton>
+          </div>
+        </div>
+      </div>
+    </NSpin>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.file-list {
+  padding: 8px 16px;
+}
+
+.file-list-header {
+  display: flex;
+  align-items: center;
+  padding: 6px 12px;
+  gap: 16px;
+  font-size: 12px;
+  font-weight: 500;
+  color: $text-muted;
+  border-bottom: 1px solid $border-light;
+  margin-bottom: 4px;
+  user-select: none;
+}
+
+.sort-header {
+  cursor: pointer;
+
+  &:hover {
+    color: $text-primary;
+  }
+}
+
+.sort-indicator {
+  margin-left: 2px;
+  font-size: 11px;
+}
+
+.file-actions-placeholder {
+  width: 60px;
+  flex-shrink: 0;
+}
+
+.file-list-row {
+  display: flex;
+  align-items: center;
+  padding: 8px 12px;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  gap: 16px;
+  font-size: 13px;
+
+  &:hover {
+    background-color: rgba(var(--accent-primary-rgb), 0.06);
+
+    .file-actions {
+      opacity: 1;
+    }
+  }
+}
+
+.file-name {
+  flex: 1;
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  min-width: 0;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.file-icon {
+  flex-shrink: 0;
+}
+
+.file-size {
+  width: 80px;
+  text-align: right;
+  color: $text-secondary;
+  flex-shrink: 0;
+}
+
+.file-date {
+  width: 160px;
+  color: $text-secondary;
+  flex-shrink: 0;
+}
+
+.file-actions {
+  opacity: 0;
+  transition: opacity $transition-fast;
+  display: flex;
+  gap: 4px;
+  flex-shrink: 0;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .file-size, .file-date {
+    display: none;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/files/FilePreview.vue b/packages/client/src/components/hermes/files/FilePreview.vue
new file mode 100644
index 0000000..bce83df
--- /dev/null
+++ b/packages/client/src/components/hermes/files/FilePreview.vue
@@ -0,0 +1,90 @@
+<script setup lang="ts">
+import { h } from 'vue'
+import { NButton, NIcon } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useFilesStore } from '@/stores/hermes/files'
+import { getFileDownloadUrl } from '@/api/hermes/files'
+import MarkdownRenderer from '@/components/hermes/chat/MarkdownRenderer.vue'
+
+const { t } = useI18n()
+const filesStore = useFilesStore()
+
+function getImageUrl(): string {
+  if (!filesStore.previewFile) return ''
+  return getFileDownloadUrl(filesStore.previewFile.path)
+}
+
+const CloseIcon = () =>
+  h(
+    'svg',
+    { viewBox: '0 0 24 24', width: '14', height: '14', fill: 'currentColor' },
+    [h('path', { d: 'M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z' })],
+  )
+</script>
+
+<template>
+  <div class="file-preview" v-if="filesStore.previewFile">
+    <div class="preview-header">
+      <span class="preview-filename">{{ filesStore.previewFile.path }}</span>
+      <NButton size="small" quaternary @click="filesStore.closePreview()">
+        <template #icon>
+          <NIcon><CloseIcon /></NIcon>
+        </template>
+        {{ t('files.closePreview') }}
+      </NButton>
+    </div>
+    <div class="preview-content">
+      <img
+        v-if="filesStore.previewFile.type === 'image'"
+        :src="getImageUrl()"
+        class="preview-image"
+        :alt="filesStore.previewFile.path"
+      />
+      <div v-else-if="filesStore.previewFile.type === 'markdown'" class="preview-markdown">
+        <MarkdownRenderer :content="filesStore.previewFile.content || ''" />
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.file-preview {
+  display: flex;
+  flex-direction: column;
+  height: 100%;
+}
+
+.preview-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 8px 16px;
+  border-bottom: 1px solid $border-color;
+}
+
+.preview-filename {
+  font-size: 13px;
+  color: $text-secondary;
+}
+
+.preview-content {
+  flex: 1;
+  overflow: auto;
+  padding: 16px;
+  display: flex;
+  justify-content: center;
+}
+
+.preview-image {
+  max-width: 100%;
+  max-height: 100%;
+  object-fit: contain;
+}
+
+.preview-markdown {
+  max-width: 800px;
+  width: 100%;
+}
+</style>
diff --git a/packages/client/src/components/hermes/files/FileRenameModal.vue b/packages/client/src/components/hermes/files/FileRenameModal.vue
new file mode 100644
index 0000000..ece9748
--- /dev/null
+++ b/packages/client/src/components/hermes/files/FileRenameModal.vue
@@ -0,0 +1,98 @@
+<script setup lang="ts">
+import { ref, watch, computed } from 'vue'
+import { NModal, NInput, NButton, NSpace, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useFilesStore } from '@/stores/hermes/files'
+import type { FileEntry } from '@/api/hermes/files'
+
+const { t } = useI18n()
+const message = useMessage()
+const filesStore = useFilesStore()
+
+const props = defineProps<{
+  show: boolean
+  mode: 'newFile' | 'newFolder' | 'rename'
+  entry?: FileEntry | null
+}>()
+
+const emit = defineEmits<{
+  (e: 'update:show', value: boolean): void
+}>()
+
+const inputValue = ref('')
+const submitting = ref(false)
+
+watch(() => props.show, (val) => {
+  if (val) {
+    if (props.mode === 'rename' && props.entry) {
+      inputValue.value = props.entry.name
+    } else {
+      inputValue.value = ''
+    }
+  }
+})
+
+const title = computed(() => {
+  switch (props.mode) {
+    case 'newFile': return t('files.newFile')
+    case 'newFolder': return t('files.newFolder')
+    case 'rename': return t('files.rename')
+  }
+})
+
+const placeholder = computed(() => {
+  switch (props.mode) {
+    case 'newFile': return t('files.newFileName')
+    case 'newFolder': return t('files.newFolderName')
+    case 'rename': return t('files.renameTo')
+  }
+})
+
+async function handleSubmit() {
+  if (!inputValue.value.trim()) return
+  submitting.value = true
+  try {
+    switch (props.mode) {
+      case 'newFile':
+        await filesStore.createFile(inputValue.value.trim())
+        message.success(t('files.created'))
+        break
+      case 'newFolder':
+        await filesStore.createDir(inputValue.value.trim())
+        message.success(t('files.created'))
+        break
+      case 'rename':
+        if (props.entry) {
+          await filesStore.renameEntry(props.entry, inputValue.value.trim())
+          message.success(t('files.renamed'))
+        }
+        break
+    }
+    emit('update:show', false)
+  } catch (err: any) {
+    const msg = props.mode === 'rename' ? t('files.renameFailed') : t('files.createFailed')
+    message.error(err.message || msg)
+  } finally {
+    submitting.value = false
+  }
+}
+</script>
+
+<template>
+  <NModal :show="props.show" preset="dialog" :title="title" @update:show="emit('update:show', false)" style="width: 400px;">
+    <NInput
+      v-model:value="inputValue"
+      :placeholder="placeholder"
+      @keydown.enter="handleSubmit"
+      autofocus
+    />
+    <template #action>
+      <NSpace>
+        <NButton @click="emit('update:show', false)">{{ t('common.cancel') }}</NButton>
+        <NButton type="primary" :loading="submitting" :disabled="!inputValue.trim()" @click="handleSubmit">
+          {{ t('common.ok') }}
+        </NButton>
+      </NSpace>
+    </template>
+  </NModal>
+</template>
diff --git a/packages/client/src/components/hermes/files/FileToolbar.vue b/packages/client/src/components/hermes/files/FileToolbar.vue
new file mode 100644
index 0000000..9c91958
--- /dev/null
+++ b/packages/client/src/components/hermes/files/FileToolbar.vue
@@ -0,0 +1,71 @@
+<script setup lang="ts">
+import { NButton, NSpace, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useFilesStore } from '@/stores/hermes/files'
+
+const { t } = useI18n()
+const message = useMessage()
+const filesStore = useFilesStore()
+
+const emit = defineEmits<{
+  (e: 'showNewFile'): void
+  (e: 'showNewFolder'): void
+  (e: 'showUpload'): void
+}>()
+
+async function handleRefresh() {
+  try {
+    await filesStore.fetchEntries()
+  } catch {
+    message.error(t('files.backendError'))
+  }
+}
+</script>
+
+<template>
+  <div class="file-toolbar">
+    <NSpace :size="8" :wrap="true" class="toolbar-space">
+      <NButton size="small" @click="emit('showNewFile')" class="toolbar-btn">
+        {{ t('files.newFile') }}
+      </NButton>
+      <NButton size="small" @click="emit('showNewFolder')" class="toolbar-btn">
+        {{ t('files.newFolder') }}
+      </NButton>
+      <NButton size="small" @click="emit('showUpload')" class="toolbar-btn">
+        {{ t('files.upload') }}
+      </NButton>
+      <NButton size="small" @click="handleRefresh" class="toolbar-btn">
+        {{ t('files.refresh') }}
+      </NButton>
+    </NSpace>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.file-toolbar {
+  padding: 12px 16px;
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 8px 4px;
+  }
+}
+
+.toolbar-space {
+  @media (max-width: $breakpoint-mobile) {
+    :deep(.n-space) {
+      gap: 4px !important;
+    }
+  }
+}
+
+.toolbar-btn {
+  @media (max-width: $breakpoint-mobile) {
+    font-size: 12px;
+    padding: 0 8px;
+    height: 32px;
+    white-space: nowrap;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/files/FileTree.vue b/packages/client/src/components/hermes/files/FileTree.vue
new file mode 100644
index 0000000..5602f75
--- /dev/null
+++ b/packages/client/src/components/hermes/files/FileTree.vue
@@ -0,0 +1,94 @@
+<script setup lang="ts">
+import { ref, onMounted } from 'vue'
+import { NTree } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useFilesStore } from '@/stores/hermes/files'
+import * as filesApi from '@/api/hermes/files'
+import type { TreeOption } from 'naive-ui'
+
+const { t } = useI18n()
+const filesStore = useFilesStore()
+
+const treeData = ref<TreeOption[]>([])
+const selectedKeys = ref<string[]>([])
+
+async function loadChildren(path: string): Promise<TreeOption[]> {
+  try {
+    const result = await filesApi.listFiles(path)
+    return result.entries
+      .filter(e => e.isDir)
+      .sort((a, b) => a.name.localeCompare(b.name))
+      .map(e => ({
+        key: e.path,
+        label: e.name,
+        isLeaf: false,
+      }))
+  } catch {
+    return []
+  }
+}
+
+async function handleLoad(node: TreeOption): Promise<void> {
+  node.children = await loadChildren(node.key as string)
+}
+
+function handleSelect(keys: string[]) {
+  if (keys.length > 0) {
+    selectedKeys.value = keys
+    filesStore.navigateTo(keys[0])
+  }
+}
+
+function handleRootClick() {
+  selectedKeys.value = []
+  filesStore.navigateTo('')
+}
+
+onMounted(async () => {
+  treeData.value = await loadChildren('')
+})
+</script>
+
+<template>
+  <div class="file-tree">
+    <div class="tree-header" @click="handleRootClick">
+      <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+        <path d="M3 9l9-7 9 7v11a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z" />
+        <polyline points="9 22 9 12 15 12 15 22" />
+      </svg>
+      <span>{{ t('files.breadcrumbRoot') }}</span>
+    </div>
+    <NTree
+      :data="treeData"
+      :selected-keys="selectedKeys"
+      :on-load="handleLoad"
+      expand-on-click
+      block-line
+      @update:selected-keys="handleSelect"
+    />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.file-tree {
+  padding: 8px;
+}
+
+.tree-header {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 8px 12px;
+  cursor: pointer;
+  border-radius: $radius-sm;
+  font-size: 13px;
+  font-weight: 500;
+  color: $text-primary;
+
+  &:hover {
+    background-color: rgba(var(--accent-primary-rgb), 0.06);
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/files/FileUploadModal.vue b/packages/client/src/components/hermes/files/FileUploadModal.vue
new file mode 100644
index 0000000..c145d40
--- /dev/null
+++ b/packages/client/src/components/hermes/files/FileUploadModal.vue
@@ -0,0 +1,84 @@
+<script setup lang="ts">
+import { ref } from 'vue'
+import { NModal, NButton, NUpload, NSpace, useMessage } from 'naive-ui'
+import type { UploadFileInfo } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useFilesStore } from '@/stores/hermes/files'
+
+const { t } = useI18n()
+const message = useMessage()
+const filesStore = useFilesStore()
+
+const props = defineProps<{ show: boolean }>()
+const emit = defineEmits<{ (e: 'update:show', value: boolean): void }>()
+
+const uploading = ref(false)
+const fileList = ref<File[]>([])
+
+function handleFileChange(data: { file: UploadFileInfo; fileList: UploadFileInfo[] }) {
+  fileList.value = data.fileList
+    .map((f: UploadFileInfo) => f.file)
+    .filter((f): f is File => f != null)
+}
+
+async function handleUpload() {
+  if (fileList.value.length === 0) return
+  uploading.value = true
+  try {
+    await filesStore.uploadFiles(fileList.value)
+    message.success(t('files.uploadSuccess', { count: fileList.value.length }))
+    fileList.value = []
+    emit('update:show', false)
+  } catch (err: any) {
+    message.error(err.message || t('files.uploadFailed'))
+  } finally {
+    uploading.value = false
+  }
+}
+
+function handleClose() {
+  fileList.value = []
+  emit('update:show', false)
+}
+</script>
+
+<template>
+  <NModal :show="props.show" preset="dialog" :title="t('files.upload')" @update:show="handleClose" style="width: 500px;">
+    <NUpload
+      multiple
+      directory-dnd
+      :default-upload="false"
+      @change="handleFileChange"
+    >
+      <div class="upload-dragger">
+        <p>{{ t('files.dragDropHint') }}</p>
+      </div>
+    </NUpload>
+    <template #action>
+      <NSpace>
+        <NButton @click="handleClose">{{ t('common.cancel') }}</NButton>
+        <NButton type="primary" :loading="uploading" :disabled="fileList.length === 0" @click="handleUpload">
+          {{ t('files.upload') }} ({{ fileList.length }})
+        </NButton>
+      </NSpace>
+    </template>
+  </NModal>
+</template>
+
+<style scoped>
+.upload-dragger {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  padding: 40px 20px;
+  text-align: center;
+  cursor: pointer;
+}
+
+.upload-dragger p {
+  margin-top: 12px;
+  opacity: 0.6;
+  font-size: 14px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/group-chat/CreateRoomForm.vue b/packages/client/src/components/hermes/group-chat/CreateRoomForm.vue
new file mode 100644
index 0000000..81625f6
--- /dev/null
+++ b/packages/client/src/components/hermes/group-chat/CreateRoomForm.vue
@@ -0,0 +1,160 @@
+<script setup lang="ts">
+import { ref, nextTick } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { NInput, NButton, NSpace, NInputNumber, NCollapse, NCollapseItem } from 'naive-ui'
+
+type InputLikeInstance = {
+    focus: () => void
+}
+
+const { t } = useI18n()
+const emit = defineEmits<{
+    submit: [name: string, inviteCode: string, userName: string, description: string, compression: { triggerTokens: number; maxHistoryTokens: number; tailMessageCount: number }]
+    cancel: []
+}>()
+
+const roomName = ref('')
+const inviteCode = ref('')
+const userName = ref(localStorage.getItem('gc_user_name') || '')
+const description = ref(localStorage.getItem('gc_user_description') || '')
+const roomInput = ref<InputLikeInstance | null>(null)
+
+const compression = ref({
+    triggerTokens: 100000,
+    maxHistoryTokens: 32000,
+    tailMessageCount: 10,
+})
+
+function generateCode(): string {
+    const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789'
+    let code = ''
+    for (let i = 0; i < 6; i++) {
+        code += chars[Math.floor(Math.random() * chars.length)]
+    }
+    return code
+}
+
+function handleCreate() {
+    const name = roomName.value.trim()
+    const code = inviteCode.value.trim() || generateCode()
+    const user = userName.value.trim()
+    if (!name || !user) return
+    emit('submit', name, code, user, description.value.trim(), { ...compression.value })
+}
+
+function focusRoomInput() {
+    nextTick(() => roomInput.value?.focus())
+}
+</script>
+
+<template>
+    <div class="create-form">
+        <div class="form-group">
+            <label class="form-label">{{ t('groupChat.yourName') }}</label>
+            <NInput
+                v-model:value="userName"
+                :placeholder="t('groupChat.yourNamePlaceholder')"
+                @keyup.enter="focusRoomInput"
+            />
+        </div>
+        <div class="form-group">
+            <label class="form-label">{{ t('groupChat.yourDescription') }}</label>
+            <NInput
+                v-model:value="description"
+                type="textarea"
+                :rows="2"
+                :placeholder="t('groupChat.yourDescriptionPlaceholder')"
+            />
+        </div>
+        <div class="form-group">
+            <label class="form-label">{{ t('groupChat.roomName') }}</label>
+            <NInput
+                ref="roomInput"
+                v-model:value="roomName"
+                :placeholder="t('groupChat.roomNamePlaceholder')"
+                @keyup.enter="handleCreate"
+            />
+        </div>
+        <div class="form-group">
+            <label class="form-label">{{ t('groupChat.inviteCode') }}</label>
+            <div class="code-row">
+                <NInput
+                    v-model:value="inviteCode"
+                    :placeholder="t('groupChat.autoGenerate')"
+                />
+                <NButton size="small" @click="inviteCode = generateCode()">
+                    <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+                        <polyline points="23 4 23 10 17 10" /><path d="M20.49 15a9 9 0 1 1-2.12-9.36L23 10" />
+                    </svg>
+                </NButton>
+            </div>
+        </div>
+
+        <NCollapse class="compression-collapse">
+            <NCollapseItem :title="t('groupChat.compressionSettings')" name="compression">
+                <div class="compression-fields">
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.triggerTokens') }}</label>
+                        <NInputNumber v-model:value="compression.triggerTokens" :min="1000" :step="1000" style="width: 100%" />
+                        <p class="form-hint">{{ t('groupChat.triggerTokensDesc') }}</p>
+                    </div>
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.maxHistoryTokens') }}</label>
+                        <NInputNumber v-model:value="compression.maxHistoryTokens" :min="1000" :step="1000" style="width: 100%" />
+                        <p class="form-hint">{{ t('groupChat.maxHistoryTokensDesc') }}</p>
+                    </div>
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.tailMessageCount') }}</label>
+                        <NInputNumber v-model:value="compression.tailMessageCount" :min="1" :step="5" style="width: 100%" />
+                        <p class="form-hint">{{ t('groupChat.tailMessageCountDesc') }}</p>
+                    </div>
+                </div>
+            </NCollapseItem>
+        </NCollapse>
+
+        <div class="modal-actions">
+            <NSpace justify="end">
+                <NButton @click="emit('cancel')">{{ t('common.cancel') }}</NButton>
+                <NButton type="primary" :disabled="!roomName.trim() || !userName.trim()" @click="handleCreate">{{ t('common.create') }}</NButton>
+            </NSpace>
+        </div>
+    </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.create-form {
+    .form-group {
+        margin-bottom: 16px;
+    }
+}
+
+.form-label {
+    display: block;
+    font-size: 13px;
+    font-weight: 500;
+    color: $text-secondary;
+    margin-bottom: 6px;
+}
+
+.form-hint {
+    font-size: 11px;
+    color: $text-muted;
+    margin: 4px 0 0;
+}
+
+.code-row {
+    display: flex;
+    gap: 8px;
+    align-items: center;
+}
+
+.compression-collapse {
+    margin-bottom: 16px;
+}
+
+.compression-fields {
+    padding-top: 8px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/group-chat/GroupChatInput.vue b/packages/client/src/components/hermes/group-chat/GroupChatInput.vue
new file mode 100644
index 0000000..5002e55
--- /dev/null
+++ b/packages/client/src/components/hermes/group-chat/GroupChatInput.vue
@@ -0,0 +1,774 @@
+<script setup lang="ts">
+import { ref, computed, nextTick, onMounted, onUnmounted, watch } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { NButton, NSwitch, NTooltip } from 'naive-ui'
+import { useGroupChatStore } from '@/stores/hermes/group-chat'
+import { useToolTraceVisibility } from '@/composables/useToolTraceVisibility'
+import { buildMentionOptions, type MentionOption } from './mention-options'
+import type { Attachment } from '@/stores/hermes/chat'
+
+const { t } = useI18n()
+const emit = defineEmits<{ send: [content: string, attachments?: Attachment[]] }>()
+const store = useGroupChatStore()
+const { toolTraceVisible, toggleToolTraceVisible } = useToolTraceVisibility()
+
+const inputText = ref('')
+const textareaRef = ref<HTMLTextAreaElement>()
+const dropdownRef = ref<HTMLDivElement>()
+const fileInputRef = ref<HTMLInputElement>()
+const attachments = ref<Attachment[]>([])
+const isDragging = ref(false)
+const dragCounter = ref(0)
+const isComposing = ref(false)
+const autoPlaySpeech = ref(false)
+
+onMounted(() => {
+    const saved = localStorage.getItem('autoPlaySpeech')
+    if (saved !== null) {
+        autoPlaySpeech.value = saved === 'true'
+        store.setAutoPlaySpeech(autoPlaySpeech.value)
+    }
+})
+
+watch(autoPlaySpeech, (value) => {
+    localStorage.setItem('autoPlaySpeech', String(value))
+    store.setAutoPlaySpeech(value)
+})
+
+// 自定义高度拖拽
+const textareaHeight = ref<number | null>(null)
+
+function startResize(e: MouseEvent) {
+  e.preventDefault()
+  const el = textareaRef.value
+  if (!el) return
+  const startHeight = el.clientHeight
+  const startY = e.clientY
+
+  function onMouseMove(e: MouseEvent) {
+    const deltaY = e.clientY - startY
+    const newHeight = startHeight - deltaY
+    textareaHeight.value = Math.max(20, Math.min(400, Math.round(newHeight)))
+  }
+
+  function onMouseUp() {
+    document.removeEventListener('mousemove', onMouseMove)
+    document.removeEventListener('mouseup', onMouseUp)
+    document.body.style.cursor = ''
+    document.body.style.userSelect = ''
+  }
+
+  document.body.style.cursor = 'row-resize'
+  document.body.style.userSelect = 'none'
+  document.addEventListener('mousemove', onMouseMove)
+  document.addEventListener('mouseup', onMouseUp)
+}
+
+// ─── Mention State ───────────────────────────────────────
+
+const mentionActive = ref(false)
+const mentionQuery = ref('')
+const mentionStartIndex = ref(-1)
+const dropdownX = ref(0)
+const dropdownY = ref(0)
+const dropdownBottom = ref(0)
+const placement = ref<'bottom' | 'top'>('bottom')
+const activeIndex = ref(0)
+
+const filteredMentionOptions = computed(() => buildMentionOptions(store.agents, mentionQuery.value))
+
+const canSend = computed(() => !!inputText.value.trim() || attachments.value.length > 0)
+
+// ─── Scroll active item into view ──────────────────────
+
+function scrollToActive() {
+    nextTick(() => {
+        if (!dropdownRef.value) return
+        const active = dropdownRef.value.querySelector('.active') as HTMLElement | null
+        if (active) active.scrollIntoView({ block: 'nearest', behavior: 'instant' })
+    })
+}
+
+// ─── Mention Logic ───────────────────────────────────────
+
+function updateMentionState() {
+    const el = textareaRef.value
+    if (!el) { mentionActive.value = false; return }
+
+    const text = inputText.value
+    const cursorPos = el.selectionStart
+
+    // Find the last @ before the cursor
+    let atPos = -1
+    for (let i = cursorPos - 1; i >= 0; i--) {
+        if (text[i] === '@') { atPos = i; break }
+        if (text[i] === ' ' || text[i] === '\n') break
+    }
+
+    if (atPos === -1) {
+        mentionActive.value = false
+        return
+    }
+
+    // Make sure the @ is not part of a word (preceded by space or start of line)
+    if (atPos > 0 && text[atPos - 1] !== ' ' && text[atPos - 1] !== '\n') {
+        mentionActive.value = false
+        return
+    }
+
+    const query = text.slice(atPos + 1, cursorPos)
+    if (query.includes(' ')) {
+        mentionActive.value = false
+        return
+    }
+
+    mentionQuery.value = query
+    mentionStartIndex.value = atPos
+    activeIndex.value = 0
+
+    // Calculate dropdown position using mirror span
+    const mirror = document.createElement('span')
+    const style = getComputedStyle(el)
+    const props = ['fontFamily', 'fontSize', 'fontWeight', 'letterSpacing', 'textTransform', 'wordSpacing', 'textIndent', 'border', 'padding', 'boxSizing', 'lineHeight']
+    props.forEach(p => { (mirror.style as any)[p] = style[p as any] })
+    mirror.style.position = 'absolute'
+    mirror.style.visibility = 'hidden'
+    mirror.style.whiteSpace = 'nowrap'
+    mirror.textContent = text.slice(0, atPos + 1)
+
+    const rect = el.getBoundingClientRect()
+    document.body.appendChild(mirror)
+    const mirrorRect = mirror.getBoundingClientRect()
+    document.body.removeChild(mirror)
+
+    dropdownX.value = rect.left + mirrorRect.width - el.scrollLeft
+
+    // Decide placement: if dropdown would go below viewport, flip upward
+    const estimatedHeight = Math.min(filteredMentionOptions.value.length * 36 + 8, 240)
+    const spaceBelow = window.innerHeight - rect.top + el.scrollTop - 8
+    if (spaceBelow < estimatedHeight && rect.top - el.scrollTop - 8 > estimatedHeight) {
+        placement.value = 'top'
+        dropdownY.value = rect.top - el.scrollTop - 8
+    } else {
+        placement.value = 'bottom'
+        dropdownY.value = rect.top - el.scrollTop - 8
+    }
+
+    dropdownBottom.value = window.innerHeight - dropdownY.value
+
+    mentionActive.value = filteredMentionOptions.value.length > 0
+}
+
+function selectMention(name: string) {
+    const el = textareaRef.value
+    if (!el || mentionStartIndex.value === -1) return
+
+    const before = inputText.value.slice(0, mentionStartIndex.value)
+    const after = inputText.value.slice(el.selectionStart)
+    inputText.value = `${before}@${name} ${after}`
+    mentionActive.value = false
+
+    nextTick(() => {
+        if (el) {
+            const newPos = before.length + name.length + 2
+            el.setSelectionRange(newPos, newPos)
+            el.focus()
+            if (textareaHeight.value === null) {
+                el.style.height = 'auto'
+                el.style.height = Math.min(el.scrollHeight, 100) + 'px'
+            }
+        }
+    })
+}
+
+// ─── Event Handlers ──────────────────────────────────────
+
+function handleKeydown(e: KeyboardEvent) {
+    // Mention navigation — fully custom, no NDropdown interference
+    if (mentionActive.value && filteredMentionOptions.value.length > 0) {
+        if (e.key === 'ArrowDown') {
+            e.preventDefault()
+            activeIndex.value = (activeIndex.value + 1) % filteredMentionOptions.value.length
+            scrollToActive()
+            return
+        }
+        if (e.key === 'ArrowUp') {
+            e.preventDefault()
+            activeIndex.value = (activeIndex.value - 1 + filteredMentionOptions.value.length) % filteredMentionOptions.value.length
+            scrollToActive()
+            return
+        }
+        if (e.key === 'Enter' || e.key === 'Tab') {
+            e.preventDefault()
+            selectMention(filteredMentionOptions.value[activeIndex.value].name)
+            return
+        }
+        if (e.key === 'Escape') {
+            e.preventDefault()
+            mentionActive.value = false
+            return
+        }
+    }
+
+    if (e.key !== 'Enter' || e.shiftKey) return
+    if (isComposing.value || e.isComposing || e.keyCode === 229) return
+    e.preventDefault()
+    handleSend()
+}
+
+function handleSend() {
+    const content = inputText.value.trim()
+    if (!content && attachments.value.length === 0) return
+
+    emit('send', content, attachments.value.length > 0 ? attachments.value : undefined)
+    inputText.value = ''
+    attachments.value = []
+    mentionActive.value = false
+    // 发送后重置到自定义高度（不清除拖拽状态）
+}
+
+function handleInput(e: Event) {
+    // 用户手动拖拽自定义高度时，不覆盖
+    if (textareaHeight.value !== null) return
+    store.emitTyping()
+    const el = e.target as HTMLTextAreaElement
+    el.style.height = 'auto'
+    el.style.height = Math.min(el.scrollHeight, 100) + 'px'
+
+    if (!isComposing.value) {
+        updateMentionState()
+    }
+}
+
+function handleMentionClick(option: MentionOption) {
+    selectMention(option.name)
+}
+
+function handleMentionHover(index: number) {
+    activeIndex.value = index
+}
+
+// ─── Click outside to close dropdown ─────────────────
+
+function onDocumentMousedown(e: MouseEvent) {
+    if (!mentionActive.value) return
+    const target = e.target as HTMLElement
+    if (!target.closest('.mention-dropdown')) {
+        mentionActive.value = false
+    }
+}
+
+onMounted(() => {
+    document.addEventListener('mousedown', onDocumentMousedown)
+})
+
+onUnmounted(() => {
+    document.removeEventListener('mousedown', onDocumentMousedown)
+})
+
+function handleCompositionStart() {
+    isComposing.value = true
+}
+
+function handleCompositionEnd() {
+    requestAnimationFrame(() => {
+        isComposing.value = false
+        updateMentionState()
+    })
+}
+
+function addFile(file: File) {
+    if (attachments.value.find(a => a.name === file.name)) return
+    const id = Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+    attachments.value.push({
+        id,
+        name: file.name,
+        type: file.type,
+        size: file.size,
+        url: URL.createObjectURL(file),
+        file,
+    })
+}
+
+function handleAttachClick() {
+    fileInputRef.value?.click()
+}
+
+function handleFileChange(e: Event) {
+    const input = e.target as HTMLInputElement
+    if (!input.files) return
+    for (const file of input.files) addFile(file)
+    input.value = ''
+}
+
+function handlePaste(e: ClipboardEvent) {
+    const items = Array.from(e.clipboardData?.items || [])
+    const imageItems = items.filter(i => i.type.startsWith('image/'))
+    if (!imageItems.length) return
+    e.preventDefault()
+    for (const item of imageItems) {
+        const blob = item.getAsFile()
+        if (!blob) continue
+        const ext = item.type.split('/')[1] || 'png'
+        addFile(new File([blob], `pasted-${Date.now()}.${ext}`, { type: item.type }))
+    }
+}
+
+function handleDragOver(e: DragEvent) {
+    e.preventDefault()
+}
+
+function handleDragEnter(e: DragEvent) {
+    e.preventDefault()
+    if (e.dataTransfer?.types.includes('Files')) {
+        dragCounter.value++
+        isDragging.value = true
+    }
+}
+
+function handleDragLeave() {
+    dragCounter.value--
+    if (dragCounter.value <= 0) {
+        dragCounter.value = 0
+        isDragging.value = false
+    }
+}
+
+function handleDrop(e: DragEvent) {
+    e.preventDefault()
+    dragCounter.value = 0
+    isDragging.value = false
+    for (const file of Array.from(e.dataTransfer?.files || [])) addFile(file)
+    textareaRef.value?.focus()
+}
+
+function removeAttachment(id: string) {
+    const idx = attachments.value.findIndex(a => a.id === id)
+    if (idx !== -1) {
+        URL.revokeObjectURL(attachments.value[idx].url)
+        attachments.value.splice(idx, 1)
+    }
+}
+
+function formatSize(bytes: number): string {
+    if (bytes < 1024) return bytes + ' B'
+    if (bytes < 1024 * 1024) return (bytes / 1024).toFixed(1) + ' KB'
+    return (bytes / (1024 * 1024)).toFixed(1) + ' MB'
+}
+
+function isImage(type: string): boolean {
+    return type.startsWith('image/')
+}
+</script>
+
+<template>
+    <div class="chat-input-area">
+        <div class="input-top-bar">
+            <NTooltip trigger="hover">
+                <template #trigger>
+                    <NButton quaternary size="tiny" circle @click="handleAttachClick">
+                        <template #icon>
+                            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M21.44 11.05l-9.19 9.19a6 6 0 0 1-8.49-8.49l9.19-9.19a4 4 0 0 1 5.66 5.66l-9.2 9.19a2 2 0 0 1-2.83-2.83l8.49-8.48"/></svg>
+                        </template>
+                    </NButton>
+                </template>
+                {{ t('chat.attachFiles') }}
+            </NTooltip>
+            <div class="auto-play-speech-switch">
+                <NTooltip trigger="hover">
+                    <template #trigger>
+                        <div class="switch-label">
+                            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polygon points="5 3 19 12 5 21 5 3"/></svg>
+                        </div>
+                    </template>
+                    {{ t('chat.autoPlaySpeech') }}
+                </NTooltip>
+                <NSwitch v-model:value="autoPlaySpeech" size="small" :round="false" />
+            </div>
+            <NTooltip trigger="hover">
+                <template #trigger>
+                    <NButton quaternary size="tiny" class="tool-trace-toggle" :class="{ active: toolTraceVisible }" @click="toggleToolTraceVisible">
+                        <svg class="tool-trace-icon" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.8" stroke-linecap="round" stroke-linejoin="round">
+                            <path d="M14.7 6.3a4.5 4.5 0 0 0-5.8 5.8L3.5 17.5a2.1 2.1 0 0 0 3 3l5.4-5.4a4.5 4.5 0 0 0 5.8-5.8l-3 3-3-3 3-3z"/>
+                        </svg>
+                    </NButton>
+                </template>
+                {{ toolTraceVisible ? t('chat.hideToolCalls') : t('chat.showToolCalls') }}
+            </NTooltip>
+        </div>
+        <div v-if="attachments.length > 0" class="attachment-previews">
+            <div v-for="att in attachments" :key="att.id" class="attachment-preview" :class="{ image: isImage(att.type) }">
+                <img v-if="isImage(att.type)" :src="att.url" :alt="att.name" class="attachment-thumb" />
+                <div v-else class="attachment-file">
+                    <span class="file-name">{{ att.name }}</span>
+                    <span class="file-size">{{ formatSize(att.size) }}</span>
+                </div>
+                <button class="attachment-remove" @click="removeAttachment(att.id)">
+                    <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>
+                </button>
+            </div>
+        </div>
+        <div
+            class="input-wrapper"
+            :class="{ 'drag-over': isDragging }"
+            @dragover="handleDragOver"
+            @dragenter="handleDragEnter"
+            @dragleave="handleDragLeave"
+            @drop="handleDrop"
+        >
+            <input ref="fileInputRef" type="file" multiple class="file-input-hidden" @change="handleFileChange" />
+            <div class="resize-handle" @mousedown="startResize"></div>
+            <textarea
+                ref="textareaRef"
+                v-model="inputText"
+                class="input-textarea"
+                :style="textareaHeight ? { height: textareaHeight + 'px' } : {}"
+                :placeholder="t('groupChat.inputPlaceholder')"
+                rows="1"
+                @keydown="handleKeydown"
+                @compositionstart="handleCompositionStart"
+                @compositionend="handleCompositionEnd"
+                @input="handleInput"
+                @paste="handlePaste"
+            />
+            <div class="input-actions">
+                <NButton
+                    size="small"
+                    type="primary"
+                    :disabled="!canSend"
+                    @click="handleSend"
+                >
+                    <template #icon>
+                        <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="22" y1="2" x2="11" y2="13"/><polygon points="22 2 15 22 11 13 2 9 22 2"/></svg>
+                    </template>
+                    {{ t('chat.send') }}
+                </NButton>
+            </div>
+        </div>
+        <Transition name="dropdown-fade">
+            <div
+                v-if="mentionActive && filteredMentionOptions.length > 0"
+                ref="dropdownRef"
+                class="mention-dropdown"
+                :class="{ 'placement-top': placement === 'top' }"
+                :style="{
+                    left: dropdownX + 'px',
+                    top: placement === 'bottom' ? dropdownY + 'px' : 'auto',
+                    bottom: placement === 'top' ? dropdownBottom + 'px' : 'auto',
+                }"
+            >
+                <div
+                    v-for="(option, i) in filteredMentionOptions"
+                    :key="option.key"
+                    class="mention-dropdown-item"
+                    :class="{ active: i === activeIndex, 'mention-all-option': option.type === 'all' }"
+                    @mousedown.prevent="handleMentionClick(option)"
+                    @mouseenter="handleMentionHover(i)"
+                >
+                    <span class="mention-name">{{ option.label }}</span>
+                    <span class="mention-profile">{{ option.description }}</span>
+                </div>
+            </div>
+        </Transition>
+    </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.chat-input-area {
+    padding: 12px 20px 16px;
+    border-top: 1px solid $border-color;
+    flex-shrink: 0;
+}
+
+.input-top-bar {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    padding: 0 0 6px;
+}
+
+.auto-play-speech-switch {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    padding-left: 8px;
+    border-left: 1px solid $border-light;
+    margin-left: 4px;
+
+    .switch-label {
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        width: 16px;
+        height: 16px;
+        color: #999999;
+    }
+}
+
+.tool-trace-toggle {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    color: #999999;
+    width: 24px;
+    min-width: 24px;
+    height: 22px;
+    margin-left: -4px;
+    padding: 0;
+    background: transparent !important;
+
+    :deep(.n-button__state-border),
+    :deep(.n-button__border),
+    :deep(.n-button__ripple) {
+        display: none;
+    }
+
+    .tool-trace-icon {
+        display: block;
+        width: 16px;
+        height: 16px;
+    }
+}
+
+.attachment-previews {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 8px;
+    padding: 0 0 10px;
+}
+
+.attachment-preview {
+    position: relative;
+    border-radius: $radius-sm;
+    overflow: hidden;
+    background-color: $bg-secondary;
+    border: 1px solid $border-color;
+
+    &.image {
+        width: 64px;
+        height: 64px;
+    }
+}
+
+.attachment-thumb {
+    width: 100%;
+    height: 100%;
+    object-fit: cover;
+}
+
+.attachment-file {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    gap: 2px;
+    padding: 8px 12px;
+    min-width: 80px;
+    max-width: 140px;
+    color: $text-secondary;
+
+    .file-name {
+        font-size: 11px;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+        max-width: 100%;
+    }
+
+    .file-size {
+        font-size: 10px;
+        color: $text-muted;
+    }
+}
+
+.attachment-remove {
+    position: absolute;
+    top: 2px;
+    right: 2px;
+    width: 18px;
+    height: 18px;
+    border-radius: 50%;
+    border: none;
+    background: rgba(0, 0, 0, 0.5);
+    color: var(--text-on-overlay);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    cursor: pointer;
+    opacity: 0;
+    transition: opacity $transition-fast;
+
+    .attachment-preview:hover & {
+        opacity: 1;
+    }
+}
+
+.file-input-hidden {
+    display: none;
+}
+
+.typing-dots {
+    display: inline-flex;
+    align-items: center;
+    gap: 2px;
+
+    span {
+        display: block;
+        width: 4px;
+        height: 4px;
+        border-radius: 50%;
+        background-color: $text-muted;
+        animation: typing-bounce 1.2s infinite;
+
+        &:nth-child(2) { animation-delay: 0.2s; }
+        &:nth-child(3) { animation-delay: 0.4s; }
+    }
+}
+
+@keyframes typing-bounce {
+    0%, 60%, 100% { transform: translateY(0); opacity: 0.4; }
+    30% { transform: translateY(-3px); opacity: 1; }
+}
+
+.input-wrapper {
+    display: flex;
+    align-items: center;
+    gap: 10px;
+    background-color: $bg-input;
+    border: 1px solid $border-color;
+    border-radius: $radius-md;
+    padding: 10px 12px;
+    position: relative;
+    transition: border-color $transition-fast, background-color $transition-fast;
+
+    &:focus-within {
+        border-color: $accent-primary;
+    }
+
+    &.drag-over {
+        border-color: $accent-primary;
+        background-color: rgba($accent-primary, 0.08);
+    }
+
+    .dark & {
+        background-color: #333333;
+    }
+}
+
+.resize-handle {
+    position: absolute;
+    top: -4px;
+    left: 0;
+    right: 0;
+    height: 8px;
+    cursor: row-resize;
+    z-index: 2;
+
+    &:hover {
+        background: rgba($accent-primary, 0.15);
+        border-radius: 4px;
+    }
+}
+
+.input-textarea {
+    flex: 1;
+    background: none;
+    border: none;
+    outline: none;
+    color: $text-primary;
+    font-family: $font-ui;
+    font-size: 14px;
+    line-height: 1.5;
+    resize: none;
+    max-height: 400px;
+    min-height: 20px;
+    overflow-y: auto;
+
+    @media (max-width: 768px) {
+        font-size: 16px;
+    }
+
+    &::placeholder {
+        color: $text-muted;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+    }
+}
+
+.input-actions {
+    display: flex;
+    gap: 6px;
+    flex-shrink: 0;
+    align-items: center;
+}
+
+/* ── Custom mention dropdown (replaces NDropdown) ── */
+
+.mention-dropdown {
+    position: fixed;
+    background: $bg-card;
+    border: 1px solid $border-color;
+    border-radius: 8px;
+    box-shadow: 0 4px 16px rgba(0, 0, 0, 0.3);
+    min-width: 200px;
+    max-height: 240px;
+    overflow-y: auto;
+    z-index: 9999;
+    padding: 4px;
+}
+
+.mention-dropdown-item {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    gap: 12px;
+    padding: 8px 12px;
+    border-radius: 6px;
+    cursor: pointer;
+    transition: background 0.1s;
+
+    &:hover,
+    &.active {
+        background: rgba(var(--text-primary-rgb), 0.08);
+    }
+
+    .mention-name {
+        color: $text-primary;
+        font-size: 14px;
+        font-weight: 500;
+    }
+
+    .mention-profile {
+        color: $text-muted;
+        font-size: 12px;
+    }
+
+    &.mention-all-option .mention-name {
+        color: $accent-primary;
+        font-weight: 600;
+    }
+}
+
+/* ── Dropdown fade/scale animation (matching NDropdown) ── */
+
+.dropdown-fade-enter-active {
+    transition: opacity 0.2s cubic-bezier(0, 0, .2, 1), transform 0.2s cubic-bezier(0, 0, .2, 1);
+    transform-origin: top;
+}
+.dropdown-fade-leave-active {
+    transition: opacity 0.2s cubic-bezier(.4, 0, 1, 1), transform 0.2s cubic-bezier(.4, 0, 1, 1);
+    transform-origin: top;
+}
+.dropdown-fade-enter-from,
+.dropdown-fade-leave-to {
+    opacity: 0;
+    transform: scale(0.9);
+}
+.placement-top.dropdown-fade-enter-active,
+.placement-top.dropdown-fade-leave-active {
+    transform-origin: bottom;
+}
+</style>
diff --git a/packages/client/src/components/hermes/group-chat/GroupChatPanel.vue b/packages/client/src/components/hermes/group-chat/GroupChatPanel.vue
new file mode 100644
index 0000000..74db0d5
--- /dev/null
+++ b/packages/client/src/components/hermes/group-chat/GroupChatPanel.vue
@@ -0,0 +1,1323 @@
+<script setup lang="ts">
+import { ref, computed, onMounted } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useRouter } from 'vue-router'
+import { useMessage, NInput, NButton, NSpace, NSelect, NPopover, NPopconfirm, NInputNumber, NDropdown, type DropdownOption } from 'naive-ui'
+import { useGroupChatStore } from '@/stores/hermes/group-chat'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { updateRoomConfig, forceCompress } from '@/api/hermes/group-chat'
+import GroupMessageList from './GroupMessageList.vue'
+import GroupChatInput from './GroupChatInput.vue'
+import ProfileAvatar from '@/components/hermes/profiles/ProfileAvatar.vue'
+import { copyToClipboard } from '@/utils/clipboard'
+import type { Attachment } from '@/stores/hermes/chat'
+import type { RoomAgent } from '@/api/hermes/group-chat'
+
+const { t } = useI18n()
+const router = useRouter()
+const message = useMessage()
+const store = useGroupChatStore()
+const profilesStore = useProfilesStore()
+
+const showSidebar = ref(window.innerWidth > 768)
+const showCreateModal = ref(false)
+const showCloneModal = ref(false)
+const showAddAgentModal = ref(false)
+const showCompressionModal = ref(false)
+const compressionConfig = ref({ triggerTokens: 100000, maxHistoryTokens: 32000, tailMessageCount: 10 })
+const isCompressing = ref(false)
+const selectedProfile = ref<string | null>(null)
+const agentName = ref('')
+const agentDescription = ref('')
+const cloneSourceRoomId = ref<string | null>(null)
+const cloneRoomName = ref('')
+const cloneInviteCode = ref('')
+const contextRoomId = ref<string | null>(null)
+const showRoomContextMenu = ref(false)
+const roomContextMenuX = ref(0)
+const roomContextMenuY = ref(0)
+
+const profileOptions = computed(() =>
+    profilesStore.profiles.map(p => ({ label: p.name, value: p.name }))
+)
+
+function profileAvatarFor(profileName?: string) {
+    if (!profileName) return null
+    return profilesStore.profiles.find(profile => profile.name === profileName)?.avatar || null
+}
+
+function agentAvatarName(agent: RoomAgent): string {
+    return agent.profile || agent.name || agent.agentId
+}
+
+const hasRoom = computed(() => !!store.currentRoomId)
+const visibleApproval = computed(() => store.activePendingApproval)
+
+function formatTokens(tokens: number): string {
+    if (tokens >= 1000) return `${(tokens / 1000).toFixed(1)}k tokens`
+    return `${tokens} tokens`
+}
+
+function toggleSidebar() {
+    showSidebar.value = !showSidebar.value
+}
+
+function generateCode(): string {
+    const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789'
+    let code = ''
+    for (let i = 0; i < 6; i++) {
+        code += chars[Math.floor(Math.random() * chars.length)]
+    }
+    return code
+}
+
+function formatAgentFailures(results?: Array<{ ok: boolean; profile: string; error?: string; reason?: string }>): string | null {
+    const failed = results?.filter(result => !result.ok) || []
+    if (failed.length === 0) return null
+    const details = failed.map(result => result.reason || result.error || result.profile).join('; ')
+    return t('groupChat.agentAddFailedCount', { count: failed.length, details })
+}
+
+function extractApiErrorMessage(err: any): string {
+    const raw = err?.message || ''
+    const jsonStart = raw.indexOf('{')
+    if (jsonStart >= 0) {
+        try {
+            const parsed = JSON.parse(raw.slice(jsonStart))
+            if (parsed?.code === 'PROFILE_AGENT_CONNECT_FAILED' && parsed?.error) {
+                return parsed.reason ? `${parsed.error}: ${parsed.reason}` : parsed.error
+            }
+            if (parsed?.error) return parsed.error
+        } catch { /* ignore */ }
+    }
+    return raw || t('common.saveFailed')
+}
+
+async function handleCreateRoom(name: string, inviteCode: string, userName: string, description: string, compression: { triggerTokens: number; maxHistoryTokens: number; tailMessageCount: number }) {
+    try {
+        store.setUserInfo(userName, description)
+        const res = await store.createNewRoom(name, inviteCode, undefined, compression)
+        showCreateModal.value = false
+        const failureMessage = formatAgentFailures(res.agentResults)
+        if (failureMessage) message.warning(failureMessage)
+        else message.success(t('groupChat.roomCreated'))
+        await router.push({ name: 'hermes.groupChatRoom', params: { roomId: res.room.id } })
+    } catch {
+        message.error(t('common.saveFailed'))
+    }
+}
+
+async function handleDeleteRoom(roomId: string) {
+    try {
+        await store.deleteRoom(roomId)
+        if (store.currentRoomId === roomId) {
+            await router.replace({ name: 'hermes.groupChat' })
+        }
+        message.success(t('groupChat.roomDeleted'))
+    } catch {
+        message.error(t('common.saveFailed'))
+    }
+}
+
+function buildRoomUrl(roomId: string) {
+    const href = router.resolve({ name: 'hermes.groupChatRoom', params: { roomId } }).href
+    return `${window.location.origin}${window.location.pathname}${href}`
+}
+
+async function copyRoomLink(roomId: string) {
+    const ok = await copyToClipboard(buildRoomUrl(roomId))
+    if (ok) message.success(t('common.copied'))
+    else message.error(t('common.copied') + ' ✗')
+}
+
+const roomContextMenuOptions = computed<DropdownOption[]>(() => [
+    { label: t('groupChat.copyRoomLink'), key: 'copy-link' },
+    { label: t('groupChat.cloneRoom'), key: 'clone-room' },
+])
+
+function handleRoomContextMenu(event: MouseEvent, roomId: string) {
+    event.preventDefault()
+    contextRoomId.value = roomId
+    roomContextMenuX.value = event.clientX
+    roomContextMenuY.value = event.clientY
+    showRoomContextMenu.value = true
+}
+
+function handleRoomContextClickOutside() {
+    showRoomContextMenu.value = false
+}
+
+function handleRoomContextSelect(key: string) {
+    showRoomContextMenu.value = false
+    const roomId = contextRoomId.value
+    if (!roomId) return
+    if (key === 'copy-link') {
+        void copyRoomLink(roomId)
+    } else if (key === 'clone-room') {
+        handleOpenCloneRoom(roomId)
+    }
+}
+
+function handleOpenCloneRoom(roomId: string) {
+    const room = store.rooms.find(r => r.id === roomId)
+    cloneSourceRoomId.value = roomId
+    cloneRoomName.value = room?.name ? `${room.name} Copy` : ''
+    cloneInviteCode.value = generateCode()
+    showCloneModal.value = true
+}
+
+async function confirmCloneRoom() {
+    if (!cloneSourceRoomId.value || !cloneRoomName.value.trim()) return
+    try {
+        const res = await store.cloneRoom(cloneSourceRoomId.value, {
+            name: cloneRoomName.value.trim(),
+            inviteCode: cloneInviteCode.value.trim() || undefined,
+        })
+        showCloneModal.value = false
+        cloneSourceRoomId.value = null
+        cloneRoomName.value = ''
+        cloneInviteCode.value = ''
+        await router.push({ name: 'hermes.groupChatRoom', params: { roomId: res.room.id } })
+        const failureMessage = formatAgentFailures(res.agentResults)
+        if (failureMessage) message.warning(failureMessage)
+        else message.success(t('groupChat.roomCloned'))
+    } catch {
+        message.error(t('common.saveFailed'))
+    }
+}
+
+async function handleClearRoomContext() {
+    if (!store.currentRoomId) return
+    if (store.contextStatuses.size > 0) {
+        message.warning(t('groupChat.compressingInProgress'))
+        return
+    }
+    try {
+        await store.clearCurrentRoomContext()
+        message.success(t('groupChat.contextCleared'))
+    } catch {
+        message.error(t('common.deleteFailed'))
+    }
+}
+
+async function handleSelectRoom(roomId: string) {
+    try {
+        await router.push({ name: 'hermes.groupChatRoom', params: { roomId } })
+        if (window.innerWidth <= 768) showSidebar.value = false
+    } catch {
+        message.error(t('groupChat.joinFailed'))
+    }
+}
+
+async function handleSendMessage(content: string, attachments?: Attachment[]) {
+    try {
+        await store.sendMessage(content, attachments)
+    } catch (err: any) {
+        message.error(err.message)
+    }
+}
+
+async function handleAddAgent() {
+    await profilesStore.fetchProfiles()
+    showAddAgentModal.value = true
+}
+
+onMounted(() => {
+    if (profilesStore.profiles.length === 0) {
+        void profilesStore.fetchProfiles()
+    }
+})
+
+async function confirmAddAgent() {
+    if (!selectedProfile.value || !store.currentRoomId) return
+    try {
+        await store.addAgentToRoom(store.currentRoomId, {
+            profile: selectedProfile.value,
+            name: agentName.value.trim() || undefined,
+            description: agentDescription.value.trim() || undefined,
+        })
+        showAddAgentModal.value = false
+        selectedProfile.value = null
+        agentName.value = ''
+        agentDescription.value = ''
+        message.success(t('groupChat.agentAdded'))
+    } catch (err: any) {
+        if (err.message?.includes('already')) {
+            message.warning(t('groupChat.agentAlreadyInRoom'))
+        } else {
+            message.error(extractApiErrorMessage(err))
+        }
+    }
+}
+
+function handleOpenCompressionConfig() {
+    const room = store.rooms.find(r => r.id === store.currentRoomId)
+    if (room) {
+        compressionConfig.value = {
+            triggerTokens: room.triggerTokens ?? 100000,
+            maxHistoryTokens: room.maxHistoryTokens ?? 32000,
+            tailMessageCount: room.tailMessageCount ?? 10,
+        }
+    }
+    showCompressionModal.value = true
+}
+
+async function handleSaveCompressionConfig() {
+    if (!store.currentRoomId) return
+    try {
+        const res = await updateRoomConfig(store.currentRoomId, { ...compressionConfig.value })
+        const idx = store.rooms.findIndex(r => r.id === store.currentRoomId)
+        if (idx >= 0 && res.room) store.rooms[idx] = res.room
+        showCompressionModal.value = false
+        message.success(t('groupChat.compressionSaved'))
+    } catch {
+        message.error(t('common.saveFailed'))
+    }
+}
+
+async function handleForceCompress() {
+    if (!store.currentRoomId || isCompressing.value) return
+    if (store.contextStatuses.size > 0) {
+        message.warning(t('groupChat.compressingInProgress'))
+        return
+    }
+    isCompressing.value = true
+    try {
+        await forceCompress(store.currentRoomId)
+        message.success(t('groupChat.compressionSaved'))
+    } catch {
+        message.error(t('common.saveFailed'))
+    } finally {
+        isCompressing.value = false
+    }
+}
+
+async function handleRemoveAgent(agentId: string) {
+    if (!store.currentRoomId) return
+    try {
+        await store.removeAgentFromRoom(store.currentRoomId, agentId)
+    } catch {
+        message.error(t('common.deleteFailed'))
+    }
+}
+
+async function handleInterruptAgent(agentName: string) {
+    try {
+        await store.interruptAgent(agentName)
+    } catch (err: any) {
+        message.error(err.message || t('common.saveFailed'))
+    }
+}
+
+async function handleApproval(choice: 'once' | 'session' | 'always' | 'deny') {
+    try {
+        await store.respondApproval(choice)
+    } catch (err: any) {
+        message.error(err.message || t('common.saveFailed'))
+    }
+}
+
+</script>
+
+<template>
+    <div class="group-chat-panel">
+        <!-- Mobile backdrop -->
+        <div class="sidebar-backdrop" :class="{ active: showSidebar }" @click="showSidebar = false" />
+        <!-- Room sidebar -->
+        <div v-if="showSidebar" class="room-sidebar">
+            <div class="sidebar-header">
+                <span class="sidebar-title">{{ t('groupChat.title') }}</span>
+                <div class="sidebar-actions">
+                    <button class="icon-btn" :title="t('groupChat.createRoom')" @click="showCreateModal = true">
+                        <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+                            <line x1="12" y1="5" x2="12" y2="19" /><line x1="5" y1="12" x2="19" y2="12" />
+                        </svg>
+                    </button>
+                </div>
+            </div>
+            <div class="room-list">
+                <div
+                    v-for="room in store.rooms"
+                    :key="room.id"
+                    class="room-item"
+                    :class="{ active: store.currentRoomId === room.id }"
+                    @click="handleSelectRoom(room.id)"
+                    @contextmenu="handleRoomContextMenu($event, room.id)"
+                >
+                    <svg class="room-icon" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+                        <path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z" />
+                    </svg>
+                    <div class="room-info">
+                        <span class="room-name">{{ room.name || room.id }}</span>
+                        <span v-if="room.inviteCode" class="room-code">{{ room.inviteCode }}</span>
+                        <span class="room-tokens">{{ formatTokens(room.totalTokens || 0) }}</span>
+                    </div>
+                    <NPopconfirm @positive-click="handleDeleteRoom(room.id)">
+                        <template #trigger>
+                            <button class="room-action-btn danger" @click.stop>
+                                <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>
+                            </button>
+                        </template>
+                        {{ t('groupChat.deleteRoomConfirm') }}
+                    </NPopconfirm>
+                </div>
+                <div v-if="store.rooms.length === 0" class="empty-rooms">
+                    {{ t('groupChat.noRooms') }}
+                </div>
+            </div>
+        </div>
+
+        <NDropdown
+            placement="bottom-start"
+            trigger="manual"
+            :x="roomContextMenuX"
+            :y="roomContextMenuY"
+            :options="roomContextMenuOptions"
+            :show="showRoomContextMenu"
+            @select="handleRoomContextSelect"
+            @clickoutside="handleRoomContextClickOutside"
+        />
+
+        <!-- Main chat area -->
+        <div class="chat-main">
+            <div class="chat-header">
+                <button class="icon-btn" @click="toggleSidebar">
+                    <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+                        <rect x="3" y="3" width="18" height="18" rx="2" ry="2" /><line x1="9" y1="3" x2="9" y2="21" />
+                    </svg>
+                </button>
+                <span class="room-title-text">{{ store.roomName || (store.currentRoomId || t('groupChat.title')) }}</span>
+                <div class="header-info">
+                    <!-- Stacked avatars (user + agents) -->
+                    <NPopover v-if="store.agents.length" trigger="click" placement="bottom-end" :width="220">
+                        <template #trigger>
+                            <div class="avatar-stack-inner">
+                                <!-- User avatar first -->
+                                <span class="avatar-stack-item" :style="{ zIndex: store.agents.length + 1 }">
+                                    <ProfileAvatar class="agent-avatar" :name="store.userName || store.userId" :size="28" />
+                                </span>
+                                <span
+                                    v-for="(agent, index) in store.agents.slice(-4)"
+                                    :key="agent.id"
+                                    class="avatar-stack-item"
+                                    :style="{ zIndex: store.agents.length - index }"
+                                >
+                                    <ProfileAvatar class="agent-avatar" :name="agentAvatarName(agent)" :avatar="profileAvatarFor(agent.profile)" :size="28" />
+                                </span>
+                                <span v-if="store.agents.length > 4" class="avatar-stack-more">+{{ store.agents.length - 4 }}</span>
+                            </div>
+                        </template>
+                        <div class="agent-popover">
+                            <div class="agent-popover-item" style="margin-bottom: 8px; padding-bottom: 8px; border-bottom: 1px solid var(--n-border-color, #efeff5);">
+                                <ProfileAvatar class="agent-avatar" :name="store.userName || store.userId" :size="28" />
+                                <div class="agent-popover-info">
+                                    <span class="agent-popover-name">{{ store.userName || 'You' }}</span>
+                                    <span class="agent-popover-profile">{{ t('groupChat.you') }}</span>
+                                </div>
+                            </div>
+                            <div class="agent-popover-title">{{ t('groupChat.agents') }} ({{ store.agents.length }})</div>
+                            <div v-for="agent in store.agents" :key="agent.id" class="agent-popover-item">
+                                <ProfileAvatar class="agent-avatar" :name="agentAvatarName(agent)" :avatar="profileAvatarFor(agent.profile)" :size="28" />
+                                <div class="agent-popover-info">
+                                    <span class="agent-popover-name">{{ agent.name }}</span>
+                                    <span class="agent-popover-profile">{{ agent.profile }}</span>
+                                </div>
+                                <button class="agent-popover-remove" @click="handleRemoveAgent(agent.id)">
+                                    <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>
+                                </button>
+                            </div>
+                        </div>
+                    </NPopover>
+                    <!-- Only user avatar, no agents -->
+                    <div v-else-if="store.userName" class="avatar-stack-inner">
+                        <span class="avatar-stack-item">
+                            <ProfileAvatar class="agent-avatar" :name="store.userName || store.userId" :size="28" />
+                        </span>
+                    </div>
+                    <button class="icon-btn" :title="t('groupChat.addAgent')" @click="handleAddAgent">
+                        <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><line x1="12" y1="5" x2="12" y2="19"/><line x1="5" y1="12" x2="19" y2="12"/></svg>
+                    </button>
+                    <button class="icon-btn" :title="t('groupChat.compressionConfig')" @click="handleOpenCompressionConfig">
+                        <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1 0 2.83 2 2 0 0 1-2.83 0l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-2 2 2 2 0 0 1-2-2v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83 0 2 2 0 0 1 0-2.83l.06-.06A1.65 1.65 0 0 0 4.68 15a1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1-2-2 2 2 0 0 1 2-2h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 0-2.83 2 2 0 0 1 2.83 0l.06.06A1.65 1.65 0 0 0 9 4.68a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 2-2 2 2 0 0 1 2 2v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 0 2 2 0 0 1 0 2.83l-.06.06A1.65 1.65 0 0 0 19.4 4.6a1.65 1.65 0 0 0 1.51 1V3a2 2 0 0 1 2-2 2 2 0 0 1 2 2v.09a1.65 1.65 0 0 0 1.51 1z"/></svg>
+                    </button>
+                    <NPopconfirm @positive-click="handleClearRoomContext">
+                        <template #trigger>
+                            <button class="icon-btn" :title="t('groupChat.clearContext')">
+                                <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+                                    <path d="M3 6h18" /><path d="M8 6V4h8v2" /><path d="M19 6l-1 14H6L5 6" /><path d="M10 11v5" /><path d="M14 11v5" />
+                                </svg>
+                            </button>
+                        </template>
+                        {{ t('groupChat.clearContextConfirm') }}
+                    </NPopconfirm>
+                    <span v-if="store.members.length" class="member-count">
+                        {{ store.members.length }} {{ t('groupChat.members') }}
+                    </span>
+                    <span class="connection-dot" :class="{ connected: store.connected, disconnected: !store.connected }"></span>
+                </div>
+            </div>
+
+            <template v-if="hasRoom">
+                <GroupMessageList />
+                <div v-if="store.contextStatuses.size > 0 || (store.typingText && store.contextStatuses.size === 0)" class="status-bar">
+                    <div v-if="store.contextStatuses.size > 0" class="context-status-list">
+                        <div v-for="[name, status] in store.contextStatuses" :key="name" class="context-status">
+                            <span class="typing-dots">
+                                <span /><span /><span />
+                            </span>
+                            <span v-if="status.status === 'compressing'">
+                                @{{ status.agentName }} {{ t('groupChat.agentCompressing') }}
+                            </span>
+                            <span v-else>
+                                @{{ status.agentName }} {{ t('groupChat.agentReplying') }}
+                            </span>
+                            <button class="context-stop-btn" :title="t('common.cancel')" @click="handleInterruptAgent(status.agentName)">
+                                <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.2" stroke-linecap="round" stroke-linejoin="round">
+                                    <line x1="18" y1="6" x2="6" y2="18" />
+                                    <line x1="6" y1="6" x2="18" y2="18" />
+                                </svg>
+                            </button>
+                        </div>
+                    </div>
+                    <div v-else-if="store.typingText" class="typing-indicator">
+                        <span class="typing-dots">
+                            <span /><span /><span />
+                        </span>
+                        {{ store.typingText }}
+                    </div>
+                </div>
+                <div v-if="visibleApproval" class="approval-bar">
+                    <div class="approval-icon" aria-hidden="true">
+                        <svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+                            <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10" />
+                            <path d="m9 12 2 2 4-4" />
+                        </svg>
+                    </div>
+                    <div class="approval-content">
+                        <div class="approval-main">
+                            <div class="approval-kicker">{{ t('chat.approvalKicker') }}</div>
+                            <div class="approval-title">
+                                <span v-if="visibleApproval.agentName">@{{ visibleApproval.agentName }} · </span>{{ t('chat.approvalTitle') }}
+                            </div>
+                            <div class="approval-desc">{{ visibleApproval.description }}</div>
+                            <code class="approval-command">{{ visibleApproval.command }}</code>
+                        </div>
+                        <div class="approval-actions">
+                            <NButton v-if="visibleApproval.choices.includes('once')" size="small" type="primary" @click="handleApproval('once')">
+                                {{ t('chat.approvalAllowOnce') }}
+                            </NButton>
+                            <NButton v-if="visibleApproval.choices.includes('session')" size="small" secondary @click="handleApproval('session')">
+                                {{ t('chat.approvalAllowSession') }}
+                            </NButton>
+                            <NButton v-if="visibleApproval.choices.includes('always')" size="small" secondary @click="handleApproval('always')">
+                                {{ t('chat.approvalAlways') }}
+                            </NButton>
+                            <NButton v-if="visibleApproval.choices.includes('deny')" size="small" type="error" secondary @click="handleApproval('deny')">
+                                {{ t('chat.approvalDeny') }}
+                            </NButton>
+                        </div>
+                    </div>
+                </div>
+                <GroupChatInput @send="handleSendMessage" />
+            </template>
+
+            <div v-else class="no-room">
+                <div class="no-room-icon">
+                    <svg width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round">
+                        <path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z" />
+                    </svg>
+                </div>
+                <p>{{ t('groupChat.selectOrCreate') }}</p>
+            </div>
+        </div>
+
+        <!-- Create room modal -->
+        <Teleport to="body">
+            <div v-if="showCreateModal" class="modal-backdrop" @click.self="showCreateModal = false">
+                <div class="modal">
+                    <h3>{{ t('groupChat.createRoom') }}</h3>
+                    <CreateRoomForm @submit="handleCreateRoom" @cancel="showCreateModal = false" />
+                </div>
+            </div>
+        </Teleport>
+
+        <Teleport to="body">
+            <div v-if="showAddAgentModal" class="modal-backdrop" @click.self="showAddAgentModal = false">
+                <div class="modal">
+                    <h3>{{ t('groupChat.addAgent') }}</h3>
+                    <div class="form-group">
+                        <NSelect
+                            v-model:value="selectedProfile"
+                            :options="profileOptions"
+                            :placeholder="t('groupChat.selectProfile')"
+                            filterable
+                        />
+                    </div>
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.agentName') }}</label>
+                        <NInput
+                            v-model:value="agentName"
+                            :placeholder="t('groupChat.agentNamePlaceholder')"
+                        />
+                    </div>
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.agentDesc') }}</label>
+                        <NInput
+                            v-model:value="agentDescription"
+                            type="textarea"
+                            :rows="2"
+                            :placeholder="t('groupChat.agentDescPlaceholder')"
+                        />
+                    </div>
+                    <div class="modal-actions">
+                        <NSpace justify="end">
+                            <NButton @click="showAddAgentModal = false">{{ t('common.cancel') }}</NButton>
+                            <NButton type="primary" :disabled="!selectedProfile" @click="confirmAddAgent">{{ t('common.add') }}</NButton>
+                        </NSpace>
+                    </div>
+                </div>
+            </div>
+            <div v-if="showCloneModal" class="modal-backdrop" @click.self="showCloneModal = false">
+                <div class="modal">
+                    <h3>{{ t('groupChat.cloneRoom') }}</h3>
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.roomName') }}</label>
+                        <NInput
+                            v-model:value="cloneRoomName"
+                            :placeholder="t('groupChat.roomNamePlaceholder')"
+                            @keyup.enter="confirmCloneRoom"
+                        />
+                    </div>
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.inviteCode') }}</label>
+                        <div class="code-row">
+                            <NInput
+                                v-model:value="cloneInviteCode"
+                                :placeholder="t('groupChat.autoGenerate')"
+                                @keyup.enter="confirmCloneRoom"
+                            />
+                            <NButton size="small" @click="cloneInviteCode = generateCode()">
+                                <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+                                    <polyline points="23 4 23 10 17 10" /><path d="M20.49 15a9 9 0 1 1-2.12-9.36L23 10" />
+                                </svg>
+                            </NButton>
+                        </div>
+                    </div>
+                    <div class="modal-actions">
+                        <NSpace justify="end">
+                            <NButton @click="showCloneModal = false">{{ t('common.cancel') }}</NButton>
+                            <NButton type="primary" :disabled="!cloneRoomName.trim()" @click="confirmCloneRoom">{{ t('groupChat.cloneRoom') }}</NButton>
+                        </NSpace>
+                    </div>
+                </div>
+            </div>
+            <div v-if="showCompressionModal" class="modal-backdrop" @click.self="showCompressionModal = false">
+                <div class="modal">
+                    <h3>{{ t('groupChat.compressionConfig') }}</h3>
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.triggerTokens') }}</label>
+                        <NInputNumber v-model:value="compressionConfig.triggerTokens" :min="1000" :step="10000" style="width: 100%" />
+                        <p class="form-hint">{{ t('groupChat.triggerTokensDesc') }}</p>
+                    </div>
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.maxHistoryTokens') }}</label>
+                        <NInputNumber v-model:value="compressionConfig.maxHistoryTokens" :min="1000" :step="1000" style="width: 100%" />
+                        <p class="form-hint">{{ t('groupChat.maxHistoryTokensDesc') }}</p>
+                    </div>
+                    <div class="form-group">
+                        <label class="form-label">{{ t('groupChat.tailMessageCount') }}</label>
+                        <NInputNumber v-model:value="compressionConfig.tailMessageCount" :min="1" :step="5" style="width: 100%" />
+                        <p class="form-hint">{{ t('groupChat.tailMessageCountDesc') }}</p>
+                    </div>
+                    <div style="margin-top: 8px">
+                        <NButton
+                            block
+                            :disabled="isCompressing || store.contextStatuses.size > 0"
+                            :loading="isCompressing"
+                            @click="handleForceCompress"
+                        >
+                            {{ isCompressing ? t('groupChat.compressingInProgress') : t('groupChat.compressNow') }}
+                        </NButton>
+                    </div>
+                    <div class="modal-actions">
+                        <NSpace justify="end">
+                            <NButton @click="showCompressionModal = false">{{ t('common.cancel') }}</NButton>
+                            <NButton type="primary" @click="handleSaveCompressionConfig">{{ t('common.save') }}</NButton>
+                        </NSpace>
+                    </div>
+                </div>
+            </div>
+        </Teleport>
+    </div>
+</template>
+
+<script lang="ts">
+import { defineComponent } from 'vue'
+import CreateRoomForm from './CreateRoomForm.vue'
+
+export default defineComponent({ components: { CreateRoomForm } })
+</script>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.group-chat-panel {
+    display: flex;
+    height: 100%;
+    overflow: hidden;
+    position: relative;
+}
+
+.sidebar-backdrop {
+    display: none;
+}
+
+@media (max-width: $breakpoint-mobile) {
+    .sidebar-backdrop {
+        display: block;
+        position: absolute;
+        inset: 0;
+        background: rgba(0, 0, 0, 0.4);
+        z-index: 99;
+        opacity: 0;
+        pointer-events: none;
+        transition: opacity $transition-fast;
+
+        &.active {
+            opacity: 1;
+            pointer-events: auto;
+        }
+    }
+}
+
+// ─── Status Bar ──────────────────────────────────────────
+
+.status-bar {
+    flex-shrink: 0;
+    padding: 6px 20px;
+    overflow: hidden;
+}
+
+.context-status-list {
+    display: flex;
+    gap: 8px;
+    overflow-x: auto;
+    flex-wrap: nowrap;
+
+    &::-webkit-scrollbar {
+        height: 0;
+    }
+}
+
+.context-status {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    padding: 4px 10px;
+    font-size: 12px;
+    color: $text-secondary;
+    background-color: $bg-card-hover;
+    border-radius: $radius-sm;
+
+    .dark & {
+        background-color: rgba(255, 255, 255, 0.06);
+    }
+}
+
+.context-stop-btn {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    width: 20px;
+    height: 20px;
+    border: 1px solid rgba(var(--error-rgb), 0.18);
+    border-radius: $radius-sm;
+    background: rgba(var(--error-rgb), 0.06);
+    color: $error;
+    cursor: pointer;
+    padding: 0;
+    transition: color 0.15s ease, background 0.15s ease, border-color 0.15s ease;
+
+    &:hover {
+        color: #ffffff;
+        background: $error;
+        border-color: $error;
+    }
+}
+
+.approval-bar {
+    display: flex;
+    align-items: flex-start;
+    gap: 10px;
+    margin: 0 16px 12px;
+    padding: 12px;
+    border: 1px solid $border-color;
+    border-radius: 8px;
+    background: $bg-card;
+    box-shadow: none;
+}
+
+.approval-icon {
+    display: grid;
+    place-items: center;
+    flex: 0 0 32px;
+    width: 32px;
+    height: 32px;
+    color: var(--accent-primary);
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    border: 1px solid rgba(var(--accent-primary-rgb), 0.2);
+    border-radius: 8px;
+}
+
+.approval-content {
+    flex: 1;
+    min-width: 0;
+}
+
+.approval-main {
+    min-width: 0;
+}
+
+.approval-kicker {
+    margin-bottom: 2px;
+    font-size: 10px;
+    font-weight: 700;
+    line-height: 1.2;
+    letter-spacing: 0.08em;
+    text-transform: uppercase;
+    color: var(--accent-primary);
+}
+
+.approval-title {
+    font-size: 14px;
+    font-weight: 700;
+    line-height: 1.3;
+    color: $text-primary;
+}
+
+.approval-desc {
+    margin-top: 4px;
+    font-size: 12px;
+    line-height: 1.45;
+    color: $text-secondary;
+}
+
+.approval-command {
+    display: block;
+    margin-top: 8px;
+    max-height: 96px;
+    overflow: auto;
+    white-space: pre-wrap;
+    word-break: break-word;
+    font-family: "SFMono-Regular", "Cascadia Code", "Roboto Mono", Consolas, monospace;
+    font-size: 11px;
+    line-height: 1.45;
+    color: $text-primary;
+    background: $bg-secondary;
+    border: 1px solid $border-color;
+    border-radius: 6px;
+    padding: 8px 10px;
+}
+
+.approval-actions {
+    display: flex;
+    flex-wrap: wrap;
+    justify-content: flex-end;
+    gap: 8px;
+    margin-top: 10px;
+    padding-top: 10px;
+    border-top: 1px solid $border-color;
+}
+
+@media (max-width: 768px) {
+    .approval-bar {
+        margin: 0 10px 10px;
+        padding: 10px;
+    }
+
+    .approval-icon {
+        flex-basis: 28px;
+        width: 28px;
+        height: 28px;
+    }
+
+    .approval-actions {
+        display: grid;
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+    }
+
+    .approval-actions :deep(.n-button) {
+        width: 100%;
+    }
+}
+
+@media (max-width: 420px) {
+    .approval-bar {
+        gap: 8px;
+    }
+
+    .approval-actions {
+        grid-template-columns: 1fr;
+    }
+}
+
+.typing-indicator {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    font-size: 12px;
+    color: $text-muted;
+}
+
+.typing-dots {
+    display: inline-flex;
+    align-items: center;
+    gap: 2px;
+
+    span {
+        display: block;
+        width: 4px;
+        height: 4px;
+        border-radius: 50%;
+        background-color: $text-muted;
+        animation: typing-bounce 1.2s infinite;
+
+        &:nth-child(2) { animation-delay: 0.2s; }
+        &:nth-child(3) { animation-delay: 0.4s; }
+    }
+}
+
+@keyframes typing-bounce {
+    0%, 60%, 100% { transform: translateY(0); opacity: 0.4; }
+    30% { transform: translateY(-3px); opacity: 1; }
+}
+
+// ─── Room Sidebar ────────────────────────────────────────
+
+.room-sidebar {
+    width: 220px;
+    flex-shrink: 0;
+    border-right: 1px solid $border-color;
+    display: flex;
+    flex-direction: column;
+}
+
+.sidebar-header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    padding: 12px;
+    flex-shrink: 0;
+
+    .sidebar-title {
+        font-size: 15px;
+        font-weight: 600;
+        color: $text-primary;
+    }
+
+    .sidebar-actions {
+        display: flex;
+        gap: 4px;
+    }
+}
+
+.room-list {
+    flex: 1;
+    overflow-y: auto;
+    padding: 8px;
+}
+
+.room-item {
+    display: flex;
+    align-items: center;
+    gap: 10px;
+    padding: 10px;
+    border-radius: $radius-sm;
+    cursor: pointer;
+    transition: background-color $transition-fast;
+
+    &:hover {
+        background-color: rgba(var(--accent-primary-rgb), 0.06);
+    }
+
+    &.active {
+        background-color: rgba(var(--accent-primary-rgb), 0.12);
+    }
+
+    .room-icon {
+        color: $text-muted;
+        flex-shrink: 0;
+    }
+
+    .room-info {
+        display: flex;
+        flex-direction: column;
+        min-width: 0;
+        flex: 1;
+    }
+
+    .room-name {
+        font-size: 13px;
+        color: $text-primary;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+    }
+
+    .room-code {
+        font-size: 11px;
+        color: $text-muted;
+        font-family: $font-code;
+    }
+
+    .room-tokens {
+        font-size: 11px;
+        color: $text-muted;
+    }
+
+    .room-action-btn {
+        flex-shrink: 0;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        width: 24px;
+        height: 24px;
+        border: none;
+        background: transparent;
+        color: $text-muted;
+        cursor: pointer;
+        border-radius: $radius-sm;
+        opacity: 0;
+        transition: opacity $transition-fast, color $transition-fast, background-color $transition-fast;
+
+        &:hover {
+            color: $text-primary;
+            background-color: rgba(var(--accent-primary-rgb), 0.08);
+        }
+
+        &.danger:hover {
+            color: $error;
+            background-color: rgba(var(--error-rgb), 0.1);
+        }
+    }
+
+    &:hover .room-action-btn {
+        opacity: 1;
+    }
+}
+
+.empty-rooms {
+    padding: 20px 12px;
+    text-align: center;
+    font-size: 13px;
+    color: $text-muted;
+}
+
+// ─── Chat Main ──────────────────────────────────────────
+
+.chat-main {
+    flex: 1;
+    display: flex;
+    flex-direction: column;
+    min-width: 0;
+    background-color: transparent;
+}
+
+.chat-header {
+    display: flex;
+    align-items: center;
+    gap: 12px;
+    padding: 21px 20px;
+    border-bottom: 1px solid $border-color;
+
+    .room-title-text {
+        font-size: 16px;
+        font-weight: 600;
+        color: $text-primary;
+        flex: 1;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+    }
+
+    .header-info {
+        display: flex;
+        align-items: center;
+        gap: 8px;
+        flex-shrink: 0;
+    }
+
+    .member-count {
+        font-size: 12px;
+        color: $text-muted;
+    }
+}
+
+// ─── Header Avatar Stack ──────────────────────────────
+
+.avatar-stack {
+    cursor: pointer;
+}
+
+.avatar-stack-inner {
+    display: flex;
+    align-items: center;
+}
+
+.avatar-stack-item {
+    width: 28px;
+    height: 28px;
+    border-radius: 50%;
+    border: 2px solid $bg-card;
+    margin-left: -12px;
+    overflow: hidden;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    background-color: $bg-secondary;
+    transition: transform $transition-fast;
+
+    &:first-child {
+        margin-left: 0;
+    }
+
+    &:hover {
+        transform: translateY(-2px);
+        z-index: 100 !important;
+    }
+}
+
+.avatar-stack-more {
+    width: 28px;
+    height: 28px;
+    border-radius: 50%;
+    border: 2px solid $bg-card;
+    margin-left: -12px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    background-color: $bg-secondary;
+    font-size: 11px;
+    font-weight: 600;
+    color: $text-secondary;
+}
+
+.agent-avatar {
+    width: 28px;
+    height: 28px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+
+    :deep(svg) {
+        width: 100%;
+        height: 100%;
+    }
+}
+
+// ─── Agent Popover ─────────────────────────────────────
+
+.agent-popover {
+    max-height: 300px;
+    overflow-y: auto;
+}
+
+.agent-popover-title {
+    font-size: 12px;
+    font-weight: 600;
+    color: $text-muted;
+    padding: 0 0 8px;
+    border-bottom: 1px solid $border-color;
+    margin-bottom: 8px;
+}
+
+.agent-popover-item {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    padding: 6px 4px;
+    border-radius: $radius-sm;
+    transition: background-color $transition-fast;
+
+    &:hover {
+        background-color: rgba(var(--accent-primary-rgb), 0.06);
+    }
+
+    .agent-popover-info {
+        flex: 1;
+        min-width: 0;
+    }
+
+    .agent-popover-name {
+        display: block;
+        font-size: 13px;
+        color: $text-primary;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+    }
+
+    .agent-popover-profile {
+        display: block;
+        font-size: 11px;
+        color: $text-muted;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+    }
+
+    .agent-popover-remove {
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        width: 24px;
+        height: 24px;
+        border: none;
+        background: none;
+        border-radius: $radius-sm;
+        color: $text-muted;
+        cursor: pointer;
+        flex-shrink: 0;
+        transition: all $transition-fast;
+
+        &:hover {
+            color: $error;
+            background-color: rgba(200, 50, 50, 0.08);
+        }
+    }
+}
+
+// ─── No Room State ────────────────────────────────────────
+
+.no-room {
+    flex: 1;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    gap: 16px;
+    color: $text-muted;
+
+    .no-room-icon {
+        opacity: 0.3;
+    }
+
+    p {
+        font-size: 14px;
+    }
+}
+
+// ─── Shared ──────────────────────────────────────────────
+
+.icon-btn {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 32px;
+    height: 32px;
+    border: none;
+    background: none;
+    border-radius: $radius-sm;
+    color: $text-secondary;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background-color: rgba(var(--accent-primary-rgb), 0.08);
+        color: $text-primary;
+    }
+}
+
+.modal-backdrop {
+    position: fixed;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.4);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    z-index: 1000;
+}
+
+.modal {
+    background: $bg-card;
+    border-radius: $radius-lg;
+    padding: 24px;
+    width: 400px;
+    max-width: 90vw;
+    box-shadow: 0 8px 32px rgba(0, 0, 0, 0.12);
+
+    h3 {
+        font-size: 16px;
+        font-weight: 600;
+        color: $text-primary;
+        margin: 0 0 20px;
+    }
+}
+
+.form-group {
+    margin-bottom: 16px;
+}
+
+.form-label {
+    display: block;
+    font-size: 13px;
+    font-weight: 500;
+    color: $text-secondary;
+    margin-bottom: 6px;
+}
+
+.code-row {
+    display: flex;
+    gap: 8px;
+    align-items: center;
+}
+
+.modal-actions {
+    margin-top: 12px;
+    display: flex;
+    justify-content: flex-end;
+    gap: 8px;
+}
+
+.form-hint {
+    font-size: 11px;
+    color: $text-muted;
+    margin: 4px 0 0;
+}
+
+// ─── Connection Dot ──────────────────────────────────────
+
+.connection-dot {
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    flex-shrink: 0;
+
+    &.connected {
+        background-color: $success;
+        box-shadow: 0 0 6px rgba(var(--success-rgb), 0.5);
+    }
+
+    &.disconnected {
+        background-color: $error;
+    }
+}
+
+// ─── Mobile ──────────────────────────────────────────────
+
+@media (max-width: $breakpoint-mobile) {
+    .room-sidebar {
+        position: absolute;
+        left: 0;
+        top: 0;
+        bottom: 0;
+        z-index: 100;
+        background-color: $bg-card;
+        box-shadow: 4px 0 16px rgba(0, 0, 0, 0.1);
+    }
+
+    .chat-header {
+        padding: 16px 12px 16px 52px;
+    }
+}
+</style>
diff --git a/packages/client/src/components/hermes/group-chat/GroupMessageItem.vue b/packages/client/src/components/hermes/group-chat/GroupMessageItem.vue
new file mode 100644
index 0000000..72b4b0e
--- /dev/null
+++ b/packages/client/src/components/hermes/group-chat/GroupMessageItem.vue
@@ -0,0 +1,1048 @@
+<script setup lang="ts">
+import { computed, onBeforeUnmount, onMounted, ref } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useMessage } from 'naive-ui'
+import MarkdownRenderer from '../chat/MarkdownRenderer.vue'
+import ProfileAvatar from '@/components/hermes/profiles/ProfileAvatar.vue'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import {
+    copyTextToClipboard,
+    handleCodeBlockCopyClick,
+    renderHighlightedCodeBlock,
+} from '../chat/highlight'
+import { parseThinking, countThinkingChars } from '@/utils/thinking-parser'
+import { useGlobalSpeech } from '@/composables/useSpeech'
+import { useVoiceSettings } from '@/composables/useVoiceSettings'
+import { speedToEdgeRate, hzToEdgePitch } from '@/utils/ttsHelpers'
+import { getDownloadUrl } from '@/api/hermes/download'
+import type { ChatMessage, RoomAgent } from '@/api/hermes/group-chat'
+
+const TOOL_PAYLOAD_DISPLAY_LIMIT = 1000
+const JSON_STRING_DISPLAY_LIMIT = 200
+const JSON_MAX_DEPTH = 6
+const JSON_MAX_NODES = 1000
+const JSON_MAX_KEYS_PER_OBJECT = 50
+const JSON_MAX_ITEMS_PER_ARRAY = 50
+const JSON_TRUNCATED_KEY = '__truncated__'
+
+const props = defineProps<{
+    message: ChatMessage
+    agents: RoomAgent[]
+    currentUserId?: string
+}>()
+
+const { t } = useI18n()
+const toast = useMessage()
+const profilesStore = useProfilesStore()
+const speech = useGlobalSpeech()
+const voiceSettings = useVoiceSettings()
+const previewUrl = ref<string | null>(null)
+const isAgent = computed(() => {
+    return props.agents.some(a => a.agentId === props.message.senderId || a.name === props.message.senderName)
+})
+
+const isAgentError = computed(() => {
+    if (props.message.role !== 'assistant') return false
+    if (props.message.finish_reason === 'error') return true
+    return /^Error:\s*/i.test(props.message.content || '')
+})
+
+const isSelf = computed(() => {
+    return !!props.currentUserId && props.message.senderId === props.currentUserId
+})
+
+const agentInfo = computed(() => {
+    return props.agents.find(a => a.agentId === props.message.senderId || a.name === props.message.senderName)
+})
+
+const timeStr = computed(() => {
+    const d = new Date(props.message.timestamp)
+    return d.toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' })
+})
+
+const avatarProfileName = computed(() => agentInfo.value?.profile || props.message.senderName || props.message.senderId)
+const avatarProfile = computed(() => profilesStore.profiles.find(profile => profile.name === agentInfo.value?.profile))
+
+const mentionNames = computed(() => ['all', ...props.agents.map(a => a.name).filter(Boolean)])
+const parsedThinking = computed(() => parseThinking(props.message.content || '', { streaming: !!props.message.isStreaming }))
+const hasReasoningField = computed(() => !!(props.message.reasoning && props.message.reasoning.length > 0))
+const hasThinking = computed(() => hasReasoningField.value || parsedThinking.value.hasThinking)
+const thinkingFullText = computed(() => {
+    const parts: string[] = []
+    if (props.message.reasoning) parts.push(props.message.reasoning)
+    parts.push(...parsedThinking.value.segments)
+    if (parsedThinking.value.pending) parts.push(parsedThinking.value.pending)
+    return parts.join('\n\n')
+})
+const thinkingCharCount = computed(() => {
+    let count = countThinkingChars(parsedThinking.value)
+    if (props.message.reasoning) count += props.message.reasoning.length
+    return count
+})
+const thinkingStreamingNow = computed(() => {
+    if (!props.message.isStreaming) return false
+    if (parsedThinking.value.pending !== null) return true
+    if (hasReasoningField.value && !props.message.content) return true
+    return false
+})
+const thinkingOverride = ref<boolean | null>(null)
+const thinkingExpanded = computed(() => {
+    if (thinkingStreamingNow.value) return true
+    if (thinkingOverride.value !== null) return thinkingOverride.value
+    return false
+})
+const assistantBody = computed(() => parsedThinking.value.body || props.message.content || '')
+const contentBlocks = computed(() => {
+    const content = props.message.content || ''
+    const trimmed = content.trim()
+    if (!trimmed.startsWith('[') || !trimmed.endsWith(']')) return null
+    try {
+        const parsed = JSON.parse(trimmed)
+        return Array.isArray(parsed) ? parsed : null
+    } catch {
+        return null
+    }
+})
+const renderedAttachments = computed(() => {
+    if (props.message.attachments?.length) return props.message.attachments
+    const blocks = contentBlocks.value
+    if (!blocks) return []
+    return blocks.flatMap((block: any, index: number) => {
+        if (block?.type !== 'image' && block?.type !== 'file') return []
+        const path = String(block.path || '')
+        if (!path) return []
+        const name = String(block.name || `${block.type}-${index + 1}`)
+        return [{
+            id: `${props.message.id}_attachment_${index}`,
+            name,
+            type: block.type === 'image' ? String(block.media_type || 'image/*') : String(block.media_type || 'application/octet-stream'),
+            size: 0,
+            url: getDownloadUrl(normalizeLocalFilePath(path), name),
+        }]
+    })
+})
+const hasAttachments = computed(() => renderedAttachments.value.length > 0)
+const displayBody = computed(() => {
+    if (props.message.role !== 'user') return assistantBody.value
+    const blocks = contentBlocks.value
+    if (!blocks) return assistantBody.value
+    return blocks
+        .filter((block: any) => block?.type === 'text' && typeof block.text === 'string')
+        .map((block: any) => block.text)
+        .join('\n')
+})
+const copyableContent = computed(() => {
+    if (isToolMessage.value) return null
+    const content = displayBody.value || ''
+    return content.trim() ? content : null
+})
+
+const toolExpanded = ref(false)
+const isToolMessage = computed(() => props.message.role === 'tool')
+const hasToolDetails = computed(() => !!(props.message.toolArgs || props.message.toolResult))
+const toolArgsPayload = computed(() => formatToolPayload(props.message.toolArgs))
+const toolResultPayload = computed(() => formatToolPayload(props.message.toolResult))
+const fullToolArgs = computed(() => toolArgsPayload.value.full)
+const formattedToolArgs = computed(() => toolArgsPayload.value.display)
+const fullToolResult = computed(() => toolResultPayload.value.full)
+const formattedToolResult = computed(() => toolResultPayload.value.display)
+const renderedToolArgs = computed(() => formattedToolArgs.value ? renderToolPayload(formattedToolArgs.value, toolArgsPayload.value.language) : '')
+const renderedToolResult = computed(() => formattedToolResult.value ? renderToolPayload(formattedToolResult.value, toolResultPayload.value.language) : '')
+const canPlaySpeech = computed(() => {
+    if (props.message.role !== 'assistant') return false
+    if (!assistantBody.value.trim()) return false
+    if (voiceSettings.provider.value === 'openai' || voiceSettings.provider.value === 'custom' || voiceSettings.provider.value === 'edge' || voiceSettings.provider.value === 'mimo') return true
+    return speech.isSupported
+})
+const isPlayingThisMessage = computed(() => {
+    if (voiceSettings.provider.value === 'openai' || voiceSettings.provider.value === 'custom' || voiceSettings.provider.value === 'edge' || voiceSettings.provider.value === 'mimo') {
+        return speech.currentCustomMessageId.value === props.message.id && speech.isCustomPlaying.value
+    }
+    return speech.currentMessageId.value === props.message.id && speech.isPlaying.value
+})
+const isPausedThisMessage = computed(() => {
+    if (voiceSettings.provider.value === 'openai' || voiceSettings.provider.value === 'custom' || voiceSettings.provider.value === 'edge' || voiceSettings.provider.value === 'mimo') {
+        return speech.currentCustomMessageId.value === props.message.id && speech.isCustomPaused.value
+    }
+    return speech.currentMessageId.value === props.message.id && speech.isPaused.value
+})
+
+type ToolPayload = {
+    full: string
+    display: string
+    language?: string
+}
+
+function truncateLongString(value: string, marker: string): string {
+    return value.length > JSON_STRING_DISPLAY_LIMIT ? value.slice(0, JSON_STRING_DISPLAY_LIMIT) + '\n' + marker : value
+}
+
+function truncateJsonValue(value: unknown, marker: string): unknown {
+    let nodeCount = 0
+    const seen = new WeakSet<object>()
+
+    function stringifyLength(candidate: unknown): number {
+        return JSON.stringify(candidate, null, 2).length
+    }
+
+    function visit(current: unknown, depth: number): unknown {
+        nodeCount += 1
+        if (nodeCount > JSON_MAX_NODES) return marker
+        if (typeof current === 'string') return truncateLongString(current, marker)
+        if (current === null || typeof current !== 'object') return current
+        if (seen.has(current)) return `[Circular ${marker}]`
+        if (depth >= JSON_MAX_DEPTH) return Array.isArray(current) ? `[Array ${marker}]` : `[Object ${marker}]`
+
+        seen.add(current)
+
+        if (Array.isArray(current)) {
+            const result: unknown[] = []
+            const maxItems = Math.min(current.length, JSON_MAX_ITEMS_PER_ARRAY)
+            for (let i = 0; i < maxItems; i += 1) {
+                const remaining = current.length - i
+                result.push(visit(current[i], depth + 1))
+                if (stringifyLength(result) > TOOL_PAYLOAD_DISPLAY_LIMIT) {
+                    result.pop()
+                    result.push(`${marker}: ${remaining} more items`)
+                    seen.delete(current)
+                    return result
+                }
+            }
+            if (current.length > maxItems) result.push(`${marker}: ${current.length - maxItems} more items`)
+            seen.delete(current)
+            return result
+        }
+
+        const entries = Object.entries(current as Record<string, unknown>)
+        const result: Record<string, unknown> = {}
+        const maxKeys = Math.min(entries.length, JSON_MAX_KEYS_PER_OBJECT)
+        for (let i = 0; i < maxKeys; i += 1) {
+            const [key, val] = entries[i]
+            const remaining = entries.length - i
+            result[key] = visit(val, depth + 1)
+            if (stringifyLength(result) > TOOL_PAYLOAD_DISPLAY_LIMIT) {
+                delete result[key]
+                result[JSON_TRUNCATED_KEY] = `${marker}: ${remaining} more keys`
+                seen.delete(current)
+                return result
+            }
+        }
+        if (entries.length > maxKeys) result[JSON_TRUNCATED_KEY] = `${marker}: ${entries.length - maxKeys} more keys`
+        seen.delete(current)
+        return result
+    }
+
+    const truncated = visit(value, 0)
+    if (stringifyLength(truncated) <= TOOL_PAYLOAD_DISPLAY_LIMIT) return truncated
+    return { [JSON_TRUNCATED_KEY]: marker }
+}
+
+function formatToolPayload(raw?: string): ToolPayload {
+    if (!raw) return { full: '', display: '' }
+    try {
+        const parsed = JSON.parse(raw)
+        const full = JSON.stringify(parsed, null, 2)
+        const display = full.length > TOOL_PAYLOAD_DISPLAY_LIMIT
+            ? JSON.stringify(truncateJsonValue(parsed, t('chat.truncated')), null, 2)
+            : full
+        return { full, display, language: 'json' }
+    } catch {
+        return {
+            full: raw,
+            display: raw.length > TOOL_PAYLOAD_DISPLAY_LIMIT ? raw.slice(0, TOOL_PAYLOAD_DISPLAY_LIMIT) + '\n' + t('chat.truncated') : raw,
+        }
+    }
+}
+
+function renderToolPayload(content: string, language?: string): string {
+    return renderHighlightedCodeBlock(content, language, t('common.copy'), {
+        maxHighlightLength: TOOL_PAYLOAD_DISPLAY_LIMIT,
+    })
+}
+
+async function handleToolDetailClick(event: MouseEvent): Promise<void> {
+    const target = event.target
+    if (!(target instanceof HTMLElement)) return
+    const button = target.closest<HTMLElement>('[data-copy-code="true"]')
+    if (!button) return
+    event.preventDefault()
+
+    const source = button.closest<HTMLElement>('[data-copy-source]')?.dataset.copySource
+    if (source === 'tool-args' && fullToolArgs.value) {
+        const ok = await copyTextToClipboard(fullToolArgs.value)
+        if (ok) toast.success(t('common.copied'))
+        else toast.error(t('chat.copyFailed'))
+        return
+    }
+    if (source === 'tool-result' && fullToolResult.value) {
+        const ok = await copyTextToClipboard(fullToolResult.value)
+        if (ok) toast.success(t('common.copied'))
+        else toast.error(t('chat.copyFailed'))
+        return
+    }
+
+    const copyResult = await handleCodeBlockCopyClick(event)
+    if (copyResult) toast.success(t('common.copied'))
+    else if (copyResult === false) toast.error(t('chat.copyFailed'))
+}
+
+function playSpeech(content: string, autoplay = false) {
+    if (!content.trim()) return
+    if (voiceSettings.provider.value === 'openai') {
+        if (!voiceSettings.openaiBaseUrl.value) return
+        const play = autoplay ? speech.openaiPlay : speech.openaiToggle
+        play(props.message.id, content, {
+            baseUrl: voiceSettings.openaiBaseUrl.value,
+            apiKey: voiceSettings.openaiApiKey.value,
+            model: voiceSettings.openaiModel.value,
+            voice: voiceSettings.openaiVoice.value,
+        })
+        return
+    }
+    if (voiceSettings.provider.value === 'custom') {
+        if (!voiceSettings.customUrl.value) return
+        const play = autoplay ? speech.openaiPlay : speech.openaiToggle
+        play(props.message.id, content, {
+            baseUrl: voiceSettings.customUrl.value,
+            apiKey: voiceSettings.customApiKey.value || undefined,
+        })
+        return
+    }
+    if (voiceSettings.provider.value === 'edge') {
+        const play = autoplay ? speech.openaiPlay : speech.openaiToggle
+        play(props.message.id, content, {
+            baseUrl: '/api/tts/proxy',
+            voice: voiceSettings.edgeVoice.value,
+            rate: speedToEdgeRate(voiceSettings.edgeRate.value),
+            pitch: hzToEdgePitch(voiceSettings.edgePitchHz.value),
+        })
+        return
+    }
+    if (voiceSettings.provider.value === 'mimo') {
+        if (!voiceSettings.mimoApiKey.value) return
+        const play = autoplay ? speech.mimoPlay : speech.mimoToggle
+        play(props.message.id, content, {
+            baseUrl: voiceSettings.mimoBaseUrl.value,
+            apiKey: voiceSettings.mimoApiKey.value,
+            model: voiceSettings.mimoModel.value,
+            voice: voiceSettings.mimoVoice.value,
+            voiceDesignDesc: voiceSettings.mimoVoiceDesignDesc.value || undefined,
+            stylePrompt: voiceSettings.mimoStylePrompt.value || undefined,
+        })
+        return
+    }
+    if (voiceSettings.provider.value === 'webspeech') {
+        speech.toggleBrowser(props.message.id, content, {
+            voiceName: voiceSettings.webspeechVoice.value || undefined,
+        })
+        return
+    }
+    if (autoplay) speech.enqueue(props.message.id, content)
+    else speech.toggle(props.message.id, content)
+}
+
+function handleSpeechToggle() {
+    if (canPlaySpeech.value) playSpeech(assistantBody.value)
+}
+
+async function copyBubbleContent() {
+    const text = copyableContent.value
+    if (!text) return
+    const ok = await copyTextToClipboard(text)
+    if (ok) toast.success(t('chat.copiedBubble'))
+    else toast.error(t('chat.copyFailed'))
+}
+
+function isImage(type: string): boolean {
+    return type.startsWith('image/')
+}
+
+function normalizeLocalFilePath(path: string): string {
+    return /^[a-zA-Z]:\\/.test(path) ? path.replace(/\\/g, '/') : path
+}
+
+function formatSize(bytes: number): string {
+    if (bytes < 1024) return bytes + ' B'
+    if (bytes < 1024 * 1024) return (bytes / 1024).toFixed(1) + ' KB'
+    return (bytes / (1024 * 1024)).toFixed(1) + ' MB'
+}
+
+let autoPlayHandler: ((e: Event) => void) | null = null
+
+onMounted(() => {
+    autoPlayHandler = (e: Event) => {
+        const event = e as CustomEvent<{ messageId: string; content: string }>
+        if (event.detail?.messageId === props.message.id && canPlaySpeech.value) {
+            playSpeech(event.detail.content || assistantBody.value, true)
+        }
+    }
+    window.addEventListener('auto-play-speech', autoPlayHandler)
+})
+
+onBeforeUnmount(() => {
+    if (autoPlayHandler) window.removeEventListener('auto-play-speech', autoPlayHandler)
+    if (speech.currentMessageId.value === props.message.id) speech.stop()
+})
+</script>
+
+<template>
+    <div v-if="isToolMessage" class="group-message tool-message">
+        <div class="avatar">
+            <ProfileAvatar :name="avatarProfileName" :avatar="avatarProfile?.avatar" :size="36" />
+        </div>
+
+        <div class="msg-body">
+            <div class="msg-header">
+                <span class="sender-name">{{ message.senderName }}</span>
+                <span v-if="isAgent && agentInfo?.description" class="agent-desc">{{ agentInfo.description }}</span>
+            </div>
+            <div class="tool-line" :class="{ expandable: hasToolDetails }" @click="hasToolDetails && (toolExpanded = !toolExpanded)">
+                <svg
+                    v-if="hasToolDetails"
+                    width="10"
+                    height="10"
+                    viewBox="0 0 24 24"
+                    fill="none"
+                    stroke="currentColor"
+                    stroke-width="2"
+                    class="tool-chevron"
+                    :class="{ rotated: toolExpanded }"
+                >
+                    <polyline points="9 18 15 12 9 6" />
+                </svg>
+                <svg v-else width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" class="tool-icon">
+                    <path d="M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l3.77-3.77a6 6 0 0 1-7.94 7.94l-6.91 6.91a2.12 2.12 0 0 1-3-3l6.91-6.91a6 6 0 0 1 7.94-7.94l-3.76 3.76z" />
+                </svg>
+                <span class="tool-name">{{ message.toolName || message.tool_name || 'tool' }}</span>
+                <span v-if="message.toolPreview && !toolExpanded" class="tool-preview">{{ message.toolPreview }}</span>
+                <span v-if="message.toolStatus === 'running'" class="tool-spinner"></span>
+                <span v-if="message.toolStatus === 'error'" class="tool-error-badge">{{ t('chat.error') }}</span>
+            </div>
+            <div v-if="toolExpanded && hasToolDetails" class="tool-details" @click="handleToolDetailClick">
+                <div v-if="formattedToolArgs" class="tool-detail-section" data-copy-source="tool-args">
+                    <div class="tool-detail-label">{{ t('chat.arguments') }}</div>
+                    <div class="tool-detail-code-block" v-html="renderedToolArgs"></div>
+                </div>
+                <div v-if="formattedToolResult" class="tool-detail-section" data-copy-source="tool-result">
+                    <div class="tool-detail-label">{{ t('chat.result') }}</div>
+                    <div class="tool-detail-code-block" v-html="renderedToolResult"></div>
+                </div>
+            </div>
+            <span class="msg-time">{{ timeStr }}</span>
+        </div>
+    </div>
+    <div v-else class="group-message" :class="{ agent: isAgent, self: isSelf }">
+        <!-- Avatar -->
+        <div class="avatar">
+            <ProfileAvatar :name="avatarProfileName" :avatar="avatarProfile?.avatar" :size="36" />
+        </div>
+
+        <div class="msg-body">
+            <div class="msg-header">
+                <span class="sender-name">{{ message.senderName }}</span>
+                <span v-if="isAgent && agentInfo?.description" class="agent-desc">{{ agentInfo.description }}</span>
+            </div>
+            <div
+                class="msg-content"
+                :class="{
+                    'agent-content': isAgent,
+                    'agent-error': isAgentError,
+                    'speech-playing': isPlayingThisMessage && !isPausedThisMessage,
+                }"
+            >
+                <div v-if="hasAttachments" class="msg-attachments">
+                    <div
+                        v-for="att in renderedAttachments"
+                        :key="att.id"
+                        class="msg-attachment"
+                        :class="{ image: isImage(att.type) }"
+                    >
+                        <img v-if="isImage(att.type)" :src="att.url" :alt="att.name" class="msg-attachment-thumb" @click="previewUrl = att.url" />
+                        <a v-else class="msg-attachment-file" :href="att.url" :title="t('download.downloadFile')">
+                            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+                                <path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z" />
+                                <polyline points="14 2 14 8 20 8" />
+                            </svg>
+                            <span class="att-name">{{ att.name }}</span>
+                            <span class="att-size">{{ formatSize(att.size) }}</span>
+                        </a>
+                    </div>
+                </div>
+                <div v-if="hasThinking" class="thinking-block" :class="{ expanded: thinkingExpanded }">
+                    <div class="thinking-header" @click="thinkingOverride = !thinkingExpanded">
+                        <svg
+                            width="10"
+                            height="10"
+                            viewBox="0 0 24 24"
+                            fill="none"
+                            stroke="currentColor"
+                            stroke-width="2"
+                            class="thinking-chevron"
+                            :class="{ rotated: thinkingExpanded }"
+                        >
+                            <polyline points="9 18 15 12 9 6" />
+                        </svg>
+                        <span class="thinking-icon">💭</span>
+                        <span class="thinking-label">
+                            {{ thinkingStreamingNow ? t('chat.thinkingInProgress') : t('chat.thinkingLabel') }}
+                        </span>
+                        <span class="thinking-meta">· {{ t('chat.thinkingChars', { count: thinkingCharCount }) }}</span>
+                    </div>
+                    <div v-if="thinkingExpanded" class="thinking-body">
+                        <MarkdownRenderer :content="thinkingFullText" />
+                    </div>
+                </div>
+                <MarkdownRenderer v-if="displayBody" :content="displayBody" :mention-names="mentionNames" />
+                <span v-if="message.isStreaming && !displayBody" class="streaming-dots">
+                    <span></span><span></span><span></span>
+                </span>
+            </div>
+            <div class="message-meta">
+                <button
+                    v-if="canPlaySpeech"
+                    class="speech-bubble-btn"
+                    :class="{ playing: isPlayingThisMessage, paused: isPausedThisMessage }"
+                    :title="isPlayingThisMessage ? (isPausedThisMessage ? t('chat.resumeSpeech') : t('chat.pauseSpeech')) : t('chat.playSpeech')"
+                    @click="handleSpeechToggle"
+                >
+                    <svg v-if="!isPlayingThisMessage || isPausedThisMessage" width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polygon points="5 3 19 12 5 21 5 3"/></svg>
+                    <svg v-else width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="6" y="4" width="4" height="16"/><rect x="14" y="4" width="4" height="16"/></svg>
+                </button>
+                <button
+                    v-if="copyableContent"
+                    class="copy-bubble-btn"
+                    :title="t('chat.copyBubble')"
+                    @click="copyBubbleContent"
+                >
+                    <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                        <rect x="9" y="9" width="13" height="13" rx="2" ry="2"/>
+                        <path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"/>
+                    </svg>
+                </button>
+                <span class="message-time">{{ timeStr }}</span>
+            </div>
+        </div>
+    </div>
+    <div v-if="previewUrl" class="image-preview-overlay" @click.self="previewUrl = null">
+        <img :src="previewUrl" class="image-preview-img" @click="previewUrl = null" />
+    </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.group-message {
+    display: flex;
+    gap: 10px;
+    padding: 2px 0;
+    min-width: 0;
+    max-width: 100%;
+
+    &.self {
+        flex-direction: row-reverse;
+
+        .msg-body {
+            align-items: flex-end;
+        }
+
+        .msg-header {
+            flex-direction: row-reverse;
+        }
+    }
+
+    &.agent .msg-content.agent-content {
+        background-color: rgba(var(--accent-primary-rgb), 0.06);
+    }
+
+    &.agent .msg-content.agent-error {
+        color: $error;
+        background-color: rgba(var(--error-rgb), 0.06);
+        border: 1px solid rgba(var(--error-rgb), 0.2);
+
+        :deep(.markdown-body),
+        :deep(.markdown-body p),
+        :deep(.markdown-body li),
+        :deep(.markdown-body strong),
+        :deep(.markdown-body code) {
+            color: $error;
+        }
+    }
+
+    &.self .msg-content {
+        background-color: rgba(var(--accent-primary-rgb), 0.1);
+    }
+}
+
+.tool-message {
+    align-items: flex-start;
+}
+
+.tool-line {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    padding: 2px 4px;
+    border-radius: $radius-sm;
+    color: $text-muted;
+    font-size: 11px;
+    min-width: 0;
+    max-width: 100%;
+    box-sizing: border-box;
+
+    &.expandable {
+        cursor: pointer;
+
+        &:hover {
+            background: rgba(0, 0, 0, 0.03);
+        }
+    }
+}
+
+.tool-chevron {
+    flex-shrink: 0;
+    transition: transform 0.15s ease;
+
+    &.rotated {
+        transform: rotate(90deg);
+    }
+}
+
+.tool-icon,
+.tool-chevron {
+    flex: 0 0 auto;
+    opacity: 0.75;
+}
+
+.tool-name {
+    flex: 0 1 auto;
+    min-width: 0;
+    font-family: $font-code;
+    color: $text-muted;
+    font-weight: 400;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.tool-preview {
+    display: block;
+    flex: 1 1 auto;
+    min-width: 0;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    max-width: min(400px, 100%);
+}
+
+.tool-spinner {
+    width: 10px;
+    height: 10px;
+    border: 1.5px solid $text-muted;
+    border-top-color: transparent;
+    border-radius: 50%;
+    animation: spin 0.6s linear infinite;
+    flex-shrink: 0;
+}
+
+.tool-error-badge {
+    font-size: 9px;
+    color: $error;
+    background: rgba(var(--error-rgb), 0.08);
+    padding: 0 4px;
+    border-radius: 3px;
+    line-height: 14px;
+    margin-left: 4px;
+}
+
+.tool-details {
+    margin-left: 16px;
+    margin-top: 2px;
+    border-left: 2px solid $border-light;
+    padding-left: 10px;
+}
+
+.tool-detail-section {
+    margin-bottom: 6px;
+}
+
+.tool-detail-label {
+    margin-bottom: 2px;
+    color: $text-muted;
+    font-size: 10px;
+    font-weight: 600;
+    letter-spacing: 0.3px;
+    text-transform: uppercase;
+}
+
+.tool-detail-code-block {
+    :deep(.hljs-code-block) {
+        margin: 0;
+    }
+
+    :deep(.code-header) {
+        background: rgba(0, 0, 0, 0.02);
+    }
+
+    :deep(code.hljs) {
+        font-size: 11px;
+        max-height: 300px;
+        overflow-y: auto;
+        white-space: pre-wrap;
+        word-break: break-word;
+    }
+}
+
+@keyframes spin {
+    to {
+        transform: rotate(360deg);
+    }
+}
+
+.avatar {
+    width: 36px;
+    height: 36px;
+    flex-shrink: 0;
+    margin-top: 2px;
+    overflow: hidden;
+    border-radius: 8px;
+}
+
+.msg-body {
+    display: flex;
+    flex-direction: column;
+    min-width: 0;
+    max-width: 85%;
+}
+
+.msg-header {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+    padding-bottom: 2px;
+
+    .sender-name {
+        font-size: 13px;
+        font-weight: 600;
+        color: $text-primary;
+    }
+
+    .agent-desc {
+        font-size: 11px;
+        color: $text-muted;
+        font-style: italic;
+    }
+}
+
+.msg-time,
+.message-time {
+    font-size: 12px;
+    color: var(--text-muted);
+    opacity: 0.6;
+    user-select: none;
+}
+
+.message-meta {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    margin-top: 4px;
+    padding: 0 4px;
+    opacity: 0;
+    transition: opacity 0.15s ease;
+
+    .group-message:hover & {
+        opacity: 1;
+    }
+
+    @media (max-width: 768px) {
+        opacity: 1;
+    }
+}
+
+.copy-bubble-btn,
+.speech-bubble-btn {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 24px;
+    height: 24px;
+    border: none;
+    background: transparent;
+    color: $text-muted;
+    cursor: pointer;
+    border-radius: $radius-sm;
+    padding: 0;
+    transition: color 0.15s ease, background 0.15s ease;
+
+    &:hover {
+        color: $text-secondary;
+        background: rgba(0, 0, 0, 0.06);
+    }
+
+    .dark & {
+        color: #999999;
+
+        &:hover {
+            color: #cccccc;
+            background: rgba(255, 255, 255, 0.1);
+        }
+    }
+}
+
+.speech-bubble-btn {
+    &.playing {
+        color: var(--accent-primary);
+        animation: pulse 1.5s ease-in-out infinite;
+
+        &.paused {
+            animation: none;
+            opacity: 0.6;
+        }
+    }
+}
+
+@keyframes rainbow-glow {
+    0% {
+        box-shadow:
+            0 0 0 2px #ff6b6b,
+            0 0 10px rgba(255, 107, 107, 0.4),
+            0 0 20px rgba(255, 107, 107, 0.2);
+    }
+    16.66% {
+        box-shadow:
+            0 0 0 2px #feca57,
+            0 0 10px rgba(254, 202, 87, 0.4),
+            0 0 20px rgba(254, 202, 87, 0.2);
+    }
+    33.33% {
+        box-shadow:
+            0 0 0 2px #48dbfb,
+            0 0 10px rgba(72, 219, 251, 0.4),
+            0 0 20px rgba(72, 219, 251, 0.2);
+    }
+    50% {
+        box-shadow:
+            0 0 0 2px #ff9ff3,
+            0 0 10px rgba(255, 159, 243, 0.4),
+            0 0 20px rgba(255, 159, 243, 0.2);
+    }
+    66.66% {
+        box-shadow:
+            0 0 0 2px #54a0ff,
+            0 0 10px rgba(84, 160, 255, 0.4),
+            0 0 20px rgba(84, 160, 255, 0.2);
+    }
+    83.33% {
+        box-shadow:
+            0 0 0 2px #5f27cd,
+            0 0 10px rgba(95, 39, 205, 0.4),
+            0 0 20px rgba(95, 39, 205, 0.2);
+    }
+    100% {
+        box-shadow:
+            0 0 0 2px #ff6b6b,
+            0 0 10px rgba(255, 107, 107, 0.4),
+            0 0 20px rgba(255, 107, 107, 0.2);
+    }
+}
+
+.msg-content {
+    padding: 10px 14px;
+    font-size: 14px;
+    line-height: 1.65;
+    color: $text-primary;
+    border-radius: 10px;
+    background-color: $msg-user-bg;
+    word-break: break-word;
+    overflow-wrap: break-word;
+
+    &.speech-playing {
+        box-shadow:
+            0 0 0 2px #ff6b6b,
+            0 0 10px rgba(255, 107, 107, 0.4),
+            0 0 20px rgba(255, 107, 107, 0.2);
+        animation: rainbow-glow 4s linear infinite;
+    }
+
+    &.agent-error {
+        color: $error;
+        background-color: rgba(var(--error-rgb), 0.06);
+        border: 1px solid rgba(var(--error-rgb), 0.2);
+
+        :deep(.markdown-body),
+        :deep(.markdown-body p),
+        :deep(.markdown-body li),
+        :deep(.markdown-body strong),
+        :deep(.markdown-body code) {
+            color: $error;
+        }
+    }
+
+    :deep(.mention-highlight) {
+        color: #409eff;
+        font-weight: 600;
+        cursor: default;
+    }
+}
+
+.msg-attachments {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 8px;
+    margin-bottom: 8px;
+}
+
+.msg-attachment {
+    border-radius: $radius-sm;
+    overflow: hidden;
+    background-color: $bg-secondary;
+    border: 1px solid $border-color;
+
+    &.image {
+        width: 96px;
+        height: 96px;
+    }
+}
+
+.msg-attachment-thumb {
+    width: 100%;
+    height: 100%;
+    object-fit: cover;
+    display: block;
+    cursor: zoom-in;
+}
+
+.msg-attachment-file {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    min-width: 140px;
+    max-width: 220px;
+    padding: 8px 10px;
+    color: $text-secondary;
+    text-decoration: none;
+
+    .att-name {
+        flex: 1;
+        min-width: 0;
+        overflow: hidden;
+        text-overflow: ellipsis;
+        white-space: nowrap;
+        font-size: 12px;
+    }
+
+    .att-size {
+        font-size: 11px;
+        color: $text-muted;
+    }
+}
+
+.image-preview-overlay {
+    position: fixed;
+    inset: 0;
+    z-index: 9999;
+    background: rgba(0, 0, 0, 0.82);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    padding: 24px;
+}
+
+.image-preview-img {
+    max-width: min(96vw, 1400px);
+    max-height: 92vh;
+    object-fit: contain;
+    border-radius: 6px;
+    cursor: zoom-out;
+    box-shadow: 0 12px 40px rgba(0, 0, 0, 0.45);
+}
+
+.thinking-block {
+    margin-bottom: 8px;
+    padding: 4px 0;
+    border-bottom: 1px dashed $border-light;
+
+    .thinking-header {
+        display: flex;
+        align-items: center;
+        gap: 6px;
+        font-size: 11px;
+        color: $text-muted;
+        cursor: pointer;
+        padding: 2px 4px;
+        border-radius: $radius-sm;
+        user-select: none;
+
+        &:hover {
+            background: rgba(0, 0, 0, 0.03);
+        }
+    }
+
+    .thinking-chevron {
+        flex-shrink: 0;
+        transition: transform 0.15s ease;
+
+        &.rotated {
+            transform: rotate(90deg);
+        }
+    }
+
+    .thinking-icon {
+        font-size: 11px;
+        flex-shrink: 0;
+    }
+
+    .thinking-label {
+        font-weight: 500;
+        flex-shrink: 0;
+    }
+
+    .thinking-meta {
+        color: $text-muted;
+        font-variant-numeric: tabular-nums;
+    }
+
+    .thinking-body {
+        margin-top: 6px;
+        padding: 6px 10px;
+        border-left: 2px solid $border-light;
+        font-size: 13px;
+        opacity: 0.85;
+        font-style: italic;
+
+        :deep(p) {
+            margin: 0.3em 0;
+        }
+    }
+}
+
+.streaming-dots {
+    display: flex;
+    gap: 4px;
+    padding: 4px 0;
+
+    span {
+        width: 6px;
+        height: 6px;
+        background-color: $text-muted;
+        border-radius: 50%;
+        animation: pulse 1.4s infinite ease-in-out;
+
+        &:nth-child(2) { animation-delay: 0.2s; }
+        &:nth-child(3) { animation-delay: 0.4s; }
+    }
+}
+
+@keyframes pulse {
+    0%,
+    80%,
+    100% {
+        opacity: 0.3;
+        transform: scale(0.8);
+    }
+    40% {
+        opacity: 1;
+        transform: scale(1);
+    }
+}
+</style>
diff --git a/packages/client/src/components/hermes/group-chat/GroupMessageList.vue b/packages/client/src/components/hermes/group-chat/GroupMessageList.vue
new file mode 100644
index 0000000..d02cca9
--- /dev/null
+++ b/packages/client/src/components/hermes/group-chat/GroupMessageList.vue
@@ -0,0 +1,152 @@
+<script setup lang="ts">
+import { computed, onMounted, ref, watch, nextTick } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useGroupChatStore } from '@/stores/hermes/group-chat'
+import { useToolTraceVisibility } from '@/composables/useToolTraceVisibility'
+import GroupMessageItem from './GroupMessageItem.vue'
+import VirtualMessageList from '../chat/VirtualMessageList.vue'
+
+const store = useGroupChatStore()
+const { t } = useI18n()
+const { toolTraceVisible } = useToolTraceVisibility()
+const listRef = ref<InstanceType<typeof VirtualMessageList> | null>(null)
+const displayMessages = computed(() => store.sortedMessages.filter(msg => msg.role !== 'tool' || toolTraceVisible.value || msg.toolStatus === 'running'))
+let pendingInitialBottomRoomId: string | null = store.currentRoomId
+
+type BottomScrollOptions = number | {
+    frames?: number
+    keepAliveMs?: number
+}
+
+function scrollToBottom(options?: BottomScrollOptions): void {
+    const list = listRef.value as (InstanceType<typeof VirtualMessageList> & {
+        scrollToBottom: (options?: BottomScrollOptions) => void
+    }) | null
+    list?.scrollToBottom(options)
+}
+
+async function handleTopReach(): Promise<void> {
+    if (!store.hasMoreBefore || store.isLoadingOlderMessages) return
+    const snapshot = listRef.value?.captureScrollPosition() ?? null
+    const loaded = await store.loadOlderMessages()
+    if (!loaded) return
+    await nextTick()
+    listRef.value?.restoreScrollPosition(snapshot)
+}
+
+watch(() => store.currentRoomId, (roomId) => {
+    pendingInitialBottomRoomId = roomId
+})
+
+watch(() => displayMessages.value.map(msg => [
+    msg.id,
+    msg.content?.length ?? 0,
+    msg.reasoning?.length ?? 0,
+    msg.reasoning_content?.length ?? 0,
+    msg.toolStatus ?? '',
+].join(':')).join('|'), async () => {
+    const shouldForceInitialBottom = !!store.currentRoomId &&
+        pendingInitialBottomRoomId === store.currentRoomId &&
+        displayMessages.value.length > 0
+    const shouldScroll = shouldForceInitialBottom || (listRef.value?.isNearBottom(200) ?? true)
+    await nextTick()
+    if (shouldScroll) {
+        scrollToBottom(shouldForceInitialBottom ? { frames: 5, keepAliveMs: 700 } : { frames: 1, keepAliveMs: 120 })
+        if (shouldForceInitialBottom) pendingInitialBottomRoomId = null
+    }
+})
+
+onMounted(async () => {
+    if (!store.currentRoomId || displayMessages.value.length === 0) return
+    pendingInitialBottomRoomId = null
+    await nextTick()
+    scrollToBottom({ frames: 5, keepAliveMs: 700 })
+})
+
+defineExpose({ scrollToBottom })
+</script>
+
+<template>
+    <VirtualMessageList
+        ref="listRef"
+        :messages="displayMessages"
+        :estimated-item-height="170"
+        :row-gap="12"
+        padding="16px 20px"
+        @top-reach="handleTopReach"
+    >
+        <template #empty>
+            <div class="empty-state">
+            <img src="/logo.svg" alt="灵犀" class="empty-logo" />
+            <p>{{ t("chat.emptyState") }}</p>
+        </div>
+        </template>
+        <template #before>
+            <div
+                v-if="store.hasMoreBefore || store.isLoadingOlderMessages"
+                class="history-loader"
+            >
+                <span v-if="store.isLoadingOlderMessages" class="history-loader-spinner"></span>
+            </div>
+        </template>
+        <template #item="{ message: msg }">
+            <GroupMessageItem
+                :message="msg"
+                :agents="store.agents"
+                :current-user-id="store.userId"
+            />
+        </template>
+    </VirtualMessageList>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.empty-state {
+    flex: 1;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    gap: 12px;
+    color: $text-muted;
+
+    .empty-logo {
+        width: 48px;
+        height: 48px;
+        opacity: 0.25;
+    }
+
+    p {
+        font-size: 14px;
+    }
+}
+
+.history-loader {
+    height: 28px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    flex: 0 0 auto;
+}
+
+.history-loader-spinner {
+    width: 14px;
+    height: 14px;
+    border: 2px solid rgba(0, 0, 0, 0.16);
+    border-top-color: $accent-primary;
+    border-radius: 50%;
+    animation: spin 0.7s linear infinite;
+
+    .dark & {
+        border-color: rgba(255, 255, 255, 0.18);
+        border-top-color: $accent-primary;
+    }
+}
+
+@keyframes spin {
+    to {
+        transform: rotate(360deg);
+    }
+}
+</style>
diff --git a/packages/client/src/components/hermes/group-chat/mention-options.ts b/packages/client/src/components/hermes/group-chat/mention-options.ts
new file mode 100644
index 0000000..46ce4eb
--- /dev/null
+++ b/packages/client/src/components/hermes/group-chat/mention-options.ts
@@ -0,0 +1,46 @@
+export type MentionOption = {
+    key: string
+    type: 'all' | 'agent'
+    name: string
+    label: string
+    description: string
+}
+
+type MentionAgent = {
+    name: string
+    profile?: string
+}
+
+function isReservedMentionName(name: string): boolean {
+    return name.trim().toLowerCase() === 'all'
+}
+
+export function buildMentionOptions(agents: MentionAgent[], query: string): MentionOption[] {
+    const normalizedQuery = query.trim().toLowerCase()
+    const options: MentionOption[] = []
+
+    if (!normalizedQuery || 'all'.includes(normalizedQuery)) {
+        options.push({
+            key: 'special:all',
+            type: 'all',
+            name: 'all',
+            label: '@all',
+            description: 'All agents',
+        })
+    }
+
+    for (const agent of agents) {
+        const agentName = agent.name || ''
+        if (isReservedMentionName(agentName)) continue
+        if (!agentName.toLowerCase().includes(normalizedQuery)) continue
+        options.push({
+            key: `agent:${agentName}`,
+            type: 'agent',
+            name: agentName,
+            label: `@${agentName}`,
+            description: agent.profile || '',
+        })
+    }
+
+    return options
+}
diff --git a/packages/client/src/components/hermes/jobs/JobCard.vue b/packages/client/src/components/hermes/jobs/JobCard.vue
new file mode 100644
index 0000000..adefc10
--- /dev/null
+++ b/packages/client/src/components/hermes/jobs/JobCard.vue
@@ -0,0 +1,264 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import { NButton, NTooltip, useMessage } from 'naive-ui'
+import type { Job } from '@/api/hermes/jobs'
+import { scheduleToDisplayText } from '@/api/hermes/jobs'
+import { useJobsStore } from '@/stores/hermes/jobs'
+import { useI18n } from 'vue-i18n'
+
+const props = defineProps<{
+  job: Job
+  selected?: boolean
+}>()
+
+const emit = defineEmits<{
+  edit: [jobId: string]
+  select: [jobId: string]
+}>()
+
+const { t } = useI18n()
+const jobsStore = useJobsStore()
+const message = useMessage()
+
+const jobId = computed(() => props.job.job_id || props.job.id)
+
+const statusLabel = computed(() => {
+  if (props.job.state === 'running') return t('jobs.status.running')
+  if (props.job.state === 'paused') return t('jobs.status.paused')
+  if (!props.job.enabled) return t('jobs.status.disabled')
+  return t('jobs.status.scheduled')
+})
+
+const statusType = computed(() => {
+  if (props.job.state === 'running') return 'info' as const
+  if (props.job.state === 'paused') return 'warning' as const
+  if (!props.job.enabled) return 'error' as const
+  return 'success' as const
+})
+
+const scheduleExpr = computed(() => scheduleToDisplayText(props.job.schedule, props.job.schedule_display || '—'))
+
+const formatTime = (t?: string | null) => {
+  if (!t) return '—'
+  return new Date(t).toLocaleString()
+}
+
+async function handlePause() {
+  try {
+    await jobsStore.pauseJob(jobId.value)
+    message.success(t('jobs.jobPaused'))
+  } catch (e: any) {
+    message.error(e.message)
+  }
+}
+
+async function handleResume() {
+  try {
+    await jobsStore.resumeJob(jobId.value)
+    message.success(t('jobs.jobResumed'))
+  } catch (e: any) {
+    message.error(e.message)
+  }
+}
+
+async function handleRun() {
+  try {
+    await jobsStore.runJob(jobId.value)
+    message.info(t('jobs.jobTriggered'))
+  } catch (e: any) {
+    message.error(e.message)
+  }
+}
+
+async function handleDelete() {
+  try {
+    await jobsStore.deleteJob(jobId.value)
+    message.success(t('jobs.jobDeleted'))
+  } catch (e: any) {
+    message.error(e.message)
+  }
+}
+
+function handleCardClick(e: MouseEvent) {
+  const target = e.target as HTMLElement
+  if (target.closest('.card-actions')) return
+  emit('select', jobId.value)
+}
+</script>
+
+<template>
+  <div class="job-card" :class="{ selected }" @click="handleCardClick">
+    <div class="card-header">
+      <h3 class="job-name">{{ job.name }}</h3>
+      <span class="status-badge" :class="statusType">{{ statusLabel }}</span>
+    </div>
+
+    <div class="card-body">
+      <div class="info-row">
+        <span class="info-label">{{ t('jobs.info.schedule') }}</span>
+        <code class="info-value mono">{{ scheduleExpr }}</code>
+      </div>
+      <div class="info-row">
+        <span class="info-label">{{ t('jobs.info.model') }}</span>
+        <span class="info-value mono">{{ job.model || '—' }}</span>
+      </div>
+      <div class="info-row">
+        <span class="info-label">{{ t('jobs.info.lastRun') }}</span>
+        <span class="info-value">
+          {{ formatTime(job.last_run_at) }}
+          <span v-if="job.last_status" class="run-status" :class="{ ok: job.last_status === 'ok', err: job.last_status !== 'ok' }">
+            {{ job.last_status === 'ok' ? t('common.ok') : job.last_status }}
+          </span>
+        </span>
+      </div>
+      <div class="info-row">
+        <span class="info-label">{{ t('jobs.info.nextRun') }}</span>
+        <span class="info-value">{{ formatTime(job.next_run_at) }}</span>
+      </div>
+      <div class="info-row">
+        <span class="info-label">{{ t('jobs.info.deliver') }}</span>
+        <span class="info-value">{{ job.deliver }}<template v-if="job.origin"> ({{ job.origin.platform }})</template></span>
+      </div>
+      <div v-if="job.repeat" class="info-row">
+        <span class="info-label">{{ t('jobs.info.repeat') }}</span>
+        <span class="info-value">
+          <template v-if="typeof job.repeat === 'string'">{{ job.repeat }}</template>
+          <template v-else>{{ job.repeat.completed }} / {{ job.repeat.times ?? '∞' }}</template>
+        </span>
+      </div>
+    </div>
+
+    <div class="card-actions">
+      <NTooltip v-if="job.state !== 'paused' && job.enabled">
+        <template #trigger>
+          <NButton size="tiny" quaternary @click.stop="handlePause">{{ t('jobs.action.pause') }}</NButton>
+        </template>
+        {{ t('jobs.action.pauseJob') }}
+      </NTooltip>
+      <NTooltip v-else-if="job.state === 'paused'">
+        <template #trigger>
+          <NButton size="tiny" quaternary @click.stop="handleResume">{{ t('jobs.action.resume') }}</NButton>
+        </template>
+        {{ t('jobs.action.resumeJob') }}
+      </NTooltip>
+      <NTooltip>
+        <template #trigger>
+          <NButton size="tiny" quaternary @click.stop="handleRun">{{ t('jobs.action.runNow') }}</NButton>
+        </template>
+        {{ t('jobs.action.triggerImmediately') }}
+      </NTooltip>
+      <NButton size="tiny" quaternary @click.stop="emit('edit', jobId)">{{ t('common.edit') }}</NButton>
+      <NButton size="tiny" quaternary type="error" @click.stop="handleDelete">{{ t('common.delete') }}</NButton>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.job-card {
+  background-color: $bg-card;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  padding: 16px;
+  transition: border-color $transition-fast;
+  cursor: pointer;
+
+  &:hover {
+    border-color: rgba(var(--accent-primary-rgb), 0.3);
+  }
+
+  &.selected {
+    border-color: rgba(var(--accent-primary-rgb), 0.6);
+    background-color: rgba(var(--accent-primary-rgb), 0.04);
+  }
+}
+
+.card-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  margin-bottom: 12px;
+}
+
+.job-name {
+  font-size: 15px;
+  font-weight: 600;
+  color: $text-primary;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  max-width: 70%;
+}
+
+.status-badge {
+  font-size: 11px;
+  padding: 2px 8px;
+  border-radius: 10px;
+  font-weight: 500;
+
+  &.success {
+    background: rgba(var(--success-rgb), 0.12);
+    color: $success;
+  }
+
+  &.info {
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    color: $accent-primary;
+  }
+
+  &.warning {
+    background: rgba(var(--warning-rgb), 0.12);
+    color: $warning;
+  }
+
+  &.error {
+    background: rgba(var(--error-rgb), 0.12);
+    color: $error;
+  }
+}
+
+.card-body {
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+  margin-bottom: 14px;
+}
+
+.info-row {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+}
+
+.info-label {
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.info-value {
+  font-size: 12px;
+  color: $text-secondary;
+}
+
+.run-status {
+  margin-left: 6px;
+  font-size: 11px;
+  font-weight: 500;
+
+  &.ok { color: $success; }
+  &.err { color: $error; }
+}
+
+.mono {
+  font-family: $font-code;
+  font-size: 12px;
+}
+
+.card-actions {
+  display: flex;
+  gap: 4px;
+  border-top: 1px solid $border-light;
+  padding-top: 10px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/jobs/JobFormModal.vue b/packages/client/src/components/hermes/jobs/JobFormModal.vue
new file mode 100644
index 0000000..2717c0c
--- /dev/null
+++ b/packages/client/src/components/hermes/jobs/JobFormModal.vue
@@ -0,0 +1,268 @@
+<script setup lang="ts">
+import { ref, onMounted, computed } from 'vue'
+import { NModal, NForm, NFormItem, NInput, NButton, NSelect, NInputNumber, useMessage } from 'naive-ui'
+import { useJobsStore } from '@/stores/hermes/jobs'
+import { useSettingsStore } from '@/stores/hermes/settings'
+import {
+  buildJobUpdateRequest,
+  getJob,
+  jobRepeatToEditValue,
+  scheduleToEditableInput,
+} from '@/api/hermes/jobs'
+import type { CreateJobRequest, Job } from '@/api/hermes/jobs'
+import { useI18n } from 'vue-i18n'
+
+const { t } = useI18n()
+
+const props = defineProps<{
+  jobId: string | null
+}>()
+
+const emit = defineEmits<{
+  close: []
+  saved: []
+}>()
+
+const jobsStore = useJobsStore()
+const settingsStore = useSettingsStore()
+const message = useMessage()
+
+const showModal = ref(true)
+const loading = ref(false)
+
+const formData = ref({
+  name: '',
+  schedule: '',
+  prompt: '',
+  deliver: 'origin',
+  repeat_times: null as number | null,
+})
+
+const presetValue = ref<string | null>(null)
+
+const isEdit = computed(() => !!props.jobId)
+
+const schedulePresets = computed(() => [
+  { label: t('jobs.presetEveryMinute'), value: '* * * * *' },
+  { label: t('jobs.presetEvery5Min'), value: '*/5 * * * *' },
+  { label: t('jobs.presetEveryHour'), value: '0 * * * *' },
+  { label: t('jobs.presetEveryDay'), value: '0 0 * * *' },
+  { label: t('jobs.presetEveryDay9'), value: '0 9 * * *' },
+  { label: t('jobs.presetEveryMonday'), value: '0 9 * * 1' },
+  { label: t('jobs.presetEveryMonth'), value: '0 9 1 * *' },
+])
+
+function hasText(value: unknown): boolean {
+  return typeof value === 'string' && value.trim().length > 0
+}
+
+function isDeliverTargetConfigured(key: string): boolean {
+  const config = settingsStore.platforms[key] || {}
+  switch (key) {
+    case 'telegram':
+    case 'discord':
+    case 'slack':
+      return hasText(config.token)
+    case 'whatsapp':
+      return config.enabled === true || config.enabled === 'true'
+    case 'matrix':
+      return hasText(config.token) && hasText(config.extra?.homeserver)
+    case 'weixin':
+      return hasText(config.token) && hasText(config.extra?.account_id)
+    case 'wecom':
+      return hasText(config.extra?.bot_id) && hasText(config.extra?.secret)
+    case 'feishu':
+      return hasText(config.extra?.app_id) && hasText(config.extra?.app_secret)
+    case 'dingtalk':
+      return (hasText(config.extra?.client_id) && hasText(config.extra?.client_secret))
+        || (hasText(config.extra?.app_key) && hasText(config.extra?.client_secret))
+    case 'qqbot':
+      return hasText(config.extra?.app_id) && hasText(config.extra?.client_secret)
+    default:
+      return false
+  }
+}
+
+const targetOptions = computed(() => {
+  const options: Array<{ label: string; value: string; disabled?: boolean }> = [
+    { label: t('jobs.origin'), value: 'origin' },
+    { label: t('jobs.local'), value: 'local' },
+  ]
+  const channels = [
+    { key: 'telegram', label: 'Telegram' },
+    { key: 'discord', label: 'Discord' },
+    { key: 'slack', label: 'Slack' },
+    { key: 'whatsapp', label: 'WhatsApp' },
+    { key: 'matrix', label: 'Matrix' },
+    { key: 'weixin', label: 'WeChat' },
+    { key: 'wecom', label: 'WeCom' },
+    { key: 'feishu', label: 'Feishu' },
+    { key: 'dingtalk', label: 'DingTalk' },
+    { key: 'qqbot', label: 'QQBot' },
+  ]
+  for (const ch of channels) {
+    options.push({
+      label: ch.label,
+      value: ch.key,
+      disabled: !isDeliverTargetConfigured(ch.key),
+    })
+  }
+  return options
+})
+
+const originalJob = ref<Job | null>(null)
+
+onMounted(async () => {
+  if (Object.keys(settingsStore.platforms || {}).length === 0) {
+    await settingsStore.fetchSettings()
+  }
+
+  if (props.jobId) {
+    try {
+      const job = await getJob(props.jobId)
+      originalJob.value = job
+      formData.value = {
+        name: job.name,
+        schedule: scheduleToEditableInput(job.schedule, job.schedule_display || ''),
+        prompt: job.prompt,
+        deliver: job.deliver || 'origin',
+        repeat_times: jobRepeatToEditValue(job.repeat),
+      }
+    } catch (e: any) {
+      message.error(t('jobs.loadFailed') + ': ' + e.message)
+    }
+  }
+})
+
+async function handleSave() {
+  if (!formData.value.name.trim()) {
+    message.warning(t('jobs.nameRequired'))
+    return
+  }
+  if (!formData.value.schedule.trim()) {
+    message.warning(t('jobs.scheduleRequired'))
+    return
+  }
+
+  loading.value = true
+  try {
+    if (isEdit.value) {
+      if (!originalJob.value) {
+        message.error(t('jobs.loadFailed'))
+        return
+      }
+      const payload = buildJobUpdateRequest(originalJob.value, formData.value)
+      if (Object.keys(payload).length === 0) {
+        message.success(t('jobs.jobUpdated'))
+        emit('saved')
+        return
+      }
+      await jobsStore.updateJob(props.jobId!, payload)
+      message.success(t('jobs.jobUpdated'))
+    } else {
+      const payload: CreateJobRequest = {
+        name: formData.value.name,
+        schedule: formData.value.schedule,
+        prompt: formData.value.prompt,
+        deliver: formData.value.deliver,
+        repeat: formData.value.repeat_times ?? undefined,
+      }
+      await jobsStore.createJob(payload)
+      message.success(t('jobs.jobCreated'))
+    }
+    emit('saved')
+  } catch (e: any) {
+    message.error(e.message)
+  } finally {
+    loading.value = false
+  }
+}
+
+function handleClose() {
+  showModal.value = false
+  setTimeout(() => emit('close'), 200)
+}
+</script>
+
+<template>
+  <NModal
+    v-model:show="showModal"
+    preset="card"
+    :title="isEdit ? t('jobs.editJob') : t('jobs.createJob')"
+    :style="{ width: 'min(520px, calc(100vw - 32px))' }"
+    :mask-closable="!loading"
+    @after-leave="emit('close')"
+  >
+    <NForm label-placement="top">
+      <NFormItem :label="t('jobs.name')" required>
+        <NInput
+          v-model:value="formData.name"
+          :placeholder="t('jobs.namePlaceholder')"
+          maxlength="200"
+          show-count
+        />
+      </NFormItem>
+
+      <NFormItem :label="t('jobs.schedule')" required>
+        <NInput
+          v-model:value="formData.schedule"
+          :placeholder="t('jobs.schedulePlaceholder')"
+        />
+      </NFormItem>
+
+      <NFormItem :label="t('jobs.quickPresets')">
+        <NSelect
+          v-model:value="presetValue"
+          :options="schedulePresets"
+          :placeholder="t('jobs.selectPreset')"
+          @update:value="v => formData.schedule = v"
+        />
+      </NFormItem>
+
+      <NFormItem :label="t('jobs.prompt')" required>
+        <NInput
+          v-model:value="formData.prompt"
+          type="textarea"
+          :placeholder="t('jobs.promptPlaceholder')"
+          :rows="4"
+          maxlength="5000"
+          show-count
+        />
+      </NFormItem>
+
+      <NFormItem :label="t('jobs.deliverTarget')">
+        <NSelect
+          v-model:value="formData.deliver"
+          :options="targetOptions"
+        />
+      </NFormItem>
+
+      <NFormItem :label="t('jobs.repeatCount')">
+        <NInputNumber
+          v-model:value="formData.repeat_times"
+          :min="1"
+          :placeholder="t('jobs.repeatPlaceholder')"
+          clearable
+          style="width: 100%"
+        />
+      </NFormItem>
+    </NForm>
+
+    <template #footer>
+      <div class="modal-footer">
+        <NButton @click="handleClose">{{ t('common.cancel') }}</NButton>
+        <NButton type="primary" :loading="loading" @click="handleSave">
+          {{ isEdit ? t('common.update') : t('common.create') }}
+        </NButton>
+      </div>
+    </template>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/jobs/JobRunHistory.vue b/packages/client/src/components/hermes/jobs/JobRunHistory.vue
new file mode 100644
index 0000000..90be26d
--- /dev/null
+++ b/packages/client/src/components/hermes/jobs/JobRunHistory.vue
@@ -0,0 +1,151 @@
+<script setup lang="ts">
+import { ref, watch, computed } from 'vue'
+import { NSpin, NEmpty, NCollapse, NCollapseItem } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { listCronRuns, readCronRun } from '@/api/hermes/cron-history'
+import type { RunEntry, RunDetail } from '@/api/hermes/cron-history'
+import MarkdownRenderer from '@/components/hermes/chat/MarkdownRenderer.vue'
+
+const props = defineProps<{
+  selectedJobId: string | null
+  jobNameMap: Record<string, string>
+  profileKey: string
+}>()
+
+const { t } = useI18n()
+const loading = ref(false)
+const runs = ref<RunEntry[]>([])
+const expandedContent = ref<Record<string, string>>({})
+const loadingContent = ref<Record<string, boolean>>({})
+
+const filteredRuns = computed(() => {
+  if (!props.selectedJobId) return runs.value
+  return runs.value.filter(r => r.jobId === props.selectedJobId)
+})
+
+async function fetchRuns() {
+  loading.value = true
+  try {
+    runs.value = await listCronRuns(props.selectedJobId ?? undefined)
+  } catch (err) {
+    console.error('Failed to fetch cron runs:', err)
+    runs.value = []
+  } finally {
+    loading.value = false
+  }
+}
+
+async function handleExpand(key: string | number | Array<string | number>) {
+  // accordion mode emits a single value; non-accordion emits an array
+  const keys = Array.isArray(key) ? key : key != null ? [key] : []
+  for (const raw of keys) {
+    const k = String(raw)
+    if (expandedContent.value[k] || loadingContent.value[k]) continue
+
+    const run = filteredRuns.value.find(r => `${r.jobId}/${r.fileName}` === k)
+    if (!run) continue
+
+    loadingContent.value[k] = true
+    try {
+      const detail: RunDetail = await readCronRun(run.jobId, run.fileName)
+      expandedContent.value[k] = detail.content
+    } catch (err) {
+      expandedContent.value[k] = `[Error loading content]`
+    } finally {
+      loadingContent.value[k] = false
+    }
+  }
+}
+
+function formatSize(bytes: number): string {
+  if (bytes < 1024) return `${bytes}B`
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)}KB`
+  return `${(bytes / 1024 / 1024).toFixed(1)}MB`
+}
+
+function getJobName(jobId: string): string {
+  return props.jobNameMap[jobId] || jobId
+}
+
+watch(() => [props.selectedJobId, props.profileKey], () => {
+  expandedContent.value = {}
+  fetchRuns()
+}, { immediate: true })
+</script>
+
+<template>
+  <div class="run-history">
+    <div class="history-header">
+      <span class="history-title">{{ t('jobs.runHistory.title') }}</span>
+      <span class="history-count">{{ filteredRuns.length }} {{ t('jobs.runHistory.runs') }}</span>
+    </div>
+
+    <div class="history-body">
+      <NSpin :show="loading">
+        <NEmpty v-if="!loading && filteredRuns.length === 0" :description="t('jobs.runHistory.noRuns')" />
+
+        <NCollapse
+          v-else
+          accordion
+          @update:expanded-names="handleExpand"
+        >
+          <NCollapseItem
+            v-for="run in filteredRuns"
+            :key="`${run.jobId}/${run.fileName}`"
+            :title="`${getJobName(run.jobId)} — ${run.runTime}`"
+            :name="`${run.jobId}/${run.fileName}`"
+          >
+            <template #header-extra>
+              <span class="run-meta">{{ formatSize(run.size) }}</span>
+            </template>
+
+            <NSpin v-if="loadingContent[`${run.jobId}/${run.fileName}`]" size="small" />
+            <MarkdownRenderer v-else-if="expandedContent[`${run.jobId}/${run.fileName}`]" :content="expandedContent[`${run.jobId}/${run.fileName}`]" />
+          </NCollapseItem>
+        </NCollapse>
+      </NSpin>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.run-history {
+  height: 100%;
+  display: flex;
+  flex-direction: column;
+}
+
+.history-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 12px 20px;
+  border-bottom: 1px solid $border-light;
+  flex-shrink: 0;
+}
+
+.history-title {
+  font-size: 14px;
+  font-weight: 600;
+  color: $text-primary;
+}
+
+.history-count {
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.history-body {
+  flex: 1;
+  overflow-y: auto;
+  padding: 8px 20px 20px;
+}
+
+.run-meta {
+  font-size: 11px;
+  color: $text-muted;
+  font-family: $font-code;
+}
+</style>
diff --git a/packages/client/src/components/hermes/jobs/JobsPanel.vue b/packages/client/src/components/hermes/jobs/JobsPanel.vue
new file mode 100644
index 0000000..60ea785
--- /dev/null
+++ b/packages/client/src/components/hermes/jobs/JobsPanel.vue
@@ -0,0 +1,88 @@
+<script setup lang="ts">
+import JobCard from './JobCard.vue'
+import { useJobsStore } from '@/stores/hermes/jobs'
+import { useI18n } from 'vue-i18n'
+
+const props = defineProps<{
+  selectedJobId: string | null
+}>()
+
+const emit = defineEmits<{
+  edit: [jobId: string]
+  select: [jobId: string | null]
+}>()
+
+const { t } = useI18n()
+
+const jobsStore = useJobsStore()
+
+function handleSelect(jobId: string) {
+  emit('select', props.selectedJobId === jobId ? null : jobId)
+}
+
+function handleDeselect() {
+  if (props.selectedJobId) {
+    emit('select', null)
+  }
+}
+</script>
+
+<template>
+  <div v-if="jobsStore.jobs.length === 0" class="empty-state">
+    <svg width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" class="empty-icon">
+      <rect x="3" y="4" width="18" height="18" rx="2" ry="2"/>
+      <line x1="16" y1="2" x2="16" y2="6"/>
+      <line x1="8" y1="2" x2="8" y2="6"/>
+      <line x1="3" y1="10" x2="21" y2="10"/>
+    </svg>
+    <p>{{ t('jobs.noJobs') }}</p>
+  </div>
+  <div v-else class="jobs-grid">
+    <JobCard
+      v-for="job in jobsStore.jobs"
+      :key="job.id"
+      :job="job"
+      :selected="selectedJobId === (job.job_id || job.id)"
+      @edit="emit('edit', job.id)"
+      @select="handleSelect"
+    />
+  </div>
+  <!-- Click outside cards to deselect -->
+  <div
+    v-if="selectedJobId"
+    class="deselect-overlay"
+    @click="handleDeselect"
+  />
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.empty-state {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  height: 100%;
+  color: $text-muted;
+  gap: 12px;
+
+  .empty-icon {
+    opacity: 0.3;
+  }
+
+  p {
+    font-size: 14px;
+  }
+}
+
+.jobs-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(min(100%, 360px), 1fr));
+  gap: 14px;
+}
+
+.deselect-overlay {
+  display: none;
+}
+</style>
diff --git a/packages/client/src/components/hermes/kanban/KanbanColumn.vue b/packages/client/src/components/hermes/kanban/KanbanColumn.vue
new file mode 100644
index 0000000..bd0b727
--- /dev/null
+++ b/packages/client/src/components/hermes/kanban/KanbanColumn.vue
@@ -0,0 +1,91 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { NCollapse, NCollapseItem } from 'naive-ui'
+import KanbanTaskCard from './KanbanTaskCard.vue'
+import type { KanbanTask, KanbanTaskStatus } from '@/api/hermes/kanban'
+
+const props = defineProps<{
+  status: KanbanTaskStatus
+  tasks: KanbanTask[]
+}>()
+
+const emit = defineEmits<{
+  taskClick: [taskId: string]
+}>()
+
+const { t } = useI18n()
+
+const statusLabel = computed(() => t(`kanban.columns.${props.status}`, props.status))
+const statusCount = computed(() => props.tasks.length)
+
+const statusIcon = computed(() => {
+  switch (props.status) {
+    case 'todo': return '○'
+    case 'ready': return '◎'
+    case 'running': return '●'
+    case 'blocked': return '⊘'
+    case 'done': return '✓'
+    default: return '○'
+  }
+})
+
+const headerTitle = computed(() => `${statusIcon.value}  ${statusLabel.value}  (${statusCount.value})`)
+</script>
+
+<template>
+  <div class="kanban-column">
+    <NCollapse :default-expanded-names="[status]" display-directive="show">
+      <NCollapseItem :title="headerTitle" :name="status">
+        <KanbanTaskCard
+          v-for="task in tasks"
+          :key="task.id"
+          :task="task"
+          @click="emit('taskClick', task.id)"
+        />
+        <div v-if="tasks.length === 0" class="column-empty">
+          {{ t('kanban.noTasks') }}
+        </div>
+      </NCollapseItem>
+    </NCollapse>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.kanban-column {
+  flex: 1 1 calc(20% - 12px);
+  min-width: 200px;
+  background-color: rgba(var(--accent-primary-rgb), 0.02);
+  border-radius: $radius-md;
+  border: 1px solid $border-light;
+
+  :deep(.n-collapse) {
+    --n-title-font-size: 13px;
+    --n-title-font-weight: 600;
+  }
+
+  :deep(.n-collapse-item__header-main) {
+    color: $text-primary;
+  }
+
+  :deep(.n-collapse-item__content-wrapper) {
+    padding: 0 10px 10px;
+  }
+
+  :deep(.n-collapse-item) {
+    display: flex;
+    flex-direction: column;
+  }
+}
+
+.column-empty {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  min-height: 60px;
+  font-size: 12px;
+  color: $text-muted;
+}
+</style>
diff --git a/packages/client/src/components/hermes/kanban/KanbanCreateForm.vue b/packages/client/src/components/hermes/kanban/KanbanCreateForm.vue
new file mode 100644
index 0000000..647999a
--- /dev/null
+++ b/packages/client/src/components/hermes/kanban/KanbanCreateForm.vue
@@ -0,0 +1,79 @@
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import { NModal, NForm, NFormItem, NInput, NSelect, NButton, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useKanbanStore } from '@/stores/hermes/kanban'
+import { withDefaultAssignee } from '@/utils/hermes/kanban-assignees'
+
+const emit = defineEmits<{
+  close: []
+  created: []
+}>()
+
+const { t } = useI18n()
+const message = useMessage()
+const kanbanStore = useKanbanStore()
+
+const title = ref('')
+const body = ref('')
+const assignee = ref<string | null>(null)
+const priority = ref<number | null>(null)
+const saving = ref(false)
+
+const priorityOptions = computed(() => [
+  { label: t('kanban.card.priority.low'), value: 1 },
+  { label: t('kanban.card.priority.medium'), value: 2 },
+  { label: t('kanban.card.priority.high'), value: 3 },
+])
+
+const assigneeOptions = computed(() => {
+  return withDefaultAssignee(kanbanStore.assignees, kanbanStore.stats?.by_assignee || {})
+    .map(a => ({ label: a.name, value: a.name }))
+})
+
+async function handleSubmit() {
+  if (!title.value.trim()) {
+    message.warning(t('kanban.form.titleRequired'))
+    return
+  }
+  saving.value = true
+  try {
+    await kanbanStore.createTask({
+      title: title.value.trim(),
+      body: body.value.trim() || undefined,
+      assignee: assignee.value || undefined,
+      priority: priority.value ?? undefined,
+    })
+    message.success(t('kanban.message.taskCreated'))
+    emit('created')
+    emit('close')
+  } catch (err: any) {
+    message.error(err.message)
+  } finally {
+    saving.value = false
+  }
+}
+</script>
+
+<template>
+  <NModal :show="true" preset="dialog" :title="t('kanban.createTask')" style="width: 480px;" @close="emit('close')">
+    <NForm label-placement="top">
+      <NFormItem :label="t('kanban.form.title')">
+        <NInput v-model:value="title" :placeholder="t('kanban.form.titlePlaceholder')" />
+      </NFormItem>
+      <NFormItem :label="t('kanban.form.body')">
+        <NInput v-model:value="body" type="textarea" :rows="3" :placeholder="t('kanban.form.bodyPlaceholder')" />
+      </NFormItem>
+      <NFormItem :label="t('kanban.form.assignee')">
+        <NSelect v-model:value="assignee" :options="assigneeOptions" :placeholder="t('kanban.form.selectAssignee')" clearable />
+      </NFormItem>
+      <NFormItem :label="t('kanban.form.priority')">
+        <NSelect v-model:value="priority" :options="priorityOptions" :placeholder="t('kanban.form.selectPriority')" clearable />
+      </NFormItem>
+    </NForm>
+    <template #action>
+      <NButton @click="emit('close')">{{ t('common.cancel') }}</NButton>
+      <NButton type="primary" :loading="saving" @click="handleSubmit">{{ t('common.create') }}</NButton>
+    </template>
+  </NModal>
+</template>
diff --git a/packages/client/src/components/hermes/kanban/KanbanTaskCard.vue b/packages/client/src/components/hermes/kanban/KanbanTaskCard.vue
new file mode 100644
index 0000000..7757f2b
--- /dev/null
+++ b/packages/client/src/components/hermes/kanban/KanbanTaskCard.vue
@@ -0,0 +1,157 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import { NTooltip } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import ProfileAvatar from '@/components/hermes/profiles/ProfileAvatar.vue'
+import type { KanbanTask } from '@/api/hermes/kanban'
+import type { ProfileAvatar as ProfileAvatarData } from '@/api/hermes/profiles'
+
+const props = defineProps<{
+  task: KanbanTask
+  assigneeAvatar?: ProfileAvatarData | null
+}>()
+
+const emit = defineEmits<{
+  click: [taskId: string]
+}>()
+
+const { t } = useI18n()
+
+const timeAgo = computed(() => {
+  const diff = Date.now() / 1000 - props.task.created_at
+  if (diff < 60) return t('kanban.card.timeAgo.justNow')
+  if (diff < 3600) return t('kanban.card.timeAgo.minutes', { count: Math.floor(diff / 60) })
+  if (diff < 86400) return t('kanban.card.timeAgo.hours', { count: Math.floor(diff / 3600) })
+  return t('kanban.card.timeAgo.days', { count: Math.floor(diff / 86400) })
+})
+
+const priorityLabel = computed(() => {
+  if (props.task.priority >= 3) return 'high'
+  if (props.task.priority === 2) return 'medium'
+  return 'low'
+})
+
+const priorityText = computed(() => {
+  return t(`kanban.card.priority.${priorityLabel.value}`)
+})
+</script>
+
+<template>
+  <div class="kanban-task-card" :class="`status-${task.status}`" @click="emit('click', task.id)">
+    <div class="card-title">{{ task.title }}</div>
+    <div class="card-meta">
+      <NTooltip v-if="task.assignee" trigger="hover">
+        <template #trigger>
+          <span class="meta-tag assignee-tag">
+            <ProfileAvatar
+              class="assignee-profile-avatar"
+              :name="task.assignee"
+              :avatar="assigneeAvatar"
+              :size="18"
+              aria-hidden="true"
+            />
+            <span>{{ task.assignee }}</span>
+          </span>
+        </template>
+        {{ t('kanban.card.assigneeTooltip') }}
+      </NTooltip>
+      <span v-if="task.priority >= 2" class="meta-tag priority-tag" :class="priorityLabel">{{ priorityText }}</span>
+      <span class="meta-time">{{ timeAgo }}</span>
+    </div>
+    <div v-if="task.body" class="card-body-preview">{{ task.body.slice(0, 80) }}{{ task.body.length > 80 ? '...' : '' }}</div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.kanban-task-card {
+  --kanban-card-status-color: #64748b;
+  background-color: $bg-card;
+  border: 1px solid $border-color;
+  border-left: 3px solid var(--kanban-card-status-color);
+  border-radius: $radius-md;
+  padding: 12px;
+  cursor: pointer;
+  transition: border-color $transition-fast, box-shadow $transition-fast;
+
+  &.status-triage { --kanban-card-status-color: #94a3b8; }
+  &.status-todo { --kanban-card-status-color: #38bdf8; }
+  &.status-ready { --kanban-card-status-color: #f59e0b; }
+  &.status-running { --kanban-card-status-color: #2563eb; }
+  &.status-blocked { --kanban-card-status-color: #ef4444; }
+  &.status-done { --kanban-card-status-color: #22c55e; }
+  &.status-archived { --kanban-card-status-color: #64748b; }
+
+  &:hover {
+    border-color: var(--kanban-card-status-color);
+    box-shadow: 0 2px 8px rgba(0, 0, 0, 0.06);
+  }
+}
+
+.card-title {
+  font-size: 13px;
+  font-weight: 600;
+  color: $text-primary;
+  line-height: 1.4;
+  word-break: break-word;
+}
+
+.card-meta {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  margin-top: 8px;
+  flex-wrap: wrap;
+}
+
+.meta-tag {
+  font-size: 11px;
+  padding: 1px 6px;
+  border-radius: 4px;
+  font-weight: 500;
+}
+
+.assignee-tag {
+  display: inline-flex;
+  align-items: center;
+  gap: 5px;
+  background: rgba(var(--accent-primary-rgb), 0.1);
+  color: $accent-primary;
+  padding-left: 2px;
+}
+
+.assignee-profile-avatar {
+  box-shadow: 0 0 0 1px rgba(var(--accent-primary-rgb), 0.28);
+}
+
+.priority-tag {
+  &.high {
+    background: rgba(var(--error-rgb), 0.12);
+    color: $error;
+  }
+
+  &.medium {
+    background: rgba(var(--warning-rgb), 0.12);
+    color: $warning;
+  }
+
+  &.low {
+    background: rgba(var(--success-rgb), 0.12);
+    color: $success;
+  }
+}
+
+.meta-time {
+  font-size: 11px;
+  color: $text-muted;
+  margin-left: auto;
+}
+
+.card-body-preview {
+  font-size: 12px;
+  color: $text-muted;
+  margin-top: 6px;
+  line-height: 1.4;
+}
+</style>
diff --git a/packages/client/src/components/hermes/kanban/KanbanTaskDrawer.vue b/packages/client/src/components/hermes/kanban/KanbanTaskDrawer.vue
new file mode 100644
index 0000000..5bf9ec8
--- /dev/null
+++ b/packages/client/src/components/hermes/kanban/KanbanTaskDrawer.vue
@@ -0,0 +1,704 @@
+<script setup lang="ts">
+import { ref, computed, watch } from 'vue'
+import { NDrawer, NDrawerContent, NButton, NSelect, NInput, NSpin, NModal, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useRouter } from 'vue-router'
+import { request } from '@/api/client'
+import { getTask } from '@/api/hermes/kanban'
+import { useKanbanStore } from '@/stores/hermes/kanban'
+import { withDefaultAssignee } from '@/utils/hermes/kanban-assignees'
+import HistoryMessageList from '@/components/hermes/chat/HistoryMessageList.vue'
+import type { Session, Message } from '@/stores/hermes/chat'
+import type { KanbanTaskDetail } from '@/api/hermes/kanban'
+
+const props = defineProps<{
+  taskId: string | null
+}>()
+
+const emit = defineEmits<{
+  close: []
+  updated: []
+}>()
+
+const { t } = useI18n()
+const router = useRouter()
+const message = useMessage()
+const kanbanStore = useKanbanStore()
+
+const detail = ref<KanbanTaskDetail | null>(null)
+const loading = ref(false)
+const assignProfile = ref<string | null>(null)
+const blockReason = ref('')
+const showBlockInput = ref(false)
+const completeSummary = ref('')
+const showCompleteInput = ref(false)
+const showMessagesModal = ref(false)
+
+const completionSummary = computed(() => {
+  if (!detail.value) return ''
+  return detail.value.task.result || detail.value.latest_summary || ''
+})
+
+const localizedTaskStatus = computed(() => {
+  if (!detail.value) return ''
+  return t(`kanban.columns.${detail.value.task.status}`, detail.value.task.status)
+})
+
+const canMutateTask = computed(() => {
+  const status = detail.value?.task.status
+  return status !== 'done' && status !== 'archived'
+})
+
+const sessionResults = ref<any[]>([])
+const sessionLoading = ref(false)
+const showSessions = ref(false)
+
+const latestRunProfile = computed(() => {
+  if (!detail.value) return null
+  return [...detail.value.runs].reverse().find(run => run.profile)?.profile || null
+})
+
+async function searchTaskSessions() {
+  if (!detail.value) return
+  const profile = latestRunProfile.value
+  if (!profile) return
+  showSessions.value = !showSessions.value
+  if (!showSessions.value) return
+  sessionLoading.value = true
+  try {
+    const res = await request<{ results: any[] }>(
+      `/api/hermes/kanban/search-sessions?task_id=${encodeURIComponent(detail.value.task.id)}&profile=${encodeURIComponent(profile)}&board=${encodeURIComponent(kanbanStore.selectedBoard)}`
+    )
+    sessionResults.value = res.results
+  } catch {
+    sessionResults.value = []
+  } finally {
+    sessionLoading.value = false
+  }
+}
+
+function openResultDetail() {
+  if (detail.value?.session) {
+    showMessagesModal.value = true
+  }
+}
+
+const historySession = computed<Session | null>(() => {
+  const s = detail.value?.session
+  if (!s) return null
+  return {
+    id: s.id,
+    title: s.title || '',
+    source: s.source,
+    messages: s.messages
+      .filter(m => m.role === 'user' || m.role === 'assistant')
+      .map(m => ({
+        id: String(m.id),
+        role: m.role as Message['role'],
+        content: m.content,
+        timestamp: m.timestamp,
+      })),
+    createdAt: s.started_at,
+    updatedAt: s.ended_at || s.started_at,
+    model: s.model,
+    messageCount: s.messages.length,
+    endedAt: s.ended_at,
+  }
+})
+
+const assigneeOptions = computed(() => {
+  return withDefaultAssignee(kanbanStore.assignees, kanbanStore.stats?.by_assignee || {})
+    .map(a => ({ label: a.name, value: a.name }))
+})
+
+watch(() => [props.taskId, kanbanStore.selectedBoard] as const, async ([id, board]) => {
+  if (!id) {
+    detail.value = null
+    return
+  }
+  loading.value = true
+  try {
+    const nextDetail = await getTask(id, { board })
+    if (props.taskId === id && kanbanStore.selectedBoard === board) {
+      detail.value = nextDetail
+    }
+  } catch (err: any) {
+    if (props.taskId === id && kanbanStore.selectedBoard === board) {
+      message.error(t('kanban.message.loadFailed'))
+    }
+  } finally {
+    if (props.taskId === id && kanbanStore.selectedBoard === board) {
+      loading.value = false
+    }
+  }
+}, { immediate: true })
+
+function formatTime(ts: number | null) {
+  if (!ts) return '—'
+  return new Date(ts * 1000).toLocaleString()
+}
+
+async function handleComplete() {
+  if (!props.taskId) return
+  if (!showCompleteInput.value) {
+    showCompleteInput.value = true
+    return
+  }
+  try {
+    await kanbanStore.completeTasks([props.taskId], completeSummary.value.trim() || undefined)
+    message.success(t('kanban.message.taskCompleted'))
+    showCompleteInput.value = false
+    completeSummary.value = ''
+    emit('updated')
+    emit('close')
+  } catch (err: any) {
+    message.error(err.message)
+  }
+}
+
+async function handleBlock() {
+  if (!props.taskId || !blockReason.value.trim()) return
+  try {
+    await kanbanStore.blockTask(props.taskId, blockReason.value.trim())
+    message.success(t('kanban.message.taskBlocked'))
+    showBlockInput.value = false
+    blockReason.value = ''
+    emit('updated')
+    emit('close')
+  } catch (err: any) {
+    message.error(err.message)
+  }
+}
+
+async function handleUnblock() {
+  if (!props.taskId) return
+  try {
+    await kanbanStore.unblockTasks([props.taskId])
+    message.success(t('kanban.message.taskUnblocked'))
+    emit('updated')
+    emit('close')
+  } catch (err: any) {
+    message.error(err.message)
+  }
+}
+
+async function handleAssign() {
+  if (!props.taskId || !assignProfile.value) return
+  try {
+    await kanbanStore.assignTask(props.taskId, assignProfile.value)
+    message.success(t('kanban.message.taskAssigned'))
+    assignProfile.value = null
+    if (detail.value) {
+      detail.value = await getTask(props.taskId, { board: kanbanStore.selectedBoard })
+    }
+    emit('updated')
+  } catch (err: any) {
+    message.error(err.message)
+  }
+}
+</script>
+
+<template>
+  <NDrawer :show="!!taskId" :width="420" placement="right" @update:show="(v: boolean) => { if (!v) emit('close') }">
+    <NDrawerContent :title="detail?.task.title || ''" closable>
+      <NSpin :show="loading">
+        <template v-if="detail">
+          <!-- Metadata -->
+          <div class="detail-section">
+            <div class="detail-row">
+              <span class="detail-label">{{ t('kanban.detail.status') }}</span>
+              <span class="detail-value status-badge" :class="detail.task.status">{{ localizedTaskStatus }}</span>
+            </div>
+            <div class="detail-row">
+              <span class="detail-label">{{ t('kanban.detail.assignee') }}</span>
+              <span class="detail-value">{{ detail.task.assignee || '—' }}</span>
+            </div>
+            <div class="detail-row">
+              <span class="detail-label">{{ t('kanban.detail.priority') }}</span>
+              <span class="detail-value">{{ detail.task.priority }}</span>
+            </div>
+            <div class="detail-row">
+              <span class="detail-label">{{ t('kanban.detail.tenant') }}</span>
+              <span class="detail-value">{{ detail.task.tenant || '—' }}</span>
+            </div>
+            <div class="detail-row">
+              <span class="detail-label">{{ t('kanban.detail.createdAt') }}</span>
+              <span class="detail-value">{{ formatTime(detail.task.created_at) }}</span>
+            </div>
+            <div v-if="detail.task.started_at" class="detail-row">
+              <span class="detail-label">{{ t('kanban.detail.startedAt') }}</span>
+              <span class="detail-value">{{ formatTime(detail.task.started_at) }}</span>
+            </div>
+            <div v-if="detail.task.completed_at" class="detail-row">
+              <span class="detail-label">{{ t('kanban.detail.completedAt') }}</span>
+              <span class="detail-value">{{ formatTime(detail.task.completed_at) }}</span>
+            </div>
+          </div>
+
+          <!-- Body -->
+          <div v-if="detail.task.body" class="detail-section">
+            <div class="section-title">{{ t('kanban.form.body') }}</div>
+            <div class="detail-body">{{ detail.task.body }}</div>
+          </div>
+
+          <!-- Result / Summary -->
+          <div v-if="completionSummary" class="detail-section">
+            <div class="section-title">{{ t('kanban.detail.result') }}</div>
+            <div class="result-summary" @click="openResultDetail">{{ completionSummary }}</div>
+          </div>
+
+          <!-- Actions (only for active, mutable tasks) -->
+          <div v-if="canMutateTask" class="detail-section">
+            <div class="section-title">{{ t('kanban.action.title') }}</div>
+            <div class="action-group">
+              <template v-if="!showCompleteInput">
+                <NButton size="small" @click="showCompleteInput = true">
+                  {{ t('kanban.action.complete') }}
+                </NButton>
+              </template>
+              <div v-else class="complete-input">
+                <NInput v-model:value="completeSummary" size="small" :placeholder="t('kanban.action.completeSummary')" />
+                <NButton size="small" type="primary" @click="handleComplete">{{ t('common.ok') }}</NButton>
+                <NButton size="small" @click="showCompleteInput = false; completeSummary = ''">{{ t('common.cancel') }}</NButton>
+              </div>
+              <template v-if="detail.task.status === 'blocked'">
+                <NButton size="small" @click="handleUnblock">{{ t('kanban.action.unblock') }}</NButton>
+              </template>
+              <template v-else>
+                <NButton v-if="!showBlockInput" size="small" @click="showBlockInput = true">{{ t('kanban.action.block') }}</NButton>
+                <div v-else class="block-input">
+                  <NInput v-model:value="blockReason" size="small" :placeholder="t('kanban.action.blockReason')" />
+                  <NButton size="small" type="primary" @click="handleBlock">{{ t('common.ok') }}</NButton>
+                </div>
+              </template>
+            </div>
+            <div v-if="detail.task.status !== 'running'" class="assign-group">
+              <NSelect v-model:value="assignProfile" :options="assigneeOptions" size="small" :placeholder="t('kanban.action.assignTo')" style="flex: 1;" />
+              <NButton size="small" :disabled="!assignProfile" @click="handleAssign">{{ t('kanban.action.assign') }}</NButton>
+            </div>
+          </div>
+
+          <!-- Related Sessions -->
+          <div v-if="detail.runs.length > 0" class="detail-section">
+            <div class="section-title" style="cursor: pointer;" @click="searchTaskSessions">
+              {{ t('kanban.detail.sessions') }}
+              <NSpin v-if="sessionLoading" :size="12" style="margin-left: 6px;" />
+            </div>
+            <div v-if="showSessions && sessionResults.length > 0" class="session-list">
+              <div v-for="session in sessionResults" :key="session.id" class="session-item" @click="router.push({ name: 'hermes.chat', query: { session: session.id } })">
+                <div class="session-title">{{ session.title || session.id }}</div>
+                <div class="session-meta">
+                  <span>{{ session.source }}</span>
+                  <span>{{ session.model }}</span>
+                  <span>{{ formatTime(session.started_at) }}</span>
+                </div>
+              </div>
+            </div>
+            <div v-if="showSessions && !sessionLoading && sessionResults.length === 0" class="column-empty">{{ t('kanban.detail.noSessions') }}</div>
+          </div>
+
+          <!-- Runs -->
+          <div v-if="detail.runs.length > 0" class="detail-section">
+            <div class="section-title">{{ t('kanban.detail.runs') }}</div>
+            <div v-for="run in detail.runs" :key="run.id" class="run-item">
+              <div class="run-header">
+                <span class="run-status" :class="run.status">{{ run.status }}</span>
+                <span class="run-profile">{{ run.profile || '—' }}</span>
+                <span class="run-time">{{ formatTime(run.started_at) }}</span>
+              </div>
+              <div v-if="run.summary" class="run-summary">{{ run.summary }}</div>
+              <div v-if="run.error" class="run-error">{{ run.error }}</div>
+            </div>
+          </div>
+
+          <!-- Comments -->
+          <div v-if="detail.comments.length > 0" class="detail-section">
+            <div class="section-title">{{ t('kanban.detail.comments') }}</div>
+            <div v-for="comment in detail.comments" :key="comment.id" class="comment-item">
+              <div class="comment-header">
+                <span class="comment-author">{{ comment.author }}</span>
+                <span class="comment-time">{{ formatTime(comment.created_at) }}</span>
+              </div>
+              <div class="comment-body">{{ comment.body }}</div>
+            </div>
+          </div>
+
+          <!-- Events -->
+          <div v-if="detail.events.length > 0" class="detail-section">
+            <div class="section-title">{{ t('kanban.detail.events') }}</div>
+            <div v-for="event in detail.events.slice(-10)" :key="event.id" class="event-item">
+              <span class="event-kind">{{ event.kind }}</span>
+              <span class="event-time">{{ formatTime(event.created_at) }}</span>
+            </div>
+          </div>
+        </template>
+      </NSpin>
+    </NDrawerContent>
+  </NDrawer>
+
+  <!-- Session messages modal (click result summary) -->
+  <NModal v-if="historySession" :show="showMessagesModal" preset="card" :title="detail?.task.title || ''" :style="{ width: '900px', maxWidth: 'calc(100vw - 48px)' }" @close="showMessagesModal = false">
+    <div class="messages-modal-body">
+      <HistoryMessageList :session="historySession" />
+    </div>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.detail-section {
+  margin-bottom: 20px;
+}
+
+.section-title {
+  font-size: 12px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+  margin-bottom: 10px;
+}
+
+.result-summary {
+  cursor: pointer;
+  border-radius: $radius-sm;
+  padding: 8px 10px;
+  background: rgba(var(--accent-primary-rgb), 0.04);
+  border: 1px solid $border-light;
+  font-size: 13px;
+  color: $text-secondary;
+  line-height: 1.5;
+  transition: border-color $transition-fast;
+
+  &:hover { border-color: rgba(var(--accent-primary-rgb), 0.3); }
+}
+
+.result-detail {
+  margin-top: 10px;
+  padding: 10px;
+  background: rgba(var(--accent-primary-rgb), 0.02);
+  border: 1px solid $border-light;
+  border-radius: $radius-sm;
+}
+
+.meta-label {
+  font-size: 11px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.3px;
+  margin: 8px 0 4px;
+
+  &:first-child { margin-top: 0; }
+}
+
+.meta-list {
+  list-style: none;
+  padding: 0;
+  margin: 0;
+
+  li {
+    font-size: 12px;
+    color: $text-secondary;
+    padding: 2px 0;
+
+    code {
+      font-family: $font-code;
+      font-size: 11px;
+      background: rgba(var(--accent-primary-rgb), 0.06);
+      padding: 1px 4px;
+      border-radius: 3px;
+      word-break: break-all;
+    }
+  }
+}
+
+.meta-kv {
+  display: flex;
+  flex-direction: column;
+  gap: 4px;
+}
+
+.meta-kv-row {
+  display: flex;
+  gap: 8px;
+  font-size: 12px;
+}
+
+.meta-kv-key {
+  color: $text-muted;
+  font-family: $font-code;
+  font-size: 11px;
+  min-width: 100px;
+  flex-shrink: 0;
+}
+
+.meta-kv-val {
+  color: $text-secondary;
+}
+
+.artifact-link {
+  cursor: pointer;
+  transition: color $transition-fast;
+
+  &:hover { color: $accent-primary; }
+}
+
+.artifact-modal-body,
+.messages-modal-body {
+  max-height: 65vh;
+  overflow: hidden;
+  padding: 4px 0;
+
+  :deep(.message-list) {
+    max-height: 65vh;
+    background: transparent;
+    padding: 0;
+  }
+}
+
+.detail-row {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  padding: 6px 0;
+  border-bottom: 1px solid $border-light;
+}
+
+.detail-label {
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.detail-value {
+  font-size: 12px;
+  color: $text-primary;
+}
+
+.status-badge {
+  padding: 1px 8px;
+  border-radius: 4px;
+  font-weight: 500;
+
+  &.triage {
+    background: rgba(148, 163, 184, 0.14);
+    color: #94a3b8;
+  }
+
+  &.todo {
+    background: rgba(56, 189, 248, 0.14);
+    color: #38bdf8;
+  }
+
+  &.ready {
+    background: rgba(var(--warning-rgb), 0.12);
+    color: $warning;
+  }
+
+  &.running {
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    color: $accent-primary;
+  }
+
+  &.blocked {
+    background: rgba(var(--error-rgb), 0.12);
+    color: $error;
+  }
+
+  &.done {
+    background: rgba(var(--success-rgb), 0.12);
+    color: $success;
+  }
+
+  &.archived {
+    background: rgba(100, 116, 139, 0.14);
+    color: #94a3b8;
+  }
+}
+
+.detail-body {
+  font-size: 13px;
+  color: $text-secondary;
+  line-height: 1.6;
+  white-space: pre-wrap;
+  word-break: break-word;
+}
+
+.action-group {
+  display: flex;
+  gap: 8px;
+  margin-bottom: 10px;
+  flex-wrap: wrap;
+}
+
+.block-input,
+.complete-input {
+  display: flex;
+  gap: 6px;
+  flex: 1;
+}
+
+.assign-group {
+  display: flex;
+  gap: 8px;
+}
+
+.run-item,
+.comment-item {
+  padding: 8px 0;
+  border-bottom: 1px solid $border-light;
+
+  &:last-child {
+    border-bottom: none;
+  }
+}
+
+.run-header,
+.comment-header {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  margin-bottom: 4px;
+}
+
+.run-status {
+  font-size: 11px;
+  font-weight: 500;
+  padding: 1px 6px;
+  border-radius: 4px;
+
+  &.running {
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    color: $accent-primary;
+  }
+
+  &.done, &.completed {
+    background: rgba(var(--success-rgb), 0.12);
+    color: $success;
+  }
+
+  &.crashed, &.failed {
+    background: rgba(var(--error-rgb), 0.12);
+    color: $error;
+  }
+}
+
+.run-profile,
+.comment-author {
+  font-size: 12px;
+  font-weight: 500;
+  color: $text-primary;
+}
+
+.run-time,
+.comment-time {
+  font-size: 11px;
+  color: $text-muted;
+  margin-left: auto;
+}
+
+.run-summary,
+.run-error,
+.comment-body {
+  font-size: 12px;
+  color: $text-secondary;
+  line-height: 1.4;
+}
+
+.run-error {
+  color: $error;
+}
+
+.event-item {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 4px 0;
+}
+
+.event-kind {
+  font-size: 11px;
+  font-family: $font-code;
+  color: $accent-primary;
+}
+
+.event-time {
+  font-size: 11px;
+  color: $text-muted;
+  margin-left: auto;
+}
+
+.session-list {
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+}
+
+.session-item {
+  padding: 8px 10px;
+  border-radius: $radius-sm;
+  border: 1px solid $border-light;
+  cursor: pointer;
+  transition: border-color $transition-fast;
+
+  &:hover { border-color: rgba(var(--accent-primary-rgb), 0.3); }
+}
+
+.session-title {
+  font-size: 13px;
+  font-weight: 500;
+  color: $text-primary;
+  margin-bottom: 4px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.session-meta {
+  display: flex;
+  gap: 8px;
+  font-size: 11px;
+  color: $text-muted;
+}
+
+.session-messages {
+  display: flex;
+  flex-direction: column;
+  gap: 10px;
+}
+
+.session-msg {
+  padding: 10px 12px;
+  border-radius: $radius-sm;
+  border: 1px solid $border-light;
+
+  &.user {
+    background: rgba(var(--accent-primary-rgb), 0.04);
+  }
+
+  &.assistant {
+    background: transparent;
+  }
+}
+
+.session-msg-role {
+  font-size: 11px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  margin-bottom: 6px;
+}
+
+.session-msg-content {
+  font-size: 13px;
+  color: $text-secondary;
+  line-height: 1.5;
+
+  :deep(p) {
+    margin: 0 0 8px;
+
+    &:last-child { margin-bottom: 0; }
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/mcp/McpServerCard.vue b/packages/client/src/components/hermes/mcp/McpServerCard.vue
new file mode 100644
index 0000000..49a9455
--- /dev/null
+++ b/packages/client/src/components/hermes/mcp/McpServerCard.vue
@@ -0,0 +1,277 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import { NButton, NSwitch, NPopconfirm } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import type { McpServerInfo } from '@/api/hermes/mcp'
+
+const props = defineProps<{
+  server: McpServerInfo
+  toolsByServer: Record<string, Array<{ name: string; description?: string }>>
+}>()
+
+const emit = defineEmits<{
+  edit: [server: McpServerInfo]
+  test: [server: McpServerInfo]
+  reload: [name: string]
+  remove: [server: McpServerInfo]
+  toggleEnabled: [server: McpServerInfo]
+  manageTools: [server: McpServerInfo]
+}>()
+
+const { t } = useI18n()
+
+function statusClass(server: McpServerInfo) {
+  if (server.raw_config.enabled === false) return 'disabled'
+  return server.connected ? 'connected' : 'disconnected'
+}
+
+function statusLabel(server: McpServerInfo) {
+  if (server.raw_config.enabled === false) return t('mcp.disabledStatus')
+  return server.connected ? t('mcp.connectedStatus') : t('mcp.disconnectedStatus')
+}
+
+const tools = computed(() => props.toolsByServer[props.server.name] || [])
+const MAX_VISIBLE_TOOLS = 20
+</script>
+
+<template>
+  <div class="mcp-card" :class="{ disconnected: !server.connected, disabled: server.raw_config.enabled === false }">
+    <!-- 第一行：标题 + 标签 -->
+    <div class="card-header">
+      <h3 class="server-name">{{ server.name }}</h3>
+      <div class="server-badges">
+        <span class="type-badge transport">{{ server.transport }}</span>
+        <span class="type-badge" :class="statusClass(server)">{{ statusLabel(server) }}</span>
+      </div>
+    </div>
+
+    <!-- 第二行：工具列表 + 数量 -->
+    <div class="card-body">
+      <div v-if="server.error" class="error-row">
+        <span class="error-text">{{ server.error }}</span>
+      </div>
+
+      <div class="info-row">
+        <span class="info-label">{{ t('mcp.toolList') }}</span>
+        <span class="info-value">
+          {{ server.tools_registered }}/{{ server.tools }}{{ t('mcp.count') }}{{ t('mcp.tools') }}
+        </span>
+      </div>
+
+      <!-- 工具标签列表 -->
+      <div v-if="server.tools > 0" class="tools-list">
+        <span
+          v-for="tool in tools.slice(0, MAX_VISIBLE_TOOLS)"
+          :key="tool.name"
+          class="tool-tag"
+          :title="tool.description"
+        >
+          {{ tool.name }}
+        </span>
+        <span v-if="tools.length > MAX_VISIBLE_TOOLS" class="tool-tag tool-tag-more">
+          +{{ tools.length - MAX_VISIBLE_TOOLS }} {{ t('mcp.more') }}
+        </span>
+      </div>
+      <div v-else class="tools-empty">
+        <span class="muted">{{ t('mcp.zeroTools') }}</span>
+      </div>
+    </div>
+
+    <!-- 底部：按钮 + 开关 -->
+    <div class="card-footer">
+      <div class="card-actions">
+        <NButton size="tiny" quaternary @click="emit('edit', server)">{{ t('mcp.edit') }}</NButton>
+        <NButton size="tiny" quaternary :disabled="!server.connected" @click="emit('manageTools', server)">{{ t('mcp.manageTools') }}</NButton>
+        <NButton size="tiny" quaternary @click="emit('test', server)">{{ t('mcp.test') }}</NButton>
+        <NButton size="tiny" quaternary @click="emit('reload', server.name)">{{ t('mcp.reload') }}</NButton>
+        <NPopconfirm @positive-click="emit('remove', server)">
+          <template #trigger>
+            <NButton size="tiny" quaternary type="error">{{ t('mcp.remove') }}</NButton>
+          </template>
+          {{ t('mcp.confirmRemove', { name: server.name }) }}
+        </NPopconfirm>
+      </div>
+      <NSwitch
+        :value="server.raw_config.enabled !== false"
+        size="small"
+        @update:value="() => emit('toggleEnabled', server)"
+      />
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.mcp-card {
+  background-color: $bg-card;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  padding: 16px;
+  transition: border-color $transition-fast;
+
+  &:hover {
+    border-color: rgba(var(--accent-primary-rgb), 0.3);
+  }
+
+  &.disconnected {
+    border-color: rgba(var(--error-rgb), 0.3);
+  }
+
+  &.disabled {
+    opacity: 0.7;
+  }
+}
+
+.card-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  margin-bottom: 12px;
+}
+
+.server-name {
+  font-size: 15px;
+  font-weight: 600;
+  color: $text-primary;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  max-width: 70%;
+}
+
+.server-badges {
+  display: flex;
+  align-items: center;
+  justify-content: flex-end;
+  gap: 6px;
+  min-width: 0;
+}
+
+.type-badge {
+  font-size: 11px;
+  padding: 2px 8px;
+  border-radius: 10px;
+  font-weight: 500;
+  white-space: nowrap;
+
+  &.transport {
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    color: $accent-primary;
+  }
+
+  &.connected {
+    background: rgba(var(--success-rgb), 0.12);
+    color: $success;
+  }
+
+  &.disconnected {
+    background: rgba(var(--error-rgb), 0.12);
+    color: $error;
+  }
+
+  &.disabled {
+    background: rgba(var(--text-muted-rgb, 128,128,128), 0.12);
+    color: $text-muted;
+  }
+}
+
+.card-body {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+  margin-bottom: 14px;
+}
+
+.error-row {
+  margin-bottom: 4px;
+}
+
+.error-text {
+  color: $error;
+  font-size: 11px;
+  display: -webkit-box;
+  -webkit-line-clamp: 2;
+  -webkit-box-orient: vertical;
+  overflow: hidden;
+}
+
+.info-row {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+}
+
+.info-label {
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.info-value {
+  font-size: 12px;
+  color: $text-secondary;
+}
+
+.tools-list {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 4px 6px;
+  height: 88px;
+  overflow-y: auto;
+  align-content: flex-start;
+}
+
+.tool-tag {
+  display: inline-flex;
+  align-items: center;
+  min-height: 22px;
+  font-size: 10px;
+  font-family: $font-code;
+  padding: 2px 6px;
+  border-radius: 3px;
+  background: rgba(var(--accent-primary-rgb), 0.08);
+  color: $text-secondary;
+  white-space: nowrap;
+  max-width: 200px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  cursor: default;
+
+  &:hover {
+    background: rgba(var(--accent-primary-rgb), 0.16);
+  }
+
+  &-more {
+    background: rgba(var(--accent-primary-rgb), 0.15);
+    color: $accent-primary;
+    font-weight: 500;
+  }
+}
+
+.tools-empty {
+  height: 88px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+}
+
+.muted {
+  color: $text-muted;
+  font-size: 12px;
+}
+
+.card-footer {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  border-top: 1px solid $border-light;
+  padding-top: 10px;
+}
+
+.card-actions {
+  display: flex;
+  gap: 8px;
+  flex-wrap: wrap;
+}
+</style>
diff --git a/packages/client/src/components/hermes/models/CodexLoginModal.vue b/packages/client/src/components/hermes/models/CodexLoginModal.vue
new file mode 100644
index 0000000..19a33c4
--- /dev/null
+++ b/packages/client/src/components/hermes/models/CodexLoginModal.vue
@@ -0,0 +1,241 @@
+<script setup lang="ts">
+import { ref, onUnmounted } from 'vue'
+import { NModal, NButton, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { startCodexLogin, pollCodexLogin } from '@/api/hermes/codex-auth'
+import { copyToClipboard } from '@/utils/clipboard'
+
+const { t } = useI18n()
+const emit = defineEmits<{ close: []; success: [] }>()
+const message = useMessage()
+
+const showModal = ref(true)
+const status = ref<'idle' | 'loading' | 'waiting' | 'approved' | 'expired' | 'error'>('idle')
+const userCode = ref('')
+const verificationUrl = ref('')
+const sessionId = ref('')
+const errorMessage = ref('')
+let pollTimer: ReturnType<typeof setTimeout> | null = null
+
+async function startLogin() {
+  status.value = 'loading'
+  errorMessage.value = ''
+
+  try {
+    const data = await startCodexLogin()
+    userCode.value = data.user_code
+    verificationUrl.value = data.verification_url
+    sessionId.value = data.session_id
+    status.value = 'waiting'
+    startPolling()
+  } catch (err: any) {
+    status.value = 'error'
+    const msg = err.message || ''
+    // Try to extract friendly error from response
+    try {
+      const match = msg.match(/\{[\s\S]*\}$/)
+      if (match) {
+        const body = JSON.parse(match[0])
+        errorMessage.value = body.error || msg
+      } else {
+        errorMessage.value = msg
+      }
+    } catch {
+      errorMessage.value = msg
+    }
+    message.error(errorMessage.value)
+  }
+}
+
+function startPolling() {
+  stopPolling()
+  pollTimer = setTimeout(async () => {
+    try {
+      const result = await pollCodexLogin(sessionId.value)
+      if (result.status === 'pending') {
+        startPolling()
+      } else if (result.status === 'approved') {
+        status.value = 'approved'
+        message.success(t('models.codexApproved'))
+        setTimeout(() => {
+          showModal.value = false
+          setTimeout(() => emit('success'), 200)
+        }, 1000)
+      } else if (result.status === 'expired') {
+        status.value = 'expired'
+      } else if (result.status === 'error') {
+        status.value = 'error'
+        errorMessage.value = result.error || 'Unknown error'
+      }
+    } catch {
+      startPolling()
+    }
+  }, 3000)
+}
+
+function stopPolling() {
+  if (pollTimer) {
+    clearTimeout(pollTimer)
+    pollTimer = null
+  }
+}
+
+function handleClose() {
+  stopPolling()
+  showModal.value = false
+  setTimeout(() => emit('close'), 200)
+}
+
+async function copyCode() {
+  const ok = await copyToClipboard(userCode.value)
+  if (ok) message.success(t('models.codexCopyCode'))
+  else message.error(t('models.codexCopyCode') + ' ✗')
+}
+
+function openLink() {
+  window.open(verificationUrl.value, '_blank')
+}
+
+function retry() {
+  status.value = 'idle'
+  userCode.value = ''
+  verificationUrl.value = ''
+  sessionId.value = ''
+  errorMessage.value = ''
+  startLogin()
+}
+
+onUnmounted(() => {
+  stopPolling()
+})
+
+// Auto-start when modal opens
+startLogin()
+</script>
+
+<template>
+  <NModal
+    v-model:show="showModal"
+    preset="card"
+    :title="t('models.codexLoginTitle')"
+    :style="{ width: 'min(440px, calc(100vw - 32px))' }"
+    :mask-closable="status !== 'waiting'"
+    @after-leave="emit('close')"
+  >
+    <div class="codex-login">
+      <!-- Idle / Loading -->
+      <div v-if="status === 'idle' || status === 'loading'" class="codex-login__state">
+        <NSpin size="small" />
+      </div>
+
+      <!-- Waiting for authorization -->
+      <div v-else-if="status === 'waiting'" class="codex-login__state">
+        <p class="codex-login__hint">{{ t('models.codexWaiting') }}</p>
+        <div class="codex-login__code" @click="copyCode">
+          <span class="codex-login__code-text">{{ userCode }}</span>
+          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="9" y="9" width="13" height="13" rx="2"/><path d="M5 15H4a2 2 0 01-2-2V4a2 2 0 012-2h9a2 2 0 012 2v1"/></svg>
+        </div>
+        <NButton type="primary" block @click="openLink">
+          <template #icon>
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M18 13v6a2 2 0 01-2 2H5a2 2 0 01-2-2V8a2 2 0 012-2h6"/><polyline points="15 3 21 3 21 9"/><line x1="10" y1="14" x2="21" y2="3"/></svg>
+          </template>
+          {{ t('models.codexOpenLink') }}
+        </NButton>
+      </div>
+
+      <!-- Approved -->
+      <div v-else-if="status === 'approved'" class="codex-login__state codex-login__state--success">
+        <svg width="40" height="40" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 11.08V12a10 10 0 11-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg>
+        <p>{{ t('models.codexApproved') }}</p>
+      </div>
+
+      <!-- Expired -->
+      <div v-else-if="status === 'expired'" class="codex-login__state">
+        <p class="codex-login__error">{{ t('models.codexExpired') }}</p>
+        <NButton size="small" @click="retry">{{ t('common.retry') }}</NButton>
+      </div>
+
+      <!-- Error -->
+      <div v-else-if="status === 'error'" class="codex-login__state">
+        <p class="codex-login__error">{{ errorMessage }}</p>
+        <NButton size="small" @click="retry">{{ t('common.retry') }}</NButton>
+      </div>
+    </div>
+
+    <template #footer>
+      <div class="modal-footer">
+        <NButton :disabled="status === 'waiting'" @click="handleClose">{{ t('common.cancel') }}</NButton>
+      </div>
+    </template>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.codex-login {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  padding: 8px 0;
+}
+
+.codex-login__state {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 16px;
+  min-height: 120px;
+  justify-content: center;
+  width: 100%;
+}
+
+.codex-login__hint {
+  font-size: 14px;
+  color: var(--n-text-color, inherit);
+  text-align: center;
+  line-height: 1.6;
+}
+
+.codex-login__code {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding: 12px 20px;
+  border: 1px solid var(--n-border-color, #e0e0e6);
+  border-radius: 8px;
+  cursor: pointer;
+  transition: border-color 0.2s;
+  background: var(--n-color, #fafafa);
+
+  &:hover {
+    border-color: var(--n-primary-color, #18a058);
+  }
+}
+
+.codex-login__code-text {
+  font-size: 28px;
+  font-weight: 700;
+  font-family: monospace;
+  letter-spacing: 4px;
+  color: var(--n-text-color, inherit);
+}
+
+.codex-login__state--success {
+  color: #18a058;
+
+  svg {
+    stroke: #18a058;
+  }
+}
+
+.codex-login__error {
+  color: #d03050;
+  text-align: center;
+  font-size: 13px;
+}
+
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/models/CopilotLoginModal.vue b/packages/client/src/components/hermes/models/CopilotLoginModal.vue
new file mode 100644
index 0000000..179106e
--- /dev/null
+++ b/packages/client/src/components/hermes/models/CopilotLoginModal.vue
@@ -0,0 +1,243 @@
+<script setup lang="ts">
+import { ref, onUnmounted } from 'vue'
+import { NModal, NButton, NSpin, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { startCopilotLogin, pollCopilotLogin } from '@/api/hermes/copilot-auth'
+import { copyToClipboard } from '@/utils/clipboard'
+
+const { t } = useI18n()
+const emit = defineEmits<{ close: []; success: [] }>()
+const message = useMessage()
+
+const showModal = ref(true)
+const status = ref<'idle' | 'loading' | 'waiting' | 'approved' | 'expired' | 'error'>('idle')
+const userCode = ref('')
+const verificationUrl = ref('')
+const sessionId = ref('')
+const errorMessage = ref('')
+let pollTimer: ReturnType<typeof setTimeout> | null = null
+
+async function startLogin() {
+  status.value = 'loading'
+  errorMessage.value = ''
+
+  try {
+    const data = await startCopilotLogin()
+    userCode.value = data.user_code
+    verificationUrl.value = data.verification_url
+    sessionId.value = data.session_id
+    status.value = 'waiting'
+    startPolling()
+  } catch (err: any) {
+    status.value = 'error'
+    const msg = err?.message || ''
+    try {
+      const match = msg.match(/\{[\s\S]*\}$/)
+      if (match) {
+        const body = JSON.parse(match[0])
+        errorMessage.value = body.error || msg
+      } else {
+        errorMessage.value = msg
+      }
+    } catch {
+      errorMessage.value = msg
+    }
+    message.error(errorMessage.value)
+  }
+}
+
+function startPolling() {
+  stopPolling()
+  pollTimer = setTimeout(async () => {
+    try {
+      const result = await pollCopilotLogin(sessionId.value)
+      if (result.status === 'pending') {
+        startPolling()
+      } else if (result.status === 'approved') {
+        status.value = 'approved'
+        message.success(t('models.copilotApproved'))
+        setTimeout(() => {
+          showModal.value = false
+          setTimeout(() => emit('success'), 200)
+        }, 1000)
+      } else if (result.status === 'expired') {
+        status.value = 'expired'
+      } else if (result.status === 'denied') {
+        status.value = 'error'
+        errorMessage.value = t('models.copilotDenied')
+      } else if (result.status === 'error') {
+        status.value = 'error'
+        errorMessage.value = result.error || 'Unknown error'
+      }
+    } catch {
+      startPolling()
+    }
+  }, 3000)
+}
+
+function stopPolling() {
+  if (pollTimer) {
+    clearTimeout(pollTimer)
+    pollTimer = null
+  }
+}
+
+function handleClose() {
+  stopPolling()
+  showModal.value = false
+  setTimeout(() => emit('close'), 200)
+}
+
+async function copyCode() {
+  const ok = await copyToClipboard(userCode.value)
+  if (ok) message.success(t('models.copilotCopyCode'))
+  else message.error(t('models.copilotCopyCode') + ' ✗')
+}
+
+function openLink() {
+  window.open(verificationUrl.value, '_blank')
+}
+
+function retry() {
+  status.value = 'idle'
+  userCode.value = ''
+  verificationUrl.value = ''
+  sessionId.value = ''
+  errorMessage.value = ''
+  startLogin()
+}
+
+onUnmounted(() => {
+  stopPolling()
+})
+
+// Auto-start when modal opens
+startLogin()
+</script>
+
+<template>
+  <NModal
+    v-model:show="showModal"
+    preset="card"
+    :title="t('models.copilotLoginTitle')"
+    :style="{ width: 'min(440px, calc(100vw - 32px))' }"
+    :mask-closable="status !== 'waiting'"
+    @after-leave="emit('close')"
+  >
+    <div class="copilot-login">
+      <!-- Idle / Loading -->
+      <div v-if="status === 'idle' || status === 'loading'" class="copilot-login__state">
+        <NSpin size="small" />
+      </div>
+
+      <!-- Waiting for authorization -->
+      <div v-else-if="status === 'waiting'" class="copilot-login__state">
+        <p class="copilot-login__hint">{{ t('models.copilotWaiting') }}</p>
+        <div class="copilot-login__code" @click="copyCode">
+          <span class="copilot-login__code-text">{{ userCode }}</span>
+          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="9" y="9" width="13" height="13" rx="2"/><path d="M5 15H4a2 2 0 01-2-2V4a2 2 0 012-2h9a2 2 0 012 2v1"/></svg>
+        </div>
+        <NButton type="primary" block @click="openLink">
+          <template #icon>
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M18 13v6a2 2 0 01-2 2H5a2 2 0 01-2-2V8a2 2 0 012-2h6"/><polyline points="15 3 21 3 21 9"/><line x1="10" y1="14" x2="21" y2="3"/></svg>
+          </template>
+          {{ t('models.copilotOpenLink') }}
+        </NButton>
+      </div>
+
+      <!-- Approved -->
+      <div v-else-if="status === 'approved'" class="copilot-login__state copilot-login__state--success">
+        <svg width="40" height="40" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 11.08V12a10 10 0 11-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg>
+        <p>{{ t('models.copilotApproved') }}</p>
+      </div>
+
+      <!-- Expired -->
+      <div v-else-if="status === 'expired'" class="copilot-login__state">
+        <p class="copilot-login__error">{{ t('models.copilotExpired') }}</p>
+        <NButton size="small" @click="retry">{{ t('common.retry') }}</NButton>
+      </div>
+
+      <!-- Error -->
+      <div v-else-if="status === 'error'" class="copilot-login__state">
+        <p class="copilot-login__error">{{ errorMessage }}</p>
+        <NButton size="small" @click="retry">{{ t('common.retry') }}</NButton>
+      </div>
+    </div>
+
+    <template #footer>
+      <div class="modal-footer">
+        <NButton :disabled="status === 'waiting'" @click="handleClose">{{ t('common.cancel') }}</NButton>
+      </div>
+    </template>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.copilot-login {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  padding: 8px 0;
+}
+
+.copilot-login__state {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 16px;
+  min-height: 120px;
+  justify-content: center;
+  width: 100%;
+}
+
+.copilot-login__hint {
+  font-size: 14px;
+  color: var(--n-text-color, inherit);
+  text-align: center;
+  line-height: 1.6;
+}
+
+.copilot-login__code {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding: 12px 20px;
+  border: 1px solid var(--n-border-color, #e0e0e6);
+  border-radius: 8px;
+  cursor: pointer;
+  transition: border-color 0.2s;
+  background: var(--n-color, #fafafa);
+
+  &:hover {
+    border-color: var(--n-primary-color, #18a058);
+  }
+}
+
+.copilot-login__code-text {
+  font-size: 28px;
+  font-weight: 700;
+  font-family: monospace;
+  letter-spacing: 4px;
+  color: var(--n-text-color, inherit);
+}
+
+.copilot-login__state--success {
+  color: #18a058;
+
+  svg {
+    stroke: #18a058;
+  }
+}
+
+.copilot-login__error {
+  color: #d03050;
+  text-align: center;
+  font-size: 13px;
+}
+
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/models/NousLoginModal.vue b/packages/client/src/components/hermes/models/NousLoginModal.vue
new file mode 100644
index 0000000..a594d33
--- /dev/null
+++ b/packages/client/src/components/hermes/models/NousLoginModal.vue
@@ -0,0 +1,243 @@
+<script setup lang="ts">
+import { ref, onUnmounted } from 'vue'
+import { NModal, NButton, NSpin, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { startNousLogin, pollNousLogin } from '@/api/hermes/nous-auth'
+import { copyToClipboard } from '@/utils/clipboard'
+
+const { t } = useI18n()
+const emit = defineEmits<{ close: []; success: [] }>()
+const message = useMessage()
+
+const showModal = ref(true)
+const status = ref<'idle' | 'loading' | 'waiting' | 'approved' | 'expired' | 'error'>('idle')
+const userCode = ref('')
+const verificationUrl = ref('')
+const sessionId = ref('')
+const errorMessage = ref('')
+let pollTimer: ReturnType<typeof setTimeout> | null = null
+
+async function startLogin() {
+  status.value = 'loading'
+  errorMessage.value = ''
+
+  try {
+    const data = await startNousLogin()
+    userCode.value = data.user_code
+    verificationUrl.value = data.verification_url
+    sessionId.value = data.session_id
+    status.value = 'waiting'
+    startPolling()
+  } catch (err: any) {
+    status.value = 'error'
+    const msg = err.message || ''
+    try {
+      const match = msg.match(/\{[\s\S]*\}$/)
+      if (match) {
+        const body = JSON.parse(match[0])
+        errorMessage.value = body.error || msg
+      } else {
+        errorMessage.value = msg
+      }
+    } catch {
+      errorMessage.value = msg
+    }
+    message.error(errorMessage.value)
+  }
+}
+
+function startPolling() {
+  stopPolling()
+  pollTimer = setTimeout(async () => {
+    try {
+      const result = await pollNousLogin(sessionId.value)
+      if (result.status === 'pending') {
+        startPolling()
+      } else if (result.status === 'approved') {
+        status.value = 'approved'
+        message.success(t('models.nousApproved'))
+        setTimeout(() => {
+          showModal.value = false
+          setTimeout(() => emit('success'), 200)
+        }, 1000)
+      } else if (result.status === 'expired') {
+        status.value = 'expired'
+      } else if (result.status === 'denied') {
+        status.value = 'error'
+        errorMessage.value = t('models.nousDenied')
+      } else if (result.status === 'error') {
+        status.value = 'error'
+        errorMessage.value = result.error || 'Unknown error'
+      }
+    } catch {
+      startPolling()
+    }
+  }, 3000)
+}
+
+function stopPolling() {
+  if (pollTimer) {
+    clearTimeout(pollTimer)
+    pollTimer = null
+  }
+}
+
+function handleClose() {
+  stopPolling()
+  showModal.value = false
+  setTimeout(() => emit('close'), 200)
+}
+
+async function copyCode() {
+  const ok = await copyToClipboard(userCode.value)
+  if (ok) message.success(t('models.nousCopyCode'))
+  else message.error(t('models.nousCopyCode') + ' ✗')
+}
+
+function openLink() {
+  window.open(verificationUrl.value, '_blank')
+}
+
+function retry() {
+  status.value = 'idle'
+  userCode.value = ''
+  verificationUrl.value = ''
+  sessionId.value = ''
+  errorMessage.value = ''
+  startLogin()
+}
+
+onUnmounted(() => {
+  stopPolling()
+})
+
+// Auto-start when modal opens
+startLogin()
+</script>
+
+<template>
+  <NModal
+    v-model:show="showModal"
+    preset="card"
+    :title="t('models.nousLoginTitle')"
+    :style="{ width: 'min(440px, calc(100vw - 32px))' }"
+    :mask-closable="status !== 'waiting'"
+    @after-leave="emit('close')"
+  >
+    <div class="nous-login">
+      <!-- Idle / Loading -->
+      <div v-if="status === 'idle' || status === 'loading'" class="nous-login__state">
+        <NSpin size="small" />
+      </div>
+
+      <!-- Waiting for authorization -->
+      <div v-else-if="status === 'waiting'" class="nous-login__state">
+        <p class="nous-login__hint">{{ t('models.nousWaiting') }}</p>
+        <div class="nous-login__code" @click="copyCode">
+          <span class="nous-login__code-text">{{ userCode }}</span>
+          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="9" y="9" width="13" height="13" rx="2"/><path d="M5 15H4a2 2 0 01-2-2V4a2 2 0 012-2h9a2 2 0 012 2v1"/></svg>
+        </div>
+        <NButton type="primary" block @click="openLink">
+          <template #icon>
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M18 13v6a2 2 0 01-2 2H5a2 2 0 01-2-2V8a2 2 0 012-2h6"/><polyline points="15 3 21 3 21 9"/><line x1="10" y1="14" x2="21" y2="3"/></svg>
+          </template>
+          {{ t('models.nousOpenLink') }}
+        </NButton>
+      </div>
+
+      <!-- Approved -->
+      <div v-else-if="status === 'approved'" class="nous-login__state nous-login__state--success">
+        <svg width="40" height="40" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 11.08V12a10 10 0 11-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg>
+        <p>{{ t('models.nousApproved') }}</p>
+      </div>
+
+      <!-- Expired -->
+      <div v-else-if="status === 'expired'" class="nous-login__state">
+        <p class="nous-login__error">{{ t('models.nousExpired') }}</p>
+        <NButton size="small" @click="retry">{{ t('common.retry') }}</NButton>
+      </div>
+
+      <!-- Error -->
+      <div v-else-if="status === 'error'" class="nous-login__state">
+        <p class="nous-login__error">{{ errorMessage }}</p>
+        <NButton size="small" @click="retry">{{ t('common.retry') }}</NButton>
+      </div>
+    </div>
+
+    <template #footer>
+      <div class="modal-footer">
+        <NButton :disabled="status === 'waiting'" @click="handleClose">{{ t('common.cancel') }}</NButton>
+      </div>
+    </template>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.nous-login {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  padding: 8px 0;
+}
+
+.nous-login__state {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 16px;
+  min-height: 120px;
+  justify-content: center;
+  width: 100%;
+}
+
+.nous-login__hint {
+  font-size: 14px;
+  color: var(--n-text-color, inherit);
+  text-align: center;
+  line-height: 1.6;
+}
+
+.nous-login__code {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding: 12px 20px;
+  border: 1px solid var(--n-border-color, #e0e0e6);
+  border-radius: 8px;
+  cursor: pointer;
+  transition: border-color 0.2s;
+  background: var(--n-color, #fafafa);
+
+  &:hover {
+    border-color: var(--n-primary-color, #18a058);
+  }
+}
+
+.nous-login__code-text {
+  font-size: 28px;
+  font-weight: 700;
+  font-family: monospace;
+  letter-spacing: 4px;
+  color: var(--n-text-color, inherit);
+}
+
+.nous-login__state--success {
+  color: #18a058;
+
+  svg {
+    stroke: #18a058;
+  }
+}
+
+.nous-login__error {
+  color: #d03050;
+  text-align: center;
+  font-size: 13px;
+}
+
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/models/ProviderCard.vue b/packages/client/src/components/hermes/models/ProviderCard.vue
new file mode 100644
index 0000000..6724b61
--- /dev/null
+++ b/packages/client/src/components/hermes/models/ProviderCard.vue
@@ -0,0 +1,603 @@
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import { NButton, NCheckbox, NCheckboxGroup, NModal, NInput, useMessage, useDialog } from 'naive-ui'
+import type { AvailableModelGroup } from '@/api/hermes/system'
+import { useModelsStore } from '@/stores/hermes/models'
+import { useAppStore } from '@/stores/hermes/app'
+import { useChatStore } from '@/stores/hermes/chat'
+import { checkCopilotToken, disableCopilot } from '@/api/hermes/copilot-auth'
+import { useI18n } from 'vue-i18n'
+
+const props = defineProps<{ provider: AvailableModelGroup }>()
+
+const { t } = useI18n()
+const modelsStore = useModelsStore()
+const appStore = useAppStore()
+const chatStore = useChatStore()
+const message = useMessage()
+const dialog = useDialog()
+
+const isCustom = computed(() => !props.provider.builtin && props.provider.provider.startsWith('custom:'))
+const isCopilot = computed(() => props.provider.provider === 'copilot')
+const displayName = computed(() => props.provider.label)
+const deleting = ref(false)
+
+const showAliasListModal = ref(false)
+const showAliasModal = ref(false)
+const aliasProvider = ref('')
+const aliasModel = ref('')
+const aliasInput = ref('')
+
+const showVisibilityModal = ref(false)
+const visibilitySaving = ref(false)
+const selectedVisibleModels = ref<string[]>([])
+
+const sourceProvider = computed(() => modelsStore.allProviders.find(g => g.provider === props.provider.provider))
+const allModels = computed(() => props.provider.available_models?.length ? props.provider.available_models : (sourceProvider.value?.models?.length ? sourceProvider.value.models : props.provider.models))
+const visibilityRule = computed(() => appStore.getProviderVisibility(props.provider.provider))
+const isFiltered = computed(() => visibilityRule.value.mode === 'include')
+const visibleCountLabel = computed(() => `${props.provider.models.length}/${allModels.value.length}`)
+const isDefaultProvider = computed(() => modelsStore.defaultProvider === props.provider.provider)
+
+function isDefaultModel(model: string) {
+  return isDefaultProvider.value && modelsStore.defaultModel === model
+}
+
+function modelAlias(model: string) {
+  return appStore.getModelAlias(model, props.provider.provider)
+}
+
+function modelDisplayName(model: string) {
+  return appStore.displayModelName(model, props.provider.provider)
+}
+
+function openAliasEditor(model: string) {
+  aliasProvider.value = props.provider.provider
+  aliasModel.value = model
+  aliasInput.value = appStore.getModelAlias(model, props.provider.provider)
+  showAliasModal.value = true
+}
+
+async function saveAlias() {
+  if (!aliasModel.value || !aliasProvider.value) return
+  try {
+    await appStore.setModelAlias(aliasModel.value, aliasProvider.value, aliasInput.value)
+    showAliasModal.value = false
+  } catch (e: any) {
+    message.error(e.message || t('models.aliasSaveFailed'))
+  }
+}
+
+async function clearAlias() {
+  aliasInput.value = ''
+  await saveAlias()
+}
+
+function openVisibilityModal() {
+  const rule = appStore.getProviderVisibility(props.provider.provider)
+  selectedVisibleModels.value = rule.mode === 'include' ? allModels.value.filter(m => rule.models.includes(m)) : [...allModels.value]
+  showVisibilityModal.value = true
+}
+
+async function handleVisibilitySave() {
+  if (selectedVisibleModels.value.length === 0) {
+    message.error(t('models.visibilitySelectOne'))
+    return
+  }
+  visibilitySaving.value = true
+  try {
+    const selected = selectedVisibleModels.value.filter(m => allModels.value.includes(m))
+    const mode = selected.length === allModels.value.length ? 'all' : 'include'
+    await appStore.setModelVisibility(props.provider.provider, { mode, models: selected })
+    await modelsStore.fetchProviders()
+    showVisibilityModal.value = false
+    message.success(t('models.visibilitySaved'))
+  } catch (e: any) {
+    message.error(e.message || t('models.visibilitySaveFailed'))
+  } finally {
+    visibilitySaving.value = false
+  }
+}
+
+function resetVisibility() {
+  selectedVisibleModels.value = [...allModels.value]
+}
+
+function clearVisibility() {
+  selectedVisibleModels.value = []
+}
+
+async function handleDelete() {
+  let copilotMsg = ''
+  if (isCopilot.value) {
+    // 提前查 source，让用户清楚移除会不会影响 VS Code/gh CLI 等其他工具的登录态
+    try {
+      const status = await checkCopilotToken()
+      if (status.source === 'env') copilotMsg = t('models.copilotDeleteHintEnv')
+      else if (status.source === 'gh-cli') copilotMsg = t('models.copilotDeleteHintGhCli')
+      else if (status.source === 'apps-json') copilotMsg = t('models.copilotDeleteHintAppsJson')
+    } catch { /* ignore — fall back to generic confirm copy */ }
+  }
+  dialog.warning({
+    title: t('models.deleteProvider'),
+    content: isCopilot.value && copilotMsg
+      ? `${t('models.deleteConfirm', { name: displayName.value })}\n\n${copilotMsg}`
+      : t('models.deleteConfirm', { name: displayName.value }),
+    positiveText: t('common.delete'),
+    negativeText: t('common.cancel'),
+    onPositiveClick: async () => {
+      deleting.value = true
+      try {
+        if (isCopilot.value) {
+          // Copilot 走显式 opt-in 模型：disable 把 enabled 置 false，
+          // 仅当 token 来自 ~/.hermes/.env 时才清掉，gh-cli / apps.json 不动。
+          await disableCopilot()
+          // 服务端会在默认模型属于 copilot 时清掉 model.default，这里再清理本地
+          // 会话级 model/provider，避免 Chat 页继续显示已下架的 copilot 模型。
+          chatStore.clearProviderFromSessions('copilot')
+          await modelsStore.fetchProviders()
+        } else {
+          await modelsStore.removeProvider(props.provider.provider)
+        }
+        // 删完之后若已没有默认模型，自动从剩余 provider 里挑一个，避免 chat 页
+        // "无默认模型"的尴尬态。与 hermes CLI `model` 子命令的隐含行为对齐。
+        if (!appStore.selectedModel && appStore.modelGroups.length > 0) {
+          const first = appStore.modelGroups.find(g => g.models.length > 0)
+          if (first) {
+            await appStore.switchModel(first.models[0], first.provider)
+          }
+        }
+        message.success(t('models.providerDeleted'))
+      } catch (e: any) {
+        message.error(e.message)
+      } finally {
+        deleting.value = false
+      }
+    },
+  })
+}
+</script>
+
+<template>
+  <div class="provider-card">
+    <div class="card-header">
+      <h3 class="provider-name">{{ displayName }}</h3>
+      <div class="provider-badges">
+        <span v-if="isDefaultProvider" class="type-badge default">{{ t('models.currentDefault') }}</span>
+        <span class="type-badge" :class="isCustom ? 'custom' : 'builtin'">
+          {{ isCustom ? t('models.customType') : t('models.builtIn') }}
+        </span>
+      </div>
+    </div>
+
+    <div class="card-body">
+      <div class="info-row">
+        <span class="info-label">{{ t('models.provider') }}</span>
+        <code class="info-value mono">{{ provider.provider }}</code>
+      </div>
+      <div class="info-row">
+        <span class="info-label">{{ t('models.baseUrl') }}</span>
+        <code class="info-value mono">{{ provider.base_url }}</code>
+      </div>
+      <div class="info-row models-row">
+        <span class="info-label">{{ t('models.models') }}</span>
+        <span class="info-value models-count">
+          {{ isFiltered ? visibleCountLabel : provider.models.length }} {{ t('models.count') }}
+        </span>
+      </div>
+      <div class="models-list">
+        <button
+          v-for="model in provider.models.slice(0, 20)"
+          :key="model"
+          class="model-tag model-tag-button"
+          :class="{ default: isDefaultModel(model) }"
+          type="button"
+          :title="t('models.aliasTitleFor', { model })"
+          @click="openAliasEditor(model)"
+        >
+          <span class="model-tag-name">{{ modelDisplayName(model) }}</span>
+          <span v-if="isDefaultModel(model)" class="model-tag-default">{{ t('models.defaultShort') }}</span>
+          <span v-if="modelAlias(model)" class="model-tag-id">{{ model }}</span>
+        </button>
+        <span v-if="provider.models.length > 20" class="model-tag model-tag-more">
+          +{{ provider.models.length - 20 }} {{ t('models.more') }}
+        </span>
+      </div>
+    </div>
+
+    <div class="card-actions">
+      <NButton size="tiny" quaternary @click="showAliasListModal = true">{{ t('models.aliasManage') }}</NButton>
+      <NButton size="tiny" quaternary @click="openVisibilityModal">{{ t('models.manageVisibleModels') }}</NButton>
+      <NButton size="tiny" quaternary type="error" :loading="deleting" @click="handleDelete">{{ t('common.delete') }}</NButton>
+    </div>
+
+    <NModal
+      v-model:show="showAliasListModal"
+      preset="card"
+      :title="t('models.aliasManageFor', { provider: displayName })"
+      :style="{ width: 'min(560px, calc(100vw - 32px))' }"
+      :mask-closable="true"
+    >
+      <div class="alias-list-hint">{{ t('models.aliasHint') }}</div>
+      <div class="alias-list">
+        <div v-for="model in provider.models" :key="model" class="alias-row">
+          <div class="alias-row-text">
+            <span class="alias-row-name">{{ modelDisplayName(model) }}</span>
+            <span v-if="isDefaultModel(model)" class="alias-row-default">{{ t('models.defaultShort') }}</span>
+            <code class="alias-row-id">{{ model }}</code>
+          </div>
+          <NButton size="tiny" quaternary @click="openAliasEditor(model)">{{ t('models.aliasEdit') }}</NButton>
+        </div>
+      </div>
+    </NModal>
+
+    <NModal
+      v-model:show="showAliasModal"
+      preset="card"
+      :title="aliasModel ? t('models.aliasTitleFor', { model: aliasModel }) : t('models.aliasTitle')"
+      :style="{ width: 'min(420px, calc(100vw - 32px))' }"
+      :mask-closable="true"
+    >
+      <NInput
+        v-model:value="aliasInput"
+        :placeholder="t('models.aliasPlaceholder')"
+        clearable
+        @keydown.enter="saveAlias"
+      />
+      <div v-if="aliasModel" class="model-alias-canonical">
+        {{ t('models.aliasCanonical', { model: aliasModel }) }}
+      </div>
+      <div class="model-alias-hint">{{ t('models.aliasHint') }}</div>
+      <template #footer>
+        <div class="model-alias-actions">
+          <NButton quaternary :disabled="!appStore.getModelAlias(aliasModel, aliasProvider)" @click="clearAlias">
+            {{ t('models.aliasUseOriginal') }}
+          </NButton>
+          <div class="model-alias-spacer" />
+          <NButton @click="showAliasModal = false">{{ t('common.cancel') }}</NButton>
+          <NButton type="primary" @click="saveAlias">{{ t('common.save') }}</NButton>
+        </div>
+      </template>
+    </NModal>
+
+    <NModal
+      v-model:show="showVisibilityModal"
+      preset="card"
+      :title="t('models.manageVisibleModelsFor', { name: displayName })"
+      :style="{ width: 'min(560px, calc(100vw - 32px))' }"
+      :mask-closable="!visibilitySaving"
+    >
+      <p class="visibility-hint">{{ t('models.visibilityHint') }}</p>
+      <div class="visibility-count">
+        {{ selectedVisibleModels.length }}/{{ allModels.length }} {{ t('models.count') }}
+      </div>
+      <div class="visibility-list">
+        <NCheckboxGroup v-model:value="selectedVisibleModels">
+          <NCheckbox
+            v-for="model in allModels"
+            :key="model"
+            :value="model"
+            class="visibility-model"
+          >
+            <code>{{ modelDisplayName(model) }}</code>
+            <code v-if="modelAlias(model)" class="visibility-model-id">{{ model }}</code>
+          </NCheckbox>
+        </NCheckboxGroup>
+      </div>
+      <div class="visibility-actions">
+        <NButton size="small" quaternary :disabled="visibilitySaving" @click="resetVisibility">
+          {{ t('models.showAllModels') }}
+        </NButton>
+        <NButton size="small" quaternary :disabled="visibilitySaving" @click="clearVisibility">
+          {{ t('models.clearVisibleModels') }}
+        </NButton>
+        <div class="visibility-action-spacer" />
+        <NButton size="small" :disabled="visibilitySaving" @click="showVisibilityModal = false">
+          {{ t('common.cancel') }}
+        </NButton>
+        <NButton size="small" type="primary" :loading="visibilitySaving" @click="handleVisibilitySave">
+          {{ t('common.save') }}
+        </NButton>
+      </div>
+    </NModal>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.provider-card {
+  background-color: $bg-card;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  padding: 16px;
+  transition: border-color $transition-fast;
+
+  &:hover {
+    border-color: rgba(var(--accent-primary-rgb), 0.3);
+  }
+}
+
+.card-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  margin-bottom: 12px;
+}
+
+.provider-name {
+  font-size: 15px;
+  font-weight: 600;
+  color: $text-primary;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  max-width: 70%;
+}
+
+.provider-badges {
+  display: flex;
+  align-items: center;
+  justify-content: flex-end;
+  gap: 6px;
+  min-width: 0;
+}
+
+.type-badge {
+  font-size: 11px;
+  padding: 2px 8px;
+  border-radius: 10px;
+  font-weight: 500;
+  white-space: nowrap;
+
+  &.builtin {
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    color: $accent-primary;
+  }
+
+  &.custom {
+    background: rgba(var(--success-rgb), 0.12);
+    color: $success;
+  }
+
+  &.default {
+    background: rgba(var(--warning-rgb), 0.14);
+    color: $warning;
+  }
+}
+
+.card-body {
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+  margin-bottom: 14px;
+}
+
+.info-row {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+}
+
+.info-label {
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.info-value {
+  font-size: 12px;
+  color: $text-secondary;
+}
+
+.mono {
+  font-family: $font-code;
+  font-size: 12px;
+}
+
+.models-row {
+  margin-top: 4px;
+}
+
+.models-count {
+  color: $text-muted;
+  font-size: 12px;
+}
+
+.models-list {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 4px 6px;
+  margin-top: 6px;
+  height: 100px;
+  overflow-y: auto;
+  align-content: flex-start;
+}
+
+.model-tag {
+  display: inline-flex;
+  align-items: center;
+  gap: 5px;
+  min-height: 22px;
+  font-size: 10px;
+  font-family: $font-code;
+  padding: 2px 6px;
+  border-radius: 3px;
+  background: rgba(var(--accent-primary-rgb), 0.08);
+  color: $text-secondary;
+  white-space: nowrap;
+  max-width: 260px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+
+  &-more {
+    background: rgba(var(--accent-primary-rgb), 0.15);
+    color: $accent-primary;
+    font-weight: 500;
+  }
+
+  &.default {
+    background: rgba(var(--warning-rgb), 0.14);
+    color: $text-primary;
+  }
+}
+
+.model-tag-button {
+  border: 0;
+  cursor: pointer;
+  text-align: left;
+
+  &:hover {
+    background: rgba(var(--accent-primary-rgb), 0.16);
+    color: $text-primary;
+  }
+}
+
+.model-tag-name,
+.model-tag-id {
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+.model-tag-id {
+  color: $text-muted;
+  font-size: 9px;
+}
+
+.model-tag-default,
+.alias-row-default {
+  color: $warning;
+  font-family: $font-ui;
+  font-size: 10px;
+  font-weight: 600;
+}
+
+.card-actions {
+  display: flex;
+  gap: 8px;
+  border-top: 1px solid $border-light;
+  padding-top: 10px;
+}
+
+.alias-list-hint,
+.model-alias-hint {
+  color: $text-muted;
+  font-size: 12px;
+}
+
+.alias-list-hint {
+  margin-bottom: 12px;
+}
+
+.alias-list {
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+  max-height: 45vh;
+  overflow-y: auto;
+}
+
+.alias-row {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding: 8px;
+  border: 1px solid $border-light;
+  border-radius: $radius-sm;
+}
+
+.alias-row-text {
+  flex: 1;
+  min-width: 0;
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+}
+
+.alias-row-name {
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  color: $text-primary;
+  font-family: $font-code;
+  font-size: 12px;
+}
+
+.alias-row-id,
+.model-alias-canonical {
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  color: $text-muted;
+  font-family: $font-code;
+  font-size: 11px;
+}
+
+.model-alias-canonical {
+  margin-top: 8px;
+}
+
+.model-alias-hint {
+  margin-top: 6px;
+}
+
+.model-alias-actions {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+
+.model-alias-spacer {
+  flex: 1;
+}
+
+.visibility-hint {
+  margin: 0 0 10px;
+  color: $text-secondary;
+  font-size: 13px;
+  line-height: 1.5;
+}
+
+.visibility-count {
+  color: $text-muted;
+  font-size: 12px;
+  margin-bottom: 10px;
+}
+
+.visibility-list {
+  max-height: 360px;
+  overflow-y: auto;
+  border: 1px solid $border-light;
+  border-radius: $radius-sm;
+  padding: 8px;
+}
+
+.visibility-model {
+  display: flex;
+  width: 100%;
+  padding: 4px 2px;
+
+  code {
+    font-family: $font-code;
+    font-size: 12px;
+    color: $text-secondary;
+  }
+}
+
+.visibility-model-id {
+  margin-left: 6px;
+  color: $text-muted !important;
+  font-size: 11px !important;
+}
+
+.visibility-actions {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  margin-top: 14px;
+}
+
+.visibility-action-spacer {
+  flex: 1;
+}
+</style>
diff --git a/packages/client/src/components/hermes/models/ProviderFormModal.vue b/packages/client/src/components/hermes/models/ProviderFormModal.vue
new file mode 100644
index 0000000..2d3b08e
--- /dev/null
+++ b/packages/client/src/components/hermes/models/ProviderFormModal.vue
@@ -0,0 +1,492 @@
+<script setup lang="ts">
+import { ref, watch, computed, onMounted } from 'vue'
+import { NModal, NForm, NFormItem, NInput, NInputNumber, NButton, NSelect, NRadioGroup, NRadioButton, useMessage, useDialog } from 'naive-ui'
+import { useModelsStore } from '@/stores/hermes/models'
+import { useI18n } from 'vue-i18n'
+import CodexLoginModal from './CodexLoginModal.vue'
+import NousLoginModal from './NousLoginModal.vue'
+import CopilotLoginModal from './CopilotLoginModal.vue'
+import XaiOAuthLoginModal from './XaiOAuthLoginModal.vue'
+import { checkCopilotToken, enableCopilot, type CopilotTokenSource } from '@/api/hermes/copilot-auth'
+import { fetchProviderModels } from '@/api/hermes/system'
+import { normalizeCustomProviderBaseUrl } from '@/utils/providerBaseUrl'
+
+const { t } = useI18n()
+
+const emit = defineEmits<{
+  close: []
+  saved: []
+}>()
+
+const modelsStore = useModelsStore()
+const message = useMessage()
+const dialog = useDialog()
+
+const showModal = ref(true)
+const loading = ref(false)
+const fetchingModels = ref(false)
+const showCodexLogin = ref(false)
+const showNousLogin = ref(false)
+const showCopilotLogin = ref(false)
+const showXaiLogin = ref(false)
+const copilotChecking = ref(false)
+
+const providerType = ref<'preset' | 'custom'>('preset')
+const selectedPreset = ref<string | null>(null)
+const formData = ref({
+  name: '',
+  base_url: '',
+  api_key: '',
+  model: '',
+  context_length: null as number | null,
+})
+
+const modelOptions = ref<Array<{ label: string; value: string }>>([])
+
+const CODEX_KEY = 'openai-codex'
+const NOUS_KEY = 'nous'
+const COPILOT_KEY = 'copilot'
+const CLIPROXYAPI_KEY = 'cliproxyapi'
+const XAI_OAUTH_KEY = 'xai-oauth'
+const ALIBABA_CODING_KEY = 'alibaba-coding-plan'
+const ALIBABA_CODING_REGIONS = {
+  intl: 'https://coding-intl.dashscope.aliyuncs.com/v1',
+  cn: 'https://coding.dashscope.aliyuncs.com/v1',
+} as const
+
+const isCodex = computed(() => selectedPreset.value === CODEX_KEY)
+const isNous = computed(() => selectedPreset.value === NOUS_KEY)
+const isCopilot = computed(() => selectedPreset.value === COPILOT_KEY)
+const isCliproxyApi = computed(() => selectedPreset.value === CLIPROXYAPI_KEY)
+const isXaiOAuth = computed(() => selectedPreset.value === XAI_OAUTH_KEY)
+const isAlibabaCoding = computed(() => selectedPreset.value === ALIBABA_CODING_KEY)
+const alibabaCodingRegion = ref<'intl' | 'cn'>('intl')
+
+const presetOptions = computed(() =>
+  modelsStore.allProviders.map(g => ({ label: g.label, value: g.provider })),
+)
+const selectedPresetProvider = computed(() =>
+  selectedPreset.value ? modelsStore.allProviders.find(g => g.provider === selectedPreset.value) : null,
+)
+const canEditPresetBaseUrl = computed(() => !!selectedPresetProvider.value?.base_url_env)
+
+const FUN_LINK_MAP: Record<string, string> = {
+  'fun-codex': 'https://apikey.fun/register?aff=LIBAPI',
+  'fun-claude': 'https://apikey.fun/register?aff=LIBAPI',
+}
+
+const funProviderLink = computed(() => selectedPreset.value ? FUN_LINK_MAP[selectedPreset.value] || '' : '')
+
+function autoGenerateName(url: string): string {
+  const clean = url.replace(/^https?:\/\//, '').replace(/\/v1\/?$/, '')
+  const host = clean.split('/')[0]
+  if (host.includes('localhost') || host.includes('127.0.0.1')) {
+    return t('models.local', { host })
+  }
+  return host.charAt(0).toUpperCase() + host.slice(1)
+}
+
+watch(selectedPreset, (val) => {
+  formData.value.model = ''
+  alibabaCodingRegion.value = 'intl'
+  if (val) {
+    const group = selectedPresetProvider.value
+    if (group) {
+      formData.value.name = group.label
+      formData.value.base_url = group.base_url
+      modelOptions.value = group.models.map((m: string) => ({ label: m, value: m }))
+      if (group.models.length > 0) {
+        formData.value.model = group.models[0]
+      }
+    }
+    if (val === COPILOT_KEY) {
+      // 判断是否已能解析到 token：有 → 弹简单确认；无 → 走 in-app device flow
+      void triggerCopilotAdd()
+    } else if (val === XAI_OAUTH_KEY) {
+      showXaiLogin.value = true
+    }
+  }
+})
+
+watch(alibabaCodingRegion, (region) => {
+  if (isAlibabaCoding.value) {
+    formData.value.base_url = ALIBABA_CODING_REGIONS[region]
+  }
+})
+
+watch(() => formData.value.base_url, (url) => {
+  if (providerType.value === 'custom' && url.trim() && !formData.value.name) {
+    formData.value.name = autoGenerateName(url.trim())
+  }
+})
+
+watch(providerType, () => {
+  modelOptions.value = []
+  formData.value = { name: '', base_url: '', api_key: '', model: '', context_length: null }
+  selectedPreset.value = null
+})
+
+onMounted(() => {
+  if (modelsStore.providers.length === 0) {
+    modelsStore.fetchProviders()
+  }
+})
+
+async function fetchModels() {
+  const { base_url } = formData.value
+  if (!base_url.trim()) {
+    message.warning(t('models.enterBaseUrl'))
+    return
+  }
+
+  fetchingModels.value = true
+  try {
+    const data = await fetchProviderModels({
+      base_url: base_url.trim(),
+      api_key: formData.value.api_key.trim(),
+    })
+    modelOptions.value = data.models.map(m => ({ label: m, value: m }))
+    if (modelOptions.value.length > 0 && !formData.value.model) {
+      formData.value.model = modelOptions.value[0].value
+    }
+    message.success(t('models.foundModels', { count: modelOptions.value.length }))
+  } catch (e: any) {
+    message.error(t('models.fetchFailed') + ': ' + e.message)
+  } finally {
+    fetchingModels.value = false
+  }
+}
+
+async function handleSave() {
+  if (providerType.value === 'preset' && !selectedPreset.value) {
+    message.warning(t('models.selectProviderRequired'))
+    return
+  }
+
+  // Codex: 弹出授权码弹窗
+  if (isCodex.value) {
+    showCodexLogin.value = true
+    return
+  }
+
+  // Nous: 弹出 OAuth 设备码弹窗
+  if (isNous.value) {
+    showNousLogin.value = true
+    return
+  }
+
+  // Copilot: 走 token-aware 的添加流程（已有 token → 确认窗；否则 device flow）
+  if (isCopilot.value) {
+    void triggerCopilotAdd()
+    return
+  }
+
+  if (isXaiOAuth.value) {
+    showXaiLogin.value = true
+    return
+  }
+
+  if (!formData.value.base_url.trim()) {
+    message.warning(t('models.baseUrlRequired'))
+    return
+  }
+  if (!formData.value.api_key.trim() && !isCliproxyApi.value && !isXaiOAuth.value) {
+    message.warning(t('models.apiKeyRequired'))
+    return
+  }
+  if (!formData.value.model) {
+    message.warning(t('models.modelRequired'))
+    return
+  }
+
+  loading.value = true
+  try {
+    const providerKey = providerType.value === 'preset'
+      ? selectedPreset.value
+      : null
+
+    const contextLength = formData.value.context_length ?? undefined
+    const baseUrl = providerType.value === 'custom'
+      ? normalizeCustomProviderBaseUrl(formData.value.base_url)
+      : formData.value.base_url.trim()
+
+    await modelsStore.addProvider({
+      name: formData.value.name.trim(),
+      base_url: baseUrl,
+      api_key: formData.value.api_key.trim(),
+      model: formData.value.model,
+      context_length: contextLength,
+      providerKey,
+    })
+    message.success(t('models.providerAdded'))
+    emit('saved')
+  } catch (e: any) {
+    message.error(e.message)
+  } finally {
+    loading.value = false
+  }
+}
+
+async function handleCodexSuccess() {
+  showCodexLogin.value = false
+  message.success(t('models.providerAdded'))
+  emit('saved')
+}
+
+async function handleNousSuccess() {
+  showNousLogin.value = false
+  message.success(t('models.providerAdded'))
+  emit('saved')
+}
+
+async function handleCopilotSuccess() {
+  showCopilotLogin.value = false
+  message.success(t('models.providerAdded'))
+  emit('saved')
+}
+
+async function handleXaiSuccess() {
+  showXaiLogin.value = false
+  message.success(t('models.providerAdded'))
+  emit('saved')
+}
+
+function copilotSourceLabel(source: CopilotTokenSource): string {
+  if (source === 'env') return t('models.copilotAddSourceEnv')
+  if (source === 'gh-cli') return t('models.copilotAddSourceGhCli')
+  if (source === 'apps-json') return t('models.copilotAddSourceAppsJson')
+  return ''
+}
+
+async function triggerCopilotAdd() {
+  if (copilotChecking.value) return
+  copilotChecking.value = true
+  try {
+    const status = await checkCopilotToken()
+    if (status.has_token) {
+      // 已能解析到 token：弹确认窗，用户点 [添加] → enable + saved
+      const sourceText = copilotSourceLabel(status.source)
+      dialog.success({
+        title: t('models.copilotAddDetectedTitle'),
+        content: sourceText
+          ? `${t('models.copilotAddDetected')}\n\n${sourceText}`
+          : t('models.copilotAddDetected'),
+        positiveText: t('common.add'),
+        negativeText: t('common.cancel'),
+        onPositiveClick: async () => {
+          try {
+            await enableCopilot()
+            message.success(t('models.providerAdded'))
+            emit('saved')
+          } catch (e: any) {
+            message.error(e?.message ?? String(e))
+          }
+        },
+        onNegativeClick: () => {
+          selectedPreset.value = null
+        },
+        onClose: () => {
+          selectedPreset.value = null
+        },
+      })
+    } else {
+      // 无 token：device flow
+      showCopilotLogin.value = true
+    }
+  } catch (e: any) {
+    message.error(e?.message ?? String(e))
+    selectedPreset.value = null
+  } finally {
+    copilotChecking.value = false
+  }
+}
+
+function handleCopilotClose() {
+  showCopilotLogin.value = false
+  // 用户取消 Copilot 引导时，清空选择避免卡在无 api_key 状态
+  selectedPreset.value = null
+}
+
+function handleXaiClose() {
+  showXaiLogin.value = false
+  selectedPreset.value = null
+}
+
+function handleClose() {
+  showModal.value = false
+  setTimeout(() => emit('close'), 200)
+}
+</script>
+
+<template>
+  <NModal
+    v-model:show="showModal"
+    preset="card"
+    :title="t('models.addProvider')"
+    :style="{ width: 'min(520px, calc(100vw - 32px))' }"
+    :mask-closable="!loading && !showCodexLogin && !showNousLogin && !showCopilotLogin && !showXaiLogin"
+    @after-leave="emit('close')"
+  >
+    <NForm label-placement="top">
+      <NFormItem :label="t('models.providerType')">
+        <div style="display: flex; gap: 12px">
+          <NButton
+            :type="providerType === 'preset' ? 'primary' : 'default'"
+            size="small"
+            @click="providerType = 'preset'"
+          >
+            {{ t('models.preset') }}
+          </NButton>
+          <NButton
+            :type="providerType === 'custom' ? 'primary' : 'default'"
+            size="small"
+            @click="providerType = 'custom'"
+          >
+            {{ t('models.custom') }}
+          </NButton>
+        </div>
+      </NFormItem>
+
+      <NFormItem v-if="providerType === 'preset'" :label="t('models.selectProvider')" required>
+        <NSelect
+          v-model:value="selectedPreset"
+          :options="presetOptions"
+          :placeholder="t('models.chooseProvider')"
+          filterable
+        />
+        <div v-if="selectedPreset && funProviderLink" class="fun-provider-hint">
+          <a :href="funProviderLink" target="_blank" rel="noopener noreferrer">
+            <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M18 13v6a2 2 0 01-2 2H5a2 2 0 01-2-2V8a2 2 0 012-2h6"/><polyline points="15 3 21 3 21 9"/><line x1="10" y1="14" x2="21" y2="3"/></svg>
+            {{ t('models.getApiKey') }}
+          </a>
+        </div>
+      </NFormItem>
+
+      <NFormItem v-if="providerType === 'custom'" :label="t('models.name')">
+        <NInput
+          v-model:value="formData.name"
+          :placeholder="t('models.autoGeneratedName')"
+        />
+      </NFormItem>
+
+      <NFormItem v-if="isAlibabaCoding" :label="t('models.region')">
+        <NRadioGroup v-model:value="alibabaCodingRegion">
+          <NRadioButton value="intl">{{ t('models.regionIntl') }}</NRadioButton>
+          <NRadioButton value="cn">{{ t('models.regionCn') }}</NRadioButton>
+        </NRadioGroup>
+      </NFormItem>
+
+      <NFormItem v-if="!isCodex && !isNous" :label="t('models.baseUrl')" required>
+        <NInput
+          v-model:value="formData.base_url"
+          :placeholder="t('models.baseUrlPlaceholder')"
+          :disabled="providerType === 'preset' && !canEditPresetBaseUrl"
+        />
+      </NFormItem>
+
+      <NFormItem v-if="!isCodex && !isNous" :label="t('models.apiKey')" :required="!isCliproxyApi && !isXaiOAuth">
+        <NInput
+          v-model:value="formData.api_key"
+          type="password"
+          show-password-on="click"
+          :placeholder="t('models.apiKeyPlaceholder')"
+          autocomplete="off"
+        />
+      </NFormItem>
+
+      <NFormItem :label="t('models.defaultModel')" required>
+        <div style="display: flex; gap: 8px; width: 100%">
+          <NSelect
+            v-model:value="formData.model"
+            :options="modelOptions"
+            filterable
+            tag
+            :placeholder="t('models.selectOrInput')"
+            style="flex: 1"
+          />
+          <NButton
+            v-if="providerType === 'custom' || (providerType === 'preset' && modelOptions.length === 0)"
+            :loading="fetchingModels"
+            @click="fetchModels"
+          >
+            {{ t('common.fetch') }}
+          </NButton>
+        </div>
+      </NFormItem>
+
+      <NFormItem v-if="providerType === 'custom'" :label="t('models.contextLength')">
+        <NInputNumber
+          v-model:value="formData.context_length as number | null"
+          :placeholder="t('models.contextLengthPlaceholder')"
+          :min="0"
+          clearable
+          style="width: 100%"
+        />
+      </NFormItem>
+    </NForm>
+
+    <template #footer>
+      <div class="modal-footer">
+        <NButton @click="handleClose">{{ t('common.cancel') }}</NButton>
+        <NButton type="primary" :loading="loading" @click="handleSave">
+          {{ t('common.add') }}
+        </NButton>
+      </div>
+    </template>
+
+    <CodexLoginModal
+      v-if="showCodexLogin"
+      @close="showCodexLogin = false"
+      @success="handleCodexSuccess"
+    />
+
+    <NousLoginModal
+      v-if="showNousLogin"
+      @close="showNousLogin = false"
+      @success="handleNousSuccess"
+    />
+
+    <CopilotLoginModal
+      v-if="showCopilotLogin"
+      @close="handleCopilotClose"
+      @success="handleCopilotSuccess"
+    />
+
+    <XaiOAuthLoginModal
+      v-if="showXaiLogin"
+      @close="handleXaiClose"
+      @success="handleXaiSuccess"
+    />
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.fun-provider-hint {
+  margin-top: 6px;
+  font-size: 12px;
+
+  a {
+    display: inline-flex;
+    align-items: center;
+    gap: 6px;
+    padding: 4px 8px;
+    white-space: nowrap;
+    color: var(--accent-primary);
+    text-decoration: none;
+    opacity: 0.7;
+    transition: opacity 0.2s;
+
+    svg {
+      flex-shrink: 0;
+    }
+
+    &:hover { opacity: 1; }
+  }
+}
+
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/models/ProvidersPanel.vue b/packages/client/src/components/hermes/models/ProvidersPanel.vue
new file mode 100644
index 0000000..7955953
--- /dev/null
+++ b/packages/client/src/components/hermes/models/ProvidersPanel.vue
@@ -0,0 +1,54 @@
+<script setup lang="ts">
+import ProviderCard from './ProviderCard.vue'
+import { useModelsStore } from '@/stores/hermes/models'
+import { useI18n } from 'vue-i18n'
+
+const { t } = useI18n()
+const modelsStore = useModelsStore()
+</script>
+
+<template>
+  <div v-if="modelsStore.providers.length === 0" class="empty-state">
+    <svg width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" class="empty-icon">
+      <path d="M12 2L2 7l10 5 10-5-10-5z" />
+      <path d="M2 17l10 5 10-5" />
+      <path d="M2 12l10 5 10-5" />
+    </svg>
+    <p>{{ t('models.noProviders') }}</p>
+  </div>
+  <div v-else class="providers-grid">
+    <ProviderCard
+      v-for="g in modelsStore.providers"
+      :key="g.provider"
+      :provider="g"
+    />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.empty-state {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  height: 100%;
+  color: $text-muted;
+  gap: 12px;
+
+  .empty-icon {
+    opacity: 0.3;
+  }
+
+  p {
+    font-size: 14px;
+  }
+}
+
+.providers-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(min(100%, 420px), 1fr));
+  gap: 14px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/models/XaiOAuthLoginModal.vue b/packages/client/src/components/hermes/models/XaiOAuthLoginModal.vue
new file mode 100644
index 0000000..a0860be
--- /dev/null
+++ b/packages/client/src/components/hermes/models/XaiOAuthLoginModal.vue
@@ -0,0 +1,186 @@
+<script setup lang="ts">
+import { ref, onUnmounted } from 'vue'
+import { NModal, NButton, NSpin, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { startXaiLogin, pollXaiLogin } from '@/api/hermes/xai-auth'
+import { copyToClipboard } from '@/utils/clipboard'
+
+const { t } = useI18n()
+const emit = defineEmits<{ close: []; success: [] }>()
+const message = useMessage()
+
+const showModal = ref(true)
+const status = ref<'idle' | 'loading' | 'waiting' | 'approved' | 'expired' | 'error'>('idle')
+const authorizationUrl = ref('')
+const sessionId = ref('')
+const errorMessage = ref('')
+let pollTimer: ReturnType<typeof setTimeout> | null = null
+
+async function startLogin() {
+  status.value = 'loading'
+  errorMessage.value = ''
+  try {
+    const data = await startXaiLogin()
+    authorizationUrl.value = data.authorization_url
+    sessionId.value = data.session_id
+    status.value = 'waiting'
+    window.open(authorizationUrl.value, '_blank')
+    startPolling()
+  } catch (err: any) {
+    status.value = 'error'
+    errorMessage.value = err?.message || String(err)
+    message.error(errorMessage.value)
+  }
+}
+
+function startPolling() {
+  stopPolling()
+  pollTimer = setTimeout(async () => {
+    try {
+      const result = await pollXaiLogin(sessionId.value)
+      if (result.status === 'pending') {
+        startPolling()
+      } else if (result.status === 'approved') {
+        status.value = 'approved'
+        message.success(t('models.xaiApproved'))
+        setTimeout(() => {
+          showModal.value = false
+          setTimeout(() => emit('success'), 200)
+        }, 1000)
+      } else if (result.status === 'expired') {
+        status.value = 'expired'
+      } else if (result.status === 'error') {
+        status.value = 'error'
+        errorMessage.value = result.error || 'Unknown error'
+      }
+    } catch {
+      startPolling()
+    }
+  }, 2000)
+}
+
+function stopPolling() {
+  if (pollTimer) clearTimeout(pollTimer)
+  pollTimer = null
+}
+
+function handleClose() {
+  stopPolling()
+  showModal.value = false
+  setTimeout(() => emit('close'), 200)
+}
+
+function openLink() {
+  window.open(authorizationUrl.value, '_blank')
+}
+
+async function copyLink() {
+  const ok = await copyToClipboard(authorizationUrl.value)
+  if (ok) message.success(t('common.copied'))
+  else message.error(t('chat.copyFailed'))
+}
+
+function retry() {
+  status.value = 'idle'
+  authorizationUrl.value = ''
+  sessionId.value = ''
+  errorMessage.value = ''
+  startLogin()
+}
+
+onUnmounted(stopPolling)
+startLogin()
+</script>
+
+<template>
+  <NModal
+    v-model:show="showModal"
+    preset="card"
+    :title="t('models.xaiLoginTitle')"
+    :style="{ width: 'min(440px, calc(100vw - 32px))' }"
+    :mask-closable="status !== 'waiting'"
+    @after-leave="emit('close')"
+  >
+    <div class="xai-login">
+      <div v-if="status === 'idle' || status === 'loading'" class="xai-login__state">
+        <NSpin size="small" />
+      </div>
+
+      <div v-else-if="status === 'waiting'" class="xai-login__state">
+        <p class="xai-login__hint">{{ t('models.xaiWaiting') }}</p>
+        <NButton type="primary" block @click="openLink">
+          {{ t('models.xaiOpenLink') }}
+        </NButton>
+        <NButton block @click="copyLink">
+          {{ t('models.xaiCopyLink') }}
+        </NButton>
+      </div>
+
+      <div v-else-if="status === 'approved'" class="xai-login__state xai-login__state--success">
+        <svg width="40" height="40" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 11.08V12a10 10 0 11-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/></svg>
+        <p>{{ t('models.xaiApproved') }}</p>
+      </div>
+
+      <div v-else-if="status === 'expired'" class="xai-login__state">
+        <p class="xai-login__error">{{ t('models.xaiExpired') }}</p>
+        <NButton size="small" @click="retry">{{ t('common.retry') }}</NButton>
+      </div>
+
+      <div v-else-if="status === 'error'" class="xai-login__state">
+        <p class="xai-login__error">{{ errorMessage }}</p>
+        <NButton size="small" @click="retry">{{ t('common.retry') }}</NButton>
+      </div>
+    </div>
+
+    <template #footer>
+      <div class="modal-footer">
+        <NButton :disabled="status === 'waiting'" @click="handleClose">{{ t('common.cancel') }}</NButton>
+      </div>
+    </template>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.xai-login {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  padding: 8px 0;
+}
+
+.xai-login__state {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 16px;
+  min-height: 120px;
+  justify-content: center;
+  width: 100%;
+}
+
+.xai-login__hint {
+  font-size: 14px;
+  color: var(--n-text-color, inherit);
+  text-align: center;
+  line-height: 1.6;
+}
+
+.xai-login__state--success {
+  color: #18a058;
+
+  svg {
+    stroke: #18a058;
+  }
+}
+
+.xai-login__error {
+  color: #d03050;
+  text-align: center;
+  word-break: break-word;
+}
+
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+}
+</style>
diff --git a/packages/client/src/components/hermes/profiles/ProfileAvatar.vue b/packages/client/src/components/hermes/profiles/ProfileAvatar.vue
new file mode 100644
index 0000000..5a07b68
--- /dev/null
+++ b/packages/client/src/components/hermes/profiles/ProfileAvatar.vue
@@ -0,0 +1,56 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import multiavatar from '@multiavatar/multiavatar'
+import type { ProfileAvatar } from '@/api/hermes/profiles'
+
+const props = withDefaults(defineProps<{
+  name: string
+  avatar?: ProfileAvatar | null
+  size?: number
+}>(), {
+  size: 24,
+})
+
+const fallbackSeed = computed(() => props.name || 'default')
+const generatedSvg = computed(() => multiavatar(props.avatar?.seed || fallbackSeed.value))
+const style = computed(() => ({
+  width: `${props.size}px`,
+  height: `${props.size}px`,
+  flexBasis: `${props.size}px`,
+}))
+</script>
+
+<template>
+  <span class="profile-avatar-view" :style="style">
+    <img
+      v-if="avatar?.type === 'image' && avatar.dataUrl"
+      class="profile-avatar-image"
+      :src="avatar.dataUrl"
+      alt=""
+      draggable="false"
+    >
+    <span v-else class="profile-avatar-svg" v-html="generatedSvg" />
+  </span>
+</template>
+
+<style scoped>
+.profile-avatar-view {
+  display: inline-flex;
+  flex: 0 0 auto;
+  border-radius: 50%;
+  overflow: hidden;
+  background: var(--bg-secondary);
+}
+
+.profile-avatar-image,
+.profile-avatar-svg,
+.profile-avatar-svg :deep(svg) {
+  width: 100%;
+  height: 100%;
+  display: block;
+}
+
+.profile-avatar-image {
+  object-fit: cover;
+}
+</style>
diff --git a/packages/client/src/components/hermes/profiles/ProfileCard.vue b/packages/client/src/components/hermes/profiles/ProfileCard.vue
new file mode 100644
index 0000000..c648ec1
--- /dev/null
+++ b/packages/client/src/components/hermes/profiles/ProfileCard.vue
@@ -0,0 +1,302 @@
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import { NButton, NTag, NSpin, useMessage, useDialog } from 'naive-ui'
+import type { HermesProfile, HermesProfileDetail } from '@/api/hermes/profiles'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { useI18n } from 'vue-i18n'
+import ProfileAvatar from './ProfileAvatar.vue'
+
+const props = defineProps<{ profile: HermesProfile }>()
+const emit = defineEmits<{}>()
+
+const { t } = useI18n()
+const profilesStore = useProfilesStore()
+const message = useMessage()
+const dialog = useDialog()
+
+const expanded = ref(false)
+const detailLoading = ref(false)
+const exporting = ref(false)
+const switching = ref(false)
+const detail = ref<HermesProfileDetail | null>(null)
+
+const isDefault = computed(() => props.profile.name === 'default')
+
+async function toggleDetail() {
+  if (expanded.value) {
+    expanded.value = false
+    return
+  }
+  expanded.value = true
+  detailLoading.value = true
+  try {
+    detail.value = await profilesStore.fetchProfileDetail(props.profile.name)
+  } finally {
+    detailLoading.value = false
+  }
+}
+
+async function handleSwitch() {
+  dialog.warning({
+    title: t('profiles.switchTo'),
+    content: t('profiles.switchConfirm', { name: props.profile.name }),
+    positiveText: t('profiles.switchTo'),
+    negativeText: t('common.cancel'),
+    onPositiveClick: performHermesSwitch,
+  })
+}
+
+async function performHermesSwitch() {
+  switching.value = true
+  try {
+    const ok = await profilesStore.switchHermesProfile(props.profile.name)
+    if (ok) {
+      message.success(t('profiles.switchSuccess', { name: props.profile.name }))
+      // Reload to refresh all profile-dependent data
+      setTimeout(() => window.location.reload(), 500)
+    } else {
+      message.error(t('profiles.switchFailed'))
+    }
+  } finally {
+    switching.value = false
+  }
+}
+
+function handleDelete() {
+  dialog.warning({
+    title: t('profiles.delete'),
+    content: t('profiles.deleteConfirm', { name: props.profile.name }),
+    positiveText: t('common.delete'),
+    negativeText: t('common.cancel'),
+    onPositiveClick: async () => {
+      const ok = await profilesStore.deleteProfile(props.profile.name)
+      if (ok) {
+        message.success(t('profiles.deleteSuccess'))
+      } else {
+        message.error(t('profiles.deleteFailed'))
+      }
+    },
+  })
+}
+
+async function handleExport() {
+  exporting.value = true
+  try {
+    const ok = await profilesStore.exportProfile(props.profile.name)
+    if (ok) {
+      message.success(t('profiles.exportSuccess'))
+    } else {
+      message.error(t('profiles.exportFailed'))
+    }
+  } finally {
+    exporting.value = false
+  }
+}
+</script>
+
+<template>
+  <div class="profile-card" :class="{ active: profile.active }">
+    <div class="card-header">
+      <div class="profile-title">
+        <ProfileAvatar :name="profile.name" :avatar="profile.avatar" :size="28" />
+        <h3 class="profile-name">{{ profile.name }}</h3>
+      </div>
+      <NTag v-if="profile.active" size="tiny" type="success" :bordered="false">
+        {{ t('profiles.active') }}
+      </NTag>
+    </div>
+
+    <div class="card-body">
+      <div class="info-row">
+        <span class="info-label">{{ t('profiles.model') }}</span>
+        <code class="info-value mono">{{ profile.model }}</code>
+      </div>
+    </div>
+
+    <div class="card-detail-toggle" @click="toggleDetail">
+      <svg
+        width="14" height="14" viewBox="0 0 24 24" fill="none"
+        stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"
+        class="toggle-icon"
+        :class="{ expanded }"
+      >
+        <polyline points="6 9 12 15 18 9" />
+      </svg>
+      <span class="toggle-text">{{ expanded ? t('common.collapse') : t('common.expand') }}</span>
+    </div>
+
+    <div v-if="expanded" class="card-detail">
+      <NSpin :show="detailLoading" size="small">
+        <template v-if="detail">
+          <div class="info-row">
+            <span class="info-label">{{ t('profiles.provider') }}</span>
+            <span class="info-value">{{ detail.provider }}</span>
+          </div>
+          <div class="info-row">
+            <span class="info-label">{{ t('profiles.path') }}</span>
+            <code class="info-value mono detail-path">{{ detail.path }}</code>
+          </div>
+          <div class="info-row">
+            <span class="info-label">{{ t('profiles.skills') }}</span>
+            <span class="info-value">{{ detail.skills }}</span>
+          </div>
+          <div class="info-row">
+            <span class="info-label">{{ t('profiles.hasEnv') }}</span>
+            <span class="info-value">{{ detail.hasEnv ? 'Yes' : 'No' }}</span>
+          </div>
+          <div class="info-row">
+            <span class="info-label">{{ t('profiles.hasSoulMd') }}</span>
+            <span class="info-value">{{ detail.hasSoulMd ? 'Yes' : 'No' }}</span>
+          </div>
+        </template>
+      </NSpin>
+    </div>
+
+    <div class="card-actions">
+      <NButton
+        v-if="!profile.active"
+        size="tiny"
+        :loading="switching"
+        quaternary
+        type="primary"
+        @click="handleSwitch"
+      >
+        {{ t('profiles.switchTo') }}
+      </NButton>
+      <NButton
+        size="tiny"
+        quaternary
+        type="error"
+        :disabled="isDefault || profile.active"
+        @click="handleDelete"
+      >
+        {{ t('common.delete') }}
+      </NButton>
+      <NButton size="tiny" quaternary :loading="exporting" @click="handleExport">
+        {{ t('profiles.export') }}
+      </NButton>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.profile-card {
+  background-color: $bg-card;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  padding: 16px;
+  transition: border-color $transition-fast;
+
+  &:hover {
+    border-color: rgba(var(--accent-primary-rgb), 0.3);
+  }
+
+  &.active {
+    border-color: rgba(var(--success-rgb), 0.4);
+  }
+}
+
+.card-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 10px;
+  margin-bottom: 12px;
+}
+
+.profile-title {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  min-width: 0;
+}
+
+.profile-name {
+  font-size: 15px;
+  font-weight: 600;
+  color: $text-primary;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  max-width: 100%;
+  margin: 0;
+}
+
+.card-body {
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+  margin-bottom: 8px;
+}
+
+.card-detail-toggle {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  padding: 6px 0;
+  cursor: pointer;
+  color: $text-muted;
+  font-size: 12px;
+  user-select: none;
+
+  &:hover {
+    color: $text-secondary;
+  }
+}
+
+.toggle-icon {
+  transition: transform 0.2s;
+
+  &.expanded {
+    transform: rotate(180deg);
+  }
+}
+
+.card-detail {
+  padding: 8px 0;
+  border-top: 1px solid $border-light;
+  margin-bottom: 8px;
+}
+
+.info-row {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  padding: 2px 0;
+}
+
+.info-label {
+  font-size: 12px;
+  color: $text-muted;
+  flex-shrink: 0;
+  margin-right: 12px;
+}
+
+.info-value {
+  font-size: 12px;
+  color: $text-secondary;
+  text-align: right;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.mono {
+  font-family: $font-code;
+  font-size: 12px;
+}
+
+.detail-path {
+  max-width: 260px;
+}
+
+.card-actions {
+  display: flex;
+  gap: 8px;
+  border-top: 1px solid $border-light;
+  padding-top: 10px;
+  flex-wrap: wrap;
+}
+</style>
diff --git a/packages/client/src/components/hermes/profiles/ProfileCreateModal.vue b/packages/client/src/components/hermes/profiles/ProfileCreateModal.vue
new file mode 100644
index 0000000..7b4a14b
--- /dev/null
+++ b/packages/client/src/components/hermes/profiles/ProfileCreateModal.vue
@@ -0,0 +1,130 @@
+<script setup lang="ts">
+import { ref } from 'vue'
+import { NModal, NForm, NFormItem, NInput, NButton, NSwitch, NText, useMessage } from 'naive-ui'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { useI18n } from 'vue-i18n'
+
+const emit = defineEmits<{
+  close: []
+  saved: []
+}>()
+
+const { t } = useI18n()
+const profilesStore = useProfilesStore()
+const message = useMessage()
+
+const showModal = ref(true)
+const loading = ref(false)
+const name = ref('')
+const clone = ref(false)
+const nameValidationMessage = ref('')
+
+function handleNameInput(value: string) {
+  // 过滤掉不符合规则的字符，只保留小写字母、数字、下划线和连字符
+  const filtered = value.toLowerCase().replace(/[^a-z0-9_-]/g, '')
+  if (filtered !== value) {
+    nameValidationMessage.value = t('profiles.nameValidation')
+  } else {
+    nameValidationMessage.value = ''
+  }
+  name.value = filtered
+}
+
+async function handleSave() {
+  if (!name.value) {
+    message.warning(t('profiles.namePlaceholder'))
+    return
+  }
+
+  if (!/^[a-z0-9_-]+$/.test(name.value)) {
+    message.error(t('profiles.nameValidation'))
+    return
+  }
+
+  loading.value = true
+  try {
+    const res = await profilesStore.createProfile(name.value.trim(), clone.value)
+    if (res.success) {
+      const stripped = res.strippedCredentials ?? []
+      const disabled = res.disabledPlatforms ?? []
+      const cfgStripped = res.strippedConfigCredentials ?? []
+      if (clone.value && (stripped.length > 0 || disabled.length > 0 || cfgStripped.length > 0)) {
+        const parts: string[] = []
+        if (stripped.length > 0) parts.push(t('profiles.cloneStrippedCredentials', { count: stripped.length, list: stripped.join(', ') }))
+        if (disabled.length > 0) parts.push(t('profiles.cloneDisabledPlatforms', { count: disabled.length, list: disabled.join(', ') }))
+        if (cfgStripped.length > 0) parts.push(t('profiles.cloneStrippedConfigCredentials', { count: cfgStripped.length, list: cfgStripped.join(', ') }))
+        message.info(`${t('profiles.createSuccess', { name: name.value.trim() })}\n${parts.join('\n')}`, { duration: 6000 })
+      } else {
+        message.success(t('profiles.createSuccess', { name: name.value.trim() }))
+      }
+      emit('saved')
+    } else {
+      const errorMsg = res.error || t('profiles.createFailed')
+      message.error(errorMsg)
+    }
+  } finally {
+    loading.value = false
+  }
+}
+
+function handleClose() {
+  showModal.value = false
+  setTimeout(() => emit('close'), 200)
+}
+</script>
+
+<template>
+  <NModal
+    v-model:show="showModal"
+    preset="card"
+    :title="t('profiles.create')"
+    :style="{ width: 'min(420px, calc(100vw - 32px))' }"
+    :mask-closable="!loading"
+    @after-leave="emit('close')"
+  >
+    <NForm label-placement="top">
+      <NFormItem :label="t('profiles.name')" required>
+        <NInput
+          v-model:value="name"
+          :placeholder="t('profiles.namePlaceholder')"
+          @input="handleNameInput"
+        />
+      </NFormItem>
+      <NText v-if="nameValidationMessage" depth="3" type="warning" style="font-size: 12px;">
+        {{ nameValidationMessage }}
+      </NText>
+
+      <NFormItem :label="t('profiles.cloneFromCurrent')">
+        <NSwitch v-model:value="clone" />
+      </NFormItem>
+      <NText v-if="clone" depth="3" style="font-size: 12px;">
+        {{ t('profiles.cloneCleanupNotice') }}
+      </NText>
+    </NForm>
+
+    <template #footer>
+      <div class="modal-footer">
+        <NButton @click="handleClose">{{ t('common.cancel') }}</NButton>
+        <NButton type="primary" :loading="loading" @click="handleSave">
+          {{ t('common.create') }}
+        </NButton>
+      </div>
+    </template>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+</style>
+
+<style scoped lang="scss">
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/profiles/ProfileImportModal.vue b/packages/client/src/components/hermes/profiles/ProfileImportModal.vue
new file mode 100644
index 0000000..e9056a9
--- /dev/null
+++ b/packages/client/src/components/hermes/profiles/ProfileImportModal.vue
@@ -0,0 +1,105 @@
+<script setup lang="ts">
+import { ref } from 'vue'
+import { NModal, NUpload, NButton, useMessage } from 'naive-ui'
+import type { UploadFileInfo } from 'naive-ui'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { useI18n } from 'vue-i18n'
+
+const emit = defineEmits<{
+  close: []
+  saved: []
+}>()
+
+const { t } = useI18n()
+const profilesStore = useProfilesStore()
+const message = useMessage()
+
+const showModal = ref(true)
+const loading = ref(false)
+const fileList = ref<UploadFileInfo[]>([])
+
+const ACCEPT_TYPES = [
+  '.tar.gz',
+  '.tgz',
+  '.gz',
+  '.zip',
+]
+
+function beforeUpload({ file }: { file: UploadFileInfo }) {
+  const name = file.name?.toLowerCase() || ''
+  const valid = ACCEPT_TYPES.some(ext => name.endsWith(ext))
+  if (!valid) {
+    message.warning(t('profiles.importInvalidFile'))
+    return false
+  }
+  return true
+}
+
+async function handleSave() {
+  if (!fileList.value.length) {
+    message.warning(t('profiles.importSelectFile'))
+    return
+  }
+
+  loading.value = true
+  try {
+    const file = fileList.value[0].file
+    if (!file) {
+      message.error(t('profiles.importFailed'))
+      return
+    }
+    const ok = await profilesStore.importProfile(file)
+    if (ok) {
+      message.success(t('profiles.importSuccess'))
+      emit('saved')
+    } else {
+      message.error(t('profiles.importFailed'))
+    }
+  } finally {
+    loading.value = false
+  }
+}
+
+function handleClose() {
+  showModal.value = false
+  setTimeout(() => emit('close'), 200)
+}
+</script>
+
+<template>
+  <NModal
+    v-model:show="showModal"
+    preset="card"
+    :title="t('profiles.import')"
+    :style="{ width: 'min(420px, calc(100vw - 32px))' }"
+    :mask-closable="!loading"
+    @after-leave="emit('close')"
+  >
+    <NUpload
+      v-model:file-list="fileList"
+      :max="1"
+      :accept="ACCEPT_TYPES.join(',')"
+      :disabled="loading"
+      @before-upload="beforeUpload"
+    >
+      <NButton>{{ t('profiles.importSelectFile') }}</NButton>
+    </NUpload>
+
+    <template #footer>
+      <div class="modal-footer">
+        <NButton @click="handleClose">{{ t('common.cancel') }}</NButton>
+        <NButton type="primary" :loading="loading" :disabled="!fileList.length" @click="handleSave">
+          {{ t('common.confirm') }}
+        </NButton>
+      </div>
+    </template>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/profiles/ProfileRenameModal.vue b/packages/client/src/components/hermes/profiles/ProfileRenameModal.vue
new file mode 100644
index 0000000..a2da73a
--- /dev/null
+++ b/packages/client/src/components/hermes/profiles/ProfileRenameModal.vue
@@ -0,0 +1,103 @@
+<script setup lang="ts">
+import { ref } from 'vue'
+import { NModal, NForm, NFormItem, NInput, NButton, NText, useMessage } from 'naive-ui'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { useI18n } from 'vue-i18n'
+
+const props = defineProps<{ profileName: string }>()
+const emit = defineEmits<{
+  close: []
+  saved: []
+}>()
+
+const { t } = useI18n()
+const profilesStore = useProfilesStore()
+const message = useMessage()
+
+const showModal = ref(true)
+const loading = ref(false)
+const newName = ref('')
+const nameValidationMessage = ref('')
+
+function handleNameInput(value: string) {
+  // 过滤掉不符合规则的字符，只保留小写字母、数字、下划线和连字符
+  const filtered = value.toLowerCase().replace(/[^a-z0-9_-]/g, '')
+  if (filtered !== value) {
+    nameValidationMessage.value = t('profiles.nameValidation')
+  } else {
+    nameValidationMessage.value = ''
+  }
+  newName.value = filtered
+}
+
+async function handleSave() {
+  if (!newName.value) {
+    message.warning(t('profiles.newNamePlaceholder'))
+    return
+  }
+
+  if (!/^[a-z0-9_-]+$/.test(newName.value)) {
+    message.error(t('profiles.nameValidation'))
+    return
+  }
+
+  loading.value = true
+  try {
+    const ok = await profilesStore.renameProfile(props.profileName, newName.value.trim())
+    if (ok) {
+      message.success(t('profiles.renameSuccess'))
+      emit('saved')
+    } else {
+      message.error(t('profiles.renameFailed'))
+    }
+  } finally {
+    loading.value = false
+  }
+}
+
+function handleClose() {
+  showModal.value = false
+  setTimeout(() => emit('close'), 200)
+}
+</script>
+
+<template>
+  <NModal
+    v-model:show="showModal"
+    preset="card"
+    :title="t('profiles.rename')"
+    :style="{ width: 'min(420px, calc(100vw - 32px))' }"
+    :mask-closable="!loading"
+    @after-leave="emit('close')"
+  >
+    <NForm label-placement="top">
+      <NFormItem :label="t('profiles.newName')" required>
+        <NInput
+          v-model:value="newName"
+          :placeholder="t('profiles.newNamePlaceholder')"
+          @input="handleNameInput"
+        />
+      </NFormItem>
+      <NText v-if="nameValidationMessage" depth="3" type="warning" style="font-size: 12px;">
+        {{ nameValidationMessage }}
+      </NText>
+    </NForm>
+
+    <template #footer>
+      <div class="modal-footer">
+        <NButton @click="handleClose">{{ t('common.cancel') }}</NButton>
+        <NButton type="primary" :loading="loading" @click="handleSave">
+          {{ t('common.confirm') }}
+        </NButton>
+      </div>
+    </template>
+  </NModal>
+</template>
+
+<style scoped lang="scss">
+.modal-footer {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/profiles/ProfilesPanel.vue b/packages/client/src/components/hermes/profiles/ProfilesPanel.vue
new file mode 100644
index 0000000..2a1e3e9
--- /dev/null
+++ b/packages/client/src/components/hermes/profiles/ProfilesPanel.vue
@@ -0,0 +1,56 @@
+<script setup lang="ts">
+import ProfileCard from './ProfileCard.vue'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { useI18n } from 'vue-i18n'
+
+defineEmits<{ rename: [name: string] }>()
+
+const { t } = useI18n()
+const profilesStore = useProfilesStore()
+</script>
+
+<template>
+  <div v-if="profilesStore.profiles.length === 0" class="empty-state">
+    <svg width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" class="empty-icon">
+      <path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2" />
+      <circle cx="12" cy="7" r="4" />
+    </svg>
+    <p>{{ t('profiles.noProfiles') }}</p>
+  </div>
+  <div v-else class="profiles-grid">
+    <ProfileCard
+      v-for="p in profilesStore.profiles"
+      :key="p.name"
+      :profile="p"
+      @rename="$emit('rename', $event)"
+    />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.empty-state {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  height: 100%;
+  color: $text-muted;
+  gap: 12px;
+
+  .empty-icon {
+    opacity: 0.3;
+  }
+
+  p {
+    font-size: 14px;
+  }
+}
+
+.profiles-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(min(100%, 420px), 1fr));
+  gap: 14px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/AccountSettings.vue b/packages/client/src/components/hermes/settings/AccountSettings.vue
new file mode 100644
index 0000000..af0981e
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/AccountSettings.vue
@@ -0,0 +1,301 @@
+<script setup lang="ts">
+import { ref, onMounted } from "vue";
+import { NButton, NInput, NModal, NForm, NFormItem, NPopconfirm, useMessage } from "naive-ui";
+import { useI18n } from "vue-i18n";
+import { changePassword, changeUsername, fetchCurrentUser, fetchLockedIps, unlockSpecificIp, unlockAllIps } from "@/api/auth";
+import type { LockedIp } from "@/api/auth";
+
+const { t } = useI18n();
+const message = useMessage();
+
+const username = ref<string | null>(null);
+const loading = ref(false);
+
+// Change password form
+const showChangePasswordModal = ref(false);
+const currentPasswordForPwd = ref("");
+const newPasswordVal = ref("");
+const newPasswordConfirm = ref("");
+
+// Change username form
+const showChangeUsernameModal = ref(false);
+const currentPasswordForName = ref("");
+const newUsernameVal = ref("");
+
+onMounted(async () => {
+  try {
+    const user = await fetchCurrentUser();
+    username.value = user.username;
+  } catch { /* ignore */ }
+});
+
+async function handleChangePassword() {
+  if (newPasswordVal.value !== newPasswordConfirm.value) {
+    message.error(t("login.passwordMismatch"));
+    return;
+  }
+  if (newPasswordVal.value.length < 6) {
+    message.error(t("login.passwordTooShort"));
+    return;
+  }
+  loading.value = true;
+  try {
+    await changePassword(currentPasswordForPwd.value, newPasswordVal.value);
+    showChangePasswordModal.value = false;
+    currentPasswordForPwd.value = "";
+    newPasswordVal.value = "";
+    newPasswordConfirm.value = "";
+    message.success(t("login.passwordChanged"));
+  } catch (err: any) {
+    message.error(err.message || t("common.saveFailed"));
+  } finally {
+    loading.value = false;
+  }
+}
+
+async function handleChangeUsername() {
+  if (newUsernameVal.value.trim().length < 2) {
+    message.error(t("login.usernameTooShort"));
+    return;
+  }
+  loading.value = true;
+  try {
+    await changeUsername(currentPasswordForName.value, newUsernameVal.value.trim());
+    username.value = newUsernameVal.value.trim();
+    showChangeUsernameModal.value = false;
+    currentPasswordForName.value = "";
+    newUsernameVal.value = "";
+    message.success(t("login.usernameChanged"));
+  } catch (err: any) {
+    message.error(err.message || t("common.saveFailed"));
+  } finally {
+    loading.value = false;
+  }
+}
+
+function openChangePasswordModal() {
+  currentPasswordForPwd.value = "";
+  newPasswordVal.value = "";
+  newPasswordConfirm.value = "";
+  showChangePasswordModal.value = true;
+}
+
+function openChangeUsernameModal() {
+  currentPasswordForName.value = "";
+  newUsernameVal.value = "";
+  showChangeUsernameModal.value = true;
+}
+
+// Locked IPs management
+const lockedIps = ref<LockedIp[]>([]);
+const loadingLocks = ref(false);
+
+async function loadLockedIps() {
+  loadingLocks.value = true;
+  try {
+    lockedIps.value = await fetchLockedIps();
+  } catch { /* ignore */ }
+  finally {
+    loadingLocks.value = false;
+  }
+}
+
+async function handleUnlockIp(ip: string) {
+  try {
+    await unlockSpecificIp(ip);
+    message.success(t("settings.lockedIps.unlocked"));
+    await loadLockedIps();
+  } catch (err: any) {
+    message.error(err.message || t("common.saveFailed"));
+  }
+}
+
+async function handleUnlockAll() {
+  try {
+    const count = await unlockAllIps();
+    message.success(t("settings.lockedIps.allUnlocked", { count }));
+    await loadLockedIps();
+  } catch (err: any) {
+    message.error(err.message || t("common.saveFailed"));
+  }
+}
+
+function formatTime(ts: number): string {
+  const remaining = Math.max(0, Math.round((ts - Date.now()) / 60000));
+  return remaining > 0 ? `${remaining} min` : t("common.expired");
+}
+
+onMounted(() => { loadLockedIps(); });
+</script>
+
+<template>
+  <div class="account-settings">
+    <p class="section-desc">{{ t("login.setupDescription") }}</p>
+
+    <div class="configured-section">
+      <div class="action-row">
+        <span class="action-label">{{ t("login.passwordLoginConfigured", { username }) }}</span>
+        <div class="action-buttons">
+          <NButton @click="openChangePasswordModal">{{ t("login.changePassword") }}</NButton>
+          <NButton @click="openChangeUsernameModal">{{ t("login.changeUsername") }}</NButton>
+        </div>
+      </div>
+    </div>
+
+    <!-- Locked IPs management -->
+    <div class="locked-ips-section">
+      <h3 class="section-title">{{ t("settings.lockedIps.title") }}</h3>
+      <div class="action-row" style="margin-bottom: 12px;">
+        <span class="action-label">{{ t("settings.lockedIps.count", { count: lockedIps.length }) }}</span>
+        <div class="action-buttons">
+          <NButton size="small" :loading="loadingLocks" @click="loadLockedIps">{{ t("common.retry") }}</NButton>
+          <NPopconfirm v-if="lockedIps.length > 0" @positive-click="handleUnlockAll">
+            <template #trigger>
+              <NButton size="small" type="warning">{{ t("settings.lockedIps.unlockAll") }}</NButton>
+            </template>
+            {{ t("settings.lockedIps.unlockAllConfirm") }}
+          </NPopconfirm>
+        </div>
+      </div>
+      <div v-if="lockedIps.length > 0" class="locked-list">
+        <div v-for="lock in lockedIps" :key="lock.ip + lock.type" class="locked-item">
+          <div class="locked-info">
+            <span class="locked-ip">{{ lock.ip }}</span>
+            <span class="locked-badge">{{ lock.type }}</span>
+            <span class="locked-ttl">{{ formatTime(lock.lockedUntil) }}</span>
+          </div>
+          <NButton size="tiny" type="error" ghost @click="handleUnlockIp(lock.ip)">{{ t("settings.lockedIps.unlock") }}</NButton>
+        </div>
+      </div>
+      <p v-else class="empty-hint">{{ t("settings.lockedIps.empty") }}</p>
+    </div>
+
+    <!-- Change password modal -->
+    <NModal v-model:show="showChangePasswordModal" preset="dialog" :title="t('login.changePassword')">
+      <NForm label-placement="top">
+        <NFormItem :label="t('login.currentPassword')">
+          <NInput v-model:value="currentPasswordForPwd" type="password" show-password-on="click" :placeholder="t('login.currentPassword')" />
+        </NFormItem>
+        <NFormItem :label="t('login.newPassword')">
+          <NInput v-model:value="newPasswordVal" type="password" show-password-on="click" :placeholder="t('login.newPassword')" />
+        </NFormItem>
+        <NFormItem :label="t('login.confirmPassword')">
+          <NInput v-model:value="newPasswordConfirm" type="password" show-password-on="click" :placeholder="t('login.confirmPassword')" @keyup.enter="handleChangePassword" />
+        </NFormItem>
+      </NForm>
+      <template #action>
+        <NButton @click="showChangePasswordModal = false">{{ t("common.cancel") }}</NButton>
+        <NButton type="primary" :loading="loading" @click="handleChangePassword">{{ t("common.save") }}</NButton>
+      </template>
+    </NModal>
+
+    <!-- Change username modal -->
+    <NModal v-model:show="showChangeUsernameModal" preset="dialog" :title="t('login.changeUsername')">
+      <NForm label-placement="top">
+        <NFormItem :label="t('login.currentPassword')">
+          <NInput v-model:value="currentPasswordForName" type="password" show-password-on="click" :placeholder="t('login.currentPassword')" />
+        </NFormItem>
+        <NFormItem :label="t('login.newUsername')">
+          <NInput v-model:value="newUsernameVal" :placeholder="t('login.usernamePlaceholder')" @keyup.enter="handleChangeUsername" />
+        </NFormItem>
+      </NForm>
+      <template #action>
+        <NButton @click="showChangeUsernameModal = false">{{ t("common.cancel") }}</NButton>
+        <NButton type="primary" :loading="loading" @click="handleChangeUsername">{{ t("common.save") }}</NButton>
+      </template>
+    </NModal>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.account-settings {
+  padding: 8px 0;
+}
+
+.section-desc {
+  font-size: 13px;
+  color: $text-muted;
+  margin: 0 0 20px;
+  line-height: 1.6;
+}
+
+.action-row {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 16px;
+}
+
+.action-label {
+  font-size: 14px;
+  color: $text-secondary;
+}
+
+.action-buttons {
+  display: flex;
+  gap: 8px;
+  flex-shrink: 0;
+}
+
+.locked-ips-section {
+  margin-top: 32px;
+  padding-top: 20px;
+  border-top: 1px solid $border-color;
+}
+
+.section-title {
+  font-size: 15px;
+  font-weight: 600;
+  color: $text-primary;
+  margin: 0 0 16px;
+}
+
+.locked-list {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+}
+
+.locked-item {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 8px 12px;
+  border: 1px solid $border-color;
+  border-radius: $radius-sm;
+  background: $bg-input;
+}
+
+.locked-info {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+
+.locked-ip {
+  font-family: $font-code;
+  font-size: 13px;
+  color: $text-primary;
+}
+
+.locked-badge {
+  font-size: 11px;
+  padding: 2px 6px;
+  border-radius: 3px;
+  background: rgba($error, 0.1);
+  color: $error;
+}
+
+.locked-ttl {
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.empty-hint {
+  font-size: 13px;
+  color: $text-muted;
+  margin: 0;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/AgentSettings.vue b/packages/client/src/components/hermes/settings/AgentSettings.vue
new file mode 100644
index 0000000..535f94c
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/AgentSettings.vue
@@ -0,0 +1,87 @@
+<script setup lang="ts">
+import { NInputNumber, NSelect, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useSettingsStore } from '@/stores/hermes/settings'
+import SettingRow from './SettingRow.vue'
+
+const settingsStore = useSettingsStore()
+const message = useMessage()
+const { t } = useI18n()
+
+// 防抖保存：每个字段独立定时器，300ms 内只发最后一次 HTTP 请求
+const debounceTimers: Record<string, ReturnType<typeof setTimeout>> = {}
+
+function save(values: Record<string, any>) {
+  // NSelect 等一次性操作，直接保存，不需要防抖
+  settingsStore.updateLocal('agent', values)
+  settingsStore.saveSection('agent', values).then(() => {
+    message.success(t('settings.saved'))
+  }).catch(() => {
+    message.error(t('settings.saveFailed'))
+  })
+}
+
+function debouncedSave(key: string, value: any) {
+  // 先立即更新本地 store（UI 即时响应）
+  settingsStore.updateLocal('agent', { [key]: value })
+  // 再防抖发 HTTP 保存
+  if (debounceTimers[key]) clearTimeout(debounceTimers[key])
+  debounceTimers[key] = setTimeout(async () => {
+    try {
+      await settingsStore.saveSection('agent', { [key]: value })
+      message.success(t('settings.saved'))
+    } catch (err: any) {
+      message.error(t('settings.saveFailed'))
+    }
+  }, 300)
+}
+</script>
+
+<template>
+  <section class="settings-section">
+    <SettingRow :label="t('settings.agent.maxTurns')" :hint="t('settings.agent.maxTurnsHint')">
+      <NInputNumber
+        :value="settingsStore.agent.max_turns"
+        :min="1" :max="200" :step="5"
+        size="small" class="input-sm"
+        @update:value="v => v != null && debouncedSave('max_turns', v)"
+      />
+    </SettingRow>
+    <SettingRow :label="t('settings.agent.gatewayTimeout')" :hint="t('settings.agent.gatewayTimeoutHint')">
+      <NInputNumber
+        :value="settingsStore.agent.gateway_timeout"
+        :min="60" :max="7200" :step="60"
+        size="small" class="input-sm"
+        @update:value="v => v != null && debouncedSave('gateway_timeout', v)"
+      />
+    </SettingRow>
+    <SettingRow :label="t('settings.agent.restartDrainTimeout')" :hint="t('settings.agent.restartDrainTimeoutHint')">
+      <NInputNumber
+        :value="settingsStore.agent.restart_drain_timeout"
+        :min="10" :max="300" :step="10"
+        size="small" class="input-sm"
+        @update:value="v => v != null && debouncedSave('restart_drain_timeout', v)"
+      />
+    </SettingRow>
+    <SettingRow :label="t('settings.agent.toolEnforcement')" :hint="t('settings.agent.toolEnforcementHint')">
+      <NSelect
+        :value="settingsStore.agent.tool_use_enforcement || 'auto'"
+        :options="[
+          { label: t('settings.agent.auto'), value: 'auto' },
+          { label: t('settings.agent.always'), value: 'always' },
+          { label: t('settings.agent.never'), value: 'never' },
+        ]"
+        size="small" class="input-sm"
+        @update:value="v => save({ tool_use_enforcement: v })"
+      />
+    </SettingRow>
+  </section>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.settings-section {
+  margin-top: 16px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/CompressionSettings.vue b/packages/client/src/components/hermes/settings/CompressionSettings.vue
new file mode 100644
index 0000000..5c9c180
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/CompressionSettings.vue
@@ -0,0 +1,106 @@
+<script setup lang="ts">
+import { NInputNumber, NSwitch, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useSettingsStore } from '@/stores/hermes/settings'
+import SettingRow from './SettingRow.vue'
+
+const settingsStore = useSettingsStore()
+const message = useMessage()
+const { t } = useI18n()
+
+const defaults = {
+  enabled: true,
+  threshold: 0.5,
+  target_ratio: 0.2,
+  protect_last_n: 20,
+  protect_first_n: 3,
+}
+
+const debounceTimers: Record<string, ReturnType<typeof setTimeout>> = {}
+
+function save(values: Record<string, any>) {
+  settingsStore.updateLocal('compression', values)
+  settingsStore.saveSection('compression', values).then(() => {
+    message.success(t('settings.saved'))
+  }).catch(() => {
+    message.error(t('settings.saveFailed'))
+  })
+}
+
+function debouncedSave(key: string, value: any) {
+  settingsStore.updateLocal('compression', { [key]: value })
+  if (debounceTimers[key]) clearTimeout(debounceTimers[key])
+  debounceTimers[key] = setTimeout(async () => {
+    try {
+      await settingsStore.saveSection('compression', { [key]: value })
+      message.success(t('settings.saved'))
+    } catch {
+      message.error(t('settings.saveFailed'))
+    }
+  }, 300)
+}
+</script>
+
+<template>
+  <section class="settings-section">
+    <SettingRow :label="t('settings.compression.enabled')" :hint="t('settings.compression.enabledHint')">
+      <NSwitch
+        :value="settingsStore.compression.enabled ?? defaults.enabled"
+        size="small"
+        @update:value="v => save({ enabled: v })"
+      />
+    </SettingRow>
+    <SettingRow :label="t('settings.compression.threshold')" :hint="t('settings.compression.thresholdHint')">
+      <NInputNumber
+        :value="settingsStore.compression.threshold ?? defaults.threshold"
+        :min="0.1"
+        :max="0.95"
+        :step="0.05"
+        size="small"
+        class="input-sm"
+        @update:value="v => v != null && debouncedSave('threshold', v)"
+      />
+    </SettingRow>
+    <SettingRow :label="t('settings.compression.targetRatio')" :hint="t('settings.compression.targetRatioHint')">
+      <NInputNumber
+        :value="settingsStore.compression.target_ratio ?? defaults.target_ratio"
+        :min="0.05"
+        :max="0.8"
+        :step="0.05"
+        size="small"
+        class="input-sm"
+        @update:value="v => v != null && debouncedSave('target_ratio', v)"
+      />
+    </SettingRow>
+    <SettingRow :label="t('settings.compression.protectLastN')" :hint="t('settings.compression.protectLastNHint')">
+      <NInputNumber
+        :value="settingsStore.compression.protect_last_n ?? defaults.protect_last_n"
+        :min="0"
+        :max="200"
+        :step="1"
+        size="small"
+        class="input-sm"
+        @update:value="v => v != null && debouncedSave('protect_last_n', v)"
+      />
+    </SettingRow>
+    <SettingRow :label="t('settings.compression.protectFirstN')" :hint="t('settings.compression.protectFirstNHint')">
+      <NInputNumber
+        :value="settingsStore.compression.protect_first_n ?? defaults.protect_first_n"
+        :min="0"
+        :max="50"
+        :step="1"
+        size="small"
+        class="input-sm"
+        @update:value="v => v != null && debouncedSave('protect_first_n', v)"
+      />
+    </SettingRow>
+  </section>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.settings-section {
+  margin-top: 16px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/DisplaySettings.vue b/packages/client/src/components/hermes/settings/DisplaySettings.vue
new file mode 100644
index 0000000..8cc0546
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/DisplaySettings.vue
@@ -0,0 +1,70 @@
+<script setup lang="ts">
+import { NSwitch, NSelect, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useSettingsStore } from '@/stores/hermes/settings'
+import { useTheme, type BrightnessMode } from '@/composables/useTheme'
+import SettingRow from './SettingRow.vue'
+
+const settingsStore = useSettingsStore()
+const message = useMessage()
+const { t } = useI18n()
+const { brightness, setBrightness } = useTheme()
+
+const themeOptions = [
+  { label: t('settings.display.themeLight'), value: 'light' },
+  { label: t('settings.display.themeDark'), value: 'dark' },
+  { label: t('settings.display.themeSystem'), value: 'system' },
+]
+
+async function save(values: Record<string, any>) {
+  try {
+    await settingsStore.saveSection('display', values)
+    message.success(t('settings.saved'))
+  } catch (err: any) {
+    message.error(t('settings.saveFailed'))
+  }
+}
+
+function handleThemeChange(val: string) {
+  const m = val as BrightnessMode
+  setBrightness(m)
+  save({ skin: m })
+}
+</script>
+
+<template>
+  <section class="settings-section">
+    <SettingRow :label="t('settings.display.theme')" :hint="t('settings.display.themeHint')">
+      <NSelect :value="brightness" :options="themeOptions" size="small" :consistent-menu-width="false" class="input-sm" @update:value="handleThemeChange" />
+    </SettingRow>
+    <SettingRow :label="t('settings.display.streaming')" :hint="t('settings.display.streamingHint')">
+      <NSwitch :value="settingsStore.display.streaming" @update:value="v => save({ streaming: v })" />
+    </SettingRow>
+    <SettingRow :label="t('settings.display.compact')" :hint="t('settings.display.compactHint')">
+      <NSwitch :value="settingsStore.display.compact" @update:value="v => save({ compact: v })" />
+    </SettingRow>
+    <SettingRow :label="t('settings.display.showReasoning')" :hint="t('settings.display.showReasoningHint')">
+      <NSwitch :value="settingsStore.display.show_reasoning" @update:value="v => save({ show_reasoning: v })" />
+    </SettingRow>
+    <SettingRow :label="t('settings.display.showCost')" :hint="t('settings.display.showCostHint')">
+      <NSwitch :value="settingsStore.display.show_cost" @update:value="v => save({ show_cost: v })" />
+    </SettingRow>
+    <SettingRow :label="t('settings.display.inlineDiffs')" :hint="t('settings.display.inlineDiffsHint')">
+      <NSwitch :value="settingsStore.display.inline_diffs" @update:value="v => save({ inline_diffs: v })" />
+    </SettingRow>
+    <SettingRow :label="t('settings.display.bellOnComplete')" :hint="t('settings.display.bellOnCompleteHint')">
+      <NSwitch :value="settingsStore.display.bell_on_complete" @update:value="v => save({ bell_on_complete: v })" />
+    </SettingRow>
+    <SettingRow :label="t('settings.display.busyInputMode')" :hint="t('settings.display.busyInputModeHint')">
+      <NSwitch :value="settingsStore.display.busy_input_mode === 'interrupt'" @update:value="v => save({ busy_input_mode: v ? 'interrupt' : 'off' })" />
+    </SettingRow>
+  </section>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.settings-section {
+  margin-top: 16px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/GithubPreviewSettings.vue b/packages/client/src/components/hermes/settings/GithubPreviewSettings.vue
new file mode 100644
index 0000000..dc1d75f
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/GithubPreviewSettings.vue
@@ -0,0 +1,398 @@
+<script setup lang="ts">
+import { computed, onMounted, onUnmounted, ref, watch } from 'vue'
+import { NAlert, NButton, NDescriptions, NDescriptionsItem, NSelect, NSpace, NTag, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import {
+  fetchPreviewStatus,
+  fetchPreviewTags,
+  installPreview,
+  preparePreview,
+  startPreview,
+  stopPreview,
+  type PreviewActionResponse,
+  type PreviewStatus,
+  type PreviewTag,
+} from '@/api/hermes/system'
+
+const { t } = useI18n()
+const message = useMessage()
+
+const loading = ref(false)
+const tagsLoading = ref(false)
+const actionLoading = ref('')
+const tags = ref<PreviewTag[]>([])
+const selectedTag = ref('')
+const status = ref<PreviewStatus | null>(null)
+const lastHandledCompletion = ref('')
+const completionNotificationsReady = ref(false)
+let pollTimer: number | null = null
+
+const tagOptions = computed(() => tags.value.map(tag => ({
+  label: tag.name,
+  value: tag.name,
+})))
+const actionLog = computed(() => status.value?.action_log || '')
+const devLog = computed(() => status.value?.dev_log || '')
+const activeAction = computed(() => actionLoading.value || status.value?.active_action || '')
+const hasActiveAction = computed(() => Boolean(activeAction.value))
+const actionSuccessKeys: Record<string, string> = {
+  prepare: 'githubPreview.prepareSuccess',
+  install: 'githubPreview.installSuccess',
+  start: 'githubPreview.startSuccess',
+  stop: 'githubPreview.stopSuccess',
+}
+
+function applyErrorStatus(err: any) {
+  const messageText = String(err?.message || '')
+  const jsonStart = messageText.indexOf('{')
+  if (jsonStart < 0) return
+  try {
+    const parsed = JSON.parse(messageText.slice(jsonStart))
+    if (parsed && typeof parsed === 'object' && 'preview_dir' in parsed) {
+      status.value = parsed as PreviewStatus
+    }
+  } catch {}
+}
+
+function errorCodeMessage(code?: string, fallback?: string): string {
+  if (code === 'node_environment_missing') return t('githubPreview.nodeEnvironmentMissing')
+  return fallback || t('githubPreview.actionFailed')
+}
+
+function parseErrorPayload(err: any): { message?: string; code?: string } | null {
+  const messageText = String(err?.message || '')
+  const jsonStart = messageText.indexOf('{')
+  if (jsonStart < 0) return null
+  try {
+    const parsed = JSON.parse(messageText.slice(jsonStart))
+    return parsed && typeof parsed === 'object' ? parsed : null
+  } catch {
+    return null
+  }
+}
+
+async function loadStatus() {
+  status.value = await fetchPreviewStatus()
+  if (!selectedTag.value && status.value.current_tag) {
+    selectedTag.value = status.value.current_tag
+  }
+}
+
+async function loadTags() {
+  tagsLoading.value = true
+  try {
+    const res = await fetchPreviewTags()
+    tags.value = res.tags
+    if (!selectedTag.value && tags.value[0]) {
+      selectedTag.value = tags.value[0].name
+    }
+  } finally {
+    tagsLoading.value = false
+  }
+}
+
+async function handleRefresh() {
+  loading.value = true
+  try {
+    await Promise.all([loadStatus(), loadTags()])
+  } finally {
+    loading.value = false
+  }
+}
+
+async function runAction(action: string, fn: () => Promise<PreviewActionResponse>, successKey: string) {
+  actionLoading.value = action
+  try {
+    const res = await fn()
+    status.value = res
+    if (res.success === false) {
+      message.warning(errorCodeMessage(res.code, res.message))
+      return
+    }
+    if (!res.accepted && !res.active_action) {
+      message.success(t(successKey))
+    }
+  } catch (err: any) {
+    applyErrorStatus(err)
+    const payload = parseErrorPayload(err)
+    message.error(errorCodeMessage(payload?.code, payload?.message || err?.message))
+  } finally {
+    actionLoading.value = ''
+  }
+}
+
+async function pollStatus() {
+  try {
+    await loadStatus()
+  } catch {}
+}
+
+function startPolling() {
+  if (pollTimer) return
+  pollTimer = window.setInterval(() => {
+    void pollStatus()
+  }, 2000)
+}
+
+function stopPolling() {
+  if (!pollTimer) return
+  window.clearInterval(pollTimer)
+  pollTimer = null
+}
+
+function requireTag(): string | null {
+  if (!selectedTag.value) {
+    message.warning(t('githubPreview.selectTag'))
+    return null
+  }
+  return selectedTag.value
+}
+
+async function handlePrepare() {
+  const tag = requireTag()
+  if (!tag) return
+  await runAction('prepare', () => preparePreview(tag), 'githubPreview.prepareSuccess')
+}
+
+async function handleInstall() {
+  await runAction('install', async () => {
+    const res = await installPreview()
+    if (res.success !== false && !res.accepted && !res.active_action && !res.installed) {
+      return {
+        ...res,
+        success: false,
+        message: res.message || t('githubPreview.actionFailed'),
+      }
+    }
+    return res
+  }, 'githubPreview.installSuccess')
+}
+
+async function handleStart() {
+  await runAction('start', () => startPreview(selectedTag.value || undefined), 'githubPreview.startSuccess')
+}
+
+async function handleStop() {
+  await runAction('stop', stopPreview, 'githubPreview.stopSuccess')
+}
+
+onMounted(async () => {
+  await handleRefresh()
+  lastHandledCompletion.value = status.value?.last_action_completed_at || ''
+  completionNotificationsReady.value = true
+})
+
+onUnmounted(() => {
+  stopPolling()
+})
+
+watch(
+  () => status.value?.active_action || '',
+  (action) => {
+    if (action) startPolling()
+    else stopPolling()
+  },
+)
+
+watch(
+  () => status.value?.last_action_completed_at || '',
+  (completedAt) => {
+    if (!completedAt) return
+    if (!completionNotificationsReady.value) {
+      lastHandledCompletion.value = completedAt
+      return
+    }
+    if (completedAt === lastHandledCompletion.value || actionLoading.value) return
+    lastHandledCompletion.value = completedAt
+    const completedAction = status.value?.last_action || ''
+    if (status.value?.last_action_success === false) {
+      message.error(errorCodeMessage(status.value.last_action_code, status.value.last_action_message))
+      return
+    }
+    const successKey = actionSuccessKeys[completedAction]
+    if (successKey) message.success(t(successKey))
+  },
+)
+</script>
+
+<template>
+  <div class="github-preview-settings">
+    <div class="settings-section">
+      <div class="control-row">
+        <NSelect
+          v-model:value="selectedTag"
+          class="tag-select"
+          filterable
+          :loading="tagsLoading"
+          :options="tagOptions"
+          :placeholder="t('githubPreview.selectTag')"
+        />
+        <NSpace>
+          <NButton type="primary" :loading="activeAction === 'prepare'" :disabled="hasActiveAction || !selectedTag" @click="handlePrepare">
+            {{ t('githubPreview.prepare') }}
+          </NButton>
+          <NButton :loading="activeAction === 'install'" :disabled="hasActiveAction || !status?.has_package" @click="handleInstall">
+            {{ t('githubPreview.install') }}
+          </NButton>
+          <NButton type="success" :loading="activeAction === 'start'" :disabled="hasActiveAction || !status?.installed" @click="handleStart">
+            {{ t('githubPreview.start') }}
+          </NButton>
+          <NButton :loading="activeAction === 'stop'" :disabled="hasActiveAction || !status?.running" @click="handleStop">
+            {{ t('githubPreview.stop') }}
+          </NButton>
+          <NButton :loading="loading || tagsLoading" @click="handleRefresh">
+            {{ t('githubPreview.refresh') }}
+          </NButton>
+        </NSpace>
+      </div>
+
+      <p class="section-description">{{ t('githubPreview.description') }}</p>
+
+      <NAlert type="info" :bordered="false" class="preview-note">
+        {{ t('githubPreview.note') }}
+      </NAlert>
+
+      <NDescriptions v-if="status" :column="1" bordered size="small" class="status-table">
+        <NDescriptionsItem :label="t('githubPreview.path')">
+          <code>{{ status.preview_dir }}</code>
+        </NDescriptionsItem>
+        <NDescriptionsItem :label="t('githubPreview.webuiHome')">
+          <code>{{ status.webui_home }}</code>
+        </NDescriptionsItem>
+        <NDescriptionsItem :label="t('githubPreview.currentTag')">
+          {{ status.current_tag || '-' }}
+        </NDescriptionsItem>
+        <NDescriptionsItem :label="t('githubPreview.repoReady')">
+          <NTag size="small" :type="status.has_package ? 'success' : 'default'">
+            {{ status.has_package ? t('githubPreview.yes') : t('githubPreview.no') }}
+          </NTag>
+        </NDescriptionsItem>
+        <NDescriptionsItem :label="t('githubPreview.dependencies')">
+          <NTag size="small" :type="status.installed ? 'success' : 'warning'">
+            {{ status.installed ? t('githubPreview.yes') : t('githubPreview.no') }}
+          </NTag>
+        </NDescriptionsItem>
+        <NDescriptionsItem :label="t('githubPreview.running')">
+          <NTag size="small" :type="status.running ? 'success' : 'default'">
+            {{ status.running ? `PID ${status.pid}` : t('githubPreview.notRunning') }}
+          </NTag>
+        </NDescriptionsItem>
+        <NDescriptionsItem :label="t('githubPreview.open')">
+          <a :href="status.frontend_url" target="_blank" rel="noopener noreferrer">{{ status.frontend_url }}</a>
+        </NDescriptionsItem>
+        <NDescriptionsItem :label="t('githubPreview.log')">
+          <code>{{ status.action_log_path }}</code>
+        </NDescriptionsItem>
+        <NDescriptionsItem :label="t('githubPreview.devLog')">
+          <code>{{ status.dev_log_path }}</code>
+        </NDescriptionsItem>
+      </NDescriptions>
+
+      <div class="log-output">
+        <div class="log-output-header">{{ t('githubPreview.logOutput') }}</div>
+        <div class="log-box">
+          <div class="log-title">{{ t('githubPreview.actionLog') }}</div>
+          <pre>{{ actionLog || '-' }}</pre>
+        </div>
+        <div class="log-box">
+          <div class="log-title">{{ t('githubPreview.devLog') }}</div>
+          <pre>{{ devLog || '-' }}</pre>
+        </div>
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.github-preview-settings {
+  width: 100%;
+}
+
+.settings-section {
+  display: flex;
+  flex-direction: column;
+  gap: 16px;
+}
+
+.section-description {
+  margin: 0;
+  color: $text-secondary;
+  font-size: 13px;
+  line-height: 1.5;
+}
+
+.control-row {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  flex-wrap: wrap;
+}
+
+.tag-select {
+  width: 260px;
+}
+
+.preview-note {
+  width: 100%;
+}
+
+.status-table {
+  width: 100%;
+}
+
+.log-output {
+  width: 100%;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  background: $bg-card;
+  overflow: hidden;
+}
+
+.log-output-header {
+  padding: 12px 14px;
+  border-bottom: 1px solid $border-color;
+  font-size: 14px;
+  font-weight: 600;
+  color: $text-primary;
+}
+
+.log-box {
+  border-bottom: 1px solid $border-color;
+
+  &:last-child {
+    border-bottom: none;
+  }
+}
+
+.log-title {
+  padding: 8px 14px;
+  font-size: 12px;
+  color: $text-secondary;
+  background: $bg-secondary;
+}
+
+pre {
+  min-height: 180px;
+  max-height: 320px;
+  margin: 0;
+  padding: 12px 14px;
+  overflow: auto;
+  white-space: pre-wrap;
+  word-break: break-word;
+  font-size: 12px;
+  line-height: 1.5;
+}
+
+code {
+  font-size: 12px;
+  word-break: break-all;
+}
+
+@media (max-width: 1100px) {
+  .control-row {
+    align-items: stretch;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/MemorySettings.vue b/packages/client/src/components/hermes/settings/MemorySettings.vue
new file mode 100644
index 0000000..3167f56
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/MemorySettings.vue
@@ -0,0 +1,73 @@
+<script setup lang="ts">
+import { NSwitch, NInputNumber, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useSettingsStore } from '@/stores/hermes/settings'
+import SettingRow from './SettingRow.vue'
+
+const settingsStore = useSettingsStore()
+const message = useMessage()
+const { t } = useI18n()
+
+// 防抖保存：每个字段独立定时器，300ms 内只发最后一次 HTTP 请求
+const debounceTimers: Record<string, ReturnType<typeof setTimeout>> = {}
+
+function save(values: Record<string, any>) {
+  // Switch 等一次性操作，直接保存，不需要防抖
+  settingsStore.updateLocal('memory', values)
+  settingsStore.saveSection('memory', values).then(() => {
+    message.success(t('settings.saved'))
+  }).catch(() => {
+    message.error(t('settings.saveFailed'))
+  })
+}
+
+function debouncedSave(key: string, value: any) {
+  // 先立即更新本地 store（UI 即时响应）
+  settingsStore.updateLocal('memory', { [key]: value })
+  // 再防抖发 HTTP 保存
+  if (debounceTimers[key]) clearTimeout(debounceTimers[key])
+  debounceTimers[key] = setTimeout(async () => {
+    try {
+      await settingsStore.saveSection('memory', { [key]: value })
+      message.success(t('settings.saved'))
+    } catch (err: any) {
+      message.error(t('settings.saveFailed'))
+    }
+  }, 300)
+}
+</script>
+
+<template>
+  <section class="settings-section">
+    <SettingRow :label="t('settings.memory.enabled')" :hint="t('settings.memory.enabledHint')">
+      <NSwitch :value="settingsStore.memory.memory_enabled" @update:value="v => save({ memory_enabled: v })" />
+    </SettingRow>
+    <SettingRow :label="t('settings.memory.userProfile')" :hint="t('settings.memory.userProfileHint')">
+      <NSwitch :value="settingsStore.memory.user_profile_enabled" @update:value="v => save({ user_profile_enabled: v })" />
+    </SettingRow>
+    <SettingRow :label="t('settings.memory.charLimit')" :hint="t('settings.memory.charLimitHint')">
+      <NInputNumber
+        :value="settingsStore.memory.memory_char_limit"
+        :min="100" :max="10000" :step="100"
+        size="small" class="input-sm"
+        @update:value="v => v != null && debouncedSave('memory_char_limit', v)"
+      />
+    </SettingRow>
+    <SettingRow :label="t('settings.memory.userCharLimit')" :hint="t('settings.memory.userCharLimitHint')">
+      <NInputNumber
+        :value="settingsStore.memory.user_char_limit"
+        :min="100" :max="10000" :step="100"
+        size="small" class="input-sm"
+        @update:value="v => v != null && debouncedSave('user_char_limit', v)"
+      />
+    </SettingRow>
+  </section>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.settings-section {
+  margin-top: 16px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/ModelSettings.vue b/packages/client/src/components/hermes/settings/ModelSettings.vue
new file mode 100644
index 0000000..69ba8ce
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/ModelSettings.vue
@@ -0,0 +1,195 @@
+<script setup lang="ts">
+import { ref, onMounted } from 'vue'
+import { NInput, NButton, NSpin, NEmpty, useMessage } from 'naive-ui'
+import { useModelsStore } from '@/stores/hermes/models'
+import { updateProvider } from '@/api/hermes/system'
+import { useI18n } from 'vue-i18n'
+
+const { t } = useI18n()
+const modelsStore = useModelsStore()
+const message = useMessage()
+
+const savingKey = ref<string | null>(null)
+const editKeys = ref<Record<string, string>>({})
+
+onMounted(() => {
+  if (modelsStore.providers.length === 0) {
+    modelsStore.fetchProviders()
+  }
+})
+
+const isCustom = (provider: string) => {
+  const g = modelsStore.providers.find(p => p.provider === provider)
+  return !g?.builtin && provider.startsWith('custom:')
+}
+
+function getEditKey(provider: string): string {
+  if (!(provider in editKeys.value)) {
+    const g = modelsStore.providers.find(p => p.provider === provider)
+    editKeys.value[provider] = g?.api_key || ''
+  }
+  return editKeys.value[provider]
+}
+
+async function handleSaveApiKey(providerKey: string) {
+  const key = getEditKey(providerKey)
+  if (!key.trim()) {
+    message.warning(t('settings.models.apiKeyPlaceholder'))
+    return
+  }
+  savingKey.value = providerKey
+  try {
+    await updateProvider(providerKey, { api_key: key.trim() })
+    message.success(t('settings.models.saved'))
+    await modelsStore.fetchProviders()
+  } catch (e: any) {
+    message.error(e.message || t('settings.models.saveFailed'))
+  } finally {
+    savingKey.value = null
+  }
+}
+
+async function handleSaveCustom(providerKey: string) {
+  const key = getEditKey(providerKey)
+  savingKey.value = providerKey
+  try {
+    await updateProvider(providerKey, { api_key: key.trim() })
+    message.success(t('settings.models.saved'))
+    await modelsStore.fetchProviders()
+  } catch (e: any) {
+    message.error(e.message || t('settings.models.saveFailed'))
+  } finally {
+    savingKey.value = null
+  }
+}
+</script>
+
+<template>
+  <section class="settings-section">
+    <NSpin :show="modelsStore.loading">
+      <div v-if="modelsStore.providers.length === 0" class="empty-hint">
+        <NEmpty :description="t('settings.models.noProviders')" />
+      </div>
+
+      <div v-for="g in modelsStore.providers" :key="g.provider" class="provider-section">
+        <div class="provider-header">
+          <h4 class="provider-name">{{ g.label }}</h4>
+          <span class="type-badge" :class="isCustom(g.provider) ? 'custom' : 'builtin'">
+            {{ isCustom(g.provider) ? t('models.customType') : t('models.builtIn') }}
+          </span>
+        </div>
+
+        <!-- Built-in provider: only API key -->
+        <div v-if="!isCustom(g.provider)" class="provider-fields">
+          <div class="field-row">
+            <NInput
+              :value="getEditKey(g.provider)"
+              type="password"
+              show-password-on="click"
+              :placeholder="t('settings.models.apiKeyPlaceholder')"
+              autocomplete="off"
+              @update:value="v => editKeys[g.provider] = v"
+            />
+            <NButton
+              type="primary"
+              size="small"
+              :loading="savingKey === g.provider"
+              @click="handleSaveApiKey(g.provider)"
+            >
+              {{ t('settings.models.save') }}
+            </NButton>
+          </div>
+        </div>
+
+        <!-- Custom provider: API key -->
+        <div v-else class="provider-fields">
+          <div class="field-row">
+            <NInput
+              :value="getEditKey(g.provider)"
+              type="password"
+              show-password-on="click"
+              :placeholder="t('settings.models.apiKeyPlaceholder')"
+              autocomplete="off"
+              @update:value="v => editKeys[g.provider] = v"
+            />
+            <NButton
+              type="primary"
+              size="small"
+              :loading="savingKey === g.provider"
+              @click="handleSaveCustom(g.provider)"
+            >
+              {{ t('settings.models.save') }}
+            </NButton>
+          </div>
+        </div>
+      </div>
+    </NSpin>
+  </section>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.settings-section {
+  margin-top: 16px;
+}
+
+.empty-hint {
+  padding: 40px 0;
+}
+
+.provider-section {
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  padding: 16px;
+  margin-bottom: 14px;
+  background: $bg-card;
+}
+
+.provider-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  margin-bottom: 12px;
+}
+
+.provider-name {
+  font-size: 14px;
+  font-weight: 600;
+  color: $text-primary;
+  margin: 0;
+}
+
+.type-badge {
+  font-size: 11px;
+  padding: 2px 8px;
+  border-radius: 10px;
+  font-weight: 500;
+
+  &.builtin {
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    color: $accent-primary;
+  }
+
+  &.custom {
+    background: rgba(var(--success-rgb), 0.12);
+    color: $success;
+  }
+}
+
+.provider-fields {
+  display: flex;
+  flex-direction: column;
+  gap: 10px;
+}
+
+.field-row {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+
+  .n-input {
+    flex: 1;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/PlatformCard.vue b/packages/client/src/components/hermes/settings/PlatformCard.vue
new file mode 100644
index 0000000..5ad85a7
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/PlatformCard.vue
@@ -0,0 +1,123 @@
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import { NTag, NAlert } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+
+const props = defineProps<{
+  name: string
+  icon: string
+  config: Record<string, any>
+  credentials?: Record<string, any>
+  exclusive?: boolean
+}>()
+
+const expanded = ref(true)
+const { t } = useI18n()
+
+const configured = computed(() => {
+  const creds = props.credentials
+  if (!creds) return false
+  const keys = ['token', 'api_key', 'app_id', 'client_id', 'secret', 'app_secret', 'client_secret', 'access_token', 'bot_id', 'account_id', 'enabled']
+  // Check top-level and nested extra.*
+  const targets = [creds, creds.extra].filter(Boolean)
+  return targets.some(obj =>
+    keys.some(key => {
+      const val = (obj as Record<string, any>)[key]
+      return val !== undefined && val !== null && val !== '' && val !== false
+    })
+  )
+})
+</script>
+
+<template>
+  <div class="platform-card" :class="{ configured }">
+    <div class="platform-card-header" @click="expanded = !expanded">
+      <div class="platform-info">
+        <span class="platform-icon" v-html="icon" />
+        <span class="platform-name">{{ name }}</span>
+        <NTag :type="configured ? 'success' : 'default'" size="small" round>
+          {{ configured ? t('common.configured') : t('common.notConfigured') }}
+        </NTag>
+      </div>
+      <span class="expand-icon" :class="{ expanded }">&#9662;</span>
+    </div>
+    <div v-if="expanded" class="platform-card-body">
+      <NAlert v-if="exclusive" type="warning" :show-icon="true" class="exclusive-alert">
+        {{ t('platform.exclusiveTokenWarning') }}
+      </NAlert>
+      <slot />
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.platform-card {
+  background-color: $bg-card;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  margin-bottom: 12px;
+  overflow: hidden;
+
+  &.configured {
+    border-color: rgba(var(--success-rgb), 0.2);
+  }
+}
+
+.platform-card-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 12px 16px;
+  cursor: pointer;
+  user-select: none;
+
+  &:hover {
+    background-color: rgba(var(--text-primary-rgb), 0.03);
+  }
+}
+
+.platform-info {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+}
+
+.platform-icon {
+  width: 18px;
+  height: 18px;
+  color: $text-secondary;
+  flex-shrink: 0;
+}
+
+.platform-name {
+  font-size: 14px;
+  font-weight: 500;
+  color: $text-primary;
+}
+
+.expand-icon {
+  font-size: 12px;
+  color: $text-muted;
+  transition: transform 0.2s;
+
+  &.expanded {
+    transform: rotate(0deg);
+  }
+
+  &:not(.expanded) {
+    transform: rotate(-90deg);
+  }
+}
+
+.platform-card-body {
+  padding: 0 16px 12px;
+  border-top: 1px solid $border-light;
+}
+
+.exclusive-alert {
+  margin: 12px 0 4px;
+  font-size: 12px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/PlatformSettings.vue b/packages/client/src/components/hermes/settings/PlatformSettings.vue
new file mode 100644
index 0000000..4b3950d
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/PlatformSettings.vue
@@ -0,0 +1,510 @@
+<script setup lang="ts">
+import { ref, reactive, onUnmounted, watch } from 'vue'
+import { NSwitch, NInput, NButton, NSpin, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useSettingsStore } from '@/stores/hermes/settings'
+import { saveCredentials as saveCredsApi, fetchWeixinQrCode, pollWeixinQrStatus, saveWeixinCredentials } from '@/api/hermes/config'
+import PlatformCard from './PlatformCard.vue'
+import SettingRow from './SettingRow.vue'
+
+const settingsStore = useSettingsStore()
+const message = useMessage()
+const { t } = useI18n()
+
+const saving = reactive<Record<string, boolean>>({})
+const configDrafts = reactive<Record<string, Record<string, any>>>({})
+const credentialDrafts = reactive<Record<string, Record<string, any>>>({})
+const touchedConfig = reactive<Record<string, boolean>>({})
+const touchedCredentials = reactive<Record<string, boolean>>({})
+
+function cloneValue<T>(value: T): T {
+  return JSON.parse(JSON.stringify(value || {}))
+}
+
+function mergeDeep(target: Record<string, any>, values: Record<string, any>) {
+  for (const [key, value] of Object.entries(values)) {
+    if (value && typeof value === 'object' && !Array.isArray(value)) {
+      target[key] = mergeDeep({ ...(target[key] || {}) }, value as Record<string, any>)
+    } else {
+      target[key] = value
+    }
+  }
+  return target
+}
+
+function configDraft(platform: string) {
+  if (!configDrafts[platform]) {
+    configDrafts[platform] = cloneValue(settingsStore[platform as keyof typeof settingsStore] as Record<string, any>)
+  }
+  return configDrafts[platform]
+}
+
+function credentialDraft(platform: string) {
+  if (!credentialDrafts[platform]) credentialDrafts[platform] = cloneValue(getCreds(platform))
+  return credentialDrafts[platform]
+}
+
+function setConfigDraft(platform: string, values: Record<string, any>) {
+  configDrafts[platform] = mergeDeep({ ...configDraft(platform) }, values)
+  touchedConfig[platform] = true
+}
+
+function setCredentialDraft(platform: string, values: Record<string, any>) {
+  credentialDrafts[platform] = mergeDeep({ ...credentialDraft(platform) }, values)
+  touchedCredentials[platform] = true
+}
+
+function sameJson(a: unknown, b: unknown) {
+  return JSON.stringify(a || {}) === JSON.stringify(b || {})
+}
+
+function hasConfigChanges(platform: string) {
+  return !!touchedConfig[platform] && !!configDrafts[platform] && !sameJson(configDrafts[platform], settingsStore[platform as keyof typeof settingsStore])
+}
+
+function hasCredentialChanges(platform: string) {
+  return !!touchedCredentials[platform] && !!credentialDrafts[platform] && !sameJson(credentialDrafts[platform], getCreds(platform))
+}
+
+function hasUnsavedChanges(platform: string) {
+  return hasConfigChanges(platform) || hasCredentialChanges(platform)
+}
+
+function isSavingPlatform(platform: string) {
+  return !!saving[platform]
+}
+
+async function savePlatform(platform: string) {
+  saving[platform] = true
+  try {
+    const configChanged = hasConfigChanges(platform)
+    const credentialsChanged = hasCredentialChanges(platform)
+    if (configChanged) {
+      await settingsStore.saveSection(platform, configDraft(platform), { restart: !credentialsChanged })
+    }
+    if (credentialsChanged) {
+      await saveCredsApi(platform, credentialDraft(platform))
+      await settingsStore.fetchSettings()
+    }
+    configDrafts[platform] = cloneValue(settingsStore[platform as keyof typeof settingsStore] as Record<string, any>)
+    credentialDrafts[platform] = cloneValue(getCreds(platform))
+    touchedConfig[platform] = false
+    touchedCredentials[platform] = false
+    message.success(t('settings.saved'))
+  } catch (err: any) {
+    message.error(err?.message || t('settings.saveFailed'))
+  } finally {
+    saving[platform] = false
+  }
+}
+
+function getCreds(key: string) {
+  return (settingsStore.platforms[key] || {}) as Record<string, any>
+}
+
+function boolValue(value: unknown) {
+  return value === true || value === 'true'
+}
+
+// Weixin QR code login state
+const wxQrUrl = ref('')
+const wxQrId = ref('')
+const wxQrStatus = ref<'idle' | 'loading' | 'waiting' | 'scaned' | 'confirmed' | 'error' | 'expired'>('idle')
+let wxPollTimer: ReturnType<typeof setTimeout> | null = null
+
+async function startWeixinQrLogin() {
+  wxQrStatus.value = 'loading'
+  wxQrUrl.value = ''
+  wxQrId.value = ''
+  stopWeixinPoll()
+
+  try {
+    const data = await fetchWeixinQrCode()
+    wxQrId.value = data.qrcode
+    wxQrUrl.value = data.qrcode_url
+    window.open(data.qrcode_url, '_blank')
+    wxQrStatus.value = 'waiting'
+    pollWeixinStatus()
+  } catch (err: any) {
+    wxQrStatus.value = 'error'
+    message.error(err.message || t('platform.qrFetching'))
+  }
+}
+
+function pollWeixinStatus() {
+  if (!wxQrId.value) return
+  wxPollTimer = setTimeout(async () => {
+    try {
+      const data = await pollWeixinQrStatus(wxQrId.value)
+      if (data.status === 'wait') {
+        pollWeixinStatus()
+      } else if (data.status === 'scaned') {
+        wxQrStatus.value = 'scaned'
+        pollWeixinStatus()
+      } else if (data.status === 'expired') {
+        wxQrStatus.value = 'expired'
+      } else if (data.status === 'confirmed') {
+        wxQrStatus.value = 'confirmed'
+        await saveWeixinCredentials({
+          account_id: data.account_id!,
+          token: data.token!,
+          base_url: data.base_url,
+        })
+        await settingsStore.fetchSettings()
+        message.success(t('settings.saved'))
+      }
+    } catch {
+      pollWeixinStatus()
+    }
+  }, 3000)
+}
+
+function stopWeixinPoll() {
+  if (wxPollTimer) {
+    clearTimeout(wxPollTimer)
+    wxPollTimer = null
+  }
+}
+
+onUnmounted(() => {
+  stopWeixinPoll()
+})
+
+const platforms = [
+  {
+    key: 'telegram',
+    name: 'Telegram',
+    exclusive: true,
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M11.944 0A12 12 0 0 0 0 12a12 12 0 0 0 12 12 12 12 0 0 0 12-12A12 12 0 0 0 12 0a12 12 0 0 0-.056 0zm4.962 7.224c.1-.002.321.023.465.14a.506.506 0 0 1 .171.325c.016.093.036.306.02.472-.18 1.898-.962 6.502-1.36 8.627-.168.9-.499 1.201-.82 1.23-.696.065-1.225-.46-1.9-.902-1.056-.693-1.653-1.124-2.678-1.8-1.185-.78-.417-1.21.258-1.91.177-.184 3.247-2.977 3.307-3.23.007-.032.014-.15-.056-.212s-.174-.041-.249-.024c-.106.024-1.793 1.14-5.061 3.345-.479.33-.913.49-1.302.48-.428-.008-1.252-.241-1.865-.44-.752-.245-1.349-.374-1.297-.789.027-.216.325-.437.893-.663 3.498-1.524 5.83-2.529 6.998-3.014 3.332-1.386 4.025-1.627 4.476-1.635z"/></svg>',
+  },
+  {
+    key: 'discord',
+    name: 'Discord',
+    exclusive: true,
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M20.317 4.3698a19.7913 19.7913 0 00-4.8851-1.5152.0741.0741 0 00-.0785.0371c-.211.3753-.4447.8648-.6083 1.2495-1.8447-.2762-3.68-.2762-5.4868 0-.1636-.3933-.4058-.8742-.6177-1.2495a.077.077 0 00-.0785-.037 19.7363 19.7363 0 00-4.8852 1.515.0699.0699 0 00-.0321.0277C.5334 9.0458-.319 13.5799.0992 18.0578a.0824.0824 0 00.0312.0561c2.0528 1.5076 4.0413 2.4228 5.9929 3.0294a.0777.0777 0 00.0842-.0276c.4616-.6304.8731-1.2952 1.226-1.9942a.076.076 0 00-.0416-.1057c-.6528-.2476-1.2743-.5495-1.8722-.8923a.077.077 0 01-.0076-.1277c.1258-.0943.2517-.1923.3718-.2914a.0743.0743 0 01.0776-.0105c3.9278 1.7933 8.18 1.7933 12.0614 0a.0739.0739 0 01.0785.0095c.1202.099.246.1981.3728.2924a.077.077 0 01-.0066.1276 12.2986 12.2986 0 01-1.873.8914.0766.0766 0 00-.0407.1067c.3604.698.7719 1.3628 1.225 1.9932a.076.076 0 00.0842.0286c1.961-.6067 3.9495-1.5219 6.0023-3.0294a.077.077 0 00.0313-.0552c.5004-5.177-.8382-9.6739-3.5485-13.6604a.061.061 0 00-.0312-.0286zM8.02 15.3312c-1.1825 0-2.1569-1.0857-2.1569-2.419 0-1.3332.9555-2.4189 2.157-2.4189 1.2108 0 2.1757 1.0952 2.1568 2.419 0 1.3332-.9555 2.4189-2.1569 2.4189zm7.9748 0c-1.1825 0-2.1569-1.0857-2.1569-2.419 0-1.3332.9554-2.4189 2.1569-2.4189 1.2108 0 2.1757 1.0952 2.1568 2.419 0 1.3332-.946 2.4189-2.1568 2.4189z"/></svg>',
+  },
+  {
+    key: 'slack',
+    name: 'Slack',
+    exclusive: true,
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M5.042 15.165a2.528 2.528 0 0 1-2.52 2.523A2.528 2.528 0 0 1 0 15.165a2.527 2.527 0 0 1 2.522-2.52h2.52v2.52zm1.271 0a2.527 2.527 0 0 1 2.521-2.52 2.527 2.527 0 0 1 2.521 2.52v6.313A2.528 2.528 0 0 1 8.834 24a2.528 2.528 0 0 1-2.521-2.522v-6.313zM8.834 5.042a2.528 2.528 0 0 1-2.521-2.52A2.528 2.528 0 0 1 8.834 0a2.528 2.528 0 0 1 2.521 2.522v2.52H8.834zm0 1.271a2.528 2.528 0 0 1 2.521 2.521 2.528 2.528 0 0 1-2.521 2.521H2.522A2.528 2.528 0 0 1 0 8.834a2.528 2.528 0 0 1 2.522-2.521h6.312zm10.122 0a2.528 2.528 0 0 1 2.522-2.521A2.528 2.528 0 0 1 24 8.834a2.528 2.528 0 0 1-2.522 2.521h-2.522V5.042zm-1.27 0a2.528 2.528 0 0 1-2.523 2.521 2.527 2.527 0 0 1-2.52-2.521V2.522A2.527 2.527 0 0 1 15.165 0a2.528 2.528 0 0 1 2.523 2.522v6.312zM15.165 18.956a2.528 2.528 0 0 1 2.523 2.522A2.528 2.528 0 0 1 15.165 24a2.527 2.527 0 0 1-2.52-2.522v-2.522h2.52zm0-1.27a2.527 2.527 0 0 1 2.523-2.52h6.313A2.528 2.528 0 0 1 24 18.956a2.528 2.528 0 0 1-2.522 2.523h-6.313z"/></svg>',
+  },
+  {
+    key: 'whatsapp',
+    name: 'WhatsApp',
+    exclusive: true,
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M17.472 14.382c-.297-.149-1.758-.867-2.03-.967-.273-.099-.471-.148-.67.15-.197.297-.767.966-.94 1.164-.173.199-.347.223-.644.075-.297-.15-1.255-.463-2.39-1.475-.883-.788-1.48-1.761-1.653-2.059-.173-.297-.018-.458.13-.606.134-.133.298-.347.446-.52.149-.174.198-.298.298-.497.099-.198.05-.371-.025-.52-.075-.149-.669-1.612-.916-2.207-.242-.579-.487-.5-.669-.51-.173-.008-.371-.01-.57-.01-.198 0-.52.074-.792.372-.272.297-1.04 1.016-1.04 2.479 0 1.462 1.065 2.875 1.213 3.074.149.198 2.096 3.2 5.077 4.487.709.306 1.262.489 1.694.625.712.227 1.36.195 1.871.118.571-.085 1.758-.719 2.006-1.413.248-.694.248-1.289.173-1.413-.074-.124-.272-.198-.57-.347m-5.421 7.403h-.004a9.87 9.87 0 01-5.031-1.378l-.361-.214-3.741.982.998-3.648-.235-.374a9.86 9.86 0 01-1.51-5.26c.001-5.45 4.436-9.884 9.888-9.884 2.64 0 5.122 1.03 6.988 2.898a9.825 9.825 0 012.893 6.994c-.003 5.45-4.437 9.884-9.885 9.884m8.413-18.297A11.815 11.815 0 0012.05 0C5.495 0 .16 5.335.157 11.892c0 2.096.547 4.142 1.588 5.945L.057 24l6.305-1.654a11.882 11.882 0 005.683 1.448h.005c6.554 0 11.89-5.335 11.893-11.893a11.821 11.821 0 00-3.48-8.413z"/></svg>',
+  },
+  {
+    key: 'matrix',
+    name: 'Matrix',
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M.632.55v22.9H2.28V24H0V0h2.28v.55zm7.043 7.26v1.157h.033c.309-.443.683-.784 1.117-1.024.433-.245.936-.365 1.5-.365.54 0 1.033.107 1.48.324.448.217.786.619 1.017 1.205.24-.376.558-.702.956-.98.398-.277.872-.414 1.424-.414.41 0 .784.065 1.122.194.34.13.629.325.87.588.241.263.428.59.56.984.132.393.198.85.198 1.368v5.89h-2.49v-4.893c0-.268-.016-.525-.048-.77a1.627 1.627 0 00-.2-.63 1.028 1.028 0 00-.392-.426 1.294 1.294 0 00-.616-.134c-.277 0-.508.05-.693.15a1.043 1.043 0 00-.43.41 1.768 1.768 0 00-.214.616 4.15 4.15 0 00-.06.74v4.937H9.29v-4.937c0-.25-.01-.498-.032-.742a1.84 1.84 0 00-.166-.638.998.998 0 00-.363-.448 1.206 1.206 0 00-.624-.154c-.26 0-.483.048-.67.144a1.055 1.055 0 00-.436.402 1.744 1.744 0 00-.227.616 4.108 4.108 0 00-.063.74v4.937H5.21V7.81zm15.693 15.64V.55H21.72V0H24v24h-2.28v-.55z"/></svg>',
+  },
+  {
+    key: 'feishu',
+    name: 'Feishu',
+    exclusive: true,
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M6.59 3.41a2.25 2.25 0 0 1 3.182 0L13.5 7.14l-3.182 3.182L6.59 7.59a2.25 2.25 0 0 1 0-3.182zm5.303 5.303L15.075 5.53a2.25 2.25 0 0 1 3.182 3.182L15.075 11.894 11.893 8.713zM3.41 6.59a2.25 2.25 0 0 1 3.182 0l3.182 3.182-3.182 3.182a2.25 2.25 0 0 1-3.182-3.182L3.41 6.59zm5.303 5.303L11.894 15.075a2.25 2.25 0 0 1-3.182 3.182L5.53 15.075 8.713 11.893zm5.303-5.303L17.478 9.778a2.25 2.25 0 0 1-3.182 3.182L10.53 10.075l3.182-3.182 0 .023z"/></svg>',
+  },
+  {
+    key: 'dingtalk',
+    name: 'DingTalk',
+    exclusive: true,
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M19.76 7.05c-.23-.52-.7-.9-1.26-1.02L5.35 3.2c-.77-.16-1.51.38-1.58 1.16-.22 2.55.17 5.4 1.13 7.66.97 2.29 2.52 4.11 4.45 4.82l-1.28 3.03c-.17.4.24.79.63.59l9.47-4.83c.34-.17.55-.52.55-.9v-3.12c.73-.4 1.22-1.17 1.22-2.06 0-.87-.08-1.73-.18-2.5zm-3.66 5.95-5.19 2.65.76-1.8c.12-.29-.03-.62-.33-.72-2.1-.73-3.56-3.54-3.95-6.73l9.27 2c.04.38.07.76.07 1.15 0 .45-.36.81-.81.81h-2.79c-.35 0-.63.28-.63.63s.28.63.63.63h2.97V13z"/></svg>',
+  },
+  {
+    key: 'qqbot',
+    name: 'QQBot',
+    exclusive: true,
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M12 2C7.58 2 4 5.27 4 9.31c0 2.3 1.15 4.34 2.95 5.68-.13.58-.48 1.62-1.26 2.53-.24.28-.05.72.32.73 1.72.05 3.02-.68 3.69-1.15.72.16 1.49.25 2.3.25 4.42 0 8-3.27 8-7.31S16.42 2 12 2zm-3.2 7.63c-.63 0-1.14-.55-1.14-1.23s.51-1.23 1.14-1.23 1.14.55 1.14 1.23-.51 1.23-1.14 1.23zm6.4 0c-.63 0-1.14-.55-1.14-1.23s.51-1.23 1.14-1.23 1.14.55 1.14 1.23-.51 1.23-1.14 1.23zM5.5 20.5a.5.5 0 0 1 .5-.5h12a.5.5 0 0 1 0 1H6a.5.5 0 0 1-.5-.5z"/></svg>',
+  },
+  {
+    key: 'weixin',
+    name: 'Weixin',
+    exclusive: true,
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M8.691 2.188C3.891 2.188 0 5.476 0 9.53c0 2.212 1.17 4.203 3.002 5.55a.59.59 0 01.213.665l-.39 1.48c-.019.07-.048.141-.048.213 0 .163.13.295.29.295a.326.326 0 00.167-.054l1.903-1.114a.864.864 0 01.717-.098 10.16 10.16 0 002.837.403c.276 0 .543-.027.811-.05-.857-2.578.157-4.972 1.932-6.446 1.703-1.415 3.882-1.98 5.853-1.838-.576-3.583-4.196-6.348-8.596-6.348zM5.785 5.991c.642 0 1.162.529 1.162 1.18a1.17 1.17 0 01-1.162 1.178A1.17 1.17 0 014.623 7.17c0-.651.52-1.18 1.162-1.18zm5.813 0c.642 0 1.162.529 1.162 1.18a1.17 1.17 0 01-1.162 1.178 1.17 1.17 0 01-1.162-1.178c0-.651.52-1.18 1.162-1.18zm3.68 4.025c-3.694 0-6.69 2.462-6.69 5.496 0 3.034 2.996 5.496 6.69 5.496.753 0 1.477-.1 2.158-.28a.66.66 0 01.548.074l1.46.854a.25.25 0 00.127.041.224.224 0 00.221-.225c0-.055-.022-.109-.037-.162l-.298-1.131a.453.453 0 01.163-.509C21.81 18.613 22.77 16.973 22.77 15.512c0-3.034-2.996-5.496-6.69-5.496h.198zm-2.454 3.347c.491 0 .889.404.889.902a.896.896 0 01-.889.903.896.896 0 01-.889-.903c0-.498.398-.902.889-.902zm4.912 0c.491 0 .889.404.889.902a.896.896 0 01-.889.903.896.896 0 01-.889-.903c0-.498.398-.902.889-.902z"/></svg>',
+  },
+  {
+    key: 'wecom',
+    name: 'WeCom',
+    icon: '<svg viewBox="0 0 24 24" fill="currentColor"><path d="M8.691 2.188C3.891 2.188 0 5.476 0 9.53c0 2.212 1.17 4.203 3.002 5.55a.59.59 0 01.213.665l-.39 1.48c-.019.07-.048.141-.048.213 0 .163.13.295.29.295a.326.326 0 00.167-.054l1.903-1.114a.864.864 0 01.717-.098 10.16 10.16 0 002.837.403c.276 0 .543-.027.811-.05-.857-2.578.157-4.972 1.932-6.446 1.703-1.415 3.882-1.98 5.853-1.838-.576-3.583-4.196-6.348-8.596-6.348zM5.785 5.991c.642 0 1.162.529 1.162 1.18a1.17 1.17 0 01-1.162 1.178A1.17 1.17 0 014.623 7.17c0-.651.52-1.18 1.162-1.18zm5.813 0c.642 0 1.162.529 1.162 1.18a1.17 1.17 0 01-1.162 1.178 1.17 1.17 0 01-1.162-1.178c0-.651.52-1.18 1.162-1.18zm3.68 4.025c-3.694 0-6.69 2.462-6.69 5.496 0 3.034 2.996 5.496 6.69 5.496.753 0 1.477-.1 2.158-.28a.66.66 0 01.548.074l1.46.854a.25.25 0 00.127.041.224.224 0 00.221-.225c0-.055-.022-.109-.037-.162l-.298-1.131a.453.453 0 01.163-.509C21.81 18.613 22.77 16.973 22.77 15.512c0-3.034-2.996-5.496-6.69-5.496h.198zm-2.454 3.347c.491 0 .889.404.889.902a.896.896 0 01-.889.903.896.896 0 01-.889-.903c0-.498.398-.902.889-.902zm4.912 0c.491 0 .889.404.889.902a.896.896 0 01-.889.903.896.896 0 01-.889-.903c0-.498.398-.902.889-.902z"/></svg>',
+  },
+]
+
+watch(
+  () => platforms.map((platform) => ({
+    key: platform.key,
+    config: settingsStore[platform.key as keyof typeof settingsStore],
+    credentials: getCreds(platform.key),
+  })),
+  (items) => {
+    for (const item of items) {
+      if (!touchedConfig[item.key]) {
+        configDrafts[item.key] = cloneValue(item.config as Record<string, any>)
+      }
+      if (!touchedCredentials[item.key]) {
+        credentialDrafts[item.key] = cloneValue(item.credentials)
+      }
+    }
+  },
+  { deep: true, immediate: true },
+)
+</script>
+
+<template>
+  <section class="settings-section">
+    <PlatformCard
+      v-for="p in platforms"
+      :key="p.key"
+      :name="p.name"
+      :icon="p.icon"
+      :exclusive="p.exclusive"
+      :config="settingsStore[p.key as keyof typeof settingsStore] as Record<string, any>"
+      :credentials="getCreds(p.key)"
+    >
+      <!-- Telegram -->
+      <template v-if="p.key === 'telegram'">
+        <SettingRow :label="t('platform.botToken')" :hint="t('platform.botTokenHint')">
+          <NInput :value="credentialDraft('telegram').token || ''" :loading="isSavingPlatform('telegram')" clearable size="small" class="input-lg" placeholder="123456:ABC-DEF..." @update:value="v => setCredentialDraft('telegram', { token: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.requireMention')" :hint="t('platform.requireMentionGroup')">
+          <NSwitch :value="configDraft('telegram').require_mention" :loading="isSavingPlatform('telegram')" @update:value="v => setConfigDraft('telegram', { require_mention: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.reactions')" :hint="t('platform.reactionsHint')">
+          <NSwitch :value="configDraft('telegram').reactions" :loading="isSavingPlatform('telegram')" @update:value="v => setConfigDraft('telegram', { reactions: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.freeResponseChats')" :hint="t('platform.freeResponseChatsHint')">
+          <NInput :value="configDraft('telegram').free_response_chats || ''" :loading="isSavingPlatform('telegram')" size="small" placeholder="chat_id1,chat_id2" @update:value="v => setConfigDraft('telegram', { free_response_chats: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.mentionPatterns')" :hint="t('platform.mentionPatternsHint')">
+          <NInput :value="(configDraft('telegram').mention_patterns || []).join(', ')" :loading="isSavingPlatform('telegram')" size="small" placeholder="pattern1, pattern2" @update:value="v => setConfigDraft('telegram', { mention_patterns: v ? v.split(',').map(s => s.trim()) : [] })" />
+        </SettingRow>
+      </template>
+
+      <!-- Discord -->
+      <template v-if="p.key === 'discord'">
+        <SettingRow :label="t('platform.botToken')" :hint="t('platform.botTokenHint')">
+          <NInput :value="credentialDraft('discord').token || ''" :loading="isSavingPlatform('discord')" clearable size="small" class="input-lg" placeholder="Bot token..." @update:value="v => setCredentialDraft('discord', { token: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.requireMention')" :hint="t('platform.requireMentionChannel')">
+          <NSwitch :value="configDraft('discord').require_mention" :loading="isSavingPlatform('discord')" @update:value="v => setConfigDraft('discord', { require_mention: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.autoThread')" :hint="t('platform.autoThreadHint')">
+          <NSwitch :value="configDraft('discord').auto_thread" :loading="isSavingPlatform('discord')" @update:value="v => setConfigDraft('discord', { auto_thread: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.reactions')" :hint="t('platform.reactionsHint')">
+          <NSwitch :value="configDraft('discord').reactions" :loading="isSavingPlatform('discord')" @update:value="v => setConfigDraft('discord', { reactions: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.freeResponseChannels')" :hint="t('platform.freeResponseChannelsHint')">
+          <NInput :value="configDraft('discord').free_response_channels || ''" :loading="isSavingPlatform('discord')" size="small" placeholder="channel_id1,channel_id2" @update:value="v => setConfigDraft('discord', { free_response_channels: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.allowedChannels')" :hint="t('platform.allowedChannelsHint')">
+          <NInput :value="configDraft('discord').allowed_channels || ''" :loading="isSavingPlatform('discord')" size="small" placeholder="channel_id1,channel_id2" @update:value="v => setConfigDraft('discord', { allowed_channels: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.ignoredChannels')" :hint="t('platform.ignoredChannelsHint')">
+          <NInput :value="configDraft('discord').ignored_channels || ''" :loading="isSavingPlatform('discord')" size="small" placeholder="channel_id1,channel_id2" @update:value="v => setConfigDraft('discord', { ignored_channels: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.noThreadChannels')" :hint="t('platform.noThreadChannelsHint')">
+          <NInput :value="configDraft('discord').no_thread_channels || ''" :loading="isSavingPlatform('discord')" size="small" placeholder="channel_id1,channel_id2" @update:value="v => setConfigDraft('discord', { no_thread_channels: v })" />
+        </SettingRow>
+      </template>
+
+      <!-- Slack -->
+      <template v-if="p.key === 'slack'">
+        <SettingRow :label="t('platform.botToken')" :hint="t('platform.botTokenHint')">
+          <NInput :value="credentialDraft('slack').token || ''" :loading="isSavingPlatform('slack')" clearable size="small" class="input-lg" placeholder="xoxb-..." @update:value="v => setCredentialDraft('slack', { token: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.requireMention')" :hint="t('platform.requireMentionChannel')">
+          <NSwitch :value="configDraft('slack').require_mention" :loading="isSavingPlatform('slack')" @update:value="v => setConfigDraft('slack', { require_mention: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.allowBots')" :hint="t('platform.allowBotsHint')">
+          <NSwitch :value="configDraft('slack').allow_bots" :loading="isSavingPlatform('slack')" @update:value="v => setConfigDraft('slack', { allow_bots: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.freeResponseChannels')" :hint="t('platform.freeResponseChannelsHint')">
+          <NInput :value="configDraft('slack').free_response_channels || ''" :loading="isSavingPlatform('slack')" size="small" placeholder="channel_id1,channel_id2" @update:value="v => setConfigDraft('slack', { free_response_channels: v })" />
+        </SettingRow>
+      </template>
+
+      <!-- WhatsApp -->
+      <template v-if="p.key === 'whatsapp'">
+        <SettingRow :label="t('platform.waEnabled')" :hint="t('platform.waEnabledHint')">
+          <NSwitch :value="credentialDraft('whatsapp').enabled" :loading="isSavingPlatform('whatsapp')" @update:value="v => setCredentialDraft('whatsapp', { enabled: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.requireMention')" :hint="t('platform.requireMentionGroup')">
+          <NSwitch :value="configDraft('whatsapp').require_mention" :loading="isSavingPlatform('whatsapp')" @update:value="v => setConfigDraft('whatsapp', { require_mention: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.freeResponseChats')" :hint="t('platform.freeResponseChatsHint')">
+          <NInput :value="configDraft('whatsapp').free_response_chats || ''" :loading="isSavingPlatform('whatsapp')" size="small" placeholder="chat_id1,chat_id2" @update:value="v => setConfigDraft('whatsapp', { free_response_chats: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.mentionPatterns')" :hint="t('platform.mentionPatternsHint')">
+          <NInput :value="(configDraft('whatsapp').mention_patterns || []).join(', ')" :loading="isSavingPlatform('whatsapp')" size="small" placeholder="pattern1, pattern2" @update:value="v => setConfigDraft('whatsapp', { mention_patterns: v ? v.split(',').map(s => s.trim()) : [] })" />
+        </SettingRow>
+      </template>
+
+      <!-- Matrix -->
+      <template v-if="p.key === 'matrix'">
+        <SettingRow :label="t('platform.accessToken')" :hint="t('platform.accessTokenHint')">
+          <NInput :value="credentialDraft('matrix').token || ''" :loading="isSavingPlatform('matrix')" clearable size="small" class="input-lg" placeholder="syt_..." @update:value="v => setCredentialDraft('matrix', { token: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.homeserver')" :hint="t('platform.homeserverHint')">
+          <NInput :value="credentialDraft('matrix').extra?.homeserver || ''" :loading="isSavingPlatform('matrix')" clearable size="small" class="input-lg" placeholder="https://matrix.org" @update:value="v => setCredentialDraft('matrix', { extra: { ...credentialDraft('matrix').extra, homeserver: v } })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.requireMention')" :hint="t('platform.requireMentionRoom')">
+          <NSwitch :value="configDraft('matrix').require_mention" :loading="isSavingPlatform('matrix')" @update:value="v => setConfigDraft('matrix', { require_mention: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.autoThread')" :hint="t('platform.autoThreadHintRoom')">
+          <NSwitch :value="configDraft('matrix').auto_thread" :loading="isSavingPlatform('matrix')" @update:value="v => setConfigDraft('matrix', { auto_thread: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.dmMentionThreads')" :hint="t('platform.dmMentionThreadsHint')">
+          <NSwitch :value="configDraft('matrix').dm_mention_threads" :loading="isSavingPlatform('matrix')" @update:value="v => setConfigDraft('matrix', { dm_mention_threads: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.freeResponseRooms')" :hint="t('platform.freeResponseRoomsHint')">
+          <NInput :value="configDraft('matrix').free_response_rooms || ''" :loading="isSavingPlatform('matrix')" size="small" placeholder="room_id1,room_id2" @update:value="v => setConfigDraft('matrix', { free_response_rooms: v })" />
+        </SettingRow>
+      </template>
+
+      <!-- Feishu -->
+      <template v-if="p.key === 'feishu'">
+        <SettingRow :label="t('platform.appId')" :hint="t('platform.appIdHint')">
+          <NInput :value="credentialDraft('feishu').extra?.app_id || ''" :loading="isSavingPlatform('feishu')" clearable size="small" class="input-lg" placeholder="cli_..." @update:value="v => setCredentialDraft('feishu', { extra: { ...credentialDraft('feishu').extra, app_id: v } })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.appSecret')" :hint="t('platform.appSecretHint')">
+          <NInput :value="credentialDraft('feishu').extra?.app_secret || ''" :loading="isSavingPlatform('feishu')" clearable size="small" class="input-lg" placeholder="App Secret" @update:value="v => setCredentialDraft('feishu', { extra: { ...credentialDraft('feishu').extra, app_secret: v } })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.requireMention')" :hint="t('platform.requireMentionGroup')">
+          <NSwitch :value="configDraft('feishu').require_mention" :loading="isSavingPlatform('feishu')" @update:value="v => setConfigDraft('feishu', { require_mention: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.freeResponseChats')" :hint="t('platform.freeResponseChatsHint')">
+          <NInput :value="configDraft('feishu').free_response_chats || ''" :loading="isSavingPlatform('feishu')" size="small" placeholder="chat_id1,chat_id2" @update:value="v => setConfigDraft('feishu', { free_response_chats: v })" />
+        </SettingRow>
+      </template>
+
+      <!-- DingTalk -->
+      <template v-if="p.key === 'dingtalk'">
+        <SettingRow :label="t('platform.clientId')" :hint="t('platform.clientIdHint')">
+          <NInput :value="credentialDraft('dingtalk').extra?.client_id || ''" :loading="isSavingPlatform('dingtalk')" clearable size="small" class="input-lg" placeholder="Client ID" @update:value="v => setCredentialDraft('dingtalk', { extra: { ...credentialDraft('dingtalk').extra, client_id: v } })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.clientSecret')" :hint="t('platform.clientSecretHint')">
+          <NInput :value="credentialDraft('dingtalk').extra?.client_secret || ''" :loading="isSavingPlatform('dingtalk')" clearable size="small" class="input-lg" placeholder="Client Secret" @update:value="v => setCredentialDraft('dingtalk', { extra: { ...credentialDraft('dingtalk').extra, client_secret: v } })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.cardTemplateId')" :hint="t('platform.cardTemplateIdHint')">
+          <NInput :value="credentialDraft('dingtalk').extra?.card_template_id || ''" :loading="isSavingPlatform('dingtalk')" clearable size="small" class="input-lg" placeholder="AI Card Template ID" @update:value="v => setCredentialDraft('dingtalk', { extra: { ...credentialDraft('dingtalk').extra, card_template_id: v } })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.allowAllUsers')" :hint="t('platform.allowAllUsersHint')">
+          <NSwitch :value="boolValue(credentialDraft('dingtalk').allow_all_users)" :loading="isSavingPlatform('dingtalk')" @update:value="v => setCredentialDraft('dingtalk', { allow_all_users: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.allowedUsers')" :hint="t('platform.allowedUsersHint')">
+          <NInput :value="credentialDraft('dingtalk').allowed_users || ''" :loading="isSavingPlatform('dingtalk')" clearable size="small" class="input-lg" placeholder="user_id1,user_id2" @update:value="v => setCredentialDraft('dingtalk', { allowed_users: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.requireMention')" :hint="t('platform.requireMentionGroup')">
+          <NSwitch :value="configDraft('dingtalk').require_mention" :loading="isSavingPlatform('dingtalk')" @update:value="v => setConfigDraft('dingtalk', { require_mention: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.freeResponseChats')" :hint="t('platform.freeResponseChatsHint')">
+          <NInput :value="configDraft('dingtalk').free_response_chats || ''" :loading="isSavingPlatform('dingtalk')" size="small" placeholder="chat_id1,chat_id2" @update:value="v => setConfigDraft('dingtalk', { free_response_chats: v })" />
+        </SettingRow>
+      </template>
+
+      <!-- QQBot -->
+      <template v-if="p.key === 'qqbot'">
+        <SettingRow :label="t('platform.qqAppId')" :hint="t('platform.qqAppIdHint')">
+          <NInput :value="credentialDraft('qqbot').extra?.app_id || ''" :loading="isSavingPlatform('qqbot')" clearable size="small" class="input-lg" placeholder="App ID" @update:value="v => setCredentialDraft('qqbot', { extra: { ...credentialDraft('qqbot').extra, app_id: v } })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.qqAppSecret')" :hint="t('platform.qqAppSecretHint')">
+          <NInput :value="credentialDraft('qqbot').extra?.client_secret || ''" :loading="isSavingPlatform('qqbot')" clearable size="small" class="input-lg" placeholder="App Secret" @update:value="v => setCredentialDraft('qqbot', { extra: { ...credentialDraft('qqbot').extra, client_secret: v } })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.allowedUsers')" :hint="t('platform.allowedUsersHint')">
+          <NInput :value="credentialDraft('qqbot').allowed_users || ''" :loading="isSavingPlatform('qqbot')" clearable size="small" class="input-lg" placeholder="openid1,openid2" @update:value="v => setCredentialDraft('qqbot', { allowed_users: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.allowAllUsers')" :hint="t('platform.allowAllUsersHint')">
+          <NSwitch :value="boolValue(credentialDraft('qqbot').allow_all_users)" :loading="isSavingPlatform('qqbot')" @update:value="v => setCredentialDraft('qqbot', { allow_all_users: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.qqMarkdown')" :hint="t('platform.qqMarkdownHint')">
+          <NSwitch :value="configDraft('qqbot').extra?.markdown_support ?? true" :loading="isSavingPlatform('qqbot')" @update:value="v => setConfigDraft('qqbot', { extra: { ...configDraft('qqbot').extra, markdown_support: v } })" />
+        </SettingRow>
+      </template>
+
+      <!-- Weixin -->
+      <template v-if="p.key === 'weixin'">
+        <div class="weixin-qr-section">
+          <NButton
+            v-if="wxQrStatus === 'idle' || wxQrStatus === 'error' || wxQrStatus === 'expired' || wxQrStatus === 'confirmed'"
+            type="primary"
+            size="small"
+            @click="startWeixinQrLogin"
+          >
+            {{ wxQrStatus === 'confirmed' ? t('platform.qrRelogin') : t('platform.qrLogin') }}
+          </NButton>
+          <div v-if="wxQrStatus === 'loading'" class="weixin-qr-loading">
+            <NSpin size="small" />
+            <span>{{ t('platform.qrFetching') }}</span>
+          </div>
+          <div v-if="wxQrStatus === 'waiting' || wxQrStatus === 'scaned'" class="weixin-qr-hint">
+            {{ wxQrStatus === 'scaned' ? t('platform.qrScanedHint') : t('platform.qrScanHint') }}
+          </div>
+        </div>
+        <SettingRow :label="t('platform.weixinToken')" :hint="t('platform.weixinTokenHint')">
+          <NInput :value="credentialDraft('weixin').token || ''" :loading="isSavingPlatform('weixin')" clearable size="small" class="input-lg" placeholder="Token" @update:value="v => setCredentialDraft('weixin', { token: v })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.accountId')" :hint="t('platform.accountIdHint')">
+          <NInput :value="credentialDraft('weixin').extra?.account_id || ''" :loading="isSavingPlatform('weixin')" clearable size="small" class="input-lg" placeholder="Account ID" @update:value="v => setCredentialDraft('weixin', { extra: { ...credentialDraft('weixin').extra, account_id: v } })" />
+        </SettingRow>
+      </template>
+
+      <!-- WeCom -->
+      <template v-if="p.key === 'wecom'">
+        <SettingRow :label="t('platform.botId')" :hint="t('platform.botIdHint')">
+          <NInput :value="credentialDraft('wecom').extra?.bot_id || ''" :loading="isSavingPlatform('wecom')" clearable size="small" class="input-lg" placeholder="Bot ID" @update:value="v => setCredentialDraft('wecom', { extra: { ...credentialDraft('wecom').extra, bot_id: v } })" />
+        </SettingRow>
+        <SettingRow :label="t('platform.appSecret')" :hint="t('platform.wecomSecretHint')">
+          <NInput :value="credentialDraft('wecom').extra?.secret || ''" :loading="isSavingPlatform('wecom')" clearable size="small" class="input-lg" placeholder="Secret" @update:value="v => setCredentialDraft('wecom', { extra: { ...credentialDraft('wecom').extra, secret: v } })" />
+        </SettingRow>
+      </template>
+
+      <div class="platform-actions">
+        <NButton
+          type="primary"
+          size="small"
+          :loading="isSavingPlatform(p.key)"
+          :disabled="!hasUnsavedChanges(p.key)"
+          @click="savePlatform(p.key)"
+        >
+          {{ t('common.save') }}
+        </NButton>
+      </div>
+    </PlatformCard>
+  </section>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.settings-section {
+  margin-top: 16px;
+}
+
+.weixin-qr-section {
+  margin-top: 12px;
+  margin-bottom: 12px;
+}
+
+.weixin-qr-loading {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  color: $text-muted;
+  font-size: 13px;
+}
+
+.weixin-qr-hint {
+  font-size: 13px;
+  color: $text-secondary;
+}
+
+.platform-actions {
+  display: flex;
+  justify-content: flex-end;
+  margin-top: 12px;
+  padding-top: 12px;
+  border-top: 1px solid $border-light;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/PrivacySettings.vue b/packages/client/src/components/hermes/settings/PrivacySettings.vue
new file mode 100644
index 0000000..1d1fc00
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/PrivacySettings.vue
@@ -0,0 +1,35 @@
+<script setup lang="ts">
+import { NSwitch, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useSettingsStore } from '@/stores/hermes/settings'
+import SettingRow from './SettingRow.vue'
+
+const settingsStore = useSettingsStore()
+const message = useMessage()
+const { t } = useI18n()
+
+async function save(values: Record<string, any>) {
+  try {
+    await settingsStore.saveSection('privacy', values)
+    message.success(t('settings.saved'))
+  } catch (err: any) {
+    message.error(t('settings.saveFailed'))
+  }
+}
+</script>
+
+<template>
+  <section class="settings-section">
+    <SettingRow :label="t('settings.privacy.redactPii')" :hint="t('settings.privacy.redactPiiHint')">
+      <NSwitch :value="settingsStore.privacy.redact_pii" @update:value="v => save({ redact_pii: v })" />
+    </SettingRow>
+  </section>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.settings-section {
+  margin-top: 16px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/SessionSettings.vue b/packages/client/src/components/hermes/settings/SessionSettings.vue
new file mode 100644
index 0000000..d1a511b
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/SessionSettings.vue
@@ -0,0 +1,122 @@
+<script setup lang="ts">
+import { NInputNumber, NSelect, NSwitch, useMessage } from "naive-ui";
+import { useI18n } from "vue-i18n";
+import { useSettingsStore } from "@/stores/hermes/settings";
+import { useSessionBrowserPrefsStore } from "@/stores/hermes/session-browser-prefs";
+import SettingRow from "./SettingRow.vue";
+
+const settingsStore = useSettingsStore();
+const sessionBrowserPrefsStore = useSessionBrowserPrefsStore();
+const message = useMessage();
+const { t } = useI18n();
+
+// 防抖保存：每个字段独立定时器，300ms 内只发最后一次 HTTP 请求
+const debounceTimers: Record<string, ReturnType<typeof setTimeout>> = {};
+
+function save(values: Record<string, any>) {
+  // NSelect/NSwitch 等一次性操作，直接保存，不需要防抖
+  settingsStore.updateLocal('session_reset', values)
+  settingsStore.saveSection('session_reset', values).then(() => {
+    message.success(t("settings.saved"));
+  }).catch(() => {
+    message.error(t("settings.saveFailed"));
+  });
+}
+
+function debouncedSave(key: string, value: any) {
+  // 先立即更新本地 store（UI 即时响应）
+  settingsStore.updateLocal('session_reset', { [key]: value });
+  // 再防抖发 HTTP 保存
+  if (debounceTimers[key]) clearTimeout(debounceTimers[key])
+  debounceTimers[key] = setTimeout(async () => {
+    try {
+      await settingsStore.saveSection('session_reset', { [key]: value });
+      message.success(t("settings.saved"));
+    } catch (err: any) {
+      message.error(t("settings.saveFailed"));
+    }
+  }, 300);
+}
+
+async function toggleRequireAuth(value: boolean) {
+  try {
+    await settingsStore.saveSection("approvals", { mode: value ? "manual" : "off" });
+    message.success(t("settings.saved"));
+  } catch (err: any) {
+    message.error(t("settings.saveFailed"));
+  }
+}
+</script>
+
+<template>
+  <section class="settings-section">
+    <SettingRow
+      :label="t('settings.session.requireAuth')"
+      :hint="t('settings.session.requireAuthHint')"
+    >
+      <NSwitch :value="settingsStore.approvals.mode === 'manual'" @update:value="toggleRequireAuth" />
+    </SettingRow>
+    <SettingRow
+      :label="t('settings.session.mode')"
+      :hint="t('settings.session.modeHint')"
+    >
+      <NSelect
+        :value="settingsStore.sessionReset.mode || 'both'"
+        :options="[
+          { label: t('settings.session.modeBoth'), value: 'both' },
+          { label: t('settings.session.modeIdle'), value: 'idle' },
+          { label: t('settings.session.modeDaily'), value: 'daily' },
+          { label: t('settings.session.modeNone'), value: 'none' },
+        ]"
+        size="small"
+        class="input-md"
+        @update:value="(v) => save({ mode: v })"
+      />
+    </SettingRow>
+    <SettingRow
+      :label="t('settings.session.idleMinutes')"
+      :hint="t('settings.session.idleMinutesHint')"
+    >
+      <NInputNumber
+        :value="settingsStore.sessionReset.idle_minutes"
+        :min="10"
+        :max="10080"
+        :step="30"
+        size="small"
+        class="input-sm"
+        @update:value="(v) => v != null && debouncedSave('idle_minutes', v)"
+      />
+    </SettingRow>
+    <SettingRow
+      :label="t('settings.session.atHour')"
+      :hint="t('settings.session.atHourHint')"
+    >
+      <NInputNumber
+        :value="settingsStore.sessionReset.at_hour"
+        :min="0"
+        :max="23"
+        :step="1"
+        size="small"
+        class="input-sm"
+        @update:value="(v) => v != null && debouncedSave('at_hour', v)"
+      />
+    </SettingRow>
+    <SettingRow
+      :label="t('settings.session.liveMonitorHumanOnly')"
+      :hint="t('settings.session.liveMonitorHumanOnlyHint')"
+    >
+      <NSwitch
+        :value="sessionBrowserPrefsStore.humanOnly"
+        @update:value="(value) => sessionBrowserPrefsStore.setHumanOnly(value)"
+      />
+    </SettingRow>
+  </section>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.settings-section {
+  margin-top: 16px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/SettingRow.vue b/packages/client/src/components/hermes/settings/SettingRow.vue
new file mode 100644
index 0000000..c0dfe4d
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/SettingRow.vue
@@ -0,0 +1,71 @@
+<script setup lang="ts">
+defineProps<{
+  label: string
+  hint?: string
+}>()
+</script>
+
+<template>
+  <div class="setting-row">
+    <div class="setting-info">
+      <label class="setting-label">{{ label }}</label>
+      <p v-if="hint" class="setting-hint">{{ hint }}</p>
+    </div>
+    <div class="setting-control">
+      <slot />
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.setting-row {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 10px 0;
+  border-bottom: 1px solid $border-light;
+
+  &:last-child {
+    border-bottom: none;
+  }
+}
+
+.setting-info {
+  flex: 1;
+  margin-right: 16px;
+}
+
+.setting-label {
+  font-size: 13px;
+  color: $text-primary;
+  display: block;
+}
+
+.setting-hint {
+  font-size: 12px;
+  color: $text-muted;
+  margin-top: 2px;
+}
+
+.setting-control {
+  flex-shrink: 0;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .setting-row {
+    flex-direction: column;
+    align-items: flex-start;
+    gap: 8px;
+  }
+
+  .setting-info {
+    margin-right: 0;
+  }
+
+  .setting-control {
+    width: 100%;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/UserManagementSettings.vue b/packages/client/src/components/hermes/settings/UserManagementSettings.vue
new file mode 100644
index 0000000..33adeab
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/UserManagementSettings.vue
@@ -0,0 +1,302 @@
+<script setup lang="ts">
+import { computed, h, onMounted, reactive, ref } from 'vue'
+import { NButton, NDataTable, NForm, NFormItem, NInput, NModal, NPopconfirm, NSelect, NSpace, NTag, useMessage, type DataTableColumns } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import {
+  createManagedUser,
+  deleteManagedUser,
+  fetchManagedUsers,
+  updateManagedUser,
+  type ManagedUser,
+  type UserRole,
+  type UserStatus,
+} from '@/api/auth'
+
+const { t } = useI18n()
+const message = useMessage()
+
+const loading = ref(false)
+const saving = ref(false)
+const users = ref<ManagedUser[]>([])
+const profiles = ref<string[]>([])
+const showModal = ref(false)
+const editingUser = ref<ManagedUser | null>(null)
+
+const form = reactive({
+  username: '',
+  password: '',
+  role: 'admin' as UserRole,
+  status: 'active' as UserStatus,
+  profiles: [] as string[],
+})
+
+const roleOptions = computed(() => [
+  { label: t('users.roles.admin'), value: 'admin' },
+  { label: t('users.roles.superAdmin'), value: 'super_admin' },
+])
+
+const statusOptions = computed(() => [
+  { label: t('users.status.active'), value: 'active' },
+  { label: t('users.status.disabled'), value: 'disabled' },
+])
+
+const profileOptions = computed(() => profiles.value.map(profile => ({ label: profile, value: profile })))
+
+function resetForm() {
+  editingUser.value = null
+  form.username = ''
+  form.password = ''
+  form.role = 'admin'
+  form.status = 'active'
+  form.profiles = []
+}
+
+async function loadUsers() {
+  loading.value = true
+  try {
+    const res = await fetchManagedUsers()
+    users.value = res.users
+    profiles.value = res.profiles
+  } catch (err: any) {
+    message.error(err.message || t('users.loadFailed'))
+  } finally {
+    loading.value = false
+  }
+}
+
+function openCreate() {
+  resetForm()
+  showModal.value = true
+}
+
+function openEdit(user: ManagedUser) {
+  editingUser.value = user
+  form.username = user.username
+  form.password = ''
+  form.role = user.role
+  form.status = user.status
+  form.profiles = [...user.profiles]
+  showModal.value = true
+}
+
+async function submit() {
+  if (form.username.trim().length < 2) {
+    message.error(t('login.usernameTooShort'))
+    return
+  }
+  if (!editingUser.value && form.password.length < 6) {
+    message.error(t('login.passwordTooShort'))
+    return
+  }
+  if (form.password && form.password.length < 6) {
+    message.error(t('login.passwordTooShort'))
+    return
+  }
+
+  saving.value = true
+  try {
+    const payload = {
+      username: form.username.trim(),
+      password: form.password || undefined,
+      role: form.role,
+      status: form.status,
+      profiles: form.role === 'super_admin' ? [] : form.profiles,
+      defaultProfile: form.profiles[0] || null,
+    }
+    const res = editingUser.value
+      ? await updateManagedUser(editingUser.value.id, payload)
+      : await createManagedUser({ ...payload, password: form.password })
+    users.value = res.users
+    profiles.value = res.profiles
+    showModal.value = false
+    resetForm()
+    message.success(t('common.saved'))
+  } catch (err: any) {
+    message.error(err.message || t('common.saveFailed'))
+  } finally {
+    saving.value = false
+  }
+}
+
+async function setStatus(user: ManagedUser, status: UserStatus) {
+  saving.value = true
+  try {
+    const res = await updateManagedUser(user.id, { status })
+    users.value = res.users
+    profiles.value = res.profiles
+    message.success(t('common.saved'))
+  } catch (err: any) {
+    message.error(err.message || t('common.saveFailed'))
+  } finally {
+    saving.value = false
+  }
+}
+
+async function removeUser(user: ManagedUser) {
+  saving.value = true
+  try {
+    const res = await deleteManagedUser(user.id)
+    users.value = res.users
+    profiles.value = res.profiles
+    message.success(t('common.saved'))
+  } catch (err: any) {
+    message.error(err.message || t('common.deleteFailed'))
+  } finally {
+    saving.value = false
+  }
+}
+
+function formatTime(value: number | null): string {
+  if (!value) return '-'
+  return new Date(value).toLocaleString()
+}
+
+const columns = computed<DataTableColumns<ManagedUser>>(() => [
+  {
+    title: t('users.username'),
+    key: 'username',
+    minWidth: 140,
+  },
+  {
+    title: t('users.role'),
+    key: 'role',
+    width: 130,
+    render: (row) => h(NTag, { size: 'small', type: row.role === 'super_admin' ? 'warning' : 'default' }, {
+      default: () => row.role === 'super_admin' ? t('users.roles.superAdmin') : t('users.roles.admin'),
+    }),
+  },
+  {
+    title: t('users.statusLabel'),
+    key: 'status',
+    width: 110,
+    render: (row) => h(NTag, { size: 'small', type: row.status === 'active' ? 'success' : 'error' }, {
+      default: () => row.status === 'active' ? t('users.status.active') : t('users.status.disabled'),
+    }),
+  },
+  {
+    title: t('users.profiles'),
+    key: 'profiles',
+    minWidth: 200,
+    render: (row) => row.role === 'super_admin'
+      ? h('span', { class: 'muted' }, t('users.allProfiles'))
+      : h(NSpace, { size: 4 }, {
+        default: () => row.profiles.length
+          ? row.profiles.map(profile => h(NTag, { size: 'small', bordered: false }, { default: () => profile }))
+          : h('span', { class: 'muted' }, t('users.noProfiles')),
+      }),
+  },
+  {
+    title: t('users.lastLogin'),
+    key: 'last_login_at',
+    minWidth: 170,
+    render: (row) => formatTime(row.last_login_at),
+  },
+  {
+    title: t('common.edit'),
+    key: 'actions',
+    width: 280,
+    render: (row) => h(NSpace, { size: 8 }, {
+      default: () => [
+        h(NButton, { size: 'small', onClick: () => openEdit(row) }, { default: () => t('common.edit') }),
+        h(NButton, {
+          size: 'small',
+          type: row.status === 'active' ? 'warning' : 'primary',
+          ghost: true,
+          loading: saving.value,
+          onClick: () => setStatus(row, row.status === 'active' ? 'disabled' : 'active'),
+        }, { default: () => row.status === 'active' ? t('users.disable') : t('users.enable') }),
+        h(NPopconfirm, { onPositiveClick: () => removeUser(row) }, {
+          trigger: () => h(NButton, { size: 'small', type: 'error', ghost: true, loading: saving.value }, { default: () => t('common.delete') }),
+          default: () => t('users.deleteConfirm'),
+        }),
+      ],
+    }),
+  },
+])
+
+onMounted(loadUsers)
+</script>
+
+<template>
+  <div class="user-management">
+    <div class="toolbar">
+      <div>
+        <h3 class="section-title">{{ t('users.title') }}</h3>
+        <p class="section-desc">{{ t('users.description') }}</p>
+      </div>
+      <NButton type="primary" @click="openCreate">{{ t('users.create') }}</NButton>
+    </div>
+
+    <NDataTable
+      :columns="columns"
+      :data="users"
+      :loading="loading"
+      :bordered="false"
+      :single-line="false"
+      size="small"
+    />
+
+    <NModal v-model:show="showModal" preset="dialog" :title="editingUser ? t('users.edit') : t('users.create')">
+      <NForm label-placement="top">
+        <NFormItem :label="t('users.username')">
+          <NInput v-model:value="form.username" :placeholder="t('login.usernamePlaceholder')" />
+        </NFormItem>
+        <NFormItem :label="editingUser ? t('users.newPasswordOptional') : t('login.newPassword')">
+          <NInput v-model:value="form.password" type="password" show-password-on="click" :placeholder="t('login.passwordPlaceholder')" />
+        </NFormItem>
+        <NFormItem :label="t('users.role')">
+          <NSelect v-model:value="form.role" :options="roleOptions" />
+        </NFormItem>
+        <NFormItem :label="t('users.statusLabel')">
+          <NSelect v-model:value="form.status" :options="statusOptions" />
+        </NFormItem>
+        <NFormItem v-if="form.role !== 'super_admin'" :label="t('users.profiles')">
+          <NSelect
+            v-model:value="form.profiles"
+            multiple
+            filterable
+            :options="profileOptions"
+            :placeholder="t('users.profilesPlaceholder')"
+          />
+        </NFormItem>
+      </NForm>
+      <template #action>
+        <NButton @click="showModal = false">{{ t('common.cancel') }}</NButton>
+        <NButton type="primary" :loading="saving" @click="submit">{{ t('common.save') }}</NButton>
+      </template>
+    </NModal>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.user-management {
+  padding: 8px 0;
+}
+
+.toolbar {
+  display: flex;
+  justify-content: space-between;
+  align-items: flex-start;
+  gap: 16px;
+  margin-bottom: 16px;
+}
+
+.section-title {
+  margin: 0 0 6px;
+  font-size: 16px;
+  font-weight: 600;
+  color: $text-primary;
+}
+
+.section-desc {
+  margin: 0;
+  font-size: 13px;
+  color: $text-muted;
+}
+
+:deep(.muted) {
+  color: $text-muted;
+}
+</style>
diff --git a/packages/client/src/components/hermes/settings/VoiceSettings.vue b/packages/client/src/components/hermes/settings/VoiceSettings.vue
new file mode 100644
index 0000000..36c2a74
--- /dev/null
+++ b/packages/client/src/components/hermes/settings/VoiceSettings.vue
@@ -0,0 +1,517 @@
+<script setup lang="ts">
+import { ref, onMounted } from 'vue'
+import { NSelect, NInput, NButton, NSlider } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useVoiceSettings } from '@/composables/useVoiceSettings'
+import { useSpeech } from '@/composables/useSpeech'
+import { speedToEdgeRate, hzToEdgePitch } from '@/utils/ttsHelpers'
+import SettingRow from './SettingRow.vue'
+
+const { t } = useI18n()
+const vs = useVoiceSettings()
+const speech = useSpeech()
+
+const testText = ref(t('settings.voice.testTextDefault'))
+const testPlaying = ref(false)
+
+const providerOptions = [
+  { label: t('settings.voice.providerWebSpeech'), value: 'webspeech' },
+  { label: t('settings.voice.providerOpenai'), value: 'openai' },
+  { label: t('settings.voice.providerCustom'), value: 'custom' },
+  { label: t('settings.voice.providerEdge'), value: 'edge' },
+  { label: t('settings.voice.providerMimo'), value: 'mimo' },
+]
+
+const openaiModelOptions = [
+  { label: 'tts-1', value: 'tts-1' },
+  { label: 'tts-1-hd', value: 'tts-1-hd' },
+]
+
+const openaiVoiceOptions = [
+  { label: 'Alloy', value: 'alloy' },
+  { label: 'Echo', value: 'echo' },
+  { label: 'Fable', value: 'fable' },
+  { label: 'Nova', value: 'nova' },
+  { label: 'Onyx', value: 'onyx' },
+  { label: 'Shimmer', value: 'shimmer' },
+]
+
+const edgeVoiceOptions = [
+  { label: '晓晓 (zh-CN-XiaoxiaoNeural)', value: 'zh-CN-XiaoxiaoNeural' },
+  { label: '晓萱 (zh-CN-XiaoxuanNeural)', value: 'zh-CN-XiaoxuanNeural' },
+  { label: '云希 (zh-CN-YunxiNeural)', value: 'zh-CN-YunxiNeural' },
+  { label: '云健 (zh-CN-YunjianNeural)', value: 'zh-CN-YunjianNeural' },
+  { label: '云扬 (zh-CN-YunyangNeural)', value: 'zh-CN-YunyangNeural' },
+  { label: '小晨 (zh-TW-HsiaoChenNeural)', value: 'zh-TW-HsiaoChenNeural' },
+  { label: '小宇 (zh-TW-HsiaoYuNeural)', value: 'zh-TW-HsiaoYuNeural' },
+  { label: '云哲 (zh-TW-YunJheNeural)', value: 'zh-TW-YunJheNeural' },
+  { label: '希雅 (zh-HK-HiuGaaiNeural)', value: 'zh-HK-HiuGaaiNeural' },
+  { label: '希文 (zh-HK-HiuMaanNeural)', value: 'zh-HK-HiuMaanNeural' },
+  { label: '文龙 (zh-HK-WanLungNeural)', value: 'zh-HK-WanLungNeural' },
+  { label: 'Jenny (en-US-JennyNeural)', value: 'en-US-JennyNeural' },
+  { label: 'Aria (en-US-AriaNeural)', value: 'en-US-AriaNeural' },
+  { label: 'Guy (en-US-GuyNeural)', value: 'en-US-GuyNeural' },
+  { label: 'Sonia (en-GB-SoniaNeural)', value: 'en-GB-SoniaNeural' },
+  { label: 'Ryan (en-GB-RyanNeural)', value: 'en-GB-RyanNeural' },
+  { label: 'Nanami (ja-JP-NanamiNeural)', value: 'ja-JP-NanamiNeural' },
+  { label: 'Keita (ja-JP-KeitaNeural)', value: 'ja-JP-KeitaNeural' },
+  { label: 'Sun-Hi (ko-KR-SunHiNeural)', value: 'ko-KR-SunHiNeural' },
+  { label: 'InJoon (ko-KR-InJoonNeural)', value: 'ko-KR-InJoonNeural' },
+  { label: 'Denise (fr-FR-DeniseNeural)', value: 'fr-FR-DeniseNeural' },
+  { label: 'Henri (fr-FR-HenriNeural)', value: 'fr-FR-HenriNeural' },
+  { label: 'Katja (de-DE-KatjaNeural)', value: 'de-DE-KatjaNeural' },
+  { label: 'Conrad (de-DE-ConradNeural)', value: 'de-DE-ConradNeural' },
+]
+
+// Get WebSpeech voices list on mount
+const webspeechVoices = ref<SpeechSynthesisVoice[]>([])
+onMounted(() => {
+  if ('speechSynthesis' in window) {
+    const voices = window.speechSynthesis.getVoices()
+    if (voices.length) {
+      webspeechVoices.value = voices
+    }
+    window.speechSynthesis.onvoiceschanged = () => {
+      webspeechVoices.value = window.speechSynthesis.getVoices()
+    }
+  }
+})
+
+// ── MiMo TTS options ──
+const mimoBaseUrlOptions = [
+  { label: 'https://api.xiaomimimo.com/v1', value: 'https://api.xiaomimimo.com/v1' },
+  { label: 'https://token-plan-cn.xiaomimimo.com/v1', value: 'https://token-plan-cn.xiaomimimo.com/v1' },
+]
+
+const mimoModelOptions = [
+  { label: t('settings.voice.mimoModelPreset'), value: 'mimo-v2.5-tts' },
+  { label: t('settings.voice.mimoModelVoiceDesign'), value: 'mimo-v2.5-tts-voicedesign' },
+]
+
+const mimoVoiceOptions = [
+  { label: '冰糖 (中文·女)', value: '冰糖' },
+  { label: '茉莉 (中文·女)', value: '茉莉' },
+  { label: '苏打 (中文·男)', value: '苏打' },
+  { label: '白桦 (中文·男)', value: '白桦' },
+  { label: 'Mia (English·Female)', value: 'Mia' },
+  { label: 'Chloe (English·Female)', value: 'Chloe' },
+  { label: 'Milo (English·Male)', value: 'Milo' },
+  { label: 'Dean (English·Male)', value: 'Dean' },
+]
+
+async function handleTest() {
+  const text = testText.value.trim()
+  if (!text) return
+  testPlaying.value = true
+  try {
+    if (vs.provider.value === 'webspeech') {
+      speech.stop(false)
+      speech.speakViaBrowser('__test__', text, {
+        voiceName: vs.webspeechVoice.value || undefined,
+      })
+    } else if (vs.provider.value === 'openai') {
+      if (!vs.openaiBaseUrl.value) {
+        console.warn('[VoiceSettings] OpenAI base URL empty')
+        return
+      }
+      await speech.openaiPlay('__test__', text, {
+        baseUrl: vs.openaiBaseUrl.value,
+        apiKey: vs.openaiApiKey.value || undefined,
+        model: vs.openaiModel.value,
+        voice: vs.openaiVoice.value,
+      })
+    } else if (vs.provider.value === 'custom') {
+      if (!vs.customUrl.value) {
+        console.warn('[VoiceSettings] Custom URL empty')
+        return
+      }
+      await speech.openaiPlay('__test__', text, {
+        baseUrl: vs.customUrl.value,
+        apiKey: vs.customApiKey.value || undefined,
+      })
+    } else if (vs.provider.value === 'edge') {
+      await speech.openaiPlay('__test__', text, {
+        baseUrl: '/api/tts/proxy',
+        voice: vs.edgeVoice.value,
+        rate: speedToEdgeRate(vs.edgeRate.value),
+        pitch: hzToEdgePitch(vs.edgePitchHz.value),
+      })
+    } else if (vs.provider.value === 'mimo') {
+      if (!vs.mimoApiKey.value) {
+        console.warn('[VoiceSettings] MiMo API Key empty')
+        return
+      }
+      await speech.mimoPlay('__test__', text, {
+        baseUrl: vs.mimoBaseUrl.value,
+        apiKey: vs.mimoApiKey.value,
+        model: vs.mimoModel.value,
+        voice: vs.mimoVoice.value,
+        voiceDesignDesc: vs.mimoVoiceDesignDesc.value || undefined,
+        stylePrompt: vs.mimoStylePrompt.value || undefined,
+      })
+    }
+  } catch (err) {
+    console.error('[VoiceSettings] Test failed:', err)
+  } finally {
+    testPlaying.value = false
+  }
+}
+</script>
+
+<template>
+  <div class="voice-settings">
+    <SettingRow
+      :label="t('settings.voice.ttsProvider')"
+      :hint="t('settings.voice.ttsProviderHint')"
+    >
+      <NSelect
+        :value="vs.provider.value"
+        :options="providerOptions"
+        size="small"
+        style="width: 300px"
+        @update:value="vs.setProvider"
+      />
+    </SettingRow>
+
+    <!-- ════ WebSpeech API ════ -->
+    <template v-if="vs.provider.value === 'webspeech'">
+      <SettingRow
+        :label="t('settings.voice.webspeechVoice')"
+        :hint="t('settings.voice.webspeechVoiceHint')"
+      >
+        <NSelect
+          :value="vs.webspeechVoice.value"
+          size="small"
+          filterable
+          style="width: 320px"
+          :placeholder="t('settings.voice.webspeechVoicePlaceholder')"
+          :consistent-menu-width="false"
+          :options="webspeechVoices.map(v => ({
+            label: `${v.name} (${v.lang})`,
+            value: v.name,
+          }))"
+          @update:value="vs.setWebSpeechVoice"
+        />
+      </SettingRow>
+
+    </template>
+
+    <!-- ════ OpenAI TTS ════ -->
+    <template v-if="vs.provider.value === 'openai'">
+      <SettingRow
+        :label="t('settings.voice.openaiKey')"
+        :hint="t('settings.voice.openaiKeyHint')"
+      >
+        <NInput
+          :value="vs.openaiApiKey.value"
+          type="password"
+          size="small"
+          show-password-on="click"
+          style="width: 360px"
+          placeholder="sk-..."
+          @update:value="vs.setOpenaiApiKey"
+        />
+      </SettingRow>
+
+      <SettingRow
+        :label="t('settings.voice.openaiUrl')"
+        :hint="t('settings.voice.openaiUrlHint')"
+      >
+        <NInput
+          :value="vs.openaiBaseUrl.value"
+          size="small"
+          style="width: 360px"
+          placeholder="https://api.openai.com/v1/audio/speech"
+          @update:value="vs.setOpenaiBaseUrl"
+        />
+      </SettingRow>
+
+      <SettingRow
+        :label="t('settings.voice.openaiModel')"
+        :hint="t('settings.voice.openaiModelHint')"
+      >
+        <NSelect
+          :value="vs.openaiModel.value"
+          :options="openaiModelOptions"
+          size="small"
+          style="width: 200px"
+          @update:value="vs.setOpenaiModel"
+        />
+      </SettingRow>
+
+      <SettingRow
+        :label="t('settings.voice.openaiVoice')"
+        :hint="t('settings.voice.openaiVoiceHint')"
+      >
+        <NSelect
+          :value="vs.openaiVoice.value"
+          :options="openaiVoiceOptions"
+          size="small"
+          style="width: 200px"
+          @update:value="vs.setOpenaiVoice"
+        />
+      </SettingRow>
+
+    </template>
+
+    <!-- ════ Custom Endpoint ════ -->
+    <template v-if="vs.provider.value === 'custom'">
+      <div class="provider-hint">
+        {{ t('settings.voice.customHint') }}
+      </div>
+
+      <SettingRow
+        :label="t('settings.voice.customUrl')"
+        :hint="t('settings.voice.customUrlHint')"
+      >
+        <NInput
+          :value="vs.customUrl.value"
+          size="small"
+          style="width: 360px"
+          :placeholder="t('settings.voice.customUrlPlaceholder')"
+          @update:value="vs.setCustomUrl"
+        />
+      </SettingRow>
+
+      <SettingRow
+        :label="t('settings.voice.customApiKey')"
+        :hint="t('settings.voice.customApiKeyHint')"
+      >
+        <NInput
+          :value="vs.customApiKey.value"
+          type="password"
+          size="small"
+          show-password-on="click"
+          style="width: 360px"
+          :placeholder="t('settings.voice.customApiKeyPlaceholder')"
+          @update:value="vs.setCustomApiKey"
+        />
+      </SettingRow>
+
+
+    </template>
+
+    <!-- ════ Edge TTS ════ -->
+    <template v-if="vs.provider.value === 'edge'">
+      <div class="provider-hint">
+        {{ t('settings.voice.edgeHint') }}
+      </div>
+
+<SettingRow
+        :label="t('settings.voice.edgeVoice')"
+        :hint="t('settings.voice.edgeVoiceHint')"
+      >
+        <NSelect
+          :value="vs.edgeVoice.value"
+          :options="edgeVoiceOptions"
+          size="small"
+          filterable
+          style="width: 320px"
+          :consistent-menu-width="false"
+          @update:value="vs.setEdgeVoice"
+        />
+      </SettingRow>
+
+      <SettingRow
+        :label="t('settings.voice.edgeRate')"
+        :hint="t('settings.voice.edgeRateHint')"
+      >
+        <div class="slider-row">
+          <NSlider
+            :value="vs.edgeRate.value"
+            :min="0.5"
+            :max="2.0"
+            :step="0.05"
+            style="width: 200px"
+            @update:value="vs.setEdgeRate"
+          />
+          <span class="slider-value">{{ vs.edgeRate.value.toFixed(2) }}x ({{ speedToEdgeRate(vs.edgeRate.value) }})</span>
+        </div>
+      </SettingRow>
+
+      <SettingRow
+        :label="t('settings.voice.edgePitch')"
+        :hint="t('settings.voice.edgePitchHint')"
+      >
+        <div class="slider-row">
+          <NSlider
+            :value="vs.edgePitchHz.value"
+            :min="-20"
+            :max="20"
+            :step="1"
+            style="width: 200px"
+            @update:value="vs.setEdgePitchHz"
+          />
+          <span class="slider-value">{{ vs.edgePitchHz.value > 0 ? '+' : '' }}{{ vs.edgePitchHz.value }} Hz ({{ hzToEdgePitch(vs.edgePitchHz.value) }})</span>
+        </div>
+      </SettingRow>
+
+    </template>
+
+    <!-- ════ MiMo TTS ════ -->
+    <template v-if="vs.provider.value === 'mimo'">
+      <div class="provider-hint">
+        {{ t('settings.voice.mimoHint') }}
+      </div>
+
+      <SettingRow
+        :label="t('settings.voice.mimoApiKey')"
+        :hint="t('settings.voice.mimoApiKeyHint')"
+      >
+        <NInput
+          :value="vs.mimoApiKey.value"
+          type="password"
+          size="small"
+          show-password-on="click"
+          style="width: 360px"
+          :placeholder="t('settings.voice.mimoApiKeyPlaceholder')"
+          @update:value="vs.setMimoApiKey"
+        />
+      </SettingRow>
+
+      <SettingRow
+        :label="t('settings.voice.mimoBaseUrl')"
+        :hint="t('settings.voice.mimoBaseUrlHint')"
+      >
+        <NSelect
+          :value="vs.mimoBaseUrl.value"
+          :options="mimoBaseUrlOptions"
+          size="small"
+          filterable
+          tag
+          style="width: 360px"
+          @update:value="vs.setMimoBaseUrl"
+        />
+      </SettingRow>
+
+      <SettingRow
+        :label="t('settings.voice.mimoModel')"
+        :hint="t('settings.voice.mimoModelHint')"
+      >
+        <NSelect
+          :value="vs.mimoModel.value"
+          :options="mimoModelOptions"
+          size="small"
+          style="width: 320px"
+          @update:value="vs.setMimoModel"
+        />
+      </SettingRow>
+
+      <!-- Preset voice mode -->
+      <SettingRow
+        v-if="vs.mimoModel.value === 'mimo-v2.5-tts'"
+        :label="t('settings.voice.mimoVoice')"
+        :hint="t('settings.voice.mimoVoiceHint')"
+      >
+        <NSelect
+          :value="vs.mimoVoice.value"
+          :options="mimoVoiceOptions"
+          size="small"
+          style="width: 200px"
+          @update:value="vs.setMimoVoice"
+        />
+      </SettingRow>
+
+      <!-- Voice design mode -->
+      <SettingRow
+        v-if="vs.mimoModel.value === 'mimo-v2.5-tts-voicedesign'"
+        :label="t('settings.voice.mimoVoiceDesignPrompt')"
+        :hint="t('settings.voice.mimoVoiceDesignPromptHint')"
+      >
+        <NInput
+          :value="vs.mimoVoiceDesignDesc.value"
+          type="textarea"
+          size="small"
+          style="width: 360px"
+          :rows="3"
+          :placeholder="t('settings.voice.mimoVoiceDesignPromptPlaceholder')"
+          @update:value="vs.setMimoVoiceDesignDesc"
+        />
+      </SettingRow>
+
+      <!-- Style prompt (available for all models) -->
+      <SettingRow
+        :label="t('settings.voice.mimoStylePrompt')"
+        :hint="t('settings.voice.mimoStylePromptHint')"
+      >
+        <NInput
+          :value="vs.mimoStylePrompt.value"
+          type="textarea"
+          size="small"
+          style="width: 360px"
+          :rows="2"
+          :placeholder="t('settings.voice.mimoStylePromptPlaceholder')"
+          @update:value="vs.setMimoStylePrompt"
+        />
+      </SettingRow>
+    </template>
+
+    <!-- ─── Test / Audition ─── -->
+    <div class="test-section">
+      <h4 class="test-title">{{ t('settings.voice.testTitle') }}</h4>
+      <div class="test-row">
+        <NInput
+          v-model:value="testText"
+          size="small"
+          style="width: 360px"
+          :placeholder="t('settings.voice.testTextPlaceholder')"
+          :disabled="testPlaying"
+          @keyup.enter="handleTest"
+        />
+        <NButton
+          size="small"
+          type="primary"
+          :loading="testPlaying"
+          :disabled="testPlaying"
+          @click="handleTest"
+        >
+          {{ testPlaying ? t('settings.voice.testButtonPlaying') : t('settings.voice.testButton') }}
+        </NButton>
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.voice-settings {
+  display: flex;
+  flex-direction: column;
+  gap: 16px;
+}
+
+.provider-hint {
+  font-size: 12px;
+  color: #888;
+  line-height: 1.5;
+  padding: 0 0 4px 0;
+}
+
+.test-section {
+  padding-top: 16px;
+
+  .test-title {
+    margin: 0 0 8px 0;
+    font-size: 14px;
+    font-weight: 600;
+  }
+
+  .test-row {
+    display: flex;
+    gap: 8px;
+    align-items: center;
+  }
+}
+
+.slider-row {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+}
+
+.slider-value {
+  font-size: 12px;
+  color: #999;
+  white-space: nowrap;
+  min-width: 120px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/skills/SkillDetail.vue b/packages/client/src/components/hermes/skills/SkillDetail.vue
new file mode 100644
index 0000000..041b777
--- /dev/null
+++ b/packages/client/src/components/hermes/skills/SkillDetail.vue
@@ -0,0 +1,350 @@
+<script setup lang="ts">
+import { ref, watch } from 'vue'
+import MarkdownRenderer from '@/components/hermes/chat/MarkdownRenderer.vue'
+import { fetchSkillContent, fetchSkillFiles, pinSkillApi, type SkillFileEntry } from '@/api/hermes/skills'
+import { useI18n } from 'vue-i18n'
+import { useMessage } from 'naive-ui'
+
+const { t } = useI18n()
+const message = useMessage()
+
+const props = defineProps<{
+  category: string
+  skill: string
+  skillName: string
+  patchCount?: number
+  useCount?: number
+  viewCount?: number
+  pinned?: boolean
+}>()
+
+const emit = defineEmits<{
+  pinToggled: [name: string, pinned: boolean]
+}>()
+
+const content = ref('')
+const files = ref<SkillFileEntry[]>([])
+const loading = ref(false)
+const fileContent = ref('')
+const viewingFile = ref<string | null>(null)
+const fileLoading = ref(false)
+
+async function loadSkill() {
+  loading.value = true
+  viewingFile.value = null
+  fileContent.value = ''
+  files.value = []
+  content.value = ''
+  try {
+    const skillPath = `${props.category}/${props.skill}/SKILL.md`
+    const [skillContent, skillFiles] = await Promise.all([
+      fetchSkillContent(skillPath),
+      fetchSkillFiles(props.category, props.skill),
+    ])
+    content.value = skillContent
+    files.value = skillFiles.filter(f => !f.isDir && f.path !== 'SKILL.md')
+  } catch (err: any) {
+    content.value = t('skills.loadFailed') + `: ${err.message}`
+  } finally {
+    loading.value = false
+  }
+}
+
+async function viewFile(filePath: string) {
+  fileLoading.value = true
+  viewingFile.value = filePath
+  try {
+    // filePath might be absolute or relative; normalize to relative under category/skill/
+    const base = `${props.category}/${props.skill}/`
+    let relPath = filePath
+    if (filePath.startsWith('/') || /^[a-zA-Z]:[\\/]/.test(filePath)) {
+      // Strip absolute prefix to get relative path
+      const normalizedPath = filePath.replace(/\\/g, '/')
+      const segments = normalizedPath.split(/(?:^|\/)(?:\.hermes|hermes)\/skills\//)[1]
+      if (segments) {
+        const afterSkillDir = segments.split('/').slice(2).join('/')
+        relPath = afterSkillDir
+      }
+    }
+    fileContent.value = await fetchSkillContent(`${base}${relPath}`)
+  } catch (err: any) {
+    fileContent.value = t('skills.fileLoadFailed') + `: ${err.message}`
+  } finally {
+    fileLoading.value = false
+  }
+}
+
+function backToSkill() {
+  viewingFile.value = null
+  fileContent.value = ''
+}
+
+const pinLoading = ref(false)
+
+async function handlePinToggle() {
+  if (pinLoading.value) return
+  pinLoading.value = true
+  try {
+    const newPinned = !props.pinned
+    await pinSkillApi(props.skillName, newPinned)
+    emit('pinToggled', props.skillName, newPinned)
+  } catch (err: any) {
+    message.error(t('skills.pinFailed') + `: ${err.message}`)
+  } finally {
+    pinLoading.value = false
+  }
+}
+
+watch(() => `${props.category}/${props.skill}`, loadSkill, { immediate: true })
+</script>
+
+<template>
+  <div class="skill-detail">
+    <!-- Skill title -->
+    <div class="detail-title">
+      <span class="detail-category">{{ category }}</span>
+      <span class="detail-separator">/</span>
+      <span class="detail-name">{{ skill }}</span>
+      <div class="usage-stats">
+        <button class="pin-toggle" :class="{ active: pinned }" :disabled="pinLoading" :title="pinned ? t('skills.unpin') : t('skills.pin')" @click="handlePinToggle">
+          <svg width="16" height="16" viewBox="0 0 24 24" :fill="pinned ? 'currentColor' : 'none'" stroke="currentColor" stroke-width="2"><path d="M16 12V4h1V2H7v2h1v8l-2 2v2h5.2v6h1.6v-6H18v-2l-2-2z"/></svg>
+        </button>
+        <span v-if="viewCount != null" class="usage-stat" title="Views">
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/></svg>
+          {{ viewCount }}
+        </span>
+        <span v-if="useCount != null" class="usage-stat" title="Uses">
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="13 2 3 14 12 14 11 22 21 10 12 10 13 2"/></svg>
+          {{ useCount }}
+        </span>
+        <span v-if="patchCount != null" class="usage-stat" title="Patches">
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 20h9"/><path d="M16.5 3.5a2.121 2.121 0 0 1 3 3L7 19l-4 1 1-4L16.5 3.5z"/></svg>
+          {{ patchCount }}
+        </span>
+      </div>
+    </div>
+
+    <div v-if="loading && !content" class="detail-loading">{{ t('common.loading') }}</div>
+
+    <template v-else>
+      <!-- Breadcrumb for file view -->
+      <div v-if="viewingFile" class="detail-breadcrumb">
+        <button class="back-btn" @click="backToSkill">
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+            <polyline points="15 18 9 12 15 6" />
+          </svg>
+          {{ t('skills.backTo') }} {{ skill }}
+        </button>
+        <span class="breadcrumb-path">{{ viewingFile }}</span>
+      </div>
+
+      <!-- Skill content -->
+      <div class="detail-content">
+        <MarkdownRenderer v-if="viewingFile" :content="fileContent" />
+        <MarkdownRenderer v-else :content="content" />
+      </div>
+
+      <!-- Attached files -->
+      <div v-if="!viewingFile && files.length > 0" class="detail-files">
+        <div class="files-header">{{ t('skills.attachedFiles') }}</div>
+        <div class="files-list">
+          <button
+            v-for="f in files"
+            :key="f.path"
+            class="file-item"
+            @click="viewFile(f.path)"
+          >
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+              <path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z" />
+              <polyline points="14 2 14 8 20 8" />
+            </svg>
+            <span>{{ f.path }}</span>
+          </button>
+        </div>
+      </div>
+    </template>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.skill-detail {
+  height: 100%;
+  display: flex;
+  flex-direction: column;
+}
+
+.detail-title {
+  flex-shrink: 0;
+  padding-bottom: 12px;
+  border-bottom: 1px solid $border-color;
+  margin-bottom: 12px;
+  font-size: 15px;
+  display: flex;
+  align-items: center;
+}
+
+.detail-category {
+  color: $text-muted;
+  font-size: 13px;
+}
+
+.detail-separator {
+  color: $text-muted;
+  margin: 0 6px;
+}
+
+.detail-name {
+  color: $text-primary;
+  font-weight: 600;
+}
+
+.usage-stats {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  margin-left: auto;
+  padding-left: 12px;
+}
+
+.usage-stat {
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+  font-size: 13px;
+  font-weight: 500;
+  color: $text-secondary;
+  white-space: nowrap;
+
+  svg {
+    opacity: 0.7;
+  }
+}
+
+.pin-toggle {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  border: 1px solid transparent;
+  background: none;
+  color: $text-muted;
+  cursor: pointer;
+  padding: 4px;
+  border-radius: 6px;
+  opacity: 0.5;
+  transition: all $transition-fast;
+
+  &:hover {
+    opacity: 1;
+    color: $accent-primary;
+    background: rgba(var(--accent-primary-rgb), 0.08);
+    border-color: rgba(var(--accent-primary-rgb), 0.15);
+  }
+
+  &.active {
+    opacity: 1;
+    color: $accent-primary;
+  }
+
+  &:disabled {
+    cursor: wait;
+    opacity: 0.3;
+  }
+}
+
+.detail-loading {
+  flex: 1;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-size: 13px;
+  color: $text-muted;
+}
+
+.detail-breadcrumb {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 8px 0 12px;
+  border-bottom: 1px solid $border-color;
+  margin-bottom: 12px;
+  flex-shrink: 0;
+}
+
+.back-btn {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  border: none;
+  background: none;
+  color: $accent-primary;
+  font-size: 13px;
+  cursor: pointer;
+  padding: 2px 6px;
+  border-radius: 4px;
+
+  &:hover {
+    background: rgba(var(--accent-primary-rgb), 0.06);
+  }
+}
+
+.breadcrumb-path {
+  font-size: 13px;
+  color: $text-muted;
+}
+
+.detail-content {
+  flex: 1;
+  overflow-y: auto;
+  min-height: 0;
+  padding-bottom: 12px;
+
+  :deep(hr) {
+    border: none;
+    margin: 12px 0;
+  }
+}
+
+.detail-files {
+  flex-shrink: 0;
+  border-top: 1px solid $border-color;
+  padding-top: 12px;
+  margin-top: 12px;
+}
+
+.files-header {
+  font-size: 12px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.3px;
+  margin-bottom: 6px;
+}
+
+.files-list {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 4px;
+}
+
+.file-item {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  padding: 4px 8px;
+  border: 1px solid $border-color;
+  border-radius: $radius-sm;
+  background: $bg-secondary;
+  color: $text-secondary;
+  font-size: 12px;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &:hover {
+    border-color: $accent-primary;
+    color: $accent-primary;
+  }
+}
+
+</style>
diff --git a/packages/client/src/components/hermes/skills/SkillList.vue b/packages/client/src/components/hermes/skills/SkillList.vue
new file mode 100644
index 0000000..77f9e7c
--- /dev/null
+++ b/packages/client/src/components/hermes/skills/SkillList.vue
@@ -0,0 +1,339 @@
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import { NSwitch, useMessage } from 'naive-ui'
+import type { SkillCategory, SkillSource, SkillInfo } from '@/api/hermes/skills'
+import { toggleSkill } from '@/api/hermes/skills'
+import { useI18n } from 'vue-i18n'
+
+type SourceFilter = SkillSource | 'modified'
+
+const { t } = useI18n()
+const message = useMessage()
+
+const props = defineProps<{
+    categories: SkillCategory[]
+    archived: SkillInfo[]
+    selectedSkill: string | null
+    searchQuery: string
+    sourceFilter: SourceFilter | null
+}>()
+
+const emit = defineEmits<{
+    select: [category: string, skill: string]
+}>()
+
+const collapsedCategories = ref<Set<string>>(new Set())
+const archiveCollapsed = ref(true)
+const togglingSkills = ref<Set<string>>(new Set())
+
+const filteredArchived = computed(() => {
+    let result = props.archived
+    if (props.sourceFilter && props.sourceFilter !== 'modified') {
+        result = result.filter(s => (s.source || 'local') === props.sourceFilter)
+    }
+    if (props.searchQuery) {
+        const q = props.searchQuery.toLowerCase()
+        result = result.filter(s => s.name.toLowerCase().includes(q) || s.description.toLowerCase().includes(q))
+    }
+    return result
+})
+
+const filteredCategories = computed(() => {
+    let result = props.categories
+
+    // Filter by source
+    if (props.sourceFilter) {
+        result = result
+            .map(cat => ({
+                ...cat,
+                skills: cat.skills.filter(s => {
+                    if (props.sourceFilter === 'modified') return s.modified
+                    return (s.source || 'local') === props.sourceFilter
+                }),
+            }))
+            .filter(cat => cat.skills.length > 0)
+    }
+
+    // Filter by search query
+    if (props.searchQuery) {
+        const q = props.searchQuery.toLowerCase()
+        result = result
+            .map(cat => ({
+                ...cat,
+                skills: cat.skills.filter(
+                    s => s.name.toLowerCase().includes(q) || s.description.toLowerCase().includes(q),
+                ),
+            }))
+            .filter(cat => cat.skills.length > 0 || cat.name.toLowerCase().includes(q))
+    }
+
+    return result
+})
+
+function toggleCategory(name: string) {
+    if (collapsedCategories.value.has(name)) {
+        collapsedCategories.value.delete(name)
+    } else {
+        collapsedCategories.value.add(name)
+    }
+}
+
+function handleSelect(category: string, skillName: string) {
+    emit('select', category, skillName)
+}
+
+/** Unique key for selection tracking */
+function skillKey(catName: string, skill: { name: string }): string {
+    return `${catName}/${skill.name}`
+}
+
+async function handleToggle(category: string, skillName: string, newEnabled: boolean) {
+    if (togglingSkills.value.has(skillName)) return
+    togglingSkills.value.add(skillName)
+
+    try {
+        await toggleSkill(skillName, newEnabled)
+        // Update local state
+        const cat = props.categories.find(c => c.name === category)
+        const skill = cat?.skills.find(s => s.name === skillName)
+        if (skill) skill.enabled = newEnabled
+    } catch (err: any) {
+        message.error(t('skills.toggleFailed') + `: ${err.message}`)
+    } finally {
+        togglingSkills.value.delete(skillName)
+    }
+}
+</script>
+
+<template>
+    <div class="skill-list">
+        <div v-if="filteredCategories.length === 0" class="skill-empty">
+            {{ searchQuery ? t('skills.noMatch') : t('skills.noSkills') }}
+        </div>
+        <div v-for="cat in filteredCategories" :key="cat.name" class="skill-category">
+            <button class="category-header" @click="toggleCategory(cat.name)">
+                <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"
+                    class="category-arrow" :class="{ collapsed: collapsedCategories.has(cat.name) }">
+                    <polyline points="6 9 12 15 18 9" />
+                </svg>
+                <span class="category-name">{{ cat.name }}</span>
+                <span class="category-count">{{ cat.skills.length }}</span>
+            </button>
+            <div v-if="!collapsedCategories.has(cat.name)" class="category-skills">
+                <button v-for="skill in cat.skills" :key="skillKey(cat.name, skill)" class="skill-item" :class="[
+                    { active: selectedSkill === skillKey(cat.name, skill) },
+                    `source-${skill.source || 'local'}`,
+                ]" @click="handleSelect(cat.name, skill.name)">
+                    <div class="skill-info">
+                        <span class="skill-name">
+                            <span class="source-dot" :class="`dot-${skill.source || 'local'}`"
+                                :title="t(`skills.source.${skill.source || 'local'}`)" />
+                            {{ skill.name }}
+                            <span v-if="skill.modified" class="modified-badge"
+                                :title="t('skills.modified')">✎</span>
+                        </span>
+                        <span v-if="skill.description" class="skill-desc">{{ skill.description }}</span>
+                    </div>
+                    <NSwitch size="small" :value="skill.enabled !== false" :loading="togglingSkills.has(skill.name)"
+                        @update:value="handleToggle(cat.name, skill.name, $event)" @click.stop />
+                </button>
+            </div>
+        </div>
+
+        <!-- Archived skills (separate section) -->
+        <div v-if="filteredArchived.length > 0 || archived.length > 0" class="skill-category archive-section">
+            <button class="category-header archive-header" @click="archiveCollapsed = !archiveCollapsed">
+                <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"
+                    class="category-arrow" :class="{ collapsed: archiveCollapsed }">
+                    <polyline points="6 9 12 15 18 9" />
+                </svg>
+                <span class="category-name">{{ t('skills.archived') }}</span>
+                <span class="category-count">{{ archived.length }}</span>
+            </button>
+            <div v-if="!archiveCollapsed" class="category-skills">
+                <button v-for="skill in filteredArchived" :key="skillKey('.archive', skill)" class="skill-item skill-archived"
+                    :class="{ active: selectedSkill === skillKey('.archive', skill) }"
+                    @click="handleSelect('.archive', skill.name)">
+                    <div class="skill-info">
+                        <span class="skill-name">
+                            <span class="source-dot" :class="`dot-${skill.source || 'local'}`"
+                                :title="t(`skills.source.${skill.source || 'local'}`)" />
+                            {{ skill.name }}
+                        </span>
+                        <span v-if="skill.description" class="skill-desc">{{ skill.description }}</span>
+                    </div>
+                </button>
+            </div>
+        </div>
+    </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.skill-list {
+    flex: 1;
+    overflow-y: auto;
+    padding: 8px;
+}
+
+.skill-empty {
+    padding: 24px 16px;
+    font-size: 13px;
+    color: $text-muted;
+    text-align: center;
+}
+
+.skill-category {
+    margin-bottom: 4px;
+}
+
+.category-header {
+    display: flex;
+    align-items: center;
+    gap: 6px;
+    width: 100%;
+    padding: 6px 10px;
+    border: none;
+    background: none;
+    color: $text-secondary;
+    font-size: 12px;
+    font-weight: 600;
+    text-transform: uppercase;
+    letter-spacing: 0.3px;
+    cursor: pointer;
+    border-radius: $radius-sm;
+
+    &:hover {
+        background: rgba(var(--accent-primary-rgb), 0.04);
+    }
+}
+
+.category-arrow {
+    flex-shrink: 0;
+    transition: transform $transition-fast;
+
+    &.collapsed {
+        transform: rotate(-90deg);
+    }
+}
+
+.category-name {
+    flex: 1;
+    text-align: left;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.category-count {
+    font-size: 11px;
+    color: $text-muted;
+    background: rgba(var(--accent-primary-rgb), 0.06);
+    padding: 1px 6px;
+    border-radius: 8px;
+}
+
+.category-skills {
+    padding: 2px 0 4px;
+}
+
+.skill-item {
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+    width: 100%;
+    padding: 6px 10px 6px 28px;
+    border: none;
+    background: none;
+    color: $text-secondary;
+    font-size: 13px;
+    text-align: left;
+    cursor: pointer;
+    border-radius: $radius-sm;
+    transition: all $transition-fast;
+    gap: 8px;
+
+    &:hover {
+        background: rgba(var(--accent-primary-rgb), 0.06);
+        color: $text-primary;
+    }
+
+    &.active {
+        background: rgba(var(--accent-primary-rgb), 0.1);
+        color: $text-primary;
+        font-weight: 500;
+    }
+}
+
+// Source indicator dot
+.source-dot {
+    display: inline-block;
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    margin-right: 6px;
+    flex-shrink: 0;
+    vertical-align: middle;
+}
+
+.dot-builtin {
+    background: #888;
+}
+
+.dot-hub {
+    background: #4a90d9;
+}
+
+.dot-local {
+    background: #66bb6a;
+}
+
+.dot-external {
+    background: #f59e0b;
+}
+
+.skill-info {
+    flex: 1;
+    min-width: 0;
+    display: flex;
+    flex-direction: column;
+}
+
+.skill-name {
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+.modified-badge {
+    font-size: 11px;
+    color: $warning;
+    margin-left: 2px;
+    opacity: 0.7;
+}
+
+.skill-desc {
+    font-size: 11px;
+    color: $text-muted;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    margin-top: 1px;
+}
+
+.archive-section {
+    margin-top: 12px;
+    padding-top: 8px;
+    border-top: 1px solid $border-color;
+}
+
+.archive-header {
+    color: $text-muted;
+}
+
+.skill-archived {
+    opacity: 0.6;
+    padding-left: 28px;
+}
+</style>
diff --git a/packages/client/src/components/hermes/usage/DailyTrend.vue b/packages/client/src/components/hermes/usage/DailyTrend.vue
new file mode 100644
index 0000000..c446faf
--- /dev/null
+++ b/packages/client/src/components/hermes/usage/DailyTrend.vue
@@ -0,0 +1,290 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useUsageStore } from '@/stores/hermes/usage'
+
+const { t } = useI18n()
+const usageStore = useUsageStore()
+
+function formatTokens(n: number): string {
+  if (n >= 1000000) return (n / 1000000).toFixed(1) + 'M'
+  if (n >= 1000) return (n / 1000).toFixed(1) + 'K'
+  return String(n)
+}
+
+function formatCost(n: number): string {
+  if (n === 0) return '$0.00'
+  if (n < 0.01) return '<$0.01'
+  return '$' + n.toFixed(2)
+}
+
+function cacheHitRate(d: { input_tokens: number; cache_read_tokens: number }): string {
+  const total = d.input_tokens + d.cache_read_tokens
+  if (total === 0) return '--'
+  return ((d.cache_read_tokens / total) * 100).toFixed(1) + '%'
+}
+
+const maxTokens = computed(() =>
+  Math.max(...usageStore.dailyUsage.map(d => d.visualTokens), 1),
+)
+</script>
+
+<template>
+  <div class="daily-trend">
+    <h3 class="section-title">{{ t('usage.dailyTrend') }}</h3>
+
+    <div class="bar-chart">
+      <div
+        v-for="d in usageStore.dailyUsage"
+        :key="d.date"
+        class="bar-col"
+      >
+        <div class="bar-track">
+          <div
+            class="bar-stack"
+            :style="{ height: (d.visualTokens / maxTokens * 100) + '%' }"
+          >
+            <div
+              v-if="d.output_tokens > 0"
+              class="bar-segment output"
+              :style="{ height: d.outputPercent + '%' }"
+            />
+            <div
+              v-if="d.input_tokens > 0"
+              class="bar-segment input"
+              :style="{ height: d.inputPercent + '%' }"
+            />
+            <div
+              v-if="d.cache_read_tokens > 0"
+              class="bar-segment cache"
+              :style="{ height: d.cachePercent + '%' }"
+            />
+          </div>
+        </div>
+        <div class="bar-tooltip">
+          <div class="tooltip-date">{{ d.date }}</div>
+          <div class="tooltip-row">{{ t('usage.inputTokens') }}: {{ formatTokens(d.input_tokens) }}</div>
+          <div class="tooltip-row">{{ t('usage.outputTokens') }}: {{ formatTokens(d.output_tokens) }}</div>
+          <div class="tooltip-row">{{ t('usage.cacheRead') }}: {{ formatTokens(d.cache_read_tokens) }}</div>
+          <div class="tooltip-row">{{ t('usage.cacheWrite') }}: {{ formatTokens(d.cache_write_tokens) }}</div>
+          <div class="tooltip-row">{{ t('usage.cacheHitRate') }}: {{ cacheHitRate(d) }}</div>
+          <div class="tooltip-row">{{ t('usage.sessions') }}: {{ d.sessions }}</div>
+          <div class="tooltip-row">{{ t('usage.cost') }}: {{ formatCost(d.cost) }}</div>
+        </div>
+      </div>
+    </div>
+    <div class="bar-dates">
+      <span>{{ usageStore.dailyUsage[0]?.date.slice(5) }}</span>
+      <span>{{ usageStore.dailyUsage[usageStore.dailyUsage.length - 1]?.date.slice(5) }}</span>
+    </div>
+
+    <div class="chart-legend" aria-label="Token type legend">
+      <div class="legend-item"><span class="legend-swatch input" />{{ t('usage.inputTokens') }}</div>
+      <div class="legend-item"><span class="legend-swatch output" />{{ t('usage.outputTokens') }}</div>
+      <div class="legend-item"><span class="legend-swatch cache" />{{ t('usage.cacheRead') }}</div>
+    </div>
+
+    <div class="trend-table">
+      <table>
+        <thead>
+          <tr>
+            <th>{{ t('usage.date') }}</th>
+            <th>{{ t('usage.inputTokens') }}</th>
+            <th>{{ t('usage.outputTokens') }}</th>
+            <th>{{ t('usage.cacheRead') }}</th>
+            <th>{{ t('usage.cacheWrite') }}</th>
+            <th>{{ t('usage.cacheHitRate') }}</th>
+            <th>{{ t('usage.sessions') }}</th>
+            <th>{{ t('usage.cost') }}</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr v-for="d in [...usageStore.dailyUsage].reverse()" :key="d.date">
+            <td>{{ d.date }}</td>
+            <td>{{ formatTokens(d.input_tokens) }}</td>
+            <td>{{ formatTokens(d.output_tokens) }}</td>
+            <td>{{ formatTokens(d.cache_read_tokens) }}</td>
+            <td>{{ formatTokens(d.cache_write_tokens) }}</td>
+            <td>{{ cacheHitRate(d) }}</td>
+            <td>{{ d.sessions }}</td>
+            <td>{{ formatCost(d.cost) }}</td>
+          </tr>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.daily-trend {
+  background: $bg-card;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  padding: 16px;
+}
+
+.section-title {
+  font-size: 13px;
+  font-weight: 600;
+  color: $text-secondary;
+  margin: 0 0 12px;
+}
+
+.bar-chart {
+  display: flex;
+  gap: 2px;
+  margin-bottom: 16px;
+}
+
+.bar-col {
+  flex: 1;
+  min-width: 0;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  position: relative;
+}
+
+.bar-track {
+  width: 100%;
+  height: 140px;
+  background: $bg-secondary;
+  border-radius: 2px 2px 0 0;
+  display: flex;
+  align-items: flex-end;
+  overflow: hidden;
+  position: relative;
+}
+
+.bar-stack {
+  width: 100%;
+  display: flex;
+  flex-direction: column-reverse;
+  justify-content: flex-start;
+  overflow: hidden;
+  transition: height 0.3s ease;
+}
+
+.bar-segment {
+  width: 100%;
+  min-height: 0;
+  transition: height 0.3s ease;
+}
+
+.bar-segment.output,
+.legend-swatch.output {
+  background: #26a69a;
+}
+
+.bar-segment.input,
+.legend-swatch.input {
+  background: #5c6bc0;
+}
+
+.bar-segment.cache,
+.legend-swatch.cache {
+  background: #f6ad55;
+}
+
+.bar-tooltip {
+  display: none;
+  position: absolute;
+  bottom: calc(100% + 8px);
+  left: 50%;
+  transform: translateX(-50%);
+  background: $text-primary;
+  color: var(--text-on-accent);
+  padding: 6px 10px;
+  border-radius: $radius-sm;
+  font-size: 11px;
+  white-space: nowrap;
+  z-index: 10;
+  pointer-events: none;
+
+  &::after {
+    content: '';
+    position: absolute;
+    top: 100%;
+    left: 50%;
+    transform: translateX(-50%);
+    border: 5px solid transparent;
+    border-top-color: $text-primary;
+  }
+}
+
+.bar-col:hover .bar-tooltip {
+  display: block;
+}
+
+.tooltip-date {
+  font-weight: 600;
+  margin-bottom: 4px;
+}
+
+.tooltip-row {
+  line-height: 1.5;
+}
+
+.bar-dates {
+  display: flex;
+  justify-content: space-between;
+  font-size: 10px;
+  color: $text-muted;
+  margin-bottom: 12px;
+}
+
+.chart-legend {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px 14px;
+  margin: 0 0 16px;
+  color: $text-muted;
+  font-size: 11px;
+}
+
+.legend-item {
+  display: inline-flex;
+  align-items: center;
+  gap: 5px;
+}
+
+.legend-swatch {
+  width: 8px;
+  height: 8px;
+  border-radius: 2px;
+  flex-shrink: 0;
+}
+
+.trend-table {
+  overflow-x: auto;
+
+  table {
+    width: 100%;
+    border-collapse: collapse;
+    font-size: 11px;
+  }
+
+  th,
+  td {
+    text-align: right;
+    padding: 6px 8px;
+    border-bottom: 1px solid $border-color;
+  }
+
+  th:first-child,
+  td:first-child {
+    text-align: left;
+  }
+
+  th {
+    color: $text-muted;
+    font-weight: 500;
+  }
+
+  td {
+    color: $text-secondary;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/usage/ModelBreakdown.vue b/packages/client/src/components/hermes/usage/ModelBreakdown.vue
new file mode 100644
index 0000000..5cc57ef
--- /dev/null
+++ b/packages/client/src/components/hermes/usage/ModelBreakdown.vue
@@ -0,0 +1,182 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useUsageStore } from '@/stores/hermes/usage'
+
+const { t } = useI18n()
+const usageStore = useUsageStore()
+const maxModelTokens = computed(() => Math.max(...usageStore.modelUsage.map(m => m.visualTokens), 1))
+
+function formatTokens(n: number): string {
+  if (n >= 1000000) return (n / 1000000).toFixed(1) + 'M'
+  if (n >= 1000) return (n / 1000).toFixed(1) + 'K'
+  return String(n)
+}
+
+function cacheHitRate(m: { inputTokens: number; cacheTokens: number }): string {
+  const total = m.inputTokens + m.cacheTokens
+  if (total === 0) return '--'
+  return ((m.cacheTokens / total) * 100).toFixed(1) + '%'
+}
+</script>
+
+<template>
+  <div class="model-breakdown">
+    <h3 class="section-title">{{ t('usage.modelBreakdown') }}</h3>
+
+    <div class="model-legend" aria-label="Token type legend">
+      <div class="legend-item"><span class="legend-swatch input" />{{ t('usage.inputTokens') }}</div>
+      <div class="legend-item"><span class="legend-swatch output" />{{ t('usage.outputTokens') }}</div>
+      <div class="legend-item"><span class="legend-swatch cache" />{{ t('usage.cacheRead') }}</div>
+    </div>
+
+    <div class="model-list">
+      <div v-for="m in usageStore.modelUsage" :key="m.model" class="model-row">
+        <span class="model-swatch" :style="{ background: m.color }" />
+        <span class="model-name" :title="m.model">{{ m.model }}</span>
+        <div class="model-bar-wrap">
+          <div
+            class="model-bar"
+            :style="{ width: (m.visualTokens / maxModelTokens * 100) + '%' }"
+          >
+            <div
+              v-if="m.inputTokens > 0"
+              class="model-bar-segment input"
+              :style="{ width: m.inputPercent + '%' }"
+            />
+            <div
+              v-if="m.outputTokens > 0"
+              class="model-bar-segment output"
+              :style="{ width: m.outputPercent + '%' }"
+            />
+            <div
+              v-if="m.cacheTokens > 0"
+              class="model-bar-segment cache"
+              :style="{ width: m.cachePercent + '%' }"
+            />
+          </div>
+        </div>
+        <span class="model-tokens" :title="`${t('usage.inputTokens')}: ${formatTokens(m.inputTokens)} · ${t('usage.outputTokens')}: ${formatTokens(m.outputTokens)} · ${t('usage.cacheRead')}: ${formatTokens(m.cacheTokens)} · ${t('usage.cacheHitRate')}: ${cacheHitRate(m)}`">
+          {{ formatTokens(m.totalTokens) }}
+          <small v-if="m.cacheTokens > 0">+{{ formatTokens(m.cacheTokens) }}</small>
+        </span>
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.model-breakdown {
+  background: $bg-card;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  padding: 16px;
+  margin-bottom: 20px;
+}
+
+.section-title {
+  font-size: 13px;
+  font-weight: 600;
+  color: $text-secondary;
+  margin: 0 0 12px;
+}
+
+.model-legend {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px 14px;
+  margin: 0 0 12px;
+  color: $text-muted;
+  font-size: 11px;
+}
+
+.legend-item {
+  display: inline-flex;
+  align-items: center;
+  gap: 5px;
+}
+
+.legend-swatch,
+.model-swatch {
+  width: 8px;
+  height: 8px;
+  border-radius: 2px;
+  flex-shrink: 0;
+}
+
+.legend-swatch.input,
+.model-bar-segment.input {
+  background: #5c6bc0;
+}
+
+.legend-swatch.output,
+.model-bar-segment.output {
+  background: #26a69a;
+}
+
+.legend-swatch.cache,
+.model-bar-segment.cache {
+  background: #f6ad55;
+}
+
+.model-list {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+}
+
+.model-row {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+}
+
+.model-name {
+  font-size: 12px;
+  font-family: $font-code;
+  color: $text-secondary;
+  width: 140px;
+  flex-shrink: 0;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.model-bar-wrap {
+  flex: 1;
+  height: 16px;
+  background: $bg-secondary;
+  border-radius: 3px;
+  overflow: hidden;
+}
+
+.model-bar {
+  height: 100%;
+  border-radius: 3px;
+  min-width: 2px;
+  transition: width 0.3s ease;
+  display: flex;
+  overflow: hidden;
+}
+
+.model-bar-segment {
+  height: 100%;
+  min-width: 0;
+}
+
+.model-tokens {
+  font-size: 12px;
+  color: $text-muted;
+  width: 86px;
+  text-align: right;
+  flex-shrink: 0;
+
+  small {
+    color: #f6ad55;
+    margin-left: 4px;
+    font-size: 10px;
+  }
+}
+</style>
diff --git a/packages/client/src/components/hermes/usage/StatCards.vue b/packages/client/src/components/hermes/usage/StatCards.vue
new file mode 100644
index 0000000..f200957
--- /dev/null
+++ b/packages/client/src/components/hermes/usage/StatCards.vue
@@ -0,0 +1,97 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+import { useUsageStore } from '@/stores/hermes/usage'
+
+const { t } = useI18n()
+const usageStore = useUsageStore()
+
+function formatTokens(n: number): string {
+  if (n >= 1000000) return (n / 1000000).toFixed(1) + 'M'
+  if (n >= 1000) return (n / 1000).toFixed(1) + 'K'
+  return String(n)
+}
+
+function formatCost(n: number): string {
+  if (n === 0) return '$0.00'
+  if (n < 0.01) return '<$0.01'
+  return '$' + n.toFixed(2)
+}
+</script>
+
+<template>
+  <div class="stat-cards">
+    <div class="stat-card">
+      <div class="stat-label">{{ t('usage.totalTokens') }}</div>
+      <div class="stat-value">{{ formatTokens(usageStore.totalTokens) }}</div>
+      <div class="stat-sub">
+        {{ formatTokens(usageStore.totalInputTokens) }} {{ t('usage.inputTokens') }} /
+        {{ formatTokens(usageStore.totalOutputTokens) }} {{ t('usage.outputTokens') }}
+      </div>
+    </div>
+    <div class="stat-card">
+      <div class="stat-label">{{ t('usage.totalSessions') }}</div>
+      <div class="stat-value">{{ usageStore.totalSessions }}</div>
+      <div class="stat-sub">{{ t('usage.avgPerDay', { n: usageStore.avgSessionsPerDay.toFixed(1) }) }}</div>
+    </div>
+    <div class="stat-card">
+      <div class="stat-label">{{ t('usage.estimatedCost') }}</div>
+      <div class="stat-value">{{ formatCost(usageStore.estimatedCost) }}</div>
+    </div>
+    <div class="stat-card">
+      <div class="stat-label">{{ t('usage.cacheHitRate') }}</div>
+      <div class="stat-value">{{ usageStore.cacheHitRate !== null ? usageStore.cacheHitRate.toFixed(1) + '%' : '--' }}</div>
+      <div class="stat-sub" v-if="usageStore.cacheHitRate !== null">
+        {{ formatTokens(usageStore.totalCacheTokens) }} {{ t('usage.tokens') }}
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.stat-cards {
+  display: grid;
+  grid-template-columns: repeat(4, 1fr);
+  gap: 12px;
+  margin-bottom: 20px;
+}
+
+.stat-card {
+  background: $bg-card;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  padding: 16px;
+}
+
+.stat-label {
+  font-size: 12px;
+  color: $text-muted;
+  margin-bottom: 6px;
+}
+
+.stat-value {
+  font-size: 22px;
+  font-weight: 600;
+  color: $text-primary;
+  line-height: 1.2;
+}
+
+.stat-sub {
+  font-size: 11px;
+  color: $text-muted;
+  margin-top: 4px;
+}
+
+@media (max-width: 768px) {
+  .stat-cards {
+    grid-template-columns: repeat(2, 1fr);
+  }
+}
+
+@media (max-width: 480px) {
+  .stat-cards {
+    grid-template-columns: 1fr;
+  }
+}
+</style>
diff --git a/packages/client/src/components/layout/AppSidebar.vue b/packages/client/src/components/layout/AppSidebar.vue
new file mode 100644
index 0000000..00b63de
--- /dev/null
+++ b/packages/client/src/components/layout/AppSidebar.vue
@@ -0,0 +1,616 @@
+<script setup lang="ts">
+import { computed, ref } from "vue";
+import { useRoute, useRouter } from "vue-router";
+import { useI18n } from "vue-i18n";
+import { NModal } from "naive-ui";
+import { useAppStore } from "@/stores/hermes/app";
+import { useSessionSearch } from '@/composables/useSessionSearch'
+import { usePersistentRecord } from '@/composables/usePersistentRecord'
+import RouteLinkItem from '@/components/common/RouteLinkItem.vue'
+import { changelog } from "@/data/changelog";
+import { isStoredSuperAdmin } from "@/api/client";
+
+const { t } = useI18n();
+const route = useRoute();
+const router = useRouter();
+const appStore = useAppStore();
+const { openSessionSearch } = useSessionSearch();
+const selectedKey = computed(() => {
+  if (route.name === "hermes.session") return "hermes.chat";
+  if (route.name === "hermes.historySession") return "hermes.history";
+  if (route.name === "hermes.groupChatRoom") return "hermes.groupChat";
+  return route.name as string;
+});
+const isSuperAdmin = computed(() => isStoredSuperAdmin());
+const isVersionPreview = import.meta.env.VITE_HERMES_PREVIEW === '1';
+
+function isNavActive(...names: string[]) {
+  return names.includes(selectedKey.value);
+}
+function hasRoute(name: string): boolean {
+  return router.hasRoute(name);
+}
+const { record: collapsedGroups, persist: persistCollapsedGroups } = usePersistentRecord('hermes.sidebar.collapsedGroups');
+
+type SidebarGroupKey = "Conversation" | "Agent" | "Monitoring" | "Tools" | "System";
+
+function groupLabel(key: SidebarGroupKey) {
+  return t(`sidebar.group${key}${appStore.sidebarCollapsed ? "Short" : ""}`);
+}
+
+function toggleGroup(key: string) {
+  collapsedGroups[key] = !collapsedGroups[key];
+  persistCollapsedGroups();
+}
+
+function isGroupCollapsed(key: string) {
+  return !!collapsedGroups[key];
+}
+
+
+function handleLogout() {
+  localStorage.clear();
+  router.replace({ name: 'login' });
+}
+
+// Changelog
+const showChangelog = ref(false);
+
+</script>
+
+<template>
+  <aside class="sidebar" :class="{ open: appStore.sidebarOpen, collapsed: appStore.sidebarCollapsed }">
+    <button class="collapse-btn" @click="appStore.toggleSidebarCollapsed()" :title="appStore.sidebarCollapsed ? t('sidebar.expand') : t('sidebar.collapse')">
+      <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+        <polyline v-if="appStore.sidebarCollapsed" points="9 18 15 12 9 6" />
+        <polyline v-else points="15 18 9 12 15 6" />
+      </svg>
+    </button>
+
+    <nav class="sidebar-nav">
+      <!-- Conversation -->
+      <div class="nav-group">
+        <div class="nav-group-label" @click="toggleGroup('conversation')">
+          <span>{{ groupLabel("Conversation") }}</span>
+          <svg class="nav-group-arrow" :class="{ collapsed: isGroupCollapsed('conversation') }" width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+            <polyline points="6 9 12 15 18 9" />
+          </svg>
+        </div>
+        <div v-show="!isGroupCollapsed('conversation')" class="nav-group-items">
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.chat' }" :active="isNavActive('hermes.chat', 'hermes.session')">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z" />
+            </svg>
+            <span>{{ t("sidebar.chat") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.history' }" :active="isNavActive('hermes.history', 'hermes.historySession')">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <circle cx="12" cy="12" r="10" />
+              <polyline points="12 6 12 12 16 14" />
+            </svg>
+            <span>{{ t("sidebar.history") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.groupChat' }" :active="isNavActive('hermes.groupChat', 'hermes.groupChatRoom')">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2" />
+              <circle cx="9" cy="7" r="4" />
+              <path d="M23 21v-2a4 4 0 0 0-3-3.87" />
+              <path d="M16 3.13a4 4 0 0 1 0 7.75" />
+            </svg>
+            <span>{{ t("sidebar.groupChat") }}<span class="beta-tag">(beta)</span></span>
+          </RouteLinkItem>
+          <button class="nav-item" @click="openSessionSearch">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <circle cx="11" cy="11" r="7" />
+              <path d="m20 20-3.5-3.5" />
+            </svg>
+            <span>{{ t("sidebar.search") }}</span>
+          </button>
+          <a class="nav-item fun-link" href="https://apikey.fun/register?aff=LIBAPI" target="_blank" rel="noopener noreferrer">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M18 13v6a2 2 0 01-2 2H5a2 2 0 01-2-2V8a2 2 0 012-2h6"/><polyline points="15 3 21 3 21 9"/><line x1="10" y1="14" x2="21" y2="3"/></svg>
+            <span>{{ t('sidebar.apiRelay') }}</span>
+          </a>
+          <a class="nav-item fun-link" href="http://code.xinmi.cloud/" target="_blank" rel="noopener noreferrer">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M16 18l6-6-6-6M8 6l-6 6 6 6" />
+            </svg>
+            <span>新觅源码库</span>
+          </a>
+        </div>
+      </div>
+
+      <!-- Agent -->
+      <div class="nav-group">
+        <div class="nav-group-label" @click="toggleGroup('agent')">
+          <span>{{ groupLabel("Agent") }}</span>
+          <svg class="nav-group-arrow" :class="{ collapsed: isGroupCollapsed('agent') }" width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+            <polyline points="6 9 12 15 18 9" />
+          </svg>
+        </div>
+        <div v-show="!isGroupCollapsed('agent')" class="nav-group-items">
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.jobs' }" :active="selectedKey === 'hermes.jobs'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <rect x="3" y="4" width="18" height="18" rx="2" ry="2" />
+              <line x1="16" y1="2" x2="16" y2="6" />
+              <line x1="8" y1="2" x2="8" y2="6" />
+              <line x1="3" y1="10" x2="21" y2="10" />
+            </svg>
+            <span>{{ t("sidebar.jobs") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.kanban' }" :active="selectedKey === 'hermes.kanban'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <rect x="3" y="3" width="5" height="18" rx="1" />
+              <rect x="10" y="3" width="5" height="12" rx="1" />
+              <rect x="17" y="3" width="5" height="18" rx="1" />
+            </svg>
+            <span>{{ t("sidebar.kanban") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.channels' }" :active="selectedKey === 'hermes.channels'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z" />
+            </svg>
+            <span>{{ t("sidebar.channels") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.skills' }" :active="selectedKey === 'hermes.skills'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <polygon points="12 2 2 7 12 12 22 7 12 2" />
+              <polyline points="2 17 12 22 22 17" />
+              <polyline points="2 12 12 17 22 12" />
+            </svg>
+            <span>{{ t("sidebar.skills") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.plugins' }" :active="selectedKey === 'hermes.plugins'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l2.1-2.1a4 4 0 0 1-5.3 5.3l-7.8 7.8a2.1 2.1 0 0 1-3-3l7.8-7.8a4 4 0 0 1 5.3-5.3l-2.1 2.1z" />
+              <path d="M5 19l1-1" />
+            </svg>
+            <span>{{ t("sidebar.plugins") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.mcp' }" :active="selectedKey === 'hermes.mcp'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M4 7V4h16v3" />
+              <path d="M9 20h6" />
+              <path d="M12 7v13" />
+              <rect x="4" y="7" width="16" height="7" rx="2" />
+            </svg>
+            <span>{{ t("sidebar.mcp") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.memory' }" :active="selectedKey === 'hermes.memory'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M9 18h6" />
+              <path d="M10 22h4" />
+              <path d="M12 2a7 7 0 0 0-4 12.7V17h8v-2.3A7 7 0 0 0 12 2z" />
+            </svg>
+            <span>{{ t("sidebar.memory") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.models' }" :active="selectedKey === 'hermes.models'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <circle cx="12" cy="12" r="3" />
+              <path d="M12 1v4" />
+              <path d="M12 19v4" />
+              <path d="M1 12h4" />
+              <path d="M19 12h4" />
+              <path d="M4.22 4.22l2.83 2.83" />
+              <path d="M16.95 16.95l2.83 2.83" />
+              <path d="M4.22 19.78l2.83-2.83" />
+              <path d="M16.95 7.05l2.83-2.83" />
+            </svg>
+            <span>{{ t("sidebar.models") }}</span>
+          </RouteLinkItem>
+        </div>
+      </div>
+
+      <!-- Monitoring -->
+      <div class="nav-group">
+        <div class="nav-group-label" @click="toggleGroup('monitoring')">
+          <span>{{ groupLabel("Monitoring") }}</span>
+          <svg class="nav-group-arrow" :class="{ collapsed: isGroupCollapsed('monitoring') }" width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+            <polyline points="6 9 12 15 18 9" />
+          </svg>
+        </div>
+        <div v-show="!isGroupCollapsed('monitoring')" class="nav-group-items">
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.logs' }" :active="selectedKey === 'hermes.logs'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z" />
+              <polyline points="14 2 14 8 20 8" />
+              <line x1="16" y1="13" x2="8" y2="13" />
+              <line x1="16" y1="17" x2="8" y2="17" />
+              <polyline points="10 9 9 9 8 9" />
+            </svg>
+            <span>{{ t("sidebar.logs") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.usage' }" :active="selectedKey === 'hermes.usage'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <rect x="3" y="12" width="4" height="9" rx="1" />
+              <rect x="10" y="7" width="4" height="14" rx="1" />
+              <rect x="17" y="3" width="4" height="18" rx="1" />
+            </svg>
+            <span>{{ t("sidebar.usage") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem v-if="isSuperAdmin" class="nav-item" :to="{ name: 'hermes.performance' }" :active="selectedKey === 'hermes.performance'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <polyline points="22 12 18 12 15 21 9 3 6 12 2 12" />
+            </svg>
+            <span>{{ t("sidebar.performance") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.skillsUsage' }" :active="selectedKey === 'hermes.skillsUsage'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M21.21 15.89A10 10 0 1 1 8.11 2.79" />
+              <path d="M22 12A10 10 0 0 0 12 2v10z" />
+            </svg>
+            <span>{{ t("sidebar.skillsUsage") }}</span>
+          </RouteLinkItem>
+        </div>
+      </div>
+
+      <!-- Tools -->
+      <div class="nav-group">
+        <div class="nav-group-label" @click="toggleGroup('tools')">
+          <span>{{ groupLabel("Tools") }}</span>
+          <svg class="nav-group-arrow" :class="{ collapsed: isGroupCollapsed('tools') }" width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+            <polyline points="6 9 12 15 18 9" />
+          </svg>
+        </div>
+        <div v-show="!isGroupCollapsed('tools')" class="nav-group-items">
+          <RouteLinkItem v-if="hasRoute('hermes.codingAgents')" class="nav-item" :to="{ name: 'hermes.codingAgents' }" :active="selectedKey === 'hermes.codingAgents'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <polyline points="16 18 22 12 16 6" />
+              <polyline points="8 6 2 12 8 18" />
+              <line x1="12" y1="20" x2="14" y2="4" />
+            </svg>
+            <span>{{ t("sidebar.codingAgents") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem v-if="hasRoute('hermes.versionPreview') && isSuperAdmin && !isVersionPreview" class="nav-item" :to="{ name: 'hermes.versionPreview' }" :active="selectedKey === 'hermes.versionPreview'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M21 16V8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16z" />
+              <polyline points="7.5 4.21 12 6.81 16.5 4.21" />
+              <polyline points="7.5 19.79 7.5 14.6 3 12" />
+              <polyline points="21 12 16.5 14.6 16.5 19.79" />
+              <polyline points="3.27 6.96 12 12.01 20.73 6.96" />
+              <line x1="12" y1="22.08" x2="12" y2="12" />
+            </svg>
+            <span>{{ t("sidebar.versionPreview") }}</span>
+          </RouteLinkItem>
+        </div>
+      </div>
+
+      <!-- System -->
+      <div class="nav-group">
+        <div class="nav-group-label" @click="toggleGroup('system')">
+          <span>{{ groupLabel("System") }}</span>
+          <svg class="nav-group-arrow" :class="{ collapsed: isGroupCollapsed('system') }" width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+            <polyline points="6 9 12 15 18 9" />
+          </svg>
+        </div>
+        <div v-show="!isGroupCollapsed('system')" class="nav-group-items">
+          <RouteLinkItem v-if="isSuperAdmin" class="nav-item" :to="{ name: 'hermes.profiles' }" :active="selectedKey === 'hermes.profiles'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2" />
+              <circle cx="12" cy="7" r="4" />
+            </svg>
+            <span>{{ t("sidebar.profiles") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.settings' }" :active="selectedKey === 'hermes.settings'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <circle cx="12" cy="12" r="3" />
+              <path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1-2.83 2.83l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-4 0v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83-2.83l.06-.06A1.65 1.65 0 0 0 4.68 15a1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1 0-4h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 2.83-2.83l.06.06A1.65 1.65 0 0 0 9 4.68a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 4 0v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 2.83l-.06.06A1.65 1.65 0 0 0 19.4 9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 0 4h-.09a1.65 1.65 0 0 0-1.51 1z" />
+            </svg>
+            <span>{{ t("sidebar.settings") }}</span>
+          </RouteLinkItem>
+          <RouteLinkItem class="nav-item" :to="{ name: 'hermes.about' }" :active="selectedKey === 'hermes.about'">
+            <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+              <circle cx="12" cy="12" r="10" />
+              <line x1="12" y1="16" x2="12" y2="12" />
+              <line x1="12" y1="8" x2="12.01" y2="8" />
+            </svg>
+            <span>{{ t("sidebar.about") }}</span>
+          </RouteLinkItem>
+        </div>
+      </div>
+    </nav>
+
+    <div class="sidebar-footer">
+      <button class="nav-item logout-item" @click="handleLogout">
+        <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+          <path d="M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4" />
+          <polyline points="16 17 21 12 16 7" />
+          <line x1="21" y1="12" x2="9" y2="12" />
+        </svg>
+        <span>{{ t("sidebar.logout") }}</span>
+      </button>
+      <div class="version-info links-row">
+        <a class="website-link" href="https://xinmi.cloud/" target="_blank" rel="noopener noreferrer">新觅官网</a>
+      </div>
+      <div class="version-info">
+        <span class="version-text">v{{ appStore.serverVersion || "1.0.0" }}</span>
+      </div>
+    </div>
+
+    <!-- Changelog modal -->
+    <NModal v-model:show="showChangelog" preset="dialog" :title="t('sidebar.changelog')" style="width: 520px;">
+      <div class="changelog-list">
+        <div v-for="entry in changelog" :key="entry.version" class="changelog-version-block">
+          <div class="changelog-version-header">
+            <span class="changelog-version-tag">v{{ entry.version }}</span>
+            <span class="changelog-date">{{ entry.date }}</span>
+          </div>
+          <ul class="changelog-changes">
+            <li v-for="(change, idx) in entry.changes" :key="idx">{{ t(change) }}</li>
+          </ul>
+        </div>
+      </div>
+    </NModal>
+  </aside>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.sidebar {
+  position: relative;
+  width: $sidebar-width;
+  height: 100%;
+  background-color: $bg-sidebar;
+  border-right: 1px solid $border-color;
+  display: flex;
+  flex-direction: column;
+  padding: 12px 12px 16px;
+  flex-shrink: 0;
+  transition: all $transition-normal;
+  z-index: 100;
+}
+
+.sidebar-nav {
+  flex: 1;
+  display: flex;
+  padding-top: 4px;
+  flex-direction: column;
+  gap: 6px;
+  overflow-y: auto;
+  min-height: 0;
+}
+
+.nav-group {
+  display: flex;
+  flex-direction: column;
+  gap: 4px;
+  margin-bottom: 8px;
+}
+
+.nav-group-items {
+  display: flex;
+  flex-direction: column;
+  gap: 3px;
+  padding-top: 2px;
+}
+
+.nav-group-label {
+  font-size: 10px;
+  font-weight: 700;
+  color: var(--text-sidebar-muted);
+  text-transform: uppercase;
+  letter-spacing: 0.12em;
+  padding: 10px 12px 6px;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  cursor: pointer;
+  user-select: none;
+  border-radius: $radius-sm;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: $text-secondary;
+    background: $bg-secondary;
+  }
+}
+
+.nav-group-arrow {
+  transition: transform $transition-fast;
+  flex-shrink: 0;
+  opacity: 0.5;
+
+  &.collapsed {
+    transform: rotate(-90deg);
+  }
+}
+
+.nav-item {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding: 10px 14px;
+  border: 1px solid transparent;
+  background: none;
+  appearance: none;
+  text-decoration: none;
+  color: $text-secondary;
+  font-size: 13px;
+  font-weight: 500;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  transition: all $transition-fast;
+  width: 100%;
+  text-align: left;
+  box-sizing: border-box;
+
+  svg {
+    opacity: 0.7;
+    flex-shrink: 0;
+    transition: all $transition-fast;
+  }
+
+  &:hover {
+    background-color: $bg-secondary;
+    color: $text-primary;
+
+    svg {
+      opacity: 1;
+      color: $accent-primary;
+    }
+  }
+
+  &.active {
+    background-color: $accent-primary;
+    color: var(--nav-active-text);
+    border-color: transparent;
+    font-weight: 600;
+
+    svg {
+      opacity: 1;
+      color: var(--nav-active-text);
+    }
+
+    .beta-tag {
+      color: rgba(255, 255, 255, 0.75);
+      background: rgba(255, 255, 255, 0.15);
+    }
+  }
+
+  .beta-tag {
+    font-size: 10px;
+    color: $text-muted;
+    margin-left: 4px;
+    background: $bg-secondary;
+    padding: 1px 5px;
+    border-radius: 3px;
+  }
+}
+
+.sidebar-footer {
+  padding-top: 10px;
+  border-top: 1px solid $border-light;
+  display: flex;
+  flex-direction: column;
+  gap: 4px;
+}
+
+.logout-item {
+  margin: 0;
+  padding: 9px 12px;
+  border-radius: $radius-sm;
+  font-size: 13px;
+  color: $text-muted;
+
+  &:hover {
+    color: $error;
+    background: rgba(var(--error-rgb), 0.08);
+  }
+}
+
+.version-info {
+  padding: 4px 12px 6px;
+  font-size: 11px;
+  color: $text-muted;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 6px;
+
+  &.links-row {
+    gap: 10px;
+    justify-content: flex-start;
+  }
+
+  a {
+    text-decoration: none;
+    color: $text-muted;
+    transition: color $transition-fast;
+
+    &:hover {
+      color: $accent-primary;
+    }
+  }
+}
+
+.version-text {
+  font-family: $font-code;
+  opacity: 0.7;
+}
+
+// ─── Collapsed sidebar (icon-rail mode) ─────────────────────────
+
+.sidebar.collapsed {
+  width: $sidebar-collapsed-width;
+  padding: 12px 8px 16px;
+
+  .nav-group-label {
+    justify-content: center;
+    padding: 8px 0;
+    span, svg { display: none; }
+    
+    &::after {
+      content: '...';
+      font-size: 14px;
+      line-height: 1;
+    }
+  }
+
+  .nav-item {
+    justify-content: center;
+    padding: 12px 0;
+    border-radius: 12px;
+
+    span {
+      display: none;
+    }
+  }
+
+  .sidebar-footer {
+    .logout-item span,
+    .version-text,
+    .links-row {
+      display: none;
+    }
+  }
+}
+
+// ─── Collapse button ────────────────────────────────────────────
+
+.collapse-btn {
+  position: absolute;
+  top: 14px;
+  right: -13px;
+  width: 26px;
+  height: 26px;
+  border: 1px solid $border-color;
+  background: $bg-card;
+  color: $text-muted;
+  border-radius: 50%;
+  cursor: pointer;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  box-shadow: 0 2px 6px rgba(0, 0, 0, 0.06);
+  transition: all $transition-normal;
+  z-index: 101;
+
+  &:hover {
+    color: $accent-primary;
+    border-color: $accent-primary;
+  }
+}
+
+.sidebar.collapsed .collapse-btn {
+  right: -14px;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .sidebar {
+    position: fixed;
+    left: 0;
+    top: $topbar-height;
+    height: calc(100 * var(--vh) - #{$topbar-height});
+    transform: translateX(-100%);
+    box-shadow: 4px 0 20px rgba(0, 0, 0, 0.12);
+
+    &.open {
+      transform: translateX(0);
+    }
+  }
+
+  .collapse-btn {
+    display: none;
+  }
+}
+</style>
diff --git a/packages/client/src/components/layout/AppTopBar.vue b/packages/client/src/components/layout/AppTopBar.vue
new file mode 100644
index 0000000..8e3b1fc
--- /dev/null
+++ b/packages/client/src/components/layout/AppTopBar.vue
@@ -0,0 +1,169 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+import { useAppStore } from '@/stores/hermes/app'
+import AppLogo from '@/components/common/AppLogo.vue'
+import ProfileSelector from './ProfileSelector.vue'
+import ModelSelector from './ModelSelector.vue'
+import LanguageSwitch from './LanguageSwitch.vue'
+import ThemeSwitch from './ThemeSwitch.vue'
+import RouteLinkItem from '@/components/common/RouteLinkItem.vue'
+
+const { t } = useI18n()
+const appStore = useAppStore()
+</script>
+
+<template>
+  <header class="topbar">
+    <div class="topbar__left">
+      <RouteLinkItem class="topbar__brand" :to="{ name: 'hermes.chat' }">
+        <AppLogo :size="30" show-text />
+      </RouteLinkItem>
+    </div>
+
+    <div class="topbar__center">
+      <ProfileSelector />
+      <ModelSelector />
+    </div>
+
+    <div class="topbar__right">
+      <div
+        class="topbar__status"
+        :class="appStore.connected ? 'is-connected' : 'is-disconnected'"
+        :title="appStore.connected ? t('sidebar.connected') : t('sidebar.disconnected')"
+      >
+        <span class="topbar__status-dot" />
+        <span class="topbar__status-label">{{ appStore.connected ? t('sidebar.connected') : t('sidebar.disconnected') }}</span>
+      </div>
+      <LanguageSwitch />
+      <ThemeSwitch />
+    </div>
+  </header>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.topbar {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 16px;
+  height: $topbar-height;
+  padding: 0 20px;
+  background: $bg-topbar;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+  z-index: 50;
+  backdrop-filter: blur(12px);
+}
+
+.topbar__left,
+.topbar__center,
+.topbar__right {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  min-width: 0;
+}
+
+.topbar__left {
+  flex-shrink: 0;
+}
+
+.topbar__center {
+  flex: 1;
+  justify-content: center;
+  max-width: 640px;
+  margin: 0 auto;
+}
+
+.topbar__right {
+  flex-shrink: 0;
+}
+
+.topbar__brand {
+  text-decoration: none;
+  color: inherit;
+  transition: opacity $transition-fast;
+
+  &:hover {
+    opacity: 0.85;
+  }
+}
+
+.topbar__status {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  padding: 4px 10px;
+  border-radius: 999px;
+  font-size: 12px;
+  font-weight: 500;
+  border: 1px solid $border-light;
+  background: $bg-secondary;
+
+  &.is-connected {
+    color: $success;
+    border-color: rgba(var(--success-rgb), 0.25);
+    background: rgba(var(--success-rgb), 0.08);
+  }
+
+  &.is-disconnected {
+    color: $error;
+    border-color: rgba(var(--error-rgb), 0.25);
+    background: rgba(var(--error-rgb), 0.08);
+  }
+}
+
+.topbar__status-dot {
+  width: 7px;
+  height: 7px;
+  border-radius: 50%;
+  background: currentColor;
+}
+
+.topbar__status-label {
+  @media (max-width: 900px) {
+    display: none;
+  }
+}
+
+:deep(.profile-selector),
+:deep(.model-selector) {
+  min-width: 0;
+  flex: 1;
+}
+
+:deep(.selector-label),
+:deep(.model-label) {
+  display: none;
+}
+
+:deep(.profile-display),
+:deep(.model-trigger) {
+  padding: 6px 12px;
+  border-radius: $radius-sm;
+  border: 1px solid $border-color;
+  background: $bg-card;
+  font-size: 13px;
+  max-width: 220px;
+}
+
+:deep(.profile-name),
+:deep(.model-name) {
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .topbar {
+    padding: 0 12px;
+    gap: 8px;
+  }
+
+  .topbar__center {
+    display: none;
+  }
+}
+</style>
diff --git a/packages/client/src/components/layout/LanguageSwitch.vue b/packages/client/src/components/layout/LanguageSwitch.vue
new file mode 100644
index 0000000..cb6a572
--- /dev/null
+++ b/packages/client/src/components/layout/LanguageSwitch.vue
@@ -0,0 +1,35 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+import { NSelect } from 'naive-ui'
+import { switchLocale } from '@/i18n'
+
+const { locale } = useI18n()
+
+const options = [
+  { label: '简体中文', value: 'zh' },
+  { label: '繁體中文', value: 'zh-TW' },
+  { label: 'English', value: 'en' },
+  { label: '日本語', value: 'ja' },
+  { label: '한국어', value: 'ko' },
+  { label: 'Français', value: 'fr' },
+  { label: 'Español', value: 'es' },
+  { label: 'Deutsch', value: 'de' },
+  { label: 'Português', value: 'pt' },
+]
+
+function handleChange(val: string) {
+  switchLocale(val)
+  localStorage.setItem('hermes_locale', val)
+}
+</script>
+
+<template>
+  <NSelect
+    :value="locale"
+    :options="options"
+    size="tiny"
+    :consistent-menu-width="false"
+    class="input-sm"
+    @update:value="handleChange"
+  />
+</template>
diff --git a/packages/client/src/components/layout/ModelSelector.vue b/packages/client/src/components/layout/ModelSelector.vue
new file mode 100644
index 0000000..bfeada3
--- /dev/null
+++ b/packages/client/src/components/layout/ModelSelector.vue
@@ -0,0 +1,481 @@
+<script setup lang="ts">
+import { ref, computed } from 'vue'
+import { NModal, NInput, NSelect } from 'naive-ui'
+import { useAppStore } from '@/stores/hermes/app'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { useI18n } from 'vue-i18n'
+
+const { t } = useI18n()
+const appStore = useAppStore()
+const profilesStore = useProfilesStore()
+
+const showModal = ref(false)
+const searchQuery = ref('')
+const collapsedGroups = ref<Record<string, boolean>>({})
+const customInput = ref('')
+const customProvider = ref('')
+
+const activeProfileName = computed(() => profilesStore.activeProfileName || 'default')
+const activeModelGroups = computed(() => {
+  const profileModels = appStore.profileModelGroups.find(entry => entry.profile === activeProfileName.value)
+  return profileModels?.groups || []
+})
+
+const providerOptions = computed(() => {
+  const current = appStore.selectedProvider
+  customProvider.value = current
+  return activeModelGroups.value.map(g => ({ label: g.label, value: g.provider }))
+})
+
+const modelGroupsWithCustom = computed(() =>
+  activeModelGroups.value.map(g => ({
+    ...g,
+    models: [
+      ...g.models,
+      ...(appStore.customModels[g.provider] || []).filter(m => !g.models.includes(m)),
+    ],
+  }))
+)
+
+const selectedModelInActiveProfile = computed(() =>
+  modelGroupsWithCustom.value.some(group =>
+    group.provider === appStore.selectedProvider && group.models.includes(appStore.selectedModel),
+  ),
+)
+
+const selectedDisplayName = computed(() =>
+  selectedModelInActiveProfile.value
+    ? appStore.displayModelName(appStore.selectedModel, appStore.selectedProvider)
+    : '',
+)
+
+function isCustomModel(model: string, provider: string) {
+  return (appStore.customModels[provider] || []).includes(model)
+}
+
+async function removeCustomModel(model: string, provider: string) {
+  await appStore.removeCustomModel(model, provider)
+}
+
+function safeLower(value: unknown) {
+  return typeof value === 'string' ? value.toLowerCase() : ''
+}
+
+const filteredGroups = computed(() => {
+  const q = safeLower(searchQuery.value).trim()
+  if (!q) return modelGroupsWithCustom.value
+  return modelGroupsWithCustom.value
+    .map(g => ({
+      ...g,
+      models: g.models.filter(m => {
+        const displayName = appStore.displayModelName(m, g.provider)
+        return safeLower(m).includes(q) || safeLower(displayName).includes(q)
+      }),
+    }))
+    .filter(g => g.models.length > 0 || safeLower(g.label).includes(q))
+})
+
+function toggleGroup(provider: string) {
+  collapsedGroups.value[provider] = !collapsedGroups.value[provider]
+}
+
+function isGroupCollapsed(provider: string) {
+  return !!collapsedGroups.value[provider]
+}
+
+function handleSelect(model: string, provider: string) {
+  const meta = activeModelGroups.value.find(g => g.provider === provider)?.model_meta?.[model]
+  if (meta?.disabled) return
+  appStore.switchModel(model, provider)
+  showModal.value = false
+  searchQuery.value = ''
+}
+
+function modelDisplayName(model: string, provider: string) {
+  return appStore.displayModelName(model, provider)
+}
+
+function modelAlias(model: string, provider: string) {
+  return appStore.getModelAlias(model, provider)
+}
+
+function handleCustomSubmit() {
+  const model = customInput.value.trim()
+  if (!model || !customProvider.value) return
+  // 拦截 disabled 模型，避免 custom input 绕过列表里的灰显限制
+  const meta = activeModelGroups.value.find(g => g.provider === customProvider.value)?.model_meta?.[model]
+  if (meta?.disabled) return
+  appStore.switchModel(model, customProvider.value)
+  showModal.value = false
+  searchQuery.value = ''
+  customInput.value = ''
+}
+
+function openModal() {
+  collapsedGroups.value = {}
+  searchQuery.value = ''
+  customInput.value = ''
+  customProvider.value = appStore.selectedProvider
+  showModal.value = true
+}
+</script>
+
+<template>
+  <div class="model-selector">
+    <div class="model-label">{{ t('models.title') }}</div>
+    <button class="model-trigger" @click="openModal">
+      <span class="model-name" :title="appStore.selectedModel">{{ selectedDisplayName || '—' }}</span>
+      <svg class="model-arrow" width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+        <polyline points="6 9 12 15 18 9" />
+      </svg>
+    </button>
+
+    <NModal
+      v-model:show="showModal"
+      preset="card"
+      :title="t('models.title')"
+      :style="{ width: 'min(480px, calc(100vw - 32px))' }"
+      :mask-closable="true"
+    >
+      <NInput
+        v-model:value="searchQuery"
+        :placeholder="t('models.searchPlaceholder')"
+        clearable
+        size="small"
+        class="model-search"
+      />
+      <div class="model-list">
+        <div v-for="group in filteredGroups" :key="group.provider" class="model-group">
+          <div class="model-group-header" @click="toggleGroup(group.provider)">
+            <svg
+              class="model-group-arrow"
+              :class="{ collapsed: isGroupCollapsed(group.provider) }"
+              width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"
+            >
+              <polyline points="6 9 12 15 18 9" />
+            </svg>
+            <span class="model-group-label">{{ group.label }}</span>
+            <span class="model-group-count">{{ group.models.length }}</span>
+          </div>
+          <div v-show="!isGroupCollapsed(group.provider)" class="model-group-items">
+            <div
+              v-for="model in group.models"
+              :key="model"
+              class="model-item"
+              :class="{
+                active: model === appStore.selectedModel && group.provider === appStore.selectedProvider,
+                disabled: !!group.model_meta?.[model]?.disabled,
+              }"
+              :title="group.model_meta?.[model]?.disabled ? t('models.disabledTooltip') : ''"
+              @click="handleSelect(model, group.provider)"
+            >
+              <span class="model-item-label">
+                <span class="model-item-name">{{ modelDisplayName(model, group.provider) }}</span>
+                <span v-if="modelAlias(model, group.provider)" class="model-item-id">
+                  {{ t('models.aliasCanonical', { model }) }}
+                </span>
+              </span>
+              <span v-if="group.model_meta?.[model]?.preview" class="model-badge-preview">{{ t('models.previewBadge') }}</span>
+              <span v-if="group.model_meta?.[model]?.disabled" class="model-badge-disabled">{{ t('models.disabledBadge') }}</span>
+              <span v-if="isCustomModel(model, group.provider)" class="model-badge-custom">{{ t('models.customBadge') }}</span>
+              <button
+                v-if="isCustomModel(model, group.provider)"
+                class="model-custom-remove"
+                type="button"
+                :title="t('models.removeCustomModel')"
+                @click.stop="removeCustomModel(model, group.provider)"
+              >
+                ×
+              </button>
+              <svg v-if="model === appStore.selectedModel && group.provider === appStore.selectedProvider" class="model-check" width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round">
+                <polyline points="20 6 9 17 4 12" />
+              </svg>
+            </div>
+          </div>
+        </div>
+        <div v-if="filteredGroups.length === 0" class="model-empty">
+          {{ searchQuery ? 'No results' : 'No models' }}
+        </div>
+        <div class="model-custom">
+          <div class="model-custom-row">
+            <NSelect
+              v-model:value="customProvider"
+              :options="providerOptions"
+              size="small"
+              class="model-custom-provider"
+            />
+            <NInput
+              v-model:value="customInput"
+              :placeholder="t('models.customModelPlaceholder')"
+              size="small"
+              class="model-custom-input"
+              @keydown.enter="handleCustomSubmit"
+            />
+          </div>
+          <div class="model-custom-hint">
+            {{ t('models.customModelHint') }}
+          </div>
+        </div>
+      </div>
+    </NModal>
+
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.model-selector {
+  padding: 0 12px;
+  margin-bottom: 8px;
+}
+
+.model-label {
+  font-size: 11px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+  margin-bottom: 6px;
+}
+
+.model-trigger {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  width: 100%;
+  padding: 6px 8px;
+  background: $bg-input;
+  border: 1px solid $border-color;
+  border-radius: $radius-sm;
+  color: $text-primary;
+  font-size: 13px;
+  cursor: pointer;
+  transition: border-color $transition-fast;
+
+  &:hover {
+    border-color: $accent-muted;
+  }
+}
+
+.model-name {
+  flex: 1;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  text-align: left;
+}
+
+.model-arrow {
+  flex-shrink: 0;
+  color: $text-muted;
+}
+
+.model-search {
+  margin-bottom: 12px;
+}
+
+.model-list {
+  max-height: 50vh;
+  overflow-y: auto;
+  scrollbar-width: thin;
+}
+
+.model-group {
+  margin-bottom: 4px;
+}
+
+.model-group-header {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  padding: 8px 8px;
+  font-size: 12px;
+  font-weight: 600;
+  color: $text-secondary;
+  cursor: pointer;
+  border-radius: $radius-sm;
+  user-select: none;
+  transition: background-color $transition-fast;
+
+  &:hover {
+    background-color: $bg-secondary;
+  }
+}
+
+.model-group-arrow {
+  flex-shrink: 0;
+  transition: transform $transition-fast;
+
+  &.collapsed {
+    transform: rotate(-90deg);
+  }
+}
+
+.model-group-label {
+  flex: 1;
+}
+
+.model-group-count {
+  font-size: 11px;
+  color: $text-muted;
+  font-weight: 400;
+}
+
+.model-group-items {
+  padding-left: 8px;
+}
+
+.model-item {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 7px 10px;
+  font-size: 13px;
+  color: $text-secondary;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &:hover {
+    background-color: rgba(var(--accent-primary-rgb), 0.06);
+    color: $text-primary;
+  }
+
+  &.active {
+    color: $accent-primary;
+    font-weight: 500;
+  }
+
+  &.disabled {
+    opacity: 0.45;
+    cursor: not-allowed;
+
+    &:hover {
+      background-color: transparent;
+      color: $text-secondary;
+    }
+  }
+}
+
+.model-item-label {
+  flex: 1;
+  min-width: 0;
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+}
+
+.model-item-name {
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  font-family: $font-code;
+  font-size: 12px;
+}
+
+.model-item-id {
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  color: $text-muted;
+  font-family: $font-code;
+  font-size: 10px;
+  font-weight: 400;
+}
+
+
+.model-check {
+  flex-shrink: 0;
+  color: $accent-primary;
+}
+
+.model-badge-custom {
+  flex-shrink: 0;
+  font-size: 9px;
+  font-weight: 600;
+  color: #fff;
+  background: $accent-primary;
+  padding: 1px 5px;
+  border-radius: 3px;
+  margin-right: 4px;
+  letter-spacing: 0.03em;
+}
+
+
+.model-custom-remove {
+  flex-shrink: 0;
+  width: 18px;
+  height: 18px;
+  border: 0;
+  border-radius: 50%;
+  background: transparent;
+  color: $text-muted;
+  cursor: pointer;
+  line-height: 18px;
+  padding: 0;
+
+  &:hover {
+    background: rgba(var(--error-rgb), 0.12);
+    color: $error;
+  }
+}
+
+.model-badge-preview {
+  flex-shrink: 0;
+  font-size: 9px;
+  font-weight: 600;
+  color: #fff;
+  background: #d97706;
+  padding: 1px 5px;
+  border-radius: 3px;
+  margin-right: 4px;
+  letter-spacing: 0.03em;
+}
+
+.model-badge-disabled {
+  flex-shrink: 0;
+  font-size: 9px;
+  font-weight: 600;
+  color: $text-muted;
+  background: transparent;
+  border: 1px solid $border-color;
+  padding: 0 5px;
+  border-radius: 3px;
+  margin-right: 4px;
+  letter-spacing: 0.03em;
+}
+
+.model-empty {
+  padding: 24px 0;
+  text-align: center;
+  font-size: 13px;
+  color: $text-muted;
+}
+
+.model-custom {
+  margin-top: 12px;
+  padding-top: 12px;
+  border-top: 1px solid $border-color;
+}
+
+.model-custom-row {
+  display: flex;
+  gap: 8px;
+}
+
+.model-custom-provider {
+  width: 160px;
+  flex-shrink: 0;
+}
+
+.model-custom-input {
+  flex: 1;
+}
+
+.model-custom-hint {
+  margin-top: 6px;
+  font-size: 11px;
+  color: $text-muted;
+}
+</style>
diff --git a/packages/client/src/components/layout/ProfileSelector.vue b/packages/client/src/components/layout/ProfileSelector.vue
new file mode 100644
index 0000000..76113fe
--- /dev/null
+++ b/packages/client/src/components/layout/ProfileSelector.vue
@@ -0,0 +1,631 @@
+<script setup lang="ts">
+import { computed, onMounted, ref } from 'vue'
+import { NButton, NModal, NSpin, useMessage } from 'naive-ui'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import {
+  fetchProfileRuntimeStatusesWithMeta,
+  restartProfileGateway,
+  restartProfileRuntime,
+  type HermesProfile,
+  type ProfileAvatar,
+  type ProfileRuntimeStatus,
+} from '@/api/hermes/profiles'
+import ProfileAvatarView from '@/components/hermes/profiles/ProfileAvatar.vue'
+import { useI18n } from 'vue-i18n'
+
+const { t } = useI18n()
+const message = useMessage()
+const profilesStore = useProfilesStore()
+
+const activeName = computed(() => profilesStore.activeProfileName ?? '')
+const displayName = computed(() => activeName.value || 'default')
+const activeProfile = computed(() => profilesStore.profiles.find(profile => profile.name === displayName.value))
+const runtimeStatuses = ref<ProfileRuntimeStatus[]>([])
+const runtimeLoading = ref(false)
+const showProfileModal = ref(false)
+const showAvatarModal = ref(false)
+const editingProfile = ref<HermesProfile | null>(null)
+const avatarSaving = ref(false)
+const fileInputRef = ref<HTMLInputElement | null>(null)
+const gatewayRestarting = ref<Record<string, boolean>>({})
+const profileRestarting = ref<Record<string, boolean>>({})
+const profileSwitching = ref<Record<string, boolean>>({})
+const statusByProfile = computed(() => new Map(runtimeStatuses.value.map(status => [status.profile, status])))
+let runtimeRefreshToken = 0
+
+async function loadRuntimeStatuses(options: { background?: boolean } = {}): Promise<boolean> {
+  const token = ++runtimeRefreshToken
+  if (!options.background) {
+    runtimeLoading.value = runtimeStatuses.value.length === 0
+  }
+  try {
+    const res = await fetchProfileRuntimeStatusesWithMeta({ refresh: !options.background })
+    if (token !== runtimeRefreshToken) return false
+    runtimeStatuses.value = res.profiles
+    return !!res.refreshing
+  } catch {
+    runtimeStatuses.value = []
+    return false
+  } finally {
+    if (token === runtimeRefreshToken) {
+      runtimeLoading.value = false
+    }
+  }
+}
+
+function openProfileModal() {
+  showProfileModal.value = true
+  void loadRuntimeStatuses().then((refreshing) => {
+    if (refreshing) scheduleRuntimeStatusPoll()
+  })
+}
+
+function scheduleRuntimeStatusPoll(attempt = 0) {
+  if (attempt >= 12 || typeof window === 'undefined') return
+  window.setTimeout(() => {
+    if (!showProfileModal.value) return
+    void loadRuntimeStatuses({ background: true }).then((refreshing) => {
+      if (refreshing) scheduleRuntimeStatusPoll(attempt + 1)
+    })
+  }, attempt === 0 ? 700 : 1200)
+}
+
+function openAvatarModal(profile: HermesProfile) {
+  editingProfile.value = profile
+  showAvatarModal.value = true
+}
+
+function randomSeed() {
+  return `profile-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`
+}
+
+async function saveAvatar(avatar: ProfileAvatar) {
+  if (!editingProfile.value) return
+  avatarSaving.value = true
+  try {
+    await profilesStore.updateAvatar(editingProfile.value.name, avatar)
+    message.success(t('profiles.avatar.saveSuccess'))
+    showAvatarModal.value = false
+  } catch (err: any) {
+    message.error(err?.message || t('profiles.avatar.saveFailed'))
+  } finally {
+    avatarSaving.value = false
+  }
+}
+
+async function handleRandomAvatar() {
+  await saveAvatar({ type: 'generated', seed: randomSeed() })
+}
+
+async function handleResetAvatar() {
+  if (!editingProfile.value) return
+  avatarSaving.value = true
+  try {
+    await profilesStore.deleteAvatar(editingProfile.value.name)
+    message.success(t('profiles.avatar.resetSuccess'))
+    showAvatarModal.value = false
+  } catch (err: any) {
+    message.error(err?.message || t('profiles.avatar.resetFailed'))
+  } finally {
+    avatarSaving.value = false
+  }
+}
+
+function triggerAvatarUpload() {
+  fileInputRef.value?.click()
+}
+
+async function handleAvatarFileChange(event: Event) {
+  const input = event.target as HTMLInputElement
+  const file = input.files?.[0]
+  input.value = ''
+  if (!file) return
+  if (!['image/png', 'image/jpeg', 'image/webp'].includes(file.type)) {
+    message.warning(t('profiles.avatar.invalidType'))
+    return
+  }
+  if (file.size > 1024 * 1024) {
+    message.warning(t('profiles.avatar.tooLarge'))
+    return
+  }
+  const dataUrl = await new Promise<string>((resolve, reject) => {
+    const reader = new FileReader()
+    reader.onload = () => resolve(String(reader.result || ''))
+    reader.onerror = () => reject(reader.error || new Error('Failed to read file'))
+    reader.readAsDataURL(file)
+  })
+  await saveAvatar({ type: 'image', dataUrl })
+}
+
+function gatewayStatusText(running?: boolean) {
+  if (running == null) return t('profiles.runtime.checking')
+  return running ? t('profiles.runtime.running') : t('profiles.runtime.stopped')
+}
+
+function bridgeStatusText(running?: boolean) {
+  if (running == null) return t('profiles.runtime.checking')
+  return running ? t('profiles.runtime.active') : t('profiles.runtime.idle')
+}
+
+async function handleRestartGateway(name: string) {
+  gatewayRestarting.value = { ...gatewayRestarting.value, [name]: true }
+  try {
+    const gateway = await restartProfileGateway(name)
+    const current = statusByProfile.value.get(name)
+    if (current) {
+      runtimeStatuses.value = runtimeStatuses.value.map(status => (
+        status.profile === name ? { ...status, gateway } : status
+      ))
+    }
+    message.success(t('profiles.runtime.gatewayRestarted', { name }))
+  } catch (err: any) {
+    message.error(err?.message || t('profiles.runtime.gatewayRestartFailed'))
+  } finally {
+    gatewayRestarting.value = { ...gatewayRestarting.value, [name]: false }
+  }
+}
+
+async function handleRestartProfile(name: string) {
+  profileRestarting.value = { ...profileRestarting.value, [name]: true }
+  try {
+    const status = await restartProfileRuntime(name)
+    runtimeStatuses.value = runtimeStatuses.value.map(item => (
+      item.profile === name ? status : item
+    ))
+    message.success(t('profiles.runtime.profileRestarted', { name }))
+  } catch (err: any) {
+    message.error(err?.message || t('profiles.runtime.profileRestartFailed'))
+  } finally {
+    profileRestarting.value = { ...profileRestarting.value, [name]: false }
+  }
+}
+
+async function handleSwitchProfile(name: string) {
+  if (name === displayName.value) return
+  profileSwitching.value = { ...profileSwitching.value, [name]: true }
+  try {
+    const ok = await profilesStore.switchProfile(name)
+    if (!ok) throw new Error(t('profiles.switchFailed'))
+    message.success(t('profiles.switchSuccess', { name }))
+    window.location.reload()
+  } catch (err: any) {
+    message.error(err?.message || t('profiles.switchFailed'))
+  } finally {
+    profileSwitching.value = { ...profileSwitching.value, [name]: false }
+  }
+}
+
+onMounted(() => {
+  if (profilesStore.profiles.length === 0) {
+    profilesStore.fetchProfiles()
+  }
+})
+</script>
+
+<template>
+  <div class="profile-selector">
+    <div class="selector-label">{{ t('sidebar.profiles') }}</div>
+    <div class="profile-display" data-testid="profile-selector-select" @click="openProfileModal">
+      <ProfileAvatarView class="profile-avatar" :name="displayName" :avatar="activeProfile?.avatar" :size="24" />
+      <span class="profile-name">{{ displayName }}</span>
+    </div>
+
+    <NModal
+      v-model:show="showProfileModal"
+      preset="card"
+      :bordered="false"
+      :style="{ width: '720px', maxWidth: 'calc(100vw - 32px)' }"
+      class="profile-manager-modal"
+    >
+      <template #header>
+        <div class="profile-modal-header">
+          <div class="profile-popover-title">
+            <span class="profile-popover-name">{{ t('sidebar.profiles') }}</span>
+            <span class="profile-popover-subtitle">{{ t('profiles.runtime.activeProfile', { name: displayName }) }}</span>
+          </div>
+        </div>
+      </template>
+
+      <NSpin :show="runtimeLoading" size="small">
+        <div class="profile-runtime-list">
+          <div
+            v-for="profile in profilesStore.profiles"
+            :key="profile.name"
+            class="profile-runtime-item"
+            :class="{ active: profile.name === displayName }"
+          >
+            <div class="profile-runtime-main">
+              <ProfileAvatarView class="profile-runtime-avatar" :name="profile.name" :avatar="profile.avatar" :size="34" />
+              <div class="profile-runtime-info">
+                <div class="profile-runtime-name-row">
+                  <span class="profile-runtime-name">{{ profile.name }}</span>
+                  <span v-if="profile.name === displayName" class="active-badge">{{ t('profiles.runtime.activeTag') }}</span>
+                </div>
+                <div class="runtime-status-grid">
+                  <div class="runtime-row compact">
+                    <span class="runtime-label">{{ t('profiles.runtime.bridgeWorker') }}</span>
+                    <span class="runtime-value" :class="{ running: statusByProfile.get(profile.name)?.bridge.running }">
+                      <span class="runtime-dot" />
+                      {{ bridgeStatusText(statusByProfile.get(profile.name)?.bridge.running) }}
+                    </span>
+                  </div>
+                  <div class="runtime-row compact">
+                    <span class="runtime-label">{{ t('profiles.runtime.gateway') }}</span>
+                    <span class="runtime-value" :class="{ running: statusByProfile.get(profile.name)?.gateway.running }">
+                      <span class="runtime-dot" />
+                      {{ gatewayStatusText(statusByProfile.get(profile.name)?.gateway.running) }}
+                    </span>
+                  </div>
+                </div>
+                <div
+                  v-if="!statusByProfile.get(profile.name)?.gateway.running && (statusByProfile.get(profile.name)?.gateway.diagnostics?.reason || statusByProfile.get(profile.name)?.gateway.error)"
+                  class="runtime-detail"
+                >
+                  {{ statusByProfile.get(profile.name)?.gateway.diagnostics?.reason || statusByProfile.get(profile.name)?.gateway.error }}
+                </div>
+              </div>
+            </div>
+            <div class="profile-runtime-actions">
+              <NButton
+                size="small"
+                type="primary"
+                @click="openAvatarModal(profile)"
+              >
+                {{ t('profiles.avatar.customize') }}
+              </NButton>
+              <NButton
+                size="small"
+                type="primary"
+                :loading="gatewayRestarting[profile.name]"
+                @click="handleRestartGateway(profile.name)"
+              >
+                {{ t('profiles.runtime.restartGateway') }}
+              </NButton>
+              <NButton
+                size="small"
+                type="primary"
+                :loading="profileRestarting[profile.name]"
+                @click="handleRestartProfile(profile.name)"
+              >
+                {{ t('profiles.runtime.restartProfile') }}
+              </NButton>
+              <NButton
+                size="small"
+                type="primary"
+                :disabled="profile.name === displayName"
+                :loading="profileSwitching[profile.name]"
+                @click="handleSwitchProfile(profile.name)"
+              >
+                {{ t('profiles.runtime.switchProfile') }}
+              </NButton>
+            </div>
+          </div>
+        </div>
+      </NSpin>
+    </NModal>
+
+    <NModal
+      v-model:show="showAvatarModal"
+      preset="card"
+      :title="t('profiles.avatar.title')"
+      :bordered="false"
+      :style="{ width: '420px', maxWidth: 'calc(100vw - 32px)' }"
+    >
+      <div v-if="editingProfile" class="avatar-editor">
+        <ProfileAvatarView :name="editingProfile.name" :avatar="editingProfile.avatar" :size="72" />
+        <div class="avatar-editor-meta">
+          <div class="avatar-editor-name">{{ editingProfile.name }}</div>
+          <div class="avatar-editor-hint">{{ t('profiles.avatar.hint') }}</div>
+        </div>
+        <input
+          ref="fileInputRef"
+          class="avatar-file-input"
+          type="file"
+          accept="image/png,image/jpeg,image/webp"
+          @change="handleAvatarFileChange"
+        >
+        <div class="avatar-editor-actions">
+          <NButton type="primary" :loading="avatarSaving" @click="triggerAvatarUpload">
+            {{ t('profiles.avatar.upload') }}
+          </NButton>
+          <NButton type="primary" :loading="avatarSaving" @click="handleRandomAvatar">
+            {{ t('profiles.avatar.random') }}
+          </NButton>
+          <NButton :loading="avatarSaving" @click="handleResetAvatar">
+            {{ t('profiles.avatar.reset') }}
+          </NButton>
+        </div>
+      </div>
+    </NModal>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.profile-selector {
+  padding: 0 12px;
+  margin-bottom: 8px;
+}
+
+.selector-label {
+  font-size: 11px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+  margin-bottom: 6px;
+}
+
+.profile-display {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  min-width: 0;
+  height: 34px;
+  padding: 4px 6px;
+  border-radius: 8px;
+  background: $bg-secondary;
+  border: 1px solid $border-color;
+  cursor: pointer;
+}
+
+.profile-avatar {
+  background: $bg-card;
+}
+
+.profile-name {
+  min-width: 0;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  font-size: 13px;
+  font-weight: 600;
+  color: $text-primary;
+}
+
+.profile-popover {
+  display: flex;
+  flex-direction: column;
+  gap: 12px;
+}
+
+.profile-popover-header {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  min-width: 0;
+}
+
+.profile-popover-avatar {
+  width: 36px;
+  height: 36px;
+  border-radius: 50%;
+  overflow: hidden;
+  background: $bg-secondary;
+  flex: 0 0 auto;
+
+  :deep(svg) {
+    width: 100%;
+    height: 100%;
+    display: block;
+  }
+}
+
+.profile-popover-title {
+  min-width: 0;
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+}
+
+.profile-popover-name {
+  min-width: 0;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  font-size: 14px;
+  font-weight: 700;
+  color: $text-primary;
+}
+
+.profile-popover-subtitle,
+.runtime-label,
+.runtime-detail {
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.runtime-list {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+  min-height: 62px;
+}
+
+.profile-runtime-list {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+  max-height: 420px;
+  min-height: 96px;
+  overflow-y: auto;
+}
+
+.profile-runtime-item {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+  padding: 10px;
+  border: 1px solid $border-color;
+  border-radius: 8px;
+  background: $bg-card;
+
+  &.active {
+    border-color: $accent-muted;
+    background: $bg-card-hover;
+  }
+}
+
+.profile-runtime-main {
+  display: flex;
+  gap: 10px;
+  min-width: 0;
+}
+
+.profile-runtime-avatar {
+  background: $bg-secondary;
+}
+
+.profile-runtime-info {
+  min-width: 0;
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  gap: 5px;
+}
+
+.profile-runtime-name-row {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  min-width: 0;
+}
+
+.profile-runtime-name {
+  min-width: 0;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  font-size: 13px;
+  font-weight: 700;
+  color: $text-primary;
+}
+
+.active-badge {
+  flex: 0 0 auto;
+  padding: 1px 5px;
+  border-radius: 999px;
+  background: color-mix(in srgb, $success 16%, transparent);
+  color: $success;
+  font-size: 10px;
+  font-weight: 700;
+}
+
+.profile-runtime-actions {
+  display: flex;
+  flex-wrap: wrap;
+  justify-content: flex-end;
+  gap: 6px;
+
+  :deep(.n-button) {
+    min-width: 88px;
+  }
+}
+
+.runtime-row {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+
+  &.compact {
+    gap: 8px;
+  }
+}
+
+.runtime-value {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  color: $text-secondary;
+  font-size: 12px;
+  font-weight: 600;
+
+  &.running {
+    color: $success;
+
+    .runtime-dot {
+      background: $success;
+    }
+  }
+}
+
+.runtime-dot {
+  width: 7px;
+  height: 7px;
+  border-radius: 50%;
+  background: $text-muted;
+}
+
+.runtime-detail {
+  line-height: 1.4;
+  word-break: break-word;
+}
+
+.avatar-editor {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 14px;
+}
+
+.avatar-editor-meta {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 4px;
+  min-width: 0;
+}
+
+.avatar-editor-name {
+  max-width: 100%;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  font-size: 15px;
+  font-weight: 700;
+  color: $text-primary;
+}
+
+.avatar-editor-hint {
+  font-size: 12px;
+  color: $text-muted;
+  text-align: center;
+}
+
+.avatar-file-input {
+  display: none;
+}
+
+.avatar-editor-actions {
+  display: flex;
+  flex-wrap: wrap;
+  justify-content: center;
+  gap: 8px;
+}
+
+@media (max-width: 520px) {
+  .profile-runtime-actions {
+    justify-content: flex-start;
+    gap: 5px;
+
+    :deep(.n-button) {
+      min-width: 0;
+      --n-height: 26px !important;
+      --n-font-size: 12px !important;
+      --n-padding: 0 8px !important;
+    }
+  }
+
+  .avatar-editor-actions {
+    gap: 6px;
+
+    :deep(.n-button) {
+      --n-height: 28px !important;
+      --n-font-size: 12px !important;
+      --n-padding: 0 9px !important;
+    }
+  }
+}
+</style>
diff --git a/packages/client/src/components/layout/ThemeSwitch.vue b/packages/client/src/components/layout/ThemeSwitch.vue
new file mode 100644
index 0000000..4eb6793
--- /dev/null
+++ b/packages/client/src/components/layout/ThemeSwitch.vue
@@ -0,0 +1,59 @@
+<script setup lang="ts">
+import { useTheme } from '@/composables/useTheme'
+
+const { isDark, isComic, toggleBrightness, toggleStyle } = useTheme()
+</script>
+
+<template>
+  <div class="theme-switch-container" style="display: flex; gap: 4px; align-items: center;">
+    <button class="theme-switch" :title="isComic ? 'Ink style' : 'Comic style'" @click="toggleStyle">
+      <!-- Palette icon for comic toggle -->
+      <svg v-if="isComic" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+        <path d="M12 2.69l5.66 5.66a8 8 0 1 1-11.31 0z" />
+      </svg>
+      <!-- Sparkle icon for ink mode -->
+      <svg v-else width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+        <path d="M12 3l1.5 5.5L19 10l-5.5 1.5L12 17l-1.5-5.5L5 10l5.5-1.5L12 3z" />
+      </svg>
+    </button>
+    <button class="theme-switch" :title="isDark ? 'Light mode' : 'Dark mode'" @click="toggleBrightness">
+      <!-- Sun icon (shown in dark mode) -->
+      <svg v-if="isDark" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+        <circle cx="12" cy="12" r="5" />
+        <line x1="12" y1="1" x2="12" y2="3" />
+        <line x1="12" y1="21" x2="12" y2="23" />
+        <line x1="4.22" y1="4.22" x2="5.64" y2="5.64" />
+        <line x1="18.36" y1="18.36" x2="19.78" y2="19.78" />
+        <line x1="1" y1="12" x2="3" y2="12" />
+        <line x1="21" y1="12" x2="23" y2="12" />
+        <line x1="4.22" y1="19.78" x2="5.64" y2="18.36" />
+        <line x1="18.36" y1="5.64" x2="19.78" y2="4.22" />
+      </svg>
+      <!-- Moon icon (shown in light mode) -->
+      <svg v-else width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+        <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z" />
+      </svg>
+    </button>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.theme-switch {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 28px;
+  height: 28px;
+  border: none;
+  background: transparent;
+  border-radius: 4px;
+  cursor: pointer;
+  color: var(--text-muted);
+  transition: color 0.15s ease, background-color 0.15s ease;
+
+  &:hover {
+    color: var(--text-primary);
+    background: rgba(var(--accent-primary-rgb), 0.06);
+  }
+}
+</style>
diff --git a/packages/client/src/composables/useKeyboard.ts b/packages/client/src/composables/useKeyboard.ts
new file mode 100644
index 0000000..7f78987
--- /dev/null
+++ b/packages/client/src/composables/useKeyboard.ts
@@ -0,0 +1,55 @@
+import { onMounted, onUnmounted } from 'vue'
+import { useRouter } from 'vue-router'
+import { useChatStore } from '@/stores/hermes/chat'
+import { useSessionSearch } from './useSessionSearch'
+
+export function useKeyboard() {
+  const router = useRouter()
+  const chatStore = useChatStore()
+  const { sessionSearchOpen, openSessionSearch, closeSessionSearch } = useSessionSearch()
+
+  function handleKeydown(e: KeyboardEvent) {
+    const mod = e.ctrlKey || e.metaKey
+
+    if (mod && e.key === 'n') {
+      e.preventDefault()
+      chatStore.newChat()
+      return
+    }
+
+    if (mod && e.key === 'j') {
+      e.preventDefault()
+      router.push({ name: 'hermes.jobs' })
+      return
+    }
+
+    if (mod && e.key.toLowerCase() === 'k') {
+      if (router.currentRoute.value.name === 'login') return
+      e.preventDefault()
+      openSessionSearch()
+      return
+    }
+
+    if (e.key === 'Escape') {
+      if (sessionSearchOpen.value) {
+        e.preventDefault()
+        closeSessionSearch()
+        return
+      }
+      // Close any open modals — naive-ui handles this internally
+      const modal = document.querySelector('.n-modal-mask')
+      if (modal) {
+        const closeBtn = modal.querySelector('.n-base-close') as HTMLElement
+        closeBtn?.click()
+      }
+    }
+  }
+
+  onMounted(() => {
+    window.addEventListener('keydown', handleKeydown)
+  })
+
+  onUnmounted(() => {
+    window.removeEventListener('keydown', handleKeydown)
+  })
+}
diff --git a/packages/client/src/composables/usePersistentRecord.ts b/packages/client/src/composables/usePersistentRecord.ts
new file mode 100644
index 0000000..d233405
--- /dev/null
+++ b/packages/client/src/composables/usePersistentRecord.ts
@@ -0,0 +1,23 @@
+import { reactive } from 'vue'
+
+export function usePersistentRecord(key: string) {
+  let initial: Record<string, boolean> = {}
+
+  if (typeof window !== 'undefined') {
+    try {
+      const raw = window.localStorage.getItem(key)
+      if (raw) initial = JSON.parse(raw)
+    } catch {
+      initial = {}
+    }
+  }
+
+  const record = reactive<Record<string, boolean>>({ ...initial })
+
+  function persist() {
+    if (typeof window === 'undefined') return
+    window.localStorage.setItem(key, JSON.stringify({ ...record }))
+  }
+
+  return { record, persist }
+}
diff --git a/packages/client/src/composables/useSessionSearch.ts b/packages/client/src/composables/useSessionSearch.ts
new file mode 100644
index 0000000..2c46726
--- /dev/null
+++ b/packages/client/src/composables/useSessionSearch.ts
@@ -0,0 +1,19 @@
+import { ref } from 'vue'
+
+const sessionSearchOpen = ref(false)
+
+export function useSessionSearch() {
+  function openSessionSearch() {
+    sessionSearchOpen.value = true
+  }
+
+  function closeSessionSearch() {
+    sessionSearchOpen.value = false
+  }
+
+  return {
+    sessionSearchOpen,
+    openSessionSearch,
+    closeSessionSearch,
+  }
+}
diff --git a/packages/client/src/composables/useSpeech.ts b/packages/client/src/composables/useSpeech.ts
new file mode 100644
index 0000000..43cbfaa
--- /dev/null
+++ b/packages/client/src/composables/useSpeech.ts
@@ -0,0 +1,667 @@
+import { ref, computed, onUnmounted } from 'vue'
+import { generateSpeech, playAudioBlob } from '@/api/hermes/tts'
+import { getApiKey } from '@/api/client'
+
+export interface SpeechOptions {
+  lang?: string      // 语言 'zh-CN', 'en-US' 等
+  voiceName?: string // 指定 WebSpeech 音色名称
+}
+
+export interface OpenaiTtsOptions {
+  baseUrl: string
+  apiKey?: string
+  model?: string
+  voice?: string
+  rate?: string   // Edge TTS rate format, e.g. "+20%"
+  pitch?: string  // Edge TTS pitch format, e.g. "-8Hz"
+}
+
+export interface MimoTtsOptions {
+  baseUrl: string
+  apiKey: string
+  model: string
+  voice: string               // preset voice ID (preset mode) or data URI (clone mode)
+  voiceDesignDesc?: string    // voice design description text (voice design mode)
+  stylePrompt?: string        // natural language style instruction
+}
+
+export interface SpeechState {
+  isPlaying: boolean
+  isPaused: boolean
+  currentMessageId: string | null
+  progress: number  // 当前进度（字符数）
+  engine: 'none' | 'tts' | 'browser'  // 当前使用的引擎
+}
+
+interface SpeechQueueItem {
+  messageId: string
+  content: string
+  options: SpeechOptions
+}
+
+/**
+ * 语音播放 Composable
+ * 优先后端 TTS（Edge → Google），失败降级浏览器 speechSynthesis
+ */
+export function useSpeech() {
+  const synth = window.speechSynthesis
+  const availableVoices = ref<SpeechSynthesisVoice[]>([])
+  const state = ref<SpeechState>({
+    isPlaying: false,
+    isPaused: false,
+    currentMessageId: null,
+    progress: 0,
+    engine: 'none',
+  })
+
+  let utterance: SpeechSynthesisUtterance | null = null
+  let currentAudio: HTMLAudioElement | null = null
+  let playbackToken = 0
+  const speechQueue: SpeechQueueItem[] = []
+
+  // 自定义 TTS（OpenAI / Custom / Edge）播放状态
+  const isCustomPlaying = ref(false)
+  const isCustomPaused = ref(false)
+  const currentCustomMessageId = ref<string | null>(null)
+
+  // 加载可用语音列表
+  function loadVoices() {
+    availableVoices.value = synth.getVoices()
+  }
+
+  synth.addEventListener('voiceschanged', loadVoices)
+  loadVoices()
+
+  /**
+   * 从文本中提取纯文本内容，过滤代码块、thinking 标签等
+   */
+  function extractReadableText(content: string): string {
+    if (!content) return ''
+
+    let text = content
+
+    // 移除 thinking 标签内容
+    text = text.replace(/<thinking[^>]*>[\s\S]*?<\/thinking>/gi, '')
+    text = text.replace(/<thinking[^>]*>[\s\S]*/gi, '')
+
+    // 移除代码块
+    text = text.replace(/```[\s\S]*?```/g, '')
+    text = text.replace(/`[^`]+`/g, '')
+
+    // 移除 HTML 标签
+    text = text.replace(/<[^>]+>/g, '')
+
+    text = text.replace(/[^\p{L}\p{N}\s。!?;,，。！？；：、""''（）【】《》\n一-鿿㐀-䶿]/gu, '')
+
+    text = text.replace(/\s+/g, ' ').trim()
+
+    return text
+  }
+
+  const isSupported = computed(() => {
+    return 'speechSynthesis' in window && 'SpeechSynthesisUtterance' in window
+  })
+
+  function getDefaultVoice(): SpeechSynthesisVoice | null {
+    const voices = availableVoices.value
+    if (voices.length === 0) return null
+
+    const zhVoice = voices.find(v => v.lang.startsWith('zh'))
+    if (zhVoice) return zhVoice
+
+    const enVoice = voices.find(v => v.lang.startsWith('en'))
+    if (enVoice) return enVoice
+
+    return voices[0]
+  }
+
+  function stop(clearQueue = true) {
+    playbackToken += 1
+    if (clearQueue) {
+      speechQueue.length = 0
+    }
+    // Stop TTS audio
+    if (currentAudio) {
+      currentAudio.pause()
+      currentAudio.src = ''
+      currentAudio = null
+    }
+    // Stop browser speech
+    if (synth.speaking || synth.pending || synth.paused) {
+      synth.cancel()
+    }
+    utterance = null
+    state.value = {
+      isPlaying: false,
+      isPaused: false,
+      currentMessageId: null,
+      progress: 0,
+      engine: 'none',
+    }
+  }
+
+  // ─── TTS Engine (server-side) ───────────────────────────────
+
+  async function speakViaTts(messageId: string, text: string, options: SpeechOptions, token: number) {
+    // Set playing state immediately so UI shows breathing animation right away
+    state.value.isPlaying = true
+    state.value.isPaused = false
+    state.value.currentMessageId = messageId
+    state.value.progress = 0
+    state.value.engine = 'tts'
+
+    try {
+      const lang = options.lang || 'zh-CN'
+
+      const { audio } = await generateSpeech({ text, lang })
+
+      if (token !== playbackToken) return
+
+      currentAudio = playAudioBlob(audio)
+
+      currentAudio.onended = () => {
+        if (token !== playbackToken) return
+        state.value.isPlaying = false
+        state.value.isPaused = false
+        state.value.currentMessageId = null
+        state.value.progress = text.length
+        state.value.engine = 'none'
+        currentAudio = null
+        if (speechQueue.length > 0) {
+          setTimeout(playNextQueuedSpeech, 0)
+        }
+      }
+
+      currentAudio.onerror = () => {
+        if (token !== playbackToken) return
+        // TTS playback failed, fallback to browser
+        console.warn('[useSpeech] TTS audio playback error, falling back to browser')
+        speakViaBrowser(messageId, text, options, token)
+      }
+    } catch (err) {
+      if (token !== playbackToken) return
+      console.warn('[useSpeech] TTS API failed, falling back to browser:', err)
+      speakViaBrowser(messageId, text, options, token)
+    }
+  }
+
+  // ─── Browser Engine (Web Speech API) ────────────────────────
+
+  function speakViaBrowser(messageId: string, text: string, options: SpeechOptions, token?: number) {
+    token = token || ++playbackToken
+    utterance = new SpeechSynthesisUtterance(text)
+    const activeUtterance = utterance
+
+    utterance.rate = 1
+    utterance.pitch = 1
+    utterance.volume = 1
+
+    // 使用指定的音色（如果有），否则用默认
+    if (options.voiceName) {
+      const voice = availableVoices.value.find(v => v.name === options.voiceName)
+      if (voice) {
+        utterance.voice = voice
+      }
+    }
+    if (!utterance.voice) {
+      utterance.voice = getDefaultVoice()
+    }
+
+    if (options.lang) {
+      utterance.lang = options.lang
+    } else if (utterance.voice) {
+      utterance.lang = utterance.voice.lang
+    }
+
+    state.value.engine = 'browser'
+    state.value.isPlaying = true
+    state.value.isPaused = false
+    state.value.currentMessageId = messageId
+    state.value.progress = 0
+
+    utterance.onboundary = (event) => {
+      if (token !== playbackToken || utterance !== activeUtterance) return
+      if (event.name === 'word') {
+        state.value.progress = event.charIndex
+      }
+    }
+
+    utterance.onend = () => {
+      if (token !== playbackToken || utterance !== activeUtterance) return
+      state.value.isPlaying = false
+      state.value.isPaused = false
+      state.value.currentMessageId = null
+      state.value.progress = text.length
+      state.value.engine = 'none'
+      utterance = null
+      if (speechQueue.length > 0) {
+        setTimeout(playNextQueuedSpeech, 0)
+      }
+    }
+
+    utterance.onerror = () => {
+      if (token !== playbackToken || utterance !== activeUtterance) return
+      state.value.isPlaying = false
+      state.value.isPaused = false
+      state.value.currentMessageId = null
+      state.value.engine = 'none'
+      utterance = null
+      if (speechQueue.length > 0) {
+        setTimeout(playNextQueuedSpeech, 0)
+      }
+    }
+
+    synth.speak(utterance)
+  }
+
+  // ─── OpenAI-compatible TTS Engine ────────────────────────────
+
+  let customAudio: HTMLAudioElement | null = null
+
+  async function openaiPlay(
+    messageId: string,
+    content: string,
+    opts: OpenaiTtsOptions,
+  ) {
+    const text = extractReadableText(content)
+    if (!text) return
+
+    const token = ++playbackToken
+
+    isCustomPlaying.value = true
+    isCustomPaused.value = false
+    currentCustomMessageId.value = messageId
+
+    const url = `${opts.baseUrl.replace(/\/+$/, '')}/audio/speech`
+    const body: Record<string, any> = {
+      model: opts.model || 'tts-1',
+      input: text,
+      voice: opts.voice || 'alloy',
+    }
+    // Edge TTS proxy 支持 rate/pitch 参数
+    if (opts.rate) body.rate = opts.rate
+    if (opts.pitch) body.pitch = opts.pitch
+
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+    }
+    if (opts.apiKey) {
+      headers['Authorization'] = `Bearer ${opts.apiKey}`
+    } else if (opts.baseUrl.startsWith('/')) {
+      // 本地代理请求自动附加 JWT
+      const jwt = getApiKey()
+      if (jwt) headers['Authorization'] = `Bearer ${jwt}`
+    }
+
+    try {
+      const res = await fetch(url, {
+        method: 'POST',
+        headers,
+        body: JSON.stringify(body),
+      })
+
+      if (token !== playbackToken) return
+
+      if (!res.ok) {
+        const errText = await res.text().catch(() => '')
+        throw new Error(`OpenAI TTS 返回 ${res.status}: ${errText || res.statusText}`)
+      }
+
+      const audioBlob = await res.blob()
+      if (token !== playbackToken) return
+
+      const audioUrl = URL.createObjectURL(audioBlob)
+      const audio = new Audio(audioUrl)
+      customAudio = audio
+
+      audio.onended = () => {
+        if (token !== playbackToken) return
+        URL.revokeObjectURL(audioUrl)
+        isCustomPlaying.value = false
+        isCustomPaused.value = false
+        currentCustomMessageId.value = null
+        customAudio = null
+      }
+
+      audio.onerror = () => {
+        if (token !== playbackToken) return
+        URL.revokeObjectURL(audioUrl)
+        console.warn('[useSpeech] Custom TTS audio playback error')
+        isCustomPlaying.value = false
+        isCustomPaused.value = false
+        currentCustomMessageId.value = null
+        customAudio = null
+      }
+
+      await audio.play()
+    } catch (err) {
+      if (token !== playbackToken) return
+      console.error('[useSpeech] OpenAI TTS 请求失败:', err)
+      isCustomPlaying.value = false
+      isCustomPaused.value = false
+      currentCustomMessageId.value = null
+      throw err
+    }
+  }
+
+  function openaiToggle(messageId: string, content: string, opts: OpenaiTtsOptions) {
+    if (currentCustomMessageId.value === messageId && isCustomPlaying.value) {
+      if (isCustomPaused.value) {
+        if (customAudio) {
+          customAudio.play()
+        }
+        isCustomPaused.value = false
+      } else {
+        if (customAudio) {
+          customAudio.pause()
+        }
+        isCustomPaused.value = true
+      }
+    } else {
+      stop(false)
+      if (customAudio) {
+        customAudio.pause()
+        customAudio = null
+      }
+      openaiPlay(messageId, content, opts)
+    }
+  }
+
+  // ─── MiMo TTS Engine ──────────────────────────────────────────
+
+  async function mimoPlay(
+    messageId: string,
+    content: string,
+    opts: MimoTtsOptions,
+  ) {
+    const text = extractReadableText(content)
+    if (!text) return
+
+    const token = ++playbackToken
+
+    isCustomPlaying.value = true
+    isCustomPaused.value = false
+    currentCustomMessageId.value = messageId
+
+    // Build messages based on model type
+    const messages: Array<{ role: string; content: string }> = []
+
+    if (opts.model === 'mimo-v2.5-tts-voicedesign') {
+      // Voice design: user message = voice description (+ appended style prompt)
+      const desc = opts.voiceDesignDesc || ''
+      const userContent = opts.stylePrompt
+        ? `${desc}\n风格指令：${opts.stylePrompt}`
+        : desc
+      messages.push({ role: 'user', content: userContent || '默认音色' })
+    } else {
+      // Preset voices: user message = style prompt or empty
+      messages.push({ role: 'user', content: opts.stylePrompt || '' })
+    }
+
+    // assistant message = synthesis text
+    messages.push({ role: 'assistant', content: text })
+
+    const audio: Record<string, any> = { format: 'wav' }
+    // Voice design model does not accept audio.voice
+    if (opts.model !== 'mimo-v2.5-tts-voicedesign') {
+      audio.voice = opts.voice
+    }
+
+    const body: Record<string, any> = {
+      model: opts.model,
+      messages,
+      audio,
+    }
+
+    const url = `${opts.baseUrl.replace(/\/+$/, '')}/chat/completions`
+
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+      'api-key': opts.apiKey,
+    }
+
+    try {
+      const res = await fetch(url, {
+        method: 'POST',
+        headers,
+        body: JSON.stringify(body),
+      })
+
+      if (token !== playbackToken) return
+
+      if (!res.ok) {
+        const errText = await res.text().catch(() => '')
+        throw new Error(`MiMo TTS 返回 ${res.status}: ${errText || res.statusText}`)
+      }
+
+      const json = await res.json()
+      if (token !== playbackToken) return
+
+      const audioBase64 = json?.choices?.[0]?.message?.audio?.data
+      if (!audioBase64) {
+        throw new Error('MiMo TTS 响应中未找到音频数据')
+      }
+
+      // base64 → binary → Blob
+      const binaryStr = atob(audioBase64)
+      const bytes = new Uint8Array(binaryStr.length)
+      for (let i = 0; i < binaryStr.length; i++) {
+        bytes[i] = binaryStr.charCodeAt(i)
+      }
+      const audioBlob = new Blob([bytes], { type: 'audio/wav' })
+
+      if (token !== playbackToken) return
+
+      const audioUrl = URL.createObjectURL(audioBlob)
+      const audio = new Audio(audioUrl)
+      customAudio = audio
+
+      audio.onended = () => {
+        if (token !== playbackToken) return
+        URL.revokeObjectURL(audioUrl)
+        isCustomPlaying.value = false
+        isCustomPaused.value = false
+        currentCustomMessageId.value = null
+        customAudio = null
+      }
+
+      audio.onerror = () => {
+        if (token !== playbackToken) return
+        URL.revokeObjectURL(audioUrl)
+        console.warn('[useSpeech] MiMo TTS audio playback error')
+        isCustomPlaying.value = false
+        isCustomPaused.value = false
+        currentCustomMessageId.value = null
+        customAudio = null
+      }
+
+      await audio.play()
+    } catch (err) {
+      if (token !== playbackToken) return
+      console.error('[useSpeech] MiMo TTS 请求失败:', err)
+      isCustomPlaying.value = false
+      isCustomPaused.value = false
+      currentCustomMessageId.value = null
+      throw err
+    }
+  }
+
+  function mimoToggle(messageId: string, content: string, opts: MimoTtsOptions) {
+    if (currentCustomMessageId.value === messageId && isCustomPlaying.value) {
+      if (isCustomPaused.value) {
+        if (customAudio) {
+          customAudio.play()
+        }
+        isCustomPaused.value = false
+      } else {
+        if (customAudio) {
+          customAudio.pause()
+        }
+        isCustomPaused.value = true
+      }
+    } else {
+      stop(false)
+      if (customAudio) {
+        customAudio.pause()
+        customAudio = null
+      }
+      mimoPlay(messageId, content, opts)
+    }
+  }
+
+  // ─── Unified speak ──────────────────────────────────────────
+
+  function speak(messageId: string, text: string, options: SpeechOptions = {}) {
+    const token = ++playbackToken
+
+    // Try server-side TTS first, fallback to browser
+    speakViaTts(messageId, text, options, token)
+  }
+
+  function playNextQueuedSpeech() {
+    if (state.value.isPlaying || state.value.isPaused) return
+    const next = speechQueue.shift()
+    if (!next) return
+
+    const text = extractReadableText(next.content)
+    if (!text) {
+      setTimeout(playNextQueuedSpeech, 0)
+      return
+    }
+
+    speak(next.messageId, text, next.options)
+  }
+
+  function play(messageId: string, content: string, options: SpeechOptions = {}) {
+    // If playing other message, stop first
+    if (state.value.currentMessageId && state.value.currentMessageId !== messageId) {
+      stop()
+    }
+
+    // Toggle play/pause for same message
+    if (state.value.currentMessageId === messageId) {
+      if (state.value.isPaused) {
+        resume()
+      } else if (state.value.isPlaying) {
+        pause()
+      }
+      return
+    }
+
+    const text = extractReadableText(content)
+    if (!text) return
+
+    stop()
+    speak(messageId, text, options)
+  }
+
+  function toggleBrowser(messageId: string, content: string, options: SpeechOptions = {}) {
+    if (state.value.currentMessageId && state.value.currentMessageId !== messageId) {
+      stop(false)
+    }
+
+    if (state.value.currentMessageId === messageId) {
+      if (state.value.isPaused) {
+        resume()
+      } else if (state.value.isPlaying) {
+        pause()
+      }
+      return
+    }
+
+    const text = extractReadableText(content)
+    if (!text) return
+
+    stop(false)
+    speakViaBrowser(messageId, text, options)
+  }
+
+  function enqueue(messageId: string, content: string, options: SpeechOptions = {}) {
+    if (!extractReadableText(content)) return
+    speechQueue.push({ messageId, content, options })
+    playNextQueuedSpeech()
+  }
+
+  function pause() {
+    if (state.value.engine === 'tts' && currentAudio) {
+      currentAudio.pause()
+      state.value.isPaused = true
+    } else if (state.value.engine === 'browser' && !state.value.isPaused) {
+      synth.pause()
+      state.value.isPaused = true
+    }
+  }
+
+  function resume() {
+    if (state.value.isPaused) {
+      if (state.value.engine === 'tts' && currentAudio) {
+        currentAudio.play()
+      } else {
+        synth.resume()
+      }
+      state.value.isPaused = false
+    }
+  }
+
+  function toggle(messageId: string, content: string, options: SpeechOptions = {}) {
+    if (state.value.currentMessageId === messageId && state.value.isPlaying) {
+      if (state.value.isPaused) {
+        resume()
+      } else {
+        pause()
+      }
+    } else {
+      play(messageId, content, options)
+    }
+  }
+
+  onUnmounted(() => {
+    stop()
+    synth.removeEventListener('voiceschanged', loadVoices)
+  })
+
+  return {
+    isSupported,
+    availableVoices,
+    isPlaying: computed(() => state.value.isPlaying),
+    isPaused: computed(() => state.value.isPaused),
+    currentMessageId: computed(() => state.value.currentMessageId),
+    progress: computed(() => state.value.progress),
+    engine: computed(() => state.value.engine),
+
+    // Custom TTS state
+    isCustomPlaying,
+    isCustomPaused,
+    currentCustomMessageId,
+
+    play,
+    pause,
+    resume,
+    stop,
+    toggle,
+    toggleBrowser,
+    enqueue,
+    getDefaultVoice,
+    extractReadableText,
+
+    // OpenAI-compatible TTS
+    openaiPlay,
+    openaiToggle,
+
+    // MiMo TTS
+    mimoPlay,
+    mimoToggle,
+
+    // Browser WebSpeech (直接调用避免 Rolldown 树摇)
+    speakViaBrowser,
+  }
+}
+
+let globalSpeech: ReturnType<typeof useSpeech> | null = null
+
+export function useGlobalSpeech() {
+  if (!globalSpeech) {
+    globalSpeech = useSpeech()
+  }
+  return globalSpeech
+}
diff --git a/packages/client/src/composables/useTheme.ts b/packages/client/src/composables/useTheme.ts
new file mode 100644
index 0000000..6b95345
--- /dev/null
+++ b/packages/client/src/composables/useTheme.ts
@@ -0,0 +1,89 @@
+import { ref, watch, computed } from 'vue'
+
+export type BrightnessMode = 'light' | 'dark' | 'system'
+export type ThemeStyle = 'ink' | 'comic'
+
+const BRIGHTNESS_KEY = 'hermes_brightness'
+const STYLE_KEY = 'hermes_style'
+
+const brightness = ref<BrightnessMode>(
+  (localStorage.getItem(BRIGHTNESS_KEY) as BrightnessMode) || 'system',
+)
+
+const style = ref<ThemeStyle>(
+  (localStorage.getItem(STYLE_KEY) as ThemeStyle) || 'ink',
+)
+
+const isDark = ref(false)
+const isComic = ref(false)
+
+function resolveDark(b: BrightnessMode): boolean {
+  if (b === 'system') {
+    return window.matchMedia('(prefers-color-scheme: dark)').matches
+  }
+  return b === 'dark'
+}
+
+function applyClasses() {
+  const dark = resolveDark(brightness.value)
+  isDark.value = dark
+  isComic.value = style.value === 'comic'
+  document.documentElement.classList.toggle('dark', dark)
+  document.documentElement.classList.toggle('comic', isComic.value)
+}
+
+// Initial
+applyClasses()
+
+// Listen for system preference changes
+window.matchMedia('(prefers-color-scheme: dark)').addEventListener('change', () => {
+  if (brightness.value === 'system') {
+    applyClasses()
+  }
+})
+
+// Persist & apply on change
+watch(brightness, (b) => {
+  localStorage.setItem(BRIGHTNESS_KEY, b)
+  applyClasses()
+})
+
+watch(style, (s) => {
+  localStorage.setItem(STYLE_KEY, s)
+  applyClasses()
+})
+
+export function useTheme() {
+  const themeName = computed(() => {
+    const b = isDark.value ? 'dark' : 'light'
+    return isComic.value ? `comic-${b}` : b
+  })
+
+  function setBrightness(b: BrightnessMode) {
+    brightness.value = b
+  }
+
+  function setStyle(s: ThemeStyle) {
+    style.value = s
+  }
+
+  function toggleBrightness() {
+    brightness.value = isDark.value ? 'light' : 'dark'
+  }
+
+  function toggleStyle() {
+    style.value = isComic.value ? 'ink' : 'comic'
+  }
+
+  return {
+    brightness,
+    style,
+    isDark,
+    isComic,
+    themeName,
+    setBrightness,
+    setStyle,
+    toggleBrightness,
+    toggleStyle,
+  }
+}
diff --git a/packages/client/src/composables/useToolTraceVisibility.ts b/packages/client/src/composables/useToolTraceVisibility.ts
new file mode 100644
index 0000000..2ebded2
--- /dev/null
+++ b/packages/client/src/composables/useToolTraceVisibility.ts
@@ -0,0 +1,34 @@
+import { ref } from 'vue'
+
+const STORAGE_KEY = 'hermes_show_tool_calls'
+
+function readInitialValue(): boolean {
+  try {
+    return localStorage.getItem(STORAGE_KEY) !== 'false'
+  } catch {
+    return true
+  }
+}
+
+const toolTraceVisible = ref(readInitialValue())
+
+function setToolTraceVisible(value: boolean) {
+  toolTraceVisible.value = value
+  try {
+    localStorage.setItem(STORAGE_KEY, String(value))
+  } catch {
+    // Ignore storage failures; the in-memory toggle still works for this tab.
+  }
+}
+
+function toggleToolTraceVisible() {
+  setToolTraceVisible(!toolTraceVisible.value)
+}
+
+export function useToolTraceVisibility() {
+  return {
+    toolTraceVisible,
+    setToolTraceVisible,
+    toggleToolTraceVisible,
+  }
+}
diff --git a/packages/client/src/composables/useVoiceSettings.ts b/packages/client/src/composables/useVoiceSettings.ts
new file mode 100644
index 0000000..30aed0f
--- /dev/null
+++ b/packages/client/src/composables/useVoiceSettings.ts
@@ -0,0 +1,226 @@
+import { ref, watch } from 'vue'
+
+export type TtsProvider = 'webspeech' | 'openai' | 'custom' | 'edge' | 'mimo'
+
+export interface VoiceSettingsData {
+  provider: TtsProvider
+
+  // WebSpeech
+  webspeechVoice: string
+
+  // OpenAI
+  openaiApiKey: string
+  openaiBaseUrl: string
+  openaiModel: string
+  openaiVoice: string
+
+  // Custom endpoint (OpenAI-compatible)
+  customUrl: string
+  customApiKey: string
+
+  // Edge TTS
+  edgeUrl: string
+  edgeVoice: string
+  edgeRate: number    // 语速倍率 0.5~2.0，1.0 = 正常
+  edgePitchHz: number // 音调偏移 Hz，-20~20，0 = 正常
+
+  // MiMo TTS
+  mimoApiKey: string
+  mimoBaseUrl: string
+  mimoModel: string            // 'mimo-v2.5-tts' | 'mimo-v2.5-tts-voicedesign'
+  mimoVoice: string            // 预置音色 ID
+  mimoVoiceDesignDesc: string  // 音色设计描述文本
+  mimoStylePrompt: string      // 风格指令
+}
+
+const STORAGE_KEY = 'hermes-tts-settings-v2'
+
+function migrateOldKeys() {
+  const oldKey = 'hermes-tts-settings'
+  try {
+    const old = localStorage.getItem(oldKey)
+    if (old) {
+      const parsed = JSON.parse(old)
+      // Old 'custom' provider maps to new 'custom'
+      // Old 'gptsovits' provider maps to new 'custom'
+      if (parsed.provider === 'gptsovits') {
+        parsed.provider = 'custom'
+        // old gptsovitsUrl -> customUrl
+        if (parsed.gptsovitsUrl && !parsed.customUrl) {
+          parsed.customUrl = parsed.gptsovitsUrl
+        }
+      }
+      // Store as new format
+      const data = { ...DEFAULT, ...parsed }
+      localStorage.setItem(STORAGE_KEY, JSON.stringify(data))
+      localStorage.removeItem(oldKey)
+    }
+  } catch { /* ignore */ }
+}
+
+const DEFAULT: VoiceSettingsData = {
+  provider: 'webspeech',
+
+  webspeechVoice: '',
+
+  openaiApiKey: '',
+  openaiBaseUrl: '',
+  openaiModel: 'tts-1',
+  openaiVoice: 'alloy',
+
+  customUrl: '',
+  customApiKey: '',
+
+  edgeUrl: '',
+  edgeVoice: 'zh-CN-XiaoxiaoNeural',
+  edgeRate: 1.0,
+  edgePitchHz: 0,
+
+  mimoApiKey: '',
+  mimoBaseUrl: 'https://api.xiaomimimo.com/v1',
+  mimoModel: 'mimo-v2.5-tts',
+  mimoVoice: '冰糖',
+  mimoVoiceDesignDesc: '',
+  mimoStylePrompt: '',
+}
+
+function sanitize(data: VoiceSettingsData): VoiceSettingsData {
+  // Clear old Edge TTS adapter URLs — now uses internal node-edge-tts
+  if (data.edgeUrl && data.edgeUrl !== '') {
+    data.edgeUrl = ''
+  }
+  return data
+}
+
+function load(): VoiceSettingsData {
+  try {
+    const raw = localStorage.getItem(STORAGE_KEY)
+    if (raw) return sanitize({ ...DEFAULT, ...JSON.parse(raw) })
+  } catch { /* ignore */ }
+  return { ...DEFAULT }
+}
+
+// Run migration once on import
+migrateOldKeys()
+
+// ── Reactive state ──
+const provider = ref<TtsProvider>(load().provider)
+
+// WebSpeech
+const webspeechVoice = ref<string>(load().webspeechVoice)
+
+// OpenAI
+const openaiApiKey = ref<string>(load().openaiApiKey)
+const openaiBaseUrl = ref<string>(load().openaiBaseUrl)
+const openaiModel = ref<string>(load().openaiModel)
+const openaiVoice = ref<string>(load().openaiVoice)
+
+// Custom
+const customUrl = ref<string>(load().customUrl)
+const customApiKey = ref<string>(load().customApiKey)
+
+// Edge TTS
+const edgeUrl = ref<string>(load().edgeUrl)
+const edgeVoice = ref<string>(load().edgeVoice)
+const edgeRate = ref<number>(load().edgeRate)
+const edgePitchHz = ref<number>(load().edgePitchHz)
+
+// MiMo TTS
+const mimoApiKey = ref<string>(load().mimoApiKey)
+const mimoBaseUrl = ref<string>(load().mimoBaseUrl)
+const mimoModel = ref<string>(load().mimoModel)
+const mimoVoice = ref<string>(load().mimoVoice)
+const mimoVoiceDesignDesc = ref<string>(load().mimoVoiceDesignDesc)
+const mimoStylePrompt = ref<string>(load().mimoStylePrompt)
+
+// Auto-persist on change
+watch(
+  [provider, webspeechVoice, openaiApiKey, openaiBaseUrl, openaiModel, openaiVoice,
+   customUrl, customApiKey, edgeUrl, edgeVoice, edgeRate, edgePitchHz,
+   mimoApiKey, mimoBaseUrl, mimoModel, mimoVoice, mimoVoiceDesignDesc, mimoStylePrompt],
+  () => {
+    localStorage.setItem(STORAGE_KEY, JSON.stringify({
+      provider: provider.value,
+      webspeechVoice: webspeechVoice.value,
+      openaiApiKey: openaiApiKey.value,
+      openaiBaseUrl: openaiBaseUrl.value,
+      openaiModel: openaiModel.value,
+      openaiVoice: openaiVoice.value,
+      customUrl: customUrl.value,
+      customApiKey: customApiKey.value,
+      edgeUrl: edgeUrl.value,
+      edgeVoice: edgeVoice.value,
+      edgeRate: edgeRate.value,
+      edgePitchHz: edgePitchHz.value,
+      mimoApiKey: mimoApiKey.value,
+      mimoBaseUrl: mimoBaseUrl.value,
+      mimoModel: mimoModel.value,
+      mimoVoice: mimoVoice.value,
+      mimoVoiceDesignDesc: mimoVoiceDesignDesc.value,
+      mimoStylePrompt: mimoStylePrompt.value,
+    }))
+  },
+)
+
+export function useVoiceSettings() {
+  return {
+    provider,
+    webspeechVoice,
+    openaiApiKey,
+    openaiBaseUrl,
+    openaiModel,
+    openaiVoice,
+    customUrl,
+    customApiKey,
+    edgeUrl,
+    edgeVoice,
+    edgeRate,
+    edgePitchHz,
+    mimoApiKey,
+    mimoBaseUrl,
+    mimoModel,
+    mimoVoice,
+    mimoVoiceDesignDesc,
+    mimoStylePrompt,
+
+    setProvider(v: TtsProvider) { provider.value = v },
+    setWebSpeechVoice(v: string) { webspeechVoice.value = v },
+    setOpenaiApiKey(v: string) { openaiApiKey.value = v },
+    setOpenaiBaseUrl(v: string) { openaiBaseUrl.value = v },
+    setOpenaiModel(v: string) { openaiModel.value = v },
+    setOpenaiVoice(v: string) { openaiVoice.value = v },
+    setCustomUrl(v: string) { customUrl.value = v },
+    setCustomApiKey(v: string) { customApiKey.value = v },
+    setEdgeUrl(v: string) { edgeUrl.value = v },
+    setEdgeVoice(v: string) { edgeVoice.value = v },
+    setEdgeRate(v: number) { edgeRate.value = v },
+    setEdgePitchHz(v: number) { edgePitchHz.value = v },
+    setMimoApiKey(v: string) { mimoApiKey.value = v },
+    setMimoBaseUrl(v: string) { mimoBaseUrl.value = v },
+    setMimoModel(v: string) { mimoModel.value = v },
+    setMimoVoice(v: string) { mimoVoice.value = v },
+    setMimoVoiceDesignDesc(v: string) { mimoVoiceDesignDesc.value = v },
+    setMimoStylePrompt(v: string) { mimoStylePrompt.value = v },
+
+    reset() {
+      provider.value = DEFAULT.provider
+      webspeechVoice.value = DEFAULT.webspeechVoice
+      openaiApiKey.value = DEFAULT.openaiApiKey
+      openaiBaseUrl.value = DEFAULT.openaiBaseUrl
+      openaiModel.value = DEFAULT.openaiModel
+      openaiVoice.value = DEFAULT.openaiVoice
+      customUrl.value = DEFAULT.customUrl
+      customApiKey.value = DEFAULT.customApiKey
+      edgeUrl.value = DEFAULT.edgeUrl
+      edgeVoice.value = DEFAULT.edgeVoice
+      edgeRate.value = DEFAULT.edgeRate
+      edgePitchHz.value = DEFAULT.edgePitchHz
+      mimoApiKey.value = DEFAULT.mimoApiKey
+      mimoBaseUrl.value = DEFAULT.mimoBaseUrl
+      mimoModel.value = DEFAULT.mimoModel
+      mimoVoice.value = DEFAULT.mimoVoice
+      mimoVoiceDesignDesc.value = DEFAULT.mimoVoiceDesignDesc
+      mimoStylePrompt.value = DEFAULT.mimoStylePrompt
+    },
+  }
+}
diff --git a/packages/client/src/data/changelog.ts b/packages/client/src/data/changelog.ts
new file mode 100644
index 0000000..561242b
--- /dev/null
+++ b/packages/client/src/data/changelog.ts
@@ -0,0 +1,119 @@
+export interface ChangelogEntry {
+  version: string
+  date: string
+  changes: string[]
+}
+
+export const changelog: ChangelogEntry[] = [
+  {
+    version: '0.6.7',
+    date: '2026-05-31',
+    changes: [
+      'changelog.new_0_6_7_1',
+      'changelog.new_0_6_7_9',
+      'changelog.new_0_6_7_2',
+      'changelog.new_0_6_7_3',
+      'changelog.new_0_6_7_4',
+      'changelog.new_0_6_7_5',
+      'changelog.new_0_6_7_6',
+      'changelog.new_0_6_7_7',
+      'changelog.new_0_6_7_8',
+    ],
+  },
+  {
+    version: '0.6.5',
+    date: '2026-05-29',
+    changes: [
+      'changelog.new_0_6_5_1',
+      'changelog.new_0_6_5_2',
+      'changelog.new_0_6_5_3',
+      'changelog.new_0_6_5_4',
+    ],
+  },
+  {
+    version: '0.6.4',
+    date: '2026-05-28',
+    changes: [
+      'changelog.new_0_6_4_1',
+      'changelog.new_0_6_4_2',
+      'changelog.new_0_6_4_3',
+      'changelog.new_0_6_4_4',
+      'changelog.new_0_6_4_5',
+      'changelog.new_0_6_4_6',
+      'changelog.new_0_6_4_7',
+    ],
+  },
+  {
+    version: '0.6.3',
+    date: '2026-05-27',
+    changes: [
+      'changelog.new_0_6_3_1',
+      'changelog.new_0_6_3_2',
+      'changelog.new_0_6_3_3',
+      'changelog.new_0_6_3_4',
+      'changelog.new_0_6_3_5',
+      'changelog.new_0_6_3_6',
+      'changelog.new_0_6_3_7',
+    ],
+  },
+  {
+    version: '0.6.2',
+    date: '2026-05-26',
+    changes: [
+      'changelog.new_0_6_2_1',
+      'changelog.new_0_6_2_2',
+      'changelog.new_0_6_2_3',
+      'changelog.new_0_6_2_4',
+      'changelog.new_0_6_2_5',
+      'changelog.new_0_6_2_6',
+      'changelog.new_0_6_2_7',
+      'changelog.new_0_6_2_8',
+      'changelog.new_0_6_2_9',
+      'changelog.new_0_6_2_10',
+    ],
+  },
+  {
+    version: '0.6.1',
+    date: '2026-05-25',
+    changes: [
+      'changelog.new_0_6_1_1',
+      'changelog.new_0_6_1_2',
+      'changelog.new_0_6_1_3',
+      'changelog.new_0_6_1_4',
+      'changelog.new_0_6_1_5',
+      'changelog.new_0_6_1_6',
+      'changelog.new_0_6_1_7',
+      'changelog.new_0_6_1_8',
+      'changelog.new_0_6_1_9',
+      'changelog.new_0_6_1_10',
+    ],
+  },
+  {
+    version: '0.6.0',
+    date: '2026-05-24',
+    changes: [
+      'changelog.new_0_6_0_1',
+      'changelog.new_0_6_0_2',
+      'changelog.new_0_6_0_3',
+      'changelog.new_0_6_0_4',
+      'changelog.new_0_6_0_5',
+      'changelog.new_0_6_0_6',
+      'changelog.new_0_6_0_7',
+      'changelog.new_0_6_0_8',
+    ],
+  },
+  {
+    version: '0.5.35',
+    date: '2026-05-23',
+    changes: [
+      'changelog.new_0_5_35_1',
+      'changelog.new_0_5_35_2',
+      'changelog.new_0_5_35_3',
+      'changelog.new_0_5_35_4',
+      'changelog.new_0_5_35_5',
+      'changelog.new_0_5_35_6',
+      'changelog.new_0_5_35_7',
+      'changelog.new_0_5_35_8',
+    ],
+  },
+]
diff --git a/packages/client/src/env.d.ts b/packages/client/src/env.d.ts
new file mode 100644
index 0000000..0c94e0a
--- /dev/null
+++ b/packages/client/src/env.d.ts
@@ -0,0 +1,9 @@
+/// <reference types="vite/client" />
+
+declare const __APP_VERSION__: string
+
+declare module '*.vue' {
+  import type { DefineComponent } from 'vue'
+  const component: DefineComponent<{}, {}, any>
+  export default component
+}
diff --git a/packages/client/src/i18n/index.ts b/packages/client/src/i18n/index.ts
new file mode 100644
index 0000000..db9507a
--- /dev/null
+++ b/packages/client/src/i18n/index.ts
@@ -0,0 +1,53 @@
+import { createI18n } from 'vue-i18n'
+import { messages, supportedLocales } from './messages'
+import type { SupportedLocale } from './messages'
+
+const saved = localStorage.getItem('hermes_locale')
+
+function resolveLocale(saved: string | null): SupportedLocale {
+  if (saved && (supportedLocales as readonly string[]).includes(saved)) {
+    return saved as SupportedLocale
+  }
+
+  function normalize(tag: string): SupportedLocale | null {
+    const lower = tag.toLowerCase()
+    if (lower.startsWith('zh')) {
+      const isTraditional =
+        lower.includes('hant') ||
+        lower.includes('-tw') ||
+        lower.includes('-hk') ||
+        lower.includes('-mo')
+      return isTraditional ? 'zh-TW' : 'zh'
+    }
+    const short = tag.slice(0, 2)
+    if ((supportedLocales as readonly string[]).includes(tag)) return tag as SupportedLocale
+    if ((supportedLocales as readonly string[]).includes(short)) return short as SupportedLocale
+    return null
+  }
+
+  for (const lang of navigator.languages) {
+    const resolved = normalize(lang)
+    if (resolved) return resolved
+  }
+
+  return 'en'
+}
+
+function setHtmlLang(locale: SupportedLocale) {
+  document.documentElement.lang = locale
+}
+
+const locale = resolveLocale(saved)
+setHtmlLang(locale)
+
+export const i18n = createI18n({
+  legacy: false,
+  locale,
+  fallbackLocale: 'en',
+  messages,
+})
+
+export function switchLocale(newLocale: string): void {
+  ;(i18n.global.locale as any).value = newLocale
+  setHtmlLang(newLocale as SupportedLocale)
+}
diff --git a/packages/client/src/i18n/locales/de.ts b/packages/client/src/i18n/locales/de.ts
new file mode 100644
index 0000000..5d36cc4
--- /dev/null
+++ b/packages/client/src/i18n/locales/de.ts
@@ -0,0 +1,1549 @@
+export default {
+  // Login
+  login: {
+    title: 'Hermes Web UI',
+    description: 'Geben Sie Benutzername und Passwort ein, um fortzufahren.',
+    placeholder: 'Zugangs-Token',
+    submit: 'Anmelden',
+    tokenRequired: 'Bitte geben Sie Ihren Zugangs-Token ein',
+    invalidToken: 'Ungultiger Token',
+    connectionFailed: 'Verbindung zum Server nicht moglich',
+    passwordLogin: 'Passwort',
+    tokenLogin: 'Token',
+    usernamePlaceholder: 'Benutzername',
+    passwordPlaceholder: 'Passwort',
+    defaultCredentialsHint: 'Standard-Benutzername: admin. Standard-Passwort: 123456.',
+    credentialsRequired: 'Bitte Benutzername und Passwort eingeben',
+    invalidCredentials: 'Ungultiger Benutzername oder Passwort',
+    tooManyAttempts: 'Zu viele fehlgeschlagene Versuche, bitte versuchen Sie es spater erneut',
+    lockResetHint: 'Wenn dies Ihr Server ist, heben Sie die Login-Sperre auf mit:',
+    defaultLoginResetHint: 'Um das Standard-Admin-Passwort zuruckzusetzen, fuhren Sie aus:',
+    sessionExpired: 'Die Anmeldung ist abgelaufen. Bitte melden Sie sich erneut an.',
+    accessDenied: 'Sie haben keine Berechtigung fur diese Ressource.',
+    passwordMismatch: 'Passworter stimmen nicht uberein',
+    passwordTooShort: 'Passwort muss mindestens 6 Zeichen lang sein',
+    setupSuccess: 'Passwort-Login erfolgreich konfiguriert',
+    passwordChanged: 'Passwort erfolgreich geandert',
+    passwordRemoved: 'Passwort-Login entfernt',
+    setupPassword: 'Passwort-Login einrichten',
+    changePassword: 'Passwort andern',
+    changeUsername: 'Benutzername andern',
+    removePasswordLogin: 'Entfernen',
+    username: 'Benutzername',
+    currentPassword: 'Aktuelles Passwort',
+    newPassword: 'Neues Passwort',
+    confirmPassword: 'Passwort bestatigen',
+    newUsername: 'Neuer Benutzername',
+    usernameChanged: 'Benutzername erfolgreich geandert',
+    usernameTooShort: 'Benutzername muss mindestens 2 Zeichen lang sein',
+    setupDescription: 'Verwalten Sie Benutzername und Passwort fur die Anmeldung.',
+    removeConfirm: 'Passwort-Login ist fur Benutzerkonten erforderlich.',
+    passwordLoginNotConfigured: 'Passwort-Login ist nicht konfiguriert',
+    passwordLoginConfigured: 'Aktuelles Konto: {username}',
+    defaultCredentialTitle: 'Standardkonto und Passwort andern',
+    defaultCredentialMessage: 'Das aktuelle Konto verwendet noch den Standard-Benutzernamen oder das Standard-Passwort. Um unbefugten Zugriff zu vermeiden, andern Sie Benutzername und Passwort des aktuellen Kontos so bald wie moglich.',
+    defaultCredentialAction: 'Jetzt andern',
+    defaultCredentialLater: 'Spater erinnern',
+  },
+
+  users: {
+    title: 'Kontoverwaltung',
+    description: 'Benutzer erstellen, Rollen zuweisen und steuern, auf welche Profile normale Administratoren zugreifen koennen.',
+    create: 'Benutzer erstellen',
+    edit: 'Benutzer bearbeiten',
+    username: 'Benutzername',
+    role: 'Rolle',
+    statusLabel: 'Status',
+    profiles: 'Zugreifbare Profile',
+    profilesPlaceholder: 'Zugreifbare Profile auswaehlen',
+    allProfiles: 'Alle Profile',
+    noProfiles: 'Keine Profile zugewiesen',
+    lastLogin: 'Letzte Anmeldung',
+    newPasswordOptional: 'Neues Passwort (leer lassen zum Beibehalten)',
+    loadFailed: 'Benutzer konnten nicht geladen werden',
+    deleteConfirm: 'Diesen Benutzer loeschen?',
+    enable: 'Aktivieren',
+    disable: 'Deaktivieren',
+    roles: {
+      superAdmin: 'Super Admin',
+      admin: 'Admin',
+    },
+    status: {
+      active: 'Aktiv',
+      disabled: 'Deaktiviert',
+    },
+  },
+
+  // Common
+  common: {
+    loading: 'Laden...',
+    cancel: 'Abbrechen',
+    retry: 'Erneutern',
+    delete: 'Loschen',
+    edit: 'Bearbeiten',
+    save: 'Speichern',
+    saved: 'Gespeichert',
+    update: 'Aktualisieren',
+    create: 'Erstellen',
+    saveFailed: 'Speichern fehlgeschlagen',
+    deleteFailed: 'Loschen fehlgeschlagen',
+    ok: 'OK',
+    copied: 'Kopiert',
+    copy: 'Kopieren',
+    noData: 'Keine Daten',
+    fetch: 'Abrufen',
+    add: 'Hinzufugen',
+    enable: 'Aktivieren',
+    disable: 'Deaktivieren',
+    configured: 'Konfiguriert',
+    notConfigured: 'Nicht konfiguriert',
+    confirm: 'Bestatigen',
+    expand: 'Aufklappen',
+    collapse: 'Zuklappen',
+    stop: 'Stoppen',
+    start: 'Starten',
+    expired: 'Abgelaufen',
+  },
+
+  // MCP-Verwaltung
+  mcp: {
+    title: 'MCP-Server',
+    loadFailed: 'MCP-Server konnten nicht geladen werden',
+    reloadAll: 'Alle neu laden',
+    refresh: 'Aktualisieren',
+    total: 'Gesamt',
+    connected: 'Verbunden',
+    disconnected: 'Getrennt',
+    tools: 'werkzeuge',
+    tool: 'Werkzeuge',
+    searchPlaceholder: 'Server suchen...',
+    addServer: '+ Server hinzufuegen',
+    zeroTools: '0 Werkzeuge',
+    loading: 'Wird geladen...',
+    empty: 'Keine MCP-Server konfiguriert',
+    reloaded: '{server} neu geladen',
+    reloadedAll: 'Alle MCP-Server neu geladen',
+    reloadFailed: 'Neuladen fehlgeschlagen',
+    serverAdded: 'Server "{name}" hinzugefuegt',
+    addFailed: 'Server konnte nicht hinzugefuegt werden',
+    serverUpdated: 'Server "{name}" aktualisiert',
+    updateFailed: 'Server konnte nicht aktualisiert werden',
+    saveFailed: 'Speichern fehlgeschlagen',
+    serverRemoved: '"{name}" entfernt',
+    enabled: "Aktiviert: {name}",
+    disabled: "Deaktiviert: {name}",
+    connectedStatus: 'Verbunden',
+    disconnectedStatus: 'Getrennt',
+    disabledStatus: 'Deaktiviert',
+    toolList: 'Werkzeugliste',
+    count: ' ',
+    more: 'mehr',
+    removeFailed: 'Server konnte nicht entfernt werden',
+    testOk: 'Test OK — {count} Werkzeuge verfuegbar',
+    testEmpty: 'Test lieferte keine Werkzeuge',
+    testFailed: 'Test fehlgeschlagen',
+    edit: 'Bearbeiten',
+    test: 'Testen',
+    reload: 'Neu laden',
+    remove: 'Entfernen',
+    confirmRemove: 'Server "{name}" entfernen?',
+    cancel: 'Abbrechen',
+    add: 'Hinzufuegen',
+    save: 'Speichern',
+    addTitle: 'MCP-Server hinzufuegen',
+    editTitle: 'MCP-Server bearbeiten',
+    invalidJson: 'Ungültiges JSON',
+    invalidYaml: 'Ungültiges YAML-Format',
+    invalidConfig: 'Ungültige Konfiguration',
+    invalidServerConfig: 'Ungültige Serverkonfiguration',
+    missingCommandOrUrl: 'Muss command oder url enthalten',
+    manageTools: 'Tools verwalten',
+    toolsVisibilityTitle: 'Tools-Sichtbarkeit verwalten',
+    fetchTools: 'Tools-Liste abrufen',
+    fetchToolsFailed: 'Tools-Liste konnte nicht abgerufen werden',
+    toolsMode: 'Modus:',
+    toolsModeAll: 'Alle',
+    toolsModeInclude: 'Einschließen',
+    toolsModeExclude: 'Ausschließen',
+    toolsListHeader: 'Tool-Name',
+    toolsEmpty: 'Keine Tools verfügbar, bitte zuerst die Tools-Liste abrufen',
+    toolsSummaryAll: '{count} Tools insgesamt, alle aktiviert',
+    toolsSummaryInclude: '{total} Tools insgesamt, {count} ausgewählt',
+    toolsSummaryExclude: '{total} Tools insgesamt, {count} ausgeschlossen',
+    toolsVisibilitySaved: 'Tools-Sichtbarkeit gespeichert',
+    toolsSelectAll: 'Alle auswählen',
+    toolsClearSelection: 'Auswahl löschen',
+    toolsExcludeAll: 'Alle ausschließen',
+    toolsClearExcluded: 'Ausschlüsse löschen',
+  },
+
+  // Sidebar
+  sidebar: {
+    chat: 'Chat',
+    search: 'Suche',
+    apiRelay: 'API-Relay',
+    history: 'Verlauf',
+    jobs: 'Geplante Aufgaben',
+    models: 'Modelle',
+    profiles: 'Profile',
+    plugins: 'Plugins',
+    mcp: 'MCP',
+    skills: 'Fahigkeiten',
+    memory: 'Gedachtnis',
+    logs: 'Protokolle',
+    usage: 'Nutzung',
+    performance: 'Leistung',
+    skillsUsage: 'Skill-Nutzung',
+    channels: 'Kanale',
+    terminal: 'Konsole',
+    files: 'Dateien',
+    groupChat: 'Gruppenchat',
+    groupConversation: 'Konversation',
+    groupConversationShort: 'Konv',
+    groupAgent: 'Agent',
+    groupAgentShort: 'Agent',
+    groupSystem: 'System',
+    groupSystemShort: 'Sys',
+    groupMonitoring: 'Überwachung',
+    groupMonitoringShort: 'Überw.',
+    settings: 'Einstellungen',
+    connected: 'Verbunden',
+    disconnected: 'Getrennt',
+    updateTip: 'Fuhren Sie "hermes-web-ui update" im Terminal aus, um zu aktualisieren',
+    updateVersion: 'Aktualisieren auf v{version}',
+    reloadClientVersion: 'Für v{version} neu laden',
+    updating: 'Aktualisierung...',
+    updateSuccess: 'Aktualisierung erfolgreich. Bitte aktualisieren Sie die Seite in Kurze. Wenn der Dienst langere Zeit nicht startet, starten Sie ihn manuell.',
+    updateFailed: 'Aktualisierung fehlgeschlagen',
+    logout: 'Abmelden',
+    nodeVersionWarning: 'Node.js v{version} erkannt. Bitte aktualisieren Sie auf Version 23 oder neuer.',
+    changelog: 'Anderungsprotokoll',
+    noChangelog: 'Kein Anderungsprotokoll verfugbar',
+    kanban: 'Kanban',
+    groupTools: 'Werkzeuge',
+    groupToolsShort: "Tools",
+    codingAgents: "Coding Agents",
+    versionPreview: "Versionsvorschau",
+    groupPlatform: 'Plattform',
+    gateways: 'Gateways',
+    expand: 'Menü ausklappen',
+    collapse: 'Menü einklappen',
+  },
+
+  performance: {
+    title: 'Leistung',
+    subtitle: 'Systemressourcen, Bridge Broker, Workers und aktive Sitzungen überwachen',
+    refresh: 'Aktualisieren',
+    autoRefreshOn: 'Automatisch aktualisieren',
+    autoRefreshOff: 'Manuell aktualisieren',
+    loadFailed: 'Leistungsdaten konnten nicht geladen werden',
+    systemCpu: 'System-CPU',
+    systemMemory: 'Systemspeicher',
+    activeSessions: 'Aktive Sitzungen',
+    runningSessions: 'Laufend {count}',
+    workers: 'Workers',
+    totalWorkerMemory: 'Worker-Gesamtspeicher',
+    processes: 'Prozesse',
+    uptime: 'Laufzeit',
+    running: 'Läuft',
+    stopped: 'Gestoppt',
+    workerMemory: 'Worker-Speicher',
+    lastUpdated: 'Aktualisiert',
+    profile: 'Profile',
+    memory: 'Speicher',
+    sessions: 'Sitzungen',
+    runningActiveSessions: 'Laufend / Aktiv',
+    lastUsed: 'Zuletzt verwendet',
+    status: 'Status',
+    noWorkers: 'Keine Workers',
+    sessionsByProfile: 'Sitzungen nach Profile',
+    noActiveSessions: 'Keine aktiven Sitzungen',
+  },
+
+  // Drawer
+  drawer: {
+    terminal: 'Konsole',
+    files: 'Arbeitsbereich',
+  },
+
+  // Chat
+  chat: {
+    contextRemaining: 'übrig',
+    contextClickToEdit: 'Klicken zum Bearbeiten der Kontextlänge',
+    contextEditTitle: 'Kontextlänge bearbeiten',
+    contextEditDesc: 'Kontextlängenlimit für aktuelles Modell festlegen (in Tokens)',
+    contextEditPlaceholder: 'Kontextlänge eingeben',
+    contextEditHint: 'Häufige Werte: 256k (Hermes-Standard), 128k (GPT-4), 32k (GPT-3.5)',
+    contextEditSave: 'Speichern',
+    contextEditCancel: 'Abbrechen',
+    contextEditInvalid: 'Bitte geben Sie eine gültige Kontextlänge ein',
+    contextEditSuccess: 'Kontextlänge aktualisiert',
+    contextEditFailed: 'Aktualisierung fehlgeschlagen',
+    emptyState: 'Starten Sie eine Konversation mit Hermes Agent',
+    outlineTitle: 'Konversationsübersicht',
+    outlineEmpty: 'Kein Konversationsinhalt',
+    outlineUserQuestion: 'Benutzerfrage',
+    inputPlaceholder: 'Nachricht eingeben... (Enter zum Senden, Shift+Enter fur neue Zeile)',
+    slashCommandArgs: {
+      message: '<Nachricht>',
+      title: '<Titel>',
+      text: '<Text>',
+    },
+    slashCommands: {
+      usage: 'Nutzung der aktuellen Sitzung berechnen',
+      status: 'Sitzungsstatus und Warteschlange anzeigen',
+      abort: 'Aktiven Bridge-Lauf stoppen',
+      queue: 'Nachricht hinter dem aktiven Lauf einreihen',
+      plan: 'Markdown-Implementierungsplan schreiben',
+      goal: 'Set a standing goal that continues across turns',
+      goalStatus: 'Show the active goal status',
+      goalPause: 'Pause the active goal loop',
+      goalResume: 'Resume the paused goal loop',
+      goalDone: 'Complete and clear the active goal',
+      goalClear: 'Clear the active goal',
+      subgoal: 'Add a criterion to the active goal',
+      clear: 'Aktuelle Anzeige leeren',
+      clearHistory: 'Gespeicherten Nachrichtenverlauf dieser Sitzung löschen',
+      title: 'Diese Sitzung umbenennen',
+      compress: 'Kontextkomprimierung im Leerlauf ausführen',
+      steer: 'Steuertext an den aktiven Bridge-Lauf senden',
+      destroy: 'Bridge-Agent für diese Sitzung freigeben',
+      reloadMcp: 'MCP-Server neu laden',
+    },
+    attachFiles: 'Dateien anhangen',
+    showToolCalls: 'Tool-Aufrufe anzeigen',
+    hideToolCalls: 'Tool-Aufrufe ausblenden',
+    messageQueue: 'Nachrichtenwarteschlange',
+    removeQueuedMessage: 'Nachricht aus Warteschlange entfernen',
+    stop: 'Stopp',
+    send: 'Senden',
+    contextUsed: 'Kontext verwendet:',
+    sessions: 'Sitzungen',
+    webUiSessions: 'Sitzungen',
+    allProfiles: 'Alle Profile',
+    profileMissingModelsTip: 'Profil "{profile}" hat keinen verfuegbaren Provider oder kein Modell fuer diese Sitzung',
+    sessionScopeHint: 'Chat zeigt nur Web-UI/API-Server-Sitzungen. CLI-, Telegram-, Discord-, Cron- und andere Kanal-Sitzungen sind schreibgeschützt im Verlauf.',
+    openHistory: 'Verlauf öffnen',
+    hermesHistory: 'Hermes-Verlauf',
+    historyScopeHint: 'Schreibgeschützte Hermes-Verlaufssitzungen des aktuellen Profils, nach Quelle gruppiert.',
+    noSessions: 'Keine Sitzungen',
+    newChat: 'Neuer Chat',
+    approvalKicker: 'Terminal-Berechtigung',
+    approvalTitle: 'Befehl vor dem Ausführen prüfen',
+    approvalAllowOnce: 'Einmal erlauben',
+    approvalAllowSession: 'Sitzung erlauben',
+    approvalAlways: 'Immer',
+    approvalDeny: 'Ablehnen',
+    clarifyKicker: 'Agent benötigt Klärung',
+    clarifyTitle: 'Der Agent hat eine Frage an Sie',
+    clarifyPlaceholder: 'Geben Sie Ihre Antwort ein...',
+    clarifySubmit: 'Antworten',
+    clarifyDismiss: 'Schließen',
+    deleteSession: 'Diese Sitzung loschen?',
+    toggleBatchMode: 'Batch-Auswahl',
+    selectAll: 'Alle auswählen',
+    confirmBatchDelete: '{count} ausgewählte Sitzungen löschen?',
+    batchDeleteSuccess: '{count} Sitzungen gelöscht',
+    batchDeletePartial: '{failed} Sitzungen konnten nicht gelöscht werden',
+    batchDeleteFailed: 'Batch-Löschung fehlgeschlagen',
+    importToWebUi: 'In Web UI importieren',
+    importSessionSuccess: 'Sitzung in Web UI importiert',
+    importSessionAlreadyExists: 'Sitzung existiert bereits in Web UI',
+    importSessionFailed: 'Sitzung konnte nicht importiert werden',
+    sessionDeleted: 'Sitzung geloscht',
+    rename: 'Umbenennen',
+    pin: 'Anheften',
+    unpin: 'Lösen',
+    pinned: 'Angeheftet',
+    chatMode: 'Chatmodus',
+    liveMode: 'Live-Modus',
+    liveSessions: 'Live-Sitzungen',
+    recentBadge: 'Kürzlich',
+    linkedSessions: '{count} verknüpft',
+    noVisibleMessages: 'Keine für Menschen sichtbaren Nachrichten.',
+    monitorRoleUser: 'Benutzer',
+    monitorRoleAssistant: 'Assistent',
+    copySessionLink: 'Sitzungslink kopieren',
+    openSessionInNewTab: 'In neuem Tab öffnen',
+    sessionLinkCopied: 'Session link copied',
+    copySessionId: 'Sitzungs-ID kopieren',
+    export: 'Exportieren',
+    exportFull: 'Vollständiger Export (JSON)',
+    exportCompressed: 'Komprimierter Export (TXT)',
+    exportCompressing: 'Komprimiere Kontext, bitte warten...',
+    exportSuccess: 'Sitzung exportiert',
+    exportFailed: 'Export fehlgeschlagen',
+    renamed: 'Umbenannt',
+    renameFailed: 'Umbenennung fehlgeschlagen',
+    renameSession: 'Sitzung umbenennen',
+    sessionNotFound: 'Sitzung nicht gefunden',
+    enterNewTitle: 'Neuen Titel eingeben',
+    other: 'Sonstige',
+    runFailed: 'Ausfuhrung fehlgeschlagen',
+    error: 'Fehler',
+    tool: 'Werkzeug',
+    arguments: 'Argumente',
+    result: 'Ergebnis',
+    truncated: '... (abgeschnitten)',
+    executionDuration: 'Ausführungszeit',    thinkingLabel: 'Denkprozess',
+    thinkingInProgress: 'Denkt…',
+    thinkingShow: 'Denkprozess anzeigen',
+    thinkingHide: 'Denkprozess ausblenden',
+    thinkingDuration: 'Beobachtet {duration}',
+    thinkingChars: '{count} Zeichen',
+    copyBubble: 'Nachricht kopieren',
+    copiedBubble: 'Nachricht kopiert',
+    copyFailed: 'Kopieren fehlgeschlagen',
+    playSpeech: 'Sprache abspielen',
+    pauseSpeech: 'Pausieren',
+    resumeSpeech: 'Fortsetzen',
+    stopSpeech: 'Stoppen',
+    speechNotSupported: 'Sprachwiedergabe in diesem Browser nicht unterstützt',
+    searchEnterHint: 'Enter zum Öffnen · Esc zum Schließen',
+    searchHint: 'Cmd/Ctrl+K',
+    searchScope: 'Suchbereich: nur lokale Web-UI-Sitzungsdatenbank; schreibgeschützte Hermes-Verlaufssitzungen sind nicht enthalten.',
+    searchFailed: 'Sitzungssuche fehlgeschlagen',
+    searchNoSnippet: 'Keine Vorschau verfügbar',
+    searchNoResults: 'Keine passenden Sitzungen',
+    searchRecent: 'Letzte Sitzung',
+    searchEmpty: 'Letzte Sitzungen',
+    searchPlaceholder: 'Sitzungen suchen...',
+    searchSubtitle: 'Nach Titel oder Nachrichteninhalt suchen',
+    searchTitle: 'Sitzungen suchen',
+    stopGateway: 'Gateway stoppen',
+    start: 'Starten',
+    workspaceSetFailed: 'Workspace konnte nicht festgelegt werden',
+    workspaceSet: 'Workspace festgelegt',
+    workspacePlaceholder: 'Projektpfad eingeben, z. B. /home/user/project',
+    workspace: 'Arbeitsbereich',
+    setWorkspaceTitle: 'Sitzungs-Workspace festlegen',
+    setWorkspace: 'Workspace festlegen',
+    modelSetFailed: 'Modell konnte nicht festgelegt werden',
+    modelSet: 'Modell festgelegt',
+    setModelTitle: 'Sitzungsmodell festlegen',
+    setModel: 'Modell festlegen',
+    newCliChat: 'Neue CLI',
+    cliEmptyState: 'CLI-Chat starten',
+    autoPlaySpeech: 'Sprache automatisch abspielen',
+  },
+
+  // Jobs
+  jobs: {
+    title: 'Geplante Aufgaben',
+    createJob: 'Aufgabe erstellen',
+    editJob: 'Aufgabe bearbeiten',
+    noJobs: 'Noch keine geplanten Aufgaben. Erstellen Sie eine, um zu beginnen.',
+    name: 'Name',
+    namePlaceholder: 'Aufgabenname',
+    schedule: 'Zeitplan (Cron-Ausdruck)',
+    schedulePlaceholder: 'z. B. 0 9 * * *',
+    quickPresets: 'Schnellvorgaben',
+    selectPreset: 'Vorgabe auswahlen...',
+    presetEveryMinute: 'Jede Minute',
+    presetEvery5Min: 'Alle 5 Minuten',
+    presetEveryHour: 'Jede Stunde',
+    presetEveryDay: 'Jeden Tag um 00:00',
+    presetEveryDay9: 'Jeden Tag um 09:00',
+    presetEveryMonday: 'Jeden Montag um 09:00',
+    presetEveryMonth: 'Am 1. jedes Monats um 09:00',
+    prompt: 'Eingabeaufforderung',
+    promptPlaceholder: 'Der auszufuhrende Prompt',
+    deliverTarget: 'Zustellziel',
+    origin: 'Herkunft',
+    local: 'Lokal',
+    repeatCount: 'Wiederholungsanzahl (optional)',
+    modelPlaceholder: 'Standardmodell',
+    repeatPlaceholder: 'Leer lassen fur unendlich',
+    jobCreated: 'Aufgabe erstellt',
+    jobUpdated: 'Aufgabe aktualisiert',
+    nameRequired: 'Name ist erforderlich',
+    scheduleRequired: 'Zeitplan ist erforderlich',
+    loadFailed: 'Laden der Aufgabe fehlgeschlagen',
+    jobPaused: 'Aufgabe pausiert',
+    jobResumed: 'Aufgabe fortgesetzt',
+jobTriggered: 'Job ausgelost',
+    modelUpdated: 'Modell aktualisiert',
+    jobDeleted: 'Aufgabe geloscht',
+    status: {
+      running: 'Lauft',
+      paused: 'Pausiert',
+      disabled: 'Deaktiviert',
+      scheduled: 'Geplant',
+    },
+    info: {
+      model: 'Modell',
+      schedule: 'Zeitplan',
+      lastRun: 'Letzte Ausfuhrung',
+      nextRun: 'Nachste Ausfuhrung',
+      deliver: 'Zustellung',
+      repeat: 'Wiederholung',
+    },
+    action: {
+      pause: 'Pausieren',
+      pauseJob: 'Aufgabe pausieren',
+      resume: 'Fortsetzen',
+      resumeJob: 'Aufgabe fortsetzen',
+      runNow: 'Jetzt ausfuhren',
+      triggerImmediately: 'Sofort auslösen',
+    },
+    runHistory: {
+      title: 'Verlauf',
+      runs: 'Läufe',
+      noRuns: 'Kein Verlauf gefunden.',
+    },
+  },
+
+  // Skills
+  skills: {
+    title: 'Fahigkeiten',
+    searchPlaceholder: 'Fahigkeiten suchen...',
+    noMatch: 'Keine Fahigkeiten entsprechen Ihrer Suche',
+    noSkills: 'Keine Fahigkeiten gefunden',
+    backTo: 'Zuruck zu',
+    attachedFiles: 'Angehange Dateien',
+    loadFailed: 'Laden der Fahigkeit fehlgeschlagen',
+    fileLoadFailed: 'Laden der Datei fehlgeschlagen',
+    modified: 'Benutzerbearbeitet',
+    archived: 'Archiviert',
+    pinned: 'Angeheftet',
+    pin: 'Fahigkeit anheften',
+    unpin: 'Anheften aufheben',
+    pinFailed: 'Anheft-Status konnte nicht geandert werden',
+    toggleFailed: 'Aktivieren/Deaktivieren der Fahigkeit fehlgeschlagen',
+    source: {
+      builtin: 'Integriert',
+      hub: 'Hub',
+      local: 'Lokal',
+      external: 'Extern',
+    },
+  },
+
+  // Plugins
+  plugins: {
+    title: 'Plugins',
+    refresh: 'Aktualisieren',
+    notice: 'Schreibgeschütztes Inventar erkennbarer Hermes-Plugin-Manifeste. Discovery-Metadaten werden gelesen, ohne Plugin-Code zu laden. Verwaltungsaktionen bleiben in v1 im CLI; Änderungen gelten für neue Hermes-Sitzungen.',
+    loadFailed: 'Plugins konnten nicht geladen werden',
+    commandCopied: 'Befehl kopiert',
+    searchPlaceholder: 'Key, Name, Beschreibung, Pfad suchen...',
+    source: 'Quelle',
+    kind: 'Typ',
+    statusTitle: 'Status',
+    configStatus: 'config: {status}',
+    notAvailable: 'n/a',
+    copyCommand: 'Befehl kopieren',
+    managedElsewhere: 'anderweitig verwaltet',
+    noMatch: 'Keine Plugins passen zu den aktuellen Filtern',
+    enabled: 'aktiviert',
+    disabled: 'deaktiviert',
+    summary: {
+      total: 'Gesamt',
+      active: 'Aktiviert / auto',
+      inactive: 'Inaktiv',
+      disabled: 'Deaktiviert',
+      providerManaged: 'Provider-verwaltet',
+    },
+    status: {
+      enabled: 'Aktiviert',
+      'auto-active': 'Auto-aktiv',
+      inactive: 'Inaktiv',
+      disabled: 'Deaktiviert',
+      'provider-managed': 'Provider-verwaltet',
+    },
+    statusLabel: {
+      enabled: 'Per Konfiguration aktiviert',
+      'auto-active': 'Auto-aktiv',
+      inactive: 'Inaktiv',
+      disabled: 'Deaktiviert',
+      'provider-managed': 'Provider-verwaltet',
+    },
+    configStatuses: {
+      enabled: 'aktiviert',
+      disabled: 'deaktiviert',
+      'not-enabled': 'nicht aktiviert',
+      auto: 'auto',
+      'provider-managed': 'provider-verwaltet',
+    },
+    table: {
+      plugin: 'Plugin',
+      status: 'Status',
+      source: 'Quelle',
+      kind: 'Typ',
+      capabilities: 'Fähigkeiten',
+      path: 'Pfad / Entry Point',
+      cli: 'CLI',
+    },
+    capabilities: {
+      tools: '{count} Tools',
+      hooks: '{count} Hooks',
+      env: '{count} env',
+    },
+    metadata: {
+      agentRoot: 'Agent-Stammverzeichnis',
+      python: 'Python',
+      scanCwd: 'Arbeitsverzeichnis scannen',
+      projectPlugins: 'Projekt-Plugins',
+    },
+  },
+
+  // Memory
+  memory: {
+    title: 'Gedachtnis',
+    refresh: 'Aktualisieren',
+    loadFailed: 'Laden des Gedachtnisses fehlgeschlagen',
+    myNotes: 'Meine Notizen',
+    noNotes: 'Noch keine Notizen.',
+    notesPlaceholder: 'Notizen schreiben...',
+    userProfile: 'Benutzerprofil',
+    noProfile: 'Noch kein Profil.',
+    profilePlaceholder: 'Profil schreiben...',
+    soul: 'Seele',
+    noSoul: 'Noch keine Seelenkonfiguration.',
+    soulPlaceholder: 'Seelenkonfiguration schreiben...',
+  },
+
+  // Models
+  models: {
+    title: 'Modelle',
+    addProvider: 'Anbieter hinzufugen',
+    providerType: 'Anbietertyp',
+    preset: 'Vorgabe',
+    custom: 'Benutzerdefiniert',
+    selectProvider: 'Anbieter auswahlen',
+    chooseProvider: 'Anbieter wahlen...',
+    name: 'Name',
+    autoGeneratedName: 'Automatisch aus Basis-URL generiert',
+    baseUrl: 'Basis-URL',
+    region: 'Region',
+    regionIntl: 'International',
+    regionCn: 'Festlandchina',
+    baseUrlPlaceholder: 'z. B. https://api.example.com/v1',
+    apiKey: 'API-Schlussel',
+    apiKeyPlaceholder: 'sk-...',
+    defaultModel: 'Standardmodell',
+    selectOrInput: 'Modell auswählen oder eingeben...',
+    selectModel: 'Modell auswahlen...',
+    providerAdded: 'Anbieter hinzugefugt',
+    providerDeleted: 'Anbieter geloscht',
+    deleteProvider: 'Anbieter loschen',
+    deleteConfirm: 'Mochten Sie "{name}" wirklich loschen?',
+    codexLoginTitle: 'OpenAI Codex Anmeldung',
+    codexWaiting: 'Geben Sie diesen Code auf der Autorisierungsseite ein, um sich anzumelden:',
+    codexCopyCode: 'Code kopiert',
+    codexOpenLink: 'Autorisierungsseite öffnen',
+    codexApproved: 'Anmeldung erfolgreich',
+    codexExpired: 'Die Autorisierung ist abgelaufen. Bitte versuchen Sie es erneut.',
+    nousLoginTitle: 'Nous-Portal-Anmeldung',
+    nousWaiting: 'Geben Sie diesen Code auf der Autorisierungsseite ein:',
+    nousCopyCode: 'Code kopiert',
+    nousOpenLink: 'Autorisierungsseite öffnen',
+    nousApproved: 'Login erfolgreich',
+    nousDenied: 'Autorisierung wurde abgelehnt',
+    nousExpired: 'Autorisierung abgelaufen',
+    copilotLoginTitle: 'GitHub Copilot Anmeldung',
+    copilotWaiting: 'Öffnen Sie GitHub und geben Sie den unten angezeigten Gerätecode ein. Das Fenster schließt sich automatisch nach Genehmigung.',
+    copilotCopyCode: 'Code kopiert',
+    copilotOpenLink: 'GitHub-Autorisierungsseite öffnen',
+    copilotApproved: 'Anmeldung erfolgreich!',
+    copilotDenied: 'Autorisierung abgelehnt.',
+    copilotExpired: 'Der Autorisierungslink ist abgelaufen. Bitte erneut versuchen.',
+    copilotAddDetectedTitle: 'GitHub Copilot erkannt',
+    copilotAddDetected: 'Auf diesem Rechner wurde ein GitHub Copilot OAuth-Token erkannt. Klicken Sie auf „Hinzufügen", um Copilot in Hermes zu aktivieren.',
+    copilotAddSourceEnv: 'Quelle: ~/.hermes/.env (COPILOT_GITHUB_TOKEN)',
+    copilotAddSourceGhCli: 'Quelle: gh CLI (gh auth token)',
+    copilotAddSourceAppsJson: 'Quelle: VS Code Copilot-Erweiterung (apps.json)',
+    copilotDeleteHintEnv: 'Dies löscht COPILOT_GITHUB_TOKEN in ~/.hermes/.env. Andere Tools sind nicht betroffen.',
+    copilotDeleteHintGhCli: 'Copilot wird aus Hermes ausgeblendet. Ihre gh CLI-Anmeldung bleibt erhalten — `gh auth status` zeigt weiterhin als angemeldet.',
+    copilotDeleteHintAppsJson: 'Copilot wird aus Hermes ausgeblendet. Ihre VS Code Copilot-Erweiterung bleibt angemeldet.',
+    customBadge: 'BENUTZERDEF.',
+    previewBadge: 'VORSCHAU',
+    disabledBadge: 'NICHT VERFÜGBAR',
+    disabledTooltip: "Dieses Modell ist für Ihr Konto derzeit nicht verfügbar.",
+    customModelPlaceholder: 'Nicht gelistete Modell-ID',
+    customModelHint: 'Für vom Provider unterstützte Modelle, die die API nicht zurückgibt; keine Anzeige-Umbenennung. Enter zum Laden.',
+    noProviders: 'Keine Anbieter gefunden. Fugen Sie einen benutzerdefinierten Anbieter hinzu, um zu beginnen.',
+    clearVisibleModels: 'Auswahl löschen',
+    currentDefault: 'Aktueller Standard',
+    defaultShort: 'Standard',
+    builtIn: 'Integriert',
+    customType: 'Benutzerdefiniert',
+    provider: 'Anbieter',
+    contextLength: 'Kontextlange',
+    contextLengthPlaceholder: 'z.B. 256000 (optional)',
+    local: 'Lokal ({host})',
+    selectProviderRequired: 'Bitte wahlen Sie einen Anbieter',
+    baseUrlRequired: 'Basis-URL ist erforderlich',
+    apiKeyRequired: 'API-Schlussel ist erforderlich',
+    modelRequired: 'Standardmodell ist erforderlich',
+    enterBaseUrl: 'Bitte geben Sie zuerst die Basis-URL ein',
+    unexpectedFormat: 'Unerwartetes Antwortformat',
+    foundModels: '{count} Modelle gefunden',
+    fetchFailed: 'Abrufen der Modelle fehlgeschlagen',
+    xaiWaiting: 'Schließen Sie die Autorisierung auf der geöffneten xAI-Seite ab. Das Fenster schließt sich nach der Freigabe automatisch.',
+    xaiOpenLink: 'xAI-Autorisierungsseite öffnen',
+    xaiLoginTitle: 'xAI Grok OAuth-Anmeldung',
+    xaiExpired: 'Der Autorisierungslink ist abgelaufen. Bitte erneut versuchen.',
+    xaiCopyLink: 'Autorisierungslink kopieren',
+    xaiApproved: 'Anmeldung erfolgreich!',
+    visibilitySelectOne: 'Mindestens ein sichtbares Modell behalten',
+    visibilitySaved: 'Sichtbare Modelle gespeichert',
+    visibilitySaveFailed: 'Sichtbare Modelle konnten nicht gespeichert werden',
+    visibilityHint: 'Wirkt sich nur auf Modellauswahl und Modellseite der Web UI aus. Die provider/model-Konfiguration der Hermes CLI wird nicht geändert; Aufrufe verwenden weiterhin die ursprüngliche Modell-ID.',
+    showAllModels: 'Alle Modelle anzeigen',
+    searchPlaceholder: 'Modelle suchen...',
+    removeCustomModel: 'Dieses nicht gelistete Modell entfernen',
+    more: 'weitere',
+    models: 'Modellliste',
+    manageVisibleModelsFor: 'Sichtbare Modelle für {name} verwalten',
+    manageVisibleModels: 'Sichtbare Modelle verwalten',
+    getApiKey: 'API Key abrufen',
+    count: 'Modelle',
+    aliasUseOriginal: 'Ursprüngliche ID wiederherstellen',
+    aliasTitleFor: 'Anzeigename für {model}',
+    aliasTitle: 'Modell-Anzeigename',
+    aliasSaveFailed: 'Anzeigename konnte nicht gespeichert werden',
+    aliasPlaceholder: 'Leer lassen, um die ursprüngliche Modell-ID zu verwenden',
+    aliasManageFor: 'Anzeigenamen für {provider}',
+    aliasManage: 'Anzeigenamen',
+    aliasHint: 'Ändert nur den Anzeigenamen in der Web UI. Hermes erhält weiterhin die ursprüngliche Modell-ID.',
+    aliasEdit: 'Umbenennen',
+    aliasCanonical: 'Original-ID: {model}',
+  },
+
+  // Profiles
+  profiles: {
+    title: 'Profile',
+    create: 'Profil erstellen',
+    import: 'Importieren',
+    export: 'Exportieren',
+    rename: 'Umbenennen',
+    delete: 'Loschen',
+    switchTo: 'Hermes Profile wechseln',
+    switchConfirm: 'Dies fuehrt `hermes profile use {name}` aus und aendert das aktive Hermes CLI Profile. Fortfahren?',
+    switchSuccess: 'Aktives Hermes Profile ist jetzt "{name}"',
+    switchFailed: 'Hermes Profile konnte nicht gewechselt werden. Das Gateway muss eventuell manuell neu gestartet werden.',
+    createSuccess: 'Profil "{name}" erstellt',
+    createFailed: 'Erstellen des Profils fehlgeschlagen',
+    renameSuccess: 'Profil umbenannt',
+    renameFailed: 'Umbenennung des Profils fehlgeschlagen',
+    deleteConfirm: 'Mochten Sie das Profil "{name}" wirklich loschen?',
+    deleteSuccess: 'Profil geloscht',
+    deleteFailed: 'Loschen des Profils fehlgeschlagen',
+    exportSuccess: 'Profil exportiert',
+    exportFailed: 'Exportieren des Profils fehlgeschlagen',
+    importSuccess: 'Profil importiert',
+    importFailed: 'Importieren des Profils fehlgeschlagen',
+    importSelectFile: 'Archivdatei auswahlen',
+    importInvalidFile: 'Bitte wahlen Sie ein gultiges Archiv (.tar.gz, .tgz, .gz, .zip)',
+    name: 'Profilname',
+    namePlaceholder: 'Nur Buchstaben, Zahlen und Bindestriche',
+    nameValidation: 'Profilname darf nur Kleinbuchstaben, Zahlen, Unterstriche und Bindestriche enthalten',
+    newName: 'Neuer Name',
+    newNamePlaceholder: 'Neuen Namen eingeben',
+    cloneFromCurrent: 'Aus aktuellem Profil klonen',
+    cloneCleanupNotice: 'Beim Klonen werden exklusive Plattform-Anmeldeinformationen (Weixin / Telegram / Slack usw.) automatisch übersprungen, um Konflikte mit dem Quellprofil zu vermeiden',
+    cloneStrippedCredentials: '{count} exklusive Anmeldeinformation(en) entfernt: {list}',
+    cloneDisabledPlatforms: '{count} Plattform(en) deaktiviert: {list}',
+    cloneStrippedConfigCredentials: '{count} eingebettete Anmeldeinformation(en) aus config.yaml entfernt: {list}',
+    archivePath: 'Archivpfad',
+    archivePathPlaceholder: 'Serverpfad zur Archivdatei',
+    importName: 'Profilname (optional)',
+    importNamePlaceholder: 'Leer lassen, um den Archivnamen zu verwenden',
+    active: 'Aktiv',
+    model: 'Modell',
+    gateway: 'Gateway',
+    alias: 'Alias',
+    provider: 'Anbieter',
+    path: 'Pfad',
+    skills: 'Fahigkeiten',
+    hasEnv: 'Hat .env',
+    hasSoulMd: 'Hat soul.md',
+    noProfiles: 'Keine Profile gefunden. Erstellen Sie eines, um zu beginnen.',
+    avatar: {
+      title: 'Eigenes Avatar',
+      customize: 'Avatar anpassen',
+      upload: 'Bild hochladen',
+      random: 'Zufällig erzeugen',
+      reset: 'Standard wiederherstellen',
+      hint: 'PNG, JPEG oder WebP, maximal 1 MB',
+      invalidType: 'Bitte ein PNG-, JPEG- oder WebP-Bild wählen',
+      tooLarge: 'Das Avatar-Bild darf höchstens 1 MB groß sein',
+      saveSuccess: 'Avatar gespeichert',
+      saveFailed: 'Avatar konnte nicht gespeichert werden',
+      resetSuccess: 'Standard-Avatar wiederhergestellt',
+      resetFailed: 'Standard-Avatar konnte nicht wiederhergestellt werden',
+    },
+    runtime: {
+      activeProfile: 'Aktuell: {name}',
+      bridgeWorker: 'Bridge-Status',
+      gateway: 'Gateway',
+      active: 'Aktiv',
+      activeTag: 'Aktuell',
+      idle: 'Leerlauf',
+      checking: 'Prüfung läuft',
+      running: 'Läuft',
+      stopped: 'Gestoppt',
+      restartGateway: 'Gateway neu starten',
+      restartProfile: 'Profil neu starten',
+      switchProfile: 'Frontend-Profil wechseln',
+      gatewayRestarted: 'Gateway neu gestartet: {name}',
+      gatewayRestartFailed: 'Gateway-Neustart fehlgeschlagen',
+      profileRestarted: 'Profil neu gestartet: {name}',
+      profileRestartFailed: 'Profil-Neustart fehlgeschlagen',
+    },
+  },
+
+  // Logs
+  logs: {
+    title: 'Protokolle',
+    all: 'Alle',
+    searchPlaceholder: 'Suchen...',
+    refresh: 'Aktualisieren',
+    noEntries: 'Keine Protokolleintrage',
+  },
+
+  // Settings
+  settings: {
+    title: 'Einstellungen',
+    saved: 'Gespeichert',
+    saveFailed: 'Speichern fehlgeschlagen',
+    tabs: {
+      display: 'Anzeige',
+      account: 'Aktuelles Konto',
+      users: 'Kontoverwaltung',
+      agent: 'Agent',
+      memory: 'Gedachtnis',
+      compression: 'Komprimierung',
+      session: 'Sitzung',
+      privacy: 'Datenschutz',
+      apiServer: 'API-Server',
+      models: 'Modelle',
+      voice: 'Sprache',
+    },
+    display: {
+      streaming: 'Streaming-Antworten',
+      streamingHint: 'KI-Antworten in Echtzeit anzeigen',
+      compact: 'Kompaktmodus',
+      compactHint: 'Nachrichtenabstand reduzieren',
+      showReasoning: 'Schlussfolgerung anzeigen',
+      showReasoningHint: 'Denkprozess des Modells anzeigen',
+      showCost: 'Kosten anzeigen',
+      showCostHint: 'Token-Nutzung in Antworten anzeigen',
+      inlineDiffs: 'Inline-Diffs',
+      inlineDiffsHint: 'Codeanderungen inline anzeigen',
+      bellOnComplete: 'Abschluss-Signalton',
+      bellOnCompleteHint: 'Ton abspielen, wenn die KI fertig ist',
+      busyInputMode: 'Eingabemodus bei Beschaftigung',
+      busyInputModeHint: 'Eingabe erlauben, wahrend die KI verarbeitet',
+      theme: 'Design',
+      themeHint: 'Hell, Dunkel oder Systemeinstellung verwenden',
+      themeLight: 'Hell',
+      themeDark: 'Dunkel',
+      themeSystem: 'System',
+    },
+    agent: {
+      maxTurns: 'Maximale Runden',
+      maxTurnsHint: 'Maximale Interaktionsrunden pro Konversation',
+      gatewayTimeout: 'Gateway-Timeout',
+      gatewayTimeoutHint: 'Anfrage-Timeout in Sekunden',
+      restartDrainTimeout: 'Neustart-Drain-Timeout',
+      restartDrainTimeoutHint: 'Drain-Timeout vor Neustart in Sekunden',
+      toolEnforcement: 'Werkzeuferzwingung',
+      toolEnforcementHint: 'Ausfuhrungsmodus fur Werkzeugaufrufe steuern',
+      auto: 'Automatisch',
+      always: 'Immer',
+      never: 'Nie',
+    },
+    memory: {
+      enabled: 'Gedachtnis aktivieren',
+      enabledHint: 'KI erlauben, den Konversationskontext zu merken',
+      userProfile: 'Benutzerprofil',
+      userProfileHint: 'KI erlauben, Benutzereinstellungen zu merken',
+      charLimit: 'Zeichenlimit fur Gedachtnis',
+      charLimitHint: 'Maximale Zeichen fur MEMORY.md',
+      userCharLimit: 'Zeichenlimit fur Benutzerprofil',
+      userCharLimitHint: 'Maximale Zeichen fur USER.md',
+    },
+    compression: {
+      enabled: 'Komprimierung aktivieren',
+      enabledHint: 'Langen Chatverlauf automatisch komprimieren, bevor der Modellkontext uberschritten wird',
+      threshold: 'Komprimierungsschwelle',
+      thresholdHint: 'Komprimierung starten, wenn geschatzte Token dieses Kontextverhaltnis uberschreiten',
+      targetRatio: 'Zielverhaltnis',
+      targetRatioHint: 'Zielgroße des Verlaufs nach der Komprimierung als Kontextverhaltnis',
+      protectLastN: 'Neueste Nachrichten schutzen',
+      protectLastNHint: 'So viele neueste Nachrichten unkomprimiert lassen',
+      protectFirstN: 'Erste Nachrichten schutzen',
+      protectFirstNHint: 'So viele erste Nachrichten unkomprimiert lassen',
+    },
+    session: {
+      mode: 'Zurucksetzungsmodus',
+      modeHint: 'Ausloser fur Sitzungszurucksetzung',
+      modeBoth: 'Inaktivitat + Geplant',
+      modeIdle: 'Nur Inaktivitat',
+      modeDaily: 'Nur Geplant',
+      modeNone: 'Nie (nur manuell)',
+      idleMinutes: 'Inaktivitats-Timeout',
+      idleMinutesHint: 'Wartezeit vor automatischer Zurucksetzung (Minuten)',
+      atHour: 'Geplante Zurucksetzungszeit',
+      humanOnly: 'Nur menschliche Sitzungen anzeigen',
+      humanOnlyHint: 'Unteragenten- und Sitzungsmonitor-Rauschen standardmäßig ausblenden',
+      liveMonitorHumanOnly: 'Live-Monitor: nur menschliche Sitzungen anzeigen',
+      liveMonitorHumanOnlyHint: 'Im Live-Monitor Unteragenten- und Sitzungsmonitor-Rauschen standardmäßig ausblenden',
+      atHourHint: 'Sitzung taglich zu dieser Stunde zurucksetzen',
+      requireAuth: 'Sitzungsautorisierung',
+      requireAuthHint: 'Erfordert Autorisierung für Sitzungsvorgänge',
+    },
+    privacy: {
+      redactPii: 'Personliche Daten maskieren',
+      redactPiiHint: 'Sensible Informationen automatisch erkennen und ausblenden (Passworter, Schlussel usw.)',
+    },
+    apiServer: {
+      enable: 'Aktivieren',
+      enableHint: 'API-Server aktivieren',
+      host: 'Host',
+      hostHint: 'Listen-Adresse',
+      port: 'Port',
+      portHint: 'Listen-Port',
+      key: 'Schlussel',
+      keyHint: 'API-Zugangsschlussel',
+      cors: 'CORS-Ursprunge',
+      corsHint: 'Erlaubte Cross-Origin-Quellen',
+    },
+    voice: {
+      ttsProvider: 'TTS-Anbieter',
+      ttsProviderHint: 'Waehlen Sie die Sprachsynthese-Engine fuer die Nachrichtenwiedergabe',
+      providerWebSpeech: 'WebSpeech API (Browser)',
+      providerOpenai: 'OpenAI TTS',
+      providerCustom: 'Benutzerdefinierter Endpunkt (OpenAI-kompatibel)',
+      providerEdge: 'Edge TTS (Kostenlos, kein API-Key erforderlich)',
+
+      // WebSpeech
+      webspeechVoice: 'Stimme',
+      webspeechVoiceHint: 'Waehlen Sie eine Stimme aus Ihrem Browser oder Betriebssystem',
+      webspeechVoicePlaceholder: 'Auto (Standardstimme)',
+
+      // OpenAI
+      openaiKey: 'API-Key',
+      openaiKeyHint: 'Ihr OpenAI API-Key mit TTS-Zugriff',
+      openaiUrl: 'API-Basis-URL',
+      openaiUrlHint: 'z.B. https://api.openai.com/v1/audio/speech',
+      openaiModel: 'Modell',
+      openaiModelHint: 'tts-1 (schneller) / tts-1-hd (hoehere Qualitaet)',
+      openaiVoice: 'Stimme',
+      openaiVoiceHint: 'Stimme fuer die Synthese',
+
+      // Custom endpoint
+      customHint: 'Jede OpenAI-kompatible TTS-API verwenden — funktioniert mit GPT-SoVITS, CosyVoice, usw.',
+      customUrl: 'API-URL',
+      customUrlHint: 'Basis-URL Ihres TTS-Dienstes',
+      customUrlPlaceholder: 'Die im lokalen Adapter konfigurierte Adresse, z.B. http://127.0.0.1:9880',
+      customApiKey: 'API-Key (optional)',
+      customApiKeyHint: 'Einige benutzerdefinierte Endpunkte erfordern Authentifizierung',
+      customApiKeyPlaceholder: 'Leer lassen wenn nicht benoetigt',
+
+      // Edge TTS
+      edgeHint: 'Angetrieben von Microsoft Edge TTS (node-edge-tts).',
+      edgeUrl: 'Adapter-URL',
+      edgeUrlHint: 'Adresse des Edge TTS-Adapters, z.B. http://127.0.0.1:9882',
+      edgeUrlPlaceholder: 'http://127.0.0.1:9882',
+      edgeVoice: 'Stimme',
+      edgeVoiceHint: 'Waehlen Sie eine Stimme fuer die Sprachsynthese',
+      edgeRate: 'Geschwindigkeit',
+      edgeRateHint: 'Sprachgeschwindigkeit anpassen (0,5x ~ 2,0x)',
+      edgePitch: 'Tonhöhe',
+      edgePitchHint: 'Tonhöhe anpassen (-20 ~ +20 Hz)',
+
+      // Test
+      testTitle: 'Sprachtest',
+      testText: 'Testtext',
+      testTextPlaceholder: 'Text zum Testen eingeben...',
+      testTextDefault: 'Hallo, dies ist ein Sprachtest.',
+      testButton: 'Testen',
+      testButtonPlaying: 'Wiedergabe...',
+      testFailed: 'Test fehlgeschlagen: {error}',
+
+      // MiMo TTS
+      providerMimo: 'MiMo TTS',
+      mimoHint: 'Xiaomi MiMo TTS — unterstützt Voreingestellte Stimmen, Stimmdesign und Stimmklonung',
+      mimoApiKey: 'API-Schluessel',
+      mimoApiKeyHint: 'Holen Sie sich Ihren Schluessel auf platform.xiaomimimo.com',
+      mimoApiKeyPlaceholder: 'MiMo API-Schluessel',
+      mimoBaseUrl: 'Basis-URL',
+      mimoBaseUrlHint: 'MiMo API-Endpunkt-URL',
+      mimoModel: 'Modell',
+      mimoModelHint: 'Sprachsynthesemodell auswählen',
+      mimoModelPreset: 'Voreingestellte Stimmen',
+      mimoModelVoiceDesign: 'Stimmdesign',
+      mimoModelVoiceClone: 'Stimmklonung',
+      mimoVoice: 'Stimme',
+      mimoVoiceHint: 'Voreingestellte Stimme auswählen',
+      mimoVoiceDesignPrompt: 'Stimmbeschreibung',
+      mimoVoiceDesignPromptHint: 'Beschreiben Sie die gewünschten Stimmmerkmale',
+      mimoVoiceDesignPromptPlaceholder: 'Z.B.: Eine warme junge Frauenstimme, etwas langsam, mit magnetischem Ton',
+      mimoCloneAudio: 'Audio hochladen',
+      mimoCloneAudioHint: 'Audio-Beispiel für Stimmklonung hochladen (mp3/wav, max. 10 MB)',
+      mimoCloneAudioUpload: 'Datei auswählen',
+      mimoCloneAudioClear: 'Löschen',
+      mimoStylePrompt: 'Stil-Eingabe',
+      mimoStylePromptHint: 'Optional — beschreiben Sie den Sprechstil in natürlicher Sprache',
+      mimoStylePromptPlaceholder: 'Z.B.: Heller, lebhafter Ton, schnelles Tempo',
+    },
+    lockedIps: {
+      title: 'Gesperrte IPs',
+      count: '{count} gesperrt',
+      empty: 'Keine gesperrten IPs',
+      unlock: 'Entsperren',
+      unlockAll: 'Alle entsperren',
+      unlockAllConfirm: 'Alle gesperrten IPs entsperren?',
+      unlocked: 'IP entsperrt',
+      allUnlocked: '{count} IPs entsperrt',
+    },
+    models: {
+      apiKey: 'API Key',
+      apiKeyPlaceholder: 'API Key eingeben',
+      noProviders: 'Keine Provider konfiguriert',
+      save: 'Speichern',
+      saveFailed: 'Speichern fehlgeschlagen',
+      saved: 'Gespeichert',
+    },
+  },
+  githubPreview: {
+    title: "Versionsvorschau",
+    description: "Klont den ausgewählten GitHub-Tag in den Web-UI-Vorschaubereich, installiert Abhängigkeiten und startet ihn mit den Entwicklungsports.",
+    refresh: "Aktualisieren",
+    selectTag: "Tag auswählen",
+    prepare: "Code vorbereiten",
+    install: "Abhängigkeiten installieren",
+    start: "Vorschau starten",
+    stop: "Stoppen",
+    note: "Der Vorschaucode wird im Web-UI-Datenverzeichnis gespeichert. Produktion bleibt auf Port 8648; die Vorschau nutzt Frontend 8651 und Backend 8650.",
+    path: "Vorschaupfad",
+    webuiHome: "Vorschau-Datenverzeichnis",
+    currentTag: "Aktueller Tag",
+    repoReady: "Repository bereit",
+    dependencies: "Abhängigkeiten installiert",
+    running: "Status",
+    notRunning: "Nicht gestartet",
+    open: "Vorschau öffnen",
+    log: "Pfad zum Aktionslog",
+    logOutput: "Logausgabe",
+    actionLog: "Aktionslog",
+    devLog: "Dev-Server-Log",
+    yes: "Ja",
+    no: "Nein",
+    actionFailed: "Aktion fehlgeschlagen",
+    nodeEnvironmentMissing: "Node/npm wurde nicht erkannt. Bitte installiere Node.js und versuche es erneut.",
+    prepareSuccess: "Vorschaucode ist bereit",
+    installSuccess: "Abhängigkeiten installiert",
+    startSuccess: "Vorschau abgeschlossen",
+    stopSuccess: "Vorschau gestoppt",
+  },
+
+  codingAgents: {
+    title: "Coding Agents",
+    notice: "Nicht alle Anbieter und Modelle sind kompatibel.",
+    claudeDescription: "Anthropic CLI fur einmalige Print-Mode-Aufgaben und interaktive Coding-Sitzungen.",
+    codexDescription: "OpenAI CLI und Hermes openai-codex Anbieter-Flow fur Repository-Aufgaben.",
+    copyCommand: "Kopieren",
+    commandCopied: "Befehl kopiert",
+    commandCopyFailed: "Kopieren fehlgeschlagen",
+    refresh: "Aktualisieren",
+    checking: "Prufen",
+    installStatus: "Installationsstatus",
+    installed: "Installiert",
+    notInstalled: "Nicht installiert",
+    installNow: "Installieren",
+    installing: "Installiere",
+    installSuccess: "Installiert",
+    installFailed: "Installation fehlgeschlagen",
+    nodeEnvironmentMissing: "Node/npm wurde nicht erkannt. Bitte installiere Node.js und versuche es erneut.",
+    deleteNow: "Loschen",
+    deleting: "Losche",
+    deleteSuccess: "Gelöscht",
+    deleteFailed: "Loschen fehlgeschlagen",
+    configFiles: "Konfigurationsdateien",
+    profileScope: "Profil",
+    providerScope: "Anbieter",
+    providerPlaceholder: "z. B. custom:glm",
+    modelScope: "Modell",
+    modelPlaceholder: "Modell auswahlen",
+    launchModeScope: "Startmodus",
+    launchModeGlobal: "Globale Konfiguration",
+    launchModeScoped: "Anbieter und Modell",
+    protocolScope: "Protokoll",
+    protocolOpenAiChat: "OpenAI Chat Completions (/v1/chat/completions)",
+    protocolOpenAiResponses: "OpenAI Responses (/v1/responses)",
+    protocolAnthropicMessages: "Anthropic Messages (/v1/messages)",
+    reloadConfig: "Konfiguration neu laden",
+    configFileNotCreated: "Nicht erstellt",
+    configLoadFailed: "Konfigurationsdatei konnte nicht gelesen werden",
+    loadFailed: "Coding Agents konnten nicht gepruft werden",
+    launch: "Starten",
+    launchTitle: "Coding Agent starten",
+    nativeTerminal: "Natives Terminal",
+    builtInTerminal: "Integriertes Terminal",
+    launchPrepared: "Startkonfiguration vorbereitet",
+    launchPrepareFailed: "Startkonfiguration konnte nicht vorbereitet werden",
+    nativeLaunchStarted: "Natives Terminal geoffnet",
+    nativeLaunchFailed: "Natives Terminal konnte nicht geoffnet werden",
+    terminalTitle: "Coding-Agent-Terminal",
+    loadProvidersFailed: "Anbieter fur das aktuelle Profil konnten nicht geladen werden",
+    selectProviderModel: "Anbieter und Modell auswahlen",
+    launchConfigDir: "Start-Konfigurationsordner",
+    launchCommand: "Startbefehl",
+    table: {
+      tool: "Tool",
+      kind: "Schritt",
+      command: "Befehl",
+      note: "Hinweis",
+      action: "Aktion",
+    },
+    kinds: {
+      install: "Installation",
+      auth: "Auth",
+      health: "Status",
+      run: "Ausfuhren",
+    },
+    notes: {
+      claudeInstall: "Installiert die Claude Code CLI global.",
+      codexInstall: "Installiert die Codex CLI global.",
+      claudeAuth: "Prüft den Claude Code Login-Status; bei fehlendem Login einmal claude ausfuhren.",
+      codexAuth: "Fugt Hermes-verwaltete OpenAI Codex OAuth-Zugangsdaten hinzu.",
+      claudeHealth: "Prüft Updater und lokale CLI-Gesundheit.",
+      codexHealth: "Bestatigt, dass die Codex CLI im PATH verfugbar ist.",
+      claudeRun: "Print mode ist der sauberste Weg fur API-gesteuerte Einmalaufgaben.",
+      codexRun: "Codex-Einmalaufgaben mussen in einem Git-Repository laufen.",
+    },
+  },
+
+  // Platform channel settings
+  platform: {
+    requireMention: "Erwahnung {'@'} erfordern",
+    requireMentionGroup: "Erwahnung {'@'} in Gruppen erfordern zum Antworten",
+    requireMentionChannel: "Erwahnung {'@'} in Kanalen erfordern zum Antworten",
+    requireMentionRoom: "Erwahnung {'@'} in Raumen erfordern zum Antworten",
+    reactions: 'Reaktionen',
+    reactionsHint: 'Auf Nachrichten mit Emoji reagieren',
+    freeResponseChats: 'Frei antwortende Chats',
+    freeResponseChatsHint: "Chat-IDs, die ohne {'@'}Erwahnung antworten (komma-getrennt)",
+    freeResponseChannels: 'Frei antwortende Kanale',
+    freeResponseChannelsHint: "Kanal-IDs, die ohne {'@'}Erwahnung antworten (komma-getrennt)",
+    freeResponseRooms: 'Frei antwortende Raume',
+    freeResponseRoomsHint: "Raum-IDs, die ohne {'@'}Erwahnung antworten (komma-getrennt)",
+    mentionPatterns: 'Benutzerdefinierte Erwahnungsmuster',
+    mentionPatternsHint: 'Zusatzliche Auslosermuster',
+    autoThread: 'Auto-Thread',
+    autoThreadHint: "Automatisch Antwort-Threads nach {'@'}Erwahnung erstellen",
+    autoThreadHintRoom: 'Automatisch Antwort-Threads in Raumen erstellen',
+    dmMentionThreads: 'DM-Erwahnungs-Threads',
+    dmMentionThreadsHint: 'Thread-Antworten fur Erwahnungen in DMs verwenden',
+    allowBots: 'Bot-Nachrichten erlauben',
+    allowBotsHint: 'Auf Nachrichten von anderen Bots antworten',
+    allowedChannels: 'Erlaubte Kanale',
+    allowedChannelsHint: 'Whitelist der Kanal-IDs (komma-getrennt)',
+    ignoredChannels: 'Ignorierte Kanale',
+    ignoredChannelsHint: 'Kanale, in denen der Bot nie antwortet (komma-getrennt)',
+    noThreadChannels: 'Thread-lose Kanale',
+    noThreadChannelsHint: 'Kanale, in denen der Bot ohne Threads antwortet (komma-getrennt)',
+    exclusiveTokenWarning: 'Diese Plattform verwendet einen exklusiven Token-Lock. Jedes Profil muss einen anderen Identitäts-Token verwenden, um Konflikte mit anderen Profilen zu vermeiden.',
+    botToken: 'Bot-Token',
+    botTokenHint: 'Bot-Token vom Entwicklerportal',
+    accessToken: 'Zugangs-Token',
+    accessTokenHint: 'Matrix-Zugangs-Token',
+    homeserver: 'Homeserver-URL',
+    homeserverHint: 'Matrix-Homeserver-URL',
+    appId: 'App-ID',
+    appIdHint: 'Feishu App-ID',
+    appSecret: 'App-Geheimnis',
+    appSecretHint: 'Feishu App-Geheimnis',
+    clientId: 'Client-ID',
+    clientIdHint: 'DingTalk Client-ID',
+    clientSecret: 'Client-Geheimnis',
+    clientSecretHint: 'DingTalk Client-Geheimnis',
+    cardTemplateId: 'KI-Karten-Vorlagen-ID',
+    cardTemplateIdHint: 'DingTalk KI-Karten-Vorlagen-ID; leer lassen, um KI-Karten zu deaktivieren',
+    botId: 'Bot-ID',
+    botIdHint: 'WeCom Bot-ID',
+    wecomSecretHint: 'WeCom Bot-Geheimnis',
+    waEnabled: 'WhatsApp aktivieren',
+    waEnabledHint: 'WhatsApp uber QR-Code-Kopplung aktivieren',
+    weixinToken: 'Weixin-Token',
+    weixinTokenHint: 'Von Weixin-CLI QR-Anmeldung (hermes weixin)',
+    accountId: 'Konto-ID',
+    accountIdHint: 'Weixin-Konto-ID',
+    qrLogin: 'QR-Anmeldung',
+    qrRelogin: 'Erneut anmelden',
+    qrFetching: 'QR-Code wird abgerufen...',
+    qrScanHint: 'Mit WeChat scannen zum Anmelden',
+    qrScanedHint: 'Gescannt, bitte auf dem Gerat bestatigen...',
+    qqSandboxHint: 'Sandbox-Umgebung aktivieren (für Tests)',
+    qqSandbox: 'Sandbox-Modus',
+    qqQrScanHint: 'QR-Code oben mit QQ scannen oder Link auf dem Telefon öffnen, um die Bindung abzuschließen',
+    qqMarkdownHint: 'Markdown-formatierte Nachrichten aktivieren (einige Clients unterstützen dies möglicherweise nicht)',
+    qqMarkdown: 'Markdown-Unterstützung',
+    qqAppSecretHint: 'QQ Open Platform Bot App Secret',
+    qqAppSecret: 'App Secret',
+    qqAppIdHint: 'QQ Open Platform Bot App ID',
+    qqAppId: 'App ID',
+    allowedUsersHint: 'Whitelist für Benutzer-IDs oder OpenIDs, durch Kommas getrennt',
+    allowedUsers: 'Erlaubte Benutzer',
+    allowAllUsersHint: 'Nachrichten von beliebigen Benutzern erlauben; deaktiviert lassen, um die Allowlist zu verwenden',
+    allowAllUsers: 'Alle Benutzer erlauben',
+  },
+
+  // Language
+  language: {
+    label: 'Sprache',
+    zh: '中文',
+    en: 'English',
+    de: 'Deutsch',
+  },
+
+  // Terminal
+  terminal: {
+    sessions: 'Sitzungen',
+    newTab: 'Neues Terminal',
+    closeSession: 'Diese Sitzung schliessen?',
+    sessionExited: 'Beendet',
+    processExited: 'Prozess beendet mit Code {code}',
+    noSessions: 'Keine Terminal-Sitzungen',
+    connectionFailed: 'Terminaldienstverbindung fehlgeschlagen',
+    connectionClosed: 'Terminalverbindung geschlossen',
+    connectionError: 'Terminalverbindungsfehler',
+  },
+
+  // Usage
+  usage: {
+    title: 'Nutzungsstatistiken',
+    refresh: 'Aktualisieren',
+    totalTokens: 'Gesamt-Tokens',
+    inputTokens: 'Eingabe',
+    outputTokens: 'Ausgabe',
+    totalSessions: 'Gesamt-Sitzungen',
+    avgPerDay: '~{n}/Tag Durchschn.',
+    estimatedCost: 'Gesch. Kosten',
+    cacheHitRate: 'Cache-Trefferquote',
+    modelBreakdown: 'Modellaufschluesselung',
+    dailyTrend: 'Tagliche Nutzung',
+    date: 'Datum',
+    tokens: 'Tokens',
+    cache: 'Cache',
+    cacheRead: 'Cache gelesen',
+    cacheWrite: 'Cache geschrieben',
+    sessions: 'Sitzungen',
+    cost: 'Kosten',
+    noData: 'Keine Nutzungsdaten',
+  },
+
+  skillsUsage: {
+    title: 'Skill-Nutzung',
+    subtitle: 'Skill-Ladevorgänge und -Bearbeitungen aus Hermes-Sitzungen verfolgen',
+    refresh: 'Aktualisieren',
+    periodSelector: 'Zeitraum der Skill-Nutzung',
+    periodLabel: '{days} T',
+    summary: 'Zusammenfassung',
+    totalActions: 'Aktionen',
+    loads: 'Laden',
+    edits: 'Änd.',
+    distinctSkills: 'Skillzahl',
+    topSkills: 'Top-Skills',
+    dailyTrend: 'Trend',
+    periodSummary: 'Letzte {days} Tage',
+    skill: 'Fähigkeit',
+    share: '%',
+    lastUsed: 'Zuletzt',
+    noData: 'Keine Skill-Nutzungsdaten',
+    loadFailed: 'Skill-Nutzung konnte nicht geladen werden',
+    otherSkills: 'Andere Skills',
+  },
+
+  // Anderungsprotokoll
+  changelog: {
+    new_0_6_7_1: 'Die Desktop-App nutzt jetzt standardmäßig Port 8748, unterstützt Zugriff im lokalen Netzwerk und kann direkt im lokalen Browser geöffnet werden',
+    new_0_6_7_9: 'Desktop-Download-Links sind jetzt auf der offiziellen Website https://hermes-studio.ai/ verfügbar, aktuelle Installer bleiben außerdem über GitHub Releases verfügbar',
+    new_0_6_7_2: 'MCP-Tools sind vollständiger: Bridge Tool Discovery, MCP-Management-Lifecycle und Tool-Sichtbarkeit pro Modell im Manager wurden verbessert',
+    new_0_6_7_3: 'Nachrichtenlisten zentrieren leere Zustände korrekt, reduzieren Scroll-Jitter, zeigen beim Laden von History keine Live-Chat-Nachrichten mehr, behalten Scrollpositionen pro Session und blenden beim Session-Wechsel 1,5 Sekunden ein',
+    new_0_6_7_4: 'Bridge und Runtime sind stabiler durch erhaltene Text/tool-call-Reihenfolge, korrektes Profile runtime status loading, bessere Node/npm-Erkennung und übersprungene Produktionsdatenverzeichnis-Erstellung',
+    new_0_6_7_5: 'Desktop-Distribution umfasst Electron-Packaging, App-Naming, Preload-Builds, Release-Artifact-Uploads, Windows Hermes CLI Start, Linux-Icons und beschreibbare Datenpfade, macOS ohne Signing-Zertifikate und versteckte Windows-Startup-Subprozesse',
+    new_0_6_7_6: 'Die Website hat Download- und Deploy-Workflows, und Deploys funktionieren auch in Umgebungen ohne rsync',
+    new_0_6_7_7: 'Server- und Auth-Fixes nutzen dirname für Windows-Credential-Verzeichnisse und erhöhen das Avatar-Upload-Limit gegen 413-Fehler bei größeren Bildern',
+    new_0_6_7_8: 'Repository-Harness, Validierungsdokumente und Agent-Guides für Coding Agents wurden ergänzt, alte Setup-Script-Dokumente entfernt',
+    new_0_6_4_1: 'CI wurde mit festem npm-Installationsverhalten und Docker-Smoke-Coverage für PRs gehärtet',
+    new_0_6_4_2: 'Chat nutzt jetzt virtualisierte Pagination, damit lange Gespräche zuverlässiger scrollen und laden',
+    new_0_6_4_3: 'Docker-Image-Publishing läuft jetzt nur noch für Releases statt für normale PR-Checks',
+    new_0_6_4_4: 'Version Preview ist für Super-Admins verfügbar, mit main/tag-Auswahl, Preview-Checkout, Dependency-Installation, Start/Stop und Logs',
+    new_0_6_4_5: 'Preview-Instanzen isolieren Frontend/Backend-Ports, Web UI home und agent bridge endpoint, inklusive Runtime-Patches für ältere Tags zu Ports, WebSocket-Routing, base URL und verschachtelter Preview-Navigation',
+    new_0_6_4_6: 'Legacy session_usage Tabellen ohne created_at werden jetzt sicher mit einem Standardwert migriert',
+    new_0_6_4_7: 'Bridge profile worker endpoints werden jetzt nach broker endpoint getrennt, damit Produktion und Preview mit gleichem Profile keine worker sockets stehlen und keine unknown run Fehler auslösen',
+    new_0_6_5_1: 'Coding Agents bieten jetzt einen vollständigen Start-Workflow für Claude Code und Codex, mit globaler Konfiguration, profile/provider-isolierten Arbeitsbereichen sowie integriertem oder nativem Terminal',
+    new_0_6_5_2: 'Codex-Start unterstützt OpenAI Chat Completions, OpenAI Responses und Anthropic Messages, inklusive lokaler Proxy-Anpassung für verschiedene Anbieter',
+    new_0_6_5_3: 'Coding Agents laufen unter Windows stabiler mit .cmd/.bat shim-Erkennung, Terminal-Start-Fixes und Claude Code Custom-Model-Start ohne lokale Modellvalidierung',
+    new_0_6_5_4: 'Nachrichtenlisten, History-Paging, TTS-Authentifizierung, Gruppenchat-Agent-Erwähnungen, Update-Check-Abschaltung und bridge worker transport verbessern die Laufzeitstabilität',
+    new_0_6_3_1: 'Bridge-Spinner-Status wird nicht mehr als Modell-Reasoning gespeichert und verschmutzt dadurch keinen späteren Kontext',
+    new_0_6_3_2: 'History bietet jetzt Controls zum Import von Hermes-CLI-Sessions in die lokale Web-UI-Historie mit sichererer Nachrichten-Normalisierung',
+    new_0_6_3_3: 'Provider-Setup unterstützt editierbare eingebaute Base URLs, LM Studio als eingebauten Provider und Live-Erkennung über LM Studio /models',
+    new_0_6_3_4: 'OpenRouter-Anfragen über die Web-UI-Bridge enthalten jetzt Hermes Web UI App-Attribution-Header',
+    new_0_6_3_5: 'Der öffentliche auth status endpoint gibt den ersten Benutzernamen nicht mehr an nicht authentifizierte Anfragen aus',
+    new_0_6_3_6: 'DingTalk-Einstellungen enthalten jetzt ein AI Card Template ID Feld, gespeichert als DINGTALK_CARD_TEMPLATE_ID',
+    new_0_6_3_7: 'Bridge-Socket-JSON-Ausgaben bereinigen isolierte Unicode-Surrogate und verhindern dadurch SSE-Abstürze im Chat',
+    new_0_6_2_1: 'Web Bridge unterstützt jetzt /plan-Befehle mit korrektem Run-Start und sichtbarem Befehlsstatus',
+    new_0_6_2_2: 'Das Befehlsmenü im Chat-Eingabefeld enthält jetzt /goal und /subgoal mit Status, Pause, Resume, Done und Clear',
+    new_0_6_2_3: 'Goal- und Subgoal-Workflows sind jetzt in Chat-Sessions integriert, inklusive Ziel-Fortsetzungen und Statusupdates',
+    new_0_6_2_4: 'Zielkanaloptionen für Job-Zustellung sind wiederhergestellt, damit geplante Jobs das richtige Ziel auswählen können',
+    new_0_6_2_5: 'Kontext-token-Nutzung wird nach Reconnects mit snapshot-bewusster Berechnung korrekt fortgesetzt',
+    new_0_6_2_6: 'Kontext-Checkpoint-Komprimierung ist bei langsamer Codex-Zusammenfassung zuverlässiger: Web UI wartet 5 Minuten und der Python bridge broker beendet worker-Anfragen nicht mehr nach 2 Minuten',
+    new_0_6_2_7: 'Chat-Queue-Promotion ist korrigiert, sodass queued-Nachrichten nicht zu früh in die Nachrichtenliste springen, auch in synchronisierten Fenstern',
+    new_0_6_2_8: 'Clarify-Dialoge senden Freitext nicht mehr per Enter ab und beantwortete Prompts öffnen nach Sessionwechsel nicht erneut',
+    new_0_6_2_9: 'Bridge-Terminal-Umgebungsrefresh und stale-pid-Cleanup sind enger begrenzt und reduzieren veraltete Laufzeitstatus in der UI',
+    new_0_6_2_10: 'Die Standard-Kontextlänge folgt jetzt dem Hermes-Standard von 256.000 Tokens',
+    new_0_5_35_1: 'Bridge-Sessions können nun über verschiedene Sessions hinweg parallel laufen, während Läufe derselben Session zur Wahrung der Nachrichtenreihenfolge serialisiert bleiben',
+    new_0_5_35_2: 'Neue Performance-Monitor-Seite für System-CPU/Speicher, Web UI, Bridge Broker, Workers und aktive Sessions',
+    new_0_5_35_3: 'Worker-Ressourcenmetriken zeigen CPU, Speicher, Profile, Session-Anzahl und Laufstatus pro worker',
+    new_0_5_35_4: 'Bridge-worker-Lifecycle-Cleanup verbessert, damit Broker-Shutdowns und beendete Elternprozesse worker zurückfordern und verwaiste Python-Prozesse reduzieren',
+    new_0_5_35_5: 'Monitoring-Kompatibilität mit Fallbacks für Ressourcenmessung unter macOS, Windows, Linux, Docker und Termux gehärtet',
+    new_0_5_35_6: 'Performance Monitoring blockiert nicht mehr auf worker-Anfragen während Agent-Initialisierung und reduziert request timeouts unter Windows',
+    new_0_5_35_7: 'Chat-Markdown unterstützt Inline-Vorschauen für Textinhalte, und Download-Icons laden Dateien direkt herunter statt die Vorschau zu öffnen',
+    new_0_5_35_8: 'Content-Preview-Drawer verbessert: Schließen-Aktion auf Mobilgeräten, mobile Vollbreite, 800px Desktop-Breite und konsistente Text-/Markdown-Hintergründe',
+    new_0_6_0_1: 'Account- und Profile-bezogene Verwaltung schützt Sessions, Modelle, Nutzung, Kanban, Jobs, Uploads, Medien und verwandte Hermes APIs konsistent',
+    new_0_6_0_2: 'Gebündelte Medien-Skills verwenden das generierte Server-Token nur für Medien-Endpunkte und lösen fun-codex/xAI-Zugangsdaten aus dem angeforderten Profile auf',
+    new_0_6_0_3: 'Einzelchat und Gruppenchat injizieren das aktuelle Hermes Profile in Run-Instructions, damit Skills X-Hermes-Profile senden können',
+    new_0_6_0_4: 'delegate_task-Subagent-Fortschritt wird mit Start-, Tool-, Fortschritts- und Abschlussstatus in die Chat-UI gestreamt',
+    new_0_6_0_5: 'Stoppen oder Abbrechen eines Runs bereinigt temporäre Events, damit alte abort-Zustände nicht in den nächsten Chat gelangen',
+    new_0_6_0_6: 'Dokumentation und Website-Texte für Accountverwaltung, Standard-Zugangsdaten, Account/Profile-Verwaltung, Uploads/Downloads und Medien-Skills aktualisiert',
+    new_0_6_0_7: 'CLI-Wartungsbefehle zum Löschen von Login-IP-Sperren und Zurücksetzen des Standard-Logins admin / 123456 hinzugefügt',
+    new_0_6_0_8: 'Version 0.6.0 ist die Grenze zwischen Single-User- und Multi-User-Web-UI. Bei Problemen im Multi-User-Modus bitte ein Issue erstellen und bei Bedarf auf die Single-User-Version 0.5.35 zurückgehen',
+    new_0_6_1_1: 'Sitzungslisten zeigen standardmäßig alle für das Konto verfügbaren Profile; nur ein expliziter Profilfilter schränkt ein, und CLI start/stop/status zeigen keine node:sqlite-Warnung mehr',
+    new_0_6_1_2: 'Clarify- und Bestätigungsantworten laufen jetzt über den authentifizierten Chat-Socket zur Hermes Bridge, inklusive Tests für den Antwortpfad',
+    new_0_6_1_3: 'Navigationseinträge und Chat-Sitzungszeilen nutzen native Links für neues Tab, Link kopieren und persistente eingeklappte Sidebar-Gruppen',
+    new_0_6_1_4: 'Sitzungslinks leiten Route-Profile nicht mehr in die normale Sitzungslistenfilterung weiter, und Open-in-new-tab-Texte sind lokalisiert',
+    new_0_6_1_5: 'Skills lesen jetzt skills.external_dirs aus der aktiven Profilkonfiguration, markieren externe Skills, behalten lokale Priorität und lösen externe Dateien auf',
+    new_0_6_1_6: 'Die Login-IP-Sperre greift nun nach 10 Fehlversuchen, und der gesperrte Login zeigt Befehle zum Entsperren und Zurücksetzen des Standard-Logins',
+    new_0_6_1_7: 'Mobile oder Hintergrund-Chat-Verbindungsabbrüche gelten als temporär; nach dem Reconnect wird der Run-Zustand vom Server fortgesetzt',
+    new_0_6_1_8: 'Bridge-Tool-Marker-Flush persistiert nun unvollständige Tool-Call-Präfixe an Tool- und Run-Grenzen',
+    new_0_6_1_9: 'Profilbewusste History-Aktionen löschen Sitzungen mit profilqualifizierten Zielen und aktualisieren History beim globalen Profilwechsel',
+    new_0_6_1_10: 'Der alte AUTH_DISABLED-Bypass wurde für Mehrbenutzerrechte entfernt; AUTH_TOKEN bleibt unterstützt',
+  },
+
+  // Dateien
+  files: {
+    title: 'Dateien',
+    tree: 'Verzeichnisbaum',
+    list: 'Dateiliste',
+    breadcrumbRoot: 'Start',
+    newFile: 'Neue Datei',
+    newFolder: 'Neuer Ordner',
+    upload: 'Hochladen',
+    refresh: 'Aktualisieren',
+    open: 'Offnen',
+    edit: 'Bearbeiten',
+    preview: 'Vorschau',
+    download: 'Herunterladen',
+    copyPath: 'Pfad kopieren',
+    rename: 'Umbenennen',
+    delete: 'Loschen',
+    name: 'Name',
+    size: 'Grosse',
+    modified: 'Geandert',
+    actions: 'Aktionen',
+    emptyDir: 'Leeres Verzeichnis',
+    loading: 'Wird geladen...',
+    confirmDelete: 'Mochten Sie "{name}" wirklich loschen?',
+    confirmDeleteDir: 'Mochten Sie das Verzeichnis "{name}" und seinen gesamten Inhalt wirklich loschen?',
+    deleteFailed: 'Loschen fehlgeschlagen',
+    deleted: 'Geloscht',
+    renameTo: 'Umbenennen in',
+    newFileName: 'Dateiname',
+    newFolderName: 'Ordnername',
+    created: 'Erstellt',
+    createFailed: 'Erstellen fehlgeschlagen',
+    renamed: 'Umbenannt',
+    renameFailed: 'Umbenennen fehlgeschlagen',
+    uploadSuccess: '{count} Datei(en) hochgeladen',
+    uploadFailed: 'Hochladen fehlgeschlagen',
+    saveFailed: 'Speichern fehlgeschlagen',
+    saved: 'Gespeichert',
+    unsavedChanges: 'Sie haben ungespeicherte Anderungen. Verwerfen?',
+    pathCopied: 'Pfad kopiert',
+    fileTooLarge: 'Datei zu gross (max. 10 MB)',
+    permissionDenied: 'Geschutzte Datei kann nicht geandert werden',
+    notFound: 'Datei oder Verzeichnis nicht gefunden',
+    backendError: 'Dateioperation fehlgeschlagen',
+    dragDropHint: 'Dateien hierher ziehen, um sie hochzuladen',
+    closeEditor: 'Editor schliessen',
+    closePreview: 'Schliessen',
+    saveFile: 'Speichern',
+    fileTree: 'Dateibaum',
+  },
+
+  // Gruppenchat
+  groupChat: {
+    title: 'Gruppenchat',
+    createRoom: 'Raum erstellen',
+    joinByCode: 'Mit Code beitreten',
+    roomName: 'Raumname',
+    roomNamePlaceholder: 'Raumnamen eingeben',
+    inviteCode: 'Einladungscode',
+    autoGenerate: 'Automatisch generieren',
+    noRooms: 'Noch keine Raume',
+    selectOrCreate: 'Wahlen oder erstellen Sie einen Raum, um zu chatten',
+    agents: 'Agenten',
+    addAgent: 'Agent hinzufugen',
+    selectProfile: 'Wahlen Sie ein Profil',
+    agentAdded: 'Agent hinzugefugt',
+    agentAlreadyInRoom: 'Agent ist bereits in diesem Raum',
+    agentAddFailedCount: '{count} Agent(en) wurden nicht hinzugefugt: {details}',
+    noAgents: 'Keine Agenten in diesem Raum',
+    members: 'Mitglieder',
+    roomCreated: 'Raum erstellt',
+    roomDeleted: 'Raum gelöscht',
+    roomCloned: 'Raum geklont',
+    cloneRoom: 'Raum klonen',
+    copyRoomLink: 'Raumlink kopieren',
+    deleteRoomConfirm: 'Diesen Raum löschen?',
+    clearContext: 'Kontext löschen',
+    clearContextConfirm: 'Diesen Raumkontext löschen? Nachrichten und Komprimierungs-Snapshots werden entfernt, Agenten und Mitglieder bleiben.',
+    contextCleared: 'Kontext gelöscht',
+    you: 'Du',
+    joined: 'Raum beigetreten',
+    joinFailed: 'Beitreten fehlgeschlagen',
+    inputPlaceholder: 'Nachricht eingeben... (Enter zum Senden)',
+    enterCode: 'Einladungscode eingeben',
+    yourName: 'Dein Name',
+    yourNamePlaceholder: 'Gib deinen Anzeigenamen ein',
+    yourDescription: 'Beschreibung (optional)',
+    yourDescriptionPlaceholder: 'Erzahl anderen wer du bist...',
+    agentName: 'Agent-Name',
+    agentNamePlaceholder: 'Benutzerdefinierter Name (leer = Profilname)',
+    agentDesc: 'Agent-Beschreibung',
+    agentDescPlaceholder: 'Beschreiben Sie, was dieser Agent tut...',
+    agentReplying: 'antwortet...',
+    agentCompressing: 'komprimiert Kontext...',
+    compressionSettings: 'Komprimierungseinstellungen',
+    triggerTokens: 'Trigger-Token',
+    triggerTokensDesc: 'Token-Schwelle für Kontextkomprimierung',
+    maxHistoryTokens: 'Max. Verlaufs-Token',
+    maxHistoryTokensDesc: 'Maximale Token für komprimierten Kontext',
+    tailMessageCount: 'Nachrichten am Ende',
+    tailMessageCountDesc: 'Anzahl der letzten Nachrichten, die unverändert bleiben',
+    compressionConfig: 'Komprimierungskonfig',
+    compressNow: 'Jetzt komprimieren',
+    compressingInProgress: 'Komprimierung läuft, bitte warten',
+    compressionSaved: 'Konfiguration gespeichert',
+  },
+
+  // Download
+  download: {
+    downloading: 'Wird heruntergeladen...',
+    downloadFailed: 'Download fehlgeschlagen',
+    fileNotFound: 'Datei nicht gefunden oder geloscht',
+    fileTooLarge: 'Datei zu gross (Limit uberschritten)',
+    backendError: 'Lesen der Datei fehlgeschlagen, Remote-Umgebung moglicherweise nicht verfugbar',
+    backendTimeout: 'Zeituberschreitung beim Lesen der Datei',
+    unsupportedBackend: 'Aktuelles Terminal-Backend unterstutzt keine Datei-Downloads',
+    invalidPath: 'Ungultiger Dateipfad',
+    contentDisplay: 'Inhalt anzeigen',
+    download: 'Herunterladen',
+    downloadFile: 'Datei herunterladen',
+  },
+  gateways: {
+    title: 'Gateways',
+    running: 'Läuft',
+    stopped: 'Gestoppt',
+    started: 'Gestartet',
+    startFailed: 'Gateway konnte nicht gestartet werden',
+    stopFailed: 'Gateway konnte nicht gestoppt werden',
+  },
+  kanban: {
+    title: 'Kanban-Board',
+    createTask: 'Neue Aufgabe',
+    noTasks: 'Keine Aufgaben',
+    allStatuses: 'Alle Status',
+    allAssignees: 'Alle Verantwortlichen',
+    columns: {
+      triage: 'Sichtung',
+      todo: 'Zu erledigen',
+      ready: 'Bereit',
+      running: 'In Arbeit',
+      blocked: 'Blockiert',
+      done: 'Erledigt',
+      archived: 'Archiviert',
+    },
+    card: {
+      assigneeTooltip: 'Verantwortlicher',
+      priority: {
+        low: 'Niedrig',
+        medium: 'Mittel',
+        high: 'Hoch',
+      },
+      timeAgo: {
+        justNow: 'gerade eben',
+        minutes: 'vor {count} Min.',
+        hours: 'vor {count} Std.',
+        days: 'vor {count} Tg.',
+      },
+    },
+    board: {
+      create: 'Neues Board',
+      archive: 'Board archivieren',
+      archiveConfirm: 'Aktuelles Board archivieren?',
+      archived: 'Board archiviert',
+      created: 'Board erstellt',
+      slugPlaceholder: 'Board-Kennung, z. B. project-a',
+      namePlaceholder: 'Anzeigename (optional)',
+      slugRequired: 'Board-Kennung ist erforderlich',
+    },
+    form: {
+      title: 'Titel',
+      titlePlaceholder: 'Aufgabentitel',
+      titleRequired: 'Titel ist erforderlich',
+      body: 'Beschreibung',
+      bodyPlaceholder: 'Aufgabenbeschreibung (optional)',
+      assignee: 'Verantwortlicher',
+      selectAssignee: 'Verantwortlichen wählen...',
+      priority: 'Priorität',
+      selectPriority: 'Priorität wählen...',
+    },
+    detail: {
+      status: 'Status',
+      priority: 'Priorität',
+      assignee: 'Verantwortlicher',
+      tenant: 'Mandant',
+      createdAt: 'Erstellt',
+      startedAt: 'Gestartet',
+      completedAt: 'Abgeschlossen',
+      comments: 'Kommentare',
+      events: 'Ereignisse',
+      runs: 'Ausführungen',
+      artifacts: 'Artefakte',
+      result: 'Ergebnis',
+      highlights: 'Highlights',
+      sources: 'Datenquellen',
+      sessions: 'Zugehörige Sitzungen',
+      sessionMessages: 'Sitzungsnachrichten',
+      noSessions: 'Keine zugehörigen Sitzungen gefunden.',
+    },
+    action: {
+      title: 'Aktionen',
+      assign: 'Zuweisen',
+      assignTo: 'Zuweisen an...',
+      block: 'Blockieren',
+      blockReason: 'Blockierungsgrund',
+      unblock: 'Blockierung aufheben',
+      complete: 'Abschließen',
+      completeSummary: 'Abschlusszusammenfassung (optional)',
+    },
+    message: {
+      loadFailed: 'Aufgabe konnte nicht geladen werden',
+      taskCreated: 'Aufgabe erstellt',
+      taskAssigned: 'Aufgabe zugewiesen',
+      taskBlocked: 'Aufgabe blockiert',
+      taskUnblocked: 'Blockierung aufgehoben',
+      taskCompleted: 'Aufgabe abgeschlossen',
+    },
+    stats: {
+      total: 'Gesamt',
+      tasks: 'Aufgaben',
+    },
+  },
+}
diff --git a/packages/client/src/i18n/locales/en.ts b/packages/client/src/i18n/locales/en.ts
new file mode 100644
index 0000000..5449e51
--- /dev/null
+++ b/packages/client/src/i18n/locales/en.ts
@@ -0,0 +1,1551 @@
+export default {
+  // Login
+  login: {
+    title: 'Hermes Web UI',
+    description: 'Enter your username and password to continue.',
+    placeholder: 'Access token',
+    submit: 'Login',
+    tokenRequired: 'Please enter your access token',
+    invalidToken: 'Invalid token',
+    connectionFailed: 'Cannot connect to server',
+    passwordLogin: 'Password',
+    tokenLogin: 'Token',
+    usernamePlaceholder: 'Username',
+    passwordPlaceholder: 'Password',
+    defaultCredentialsHint: 'Default username: admin. Default password: 123456.',
+    credentialsRequired: 'Please enter username and password',
+    invalidCredentials: 'Invalid username or password',
+    tooManyAttempts: 'Too many failed attempts, please try again later',
+    lockResetHint: 'If this is your server, clear the login lock with:',
+    defaultLoginResetHint: 'To reset the default admin password, run:',
+    sessionExpired: 'Login expired. Please sign in again.',
+    accessDenied: 'You do not have permission to access this resource.',
+    passwordMismatch: 'Passwords do not match',
+    passwordTooShort: 'Password must be at least 6 characters',
+    setupSuccess: 'Password login configured successfully',
+    passwordChanged: 'Password changed successfully',
+    passwordRemoved: 'Password login removed',
+    setupPassword: 'Set Up Password Login',
+    changePassword: 'Change Password',
+    changeUsername: 'Change Username',
+    removePasswordLogin: 'Remove',
+    username: 'Username',
+    currentPassword: 'Current Password',
+    newPassword: 'New Password',
+    confirmPassword: 'Confirm Password',
+    newUsername: 'New Username',
+    usernameChanged: 'Username changed successfully',
+    usernameTooShort: 'Username must be at least 2 characters',
+    setupDescription: 'Manage the username and password used to sign in.',
+    removeConfirm: 'Password login is required for user accounts.',
+    passwordLoginNotConfigured: 'Password login is not configured',
+    passwordLoginConfigured: 'Current account: {username}',
+    defaultCredentialTitle: 'Change the default account credentials',
+    defaultCredentialMessage: 'This account is still using the default username or password. To prevent unauthorized access, update the username and password as soon as possible.',
+    defaultCredentialAction: 'Update now',
+    defaultCredentialLater: 'Remind me later',
+  },
+
+  users: {
+    title: 'Account Management',
+    description: 'Create users, assign roles, and control which profiles regular admins can access.',
+    create: 'Create User',
+    edit: 'Edit User',
+    username: 'Username',
+    role: 'Role',
+    statusLabel: 'Status',
+    profiles: 'Accessible Profiles',
+    profilesPlaceholder: 'Select accessible profiles',
+    allProfiles: 'All profiles',
+    noProfiles: 'No profiles assigned',
+    lastLogin: 'Last Login',
+    newPasswordOptional: 'New Password (leave blank to keep)',
+    loadFailed: 'Failed to load users',
+    deleteConfirm: 'Delete this user?',
+    enable: 'Enable',
+    disable: 'Disable',
+    roles: {
+      superAdmin: 'Super Admin',
+      admin: 'Admin',
+    },
+    status: {
+      active: 'Active',
+      disabled: 'Disabled',
+    },
+  },
+
+  // Common
+  common: {
+    loading: 'Loading...',
+    cancel: 'Cancel',
+    delete: 'Delete',
+    edit: 'Edit',
+    save: 'Save',
+    retry: 'Retry',
+    saved: 'Saved',
+    update: 'Update',
+    create: 'Create',
+    saveFailed: 'Save failed',
+    deleteFailed: 'Delete failed',
+    ok: 'OK',
+    copied: 'Copied',
+    copy: 'Copy',
+    noData: 'No data',
+    expired: 'Expired',
+    fetch: 'Fetch',
+    add: 'Add',
+    enable: 'Enable',
+    disable: 'Disable',
+    configured: 'Configured',
+    notConfigured: 'Not configured',
+    confirm: 'Confirm',
+    expand: 'Expand',
+    collapse: 'Collapse',
+    start: 'Start',
+    stop: 'Stop',
+  },
+
+  // MCP Management
+  mcp: {
+    title: 'MCP Servers',
+    loadFailed: 'Failed to load MCP servers',
+    reloadAll: 'Reload All',
+    refresh: 'Refresh',
+    total: 'Total',
+    connected: 'Connected',
+    disconnected: 'Disconnected',
+    tools: 'tools',
+    tool: 'Tools',
+    searchPlaceholder: 'Search servers...',
+    addServer: '+ Add Server',
+    zeroTools: '0 tools',
+    loading: 'Loading...',
+    empty: 'No MCP servers configured',
+    reloaded: 'Reloaded {server}',
+    reloadedAll: 'All MCP servers reloaded',
+    reloadFailed: 'Reload failed',
+    serverAdded: 'Server "{name}" added',
+    addFailed: 'Failed to add server',
+    serverUpdated: 'Server "{name}" updated',
+    updateFailed: 'Failed to update server',
+    saveFailed: 'Save failed',
+    serverRemoved: 'Removed "{name}"',
+    enabled: "Enabled {name}",
+    disabled: "Disabled {name}",
+    connectedStatus: 'Connected',
+    disconnectedStatus: 'Disconnected',
+    disabledStatus: 'Disabled',
+    toolList: 'Tool List',
+    count: ' ',
+    more: 'more',
+    removeFailed: 'Failed to remove server',
+    testOk: 'Test OK — {count} tools available',
+    testEmpty: 'Test returned no tools',
+    testFailed: 'Test failed',
+    edit: 'Edit',
+    test: 'Test',
+    reload: 'Reload',
+    remove: 'Remove',
+    confirmRemove: 'Remove server "{name}"?',
+    cancel: 'Cancel',
+    add: 'Add',
+    save: 'Save',
+    addTitle: 'Add MCP Server',
+    editTitle: 'Edit MCP Server',
+    invalidJson: 'Invalid JSON format',
+    invalidYaml: 'Invalid YAML format',
+    invalidConfig: 'Invalid configuration',
+    invalidServerConfig: 'Invalid server configuration',
+    missingCommandOrUrl: 'Must have command or url',
+    manageTools: 'Manage Tools',
+    toolsVisibilityTitle: 'Tools Visibility Management',
+    fetchTools: 'Fetch Tools List',
+    fetchToolsFailed: 'Failed to fetch tools list',
+    toolsMode: 'Mode:',
+    toolsModeAll: 'All',
+    toolsModeInclude: 'Include',
+    toolsModeExclude: 'Exclude',
+    toolsListHeader: 'Tool Name',
+    toolsEmpty: 'No tools available, please fetch tools list first',
+    toolsSummaryAll: '{count} tools total, all enabled',
+    toolsSummaryInclude: '{total} tools total, {count} selected',
+    toolsSummaryExclude: '{total} tools total, {count} excluded',
+    toolsVisibilitySaved: 'Tools visibility saved',
+    toolsSelectAll: 'Select all',
+    toolsClearSelection: 'Clear selection',
+    toolsExcludeAll: 'Exclude all',
+    toolsClearExcluded: 'Clear excluded',
+  },
+
+  // Sidebar
+  sidebar: {
+    chat: 'Chat',
+    search: 'Search',
+    apiRelay: 'API Relay',
+    history: 'History',
+    jobs: 'Jobs',
+    kanban: 'Kanban',
+    models: 'Models',
+    profiles: 'Profiles',
+    skills: 'Skills',
+    plugins: 'Plugins',
+    mcp: 'MCP',
+    memory: 'Memory',
+    logs: 'Logs',
+    usage: 'Usage',
+    performance: 'Performance',
+    skillsUsage: 'Skills Usage',
+    channels: 'Channels',
+    gateways: 'Gateways',
+    terminal: 'Terminal',
+    groupChat: 'Group Chat',
+    files: 'Files',
+    groupConversation: 'Conversation',
+    groupConversationShort: 'Conv',
+    groupPlatform: 'Platform',
+    groupAgent: 'Agent',
+    groupAgentShort: 'Agent',
+    groupSystem: 'System',
+    groupSystemShort: 'Sys',
+    groupMonitoring: 'Monitoring',
+    groupMonitoringShort: 'Mon',
+    groupTools: 'Tools',
+    groupToolsShort: "Tools",
+    codingAgents: "Coding Agents",
+    versionPreview: "Version Preview",
+    settings: 'Settings',
+    about: 'About',
+    connected: 'Connected',
+    disconnected: 'Disconnected',
+    collapse: 'Collapse menu',
+    expand: 'Expand menu',
+    updateTip: 'Run "hermes-web-ui update" in terminal to update',
+    updateVersion: 'Upgrade to v{version}',
+    reloadClientVersion: 'Reload for v{version}',
+    updating: 'Updating...',
+    updateSuccess: 'Update successful. Please refresh the page shortly. If it does not start after a while, start it manually.',
+    updateFailed: 'Update failed',
+    logout: 'Sign Out',
+    nodeVersionWarning: 'Detected Node.js v{version}. Please upgrade to version 23 or later.',
+    changelog: 'Changelog',
+    noChangelog: 'No changelog available',
+  },
+
+  performance: {
+    title: 'Performance',
+    subtitle: 'Inspect system resources, bridge broker, workers, and active sessions',
+    refresh: 'Refresh',
+    autoRefreshOn: 'Auto refresh',
+    autoRefreshOff: 'Manual refresh',
+    loadFailed: 'Failed to load performance metrics',
+    systemCpu: 'System CPU',
+    systemMemory: 'System Memory',
+    activeSessions: 'Active Sessions',
+    runningSessions: 'Running {count}',
+    workers: 'Workers',
+    totalWorkerMemory: 'Worker memory',
+    processes: 'Processes',
+    uptime: 'Uptime',
+    running: 'Running',
+    stopped: 'Stopped',
+    workerMemory: 'Worker Memory',
+    lastUpdated: 'Updated',
+    profile: 'Profile',
+    memory: 'Memory',
+    sessions: 'Sessions',
+    runningActiveSessions: 'Running / Active',
+    lastUsed: 'Last Used',
+    status: 'Status',
+    noWorkers: 'No workers',
+    sessionsByProfile: 'Sessions by Profile',
+    noActiveSessions: 'No active sessions',
+  },
+
+  // Drawer
+  drawer: {
+    terminal: 'Terminal',
+    files: 'Workspace',
+  },
+
+  // Chat
+  chat: {
+    contextRemaining: 'remaining',
+    contextClickToEdit: 'Click to edit context length',
+    contextEditTitle: 'Edit Context Length',
+    contextEditDesc: 'Set context length limit for current model (in tokens)',
+    contextEditPlaceholder: 'Enter context length',
+    contextEditHint: 'Common values: 256k (Hermes default), 128k (GPT-4), 32k (GPT-3.5)',
+    contextEditSave: 'Save',
+    contextEditCancel: 'Cancel',
+    contextEditInvalid: 'Please enter a valid context length',
+    contextEditSuccess: 'Context length updated',
+    contextEditFailed: 'Update failed',
+    emptyState: 'Start a conversation with Hermes Agent',
+    cliEmptyState: 'Start a CLI chat session',
+    outlineTitle: 'Conversation Outline',
+    outlineEmpty: 'No conversation content',
+    outlineUserQuestion: 'User question',
+    inputPlaceholder: 'Type a message... (Enter to send, Shift+Enter for new line)',
+    slashCommandArgs: {
+      message: '<message>',
+      title: '<title>',
+      text: '<text>',
+    },
+    slashCommands: {
+      usage: 'Calculate current session usage',
+      status: 'Show session status and queue',
+      abort: 'Stop the active bridge run',
+      queue: 'Queue a message behind the active run',
+      plan: 'Write a markdown implementation plan',
+      goal: 'Set a standing goal that continues across turns',
+      goalStatus: 'Show the active goal status',
+      goalPause: 'Pause the active goal loop',
+      goalResume: 'Resume the paused goal loop',
+      goalDone: 'Complete and clear the active goal',
+      goalClear: 'Clear the active goal',
+      subgoal: 'Add a criterion to the active goal',
+      clear: 'Clear the current display',
+      clearHistory: 'Delete this session’s stored message history',
+      title: 'Rename this session',
+      compress: 'Run context compression while idle',
+      steer: 'Send steering text to the active bridge run',
+      destroy: 'Release the bridge agent for this session',
+      reloadMcp: 'Reload MCP servers',
+    },
+    attachFiles: 'Attach files',
+    autoPlaySpeech: 'Auto-play voice',
+    showToolCalls: 'Show tool calls',
+    hideToolCalls: 'Hide tool calls',
+    messageQueue: 'Message queue',
+    removeQueuedMessage: 'Remove queued message',
+    stop: 'Stop',
+    start: 'Start',
+    stopGateway: 'Stop Gateway',
+    send: 'Send',
+    contextUsed: 'Context used:',
+    sessions: 'Sessions',
+    webUiSessions: 'Sessions',
+    allProfiles: 'All profiles',
+    profileMissingModelsTip: 'Profile "{profile}" has no available provider or model for this session',
+    sessionScopeHint: 'Chat shows Web UI/API Server sessions only. CLI, Telegram, Discord, Cron, and other channel sessions are read-only in History.',
+    openHistory: 'Open History',
+    hermesHistory: 'Hermes History',
+    historyScopeHint: 'Read-only Hermes history sessions for the current profile, grouped by source.',
+    noSessions: 'No sessions',
+    searchTitle: 'Search Sessions',
+    searchSubtitle: 'Search by title or message content',
+    searchScope: 'Search scope: Web UI local session database only. Read-only Hermes history sessions are not included.',
+    searchHint: 'Cmd/Ctrl+K',
+    searchPlaceholder: 'Search sessions...',
+    searchEmpty: 'Recent sessions',
+    searchRecent: 'Recent session',
+    searchNoResults: 'No sessions match your search',
+    searchNoSnippet: 'No snippet available',
+    searchEnterHint: 'Enter to open · Esc to close',
+    searchFailed: 'Failed to search sessions',
+    newChat: 'New Chat',
+    approvalKicker: 'Terminal permission',
+    approvalTitle: 'Review command before running',
+    approvalAllowOnce: 'Allow once',
+    approvalAllowSession: 'Allow session',
+    approvalAlways: 'Always',
+    approvalDeny: 'Deny',
+    clarifyKicker: 'Agent needs clarification',
+    clarifyTitle: 'The agent has a question for you',
+    clarifyPlaceholder: 'Type your answer...',
+    clarifySubmit: 'Reply',
+    clarifyDismiss: 'Dismiss',
+    newCliChat: 'New CLI',
+    deleteSession: 'Delete this session?',
+    sessionDeleted: 'Session deleted',
+    toggleBatchMode: 'Batch selection',
+    selectAll: 'Select all',
+    confirmBatchDelete: 'Delete {count} selected sessions?',
+    batchDeleteSuccess: 'Deleted {count} sessions',
+    batchDeletePartial: '{failed} sessions failed to delete',
+    batchDeleteFailed: 'Batch delete failed',
+    importToWebUi: 'Import to Web UI',
+    importSessionSuccess: 'Session imported to Web UI',
+    importSessionAlreadyExists: 'Session already exists in Web UI',
+    importSessionFailed: 'Failed to import session',
+    rename: 'Rename',
+    pin: 'Pin',
+    unpin: 'Unpin',
+    pinned: 'Pinned',
+    chatMode: 'Chat',
+    liveMode: 'Live',
+    liveSessions: 'Live Sessions',
+    recentBadge: 'Recent',
+    linkedSessions: '{count} linked',
+    noVisibleMessages: 'No human-visible messages.',
+    monitorRoleUser: 'User',
+    monitorRoleAssistant: 'Assistant',
+    copySessionLink: 'Copy Session Link',
+    openSessionInNewTab: 'Open in new tab',
+    sessionLinkCopied: 'Session link copied',
+    copySessionId: 'Copy Session ID',
+    export: 'Export',
+    exportFull: 'Full Export (JSON)',
+    exportCompressed: 'Compressed Export (TXT)',
+    exportCompressing: 'Compressing context, please wait...',
+    exportSuccess: 'Session exported',
+    exportFailed: 'Export failed',
+    renamed: 'Renamed',
+    renameFailed: 'Rename failed',
+    renameSession: 'Rename Session',
+    sessionNotFound: 'Session not found',
+    enterNewTitle: 'Enter new title',
+    workspace: 'Workspace',
+    setWorkspace: 'Set Workspace',
+    setWorkspaceTitle: 'Set Session Workspace',
+    workspacePlaceholder: 'Enter project path, e.g. /home/user/project',
+    workspaceSet: 'Workspace set',
+    workspaceSetFailed: 'Failed to set workspace',
+    setModel: 'Set Model',
+    setModelTitle: 'Set Session Model',
+    modelSet: 'Model set',
+    modelSetFailed: 'Failed to set model',
+    other: 'Other',
+    runFailed: 'Run failed',
+    error: 'Error',
+    tool: 'Tool',
+    arguments: 'Arguments',
+    result: 'Result',
+    truncated: '... (truncated)',
+    executionDuration: 'Execution time',
+    thinkingLabel: 'Thinking',
+    thinkingInProgress: 'Thinking…',
+    thinkingShow: 'Show thinking',
+    thinkingHide: 'Hide thinking',
+    thinkingDuration: 'Observed {duration}',
+    thinkingChars: '{count} chars',
+    copyBubble: 'Copy message',
+    copiedBubble: 'Message copied',
+    copyFailed: 'Copy failed',
+    playSpeech: 'Play voice',
+    pauseSpeech: 'Pause',
+    resumeSpeech: 'Resume',
+    stopSpeech: 'Stop',
+    speechNotSupported: 'Voice playback not supported in this browser',
+  },
+
+  // Kanban
+  kanban: {
+    title: 'Kanban Board',
+    createTask: 'New Task',
+    noTasks: 'No tasks',
+    allStatuses: 'All Statuses',
+    allAssignees: 'All Assignees',
+    board: {
+      create: 'New Board',
+      archive: 'Archive Board',
+      slugPlaceholder: 'Board slug, e.g. project-a',
+      namePlaceholder: 'Display name (optional)',
+      slugRequired: 'Board slug is required',
+      created: 'Board created',
+      archived: 'Board archived',
+      archiveConfirm: 'Archive the current board?',
+    },
+    columns: {
+      triage: 'Triage',
+      todo: 'To Do',
+      ready: 'Ready',
+      running: 'Running',
+      blocked: 'Blocked',
+      done: 'Done',
+      archived: 'Archived',
+    },
+    form: {
+      title: 'Title',
+      titlePlaceholder: 'Task title',
+      titleRequired: 'Title is required',
+      body: 'Description',
+      bodyPlaceholder: 'Task description (optional)',
+      assignee: 'Assignee',
+      selectAssignee: 'Select assignee...',
+      priority: 'Priority',
+      selectPriority: 'Select priority...',
+    },
+    card: {
+      assigneeTooltip: 'Assignee',
+      priority: {
+        low: 'Low',
+        medium: 'Medium',
+        high: 'High',
+      },
+      timeAgo: {
+        justNow: 'just now',
+        minutes: '{count}m ago',
+        hours: '{count}h ago',
+        days: '{count}d ago',
+      },
+    },
+    detail: {
+      status: 'Status',
+      assignee: 'Assignee',
+      priority: 'Priority',
+      tenant: 'Tenant',
+      createdAt: 'Created',
+      startedAt: 'Started',
+      completedAt: 'Completed',
+      comments: 'Comments',
+      events: 'Events',
+      runs: 'Runs',
+      result: 'Result',
+      sessions: 'Related Sessions',
+      sessionMessages: 'Session Messages',
+      noSessions: 'No related sessions found.',
+      artifacts: 'Artifacts',
+      sources: 'Sources',
+      highlights: 'Highlights',
+    },
+    action: {
+      title: 'Actions',
+      complete: 'Complete',
+      completeSummary: 'Completion summary (optional)',
+      block: 'Block',
+      blockReason: 'Reason for blocking',
+      unblock: 'Unblock',
+      assign: 'Assign',
+      assignTo: 'Assign to...',
+    },
+    message: {
+      taskCreated: 'Task created',
+      taskCompleted: 'Task completed',
+      taskBlocked: 'Task blocked',
+      taskUnblocked: 'Task unblocked',
+      taskAssigned: 'Task assigned',
+      loadFailed: 'Failed to load task',
+    },
+    stats: {
+      total: 'Total',
+      tasks: 'Tasks',
+    },
+  },
+
+  // Jobs
+  jobs: {
+    title: 'Scheduled Jobs',
+    createJob: 'Create Job',
+    editJob: 'Edit Job',
+    noJobs: 'No scheduled jobs yet. Create one to get started.',
+    name: 'Name',
+    namePlaceholder: 'Job name',
+    schedule: 'Schedule (Cron Expression)',
+    schedulePlaceholder: 'e.g. 0 9 * * *',
+    quickPresets: 'Quick Presets',
+    selectPreset: 'Select a preset...',
+    presetEveryMinute: 'Every minute',
+    presetEvery5Min: 'Every 5 minutes',
+    presetEveryHour: 'Every hour',
+    presetEveryDay: 'Every day at 00:00',
+    presetEveryDay9: 'Every day at 09:00',
+    presetEveryMonday: 'Every Monday at 09:00',
+    presetEveryMonth: 'Every month 1st at 09:00',
+    prompt: 'Prompt',
+    promptPlaceholder: 'The prompt to execute',
+    deliverTarget: 'Deliver Target',
+    origin: 'Origin',
+    local: 'Local',
+    repeatCount: 'Repeat Count (optional)',
+    modelPlaceholder: 'Default model',
+    repeatPlaceholder: 'Leave empty for infinite',
+    jobCreated: 'Job created',
+    jobUpdated: 'Job updated',
+    nameRequired: 'Name is required',
+    scheduleRequired: 'Schedule is required',
+    loadFailed: 'Failed to load job',
+    jobPaused: 'Job paused',
+    jobResumed: 'Job resumed',
+    jobTriggered: 'Job triggered',
+    modelUpdated: 'Model updated',
+    jobDeleted: 'Job deleted',
+    status: {
+      running: 'Running',
+      paused: 'Paused',
+      disabled: 'Disabled',
+      scheduled: 'Scheduled',
+    },
+    info: {
+      model: 'Model',
+      schedule: 'Schedule',
+      lastRun: 'Last Run',
+      nextRun: 'Next Run',
+      deliver: 'Deliver',
+      repeat: 'Repeat',
+    },
+    action: {
+      pause: 'Pause',
+      pauseJob: 'Pause job',
+      resume: 'Resume',
+      resumeJob: 'Resume job',
+      runNow: 'Run Now',
+      triggerImmediately: 'Trigger immediately',
+    },
+    runHistory: {
+      title: 'Run History',
+      runs: 'runs',
+      noRuns: 'No run history found.',
+    },
+  },
+
+  // Skills
+  skills: {
+    title: 'Skills',
+    searchPlaceholder: 'Search skills...',
+    noMatch: 'No skills match your search',
+    noSkills: 'No skills found',
+    backTo: 'Back to',
+    attachedFiles: 'Attached Files',
+    loadFailed: 'Failed to load skill',
+    fileLoadFailed: 'Failed to load file',
+    modified: 'Modified',
+    archived: 'Archived',
+    pinned: 'Pinned',
+    pin: 'Pin skill',
+    unpin: 'Unpin skill',
+    pinFailed: 'Failed to change pin status',
+    toggleFailed: 'Failed to toggle skill',
+    source: {
+      builtin: 'Builtin',
+      hub: 'Hub',
+      local: 'Local',
+      external: 'External',
+    },
+  },
+
+  // Plugins
+  plugins: {
+    title: 'Plugins',
+    refresh: 'Refresh',
+    notice: 'Read-only inventory of discoverable Hermes plugin manifests. Discovery metadata is read without loading plugin code. Management actions stay in CLI for v1; changes take effect in new Hermes sessions.',
+    loadFailed: 'Failed to load plugins',
+    commandCopied: 'Command copied',
+    searchPlaceholder: 'Search key, name, description, path...',
+    source: 'Source',
+    kind: 'Kind',
+    statusTitle: 'Status',
+    configStatus: 'config: {status}',
+    notAvailable: 'n/a',
+    copyCommand: 'Copy command',
+    managedElsewhere: 'managed elsewhere',
+    noMatch: 'No plugins match the current filters',
+    enabled: 'enabled',
+    disabled: 'disabled',
+    summary: {
+      total: 'Total',
+      active: 'Enabled / auto',
+      inactive: 'Inactive',
+      disabled: 'Disabled',
+      providerManaged: 'Provider-managed',
+    },
+    status: {
+      enabled: 'Enabled',
+      'auto-active': 'Auto-active',
+      inactive: 'Inactive',
+      disabled: 'Disabled',
+      'provider-managed': 'Provider-managed',
+    },
+    statusLabel: {
+      enabled: 'Enabled by config',
+      'auto-active': 'Auto-active',
+      inactive: 'Inactive',
+      disabled: 'Disabled',
+      'provider-managed': 'Provider-managed',
+    },
+    configStatuses: {
+      enabled: 'enabled',
+      disabled: 'disabled',
+      'not-enabled': 'not enabled',
+      auto: 'auto',
+      'provider-managed': 'provider-managed',
+    },
+    table: {
+      plugin: 'Plugin',
+      status: 'Status',
+      source: 'Source',
+      kind: 'Kind',
+      capabilities: 'Capabilities',
+      path: 'Path / entrypoint',
+      cli: 'CLI',
+    },
+    capabilities: {
+      tools: '{count} tools',
+      hooks: '{count} hooks',
+      env: '{count} env',
+    },
+    metadata: {
+      agentRoot: 'Agent root',
+      python: 'Python',
+      scanCwd: 'Scan cwd',
+      projectPlugins: 'Project plugins',
+    },
+  },
+
+  // Memory
+  memory: {
+    title: 'Memory',
+    refresh: 'Refresh',
+    loadFailed: 'Failed to load memory',
+    myNotes: 'My Notes',
+    noNotes: 'No notes yet.',
+    notesPlaceholder: 'Write your notes...',
+    userProfile: 'User Profile',
+    noProfile: 'No profile yet.',
+    profilePlaceholder: 'Write your profile...',
+    soul: 'Soul',
+    noSoul: 'No soul configuration yet.',
+    soulPlaceholder: 'Write soul configuration...',
+  },
+
+  // Models
+  models: {
+    title: 'Models',
+    searchPlaceholder: 'Search models...',
+    addProvider: 'Add Provider',
+    providerType: 'Provider Type',
+    preset: 'Preset',
+    custom: 'Custom',
+    selectProvider: 'Select Provider',
+    chooseProvider: 'Choose a provider...',
+    getApiKey: 'Get API Key',
+    name: 'Name',
+    autoGeneratedName: 'Auto-generated from Base URL',
+    baseUrl: 'Base URL',
+    region: 'Region',
+    regionIntl: 'International',
+    regionCn: 'Mainland China',
+    baseUrlPlaceholder: 'e.g. https://api.example.com/v1',
+    apiKey: 'API Key',
+    apiKeyPlaceholder: 'sk-...',
+    defaultModel: 'Default Model',
+    selectOrInput: 'Select or type a model name...',
+    selectModel: 'Select a model...',
+    providerAdded: 'Provider added',
+    providerDeleted: 'Provider deleted',
+    deleteProvider: 'Delete Provider',
+    deleteConfirm: 'Are you sure you want to delete "{name}"?',
+    codexLoginTitle: 'OpenAI Codex Login',
+    codexWaiting: 'Enter this code at the authorization page to complete login:',
+    codexCopyCode: 'Code copied',
+    codexOpenLink: 'Open authorization page',
+    codexApproved: 'Login successful',
+    codexExpired: 'Authorization expired. Please try again.',
+    nousLoginTitle: 'Nous Portal Login',
+    nousWaiting: 'Enter this code at the authorization page to complete login:',
+    nousCopyCode: 'Code copied',
+    nousOpenLink: 'Open authorization page',
+    nousApproved: 'Login successful',
+    nousDenied: 'Authorization was denied. Please try again.',
+    nousExpired: 'Authorization expired. Please try again.',
+    copilotLoginTitle: 'GitHub Copilot Login',
+    copilotWaiting: 'Open GitHub and enter the device code below to authorize. The window will close automatically once approved.',
+    copilotCopyCode: 'Code copied',
+    copilotOpenLink: 'Open GitHub authorization page',
+    copilotApproved: 'Sign-in succeeded!',
+    copilotDenied: 'Authorization denied.',
+    copilotExpired: 'The authorization link has expired. Please retry.',
+    copilotAddDetectedTitle: 'GitHub Copilot detected',
+    copilotAddDetected: 'A GitHub Copilot OAuth token was detected on this machine. Click Add to enable Copilot in Hermes.',
+    copilotAddSourceEnv: 'Source: ~/.hermes/.env (COPILOT_GITHUB_TOKEN)',
+    copilotAddSourceGhCli: 'Source: gh CLI (gh auth token)',
+    copilotAddSourceAppsJson: 'Source: VS Code Copilot extension (apps.json)',
+    copilotDeleteHintEnv: 'This will clear COPILOT_GITHUB_TOKEN in ~/.hermes/.env. Other tools are not affected.',
+    copilotDeleteHintGhCli: 'Copilot will be hidden from Hermes. Your gh CLI login is not affected — `gh auth status` will still show you signed in.',
+    copilotDeleteHintAppsJson: 'Copilot will be hidden from Hermes. Your VS Code Copilot extension login is not affected.',
+    xaiLoginTitle: 'xAI Grok OAuth Login',
+    xaiWaiting: 'Complete authorization in the opened xAI page. This window will close automatically once approved.',
+    xaiOpenLink: 'Open xAI authorization page',
+    xaiCopyLink: 'Copy authorization link',
+    xaiApproved: 'Sign-in succeeded!',
+    xaiExpired: 'The authorization link has expired. Please retry.',
+    customBadge: 'CUSTOM',
+    previewBadge: 'PREVIEW',
+    disabledBadge: 'UNAVAILABLE',
+    disabledTooltip: "This model is currently unavailable for your account.",
+    customModelPlaceholder: 'Unlisted model ID',
+    customModelHint: 'For provider-supported models not returned by the API; not a display rename. Press Enter to load.',
+    removeCustomModel: 'Remove this unlisted model',
+    noProviders: 'No providers found. Add a custom provider to get started.',
+    models: 'Models',
+    count: 'models',
+    more: 'more',
+    aliasEdit: 'Rename',
+    aliasTitle: 'Model display name',
+    aliasTitleFor: 'Display name for {model}',
+    aliasPlaceholder: 'Leave empty to use original model ID',
+    aliasHint: 'Display-only alias. Hermes still receives the canonical model ID.',
+    aliasCanonical: 'Original ID: {model}',
+    aliasUseOriginal: 'Use original ID',
+    aliasManage: 'Display names',
+    aliasManageFor: 'Display names for {provider}',
+    aliasSaveFailed: 'Failed to save display name',
+    manageVisibleModels: 'Manage visible models',
+    manageVisibleModelsFor: 'Manage visible models for {name}',
+    visibilityHint: 'Only affects the Web UI model picker and Models page. Hermes CLI provider/model config is not rewritten; calls still use canonical model IDs.',
+    visibilitySelectOne: 'Keep at least one visible model',
+    visibilitySaved: 'Visible models saved',
+    visibilitySaveFailed: 'Failed to save visible models',
+    showAllModels: 'Show all models',
+    clearVisibleModels: 'Clear selection',
+    currentDefault: 'Current default',
+    defaultShort: 'Default',
+    builtIn: 'Built-in',
+    customType: 'Custom',
+    provider: 'Provider',
+    contextLength: 'Context Length',
+    contextLengthPlaceholder: 'e.g. 256000 (optional)',
+    local: 'Local ({host})',
+    selectProviderRequired: 'Please select a provider',
+    baseUrlRequired: 'Base URL is required',
+    apiKeyRequired: 'API Key is required',
+    modelRequired: 'Default Model is required',
+    enterBaseUrl: 'Please enter Base URL first',
+    unexpectedFormat: 'Unexpected response format',
+    foundModels: 'Found {count} models',
+    fetchFailed: 'Failed to fetch models',
+  },
+
+  // Profiles
+  gateways: {
+    title: 'Gateways',
+    running: 'Running',
+    stopped: 'Stopped',
+    started: 'Started',
+    startFailed: 'Failed to start gateway',
+    stopFailed: 'Failed to stop gateway',
+  },
+  profiles: {
+    title: 'Profiles',
+    create: 'Create Profile',
+    import: 'Import',
+    export: 'Export',
+    rename: 'Rename',
+    delete: 'Delete',
+    switchTo: 'Switch Hermes Profile',
+    switchConfirm: 'This will run `hermes profile use {name}` and change the active Hermes CLI profile. Continue?',
+    switchSuccess: 'Hermes active profile switched to "{name}"',
+    switchFailed: 'Failed to switch Hermes profile. Gateway may need manual restart.',
+    createSuccess: 'Profile "{name}" created',
+    createFailed: 'Failed to create profile',
+    renameSuccess: 'Profile renamed',
+    renameFailed: 'Failed to rename profile',
+    deleteConfirm: 'Are you sure you want to delete profile "{name}"?',
+    deleteSuccess: 'Profile deleted',
+    deleteFailed: 'Failed to delete profile',
+    exportSuccess: 'Profile exported',
+    exportFailed: 'Failed to export profile',
+    importSuccess: 'Profile imported',
+    importFailed: 'Failed to import profile',
+    importSelectFile: 'Select archive file',
+    importInvalidFile: 'Please select a valid archive (.tar.gz, .tgz, .gz, .zip)',
+    name: 'Profile Name',
+    namePlaceholder: 'Lowercase letters, numbers, hyphens only',
+    nameValidation: 'Profile name can only contain lowercase letters, numbers, underscores, and hyphens',
+    newName: 'New Name',
+    newNamePlaceholder: 'Lowercase letters, numbers, hyphens',
+    cloneFromCurrent: 'Clone from current profile',
+    cloneCleanupNotice: 'Cloning automatically skips exclusive platform credentials (Weixin / Telegram / Slack, etc.) to avoid conflicts with the source profile',
+    cloneStrippedCredentials: 'Stripped {count} exclusive credential(s): {list}',
+    cloneDisabledPlatforms: 'Disabled {count} platform(s): {list}',
+    cloneStrippedConfigCredentials: 'Stripped {count} embedded credential(s) from config.yaml: {list}',
+    archivePath: 'Archive Path',
+    archivePathPlaceholder: 'Server path to archive file',
+    importName: 'Profile Name (optional)',
+    importNamePlaceholder: 'Leave empty to use archive name',
+    active: 'Active',
+    model: 'Model',
+    gateway: 'Gateway',
+    alias: 'Alias',
+    provider: 'Provider',
+    path: 'Path',
+    skills: 'Skills',
+    hasEnv: 'Has .env',
+    hasSoulMd: 'Has soul.md',
+    noProfiles: 'No profiles found. Create one to get started.',
+    avatar: {
+      title: 'Custom Avatar',
+      customize: 'Avatar',
+      upload: 'Upload Image',
+      random: 'Randomize',
+      reset: 'Use Default',
+      hint: 'PNG, JPEG, or WebP. Max 1MB.',
+      invalidType: 'Please choose a PNG, JPEG, or WebP image',
+      tooLarge: 'Avatar image must be 1MB or smaller',
+      saveSuccess: 'Avatar saved',
+      saveFailed: 'Failed to save avatar',
+      resetSuccess: 'Default avatar restored',
+      resetFailed: 'Failed to restore default avatar',
+    },
+    runtime: {
+      activeProfile: 'Active: {name}',
+      bridgeWorker: 'Bridge worker',
+      gateway: 'Gateway',
+      active: 'Active',
+      activeTag: 'Active',
+      idle: 'Idle',
+      checking: 'Checking',
+      running: 'Running',
+      stopped: 'Stopped',
+      restartGateway: 'Restart Gateway',
+      restartProfile: 'Restart Profile',
+      switchProfile: 'Switch Frontend Profile',
+      gatewayRestarted: 'Gateway restarted: {name}',
+      gatewayRestartFailed: 'Failed to restart gateway',
+      profileRestarted: 'Profile restarted: {name}',
+      profileRestartFailed: 'Failed to restart profile',
+    },
+  },
+
+  // Logs
+  logs: {
+    title: 'Logs',
+    all: 'All',
+    searchPlaceholder: 'Search...',
+    refresh: 'Refresh',
+    noEntries: 'No log entries',
+  },
+
+  // Settings
+  settings: {
+    title: 'Settings',
+    saved: 'Saved',
+    saveFailed: 'Save failed',
+    tabs: {
+      display: 'Display',
+      account: 'Current Account',
+      users: 'Account Management',
+      agent: 'Agent',
+      memory: 'Memory',
+      compression: 'Compression',
+      session: 'Session',
+      privacy: 'Privacy',
+      apiServer: 'API Server',
+      models: 'Models',
+      voice: 'Voice',
+    },
+    models: {
+      apiKey: 'API Key',
+      apiKeyPlaceholder: 'Enter API key',
+      save: 'Save',
+      saved: 'Saved',
+      saveFailed: 'Save failed',
+      noProviders: 'No providers configured',
+    },
+    display: {
+      streaming: 'Stream Responses',
+      streamingHint: 'Show AI replies in real-time',
+      compact: 'Compact Mode',
+      compactHint: 'Reduce message spacing',
+      showReasoning: 'Show Reasoning',
+      showReasoningHint: 'Show model thinking process',
+      showCost: 'Show Cost',
+      showCostHint: 'Show token usage in replies',
+      inlineDiffs: 'Inline Diffs',
+      inlineDiffsHint: 'Show code changes inline',
+      bellOnComplete: 'Completion Sound',
+      bellOnCompleteHint: 'Play sound when AI finishes',
+      busyInputMode: 'Busy Input Mode',
+      busyInputModeHint: 'Allow input while AI is processing',
+      theme: 'Theme',
+      themeHint: 'Choose light, dark, or follow system preference',
+      themeLight: 'Light',
+      themeDark: 'Dark',
+      themeSystem: 'System',
+    },
+    agent: {
+      maxTurns: 'Max Turns',
+      maxTurnsHint: 'Maximum interaction rounds per conversation',
+      gatewayTimeout: 'Gateway Timeout',
+      gatewayTimeoutHint: 'Request timeout in seconds',
+      restartDrainTimeout: 'Restart Drain Timeout',
+      restartDrainTimeoutHint: 'Drain timeout before restart in seconds',
+      toolEnforcement: 'Tool Enforcement',
+      toolEnforcementHint: 'Control tool call execution mode',
+      auto: 'Auto',
+      always: 'Always',
+      never: 'Never',
+    },
+    memory: {
+      enabled: 'Enable Memory',
+      enabledHint: 'Allow AI to remember conversation context',
+      userProfile: 'User Profile',
+      userProfileHint: 'Allow AI to remember user preferences',
+      charLimit: 'Memory Char Limit',
+      charLimitHint: 'Max characters for MEMORY.md',
+      userCharLimit: 'User Profile Char Limit',
+      userCharLimitHint: 'Max characters for USER.md',
+    },
+    compression: {
+      enabled: 'Enable Compression',
+      enabledHint: 'Automatically compress long chat history before it exceeds the model context',
+      threshold: 'Compression Threshold',
+      thresholdHint: 'Start compression when estimated tokens exceed this context ratio',
+      targetRatio: 'Target Ratio',
+      targetRatioHint: 'Target history size after compression as a context ratio',
+      protectLastN: 'Protect Recent Messages',
+      protectLastNHint: 'Keep this many latest messages uncompressed',
+      protectFirstN: 'Protect First Messages',
+      protectFirstNHint: 'Keep this many earliest messages uncompressed',
+    },
+    session: {
+      mode: 'Reset Mode',
+      modeHint: 'Trigger condition for session reset',
+      modeBoth: 'Idle + Scheduled',
+      modeIdle: 'Idle Only',
+      modeDaily: 'Scheduled Only',
+      modeNone: 'Never (Manual Only)',
+      idleMinutes: 'Idle Timeout',
+      idleMinutesHint: 'Wait time before auto-reset (minutes)',
+      atHour: 'Scheduled Reset Time',
+      humanOnly: 'Show human sessions only',
+      humanOnlyHint: 'Hide sub-agent/session monitor noise by default',
+      liveMonitorHumanOnly: 'Live monitor: show human sessions only',
+      liveMonitorHumanOnlyHint: 'Hide sub-agent/session monitor noise in the Live monitor by default',
+      atHourHint: 'Reset session at this hour daily',
+      requireAuth: 'Session Authorization',
+      requireAuthHint: 'Require authorization for session operations',
+    },
+    privacy: {
+      redactPii: 'Redact PII',
+      redactPiiHint: 'Auto-detect and hide sensitive info (passwords, keys, etc.)',
+    },
+    apiServer: {
+      enable: 'Enable',
+      enableHint: 'Enable API server',
+      host: 'Host',
+      hostHint: 'Listen address',
+      port: 'Port',
+      portHint: 'Listen port',
+      key: 'Key',
+      keyHint: 'API access key',
+      cors: 'CORS Origins',
+      corsHint: 'Allowed cross-origin sources',
+    },
+    lockedIps: {
+      title: 'Locked IPs',
+      count: '{count} locked',
+      empty: 'No locked IPs',
+      unlock: 'Unlock',
+      unlockAll: 'Unlock All',
+      unlockAllConfirm: 'Unlock all locked IPs?',
+      unlocked: 'IP unlocked',
+      allUnlocked: '{count} IPs unlocked',
+    },
+    voice: {
+      ttsProvider: 'TTS Provider',
+      ttsProviderHint: 'Choose the text-to-speech engine for message playback',
+      providerWebSpeech: 'WebSpeech API (Browser)',
+      providerOpenai: 'OpenAI TTS',
+      providerCustom: 'Custom Endpoint (OpenAI-compatible)',
+      providerEdge: 'Edge TTS (Free, no API Key)',
+
+      // WebSpeech
+      webspeechVoice: 'Voice',
+      webspeechVoiceHint: 'Select a voice from your browser or OS',
+      webspeechVoicePlaceholder: 'Auto (default voice)',
+
+      // OpenAI
+      openaiKey: 'API Key',
+      openaiKeyHint: 'Your OpenAI API key with TTS access',
+      openaiUrl: 'API Base URL',
+      openaiUrlHint: 'e.g. https://api.openai.com/v1/audio/speech',
+      openaiModel: 'Model',
+      openaiModelHint: 'tts-1 (faster) / tts-1-hd (higher quality)',
+      openaiVoice: 'Voice',
+      openaiVoiceHint: 'Voice to use for synthesis',
+
+      // Custom endpoint
+      customHint: 'Use any OpenAI-compatible TTS API — works with GPT-SoVITS, CosyVoice, etc.',
+      customUrl: 'API URL',
+      customUrlHint: 'Base URL of your TTS service',
+      customUrlPlaceholder: 'The address configured in the local adapter, e.g. http://127.0.0.1:9880',
+      customApiKey: 'API Key (Optional)',
+      customApiKeyHint: 'Some custom endpoints require authentication',
+      customApiKeyPlaceholder: 'Leave blank if not needed',
+      // Edge TTS
+      edgeHint: 'Powered by Microsoft Edge TTS (node-edge-tts).',
+      edgeUrl: 'Adapter URL',
+      edgeUrlHint: 'Address of your Edge TTS adapter, e.g. http://127.0.0.1:9882',
+      edgeUrlPlaceholder: 'http://127.0.0.1:9882',
+      edgeVoice: 'Voice',
+      edgeVoiceHint: 'Select a voice for speech synthesis',
+      edgeRate: 'Speed',
+      edgeRateHint: 'Adjust speech speed (0.5x ~ 2.0x)',
+      edgePitch: 'Pitch',
+      edgePitchHint: 'Adjust speech pitch (-20 ~ +20 Hz)',
+
+      // Test
+      testTitle: 'Test Voice',
+      testText: 'Test Text',
+      testTextPlaceholder: 'Enter text to test...',
+      testTextDefault: 'Hello, this is a voice test.',
+      testButton: 'Test',
+      testButtonPlaying: 'Playing...',
+      testFailed: 'Test failed: {error}',
+
+      // MiMo TTS
+      providerMimo: 'MiMo TTS',
+      mimoHint: 'Xiaomi MiMo TTS — supports preset voices, voice design, and voice clone modes',
+      mimoApiKey: 'API Key',
+      mimoApiKeyHint: 'Get your key at platform.xiaomimimo.com',
+      mimoApiKeyPlaceholder: 'MiMo API Key',
+      mimoBaseUrl: 'Base URL',
+      mimoBaseUrlHint: 'MiMo API endpoint URL',
+      mimoModel: 'Model',
+      mimoModelHint: 'Select speech synthesis model',
+      mimoModelPreset: 'Preset Voices',
+      mimoModelVoiceDesign: 'Voice Design',
+      mimoModelVoiceClone: 'Voice Clone',
+      mimoVoice: 'Voice',
+      mimoVoiceHint: 'Select a preset voice',
+      mimoVoiceDesignPrompt: 'Voice Description',
+      mimoVoiceDesignPromptHint: 'Describe the voice characteristics you want',
+      mimoVoiceDesignPromptPlaceholder: 'e.g., A warm young female voice, slightly slow, with a magnetic tone',
+      mimoCloneAudio: 'Upload Audio',
+      mimoCloneAudioHint: 'Upload an audio sample for voice cloning (mp3/wav, max 10MB)',
+      mimoCloneAudioUpload: 'Choose File',
+      mimoCloneAudioClear: 'Clear',
+      mimoStylePrompt: 'Style Prompt',
+      mimoStylePromptHint: 'Optional — describe the speaking style in natural language',
+      mimoStylePromptPlaceholder: 'e.g., Bright and bouncy tone, fast pace',
+    },
+  },
+  githubPreview: {
+    title: "Version Preview",
+    description: "Clone a selected GitHub tag into the Web UI preview workspace, install dependencies, and run it with the development ports.",
+    refresh: "Refresh",
+    selectTag: "Select a tag",
+    prepare: "Prepare Code",
+    install: "Install Dependencies",
+    start: "Start Preview",
+    stop: "Stop",
+    note: "Preview code is stored under the Web UI data home. Production remains on port 8648; preview development runs on frontend 8651 and backend 8650.",
+    path: "Preview Path",
+    webuiHome: "Preview Data Home",
+    currentTag: "Current Tag",
+    repoReady: "Repository Ready",
+    dependencies: "Dependencies Installed",
+    running: "Running",
+    notRunning: "Not running",
+    open: "Open Preview",
+    log: "Action Log Path",
+    logOutput: "Log Output",
+    actionLog: "Action Log",
+    devLog: "Dev Server Log",
+    yes: "Yes",
+    no: "No",
+    actionFailed: "Action failed",
+    nodeEnvironmentMissing: "Node/npm was not detected. Please install Node.js and try again.",
+    prepareSuccess: "Preview code is ready",
+    installSuccess: "Dependencies installed",
+    startSuccess: "Preview completed",
+    stopSuccess: "Preview stopped",
+  },
+
+  codingAgents: {
+    title: "Coding Agents",
+    notice: "Not all providers and models are compatible.",
+    claudeDescription: "Anthropic CLI for one-shot print mode and interactive coding sessions.",
+    codexDescription: "OpenAI CLI and Hermes openai-codex provider flow for repository tasks.",
+    copyCommand: "Copy",
+    commandCopied: "Command copied",
+    commandCopyFailed: "Copy failed",
+    refresh: "Refresh",
+    checking: "Checking",
+    installStatus: "Install status",
+    installed: "Installed",
+    notInstalled: "Not installed",
+    installNow: "Install",
+    installing: "Installing",
+    installSuccess: "Installed",
+    installFailed: "Install failed",
+    nodeEnvironmentMissing: "Node/npm was not detected. Please install Node.js and try again.",
+    deleteNow: "Delete",
+    deleting: "Deleting",
+    deleteSuccess: "Deleted",
+    deleteFailed: "Delete failed",
+    configFiles: "Config files",
+    profileScope: "Profile",
+    providerScope: "Provider",
+    providerPlaceholder: "e.g. custom:glm",
+    modelScope: "Model",
+    modelPlaceholder: "Select model",
+    launchModeScope: "Launch mode",
+    launchModeGlobal: "Global config",
+    launchModeScoped: "Provider and model",
+    protocolScope: "Protocol",
+    protocolOpenAiChat: "OpenAI Chat Completions (/v1/chat/completions)",
+    protocolOpenAiResponses: "OpenAI Responses (/v1/responses)",
+    protocolAnthropicMessages: "Anthropic Messages (/v1/messages)",
+    reloadConfig: "Reload config",
+    configFileNotCreated: "Not created",
+    configLoadFailed: "Failed to read config file",
+    loadFailed: "Failed to inspect coding agents",
+    launch: "Launch",
+    launchTitle: "Launch Coding Agent",
+    nativeTerminal: "Native Terminal",
+    builtInTerminal: "Built-in Terminal",
+    launchPrepared: "Launch config prepared",
+    launchPrepareFailed: "Failed to prepare launch config",
+    nativeLaunchStarted: "Native terminal opened",
+    nativeLaunchFailed: "Failed to open native terminal",
+    terminalTitle: "Coding Agent Terminal",
+    loadProvidersFailed: "Failed to load providers for the current profile",
+    selectProviderModel: "Select a provider and model",
+    launchConfigDir: "Launch config directory",
+    launchCommand: "Launch command",
+    table: {
+      tool: "Tool",
+      kind: "Step",
+      command: "Command",
+      note: "Note",
+      action: "Action",
+    },
+    kinds: {
+      install: "Install",
+      auth: "Auth",
+      health: "Health",
+      run: "Run",
+    },
+    notes: {
+      claudeInstall: "Installs the Claude Code CLI globally.",
+      codexInstall: "Installs the Codex CLI globally.",
+      claudeAuth: "Checks Claude Code login state; run claude once if login is missing.",
+      codexAuth: "Adds Hermes-managed OpenAI Codex OAuth credentials.",
+      claudeHealth: "Checks updater and local CLI health.",
+      codexHealth: "Confirms the Codex CLI is available on PATH.",
+      claudeRun: "Print mode is the cleanest path for API-driven one-shot tasks.",
+      codexRun: "Codex one-shot tasks must run inside a git repository.",
+    },
+  },
+
+  // Platform channel settings
+  platform: {
+    requireMention: "Require {'@'}Mention",
+    requireMentionGroup: "Require {'@'}mention in groups to respond",
+    requireMentionChannel: "Require {'@'}mention in channels to respond",
+    requireMentionRoom: "Require {'@'}mention in rooms to respond",
+    reactions: 'Reactions',
+    reactionsHint: 'React to messages with emoji',
+    freeResponseChats: 'Free Response Chats',
+    freeResponseChatsHint: "Chat IDs that respond without {'@'}mention (comma-separated)",
+    freeResponseChannels: 'Free Response Channels',
+    freeResponseChannelsHint: "Channel IDs that respond without {'@'}mention (comma-separated)",
+    freeResponseRooms: 'Free Response Rooms',
+    freeResponseRoomsHint: "Room IDs that respond without {'@'}mention (comma-separated)",
+    mentionPatterns: 'Custom Mention Patterns',
+    mentionPatternsHint: 'Additional trigger patterns',
+    autoThread: 'Auto Thread',
+    autoThreadHint: "Auto-create reply threads after {'@'}mention",
+    autoThreadHintRoom: 'Auto-create reply threads in rooms',
+    dmMentionThreads: 'DM Mention Threads',
+    dmMentionThreadsHint: 'Use thread replies for mentions in DMs',
+    allowBots: 'Allow Bot Messages',
+    allowBotsHint: 'Respond to messages from other bots',
+    allowedChannels: 'Allowed Channels',
+    allowedChannelsHint: 'Whitelist channel IDs (comma-separated)',
+    ignoredChannels: 'Ignored Channels',
+    ignoredChannelsHint: 'Channels where bot never responds (comma-separated)',
+    noThreadChannels: 'No-Thread Channels',
+    noThreadChannelsHint: 'Channels where bot responds without threads (comma-separated)',
+    exclusiveTokenWarning: 'This platform uses exclusive token locking. Each profile must use a different identity token to avoid conflicts with other profiles.',
+    botToken: 'Bot Token',
+    botTokenHint: 'Bot token from developer portal',
+    accessToken: 'Access Token',
+    accessTokenHint: 'Matrix access token',
+    homeserver: 'Homeserver URL',
+    homeserverHint: 'Matrix homeserver URL',
+    appId: 'App ID',
+    appIdHint: 'Feishu App ID',
+    appSecret: 'App Secret',
+    appSecretHint: 'Feishu App Secret',
+    clientId: 'Client ID',
+    clientIdHint: 'DingTalk Client ID',
+    clientSecret: 'Client Secret',
+    clientSecretHint: 'DingTalk Client Secret',
+    cardTemplateId: 'AI Card Template ID',
+    cardTemplateIdHint: 'DingTalk AI Card template ID; leave empty to disable AI Cards',
+    allowedUsers: 'Allowed Users',
+    allowedUsersHint: 'Whitelist user IDs or OpenIDs (comma-separated)',
+    allowAllUsers: 'Allow All Users',
+    allowAllUsersHint: 'Allow messages from any user; keep off to use the allowlist',
+    botId: 'Bot ID',
+    botIdHint: 'WeCom Bot ID',
+    wecomSecretHint: 'WeCom Bot Secret',
+    waEnabled: 'Enable WhatsApp',
+    waEnabledHint: 'Enable WhatsApp via QR code pairing',
+    weixinToken: 'Weixin Token',
+    weixinTokenHint: 'From weixin CLI QR login (hermes weixin)',
+    accountId: 'Account ID',
+    accountIdHint: 'Weixin account ID',
+    qrLogin: 'QR Login',
+    qrRelogin: 'Re-login',
+    qrFetching: 'Fetching QR code...',
+    qrScanHint: 'Scan with WeChat to login',
+    qrScanedHint: 'Scaned, please confirm on phone...',
+    // QQ
+    qqAppId: 'App ID',
+    qqAppIdHint: 'QQ Open Platform Bot App ID',
+    qqAppSecret: 'App Secret',
+    qqAppSecretHint: 'QQ Open Platform Bot App Secret',
+    qqMarkdown: 'Markdown Support',
+    qqMarkdownHint: 'Enable Markdown formatted messages (some clients may not support)',
+    qqSandbox: 'Sandbox Mode',
+    qqSandboxHint: 'Enable sandbox environment (for testing)',
+    qqQrScanHint: 'Scan the QR code with QQ, or open the link on your phone to complete binding',
+  },
+
+  // Language
+  language: {
+    label: 'Language',
+    zh: '中文',
+    en: 'English',
+  },
+
+  // Terminal
+  terminal: {
+    sessions: 'Sessions',
+    newTab: 'New Terminal',
+    closeSession: 'Close this session?',
+    sessionExited: 'Exited',
+    processExited: 'Process exited with code {code}',
+    noSessions: 'No terminal sessions',
+    connectionFailed: 'Terminal service connection failed',
+    connectionClosed: 'Terminal connection closed',
+    connectionError: 'Terminal connection error',
+  },
+
+  // Group Chat
+  groupChat: {
+    title: 'Group Chat',
+    createRoom: 'Create Room',
+    joinByCode: 'Join by Code',
+    roomName: 'Room Name',
+    roomNamePlaceholder: 'Enter room name',
+    inviteCode: 'Invite Code',
+    autoGenerate: 'Auto-generate',
+    noRooms: 'No rooms yet',
+    selectOrCreate: 'Select or create a room to start chatting',
+    agents: 'Agents',
+    addAgent: 'Add Agent',
+    selectProfile: 'Select a profile',
+    agentAdded: 'Agent added',
+    agentAlreadyInRoom: 'Agent already in this room',
+    agentAddFailedCount: '{count} agent(s) were not added: {details}',
+    noAgents: 'No agents in this room',
+    members: 'members',
+    roomCreated: 'Room created',
+    roomDeleted: 'Room deleted',
+    roomCloned: 'Room cloned',
+    cloneRoom: 'Clone room',
+    copyRoomLink: 'Copy Room Link',
+    deleteRoomConfirm: 'Delete this room?',
+    clearContext: 'Clear context',
+    clearContextConfirm: 'Clear this room context? Messages and compression snapshots will be removed, but agents and members stay.',
+    contextCleared: 'Context cleared',
+    you: 'You',
+    joined: 'Joined room',
+    joinFailed: 'Failed to join room',
+    inputPlaceholder: 'Type a message... (Enter to send)',
+    enterCode: 'Enter invite code',
+    yourName: 'Your Name',
+    yourNamePlaceholder: 'Enter your display name',
+    yourDescription: 'Description (optional)',
+    yourDescriptionPlaceholder: 'Tell others who you are...',
+    agentName: 'Agent Name',
+    agentNamePlaceholder: 'Custom name (leave empty to use profile name)',
+    agentDesc: 'Agent Description',
+    agentDescPlaceholder: 'Describe what this agent does...',
+    agentReplying: 'is replying...',
+    agentCompressing: 'is compressing context...',
+    compressionSettings: 'Compression Settings',
+    triggerTokens: 'Trigger Tokens',
+    triggerTokensDesc: 'Token threshold to trigger context compression',
+    maxHistoryTokens: 'Max History Tokens',
+    maxHistoryTokensDesc: 'Maximum tokens for compressed context sent to LLM',
+    tailMessageCount: 'Tail Message Count',
+    tailMessageCountDesc: 'Number of recent messages to keep verbatim after compression',
+    compressionConfig: 'Compression Config',
+    compressionSaved: 'Compression config saved',
+    compressNow: 'Compress Now',
+    compressingInProgress: 'Compression in progress, please wait',
+  },
+
+  // Usage
+  usage: {
+    title: 'Usage Statistics',
+    refresh: 'Refresh',
+    totalTokens: 'Total Tokens',
+    inputTokens: 'Input',
+    outputTokens: 'Output',
+    totalSessions: 'Total Sessions',
+    avgPerDay: '~{n}/day avg',
+    estimatedCost: 'Est. Cost',
+    cacheHitRate: 'Cache Hit Rate',
+    modelBreakdown: 'Model Breakdown',
+    dailyTrend: 'Daily Usage',
+    date: 'Date',
+    tokens: 'Tokens',
+    cache: 'Cache',
+    cacheRead: 'Cache Read',
+    cacheWrite: 'Cache Write',
+    sessions: 'Sessions',
+    cost: 'Cost',
+    noData: 'No usage data',
+  },
+  skillsUsage: {
+    title: 'Skills Usage',
+    subtitle: 'Track skill loads and edits from Hermes sessions',
+    refresh: 'Refresh',
+    periodSelector: 'Skill usage period',
+    periodLabel: '{days}d',
+    summary: 'Summary',
+    totalActions: 'Actions',
+    loads: 'Loads',
+    edits: 'Edits',
+    distinctSkills: 'Skills',
+    topSkills: 'Top Skills',
+    dailyTrend: 'Daily Trend',
+    periodSummary: 'Last {days} days',
+    skill: 'Skill',
+    share: 'Share',
+    lastUsed: 'Last Used',
+    noData: 'No skill usage data',
+    loadFailed: 'Failed to load skill usage',
+    otherSkills: 'Other skills',
+  },
+
+  // Files
+  files: {
+    title: 'Files',
+    fileTree: 'File Tree',
+    tree: 'Directory Tree',
+    list: 'File List',
+    breadcrumbRoot: 'Home',
+    newFile: 'New File',
+    newFolder: 'New Folder',
+    upload: 'Upload',
+    refresh: 'Refresh',
+    open: 'Open',
+    edit: 'Edit',
+    preview: 'Preview',
+    download: 'Download',
+    copyPath: 'Copy Path',
+    rename: 'Rename',
+    delete: 'Delete',
+    name: 'Name',
+    size: 'Size',
+    modified: 'Modified',
+    actions: 'Actions',
+    emptyDir: 'Empty directory',
+    loading: 'Loading...',
+    confirmDelete: 'Are you sure you want to delete "{name}"?',
+    confirmDeleteDir: 'Are you sure you want to delete directory "{name}" and all its contents?',
+    deleteFailed: 'Delete failed',
+    deleted: 'Deleted',
+    renameTo: 'Rename to',
+    newFileName: 'File name',
+    newFolderName: 'Folder name',
+    created: 'Created',
+    createFailed: 'Create failed',
+    renamed: 'Renamed',
+    renameFailed: 'Rename failed',
+    uploadSuccess: 'Uploaded {count} file(s)',
+    uploadFailed: 'Upload failed',
+    saveFailed: 'Save failed',
+    saved: 'Saved',
+    unsavedChanges: 'You have unsaved changes. Discard?',
+    pathCopied: 'Path copied',
+    fileTooLarge: 'File too large (max 10MB)',
+    permissionDenied: 'Cannot modify protected file',
+    notFound: 'File or directory not found',
+    backendError: 'File operation failed',
+    dragDropHint: 'Drag files here to upload',
+    closeEditor: 'Close Editor',
+    closePreview: 'Close',
+    saveFile: 'Save',
+  },
+  // Download
+  download: {
+    downloading: 'Downloading...',
+    downloadFailed: 'Download failed',
+    fileNotFound: 'File not found or deleted',
+    fileTooLarge: 'File too large (exceeds limit)',
+    backendError: 'File read failed, remote environment may be unavailable',
+    backendTimeout: 'File read timed out',
+    unsupportedBackend: 'Current terminal backend does not support file download',
+    invalidPath: 'Invalid file path',
+    contentDisplay: 'Content display',
+    download: 'Download',
+    downloadFile: 'Download file',
+  },
+
+  // Changelog
+  changelog: {
+    new_0_6_7_1: 'The desktop app now defaults to port 8748, supports LAN access, and can be opened directly from a local browser',
+    new_0_6_7_9: 'Desktop download links are now available on the official website at https://hermes-studio.ai/, and the latest installers remain available from GitHub Releases',
+    new_0_6_7_2: 'MCP tooling is more complete with bridge tool discovery fixes, MCP management lifecycle fixes, and per-model tool visibility controls in the manager',
+    new_0_6_7_3: 'Message lists now center empty states correctly, reduce scroll jitter, avoid leaking live chat messages into History while loading, preserve per-session scroll positions, and fade in over 1.5 seconds on session switches',
+    new_0_6_7_4: 'Bridge and runtime stability improved by preserving text/tool-call ordering, fixing Profile runtime status loading, improving Node/npm detection, and skipping production data directory creation',
+    new_0_6_7_5: 'Desktop distribution now covers Electron packaging, app naming, preload builds, release artifact uploads, Windows Hermes CLI launch, Linux icons and writable data paths, macOS unsigned release handling, and hidden Windows startup subprocesses',
+    new_0_6_7_6: 'The website now has downloads and deploy workflows, with deploys fixed for environments that do not provide rsync',
+    new_0_6_7_7: 'Server and auth fixes use dirname for Windows credential directories and raise the avatar upload body limit to avoid 413 errors on larger images',
+    new_0_6_7_8: 'Repository harness, validation docs, and agent guidance were added for coding agents, while stale setup script docs were removed',
+    new_0_6_4_1: 'CI is hardened with pinned npm install behavior and PR Docker smoke coverage',
+    new_0_6_4_2: 'Chat now uses virtualized pagination so long conversations scroll and load more reliably',
+    new_0_6_4_3: 'Docker image publishing now runs only for releases instead of ordinary PR checks',
+    new_0_6_4_4: 'Version Preview is available to super admins, with main/tag selection, preview checkout, dependency install, start/stop controls, and logs',
+    new_0_6_4_5: 'Preview instances isolate frontend/backend ports, Web UI home, and agent bridge endpoint, with runtime patches for older tags covering ports, WebSocket routing, base URL behavior, and nested preview navigation',
+    new_0_6_4_6: 'Legacy session_usage tables missing created_at now migrate safely with a default value',
+    new_0_6_4_7: 'Bridge profile worker endpoints are now namespaced by broker endpoint, preventing production and preview instances with the same Profile from stealing worker sockets and causing unknown run errors',
+    new_0_6_5_1: 'Coding Agents now provide a complete launch workflow for Claude Code and Codex, with global config launch, profile/provider-isolated workspaces, and built-in or native terminal launch',
+    new_0_6_5_2: 'Codex launch now supports OpenAI Chat Completions, OpenAI Responses, and Anthropic Messages, with local proxy adaptation for different providers',
+    new_0_6_5_3: 'Coding Agents are more reliable on Windows with .cmd/.bat shim detection, terminal launch fixes, and Claude Code custom model launch that avoids local model validation failures',
+    new_0_6_5_4: 'Message lists, History paging, TTS authentication, group-chat agent mentions, update-check suppression, and bridge worker transport continue to improve runtime stability',
+    new_0_6_3_1: 'Bridge spinner status is no longer stored as model reasoning, preventing decorative thinking text from contaminating future context',
+    new_0_6_3_2: 'History now includes controls to import Hermes CLI sessions into the Web UI local history with safer message normalization',
+    new_0_6_3_3: 'Provider setup now supports editable built-in base URLs, LM Studio as a built-in provider, and live LM Studio /models discovery',
+    new_0_6_3_4: 'OpenRouter requests sent through the Web UI bridge now include Hermes Web UI app attribution headers',
+    new_0_6_3_5: 'The public auth status endpoint no longer exposes the first username to unauthenticated requests',
+    new_0_6_3_6: 'DingTalk settings now include an AI Card Template ID field persisted as DINGTALK_CARD_TEMPLATE_ID',
+    new_0_6_3_7: 'Bridge socket JSON output now sanitizes lone Unicode surrogate characters to prevent SSE crashes during chat',
+    new_0_6_2_1: 'Web Bridge now supports /plan commands with correct run startup and visible command state',
+    new_0_6_2_2: 'The chat input command menu now includes /goal and /subgoal commands, including status, pause, resume, done, and clear actions',
+    new_0_6_2_3: 'Goal and subgoal workflows now integrate with chat sessions, including goal continuations and status updates',
+    new_0_6_2_4: 'Job delivery target channel options are restored so scheduled jobs can pick the intended destination',
+    new_0_6_2_5: 'Context token usage now resumes accurately with snapshot-aware calculations after reconnects',
+    new_0_6_2_6: 'Context checkpoint compression is more reliable for slow Codex summarization: Web UI waits 5 minutes and the Python bridge broker no longer cuts off worker requests after 2 minutes',
+    new_0_6_2_7: 'Chat queue promotion is fixed so queued messages do not jump into the message list early, including synced windows',
+    new_0_6_2_8: 'Clarify prompts no longer submit open-text replies on Enter and answered prompts no longer reopen after switching sessions',
+    new_0_6_2_9: 'Bridge terminal environment refresh and stale pid cleanup are scoped more tightly, reducing stale runtime status in the UI',
+    new_0_6_2_10: 'The default context length now follows the Hermes standard of 256,000 tokens',
+    new_0_5_35_1: 'Bridge sessions can now run concurrently across different sessions while same-session runs stay serialized to preserve message order',
+    new_0_5_35_2: 'Add the Performance Monitor page for system CPU/memory, Web UI, Bridge Broker, Workers, and active session status',
+    new_0_5_35_3: 'Add per-worker resource metrics showing CPU, memory, Profile, session count, and running state',
+    new_0_5_35_4: 'Improve Bridge worker lifecycle cleanup so broker shutdowns and parent-process exits reclaim workers and reduce orphan Python processes',
+    new_0_5_35_5: 'Harden monitoring compatibility with resource collection fallbacks for macOS, Windows, Linux, Docker, and Termux',
+    new_0_5_35_6: 'Performance monitoring no longer blocks on worker requests while agents are initializing, reducing request timeouts on Windows',
+    new_0_5_35_7: 'Chat Markdown now supports inline text-content previews, and download icons download files directly instead of opening the preview drawer',
+    new_0_5_35_8: 'Polish the content preview drawer with a mobile close action, full-width mobile layout, 800px desktop width, and consistent text/Markdown backgrounds',
+    new_0_6_0_1: 'Account- and Profile-scoped management now consistently protects sessions, models, usage, Kanban, jobs, uploads, media, and related Hermes APIs',
+    new_0_6_0_2: 'Bundled media skills use the generated server token only for media endpoints and resolve fun-codex/xAI credentials from the requested Profile',
+    new_0_6_0_3: 'Single chat and group chat now inject the current Hermes Profile into run instructions so skills can send X-Hermes-Profile',
+    new_0_6_0_4: 'delegate_task subagent progress now streams into the chat UI with start, tool, progress, and completion updates',
+    new_0_6_0_5: 'Stopping or aborting a run clears transient events so stale abort state does not leak into the next chat',
+    new_0_6_0_6: 'Update docs and website copy for account management, default credentials, account/Profile management, uploads/downloads, and bundled media skills',
+    new_0_6_0_7: 'Add CLI maintenance commands for clearing login IP locks and resetting the default admin / 123456 login',
+    new_0_6_0_8: 'Version 0.6.0 is the boundary between single-user and multi-user Web UI. If multi-user mode causes issues, please file an issue and roll back to the 0.5.35 single-user release if needed',
+    new_0_6_1_1: 'Session lists now show every Profile available to the account unless a Profile filter is explicitly selected, and CLI start/stop/status no longer print the node:sqlite experimental warning',
+    new_0_6_1_2: 'Clarify and confirmation replies now travel through the authenticated chat socket to the Hermes bridge, with response-path tests',
+    new_0_6_1_3: 'Navigation entries and chat session rows now use native links for open-in-new-tab, copy-link, and persistent collapsed sidebar behavior',
+    new_0_6_1_4: 'Session links no longer leak route Profile filters into the normal session list, and Open in new tab labels are localized',
+    new_0_6_1_5: 'Skills now read skills.external_dirs from the active Profile config, mark external skills, preserve local precedence, and resolve external files',
+    new_0_6_1_6: 'Login IP lockout now allows 10 failed attempts and the locked login screen shows clear-lock and reset-default-login recovery commands',
+    new_0_6_1_7: 'Mobile and background chat disconnects are treated as transient, then reconnect resumes the run state from the server',
+    new_0_6_1_8: 'Bridge tool marker flushing now persists partial tool-call marker prefixes at tool and run boundaries',
+    new_0_6_1_9: 'Profile-aware history actions now delete sessions with profile-qualified targets and refresh History when the global Profile changes',
+    new_0_6_1_10: 'The legacy AUTH_DISABLED bypass was removed for multi-user permissions, while AUTH_TOKEN remains supported',
+
+  },
+}
diff --git a/packages/client/src/i18n/locales/es.ts b/packages/client/src/i18n/locales/es.ts
new file mode 100644
index 0000000..9fd6b9b
--- /dev/null
+++ b/packages/client/src/i18n/locales/es.ts
@@ -0,0 +1,1549 @@
+export default {
+  // Login
+  login: {
+    title: 'Hermes Web UI',
+    description: 'Introduce tu nombre de usuario y contrasena para continuar.',
+    placeholder: 'Token de acceso',
+    submit: 'Iniciar sesion',
+    tokenRequired: 'Por favor, introduce tu token de acceso',
+    invalidToken: 'Token invalido',
+    connectionFailed: 'No se puede conectar al servidor',
+    passwordLogin: 'Contrasena',
+    tokenLogin: 'Token',
+    usernamePlaceholder: 'Nombre de usuario',
+    passwordPlaceholder: 'Contrasena',
+    defaultCredentialsHint: 'Nombre de usuario predeterminado: admin. Contrasena predeterminada: 123456.',
+    credentialsRequired: 'Por favor, introduzca nombre de usuario y contrasena',
+    invalidCredentials: 'Nombre de usuario o contrasena incorrectos',
+    tooManyAttempts: 'Demasiados intentos fallidos, por favor intente mas tarde',
+    lockResetHint: 'Si este es su servidor, borre el bloqueo de inicio de sesion con:',
+    defaultLoginResetHint: 'Para restablecer la contrasena admin predeterminada, ejecute:',
+    sessionExpired: 'La sesion expiro. Inicia sesion de nuevo.',
+    accessDenied: 'No tienes permiso para acceder a este recurso.',
+    passwordMismatch: 'Las contrasenas no coinciden',
+    passwordTooShort: 'La contrasena debe tener al menos 6 caracteres',
+    setupSuccess: 'Login con contrasena configurado correctamente',
+    passwordChanged: 'Contrasena cambiada correctamente',
+    passwordRemoved: 'Login con contrasena eliminado',
+    setupPassword: 'Configurar login con contrasena',
+    changePassword: 'Cambiar contrasena',
+    changeUsername: 'Cambiar nombre de usuario',
+    removePasswordLogin: 'Eliminar',
+    username: 'Nombre de usuario',
+    currentPassword: 'Contrasena actual',
+    newPassword: 'Nueva contrasena',
+    confirmPassword: 'Confirmar contrasena',
+    newUsername: 'Nuevo nombre de usuario',
+    usernameChanged: 'Nombre de usuario cambiado correctamente',
+    usernameTooShort: 'El nombre de usuario debe tener al menos 2 caracteres',
+    setupDescription: 'Administra el nombre de usuario y la contrasena usados para iniciar sesion.',
+    removeConfirm: 'El login con contrasena es obligatorio para las cuentas de usuario.',
+    passwordLoginNotConfigured: 'Login con contrasena no configurado',
+    passwordLoginConfigured: 'Cuenta actual: {username}',
+    defaultCredentialTitle: 'Cambia la cuenta y contrasena predeterminadas',
+    defaultCredentialMessage: 'La cuenta actual aun usa el nombre de usuario o la contrasena predeterminados. Para evitar accesos no autorizados, cambia cuanto antes el nombre de usuario y la contrasena de la cuenta actual.',
+    defaultCredentialAction: 'Cambiar ahora',
+    defaultCredentialLater: 'Recordar mas tarde',
+  },
+
+  users: {
+    title: 'Gestion de cuentas',
+    description: 'Crea usuarios, asigna roles y controla que perfiles pueden usar los administradores normales.',
+    create: 'Crear usuario',
+    edit: 'Editar usuario',
+    username: 'Nombre de usuario',
+    role: 'Rol',
+    statusLabel: 'Estado',
+    profiles: 'Perfiles accesibles',
+    profilesPlaceholder: 'Selecciona perfiles accesibles',
+    allProfiles: 'Todos los perfiles',
+    noProfiles: 'Sin perfiles asignados',
+    lastLogin: 'Ultimo inicio',
+    newPasswordOptional: 'Nueva contrasena (dejar vacio para conservar)',
+    loadFailed: 'No se pudieron cargar los usuarios',
+    deleteConfirm: 'Eliminar este usuario?',
+    enable: 'Activar',
+    disable: 'Desactivar',
+    roles: {
+      superAdmin: 'Super admin',
+      admin: 'Admin',
+    },
+    status: {
+      active: 'Activo',
+      disabled: 'Desactivado',
+    },
+  },
+
+  // Common
+  common: {
+    loading: 'Cargando...',
+    cancel: 'Cancelar',
+    retry: 'Reintentar',
+    delete: 'Eliminar',
+    edit: 'Editar',
+    save: 'Guardar',
+    saved: 'Guardado',
+    update: 'Actualizar',
+    create: 'Crear',
+    saveFailed: 'Error al guardar',
+    deleteFailed: 'Error al eliminar',
+    ok: 'OK',
+    copied: 'Copiado',
+    copy: 'Copiar',
+    noData: 'Sin datos',
+    fetch: 'Obtener',
+    add: 'Anadir',
+    enable: 'Activar',
+    disable: 'Desactivar',
+    configured: 'Configurado',
+    notConfigured: 'No configurado',
+    confirm: 'Confirmar',
+    expand: 'Expandir',
+    collapse: 'Contraer',
+    stop: 'Detener',
+    start: 'Iniciar',
+    expired: 'Expirado',
+  },
+
+  // Gestion de MCP
+  mcp: {
+    title: 'Servidores MCP',
+    loadFailed: 'Error al cargar servidores MCP',
+    reloadAll: 'Recargar todos',
+    refresh: 'Actualizar',
+    total: 'Total',
+    connected: 'Conectado',
+    disconnected: 'Desconectado',
+    tools: 'herramientas',
+    tool: 'Herramientas',
+    searchPlaceholder: 'Buscar servidores...',
+    addServer: '+ Agregar servidor',
+    zeroTools: '0 herramientas',
+    loading: 'Cargando...',
+    empty: 'No hay servidores MCP configurados',
+    reloaded: '{server} recargado',
+    reloadedAll: 'Todos los servidores MCP recargados',
+    reloadFailed: 'Error al recargar',
+    serverAdded: 'Servidor "{name}" agregado',
+    addFailed: 'Error al agregar servidor',
+    serverUpdated: 'Servidor "{name}" actualizado',
+    updateFailed: 'Error al actualizar servidor',
+    saveFailed: 'Error al guardar',
+    serverRemoved: '"{name}" eliminado',
+    enabled: "Habilitado: {name}",
+    disabled: "Deshabilitado: {name}",
+    connectedStatus: 'Conectado',
+    disconnectedStatus: 'Desconectado',
+    disabledStatus: 'Deshabilitado',
+    toolList: 'Lista de herramientas',
+    count: ' ',
+    more: 'más',
+    removeFailed: 'Error al eliminar servidor',
+    testOk: 'Prueba OK — {count} herramientas disponibles',
+    testEmpty: 'La prueba no devolvio herramientas',
+    testFailed: 'Error en la prueba',
+    edit: 'Editar',
+    test: 'Probar',
+    reload: 'Recargar',
+    remove: 'Eliminar',
+    confirmRemove: '¿Eliminar servidor "{name}"?',
+    cancel: 'Cancelar',
+    add: 'Agregar',
+    save: 'Guardar',
+    addTitle: 'Agregar servidor MCP',
+    editTitle: 'Editar servidor MCP',
+    invalidJson: 'JSON inválido',
+    invalidYaml: 'Formato YAML no válido',
+    invalidConfig: 'Configuración no válida',
+    invalidServerConfig: 'Configuración del servidor no válida',
+    missingCommandOrUrl: 'Debe incluir command o url',
+    manageTools: 'Gestionar herramientas',
+    toolsVisibilityTitle: 'Gestión de visibilidad de herramientas',
+    fetchTools: 'Obtener lista de herramientas',
+    fetchToolsFailed: 'Error al obtener la lista de herramientas',
+    toolsMode: 'Modo:',
+    toolsModeAll: 'Todas',
+    toolsModeInclude: 'Incluir',
+    toolsModeExclude: 'Excluir',
+    toolsListHeader: 'Nombre de herramienta',
+    toolsEmpty: 'No hay herramientas disponibles, primero obtenga la lista de herramientas',
+    toolsSummaryAll: '{count} herramientas en total, todas habilitadas',
+    toolsSummaryInclude: '{total} herramientas en total, {count} seleccionadas',
+    toolsSummaryExclude: '{total} herramientas en total, {count} excluidas',
+    toolsVisibilitySaved: 'Visibilidad de herramientas guardada',
+    toolsSelectAll: 'Seleccionar todo',
+    toolsClearSelection: 'Borrar selección',
+    toolsExcludeAll: 'Excluir todo',
+    toolsClearExcluded: 'Borrar exclusiones',
+  },
+
+  // Sidebar
+  sidebar: {
+    chat: 'Chat',
+    search: 'Buscar',
+    apiRelay: 'API Relay',
+    history: 'Historial',
+    jobs: 'Tareas programadas',
+    models: 'Modelos',
+    profiles: 'Perfiles',
+    plugins: 'Plugins',
+    mcp: 'MCP',
+    skills: 'Habilidades',
+    memory: 'Memoria',
+    logs: 'Registros',
+    usage: 'Uso',
+    performance: 'Rendimiento',
+    skillsUsage: 'Uso de habilidades',
+    channels: 'Canales',
+    terminal: 'Terminal',
+    files: 'Archivos',
+    groupChat: 'Chat grupal',
+    groupConversation: 'Conversación',
+    groupConversationShort: 'Conv.',
+    groupAgent: 'Agente',
+    groupAgentShort: 'Ag.',
+    groupSystem: 'Sistema',
+    groupSystemShort: 'Sist',
+    groupMonitoring: 'Monitoreo',
+    groupMonitoringShort: 'Mon.',
+    settings: 'Configuracion',
+    connected: 'Conectado',
+    disconnected: 'Desconectado',
+    updateTip: 'Ejecuta "hermes-web-ui update" en la terminal para actualizar',
+    updateVersion: 'Actualizar a v{version}',
+    reloadClientVersion: 'Recargar para v{version}',
+    updating: 'Actualizando...',
+    updateSuccess: 'Actualizacion completada. Actualiza la pagina en breve. Si no se inicia despues de un tiempo, inicialo manualmente.',
+    updateFailed: 'Error al actualizar',
+    logout: 'Cerrar sesion',
+    nodeVersionWarning: 'Se detecto Node.js v{version}. Actualiza a la version 23 o posterior.',
+    changelog: 'Registro de cambios',
+    noChangelog: 'No hay registro de cambios',
+    kanban: 'Kanban',
+    groupTools: 'Herramientas',
+    groupToolsShort: "Herr.",
+    codingAgents: "Agentes de código",
+    versionPreview: "Vista previa de versión",
+    groupPlatform: 'Plataforma',
+    gateways: 'Puertas de enlace',
+    expand: 'Expandir menú',
+    collapse: 'Contraer menú',
+  },
+
+  performance: {
+    title: 'Rendimiento',
+    subtitle: 'Supervisa recursos del sistema, Bridge Broker, Workers y sesiones activas',
+    refresh: 'Actualizar',
+    autoRefreshOn: 'Actualización automática',
+    autoRefreshOff: 'Actualización manual',
+    loadFailed: 'No se pudieron cargar las métricas de rendimiento',
+    systemCpu: 'CPU del sistema',
+    systemMemory: 'Memoria del sistema',
+    activeSessions: 'Sesiones activas',
+    runningSessions: 'En ejecución {count}',
+    workers: 'Workers',
+    totalWorkerMemory: 'Memoria total de Worker',
+    processes: 'Procesos',
+    uptime: 'Tiempo activo',
+    running: 'En ejecución',
+    stopped: 'Detenido',
+    workerMemory: 'Memoria de Worker',
+    lastUpdated: 'Actualizado',
+    profile: 'Profile',
+    memory: 'Memoria',
+    sessions: 'Sesiones',
+    runningActiveSessions: 'En ejecución / Activas',
+    lastUsed: 'Último uso',
+    status: 'Estado',
+    noWorkers: 'Sin Workers',
+    sessionsByProfile: 'Sesiones por Profile',
+    noActiveSessions: 'No hay sesiones activas',
+  },
+
+  // Drawer
+  drawer: {
+    terminal: 'Terminal',
+    files: 'Espacio de trabajo',
+  },
+
+  // Chat
+  chat: {
+    contextRemaining: 'restante',
+    contextClickToEdit: 'Haz clic para editar la longitud del contexto',
+    contextEditTitle: 'Editar longitud del contexto',
+    contextEditDesc: 'Establecer el límite de longitud del contexto para el modelo actual (en tokens)',
+    contextEditPlaceholder: 'Ingresa la longitud del contexto',
+    contextEditHint: 'Valores comunes: 256k (Hermes predeterminado), 128k (GPT-4), 32k (GPT-3.5)',
+    contextEditSave: 'Guardar',
+    contextEditCancel: 'Cancelar',
+    contextEditInvalid: 'Por favor ingresa una longitud de contexto válida',
+    contextEditSuccess: 'Longitud del contexto actualizada',
+    contextEditFailed: 'Error en la actualización',
+    emptyState: 'Inicia una conversacion con Hermes Agent',
+    outlineTitle: 'Esquema de la conversación',
+    outlineEmpty: 'Sin contenido de conversación',
+    outlineUserQuestion: 'Pregunta del usuario',
+    inputPlaceholder: 'Escribe un mensaje... (Enter para enviar, Shift+Enter para nueva linea)',
+    slashCommandArgs: {
+      message: '<mensaje>',
+      title: '<titulo>',
+      text: '<texto>',
+    },
+    slashCommands: {
+      usage: 'Calcular el uso de la sesión actual',
+      status: 'Mostrar estado de sesión y cola',
+      abort: 'Detener la ejecución activa de Bridge',
+      queue: 'Poner un mensaje en cola tras la ejecución activa',
+      plan: 'Escribir un plan de implementación en Markdown',
+      goal: 'Set a standing goal that continues across turns',
+      goalStatus: 'Show the active goal status',
+      goalPause: 'Pause the active goal loop',
+      goalResume: 'Resume the paused goal loop',
+      goalDone: 'Complete and clear the active goal',
+      goalClear: 'Clear the active goal',
+      subgoal: 'Add a criterion to the active goal',
+      clear: 'Limpiar la vista actual',
+      clearHistory: 'Eliminar el historial de mensajes guardado de esta sesión',
+      title: 'Renombrar esta sesión',
+      compress: 'Ejecutar compresión de contexto cuando esté inactiva',
+      steer: 'Enviar texto de guía a la ejecución activa de Bridge',
+      destroy: 'Liberar el agente Bridge de esta sesión',
+      reloadMcp: 'Recargar servidores MCP',
+    },
+    attachFiles: 'Adjuntar archivos',
+    showToolCalls: 'Mostrar llamadas de herramientas',
+    hideToolCalls: 'Ocultar llamadas de herramientas',
+    messageQueue: 'Cola de mensajes',
+    removeQueuedMessage: 'Quitar mensaje de la cola',
+    stop: 'Detener',
+    send: 'Enviar',
+    contextUsed: 'Contexto utilizado:',
+    sessions: 'Sesiones',
+    webUiSessions: 'Sesiones',
+    allProfiles: 'Todos los perfiles',
+    profileMissingModelsTip: 'El perfil "{profile}" no tiene proveedor ni modelo disponible para esta sesión',
+    sessionScopeHint: 'Chat solo muestra sesiones de Web UI/API Server. Las sesiones de CLI, Telegram, Discord, Cron y otros canales son de solo lectura en Historial.',
+    openHistory: 'Abrir historial',
+    hermesHistory: 'Historial de Hermes',
+    historyScopeHint: 'Sesiones del historial de Hermes del perfil actual, de solo lectura y agrupadas por origen.',
+    noSessions: 'Sin sesiones',
+    newChat: 'Nuevo chat',
+    approvalKicker: 'Permiso de terminal',
+    approvalTitle: 'Revisar comando antes de ejecutar',
+    approvalAllowOnce: 'Permitir una vez',
+    approvalAllowSession: 'Permitir sesión',
+    approvalAlways: 'Siempre',
+    approvalDeny: 'Denegar',
+    clarifyKicker: 'El agente necesita aclaración',
+    clarifyTitle: 'El agente tiene una pregunta para usted',
+    clarifyPlaceholder: 'Escriba su respuesta...',
+    clarifySubmit: 'Responder',
+    clarifyDismiss: 'Descartar',
+    deleteSession: 'Eliminar esta sesion?',
+    toggleBatchMode: 'Selección por lotes',
+    selectAll: 'Seleccionar todo',
+    confirmBatchDelete: '¿Eliminar {count} sesiones seleccionadas?',
+    batchDeleteSuccess: '{count} sesiones eliminadas',
+    batchDeletePartial: '{failed} sesiones fallaron al eliminar',
+    batchDeleteFailed: 'Error al eliminar por lotes',
+    importToWebUi: 'Importar a Web UI',
+    importSessionSuccess: 'Sesion importada a Web UI',
+    importSessionAlreadyExists: 'La sesion ya existe en Web UI',
+    importSessionFailed: 'Error al importar la sesion',
+    sessionDeleted: 'Sesion eliminada',
+    rename: 'Renombrar',
+    pin: 'Fijar',
+    unpin: 'Desfijar',
+    pinned: 'Fijados',
+    chatMode: 'Modo de chat',
+    liveMode: 'En vivo',
+    liveSessions: 'Sesiones en vivo',
+    recentBadge: 'Reciente',
+    linkedSessions: '{count} vinculadas',
+    noVisibleMessages: 'No hay mensajes visibles para humanos.',
+    monitorRoleUser: 'Usuario',
+    monitorRoleAssistant: 'Asistente',
+    copySessionLink: 'Copiar enlace de sesión',
+    openSessionInNewTab: 'Abrir en una nueva pestaña',
+    sessionLinkCopied: 'Session link copied',
+    copySessionId: 'Copiar ID de sesión',
+    export: 'Exportar',
+    exportFull: 'Exportación completa (JSON)',
+    exportCompressed: 'Exportación comprimida (TXT)',
+    exportCompressing: 'Comprimiendo contexto, espere...',
+    exportSuccess: 'Sesión exportada',
+    exportFailed: 'Error al exportar',
+    renamed: 'Renombrada',
+    renameFailed: 'Error al renombrar',
+    renameSession: 'Renombrar sesion',
+    sessionNotFound: 'Sesion no encontrada',
+    enterNewTitle: 'Introduce un nuevo titulo',
+    other: 'Otro',
+    runFailed: 'Error en la ejecucion',
+    error: 'Error',
+    tool: 'Herramienta',
+    arguments: 'Argumentos',
+    result: 'Resultado',
+    truncated: '... (truncado)',
+    executionDuration: 'Tiempo de ejecución',    thinkingLabel: 'Pensamiento',
+    thinkingInProgress: 'Pensando…',
+    thinkingShow: 'Mostrar pensamiento',
+    thinkingHide: 'Ocultar pensamiento',
+    thinkingDuration: 'Observado {duration}',
+    thinkingChars: '{count} caracteres',
+    copyBubble: 'Copiar mensaje',
+    copiedBubble: 'Mensaje copiado',
+    copyFailed: 'Error al copiar',
+    playSpeech: 'Reproducir voz',
+    pauseSpeech: 'Pausa',
+    resumeSpeech: 'Reanudar',
+    stopSpeech: 'Detener',
+    speechNotSupported: 'Reproducción de voz no soportada en este navegador',
+    searchEnterHint: 'Enter para abrir · Esc para cerrar',
+    searchHint: 'Cmd/Ctrl+K',
+    searchScope: 'Alcance de búsqueda: solo base de datos local de sesiones de Web UI; no incluye sesiones históricas Hermes de solo lectura.',
+    searchFailed: 'No se pudieron buscar sesiones',
+    searchNoSnippet: 'No hay resumen disponible',
+    searchNoResults: 'No hay sesiones que coincidan',
+    searchRecent: 'Sesión reciente',
+    searchEmpty: 'Sesiones recientes',
+    searchPlaceholder: 'Buscar sesiones...',
+    searchSubtitle: 'Buscar por título o contenido de mensajes',
+    searchTitle: 'Buscar sesiones',
+    stopGateway: 'Detener gateway',
+    start: 'Iniciar',
+    workspaceSetFailed: 'No se pudo definir el workspace',
+    workspaceSet: 'Workspace definido',
+    workspacePlaceholder: 'Introduce la ruta del proyecto, p. ej. /home/user/project',
+    workspace: 'Espacio de trabajo',
+    setWorkspaceTitle: 'Definir workspace de sesión',
+    setWorkspace: 'Definir workspace',
+    modelSetFailed: 'No se pudo definir el modelo',
+    modelSet: 'Modelo definido',
+    setModelTitle: 'Definir modelo de sesión',
+    setModel: 'Definir modelo',
+    newCliChat: 'Nuevo CLI',
+    cliEmptyState: 'Iniciar chat CLI',
+    autoPlaySpeech: 'Reproducir voz automáticamente',
+  },
+
+  // Jobs
+  jobs: {
+    title: 'Tareas programadas',
+    createJob: 'Crear tarea',
+    editJob: 'Editar tarea',
+    noJobs: 'No hay tareas programadas aun. Crea una para comenzar.',
+    name: 'Nombre',
+    namePlaceholder: 'Nombre de la tarea',
+    schedule: 'Programacion (expresion Cron)',
+    schedulePlaceholder: 'ej. 0 9 * * *',
+    quickPresets: 'Presets rapidos',
+    selectPreset: 'Seleccionar un preset...',
+    presetEveryMinute: 'Cada minuto',
+    presetEvery5Min: 'Cada 5 minutos',
+    presetEveryHour: 'Cada hora',
+    presetEveryDay: 'Todos los dias a las 00:00',
+    presetEveryDay9: 'Todos los dias a las 09:00',
+    presetEveryMonday: 'Cada lunes a las 09:00',
+    presetEveryMonth: 'El dia 1 de cada mes a las 09:00',
+    prompt: 'Prompt',
+    promptPlaceholder: 'El prompt a ejecutar',
+    deliverTarget: 'Destino de entrega',
+    origin: 'Origen',
+    local: 'Local',
+    repeatCount: 'Repeticiones (opcional)',
+    modelPlaceholder: 'Modelo por defecto',
+    repeatPlaceholder: 'Dejar vacio para infinito',
+    jobCreated: 'Tarea creada',
+    jobUpdated: 'Tarea actualizada',
+    nameRequired: 'El nombre es obligatorio',
+    scheduleRequired: 'La programacion es obligatoria',
+    loadFailed: 'Error al cargar la tarea',
+    jobPaused: 'Tarea en pausa',
+    jobResumed: 'Tarea reanudada',
+jobTriggered: 'Job ejecutado',
+    modelUpdated: 'Modelo actualizado',
+    jobDeleted: 'Tarea eliminada',
+    status: {
+      running: 'En ejecucion',
+      paused: 'En pausa',
+      disabled: 'Desactivada',
+      scheduled: 'Programada',
+    },
+    info: {
+      model: 'Modelo',
+      schedule: 'Programacion',
+      lastRun: 'Ultima ejecucion',
+      nextRun: 'Proxima ejecucion',
+      deliver: 'Entrega',
+      repeat: 'Repeticion',
+    },
+    action: {
+      pause: 'Pausar',
+      pauseJob: 'Pausar tarea',
+      resume: 'Reanudar',
+      resumeJob: 'Reanudar tarea',
+      runNow: 'Ejecutar ahora',
+      triggerImmediately: 'Ejecutar inmediatamente',
+    },
+    runHistory: {
+      title: 'Historial',
+      runs: 'ejecuciones',
+      noRuns: 'No se encontró historial.',
+    },
+  },
+
+  // Skills
+  skills: {
+    title: 'Habilidades',
+    searchPlaceholder: 'Buscar habilidades...',
+    noMatch: 'Ninguna habilidad coincide con tu busqueda',
+    noSkills: 'No se encontraron habilidades',
+    backTo: 'Volver a',
+    attachedFiles: 'Archivos adjuntos',
+    loadFailed: 'Error al cargar la habilidad',
+    fileLoadFailed: 'Error al cargar el archivo',
+    modified: 'Modificado por el usuario',
+    archived: 'Archivado',
+    pinned: 'Fijado',
+    pin: 'Fijar habilidad',
+    unpin: 'Desfijar habilidad',
+    pinFailed: 'Error al cambiar estado de fijacion',
+    toggleFailed: 'Error al activar/desactivar la habilidad',
+    source: {
+      builtin: 'Integrado',
+      hub: 'Hub',
+      local: 'Local',
+      external: 'Externo',
+    },
+  },
+
+  // Plugins
+  plugins: {
+    title: 'Plugins',
+    refresh: 'Actualizar',
+    notice: 'Inventario de solo lectura de manifests de plugins Hermes detectables. Los metadatos de descubrimiento se leen sin cargar código de plugins. En v1, la gestión permanece en CLI; los cambios se aplican en nuevas sesiones Hermes.',
+    loadFailed: 'No se pudieron cargar los plugins',
+    commandCopied: 'Comando copiado',
+    searchPlaceholder: 'Buscar key, nombre, descripción, ruta...',
+    source: 'Origen',
+    kind: 'Tipo',
+    statusTitle: 'Estado',
+    configStatus: 'config: {status}',
+    notAvailable: 'n/a',
+    copyCommand: 'Copiar comando',
+    managedElsewhere: 'gestionado en otro lugar',
+    noMatch: 'Ningún plugin coincide con los filtros actuales',
+    enabled: 'activado',
+    disabled: 'desactivado',
+    summary: {
+      total: 'Total',
+      active: 'Activado / auto',
+      inactive: 'Inactivo',
+      disabled: 'Desactivado',
+      providerManaged: 'Gestionado por provider',
+    },
+    status: {
+      enabled: 'Activado',
+      'auto-active': 'Autoactivo',
+      inactive: 'Inactivo',
+      disabled: 'Desactivado',
+      'provider-managed': 'Gestionado por provider',
+    },
+    statusLabel: {
+      enabled: 'Activado por configuración',
+      'auto-active': 'Autoactivo',
+      inactive: 'Inactivo',
+      disabled: 'Desactivado',
+      'provider-managed': 'Gestionado por provider',
+    },
+    configStatuses: {
+      enabled: 'activado',
+      disabled: 'desactivado',
+      'not-enabled': 'no activado',
+      auto: 'auto',
+      'provider-managed': 'gestionado por provider',
+    },
+    table: {
+      plugin: 'Plugin',
+      status: 'Estado',
+      source: 'Origen',
+      kind: 'Tipo',
+      capabilities: 'Capacidades',
+      path: 'Ruta / entrypoint',
+      cli: 'CLI',
+    },
+    capabilities: {
+      tools: '{count} herramientas',
+      hooks: '{count} hooks',
+      env: '{count} env',
+    },
+    metadata: {
+      agentRoot: 'Raíz del agente',
+      python: 'Python',
+      scanCwd: 'Escanear cwd',
+      projectPlugins: 'Plugins del proyecto',
+    },
+  },
+
+  // Memory
+  memory: {
+    title: 'Memoria',
+    refresh: 'Actualizar',
+    loadFailed: 'Error al cargar la memoria',
+    myNotes: 'Mis notas',
+    noNotes: 'Sin notas aun.',
+    notesPlaceholder: 'Escribe tus notas...',
+    userProfile: 'Perfil de usuario',
+    noProfile: 'Sin perfil aun.',
+    profilePlaceholder: 'Escribe tu perfil...',
+    soul: 'Alma',
+    noSoul: 'Sin configuracion de alma aun.',
+    soulPlaceholder: 'Escribe la configuracion del alma...',
+  },
+
+  // Models
+  models: {
+    title: 'Modelos',
+    addProvider: 'Anadir proveedor',
+    providerType: 'Tipo de proveedor',
+    preset: 'Preajuste',
+    custom: 'Personalizado',
+    selectProvider: 'Seleccionar proveedor',
+    chooseProvider: 'Elige un proveedor...',
+    name: 'Nombre',
+    autoGeneratedName: 'Generado automaticamente desde la URL base',
+    baseUrl: 'URL base',
+    region: 'Región',
+    regionIntl: 'Internacional',
+    regionCn: 'China continental',
+    baseUrlPlaceholder: 'ej. https://api.example.com/v1',
+    apiKey: 'Clave API',
+    apiKeyPlaceholder: 'sk-...',
+    defaultModel: 'Modelo predeterminado',
+    selectOrInput: 'Seleccionar o ingresar un modelo...',
+    selectModel: 'Seleccionar un modelo...',
+    providerAdded: 'Proveedor anadido',
+    providerDeleted: 'Proveedor eliminado',
+    deleteProvider: 'Eliminar proveedor',
+    deleteConfirm: 'Estas seguro de que quieres eliminar "{name}"?',
+    codexLoginTitle: 'Inicio de sesión de OpenAI Codex',
+    codexWaiting: 'Ingrese este código en la página de autorización para iniciar sesión:',
+    codexCopyCode: 'Código copiado',
+    codexOpenLink: 'Abrir página de autorización',
+    codexApproved: 'Inicio de sesión exitoso',
+    codexExpired: 'La autorización ha expirado. Por favor, inténtelo de nuevo.',
+    nousLoginTitle: 'Inicio de sesión de Nous Portal',
+    nousWaiting: 'Ingrese este código en la página de autorización:',
+    nousCopyCode: 'Código copiado',
+    nousOpenLink: 'Abrir página de autorización',
+    nousApproved: 'Inicio de sesión exitoso',
+    nousDenied: 'Autorización denegada',
+    nousExpired: 'Autorización expirada',
+    copilotLoginTitle: 'Inicio de sesión de GitHub Copilot',
+    copilotWaiting: 'Abra GitHub e introduzca el código de dispositivo a continuación para autorizar. La ventana se cerrará automáticamente tras la aprobación.',
+    copilotCopyCode: 'Código copiado',
+    copilotOpenLink: 'Abrir la página de autorización de GitHub',
+    copilotApproved: '¡Inicio de sesión exitoso!',
+    copilotDenied: 'Autorización denegada.',
+    copilotExpired: 'El enlace de autorización ha caducado. Vuelva a intentarlo.',
+    copilotAddDetectedTitle: 'GitHub Copilot detectado',
+    copilotAddDetected: 'Se detectó un token OAuth de GitHub Copilot en este equipo. Haz clic en Agregar para habilitar Copilot en Hermes.',
+    copilotAddSourceEnv: 'Origen: ~/.hermes/.env (COPILOT_GITHUB_TOKEN)',
+    copilotAddSourceGhCli: 'Origen: gh CLI (gh auth token)',
+    copilotAddSourceAppsJson: 'Origen: extensión Copilot de VS Code (apps.json)',
+    copilotDeleteHintEnv: 'Esto borrará COPILOT_GITHUB_TOKEN en ~/.hermes/.env. Otras herramientas no se verán afectadas.',
+    copilotDeleteHintGhCli: 'Copilot se ocultará de Hermes. Tu sesión de gh CLI no se verá afectada — `gh auth status` seguirá mostrando que estás conectado.',
+    copilotDeleteHintAppsJson: 'Copilot se ocultará de Hermes. La extensión Copilot de VS Code seguirá conectada.',
+    customBadge: 'PERSONALIZADO',
+    previewBadge: 'VISTA PREVIA',
+    disabledBadge: 'NO DISPONIBLE',
+    disabledTooltip: "Este modelo no está disponible para tu cuenta.",
+    customModelPlaceholder: 'ID de modelo no listado',
+    customModelHint: 'Para modelos compatibles con el proveedor que la API no devuelve; no es un cambio de nombre visible. Enter para cargar.',
+    noProviders: 'No se encontraron proveedores. Anade un proveedor personalizado para comenzar.',
+    clearVisibleModels: 'Borrar selección',
+    currentDefault: 'Predeterminado actual',
+    defaultShort: 'Predeterminado',
+    builtIn: 'Integrado',
+    customType: 'Personalizado',
+    provider: 'Proveedor',
+    contextLength: 'Longitud del contexto',
+    contextLengthPlaceholder: 'ej. 256000 (opcional)',
+    local: 'Local ({host})',
+    selectProviderRequired: 'Por favor, selecciona un proveedor',
+    baseUrlRequired: 'La URL base es obligatoria',
+    apiKeyRequired: 'La clave API es obligatoria',
+    modelRequired: 'El modelo predeterminado es obligatorio',
+    enterBaseUrl: 'Por favor, introduce primero la URL base',
+    unexpectedFormat: 'Formato de respuesta inesperado',
+    foundModels: '{count} modelos encontrados',
+    fetchFailed: 'Error al obtener los modelos',
+    xaiWaiting: 'Completa la autorización en la página de xAI abierta. La ventana se cerrará automáticamente al aprobarse.',
+    xaiOpenLink: 'Abrir página de autorización de xAI',
+    xaiLoginTitle: 'Inicio de sesión OAuth de xAI Grok',
+    xaiExpired: 'El enlace de autorización expiró. Inténtalo de nuevo.',
+    xaiCopyLink: 'Copiar enlace de autorización',
+    xaiApproved: '¡Inicio de sesión correcto!',
+    visibilitySelectOne: 'Mantén al menos un modelo visible',
+    visibilitySaved: 'Modelos visibles guardados',
+    visibilitySaveFailed: 'No se pudieron guardar los modelos visibles',
+    visibilityHint: 'Solo afecta al selector de modelos y a la página de modelos de Web UI. No modifica la configuración provider/model de Hermes CLI; las llamadas siguen usando el ID original del modelo.',
+    showAllModels: 'Mostrar todos los modelos',
+    searchPlaceholder: 'Buscar modelos...',
+    removeCustomModel: 'Eliminar este modelo no listado',
+    more: 'más',
+    models: 'Lista de modelos',
+    manageVisibleModelsFor: 'Gestionar modelos visibles de {name}',
+    manageVisibleModels: 'Gestionar modelos visibles',
+    getApiKey: 'Obtener API Key',
+    count: 'modelos',
+    aliasUseOriginal: 'Restaurar ID original',
+    aliasTitleFor: 'Nombre visible de {model}',
+    aliasTitle: 'Nombre visible del modelo',
+    aliasSaveFailed: 'No se pudo guardar el nombre visible',
+    aliasPlaceholder: 'Dejar vacío para usar el ID original del modelo',
+    aliasManageFor: 'Nombres visibles de {provider}',
+    aliasManage: 'Nombres visibles',
+    aliasHint: 'Solo cambia el nombre visible en Web UI. Hermes sigue recibiendo el ID original del modelo.',
+    aliasEdit: 'Renombrar',
+    aliasCanonical: 'ID original: {model}',
+  },
+
+  // Profiles
+  profiles: {
+    title: 'Perfiles',
+    create: 'Crear perfil',
+    import: 'Importar',
+    export: 'Exportar',
+    rename: 'Renombrar',
+    delete: 'Eliminar',
+    switchTo: 'Cambiar Hermes Profile',
+    switchConfirm: 'Esto ejecutara `hermes profile use {name}` y cambiara el active profile de Hermes CLI. Continuar?',
+    switchSuccess: 'Hermes active profile cambiado a "{name}"',
+    switchFailed: 'Error al cambiar Hermes Profile. Es posible que la pasarela necesite un reinicio manual.',
+    createSuccess: 'Perfil "{name}" creado',
+    createFailed: 'Error al crear el perfil',
+    renameSuccess: 'Perfil renombrado',
+    renameFailed: 'Error al renombrar el perfil',
+    deleteConfirm: 'Estas seguro de que quieres eliminar el perfil "{name}"?',
+    deleteSuccess: 'Perfil eliminado',
+    deleteFailed: 'Error al eliminar el perfil',
+    exportSuccess: 'Perfil exportado',
+    exportFailed: 'Error al exportar el perfil',
+    importSuccess: 'Perfil importado',
+    importFailed: 'Error al importar el perfil',
+    importSelectFile: 'Seleccionar archivo de archivo',
+    importInvalidFile: 'Por favor, selecciona un archivo valido (.tar.gz, .tgz, .gz, .zip)',
+    name: 'Nombre del perfil',
+    namePlaceholder: 'Solo letras, numeros y guiones',
+    nameValidation: 'El nombre del perfil solo puede contener letras minúsculas, números, guiones bajos y guiones',
+    newName: 'Nuevo nombre',
+    newNamePlaceholder: 'Introduce un nuevo nombre',
+    cloneFromCurrent: 'Clonar desde el perfil actual',
+    cloneCleanupNotice: 'Al clonar se omiten automáticamente las credenciales exclusivas de plataforma (Weixin / Telegram / Slack, etc.) para evitar conflictos con el perfil de origen',
+    cloneStrippedCredentials: 'Se eliminaron {count} credenciales exclusivas: {list}',
+    cloneDisabledPlatforms: 'Se deshabilitaron {count} plataforma(s): {list}',
+    cloneStrippedConfigCredentials: 'Se eliminaron {count} credencial(es) integradas de config.yaml: {list}',
+    archivePath: 'Ruta del archivo',
+    archivePathPlaceholder: 'Ruta del servidor al archivo de archivo',
+    importName: 'Nombre del perfil (opcional)',
+    importNamePlaceholder: 'Dejar vacio para usar el nombre del archivo',
+    active: 'Activo',
+    model: 'Modelo',
+    gateway: 'Pasarela',
+    alias: 'Alias',
+    provider: 'Proveedor',
+    path: 'Ruta',
+    skills: 'Habilidades',
+    hasEnv: 'Tiene .env',
+    hasSoulMd: 'Tiene soul.md',
+    noProfiles: 'No se encontraron perfiles. Crea uno para comenzar.',
+    avatar: {
+      title: 'Avatar personalizado',
+      customize: 'Personalizar avatar',
+      upload: 'Subir imagen',
+      random: 'Generar aleatorio',
+      reset: 'Restaurar predeterminado',
+      hint: 'PNG, JPEG o WebP, máximo 1 MB',
+      invalidType: 'Elige una imagen PNG, JPEG o WebP',
+      tooLarge: 'La imagen del avatar no puede superar 1 MB',
+      saveSuccess: 'Avatar guardado',
+      saveFailed: 'No se pudo guardar el avatar',
+      resetSuccess: 'Avatar predeterminado restaurado',
+      resetFailed: 'No se pudo restaurar el avatar predeterminado',
+    },
+    runtime: {
+      activeProfile: 'Actual: {name}',
+      bridgeWorker: 'Estado del Bridge',
+      gateway: 'Puerta de enlace',
+      active: 'Activo',
+      activeTag: 'Actual',
+      idle: 'Inactivo',
+      checking: 'Comprobando',
+      running: 'En ejecución',
+      stopped: 'Detenido',
+      restartGateway: 'Reiniciar gateway',
+      restartProfile: 'Reiniciar perfil',
+      switchProfile: 'Cambiar perfil frontend',
+      gatewayRestarted: 'Gateway reiniciado: {name}',
+      gatewayRestartFailed: 'No se pudo reiniciar el gateway',
+      profileRestarted: 'Perfil reiniciado: {name}',
+      profileRestartFailed: 'No se pudo reiniciar el perfil',
+    },
+  },
+
+  // Logs
+  logs: {
+    title: 'Registros',
+    all: 'Todos',
+    searchPlaceholder: 'Buscar...',
+    refresh: 'Actualizar',
+    noEntries: 'Sin entradas de registro',
+  },
+
+  // Settings
+  settings: {
+    title: 'Configuracion',
+    saved: 'Guardado',
+    saveFailed: 'Error al guardar',
+    tabs: {
+      display: 'Pantalla',
+      account: 'Cuenta actual',
+      users: 'Gestion de cuentas',
+      agent: 'Agente',
+      memory: 'Memoria',
+      compression: 'Compresion',
+      session: 'Sesion',
+      privacy: 'Privacidad',
+      apiServer: 'Servidor API',
+      models: 'Modelos',
+      voice: 'Voz',
+    },
+    display: {
+      streaming: 'Respuestas en streaming',
+      streamingHint: 'Mostrar respuestas de la IA en tiempo real',
+      compact: 'Modo compacto',
+      compactHint: 'Reducir el espaciado entre mensajes',
+      showReasoning: 'Mostrar razonamiento',
+      showReasoningHint: 'Mostrar el proceso de pensamiento del modelo',
+      showCost: 'Mostrar costo',
+      showCostHint: 'Mostrar uso de tokens en las respuestas',
+      inlineDiffs: 'Diffs en linea',
+      inlineDiffsHint: 'Mostrar cambios de codigo en linea',
+      bellOnComplete: 'Sonido de finalizacion',
+      bellOnCompleteHint: 'Reproducir un sonido cuando la IA termina',
+      busyInputMode: 'Modo de entrada ocupada',
+      busyInputModeHint: 'Permitir entrada mientras la IA procesa',
+      theme: 'Tema',
+      themeHint: 'Elige claro, oscuro o seguir la preferencia del sistema',
+      themeLight: 'Claro',
+      themeDark: 'Oscuro',
+      themeSystem: 'Sistema',
+    },
+    agent: {
+      maxTurns: 'Turnos maximos',
+      maxTurnsHint: 'Rondas maximas de interaccion por conversacion',
+      gatewayTimeout: 'Tiempo de espera de la pasarela',
+      gatewayTimeoutHint: 'Tiempo de espera de la peticion en segundos',
+      restartDrainTimeout: 'Tiempo de drenado al reiniciar',
+      restartDrainTimeoutHint: 'Tiempo de drenado antes de reiniciar en segundos',
+      toolEnforcement: 'Aplicacion de herramientas',
+      toolEnforcementHint: 'Controlar el modo de ejecucion de llamadas a herramientas',
+      auto: 'Automatico',
+      always: 'Siempre',
+      never: 'Nunca',
+    },
+    memory: {
+      enabled: 'Activar memoria',
+      enabledHint: 'Permitir que la IA recuerde el contexto de la conversacion',
+      userProfile: 'Perfil de usuario',
+      userProfileHint: 'Permitir que la IA recuerde las preferencias del usuario',
+      charLimit: 'Limite de caracteres de memoria',
+      charLimitHint: 'Maximo de caracteres para MEMORY.md',
+      userCharLimit: 'Limite de caracteres del perfil de usuario',
+      userCharLimitHint: 'Maximo de caracteres para USER.md',
+    },
+    compression: {
+      enabled: 'Activar compresion',
+      enabledHint: 'Comprimir automaticamente el historial largo antes de superar el contexto del modelo',
+      threshold: 'Umbral de compresion',
+      thresholdHint: 'Iniciar compresion cuando los tokens estimados superen esta proporcion del contexto',
+      targetRatio: 'Proporcion objetivo',
+      targetRatioHint: 'Tamano objetivo del historial tras comprimir como proporcion del contexto',
+      protectLastN: 'Proteger mensajes recientes',
+      protectLastNHint: 'Mantener sin comprimir esta cantidad de mensajes recientes',
+      protectFirstN: 'Proteger primeros mensajes',
+      protectFirstNHint: 'Mantener sin comprimir esta cantidad de mensajes iniciales',
+    },
+    session: {
+      mode: 'Modo de reinicio',
+      modeHint: 'Condicion de activacion del reinicio de sesion',
+      modeBoth: 'Inactividad + Programado',
+      modeIdle: 'Solo inactividad',
+      modeDaily: 'Solo programado',
+      modeNone: 'Nunca (solo manual)',
+      idleMinutes: 'Tiempo de inactividad',
+      idleMinutesHint: 'Tiempo de espera antes del reinicio automatico (minutos)',
+      atHour: 'Hora de reinicio programado',
+      humanOnly: 'Mostrar solo sesiones humanas',
+      humanOnlyHint: 'Oculta por defecto el ruido de subagentes y del monitor de sesiones',
+      liveMonitorHumanOnly: 'Monitor en vivo: mostrar solo sesiones humanas',
+      liveMonitorHumanOnlyHint: 'Oculta por defecto el ruido de subagentes y del monitor de sesiones en el monitor en vivo',
+      atHourHint: 'Reiniciar sesion a esta hora todos los dias',
+      requireAuth: 'Autorización de sesión',
+      requireAuthHint: 'Requiere autorización para operaciones de sesión',
+    },
+    privacy: {
+      redactPii: 'Ocultar informacion personal',
+      redactPiiHint: 'Detectar y ocultar automaticamente informacion sensible (contrasenas, claves, etc.)',
+    },
+    apiServer: {
+      enable: 'Activar',
+      enableHint: 'Activar servidor API',
+      host: 'Host',
+      hostHint: 'Direccion de escucha',
+      port: 'Puerto',
+      portHint: 'Puerto de escucha',
+      key: 'Clave',
+      keyHint: 'Clave de acceso API',
+      cors: 'Origenes CORS',
+      corsHint: 'Fuentes cross-origin permitidas',
+    },
+    voice: {
+      ttsProvider: 'Proveedor TTS',
+      ttsProviderHint: 'Elija el motor de texto a voz para la reproduccion de mensajes',
+      providerWebSpeech: 'WebSpeech API (Navegador)',
+      providerOpenai: 'OpenAI TTS',
+      providerCustom: 'Endpoint personalizado (compatible con OpenAI)',
+      providerEdge: 'Edge TTS (Gratuito, sin clave API)',
+
+      // WebSpeech
+      webspeechVoice: 'Voz',
+      webspeechVoiceHint: 'Seleccione una voz de su navegador o sistema operativo',
+      webspeechVoicePlaceholder: 'Auto (voz predeterminada)',
+
+      // OpenAI
+      openaiKey: 'Clave API',
+      openaiKeyHint: 'Su clave API de OpenAI con acceso TTS',
+      openaiUrl: 'URL base de API',
+      openaiUrlHint: 'ej. https://api.openai.com/v1/audio/speech',
+      openaiModel: 'Modelo',
+      openaiModelHint: 'tts-1 (mas rapido) / tts-1-hd (mayor calidad)',
+      openaiVoice: 'Voz',
+      openaiVoiceHint: 'Voz a utilizar para la sintesis',
+
+      // Custom endpoint
+      customHint: 'Utilice cualquier API TTS compatible con OpenAI — funciona con GPT-SoVITS, CosyVoice, etc.',
+      customUrl: 'URL de API',
+      customUrlHint: 'URL base de su servicio TTS',
+      customUrlPlaceholder: 'Direccion configurada en el adaptador local, ej. http://127.0.0.1:9880',
+      customApiKey: 'Clave API (opcional)',
+      customApiKeyHint: 'Algunos endpoints personalizados requieren autenticacion',
+      customApiKeyPlaceholder: 'Dejar en blanco si no es necesario',
+
+      // Edge TTS
+      edgeHint: 'Impulsado por Microsoft Edge TTS (node-edge-tts).',
+      edgeUrl: 'URL del adaptador',
+      edgeUrlHint: 'Direccion del adaptador Edge TTS, ej. http://127.0.0.1:9882',
+      edgeUrlPlaceholder: 'http://127.0.0.1:9882',
+      edgeVoice: 'Voz',
+      edgeVoiceHint: 'Seleccione una voz para la sintesis de voz',
+      edgeRate: 'Velocidad',
+      edgeRateHint: 'Ajustar velocidad del habla (0.5x ~ 2.0x)',
+      edgePitch: 'Tono',
+      edgePitchHint: 'Ajustar tono del habla (-20 ~ +20 Hz)',
+
+      // Test
+      testTitle: 'Prueba de voz',
+      testText: 'Texto de prueba',
+      testTextPlaceholder: 'Ingrese texto para probar...',
+      testTextDefault: 'Hola, esta es una prueba de voz.',
+      testButton: 'Probar',
+      testButtonPlaying: 'Reproduciendo...',
+      testFailed: 'Prueba fallida: {error}',
+
+      // MiMo TTS
+      providerMimo: 'MiMo TTS',
+      mimoHint: 'Xiaomi MiMo TTS — voces predefinidas, diseño de voz y clonación de voz',
+      mimoApiKey: 'Clave API',
+      mimoApiKeyHint: 'Obtenga su clave en platform.xiaomimimo.com',
+      mimoApiKeyPlaceholder: 'Clave API MiMo',
+      mimoBaseUrl: 'URL base',
+      mimoBaseUrlHint: 'URL del endpoint de la API MiMo',
+      mimoModel: 'Modelo',
+      mimoModelHint: 'Seleccione el modelo de síntesis de voz',
+      mimoModelPreset: 'Voces predefinidas',
+      mimoModelVoiceDesign: 'Diseño de voz',
+      mimoModelVoiceClone: 'Clonación de voz',
+      mimoVoice: 'Voz',
+      mimoVoiceHint: 'Seleccione una voz predefinida',
+      mimoVoiceDesignPrompt: 'Descripción de voz',
+      mimoVoiceDesignPromptHint: 'Describa las características de voz deseadas',
+      mimoVoiceDesignPromptPlaceholder: 'Ej: Una voz femenina cálida y joven, algo lenta, con tono magnético',
+      mimoCloneAudio: 'Subir audio',
+      mimoCloneAudioHint: 'Suba una muestra de audio para clonación (mp3/wav, máx. 10 MB)',
+      mimoCloneAudioUpload: 'Elegir archivo',
+      mimoCloneAudioClear: 'Borrar',
+      mimoStylePrompt: 'Indicador de estilo',
+      mimoStylePromptHint: 'Opcional — describa el estilo de habla en lenguaje natural',
+      mimoStylePromptPlaceholder: 'Ej: Tono brillante y animado, ritmo rápido',
+    },
+    lockedIps: {
+      title: 'IPs bloqueadas',
+      count: '{count} bloqueadas',
+      empty: 'Sin IPs bloqueadas',
+      unlock: 'Desbloquear',
+      unlockAll: 'Desbloquear todo',
+      unlockAllConfirm: 'Desbloquear todas las IPs?',
+      unlocked: 'IP desbloqueada',
+      allUnlocked: '{count} IPs desbloqueadas',
+    },
+    models: {
+      apiKey: 'API Key',
+      apiKeyPlaceholder: 'Introduce API Key',
+      noProviders: 'No hay proveedores configurados',
+      save: 'Guardar',
+      saveFailed: 'Error al guardar',
+      saved: 'Guardado',
+    },
+  },
+  githubPreview: {
+    title: "Vista previa de versión",
+    description: "Clona el tag de GitHub seleccionado en el espacio de vista previa de Web UI, instala dependencias y lo ejecuta con los puertos de desarrollo.",
+    refresh: "Actualizar",
+    selectTag: "Selecciona un tag",
+    prepare: "Preparar código",
+    install: "Instalar dependencias",
+    start: "Iniciar vista previa",
+    stop: "Detener",
+    note: "El código de vista previa se guarda bajo el directorio de datos de Web UI. Producción sigue en el puerto 8648; la vista previa usa frontend 8651 y backend 8650.",
+    path: "Ruta de vista previa",
+    webuiHome: "Datos de vista previa",
+    currentTag: "Tag actual",
+    repoReady: "Repositorio listo",
+    dependencies: "Dependencias instaladas",
+    running: "Estado",
+    notRunning: "No ejecutándose",
+    open: "Abrir vista previa",
+    log: "Ruta del log de acciones",
+    logOutput: "Salida de logs",
+    actionLog: "Log de acciones",
+    devLog: "Log del servidor dev",
+    yes: "Sí",
+    no: "No",
+    actionFailed: "Acción fallida",
+    nodeEnvironmentMissing: "No se detectó Node/npm. Instala Node.js y vuelve a intentarlo.",
+    prepareSuccess: "Código de vista previa listo",
+    installSuccess: "Dependencias instaladas",
+    startSuccess: "Vista previa completada",
+    stopSuccess: "Vista previa detenida",
+  },
+
+  codingAgents: {
+    title: "Agentes de código",
+    notice: "No todos los proveedores y modelos son compatibles.",
+    claudeDescription: "CLI de Anthropic para tareas únicas en print mode y sesiones interactivas de código.",
+    codexDescription: "CLI de OpenAI y flujo del proveedor openai-codex de Hermes para tareas de repositorio.",
+    copyCommand: "Copiar",
+    commandCopied: "Comando copiado",
+    commandCopyFailed: "Error al copiar",
+    refresh: "Actualizar",
+    checking: "Comprobando",
+    installStatus: "Estado de instalación",
+    installed: "Instalado",
+    notInstalled: "No instalado",
+    installNow: "Instalar",
+    installing: "Instalando",
+    installSuccess: "Instalado",
+    installFailed: "Error de instalación",
+    nodeEnvironmentMissing: "No se detectó Node/npm. Instala Node.js y vuelve a intentarlo.",
+    deleteNow: "Eliminar",
+    deleting: "Eliminando",
+    deleteSuccess: "Eliminado",
+    deleteFailed: "Error al eliminar",
+    configFiles: "Archivos de configuración",
+    profileScope: "Perfil",
+    providerScope: "Proveedor",
+    providerPlaceholder: "p. ej. custom:glm",
+    modelScope: "Modelo",
+    modelPlaceholder: "Selecciona modelo",
+    launchModeScope: "Modo de inicio",
+    launchModeGlobal: "Configuración global",
+    launchModeScoped: "Proveedor y modelo",
+    protocolScope: "Protocolo",
+    protocolOpenAiChat: "OpenAI Chat Completions (/v1/chat/completions)",
+    protocolOpenAiResponses: "OpenAI Responses (/v1/responses)",
+    protocolAnthropicMessages: "Anthropic Messages (/v1/messages)",
+    reloadConfig: "Recargar configuración",
+    configFileNotCreated: "No creado",
+    configLoadFailed: "No se pudo leer el archivo de configuración",
+    loadFailed: "No se pudieron inspeccionar los agentes de código",
+    launch: "Iniciar",
+    launchTitle: "Iniciar agente de código",
+    nativeTerminal: "Terminal nativa",
+    builtInTerminal: "Terminal integrada",
+    launchPrepared: "Configuración de inicio preparada",
+    launchPrepareFailed: "No se pudo preparar la configuración de inicio",
+    nativeLaunchStarted: "Terminal nativa abierta",
+    nativeLaunchFailed: "No se pudo abrir la terminal nativa",
+    terminalTitle: "Terminal del agente de código",
+    loadProvidersFailed: "No se pudieron cargar proveedores del perfil actual",
+    selectProviderModel: "Selecciona un proveedor y un modelo",
+    launchConfigDir: "Directorio de configuración de inicio",
+    launchCommand: "Comando de inicio",
+    table: {
+      tool: "Herramienta",
+      kind: "Paso",
+      command: "Comando",
+      note: "Nota",
+      action: "Acción",
+    },
+    kinds: {
+      install: "Instalar",
+      auth: "Autenticación",
+      health: "Salud",
+      run: "Ejecutar",
+    },
+    notes: {
+      claudeInstall: "Instala la CLI de Claude Code globalmente.",
+      codexInstall: "Instala la CLI de Codex globalmente.",
+      claudeAuth: "Comprueba el inicio de sesión de Claude Code; ejecuta claude una vez si falta.",
+      codexAuth: "Agrega credenciales OAuth de OpenAI Codex gestionadas por Hermes.",
+      claudeHealth: "Comprueba el actualizador y el estado de la CLI local.",
+      codexHealth: "Confirma que la CLI de Codex está disponible en PATH.",
+      claudeRun: "Print mode es la ruta más limpia para tareas únicas impulsadas por API.",
+      codexRun: "Las tareas únicas de Codex deben ejecutarse dentro de un repositorio git.",
+    },
+  },
+
+  // Platform channel settings
+  platform: {
+    requireMention: "Requerir mencion {'@'}",
+    requireMentionGroup: "Requerir mencion {'@'} en grupos para responder",
+    requireMentionChannel: "Requerir mencion {'@'} en canales para responder",
+    requireMentionRoom: "Requerir mencion {'@'} en salas para responder",
+    reactions: 'Reacciones',
+    reactionsHint: 'Reaccionar a mensajes con emoji',
+    freeResponseChats: 'Chats de respuesta libre',
+    freeResponseChatsHint: "IDs de chats que responden sin mencion {'@'} (separados por comas)",
+    freeResponseChannels: 'Canales de respuesta libre',
+    freeResponseChannelsHint: "IDs de canales que responden sin mencion {'@'} (separados por comas)",
+    freeResponseRooms: 'Salas de respuesta libre',
+    freeResponseRoomsHint: "IDs de salas que responden sin mencion {'@'} (separados por comas)",
+    mentionPatterns: 'Patrones de mencion personalizados',
+    mentionPatternsHint: 'Patrones de activacion adicionales',
+    autoThread: 'Hilo automatico',
+    autoThreadHint: "Crear automaticamente hilos de respuesta despues de mencion {'@'}",
+    autoThreadHintRoom: 'Crear automaticamente hilos de respuesta en salas',
+    dmMentionThreads: 'Hilos de mencion en MD',
+    dmMentionThreadsHint: 'Usar hilos de respuesta para menciones en mensajes directos',
+    allowBots: 'Permitir mensajes de bots',
+    allowBotsHint: 'Responder a mensajes de otros bots',
+    allowedChannels: 'Canales permitidos',
+    allowedChannelsHint: 'Lista blanca de IDs de canales (separados por comas)',
+    ignoredChannels: 'Canales ignorados',
+    ignoredChannelsHint: 'Canales donde el bot nunca responde (separados por comas)',
+    noThreadChannels: 'Canales sin hilo',
+    noThreadChannelsHint: 'Canales donde el bot responde sin hilos (separados por comas)',
+    exclusiveTokenWarning: 'Esta plataforma usa bloqueo exclusivo de token. Cada perfil debe usar un token de identidad distinto para evitar conflictos con otros perfiles.',
+    botToken: 'Token del bot',
+    botTokenHint: 'Token del bot del portal de desarrolladores',
+    accessToken: 'Token de acceso',
+    accessTokenHint: 'Token de acceso de Matrix',
+    homeserver: 'URL del homeserver',
+    homeserverHint: 'URL del homeserver de Matrix',
+    appId: 'ID de aplicacion',
+    appIdHint: 'ID de aplicacion de Feishu',
+    appSecret: 'Secreto de aplicacion',
+    appSecretHint: 'Secreto de aplicacion de Feishu',
+    clientId: 'ID de cliente',
+    clientIdHint: 'ID de cliente de DingTalk',
+    clientSecret: 'Secreto de cliente',
+    clientSecretHint: 'Secreto de cliente de DingTalk',
+    cardTemplateId: 'ID de plantilla de tarjeta IA',
+    cardTemplateIdHint: 'ID de plantilla de tarjeta IA de DingTalk; déjelo vacío para desactivar las tarjetas IA',
+    botId: 'ID del bot',
+    botIdHint: 'ID del bot de WeCom',
+    wecomSecretHint: 'Secreto del bot de WeCom',
+    waEnabled: 'Activar WhatsApp',
+    waEnabledHint: 'Activar WhatsApp mediante emparejamiento por codigo QR',
+    weixinToken: 'Token de Weixin',
+    weixinTokenHint: 'Desde el inicio de sesion QR de la CLI de weixin (hermes weixin)',
+    accountId: 'ID de cuenta',
+    accountIdHint: 'ID de cuenta de Weixin',
+    qrLogin: 'Inicio de sesion QR',
+    qrRelogin: 'Volver a iniciar sesion',
+    qrFetching: 'Obteniendo codigo QR...',
+    qrScanHint: 'Escanea con WeChat para iniciar sesion',
+    qrScanedHint: 'Escaneado, por favor confirma en el telefono...',
+    qqSandboxHint: 'Habilitar entorno sandbox (para pruebas)',
+    qqSandbox: 'Modo sandbox',
+    qqQrScanHint: 'Escanea el código QR con QQ o abre el enlace en el teléfono para completar la vinculación',
+    qqMarkdownHint: 'Habilitar mensajes con formato Markdown (algunos clientes pueden no soportarlo)',
+    qqMarkdown: 'Soporte Markdown',
+    qqAppSecretHint: 'App Secret del bot de QQ Open Platform',
+    qqAppSecret: 'App Secret',
+    qqAppIdHint: 'App ID del bot de QQ Open Platform',
+    qqAppId: 'App ID',
+    allowedUsersHint: 'Lista blanca de IDs de usuario u OpenID, separados por comas',
+    allowedUsers: 'Usuarios permitidos',
+    allowAllUsersHint: 'Permite mensajes de cualquier usuario; desactívalo para usar la lista blanca',
+    allowAllUsers: 'Permitir todos los usuarios',
+  },
+
+  // Language
+  language: {
+    label: 'Idioma',
+    zh: '中文',
+    en: 'English',
+    es: 'Espanol',
+  },
+
+  // Terminal
+  terminal: {
+    sessions: 'Sesiones',
+    newTab: 'Nueva terminal',
+    closeSession: 'Cerrar esta sesion?',
+    sessionExited: 'Finalizada',
+    processExited: 'Proceso finalizado con codigo {code}',
+    noSessions: 'No hay sesiones de terminal',
+    connectionFailed: 'No se pudo conectar al terminal',
+    connectionError: 'Error de conexión',
+    connectionClosed: 'Conexión cerrada',
+  },
+
+  // Usage
+  usage: {
+    title: 'Estadisticas de uso',
+    refresh: 'Actualizar',
+    totalTokens: 'Total de tokens',
+    inputTokens: 'Entrada',
+    outputTokens: 'Salida',
+    totalSessions: 'Total de sesiones',
+    avgPerDay: '~{n}/dia de promedio',
+    estimatedCost: 'Costo est.',
+    cacheHitRate: 'Tasa de acierto de cache',
+    modelBreakdown: 'Desglose por modelo',
+    dailyTrend: 'Uso diario',
+    date: 'Fecha',
+    tokens: 'Tokens',
+    cache: 'Caché',
+    cacheRead: 'Lectura de caché',
+    cacheWrite: 'Escritura de caché',
+    sessions: 'Sesiones',
+    cost: 'Costo',
+    noData: 'Sin datos de uso',
+  },
+
+  skillsUsage: {
+    title: 'Uso de habilidades',
+    subtitle: 'Sigue las cargas y ediciones de habilidades en sesiones de Hermes',
+    refresh: 'Actualizar',
+    periodSelector: 'Periodo de uso de habilidades',
+    periodLabel: '{days} d',
+    summary: 'Resumen',
+    totalActions: 'Acciones',
+    loads: 'Cargas',
+    edits: 'Ed.',
+    distinctSkills: 'Habs.',
+    topSkills: 'Top habs.',
+    dailyTrend: 'Tendencia diaria',
+    periodSummary: 'Últimos {days} días',
+    skill: 'Hab.',
+    share: '%',
+    lastUsed: 'Últ. uso',
+    noData: 'No hay datos de uso de habilidades',
+    loadFailed: 'No se pudo cargar el uso de habilidades',
+    otherSkills: 'Otras habs.',
+  },
+
+  // Registro de cambios
+  changelog: {
+    new_0_6_7_1: 'La app de escritorio ahora usa el puerto 8748 por defecto, permite acceso desde la red local y puede abrirse directamente desde un navegador local',
+    new_0_6_7_9: 'Los enlaces de descarga de escritorio ya están disponibles en el sitio oficial https://hermes-studio.ai/, y los instaladores más recientes siguen disponibles en GitHub Releases',
+    new_0_6_7_2: 'Las herramientas MCP quedan más completas con arreglos de discovery en bridge, ciclo de vida de gestión MCP y controles de visibilidad por modelo en el gestor',
+    new_0_6_7_3: 'Las listas de mensajes centran mejor el estado vacío, reducen saltos de scroll, evitan mostrar mensajes del chat activo mientras carga History, preservan la posición por sesión y hacen fade-in de 1,5 segundos al cambiar de sesión',
+    new_0_6_7_4: 'Bridge y runtime son más estables al preservar el orden texto/tool-call, corregir la carga de estado runtime de Profile, mejorar detección Node/npm y evitar crear directorios de datos en producción',
+    new_0_6_7_5: 'La distribución Desktop cubre empaquetado Electron, nombre de app, builds preload, subida de artifacts, inicio Hermes CLI en Windows, iconos Linux y rutas de datos escribibles, macOS sin certificados de firma y subprocesos ocultos al iniciar en Windows',
+    new_0_6_7_6: 'El sitio web suma página de descargas y workflow de deploy, con deploy corregido en entornos sin rsync',
+    new_0_6_7_7: 'Arreglos de servidor y auth usan dirname para credenciales en Windows y suben el límite de avatar para evitar errores 413 con imágenes grandes',
+    new_0_6_7_8: 'Se agregan harness del repositorio, documentación de validación y guías de agentes para Coding Agents, y se eliminan docs antiguas de setup scripts',
+    new_0_6_4_1: 'CI se refuerza con instalación npm fijada y cobertura Docker smoke para PRs',
+    new_0_6_4_2: 'El chat ahora usa paginación virtualizada para que conversaciones largas se desplacen y carguen con más fiabilidad',
+    new_0_6_4_3: 'La publicación de imágenes Docker ahora solo se ejecuta en releases, no en checks normales de PR',
+    new_0_6_4_4: 'Version Preview está disponible para super admins, con selección main/tag, checkout de preview, instalación de dependencias, controles start/stop y logs',
+    new_0_6_4_5: 'Las instancias preview aíslan puertos frontend/backend, Web UI home y agent bridge endpoint, con parches runtime para tags antiguos que cubren puertos, WebSocket, base URL y navegación preview anidada',
+    new_0_6_4_6: 'Las tablas legacy session_usage sin created_at ahora migran de forma segura con un valor predeterminado',
+    new_0_6_4_7: 'Los endpoints de bridge profile worker ahora se separan por broker endpoint, evitando que producción y preview con el mismo Profile se roben worker sockets y causen errores unknown run',
+    new_0_6_5_1: 'Coding Agents añade un flujo completo de inicio para Claude Code y Codex, con configuración global, workspaces aislados por profile/provider y terminal integrada o nativa',
+    new_0_6_5_2: 'El inicio de Codex soporta OpenAI Chat Completions, OpenAI Responses y Anthropic Messages, con proxy local para adaptar distintos proveedores',
+    new_0_6_5_3: 'Coding Agents es más estable en Windows con detección de shims .cmd/.bat, correcciones de terminal y Claude Code custom model sin validación local de modelos',
+    new_0_6_5_4: 'Listas de mensajes, paginación History, autenticación TTS, menciones de agentes en chat grupal, supresión de checks de actualización y bridge worker transport mejoran la estabilidad',
+    new_0_6_3_1: 'El estado del spinner de Bridge ya no se guarda como reasoning del modelo, evitando que texto decorativo de thinking contamine el contexto futuro',
+    new_0_6_3_2: 'History ahora incluye controles para importar sesiones de Hermes CLI al historial local de Web UI con normalizacion de mensajes mas segura',
+    new_0_6_3_3: 'La configuracion de Provider admite base URLs integradas editables, LM Studio como provider integrado y descubrimiento en vivo desde LM Studio /models',
+    new_0_6_3_4: 'Las solicitudes OpenRouter enviadas por el bridge de Web UI ahora incluyen headers de atribucion de la app Hermes Web UI',
+    new_0_6_3_5: 'El endpoint publico de auth status ya no expone el primer nombre de usuario a solicitudes no autenticadas',
+    new_0_6_3_6: 'La configuracion de DingTalk ahora incluye un campo AI Card Template ID persistido como DINGTALK_CARD_TEMPLATE_ID',
+    new_0_6_3_7: 'La salida JSON del socket Bridge limpia caracteres Unicode surrogate aislados para evitar caidas de SSE durante el chat',
+    new_0_6_2_1: 'Web Bridge ahora soporta comandos /plan con inicio correcto del run y estado visible del comando',
+    new_0_6_2_2: 'El menú de comandos del input de chat ahora incluye /goal y /subgoal, con acciones de estado, pausa, reanudar, finalizar y limpiar',
+    new_0_6_2_3: 'Los flujos de Goal y subgoal se integran con sesiones de chat, incluyendo continuaciones de objetivos y actualizaciones de estado',
+    new_0_6_2_4: 'Se restauran las opciones de canal destino para jobs, permitiendo que los jobs programados elijan el destino previsto',
+    new_0_6_2_5: 'El uso de tokens de contexto se reanuda con precisión tras reconexiones mediante cálculos conscientes del snapshot',
+    new_0_6_2_6: 'La compresión de checkpoints de contexto es más fiable con resúmenes Codex lentos: Web UI espera 5 minutos y el Python bridge broker ya no corta requests de worker a los 2 minutos',
+    new_0_6_2_7: 'La promoción de cola de chat está corregida para que los mensajes queued no salten antes de tiempo a la lista, incluso en ventanas sincronizadas',
+    new_0_6_2_8: 'Los prompts Clarify ya no envían respuestas de texto libre con Enter y los prompts respondidos no se reabren al cambiar de sesión',
+    new_0_6_2_9: 'El refresco de entorno del terminal Bridge y la limpieza de stale pid quedan mejor acotados, reduciendo estados runtime obsoletos en la UI',
+    new_0_6_2_10: 'La longitud de contexto predeterminada ahora sigue el estándar Hermes de 256.000 tokens',
+    new_0_5_35_1: 'Las sesiones Bridge ahora pueden ejecutarse en paralelo entre distintos sessions, mientras los runs del mismo session siguen serializados para conservar el orden',
+    new_0_5_35_2: 'Añade la página Performance Monitor para CPU/memoria del sistema, Web UI, Bridge Broker, Workers y estado de sesiones activas',
+    new_0_5_35_3: 'Añade métricas por worker con CPU, memoria, Profile, número de sesiones y estado de ejecución',
+    new_0_5_35_4: 'Mejora la limpieza del ciclo de vida de Bridge workers para recuperar workers al cerrar el Broker o terminar el proceso padre y reducir procesos Python huérfanos',
+    new_0_5_35_5: 'Refuerza la compatibilidad del monitoreo con fallbacks de recursos para macOS, Windows, Linux, Docker y Termux',
+    new_0_5_35_6: 'Performance Monitor ya no se bloquea con requests a workers durante la inicialización de Agent, reduciendo request timeouts en Windows',
+    new_0_5_35_7: 'Chat Markdown ahora soporta vista previa inline de contenido de texto, y los iconos de descarga bajan archivos directamente sin abrir el drawer',
+    new_0_5_35_8: 'Mejora el drawer de contenido con cierre en móvil, ancho completo en móvil, 800px en escritorio y fondos consistentes para texto/Markdown',
+    new_0_6_0_1: 'La gestión por cuenta y por Profile protege de forma coherente sesiones, modelos, uso, Kanban, jobs, subidas, medios y APIs Hermes relacionadas',
+    new_0_6_0_2: 'Los Skills de medios integrados usan el token de servidor generado solo para endpoints de medios y resuelven credenciales fun-codex/xAI desde el Profile solicitado',
+    new_0_6_0_3: 'El chat individual y el grupal inyectan el Hermes Profile actual en las instrucciones del run para que los Skills envíen X-Hermes-Profile',
+    new_0_6_0_4: 'El progreso de subagents de delegate_task se muestra en la UI del chat con estados de inicio, herramienta, progreso y finalización',
+    new_0_6_0_5: 'Al detener o abortar un run se limpian eventos temporales para que el estado abort anterior no pase al siguiente chat',
+    new_0_6_0_6: 'Actualiza documentación y sitio web para gestión de cuentas, credenciales predeterminadas, gestión cuenta/Profile, subidas/descargas y Skills de medios',
+    new_0_6_0_7: 'Añade comandos CLI de mantenimiento para limpiar bloqueos de IP de login y restablecer el login predeterminado admin / 123456',
+    new_0_6_0_8: 'La versión 0.6.0 marca el límite entre la Web UI de usuario único y multiusuario. Si el modo multiusuario causa problemas, abre un issue y vuelve a la versión 0.5.35 de usuario único si es necesario',
+    new_0_6_1_1: 'Las listas de sesiones muestran por defecto todos los perfiles disponibles para la cuenta; solo se filtran por perfil cuando se selecciona explícitamente, y CLI start/stop/status ya no imprimen la advertencia experimental de node:sqlite',
+    new_0_6_1_2: 'Las respuestas de Clarify y confirmación ahora viajan por el socket de chat autenticado hasta Hermes bridge, con pruebas de la ruta de respuesta',
+    new_0_6_1_3: 'Las entradas de navegación y filas de sesiones de chat usan enlaces nativos para abrir en nueva pestaña, copiar enlaces y conservar grupos laterales colapsados',
+    new_0_6_1_4: 'Los enlaces de sesión ya no filtran la lista normal por el Profile de la ruta, y las etiquetas de abrir en nueva pestaña están localizadas',
+    new_0_6_1_5: 'Skills lee skills.external_dirs desde la configuración del Profile activo, marca skills externas, mantiene prioridad local y resuelve archivos externos',
+    new_0_6_1_6: 'El bloqueo de IP de inicio de sesión permite 10 intentos fallidos y la pantalla bloqueada muestra comandos de recuperación para limpiar bloqueos y restablecer el login predeterminado',
+    new_0_6_1_7: 'Las desconexiones de chat en móvil o segundo plano se tratan como transitorias y la reconexión reanuda el estado del run desde el servidor',
+    new_0_6_1_8: 'El flush de marcadores de herramientas en Bridge ahora persiste prefijos parciales en los límites de herramienta y de run',
+    new_0_6_1_9: 'Las acciones de History sensibles a Profile eliminan sesiones con objetivos calificados por Profile y refrescan History al cambiar el Profile global',
+    new_0_6_1_10: 'Se eliminó el bypass heredado AUTH_DISABLED para el modelo multiusuario, mientras AUTH_TOKEN sigue soportado',
+  },
+
+  // Archivos
+  files: {
+    title: 'Archivos',
+    tree: 'Arbol de directorios',
+    list: 'Lista de archivos',
+    breadcrumbRoot: 'Inicio',
+    newFile: 'Nuevo archivo',
+    newFolder: 'Nueva carpeta',
+    upload: 'Subir',
+    refresh: 'Actualizar',
+    open: 'Abrir',
+    edit: 'Editar',
+    preview: 'Vista previa',
+    download: 'Descargar',
+    copyPath: 'Copiar ruta',
+    rename: 'Renombrar',
+    delete: 'Eliminar',
+    name: 'Nombre',
+    size: 'Tamano',
+    modified: 'Modificado',
+    actions: 'Acciones',
+    emptyDir: 'Directorio vacio',
+    loading: 'Cargando...',
+    confirmDelete: '?Seguro que quiere eliminar "{name}"?',
+    confirmDeleteDir: '?Seguro que quiere eliminar el directorio "{name}" y todo su contenido?',
+    deleteFailed: 'Error al eliminar',
+    deleted: 'Eliminado',
+    renameTo: 'Renombrar a',
+    newFileName: 'Nombre del archivo',
+    newFolderName: 'Nombre de la carpeta',
+    created: 'Creado',
+    createFailed: 'Error al crear',
+    renamed: 'Renombrado',
+    renameFailed: 'Error al renombrar',
+    uploadSuccess: '{count} archivo(s) subido(s)',
+    uploadFailed: 'Error al subir',
+    saveFailed: 'Error al guardar',
+    saved: 'Guardado',
+    unsavedChanges: 'Tiene cambios sin guardar. ?Descartar?',
+    pathCopied: 'Ruta copiada',
+    fileTooLarge: 'Archivo demasiado grande (max 10MB)',
+    permissionDenied: 'No se puede modificar un archivo protegido',
+    notFound: 'Archivo o directorio no encontrado',
+    backendError: 'Error en la operacion de archivo',
+    dragDropHint: 'Arrastra archivos aqui para subir',
+    closeEditor: 'Cerrar editor',
+    closePreview: 'Cerrar',
+    saveFile: 'Guardar',
+    fileTree: 'Árbol de archivos',
+  },
+
+  // Chat grupal
+  groupChat: {
+    title: 'Chat grupal',
+    createRoom: 'Crear sala',
+    joinByCode: 'Unirse con codigo',
+    roomName: 'Nombre de la sala',
+    roomNamePlaceholder: 'Ingrese el nombre de la sala',
+    inviteCode: 'Codigo de invitacion',
+    autoGenerate: 'Generar automaticamente',
+    noRooms: 'Aun no hay salas',
+    selectOrCreate: 'Seleccione o cree una sala para comenzar a chatear',
+    agents: 'Agentes',
+    addAgent: 'Agregar agente',
+    selectProfile: 'Seleccione un perfil',
+    agentAdded: 'Agente agregado',
+    agentAlreadyInRoom: 'El agente ya esta en esta sala',
+    agentAddFailedCount: 'No se agregaron {count} agente(s): {details}',
+    noAgents: 'No hay agentes en esta sala',
+    members: 'Miembros',
+    roomCreated: 'Sala creada',
+    roomDeleted: 'Sala eliminada',
+    roomCloned: 'Sala clonada',
+    cloneRoom: 'Clonar sala',
+    copyRoomLink: 'Copiar enlace de sala',
+    deleteRoomConfirm: '¿Eliminar esta sala?',
+    clearContext: 'Limpiar contexto',
+    clearContextConfirm: '¿Limpiar el contexto de esta sala? Se eliminarán mensajes e instantáneas de compresión, pero se conservan agentes y miembros.',
+    contextCleared: 'Contexto limpiado',
+    you: 'Tú',
+    joined: 'Se unio a la sala',
+    joinFailed: 'Error al unirse a la sala',
+    inputPlaceholder: 'Escriba un mensaje... (Enter para enviar)',
+    enterCode: 'Ingrese el codigo de invitacion',
+    yourName: 'Tu nombre',
+    yourNamePlaceholder: 'Ingresa tu nombre para mostrar',
+    yourDescription: 'Descripcion (opcional)',
+    yourDescriptionPlaceholder: 'Cuentales a los demas quien eres...',
+    agentName: 'Nombre del agente',
+    agentNamePlaceholder: 'Nombre personalizado (vacío = nombre del perfil)',
+    agentDesc: 'Descripción del agente',
+    agentDescPlaceholder: 'Describe lo que hace este agente...',
+    agentReplying: 'está respondiendo...',
+    agentCompressing: 'está comprimiendo contexto...',
+    compressionSettings: 'Configuración de compresión',
+    triggerTokens: 'Tokens de activación',
+    triggerTokensDesc: 'Umbral de tokens para activar la compresión',
+    maxHistoryTokens: 'Tokens máximos de historial',
+    maxHistoryTokensDesc: 'Máximo de tokens para el contexto comprimido',
+    tailMessageCount: 'Mensajes recientes',
+    tailMessageCountDesc: 'Número de mensajes recientes a conservar sin comprimir',
+    compressionConfig: 'Config. de compresión',
+    compressNow: 'Comprimir ahora',
+    compressingInProgress: 'Compresión en progreso',
+    compressionSaved: 'Configuración guardada',
+  },
+
+  // Descarga
+  download: {
+    downloading: 'Descargando...',
+    downloadFailed: 'Error en la descarga',
+    fileNotFound: 'Archivo no encontrado o eliminado',
+    fileTooLarge: 'Archivo demasiado grande (excede el limite)',
+    backendError: 'Error al leer el archivo, el entorno remoto puede no estar disponible',
+    backendTimeout: 'Tiempo de lectura del archivo agotado',
+    unsupportedBackend: 'El backend del terminal actual no admite la descarga de archivos',
+    invalidPath: 'Ruta de archivo invalida',
+    contentDisplay: 'Contenido',
+    download: 'Descargar',
+    downloadFile: 'Descargar archivo',
+  },
+  gateways: {
+    title: 'Puertas de enlace',
+    running: 'En ejecución',
+    stopped: 'Detenido',
+    started: 'Iniciado',
+    startFailed: 'No se pudo iniciar el gateway',
+    stopFailed: 'No se pudo detener el gateway',
+  },
+  kanban: {
+    title: 'Tablero Kanban',
+    createTask: 'Nueva tarea',
+    noTasks: 'Sin tareas',
+    allStatuses: 'Todos los estados',
+    allAssignees: 'Todos los responsables',
+    columns: {
+      triage: 'Clasificación',
+      todo: 'Pendiente',
+      ready: 'Listo',
+      running: 'En curso',
+      blocked: 'Bloqueado',
+      done: 'Completado',
+      archived: 'Archivado',
+    },
+    card: {
+      assigneeTooltip: 'Responsable',
+      priority: {
+        low: 'Baja',
+        medium: 'Media',
+        high: 'Alta',
+      },
+      timeAgo: {
+        justNow: 'ahora mismo',
+        minutes: 'hace {count} min',
+        hours: 'hace {count} h',
+        days: 'hace {count} d',
+      },
+    },
+    board: {
+      create: 'Nuevo tablero',
+      archive: 'Archivar tablero',
+      archiveConfirm: '¿Archivar el tablero actual?',
+      archived: 'Tablero archivado',
+      created: 'Tablero creado',
+      slugPlaceholder: 'Identificador del tablero, p. ej. project-a',
+      namePlaceholder: 'Nombre visible (opcional)',
+      slugRequired: 'El identificador del tablero es obligatorio',
+    },
+    form: {
+      title: 'Título',
+      titlePlaceholder: 'Título de la tarea',
+      titleRequired: 'El título es obligatorio',
+      body: 'Descripción',
+      bodyPlaceholder: 'Descripción de la tarea (opcional)',
+      assignee: 'Responsable',
+      selectAssignee: 'Seleccionar responsable...',
+      priority: 'Prioridad',
+      selectPriority: 'Seleccionar prioridad...',
+    },
+    detail: {
+      status: 'Estado',
+      priority: 'Prioridad',
+      assignee: 'Responsable',
+      tenant: 'Inquilino',
+      createdAt: 'Creada',
+      startedAt: 'Iniciada',
+      completedAt: 'Completada',
+      comments: 'Comentarios',
+      events: 'Eventos',
+      runs: 'Ejecuciones',
+      artifacts: 'Archivos generados',
+      result: 'Resultado',
+      highlights: 'Información clave',
+      sources: 'Fuentes de datos',
+      sessions: 'Sesiones relacionadas',
+      sessionMessages: 'Mensajes de sesión',
+      noSessions: 'No se encontraron sesiones relacionadas.',
+    },
+    action: {
+      title: 'Acciones',
+      assign: 'Asignar',
+      assignTo: 'Asignar a...',
+      block: 'Bloquear',
+      blockReason: 'Motivo del bloqueo',
+      unblock: 'Desbloquear',
+      complete: 'Completar',
+      completeSummary: 'Resumen de finalización (opcional)',
+    },
+    message: {
+      loadFailed: 'No se pudo cargar la tarea',
+      taskCreated: 'Tarea creada',
+      taskAssigned: 'Tarea asignada',
+      taskBlocked: 'Tarea bloqueada',
+      taskUnblocked: 'Tarea desbloqueada',
+      taskCompleted: 'Tarea completada',
+    },
+    stats: {
+      total: 'Total',
+      tasks: 'Tareas',
+    },
+  },
+}
diff --git a/packages/client/src/i18n/locales/fr.ts b/packages/client/src/i18n/locales/fr.ts
new file mode 100644
index 0000000..5a52201
--- /dev/null
+++ b/packages/client/src/i18n/locales/fr.ts
@@ -0,0 +1,1549 @@
+export default {
+  // Login
+  login: {
+    title: 'Hermes Web UI',
+    description: 'Entrez votre nom d\'utilisateur et votre mot de passe pour continuer.',
+    placeholder: 'Jeton d\'acces',
+    submit: 'Connexion',
+    tokenRequired: 'Veuillez entrer votre jeton d\'acces',
+    invalidToken: 'Jeton invalide',
+    connectionFailed: 'Impossible de se connecter au serveur',
+    passwordLogin: 'Mot de passe',
+    tokenLogin: 'Jeton',
+    usernamePlaceholder: 'Nom d\'utilisateur',
+    passwordPlaceholder: 'Mot de passe',
+    defaultCredentialsHint: 'Nom d utilisateur par defaut : admin. Mot de passe par defaut : 123456.',
+    credentialsRequired: 'Veuillez entrer le nom d\'utilisateur et le mot de passe',
+    invalidCredentials: 'Nom d\'utilisateur ou mot de passe incorrect',
+    tooManyAttempts: 'Trop de tentatives echouees, veuillez reessayer plus tard',
+    lockResetHint: 'Si c est votre serveur, supprimez le verrouillage de connexion avec :',
+    defaultLoginResetHint: 'Pour reinitialiser le mot de passe admin par defaut, executez :',
+    sessionExpired: 'La session a expire. Veuillez vous reconnecter.',
+    accessDenied: 'Vous n\'avez pas l\'autorisation d\'acceder a cette ressource.',
+    passwordMismatch: 'Les mots de passe ne correspondent pas',
+    passwordTooShort: 'Le mot de passe doit contenir au moins 6 caracteres',
+    setupSuccess: 'Login par mot de passe configure avec succes',
+    passwordChanged: 'Mot de passe change avec succes',
+    passwordRemoved: 'Login par mot de passe supprime',
+    setupPassword: 'Configurer le login par mot de passe',
+    changePassword: 'Changer le mot de passe',
+    changeUsername: 'Changer le nom d\'utilisateur',
+    removePasswordLogin: 'Supprimer',
+    username: 'Nom d\'utilisateur',
+    currentPassword: 'Mot de passe actuel',
+    newPassword: 'Nouveau mot de passe',
+    confirmPassword: 'Confirmer le mot de passe',
+    newUsername: 'Nouveau nom d\'utilisateur',
+    usernameChanged: 'Nom d\'utilisateur change avec succes',
+    usernameTooShort: 'Le nom d\'utilisateur doit contenir au moins 2 caracteres',
+    setupDescription: 'Gerez le nom d\'utilisateur et le mot de passe utilises pour vous connecter.',
+    removeConfirm: 'Le login par mot de passe est requis pour les comptes utilisateur.',
+    passwordLoginNotConfigured: 'Login par mot de passe non configure',
+    passwordLoginConfigured: 'Compte actuel : {username}',
+    defaultCredentialTitle: 'Modifiez le compte et le mot de passe par defaut',
+    defaultCredentialMessage: 'Le compte connecte utilise encore le nom d utilisateur ou le mot de passe par defaut. Pour eviter tout acces non autorise, modifiez rapidement le nom d utilisateur et le mot de passe du compte actuel.',
+    defaultCredentialAction: 'Modifier maintenant',
+    defaultCredentialLater: 'Me le rappeler plus tard',
+  },
+
+  users: {
+    title: 'Gestion des comptes',
+    description: 'Creez des utilisateurs, attribuez des roles et controlez les profils accessibles aux administrateurs standard.',
+    create: 'Creer un utilisateur',
+    edit: 'Modifier l utilisateur',
+    username: 'Nom d utilisateur',
+    role: 'Role',
+    statusLabel: 'Statut',
+    profiles: 'Profils accessibles',
+    profilesPlaceholder: 'Selectionner les profils accessibles',
+    allProfiles: 'Tous les profils',
+    noProfiles: 'Aucun profil assigne',
+    lastLogin: 'Derniere connexion',
+    newPasswordOptional: 'Nouveau mot de passe (laisser vide pour conserver)',
+    loadFailed: 'Echec du chargement des utilisateurs',
+    deleteConfirm: 'Supprimer cet utilisateur ?',
+    enable: 'Activer',
+    disable: 'Desactiver',
+    roles: {
+      superAdmin: 'Super admin',
+      admin: 'Admin',
+    },
+    status: {
+      active: 'Actif',
+      disabled: 'Desactive',
+    },
+  },
+
+  // Common
+  common: {
+    loading: 'Chargement...',
+    cancel: 'Annuler',
+    retry: 'Réessayer',
+    delete: 'Supprimer',
+    edit: 'Modifier',
+    save: 'Enregistrer',
+    saved: 'Enregistre',
+    update: 'Mettre a jour',
+    create: 'Creer',
+    saveFailed: 'Echec de l\'enregistrement',
+    deleteFailed: 'Echec de la suppression',
+    ok: 'OK',
+    copied: 'Copie',
+    copy: 'Copier',
+    noData: 'Aucune donnee',
+    fetch: 'Recuperer',
+    add: 'Ajouter',
+    enable: 'Activer',
+    disable: 'Desactiver',
+    configured: 'Configure',
+    notConfigured: 'Non configure',
+    confirm: 'Confirmer',
+    expand: 'Developper',
+    collapse: 'Reduire',
+    stop: 'Arrêter',
+    start: 'Démarrer',
+    expired: 'Expiré',
+  },
+
+  // Gestion de MCP
+  mcp: {
+    title: 'Serveurs MCP',
+    loadFailed: 'Echec du chargement des serveurs MCP',
+    reloadAll: 'Tout recharger',
+    refresh: 'Rafraichir',
+    total: 'Total',
+    connected: 'Connecte',
+    disconnected: 'Deconnecte',
+    tools: 'outils',
+    tool: 'Outils',
+    searchPlaceholder: 'Rechercher des serveurs...',
+    addServer: '+ Ajouter un serveur',
+    zeroTools: '0 outils',
+    loading: 'Chargement...',
+    empty: 'Aucun serveur MCP configure',
+    reloaded: '{server} recharge',
+    reloadedAll: 'Tous les serveurs MCP recharges',
+    reloadFailed: 'Echec du rechargement',
+    serverAdded: 'Serveur "{name}" ajoute',
+    addFailed: 'Echec de l ajout du serveur',
+    serverUpdated: 'Serveur "{name}" mis a jour',
+    updateFailed: 'Echec de la mise a jour du serveur',
+    saveFailed: 'Echec de la sauvegarde',
+    serverRemoved: '"{name}" supprime',
+    enabled: "Activé : {name}",
+    disabled: "Désactivé : {name}",
+    connectedStatus: 'Connecté',
+    disconnectedStatus: 'Déconnecté',
+    disabledStatus: 'Désactivé',
+    toolList: 'Liste des outils',
+    count: ' ',
+    more: 'de plus',
+    removeFailed: 'Echec de la suppression du serveur',
+    testOk: 'Test OK — {count} outils disponibles',
+    testEmpty: 'Le test n a retourne aucun outil',
+    testFailed: 'Echec du test',
+    edit: 'Modifier',
+    test: 'Tester',
+    reload: 'Recharger',
+    remove: 'Supprimer',
+    confirmRemove: 'Supprimer le serveur "{name}" ?',
+    cancel: 'Annuler',
+    add: 'Ajouter',
+    save: 'Enregistrer',
+    addTitle: 'Ajouter un serveur MCP',
+    editTitle: 'Modifier le serveur MCP',
+    invalidJson: 'JSON invalide',
+    invalidYaml: 'Format YAML invalide',
+    invalidConfig: 'Configuration invalide',
+    invalidServerConfig: 'Configuration du serveur invalide',
+    missingCommandOrUrl: 'Doit contenir command ou url',
+    manageTools: 'Gérer les outils',
+    toolsVisibilityTitle: 'Gestion de la visibilité des outils',
+    fetchTools: 'Récupérer la liste des outils',
+    fetchToolsFailed: 'Échec de la récupération de la liste des outils',
+    toolsMode: 'Mode :',
+    toolsModeAll: 'Tous',
+    toolsModeInclude: 'Inclure',
+    toolsModeExclude: 'Exclure',
+    toolsListHeader: 'Nom de l\'outil',
+    toolsEmpty: 'Aucun outil disponible, veuillez d\'abord récupérer la liste des outils',
+    toolsSummaryAll: '{count} outils au total, tous activés',
+    toolsSummaryInclude: '{total} outils au total, {count} sélectionnés',
+    toolsSummaryExclude: '{total} outils au total, {count} exclus',
+    toolsVisibilitySaved: 'Visibilité des outils enregistrée',
+    toolsSelectAll: 'Tout sélectionner',
+    toolsClearSelection: 'Effacer la sélection',
+    toolsExcludeAll: 'Tout exclure',
+    toolsClearExcluded: 'Effacer les exclusions',
+  },
+
+  // Sidebar
+  sidebar: {
+    chat: 'Discussion',
+    search: 'Rechercher',
+    apiRelay: 'API Relay',
+    history: 'Historique',
+    jobs: 'Taches planifiees',
+    models: 'Modeles',
+    profiles: 'Profils',
+    plugins: 'Plugins',
+    mcp: 'MCP',
+    skills: 'Competences',
+    memory: 'Memoire',
+    logs: 'Journaux',
+    usage: 'Utilisation',
+    performance: 'Performance',
+    skillsUsage: 'Utilisation des compétences',
+    channels: 'Canaux',
+    terminal: 'Terminal',
+    files: 'Fichiers',
+    groupChat: 'Chat de groupe',
+    groupConversation: 'Conversation',
+    groupConversationShort: 'Conv.',
+    groupAgent: 'Agent',
+    groupAgentShort: 'Agent',
+    groupSystem: 'Systeme',
+    groupSystemShort: 'Sys',
+    groupMonitoring: 'Suivi',
+    groupMonitoringShort: 'Suivi',
+    settings: 'Parametres',
+    connected: 'Connecte',
+    disconnected: 'Deconnecte',
+    updateTip: 'Executez "hermes-web-ui update" dans le terminal pour mettre a jour',
+    updateVersion: 'Mettre a jour vers v{version}',
+    reloadClientVersion: 'Recharger pour v{version}',
+    updating: 'Mise a jour...',
+    updateSuccess: 'Mise a jour terminee. Veuillez actualiser la page sous peu. Si le service ne demarre pas apres un moment, demarrez-le manuellement.',
+    updateFailed: 'Echec de la mise a jour',
+    logout: 'Deconnexion',
+    nodeVersionWarning: 'Node.js v{version} detecte. Veuillez passer a la version 23 ou ulterieure.',
+    changelog: 'Journal des modifications',
+    noChangelog: 'Aucun journal disponible',
+    kanban: 'Kanban',
+    groupTools: 'Outils',
+    groupToolsShort: "Outils",
+    codingAgents: "Agents de code",
+    versionPreview: "Aperçu de version",
+    groupPlatform: 'Plateforme',
+    gateways: 'Passerelles',
+    expand: 'Déplier le menu',
+    collapse: 'Replier le menu',
+  },
+
+  performance: {
+    title: 'Performance',
+    subtitle: 'Surveiller les ressources système, Bridge Broker, Workers et sessions actives',
+    refresh: 'Actualiser',
+    autoRefreshOn: 'Actualisation auto',
+    autoRefreshOff: 'Actualisation manuelle',
+    loadFailed: 'Échec du chargement des métriques de performance',
+    systemCpu: 'CPU système',
+    systemMemory: 'Mémoire système',
+    activeSessions: 'Sessions actives',
+    runningSessions: 'En cours {count}',
+    workers: 'Workers',
+    totalWorkerMemory: 'Mémoire totale Worker',
+    processes: 'Processus',
+    uptime: 'Disponibilité',
+    running: 'En cours',
+    stopped: 'Arrêté',
+    workerMemory: 'Mémoire Worker',
+    lastUpdated: 'Mis à jour',
+    profile: 'Profile',
+    memory: 'Mémoire',
+    sessions: 'Sessions',
+    runningActiveSessions: 'En cours / Actives',
+    lastUsed: 'Dernière utilisation',
+    status: 'Statut',
+    noWorkers: 'Aucun Worker',
+    sessionsByProfile: 'Sessions par Profile',
+    noActiveSessions: 'Aucune session active',
+  },
+
+  // Drawer
+  drawer: {
+    terminal: 'Terminal',
+    files: 'Espace de travail',
+  },
+
+  // Chat
+  chat: {
+    contextRemaining: 'restant',
+    contextClickToEdit: 'Cliquez pour modifier la longueur du contexte',
+    contextEditTitle: 'Modifier la longueur du contexte',
+    contextEditDesc: 'Définir la limite de longueur du contexte pour le modèle actuel (en tokens)',
+    contextEditPlaceholder: 'Entrez la longueur du contexte',
+    contextEditHint: 'Valeurs courantes : 256k (Hermes par défaut), 128k (GPT-4), 32k (GPT-3.5)',
+    contextEditSave: 'Enregistrer',
+    contextEditCancel: 'Annuler',
+    contextEditInvalid: 'Veuillez entrer une longueur de contexte valide',
+    contextEditSuccess: 'Longueur du contexte mise à jour',
+    contextEditFailed: 'Échec de la mise à jour',
+    emptyState: 'Demarrer une conversation avec Hermes Agent',
+    outlineTitle: 'Plan de la conversation',
+    outlineEmpty: 'Aucun contenu de conversation',
+    outlineUserQuestion: 'Question utilisateur',
+    inputPlaceholder: 'Tapez un message... (Entree pour envoyer, Shift+Entree pour un saut de ligne)',
+    slashCommandArgs: {
+      message: '<message>',
+      title: '<titre>',
+      text: '<texte>',
+    },
+    slashCommands: {
+      usage: 'Calculer l’utilisation de la session actuelle',
+      status: 'Afficher l’état de la session et la file',
+      abort: 'Arrêter l’exécution Bridge active',
+      queue: 'Mettre un message en file après l’exécution active',
+      plan: 'Rédiger un plan d’implémentation Markdown',
+      goal: 'Set a standing goal that continues across turns',
+      goalStatus: 'Show the active goal status',
+      goalPause: 'Pause the active goal loop',
+      goalResume: 'Resume the paused goal loop',
+      goalDone: 'Complete and clear the active goal',
+      goalClear: 'Clear the active goal',
+      subgoal: 'Add a criterion to the active goal',
+      clear: 'Effacer l’affichage actuel',
+      clearHistory: 'Supprimer l’historique des messages enregistrés de cette session',
+      title: 'Renommer cette session',
+      compress: 'Lancer la compression du contexte au repos',
+      steer: 'Envoyer un guidage à l’exécution Bridge active',
+      destroy: 'Libérer l’agent Bridge de cette session',
+      reloadMcp: 'Recharger les serveurs MCP',
+    },
+    attachFiles: 'Joindre des fichiers',
+    showToolCalls: 'Afficher les appels d’outils',
+    hideToolCalls: 'Masquer les appels d’outils',
+    messageQueue: 'File de messages',
+    removeQueuedMessage: 'Retirer le message de la file',
+    stop: 'Arreter',
+    send: 'Envoyer',
+    contextUsed: 'Contexte utilise :',
+    sessions: 'Sessions',
+    webUiSessions: 'Sessions',
+    allProfiles: 'Tous les profils',
+    profileMissingModelsTip: 'Le profil "{profile}" n’a aucun fournisseur ni modèle disponible pour cette session',
+    sessionScopeHint: 'Le chat affiche uniquement les sessions Web UI/API Server. Les sessions CLI, Telegram, Discord, Cron et autres canaux sont en lecture seule dans Historique.',
+    openHistory: 'Ouvrir l’historique',
+    hermesHistory: 'Historique Hermes',
+    historyScopeHint: 'Sessions d’historique Hermes du profil actuel en lecture seule, regroupées par source.',
+    noSessions: 'Aucune session',
+    newChat: 'Nouvelle discussion',
+    approvalKicker: 'Permission terminal',
+    approvalTitle: 'Vérifier la commande avant exécution',
+    approvalAllowOnce: 'Autoriser une fois',
+    approvalAllowSession: 'Autoriser la session',
+    approvalAlways: 'Toujours',
+    approvalDeny: 'Refuser',
+    clarifyKicker: 'L\'agent a besoin d\'éclaircissements',
+    clarifyTitle: 'L\'agent a une question pour vous',
+    clarifyPlaceholder: 'Tapez votre réponse...',
+    clarifySubmit: 'Répondre',
+    clarifyDismiss: 'Ignorer',
+    deleteSession: 'Supprimer cette session ?',
+    toggleBatchMode: 'Sélection par lot',
+    selectAll: 'Tout sélectionner',
+    confirmBatchDelete: 'Supprimer {count} sessions sélectionnées?',
+    batchDeleteSuccess: '{count} sessions supprimées',
+    batchDeletePartial: '{failed} sessions ont échoué',
+    batchDeleteFailed: 'Échec de la suppression par lot',
+    importToWebUi: 'Importer dans Web UI',
+    importSessionSuccess: 'Session importée dans Web UI',
+    importSessionAlreadyExists: 'La session existe déjà dans Web UI',
+    importSessionFailed: 'Échec de l’import de la session',
+    sessionDeleted: 'Session supprimee',
+    rename: 'Renommer',
+    pin: 'Épingler',
+    unpin: 'Désépingler',
+    pinned: 'Épinglés',
+    chatMode: 'Mode chat',
+    liveMode: 'Direct',
+    liveSessions: 'Sessions en direct',
+    recentBadge: 'Récent',
+    linkedSessions: '{count} sessions liées',
+    noVisibleMessages: 'Aucun message visible par l’humain.',
+    monitorRoleUser: 'Utilisateur',
+    monitorRoleAssistant: 'Assistant',
+    copySessionLink: 'Copier le lien de session',
+    openSessionInNewTab: 'Ouvrir dans un nouvel onglet',
+    sessionLinkCopied: 'Session link copied',
+    copySessionId: "Copier l'ID de session",
+    export: 'Exporter',
+    exportFull: 'Export complet (JSON)',
+    exportCompressed: 'Export compressé (TXT)',
+    exportCompressing: 'Compression du contexte, veuillez patienter...',
+    exportSuccess: 'Session exportée',
+    exportFailed: "Échec de l'export",
+    renamed: 'Renomme',
+    renameFailed: 'Echec du renommage',
+    renameSession: 'Renommer la session',
+    sessionNotFound: 'Session non trouvee',
+    enterNewTitle: 'Entrez un nouveau titre',
+    other: 'Autre',
+    runFailed: 'Echec de l\'execution',
+    error: 'Erreur',
+    tool: 'Outil',
+    arguments: 'Arguments',
+    result: 'Resultat',
+    truncated: '... (tronque)',
+    executionDuration: 'Temps d’exécution',    thinkingLabel: 'Raisonnement',
+    thinkingInProgress: 'En réflexion…',
+    thinkingShow: 'Afficher le raisonnement',
+    thinkingHide: 'Masquer le raisonnement',
+    thinkingDuration: 'Observé {duration}',
+    thinkingChars: '{count} caractères',
+    copyBubble: 'Copier le message',
+    copiedBubble: 'Message copié',
+    copyFailed: 'Échec de la copie',
+    playSpeech: 'Lire à voix haute',
+    pauseSpeech: 'Pause',
+    resumeSpeech: 'Reprendre',
+    stopSpeech: 'Arrêter',
+    speechNotSupported: 'Reproduction vocale non prise en charge dans ce navigateur',
+    searchEnterHint: 'Entrée pour ouvrir · Échap pour fermer',
+    searchHint: 'Cmd/Ctrl+K',
+    searchScope: 'Portée de recherche : base locale des sessions Web UI uniquement ; les sessions d’historique Hermes en lecture seule ne sont pas incluses.',
+    searchFailed: 'Échec de la recherche de sessions',
+    searchNoSnippet: 'Aucun extrait disponible',
+    searchNoResults: 'Aucune session correspondante',
+    searchRecent: 'Session récente',
+    searchEmpty: 'Sessions récentes',
+    searchPlaceholder: 'Rechercher des sessions...',
+    searchSubtitle: 'Rechercher par titre ou contenu des messages',
+    searchTitle: 'Rechercher des sessions',
+    stopGateway: 'Arrêter le gateway',
+    start: 'Démarrer',
+    workspaceSetFailed: 'Échec de la définition du workspace',
+    workspaceSet: 'Workspace défini',
+    workspacePlaceholder: 'Saisissez le chemin du projet, ex. /home/user/project',
+    workspace: 'Espace de travail',
+    setWorkspaceTitle: 'Définir le workspace de session',
+    setWorkspace: 'Définir le workspace',
+    modelSetFailed: 'Échec de la définition du modèle',
+    modelSet: 'Modèle défini',
+    setModelTitle: 'Définir le modèle de session',
+    setModel: 'Définir le modèle',
+    newCliChat: 'Nouveau CLI',
+    cliEmptyState: 'Démarrer un chat CLI',
+    autoPlaySpeech: 'Lire la voix automatiquement',
+  },
+
+  // Jobs
+  jobs: {
+    title: 'Taches planifiees',
+    createJob: 'Creer une tache',
+    editJob: 'Modifier la tache',
+    noJobs: 'Aucune tache planifiee. Creez-en une pour commencer.',
+    name: 'Nom',
+    namePlaceholder: 'Nom de la tache',
+    schedule: 'Planification (expression Cron)',
+    schedulePlaceholder: 'ex. 0 9 * * *',
+    quickPresets: 'Presets rapides',
+    selectPreset: 'Selectionner un preset...',
+    presetEveryMinute: 'Chaque minute',
+    presetEvery5Min: 'Toutes les 5 minutes',
+    presetEveryHour: 'Chaque heure',
+    presetEveryDay: 'Tous les jours a 00:00',
+    presetEveryDay9: 'Tous les jours a 09:00',
+    presetEveryMonday: 'Chaque lundi a 09:00',
+    presetEveryMonth: 'Le 1er de chaque mois a 09:00',
+    prompt: 'Invite',
+    promptPlaceholder: 'L\'invite a executer',
+    deliverTarget: 'Cible de livraison',
+    origin: 'Origine',
+    local: 'Local',
+    repeatCount: 'Nombre de repetitions (facultatif)',
+    modelPlaceholder: 'Modele par defaut',
+    repeatPlaceholder: 'Laisser vide pour infini',
+    jobCreated: 'Tache creee',
+    jobUpdated: 'Tache mise a jour',
+    nameRequired: 'Le nom est requis',
+    scheduleRequired: 'La planification est requise',
+    loadFailed: 'Echec du chargement de la tache',
+    jobPaused: 'Tache en pause',
+    jobResumed: 'Tache reprise',
+jobTriggered: 'Job declenche',
+    modelUpdated: 'Modele mis a jour',
+    jobDeleted: 'Tache supprimee',
+    status: {
+      running: 'En cours',
+      paused: 'En pause',
+      disabled: 'Desactivee',
+      scheduled: 'Planifiee',
+    },
+    info: {
+      model: 'Modele',
+      schedule: 'Planification',
+      lastRun: 'Derniere execution',
+      nextRun: 'Prochaine execution',
+      deliver: 'Livraison',
+      repeat: 'Repetition',
+    },
+    action: {
+      pause: 'Pause',
+      pauseJob: 'Mettre en pause',
+      resume: 'Reprendre',
+      resumeJob: 'Reprendre la tache',
+      runNow: 'Executer maintenant',
+      triggerImmediately: 'Déclencher immédiatement',
+    },
+    runHistory: {
+      title: 'Historique',
+      runs: 'exécutions',
+      noRuns: 'Aucun historique trouvé.',
+    },
+  },
+
+  // Skills
+  skills: {
+    title: 'Competences',
+    searchPlaceholder: 'Rechercher des competences...',
+    noMatch: 'Aucune competence ne correspond a votre recherche',
+    noSkills: 'Aucune competence trouvee',
+    backTo: 'Retour a',
+    attachedFiles: 'Fichiers joints',
+    loadFailed: 'Echec du chargement de la competence',
+    fileLoadFailed: 'Echec du chargement du fichier',
+    modified: "Modifi\u00e9 par l'utilisateur",
+    archived: 'Archivé',
+    pinned: 'Épinglé',
+    pin: 'Épingler la compétence',
+    unpin: 'Désépingler la compétence',
+    pinFailed: "Impossible de changer le statut d'épinglage",
+    toggleFailed: 'Echec de l\'activation/desactivation de la competence',
+    source: {
+      builtin: 'Intégré',
+      hub: 'Hub',
+      local: 'Local',
+      external: 'Externe',
+    },
+  },
+
+  // Plugins
+  plugins: {
+    title: 'Plugins',
+    refresh: 'Actualiser',
+    notice: 'Inventaire en lecture seule des manifests de plugins Hermes détectables. Les métadonnées de découverte sont lues sans charger le code des plugins. En v1, la gestion reste dans le CLI; les changements prennent effet dans les nouvelles sessions Hermes.',
+    loadFailed: 'Échec du chargement des plugins',
+    commandCopied: 'Commande copiée',
+    searchPlaceholder: 'Rechercher key, nom, description, chemin...',
+    source: 'Source',
+    kind: 'Type',
+    statusTitle: 'Statut',
+    configStatus: 'config : {status}',
+    notAvailable: 'n/a',
+    copyCommand: 'Copier la commande',
+    managedElsewhere: 'géré ailleurs',
+    noMatch: 'Aucun plugin ne correspond aux filtres actuels',
+    enabled: 'activé',
+    disabled: 'désactivé',
+    summary: {
+      total: 'Total',
+      active: 'Activé / auto',
+      inactive: 'Inactif',
+      disabled: 'Désactivé',
+      providerManaged: 'Géré par provider',
+    },
+    status: {
+      enabled: 'Activé',
+      'auto-active': 'Auto-actif',
+      inactive: 'Inactif',
+      disabled: 'Désactivé',
+      'provider-managed': 'Géré par provider',
+    },
+    statusLabel: {
+      enabled: 'Activé par configuration',
+      'auto-active': 'Auto-actif',
+      inactive: 'Inactif',
+      disabled: 'Désactivé',
+      'provider-managed': 'Géré par provider',
+    },
+    configStatuses: {
+      enabled: 'activé',
+      disabled: 'désactivé',
+      'not-enabled': 'non activé',
+      auto: 'auto',
+      'provider-managed': 'géré par provider',
+    },
+    table: {
+      plugin: 'Plugin',
+      status: 'Statut',
+      source: 'Source',
+      kind: 'Type',
+      capabilities: 'Capacités',
+      path: 'Chemin / entrypoint',
+      cli: 'CLI',
+    },
+    capabilities: {
+      tools: '{count} outils',
+      hooks: '{count} hooks',
+      env: '{count} env',
+    },
+    metadata: {
+      agentRoot: 'Racine de l’agent',
+      python: 'Python',
+      scanCwd: 'Analyser cwd',
+      projectPlugins: 'Plugins du projet',
+    },
+  },
+
+  // Memory
+  memory: {
+    title: 'Memoire',
+    refresh: 'Actualiser',
+    loadFailed: 'Echec du chargement de la memoire',
+    myNotes: 'Mes notes',
+    noNotes: 'Aucune note pour l\'instant.',
+    notesPlaceholder: 'Ecrivez vos notes...',
+    userProfile: 'Profil utilisateur',
+    noProfile: 'Aucun profil pour l\'instant.',
+    profilePlaceholder: 'Ecrivez votre profil...',
+    soul: 'Ame',
+    noSoul: 'Aucune configuration d\'ame pour l\'instant.',
+    soulPlaceholder: 'Ecrivez la configuration de l\'ame...',
+  },
+
+  // Models
+  models: {
+    title: 'Modeles',
+    addProvider: 'Ajouter un fournisseur',
+    providerType: 'Type de fournisseur',
+    preset: 'Préréglage',
+    custom: 'Personnalise',
+    selectProvider: 'Selectionner un fournisseur',
+    chooseProvider: 'Choisir un fournisseur...',
+    name: 'Nom',
+    autoGeneratedName: 'Genere automatiquement a partir de l\'URL de base',
+    baseUrl: 'URL de base',
+    region: 'Région',
+    regionIntl: 'International',
+    regionCn: 'Chine continentale',
+    baseUrlPlaceholder: 'ex. https://api.example.com/v1',
+    apiKey: 'Cle API',
+    apiKeyPlaceholder: 'sk-...',
+    defaultModel: 'Modele par defaut',
+    selectOrInput: 'Sélectionner ou saisir un modèle...',
+    selectModel: 'Selectionner un modele...',
+    providerAdded: 'Fournisseur ajoute',
+    providerDeleted: 'Fournisseur supprime',
+    deleteProvider: 'Supprimer le fournisseur',
+    deleteConfirm: 'Etes-vous sur de vouloir supprimer "{name}" ?',
+    codexLoginTitle: 'Connexion OpenAI Codex',
+    codexWaiting: 'Entrez ce code sur la page d\'autorisation pour vous connecter :',
+    codexCopyCode: 'Code copié',
+    codexOpenLink: 'Ouvrir la page d\'autorisation',
+    codexApproved: 'Connexion réussie',
+    codexExpired: 'L\'autorisation a expiré. Veuillez réessayer.',
+    nousLoginTitle: 'Connexion Nous Portal',
+    nousWaiting: 'Entrez ce code sur la page d\'autorisation:',
+    nousCopyCode: 'Code copié',
+    nousOpenLink: 'Ouvrir la page d\'autorisation',
+    nousApproved: 'Connexion réussie',
+    nousDenied: 'Autorisation refusée',
+    nousExpired: 'Autorisation expirée',
+    copilotLoginTitle: 'Connexion GitHub Copilot',
+    copilotWaiting: 'Ouvrez GitHub et saisissez le code ci-dessous pour autoriser. La fenêtre se fermera automatiquement après approbation.',
+    copilotCopyCode: 'Code copié',
+    copilotOpenLink: 'Ouvrir la page d\'autorisation GitHub',
+    copilotApproved: 'Connexion réussie !',
+    copilotDenied: 'Autorisation refusée.',
+    copilotExpired: 'Le lien d\'autorisation a expiré. Veuillez réessayer.',
+    copilotAddDetectedTitle: 'GitHub Copilot détecté',
+    copilotAddDetected: 'Un token OAuth GitHub Copilot a été détecté sur cette machine. Cliquez sur Ajouter pour activer Copilot dans Hermes.',
+    copilotAddSourceEnv: 'Source : ~/.hermes/.env (COPILOT_GITHUB_TOKEN)',
+    copilotAddSourceGhCli: 'Source : gh CLI (gh auth token)',
+    copilotAddSourceAppsJson: 'Source : extension Copilot de VS Code (apps.json)',
+    copilotDeleteHintEnv: 'Cela supprimera COPILOT_GITHUB_TOKEN dans ~/.hermes/.env. Les autres outils ne sont pas affectés.',
+    copilotDeleteHintGhCli: 'Copilot sera masqué dans Hermes. Votre connexion gh CLI n\'est pas affectée — `gh auth status` indiquera toujours que vous êtes connecté.',
+    copilotDeleteHintAppsJson: 'Copilot sera masqué dans Hermes. Votre extension Copilot de VS Code reste connectée.',
+    customBadge: 'PERSONNALISÉ',
+    previewBadge: 'APERÇU',
+    disabledBadge: 'INDISPONIBLE',
+    disabledTooltip: "Ce modèle n'est pas disponible pour votre compte.",
+    customModelPlaceholder: 'ID de modèle non listé',
+    customModelHint: 'Pour les modèles pris en charge par le fournisseur mais non renvoyés par l’API ; ce n’est pas un renommage affiché. Entrée pour charger.',
+    noProviders: 'Aucun fournisseur trouve. Ajoutez un fournisseur personnalise pour commencer.',
+    clearVisibleModels: 'Effacer la sélection',
+    currentDefault: 'Par défaut actuel',
+    defaultShort: 'Défaut',
+    builtIn: 'Integre',
+    customType: 'Personnalise',
+    provider: 'Fournisseur',
+    contextLength: 'Longueur du contexte',
+    contextLengthPlaceholder: 'ex. 256000 (facultatif)',
+    local: 'Local ({host})',
+    selectProviderRequired: 'Veuillez selectionner un fournisseur',
+    baseUrlRequired: 'L\'URL de base est requise',
+    apiKeyRequired: 'La cle API est requise',
+    modelRequired: 'Le modele par defaut est requis',
+    enterBaseUrl: 'Veuillez d\'abord entrer l\'URL de base',
+    unexpectedFormat: 'Format de reponse inattendu',
+    foundModels: '{count} modeles trouves',
+    fetchFailed: 'Echec de la recuperation des modeles',
+    xaiWaiting: 'Terminez l’autorisation sur la page xAI ouverte. La fenêtre se fermera automatiquement après approbation.',
+    xaiOpenLink: 'Ouvrir la page d’autorisation xAI',
+    xaiLoginTitle: 'Connexion OAuth xAI Grok',
+    xaiExpired: 'Le lien d’autorisation a expiré. Veuillez réessayer.',
+    xaiCopyLink: 'Copier le lien d’autorisation',
+    xaiApproved: 'Connexion réussie !',
+    visibilitySelectOne: 'Conserver au moins un modèle visible',
+    visibilitySaved: 'Modèles visibles enregistrés',
+    visibilitySaveFailed: 'Échec de l’enregistrement des modèles visibles',
+    visibilityHint: 'Affecte uniquement le sélecteur de modèles et la page Modèles de la Web UI. La configuration provider/model de Hermes CLI n’est pas modifiée ; les appels utilisent toujours l’ID de modèle d’origine.',
+    showAllModels: 'Afficher tous les modèles',
+    searchPlaceholder: 'Rechercher des modèles...',
+    removeCustomModel: 'Retirer ce modèle non listé',
+    more: 'de plus',
+    models: 'Liste des modèles',
+    manageVisibleModelsFor: 'Gérer les modèles visibles de {name}',
+    manageVisibleModels: 'Gérer les modèles visibles',
+    getApiKey: 'Obtenir une API Key',
+    count: 'modèles',
+    aliasUseOriginal: 'Restaurer l’ID d’origine',
+    aliasTitleFor: 'Nom affiché pour {model}',
+    aliasTitle: 'Nom affiché du modèle',
+    aliasSaveFailed: 'Échec de l’enregistrement du nom affiché',
+    aliasPlaceholder: 'Laisser vide pour utiliser l’ID de modèle d’origine',
+    aliasManageFor: 'Noms affichés pour {provider}',
+    aliasManage: 'Noms affichés',
+    aliasHint: 'Modifie uniquement le nom affiché dans la Web UI. Hermes reçoit toujours l’ID de modèle d’origine.',
+    aliasEdit: 'Renommer',
+    aliasCanonical: 'ID d’origine : {model}',
+  },
+
+  // Profiles
+  profiles: {
+    title: 'Profils',
+    create: 'Creer un profil',
+    import: 'Importer',
+    export: 'Exporter',
+    rename: 'Renommer',
+    delete: 'Supprimer',
+    switchTo: 'Changer Hermes Profile',
+    switchConfirm: 'Cette action execute `hermes profile use {name}` et change le active profile Hermes CLI. Continuer ?',
+    switchSuccess: 'Hermes active profile change vers "{name}"',
+    switchFailed: 'Echec du changement Hermes Profile. La passerelle peut necessiter un redemarrage manuel.',
+    createSuccess: 'Profil "{name}" cree',
+    createFailed: 'Echec de la creation du profil',
+    renameSuccess: 'Profil renomme',
+    renameFailed: 'Echec du renommage du profil',
+    deleteConfirm: 'Etes-vous sur de vouloir supprimer le profil "{name}" ?',
+    deleteSuccess: 'Profil supprime',
+    deleteFailed: 'Echec de la suppression du profil',
+    exportSuccess: 'Profil exporte',
+    exportFailed: 'Echec de l\'exportation du profil',
+    importSuccess: 'Profil importe',
+    importFailed: 'Echec de l\'importation du profil',
+    importSelectFile: 'Selectionner un fichier d\'archive',
+    importInvalidFile: 'Veuillez selectionner une archive valide (.tar.gz, .tgz, .gz, .zip)',
+    name: 'Nom du profil',
+    namePlaceholder: 'Lettres, chiffres et tirets uniquement',
+    nameValidation: 'Le nom du profil ne peut contenir que des lettres minuscules, des chiffres, des tirets bas et des tirets',
+    newName: 'Nouveau nom',
+    newNamePlaceholder: 'Entrez un nouveau nom',
+    cloneFromCurrent: 'Cloner depuis le profil actuel',
+    cloneCleanupNotice: 'Lors du clonage, les identifiants de plateformes exclusives (Weixin / Telegram / Slack, etc.) sont automatiquement ignorés pour éviter les conflits avec le profil source',
+    cloneStrippedCredentials: '{count} identifiant(s) exclusif(s) supprimé(s) : {list}',
+    cloneDisabledPlatforms: '{count} plateforme(s) désactivée(s) : {list}',
+    cloneStrippedConfigCredentials: '{count} identifiant(s) intégré(s) supprimé(s) de config.yaml : {list}',
+    archivePath: 'Chemin de l\'archive',
+    archivePathPlaceholder: 'Chemin serveur du fichier d\'archive',
+    importName: 'Nom du profil (facultatif)',
+    importNamePlaceholder: 'Laisser vide pour utiliser le nom de l\'archive',
+    active: 'Actif',
+    model: 'Modele',
+    gateway: 'Passerelle',
+    alias: 'Alias',
+    provider: 'Fournisseur',
+    path: 'Chemin',
+    skills: 'Competences',
+    hasEnv: 'A un .env',
+    hasSoulMd: 'A un soul.md',
+    noProfiles: 'Aucun profil trouve. Creez-en un pour commencer.',
+    avatar: {
+      title: 'Avatar personnalisé',
+      customize: 'Personnaliser l’avatar',
+      upload: 'Importer une image',
+      random: 'Générer au hasard',
+      reset: 'Restaurer par défaut',
+      hint: 'PNG, JPEG ou WebP, 1 Mo maximum',
+      invalidType: 'Veuillez choisir une image PNG, JPEG ou WebP',
+      tooLarge: 'L’image d’avatar ne doit pas dépasser 1 Mo',
+      saveSuccess: 'Avatar enregistré',
+      saveFailed: 'Échec de l’enregistrement de l’avatar',
+      resetSuccess: 'Avatar par défaut restauré',
+      resetFailed: 'Échec de la restauration de l’avatar par défaut',
+    },
+    runtime: {
+      activeProfile: 'Actuel : {name}',
+      bridgeWorker: 'État du Bridge',
+      gateway: 'Passerelle',
+      active: 'Actif',
+      activeTag: 'Actuel',
+      idle: 'Inactif',
+      checking: 'Vérification',
+      running: 'En cours',
+      stopped: 'Arrêté',
+      restartGateway: 'Redémarrer le gateway',
+      restartProfile: 'Redémarrer le profil',
+      switchProfile: 'Changer le profil frontend',
+      gatewayRestarted: 'Gateway redémarré : {name}',
+      gatewayRestartFailed: 'Échec du redémarrage du gateway',
+      profileRestarted: 'Profil redémarré : {name}',
+      profileRestartFailed: 'Échec du redémarrage du profil',
+    },
+  },
+
+  // Logs
+  logs: {
+    title: 'Journaux',
+    all: 'Tout',
+    searchPlaceholder: 'Rechercher...',
+    refresh: 'Actualiser',
+    noEntries: 'Aucune entree de journal',
+  },
+
+  // Settings
+  settings: {
+    title: 'Parametres',
+    saved: 'Enregistre',
+    saveFailed: 'Echec de l\'enregistrement',
+    tabs: {
+      display: 'Affichage',
+      account: 'Compte actuel',
+      users: 'Gestion des comptes',
+      agent: 'Agent',
+      memory: 'Memoire',
+      compression: 'Compression',
+      session: 'Session',
+      privacy: 'Confidentialite',
+      apiServer: 'Serveur API',
+      models: 'Modèles',
+      voice: 'Voix',
+    },
+    display: {
+      streaming: 'Reponses en continu',
+      streamingHint: 'Afficher les reponses de l\'IA en temps reel',
+      compact: 'Mode compact',
+      compactHint: 'Reduire l\'espacement des messages',
+      showReasoning: 'Afficher le raisonnement',
+      showReasoningHint: 'Afficher le processus de reflexion du modele',
+      showCost: 'Afficher le cout',
+      showCostHint: 'Afficher l\'utilisation des jetons dans les reponses',
+      inlineDiffs: 'Diffs en ligne',
+      inlineDiffsHint: 'Afficher les changements de code en ligne',
+      bellOnComplete: 'Son de fin',
+      bellOnCompleteHint: 'Jouer un son lorsque l\'IA a termine',
+      busyInputMode: 'Mode saisie active',
+      busyInputModeHint: 'Permettre la saisie pendant le traitement de l\'IA',
+      theme: 'Thème',
+      themeHint: 'Choisir clair, sombre ou suivre les preferences du systeme',
+      themeLight: 'Clair',
+      themeDark: 'Sombre',
+      themeSystem: 'Systeme',
+    },
+    agent: {
+      maxTurns: 'Tours maximum',
+      maxTurnsHint: 'Nombre maximum de tours d\'interaction par conversation',
+      gatewayTimeout: 'Delai d\'attente de la passerelle',
+      gatewayTimeoutHint: 'Delai d\'attente de la requete en secondes',
+      restartDrainTimeout: 'Delai de vidange au redemarrage',
+      restartDrainTimeoutHint: 'Delai de vidange avant redemarrage en secondes',
+      toolEnforcement: 'Application des outils',
+      toolEnforcementHint: 'Controler le mode d\'execution des appels d\'outils',
+      auto: 'Automatique',
+      always: 'Toujours',
+      never: 'Jamais',
+    },
+    memory: {
+      enabled: 'Activer la memoire',
+      enabledHint: 'Permettre a l\'IA de memoriser le contexte de conversation',
+      userProfile: 'Profil utilisateur',
+      userProfileHint: 'Permettre a l\'IA de memoriser les preferences utilisateur',
+      charLimit: 'Limite de caracteres de la memoire',
+      charLimitHint: 'Nombre maximum de caracteres pour MEMORY.md',
+      userCharLimit: 'Limite de caracteres du profil utilisateur',
+      userCharLimitHint: 'Nombre maximum de caracteres pour USER.md',
+    },
+    compression: {
+      enabled: 'Activer la compression',
+      enabledHint: 'Compresser automatiquement un long historique avant de depasser le contexte du modele',
+      threshold: 'Seuil de compression',
+      thresholdHint: 'Demarrer la compression quand les jetons estimes depassent ce ratio de contexte',
+      targetRatio: 'Ratio cible',
+      targetRatioHint: 'Taille cible de l\'historique apres compression comme ratio du contexte',
+      protectLastN: 'Proteger les messages recents',
+      protectLastNHint: 'Garder autant de messages recents non compresses',
+      protectFirstN: 'Proteger les premiers messages',
+      protectFirstNHint: 'Garder autant de premiers messages non compresses',
+    },
+    session: {
+      mode: 'Mode de reinitialisation',
+      modeHint: 'Condition de declenchement de la reinitialisation de session',
+      modeBoth: 'Inactivite + Planifie',
+      modeIdle: 'Inactivite uniquement',
+      modeDaily: 'Planifie uniquement',
+      modeNone: 'Jamais (manuel uniquement)',
+      idleMinutes: 'Delai d\'inactivite',
+      idleMinutesHint: 'Temps d\'attente avant reinitialisation automatique (minutes)',
+      atHour: 'Heure de reinitialisation planifiee',
+      humanOnly: 'Afficher uniquement les sessions humaines',
+      humanOnlyHint: 'Masquer par défaut le bruit des sous-agents et du moniteur de session',
+      liveMonitorHumanOnly: 'Moniteur live : n’afficher que les sessions humaines',
+      liveMonitorHumanOnlyHint: 'Masquer par défaut le bruit des sous-agents et du moniteur de session dans le moniteur live',
+      atHourHint: 'Reinitialiser la session a cette heure chaque jour',
+      requireAuth: 'Autorisation de session',
+      requireAuthHint: 'Requiere l\'autorisation pour les operations de session',
+    },
+    privacy: {
+      redactPii: 'Masquer les DPI',
+      redactPiiHint: 'Detecter et masquer automatiquement les informations sensibles (mots de passe, cles, etc.)',
+    },
+    apiServer: {
+      enable: 'Activer',
+      enableHint: 'Activer le serveur API',
+      host: 'Hote',
+      hostHint: 'Adresse d\'ecoute',
+      port: 'Port',
+      portHint: 'Port d\'ecoute',
+      key: 'Cle',
+      keyHint: 'Cle d\'acces API',
+      cors: 'Origines CORS',
+      corsHint: 'Sources cross-origin autorisees',
+    },
+    voice: {
+      ttsProvider: 'Fournisseur TTS',
+      ttsProviderHint: 'Choisir le moteur de synthese vocale pour la lecture des messages',
+      providerWebSpeech: 'WebSpeech API (Navigateur)',
+      providerOpenai: 'OpenAI TTS',
+      providerCustom: "Point d'acces personnalise (compatible OpenAI)",
+      providerEdge: 'Edge TTS (Gratuit, sans cle API)',
+
+      // WebSpeech
+      webspeechVoice: 'Voix',
+      webspeechVoiceHint: "Choisir une voix depuis le navigateur ou l'OS",
+      webspeechVoicePlaceholder: 'Auto (voix par defaut)',
+
+      // OpenAI
+      openaiKey: 'Cle API',
+      openaiKeyHint: 'Votre cle API OpenAI avec acces TTS',
+      openaiUrl: 'URL de base API',
+      openaiUrlHint: 'ex. https://api.openai.com/v1/audio/speech',
+      openaiModel: 'Modele',
+      openaiModelHint: 'tts-1 (rapide) / tts-1-hd (haute qualite)',
+      openaiVoice: 'Voix',
+      openaiVoiceHint: 'Voix a utiliser pour la synthese',
+
+      // Custom endpoint
+      customHint: 'Utilisez toute API TTS compatible OpenAI — fonctionne avec GPT-SoVITS, CosyVoice, etc.',
+      customUrl: 'URL API',
+      customUrlHint: 'URL de base de votre service TTS',
+      customUrlPlaceholder: "Adresse configuree dans l'adaptateur local, ex. http://127.0.0.1:9880",
+      customApiKey: 'Cle API (optionnelle)',
+      customApiKeyHint: "Certains points d'acces personnalises necessitent une authentification",
+      customApiKeyPlaceholder: 'Laisser vide si inutile',
+
+      // Edge TTS
+      edgeHint: 'Propulse par Microsoft Edge TTS (node-edge-tts).',
+      edgeUrl: "URL de l'adaptateur",
+      edgeUrlHint: "Adresse de l'adaptateur Edge TTS, ex. http://127.0.0.1:9882",
+      edgeUrlPlaceholder: 'http://127.0.0.1:9882',
+      edgeVoice: 'Voix',
+      edgeVoiceHint: 'Choisir une voix pour la synthese vocale',
+      edgeRate: 'Vitesse',
+      edgeRateHint: "Ajuster la vitesse de la voix (0.5x ~ 2.0x)",
+      edgePitch: 'Hauteur',
+      edgePitchHint: "Ajuster la hauteur de la voix (-20 ~ +20 Hz)",
+
+      // Test
+      testTitle: 'Test vocal',
+      testText: 'Texte de test',
+      testTextPlaceholder: 'Entrez le texte a tester...',
+      testTextDefault: 'Bonjour, ceci est un test vocal.',
+      testButton: 'Tester',
+      testButtonPlaying: 'Lecture...',
+      testFailed: 'Echec du test : {error}',
+
+      // MiMo TTS
+      providerMimo: 'MiMo TTS',
+      mimoHint: 'Xiaomi MiMo TTS — voices predefinies, conception vocale et clonage vocal',
+      mimoApiKey: 'Cle API',
+      mimoApiKeyHint: 'Obtenez votre cle sur platform.xiaomimimo.com',
+      mimoApiKeyPlaceholder: 'Cle API MiMo',
+      mimoBaseUrl: 'URL de base',
+      mimoBaseUrlHint: 'URL de l\'endpoint API MiMo',
+      mimoModel: 'Modele',
+      mimoModelHint: 'Selectionnez le modele de synthese vocale',
+      mimoModelPreset: 'Voix predefinies',
+      mimoModelVoiceDesign: 'Conception vocale',
+      mimoModelVoiceClone: 'Clonage vocal',
+      mimoVoice: 'Voix',
+      mimoVoiceHint: 'Selectionnez une voix predefinie',
+      mimoVoiceDesignPrompt: 'Description vocale',
+      mimoVoiceDesignPromptHint: 'Decrivez les caracteristiques vocales souhaitees',
+      mimoVoiceDesignPromptPlaceholder: 'Ex : Une voix feminine chaude et jeune, legerement lente, avec un ton magnetique',
+      mimoCloneAudio: 'Televerser un audio',
+      mimoCloneAudioHint: 'Televersez un echantillon audio pour le clonage (mp3/wav, max 10 Mo)',
+      mimoCloneAudioUpload: 'Choisir un fichier',
+      mimoCloneAudioClear: 'Effacer',
+      mimoStylePrompt: 'Invite de style',
+      mimoStylePromptHint: 'Optionnel — decrivez le style de parole en langage naturel',
+      mimoStylePromptPlaceholder: 'Ex : Ton vif et entrain, rythme rapide',
+    },
+    lockedIps: {
+      title: 'IPs bloquees',
+      count: '{count} bloquees',
+      empty: 'Aucune IP bloquee',
+      unlock: 'Debloquer',
+      unlockAll: 'Tout debloquer',
+      unlockAllConfirm: 'Debloquer toutes les IPs?',
+      unlocked: 'IP debloquee',
+      allUnlocked: '{count} IPs debloquees',
+    },
+    models: {
+      apiKey: 'API Key',
+      apiKeyPlaceholder: 'Saisir l’API Key',
+      noProviders: 'Aucun fournisseur configuré',
+      save: 'Enregistrer',
+      saveFailed: 'Échec de l’enregistrement',
+      saved: 'Enregistré',
+    },
+  },
+  githubPreview: {
+    title: "Aperçu de version",
+    description: "Clone le tag GitHub sélectionné dans l’espace de prévisualisation Web UI, installe les dépendances, puis lance l’application sur les ports de développement.",
+    refresh: "Actualiser",
+    selectTag: "Sélectionner un tag",
+    prepare: "Préparer le code",
+    install: "Installer les dépendances",
+    start: "Démarrer l’aperçu",
+    stop: "Arrêter",
+    note: "Le code de prévisualisation est stocké dans le dossier de données Web UI. La production reste sur le port 8648 ; la prévisualisation utilise le frontend 8651 et le backend 8650.",
+    path: "Chemin de prévisualisation",
+    webuiHome: "Données de prévisualisation",
+    currentTag: "Tag actuel",
+    repoReady: "Dépôt prêt",
+    dependencies: "Dépendances installées",
+    running: "État",
+    notRunning: "Arrêté",
+    open: "Ouvrir l’aperçu",
+    log: "Chemin du journal d’action",
+    logOutput: "Sortie des journaux",
+    actionLog: "Journal d’action",
+    devLog: "Journal du serveur dev",
+    yes: "Oui",
+    no: "Non",
+    actionFailed: "Échec de l’action",
+    nodeEnvironmentMissing: "Node/npm n’a pas été détecté. Installez Node.js puis réessayez.",
+    prepareSuccess: "Code de prévisualisation prêt",
+    installSuccess: "Dépendances installées",
+    startSuccess: "Prévisualisation terminée",
+    stopSuccess: "Prévisualisation arrêtée",
+  },
+
+  codingAgents: {
+    title: "Agents de code",
+    notice: "Tous les fournisseurs et modèles ne sont pas compatibles.",
+    claudeDescription: "CLI Anthropic pour les tâches ponctuelles en print mode et les sessions de code interactives.",
+    codexDescription: "CLI OpenAI et flux fournisseur Hermes openai-codex pour les tâches de dépôt.",
+    copyCommand: "Copier",
+    commandCopied: "Commande copiée",
+    commandCopyFailed: "Échec de la copie",
+    refresh: "Actualiser",
+    checking: "Vérification",
+    installStatus: "État d’installation",
+    installed: "Installé",
+    notInstalled: "Non installé",
+    installNow: "Installer",
+    installing: "Installation",
+    installSuccess: "Installé",
+    installFailed: "Échec de l’installation",
+    nodeEnvironmentMissing: "Node/npm n’a pas été détecté. Installez Node.js puis réessayez.",
+    deleteNow: "Supprimer",
+    deleting: "Suppression",
+    deleteSuccess: "Supprimé",
+    deleteFailed: "Échec de la suppression",
+    configFiles: "Fichiers de configuration",
+    profileScope: "Profil",
+    providerScope: "Fournisseur",
+    providerPlaceholder: "ex. custom:glm",
+    modelScope: "Modèle",
+    modelPlaceholder: "Sélectionner un modèle",
+    launchModeScope: "Mode de lancement",
+    launchModeGlobal: "Configuration globale",
+    launchModeScoped: "Fournisseur et modèle",
+    protocolScope: "Protocole",
+    protocolOpenAiChat: "OpenAI Chat Completions (/v1/chat/completions)",
+    protocolOpenAiResponses: "OpenAI Responses (/v1/responses)",
+    protocolAnthropicMessages: "Anthropic Messages (/v1/messages)",
+    reloadConfig: "Recharger la configuration",
+    configFileNotCreated: "Non créé",
+    configLoadFailed: "Impossible de lire le fichier de configuration",
+    loadFailed: "Impossible d’inspecter les agents de code",
+    launch: "Lancer",
+    launchTitle: "Lancer l’agent de code",
+    nativeTerminal: "Terminal natif",
+    builtInTerminal: "Terminal intégré",
+    launchPrepared: "Configuration de lancement prête",
+    launchPrepareFailed: "Échec de la préparation du lancement",
+    nativeLaunchStarted: "Terminal natif ouvert",
+    nativeLaunchFailed: "Impossible d’ouvrir le terminal natif",
+    terminalTitle: "Terminal de l’agent de code",
+    loadProvidersFailed: "Impossible de charger les fournisseurs du profil actuel",
+    selectProviderModel: "Sélectionnez un fournisseur et un modèle",
+    launchConfigDir: "Dossier de configuration de lancement",
+    launchCommand: "Commande de lancement",
+    table: {
+      tool: "Outil",
+      kind: "Étape",
+      command: "Commande",
+      note: "Note",
+      action: "Action",
+    },
+    kinds: {
+      install: "Installer",
+      auth: "Auth",
+      health: "Santé",
+      run: "Exécuter",
+    },
+    notes: {
+      claudeInstall: "Installe la CLI Claude Code globalement.",
+      codexInstall: "Installe la CLI Codex globalement.",
+      claudeAuth: "Vérifie l’état de connexion Claude Code ; exécutez claude une fois si la connexion manque.",
+      codexAuth: "Ajoute les identifiants OAuth OpenAI Codex gérés par Hermes.",
+      claudeHealth: "Vérifie le programme de mise à jour et l’état de la CLI locale.",
+      codexHealth: "Confirme que la CLI Codex est disponible dans PATH.",
+      claudeRun: "Print mode est le chemin le plus propre pour les tâches ponctuelles pilotées par API.",
+      codexRun: "Les tâches ponctuelles Codex doivent s’exécuter dans un dépôt git.",
+    },
+  },
+
+  // Platform channel settings
+  platform: {
+    requireMention: "Exiger une mention {'@'}",
+    requireMentionGroup: "Exiger une mention {'@'} dans les groupes pour repondre",
+    requireMentionChannel: "Exiger une mention {'@'} dans les canaux pour repondre",
+    requireMentionRoom: "Exiger une mention {'@'} dans les salles pour repondre",
+    reactions: 'Réactions',
+    reactionsHint: 'Reagir aux messages avec des emoji',
+    freeResponseChats: 'Discussions en reponse libre',
+    freeResponseChatsHint: "ID de discussions repondant sans mention {'@'} (separes par des virgules)",
+    freeResponseChannels: 'Canaux en reponse libre',
+    freeResponseChannelsHint: "ID de canaux repondant sans mention {'@'} (separes par des virgules)",
+    freeResponseRooms: 'Salles en reponse libre',
+    freeResponseRoomsHint: "ID de salles repondant sans mention {'@'} (separes par des virgules)",
+    mentionPatterns: 'Motifs de mention personnalises',
+    mentionPatternsHint: 'Motifs de declenchement supplementaires',
+    autoThread: 'Fil automatique',
+    autoThreadHint: "Creer automatiquement des fils de reponse apres une mention {'@'}",
+    autoThreadHintRoom: 'Creer automatiquement des fils de reponse dans les salles',
+    dmMentionThreads: 'Fils de mention en MP',
+    dmMentionThreadsHint: 'Utiliser des fils de reponse pour les mentions en MP',
+    allowBots: 'Autoriser les messages de bots',
+    allowBotsHint: 'Repondre aux messages d\'autres bots',
+    allowedChannels: 'Canaux autorises',
+    allowedChannelsHint: 'Liste blanche des ID de canaux (separes par des virgules)',
+    ignoredChannels: 'Canaux ignores',
+    ignoredChannelsHint: 'Canaux ou le bot ne repond jamais (separes par des virgules)',
+    noThreadChannels: 'Canaux sans fil',
+    noThreadChannelsHint: 'Canaux ou le bot repond sans fil (separes par des virgules)',
+    exclusiveTokenWarning: 'Cette plateforme utilise un verrou de jeton exclusif. Chaque profil doit utiliser un jeton d\'identite different pour eviter les conflits avec les autres profils.',
+    botToken: 'Jeton de bot',
+    botTokenHint: 'Jeton de bot depuis le portail developpeur',
+    accessToken: 'Jeton d\'acces',
+    accessTokenHint: 'Jeton d\'acces Matrix',
+    homeserver: 'URL du serveur domestique',
+    homeserverHint: 'URL du serveur domestique Matrix',
+    appId: 'ID de l\'application',
+    appIdHint: 'ID de l\'application Feishu',
+    appSecret: 'Secret de l\'application',
+    appSecretHint: 'Secret de l\'application Feishu',
+    clientId: 'ID client',
+    clientIdHint: 'ID client DingTalk',
+    clientSecret: 'Secret client',
+    clientSecretHint: 'Secret client DingTalk',
+    cardTemplateId: 'ID du modèle de carte IA',
+    cardTemplateIdHint: 'ID du modèle de carte IA DingTalk ; laisser vide pour désactiver les cartes IA',
+    botId: 'ID du bot',
+    botIdHint: 'ID du bot WeCom',
+    wecomSecretHint: 'Secret du bot WeCom',
+    waEnabled: 'Activer WhatsApp',
+    waEnabledHint: 'Activer WhatsApp via appairage par code QR',
+    weixinToken: 'Jeton Weixin',
+    weixinTokenHint: 'Depuis la connexion QR de la CLI weixin (hermes weixin)',
+    accountId: 'ID de compte',
+    accountIdHint: 'ID du compte Weixin',
+    qrLogin: 'Connexion QR',
+    qrRelogin: 'Reconnexion',
+    qrFetching: 'Recuperation du code QR...',
+    qrScanHint: 'Scannez avec WeChat pour vous connecter',
+    qrScanedHint: 'Scanne, veuillez confirmer sur le telephone...',
+    qqSandboxHint: 'Activer l’environnement sandbox (pour les tests)',
+    qqSandbox: 'Mode sandbox',
+    qqQrScanHint: 'Scannez le QR code avec QQ ou ouvrez le lien sur téléphone pour terminer l’association',
+    qqMarkdownHint: 'Activer les messages au format Markdown (certains clients peuvent ne pas le prendre en charge)',
+    qqMarkdown: 'Support Markdown',
+    qqAppSecretHint: 'App Secret du bot QQ Open Platform',
+    qqAppSecret: 'App Secret',
+    qqAppIdHint: 'App ID du bot QQ Open Platform',
+    qqAppId: 'App ID',
+    allowedUsersHint: 'Liste blanche d’ID utilisateur ou OpenID, séparés par des virgules',
+    allowedUsers: 'Utilisateurs autorisés',
+    allowAllUsersHint: 'Autoriser les messages de tout utilisateur ; désactivez pour utiliser la liste blanche',
+    allowAllUsers: 'Autoriser tous les utilisateurs',
+  },
+
+  // Language
+  language: {
+    label: 'Langue',
+    zh: '中文',
+    en: 'English',
+    fr: 'Francais',
+  },
+
+  // Terminal
+  terminal: {
+    sessions: 'Sessions',
+    newTab: 'Nouveau terminal',
+    closeSession: 'Fermer cette session ?',
+    sessionExited: 'Terminee',
+    processExited: 'Processus termine avec le code {code}',
+    noSessions: 'Aucune session terminal',
+    connectionFailed: 'Connexion au terminal impossible',
+    connectionError: 'Erreur de connexion',
+    connectionClosed: 'Connexion fermée',
+  },
+
+  // Usage
+  usage: {
+    title: 'Statistiques d\'utilisation',
+    refresh: 'Actualiser',
+    totalTokens: 'Total des jetons',
+    inputTokens: 'Entree',
+    outputTokens: 'Sortie',
+    totalSessions: 'Total des sessions',
+    avgPerDay: '~{n}/jour en moy.',
+    estimatedCost: 'Cout est.',
+    cacheHitRate: 'Taux de succes du cache',
+    modelBreakdown: 'Repartition par modele',
+    dailyTrend: 'Utilisation quotidienne',
+    date: 'Date',
+    tokens: 'Jetons',
+    cache: 'Cache',
+    cacheRead: 'Lecture cache',
+    cacheWrite: 'Écriture cache',
+    sessions: 'Sessions',
+    cost: 'Cout',
+    noData: 'Aucune donnee d\'utilisation',
+  },
+
+  skillsUsage: {
+    title: 'Utilisation des compétences',
+    subtitle: 'Suivre les chargements et modifications de compétences dans les sessions Hermes',
+    refresh: 'Actualiser',
+    periodSelector: 'Période d\'utilisation des compétences',
+    periodLabel: '{days} j',
+    summary: 'Résumé',
+    totalActions: 'Act.',
+    loads: 'Charg.',
+    edits: 'Modif.',
+    distinctSkills: 'Comp.',
+    topSkills: 'Top comp.',
+    dailyTrend: 'Tendance',
+    periodSummary: '{days} derniers jours',
+    skill: 'Comp.',
+    share: '%',
+    lastUsed: 'Dern. usage',
+    noData: 'Aucune donnée d\'utilisation des compétences',
+    loadFailed: 'Impossible de charger l\'utilisation des compétences',
+    otherSkills: 'Autres comp.',
+  },
+
+  // Journal des modifications
+  changelog: {
+    new_0_6_7_1: 'L application desktop utilise maintenant le port 8748 par défaut, prend en charge l accès LAN et peut être ouverte directement depuis un navigateur local',
+    new_0_6_7_9: 'Les liens de téléchargement desktop sont maintenant disponibles sur le site officiel https://hermes-studio.ai/, et les derniers installateurs restent disponibles via GitHub Releases',
+    new_0_6_7_2: 'Les outils MCP sont plus complets avec des corrections de découverte bridge, de cycle de vie MCP et des contrôles de visibilité par modèle dans le gestionnaire',
+    new_0_6_7_3: 'Les listes de messages centrent mieux les états vides, réduisent les sauts de scroll, évitent d afficher le chat actif pendant le chargement de History, conservent la position par session et ajoutent un fondu de 1,5 seconde au changement de session',
+    new_0_6_7_4: 'Bridge et runtime sont plus stables avec ordre texte/tool-call préservé, chargement du statut runtime de Profile corrigé, meilleure détection Node/npm et création du dossier de données production évitée',
+    new_0_6_7_5: 'La distribution Desktop couvre packaging Electron, nom d application, builds preload, uploads des artifacts, lancement Hermes CLI sous Windows, icônes Linux et chemins de données inscriptibles, macOS sans certificat de signature et sous-processus Windows masqués au démarrage',
+    new_0_6_7_6: 'Le site web ajoute les téléchargements et le workflow de déploiement, avec déploiement corrigé pour les environnements sans rsync',
+    new_0_6_7_7: 'Les corrections serveur et auth utilisent dirname pour les dossiers de credentials Windows et augmentent la limite d upload avatar afin d éviter les erreurs 413 sur les grandes images',
+    new_0_6_7_8: 'Le harness du dépôt, les docs de validation et les guides agent pour Coding Agents ont été ajoutés, tandis que les anciens docs de setup script ont été retirés',
+    new_0_6_4_1: 'CI est renforcé avec une installation npm figée et une couverture Docker smoke pour les PR',
+    new_0_6_4_2: 'Le chat utilise maintenant une pagination virtualisée pour rendre les longues conversations plus fiables au scroll et au chargement',
+    new_0_6_4_3: 'La publication des images Docker ne s exécute désormais que pour les releases, pas pour les checks PR ordinaires',
+    new_0_6_4_4: 'Version Preview est disponible pour les super admins, avec sélection main/tag, checkout preview, installation des dépendances, start/stop et logs',
+    new_0_6_4_5: 'Les instances preview isolent les ports frontend/backend, le Web UI home et l agent bridge endpoint, avec des patches runtime pour les anciens tags couvrant ports, WebSocket, base URL et navigation preview imbriquée',
+    new_0_6_4_6: 'Les tables legacy session_usage sans created_at migrent maintenant correctement avec une valeur par défaut',
+    new_0_6_4_7: 'Les endpoints bridge profile worker sont maintenant séparés par broker endpoint, évitant que production et preview avec le même Profile se volent les worker sockets et provoquent des erreurs unknown run',
+    new_0_6_5_1: 'Coding Agents ajoute un workflow complet pour Claude Code et Codex, avec configuration globale, espaces isolés par profile/provider et terminal intégré ou natif',
+    new_0_6_5_2: 'Le lancement Codex prend en charge OpenAI Chat Completions, OpenAI Responses et Anthropic Messages, avec proxy local pour différents fournisseurs',
+    new_0_6_5_3: 'Coding Agents est plus fiable sous Windows avec détection des shims .cmd/.bat, corrections de terminal et Claude Code custom model sans validation locale',
+    new_0_6_5_4: 'Listes de messages, pagination History, authentification TTS, mentions agent en chat de groupe, désactivation des checks update et bridge worker transport améliorent la stabilité',
+    new_0_6_3_1: 'Le statut du spinner Bridge n est plus stocke comme reasoning du modele, evitant que du texte thinking decoratif contamine le contexte futur',
+    new_0_6_3_2: 'History ajoute des controles pour importer les sessions Hermes CLI dans l historique local Web UI avec une normalisation de messages plus sure',
+    new_0_6_3_3: 'La configuration Provider prend en charge les base URLs integrees editables, LM Studio comme provider integre et la decouverte live via LM Studio /models',
+    new_0_6_3_4: 'Les requetes OpenRouter envoyees par le bridge Web UI incluent maintenant les headers d attribution Hermes Web UI',
+    new_0_6_3_5: 'L endpoint public auth status n expose plus le premier nom utilisateur aux requetes non authentifiees',
+    new_0_6_3_6: 'Les reglages DingTalk incluent maintenant un champ AI Card Template ID persiste en DINGTALK_CARD_TEMPLATE_ID',
+    new_0_6_3_7: 'La sortie JSON du socket Bridge nettoie les caracteres Unicode surrogate isoles afin d eviter les crashs SSE du chat',
+    new_0_6_2_1: 'Web Bridge prend désormais en charge les commandes /plan avec démarrage correct du run et état de commande visible',
+    new_0_6_2_2: 'Le menu de commandes du champ de chat inclut maintenant /goal et /subgoal, avec les actions état, pause, reprise, terminé et effacer',
+    new_0_6_2_3: 'Les workflows Goal et subgoal sont intégrés aux sessions de chat, avec reprises de goal et mises à jour de statut',
+    new_0_6_2_4: 'Les options de canal cible des jobs sont restaurées afin que les jobs planifiés choisissent la bonne destination',
+    new_0_6_2_5: 'L’usage des tokens de contexte reprend correctement après reconnexion grâce aux calculs tenant compte des snapshots',
+    new_0_6_2_6: 'La compression des checkpoints de contexte est plus fiable quand le résumé Codex est lent : Web UI attend 5 minutes et le Python bridge broker ne coupe plus les requêtes worker après 2 minutes',
+    new_0_6_2_7: 'La promotion de la file du chat est corrigée afin que les messages queued n’entrent plus trop tôt dans la liste, y compris dans les fenêtres synchronisées',
+    new_0_6_2_8: 'Les prompts Clarify n’envoient plus les réponses texte avec Entrée, et les prompts déjà répondus ne se rouvrent plus après changement de session',
+    new_0_6_2_9: 'Le refresh d’environnement terminal Bridge et le nettoyage stale pid sont mieux limités, réduisant les états runtime obsolètes dans l’UI',
+    new_0_6_2_10: 'La longueur de contexte par défaut suit désormais le standard Hermes de 256 000 tokens',
+    new_0_5_35_1: 'Les sessions Bridge peuvent maintenant s’exécuter en parallèle entre sessions différentes, tandis que les runs d’une même session restent sérialisés pour préserver l’ordre',
+    new_0_5_35_2: 'Ajoute la page Performance Monitor pour le CPU/mémoire système, Web UI, Bridge Broker, Workers et l’état des sessions actives',
+    new_0_5_35_3: 'Ajoute des métriques par worker avec CPU, mémoire, Profile, nombre de sessions et état d’exécution',
+    new_0_5_35_4: 'Améliore le nettoyage du cycle de vie des Bridge workers afin de récupérer les workers lors de l’arrêt du Broker ou du processus parent et réduire les processus Python orphelins',
+    new_0_5_35_5: 'Renforce la compatibilité du monitoring avec des fallbacks de collecte pour macOS, Windows, Linux, Docker et Termux',
+    new_0_5_35_6: 'Performance Monitor ne bloque plus sur les requêtes worker pendant l’initialisation des Agents, réduisant les request timeouts sous Windows',
+    new_0_5_35_7: 'Chat Markdown prend désormais en charge la prévisualisation inline du contenu texte, et les icônes de téléchargement téléchargent directement les fichiers',
+    new_0_5_35_8: 'Améliore le drawer de contenu avec fermeture mobile, largeur complète sur mobile, largeur desktop 800px et fonds texte/Markdown cohérents',
+    new_0_6_0_1: 'La gestion par compte et par Profile protège désormais de façon cohérente les sessions, modèles, usage, Kanban, jobs, uploads, médias et APIs Hermes associées',
+    new_0_6_0_2: 'Les Skills média intégrés utilisent le token serveur généré uniquement pour les endpoints média et résolvent les identifiants fun-codex/xAI depuis le Profile demandé',
+    new_0_6_0_3: 'Le chat individuel et le chat de groupe injectent le Hermes Profile courant dans les instructions de run afin que les Skills envoient X-Hermes-Profile',
+    new_0_6_0_4: 'La progression des subagents delegate_task est maintenant diffusée dans l’UI du chat avec les états démarrage, outil, progression et fin',
+    new_0_6_0_5: 'L’arrêt ou l’abandon d’un run nettoie les événements temporaires afin que les anciens états abort ne passent pas au chat suivant',
+    new_0_6_0_6: 'Met à jour la documentation et le site pour la gestion des comptes, les identifiants par défaut, la gestion compte/Profile, les uploads/downloads et les Skills média',
+    new_0_6_0_7: 'Ajoute des commandes CLI de maintenance pour effacer les verrous IP de connexion et réinitialiser le login par défaut admin / 123456',
+    new_0_6_0_8: 'La version 0.6.0 marque la limite entre la Web UI mono-utilisateur et multi-utilisateur. En cas de problème avec le mode multi-utilisateur, ouvrez une issue et revenez si besoin à la version mono-utilisateur 0.5.35',
+    new_0_6_1_1: 'Les listes de sessions affichent par défaut tous les Profiles disponibles pour le compte ; le filtrage Profile ne s’applique que s’il est explicite, et CLI start/stop/status n’affichent plus l’avertissement node:sqlite',
+    new_0_6_1_2: 'Les réponses Clarify et de confirmation passent maintenant par le socket de chat authentifié jusqu’au bridge Hermes, avec des tests du chemin de réponse',
+    new_0_6_1_3: 'Les entrées de navigation et lignes de sessions utilisent des liens natifs pour ouvrir dans un nouvel onglet, copier le lien et conserver les groupes latéraux repliés',
+    new_0_6_1_4: 'Les liens de session ne propagent plus le Profile de route dans le filtrage normal, et les libellés Ouvrir dans un nouvel onglet sont localisés',
+    new_0_6_1_5: 'Skills lit skills.external_dirs dans la configuration du Profile actif, marque les skills externes, conserve la priorité locale et résout les fichiers externes',
+    new_0_6_1_6: 'Le verrouillage IP de connexion autorise maintenant 10 échecs et l’écran verrouillé affiche les commandes de récupération pour lever le verrou et réinitialiser le login par défaut',
+    new_0_6_1_7: 'Les déconnexions chat mobile ou arrière-plan sont traitées comme temporaires, puis la reconnexion reprend l’état du run depuis le serveur',
+    new_0_6_1_8: 'Le flush des marqueurs d’outils Bridge persiste maintenant les préfixes partiels aux limites d’outil et de run',
+    new_0_6_1_9: 'Les actions History conscientes du Profile suppriment les sessions avec des cibles qualifiées par Profile et rafraîchissent History au changement global de Profile',
+    new_0_6_1_10: 'L’ancien bypass AUTH_DISABLED a été retiré pour le modèle multi-utilisateur, tandis que AUTH_TOKEN reste pris en charge',
+  },
+
+  // Fichiers
+  files: {
+    title: 'Fichiers',
+    tree: 'Arborescence',
+    list: 'Liste des fichiers',
+    breadcrumbRoot: 'Accueil',
+    newFile: 'Nouveau fichier',
+    newFolder: 'Nouveau dossier',
+    upload: 'Telecharger',
+    refresh: 'Actualiser',
+    open: 'Ouvrir',
+    edit: 'Modifier',
+    preview: 'Apercu',
+    download: 'Telecharger',
+    copyPath: 'Copier le chemin',
+    rename: 'Renommer',
+    delete: 'Supprimer',
+    name: 'Nom',
+    size: 'Taille',
+    modified: 'Modifie',
+    actions: 'Actions',
+    emptyDir: 'Dossier vide',
+    loading: 'Chargement...',
+    confirmDelete: 'Voulez-vous vraiment supprimer "{name}" ?',
+    confirmDeleteDir: 'Voulez-vous vraiment supprimer le dossier "{name}" et tout son contenu ?',
+    deleteFailed: 'Echec de la suppression',
+    deleted: 'Supprime',
+    renameTo: 'Renommer en',
+    newFileName: 'Nom du fichier',
+    newFolderName: 'Nom du dossier',
+    created: 'Cree',
+    createFailed: 'Echec de la creation',
+    renamed: 'Renomme',
+    renameFailed: 'Echec du renommage',
+    uploadSuccess: '{count} fichier(s) televerse(s)',
+    uploadFailed: 'Echec du televersement',
+    saveFailed: 'Echec de l\'enregistrement',
+    saved: 'Enregistre',
+    unsavedChanges: 'Vous avez des modifications non enregistrees. Annuler ?',
+    pathCopied: 'Chemin copie',
+    fileTooLarge: 'Fichier trop volumineux (max 10 Mo)',
+    permissionDenied: 'Impossible de modifier un fichier protege',
+    notFound: 'Fichier ou dossier introuvable',
+    backendError: 'Echec de l\'operation sur le fichier',
+    dragDropHint: 'Glissez des fichiers ici pour les televerser',
+    closeEditor: 'Fermer l\'editeur',
+    closePreview: 'Fermer',
+    saveFile: 'Enregistrer',
+    fileTree: 'Arborescence des fichiers',
+  },
+
+  // Chat de groupe
+  groupChat: {
+    title: 'Chat de groupe',
+    createRoom: 'Creer un salon',
+    joinByCode: 'Rejoindre avec un code',
+    roomName: 'Nom du salon',
+    roomNamePlaceholder: 'Entrez le nom du salon',
+    inviteCode: "Code d'invitation",
+    autoGenerate: 'Generer automatiquement',
+    noRooms: 'Aucun salon pour le moment',
+    selectOrCreate: 'Selectionnez ou creez un salon pour commencer a discuter',
+    agents: 'Agents',
+    addAgent: 'Ajouter un agent',
+    selectProfile: 'Selectionnez un profil',
+    agentAdded: 'Agent ajoute',
+    agentAlreadyInRoom: "L'agent est deja dans ce salon",
+    agentAddFailedCount: "{count} agent(s) n'ont pas ete ajoutes : {details}",
+    noAgents: 'Aucun agent dans ce salon',
+    members: 'Membres',
+    roomCreated: 'Salon cree',
+    roomDeleted: 'Salon supprime',
+    roomCloned: 'Salon clone',
+    cloneRoom: 'Cloner le salon',
+    copyRoomLink: 'Copier le lien du salon',
+    deleteRoomConfirm: 'Supprimer ce salon ?',
+    clearContext: 'Effacer le contexte',
+    clearContextConfirm: 'Effacer le contexte de ce salon ? Les messages et instantanés de compression seront supprimés, les agents et membres restent.',
+    contextCleared: 'Contexte effacé',
+    you: 'Vous',
+    joined: 'Vous avez rejoint le salon',
+    joinFailed: 'Echec de la connexion au salon',
+    inputPlaceholder: 'Tapez un message... (Entree pour envoyer)',
+    enterCode: "Entrez le code d'invitation",
+    yourName: 'Votre nom',
+    yourNamePlaceholder: "Entrez votre nom d'affichage",
+    yourDescription: 'Description (facultatif)',
+    yourDescriptionPlaceholder: 'Decrivez-vous aux autres...',
+    agentName: 'Nom de l\'agent',
+    agentNamePlaceholder: 'Nom personnalise (vide = nom du profil)',
+    agentDesc: 'Description de l\'agent',
+    agentDescPlaceholder: 'Decrivez le role de cet agent...',
+    agentReplying: 'est en train de répondre...',
+    agentCompressing: 'compresse le contexte...',
+    compressionSettings: 'Paramètres de compression',
+    triggerTokens: 'Seuil de tokens',
+    triggerTokensDesc: 'Seuil de tokens pour déclencher la compression',
+    maxHistoryTokens: 'Max tokens historique',
+    maxHistoryTokensDesc: 'Maximum de tokens pour le contexte compressé',
+    tailMessageCount: 'Messages récents',
+    tailMessageCountDesc: 'Nombre de messages récents à conserver',
+    compressionConfig: 'Config. compression',
+    compressNow: 'Comprimer maintenant',
+    compressingInProgress: 'Compression en cours',
+    compressionSaved: 'Configuration enregistrée',
+  },
+
+  // Telechargement
+  download: {
+    downloading: 'Telechargement...',
+    downloadFailed: 'Echec du telechargement',
+    fileNotFound: 'Fichier introuvable ou supprime',
+    fileTooLarge: 'Fichier trop volumineux (limite depassee)',
+    backendError: 'Echec de la lecture du fichier, l\'environnement distant est peut-etre indisponible',
+    backendTimeout: 'Delai de lecture du fichier depasse',
+    unsupportedBackend: 'Le backend de terminal actuel ne prend pas en charge le telechargement de fichiers',
+    invalidPath: 'Chemin de fichier invalide',
+    contentDisplay: 'Affichage du contenu',
+    download: 'Telecharger',
+    downloadFile: 'Telecharger le fichier',
+  },
+  gateways: {
+    title: 'Passerelles',
+    running: 'En cours',
+    stopped: 'Arrêté',
+    started: 'Démarré',
+    startFailed: 'Échec du démarrage du gateway',
+    stopFailed: 'Échec de l’arrêt du gateway',
+  },
+  kanban: {
+    title: 'Tableau Kanban',
+    createTask: 'Nouvelle tâche',
+    noTasks: 'Aucune tâche',
+    allStatuses: 'Tous les statuts',
+    allAssignees: 'Tous les responsables',
+    columns: {
+      triage: 'Triage',
+      todo: 'À faire',
+      ready: 'Prêt',
+      running: 'En cours',
+      blocked: 'Bloqué',
+      done: 'Terminé',
+      archived: 'Archivé',
+    },
+    card: {
+      assigneeTooltip: 'Responsable',
+      priority: {
+        low: 'Basse',
+        medium: 'Moyenne',
+        high: 'Haute',
+      },
+      timeAgo: {
+        justNow: 'à l’instant',
+        minutes: 'il y a {count} min',
+        hours: 'il y a {count} h',
+        days: 'il y a {count} j',
+      },
+    },
+    board: {
+      create: 'Nouveau tableau',
+      archive: 'Archiver le tableau',
+      archiveConfirm: 'Archiver le tableau actuel ?',
+      archived: 'Tableau archivé',
+      created: 'Tableau créé',
+      slugPlaceholder: 'Identifiant du tableau, ex. project-a',
+      namePlaceholder: 'Nom affiché (facultatif)',
+      slugRequired: 'L’identifiant du tableau est requis',
+    },
+    form: {
+      title: 'Titre',
+      titlePlaceholder: 'Titre de la tâche',
+      titleRequired: 'Le titre est requis',
+      body: 'Description',
+      bodyPlaceholder: 'Description de la tâche (facultatif)',
+      assignee: 'Responsable',
+      selectAssignee: 'Choisir un responsable...',
+      priority: 'Priorité',
+      selectPriority: 'Choisir une priorité...',
+    },
+    detail: {
+      status: 'Statut',
+      priority: 'Priorité',
+      assignee: 'Responsable',
+      tenant: 'Locataire',
+      createdAt: 'Créé',
+      startedAt: 'Démarré',
+      completedAt: 'Terminé',
+      comments: 'Commentaires',
+      events: 'Événements',
+      runs: 'Exécutions',
+      artifacts: 'Fichiers produits',
+      result: 'Résultat',
+      highlights: 'Informations clés',
+      sources: 'Sources de données',
+      sessions: 'Sessions liées',
+      sessionMessages: 'Messages de session',
+      noSessions: 'Aucune session liée trouvée.',
+    },
+    action: {
+      title: 'Actions',
+      assign: 'Assigner',
+      assignTo: 'Assigner à...',
+      block: 'Bloquer',
+      blockReason: 'Raison du blocage',
+      unblock: 'Débloquer',
+      complete: 'Terminer',
+      completeSummary: 'Résumé de fin (facultatif)',
+    },
+    message: {
+      loadFailed: 'Échec du chargement de la tâche',
+      taskCreated: 'Tâche créée',
+      taskAssigned: 'Tâche assignée',
+      taskBlocked: 'Tâche bloquée',
+      taskUnblocked: 'Tâche débloquée',
+      taskCompleted: 'Tâche terminée',
+    },
+    stats: {
+      total: 'Total',
+      tasks: 'Tâches',
+    },
+  },
+}
diff --git a/packages/client/src/i18n/locales/ja.ts b/packages/client/src/i18n/locales/ja.ts
new file mode 100644
index 0000000..70530b9
--- /dev/null
+++ b/packages/client/src/i18n/locales/ja.ts
@@ -0,0 +1,1548 @@
+export default {
+  // ログイン
+  login: {
+    title: 'Hermes Web UI',
+    description: 'ユーザー名とパスワードを入力して続行してください。',
+    placeholder: 'アクセストークン',
+    submit: 'ログイン',
+    tokenRequired: 'アクセストークンを入力してください',
+    invalidToken: '無効なトークンです',
+    connectionFailed: 'サーバーに接続できません',
+    passwordLogin: 'パスワード',
+    tokenLogin: 'トークン',
+    usernamePlaceholder: 'ユーザー名',
+    passwordPlaceholder: 'パスワード',
+    defaultCredentialsHint: '既定のユーザー名：admin、既定のパスワード：123456',
+    credentialsRequired: 'ユーザー名とパスワードを入力してください',
+    invalidCredentials: 'ユーザー名またはパスワードが正しくありません',
+    tooManyAttempts: 'ログイン試行回数が多すぎます。しばらくしてからお試しください',
+    lockResetHint: '自分のサーバーの場合は、次のコマンドでログインロックを解除できます:',
+    defaultLoginResetHint: '既定の admin パスワードをリセットするには、次を実行してください:',
+    sessionExpired: 'ログインの有効期限が切れました。再度ログインしてください。',
+    accessDenied: 'このリソースにアクセスする権限がありません。',
+    passwordMismatch: 'パスワードが一致しません',
+    passwordTooShort: 'パスワードは6文字以上必要です',
+    setupSuccess: 'パスワードログインが設定されました',
+    passwordChanged: 'パスワードが変更されました',
+    passwordRemoved: 'パスワードログインが削除されました',
+    setupPassword: 'パスワードログインを設定',
+    changePassword: 'パスワードを変更',
+    changeUsername: 'ユーザー名を変更',
+    removePasswordLogin: '削除',
+    username: 'ユーザー名',
+    currentPassword: '現在のパスワード',
+    newPassword: '新しいパスワード',
+    confirmPassword: 'パスワード確認',
+    newUsername: '新しいユーザー名',
+    usernameChanged: 'ユーザー名が変更されました',
+    usernameTooShort: 'ユーザー名は2文字以上必要です',
+    setupDescription: 'ログインに使用するユーザー名とパスワードを管理します。',
+    removeConfirm: 'ユーザーアカウントにはパスワードログインが必要です。',
+    passwordLoginNotConfigured: 'パスワードログイン未設定',
+    passwordLoginConfigured: '現在のアカウント：{username}',
+    defaultCredentialTitle: '既定のアカウント情報を変更してください',
+    defaultCredentialMessage: '現在のログインアカウントは、既定のユーザー名または既定のパスワードをまだ使用しています。不正アクセスを防ぐため、できるだけ早く現在のアカウントでユーザー名とパスワードを変更してください。',
+    defaultCredentialAction: '変更する',
+    defaultCredentialLater: '後で通知',
+  },
+
+  users: {
+    title: 'アカウント管理',
+    description: 'ユーザーを作成し、ロールを割り当て、通常管理者がアクセスできるプロファイルを制御します。',
+    create: 'ユーザー作成',
+    edit: 'ユーザー編集',
+    username: 'ユーザー名',
+    role: 'ロール',
+    statusLabel: 'ステータス',
+    profiles: 'アクセス可能なプロファイル',
+    profilesPlaceholder: 'アクセス可能なプロファイルを選択',
+    allProfiles: 'すべてのプロファイル',
+    noProfiles: 'プロファイル未割り当て',
+    lastLogin: '最終ログイン',
+    newPasswordOptional: '新しいパスワード（空欄なら変更なし）',
+    loadFailed: 'ユーザー一覧の読み込みに失敗しました',
+    deleteConfirm: 'このユーザーを削除しますか？',
+    enable: '有効化',
+    disable: '無効化',
+    roles: {
+      superAdmin: 'スーパー管理者',
+      admin: '管理者',
+    },
+    status: {
+      active: '有効',
+      disabled: '無効',
+    },
+  },
+
+  // 共通
+  common: {
+    loading: '読み込み中...',
+    cancel: 'キャンセル',
+    retry: '再試行',
+    delete: '削除',
+    edit: '編集',
+    save: '保存',
+    saved: '保存しました',
+    update: '更新',
+    create: '作成',
+    saveFailed: '保存に失敗しました',
+    deleteFailed: '削除に失敗しました',
+    ok: 'OK',
+    copied: 'コピーしました',
+    copy: 'コピー',
+    noData: 'データがありません',
+    fetch: '取得',
+    add: '追加',
+    enable: '有効化',
+    disable: '無効化',
+    configured: '設定済み',
+    notConfigured: '未設定',
+    confirm: '確認',
+    expand: '展開',
+    collapse: '折りたたむ',
+    stop: '停止',
+    start: '開始',
+    expired: '期限切れ',
+  },
+
+  // サイドバー
+  // MCP 管理
+  mcp: {
+    title: 'MCP サーバー',
+    loadFailed: 'MCP サーバーの読み込みに失敗しました',
+    reloadAll: 'すべて再読み込み',
+    refresh: '更新',
+    total: '合計',
+    connected: '接続済み',
+    disconnected: '未接続',
+    tools: 'ツール',
+    tool: 'ツール',
+    searchPlaceholder: 'サーバーを検索...',
+    addServer: '+ サーバーを追加',
+    zeroTools: '0 個のツール',
+    loading: '読み込み中...',
+    empty: 'MCP サーバーが設定されていません',
+    reloaded: '{server} を再読み込みしました',
+    reloadedAll: 'すべての MCP サーバーを再読み込みしました',
+    reloadFailed: '再読み込みに失敗しました',
+    serverAdded: 'サーバー "{name}" を追加しました',
+    addFailed: 'サーバーの追加に失敗しました',
+    serverUpdated: 'サーバー "{name}" を更新しました',
+    updateFailed: 'サーバーの更新に失敗しました',
+    saveFailed: '保存に失敗しました',
+    serverRemoved: '"{name}" を削除しました',
+    enabled: "有効化: {name}",
+    disabled: "無効化: {name}",
+    connectedStatus: '接続済み',
+    disconnectedStatus: '未接続',
+    disabledStatus: '無効',
+    toolList: 'ツール一覧',
+    count: ' ',
+    more: '件',
+    removeFailed: 'サーバーの削除に失敗しました',
+    testOk: 'テスト成功 — {count} 個のツールが利用可能',
+    testEmpty: 'テスト結果にツールがありません',
+    testFailed: 'テストに失敗しました',
+    edit: '編集',
+    test: 'テスト',
+    reload: '再読み込み',
+    remove: '削除',
+    confirmRemove: 'サーバー "{name}" を削除しますか？',
+    cancel: 'キャンセル',
+    add: '追加',
+    save: '保存',
+    addTitle: 'MCP サーバーを追加',
+    editTitle: 'MCP サーバーを編集',
+    invalidJson: 'JSON形式エラー',
+    invalidYaml: 'YAML 形式が無効です',
+    invalidConfig: '設定形式が無効です',
+    invalidServerConfig: 'サーバー設定が無効です',
+    missingCommandOrUrl: 'command または url が必要です',
+    manageTools: 'ツール管理',
+    toolsVisibilityTitle: 'ツール可視性管理',
+    fetchTools: 'ツールリスト取得',
+    fetchToolsFailed: 'ツールリストの取得に失敗しました',
+    toolsMode: 'モード：',
+    toolsModeAll: 'すべて',
+    toolsModeInclude: '含める',
+    toolsModeExclude: '除外',
+    toolsListHeader: 'ツール名',
+    toolsEmpty: 'ツールがありません。まずツールリストを取得してください',
+    toolsSummaryAll: '合計 {count} ツール、すべて有効',
+    toolsSummaryInclude: '合計 {total} ツール、{count} 選択済み',
+    toolsSummaryExclude: '合計 {total} ツール、{count} 除外済み',
+    toolsVisibilitySaved: 'ツール可視性が保存されました',
+    toolsSelectAll: 'すべて選択',
+    toolsClearSelection: '選択をクリア',
+    toolsExcludeAll: 'すべて除外',
+    toolsClearExcluded: '除外をクリア',
+  },
+
+  sidebar: {
+    chat: 'チャット',
+    search: '検索',
+    apiRelay: 'APIリレー',
+    history: '履歴',
+    jobs: 'ジョブ',
+    models: 'モデル',
+    profiles: 'プロファイル',
+    plugins: 'プラグイン',
+    mcp: 'MCP',
+    skills: 'スキル',
+    memory: 'メモリ',
+    logs: 'ログ',
+    usage: '使用量',
+    performance: 'パフォーマンス',
+    skillsUsage: 'スキル使用状況',
+    channels: 'チャンネル',
+    terminal: 'ターミナル',
+    files: 'ファイル',
+    groupChat: 'グループチャット',
+    groupConversation: '会話',
+    groupConversationShort: '会話',
+    groupAgent: 'エージェント',
+    groupAgentShort: 'エージェント',
+    groupSystem: 'システム',
+    groupSystemShort: 'シス',
+    groupMonitoring: '監視',
+    groupMonitoringShort: '監視',
+    settings: '設定',
+    connected: '接続済み',
+    disconnected: '未接続',
+    updateTip: 'ターミナルで "hermes-web-ui update" を実行して更新してください',
+    updateVersion: 'v{version} にアップグレード',
+    reloadClientVersion: 'v{version} に再読み込み',
+    updating: '更新中...',
+    updateSuccess: '更新が完了しました。しばらくしてからページを再読み込みしてください。長時間起動しない場合は手動で起動してください。',
+    updateFailed: '更新に失敗しました',
+    logout: 'ログアウト',
+    nodeVersionWarning: 'Node.js v{version} が検出されました。バージョン23以降にアップグレードしてください。',
+    changelog: '更新履歴',
+    noChangelog: '更新履歴はありません',
+    kanban: 'カンバン',
+    groupTools: 'ツール',
+    groupToolsShort: "ツール",
+    codingAgents: "コーディングエージェント",
+    versionPreview: "バージョンプレビュー",
+    groupPlatform: 'プラットフォーム',
+    gateways: 'ゲートウェイ',
+    expand: 'メニューを展開',
+    collapse: 'メニューを折りたたむ',
+  },
+
+  performance: {
+    title: 'パフォーマンス',
+    subtitle: 'システムリソース、Bridge Broker、Workers、アクティブセッションを確認',
+    refresh: '更新',
+    autoRefreshOn: '自動更新',
+    autoRefreshOff: '手動更新',
+    loadFailed: 'パフォーマンスデータの読み込みに失敗しました',
+    systemCpu: 'システム CPU',
+    systemMemory: 'システムメモリ',
+    activeSessions: 'アクティブセッション',
+    runningSessions: '実行中 {count}',
+    workers: 'Workers',
+    totalWorkerMemory: 'Worker 合計メモリ',
+    processes: 'プロセス',
+    uptime: '稼働時間',
+    running: '実行中',
+    stopped: '停止',
+    workerMemory: 'Worker メモリ',
+    lastUpdated: '更新時刻',
+    profile: 'Profile',
+    memory: 'メモリ',
+    sessions: 'セッション',
+    runningActiveSessions: '実行中 / アクティブ',
+    lastUsed: '最終使用',
+    status: '状態',
+    noWorkers: 'Worker はありません',
+    sessionsByProfile: 'Profile 別セッション',
+    noActiveSessions: 'アクティブセッションはありません',
+  },
+
+  // ドロワー
+  drawer: {
+    terminal: 'ターミナル',
+    files: 'ワークスペース',
+  },
+
+  // チャット
+  chat: {
+    contextRemaining: '残り',
+    contextClickToEdit: 'クリックしてコンテキスト長を編集',
+    contextEditTitle: 'コンテキスト長を編集',
+    contextEditDesc: '現在のモデルのコンテキスト長制限を設定（トークン数）',
+    contextEditPlaceholder: 'コンテキスト長を入力',
+    contextEditHint: '一般的な値：256k (Hermes 既定), 128k (GPT-4), 32k (GPT-3.5)',
+    contextEditSave: '保存',
+    contextEditCancel: 'キャンセル',
+    contextEditInvalid: '有効なコンテキスト長を入力してください',
+    contextEditSuccess: 'コンテキスト長を更新しました',
+    contextEditFailed: '更新に失敗しました',
+    emptyState: 'Hermes Agent と会話を開始しましょう',
+    outlineTitle: '会話アウトライン',
+    outlineEmpty: '会話内容はありません',
+    outlineUserQuestion: 'ユーザーの質問',
+    inputPlaceholder: 'メッセージを入力... (Enter で送信、Shift+Enter で改行)',
+    slashCommandArgs: {
+      message: '<メッセージ>',
+      title: '<タイトル>',
+      text: '<テキスト>',
+    },
+    slashCommands: {
+      usage: '現在のセッション使用量を計算',
+      status: 'セッション状態とキューを表示',
+      abort: '実行中の Bridge を停止',
+      queue: '実行中の処理の後ろにメッセージをキュー追加',
+      plan: 'Markdown の実装計画を作成',
+      goal: 'Set a standing goal that continues across turns',
+      goalStatus: 'Show the active goal status',
+      goalPause: 'Pause the active goal loop',
+      goalResume: 'Resume the paused goal loop',
+      goalDone: 'Complete and clear the active goal',
+      goalClear: 'Clear the active goal',
+      subgoal: 'Add a criterion to the active goal',
+      clear: '現在の表示をクリア',
+      clearHistory: 'このセッションの保存済みメッセージ履歴を削除',
+      title: 'このセッション名を変更',
+      compress: 'アイドル時にコンテキスト圧縮を実行',
+      steer: '実行中の Bridge に誘導テキストを送信',
+      destroy: 'このセッションの Bridge Agent を解放',
+      reloadMcp: 'MCP サーバーを再読み込み',
+    },
+    attachFiles: 'ファイルを添付',
+    showToolCalls: 'ツール呼び出しを表示',
+    hideToolCalls: 'ツール呼び出しを非表示',
+    messageQueue: 'メッセージキュー',
+    removeQueuedMessage: 'キューのメッセージを削除',
+    stop: '停止',
+    send: '送信',
+    contextUsed: 'コンテキスト使用量:',
+    sessions: 'セッション',
+    webUiSessions: 'セッション',
+    allProfiles: 'すべてのプロファイル',
+    profileMissingModelsTip: 'このセッションのプロファイル「{profile}」には利用可能なプロバイダーまたはモデルがありません',
+    sessionScopeHint: 'チャットには Web UI/API Server セッションのみ表示されます。CLI、Telegram、Discord、Cron などのチャンネルセッションは履歴で読み取り専用として表示されます。',
+    openHistory: '履歴を開く',
+    hermesHistory: 'Hermes 履歴',
+    historyScopeHint: '現在の profile の Hermes 履歴セッションをソース別に読み取り専用で表示します。',
+    noSessions: 'セッションがありません',
+    newChat: '新しいチャット',
+    approvalKicker: 'ターミナル権限',
+    approvalTitle: '実行前にコマンドを確認',
+    approvalAllowOnce: '一度だけ許可',
+    approvalAllowSession: 'セッション中は許可',
+    approvalAlways: '常に許可',
+    approvalDeny: '拒否',
+    clarifyKicker: 'エージェントの確認が必要',
+    clarifyTitle: 'エージェントが質問があります',
+    clarifyPlaceholder: '回答を入力...',
+    clarifySubmit: '返信',
+    clarifyDismiss: '閉じる',
+    deleteSession: 'このセッションを削除しますか？',
+    toggleBatchMode: '一括選択',
+    selectAll: 'すべて選択',
+    confirmBatchDelete: '{count}件のセッションを削除しますか？',
+    batchDeleteSuccess: '{count}件のセッションを削除しました',
+    batchDeletePartial: '{failed}件の削除に失敗しました',
+    batchDeleteFailed: '一括削除に失敗しました',
+    importToWebUi: 'Web UI にインポート',
+    importSessionSuccess: 'セッションを Web UI にインポートしました',
+    importSessionAlreadyExists: 'セッションは既に Web UI に存在します',
+    importSessionFailed: 'セッションのインポートに失敗しました',
+    sessionDeleted: 'セッションを削除しました',
+    rename: '名前変更',
+    pin: 'ピン留め',
+    unpin: 'ピン留め解除',
+    pinned: 'ピン留め',
+    chatMode: 'チャット',
+    liveMode: 'ライブ',
+    liveSessions: 'ライブセッション',
+    recentBadge: '最近',
+    linkedSessions: '{count} 件の関連',
+    noVisibleMessages: '人間向けに表示できるメッセージはありません。',
+    monitorRoleUser: 'ユーザー',
+    monitorRoleAssistant: 'アシスタント',
+    copySessionLink: 'セッションリンクをコピー',
+    openSessionInNewTab: '新しいタブで開く',
+    sessionLinkCopied: 'Session link copied',
+    copySessionId: 'セッション ID をコピー',
+    export: 'エクスポート',
+    exportFull: 'フルエクスポート (JSON)',
+    exportCompressed: '圧縮エクスポート (TXT)',
+    exportCompressing: 'コンテキストを圧縮中、お待ちください...',
+    exportSuccess: 'セッションをエクスポートしました',
+    exportFailed: 'エクスポートに失敗しました',
+    renamed: '名前を変更しました',
+    renameFailed: '名前の変更に失敗しました',
+    renameSession: 'セッション名の変更',
+    sessionNotFound: 'セッションが見つかりません',
+    enterNewTitle: '新しいタイトルを入力',
+    other: 'その他',
+    runFailed: '実行に失敗しました',
+    error: 'エラー',
+    tool: 'ツール',
+    arguments: '引数',
+    result: '結果',
+    truncated: '... (省略)',
+    executionDuration: '実行時間',    thinkingLabel: '思考過程',
+    thinkingInProgress: '思考中…',
+    thinkingShow: '思考過程を表示',
+    thinkingHide: '思考過程を隠す',
+    thinkingDuration: '観測 {duration}',
+    thinkingChars: '{count} 文字',
+    copyBubble: 'メッセージをコピー',
+    copiedBubble: 'コピーしました',
+    copyFailed: 'コピーに失敗しました',
+    playSpeech: '音声を読み上げ',
+    pauseSpeech: '一時停止',
+    resumeSpeech: '再開',
+    stopSpeech: '停止',
+    speechNotSupported: 'このブラウザは音声読み上げをサポートしていません',
+    searchEnterHint: 'Enter で開く · Esc で閉じる',
+    searchHint: 'Cmd/Ctrl+K',
+    searchScope: '検索範囲: Web UI のローカルセッション DB のみ。読み取り専用の Hermes 履歴セッションは含まれません。',
+    searchFailed: 'セッション検索に失敗しました',
+    searchNoSnippet: '表示できる要約がありません',
+    searchNoResults: '一致するセッションがありません',
+    searchRecent: '最近のセッション',
+    searchEmpty: '最近のセッション',
+    searchPlaceholder: 'セッションを検索...',
+    searchSubtitle: 'タイトルまたはメッセージ内容で検索',
+    searchTitle: 'セッション検索',
+    stopGateway: 'Gateway を停止',
+    start: '開始',
+    workspaceSetFailed: 'Workspace の設定に失敗しました',
+    workspaceSet: 'Workspace を設定しました',
+    workspacePlaceholder: 'プロジェクトパスを入力 例: /home/user/project',
+    workspace: 'ワークスペース',
+    setWorkspaceTitle: 'セッション Workspace を設定',
+    setWorkspace: 'Workspace を設定',
+    modelSetFailed: 'モデルの設定に失敗しました',
+    modelSet: 'モデルを設定しました',
+    setModelTitle: 'セッションモデルを設定',
+    setModel: 'モデルを設定',
+    newCliChat: '新規 CLI',
+    cliEmptyState: 'CLI チャットを開始',
+    autoPlaySpeech: '音声を自動再生',
+  },
+
+  // スケジュールジョブ
+  jobs: {
+    title: 'スケジュールジョブ',
+    createJob: 'ジョブを作成',
+    editJob: 'ジョブを編集',
+    noJobs: 'スケジュールジョブがありません。作成して始めましょう。',
+    name: '名前',
+    namePlaceholder: 'ジョブ名',
+    schedule: 'スケジュール (Cron 式)',
+    schedulePlaceholder: '例: 0 9 * * *',
+    quickPresets: 'クイックプリセット',
+    selectPreset: 'プリセットを選択...',
+    presetEveryMinute: '毎分',
+    presetEvery5Min: '5分ごと',
+    presetEveryHour: '毎時',
+    presetEveryDay: '毎日 00:00',
+    presetEveryDay9: '毎日 09:00',
+    presetEveryMonday: '毎週月曜 09:00',
+    presetEveryMonth: '毎月1日 09:00',
+    prompt: 'プロンプト',
+    promptPlaceholder: '実行するプロンプト',
+    deliverTarget: '配信先',
+    origin: '配信元',
+    local: 'ローカル',
+    repeatCount: '繰り返し回数（任意）',
+    modelPlaceholder: 'デフォルトモデル',
+    repeatPlaceholder: '空白の場合は無制限',
+    jobCreated: 'ジョブを作成しました',
+    jobUpdated: 'ジョブを更新しました',
+    nameRequired: '名前は必須です',
+    scheduleRequired: 'スケジュールは必須です',
+    loadFailed: 'ジョブの読み込みに失敗しました',
+    jobPaused: 'ジョブを一時停止しました',
+    jobResumed: 'ジョブを再開しました',
+    jobTriggered: 'ジョブをトリガーしました',
+    modelUpdated: 'モデルを更新しました',
+    jobDeleted: 'ジョブを削除しました',
+    status: {
+      running: '実行中',
+      paused: '一時停止',
+      disabled: '無効',
+      scheduled: 'スケジュール済み',
+    },
+    info: {
+      model: 'モデル',
+      schedule: 'スケジュール',
+      lastRun: '前回実行',
+      nextRun: '次回実行',
+      deliver: '配信',
+      repeat: '繰り返し',
+    },
+    action: {
+      pause: '一時停止',
+      pauseJob: 'ジョブを一時停止',
+      resume: '再開',
+      resumeJob: 'ジョブを再開',
+      runNow: '今すぐ実行',
+      triggerImmediately: 'すぐにトリガー',
+    },
+    runHistory: {
+      title: '実行履歴',
+      runs: '件',
+      noRuns: '実行履歴がありません。',
+    },
+  },
+
+  // スキル
+  skills: {
+    title: 'スキル',
+    searchPlaceholder: 'スキルを検索...',
+    noMatch: '検索に一致するスキルがありません',
+    noSkills: 'スキルがありません',
+    backTo: '戻る',
+    attachedFiles: '添付ファイル',
+    loadFailed: 'スキルの読み込みに失敗しました',
+    fileLoadFailed: 'ファイルの読み込みに失敗しました',
+    modified: 'ユーザー変更あり',
+    archived: 'アーカイブ済み',
+    pinned: 'ピン留め',
+    pin: 'スキルをピン留め',
+    unpin: 'ピン留めを解除',
+    pinFailed: 'ピン留め状態の変更に失敗しました',
+    toggleFailed: 'スキルの切り替えに失敗しました',
+    source: {
+      builtin: '組み込み',
+      hub: 'Hub',
+      local: 'ローカル',
+      external: '外部',
+    },
+  },
+
+  // プラグイン
+  plugins: {
+    title: 'プラグイン',
+    refresh: '更新',
+    notice: '検出可能な Hermes プラグイン manifest の読み取り専用インベントリです。検出メタデータはプラグインコードを読み込まずに取得します。v1 の管理操作は CLI のままで、変更は新しい Hermes セッションで有効になります。',
+    loadFailed: 'プラグインの読み込みに失敗しました',
+    commandCopied: 'コマンドをコピーしました',
+    searchPlaceholder: 'key、名前、説明、パスを検索...',
+    source: 'ソース',
+    kind: '種類',
+    statusTitle: 'ステータス',
+    configStatus: 'config: {status}',
+    notAvailable: 'n/a',
+    copyCommand: 'コマンドをコピー',
+    managedElsewhere: '他で管理されています',
+    noMatch: '現在のフィルターに一致するプラグインはありません',
+    enabled: '有効',
+    disabled: '無効',
+    summary: {
+      total: '合計',
+      active: '有効 / 自動',
+      inactive: '非アクティブ',
+      disabled: '無効',
+      providerManaged: 'プロバイダー管理',
+    },
+    status: {
+      enabled: '有効',
+      'auto-active': '自動有効',
+      inactive: '非アクティブ',
+      disabled: '無効',
+      'provider-managed': 'プロバイダー管理',
+    },
+    statusLabel: {
+      enabled: '設定で有効',
+      'auto-active': '自動有効',
+      inactive: '非アクティブ',
+      disabled: '無効',
+      'provider-managed': 'プロバイダー管理',
+    },
+    configStatuses: {
+      enabled: '有効',
+      disabled: '無効',
+      'not-enabled': '未有効',
+      auto: '自動',
+      'provider-managed': 'プロバイダー管理',
+    },
+    table: {
+      plugin: 'プラグイン',
+      status: 'ステータス',
+      source: 'ソース',
+      kind: '種類',
+      capabilities: '機能',
+      path: 'パス / entrypoint',
+      cli: 'CLI',
+    },
+    capabilities: {
+      tools: '{count} tools',
+      hooks: '{count} hooks',
+      env: '{count} env',
+    },
+    metadata: {
+      agentRoot: 'エージェントルート',
+      python: 'Python',
+      scanCwd: 'cwd をスキャン',
+      projectPlugins: 'プロジェクトプラグイン',
+    },
+  },
+
+  // メモリ
+  memory: {
+    title: 'メモリ',
+    refresh: '更新',
+    loadFailed: 'メモリの読み込みに失敗しました',
+    myNotes: 'メモ',
+    noNotes: 'メモはまだありません。',
+    notesPlaceholder: 'メモを入力...',
+    userProfile: 'ユーザープロファイル',
+    noProfile: 'プロファイルはまだありません。',
+    profilePlaceholder: 'プロファイルを入力...',
+    soul: 'ソウル',
+    noSoul: 'ソウル設定はまだありません。',
+    soulPlaceholder: 'ソウル設定を入力...',
+  },
+
+  // モデル
+  models: {
+    title: 'モデル',
+    addProvider: 'プロバイダーを追加',
+    providerType: 'プロバイダー種別',
+    preset: 'プリセット',
+    custom: 'カスタム',
+    selectProvider: 'プロバイダーを選択',
+    chooseProvider: 'プロバイダーを選択...',
+    name: '名前',
+    autoGeneratedName: 'ベース URL から自動生成',
+    baseUrl: 'ベース URL',
+    region: 'リージョン',
+    regionIntl: 'インターナショナル',
+    regionCn: '中国本土',
+    baseUrlPlaceholder: '例: https://api.example.com/v1',
+    apiKey: 'API キー',
+    apiKeyPlaceholder: 'sk-...',
+    defaultModel: 'デフォルトモデル',
+    selectOrInput: 'モデルを選択または入力...',
+    selectModel: 'モデルを選択...',
+    providerAdded: 'プロバイダーを追加しました',
+    providerDeleted: 'プロバイダーを削除しました',
+    deleteProvider: 'プロバイダーを削除',
+    deleteConfirm: '「{name}」を削除しますか？',
+    codexLoginTitle: 'OpenAI Codex ログイン',
+    codexWaiting: '認証ページで以下のコードを入力してログインしてください：',
+    codexCopyCode: 'コードをコピーしました',
+    codexOpenLink: '認証ページを開く',
+    codexApproved: 'ログイン成功',
+    codexExpired: '認証の有効期限が切れました。もう一度お試しください。',
+    nousLoginTitle: 'Nous Portal ログイン',
+    nousWaiting: '認証ページでこのコードを入力してください:',
+    nousCopyCode: 'コードをコピーしました',
+    nousOpenLink: '認証ページを開く',
+    nousApproved: 'ログイン成功',
+    nousDenied: '認証が拒否されました',
+    nousExpired: '認証の有効期限が切れました',
+    copilotLoginTitle: 'GitHub Copilot ログイン',
+    copilotWaiting: 'GitHub を開き、以下のデバイスコードを入力して認証してください。承認後、ウィンドウは自動的に閉じます。',
+    copilotCopyCode: 'コードをコピーしました',
+    copilotOpenLink: 'GitHub 認証ページを開く',
+    copilotApproved: 'ログインに成功しました！',
+    copilotDenied: '認証が拒否されました。',
+    copilotExpired: '認証リンクの有効期限が切れました。もう一度お試しください。',
+    copilotAddDetectedTitle: 'GitHub Copilot を検出しました',
+    copilotAddDetected: 'このマシンで GitHub Copilot OAuth トークンを検出しました。「追加」をクリックして Hermes で Copilot を有効化します。',
+    copilotAddSourceEnv: 'ソース: ~/.hermes/.env (COPILOT_GITHUB_TOKEN)',
+    copilotAddSourceGhCli: 'ソース: gh CLI (gh auth token)',
+    copilotAddSourceAppsJson: 'ソース: VS Code Copilot 拡張機能 (apps.json)',
+    copilotDeleteHintEnv: 'この操作で ~/.hermes/.env の COPILOT_GITHUB_TOKEN を消去します。他のツールには影響しません。',
+    copilotDeleteHintGhCli: 'Copilot は Hermes 上で非表示になります。gh CLI のログインには影響しません — `gh auth status` は引き続きログイン状態を表示します。',
+    copilotDeleteHintAppsJson: 'Copilot は Hermes 上で非表示になります。VS Code Copilot 拡張機能のログインには影響しません。',
+    customBadge: 'カスタム',
+    previewBadge: 'プレビュー',
+    disabledBadge: '利用不可',
+    disabledTooltip: "このモデルは現在のアカウントでは利用できません。",
+    customModelPlaceholder: '未掲載のモデル ID',
+    customModelHint: 'プロバイダーは対応しているが API が返さないモデル用です。表示名の変更ではありません。Enter で読み込み。',
+    noProviders: 'プロバイダーがありません。カスタムプロバイダーを追加して始めましょう。',
+    clearVisibleModels: '選択をクリア',
+    currentDefault: '現在のデフォルト',
+    defaultShort: 'デフォルト',
+    builtIn: '組み込み',
+    customType: 'カスタム',
+    provider: 'プロバイダー',
+    contextLength: 'コンテキスト長',
+    contextLengthPlaceholder: '例: 256000（任意）',
+    local: 'ローカル ({host})',
+    selectProviderRequired: 'プロバイダーを選択してください',
+    baseUrlRequired: 'ベース URL は必須です',
+    apiKeyRequired: 'API キーは必須です',
+    modelRequired: 'デフォルトモデルは必須です',
+    enterBaseUrl: 'ベース URL を先に入力してください',
+    unexpectedFormat: '予期しないレスポンス形式です',
+    foundModels: '{count} 個のモデルが見つかりました',
+    fetchFailed: 'モデルの取得に失敗しました',
+    xaiWaiting: '開いた xAI ページで認可を完了してください。承認後、このウィンドウは自動で閉じます。',
+    xaiOpenLink: 'xAI 認可ページを開く',
+    xaiLoginTitle: 'xAI Grok OAuth ログイン',
+    xaiExpired: '認可リンクの期限が切れました。再試行してください。',
+    xaiCopyLink: '認可リンクをコピー',
+    xaiApproved: 'ログイン成功！',
+    visibilitySelectOne: '少なくとも 1 つの表示モデルを残してください',
+    visibilitySaved: '表示モデルを保存しました',
+    visibilitySaveFailed: '表示モデルの保存に失敗しました',
+    visibilityHint: 'Web UI のモデル選択とモデルページの表示だけに影響します。Hermes CLI の provider/model 設定は変更されず、実際の呼び出しは元のモデル ID を使います。',
+    showAllModels: 'すべてのモデルを表示',
+    searchPlaceholder: 'モデルを検索...',
+    removeCustomModel: 'この一覧外モデルを削除',
+    more: '件追加',
+    models: 'モデル一覧',
+    manageVisibleModelsFor: '{name} の表示モデルを管理',
+    manageVisibleModels: '表示モデルを管理',
+    getApiKey: 'API Key を取得',
+    count: '個のモデル',
+    aliasUseOriginal: '元の ID に戻す',
+    aliasTitleFor: '{model} の表示名',
+    aliasTitle: 'モデル表示名',
+    aliasSaveFailed: '表示名の保存に失敗しました',
+    aliasPlaceholder: '空欄の場合は元のモデル ID を使用',
+    aliasManageFor: '{provider} の表示名',
+    aliasManage: '表示名',
+    aliasHint: 'Web UI の表示名だけを変更します。Hermes には元のモデル ID が送信されます。',
+    aliasEdit: '名前変更',
+    aliasCanonical: '元の ID: {model}',
+  },
+
+  // プロファイル
+  profiles: {
+    title: 'プロファイル',
+    create: 'プロファイルを作成',
+    import: 'インポート',
+    export: 'エクスポート',
+    rename: '名前変更',
+    delete: '削除',
+    switchTo: 'Hermes Profile を切り替え',
+    switchConfirm: '`hermes profile use {name}` を実行し、Hermes CLI の active profile を切り替えます。続行しますか？',
+    switchSuccess: 'Hermes active profile を「{name}」に切り替えました',
+    switchFailed: 'Hermes Profile の切り替えに失敗しました。ゲートウェイの手動再起動が必要な場合があります。',
+    createSuccess: 'プロファイル「{name}」を作成しました',
+    createFailed: 'プロファイルの作成に失敗しました',
+    renameSuccess: 'プロファイル名を変更しました',
+    renameFailed: 'プロファイル名の変更に失敗しました',
+    deleteConfirm: 'プロファイル「{name}」を削除しますか？',
+    deleteSuccess: 'プロファイルを削除しました',
+    deleteFailed: 'プロファイルの削除に失敗しました',
+    exportSuccess: 'プロファイルをエクスポートしました',
+    exportFailed: 'プロファイルのエクスポートに失敗しました',
+    importSuccess: 'プロファイルをインポートしました',
+    importFailed: 'プロファイルのインポートに失敗しました',
+    importSelectFile: 'アーカイブファイルを選択',
+    importInvalidFile: '有効なアーカイブファイルを選択してください (.tar.gz, .tgz, .gz, .zip)',
+    name: 'プロファイル名',
+    namePlaceholder: '英数字、ハイフンのみ',
+    nameValidation: 'プロファイル名には小文字、数字、アンダースコア、ハイフンのみ使用できます',
+    newName: '新しい名前',
+    newNamePlaceholder: '新しい名前を入力',
+    cloneFromCurrent: '現在のプロファイルから複製',
+    cloneCleanupNotice: '複製時、独占型プラットフォーム認証情報（Weixin / Telegram / Slack など）は自動的にスキップされ、ソースプロファイルとの競合を回避します',
+    cloneStrippedCredentials: '{count} 件の独占認証情報を削除しました：{list}',
+    cloneDisabledPlatforms: '{count} 個のプラットフォームを無効化しました：{list}',
+    cloneStrippedConfigCredentials: 'config.yaml から {count} 件の埋め込み認証情報を削除しました：{list}',
+    archivePath: 'アーカイブパス',
+    archivePathPlaceholder: 'アーカイブファイルのサーバーパス',
+    importName: 'プロファイル名（任意）',
+    importNamePlaceholder: '空白の場合はアーカイブ名を使用',
+    active: 'アクティブ',
+    model: 'モデル',
+    gateway: 'ゲートウェイ',
+    alias: 'エイリアス',
+    provider: 'プロバイダー',
+    path: 'パス',
+    skills: 'スキル',
+    hasEnv: '.env あり',
+    hasSoulMd: 'soul.md あり',
+    noProfiles: 'プロファイルがありません。作成して始めましょう。',
+    avatar: {
+      title: 'カスタムアバター',
+      customize: 'アバター',
+      upload: '画像をアップロード',
+      random: 'ランダム生成',
+      reset: 'デフォルトに戻す',
+      hint: 'PNG、JPEG、WebP 対応、最大 1MB',
+      invalidType: 'PNG、JPEG、WebP 画像を選択してください',
+      tooLarge: 'アバター画像は 1MB 以下にしてください',
+      saveSuccess: 'アバターを保存しました',
+      saveFailed: 'アバターの保存に失敗しました',
+      resetSuccess: 'デフォルトアバターに戻しました',
+      resetFailed: 'デフォルトアバターへの復元に失敗しました',
+    },
+    runtime: {
+      activeProfile: '現在: {name}',
+      bridgeWorker: 'Bridge 状態',
+      gateway: 'ゲートウェイ',
+      active: 'アクティブ',
+      activeTag: '現在',
+      idle: '待機中',
+      checking: '確認中',
+      running: '実行中',
+      stopped: '停止中',
+      restartGateway: 'Gateway を再起動',
+      restartProfile: 'プロファイルを再起動',
+      switchProfile: 'フロントエンドプロファイルを切り替え',
+      gatewayRestarted: 'Gateway を再起動しました: {name}',
+      gatewayRestartFailed: 'Gateway の再起動に失敗しました',
+      profileRestarted: 'プロファイルを再起動しました: {name}',
+      profileRestartFailed: 'プロファイルの再起動に失敗しました',
+    },
+  },
+
+  // ログ
+  logs: {
+    title: 'ログ',
+    all: 'すべて',
+    searchPlaceholder: '検索...',
+    refresh: '更新',
+    noEntries: 'ログエントリがありません',
+  },
+
+  // 設定
+  settings: {
+    title: '設定',
+    saved: '保存しました',
+    saveFailed: '保存に失敗しました',
+    tabs: {
+      display: '表示',
+      account: '現在のアカウント',
+      users: 'アカウント管理',
+      agent: 'エージェント',
+      memory: 'メモリ',
+      compression: '圧縮',
+      session: 'セッション',
+      privacy: 'プライバシー',
+      apiServer: 'API サーバー',
+      models: 'モデル',
+      voice: '音声',
+    },
+    display: {
+      streaming: 'ストリームレスポンス',
+      streamingHint: 'AI の返信をリアルタイムで表示',
+      compact: 'コンパクトモード',
+      compactHint: 'メッセージの間隔を狭める',
+      showReasoning: '推論過程を表示',
+      showReasoningHint: 'モデルの思考プロセスを表示',
+      showCost: 'コストを表示',
+      showCostHint: '返信にトークン使用量を表示',
+      inlineDiffs: 'インライン差分',
+      inlineDiffsHint: 'コード変更をインラインで表示',
+      bellOnComplete: '完了通知音',
+      bellOnCompleteHint: 'AI の応答完了時に通知音を再生',
+      busyInputMode: '処理中入力モード',
+      busyInputModeHint: 'AI 処理中でも入力を許可',
+      theme: 'テーマ',
+      themeHint: 'ライト、ダーク、またはシステム設定に従う',
+      themeLight: 'ライト',
+      themeDark: 'ダーク',
+      themeSystem: 'システム',
+    },
+    agent: {
+      maxTurns: '最大ターン数',
+      maxTurnsHint: '1回の会話の最大インタラクション回数',
+      gatewayTimeout: 'ゲートウェイタイムアウト',
+      gatewayTimeoutHint: 'リクエストタイムアウト（秒）',
+      restartDrainTimeout: '再起動ドレインタイムアウト',
+      restartDrainTimeoutHint: '再起動前のドレインタイムアウト（秒）',
+      toolEnforcement: 'ツール実行ポリシー',
+      toolEnforcementHint: 'ツール呼び出しの実行モードを制御',
+      auto: '自動',
+      always: '常に',
+      never: 'しない',
+    },
+    memory: {
+      enabled: 'メモリを有効化',
+      enabledHint: 'AI に会話コンテキストを記憶させる',
+      userProfile: 'ユーザープロファイル',
+      userProfileHint: 'AI にユーザーの設定を記憶させる',
+      charLimit: 'メモリ文字数上限',
+      charLimitHint: 'MEMORY.md の最大文字数',
+      userCharLimit: 'ユーザープロファイル文字数上限',
+      userCharLimitHint: 'USER.md の最大文字数',
+    },
+    compression: {
+      enabled: '圧縮を有効化',
+      enabledHint: '長いチャット履歴がモデルコンテキストを超える前に自動圧縮',
+      threshold: '圧縮しきい値',
+      thresholdHint: '推定トークンがこのコンテキスト比率を超えたら圧縮を開始',
+      targetRatio: '目標比率',
+      targetRatioHint: '圧縮後の履歴サイズをコンテキスト比率で指定',
+      protectLastN: '直近メッセージを保護',
+      protectLastNHint: 'この数の最新メッセージは圧縮しない',
+      protectFirstN: '先頭メッセージを保護',
+      protectFirstNHint: 'この数の最初のメッセージは圧縮しない',
+    },
+    session: {
+      mode: 'リセットモード',
+      modeHint: 'セッションリセットのトリガー条件',
+      modeBoth: 'アイドル + スケジュール',
+      modeIdle: 'アイドルのみ',
+      modeDaily: 'スケジュールのみ',
+      modeNone: '無し（手動のみ）',
+      idleMinutes: 'アイドルタイムアウト',
+      idleMinutesHint: '自動リセットまでの待機時間（分）',
+      atHour: 'スケジュールリセット時刻',
+      humanOnly: '人間のセッションのみ表示',
+      humanOnlyHint: 'サブエージェントやセッション監視ノイズを既定で隠します',
+      liveMonitorHumanOnly: 'ライブモニター: 人間のセッションのみ表示',
+      liveMonitorHumanOnlyHint: 'ライブモニターでサブエージェントやセッション監視ノイズを既定で隠します',
+      atHourHint: '毎日指定時刻にセッションをリセット',
+      requireAuth: 'セッション認証',
+      requireAuthHint: 'セッション操作に認証を必要とする',
+    },
+    privacy: {
+      redactPii: '個人情報のマスキング',
+      redactPiiHint: '機密情報を自動検出して隠す（パスワード、キーなど）',
+    },
+    apiServer: {
+      enable: '有効化',
+      enableHint: 'API サーバーを有効にする',
+      host: 'ホスト',
+      hostHint: 'リッスンアドレス',
+      port: 'ポート',
+      portHint: 'リッスンポート',
+      key: 'キー',
+      keyHint: 'API アクセスキー',
+      cors: 'CORS 許可元',
+      corsHint: '許可するクロスオリジン',
+    },
+    voice: {
+      ttsProvider: 'TTS プロバイダー',
+      ttsProviderHint: 'メッセージ読み上げに使用する音声合成エンジンを選択',
+      providerWebSpeech: 'WebSpeech API（ブラウザ）',
+      providerOpenai: 'OpenAI TTS',
+      providerCustom: 'カスタムエンドポイント（OpenAI 互換）',
+      providerEdge: 'Edge TTS（無料、API Key 不要）',
+
+      // WebSpeech
+      webspeechVoice: '音声',
+      webspeechVoiceHint: 'ブラウザまたは OS から音声を選択',
+      webspeechVoicePlaceholder: '自動（デフォルト音声）',
+
+      // OpenAI
+      openaiKey: 'API キー',
+      openaiKeyHint: 'TTS アクセス権のある OpenAI API キー',
+      openaiUrl: 'API ベース URL',
+      openaiUrlHint: '例: https://api.openai.com/v1/audio/speech',
+      openaiModel: 'モデル',
+      openaiModelHint: 'tts-1（高速）/ tts-1-hd（高音質）',
+      openaiVoice: '音声',
+      openaiVoiceHint: '合成に使用する音色',
+
+      // Custom endpoint
+      customHint: 'OpenAI 互換の TTS API を使用可能 — GPT-SoVITS、CosyVoice などに対応',
+      customUrl: 'API URL',
+      customUrlHint: 'TTS サービスのベース URL',
+      customUrlPlaceholder: 'ローカルアダプターで設定したアドレス（例：http://127.0.0.1:9880）',
+      customApiKey: 'API キー（オプション）',
+      customApiKeyHint: '一部のカスタムエンドポイントは認証が必要',
+      customApiKeyPlaceholder: '不要な場合は空欄',
+
+      // Edge TTS
+      edgeHint: 'Microsoft Edge TTS を搭載（node-edge-tts）。',
+      edgeUrl: 'アダプター URL',
+      edgeUrlHint: 'Edge TTS アダプターのアドレス（例：http://127.0.0.1:9882）',
+      edgeUrlPlaceholder: 'http://127.0.0.1:9882',
+      edgeVoice: '音声',
+      edgeVoiceHint: '音声合成に使用する音色を選択',
+      edgeRate: '速度',
+      edgeRateHint: '音声の速度を調整（0.5～2.0倍）',
+      edgePitch: 'ピッチ',
+      edgePitchHint: '音声のピッチを調整（-20～+20 Hz）',
+
+      // Test
+      testTitle: '音声テスト',
+      testText: 'テストテキスト',
+      testTextPlaceholder: 'テストするテキストを入力...',
+      testTextDefault: 'こんにちは、これは音声テストです。',
+      testButton: 'テスト',
+      testButtonPlaying: '再生中...',
+      testFailed: 'テスト失敗：{error}',
+
+      // MiMo TTS
+      providerMimo: 'MiMo TTS',
+      mimoHint: 'Xiaomi MiMo TTS — プリセット音声、音声デザイン、音声クローンの3つのモードをサポート',
+      mimoApiKey: 'API Key',
+      mimoApiKeyHint: 'platform.xiaomimimo.com で取得',
+      mimoApiKeyPlaceholder: 'MiMo API Key',
+      mimoBaseUrl: 'Base URL',
+      mimoBaseUrlHint: 'MiMo API エンドポイントURL',
+      mimoModel: 'モデル',
+      mimoModelHint: '音声合成モデルを選択',
+      mimoModelPreset: 'プリセット音声',
+      mimoModelVoiceDesign: '音声デザイン',
+      mimoModelVoiceClone: '音声クローン',
+      mimoVoice: '音声',
+      mimoVoiceHint: 'プリセット音声を選択',
+      mimoVoiceDesignPrompt: '音声の説明',
+      mimoVoiceDesignPromptHint: '希望する音声の特徴を説明してください',
+      mimoVoiceDesignPromptPlaceholder: '例：温かみのある若い女性の声、少しゆっくり、磁力的なトーン',
+      mimoCloneAudio: '音声アップロード',
+      mimoCloneAudioHint: '音声クローン用の音声サンプルをアップロード（mp3/wav、最大10MB）',
+      mimoCloneAudioUpload: 'ファイルを選択',
+      mimoCloneAudioClear: 'クリア',
+      mimoStylePrompt: 'スタイルプロンプト',
+      mimoStylePromptHint: 'オプション — 自然言語で話すスタイルを説明',
+      mimoStylePromptPlaceholder: '例：明るく弾むようなトーン、速めのテンポ',
+    },
+    lockedIps: {
+      title: 'ロック済みIP管理',
+      count: '{count}件ロック中',
+      empty: 'ロック済みIPなし',
+      unlock: 'ロック解除',
+      unlockAll: '全て解除',
+      unlockAllConfirm: '全てのロック済みIPを解除しますか？',
+      unlocked: 'IPをロック解除しました',
+      allUnlocked: '{count}件のIPをロック解除しました',
+    },
+    models: {
+      apiKey: 'API Key',
+      apiKeyPlaceholder: 'API Key を入力',
+      noProviders: '設定済みプロバイダーがありません',
+      save: '保存',
+      saveFailed: '保存に失敗しました',
+      saved: '保存しました',
+    },
+  },
+  githubPreview: {
+    title: "バージョンプレビュー",
+    description: "選択した GitHub tag を Web UI のプレビュー作業ディレクトリへクローンし、依存関係をインストールして開発ポートで起動します。",
+    refresh: "更新",
+    selectTag: "tag を選択",
+    prepare: "コードを準備",
+    install: "依存関係をインストール",
+    start: "プレビューを開始",
+    stop: "停止",
+    note: "プレビューコードは Web UI データホーム配下に保存されます。本番は 8648 のまま、プレビュー開発環境はフロントエンド 8651、バックエンド 8650 で実行されます。",
+    path: "プレビューパス",
+    webuiHome: "プレビューデータホーム",
+    currentTag: "現在の Tag",
+    repoReady: "リポジトリ準備済み",
+    dependencies: "依存関係インストール済み",
+    running: "実行状態",
+    notRunning: "未実行",
+    open: "プレビューを開く",
+    log: "操作ログパス",
+    logOutput: "ログ出力",
+    actionLog: "操作ログ",
+    devLog: "開発サーバーログ",
+    yes: "はい",
+    no: "いいえ",
+    actionFailed: "操作に失敗しました",
+    nodeEnvironmentMissing: "Node/npm が検出されませんでした。Node.js をインストールしてから再試行してください。",
+    prepareSuccess: "プレビューコードの準備が完了しました",
+    installSuccess: "依存関係をインストールしました",
+    startSuccess: "プレビューが完了しました",
+    stopSuccess: "プレビューを停止しました",
+  },
+
+  codingAgents: {
+    title: "コーディングエージェント",
+    notice: "すべてのプロバイダーとモデルが互換性を持つわけではありません。",
+    claudeDescription: "print mode の単発タスクと対話型コーディングセッション向けの Anthropic CLI です。",
+    codexDescription: "リポジトリ作業向けの OpenAI CLI と Hermes openai-codex プロバイダーフローです。",
+    copyCommand: "コピー",
+    commandCopied: "コマンドをコピーしました",
+    commandCopyFailed: "コピーに失敗しました",
+    refresh: "更新",
+    checking: "確認中",
+    installStatus: "インストール状態",
+    installed: "インストール済み",
+    notInstalled: "未インストール",
+    installNow: "インストール",
+    installing: "インストール中",
+    installSuccess: "インストールしました",
+    installFailed: "インストールに失敗しました",
+    nodeEnvironmentMissing: "Node/npm が検出されませんでした。Node.js をインストールしてから再試行してください。",
+    deleteNow: "削除",
+    deleting: "削除中",
+    deleteSuccess: "削除しました",
+    deleteFailed: "削除に失敗しました",
+    configFiles: "設定ファイル",
+    profileScope: "プロファイル",
+    providerScope: "プロバイダー",
+    providerPlaceholder: "例: custom:glm",
+    modelScope: "モデル",
+    modelPlaceholder: "モデルを選択",
+    launchModeScope: "起動モード",
+    launchModeGlobal: "グローバル設定",
+    launchModeScoped: "プロバイダーとモデル",
+    protocolScope: "プロトコル",
+    protocolOpenAiChat: "OpenAI Chat Completions (/v1/chat/completions)",
+    protocolOpenAiResponses: "OpenAI Responses (/v1/responses)",
+    protocolAnthropicMessages: "Anthropic Messages (/v1/messages)",
+    reloadConfig: "設定を再読み込み",
+    configFileNotCreated: "未作成",
+    configLoadFailed: "設定ファイルの読み込みに失敗しました",
+    loadFailed: "コーディングエージェントの確認に失敗しました",
+    launch: "起動",
+    launchTitle: "コーディングエージェントを起動",
+    nativeTerminal: "ネイティブターミナル",
+    builtInTerminal: "内蔵ターミナル",
+    launchPrepared: "起動設定を準備しました",
+    launchPrepareFailed: "起動設定の準備に失敗しました",
+    nativeLaunchStarted: "ネイティブターミナルを開きました",
+    nativeLaunchFailed: "ネイティブターミナルを開けませんでした",
+    terminalTitle: "コーディングエージェントターミナル",
+    loadProvidersFailed: "現在のプロファイルのプロバイダーを読み込めませんでした",
+    selectProviderModel: "プロバイダーとモデルを選択してください",
+    launchConfigDir: "起動設定ディレクトリ",
+    launchCommand: "起動コマンド",
+    table: {
+      tool: "ツール",
+      kind: "ステップ",
+      command: "コマンド",
+      note: "説明",
+      action: "操作",
+    },
+    kinds: {
+      install: "インストール",
+      auth: "認証",
+      health: "確認",
+      run: "実行",
+    },
+    notes: {
+      claudeInstall: "Claude Code CLI をグローバルにインストールします。",
+      codexInstall: "Codex CLI をグローバルにインストールします。",
+      claudeAuth: "Claude Code のログイン状態を確認します。未ログインの場合は一度 claude を実行してください。",
+      codexAuth: "Hermes 管理の OpenAI Codex OAuth 認証情報を追加します。",
+      claudeHealth: "アップデーターとローカル CLI の状態を確認します。",
+      codexHealth: "Codex CLI が PATH で利用可能か確認します。",
+      claudeRun: "API 駆動の単発タスクには print mode が最も素直な経路です。",
+      codexRun: "Codex の単発タスクは git リポジトリ内で実行する必要があります。",
+    },
+  },
+
+  platform: {
+    requireMention: "メンションが必要",
+    requireMentionGroup: "グループで応答するには {'@'}メンションが必要",
+    requireMentionChannel: "チャンネルで応答するには {'@'}メンションが必要",
+    requireMentionRoom: "ルームで応答するには {'@'}メンションが必要",
+    reactions: 'リアクション',
+    reactionsHint: 'メッセージに絵文字でリアクションする',
+    freeResponseChats: '自由応答チャット',
+    freeResponseChatsHint: "{'@'}メンションなしで応答するチャット ID（カンマ区切り）",
+    freeResponseChannels: '自由応答チャンネル',
+    freeResponseChannelsHint: "{'@'}メンションなしで応答するチャンネル ID（カンマ区切り）",
+    freeResponseRooms: '自由応答ルーム',
+    freeResponseRoomsHint: "{'@'}メンションなしで応答するルーム ID（カンマ区切り）",
+    mentionPatterns: 'カスタムメンションパターン',
+    mentionPatternsHint: '追加のトリガーパターン',
+    autoThread: '自動スレッド',
+    autoThreadHint: "{'@'}メンション後に自動で返信スレッドを作成",
+    autoThreadHintRoom: 'ルームで自動的に返信スレッドを作成',
+    dmMentionThreads: 'DM メンションスレッド',
+    dmMentionThreadsHint: 'DM 内のメンションにスレッド返信を使用',
+    allowBots: 'ボットメッセージを許可',
+    allowBotsHint: '他のボットからのメッセージに応答する',
+    allowedChannels: '許可チャンネル',
+    allowedChannelsHint: 'ホワイトリストのチャンネル ID（カンマ区切り）',
+    ignoredChannels: '除外チャンネル',
+    ignoredChannelsHint: 'ボットが応答しないチャンネル ID（カンマ区切り）',
+    noThreadChannels: 'スレッドなしチャンネル',
+    noThreadChannelsHint: 'スレッドなしで応答するチャンネル ID（カンマ区切り）',
+    exclusiveTokenWarning: 'このプラットフォームは排他的トークンロックを使用します。各プロファイルは他のプロファイルと競合しないように、異なる ID トークンを使用する必要があります。',
+    botToken: 'ボットトークン',
+    botTokenHint: '開発者ポータルから取得したボットトークン',
+    accessToken: 'アクセストークン',
+    accessTokenHint: 'Matrix アクセストークン',
+    homeserver: 'Homeserver URL',
+    homeserverHint: 'Matrix ホームサーバー URL',
+    appId: 'App ID',
+    appIdHint: 'Feishu App ID',
+    appSecret: 'App Secret',
+    appSecretHint: 'Feishu App Secret',
+    clientId: 'Client ID',
+    clientIdHint: 'DingTalk Client ID',
+    clientSecret: 'Client Secret',
+    clientSecretHint: 'DingTalk Client Secret',
+    cardTemplateId: 'AI カードテンプレート ID',
+    cardTemplateIdHint: 'DingTalk AI カードテンプレート ID。空欄の場合は AI カードを無効化',
+    botId: 'Bot ID',
+    botIdHint: 'WeCom Bot ID',
+    wecomSecretHint: 'WeCom Bot Secret',
+    waEnabled: 'WhatsApp を有効化',
+    waEnabledHint: 'QR コードペアリングで WhatsApp を有効にする',
+    weixinToken: 'Weixin トークン',
+    weixinTokenHint: 'weixin CLI の QR ログインから取得 (hermes weixin)',
+    accountId: 'Account ID',
+    accountIdHint: 'Weixin アカウント ID',
+    qrLogin: 'QR ログイン',
+    qrRelogin: '再ログイン',
+    qrFetching: 'QR コードを取得中...',
+    qrScanHint: 'WeChat でスキャンしてログイン',
+    qrScanedHint: 'スキャン済み、スマートフォンで確認してください...',
+    qqSandboxHint: 'サンドボックス環境を有効化（テスト用）',
+    qqSandbox: 'サンドボックスモード',
+    qqQrScanHint: 'QQ で上の QR コードをスキャンするか、スマホでリンクを開いて連携を完了します',
+    qqMarkdownHint: 'Markdown 形式メッセージを有効化（一部クライアントでは未対応の場合があります）',
+    qqMarkdown: 'Markdown サポート',
+    qqAppSecretHint: 'QQ Open Platform Bot App Secret',
+    qqAppSecret: 'App Secret',
+    qqAppIdHint: 'QQ Open Platform Bot App ID',
+    qqAppId: 'App ID',
+    allowedUsersHint: 'ユーザー ID または OpenID の許可リスト。カンマ区切り',
+    allowedUsers: '許可ユーザー',
+    allowAllUsersHint: '任意のユーザーからのメッセージを許可します。オフの場合は許可リストを使用します',
+    allowAllUsers: 'すべてのユーザーを許可',
+  },
+
+  // 言語
+  language: {
+    label: '言語',
+    zh: '中文',
+    en: 'English',
+    ja: '日本語',
+  },
+
+  // ターミナル
+  terminal: {
+    sessions: 'セッション',
+    newTab: '新しいターミナル',
+    closeSession: 'このセッションを閉じますか？',
+    sessionExited: '終了しました',
+    processExited: 'プロセスが終了しました（コード {code}）',
+    noSessions: 'ターミナルセッションがありません',
+    connectionFailed: 'ターミナルに接続できませんでした',
+    connectionError: '接続エラー',
+    connectionClosed: '接続が閉じられました',
+  },
+
+  // 使用統計
+  usage: {
+    title: '使用統計',
+    refresh: '更新',
+    totalTokens: '総トークン数',
+    inputTokens: '入力',
+    outputTokens: '出力',
+    totalSessions: '総セッション数',
+    avgPerDay: '1日平均 ~{n}',
+    estimatedCost: '推定コスト',
+    cacheHitRate: 'キャッシュヒット率',
+    modelBreakdown: 'モデル別内訳',
+    dailyTrend: '日別使用量',
+    date: '日付',
+    tokens: 'トークン',
+    cache: 'キャッシュ',
+    cacheRead: 'キャッシュ読み取り',
+    cacheWrite: 'キャッシュ書き込み',
+    sessions: 'セッション',
+    cost: 'コスト',
+    noData: '使用データがありません',
+  },
+
+  skillsUsage: {
+    title: 'スキル使用状況',
+    subtitle: 'Hermes セッションでのスキル読み込みと編集を追跡します',
+    refresh: '更新',
+    periodSelector: 'スキル使用期間',
+    periodLabel: '{days}日',
+    summary: '概要',
+    totalActions: '操作数',
+    loads: '読み込み',
+    edits: '編集',
+    distinctSkills: 'スキル数',
+    topSkills: '上位',
+    dailyTrend: '日別',
+    periodSummary: '過去 {days} 日',
+    skill: 'スキル',
+    share: '割合',
+    lastUsed: '最終',
+    noData: 'スキル使用データはありません',
+    loadFailed: 'スキル使用状況の読み込みに失敗しました',
+    otherSkills: 'その他',
+  },
+
+  // 更新履歴
+  changelog: {
+    new_0_6_7_1: 'Desktop アプリは既定で port 8748 を使用し、LAN アクセスとローカルブラウザからの直接アクセスに対応しました',
+    new_0_6_7_9: 'Desktop のダウンロードリンクを公式サイト https://hermes-studio.ai/ に追加し、最新インストーラーは引き続き GitHub Releases からも取得できます',
+    new_0_6_7_2: 'MCP ツールは bridge の tool discovery 修正、MCP 管理ライフサイクル修正、管理画面のモデル別 tool visibility によりさらに整備されました',
+    new_0_6_7_3: 'メッセージ一覧は empty state の中央揃え、scroll jitter、History 読み込み中のライブチャット混入を修正し、セッション別スクロール位置保持と 1.5 秒のフェードインに対応しました',
+    new_0_6_7_4: 'Bridge と runtime は text/tool-call の順序保持、Profile runtime status loading 修正、Node/npm 検出改善、本番 data directory 作成スキップで安定しました',
+    new_0_6_7_5: 'Desktop 配布は Electron packaging、アプリ名、preload build、release artifact upload、Windows Hermes CLI 起動、Linux icon と書き込み可能 data path、macOS 未署名対応、Windows 起動時の非表示 subprocess に対応しました',
+    new_0_6_7_6: 'Web サイトに downloads と deploy workflow を追加し、rsync がない環境での deploy 失敗を修正しました',
+    new_0_6_7_7: 'Server と auth は Windows credential directory に dirname を使い、大きな avatar 画像で 413 にならないよう body limit を引き上げました',
+    new_0_6_7_8: 'Coding Agents 向けに repository harness、validation docs、agent guidance を追加し、古い setup script docs を削除しました',
+    new_0_6_4_1: 'CI を強化し、npm install の挙動を固定して PR の Docker smoke チェックを追加しました',
+    new_0_6_4_2: 'チャットに仮想ページングを追加し、長い会話のスクロールと読み込みをより安定させました',
+    new_0_6_4_3: 'Docker イメージ公開は通常の PR チェックではなく release の場合のみ実行されます',
+    new_0_6_4_4: 'Version Preview を super admin 向けに追加し、main/tag 選択、preview checkout、依存関係インストール、start/stop、ログ確認に対応しました',
+    new_0_6_4_5: 'Preview インスタンスは frontend/backend ポート、Web UI home、agent bridge endpoint を分離し、古い tag にはポート、WebSocket、base URL、ネストした preview ナビゲーションの runtime patch を適用します',
+    new_0_6_4_6: 'created_at がない legacy session_usage テーブルをデフォルト値付きで安全に移行します',
+    new_0_6_4_7: 'Bridge profile worker endpoint を broker endpoint ごとに分離し、同じ Profile の本番/preview が worker socket を奪い合って unknown run を起こす問題を防ぎます',
+    new_0_6_5_1: 'Coding Agents に Claude Code と Codex の完全な起動ワークフローを追加し、グローバル設定、profile/provider 分離ワークスペース、内蔵/ネイティブターミナルに対応しました',
+    new_0_6_5_2: 'Codex 起動は OpenAI Chat Completions、OpenAI Responses、Anthropic Messages に対応し、ローカル proxy で各プロバイダーへ適配します',
+    new_0_6_5_3: 'Windows の Coding Agents は .cmd/.bat shim 検出、ターミナル起動修正、Claude Code custom model のローカル検証回避で安定しました',
+    new_0_6_5_4: 'メッセージ一覧、History ページング、TTS 認証、グループチャット agent メンション、更新チェック無効化、bridge worker transport の安定性を改善しました',
+    new_0_6_3_1: 'Bridge spinner の状態をモデル reasoning として保存しないようにし、装飾的な thinking テキストが後続コンテキストを汚染しないようにしました',
+    new_0_6_3_2: 'History に Hermes CLI セッションを Web UI のローカル履歴へインポートする操作を追加し、メッセージ構造をより安全に正規化します',
+    new_0_6_3_3: 'Provider 設定で組み込み base URL を編集できるようになり、LM Studio を組み込み Provider として追加し、LM Studio /models のライブ取得に対応しました',
+    new_0_6_3_4: 'Web UI bridge 経由の OpenRouter リクエストに Hermes Web UI のアプリ attribution headers を付与するようになりました',
+    new_0_6_3_5: '公開 auth status endpoint が未認証リクエストに最初のユーザー名を返さないようにしました',
+    new_0_6_3_6: 'DingTalk 設定に AI Card Template ID フィールドを追加し、DINGTALK_CARD_TEMPLATE_ID として保存します',
+    new_0_6_3_7: 'Bridge socket JSON 出力で孤立した Unicode surrogate 文字をサニタイズし、チャット SSE のクラッシュを防ぎます',
+    new_0_6_2_1: 'Web Bridge が /plan コマンドに対応し、run の開始とコマンド状態の表示が正しく動作するようになりました',
+    new_0_6_2_2: 'チャット入力のコマンドメニューに /goal と /subgoal を追加し、status、pause、resume、done、clear 操作に対応しました',
+    new_0_6_2_3: 'Goal と subgoal のワークフローをチャットセッションに統合し、目標の継続とステータス更新に対応しました',
+    new_0_6_2_4: 'ジョブ配信先チャネルの選択肢を復元し、スケジュール済みジョブが意図した宛先を選べるようになりました',
+    new_0_6_2_5: '再接続後のコンテキスト token 使用量を snapshot 対応の計算で正確に復元します',
+    new_0_6_2_6: 'Codex の要約が遅い場合でもコンテキスト checkpoint 圧縮が安定します。Web UI は 5 分待機し、Python bridge broker は 2 分で worker request を打ち切りません',
+    new_0_6_2_7: 'チャットキューの昇格処理を修正し、同期された複数ウィンドウを含め queued メッセージが早くメッセージ一覧へ入らないようにしました',
+    new_0_6_2_8: 'Clarify プロンプトは Enter で自由入力を送信せず、回答済みプロンプトはセッション切り替え後に再表示されません',
+    new_0_6_2_9: 'Bridge terminal の環境更新と stale pid cleanup の範囲を絞り、UI に古い runtime 状態が残りにくくしました',
+    new_0_6_2_10: '既定のコンテキスト長を Hermes 標準に合わせて 256,000 tokens に変更しました',
+    new_0_5_35_1: 'Bridge セッションは異なる session 間で並行実行でき、同一 session の実行はメッセージ順序を守るため直列化されます',
+    new_0_5_35_2: 'Performance Monitor ページを追加し、システム CPU/メモリ、Web UI、Bridge Broker、Workers、アクティブセッション状態を確認できます',
+    new_0_5_35_3: 'Worker ごとの CPU、メモリ、Profile、セッション数、実行状態を表示するリソース統計を追加',
+    new_0_5_35_4: 'Bridge worker のライフサイクル cleanup を改善し、Broker 終了時や親プロセス終了時に worker を回収して残留 Python プロセスを減らします',
+    new_0_5_35_5: 'macOS、Windows、Linux、Docker、Termux 向けの fallback を追加し、監視リソース収集のクロスプラットフォーム互換性を強化',
+    new_0_5_35_6: 'Agent 初期化中の worker request で Performance Monitor がブロックされにくくなり、Windows の request timed out を軽減',
+    new_0_5_35_7: 'Chat Markdown にテキスト内容のインラインプレビューを追加し、download アイコンはプレビュー drawer を開かず直接ダウンロードします',
+    new_0_5_35_8: '内容表示 drawer を改善し、モバイルの閉じる操作と全幅表示、デスクトップ 800px 幅、テキスト/Markdown 背景の統一に対応',
+    new_0_6_0_1: 'アカウント別・Profile 別の管理により、セッション、モデル、使用量、Kanban、ジョブ、アップロード、メディア、関連 Hermes API を一貫して保護します',
+    new_0_6_0_2: '内蔵メディア Skills は生成されたサーバートークンをメディア endpoint のみに使用し、要求された Profile から fun-codex/xAI 認証情報を解決します',
+    new_0_6_0_3: '単一チャットとグループチャットは現在の Hermes Profile を run instructions に注入し、Skills が X-Hermes-Profile を送れるようにします',
+    new_0_6_0_4: 'delegate_task の subagent 進行状況をチャット UI に stream 表示し、開始、tool、進行、完了を確認できます',
+    new_0_6_0_5: '停止または中断時に一時イベントをクリアし、古い abort 状態が次のチャットに漏れないようにしました',
+    new_0_6_0_6: 'アカウント管理、既定の認証情報、アカウント/Profile 管理、アップロード/ダウンロード、内蔵メディア Skills のドキュメントとサイト文言を更新',
+    new_0_6_0_7: 'ログイン IP ロックのクリアと既定の admin / 123456 ログインをリセットする CLI メンテナンスコマンドを追加',
+    new_0_6_0_8: '0.6.0 は Web UI の単一ユーザー版とマルチユーザー版の境界です。マルチユーザー機能に問題がある場合は issue を送信し、必要に応じて 0.5.35 の単一ユーザー版へ戻してください',
+    new_0_6_1_1: 'セッション一覧は既定でアカウントが利用可能なすべての Profile を表示し、明示的な Profile フィルター時のみ絞り込みます。CLI start/stop/status の node:sqlite 実験警告も出なくなりました',
+    new_0_6_1_2: 'Clarify と確認の返信が、認証済みチャット socket 経由で Hermes bridge まで届くようになり、返信経路のテストも追加しました',
+    new_0_6_1_3: 'ナビゲーション項目とチャットセッション行をネイティブリンク化し、新しいタブで開く、リンクコピー、折りたたみサイドバー状態の永続化に対応しました',
+    new_0_6_1_4: 'セッションリンクが route Profile を通常のセッション一覧フィルターへ漏らさないようにし、新しいタブで開くラベルを各言語に対応しました',
+    new_0_6_1_5: 'Skills は現在の Profile config の skills.external_dirs を読み、external source を表示し、ローカル優先を保ち、外部 skill ファイルも解決します',
+    new_0_6_1_6: 'ログイン IP ロックのしきい値を 10 回失敗に上げ、ロック時のログイン画面にロック解除と既定ログインリセットの復旧コマンドを表示します',
+    new_0_6_1_7: 'モバイルやバックグラウンドによるチャット切断を一時切断として扱い、再接続後にサーバーから run 状態を復元します',
+    new_0_6_1_8: 'Bridge の tool marker flush が、tool/run 境界で残った tool-call prefix を永続化し、再読み込み後の欠落を防ぎます',
+    new_0_6_1_9: 'Profile 対応の History 操作は Profile 付きターゲットでセッションを削除し、グローバル Profile 変更時に History を再読み込みします',
+    new_0_6_1_10: 'マルチユーザー権限モデルに合わせて旧 AUTH_DISABLED バイパスを削除し、AUTH_TOKEN は引き続きサポートします',
+  },
+
+  // ファイル
+  files: {
+    title: 'ファイル',
+    tree: 'ディレクトリツリー',
+    list: 'ファイル一覧',
+    breadcrumbRoot: 'ホーム',
+    newFile: '新規ファイル',
+    newFolder: '新規フォルダ',
+    upload: 'アップロード',
+    refresh: '更新',
+    open: '開く',
+    edit: '編集',
+    preview: 'プレビュー',
+    download: 'ダウンロード',
+    copyPath: 'パスをコピー',
+    rename: '名前の変更',
+    delete: '削除',
+    name: '名前',
+    size: 'サイズ',
+    modified: '更新日時',
+    actions: '操作',
+    emptyDir: '空のディレクトリ',
+    loading: '読み込み中...',
+    confirmDelete: '「{name}」を削除してもよろしいですか？',
+    confirmDeleteDir: 'ディレクトリ「{name}」とそのすべての内容を削除してもよろしいですか？',
+    deleteFailed: '削除に失敗しました',
+    deleted: '削除しました',
+    renameTo: '名前を変更',
+    newFileName: 'ファイル名',
+    newFolderName: 'フォルダ名',
+    created: '作成しました',
+    createFailed: '作成に失敗しました',
+    renamed: '名前を変更しました',
+    renameFailed: '名前の変更に失敗しました',
+    uploadSuccess: '{count} 個のファイルをアップロードしました',
+    uploadFailed: 'アップロードに失敗しました',
+    saveFailed: '保存に失敗しました',
+    saved: '保存しました',
+    unsavedChanges: '未保存の変更があります。破棄しますか？',
+    pathCopied: 'パスをコピーしました',
+    fileTooLarge: 'ファイルが大きすぎます（最大10MB）',
+    permissionDenied: '保護されたファイルは変更できません',
+    notFound: 'ファイルまたはディレクトリが見つかりません',
+    backendError: 'ファイル操作に失敗しました',
+    dragDropHint: 'ここにファイルをドラッグしてアップロード',
+    closeEditor: 'エディタを閉じる',
+    closePreview: '閉じる',
+    saveFile: '保存',
+    fileTree: 'ファイルツリー',
+  },
+
+  // グループチャット
+  groupChat: {
+    title: 'グループチャット',
+    createRoom: 'ルームを作成',
+    joinByCode: 'コードで参加',
+    roomName: 'ルーム名',
+    roomNamePlaceholder: 'ルーム名を入力',
+    inviteCode: '招待コード',
+    autoGenerate: '自動生成',
+    noRooms: 'ルームがありません',
+    selectOrCreate: 'ルームを選択または作成してチャットを開始',
+    agents: 'エージェント',
+    addAgent: 'エージェントを追加',
+    selectProfile: 'プロファイルを選択',
+    agentAdded: 'エージェントが追加されました',
+    agentAlreadyInRoom: 'このエージェントは既にルームにいます',
+    agentAddFailedCount: '{count} 件のエージェントを追加できませんでした: {details}',
+    noAgents: 'このルームにエージェントはいません',
+    members: 'メンバー',
+    roomCreated: 'ルームが作成されました',
+    roomDeleted: 'ルームを削除しました',
+    roomCloned: 'ルームを複製しました',
+    cloneRoom: 'ルームを複製',
+    copyRoomLink: 'ルームリンクをコピー',
+    deleteRoomConfirm: 'このルームを削除しますか？',
+    clearContext: 'コンテキストを削除',
+    clearContextConfirm: 'このルームのコンテキストを削除しますか？メッセージと圧縮スナップショットは削除されますが、エージェントとメンバーは残ります。',
+    contextCleared: 'コンテキストを削除しました',
+    you: 'あなた',
+    joined: 'ルームに参加しました',
+    joinFailed: 'ルームへの参加に失敗しました',
+    inputPlaceholder: 'メッセージを入力... (Enterで送信)',
+    enterCode: '招待コードを入力',
+    yourName: 'あなたの名前',
+    yourNamePlaceholder: '表示名を入力',
+    yourDescription: '自己紹介（任意）',
+    yourDescriptionPlaceholder: '自分について教えてください...',
+    agentName: 'エージェント名',
+    agentNamePlaceholder: 'カスタム名（空欄ならプロファイル名）',
+    agentDesc: 'エージェントの説明',
+    agentDescPlaceholder: 'このエージェントの役割を説明...',
+    agentReplying: 'が返信中...',
+    agentCompressing: 'がコンテキストを圧縮中...',
+    compressionSettings: '圧縮設定',
+    triggerTokens: '圧縮トリガートークン数',
+    triggerTokensDesc: 'このトークン数を超えるとコンテキスト圧縮がトリガーされます',
+    maxHistoryTokens: '最大履歴トークン数',
+    maxHistoryTokensDesc: '圧縮後のLLM送信最大トークン数',
+    tailMessageCount: '末尾メッセージ数',
+    tailMessageCountDesc: '圧縮後にそのまま保持する最近のメッセージ数',
+    compressionConfig: '圧縮設定',
+    compressNow: '今すぐ圧縮',
+    compressingInProgress: '圧縮中です、お待ちください',
+    compressionSaved: '圧縮設定を保存しました',
+  },
+
+  // ダウンロード
+  download: {
+    downloading: 'ダウンロード中...',
+    downloadFailed: 'ダウンロードに失敗しました',
+    fileNotFound: 'ファイルが見つからないか削除されています',
+    fileTooLarge: 'ファイルが大きすぎます（制限超過）',
+    backendError: 'ファイルの読み取りに失敗しました。リモート環境が利用できない可能性があります',
+    backendTimeout: 'ファイルの読み取りがタイムアウトしました',
+    unsupportedBackend: '現在のターミナルバックエンドはファイルのダウンロードに対応していません',
+    invalidPath: '無効なファイルパス',
+    contentDisplay: '内容表示',
+    download: 'ダウンロード',
+    downloadFile: 'ファイルをダウンロード',
+  },
+  gateways: {
+    title: 'ゲートウェイ',
+    running: '実行中',
+    stopped: '停止中',
+    started: '開始しました',
+    startFailed: 'Gateway の起動に失敗しました',
+    stopFailed: 'Gateway の停止に失敗しました',
+  },
+  kanban: {
+    title: 'Kanban ボード',
+    createTask: '新規タスク',
+    noTasks: 'タスクはありません',
+    allStatuses: 'すべての状態',
+    allAssignees: 'すべての担当者',
+    columns: {
+      triage: '振り分け待ち',
+      todo: '未着手',
+      ready: '準備完了',
+      running: '進行中',
+      blocked: 'ブロック中',
+      done: '完了',
+      archived: 'アーカイブ済み',
+    },
+    card: {
+      assigneeTooltip: '担当者',
+      priority: {
+        low: '低',
+        medium: '中',
+        high: '高',
+      },
+      timeAgo: {
+        justNow: 'たった今',
+        minutes: '{count}分前',
+        hours: '{count}時間前',
+        days: '{count}日前',
+      },
+    },
+    board: {
+      create: '新規ボード',
+      archive: 'ボードをアーカイブ',
+      archiveConfirm: '現在のボードをアーカイブしますか？',
+      archived: 'ボードをアーカイブしました',
+      created: 'ボードを作成しました',
+      slugPlaceholder: 'ボード識別子 例: project-a',
+      namePlaceholder: '表示名（任意）',
+      slugRequired: 'ボード識別子は必須です',
+    },
+    form: {
+      title: 'タイトル',
+      titlePlaceholder: 'タスクタイトル',
+      titleRequired: 'タイトルは必須です',
+      body: '説明',
+      bodyPlaceholder: 'タスク説明（任意）',
+      assignee: '担当者',
+      selectAssignee: '担当者を選択...',
+      priority: '優先度',
+      selectPriority: '優先度を選択...',
+    },
+    detail: {
+      status: '状態',
+      priority: '優先度',
+      assignee: '担当者',
+      tenant: 'テナント',
+      createdAt: '作成時刻',
+      startedAt: '開始時刻',
+      completedAt: '完了時刻',
+      comments: 'コメント',
+      events: 'イベント',
+      runs: '実行履歴',
+      artifacts: '成果物',
+      result: '完了結果',
+      highlights: '重要情報',
+      sources: 'データソース',
+      sessions: '関連セッション',
+      sessionMessages: 'セッション記録',
+      noSessions: '関連セッションが見つかりません。',
+    },
+    action: {
+      title: '操作',
+      assign: '割り当て',
+      assignTo: '割り当て先...',
+      block: 'ブロック',
+      blockReason: 'ブロック理由',
+      unblock: 'ブロック解除',
+      complete: '完了',
+      completeSummary: '完了サマリー（任意）',
+    },
+    message: {
+      loadFailed: 'タスクの読み込みに失敗しました',
+      taskCreated: 'タスクを作成しました',
+      taskAssigned: 'タスクを割り当てました',
+      taskBlocked: 'タスクをブロックしました',
+      taskUnblocked: 'タスクのブロックを解除しました',
+      taskCompleted: 'タスクを完了しました',
+    },
+    stats: {
+      total: '合計',
+      tasks: 'タスク数',
+    },
+  },
+}
diff --git a/packages/client/src/i18n/locales/ko.ts b/packages/client/src/i18n/locales/ko.ts
new file mode 100644
index 0000000..6d2e625
--- /dev/null
+++ b/packages/client/src/i18n/locales/ko.ts
@@ -0,0 +1,1548 @@
+export default {
+  // 로그인
+  login: {
+    title: 'Hermes Web UI',
+    description: '계속하려면 사용자 이름과 비밀번호를 입력하세요.',
+    placeholder: '액세스 토큰',
+    submit: '로그인',
+    tokenRequired: '액세스 토큰을 입력해 주세요',
+    invalidToken: '유효하지 않은 토큰입니다',
+    connectionFailed: '서버에 연결할 수 없습니다',
+    passwordLogin: '비밀번호',
+    tokenLogin: '토큰',
+    usernamePlaceholder: '사용자 이름',
+    passwordPlaceholder: '비밀번호',
+    defaultCredentialsHint: '기본 로그인 이름: admin, 기본 비밀번호: 123456',
+    credentialsRequired: '사용자 이름과 비밀번호를 입력해 주세요',
+    invalidCredentials: '사용자 이름 또는 비밀번호가 올바르지 않습니다',
+    tooManyAttempts: '로그인 시도 횟수가 너무 많습니다. 잠시 후 다시 시도해 주세요',
+    lockResetHint: '본인 서버라면 다음 명령으로 로그인 잠금을 해제할 수 있습니다:',
+    defaultLoginResetHint: '기본 admin 비밀번호를 재설정하려면 다음을 실행하세요:',
+    sessionExpired: '로그인이 만료되었습니다. 다시 로그인해 주세요.',
+    accessDenied: '이 리소스에 접근할 권한이 없습니다.',
+    passwordMismatch: '비밀번호가 일치하지 않습니다',
+    passwordTooShort: '비밀번호는 6자 이상이어야 합니다',
+    setupSuccess: '비밀번호 로그인이 설정되었습니다',
+    passwordChanged: '비밀번호가 변경되었습니다',
+    passwordRemoved: '비밀번호 로그인이 제거되었습니다',
+    setupPassword: '비밀번호 로그인 설정',
+    changePassword: '비밀번호 변경',
+    changeUsername: '사용자 이름 변경',
+    removePasswordLogin: '제거',
+    username: '사용자 이름',
+    currentPassword: '현재 비밀번호',
+    newPassword: '새 비밀번호',
+    confirmPassword: '비밀번호 확인',
+    newUsername: '새 사용자 이름',
+    usernameChanged: '사용자 이름이 변경되었습니다',
+    usernameTooShort: '사용자 이름은 2자 이상이어야 합니다',
+    setupDescription: '로그인에 사용할 사용자 이름과 비밀번호를 관리합니다.',
+    removeConfirm: '사용자 계정에는 비밀번호 로그인이 필요합니다.',
+    passwordLoginNotConfigured: '비밀번호 로그인 미설정',
+    passwordLoginConfigured: '현재 계정: {username}',
+    defaultCredentialTitle: '기본 계정과 비밀번호를 변경하세요',
+    defaultCredentialMessage: '현재 로그인 계정이 아직 기본 사용자 이름 또는 기본 비밀번호를 사용하고 있습니다. 무단 접근을 방지하려면 현재 계정에서 사용자 이름과 비밀번호를 가능한 한 빨리 변경하세요.',
+    defaultCredentialAction: '변경하기',
+    defaultCredentialLater: '나중에 알림',
+  },
+
+  users: {
+    title: '계정 관리',
+    description: '사용자를 만들고 역할을 할당하며 일반 관리자가 접근할 수 있는 프로필을 제어합니다.',
+    create: '사용자 만들기',
+    edit: '사용자 편집',
+    username: '사용자 이름',
+    role: '역할',
+    statusLabel: '상태',
+    profiles: '접근 가능한 프로필',
+    profilesPlaceholder: '접근 가능한 프로필 선택',
+    allProfiles: '모든 프로필',
+    noProfiles: '할당된 프로필 없음',
+    lastLogin: '마지막 로그인',
+    newPasswordOptional: '새 비밀번호 (비워두면 유지)',
+    loadFailed: '사용자 목록을 불러오지 못했습니다',
+    deleteConfirm: '이 사용자를 삭제하시겠습니까?',
+    enable: '활성화',
+    disable: '비활성화',
+    roles: {
+      superAdmin: '슈퍼 관리자',
+      admin: '관리자',
+    },
+    status: {
+      active: '활성',
+      disabled: '비활성',
+    },
+  },
+
+  // 공통
+  common: {
+    loading: '로딩 중...',
+    cancel: '취소',
+    retry: '재시도',
+    delete: '삭제',
+    edit: '편집',
+    save: '저장',
+    saved: '저장됨',
+    update: '업데이트',
+    create: '생성',
+    saveFailed: '저장 실패',
+    deleteFailed: '삭제 실패',
+    ok: '확인',
+    copied: '복사됨',
+    copy: '복사',
+    noData: '데이터 없음',
+    fetch: '가져오기',
+    add: '추가',
+    enable: '활성화',
+    disable: '비활성화',
+    configured: '구성됨',
+    notConfigured: '미구성',
+    confirm: '확인',
+    expand: '펼치기',
+    collapse: '접기',
+    stop: '중지',
+    start: '시작',
+    expired: '만료됨',
+  },
+
+  // 사이드바
+  // MCP 관리
+  mcp: {
+    title: 'MCP 서버',
+    loadFailed: 'MCP 서버를 불러오지 못했습니다',
+    reloadAll: '모두 다시 로드',
+    refresh: '새로고침',
+    total: '합계',
+    connected: '연결됨',
+    disconnected: '연결 끊김',
+    tools: '도구',
+    tool: '도구',
+    searchPlaceholder: '서버 검색...',
+    addServer: '+ 서버 추가',
+    zeroTools: '0개 도구',
+    loading: '로딩...',
+    empty: 'MCP 서버가 설정되지 않았습니다',
+    reloaded: '{server} 다시 로드됨',
+    reloadedAll: '모든 MCP 서버가 다시 로드되었습니다',
+    reloadFailed: '다시 로드 실패',
+    serverAdded: '서버 "{name}" 추가됨',
+    addFailed: '서버 추가 실패',
+    serverUpdated: '서버 "{name}" 업데이트됨',
+    updateFailed: '서버 업데이트 실패',
+    saveFailed: '저장 실패',
+    serverRemoved: '"{name}" 제거됨',
+    enabled: "{name} 활성화됨",
+    disabled: "{name} 비활성화됨",
+    connectedStatus: '연결됨',
+    disconnectedStatus: '연결 끊김',
+    disabledStatus: '비활성화됨',
+    toolList: '도구 목록',
+    count: ' ',
+    more: '개 더보기',
+    removeFailed: '서버 제거 실패',
+    testOk: '테스트 성공 — {count}개 도구 사용 가능',
+    testEmpty: '테스트에서 도구가 반환되지 않았습니다',
+    testFailed: '테스트 실패',
+    edit: '편집',
+    test: '테스트',
+    reload: '다시 로드',
+    remove: '제거',
+    confirmRemove: '서버 "{name}"을(를) 제거하시겠습니까?',
+    cancel: '취소',
+    add: '추가',
+    save: '저장',
+    addTitle: 'MCP 서버 추가',
+    editTitle: 'MCP 서버 편집',
+    invalidJson: 'JSON 형식 오류',
+    invalidYaml: 'YAML 형식이 올바르지 않습니다',
+    invalidConfig: '올바르지 않은 설정',
+    invalidServerConfig: '서버 설정이 올바르지 않습니다',
+    missingCommandOrUrl: 'command 또는 url이 필요합니다',
+    manageTools: '도구 관리',
+    toolsVisibilityTitle: '도구 가시성 관리',
+    fetchTools: '도구 목록 가져오기',
+    fetchToolsFailed: '도구 목록을 가져오지 못했습니다',
+    toolsMode: '모드：',
+    toolsModeAll: '전체',
+    toolsModeInclude: '포함',
+    toolsModeExclude: '제외',
+    toolsListHeader: '도구 이름',
+    toolsEmpty: '도구가 없습니다. 먼저 도구 목록을 가져오세요',
+    toolsSummaryAll: '총 {count}개 도구, 모두 활성화',
+    toolsSummaryInclude: '총 {total}개 도구, {count}개 선택됨',
+    toolsSummaryExclude: '총 {total}개 도구, {count}개 제외됨',
+    toolsVisibilitySaved: '도구 가시성이 저장되었습니다',
+    toolsSelectAll: '모두 선택',
+    toolsClearSelection: '선택 지우기',
+    toolsExcludeAll: '모두 제외',
+    toolsClearExcluded: '제외 항목 지우기',
+  },
+
+  sidebar: {
+    chat: '채팅',
+    search: '검색',
+    apiRelay: 'API 릴레이',
+    history: '기록',
+    jobs: '예약 작업',
+    models: '모델',
+    profiles: '프로필',
+    plugins: '플러그인',
+    mcp: 'MCP',
+    skills: '스킬',
+    memory: '메모리',
+    logs: '로그',
+    usage: '사용량',
+    performance: '성능 모니터링',
+    skillsUsage: '스킬 사용량',
+    channels: '채널',
+    terminal: '터미널',
+    files: '파일',
+    groupChat: '그룹 채팅',
+    groupConversation: '대화',
+    groupConversationShort: '대화',
+    groupAgent: '에이전트',
+    groupAgentShort: '에전',
+    groupSystem: '시스템',
+    groupSystemShort: '시스템',
+    groupMonitoring: '모니터링',
+    groupMonitoringShort: '모니터',
+    settings: '설정',
+    connected: '연결됨',
+    disconnected: '연결 끊김',
+    updateTip: '터미널에서 "hermes-web-ui update"를 실행하여 업데이트하세요',
+    updateVersion: 'v{version}(으)로 업그레이드',
+    reloadClientVersion: 'v{version}(으)로 새로고침',
+    updating: '업데이트 중...',
+    updateSuccess: '업데이트가 완료되었습니다. 잠시 후 페이지를 새로고침하세요. 오랫동안 시작되지 않으면 수동으로 시작하세요.',
+    updateFailed: '업데이트 실패',
+    logout: '로그아웃',
+    nodeVersionWarning: 'Node.js v{version}이 감지되었습니다. 버전 23 이상으로 업그레이드하세요.',
+    changelog: '변경 이력',
+    noChangelog: '변경 이력이 없습니다',
+    kanban: '칸반',
+    groupTools: '도구',
+    groupToolsShort: "도구",
+    codingAgents: "코딩 에이전트",
+    versionPreview: "버전 미리보기",
+    groupPlatform: '플랫폼',
+    gateways: '게이트웨이',
+    expand: '메뉴 펼치기',
+    collapse: '메뉴 접기',
+  },
+
+  performance: {
+    title: '성능 모니터링',
+    subtitle: '시스템 리소스, Bridge Broker, Workers, 활성 세션 확인',
+    refresh: '새로고침',
+    autoRefreshOn: '자동 새로고침',
+    autoRefreshOff: '수동 새로고침',
+    loadFailed: '성능 데이터를 불러오지 못했습니다',
+    systemCpu: '시스템 CPU',
+    systemMemory: '시스템 메모리',
+    activeSessions: '활성 세션',
+    runningSessions: '실행 중 {count}',
+    workers: 'Workers',
+    totalWorkerMemory: 'Worker 총 메모리',
+    processes: '프로세스',
+    uptime: '실행 시간',
+    running: '실행 중',
+    stopped: '중지됨',
+    workerMemory: 'Worker 메모리',
+    lastUpdated: '업데이트 시간',
+    profile: 'Profile',
+    memory: '메모리',
+    sessions: '세션',
+    runningActiveSessions: '실행 중 / 활성',
+    lastUsed: '마지막 사용',
+    status: '상태',
+    noWorkers: 'Worker 없음',
+    sessionsByProfile: 'Profile별 세션',
+    noActiveSessions: '활성 세션 없음',
+  },
+
+  // 서랍
+  drawer: {
+    terminal: '터미널',
+    files: '작업 공간',
+  },
+
+  // 채팅
+  chat: {
+    contextRemaining: '남음',
+    contextClickToEdit: '클릭하여 컨텍스트 길이 편집',
+    contextEditTitle: '컨텍스트 길이 편집',
+    contextEditDesc: '현재 모델의 컨텍스트 길이 제한 설정 (토큰 수)',
+    contextEditPlaceholder: '컨텍스트 길이 입력',
+    contextEditHint: '일반적인 값: 256k (Hermes 기본값), 128k (GPT-4), 32k (GPT-3.5)',
+    contextEditSave: '저장',
+    contextEditCancel: '취소',
+    contextEditInvalid: '유효한 컨텍스트 길이를 입력하세요',
+    contextEditSuccess: '컨텍스트 길이가 업데이트되었습니다',
+    contextEditFailed: '업데이트 실패',
+    emptyState: 'Hermes Agent와 대화를 시작하세요',
+    outlineTitle: '대화 개요',
+    outlineEmpty: '대화 내용이 없습니다',
+    outlineUserQuestion: '사용자 질문',
+    inputPlaceholder: '메시지를 입력하세요... (Enter로 전송, Shift+Enter로 줄바꿈)',
+    slashCommandArgs: {
+      message: '<메시지>',
+      title: '<제목>',
+      text: '<텍스트>',
+    },
+    slashCommands: {
+      usage: '현재 세션 사용량 계산',
+      status: '세션 상태와 대기열 표시',
+      abort: '활성 Bridge 실행 중지',
+      queue: '활성 실행 뒤에 메시지 대기열 추가',
+      plan: 'Markdown 구현 계획 작성',
+      goal: 'Set a standing goal that continues across turns',
+      goalStatus: 'Show the active goal status',
+      goalPause: 'Pause the active goal loop',
+      goalResume: 'Resume the paused goal loop',
+      goalDone: 'Complete and clear the active goal',
+      goalClear: 'Clear the active goal',
+      subgoal: 'Add a criterion to the active goal',
+      clear: '현재 표시 내용 지우기',
+      clearHistory: '이 세션의 저장된 메시지 기록 삭제',
+      title: '이 세션 이름 변경',
+      compress: '유휴 상태에서 컨텍스트 압축 실행',
+      steer: '활성 Bridge 실행에 지시 텍스트 보내기',
+      destroy: '이 세션의 Bridge Agent 해제',
+      reloadMcp: 'MCP 서버 다시 로드',
+    },
+    attachFiles: '파일 첨부',
+    showToolCalls: '도구 호출 표시',
+    hideToolCalls: '도구 호출 숨기기',
+    messageQueue: '메시지 대기열',
+    removeQueuedMessage: '대기열 메시지 제거',
+    stop: '중지',
+    send: '전송',
+    contextUsed: '사용된 컨텍스트:',
+    sessions: '세션',
+    webUiSessions: '세션',
+    allProfiles: '모든 프로필',
+    profileMissingModelsTip: '이 세션의 프로필 "{profile}"에는 사용 가능한 공급자 또는 모델이 없습니다',
+    sessionScopeHint: '채팅에는 Web UI/API Server 세션만 표시됩니다. CLI, Telegram, Discord, Cron 등 채널 세션은 기록에서 읽기 전용으로 볼 수 있습니다.',
+    openHistory: '기록 열기',
+    hermesHistory: 'Hermes 기록',
+    historyScopeHint: '현재 profile의 Hermes 기록 세션을 소스별로 읽기 전용으로 봅니다.',
+    noSessions: '세션 없음',
+    newChat: '새 채팅',
+    approvalKicker: '터미널 권한',
+    approvalTitle: '실행 전에 명령 확인',
+    approvalAllowOnce: '한 번만 허용',
+    approvalAllowSession: '이 세션에서 허용',
+    approvalAlways: '항상 허용',
+    approvalDeny: '거부',
+    clarifyKicker: '에이전트 확인 필요',
+    clarifyTitle: '에이전트가 질문이 있습니다',
+    clarifyPlaceholder: '답변 입력...',
+    clarifySubmit: '답장',
+    clarifyDismiss: '무시',
+    deleteSession: '이 세션을 삭제하시겠습니까?',
+    toggleBatchMode: '일괄 선택',
+    selectAll: '모두 선택',
+    confirmBatchDelete: '선택한 {count}개의 세션을 삭제하시겠습니까?',
+    batchDeleteSuccess: '{count}개의 세션을 삭제했습니다',
+    batchDeletePartial: '{failed}개의 세션 삭제 실패',
+    batchDeleteFailed: '일괄 삭제 실패',
+    importToWebUi: 'Web UI로 가져오기',
+    importSessionSuccess: '세션을 Web UI로 가져왔습니다',
+    importSessionAlreadyExists: '세션이 이미 Web UI에 있습니다',
+    importSessionFailed: '세션 가져오기 실패',
+    sessionDeleted: '세션이 삭제되었습니다',
+    rename: '이름 변경',
+    pin: '고정',
+    unpin: '고정 해제',
+    pinned: '고정됨',
+    chatMode: '채팅',
+    liveMode: '라이브',
+    liveSessions: '라이브 세션',
+    recentBadge: '최근',
+    linkedSessions: '{count}개 연결됨',
+    noVisibleMessages: '사람이 볼 수 있는 메시지가 없습니다.',
+    monitorRoleUser: '사용자',
+    monitorRoleAssistant: '어시스턴트',
+    copySessionLink: '세션 링크 복사',
+    openSessionInNewTab: '새 탭에서 열기',
+    sessionLinkCopied: 'Session link copied',
+    copySessionId: '세션 ID 복사',
+    export: '내보내기',
+    exportFull: '전체 내보내기 (JSON)',
+    exportCompressed: '압축 내보내기 (TXT)',
+    exportCompressing: '컨텍스트 압축 중, 잠시 기다려주세요...',
+    exportSuccess: '세션을 내보냈습니다',
+    exportFailed: '내보내기 실패',
+    renamed: '이름이 변경되었습니다',
+    renameFailed: '이름 변경 실패',
+    renameSession: '세션 이름 변경',
+    sessionNotFound: '세션을 찾을 수 없습니다',
+    enterNewTitle: '새 제목을 입력하세요',
+    other: '기타',
+    runFailed: '실행 실패',
+    error: '오류',
+    tool: '도구',
+    arguments: '인수',
+    result: '결과',
+    truncated: '... (잘림)',
+    executionDuration: '실행 시간',    thinkingLabel: '사고 과정',
+    thinkingInProgress: '사고 중…',
+    thinkingShow: '사고 과정 펼치기',
+    thinkingHide: '사고 과정 접기',
+    thinkingDuration: '관측 {duration}',
+    thinkingChars: '{count}자',
+    copyBubble: '메시지 복사',
+    copiedBubble: '복사됨',
+    copyFailed: '복사 실패',
+    playSpeech: '음성 재생',
+    pauseSpeech: '일시정지',
+    resumeSpeech: '재개',
+    stopSpeech: '중지',
+    speechNotSupported: '이 브라우저는 음성 재생을 지원하지 않습니다',
+    searchEnterHint: 'Enter로 열기 · Esc로 닫기',
+    searchHint: 'Cmd/Ctrl+K',
+    searchScope: '검색 범위: Web UI 로컬 세션 DB만 포함하며 읽기 전용 Hermes 기록 세션은 포함하지 않습니다.',
+    searchFailed: '세션 검색 실패',
+    searchNoSnippet: '표시할 요약이 없습니다',
+    searchNoResults: '일치하는 세션이 없습니다',
+    searchRecent: '최근 세션',
+    searchEmpty: '최근 세션',
+    searchPlaceholder: '세션 검색...',
+    searchSubtitle: '제목 또는 메시지 내용으로 검색',
+    searchTitle: '세션 검색',
+    stopGateway: 'Gateway 중지',
+    start: '시작',
+    workspaceSetFailed: 'Workspace 설정 실패',
+    workspaceSet: 'Workspace가 설정되었습니다',
+    workspacePlaceholder: '프로젝트 경로 입력, 예: /home/user/project',
+    workspace: '작업 공간',
+    setWorkspaceTitle: '세션 Workspace 설정',
+    setWorkspace: 'Workspace 설정',
+    modelSetFailed: '모델 설정 실패',
+    modelSet: '모델이 설정되었습니다',
+    setModelTitle: '세션 모델 설정',
+    setModel: '모델 설정',
+    newCliChat: '새 CLI',
+    cliEmptyState: 'CLI 채팅 시작',
+    autoPlaySpeech: '음성 자동 재생',
+  },
+
+  // 예약 작업
+  jobs: {
+    title: '예약 작업',
+    createJob: '작업 생성',
+    editJob: '작업 편집',
+    noJobs: '예약된 작업이 없습니다. 새로 만들어 시작하세요.',
+    name: '이름',
+    namePlaceholder: '작업 이름',
+    schedule: '스케줄 (Cron 표현식)',
+    schedulePlaceholder: '예: 0 9 * * *',
+    quickPresets: '빠른 프리셋',
+    selectPreset: '프리셋 선택...',
+    presetEveryMinute: '매 분',
+    presetEvery5Min: '매 5분',
+    presetEveryHour: '매 시간',
+    presetEveryDay: '매일 00:00',
+    presetEveryDay9: '매일 09:00',
+    presetEveryMonday: '매주 월요일 09:00',
+    presetEveryMonth: '매월 1일 09:00',
+    prompt: '프롬프트',
+    promptPlaceholder: '실행할 프롬프트',
+    deliverTarget: '전송 대상',
+    origin: '출처',
+    local: '로컬',
+    repeatCount: '반복 횟수 (선택)',
+    modelPlaceholder: '기본 모델',
+    repeatPlaceholder: '비워두면 무한 반복',
+    jobCreated: '작업이 생성되었습니다',
+    jobUpdated: '작업이 업데이트되었습니다',
+    nameRequired: '이름을 입력해 주세요',
+    scheduleRequired: '스케줄을 입력해 주세요',
+    loadFailed: '작업을 불러오지 못했습니다',
+    jobPaused: '작업이 일시 정지되었습니다',
+    jobResumed: '작업이 재개되었습니다',
+    jobTriggered: '작업이 실행되었습니다',
+    modelUpdated: '모델이 업데이트되었습니다',
+    jobDeleted: '작업이 삭제되었습니다',
+    status: {
+      running: '실행 중',
+      paused: '일시 정지',
+      disabled: '비활성화',
+      scheduled: '예약됨',
+    },
+    info: {
+      model: '모델',
+      schedule: '일정',
+      lastRun: '마지막 실행',
+      nextRun: '다음 실행',
+      deliver: '전송',
+      repeat: '반복',
+    },
+    action: {
+      pause: '일시 정지',
+      pauseJob: '작업 일시 정지',
+      resume: '재개',
+      resumeJob: '작업 재개',
+      runNow: '즉시 실행',
+      triggerImmediately: '즉시 실행',
+    },
+    runHistory: {
+      title: '실행 기록',
+      runs: '회 실행',
+      noRuns: '실행 기록이 없습니다.',
+    },
+  },
+
+  // 스킬
+  skills: {
+    title: '스킬',
+    searchPlaceholder: '스킬 검색...',
+    noMatch: '검색과 일치하는 스킬이 없습니다',
+    noSkills: '스킬을 찾을 수 없습니다',
+    backTo: '돌아가기',
+    attachedFiles: '첨부 파일',
+    loadFailed: '스킬을 불러오지 못했습니다',
+    fileLoadFailed: '파일을 불러오지 못했습니다',
+    modified: '사용자 수정됨',
+    archived: '보관됨',
+    pinned: '고정됨',
+    pin: '스킬 고정',
+    unpin: '고정 해제',
+    pinFailed: '고정 상태 변경 실패',
+    toggleFailed: '스킬 상태를 전환하지 못했습니다',
+    source: {
+      builtin: '내장',
+      hub: 'Hub',
+      local: '로컬',
+      external: '외부',
+    },
+  },
+
+  // 플러그인
+  plugins: {
+    title: '플러그인',
+    refresh: '새로고침',
+    notice: '탐색 가능한 Hermes 플러그인 manifest의 읽기 전용 인벤토리입니다. 탐색 메타데이터는 플러그인 코드를 로드하지 않고 읽습니다. v1의 관리 작업은 CLI에 유지되며, 변경 사항은 새 Hermes 세션에서 적용됩니다.',
+    loadFailed: '플러그인을 불러오지 못했습니다',
+    commandCopied: '명령을 복사했습니다',
+    searchPlaceholder: 'key, 이름, 설명, 경로 검색...',
+    source: '소스',
+    kind: '종류',
+    statusTitle: '상태',
+    configStatus: 'config: {status}',
+    notAvailable: 'n/a',
+    copyCommand: '명령 복사',
+    managedElsewhere: '다른 곳에서 관리됨',
+    noMatch: '현재 필터와 일치하는 플러그인이 없습니다',
+    enabled: '활성화됨',
+    disabled: '비활성화됨',
+    summary: {
+      total: '전체',
+      active: '활성 / 자동',
+      inactive: '비활성',
+      disabled: '비활성화됨',
+      providerManaged: 'Provider 관리',
+    },
+    status: {
+      enabled: '활성화됨',
+      'auto-active': '자동 활성',
+      inactive: '비활성',
+      disabled: '비활성화됨',
+      'provider-managed': 'Provider 관리',
+    },
+    statusLabel: {
+      enabled: '설정으로 활성화됨',
+      'auto-active': '자동 활성',
+      inactive: '비활성',
+      disabled: '비활성화됨',
+      'provider-managed': 'Provider 관리',
+    },
+    configStatuses: {
+      enabled: '활성화됨',
+      disabled: '비활성화됨',
+      'not-enabled': '활성화되지 않음',
+      auto: '자동',
+      'provider-managed': 'Provider 관리',
+    },
+    table: {
+      plugin: '플러그인',
+      status: '상태',
+      source: '소스',
+      kind: '종류',
+      capabilities: '기능',
+      path: '경로 / entrypoint',
+      cli: 'CLI',
+    },
+    capabilities: {
+      tools: '{count} tools',
+      hooks: '{count} hooks',
+      env: '{count} env',
+    },
+    metadata: {
+      agentRoot: '에이전트 루트',
+      python: 'Python',
+      scanCwd: 'cwd 스캔',
+      projectPlugins: '프로젝트 플러그인',
+    },
+  },
+
+  // 메모리
+  memory: {
+    title: '메모리',
+    refresh: '새로고침',
+    loadFailed: '메모리를 불러오지 못했습니다',
+    myNotes: '내 메모',
+    noNotes: '메모가 없습니다.',
+    notesPlaceholder: '메모를 작성하세요...',
+    userProfile: '사용자 프로필',
+    noProfile: '프로필이 없습니다.',
+    profilePlaceholder: '프로필을 작성하세요...',
+    soul: '소울',
+    noSoul: '소울 설정이 없습니다.',
+    soulPlaceholder: '소울 설정을 작성하세요...',
+  },
+
+  // 모델
+  models: {
+    title: '모델',
+    addProvider: 'Provider 추가',
+    providerType: 'Provider 유형',
+    preset: '프리셋',
+    custom: '사용자 지정',
+    selectProvider: 'Provider 선택',
+    chooseProvider: 'Provider를 선택하세요...',
+    name: '이름',
+    autoGeneratedName: 'Base URL에서 자동 생성',
+    baseUrl: 'Base URL',
+    region: '지역',
+    regionIntl: '국제판',
+    regionCn: '중국 본토',
+    baseUrlPlaceholder: '예: https://api.example.com/v1',
+    apiKey: 'API Key',
+    apiKeyPlaceholder: 'sk-...',
+    defaultModel: '기본 모델',
+    selectOrInput: '모델 선택 또는 직접 입력...',
+    selectModel: '모델 선택...',
+    providerAdded: 'Provider가 추가되었습니다',
+    providerDeleted: 'Provider가 삭제되었습니다',
+    deleteProvider: 'Provider 삭제',
+    deleteConfirm: '"{name}"을(를) 삭제하시겠습니까?',
+    codexLoginTitle: 'OpenAI Codex 로그인',
+    codexWaiting: '인증 페이지에서 아래 코드를 입력하여 로그인하세요:',
+    codexCopyCode: '코드가 복사되었습니다',
+    codexOpenLink: '인증 페이지 열기',
+    codexApproved: '로그인 성공',
+    codexExpired: '인증이 만료되었습니다. 다시 시도해주세요.',
+    nousLoginTitle: 'Nous Portal 로그인',
+    nousWaiting: '인증 페이지에서 이 코드를 입력하세요:',
+    nousCopyCode: '코드 복사됨',
+    nousOpenLink: '인증 페이지 열기',
+    nousApproved: '로그인 성공',
+    nousDenied: '인증이 거부되었습니다',
+    nousExpired: '인증이 만료되었습니다',
+    copilotLoginTitle: 'GitHub Copilot 로그인',
+    copilotWaiting: 'GitHub을 열고 아래의 디바이스 코드를 입력하여 인증하세요. 승인 후 창이 자동으로 닫힙니다.',
+    copilotCopyCode: '코드가 복사되었습니다',
+    copilotOpenLink: 'GitHub 인증 페이지 열기',
+    copilotApproved: '로그인 성공!',
+    copilotDenied: '인증이 거부되었습니다.',
+    copilotExpired: '인증 링크가 만료되었습니다. 다시 시도하세요.',
+    copilotAddDetectedTitle: 'GitHub Copilot 감지됨',
+    copilotAddDetected: '이 컴퓨터에서 GitHub Copilot OAuth 토큰이 감지되었습니다. 추가를 클릭하여 Hermes에서 Copilot을 활성화하세요.',
+    copilotAddSourceEnv: '출처: ~/.hermes/.env (COPILOT_GITHUB_TOKEN)',
+    copilotAddSourceGhCli: '출처: gh CLI (gh auth token)',
+    copilotAddSourceAppsJson: '출처: VS Code Copilot 확장 (apps.json)',
+    copilotDeleteHintEnv: '이 작업은 ~/.hermes/.env의 COPILOT_GITHUB_TOKEN을 지웁니다. 다른 도구에는 영향이 없습니다.',
+    copilotDeleteHintGhCli: 'Copilot이 Hermes에서 숨겨집니다. gh CLI 로그인에는 영향이 없으며 `gh auth status`는 여전히 로그인 상태를 표시합니다.',
+    copilotDeleteHintAppsJson: 'Copilot이 Hermes에서 숨겨집니다. VS Code Copilot 확장 로그인에는 영향이 없습니다.',
+    customBadge: '커스텀',
+    previewBadge: '프리뷰',
+    disabledBadge: '사용 불가',
+    disabledTooltip: "이 모델은 현재 계정에서 사용할 수 없습니다.",
+    customModelPlaceholder: '목록에 없는 모델 ID',
+    customModelHint: '제공자는 지원하지만 API가 반환하지 않는 모델용입니다. 표시 이름 변경이 아닙니다. Enter로 불러옵니다.',
+    noProviders: 'Provider가 없습니다. 사용자 지정 Provider를 추가하여 시작하세요.',
+    clearVisibleModels: '선택 지우기',
+    currentDefault: '현재 기본값',
+    defaultShort: '기본값',
+    builtIn: '내장',
+    customType: '사용자 지정',
+    provider: '공급자',
+    contextLength: '컨텍스트 길이',
+    contextLengthPlaceholder: '예: 256000 (선택사항)',
+    local: '로컬 ({host})',
+    selectProviderRequired: 'Provider를 선택해 주세요',
+    baseUrlRequired: 'Base URL을 입력해 주세요',
+    apiKeyRequired: 'API Key를 입력해 주세요',
+    modelRequired: '기본 모델을 선택해 주세요',
+    enterBaseUrl: '먼저 Base URL을 입력해 주세요',
+    unexpectedFormat: '예상치 못한 응답 형식입니다',
+    foundModels: '{count}개의 모델을 찾았습니다',
+    fetchFailed: '모델을 가져오지 못했습니다',
+    xaiWaiting: '열린 xAI 페이지에서 인증을 완료하세요. 승인되면 창이 자동으로 닫힙니다.',
+    xaiOpenLink: 'xAI 인증 페이지 열기',
+    xaiLoginTitle: 'xAI Grok OAuth 로그인',
+    xaiExpired: '인증 링크가 만료되었습니다. 다시 시도하세요.',
+    xaiCopyLink: '인증 링크 복사',
+    xaiApproved: '로그인 성공!',
+    visibilitySelectOne: '최소 하나의 표시 모델을 유지하세요',
+    visibilitySaved: '표시 모델이 저장되었습니다',
+    visibilitySaveFailed: '표시 모델 저장 실패',
+    visibilityHint: 'Web UI의 모델 선택기와 모델 페이지 표시에만 영향을 줍니다. Hermes CLI의 provider/model 설정은 변경되지 않으며 실제 호출은 원본 모델 ID를 사용합니다.',
+    showAllModels: '모든 모델 표시',
+    searchPlaceholder: '모델 검색...',
+    removeCustomModel: '목록에 없는 이 모델 제거',
+    more: '개 더',
+    models: '모델 목록',
+    manageVisibleModelsFor: '{name} 표시 모델 관리',
+    manageVisibleModels: '표시 모델 관리',
+    getApiKey: 'API Key 가져오기',
+    count: '개 모델',
+    aliasUseOriginal: '원본 ID로 복원',
+    aliasTitleFor: '{model}의 표시 이름',
+    aliasTitle: '모델 표시 이름',
+    aliasSaveFailed: '표시 이름 저장 실패',
+    aliasPlaceholder: '비워두면 원본 모델 ID 사용',
+    aliasManageFor: '{provider}의 표시 이름',
+    aliasManage: '표시 이름',
+    aliasHint: 'Web UI 표시 이름만 변경합니다. Hermes에는 여전히 원본 모델 ID가 전달됩니다.',
+    aliasEdit: '이름 변경',
+    aliasCanonical: '원본 ID: {model}',
+  },
+
+  // 프로필
+  profiles: {
+    title: '프로필',
+    create: '프로필 생성',
+    import: '가져오기',
+    export: '내보내기',
+    rename: '이름 변경',
+    delete: '삭제',
+    switchTo: 'Hermes Profile 전환',
+    switchConfirm: '`hermes profile use {name}`를 실행하고 Hermes CLI active profile을 변경합니다. 계속하시겠습니까?',
+    switchSuccess: 'Hermes active profile이 "{name}"(으)로 전환되었습니다',
+    switchFailed: 'Hermes Profile 전환 실패. 게이트웨이를 수동으로 재시작해야 할 수 있습니다.',
+    createSuccess: '프로필 "{name}"이(가) 생성되었습니다',
+    createFailed: '프로필 생성 실패',
+    renameSuccess: '프로필 이름이 변경되었습니다',
+    renameFailed: '프로필 이름 변경 실패',
+    deleteConfirm: '프로필 "{name}"을(를) 삭제하시겠습니까?',
+    deleteSuccess: '프로필이 삭제되었습니다',
+    deleteFailed: '프로필 삭제 실패',
+    exportSuccess: '프로필이 내보내기되었습니다',
+    exportFailed: '프로필 내보내기 실패',
+    importSuccess: '프로필이 가져오기되었습니다',
+    importFailed: '프로필 가져오기 실패',
+    importSelectFile: '아카이브 파일 선택',
+    importInvalidFile: '유효한 아카이브 파일을 선택해 주세요 (.tar.gz, .tgz, .gz, .zip)',
+    name: '프로필 이름',
+    namePlaceholder: '영문, 숫자, 하이픈만 사용 가능',
+    nameValidation: '프로필 이름에는 소문자, 숫자, 밑줄, 하이픈만 사용할 수 있습니다',
+    newName: '새 이름',
+    newNamePlaceholder: '새 이름을 입력하세요',
+    cloneFromCurrent: '현재 프로필에서 복제',
+    cloneCleanupNotice: '복제 시 독점형 플랫폼 자격 증명(Weixin / Telegram / Slack 등)은 자동으로 건너뛰어 원본 프로필과의 충돌을 방지합니다',
+    cloneStrippedCredentials: '독점 자격 증명 {count}개 제거됨: {list}',
+    cloneDisabledPlatforms: '플랫폼 {count}개 비활성화됨: {list}',
+    cloneStrippedConfigCredentials: 'config.yaml에서 임베디드 자격 증명 {count}개 제거됨: {list}',
+    archivePath: '아카이브 경로',
+    archivePathPlaceholder: '아카이브 파일의 서버 경로',
+    importName: '프로필 이름 (선택)',
+    importNamePlaceholder: '비워두면 아카이브 이름을 사용합니다',
+    active: '활성',
+    model: '모델',
+    gateway: '게이트웨이',
+    alias: '별칭',
+    provider: '공급자',
+    path: '경로',
+    skills: '스킬',
+    hasEnv: '.env 있음',
+    hasSoulMd: 'soul.md 있음',
+    noProfiles: '프로필이 없습니다. 새로 만들어 시작하세요.',
+    avatar: {
+      title: '사용자 지정 아바타',
+      customize: '아바타',
+      upload: '이미지 업로드',
+      random: '무작위 생성',
+      reset: '기본값 복원',
+      hint: 'PNG, JPEG, WebP 지원, 최대 1MB',
+      invalidType: 'PNG, JPEG 또는 WebP 이미지를 선택하세요',
+      tooLarge: '아바타 이미지는 1MB를 초과할 수 없습니다',
+      saveSuccess: '아바타가 저장되었습니다',
+      saveFailed: '아바타 저장 실패',
+      resetSuccess: '기본 아바타로 복원되었습니다',
+      resetFailed: '기본 아바타 복원 실패',
+    },
+    runtime: {
+      activeProfile: '현재: {name}',
+      bridgeWorker: 'Bridge 상태',
+      gateway: '게이트웨이',
+      active: '활성',
+      activeTag: '현재',
+      idle: '대기 중',
+      checking: '확인 중',
+      running: '실행 중',
+      stopped: '중지됨',
+      restartGateway: 'Gateway 재시작',
+      restartProfile: '프로필 재시작',
+      switchProfile: '프론트엔드 프로필 전환',
+      gatewayRestarted: 'Gateway가 재시작되었습니다: {name}',
+      gatewayRestartFailed: 'Gateway 재시작 실패',
+      profileRestarted: '프로필이 재시작되었습니다: {name}',
+      profileRestartFailed: '프로필 재시작 실패',
+    },
+  },
+
+  // 로그
+  logs: {
+    title: '로그',
+    all: '전체',
+    searchPlaceholder: '검색...',
+    refresh: '새로고침',
+    noEntries: '로그 항목 없음',
+  },
+
+  // 설정
+  settings: {
+    title: '설정',
+    saved: '저장됨',
+    saveFailed: '저장 실패',
+    tabs: {
+      display: '표시',
+      account: '현재 계정',
+      users: '계정 관리',
+      agent: '에이전트',
+      memory: '메모리',
+      compression: '압축',
+      session: '세션',
+      privacy: '개인정보',
+      apiServer: 'API 서버',
+      models: '모델',
+      voice: '음성',
+    },
+    display: {
+      streaming: '스트리밍 응답',
+      streamingHint: 'AI 응답을 실시간으로 표시',
+      compact: '컴팩트 모드',
+      compactHint: '메시지 간격 줄이기',
+      showReasoning: '추론 과정 표시',
+      showReasoningHint: '모델의 생각 과정 표시',
+      showCost: '비용 표시',
+      showCostHint: '응답에 토큰 사용량 표시',
+      inlineDiffs: '인라인 변경사항',
+      inlineDiffsHint: '코드 변경사항을 인라인으로 표시',
+      bellOnComplete: '완료 알림음',
+      bellOnCompleteHint: 'AI 응답 완료 시 알림음 재생',
+      busyInputMode: '바쁨 입력 모드',
+      busyInputModeHint: 'AI 처리 중에도 입력 허용',
+      theme: '테마',
+      themeHint: '라이트, 다크 또는 시스템 설정 따르기',
+      themeLight: '라이트',
+      themeDark: '다크',
+      themeSystem: '시스템',
+    },
+    agent: {
+      maxTurns: '최대 턴 수',
+      maxTurnsHint: '대화당 최대 상호작용 라운드 수',
+      gatewayTimeout: '게이트웨이 시간초과',
+      gatewayTimeoutHint: '요청 시간초과 (초)',
+      restartDrainTimeout: '재시작 드레인 시간초과',
+      restartDrainTimeoutHint: '재시작 전 드레인 시간초과 (초)',
+      toolEnforcement: '도구 실행 정책',
+      toolEnforcementHint: '도구 호출 실행 모드 제어',
+      auto: '자동',
+      always: '항상',
+      never: '사용 안 함',
+    },
+    memory: {
+      enabled: '메모리 활성화',
+      enabledHint: 'AI가 대화 컨텍스트를 기억하도록 허용',
+      userProfile: '사용자 프로필',
+      userProfileHint: 'AI가 사용자 선호를 기억하도록 허용',
+      charLimit: '메모리 문자 제한',
+      charLimitHint: 'MEMORY.md 최대 문자 수',
+      userCharLimit: '사용자 프로필 문자 제한',
+      userCharLimitHint: 'USER.md 최대 문자 수',
+    },
+    compression: {
+      enabled: '압축 활성화',
+      enabledHint: '긴 채팅 기록이 모델 컨텍스트를 넘기 전에 자동 압축',
+      threshold: '압축 임계값',
+      thresholdHint: '추정 토큰이 이 컨텍스트 비율을 넘으면 압축 시작',
+      targetRatio: '목표 비율',
+      targetRatioHint: '압축 후 기록 크기를 컨텍스트 비율로 지정',
+      protectLastN: '최근 메시지 보호',
+      protectLastNHint: '이 수만큼 최신 메시지는 압축하지 않음',
+      protectFirstN: '처음 메시지 보호',
+      protectFirstNHint: '이 수만큼 처음 메시지는 압축하지 않음',
+    },
+    session: {
+      mode: '초기화 모드',
+      modeHint: '세션 초기화 트리거 조건',
+      modeBoth: '유휴 + 예약',
+      modeIdle: '유휴만',
+      modeDaily: '예약만',
+      modeNone: '안함 (수동만)',
+      idleMinutes: '유휴 시간초과',
+      idleMinutesHint: '자동 초기화 대기 시간 (분)',
+      atHour: '예약 초기화 시간',
+      humanOnly: '사람 세션만 표시',
+      humanOnlyHint: '하위 에이전트 및 세션 모니터 노이즈를 기본으로 숨깁니다',
+      liveMonitorHumanOnly: '라이브 모니터: 사람 세션만 표시',
+      liveMonitorHumanOnlyHint: '라이브 모니터에서 하위 에이전트 및 세션 모니터 노이즈를 기본으로 숨깁니다',
+      atHourHint: '매일 지정한 시간에 세션 초기화',
+      requireAuth: '세션 인증',
+      requireAuthHint: '세션 작업에 인증 필요',
+    },
+    privacy: {
+      redactPii: '개인정보 마스킹',
+      redactPiiHint: '민감 정보 자동 감지 및 숨김 (비밀번호, 키 등)',
+    },
+    apiServer: {
+      enable: '활성화',
+      enableHint: 'API 서버 활성화',
+      host: '호스트',
+      hostHint: '수신 주소',
+      port: '포트',
+      portHint: '수신 포트',
+      key: '키',
+      keyHint: 'API 접근 키',
+      cors: 'CORS 출처',
+      corsHint: '허용된 교차 출처',
+    },
+    voice: {
+      ttsProvider: 'TTS 제공자',
+      ttsProviderHint: '메시지 재생에 사용할 텍스트 음성 변환 엔진 선택',
+      providerWebSpeech: 'WebSpeech API (브라우저)',
+      providerOpenai: 'OpenAI TTS',
+      providerCustom: '사용자 정의 엔드포인트 (OpenAI 호환)',
+      providerEdge: 'Edge TTS (무료, API Key 불필요)',
+
+      // WebSpeech
+      webspeechVoice: '음성',
+      webspeechVoiceHint: '브라우저 또는 OS에서 음성 선택',
+      webspeechVoicePlaceholder: '자동 (기본 음성)',
+
+      // OpenAI
+      openaiKey: 'API 키',
+      openaiKeyHint: 'TTS 접근 권한이 있는 OpenAI API 키',
+      openaiUrl: 'API 기본 URL',
+      openaiUrlHint: '예: https://api.openai.com/v1/audio/speech',
+      openaiModel: '모델',
+      openaiModelHint: 'tts-1 (빠름) / tts-1-hd (고음질)',
+      openaiVoice: '음색',
+      openaiVoiceHint: '합성에 사용할 음색',
+
+      // Custom endpoint
+      customHint: '모든 OpenAI 호환 TTS API 사용 가능 — GPT-SoVITS, CosyVoice 등 지원',
+      customUrl: 'API URL',
+      customUrlHint: 'TTS 서비스의 기본 URL',
+      customUrlPlaceholder: '로컬 어댑터에 설정된 주소 (예: http://127.0.0.1:9880)',
+      customApiKey: 'API 키 (선택사항)',
+      customApiKeyHint: '일부 사용자 정의 엔드포인트는 인증 필요',
+      customApiKeyPlaceholder: '필요하지 않으면 비워둠',
+
+      // Edge TTS
+      edgeHint: 'Microsoft Edge TTS 기반 (node-edge-tts).',
+      edgeUrl: '어댑터 URL',
+      edgeUrlHint: 'Edge TTS 어댑터 주소 (예: http://127.0.0.1:9882)',
+      edgeUrlPlaceholder: 'http://127.0.0.1:9882',
+      edgeVoice: '음색',
+      edgeVoiceHint: '음성 합성에 사용할 음색 선택',
+      edgeRate: '속도',
+      edgeRateHint: '음성 속도 조절 (0.5~2.0배)',
+      edgePitch: '음높이',
+      edgePitchHint: '음성 음높이 조절 (-20~+20 Hz)',
+
+      // Test
+      testTitle: '음성 테스트',
+      testText: '테스트 텍스트',
+      testTextPlaceholder: '테스트할 텍스트 입력...',
+      testTextDefault: '안녕하세요, 음성 테스트입니다.',
+      testButton: '테스트',
+      testButtonPlaying: '재생 중...',
+      testFailed: '테스트 실패: {error}',
+
+      // MiMo TTS
+      providerMimo: 'MiMo TTS',
+      mimoHint: '샤오미 MiMo TTS — 프리셋 음성, 음성 디자인, 음성 클론 세 가지 모드 지원',
+      mimoApiKey: 'API Key',
+      mimoApiKeyHint: 'platform.xiaomimimo.com에서 발급',
+      mimoApiKeyPlaceholder: 'MiMo API Key',
+      mimoBaseUrl: 'Base URL',
+      mimoBaseUrlHint: 'MiMo API 엔드포인트 URL',
+      mimoModel: '모델',
+      mimoModelHint: '음성 합성 모델 선택',
+      mimoModelPreset: '프리셋 음성',
+      mimoModelVoiceDesign: '음성 디자인',
+      mimoModelVoiceClone: '음성 클론',
+      mimoVoice: '음성',
+      mimoVoiceHint: '프리셋 음성 선택',
+      mimoVoiceDesignPrompt: '음성 설명',
+      mimoVoiceDesignPromptHint: '원하는 음성 특징을 설명하세요',
+      mimoVoiceDesignPromptPlaceholder: '예: 따뜻한 젊은 여성 목소리, 약간 느린 속도, 마그네틱한 톤',
+      mimoCloneAudio: '오디오 업로드',
+      mimoCloneAudioHint: '음성 클론용 오디오 샘플 업로드 (mp3/wav, 최대 10MB)',
+      mimoCloneAudioUpload: '파일 선택',
+      mimoCloneAudioClear: '지우기',
+      mimoStylePrompt: '스타일 프롬프트',
+      mimoStylePromptHint: '선택사항 — 자연어로 말하기 스타일 설명',
+      mimoStylePromptPlaceholder: '예: 밝고 경쾌한 톤, 빠른 속도',
+    },
+    lockedIps: {
+      title: '잠긴 IP 관리',
+      count: '{count}개 잠김',
+      empty: '잠긴 IP 없음',
+      unlock: '잠금 해제',
+      unlockAll: '전체 해제',
+      unlockAllConfirm: '모든 잠긴 IP를 해제하시겠습니까?',
+      unlocked: 'IP 잠금 해제됨',
+      allUnlocked: '{count}개 IP 잠금 해제됨',
+    },
+    models: {
+      apiKey: 'API Key',
+      apiKeyPlaceholder: 'API Key 입력',
+      noProviders: '구성된 공급자가 없습니다',
+      save: '저장',
+      saveFailed: '저장 실패',
+      saved: '저장됨',
+    },
+  },
+  githubPreview: {
+    title: "버전 미리보기",
+    description: "선택한 GitHub tag 를 Web UI 미리보기 작업 디렉터리에 클론하고, 의존성을 설치한 뒤 개발 포트로 실행합니다.",
+    refresh: "새로고침",
+    selectTag: "tag 선택",
+    prepare: "코드 준비",
+    install: "의존성 설치",
+    start: "미리보기 시작",
+    stop: "중지",
+    note: "미리보기 코드는 Web UI 데이터 홈 아래에 저장됩니다. 프로덕션은 8648을 유지하고, 미리보기 개발 환경은 프론트엔드 8651, 백엔드 8650에서 실행됩니다.",
+    path: "미리보기 경로",
+    webuiHome: "미리보기 데이터 홈",
+    currentTag: "현재 Tag",
+    repoReady: "저장소 준비됨",
+    dependencies: "의존성 설치됨",
+    running: "실행 상태",
+    notRunning: "실행 중 아님",
+    open: "미리보기 열기",
+    log: "작업 로그 경로",
+    logOutput: "로그 출력",
+    actionLog: "작업 로그",
+    devLog: "개발 서버 로그",
+    yes: "예",
+    no: "아니요",
+    actionFailed: "작업 실패",
+    nodeEnvironmentMissing: "Node/npm 환경을 찾을 수 없습니다. Node.js를 설치한 뒤 다시 시도하세요.",
+    prepareSuccess: "미리보기 코드가 준비되었습니다",
+    installSuccess: "의존성이 설치되었습니다",
+    startSuccess: "미리보기가 완료되었습니다",
+    stopSuccess: "미리보기가 중지되었습니다",
+  },
+
+  codingAgents: {
+    title: "코딩 에이전트",
+    notice: "모든 제공업체와 모델이 호환되는 것은 아닙니다.",
+    claudeDescription: "print mode 단발 작업과 대화형 코딩 세션을 위한 Anthropic CLI입니다.",
+    codexDescription: "저장소 작업을 위한 OpenAI CLI 및 Hermes openai-codex 제공업체 흐름입니다.",
+    copyCommand: "복사",
+    commandCopied: "명령이 복사되었습니다",
+    commandCopyFailed: "복사 실패",
+    refresh: "새로고침",
+    checking: "확인 중",
+    installStatus: "설치 상태",
+    installed: "설치됨",
+    notInstalled: "설치되지 않음",
+    installNow: "설치",
+    installing: "설치 중",
+    installSuccess: "설치됨",
+    installFailed: "설치 실패",
+    nodeEnvironmentMissing: "Node/npm 환경을 찾을 수 없습니다. Node.js를 설치한 뒤 다시 시도하세요.",
+    deleteNow: "삭제",
+    deleting: "삭제 중",
+    deleteSuccess: "삭제됨",
+    deleteFailed: "삭제 실패",
+    configFiles: "설정 파일",
+    profileScope: "프로필",
+    providerScope: "제공업체",
+    providerPlaceholder: "예: custom:glm",
+    modelScope: "모델",
+    modelPlaceholder: "모델 선택",
+    launchModeScope: "시작 모드",
+    launchModeGlobal: "전역 설정",
+    launchModeScoped: "제공업체와 모델",
+    protocolScope: "프로토콜",
+    protocolOpenAiChat: "OpenAI Chat Completions (/v1/chat/completions)",
+    protocolOpenAiResponses: "OpenAI Responses (/v1/responses)",
+    protocolAnthropicMessages: "Anthropic Messages (/v1/messages)",
+    reloadConfig: "설정 다시 읽기",
+    configFileNotCreated: "생성되지 않음",
+    configLoadFailed: "설정 파일을 읽지 못했습니다",
+    loadFailed: "코딩 에이전트를 확인하지 못했습니다",
+    launch: "시작",
+    launchTitle: "코딩 에이전트 시작",
+    nativeTerminal: "네이티브 터미널",
+    builtInTerminal: "내장 터미널",
+    launchPrepared: "시작 설정이 준비되었습니다",
+    launchPrepareFailed: "시작 설정 준비 실패",
+    nativeLaunchStarted: "네이티브 터미널을 열었습니다",
+    nativeLaunchFailed: "네이티브 터미널을 열지 못했습니다",
+    terminalTitle: "코딩 에이전트 터미널",
+    loadProvidersFailed: "현재 프로필의 제공업체를 불러오지 못했습니다",
+    selectProviderModel: "제공업체와 모델을 선택하세요",
+    launchConfigDir: "시작 설정 디렉터리",
+    launchCommand: "시작 명령",
+    table: {
+      tool: "도구",
+      kind: "단계",
+      command: "명령",
+      note: "설명",
+      action: "작업",
+    },
+    kinds: {
+      install: "설치",
+      auth: "인증",
+      health: "상태",
+      run: "실행",
+    },
+    notes: {
+      claudeInstall: "Claude Code CLI를 전역으로 설치합니다.",
+      codexInstall: "Codex CLI를 전역으로 설치합니다.",
+      claudeAuth: "Claude Code 로그인 상태를 확인합니다. 로그인이 없으면 claude를 한 번 실행하세요.",
+      codexAuth: "Hermes가 관리하는 OpenAI Codex OAuth 자격 증명을 추가합니다.",
+      claudeHealth: "업데이터와 로컬 CLI 상태를 확인합니다.",
+      codexHealth: "Codex CLI가 PATH에서 사용 가능한지 확인합니다.",
+      claudeRun: "API 기반 단발 작업에는 print mode가 가장 깔끔한 경로입니다.",
+      codexRun: "Codex 단발 작업은 git 저장소 안에서 실행해야 합니다.",
+    },
+  },
+
+  platform: {
+    requireMention: "{'@'}멘션 필요",
+    requireMentionGroup: "그룹에서 {'@'}멘션 시에만 응답",
+    requireMentionChannel: "채널에서 {'@'}멘션 시에만 응답",
+    requireMentionRoom: "방에서 {'@'}멘션 시에만 응답",
+    reactions: '반응',
+    reactionsHint: '메시지에 이모지 반응',
+    freeResponseChats: '자유 응답 채팅',
+    freeResponseChatsHint: "{'@'}멘션 없이 응답할 채팅 ID (쉼표로 구분)",
+    freeResponseChannels: '자유 응답 채널',
+    freeResponseChannelsHint: "{'@'}멘션 없이 응답할 채널 ID (쉼표로 구분)",
+    freeResponseRooms: '자유 응답 방',
+    freeResponseRoomsHint: "{'@'}멘션 없이 응답할 방 ID (쉼표로 구분)",
+    mentionPatterns: '사용자 지정 멘션 패턴',
+    mentionPatternsHint: '추가 트리거 패턴',
+    autoThread: '자동 스레드',
+    autoThreadHint: "{'@'}멘션 후 자동으로 스레드 생성",
+    autoThreadHintRoom: '방에서 자동으로 스레드 생성',
+    dmMentionThreads: 'DM 멘션 스레드',
+    dmMentionThreadsHint: 'DM에서 멘션 시 스레드로 응답',
+    allowBots: '봇 메시지 허용',
+    allowBotsHint: '다른 봇의 메시지에 응답',
+    allowedChannels: '허용된 채널',
+    allowedChannelsHint: '채널 ID 허용 목록 (쉼표로 구분)',
+    ignoredChannels: '무시할 채널',
+    ignoredChannelsHint: '봇이 응답하지 않는 채널 ID (쉼표로 구분)',
+    noThreadChannels: '스레드 없는 채널',
+    noThreadChannelsHint: '스레드 없이 응답할 채널 ID (쉼표로 구분)',
+    exclusiveTokenWarning: '이 플랫폼은 독점 토큰 잠금을 사용합니다. 각 프로필은 다른 프로필과 충돌하지 않도록 서로 다른 ID 토큰을 사용해야 합니다.',
+    botToken: 'Bot Token',
+    botTokenHint: '개발자 포털에서 발급받은 Bot Token',
+    accessToken: 'Access Token',
+    accessTokenHint: 'Matrix 액세스 토큰',
+    homeserver: 'Homeserver URL',
+    homeserverHint: 'Matrix 홈서버 URL',
+    appId: 'App ID',
+    appIdHint: 'Feishu App ID',
+    appSecret: 'App Secret',
+    appSecretHint: 'Feishu App Secret',
+    clientId: 'Client ID',
+    clientIdHint: 'DingTalk Client ID',
+    clientSecret: 'Client Secret',
+    clientSecretHint: 'DingTalk Client Secret',
+    cardTemplateId: 'AI 카드 템플릿 ID',
+    cardTemplateIdHint: 'DingTalk AI 카드 템플릿 ID; 비워 두면 AI 카드를 사용하지 않음',
+    botId: 'Bot ID',
+    botIdHint: 'WeCom Bot ID',
+    wecomSecretHint: 'WeCom Bot Secret',
+    waEnabled: 'WhatsApp 활성화',
+    waEnabledHint: 'QR 코드 페어링으로 WhatsApp 활성화',
+    weixinToken: 'Weixin Token',
+    weixinTokenHint: 'weixin CLI QR 로그인에서 가져오기 (hermes weixin)',
+    accountId: 'Account ID',
+    accountIdHint: 'Weixin Account ID',
+    qrLogin: 'QR 로그인',
+    qrRelogin: '다시 로그인',
+    qrFetching: 'QR 코드를 가져오는 중...',
+    qrScanHint: 'WeChat으로 QR 코드를 스캔하여 로그인',
+    qrScanedHint: '스캔됨, 휴대폰에서 확인해 주세요...',
+    qqSandboxHint: '샌드박스 환경 활성화(테스트용)',
+    qqSandbox: '샌드박스 모드',
+    qqQrScanHint: 'QQ로 위 QR 코드를 스캔하거나 휴대폰에서 링크를 열어 바인딩을 완료하세요',
+    qqMarkdownHint: 'Markdown 형식 메시지 활성화(일부 클라이언트는 지원하지 않을 수 있음)',
+    qqMarkdown: 'Markdown 지원',
+    qqAppSecretHint: 'QQ Open Platform Bot App Secret',
+    qqAppSecret: 'App Secret',
+    qqAppIdHint: 'QQ Open Platform Bot App ID',
+    qqAppId: 'App ID',
+    allowedUsersHint: '사용자 ID 또는 OpenID 허용 목록, 쉼표로 구분',
+    allowedUsers: '허용 사용자',
+    allowAllUsersHint: '모든 사용자의 메시지를 허용합니다. 끄면 허용 목록을 사용합니다',
+    allowAllUsers: '모든 사용자 허용',
+  },
+
+  // 언어
+  language: {
+    label: '언어',
+    zh: '中文',
+    en: 'English',
+    ko: '한국어',
+  },
+
+  // 터미널
+  terminal: {
+    sessions: '세션',
+    newTab: '새 터미널',
+    closeSession: '이 세션을 닫으시겠습니까?',
+    sessionExited: '종료됨',
+    processExited: '프로세스가 종료되었습니다 (코드 {code})',
+    noSessions: '터미널 세션이 없습니다',
+    connectionFailed: '터미널에 연결하지 못했습니다',
+    connectionError: '연결 오류',
+    connectionClosed: '연결이 닫혔습니다',
+  },
+
+  // 사용량
+  usage: {
+    title: '사용량 통계',
+    refresh: '새로고침',
+    totalTokens: '총 토큰 수',
+    inputTokens: '입력',
+    outputTokens: '출력',
+    totalSessions: '총 세션 수',
+    avgPerDay: '일평균 ~{n}',
+    estimatedCost: '예상 비용',
+    cacheHitRate: '캐시 적중률',
+    modelBreakdown: '모델별 분포',
+    dailyTrend: '일별 사용량',
+    date: '날짜',
+    tokens: '토큰',
+    cache: '캐시',
+    cacheRead: '캐시 읽기',
+    cacheWrite: '캐시 쓰기',
+    sessions: '세션',
+    cost: '비용',
+    noData: '사용량 데이터 없음',
+  },
+
+  skillsUsage: {
+    title: '스킬 사용량',
+    subtitle: 'Hermes 세션의 스킬 로드와 편집을 추적합니다',
+    refresh: '새로고침',
+    periodSelector: '스킬 사용량 기간',
+    periodLabel: '{days}일',
+    summary: '요약',
+    totalActions: '작업 수',
+    loads: '로드',
+    edits: '편집',
+    distinctSkills: '스킬 수',
+    topSkills: '상위',
+    dailyTrend: '일별',
+    periodSummary: '최근 {days}일',
+    skill: '스킬',
+    share: '비중',
+    lastUsed: '마지막',
+    noData: '스킬 사용량 데이터가 없습니다',
+    loadFailed: '스킬 사용량을 불러오지 못했습니다',
+    otherSkills: '기타',
+  },
+
+  // 변경 이력
+  changelog: {
+    new_0_6_7_1: 'Desktop 앱은 기본적으로 8748 포트를 사용하며 LAN 접근과 로컬 브라우저 직접 열기를 지원합니다',
+    new_0_6_7_9: 'Desktop 다운로드 링크가 공식 웹사이트 https://hermes-studio.ai/ 에 추가되었으며 최신 설치 파일은 GitHub Releases 에서도 계속 받을 수 있습니다',
+    new_0_6_7_2: 'MCP 도구는 bridge tool discovery 수정, MCP 관리 라이프사이클 수정, 관리자 화면의 모델별 tool visibility 제어로 더 완성되었습니다',
+    new_0_6_7_3: '메시지 목록은 빈 상태 중앙 정렬, 스크롤 튐, History 로딩 중 라이브 채팅 메시지 노출을 수정하고 세션별 스크롤 위치 보존과 1.5초 페이드인을 지원합니다',
+    new_0_6_7_4: 'Bridge 와 runtime 은 text/tool-call 순서 보존, Profile runtime status loading 수정, Node/npm 감지 개선, 운영 데이터 디렉터리 생성 생략으로 더 안정적입니다',
+    new_0_6_7_5: 'Desktop 배포는 Electron packaging, 앱 이름, preload build, release artifact upload, Windows Hermes CLI 시작, Linux 아이콘과 쓰기 가능한 데이터 경로, macOS 서명 인증서 없음 처리, Windows 시작 시 숨김 subprocess 를 포함합니다',
+    new_0_6_7_6: '웹사이트에 downloads 와 deploy workflow 를 추가하고 rsync 가 없는 환경의 deploy 실패를 수정했습니다',
+    new_0_6_7_7: 'Server 와 auth 는 Windows credential directory 에 dirname 을 사용하고 큰 avatar 이미지의 413 오류를 피하도록 body limit 를 높였습니다',
+    new_0_6_7_8: 'Coding Agents 를 위한 repository harness, validation docs, agent guidance 를 추가하고 오래된 setup script docs 를 제거했습니다',
+    new_0_6_4_1: 'CI를 강화해 npm install 동작을 고정하고 PR Docker smoke 검사를 추가했습니다',
+    new_0_6_4_2: '채팅에 가상 페이지네이션을 적용해 긴 대화의 스크롤과 로딩을 더 안정적으로 만들었습니다',
+    new_0_6_4_3: 'Docker 이미지 배포는 일반 PR 검사 대신 release 에서만 실행됩니다',
+    new_0_6_4_4: '슈퍼 관리자용 Version Preview 를 추가해 main/tag 선택, preview checkout, 의존성 설치, start/stop, 로그 확인을 지원합니다',
+    new_0_6_4_5: 'Preview 인스턴스는 frontend/backend 포트, Web UI home, agent bridge endpoint 를 분리하고 오래된 tag 에 대해 포트, WebSocket, base URL, 중첩 preview 내비게이션 runtime patch 를 적용합니다',
+    new_0_6_4_6: 'created_at 이 없는 legacy session_usage 테이블을 기본값으로 안전하게 마이그레이션합니다',
+    new_0_6_4_7: 'Bridge profile worker endpoint 를 broker endpoint 별로 분리해 같은 Profile 의 운영/preview 가 worker socket 을 서로 빼앗아 unknown run 오류를 만드는 문제를 방지합니다',
+    new_0_6_5_1: 'Coding Agents 에 Claude Code 와 Codex 전체 시작 워크플로를 추가하고 전역 설정, profile/provider 격리 작업공간, 내장/네이티브 터미널을 지원합니다',
+    new_0_6_5_2: 'Codex 시작은 OpenAI Chat Completions, OpenAI Responses, Anthropic Messages 를 지원하고 로컬 proxy 로 여러 제공업체에 맞춥니다',
+    new_0_6_5_3: 'Windows Coding Agents 는 .cmd/.bat shim 감지, 터미널 시작 수정, Claude Code custom model 로컬 검증 우회로 더 안정적입니다',
+    new_0_6_5_4: '메시지 목록, History 페이징, TTS 인증, 그룹 채팅 agent mention, 업데이트 체크 비활성화, bridge worker transport 안정성을 개선했습니다',
+    new_0_6_3_1: 'Bridge spinner 상태를 더 이상 모델 reasoning 으로 저장하지 않아 장식용 thinking 텍스트가 이후 컨텍스트를 오염시키지 않습니다',
+    new_0_6_3_2: 'History 에 Hermes CLI 세션을 Web UI 로컬 기록으로 가져오는 컨트롤을 추가하고 메시지 구조를 더 안전하게 정규화합니다',
+    new_0_6_3_3: 'Provider 설정에서 기본 base URL 편집을 지원하고 LM Studio 를 내장 Provider 로 추가했으며 LM Studio /models 실시간 검색을 지원합니다',
+    new_0_6_3_4: 'Web UI bridge 를 통해 전송되는 OpenRouter 요청에 Hermes Web UI 앱 attribution headers 가 포함됩니다',
+    new_0_6_3_5: '공개 auth status endpoint 가 인증되지 않은 요청에 첫 번째 사용자 이름을 더 이상 노출하지 않습니다',
+    new_0_6_3_6: 'DingTalk 설정에 AI Card Template ID 필드를 추가하고 DINGTALK_CARD_TEMPLATE_ID 로 저장합니다',
+    new_0_6_3_7: 'Bridge socket JSON 출력이 고립된 Unicode surrogate 문자를 정리하여 채팅 SSE 충돌을 방지합니다',
+    new_0_6_2_1: 'Web Bridge가 /plan 명령을 지원하며 run 시작과 명령 상태 표시가 올바르게 동작합니다',
+    new_0_6_2_2: '채팅 입력 명령 메뉴에 /goal 및 /subgoal이 추가되어 상태, 일시정지, 재개, 완료, 초기화 작업을 지원합니다',
+    new_0_6_2_3: 'Goal 및 subgoal 워크플로가 채팅 세션에 통합되어 목표 이어가기와 상태 업데이트를 지원합니다',
+    new_0_6_2_4: '작업 전달 대상 채널 옵션을 복원해 예약 작업이 의도한 대상을 선택할 수 있습니다',
+    new_0_6_2_5: '재연결 후 컨텍스트 token 사용량이 snapshot 인식 계산으로 정확하게 복원됩니다',
+    new_0_6_2_6: 'Codex 요약이 느릴 때도 컨텍스트 checkpoint 압축이 더 안정적입니다. Web UI는 5분 동안 대기하고 Python bridge broker는 2분 후 worker request를 끊지 않습니다',
+    new_0_6_2_7: '채팅 큐 승격을 수정해 동기화된 창을 포함해 queued 메시지가 너무 일찍 메시지 목록에 들어가지 않습니다',
+    new_0_6_2_8: 'Clarify 프롬프트는 Enter로 자유 입력 답변을 제출하지 않으며, 답변된 프롬프트는 세션 전환 후 다시 열리지 않습니다',
+    new_0_6_2_9: 'Bridge terminal 환경 갱신과 stale pid 정리 범위를 더 정확히 제한해 UI의 오래된 runtime 상태를 줄입니다',
+    new_0_6_2_10: '기본 컨텍스트 길이가 Hermes 표준에 맞춰 256,000 tokens로 변경되었습니다',
+    new_0_5_35_1: 'Bridge 세션은 서로 다른 session 간 동시 실행을 지원하며, 같은 session 실행은 메시지 순서를 보존하도록 직렬화됩니다',
+    new_0_5_35_2: 'Performance Monitor 페이지를 추가해 시스템 CPU/메모리, Web UI, Bridge Broker, Workers, 활성 세션 상태를 확인할 수 있습니다',
+    new_0_5_35_3: 'Worker별 CPU, 메모리, Profile, 세션 수, 실행 상태를 보여주는 리소스 지표 추가',
+    new_0_5_35_4: 'Bridge worker 수명 주기 정리를 개선해 Broker 종료나 부모 프로세스 종료 시 worker를 회수하고 남는 Python 프로세스를 줄입니다',
+    new_0_5_35_5: 'macOS, Windows, Linux, Docker, Termux용 fallback으로 모니터링 리소스 수집의 크로스 플랫폼 호환성 강화',
+    new_0_5_35_6: 'Agent 초기화 중 worker request로 Performance Monitor가 막히지 않도록 개선해 Windows의 request timed out 가능성을 낮춤',
+    new_0_5_35_7: 'Chat Markdown에 텍스트 콘텐츠 인라인 미리보기를 추가하고, 다운로드 아이콘은 preview drawer 대신 파일을 직접 다운로드합니다',
+    new_0_5_35_8: '콘텐츠 preview drawer 개선: 모바일 닫기 동작, 모바일 전체 너비, 데스크톱 800px 너비, 텍스트/Markdown 배경 통일',
+    new_0_6_0_1: '계정별 및 Profile별 관리가 세션, 모델, 사용량, Kanban, 작업, 업로드, 미디어, 관련 Hermes API를 일관되게 보호합니다',
+    new_0_6_0_2: '내장 미디어 Skills는 생성된 서버 토큰을 미디어 엔드포인트에만 사용하고 요청한 Profile에서 fun-codex/xAI 자격 증명을 확인합니다',
+    new_0_6_0_3: '단일 채팅과 그룹 채팅이 현재 Hermes Profile을 run instructions에 주입해 Skills가 X-Hermes-Profile을 보낼 수 있습니다',
+    new_0_6_0_4: 'delegate_task subagent 진행 상황이 시작, 도구, 진행, 완료 상태로 채팅 UI에 스트리밍됩니다',
+    new_0_6_0_5: '실행 중지 또는 중단 시 임시 이벤트를 정리해 이전 abort 상태가 다음 채팅으로 넘어가지 않게 했습니다',
+    new_0_6_0_6: '계정 관리, 기본 자격 증명, 계정/Profile 관리, 업로드/다운로드, 내장 미디어 Skills 문서와 웹사이트 문구를 업데이트했습니다',
+    new_0_6_0_7: '로그인 IP 잠금을 지우고 기본 admin / 123456 로그인을 재설정하는 CLI 유지보수 명령을 추가했습니다',
+    new_0_6_0_8: '0.6.0은 Web UI의 단일 사용자 버전과 다중 사용자 버전의 경계입니다. 다중 사용자 모드에 문제가 있으면 issue를 제출하고, 필요하면 0.5.35 단일 사용자 버전으로 되돌리세요',
+    new_0_6_1_1: '세션 목록은 기본적으로 계정에서 사용할 수 있는 모든 Profile을 표시하고 명시적 Profile 필터가 있을 때만 제한하며, CLI start/stop/status는 더 이상 node:sqlite 실험 경고를 출력하지 않습니다',
+    new_0_6_1_2: 'Clarify 및 확인 응답이 인증된 채팅 socket을 통해 Hermes bridge로 전달되며 응답 경로 테스트가 추가되었습니다',
+    new_0_6_1_3: '내비게이션 항목과 채팅 세션 행이 네이티브 링크를 사용해 새 탭 열기, 링크 복사, 접힌 사이드바 상태 유지가 가능합니다',
+    new_0_6_1_4: '세션 링크가 route Profile을 일반 세션 목록 필터로 누출하지 않으며 새 탭 열기 라벨이 지역화되었습니다',
+    new_0_6_1_5: 'Skills는 활성 Profile config의 skills.external_dirs를 읽고 external source를 표시하며 로컬 우선순위와 외부 skill 파일 해석을 지원합니다',
+    new_0_6_1_6: '로그인 IP 잠금 기준이 실패 10회로 올라가고, 잠긴 로그인 화면에 잠금 해제와 기본 로그인 재설정 복구 명령이 표시됩니다',
+    new_0_6_1_7: '모바일 또는 백그라운드 채팅 연결 끊김은 일시적인 것으로 처리하고 재연결 후 서버에서 run 상태를 복원합니다',
+    new_0_6_1_8: 'Bridge tool marker flush가 tool/run 경계에서 남은 tool-call prefix를 저장해 새로고침 후 내용 잘림을 방지합니다',
+    new_0_6_1_9: 'Profile 인식 History 작업은 Profile이 포함된 대상으로 세션을 삭제하고 전역 Profile 변경 시 History를 새로고침합니다',
+    new_0_6_1_10: '다중 사용자 권한 모델을 위해 기존 AUTH_DISABLED 우회를 제거했으며 AUTH_TOKEN은 계속 지원됩니다',
+  },
+
+  // 파일
+  files: {
+    title: '파일',
+    tree: '디렉터리 트리',
+    list: '파일 목록',
+    breadcrumbRoot: '홈',
+    newFile: '새 파일',
+    newFolder: '새 폴더',
+    upload: '업로드',
+    refresh: '새로고침',
+    open: '열기',
+    edit: '편집',
+    preview: '미리보기',
+    download: '다운로드',
+    copyPath: '경로 복사',
+    rename: '이름 변경',
+    delete: '삭제',
+    name: '이름',
+    size: '크기',
+    modified: '수정일',
+    actions: '작업',
+    emptyDir: '빈 디렉터리',
+    loading: '불러오는 중...',
+    confirmDelete: '"{name}"을(를) 삭제하시겠습니까?',
+    confirmDeleteDir: '디렉터리 "{name}"과 그 내부 항목을 모두 삭제하시겠습니까?',
+    deleteFailed: '삭제 실패',
+    deleted: '삭제됨',
+    renameTo: '새 이름',
+    newFileName: '파일 이름',
+    newFolderName: '폴더 이름',
+    created: '생성됨',
+    createFailed: '생성 실패',
+    renamed: '이름이 변경됨',
+    renameFailed: '이름 변경 실패',
+    uploadSuccess: '{count}개 파일이 업로드되었습니다',
+    uploadFailed: '업로드 실패',
+    saveFailed: '저장 실패',
+    saved: '저장됨',
+    unsavedChanges: '저장하지 않은 변경 사항이 있습니다. 취소하시겠습니까?',
+    pathCopied: '경로가 복사되었습니다',
+    fileTooLarge: '파일이 너무 큽니다 (최대 10MB)',
+    permissionDenied: '보호된 파일은 수정할 수 없습니다',
+    notFound: '파일 또는 디렉터리를 찾을 수 없습니다',
+    backendError: '파일 작업 실패',
+    dragDropHint: '여기로 파일을 드래그하여 업로드',
+    closeEditor: '편집기 닫기',
+    closePreview: '닫기',
+    saveFile: '저장',
+    fileTree: '파일 트리',
+  },
+
+  // 그룹 채팅
+  groupChat: {
+    title: '그룹 채팅',
+    createRoom: '방 만들기',
+    joinByCode: '코드로 참여',
+    roomName: '방 이름',
+    roomNamePlaceholder: '방 이름을 입력하세요',
+    inviteCode: '초대 코드',
+    autoGenerate: '자동 생성',
+    noRooms: '아직 방이 없습니다',
+    selectOrCreate: '방을 선택하거나 만들어 채팅을 시작하세요',
+    agents: '에이전트',
+    addAgent: '에이전트 추가',
+    selectProfile: '프로필 선택',
+    agentAdded: '에이전트가 추가되었습니다',
+    agentAlreadyInRoom: '해당 에이전트가 이미 방에 있습니다',
+    agentAddFailedCount: '{count}개의 에이전트를 추가하지 못했습니다: {details}',
+    noAgents: '이 방에 에이전트가 없습니다',
+    members: '멤버',
+    roomCreated: '방이 생성되었습니다',
+    roomDeleted: '방이 삭제되었습니다',
+    roomCloned: '방이 복제되었습니다',
+    cloneRoom: '방 복제',
+    copyRoomLink: '방 링크 복사',
+    deleteRoomConfirm: '이 방을 삭제하시겠습니까?',
+    clearContext: '컨텍스트 지우기',
+    clearContextConfirm: '이 방의 컨텍스트를 지우시겠습니까? 메시지와 압축 스냅샷은 삭제되고 에이전트와 멤버는 유지됩니다.',
+    contextCleared: '컨텍스트가 지워졌습니다',
+    you: '나',
+    joined: '방에 참여했습니다',
+    joinFailed: '방 참여에 실패했습니다',
+    inputPlaceholder: '메시지를 입력하세요... (Enter로 전송)',
+    enterCode: '초대 코드를 입력하세요',
+    yourName: '이름',
+    yourNamePlaceholder: '표시 이름을 입력하세요',
+    yourDescription: '설명 (선택)',
+    yourDescriptionPlaceholder: '자신을 소개해 주세요...',
+    agentName: '에이전트 이름',
+    agentNamePlaceholder: '사용자 지정 이름 (빈칸=프로필 이름)',
+    agentDesc: '에이전트 설명',
+    agentDescPlaceholder: '이 에이전트가 하는 일을 설명...',
+    agentReplying: '이(가) 응답 중...',
+    agentCompressing: '이(가) 컨텍스트 압축 중...',
+    compressionSettings: '압축 설정',
+    triggerTokens: '압축 트리거 토큰',
+    triggerTokensDesc: '이 토큰 수를 초과하면 컨텍스트 압축이 시작됩니다',
+    maxHistoryTokens: '최대 기록 토큰',
+    maxHistoryTokensDesc: '압축된 컨텍스트의 최대 토큰 수',
+    tailMessageCount: '최근 메시지 수',
+    tailMessageCountDesc: '압축 후 그대로 유지할 최근 메시지 수',
+    compressionConfig: '압축 설정',
+    compressNow: '지금 압축',
+    compressingInProgress: '압축 진행 중',
+    compressionSaved: '압축 설정이 저장되었습니다',
+  },
+
+  // 다운로드
+  download: {
+    downloading: '다운로드 중...',
+    downloadFailed: '다운로드 실패',
+    fileNotFound: '파일을 찾을 수 없거나 삭제되었습니다',
+    fileTooLarge: '파일이 너무 큽니다 (제한 초과)',
+    backendError: '파일 읽기에 실패했습니다. 원격 환경이 사용 불가능할 수 있습니다',
+    backendTimeout: '파일 읽기 시간 초과',
+    unsupportedBackend: '현재 터미널 백엔드는 파일 다운로드를 지원하지 않습니다',
+    invalidPath: '잘못된 파일 경로',
+    contentDisplay: '내용 표시',
+    download: '다운로드',
+    downloadFile: '파일 다운로드',
+  },
+  gateways: {
+    title: '게이트웨이',
+    running: '실행 중',
+    stopped: '중지됨',
+    started: '시작됨',
+    startFailed: 'Gateway 시작 실패',
+    stopFailed: 'Gateway 중지 실패',
+  },
+  kanban: {
+    title: 'Kanban 보드',
+    createTask: '새 작업',
+    noTasks: '작업 없음',
+    allStatuses: '모든 상태',
+    allAssignees: '모든 담당자',
+    columns: {
+      triage: '분류 대기',
+      todo: '할 일',
+      ready: '준비됨',
+      running: '진행 중',
+      blocked: '차단됨',
+      done: '완료됨',
+      archived: '보관됨',
+    },
+    card: {
+      assigneeTooltip: '담당자',
+      priority: {
+        low: '낮음',
+        medium: '보통',
+        high: '높음',
+      },
+      timeAgo: {
+        justNow: '방금',
+        minutes: '{count}분 전',
+        hours: '{count}시간 전',
+        days: '{count}일 전',
+      },
+    },
+    board: {
+      create: '새 보드',
+      archive: '보드 보관',
+      archiveConfirm: '현재 보드를 보관하시겠습니까?',
+      archived: '보드가 보관되었습니다',
+      created: '보드가 생성되었습니다',
+      slugPlaceholder: '보드 식별자, 예: project-a',
+      namePlaceholder: '표시 이름 (선택)',
+      slugRequired: '보드 식별자는 필수입니다',
+    },
+    form: {
+      title: '제목',
+      titlePlaceholder: '작업 제목',
+      titleRequired: '제목은 필수입니다',
+      body: '설명',
+      bodyPlaceholder: '작업 설명 (선택)',
+      assignee: '담당자',
+      selectAssignee: '담당자 선택...',
+      priority: '우선순위',
+      selectPriority: '우선순위 선택...',
+    },
+    detail: {
+      status: '상태',
+      priority: '우선순위',
+      assignee: '담당자',
+      tenant: '테넌트',
+      createdAt: '생성 시간',
+      startedAt: '시작 시간',
+      completedAt: '완료 시간',
+      comments: '댓글',
+      events: '이벤트',
+      runs: '실행 기록',
+      artifacts: '산출 파일',
+      result: '완료 결과',
+      highlights: '핵심 정보',
+      sources: '데이터 소스',
+      sessions: '관련 세션',
+      sessionMessages: '세션 기록',
+      noSessions: '관련 세션을 찾을 수 없습니다.',
+    },
+    action: {
+      title: '작업',
+      assign: '할당',
+      assignTo: '할당 대상...',
+      block: '차단',
+      blockReason: '차단 이유',
+      unblock: '차단 해제',
+      complete: '완료',
+      completeSummary: '완료 요약 (선택)',
+    },
+    message: {
+      loadFailed: '작업 로드 실패',
+      taskCreated: '작업이 생성되었습니다',
+      taskAssigned: '작업이 할당되었습니다',
+      taskBlocked: '작업이 차단되었습니다',
+      taskUnblocked: '작업 차단이 해제되었습니다',
+      taskCompleted: '작업이 완료되었습니다',
+    },
+    stats: {
+      total: '합계',
+      tasks: '작업 수',
+    },
+  },
+}
diff --git a/packages/client/src/i18n/locales/pt.ts b/packages/client/src/i18n/locales/pt.ts
new file mode 100644
index 0000000..7f448e6
--- /dev/null
+++ b/packages/client/src/i18n/locales/pt.ts
@@ -0,0 +1,1549 @@
+export default {
+  // Login
+  login: {
+    title: 'Hermes Web UI',
+    description: 'Insira seu nome de usuario e senha para continuar.',
+    placeholder: 'Token de acesso',
+    submit: 'Entrar',
+    tokenRequired: 'Por favor, insira seu token de acesso',
+    invalidToken: 'Token invalido',
+    connectionFailed: 'Nao foi possivel conectar ao servidor',
+    passwordLogin: 'Senha',
+    tokenLogin: 'Token',
+    usernamePlaceholder: 'Nome de usuario',
+    passwordPlaceholder: 'Senha',
+    defaultCredentialsHint: 'Nome de usuario padrao: admin. Senha padrao: 123456.',
+    credentialsRequired: 'Por favor, insira nome de usuario e senha',
+    invalidCredentials: 'Nome de usuario ou senha incorretos',
+    tooManyAttempts: 'Muitas tentativas falhadas, por favor tente novamente mais tarde',
+    lockResetHint: 'Se este for seu servidor, limpe o bloqueio de login com:',
+    defaultLoginResetHint: 'Para redefinir a senha admin padrao, execute:',
+    sessionExpired: 'Login expirado. Entre novamente.',
+    accessDenied: 'Voce nao tem permissao para acessar este recurso.',
+    passwordMismatch: 'As senhas nao conferem',
+    passwordTooShort: 'A senha deve ter pelo menos 6 caracteres',
+    setupSuccess: 'Login por senha configurado com sucesso',
+    passwordChanged: 'Senha alterada com sucesso',
+    passwordRemoved: 'Login por senha removido',
+    setupPassword: 'Configurar login por senha',
+    changePassword: 'Alterar senha',
+    changeUsername: 'Alterar nome de usuario',
+    removePasswordLogin: 'Remover',
+    username: 'Nome de usuario',
+    currentPassword: 'Senha atual',
+    newPassword: 'Nova senha',
+    confirmPassword: 'Confirmar senha',
+    newUsername: 'Novo nome de usuario',
+    usernameChanged: 'Nome de usuario alterado com sucesso',
+    usernameTooShort: 'O nome de usuario deve ter pelo menos 2 caracteres',
+    setupDescription: 'Gerencie o nome de usuario e a senha usados para entrar.',
+    removeConfirm: 'Login por senha e obrigatorio para contas de usuario.',
+    passwordLoginNotConfigured: 'Login por senha nao configurado',
+    passwordLoginConfigured: 'Conta atual: {username}',
+    defaultCredentialTitle: 'Altere a conta e senha padrao',
+    defaultCredentialMessage: 'A conta atual ainda usa o nome de usuario ou a senha padrao. Para evitar acesso nao autorizado, altere o nome de usuario e a senha da conta atual o quanto antes.',
+    defaultCredentialAction: 'Alterar agora',
+    defaultCredentialLater: 'Lembrar depois',
+  },
+
+  users: {
+    title: 'Gerenciamento de contas',
+    description: 'Crie usuarios, atribua funcoes e controle quais perfis administradores comuns podem acessar.',
+    create: 'Criar usuario',
+    edit: 'Editar usuario',
+    username: 'Nome de usuario',
+    role: 'Funcao',
+    statusLabel: 'Status',
+    profiles: 'Perfis acessiveis',
+    profilesPlaceholder: 'Selecione perfis acessiveis',
+    allProfiles: 'Todos os perfis',
+    noProfiles: 'Nenhum perfil atribuido',
+    lastLogin: 'Ultimo login',
+    newPasswordOptional: 'Nova senha (deixe em branco para manter)',
+    loadFailed: 'Falha ao carregar usuarios',
+    deleteConfirm: 'Excluir este usuario?',
+    enable: 'Ativar',
+    disable: 'Desativar',
+    roles: {
+      superAdmin: 'Super admin',
+      admin: 'Admin',
+    },
+    status: {
+      active: 'Ativo',
+      disabled: 'Desativado',
+    },
+  },
+
+  // Common
+  common: {
+    loading: 'Carregando...',
+    cancel: 'Cancelar',
+    retry: 'Tentar novamente',
+    delete: 'Excluir',
+    edit: 'Editar',
+    save: 'Salvar',
+    saved: 'Salvo',
+    update: 'Atualizar',
+    create: 'Criar',
+    saveFailed: 'Falha ao salvar',
+    deleteFailed: 'Falha ao excluir',
+    ok: 'OK',
+    copied: 'Copiado',
+    copy: 'Copiar',
+    noData: 'Sem dados',
+    fetch: 'Buscar',
+    add: 'Adicionar',
+    enable: 'Ativar',
+    disable: 'Desativar',
+    configured: 'Configurado',
+    notConfigured: 'Nao configurado',
+    confirm: 'Confirmar',
+    expand: 'Expandir',
+    collapse: 'Recolher',
+    stop: 'Parar',
+    start: 'Iniciar',
+    expired: 'Expirado',
+  },
+
+  // Gestao de MCP
+  mcp: {
+    title: 'Servidores MCP',
+    loadFailed: 'Falha ao carregar servidores MCP',
+    reloadAll: 'Recarregar todos',
+    refresh: 'Atualizar',
+    total: 'Total',
+    connected: 'Conectado',
+    disconnected: 'Desconectado',
+    tools: 'ferramentas',
+    tool: 'Ferramentas',
+    searchPlaceholder: 'Pesquisar servidores...',
+    addServer: '+ Adicionar servidor',
+    zeroTools: '0 ferramentas',
+    loading: 'Carregando...',
+    empty: 'Nenhum servidor MCP configurado',
+    reloaded: '{server} recarregado',
+    reloadedAll: 'Todos os servidores MCP recarregados',
+    reloadFailed: 'Falha ao recarregar',
+    serverAdded: 'Servidor "{name}" adicionado',
+    addFailed: 'Falha ao adicionar servidor',
+    serverUpdated: 'Servidor "{name}" atualizado',
+    updateFailed: 'Falha ao atualizar servidor',
+    saveFailed: 'Falha ao salvar',
+    serverRemoved: '"{name}" removido',
+    enabled: "Habilitado: {name}",
+    disabled: "Desabilitado: {name}",
+    connectedStatus: 'Conectado',
+    disconnectedStatus: 'Desconectado',
+    disabledStatus: 'Desativado',
+    toolList: 'Lista de ferramentas',
+    count: ' ',
+    more: 'mais',
+    removeFailed: 'Falha ao remover servidor',
+    testOk: 'Teste OK — {count} ferramentas disponiveis',
+    testEmpty: 'O teste nao retornou ferramentas',
+    testFailed: 'Falha no teste',
+    edit: 'Editar',
+    test: 'Testar',
+    reload: 'Recarregar',
+    remove: 'Remover',
+    confirmRemove: 'Remover servidor "{name}"?',
+    cancel: 'Cancelar',
+    add: 'Adicionar',
+    save: 'Salvar',
+    addTitle: 'Adicionar servidor MCP',
+    editTitle: 'Editar servidor MCP',
+    invalidJson: 'JSON inválido',
+    invalidYaml: 'Formato YAML inválido',
+    invalidConfig: 'Configuração inválida',
+    invalidServerConfig: 'Configuração do servidor inválida',
+    missingCommandOrUrl: 'Deve conter command ou url',
+    manageTools: 'Gerenciar ferramentas',
+    toolsVisibilityTitle: 'Gerenciamento de visibilidade de ferramentas',
+    fetchTools: 'Obter lista de ferramentas',
+    fetchToolsFailed: 'Falha ao obter lista de ferramentas',
+    toolsMode: 'Modo:',
+    toolsModeAll: 'Todas',
+    toolsModeInclude: 'Incluir',
+    toolsModeExclude: 'Excluir',
+    toolsListHeader: 'Nome da ferramenta',
+    toolsEmpty: 'Nenhuma ferramenta disponível, obtenha a lista de ferramentas primeiro',
+    toolsSummaryAll: '{count} ferramentas no total, todas habilitadas',
+    toolsSummaryInclude: '{total} ferramentas no total, {count} selecionadas',
+    toolsSummaryExclude: '{total} ferramentas no total, {count} excluídas',
+    toolsVisibilitySaved: 'Visibilidade das ferramentas salva',
+    toolsSelectAll: 'Selecionar tudo',
+    toolsClearSelection: 'Limpar seleção',
+    toolsExcludeAll: 'Excluir tudo',
+    toolsClearExcluded: 'Limpar exclusões',
+  },
+
+  // Sidebar
+  sidebar: {
+    chat: 'Chat',
+    search: 'Pesquisar',
+    apiRelay: 'API Relay',
+    history: 'Historico',
+    jobs: 'Tarefas agendadas',
+    models: 'Modelos',
+    profiles: 'Perfis',
+    plugins: 'Plugins',
+    mcp: 'MCP',
+    skills: 'Habilidades',
+    memory: 'Memoria',
+    logs: 'Logs',
+    usage: 'Uso',
+    performance: 'Desempenho',
+    skillsUsage: 'Uso de habilidades',
+    channels: 'Canais',
+    terminal: 'Terminal',
+    files: 'Arquivos',
+    groupChat: 'Chat em grupo',
+    groupConversation: 'Conversa',
+    groupConversationShort: 'Conv.',
+    groupAgent: 'Agente',
+    groupAgentShort: 'Ag.',
+    groupSystem: 'Sistema',
+    groupSystemShort: 'Sist',
+    groupMonitoring: 'Monitoramento',
+    groupMonitoringShort: 'Mon.',
+    settings: 'Configuracoes',
+    connected: 'Conectado',
+    disconnected: 'Desconectado',
+    updateTip: 'Execute "hermes-web-ui update" no terminal para atualizar',
+    updateVersion: 'Atualizar para v{version}',
+    reloadClientVersion: 'Recarregar para v{version}',
+    updating: 'Atualizando...',
+    updateSuccess: 'Atualizacao concluida. Atualize a pagina em breve. Se nao iniciar apos algum tempo, inicie manualmente.',
+    updateFailed: 'Falha na atualizacao',
+    logout: 'Sair',
+    nodeVersionWarning: 'Node.js v{version} detectado. Atualize para a versao 23 ou posterior.',
+    changelog: 'Registro de alteracoes',
+    noChangelog: 'Nenhum registro disponivel',
+    kanban: 'Kanban',
+    groupTools: 'Ferramentas',
+    groupToolsShort: "Ferr.",
+    codingAgents: "Agentes de código",
+    versionPreview: "Prévia de versão",
+    groupPlatform: 'Plataforma',
+    gateways: 'Gateways',
+    expand: 'Expandir menu',
+    collapse: 'Recolher menu',
+  },
+
+  performance: {
+    title: 'Desempenho',
+    subtitle: 'Monitore recursos do sistema, Bridge Broker, Workers e sessões ativas',
+    refresh: 'Atualizar',
+    autoRefreshOn: 'Atualização automática',
+    autoRefreshOff: 'Atualização manual',
+    loadFailed: 'Falha ao carregar métricas de desempenho',
+    systemCpu: 'CPU do sistema',
+    systemMemory: 'Memória do sistema',
+    activeSessions: 'Sessões ativas',
+    runningSessions: 'Em execução {count}',
+    workers: 'Workers',
+    totalWorkerMemory: 'Memória total de Worker',
+    processes: 'Processos',
+    uptime: 'Tempo ativo',
+    running: 'Em execução',
+    stopped: 'Parado',
+    workerMemory: 'Memória de Worker',
+    lastUpdated: 'Atualizado',
+    profile: 'Profile',
+    memory: 'Memória',
+    sessions: 'Sessões',
+    runningActiveSessions: 'Em execução / Ativas',
+    lastUsed: 'Último uso',
+    status: 'Status',
+    noWorkers: 'Nenhum Worker',
+    sessionsByProfile: 'Sessões por Profile',
+    noActiveSessions: 'Nenhuma sessão ativa',
+  },
+
+  // Gaveta
+  drawer: {
+    terminal: 'Terminal',
+    files: 'Espaço de trabalho',
+  },
+
+  // Chat
+  chat: {
+    contextRemaining: 'restante',
+    contextClickToEdit: 'Clique para editar o tamanho do contexto',
+    contextEditTitle: 'Editar tamanho do contexto',
+    contextEditDesc: 'Definir o limite de tamanho do contexto para o modelo atual (em tokens)',
+    contextEditPlaceholder: 'Digite o tamanho do contexto',
+    contextEditHint: 'Valores comuns: 256k (Hermes padrão), 128k (GPT-4), 32k (GPT-3.5)',
+    contextEditSave: 'Salvar',
+    contextEditCancel: 'Cancelar',
+    contextEditInvalid: 'Por favor, insira um tamanho de contexto válido',
+    contextEditSuccess: 'Tamanho do contexto atualizado',
+    contextEditFailed: 'Falha na atualização',
+    emptyState: 'Inicie uma conversa com o Hermes Agent',
+    outlineTitle: 'Esboço da conversa',
+    outlineEmpty: 'Nenhum conteúdo da conversa',
+    outlineUserQuestion: 'Pergunta do usuário',
+    inputPlaceholder: 'Digite uma mensagem... (Enter para enviar, Shift+Enter para nova linha)',
+    slashCommandArgs: {
+      message: '<mensagem>',
+      title: '<titulo>',
+      text: '<texto>',
+    },
+    slashCommands: {
+      usage: 'Calcular o uso da sessão atual',
+      status: 'Mostrar status da sessão e fila',
+      abort: 'Parar a execução ativa do Bridge',
+      queue: 'Enfileirar uma mensagem após a execução ativa',
+      plan: 'Escrever um plano de implementação em Markdown',
+      goal: 'Set a standing goal that continues across turns',
+      goalStatus: 'Show the active goal status',
+      goalPause: 'Pause the active goal loop',
+      goalResume: 'Resume the paused goal loop',
+      goalDone: 'Complete and clear the active goal',
+      goalClear: 'Clear the active goal',
+      subgoal: 'Add a criterion to the active goal',
+      clear: 'Limpar a visualização atual',
+      clearHistory: 'Excluir o histórico de mensagens salvo desta sessão',
+      title: 'Renomear esta sessão',
+      compress: 'Executar compressão de contexto quando ocioso',
+      steer: 'Enviar texto de orientação para a execução ativa do Bridge',
+      destroy: 'Liberar o Bridge Agent desta sessão',
+      reloadMcp: 'Recarregar servidores MCP',
+    },
+    attachFiles: 'Anexar arquivos',
+    showToolCalls: 'Mostrar chamadas de ferramentas',
+    hideToolCalls: 'Ocultar chamadas de ferramentas',
+    messageQueue: 'Fila de mensagens',
+    removeQueuedMessage: 'Remover mensagem da fila',
+    stop: 'Parar',
+    send: 'Enviar',
+    contextUsed: 'Contexto utilizado:',
+    sessions: 'Sessoes',
+    webUiSessions: 'Sessões',
+    allProfiles: 'Todos os perfis',
+    profileMissingModelsTip: 'O perfil "{profile}" não tem provider ou modelo disponível para esta sessão',
+    sessionScopeHint: 'O chat mostra apenas sessões da Web UI/API Server. Sessões de CLI, Telegram, Discord, Cron e outros canais são somente leitura no Histórico.',
+    openHistory: 'Abrir histórico',
+    hermesHistory: 'Histórico Hermes',
+    historyScopeHint: 'Sessões do histórico Hermes do perfil atual, somente leitura, agrupadas por origem.',
+    noSessions: 'Sem sessoes',
+    newChat: 'Novo chat',
+    approvalKicker: 'Permissão do terminal',
+    approvalTitle: 'Revisar comando antes de executar',
+    approvalAllowOnce: 'Permitir uma vez',
+    approvalAllowSession: 'Permitir sessão',
+    approvalAlways: 'Sempre',
+    approvalDeny: 'Negar',
+    clarifyKicker: 'Agente precisa de esclarecimento',
+    clarifyTitle: 'O agente tem uma pergunta para você',
+    clarifyPlaceholder: 'Digite sua resposta...',
+    clarifySubmit: 'Responder',
+    clarifyDismiss: 'Descartar',
+    deleteSession: 'Excluir esta sessao?',
+    toggleBatchMode: 'Seleção em lote',
+    selectAll: 'Selecionar tudo',
+    confirmBatchDelete: 'Excluir {count} sessões selecionadas?',
+    batchDeleteSuccess: '{count} sessões excluídas',
+    batchDeletePartial: '{failed} sessões falharam ao excluir',
+    batchDeleteFailed: 'Falha na exclusão em lote',
+    importToWebUi: 'Importar para Web UI',
+    importSessionSuccess: 'Sessão importada para Web UI',
+    importSessionAlreadyExists: 'A sessão já existe no Web UI',
+    importSessionFailed: 'Falha ao importar sessão',
+    sessionDeleted: 'Sessao excluida',
+    rename: 'Renomear',
+    pin: 'Fixar',
+    unpin: 'Desafixar',
+    pinned: 'Fixadas',
+    chatMode: 'Modo de chat',
+    liveMode: 'Ao vivo',
+    liveSessions: 'Sessões ao vivo',
+    recentBadge: 'Recente',
+    linkedSessions: '{count} vinculadas',
+    noVisibleMessages: 'Nenhuma mensagem visível para humanos.',
+    monitorRoleUser: 'Usuário',
+    monitorRoleAssistant: 'Assistente',
+    copySessionLink: 'Copiar link da sessão',
+    openSessionInNewTab: 'Abrir em nova aba',
+    sessionLinkCopied: 'Session link copied',
+    copySessionId: 'Copiar ID da sessão',
+    export: 'Exportar',
+    exportFull: 'Exportação completa (JSON)',
+    exportCompressed: 'Exportação comprimida (TXT)',
+    exportCompressing: 'Comprimindo contexto, aguarde...',
+    exportSuccess: 'Sessão exportada',
+    exportFailed: 'Falha ao exportar',
+    renamed: 'Renomeado',
+    renameFailed: 'Falha ao renomear',
+    renameSession: 'Renomear sessao',
+    sessionNotFound: 'Sessao nao encontrada',
+    enterNewTitle: 'Digite um novo titulo',
+    other: 'Outro',
+    runFailed: 'Falha na execucao',
+    error: 'Erro',
+    tool: 'Ferramenta',
+    arguments: 'Argumentos',
+    result: 'Resultado',
+    truncated: '... (truncado)',
+    executionDuration: 'Tempo de execução',    thinkingLabel: 'Raciocínio',
+    thinkingInProgress: 'Pensando…',
+    thinkingShow: 'Mostrar raciocínio',
+    thinkingHide: 'Ocultar raciocínio',
+    thinkingDuration: 'Observado {duration}',
+    thinkingChars: '{count} caracteres',
+    copyBubble: 'Copiar mensagem',
+    copiedBubble: 'Mensagem copiada',
+    copyFailed: 'Falha ao copiar',
+    playSpeech: 'Reproduzir voz',
+    pauseSpeech: 'Pausar',
+    resumeSpeech: 'Retomar',
+    stopSpeech: 'Parar',
+    speechNotSupported: 'Reprodução de voz não suportada neste navegador',
+    searchEnterHint: 'Enter para abrir · Esc para fechar',
+    searchHint: 'Cmd/Ctrl+K',
+    searchScope: 'Escopo da busca: apenas banco local de sessões da Web UI; sessões históricas Hermes somente leitura não são incluídas.',
+    searchFailed: 'Falha ao pesquisar sessões',
+    searchNoSnippet: 'Nenhum resumo disponível',
+    searchNoResults: 'Nenhuma sessão corresponde à busca',
+    searchRecent: 'Sessão recente',
+    searchEmpty: 'Sessões recentes',
+    searchPlaceholder: 'Pesquisar sessões...',
+    searchSubtitle: 'Pesquisar por título ou conteúdo da mensagem',
+    searchTitle: 'Pesquisar sessões',
+    stopGateway: 'Parar gateway',
+    start: 'Iniciar',
+    workspaceSetFailed: 'Falha ao definir workspace',
+    workspaceSet: 'Workspace definido',
+    workspacePlaceholder: 'Digite o caminho do projeto, ex. /home/user/project',
+    workspace: 'Área de trabalho',
+    setWorkspaceTitle: 'Definir workspace da sessão',
+    setWorkspace: 'Definir workspace',
+    modelSetFailed: 'Falha ao definir modelo',
+    modelSet: 'Modelo definido',
+    setModelTitle: 'Definir modelo da sessão',
+    setModel: 'Definir modelo',
+    newCliChat: 'Novo CLI',
+    cliEmptyState: 'Iniciar chat CLI',
+    autoPlaySpeech: 'Reproduzir voz automaticamente',
+  },
+
+  // Jobs
+  jobs: {
+    title: 'Tarefas agendadas',
+    createJob: 'Criar tarefa',
+    editJob: 'Editar tarefa',
+    noJobs: 'Nenhuma tarefa agendada ainda. Crie uma para comecar.',
+    name: 'Nome',
+    namePlaceholder: 'Nome da tarefa',
+    schedule: 'Agendamento (expressao Cron)',
+    schedulePlaceholder: 'ex. 0 9 * * *',
+    quickPresets: 'Presets rapidos',
+    selectPreset: 'Selecionar um preset...',
+    presetEveryMinute: 'Cada minuto',
+    presetEvery5Min: 'A cada 5 minutos',
+    presetEveryHour: 'Cada hora',
+    presetEveryDay: 'Todos os dias as 00:00',
+    presetEveryDay9: 'Todos os dias as 09:00',
+    presetEveryMonday: 'Toda segunda as 09:00',
+    presetEveryMonth: 'Dia 1 de cada mes as 09:00',
+    prompt: 'Prompt',
+    promptPlaceholder: 'O prompt a executar',
+    deliverTarget: 'Destino de entrega',
+    origin: 'Origem',
+    local: 'Local',
+    repeatCount: 'Contagem de repeticoes (opcional)',
+    modelPlaceholder: 'Modelo padrao',
+    repeatPlaceholder: 'Deixar vazio para infinito',
+    jobCreated: 'Tarefa criada',
+    jobUpdated: 'Tarefa atualizada',
+    nameRequired: 'O nome e obrigatorio',
+    scheduleRequired: 'O agendamento e obrigatorio',
+    loadFailed: 'Falha ao carregar a tarefa',
+    jobPaused: 'Tarefa pausada',
+    jobResumed: 'Tarefa retomada',
+jobTriggered: 'Job acionado',
+    modelUpdated: 'Modelo atualizado',
+    jobDeleted: 'Tarefa excluida',
+    status: {
+      running: 'Em execucao',
+      paused: 'Pausada',
+      disabled: 'Desativada',
+      scheduled: 'Agendada',
+    },
+    info: {
+      model: 'Modelo',
+      schedule: 'Agendamento',
+      lastRun: 'Ultima execucao',
+      nextRun: 'Proxima execucao',
+      deliver: 'Entrega',
+      repeat: 'Repeticao',
+    },
+    action: {
+      pause: 'Pausar',
+      pauseJob: 'Pausar tarefa',
+      resume: 'Retomar',
+      resumeJob: 'Retomar tarefa',
+      runNow: 'Executar agora',
+      triggerImmediately: 'Acionar imediatamente',
+    },
+    runHistory: {
+      title: 'Histórico',
+      runs: 'execuções',
+      noRuns: 'Nenhum histórico encontrado.',
+    },
+  },
+
+  // Skills
+  skills: {
+    title: 'Habilidades',
+    searchPlaceholder: 'Buscar habilidades...',
+    noMatch: 'Nenhuma habilidade corresponde a sua busca',
+    noSkills: 'Nenhuma habilidade encontrada',
+    backTo: 'Voltar para',
+    attachedFiles: 'Arquivos anexados',
+    loadFailed: 'Falha ao carregar a habilidade',
+    fileLoadFailed: 'Falha ao carregar o arquivo',
+    modified: 'Modificado pelo usuário',
+    archived: 'Arquivado',
+    pinned: 'Fixado',
+    pin: 'Fixar habilidade',
+    unpin: 'Desfixar habilidade',
+    pinFailed: 'Falha ao alterar estado de fixacao',
+    toggleFailed: 'Falha ao ativar/desativar a habilidade',
+    source: {
+      builtin: 'Integrado',
+      hub: 'Hub',
+      local: 'Local',
+      external: 'Externo',
+    },
+  },
+
+  // Plugins
+  plugins: {
+    title: 'Plugins',
+    refresh: 'Atualizar',
+    notice: 'Inventário somente leitura dos manifests de plugins Hermes detectáveis. Os metadados de descoberta são lidos sem carregar código de plugin. No v1, ações de gerenciamento ficam na CLI; mudanças entram em vigor em novas sessões Hermes.',
+    loadFailed: 'Falha ao carregar plugins',
+    commandCopied: 'Comando copiado',
+    searchPlaceholder: 'Buscar key, nome, descrição, caminho...',
+    source: 'Origem',
+    kind: 'Tipo',
+    statusTitle: 'Status',
+    configStatus: 'config: {status}',
+    notAvailable: 'n/a',
+    copyCommand: 'Copiar comando',
+    managedElsewhere: 'gerenciado em outro lugar',
+    noMatch: 'Nenhum plugin corresponde aos filtros atuais',
+    enabled: 'ativado',
+    disabled: 'desativado',
+    summary: {
+      total: 'Total',
+      active: 'Ativado / auto',
+      inactive: 'Inativo',
+      disabled: 'Desativado',
+      providerManaged: 'Gerenciado por provider',
+    },
+    status: {
+      enabled: 'Ativado',
+      'auto-active': 'Autoativo',
+      inactive: 'Inativo',
+      disabled: 'Desativado',
+      'provider-managed': 'Gerenciado por provider',
+    },
+    statusLabel: {
+      enabled: 'Ativado por configuração',
+      'auto-active': 'Autoativo',
+      inactive: 'Inativo',
+      disabled: 'Desativado',
+      'provider-managed': 'Gerenciado por provider',
+    },
+    configStatuses: {
+      enabled: 'ativado',
+      disabled: 'desativado',
+      'not-enabled': 'não ativado',
+      auto: 'auto',
+      'provider-managed': 'gerenciado por provider',
+    },
+    table: {
+      plugin: 'Plugin',
+      status: 'Status',
+      source: 'Origem',
+      kind: 'Tipo',
+      capabilities: 'Capacidades',
+      path: 'Caminho / entrypoint',
+      cli: 'CLI',
+    },
+    capabilities: {
+      tools: '{count} ferramentas',
+      hooks: '{count} hooks',
+      env: '{count} env',
+    },
+    metadata: {
+      agentRoot: 'Raiz do agente',
+      python: 'Python',
+      scanCwd: 'Verificar cwd',
+      projectPlugins: 'Plugins do projeto',
+    },
+  },
+
+  // Memory
+  memory: {
+    title: 'Memoria',
+    refresh: 'Atualizar',
+    loadFailed: 'Falha ao carregar a memoria',
+    myNotes: 'Minhas notas',
+    noNotes: 'Nenhuma nota ainda.',
+    notesPlaceholder: 'Escreva suas notas...',
+    userProfile: 'Perfil do usuario',
+    noProfile: 'Nenhum perfil ainda.',
+    profilePlaceholder: 'Escreva seu perfil...',
+    soul: 'Alma',
+    noSoul: 'Nenhuma configuracao de alma ainda.',
+    soulPlaceholder: 'Escreva a configuracao da alma...',
+  },
+
+  // Models
+  models: {
+    title: 'Modelos',
+    addProvider: 'Adicionar provedor',
+    providerType: 'Tipo de provedor',
+    preset: 'Predefinição',
+    custom: 'Personalizado',
+    selectProvider: 'Selecionar provedor',
+    chooseProvider: 'Escolha um provedor...',
+    name: 'Nome',
+    autoGeneratedName: 'Gerado automaticamente pela URL base',
+    baseUrl: 'URL base',
+    region: 'Região',
+    regionIntl: 'Internacional',
+    regionCn: 'China Continental',
+    baseUrlPlaceholder: 'ex. https://api.example.com/v1',
+    apiKey: 'Chave API',
+    apiKeyPlaceholder: 'sk-...',
+    defaultModel: 'Modelo padrao',
+    selectOrInput: 'Selecionar ou digitar um modelo...',
+    selectModel: 'Selecionar um modelo...',
+    providerAdded: 'Provedor adicionado',
+    providerDeleted: 'Provedor excluido',
+    deleteProvider: 'Excluir provedor',
+    deleteConfirm: 'Tem certeza de que deseja excluir "{name}"?',
+    codexLoginTitle: 'Login do OpenAI Codex',
+    codexWaiting: 'Digite este código na página de autorização para fazer login:',
+    codexCopyCode: 'Código copiado',
+    codexOpenLink: 'Abrir página de autorização',
+    codexApproved: 'Login bem-sucedido',
+    codexExpired: 'A autorização expirou. Por favor, tente novamente.',
+    nousLoginTitle: 'Login do Nous Portal',
+    nousWaiting: 'Insira este código na página de autorização:',
+    nousCopyCode: 'Código copiado',
+    nousOpenLink: 'Abrir página de autorização',
+    nousApproved: 'Login bem-sucedido',
+    nousDenied: 'Autorização negada',
+    nousExpired: 'Autorização expirada',
+    copilotLoginTitle: 'Login do GitHub Copilot',
+    copilotWaiting: 'Abra o GitHub e insira o código do dispositivo abaixo para autorizar. A janela fechará automaticamente após a aprovação.',
+    copilotCopyCode: 'Código copiado',
+    copilotOpenLink: 'Abrir a página de autorização do GitHub',
+    copilotApproved: 'Login bem-sucedido!',
+    copilotDenied: 'Autorização negada.',
+    copilotExpired: 'O link de autorização expirou. Tente novamente.',
+    copilotAddDetectedTitle: 'GitHub Copilot detectado',
+    copilotAddDetected: 'Foi detectado um token OAuth do GitHub Copilot nesta máquina. Clique em Adicionar para ativar o Copilot no Hermes.',
+    copilotAddSourceEnv: 'Origem: ~/.hermes/.env (COPILOT_GITHUB_TOKEN)',
+    copilotAddSourceGhCli: 'Origem: gh CLI (gh auth token)',
+    copilotAddSourceAppsJson: 'Origem: extensão Copilot do VS Code (apps.json)',
+    copilotDeleteHintEnv: 'Isto irá limpar o COPILOT_GITHUB_TOKEN em ~/.hermes/.env. Outras ferramentas não são afetadas.',
+    copilotDeleteHintGhCli: 'O Copilot ficará oculto no Hermes. Sua sessão no gh CLI não é afetada — `gh auth status` continuará indicando que está conectado.',
+    copilotDeleteHintAppsJson: 'O Copilot ficará oculto no Hermes. A extensão Copilot do VS Code continuará conectada.',
+    customBadge: 'PERSONALIZADO',
+    previewBadge: 'PRÉVIA',
+    disabledBadge: 'INDISPONÍVEL',
+    disabledTooltip: "Este modelo não está disponível para sua conta.",
+    customModelPlaceholder: 'ID de modelo não listado',
+    customModelHint: 'Para modelos compatíveis com o provedor que a API não retorna; não é uma renomeação de exibição. Enter para carregar.',
+    noProviders: 'Nenhum provedor encontrado. Adicione um provedor personalizado para comecar.',
+    clearVisibleModels: 'Limpar seleção',
+    currentDefault: 'Padrão atual',
+    defaultShort: 'Padrão',
+    builtIn: 'Integrado',
+    customType: 'Personalizado',
+    provider: 'Provedor',
+    contextLength: 'Tamanho do contexto',
+    contextLengthPlaceholder: 'ex: 256000 (opcional)',
+    local: 'Local ({host})',
+    selectProviderRequired: 'Por favor, selecione um provedor',
+    baseUrlRequired: 'A URL base e obrigatoria',
+    apiKeyRequired: 'A chave API e obrigatoria',
+    modelRequired: 'O modelo padrao e obrigatorio',
+    enterBaseUrl: 'Por favor, insira a URL base primeiro',
+    unexpectedFormat: 'Formato de resposta inesperado',
+    foundModels: '{count} modelos encontrados',
+    fetchFailed: 'Falha ao buscar os modelos',
+    xaiWaiting: 'Conclua a autorização na página xAI aberta. A janela será fechada automaticamente após a aprovação.',
+    xaiOpenLink: 'Abrir página de autorização xAI',
+    xaiLoginTitle: 'Login OAuth xAI Grok',
+    xaiExpired: 'O link de autorização expirou. Tente novamente.',
+    xaiCopyLink: 'Copiar link de autorização',
+    xaiApproved: 'Login concluído!',
+    visibilitySelectOne: 'Mantenha pelo menos um modelo visível',
+    visibilitySaved: 'Modelos visíveis salvos',
+    visibilitySaveFailed: 'Falha ao salvar modelos visíveis',
+    visibilityHint: 'Afeta apenas o seletor de modelos e a página de modelos da Web UI. A configuração provider/model da Hermes CLI não é alterada; as chamadas ainda usam o ID original do modelo.',
+    showAllModels: 'Mostrar todos os modelos',
+    searchPlaceholder: 'Pesquisar modelos...',
+    removeCustomModel: 'Remover este modelo não listado',
+    more: 'mais',
+    models: 'Lista de modelos',
+    manageVisibleModelsFor: 'Gerenciar modelos visíveis de {name}',
+    manageVisibleModels: 'Gerenciar modelos visíveis',
+    getApiKey: 'Obter API Key',
+    count: 'modelos',
+    aliasUseOriginal: 'Restaurar ID original',
+    aliasTitleFor: 'Nome exibido de {model}',
+    aliasTitle: 'Nome exibido do modelo',
+    aliasSaveFailed: 'Falha ao salvar nome exibido',
+    aliasPlaceholder: 'Deixe vazio para usar o ID original do modelo',
+    aliasManageFor: 'Nomes exibidos de {provider}',
+    aliasManage: 'Nomes exibidos',
+    aliasHint: 'Altera apenas o nome exibido na Web UI. O Hermes ainda recebe o ID original do modelo.',
+    aliasEdit: 'Renomear',
+    aliasCanonical: 'ID original: {model}',
+  },
+
+  // Profiles
+  profiles: {
+    title: 'Perfis',
+    create: 'Criar perfil',
+    import: 'Importar',
+    export: 'Exportar',
+    rename: 'Renomear',
+    delete: 'Excluir',
+    switchTo: 'Trocar Hermes Profile',
+    switchConfirm: 'Isto executara `hermes profile use {name}` e alterara o active profile do Hermes CLI. Continuar?',
+    switchSuccess: 'Hermes active profile alterado para "{name}"',
+    switchFailed: 'Falha ao trocar Hermes Profile. O gateway pode precisar de reinicio manual.',
+    createSuccess: 'Perfil "{name}" criado',
+    createFailed: 'Falha ao criar o perfil',
+    renameSuccess: 'Perfil renomeado',
+    renameFailed: 'Falha ao renomear o perfil',
+    deleteConfirm: 'Tem certeza de que deseja excluir o perfil "{name}"?',
+    deleteSuccess: 'Perfil excluido',
+    deleteFailed: 'Falha ao excluir o perfil',
+    exportSuccess: 'Perfil exportado',
+    exportFailed: 'Falha ao exportar o perfil',
+    importSuccess: 'Perfil importado',
+    importFailed: 'Falha ao importar o perfil',
+    importSelectFile: 'Selecionar arquivo de arquivo',
+    importInvalidFile: 'Por favor, selecione um arquivo valido (.tar.gz, .tgz, .gz, .zip)',
+    name: 'Nome do perfil',
+    namePlaceholder: 'Apenas letras, numeros e hifens',
+    nameValidation: 'O nome do perfil só pode conter letras minúsculas, números, sublinhados e hifens',
+    newName: 'Novo nome',
+    newNamePlaceholder: 'Digite um novo nome',
+    cloneFromCurrent: 'Clonar do perfil atual',
+    cloneCleanupNotice: 'Ao clonar, as credenciais exclusivas de plataforma (Weixin / Telegram / Slack, etc.) são automaticamente ignoradas para evitar conflitos com o perfil de origem',
+    cloneStrippedCredentials: '{count} credencial(is) exclusiva(s) removida(s): {list}',
+    cloneDisabledPlatforms: '{count} plataforma(s) desabilitada(s): {list}',
+    cloneStrippedConfigCredentials: '{count} credencial(is) incorporada(s) removida(s) do config.yaml: {list}',
+    archivePath: 'Caminho do arquivo',
+    archivePathPlaceholder: 'Caminho do servidor para o arquivo',
+    importName: 'Nome do perfil (opcional)',
+    importNamePlaceholder: 'Deixe vazio para usar o nome do arquivo',
+    active: 'Ativo',
+    model: 'Modelo',
+    gateway: 'Gateway',
+    alias: 'Alias',
+    provider: 'Provedor',
+    path: 'Caminho',
+    skills: 'Habilidades',
+    hasEnv: 'Tem .env',
+    hasSoulMd: 'Tem soul.md',
+    noProfiles: 'Nenhum perfil encontrado. Crie um para comecar.',
+    avatar: {
+      title: 'Avatar personalizado',
+      customize: 'Personalizar avatar',
+      upload: 'Enviar imagem',
+      random: 'Gerar aleatório',
+      reset: 'Restaurar padrão',
+      hint: 'PNG, JPEG ou WebP, máximo 1 MB',
+      invalidType: 'Escolha uma imagem PNG, JPEG ou WebP',
+      tooLarge: 'A imagem do avatar não pode exceder 1 MB',
+      saveSuccess: 'Avatar salvo',
+      saveFailed: 'Falha ao salvar avatar',
+      resetSuccess: 'Avatar padrão restaurado',
+      resetFailed: 'Falha ao restaurar avatar padrão',
+    },
+    runtime: {
+      activeProfile: 'Atual: {name}',
+      bridgeWorker: 'Status do Bridge',
+      gateway: 'Gateway',
+      active: 'Ativo',
+      activeTag: 'Atual',
+      idle: 'Ocioso',
+      checking: 'Verificando',
+      running: 'Em execução',
+      stopped: 'Parado',
+      restartGateway: 'Reiniciar gateway',
+      restartProfile: 'Reiniciar perfil',
+      switchProfile: 'Trocar perfil frontend',
+      gatewayRestarted: 'Gateway reiniciado: {name}',
+      gatewayRestartFailed: 'Falha ao reiniciar gateway',
+      profileRestarted: 'Perfil reiniciado: {name}',
+      profileRestartFailed: 'Falha ao reiniciar perfil',
+    },
+  },
+
+  // Logs
+  logs: {
+    title: 'Logs',
+    all: 'Todos',
+    searchPlaceholder: 'Buscar...',
+    refresh: 'Atualizar',
+    noEntries: 'Nenhuma entrada de log',
+  },
+
+  // Settings
+  settings: {
+    title: 'Configuracoes',
+    saved: 'Salvo',
+    saveFailed: 'Falha ao salvar',
+    tabs: {
+      display: 'Exibicao',
+      account: 'Conta atual',
+      users: 'Gerenciamento de contas',
+      agent: 'Agente',
+      memory: 'Memoria',
+      compression: 'Compressao',
+      session: 'Sessao',
+      privacy: 'Privacidade',
+      apiServer: 'Servidor API',
+      models: 'Modelos',
+      voice: 'Voz',
+    },
+    display: {
+      streaming: 'Respostas em streaming',
+      streamingHint: 'Mostrar respostas da IA em tempo real',
+      compact: 'Modo compacto',
+      compactHint: 'Reduzir espacamento entre mensagens',
+      showReasoning: 'Mostrar raciocinio',
+      showReasoningHint: 'Mostrar processo de pensamento do modelo',
+      showCost: 'Mostrar custo',
+      showCostHint: 'Mostrar uso de tokens nas respostas',
+      inlineDiffs: 'Diffs em linha',
+      inlineDiffsHint: 'Mostrar alteracoes de codigo em linha',
+      bellOnComplete: 'Som de conclusao',
+      bellOnCompleteHint: 'Tocar som quando a IA terminar',
+      busyInputMode: 'Modo de entrada ocupada',
+      busyInputModeHint: 'Permitir entrada enquanto a IA processa',
+      theme: 'Tema',
+      themeHint: 'Escolha claro, escuro ou seguir a preferencia do sistema',
+      themeLight: 'Claro',
+      themeDark: 'Escuro',
+      themeSystem: 'Sistema',
+    },
+    agent: {
+      maxTurns: 'Maximo de turnos',
+      maxTurnsHint: 'Maximo de rodadas de interacao por conversa',
+      gatewayTimeout: 'Timeout do gateway',
+      gatewayTimeoutHint: 'Timeout da requisicao em segundos',
+      restartDrainTimeout: 'Timeout de drenagem ao reiniciar',
+      restartDrainTimeoutHint: 'Timeout de drenagem antes de reiniciar em segundos',
+      toolEnforcement: 'Obrigatoriedade de ferramentas',
+      toolEnforcementHint: 'Controlar o modo de execucao de chamadas de ferramentas',
+      auto: 'Automatico',
+      always: 'Sempre',
+      never: 'Nunca',
+    },
+    memory: {
+      enabled: 'Ativar memoria',
+      enabledHint: 'Permitir que a IA lembre do contexto da conversa',
+      userProfile: 'Perfil do usuario',
+      userProfileHint: 'Permitir que a IA lembre das preferencias do usuario',
+      charLimit: 'Limite de caracteres da memoria',
+      charLimitHint: 'Maximo de caracteres para MEMORY.md',
+      userCharLimit: 'Limite de caracteres do perfil do usuario',
+      userCharLimitHint: 'Maximo de caracteres para USER.md',
+    },
+    compression: {
+      enabled: 'Ativar compressao',
+      enabledHint: 'Comprimir automaticamente historico longo antes de exceder o contexto do modelo',
+      threshold: 'Limiar de compressao',
+      thresholdHint: 'Iniciar compressao quando tokens estimados excederem esta proporcao do contexto',
+      targetRatio: 'Proporcao alvo',
+      targetRatioHint: 'Tamanho alvo do historico apos compressao como proporcao do contexto',
+      protectLastN: 'Proteger mensagens recentes',
+      protectLastNHint: 'Manter sem compressao esta quantidade de mensagens recentes',
+      protectFirstN: 'Proteger primeiras mensagens',
+      protectFirstNHint: 'Manter sem compressao esta quantidade de mensagens iniciais',
+    },
+    session: {
+      mode: 'Modo de reinicializacao',
+      modeHint: 'Condicao de acionamento para reinicializacao de sessao',
+      modeBoth: 'Inatividade + Agendado',
+      modeIdle: 'Somente inatividade',
+      modeDaily: 'Somente agendado',
+      modeNone: 'Nunca (apenas manual)',
+      idleMinutes: 'Timeout de inatividade',
+      idleMinutesHint: 'Tempo de espera antes da reinicializacao automatica (minutos)',
+      atHour: 'Horario de reinicializacao agendada',
+      humanOnly: 'Mostrar apenas sessões humanas',
+      humanOnlyHint: 'Oculta por padrão o ruído de subagentes e do monitor de sessões',
+      liveMonitorHumanOnly: 'Monitor ao vivo: mostrar apenas sessões humanas',
+      liveMonitorHumanOnlyHint: 'Oculta por padrão o ruído de subagentes e do monitor de sessões no monitor ao vivo',
+      atHourHint: 'Reiniciar sessao neste horario diariamente',
+      requireAuth: 'Autorização de sessão',
+      requireAuthHint: 'Requer autorização para operações de sessão',
+    },
+    privacy: {
+      redactPii: 'Ocultar dados pessoais',
+      redactPiiHint: 'Detectar e ocultar automaticamente informacoes sensiveis (senhas, chaves, etc.)',
+    },
+    apiServer: {
+      enable: 'Ativar',
+      enableHint: 'Ativar servidor API',
+      host: 'Host',
+      hostHint: 'Endereco de escuta',
+      port: 'Porta',
+      portHint: 'Porta de escuta',
+      key: 'Chave',
+      keyHint: 'Chave de acesso API',
+      cors: 'Origens CORS',
+      corsHint: 'Fontes cross-origin permitidas',
+    },
+    voice: {
+      ttsProvider: 'Provedor TTS',
+      ttsProviderHint: 'Escolha o mecanismo de texto para fala para reproducao de mensagens',
+      providerWebSpeech: 'WebSpeech API (Navegador)',
+      providerOpenai: 'OpenAI TTS',
+      providerCustom: 'Endpoint personalizado (compativel com OpenAI)',
+      providerEdge: 'Edge TTS (Gratuito, sem chave API)',
+
+      // WebSpeech
+      webspeechVoice: 'Voz',
+      webspeechVoiceHint: 'Selecione uma voz do seu navegador ou SO',
+      webspeechVoicePlaceholder: 'Auto (voz padrao)',
+
+      // OpenAI
+      openaiKey: 'Chave API',
+      openaiKeyHint: 'Sua chave API OpenAI com acesso TTS',
+      openaiUrl: 'URL base da API',
+      openaiUrlHint: 'ex. https://api.openai.com/v1/audio/speech',
+      openaiModel: 'Modelo',
+      openaiModelHint: 'tts-1 (mais rapido) / tts-1-hd (qualidade superior)',
+      openaiVoice: 'Voz',
+      openaiVoiceHint: 'Voz a ser usada para sintese',
+
+      // Custom endpoint
+      customHint: 'Use qualquer API TTS compativel com OpenAI — funciona com GPT-SoVITS, CosyVoice, etc.',
+      customUrl: 'URL da API',
+      customUrlHint: 'URL base do seu servico TTS',
+      customUrlPlaceholder: 'Endereco configurado no adaptador local, ex. http://127.0.0.1:9880',
+      customApiKey: 'Chave API (opcional)',
+      customApiKeyHint: 'Alguns endpoints personalizados exigem autenticacao',
+      customApiKeyPlaceholder: 'Deixe em branco se nao for necessario',
+
+      // Edge TTS
+      edgeHint: 'Desenvolvido por Microsoft Edge TTS (node-edge-tts).',
+      edgeUrl: 'URL do adaptador',
+      edgeUrlHint: 'Endereco do adaptador Edge TTS, ex. http://127.0.0.1:9882',
+      edgeUrlPlaceholder: 'http://127.0.0.1:9882',
+      edgeVoice: 'Voz',
+      edgeVoiceHint: 'Selecione uma voz para sintese de fala',
+      edgeRate: 'Velocidade',
+      edgeRateHint: 'Ajustar velocidade da fala (0.5x ~ 2.0x)',
+      edgePitch: 'Tom',
+      edgePitchHint: 'Ajustar tom da fala (-20 ~ +20 Hz)',
+
+      // Test
+      testTitle: 'Teste de voz',
+      testText: 'Texto de teste',
+      testTextPlaceholder: 'Insira o texto para testar...',
+      testTextDefault: 'Ola, este e um teste de voz.',
+      testButton: 'Testar',
+      testButtonPlaying: 'Reproduzindo...',
+      testFailed: 'Teste falhou: {error}',
+
+      // MiMo TTS
+      providerMimo: 'MiMo TTS',
+      mimoHint: 'Xiaomi MiMo TTS — vozes predefinidas, design de voz e clonagem de voz',
+      mimoApiKey: 'Chave API',
+      mimoApiKeyHint: 'Obtenha sua chave em platform.xiaomimimo.com',
+      mimoApiKeyPlaceholder: 'Chave API MiMo',
+      mimoBaseUrl: 'URL base',
+      mimoBaseUrlHint: 'URL do endpoint da API MiMo',
+      mimoModel: 'Modelo',
+      mimoModelHint: 'Selecione o modelo de síntese de voz',
+      mimoModelPreset: 'Vozes predefinidas',
+      mimoModelVoiceDesign: 'Design de voz',
+      mimoModelVoiceClone: 'Clonagem de voz',
+      mimoVoice: 'Voz',
+      mimoVoiceHint: 'Selecione uma voz predefinida',
+      mimoVoiceDesignPrompt: 'Descrição da voz',
+      mimoVoiceDesignPromptHint: 'Descreva as características de voz desejadas',
+      mimoVoiceDesignPromptPlaceholder: 'Ex: Uma voz feminina quente e jovem, ligeiramente lenta, com tom magnético',
+      mimoCloneAudio: 'Enviar áudio',
+      mimoCloneAudioHint: 'Envie uma amostra de áudio para clonagem (mp3/wav, máx. 10 MB)',
+      mimoCloneAudioUpload: 'Escolher arquivo',
+      mimoCloneAudioClear: 'Limpar',
+      mimoStylePrompt: 'Prompt de estilo',
+      mimoStylePromptHint: 'Opcional — descreva o estilo de fala em linguagem natural',
+      mimoStylePromptPlaceholder: 'Ex: Tom brilhante e animado, ritmo rápido',
+    },
+    lockedIps: {
+      title: 'IPs bloqueadas',
+      count: '{count} bloqueadas',
+      empty: 'Nenhuma IP bloqueada',
+      unlock: 'Desbloquear',
+      unlockAll: 'Desbloquear tudo',
+      unlockAllConfirm: 'Desbloquear todas as IPs?',
+      unlocked: 'IP desbloqueada',
+      allUnlocked: '{count} IPs desbloqueadas',
+    },
+    models: {
+      apiKey: 'API Key',
+      apiKeyPlaceholder: 'Digite a API Key',
+      noProviders: 'Nenhum provedor configurado',
+      save: 'Salvar',
+      saveFailed: 'Falha ao salvar',
+      saved: 'Salvo',
+    },
+  },
+  githubPreview: {
+    title: "Prévia de versão",
+    description: "Clona a tag do GitHub selecionada para o workspace de prévia do Web UI, instala dependências e executa com as portas de desenvolvimento.",
+    refresh: "Atualizar",
+    selectTag: "Selecione uma tag",
+    prepare: "Preparar código",
+    install: "Instalar dependências",
+    start: "Iniciar prévia",
+    stop: "Parar",
+    note: "O código de prévia é armazenado no diretório de dados do Web UI. Produção permanece na porta 8648; a prévia usa frontend 8651 e backend 8650.",
+    path: "Caminho da prévia",
+    webuiHome: "Dados da prévia",
+    currentTag: "Tag atual",
+    repoReady: "Repositório pronto",
+    dependencies: "Dependências instaladas",
+    running: "Estado",
+    notRunning: "Não em execução",
+    open: "Abrir prévia",
+    log: "Caminho do log de ações",
+    logOutput: "Saída de logs",
+    actionLog: "Log de ações",
+    devLog: "Log do servidor dev",
+    yes: "Sim",
+    no: "Não",
+    actionFailed: "Ação falhou",
+    nodeEnvironmentMissing: "Node/npm não foi detectado. Instale o Node.js e tente novamente.",
+    prepareSuccess: "Código de prévia pronto",
+    installSuccess: "Dependências instaladas",
+    startSuccess: "Prévia concluída",
+    stopSuccess: "Prévia parada",
+  },
+
+  codingAgents: {
+    title: "Agentes de código",
+    notice: "Nem todos os provedores e modelos são compatíveis.",
+    claudeDescription: "CLI da Anthropic para tarefas únicas em print mode e sessões interativas de código.",
+    codexDescription: "CLI da OpenAI e fluxo de provedor openai-codex do Hermes para tarefas de repositório.",
+    copyCommand: "Copiar",
+    commandCopied: "Comando copiado",
+    commandCopyFailed: "Falha ao copiar",
+    refresh: "Atualizar",
+    checking: "Verificando",
+    installStatus: "Status da instalação",
+    installed: "Instalado",
+    notInstalled: "Não instalado",
+    installNow: "Instalar",
+    installing: "Instalando",
+    installSuccess: "Instalado",
+    installFailed: "Falha na instalação",
+    nodeEnvironmentMissing: "Node/npm não foi detectado. Instale o Node.js e tente novamente.",
+    deleteNow: "Excluir",
+    deleting: "Excluindo",
+    deleteSuccess: "Excluído",
+    deleteFailed: "Falha ao excluir",
+    configFiles: "Arquivos de configuração",
+    profileScope: "Perfil",
+    providerScope: "Provedor",
+    providerPlaceholder: "ex.: custom:glm",
+    modelScope: "Modelo",
+    modelPlaceholder: "Selecionar modelo",
+    launchModeScope: "Modo de inicialização",
+    launchModeGlobal: "Configuração global",
+    launchModeScoped: "Provedor e modelo",
+    protocolScope: "Protocolo",
+    protocolOpenAiChat: "OpenAI Chat Completions (/v1/chat/completions)",
+    protocolOpenAiResponses: "OpenAI Responses (/v1/responses)",
+    protocolAnthropicMessages: "Anthropic Messages (/v1/messages)",
+    reloadConfig: "Recarregar configuração",
+    configFileNotCreated: "Não criado",
+    configLoadFailed: "Falha ao ler arquivo de configuração",
+    loadFailed: "Falha ao inspecionar agentes de código",
+    launch: "Iniciar",
+    launchTitle: "Iniciar agente de código",
+    nativeTerminal: "Terminal nativo",
+    builtInTerminal: "Terminal integrado",
+    launchPrepared: "Configuração de inicialização preparada",
+    launchPrepareFailed: "Falha ao preparar configuração de inicialização",
+    nativeLaunchStarted: "Terminal nativo aberto",
+    nativeLaunchFailed: "Falha ao abrir terminal nativo",
+    terminalTitle: "Terminal do agente de código",
+    loadProvidersFailed: "Falha ao carregar provedores do perfil atual",
+    selectProviderModel: "Selecione um provedor e modelo",
+    launchConfigDir: "Diretório de configuração de inicialização",
+    launchCommand: "Comando de inicialização",
+    table: {
+      tool: "Ferramenta",
+      kind: "Etapa",
+      command: "Comando",
+      note: "Nota",
+      action: "Ação",
+    },
+    kinds: {
+      install: "Instalar",
+      auth: "Autenticação",
+      health: "Saúde",
+      run: "Executar",
+    },
+    notes: {
+      claudeInstall: "Instala a CLI Claude Code globalmente.",
+      codexInstall: "Instala a CLI Codex globalmente.",
+      claudeAuth: "Verifica o estado de login do Claude Code; execute claude uma vez se o login estiver ausente.",
+      codexAuth: "Adiciona credenciais OAuth do OpenAI Codex gerenciadas pelo Hermes.",
+      claudeHealth: "Verifica o atualizador e a saúde da CLI local.",
+      codexHealth: "Confirma que a CLI Codex está disponível no PATH.",
+      claudeRun: "Print mode é o caminho mais limpo para tarefas únicas orientadas por API.",
+      codexRun: "Tarefas únicas do Codex devem ser executadas dentro de um repositório git.",
+    },
+  },
+
+  // Platform channel settings
+  platform: {
+    requireMention: "Exigir mencao {'@'}",
+    requireMentionGroup: "Exigir mencao {'@'} em grupos para responder",
+    requireMentionChannel: "Exigir mencao {'@'} em canais para responder",
+    requireMentionRoom: "Exigir mencao {'@'} em salas para responder",
+    reactions: 'Reacoes',
+    reactionsHint: 'Reagir a mensagens com emoji',
+    freeResponseChats: 'Chats de resposta livre',
+    freeResponseChatsHint: "IDs de chats que respondem sem mencao {'@'} (separados por virgula)",
+    freeResponseChannels: 'Canais de resposta livre',
+    freeResponseChannelsHint: "IDs de canais que respondem sem mencao {'@'} (separados por virgula)",
+    freeResponseRooms: 'Salas de resposta livre',
+    freeResponseRoomsHint: "IDs de salas que respondem sem mencao {'@'} (separados por virgula)",
+    mentionPatterns: 'Padroes de mencao personalizados',
+    mentionPatternsHint: 'Padroes de acionamento adicionais',
+    autoThread: 'Thread automatica',
+    autoThreadHint: "Criar automaticamente threads de resposta apos mencao {'@'}",
+    autoThreadHintRoom: 'Criar automaticamente threads de resposta em salas',
+    dmMentionThreads: 'Threads de mencao em DM',
+    dmMentionThreadsHint: 'Usar respostas em thread para mencoes em DMs',
+    allowBots: 'Permitir mensagens de bots',
+    allowBotsHint: 'Responder a mensagens de outros bots',
+    allowedChannels: 'Canais permitidos',
+    allowedChannelsHint: 'Lista branca de IDs de canais (separados por virgula)',
+    ignoredChannels: 'Canais ignorados',
+    ignoredChannelsHint: 'Canais onde o bot nunca responde (separados por virgula)',
+    noThreadChannels: 'Canais sem thread',
+    noThreadChannelsHint: 'Canais onde o bot responde sem threads (separados por virgula)',
+    exclusiveTokenWarning: 'Esta plataforma usa bloqueio exclusivo de token. Cada perfil deve usar um token de identidade diferente para evitar conflitos com outros perfis.',
+    botToken: 'Token do bot',
+    botTokenHint: 'Token do bot do portal do desenvolvedor',
+    accessToken: 'Token de acesso',
+    accessTokenHint: 'Token de acesso Matrix',
+    homeserver: 'URL do homeserver',
+    homeserverHint: 'URL do homeserver Matrix',
+    appId: 'ID do aplicativo',
+    appIdHint: 'ID do aplicativo Feishu',
+    appSecret: 'Segredo do aplicativo',
+    appSecretHint: 'Segredo do aplicativo Feishu',
+    clientId: 'ID do cliente',
+    clientIdHint: 'ID do cliente DingTalk',
+    clientSecret: 'Segredo do cliente',
+    clientSecretHint: 'Segredo do cliente DingTalk',
+    cardTemplateId: 'ID do modelo de cartão IA',
+    cardTemplateIdHint: 'ID do modelo de cartão IA do DingTalk; deixe vazio para desativar os cartões IA',
+    botId: 'ID do bot',
+    botIdHint: 'ID do bot WeCom',
+    wecomSecretHint: 'Segredo do bot WeCom',
+    waEnabled: 'Ativar WhatsApp',
+    waEnabledHint: 'Ativar WhatsApp via pareamento por codigo QR',
+    weixinToken: 'Token Weixin',
+    weixinTokenHint: 'Do login QR da CLI weixin (hermes weixin)',
+    accountId: 'ID da conta',
+    accountIdHint: 'ID da conta Weixin',
+    qrLogin: 'Login por QR',
+    qrRelogin: 'Reconectar',
+    qrFetching: 'Buscando codigo QR...',
+    qrScanHint: 'Escaneie com WeChat para fazer login',
+    qrScanedHint: 'Escaneado, por favor confirme no celular...',
+    qqSandboxHint: 'Ativar ambiente sandbox (para testes)',
+    qqSandbox: 'Modo sandbox',
+    qqQrScanHint: 'Escaneie o QR code com QQ ou abra o link no celular para concluir a vinculação',
+    qqMarkdownHint: 'Ativar mensagens em formato Markdown (alguns clientes podem não suportar)',
+    qqMarkdown: 'Suporte a Markdown',
+    qqAppSecretHint: 'App Secret do bot QQ Open Platform',
+    qqAppSecret: 'App Secret',
+    qqAppIdHint: 'App ID do bot QQ Open Platform',
+    qqAppId: 'App ID',
+    allowedUsersHint: 'Lista de permissões de IDs de usuário ou OpenID, separados por vírgula',
+    allowedUsers: 'Usuários permitidos',
+    allowAllUsersHint: 'Permite mensagens de qualquer usuário; desative para usar a lista de permissões',
+    allowAllUsers: 'Permitir todos os usuários',
+  },
+
+  // Language
+  language: {
+    label: 'Idioma',
+    zh: '中文',
+    en: 'English',
+    pt: 'Portugues',
+  },
+
+  // Terminal
+  terminal: {
+    sessions: 'Sessoes',
+    newTab: 'Novo terminal',
+    closeSession: 'Fechar esta sessao?',
+    sessionExited: 'Encerrada',
+    processExited: 'Processo encerrado com codigo {code}',
+    noSessions: 'Nenhuma sessão de terminal',
+    connectionFailed: 'Falha ao conectar ao terminal',
+    connectionError: 'Erro de conexão',
+    connectionClosed: 'Conexão fechada',
+  },
+
+  // Usage
+  usage: {
+    title: 'Estatisticas de uso',
+    refresh: 'Atualizar',
+    totalTokens: 'Total de tokens',
+    inputTokens: 'Entrada',
+    outputTokens: 'Saida',
+    totalSessions: 'Total de sessoes',
+    avgPerDay: '~{n}/dia em media',
+    estimatedCost: 'Custo est.',
+    cacheHitRate: 'Taxa de acerto de cache',
+    modelBreakdown: 'Detalhamento por modelo',
+    dailyTrend: 'Uso diario',
+    date: 'Data',
+    tokens: 'Tokens',
+    cache: 'Cache',
+    cacheRead: 'Leitura de cache',
+    cacheWrite: 'Escrita de cache',
+    sessions: 'Sessoes',
+    cost: 'Custo',
+    noData: 'Sem dados de uso',
+  },
+
+  skillsUsage: {
+    title: 'Uso de habilidades',
+    subtitle: 'Acompanhe carregamentos e edições de habilidades nas sessões Hermes',
+    refresh: 'Atualizar',
+    periodSelector: 'Período de uso de habilidades',
+    periodLabel: '{days} d',
+    summary: 'Resumo',
+    totalActions: 'Ações',
+    loads: 'Carga',
+    edits: 'Ed.',
+    distinctSkills: 'Habs.',
+    topSkills: 'Top habs.',
+    dailyTrend: 'Tendência diária',
+    periodSummary: 'Últimos {days} dias',
+    skill: 'Hab.',
+    share: '%',
+    lastUsed: 'Últ. uso',
+    noData: 'Nenhum dado de uso de habilidades',
+    loadFailed: 'Falha ao carregar o uso de habilidades',
+    otherSkills: 'Outras habs.',
+  },
+
+  // Registro de alteracoes
+  changelog: {
+    new_0_6_7_1: 'O app desktop agora usa a porta 8748 por padrão, permite acesso pela rede local e pode ser aberto diretamente em um navegador local',
+    new_0_6_7_9: 'Links de download do desktop agora estão disponíveis no site oficial https://hermes-studio.ai/, e os instaladores mais recentes continuam disponíveis no GitHub Releases',
+    new_0_6_7_2: 'As ferramentas MCP ficam mais completas com correções de discovery no bridge, ciclo de vida de gestão MCP e controles de visibilidade por modelo no gestor',
+    new_0_6_7_3: 'Listas de mensagens centralizam melhor estados vazios, reduzem saltos de rolagem, evitam mostrar o chat ativo enquanto History carrega, preservam posição por sessão e fazem fade-in de 1,5 segundo ao trocar sessão',
+    new_0_6_7_4: 'Bridge e runtime ficam mais estáveis preservando a ordem texto/tool-call, corrigindo carregamento de status runtime de Profile, melhorando detecção Node/npm e evitando criação de diretório de dados em produção',
+    new_0_6_7_5: 'A distribuição Desktop cobre empacotamento Electron, nome do app, builds preload, upload de artifacts, início do Hermes CLI no Windows, ícones Linux e caminhos de dados graváveis, macOS sem certificado de assinatura e subprocessos Windows ocultos no início',
+    new_0_6_7_6: 'O site agora tem página de downloads e workflow de deploy, com deploy corrigido em ambientes sem rsync',
+    new_0_6_7_7: 'Correções de servidor e auth usam dirname para diretórios de credenciais no Windows e aumentam o limite de upload de avatar para evitar erros 413 com imagens grandes',
+    new_0_6_7_8: 'Harness do repositório, docs de validação e guias de agente para Coding Agents foram adicionados, enquanto docs antigos de setup script foram removidos',
+    new_0_6_4_1: 'CI foi reforçado com comportamento npm install fixo e cobertura Docker smoke para PRs',
+    new_0_6_4_2: 'O chat agora usa paginação virtualizada para rolar e carregar conversas longas com mais estabilidade',
+    new_0_6_4_3: 'A publicação de imagens Docker agora roda apenas em releases, não em checks comuns de PR',
+    new_0_6_4_4: 'Version Preview está disponível para super admins, com seleção main/tag, checkout de preview, instalação de dependências, start/stop e logs',
+    new_0_6_4_5: 'Instâncias preview isolam portas frontend/backend, Web UI home e agent bridge endpoint, com patches runtime para tags antigos cobrindo portas, WebSocket, base URL e navegação preview aninhada',
+    new_0_6_4_6: 'Tabelas legacy session_usage sem created_at agora migram com segurança usando um valor padrão',
+    new_0_6_4_7: 'Endpoints bridge profile worker agora são separados por broker endpoint, evitando que produção e preview com o mesmo Profile disputem worker sockets e causem erros unknown run',
+    new_0_6_5_1: 'Coding Agents adiciona fluxo completo de inicialização para Claude Code e Codex, com configuração global, workspaces isolados por profile/provider e terminal integrado ou nativo',
+    new_0_6_5_2: 'Inicialização Codex suporta OpenAI Chat Completions, OpenAI Responses e Anthropic Messages, com proxy local para adaptar diferentes provedores',
+    new_0_6_5_3: 'Coding Agents fica mais estável no Windows com detecção de shims .cmd/.bat, correções de terminal e Claude Code custom model sem validação local',
+    new_0_6_5_4: 'Listas de mensagens, paginação History, autenticação TTS, menções de agentes no chat em grupo, supressão de update check e bridge worker transport melhoram a estabilidade',
+    new_0_6_3_1: 'O status do spinner do Bridge nao e mais salvo como reasoning do modelo, evitando que texto thinking decorativo contamine o contexto futuro',
+    new_0_6_3_2: 'History agora inclui controles para importar sessoes Hermes CLI para o historico local da Web UI com normalizacao de mensagens mais segura',
+    new_0_6_3_3: 'A configuracao de Provider suporta base URLs integradas editaveis, LM Studio como provider integrado e descoberta ao vivo via LM Studio /models',
+    new_0_6_3_4: 'Requests OpenRouter enviados pelo bridge da Web UI agora incluem headers de atribuicao do app Hermes Web UI',
+    new_0_6_3_5: 'O endpoint publico de auth status nao expoe mais o primeiro nome de usuario para requests nao autenticados',
+    new_0_6_3_6: 'As configuracoes do DingTalk agora incluem um campo AI Card Template ID persistido como DINGTALK_CARD_TEMPLATE_ID',
+    new_0_6_3_7: 'A saida JSON do socket Bridge sanitiza caracteres Unicode surrogate isolados para evitar falhas SSE durante o chat',
+    new_0_6_2_1: 'Web Bridge agora suporta comandos /plan com início correto do run e estado visível do comando',
+    new_0_6_2_2: 'O menu de comandos no input do chat agora inclui /goal e /subgoal, com ações de status, pausar, retomar, concluir e limpar',
+    new_0_6_2_3: 'Workflows de Goal e subgoal agora integram sessões de chat, incluindo continuações de objetivo e atualizações de status',
+    new_0_6_2_4: 'Opções de canal destino para jobs foram restauradas para que jobs agendados escolham o destino correto',
+    new_0_6_2_5: 'O uso de tokens de contexto agora retoma com precisão após reconexões usando cálculos conscientes de snapshot',
+    new_0_6_2_6: 'A compressão de checkpoints de contexto está mais confiável quando o resumo do Codex é lento: Web UI espera 5 minutos e o Python bridge broker não corta requests de worker após 2 minutos',
+    new_0_6_2_7: 'A promoção da fila do chat foi corrigida para que mensagens queued não entrem cedo demais na lista, inclusive em janelas sincronizadas',
+    new_0_6_2_8: 'Prompts Clarify não enviam mais respostas de texto livre com Enter, e prompts respondidos não reabrem após trocar de sessão',
+    new_0_6_2_9: 'Refresh do ambiente do terminal Bridge e limpeza de stale pid foram melhor delimitados, reduzindo status runtime obsoleto na UI',
+    new_0_6_2_10: 'O comprimento de contexto padrão agora segue o padrão Hermes de 256.000 tokens',
+    new_0_5_35_1: 'Sessões Bridge agora podem executar em paralelo entre sessions diferentes, enquanto runs da mesma session continuam serializados para preservar a ordem',
+    new_0_5_35_2: 'Adiciona a página Performance Monitor para CPU/memória do sistema, Web UI, Bridge Broker, Workers e status de sessões ativas',
+    new_0_5_35_3: 'Adiciona métricas por worker com CPU, memória, Profile, número de sessões e estado de execução',
+    new_0_5_35_4: 'Melhora a limpeza do ciclo de vida dos Bridge workers para recuperar workers no encerramento do Broker ou do processo pai e reduzir processos Python órfãos',
+    new_0_5_35_5: 'Fortalece a compatibilidade do monitoramento com fallbacks de coleta para macOS, Windows, Linux, Docker e Termux',
+    new_0_5_35_6: 'Performance Monitor não bloqueia mais em requests a workers durante a inicialização de Agents, reduzindo request timeouts no Windows',
+    new_0_5_35_7: 'Chat Markdown agora suporta preview inline de conteúdo de texto, e ícones de download baixam arquivos diretamente sem abrir o drawer',
+    new_0_5_35_8: 'Melhora o drawer de conteúdo com ação de fechar no mobile, largura total no mobile, 800px no desktop e fundos consistentes para texto/Markdown',
+    new_0_6_0_1: 'A gestão por conta e por Profile agora protege de forma consistente sessões, modelos, uso, Kanban, jobs, uploads, mídia e APIs Hermes relacionadas',
+    new_0_6_0_2: 'Skills de mídia integrados usam o token de servidor gerado apenas para endpoints de mídia e resolvem credenciais fun-codex/xAI a partir do Profile solicitado',
+    new_0_6_0_3: 'Chat individual e em grupo injetam o Hermes Profile atual nas instruções do run para que Skills enviem X-Hermes-Profile',
+    new_0_6_0_4: 'O progresso de subagents de delegate_task aparece na UI do chat com estados de início, ferramenta, progresso e conclusão',
+    new_0_6_0_5: 'Parar ou abortar um run limpa eventos temporários para que estados abort antigos não passem para o próximo chat',
+    new_0_6_0_6: 'Atualiza documentação e site para gestão de contas, credenciais padrão, gestão conta/Profile, uploads/downloads e Skills de mídia',
+    new_0_6_0_7: 'Adiciona comandos CLI de manutenção para limpar bloqueios de IP de login e redefinir o login padrão admin / 123456',
+    new_0_6_0_8: 'A versão 0.6.0 é o limite entre a Web UI de usuário único e multiusuário. Se o modo multiusuário causar problemas, abra uma issue e volte para a versão 0.5.35 de usuário único se necessário',
+    new_0_6_1_1: 'As listas de sessões agora mostram por padrão todos os Profiles disponíveis para a conta; só filtram por Profile quando selecionado explicitamente, e CLI start/stop/status não imprimem mais o aviso experimental do node:sqlite',
+    new_0_6_1_2: 'Respostas Clarify e de confirmação agora passam pelo socket de chat autenticado até a Hermes bridge, com testes da rota de resposta',
+    new_0_6_1_3: 'Entradas de navegação e linhas de sessões usam links nativos para abrir em nova aba, copiar link e preservar grupos laterais recolhidos',
+    new_0_6_1_4: 'Links de sessão não vazam mais o Profile da rota para o filtro normal da lista, e os rótulos de abrir em nova aba foram localizados',
+    new_0_6_1_5: 'Skills agora lê skills.external_dirs da configuração do Profile ativo, marca skills externas, preserva prioridade local e resolve arquivos externos',
+    new_0_6_1_6: 'O bloqueio de IP no login agora permite 10 falhas e a tela bloqueada mostra comandos para limpar bloqueios e redefinir o login padrão',
+    new_0_6_1_7: 'Desconexões de chat em mobile ou segundo plano são tratadas como transitórias, e a reconexão retoma o estado do run pelo servidor',
+    new_0_6_1_8: 'O flush de marcadores de ferramentas da Bridge agora persiste prefixos parciais nos limites de ferramenta e de run',
+    new_0_6_1_9: 'Ações de History sensíveis a Profile excluem sessões com alvos qualificados por Profile e atualizam History quando o Profile global muda',
+    new_0_6_1_10: 'O bypass legado AUTH_DISABLED foi removido para o modelo multiusuário, enquanto AUTH_TOKEN continua suportado',
+  },
+
+  // Arquivos
+  files: {
+    title: 'Arquivos',
+    tree: 'Arvore de diretorios',
+    list: 'Lista de arquivos',
+    breadcrumbRoot: 'Inicio',
+    newFile: 'Novo arquivo',
+    newFolder: 'Nova pasta',
+    upload: 'Enviar',
+    refresh: 'Atualizar',
+    open: 'Abrir',
+    edit: 'Editar',
+    preview: 'Visualizar',
+    download: 'Baixar',
+    copyPath: 'Copiar caminho',
+    rename: 'Renomear',
+    delete: 'Excluir',
+    name: 'Nome',
+    size: 'Tamanho',
+    modified: 'Modificado',
+    actions: 'Acoes',
+    emptyDir: 'Diretorio vazio',
+    loading: 'Carregando...',
+    confirmDelete: 'Tem certeza de que deseja excluir "{name}"?',
+    confirmDeleteDir: 'Tem certeza de que deseja excluir o diretorio "{name}" e todo o seu conteudo?',
+    deleteFailed: 'Falha ao excluir',
+    deleted: 'Excluido',
+    renameTo: 'Renomear para',
+    newFileName: 'Nome do arquivo',
+    newFolderName: 'Nome da pasta',
+    created: 'Criado',
+    createFailed: 'Falha ao criar',
+    renamed: 'Renomeado',
+    renameFailed: 'Falha ao renomear',
+    uploadSuccess: '{count} arquivo(s) enviado(s)',
+    uploadFailed: 'Falha ao enviar',
+    saveFailed: 'Falha ao salvar',
+    saved: 'Salvo',
+    unsavedChanges: 'Voce tem alteracoes nao salvas. Descartar?',
+    pathCopied: 'Caminho copiado',
+    fileTooLarge: 'Arquivo muito grande (max 10MB)',
+    permissionDenied: 'Nao e possivel modificar arquivo protegido',
+    notFound: 'Arquivo ou diretorio nao encontrado',
+    backendError: 'Falha na operacao de arquivo',
+    dragDropHint: 'Arraste arquivos aqui para enviar',
+    closeEditor: 'Fechar editor',
+    closePreview: 'Fechar',
+    saveFile: 'Salvar',
+    fileTree: 'Árvore de arquivos',
+  },
+
+  // Chat em grupo
+  groupChat: {
+    title: 'Chat em grupo',
+    createRoom: 'Criar sala',
+    joinByCode: 'Entrar com codigo',
+    roomName: 'Nome da sala',
+    roomNamePlaceholder: 'Digite o nome da sala',
+    inviteCode: 'Codigo de convite',
+    autoGenerate: 'Gerar automaticamente',
+    noRooms: 'Nenhuma sala ainda',
+    selectOrCreate: 'Selecione ou crie uma sala para comecar a conversar',
+    agents: 'Agentes',
+    addAgent: 'Adicionar agente',
+    selectProfile: 'Selecione um perfil',
+    agentAdded: 'Agente adicionado',
+    agentAlreadyInRoom: 'O agente ja esta nesta sala',
+    agentAddFailedCount: '{count} agente(s) nao foram adicionados: {details}',
+    noAgents: 'Nenhum agente nesta sala',
+    members: 'Membros',
+    roomCreated: 'Sala criada',
+    roomDeleted: 'Sala excluída',
+    roomCloned: 'Sala clonada',
+    cloneRoom: 'Clonar sala',
+    copyRoomLink: 'Copiar link da sala',
+    deleteRoomConfirm: 'Excluir esta sala?',
+    clearContext: 'Limpar contexto',
+    clearContextConfirm: 'Limpar o contexto desta sala? Mensagens e snapshots de compactação serão removidos, mas agentes e membros ficam.',
+    contextCleared: 'Contexto limpo',
+    you: 'Você',
+    joined: 'Entrou na sala',
+    joinFailed: 'Falha ao entrar na sala',
+    inputPlaceholder: 'Digite uma mensagem... (Enter para enviar)',
+    enterCode: 'Digite o codigo de convite',
+    yourName: 'Seu nome',
+    yourNamePlaceholder: 'Digite seu nome de exibicao',
+    yourDescription: 'Descricao (opcional)',
+    yourDescriptionPlaceholder: 'Conte aos outros quem voce e...',
+    agentName: 'Nome do agente',
+    agentNamePlaceholder: 'Nome personalizado (vazio = nome do perfil)',
+    agentDesc: 'Descrição do agente',
+    agentDescPlaceholder: 'Descreva o que este agente faz...',
+    agentReplying: 'está respondendo...',
+    agentCompressing: 'está compactando contexto...',
+    compressionSettings: 'Configuração de compactação',
+    triggerTokens: 'Tokens de acionamento',
+    triggerTokensDesc: 'Limite de tokens para acionar a compactação',
+    maxHistoryTokens: 'Máx. tokens de histórico',
+    maxHistoryTokensDesc: 'Máximo de tokens para o contexto compactado',
+    tailMessageCount: 'Mensagens recentes',
+    tailMessageCountDesc: 'Número de mensagens recentes a manter',
+    compressionConfig: 'Config. de compactação',
+    compressNow: 'Compactar agora',
+    compressingInProgress: 'Compactação em andamento',
+    compressionSaved: 'Configuração salva',
+  },
+
+  // Download
+  download: {
+    downloading: 'Baixando...',
+    downloadFailed: 'Falha no download',
+    fileNotFound: 'Arquivo nao encontrado ou excluido',
+    fileTooLarge: 'Arquivo muito grande (limite excedido)',
+    backendError: 'Falha ao ler o arquivo, o ambiente remoto pode estar indisponivel',
+    backendTimeout: 'Tempo esgotado para ler o arquivo',
+    unsupportedBackend: 'O backend de terminal atual nao suporta download de arquivos',
+    invalidPath: 'Caminho de arquivo invalido',
+    contentDisplay: 'Exibicao de conteudo',
+    download: 'Baixar',
+    downloadFile: 'Baixar arquivo',
+  },
+  gateways: {
+    title: 'Gateways',
+    running: 'Em execução',
+    stopped: 'Parado',
+    started: 'Iniciado',
+    startFailed: 'Falha ao iniciar gateway',
+    stopFailed: 'Falha ao parar gateway',
+  },
+  kanban: {
+    title: 'Quadro Kanban',
+    createTask: 'Nova tarefa',
+    noTasks: 'Nenhuma tarefa',
+    allStatuses: 'Todos os status',
+    allAssignees: 'Todos os responsáveis',
+    columns: {
+      triage: 'Triagem',
+      todo: 'A fazer',
+      ready: 'Pronto',
+      running: 'Em andamento',
+      blocked: 'Bloqueado',
+      done: 'Concluído',
+      archived: 'Arquivado',
+    },
+    card: {
+      assigneeTooltip: 'Responsável',
+      priority: {
+        low: 'Baixa',
+        medium: 'Média',
+        high: 'Alta',
+      },
+      timeAgo: {
+        justNow: 'agora mesmo',
+        minutes: 'há {count} min',
+        hours: 'há {count} h',
+        days: 'há {count} d',
+      },
+    },
+    board: {
+      create: 'Novo quadro',
+      archive: 'Arquivar quadro',
+      archiveConfirm: 'Arquivar o quadro atual?',
+      archived: 'Quadro arquivado',
+      created: 'Quadro criado',
+      slugPlaceholder: 'Identificador do quadro, ex. project-a',
+      namePlaceholder: 'Nome exibido (opcional)',
+      slugRequired: 'O identificador do quadro é obrigatório',
+    },
+    form: {
+      title: 'Título',
+      titlePlaceholder: 'Título da tarefa',
+      titleRequired: 'Título é obrigatório',
+      body: 'Descrição',
+      bodyPlaceholder: 'Descrição da tarefa (opcional)',
+      assignee: 'Responsável',
+      selectAssignee: 'Selecionar responsável...',
+      priority: 'Prioridade',
+      selectPriority: 'Selecionar prioridade...',
+    },
+    detail: {
+      status: 'Status',
+      priority: 'Prioridade',
+      assignee: 'Responsável',
+      tenant: 'Locatário',
+      createdAt: 'Criado',
+      startedAt: 'Iniciado',
+      completedAt: 'Concluído',
+      comments: 'Comentários',
+      events: 'Eventos',
+      runs: 'Execuções',
+      artifacts: 'Arquivos gerados',
+      result: 'Resultado',
+      highlights: 'Informações principais',
+      sources: 'Fontes de dados',
+      sessions: 'Sessões relacionadas',
+      sessionMessages: 'Mensagens da sessão',
+      noSessions: 'Nenhuma sessão relacionada encontrada.',
+    },
+    action: {
+      title: 'Ações',
+      assign: 'Atribuir',
+      assignTo: 'Atribuir a...',
+      block: 'Bloquear',
+      blockReason: 'Motivo do bloqueio',
+      unblock: 'Desbloquear',
+      complete: 'Concluir',
+      completeSummary: 'Resumo de conclusão (opcional)',
+    },
+    message: {
+      loadFailed: 'Falha ao carregar tarefa',
+      taskCreated: 'Tarefa criada',
+      taskAssigned: 'Tarefa atribuída',
+      taskBlocked: 'Tarefa bloqueada',
+      taskUnblocked: 'Tarefa desbloqueada',
+      taskCompleted: 'Tarefa concluída',
+    },
+    stats: {
+      total: 'Total',
+      tasks: 'Tarefas',
+    },
+  },
+}
diff --git a/packages/client/src/i18n/locales/zh-TW.ts b/packages/client/src/i18n/locales/zh-TW.ts
new file mode 100644
index 0000000..a312b4b
--- /dev/null
+++ b/packages/client/src/i18n/locales/zh-TW.ts
@@ -0,0 +1,1554 @@
+export default {
+  // 登入
+  login: {
+    title: 'Hermes Web UI',
+    description: '輸入使用者名稱和密碼以繼續。',
+    placeholder: '存取權杖',
+    submit: '登入',
+    tokenRequired: '請輸入存取權杖',
+    invalidToken: '權杖無效',
+    connectionFailed: '無法連線至伺服器',
+    passwordLogin: '密碼登入',
+    tokenLogin: '權杖登入',
+    usernamePlaceholder: '使用者名稱',
+    passwordPlaceholder: '密碼',
+    defaultCredentialsHint: '預設登入名：admin，預設密碼：123456',
+    credentialsRequired: '請輸入使用者名稱和密碼',
+    invalidCredentials: '使用者名稱或密碼錯誤',
+    tooManyAttempts: '登入失敗次數過多，請稍後再試',
+    lockResetHint: '如果這是你的伺服器，可以執行以下命令清除登入鎖定：',
+    defaultLoginResetHint: '如需重置預設 admin 密碼，可以執行：',
+    sessionExpired: '登入已過期，請重新登入',
+    accessDenied: '你沒有權限存取此資源',
+    passwordMismatch: '兩次密碼不一致',
+    passwordTooShort: '密碼長度至少 6 個字元',
+    setupSuccess: '密碼登入設定成功',
+    passwordChanged: '密碼修改成功',
+    passwordRemoved: '密碼登入已移除',
+    setupPassword: '設定密碼登入',
+    changePassword: '修改密碼',
+    changeUsername: '修改使用者名稱',
+    removePasswordLogin: '移除',
+    username: '使用者名稱',
+    currentPassword: '目前密碼',
+    newPassword: '新密碼',
+    confirmPassword: '確認密碼',
+    newUsername: '新使用者名稱',
+    usernameChanged: '使用者名稱修改成功',
+    usernameTooShort: '使用者名稱至少 2 個字元',
+    setupDescription: '管理用於登入的使用者名稱和密碼。',
+    removeConfirm: '使用者帳號必須保留密碼登入。',
+    passwordLoginNotConfigured: '密碼登入未設定',
+    passwordLoginConfigured: '目前帳號：{username}',
+    defaultCredentialTitle: '請修改預設帳號和密碼',
+    defaultCredentialMessage: '目前登入帳號仍在使用預設使用者名稱或預設密碼。為避免未授權存取，請盡快進入目前帳號修改使用者名稱和密碼。',
+    defaultCredentialAction: '去修改',
+    defaultCredentialLater: '稍後提醒',
+  },
+
+  users: {
+    title: '帳號管理',
+    description: '建立使用者、分配角色，並控制一般管理員可存取的設定檔。',
+    create: '建立使用者',
+    edit: '編輯使用者',
+    username: '使用者名稱',
+    role: '角色',
+    statusLabel: '狀態',
+    profiles: '可存取設定檔',
+    profilesPlaceholder: '選擇可存取的設定檔',
+    allProfiles: '全部設定檔',
+    noProfiles: '未關聯設定檔',
+    lastLogin: '最後登入',
+    newPasswordOptional: '新密碼（留空不修改）',
+    loadFailed: '使用者列表載入失敗',
+    deleteConfirm: '確認刪除此使用者？',
+    enable: '啟用',
+    disable: '停用',
+    roles: {
+      superAdmin: '超級管理員',
+      admin: '一般管理員',
+    },
+    status: {
+      active: '啟用',
+      disabled: '停用',
+    },
+  },
+
+  // 通用
+  common: {
+    loading: '載入中...',
+    cancel: '取消',
+    delete: '刪除',
+    retry: '重試',
+    edit: '編輯',
+    save: '儲存',
+    saved: '已儲存',
+    saveFailed: '儲存失敗',
+    deleteFailed: '刪除失敗',
+    ok: '確定',
+    copied: '已複製',
+    copy: '複製',
+    update: '更新',
+    create: '建立',
+    noData: '目前無資料',
+    expired: '已過期',
+    fetch: '取得',
+    add: '新增',
+    enable: '啟用',
+    disable: '停用',
+    configured: '已設定',
+    notConfigured: '未設定',
+    confirm: '確定',
+    expand: '展開',
+    collapse: '收起',
+    start: '啟動',
+    stop: '停止',
+  },
+
+  // 側邊欄
+  // MCP 管理
+  mcp: {
+    title: 'MCP 伺服器',
+    loadFailed: '載入 MCP 伺服器失敗',
+    reloadAll: '全部重載',
+    refresh: '重新整理',
+    total: '總計',
+    connected: '已連線',
+    disconnected: '未連線',
+    tools: '工具',
+    tool: '工具',
+    searchPlaceholder: '搜尋伺服器...',
+    addServer: '+ 新增伺服器',
+    zeroTools: '0 個工具',
+    loading: '載入中...',
+    empty: '暫無 MCP 伺服器設定',
+    reloaded: '已重載 {server}',
+    reloadedAll: '所有 MCP 伺服器已重載',
+    reloadFailed: '重載失敗',
+    serverAdded: '伺服器 "{name}" 已新增',
+    addFailed: '新增伺服器失敗',
+    serverUpdated: '伺服器 "{name}" 已更新',
+    updateFailed: '更新伺服器失敗',
+    saveFailed: '儲存失敗',
+    serverRemoved: '已移除 "{name}"',
+    enabled: "已啟用 {name}",
+    disabled: "已禁用 {name}",
+    connectedStatus: '已連線',
+    disconnectedStatus: '未連線',
+    disabledStatus: '已停用',
+    toolList: '工具列表',
+    count: '個',
+    more: '更多',
+    removeFailed: '移除伺服器失敗',
+    testOk: '測試成功 — {count} 個工具可用',
+    testEmpty: '測試未回傳工具',
+    testFailed: '測試失敗',
+    edit: '編輯',
+    test: '測試',
+    reload: '重載',
+    remove: '移除',
+    confirmRemove: '確認刪除伺服器 "{name}"？',
+    cancel: '取消',
+    add: '新增',
+    save: '儲存',
+    addTitle: '新增 MCP 伺服器',
+    editTitle: '編輯 MCP 伺服器',
+    invalidJson: 'JSON 格式錯誤',
+    invalidYaml: 'YAML 格式錯誤',
+    invalidConfig: '配置格式錯誤',
+    invalidServerConfig: '伺服器配置無效',
+    missingCommandOrUrl: '必須包含 command 或 url',
+    manageTools: '管理工具',
+    toolsVisibilityTitle: '工具可見性管理',
+    fetchTools: '獲取工具列表',
+    fetchToolsFailed: '獲取工具列表失敗',
+    toolsMode: '模式：',
+    toolsModeAll: '全部',
+    toolsModeInclude: '包含',
+    toolsModeExclude: '排除',
+    toolsListHeader: '工具名稱',
+    toolsEmpty: '暫無工具，請先獲取工具列表',
+    toolsSummaryAll: '共 {count} 個工具，全部啟用',
+    toolsSummaryInclude: '共 {total} 個工具，已選 {count} 個',
+    toolsSummaryExclude: '共 {total} 個工具，已排除 {count} 個',
+    toolsVisibilitySaved: '工具可見性已儲存',
+    toolsSelectAll: '全選',
+    toolsClearSelection: '取消全選',
+    toolsExcludeAll: '全部排除',
+    toolsClearExcluded: '清空排除',
+  },
+
+  sidebar: {
+    chat: '對話',
+    search: '搜尋',
+    apiRelay: '中轉站',
+    history: '歷史',
+    jobs: '任務',
+    kanban: '看板',
+    models: '模型',
+    profiles: '使用者',
+    plugins: '插件',
+    mcp: 'MCP',
+    skills: '技能',
+    memory: '記憶',
+    logs: '日誌',
+    usage: '用量',
+    performance: '效能監控',
+    skillsUsage: '技能用量',
+    channels: '頻道',
+    gateways: '閘道',
+    terminal: '終端機',
+    groupChat: '群聊',
+    files: '檔案',
+    groupConversation: '對話',
+    groupConversationShort: '對話',
+    groupPlatform: '平台',
+    groupAgent: '代理',
+    groupAgentShort: '代理',
+    groupSystem: '系統',
+    groupSystemShort: '系統',
+    groupMonitoring: '監控',
+    groupMonitoringShort: '監控',
+    groupTools: '工具',
+    groupToolsShort: "工具",
+    codingAgents: "編程工具",
+    versionPreview: "版本預覽",
+    settings: '設定',
+    connected: '已連線',
+    disconnected: '未連線',
+    collapse: '收起選單',
+    expand: '展開選單',
+    updateTip: '在終端機執行 "hermes-web-ui update" 即可更新',
+    updateVersion: '升級版本 v{version}',
+    reloadClientVersion: '重新整理到 v{version}',
+    updating: '正在更新...',
+    updateSuccess: '更新成功，請稍後重新整理頁面，如長時間未啟動，請手動啟動',
+    updateFailed: '更新失敗',
+    logout: '登出',
+    nodeVersionWarning: '偵測到 Node.js v{version}，請升級至 23 以上版本。',
+    changelog: '更新日誌',
+    noChangelog: '目前無更新日誌',
+  },
+
+  performance: {
+    title: '效能監控',
+    subtitle: '查看系統資源、Bridge Broker、Workers 和活躍會話',
+    refresh: '重新整理',
+    autoRefreshOn: '自動重新整理',
+    autoRefreshOff: '手動重新整理',
+    loadFailed: '效能資料載入失敗',
+    systemCpu: '系統 CPU',
+    systemMemory: '系統記憶體',
+    activeSessions: '活躍會話',
+    runningSessions: '執行中 {count}',
+    workers: 'Workers',
+    totalWorkerMemory: 'Worker 總記憶體',
+    processes: '程序',
+    uptime: '執行',
+    running: '執行中',
+    stopped: '已停止',
+    workerMemory: 'Worker 記憶體',
+    lastUpdated: '更新時間',
+    profile: 'Profile',
+    memory: '記憶體',
+    sessions: '會話',
+    runningActiveSessions: '執行中 / 活躍',
+    lastUsed: '最後使用',
+    status: '狀態',
+    noWorkers: '暫無 Worker',
+    sessionsByProfile: '按 Profile 統計會話',
+    noActiveSessions: '暫無活躍會話',
+  },
+
+  // 抽屜
+  drawer: {
+    terminal: '終端機',
+    files: '工作區',
+  },
+
+  // 對話
+  chat: {
+    contextRemaining: '剩餘',
+    contextClickToEdit: '點擊編輯上下文長度',
+    contextEditTitle: '編輯上下文長度',
+    contextEditDesc: '設定目前模型的上下文長度限制（token 數量）',
+    contextEditPlaceholder: '請輸入上下文長度',
+    contextEditHint: '常見值：256k (Hermes 預設), 128k (GPT-4), 32k (GPT-3.5)',
+    contextEditSave: '儲存',
+    contextEditCancel: '取消',
+    contextEditInvalid: '請輸入有效的上下文長度',
+    contextEditSuccess: '上下文長度已更新',
+    contextEditFailed: '更新失敗',
+    emptyState: '開始與 Hermes Agent 對話',
+    outlineTitle: '會話大綱',
+    outlineEmpty: '暫無會話內容',
+    outlineUserQuestion: '使用者問題',
+    inputPlaceholder: '輸入訊息... (Enter 發送，Shift+Enter 換行)',
+    slashCommandArgs: {
+      message: '<訊息>',
+      title: '<標題>',
+      text: '<文字>',
+    },
+    slashCommands: {
+      usage: '計算目前會話用量',
+      status: '查看會話狀態和佇列',
+      abort: '停止目前 Bridge 執行',
+      queue: '將訊息加入目前執行後的佇列',
+      plan: '產生一份 Markdown 實作計畫',
+      goal: '設定一個跨輪次持續推進的目標',
+      goalStatus: '查看目前目標狀態',
+      goalPause: '暫停目前目標循環',
+      goalResume: '繼續已暫停的目標循環',
+      goalDone: '完成並清除目前目標',
+      goalClear: '清除目前目標',
+      subgoal: '為目前目標追加驗收條件',
+      clear: '清空目前顯示內容',
+      clearHistory: '刪除目前會話已儲存的訊息歷史',
+      title: '重新命名目前會話',
+      compress: '空閒時觸發上下文壓縮',
+      steer: '向目前 Bridge 執行傳送引導文字',
+      destroy: '釋放目前會話的 Bridge Agent',
+      reloadMcp: '重載 MCP 伺服器',
+    },
+    attachFiles: '新增附件',
+    autoPlaySpeech: '自動播放語音',
+    showToolCalls: '顯示工具呼叫',
+    hideToolCalls: '隱藏工具呼叫',
+    messageQueue: '訊息佇列',
+    removeQueuedMessage: '移除佇列訊息',
+    stop: '停止',
+    start: '啟動',
+    stopGateway: '停止閘道',
+    send: '發送',
+    contextUsed: '上下文已用:',
+    sessions: '工作階段',
+    webUiSessions: '工作階段',
+    allProfiles: '全部設定',
+    profileMissingModelsTip: '此工作階段所屬設定「{profile}」沒有可用的 provider 或模型',
+    sessionScopeHint: '這裡只顯示目前工作階段；CLI、Telegram、Discord、Cron 等頻道工作階段在歷史中以唯讀方式查看。',
+    openHistory: '開啟歷史',
+    hermesHistory: 'Hermes 歷史',
+    historyScopeHint: '這裡按來源以唯讀方式查看目前 profile 的 Hermes 歷史工作階段。',
+    noSessions: '目前無工作階段',
+    searchTitle: '搜尋工作階段',
+    searchSubtitle: '依標題或訊息內容搜尋',
+    searchScope: '搜尋範圍：僅 Web UI 本地工作階段資料庫；不包含唯讀 Hermes 歷史工作階段。',
+    searchHint: 'Cmd/Ctrl+K',
+    searchPlaceholder: '搜尋工作階段...',
+    searchEmpty: '最近工作階段',
+    searchRecent: '最近工作階段',
+    searchNoResults: '沒有符合的工作階段',
+    searchNoSnippet: '沒有可顯示的摘要',
+    searchEnterHint: 'Enter 開啟 · Esc 關閉',
+    searchFailed: '搜尋工作階段失敗',
+    newChat: '新增對話',
+    approvalKicker: '終端授權',
+    approvalTitle: '執行前請確認命令',
+    approvalAllowOnce: '僅本次允許',
+    approvalAllowSession: '本工作階段允許',
+    approvalAlways: '永遠允許',
+    approvalDeny: '拒絕',
+    clarifyKicker: 'Agent 需要確認',
+    clarifyTitle: 'Agent 有一個問題需要您回答',
+    clarifyPlaceholder: '輸入你的回答...',
+    clarifySubmit: '回覆',
+    clarifyDismiss: '忽略',
+    deleteSession: '確定刪除此工作階段？',
+    sessionDeleted: '工作階段已刪除',
+    toggleBatchMode: '批次選取',
+    selectAll: '全選',
+    confirmBatchDelete: '確定刪除選取的 {count} 個工作階段？',
+    batchDeleteSuccess: '已刪除 {count} 個工作階段',
+    batchDeletePartial: '{failed} 個工作階段刪除失敗',
+    batchDeleteFailed: '批次刪除失敗',
+    importToWebUi: '匯入到 Web UI',
+    importSessionSuccess: '工作階段已匯入 Web UI',
+    importSessionAlreadyExists: '工作階段已存在於 Web UI',
+    importSessionFailed: '匯入工作階段失敗',
+    rename: '重新命名',
+    pin: '釘選',
+    unpin: '取消釘選',
+    pinned: '已釘選',
+    chatMode: '聊天',
+    liveMode: '即時',
+    liveSessions: '即時工作階段',
+    recentBadge: '最近',
+    linkedSessions: '關聯 {count} 個工作階段',
+    noVisibleMessages: '沒有人類可見訊息。',
+    monitorRoleUser: '使用者',
+    monitorRoleAssistant: '助手',
+    copySessionLink: '複製工作階段連結',
+    openSessionInNewTab: '在新分頁開啟',
+    sessionLinkCopied: 'Session link copied',
+    copySessionId: '複製工作階段 ID',
+    export: '匯出',
+    exportFull: '完整匯出 (JSON)',
+    exportCompressed: '壓縮匯出 (TXT)',
+    exportCompressing: '正在壓縮上下文，請稍候...',
+    exportSuccess: '工作階段已匯出',
+    exportFailed: '匯出失敗',
+    renamed: '已重新命名',
+    renameFailed: '重新命名失敗',
+    renameSession: '重新命名工作階段',
+    sessionNotFound: '找不到工作階段',
+    enterNewTitle: '輸入新標題',
+    workspace: '工作區',
+    setWorkspace: '設定工作區',
+    setWorkspaceTitle: '設定工作階段工作區',
+    workspacePlaceholder: '輸入專案路徑，例如 /home/user/project',
+    workspaceSet: '工作區已設定',
+    workspaceSetFailed: '設定工作區失敗',
+    other: '其他',
+    runFailed: '執行失敗',
+    error: '錯誤',
+    tool: '工具',
+    arguments: '參數',
+    result: '結果',
+    truncated: '... (已截斷)',
+    executionDuration: '執行時長',
+    thinkingLabel: '思考過程',
+    thinkingInProgress: '思考中…',
+    thinkingShow: '展開思考過程',
+    thinkingHide: '收起思考過程',
+    thinkingDuration: '已觀察 {duration}',
+    thinkingChars: '{count} 字',
+    copyBubble: '複製訊息',
+    copiedBubble: '已複製',
+    copyFailed: '複製失敗',
+    playSpeech: '播放語音',
+    pauseSpeech: '暫停',
+    resumeSpeech: '繼續',
+    stopSpeech: '停止',
+    speechNotSupported: '此瀏覽器不支援語音播放',
+    modelSetFailed: '設定模型失敗',
+    modelSet: '模型已設定',
+    setModelTitle: '設定工作階段模型',
+    setModel: '設定模型',
+    newCliChat: '新增 CLI',
+    cliEmptyState: '開始 CLI 對話',
+  },
+
+  // 看板
+  kanban: {
+    title: '看板',
+    createTask: '新增任務',
+    noTasks: '目前無任務',
+    allStatuses: '所有狀態',
+    allAssignees: '所有負責人',
+    board: {
+      create: '新增看板',
+      archive: '封存看板',
+      slugPlaceholder: '看板識別碼，例如 project-a',
+      namePlaceholder: '顯示名稱（選填）',
+      slugRequired: '看板識別碼不能為空',
+      created: '看板已建立',
+      archived: '看板已封存',
+      archiveConfirm: '確定封存目前看板？',
+    },
+    columns: {
+      triage: '待分類',
+      todo: '待辦',
+      ready: '就緒',
+      running: '進行中',
+      blocked: '阻塞',
+      done: '已完成',
+      archived: '已封存',
+    },
+    form: {
+      title: '標題',
+      titlePlaceholder: '任務標題',
+      titleRequired: '標題不能為空',
+      body: '描述',
+      bodyPlaceholder: '任務描述（選填）',
+      assignee: '負責人',
+      selectAssignee: '選擇負責人...',
+      priority: '優先級',
+      selectPriority: '選擇優先級...',
+    },
+    card: {
+      assigneeTooltip: '負責人',
+      priority: {
+        low: '低',
+        medium: '中',
+        high: '高',
+      },
+      timeAgo: {
+        justNow: '剛剛',
+        minutes: '{count} 分鐘前',
+        hours: '{count} 小時前',
+        days: '{count} 天前',
+      },
+    },
+    detail: {
+      status: '狀態',
+      assignee: '負責人',
+      priority: '優先級',
+      tenant: '租戶',
+      createdAt: '建立時間',
+      startedAt: '開始時間',
+      completedAt: '完成時間',
+      comments: '評論',
+      events: '事件',
+      runs: '執行記錄',
+      result: '完成結果',
+      sessions: '關聯工作階段',
+      sessionMessages: '工作階段記錄',
+      noSessions: '找不到關聯工作階段。',
+      artifacts: '產出檔案',
+      sources: '資料來源',
+      highlights: '關鍵資訊',
+    },
+    action: {
+      title: '操作',
+      complete: '完成',
+      completeSummary: '完成摘要（選填）',
+      block: '阻塞',
+      blockReason: '阻塞原因',
+      unblock: '解除阻塞',
+      assign: '指派',
+      assignTo: '指派給...',
+    },
+    message: {
+      taskCreated: '任務已建立',
+      taskCompleted: '任務已完成',
+      taskBlocked: '任務已阻塞',
+      taskUnblocked: '任務已解除阻塞',
+      taskAssigned: '任務已指派',
+      loadFailed: '載入任務失敗',
+    },
+    stats: {
+      total: '總計',
+      tasks: '任務數',
+    },
+  },
+
+  // 排程任務
+  jobs: {
+    title: '排程任務',
+    createJob: '建立任務',
+    editJob: '編輯任務',
+    noJobs: '目前無排程任務，建立一個開始吧。',
+    name: '名稱',
+    namePlaceholder: '任務名稱',
+    schedule: '排程運算式 (Cron)',
+    schedulePlaceholder: '例如 0 9 * * *',
+    quickPresets: '快速預設',
+    selectPreset: '選擇預設...',
+    presetEveryMinute: '每分鐘',
+    presetEvery5Min: '每 5 分鐘',
+    presetEveryHour: '每小時',
+    presetEveryDay: '每天 00:00',
+    presetEveryDay9: '每天 09:00',
+    presetEveryMonday: '每週一 09:00',
+    presetEveryMonth: '每月 1 日 09:00',
+    prompt: '提示詞',
+    promptPlaceholder: '要執行的內容',
+    deliverTarget: '投遞目標',
+    origin: '來源',
+    local: '本地',
+    repeatCount: '重複次數（選填）',
+    modelPlaceholder: '預設模型',
+    repeatPlaceholder: '留空表示無限重複',
+    jobCreated: '任務已建立',
+    jobUpdated: '任務已更新',
+    nameRequired: '名稱為必填項',
+    scheduleRequired: '排程運算式為必填項',
+    loadFailed: '載入任務失敗',
+    jobPaused: '任務已暫停',
+    jobResumed: '任務已恢復',
+    jobTriggered: '任務已觸發',
+    modelUpdated: '模型已更新',
+    jobDeleted: '任務已刪除',
+    status: {
+      running: '執行中',
+      paused: '已暫停',
+      disabled: '已停用',
+      scheduled: '已排程',
+    },
+    info: {
+      model: '模型',
+      schedule: '排程',
+      lastRun: '上次執行',
+      nextRun: '下次執行',
+      deliver: '投遞',
+      repeat: '重複',
+    },
+    action: {
+      pause: '暫停',
+      pauseJob: '暫停任務',
+      resume: '恢復',
+      resumeJob: '恢復任務',
+      runNow: '立即執行',
+      triggerImmediately: '立即觸發',
+    },
+    runHistory: {
+      title: '執行歷史',
+      runs: '次執行',
+      noRuns: '目前無執行歷史。',
+    },
+  },
+
+  // 技能
+  skills: {
+    title: '技能',
+    searchPlaceholder: '搜尋技能...',
+    noMatch: '沒有符合的技能',
+    noSkills: '目前無技能',
+    backTo: '返回',
+    attachedFiles: '附件檔案',
+    loadFailed: '載入技能失敗',
+    fileLoadFailed: '載入檔案失敗',
+    modified: '使用者已修改',
+    archived: '已封存',
+    pinned: '已釘選',
+    pin: '釘選技能',
+    unpin: '取消釘選',
+    pinFailed: '變更釘選狀態失敗',
+    toggleFailed: '切換技能狀態失敗',
+    source: {
+      builtin: '內建',
+      hub: 'Hub 安裝',
+      local: '本地安裝',
+      external: '外部目錄',
+    },
+  },
+
+  // 插件
+  plugins: {
+    title: '插件',
+    refresh: '重新整理',
+    notice: '唯讀顯示可發現的 Hermes 插件 manifest。發現元資料讀取不會載入插件程式碼。v1 管理動作仍保留在 CLI，新 Hermes 工作階段生效。',
+    loadFailed: '載入插件失敗',
+    commandCopied: '指令已複製',
+    searchPlaceholder: '搜尋 key、名稱、描述、路徑...',
+    source: '來源',
+    kind: '類型',
+    statusTitle: '狀態',
+    configStatus: '設定：{status}',
+    notAvailable: '無',
+    copyCommand: '複製指令',
+    managedElsewhere: '由其他位置管理',
+    noMatch: '沒有符合目前篩選條件的插件',
+    enabled: '已啟用',
+    disabled: '已停用',
+    summary: {
+      total: '總數',
+      active: '已啟用 / 自動',
+      inactive: '未啟用',
+      disabled: '已停用',
+      providerManaged: 'Provider 管理',
+    },
+    status: {
+      enabled: '已啟用',
+      'auto-active': '自動啟用',
+      inactive: '未啟用',
+      disabled: '已停用',
+      'provider-managed': 'Provider 管理',
+    },
+    statusLabel: {
+      enabled: '設定啟用',
+      'auto-active': '自動啟用',
+      inactive: '未啟用',
+      disabled: '已停用',
+      'provider-managed': 'Provider 管理',
+    },
+    configStatuses: {
+      enabled: '已啟用',
+      disabled: '已停用',
+      'not-enabled': '未啟用',
+      auto: '自動',
+      'provider-managed': 'Provider 管理',
+    },
+    table: {
+      plugin: '插件',
+      status: '狀態',
+      source: '來源',
+      kind: '類型',
+      capabilities: '能力',
+      path: '路徑 / 入口',
+      cli: 'CLI',
+    },
+    capabilities: {
+      tools: '{count} 個工具',
+      hooks: '{count} 個 hook',
+      env: '{count} 個環境變數',
+    },
+    metadata: {
+      agentRoot: 'Agent 根目錄',
+      python: 'Python',
+      scanCwd: '掃描 cwd',
+      projectPlugins: '專案插件',
+    },
+  },
+
+  // 記憶
+  memory: {
+    title: '記憶',
+    refresh: '重新整理',
+    loadFailed: '載入記憶失敗',
+    myNotes: '我的筆記',
+    noNotes: '目前無筆記。',
+    notesPlaceholder: '輸入筆記內容...',
+    userProfile: '使用者畫像',
+    noProfile: '目前無畫像。',
+    profilePlaceholder: '輸入使用者畫像...',
+    soul: '靈魂',
+    noSoul: '目前無靈魂設定。',
+    soulPlaceholder: '輸入靈魂設定...',
+  },
+
+  // 模型
+  models: {
+    title: '模型',
+    searchPlaceholder: '搜尋模型...',
+    addProvider: '新增 Provider',
+    providerType: 'Provider 類型',
+    preset: '預設',
+    custom: '自訂',
+    selectProvider: '選擇 Provider',
+    chooseProvider: '選擇一個 provider...',
+    getApiKey: '取得 API Key',
+    name: '名稱',
+    autoGeneratedName: '依 Base URL 自動產生',
+    baseUrl: 'Base URL',
+    region: '區域',
+    regionIntl: '國際版',
+    regionCn: '中國大陸',
+    baseUrlPlaceholder: '例如 https://api.example.com/v1',
+    apiKey: 'API Key',
+    apiKeyPlaceholder: 'sk-...',
+    defaultModel: '預設模型',
+    selectOrInput: '選擇或輸入模型名稱...',
+    selectModel: '選擇模型...',
+    providerAdded: 'Provider 已新增',
+    providerDeleted: 'Provider 已刪除',
+    deleteProvider: '刪除 Provider',
+    deleteConfirm: '確定刪除「{name}」嗎？',
+    codexLoginTitle: 'OpenAI Codex 登入',
+    codexWaiting: '在授權頁面輸入以下代碼完成登入：',
+    codexCopyCode: '代碼已複製',
+    codexOpenLink: '開啟授權頁面',
+    codexApproved: '登入成功',
+    codexExpired: '授權已過期，請重試。',
+    nousLoginTitle: 'Nous Portal 登入',
+    nousWaiting: '在授權頁面輸入此代碼完成登入:',
+    nousCopyCode: '代碼已複製',
+    nousOpenLink: '開啟授權頁面',
+    nousApproved: '登入成功',
+    nousDenied: '授權被拒絕，請重試。',
+    nousExpired: '授權已過期，請重試。',
+    copilotLoginTitle: 'GitHub Copilot 登入',
+    copilotWaiting: '請前往 GitHub 輸入下方裝置代碼完成授權。授權完成後視窗會自動關閉。',
+    copilotCopyCode: '代碼已複製',
+    copilotOpenLink: '開啟 GitHub 授權頁',
+    copilotApproved: '登入成功！',
+    copilotDenied: '授權被拒絕。',
+    copilotExpired: '授權連結已過期，請重試。',
+    copilotAddDetectedTitle: '偵測到 GitHub Copilot',
+    copilotAddDetected: '已在本機偵測到 GitHub Copilot OAuth 憑證，點擊「新增」即可在 Hermes 中啟用 Copilot。',
+    copilotAddSourceEnv: '來源：~/.hermes/.env（COPILOT_GITHUB_TOKEN）',
+    copilotAddSourceGhCli: '來源：gh CLI（gh auth token）',
+    copilotAddSourceAppsJson: '來源：VS Code Copilot 插件（apps.json）',
+    copilotDeleteHintEnv: '此操作會清除 ~/.hermes/.env 中的 COPILOT_GITHUB_TOKEN，不影響其他工具。',
+    copilotDeleteHintGhCli: 'Copilot 將從 Hermes 清單移除。不會影響 gh CLI —— `gh auth status` 仍顯示已登入。',
+    copilotDeleteHintAppsJson: 'Copilot 將從 Hermes 清單移除。不會影響 VS Code Copilot 插件的登入。',
+    customBadge: '自訂',
+    previewBadge: '預覽',
+    disabledBadge: '不可用',
+    disabledTooltip: '此模型目前帳號不可用',
+    customModelPlaceholder: '自訂模型名稱',
+    customModelHint: '按 Enter 載入',
+    removeCustomModel: '移除這個未列出的模型',
+    noProviders: '目前無 Provider，新增一個開始吧。',
+    models: '模型清單',
+    count: '個模型',
+    more: '個更多',
+    builtIn: '內建',
+    customType: '自訂',
+    provider: 'Provider',
+    contextLength: '上下文長度',
+    contextLengthPlaceholder: '例如 256000（選填）',
+    local: '本地 ({host})',
+    selectProviderRequired: '請選擇 Provider',
+    baseUrlRequired: 'Base URL 為必填項',
+    apiKeyRequired: 'API Key 為必填項',
+    modelRequired: '預設模型為必填項',
+    enterBaseUrl: '請先輸入 Base URL',
+    unexpectedFormat: '回應格式異常',
+    foundModels: '找到 {count} 個模型',
+    fetchFailed: '取得模型失敗',
+    manageVisibleModels: '管理可見模型',
+    manageVisibleModelsFor: '管理 {name} 可見模型',
+    visibilityHint: '僅影響 Web UI 的模型選擇器和模型頁展示，不會改寫 Hermes CLI 的 provider/model 配置。實際呼叫仍使用原始模型 ID。',
+    visibilitySaved: '可見模型已儲存',
+    visibilitySaveFailed: '儲存可見模型失敗',
+    showAllModels: '顯示全部模型',
+    clearVisibleModels: '取消全選',
+    currentDefault: '目前預設',
+    defaultShort: '預設',
+    aliasEdit: '重新命名',
+    aliasTitle: '模型顯示名',
+    aliasTitleFor: '{model} 的顯示名',
+    aliasPlaceholder: '留空則使用原始模型 ID',
+    aliasHint: '僅修改 Web UI 顯示名，傳送給 Hermes 的仍是原始模型 ID。',
+    aliasCanonical: '原始 ID：{model}',
+    aliasUseOriginal: '恢復原始 ID',
+    aliasManage: '顯示名',
+    aliasManageFor: '{provider} 的顯示名',
+    aliasSaveFailed: '儲存顯示名失敗',
+    visibilitySelectOne: '至少保留一個可見模型',
+    xaiWaiting: '請在開啟的 xAI 頁面完成授權。授權完成後視窗會自動關閉。',
+    xaiOpenLink: '開啟 xAI 授權頁',
+    xaiLoginTitle: 'xAI Grok OAuth 登入',
+    xaiExpired: '授權連結已過期，請重試。',
+    xaiCopyLink: '複製授權連結',
+    xaiApproved: '登入成功！',
+  },
+
+  // 設定檔
+  profiles: {
+    title: '設定檔',
+    create: '建立設定檔',
+    import: '匯入',
+    export: '匯出',
+    rename: '重新命名',
+    delete: '刪除',
+    switchTo: '切換 Hermes Profile',
+    switchConfirm: '將執行 `hermes profile use {name}` 並切換 Hermes CLI 的 active profile，是否繼續？',
+    switchSuccess: 'Hermes active profile 已切換為「{name}」',
+    switchFailed: '切換 Hermes Profile 失敗，閘道可能需要手動重新啟動',
+    createSuccess: '設定檔「{name}」已建立',
+    createFailed: '建立設定檔失敗',
+    renameSuccess: '設定檔已重新命名',
+    renameFailed: '重新命名設定檔失敗',
+    deleteConfirm: '確定刪除設定檔「{name}」嗎？',
+    deleteSuccess: '設定檔已刪除',
+    deleteFailed: '刪除設定檔失敗',
+    exportSuccess: '設定檔已匯出',
+    exportFailed: '匯出設定檔失敗',
+    importSuccess: '設定檔已匯入',
+    importFailed: '匯入設定檔失敗',
+    importSelectFile: '選擇封存檔案',
+    importInvalidFile: '請選擇有效的封存檔案 (.tar.gz, .tgz, .gz, .zip)',
+    name: '設定檔名稱',
+    namePlaceholder: '僅限小寫字母、數字、連字號',
+    nameValidation: '設定檔名稱只能包含小寫字母、數字、底線和連字號',
+    newName: '新名稱',
+    newNamePlaceholder: '小寫字母、數字、連字號',
+    cloneFromCurrent: '從目前設定檔複製',
+    cloneCleanupNotice: '複製時會自動略過獨占型平台憑證（Weixin / Telegram / Slack 等），避免與來源設定檔衝突',
+    cloneStrippedCredentials: '已清理 {count} 項獨占憑證：{list}',
+    cloneDisabledPlatforms: '已停用 {count} 個平台：{list}',
+    cloneStrippedConfigCredentials: '已清理 config.yaml 中 {count} 項嵌入憑證：{list}',
+    archivePath: '封存路徑',
+    archivePathPlaceholder: '封存檔案的伺服器路徑',
+    importName: '設定檔名稱（選填）',
+    importNamePlaceholder: '留空則使用封存名稱',
+    active: '使用中',
+    model: '模型',
+    gateway: '閘道',
+    alias: '別名',
+    provider: 'Provider',
+    path: '路徑',
+    skills: '技能',
+    hasEnv: '有 .env',
+    hasSoulMd: '有 soul.md',
+    noProfiles: '目前無設定檔，建立一個開始吧。',
+    avatar: {
+      title: '自訂頭像',
+      customize: '頭像',
+      upload: '上傳圖片',
+      random: '隨機產生',
+      reset: '恢復預設',
+      hint: '支援 PNG、JPEG、WebP，最大 1MB',
+      invalidType: '請選擇 PNG、JPEG 或 WebP 圖片',
+      tooLarge: '頭像圖片不能超過 1MB',
+      saveSuccess: '頭像已儲存',
+      saveFailed: '儲存頭像失敗',
+      resetSuccess: '已恢復預設頭像',
+      resetFailed: '恢復預設頭像失敗',
+    },
+    runtime: {
+      activeProfile: '目前：{name}',
+      bridgeWorker: '橋接狀態',
+      gateway: '閘道',
+      active: '使用中',
+      activeTag: '目前',
+      idle: '閒置',
+      checking: '檢測中',
+      running: '執行中',
+      stopped: '已停止',
+      restartGateway: '重啟閘道',
+      restartProfile: '重啟設定檔',
+      switchProfile: '切換前端設定檔',
+      gatewayRestarted: '閘道已重啟：{name}',
+      gatewayRestartFailed: '重啟閘道失敗',
+      profileRestarted: '設定檔已重啟：{name}',
+      profileRestartFailed: '重啟設定檔失敗',
+    },
+  },
+
+  // 日誌
+  logs: {
+    title: '日誌',
+    all: '全部',
+    searchPlaceholder: '搜尋...',
+    refresh: '重新整理',
+    noEntries: '目前無日誌',
+  },
+
+  // 設定
+  settings: {
+    title: '設定',
+    saved: '已儲存',
+    saveFailed: '儲存失敗',
+    tabs: {
+      display: '顯示',
+      account: '目前帳號',
+      users: '帳號管理',
+      agent: '代理',
+      memory: '記憶',
+      compression: '上下文壓縮',
+      session: '工作階段',
+      privacy: '隱私',
+      apiServer: 'API 伺服器',
+      models: '模型',
+      voice: '語音',
+    },
+    models: {
+      apiKey: 'API Key',
+      apiKeyPlaceholder: '輸入 API Key',
+      save: '儲存',
+      saved: '已儲存',
+      saveFailed: '儲存失敗',
+      noProviders: '目前無已設定的模型',
+    },
+    display: {
+      streaming: '串流回應',
+      streamingHint: '即時顯示 AI 回覆',
+      compact: '緊湊模式',
+      compactHint: '減少訊息間距',
+      showReasoning: '顯示推理過程',
+      showReasoningHint: '展示模型思考過程',
+      showCost: '顯示費用',
+      showCostHint: '在回覆中顯示 token 使用量',
+      inlineDiffs: '內嵌差異',
+      inlineDiffsHint: '程式碼變更以內嵌方式顯示',
+      bellOnComplete: '完成提示音',
+      bellOnCompleteHint: 'AI 回覆完成時播放提示音',
+      busyInputMode: '忙碌輸入模式',
+      busyInputModeHint: 'AI 處理中仍可輸入',
+      theme: '主題',
+      themeHint: '選擇淺色、暗色或跟隨系統',
+      themeLight: '淺色',
+      themeDark: '暗色',
+      themeSystem: '跟隨系統',
+    },
+    agent: {
+      maxTurns: '最大輪次',
+      maxTurnsHint: '單次對話最大互動輪數',
+      gatewayTimeout: '閘道逾時',
+      gatewayTimeoutHint: '單次請求逾時時間（秒）',
+      restartDrainTimeout: '重啟排空逾時',
+      restartDrainTimeoutHint: '重啟前排空請求的逾時時間（秒）',
+      toolEnforcement: '工具執行策略',
+      toolEnforcementHint: '控制工具呼叫的執行模式',
+      auto: '自動',
+      always: '始終',
+      never: '從不',
+    },
+    memory: {
+      enabled: '啟用記憶',
+      enabledHint: '允許 AI 記住對話上下文',
+      userProfile: '使用者畫像',
+      userProfileHint: '允許 AI 記住使用者偏好資訊',
+      charLimit: '記憶字元上限',
+      charLimitHint: 'MEMORY.md 最大字元數',
+      userCharLimit: '使用者畫像字元上限',
+      userCharLimitHint: 'USER.md 最大字元數',
+    },
+    compression: {
+      enabled: '啟用壓縮',
+      enabledHint: '長對話接近模型上下文上限前自動壓縮歷史',
+      threshold: '壓縮閾值',
+      thresholdHint: '預估 token 超過上下文比例時開始壓縮',
+      targetRatio: '目標比例',
+      targetRatioHint: '壓縮後歷史保留到上下文的目標比例',
+      protectLastN: '保護最近訊息',
+      protectLastNHint: '最近多少則訊息不參與壓縮',
+      protectFirstN: '保護開頭訊息',
+      protectFirstNHint: '最早多少則訊息不參與壓縮',
+    },
+    session: {
+      mode: '重設模式',
+      modeHint: '工作階段重設的觸發條件',
+      modeBoth: '閒置 + 定時',
+      modeIdle: '僅閒置',
+      modeDaily: '僅定時',
+      modeNone: '永不（僅手動）',
+      idleMinutes: '閒置逾時',
+      idleMinutesHint: '無操作後自動重設的等待時間（分鐘）',
+      atHour: '定時重設時間',
+      humanOnly: '僅顯示人類工作階段',
+      humanOnlyHint: '預設隱藏子代理和工作階段監看雜訊',
+      liveMonitorHumanOnly: '即時監看：僅顯示人類工作階段',
+      liveMonitorHumanOnlyHint: '在即時監看中預設隱藏子代理和工作階段監看雜訊',
+      atHourHint: '每天在指定小時重設工作階段',
+      requireAuth: '工作階段授權',
+      requireAuthHint: '修改工作階段操作是否授權',
+    },
+    privacy: {
+      redactPii: '遮蔽 PII',
+      redactPiiHint: '自動偵測並隱藏敏感資訊（密碼、金鑰等）',
+    },
+    apiServer: {
+      enable: '啟用',
+      enableHint: '啟用 API 伺服器',
+      host: '主機',
+      hostHint: '監聽位址',
+      port: '連接埠',
+      portHint: '監聽連接埠',
+      key: '金鑰',
+      keyHint: 'API 存取金鑰',
+      cors: 'CORS 來源',
+      corsHint: '允許的跨域來源',
+    },
+    lockedIps: {
+      title: '鎖定 IP 管理',
+      count: '{count} 個 IP 被鎖定',
+      empty: '目前無鎖定 IP',
+      unlock: '解鎖',
+      unlockAll: '全部解鎖',
+      unlockAllConfirm: '確認解鎖所有鎖定的 IP？',
+      unlocked: 'IP 已解鎖',
+      allUnlocked: '已解鎖 {count} 個 IP',
+    },
+    voice: {
+      ttsProvider: 'TTS 提供者',
+      ttsProviderHint: '選擇訊息朗讀使用的語音引擎',
+      providerWebSpeech: 'WebSpeech API（瀏覽器內建）',
+      providerOpenai: 'OpenAI TTS',
+      providerCustom: '自訂端點（相容 OpenAI）',
+      providerEdge: 'Edge TTS（免費，無需 API Key）',
+
+      // WebSpeech
+      webspeechVoice: '音色',
+      webspeechVoiceHint: '從瀏覽器或系統提供的語音中選擇',
+      webspeechVoicePlaceholder: '自動（預設語音）',
+
+      // OpenAI
+      openaiKey: 'API 金鑰',
+      openaiKeyHint: '具有 TTS 權限的 OpenAI API Key',
+      openaiUrl: 'API 基礎位址',
+      openaiUrlHint: '例如 https://api.openai.com/v1/audio/speech',
+      openaiModel: '模型',
+      openaiModelHint: 'tts-1（快速）/ tts-1-hd（高音質）',
+      openaiVoice: '音色',
+      openaiVoiceHint: '用於語音合成的音色',
+
+      // 自訂端點
+      customHint: '支援任何 OpenAI 相容的 TTS 服務——可用於 GPT-SoVITS、CosyVoice 等自部署服務。',
+      customUrl: 'API 位址',
+      customUrlHint: 'TTS 服務的完整基礎位址',
+      customUrlPlaceholder: '本地適配器中設定的位址，如：http://127.0.0.1:9880',
+      customApiKey: 'API 金鑰（選填）',
+      customApiKeyHint: '部分自部署服務需要身份驗證',
+      customApiKeyPlaceholder: '不需要則留空',
+      // Edge TTS
+      edgeHint: '由 Microsoft Edge TTS 驅動（node-edge-tts）。',
+      edgeUrl: '適配器位址',
+      edgeUrlHint: 'Edge TTS 適配器位址，例如 http://127.0.0.1:9882',
+      edgeUrlPlaceholder: 'http://127.0.0.1:9882',
+      edgeVoice: '音色',
+      edgeVoiceHint: '選擇用於語音合成的音色',
+      edgeRate: '語速',
+      edgeRateHint: '調整語音速度（0.5～2.0 倍）',
+      edgePitch: '音調',
+      edgePitchHint: '調整語音音調（-20～+20 Hz）',
+
+      // 試聽
+      testTitle: '試聽測試',
+      testText: '測試文字',
+      testTextPlaceholder: '輸入測試文字...',
+      testTextDefault: '你好，這是一個語音測試。',
+      testButton: '試聽',
+      testButtonPlaying: '播放中...',
+      testFailed: '測試失敗：{error}',
+
+      // MiMo TTS
+      providerMimo: 'MiMo TTS',
+      mimoHint: '小米 MiMo TTS，支援預設音色、音色設計、音色複製三種模式',
+      mimoApiKey: 'API Key',
+      mimoApiKeyHint: '在 platform.xiaomimimo.com 取得',
+      mimoApiKeyPlaceholder: 'MiMo API Key',
+      mimoBaseUrl: 'Base URL',
+      mimoBaseUrlHint: 'MiMo API 端點位址',
+      mimoModel: '模型',
+      mimoModelHint: '選擇語音合成模型',
+      mimoModelPreset: '預設音色',
+      mimoModelVoiceDesign: '音色設計',
+      mimoModelVoiceClone: '音色複製',
+      mimoVoice: '音色',
+      mimoVoiceHint: '選擇預設音色',
+      mimoVoiceDesignPrompt: '音色描述',
+      mimoVoiceDesignPromptHint: '描述你想要的音色特徵',
+      mimoVoiceDesignPromptPlaceholder: '例如：溫柔的年輕女聲，語速稍慢，帶著磁性',
+      mimoCloneAudio: '上傳音訊',
+      mimoCloneAudioHint: '上傳音訊樣本用於音色複製，支援 mp3/wav，最大 10MB',
+      mimoCloneAudioUpload: '選擇檔案',
+      mimoCloneAudioClear: '清除音訊',
+      mimoStylePrompt: '風格指令',
+      mimoStylePromptHint: '可選，用自然語言描述語音風格',
+      mimoStylePromptPlaceholder: '例如：用輕快上揚的語調，語速稍快',
+    },
+  },
+  githubPreview: {
+    title: "版本預覽",
+    description: "將選取的 GitHub tag 複製到 Web UI 預覽工作目錄，安裝依賴並以開發連接埠執行。",
+    refresh: "重新整理",
+    selectTag: "選擇 tag",
+    prepare: "準備程式碼",
+    install: "安裝依賴",
+    start: "開啟預覽",
+    stop: "停止",
+    note: "預覽程式碼存放在 Web UI 資料目錄下。正式環境仍使用 8648，預覽開發環境使用前端 8651、後端 8650。",
+    path: "預覽路徑",
+    webuiHome: "預覽資料目錄",
+    currentTag: "目前 Tag",
+    repoReady: "倉庫就緒",
+    dependencies: "依賴已安裝",
+    running: "執行狀態",
+    notRunning: "未執行",
+    open: "開啟預覽",
+    log: "操作日誌路徑",
+    logOutput: "日誌輸出",
+    actionLog: "操作日誌",
+    devLog: "開發服務日誌",
+    yes: "是",
+    no: "否",
+    actionFailed: "操作失敗",
+    nodeEnvironmentMissing: "未偵測到可用的 Node/npm 環境，請先安裝 Node.js 後重試。",
+    prepareSuccess: "預覽程式碼已準備好",
+    installSuccess: "依賴安裝完成",
+    startSuccess: "預覽已完成",
+    stopSuccess: "預覽已停止",
+  },
+
+  codingAgents: {
+    title: "編程工具",
+    notice: "並非所有提供商和模型都相容。",
+    claudeDescription: "Anthropic CLI，適合 print mode 單次任務和互動式編程工作階段。",
+    codexDescription: "OpenAI CLI，以及 Hermes openai-codex 提供商的倉庫任務流程。",
+    copyCommand: "複製",
+    commandCopied: "命令已複製",
+    commandCopyFailed: "複製失敗",
+    refresh: "重新整理",
+    checking: "偵測中",
+    installStatus: "安裝狀態",
+    installed: "已安裝",
+    notInstalled: "未安裝",
+    installNow: "安裝",
+    installing: "安裝中",
+    installSuccess: "安裝完成",
+    installFailed: "安裝失敗",
+    nodeEnvironmentMissing: "未偵測到可用的 Node/npm 環境，請先安裝 Node.js 後重試。",
+    deleteNow: "刪除",
+    deleting: "刪除中",
+    deleteSuccess: "刪除完成",
+    deleteFailed: "刪除失敗",
+    configFiles: "設定檔",
+    profileScope: "設定",
+    providerScope: "提供商",
+    providerPlaceholder: "例如 custom:glm",
+    modelScope: "模型",
+    modelPlaceholder: "選擇模型",
+    launchModeScope: "啟動方式",
+    launchModeGlobal: "全域預設設定",
+    launchModeScoped: "選擇提供商和模型",
+    protocolScope: "協議",
+    protocolOpenAiChat: "OpenAI Chat Completions (/v1/chat/completions)",
+    protocolOpenAiResponses: "OpenAI Responses (/v1/responses)",
+    protocolAnthropicMessages: "Anthropic Messages (/v1/messages)",
+    reloadConfig: "重新讀取設定",
+    configFileNotCreated: "未建立",
+    configLoadFailed: "讀取設定檔失敗",
+    loadFailed: "偵測編程工具失敗",
+    launch: "啟動",
+    launchTitle: "啟動編程工具",
+    nativeTerminal: "原生終端機",
+    builtInTerminal: "內建終端機",
+    launchPrepared: "啟動設定已產生",
+    launchPrepareFailed: "產生啟動設定失敗",
+    nativeLaunchStarted: "已開啟原生終端機",
+    nativeLaunchFailed: "開啟原生終端機失敗",
+    terminalTitle: "編程工具終端機",
+    loadProvidersFailed: "讀取目前設定的提供商失敗",
+    selectProviderModel: "請選擇提供商和模型",
+    launchConfigDir: "啟動設定目錄",
+    launchCommand: "啟動命令",
+    table: {
+      tool: "工具",
+      kind: "步驟",
+      command: "命令",
+      note: "說明",
+      action: "操作",
+    },
+    kinds: {
+      install: "安裝",
+      auth: "認證",
+      health: "檢查",
+      run: "執行",
+    },
+    notes: {
+      claudeInstall: "全域安裝 Claude Code CLI。",
+      codexInstall: "全域安裝 Codex CLI。",
+      claudeAuth: "檢查 Claude Code 登入狀態；未登入時先執行 claude。",
+      codexAuth: "新增 Hermes 管理的 OpenAI Codex OAuth 憑證。",
+      claudeHealth: "檢查自動更新器和本機 CLI 健康狀態。",
+      codexHealth: "確認 Codex CLI 已在 PATH 中可用。",
+      claudeRun: "Print mode 最適合 API 驅動的單次任務。",
+      codexRun: "Codex 單次任務需要在 git 倉庫中執行。",
+    },
+  },
+
+  // 平台頻道設定
+  platform: {
+    requireMention: "需要 {'@'}提及",
+    requireMentionGroup: "群組中需要 {'@'}機器人 才會回應",
+    requireMentionChannel: "頻道中需要 {'@'}機器人 才會回應",
+    requireMentionRoom: "房間中需要 {'@'}機器人 才會回應",
+    reactions: '表情回應',
+    reactionsHint: '對訊息新增表情回應',
+    freeResponseChats: '自由回應聊天',
+    freeResponseChatsHint: "不需要 {'@'}提及即回應的聊天 ID（逗號分隔）",
+    freeResponseChannels: '自由回應頻道',
+    freeResponseChannelsHint: "不需要 {'@'}提及即回應的頻道 ID（逗號分隔）",
+    freeResponseRooms: '自由回應房間',
+    freeResponseRoomsHint: "不需要 {'@'}提及即回應的房間 ID（逗號分隔）",
+    mentionPatterns: '自訂提及模式',
+    mentionPatternsHint: '額外的觸發模式清單',
+    autoThread: '自動建立討論串',
+    autoThreadHint: "{'@'}提及後自動建立回覆討論串",
+    autoThreadHintRoom: '在房間中自動建立回覆討論串',
+    dmMentionThreads: 'DM 提及討論串',
+    dmMentionThreadsHint: '在私聊中也使用討論串回覆提及',
+    allowBots: '允許機器人訊息',
+    allowBotsHint: '回應其他機器人傳送的訊息',
+    allowedChannels: '允許的頻道',
+    allowedChannelsHint: '白名單頻道 ID（逗號分隔）',
+    ignoredChannels: '忽略的頻道',
+    ignoredChannelsHint: '不回應的頻道 ID（逗號分隔）',
+    noThreadChannels: '無討論串頻道',
+    noThreadChannelsHint: '不建立討論串的頻道 ID（逗號分隔）',
+    exclusiveTokenWarning: '此平台使用獨占 token 鎖。每個 profile 必須使用不同的身份 token，否則會與其他 profile 衝突導致 gateway 啟動失敗。',
+    botToken: 'Bot Token',
+    botTokenHint: '開發者入口網站取得的 Bot Token',
+    accessToken: 'Access Token',
+    accessTokenHint: 'Matrix Access Token',
+    homeserver: 'Homeserver URL',
+    homeserverHint: 'Matrix 伺服器位址',
+    appId: 'App ID',
+    appIdHint: '飛書 App ID',
+    appSecret: 'App Secret',
+    appSecretHint: '飛書 App Secret',
+    clientId: 'Client ID',
+    clientIdHint: '釘釘 Client ID',
+    clientSecret: 'Client Secret',
+    clientSecretHint: '釘釘 Client Secret',
+    cardTemplateId: 'AI 卡片範本 ID',
+    cardTemplateIdHint: '釘釘 AI 卡片範本 ID；留空則不啟用 AI 卡片',
+    allowedUsers: '允許使用者',
+    allowedUsersHint: '使用者 ID 或 OpenID 白名單，多個請用英文逗號分隔',
+    allowAllUsers: '允許所有使用者',
+    allowAllUsersHint: '允許任意使用者發起訊息；關閉後使用白名單',
+    botId: 'Bot ID',
+    botIdHint: '企業微信 Bot ID',
+    wecomSecretHint: '企業微信 Bot Secret',
+    waEnabled: '啟用 WhatsApp',
+    waEnabledHint: '透過 QR Code 配對啟用 WhatsApp',
+    weixinToken: '微信 Token',
+    weixinTokenHint: '透過 weixin CLI 掃碼登入取得 (hermes weixin)',
+    accountId: 'Account ID',
+    accountIdHint: '微信 Account ID',
+    qrLogin: '掃碼登入',
+    qrRelogin: '重新登入',
+    qrFetching: '正在取得 QR Code...',
+    qrScanHint: '使用微信掃描 QR Code 登入',
+    qrScanedHint: '已掃描，請在手機上確認...',
+    // QQ
+    qqAppId: 'App ID',
+    qqAppIdHint: 'QQ 開放平台機器人 App ID',
+    qqAppSecret: 'App Secret',
+    qqAppSecretHint: 'QQ 開放平台機器人 App Secret',
+    qqMarkdown: 'Markdown 支援',
+    qqMarkdownHint: '啟用 Markdown 格式訊息（部分客戶端可能不支援）',
+    qqSandbox: '沙箱模式',
+    qqSandboxHint: '啟用沙箱環境（測試用）',
+    qqQrScanHint: '使用 QQ 掃描上方 QR Code，或在手機上開啟連結完成綁定',
+  },
+
+  // 閘道
+  gateways: {
+    title: '閘道',
+    running: '執行中',
+    stopped: '已停止',
+    started: '已啟動',
+    startFailed: '啟動失敗',
+    stopFailed: '停止失敗',
+  },
+
+  // 語言
+  language: {
+    label: '語言',
+    zh: '中文（簡體）',
+    'zh-TW': '繁體中文',
+    en: 'English',
+  },
+
+  // 終端機
+  terminal: {
+    sessions: '工作階段',
+    newTab: '新增終端機',
+    closeSession: '關閉此工作階段？',
+    sessionExited: '已退出',
+    processExited: '程序已退出，代碼 {code}',
+    noSessions: '目前無終端機工作階段',
+    connectionFailed: '終端機服務連線失敗',
+    connectionClosed: '終端機連線已關閉',
+    connectionError: '終端機連線錯誤',
+  },
+
+  // 群聊
+  groupChat: {
+    title: '群聊',
+    createRoom: '建立房間',
+    joinByCode: '透過邀請碼加入',
+    roomName: '房間名稱',
+    roomNamePlaceholder: '輸入房間名稱',
+    inviteCode: '邀請碼',
+    autoGenerate: '自動產生',
+    noRooms: '目前無房間',
+    selectOrCreate: '選擇或建立一個房間開始聊天',
+    agents: '智慧代理',
+    addAgent: '新增智慧代理',
+    selectProfile: '選擇一個設定檔',
+    agentAdded: '智慧代理已新增',
+    agentAlreadyInRoom: '該智慧代理已在房間中',
+    agentAddFailedCount: '{count} 個智慧代理未新增：{details}',
+    noAgents: '目前房間無智慧代理',
+    members: '成員',
+    roomCreated: '房間已建立',
+    roomDeleted: '房間已刪除',
+    roomCloned: '房間已複製',
+    cloneRoom: '複製房間',
+    copyRoomLink: '複製房間連結',
+    deleteRoomConfirm: '確定刪除這個房間嗎？',
+    clearContext: '清理上下文',
+    clearContextConfirm: '確定清理目前房間上下文嗎？訊息和壓縮快照會被刪除，智慧代理和成員會保留。',
+    contextCleared: '上下文已清理',
+    you: '你',
+    joined: '已加入房間',
+    joinFailed: '加入房間失敗',
+    inputPlaceholder: '輸入訊息... (Enter 發送)',
+    enterCode: '輸入邀請碼',
+    yourName: '你的名稱',
+    yourNamePlaceholder: '輸入你的群聊暱稱',
+    yourDescription: '自我介紹（選填）',
+    yourDescriptionPlaceholder: '介紹一下你自己...',
+    agentName: 'Agent 名稱',
+    agentNamePlaceholder: '自訂名稱（留空則使用 profile 名稱）',
+    agentDesc: 'Agent 描述',
+    agentDescPlaceholder: '描述這個 agent 的作用...',
+    agentReplying: '正在回覆...',
+    agentCompressing: '正在壓縮上下文...',
+    compressionSettings: '壓縮設定',
+    triggerTokens: '觸發壓縮 Token 數',
+    triggerTokensDesc: '訊息 token 數超過此值時觸發上下文壓縮',
+    maxHistoryTokens: '最大歷史 Token 數',
+    maxHistoryTokensDesc: '壓縮後傳送給 LLM 的最大 token 數',
+    tailMessageCount: '保留最近訊息數',
+    tailMessageCountDesc: '壓縮後保留最近的原始訊息條數',
+    compressionConfig: '壓縮設定',
+    compressionSaved: '壓縮設定已儲存',
+    compressNow: '立即壓縮',
+    compressingInProgress: '正在壓縮中，請稍後',
+  },
+
+  // 用量統計
+  usage: {
+    title: '用量統計',
+    refresh: '重新整理',
+    totalTokens: '總 Token 數',
+    inputTokens: '輸入',
+    outputTokens: '輸出',
+    totalSessions: '總工作階段數',
+    avgPerDay: '日均 ~{n}',
+    estimatedCost: '預估費用',
+    cacheHitRate: '快取命中率',
+    modelBreakdown: '模型分布',
+    dailyTrend: '每日用量',
+    date: '日期',
+    tokens: 'Token',
+    cache: '快取',
+    cacheRead: '快取讀取',
+    cacheWrite: '快取寫入',
+    sessions: '工作階段',
+    cost: '費用',
+    noData: '目前無用量資料',
+  },
+
+  skillsUsage: {
+    title: '技能用量',
+    subtitle: '追蹤 Hermes 工作階段中的技能載入與編輯',
+    refresh: '重新整理',
+    periodSelector: '技能用量期間',
+    periodLabel: '{days}天',
+    summary: '總覽',
+    totalActions: '操作',
+    loads: '載入',
+    edits: '編輯',
+    distinctSkills: '技能數',
+    topSkills: '熱門',
+    dailyTrend: '趨勢',
+    periodSummary: '最近 {days} 天',
+    skill: '技能',
+    share: '占比',
+    lastUsed: '最近',
+    noData: '暫無技能用量資料',
+    loadFailed: '技能用量載入失敗',
+    otherSkills: '其他技能',
+  },
+
+  // 檔案管理
+  files: {
+    title: '檔案',
+    fileTree: '檔案樹',
+    tree: '目錄樹',
+    list: '檔案清單',
+    breadcrumbRoot: '根目錄',
+    newFile: '新增檔案',
+    newFolder: '新增資料夾',
+    upload: '上傳',
+    refresh: '重新整理',
+    open: '開啟',
+    edit: '編輯',
+    preview: '預覽',
+    download: '下載',
+    copyPath: '複製路徑',
+    rename: '重新命名',
+    delete: '刪除',
+    name: '名稱',
+    size: '大小',
+    modified: '修改時間',
+    actions: '操作',
+    emptyDir: '空目錄',
+    loading: '載入中...',
+    confirmDelete: '確定要刪除「{name}」嗎？',
+    confirmDeleteDir: '確定要刪除目錄「{name}」及其所有內容嗎？',
+    deleteFailed: '刪除失敗',
+    deleted: '已刪除',
+    renameTo: '重新命名為',
+    newFileName: '檔案名稱',
+    newFolderName: '資料夾名稱',
+    created: '已建立',
+    createFailed: '建立失敗',
+    renamed: '已重新命名',
+    renameFailed: '重新命名失敗',
+    uploadSuccess: '已上傳 {count} 個檔案',
+    uploadFailed: '上傳失敗',
+    saveFailed: '儲存失敗',
+    saved: '已儲存',
+    unsavedChanges: '有未儲存的變更，是否捨棄？',
+    pathCopied: '路徑已複製',
+    fileTooLarge: '檔案過大（最大 10MB）',
+    permissionDenied: '無法修改受保護的檔案',
+    notFound: '檔案或目錄不存在',
+    backendError: '檔案操作失敗',
+    dragDropHint: '拖曳檔案至此處上傳',
+    closeEditor: '關閉編輯器',
+    closePreview: '關閉',
+    saveFile: '儲存',
+  },
+
+  // 下載
+  download: {
+    downloading: '正在下載...',
+    downloadFailed: '下載失敗',
+    fileNotFound: '檔案不存在或已被刪除',
+    fileTooLarge: '檔案過大（超過限制）',
+    backendError: '檔案讀取失敗，遠端環境可能不可用',
+    backendTimeout: '檔案讀取逾時',
+    unsupportedBackend: '目前 terminal backend 暫不支援檔案下載',
+    invalidPath: '無效的檔案路徑',
+    contentDisplay: '內容展示',
+    download: '下載',
+    downloadFile: '下載檔案',
+  },
+
+  // 更新日誌
+  changelog: {
+    new_0_6_7_1: '桌面版預設使用 8748 連接埠，支援區域網路內存取，也可以直接用本機瀏覽器開啟 Web UI',
+    new_0_6_7_9: '桌面端下載入口已補充到官網 https://hermes-studio.ai/，也可以繼續從 GitHub Releases 取得最新安裝包',
+    new_0_6_7_2: 'MCP 工具鏈繼續完善：修復 bridge 工具發現與 MCP 管理生命週期，並在管理頁支援按模型控制工具可見性',
+    new_0_6_7_3: '訊息列表體驗優化：修復空狀態置中、捲動抖動、歷史會話載入串訊息，並在切換會話時保留捲動位置與 1.5 秒淡入效果',
+    new_0_6_7_4: 'Bridge 與執行狀態更穩定：保持文字和 tool-call 順序、修復 Profile runtime 狀態載入、改進 Node/npm 偵測，並避免正式環境自動建立資料目錄',
+    new_0_6_7_5: 'Desktop 發佈鏈路補齊 Electron 打包、應用命名、preload 建置、release artifact 上傳、Windows Hermes CLI 啟動、Linux 圖示與可寫資料路徑、macOS 無憑證跳過簽名和 Windows 啟動無視窗體驗',
+    new_0_6_7_6: '官網發佈支援下載頁和部署工作流，並修復沒有 rsync 的環境下部署失敗的問題',
+    new_0_6_7_7: '服務端與認證修復：Windows 憑據目錄使用 dirname 解析，頭像上傳 body 限制提高，避免大圖觸發 413',
+    new_0_6_7_8: '補充 coding agents 倉庫 harness、驗證文件和 agent 指南，同時移除過期 setup script 文件',
+    new_0_6_4_1: 'CI 流程加固：PR 檢查固定 npm 安裝路徑，並補齊 Docker smoke 校驗',
+    new_0_6_4_2: '聊天訊息列表新增虛擬分頁，長工作階段捲動與載入更穩定',
+    new_0_6_4_3: 'Docker 映像發布改為僅在 release 場景執行，避免一般 PR 觸發發布流程',
+    new_0_6_4_4: '新增版本預覽工作流：超級管理員可選擇 main 或 GitHub tag，準備預覽程式碼、安裝依賴、啟動/停止預覽並查看日誌',
+    new_0_6_4_5: '預覽實例隔離前後端連接埠、Web UI home 與 agent bridge endpoint，並在執行時修補舊版本的連接埠、WebSocket、base URL 與巢狀預覽入口',
+    new_0_6_4_6: '修復 legacy session_usage 表缺少 created_at 時的遷移問題，舊資料會以預設值補齊',
+    new_0_6_4_7: '預覽與正式環境的 bridge profile worker endpoint 會依 broker 隔離，避免同名 Profile 並發聊天時互相搶占導致 unknown run',
+    new_0_6_5_1: 'Coding Agents 新增完整啟動工作流：支援 Claude Code 與 Codex、全域設定啟動、按設定/提供商隔離的工作區，以及內建/原生終端機啟動',
+    new_0_6_5_2: 'Codex 啟動補齊 OpenAI Chat Completions、OpenAI Responses 和 Anthropic Messages 三種協議，並透過本機代理適配不同提供商',
+    new_0_6_5_3: 'Windows 下 Coding Agents 安裝偵測與終端機啟動更穩定，支援 .cmd/.bat shim，Claude Code 自訂模型啟動也避開本機型號校驗',
+    new_0_6_5_4: '訊息列表、History 分頁、TTS 認證、群聊 agent 提及、版本檢查開關和 bridge worker transport 等執行體驗繼續完善',
+    new_0_6_3_1: 'Bridge spinner 狀態不再寫入模型 reasoning，避免裝飾性 thinking 文字污染後續上下文',
+    new_0_6_3_2: 'History 新增 Hermes CLI 工作階段匯入控制，並在匯入時更安全地規範化訊息結構',
+    new_0_6_3_3: 'Provider 設定支援編輯內建 base URL，新增 LM Studio 內建 Provider，並支援從 LM Studio /models 即時發現模型',
+    new_0_6_3_4: '透過 Web UI bridge 發起的 OpenRouter 請求會攜帶 Hermes Web UI 應用歸因 headers',
+    new_0_6_3_5: '公開 auth status 介面不再向未登入請求暴露第一個使用者名稱',
+    new_0_6_3_6: '釘釘設定新增 AI Card Template ID，並持久化為 DINGTALK_CARD_TEMPLATE_ID',
+    new_0_6_3_7: 'Bridge socket JSON 輸出會清洗孤立 Unicode surrogate 字元，避免聊天 SSE 崩潰',
+    new_0_6_2_1: 'Web Bridge 支援 /plan 命令，計畫命令會正確啟動並顯示執行狀態',
+    new_0_6_2_2: '聊天輸入框指令選單新增 /goal 和 /subgoal，支援狀態、暫停、恢復、完成和清空等操作',
+    new_0_6_2_3: 'Goal 與 subgoal 工作流接入聊天工作階段，支援目標延續與狀態更新',
+    new_0_6_2_4: '修復任務投遞目標渠道選項，排程任務可以選擇正確的投遞位置',
+    new_0_6_2_5: '上下文 token 用量在重新連線後會依快照感知邏輯準確恢復',
+    new_0_6_2_6: '上下文檢查點壓縮對較慢的 Codex 摘要更穩定：Web UI 等待 5 分鐘，Python bridge broker 不再於 2 分鐘後提前切斷 worker 請求',
+    new_0_6_2_7: '修復聊天佇列推進，queued 訊息不會提前跳入訊息列表，多視窗同步場景也保持一致',
+    new_0_6_2_8: 'Clarify 彈窗輸入框不再按 Enter 直接提交，已回覆的 Clarify 也不會在切換工作階段後重複彈出',
+    new_0_6_2_9: 'Bridge 終端環境刷新與 stale pid 清理收斂到更準確的作用域，減少前端執行狀態殘留',
+    new_0_6_2_10: '預設上下文長度遵循 Hermes 規範，調整為 256,000 tokens',
+    new_0_5_35_1: 'Bridge 工作階段支援不同 session 並發執行，同一 session 仍保持串行以避免訊息順序錯亂',
+    new_0_5_35_2: '新增「效能監控」頁面，可查看系統 CPU/記憶體、Web UI、Bridge Broker、Workers 和活躍工作階段狀態',
+    new_0_5_35_3: '新增 Worker 級資源統計，展示每個 worker 的 CPU、記憶體、Profile、工作階段數和執行狀態',
+    new_0_5_35_4: '最佳化 Bridge worker 生命週期清理，Broker 關閉或父行程退出時會回收 worker，減少殘留 Python 行程',
+    new_0_5_35_5: '監控介面增強跨平台相容，支援 macOS、Windows、Linux、Docker 和 Termux 的資源採集降級',
+    new_0_5_35_6: '效能監控不再因 Agent 初始化中的 worker 請求而阻塞，降低 Windows 上 request timed out 的機率',
+    new_0_5_35_7: '聊天 Markdown 新增文字內容內嵌預覽，下載圖示會直接下載檔案，避免被預覽抽屜攔截',
+    new_0_5_35_8: '最佳化內容展示抽屜：行動端全寬並提供關閉入口，桌面端加寬到 800px，文字與 Markdown 背景保持一致',
+    new_0_6_0_1: '分帳戶、分 Profile 管理現在一致保護工作階段、模型、用量、看板、任務、上傳、媒體與相關 Hermes API',
+    new_0_6_0_2: '內建媒體 Skills 只會在媒體端點使用產生的伺服器 token，並依請求的 Profile 讀取 fun-codex/xAI 憑證',
+    new_0_6_0_3: '單聊與群聊都會把目前 Hermes Profile 注入執行提示，方便 Skills 請求時帶上 X-Hermes-Profile',
+    new_0_6_0_4: 'delegate_task 的 subagent 進度會即時顯示在聊天介面，包含開始、工具、進度與完成狀態',
+    new_0_6_0_5: '停止或中止執行時會清理暫時事件，避免舊的 abort 狀態帶入下一次聊天',
+    new_0_6_0_6: '同步更新文件與官網文案，涵蓋帳戶管理、預設憑證、分帳戶分 Profile 管理、上傳下載與內建媒體 Skills',
+    new_0_6_0_7: '新增 CLI 維護命令，用於清理登入 IP 鎖與重設預設 admin / 123456 登入帳戶',
+    new_0_6_0_8: '0.6.0 是 Web UI 從單使用者走向多使用者的分界版本；如果多使用者模式遇到問題，請提交 issue，必要時可回退到 0.5.35 單使用者版本',
+    new_0_6_1_1: '會話列表預設顯示目前帳戶可用的全部 Profile；只有明確選擇 Profile 篩選時才會限定 Profile，同時 CLI start/stop/status 不再列印 node:sqlite 實驗警告',
+    new_0_6_1_2: 'Clarify 與確認回覆現在會透過已鑑權的聊天 socket 傳到 Hermes bridge，並補上回應鏈路測試',
+    new_0_6_1_3: '導覽項目與聊天會話列改用原生連結，支援新分頁開啟、複製連結，並保留側邊欄摺疊狀態',
+    new_0_6_1_4: '會話連結不再把路由 Profile 洩漏到一般會話列表篩選，並補齊「在新分頁開啟」多語文案',
+    new_0_6_1_5: 'Skills 會讀取目前 Profile config 中的 skills.external_dirs，標記 external 來源，保留本地優先，並支援讀取外部 skill 檔案',
+    new_0_6_1_6: '登入 IP 鎖定門檻提高到 10 次失敗，鎖定後的登入頁會提示清除鎖定與重設預設登入的復原命令',
+    new_0_6_1_7: '行動端或背景造成的聊天斷線會視為暫時斷線，重連後從服務端恢復執行狀態',
+    new_0_6_1_8: 'Bridge 工具標記 flush 會在工具與執行邊界持久化殘留的工具呼叫前綴，避免重新整理後內容截斷',
+    new_0_6_1_9: 'History 與會話刪除改為帶上 Profile 精確目標，並在全域 Profile 切換時刷新歷史頁',
+    new_0_6_1_10: '移除舊的 AUTH_DISABLED 認證繞過以符合多使用者權限模型，同時保留 AUTH_TOKEN 支援',
+  },
+}
diff --git a/packages/client/src/i18n/locales/zh.ts b/packages/client/src/i18n/locales/zh.ts
new file mode 100644
index 0000000..32dcf5f
--- /dev/null
+++ b/packages/client/src/i18n/locales/zh.ts
@@ -0,0 +1,1553 @@
+export default {
+  // 登录
+  login: {
+    title: '灵犀 Web UI',
+    description: '输入用户名和密码以继续。',
+    placeholder: '访问令牌',
+    submit: '登录',
+    tokenRequired: '请输入访问令牌',
+    invalidToken: '令牌无效',
+    connectionFailed: '无法连接到服务器',
+    passwordLogin: '密码登录',
+    tokenLogin: '令牌登录',
+    usernamePlaceholder: '用户名',
+    passwordPlaceholder: '密码',
+    defaultCredentialsHint: '默认登录名：admin，默认密码：123456',
+    credentialsRequired: '请输入用户名和密码',
+    invalidCredentials: '用户名或密码错误',
+    tooManyAttempts: '登录失败次数过多，请稍后重试',
+    lockResetHint: '如果这是你的服务器，可以执行以下命令清除登录锁定：',
+    defaultLoginResetHint: '如需重置默认 admin 密码，可以执行：',
+    sessionExpired: '登录已过期，请重新登录',
+    accessDenied: '你没有权限访问该资源',
+    passwordMismatch: '两次密码不一致',
+    passwordTooShort: '密码长度至少 6 个字符',
+    setupSuccess: '密码登录配置成功',
+    passwordChanged: '密码修改成功',
+    passwordRemoved: '密码登录已移除',
+    setupPassword: '设置密码登录',
+    changePassword: '修改密码',
+    changeUsername: '修改用户名',
+    removePasswordLogin: '移除',
+    username: '用户名',
+    currentPassword: '当前密码',
+    newPassword: '新密码',
+    confirmPassword: '确认密码',
+    newUsername: '新用户名',
+    usernameChanged: '用户名修改成功',
+    usernameTooShort: '用户名至少 2 个字符',
+    setupDescription: '管理用于登录的用户名和密码。',
+    removeConfirm: '用户账号必须保留密码登录。',
+    passwordLoginNotConfigured: '密码登录未配置',
+    passwordLoginConfigured: '当前账户：{username}',
+    defaultCredentialTitle: '请修改默认账户和密码',
+    defaultCredentialMessage: '当前登录账户仍在使用默认用户名或默认密码。为了避免未授权访问，请尽快进入当前账户修改用户名和密码。',
+    defaultCredentialAction: '去修改',
+    defaultCredentialLater: '稍后提醒',
+  },
+
+  users: {
+    title: '账户管理',
+    description: '创建用户、分配角色，并控制普通管理员可访问的配置。',
+    create: '创建用户',
+    edit: '编辑用户',
+    username: '用户名',
+    role: '角色',
+    statusLabel: '状态',
+    profiles: '可访问配置',
+    profilesPlaceholder: '选择可访问的配置',
+    allProfiles: '全部配置',
+    noProfiles: '未关联配置',
+    lastLogin: '最后登录',
+    newPasswordOptional: '新密码（留空不修改）',
+    loadFailed: '用户列表加载失败',
+    deleteConfirm: '确认删除该用户？',
+    enable: '启用',
+    disable: '禁用',
+    roles: {
+      superAdmin: '超级管理员',
+      admin: '普通管理员',
+    },
+    status: {
+      active: '启用',
+      disabled: '禁用',
+    },
+  },
+
+  // 通用
+  common: {
+    loading: '加载中...',
+    cancel: '取消',
+    delete: '删除',
+    retry: '重试',
+    edit: '编辑',
+    save: '保存',
+    saved: '已保存',
+    saveFailed: '保存失败',
+    deleteFailed: '删除失败',
+    ok: '确定',
+    copied: '已复制',
+    copy: '复制',
+    update: '更新',
+    create: '创建',
+    noData: '暂无数据',
+    expired: '已过期',
+    fetch: '获取',
+    add: '添加',
+    enable: '启用',
+    disable: '禁用',
+    configured: '已配置',
+    notConfigured: '未配置',
+    confirm: '确定',
+    expand: '展开',
+    collapse: '收起',
+    start: '启动',
+    stop: '停止',
+  },
+
+  // 侧边栏
+  // MCP 管理
+  mcp: {
+    title: 'MCP 服务器',
+    loadFailed: '加载 MCP 服务器失败',
+    reloadAll: '全部重载',
+    refresh: '刷新',
+    total: '总计',
+    connected: '已连接',
+    disconnected: '未连接',
+    tools: '工具',
+    tool: '工具',
+    searchPlaceholder: '搜索服务器...',
+    addServer: '+ 添加服务器',
+    zeroTools: '0 个工具',
+    loading: '加载中...',
+    empty: '暂无 MCP 服务器配置',
+    reloaded: '已重载 {server}',
+    reloadedAll: '所有 MCP 服务器已重载',
+    reloadFailed: '重载失败',
+    serverAdded: '服务器 "{name}" 已添加',
+    addFailed: '添加服务器失败',
+    serverUpdated: '服务器 "{name}" 已更新',
+    updateFailed: '更新服务器失败',
+    saveFailed: '保存失败',
+    serverRemoved: '已移除 "{name}"',
+    enabled: "已启用 {name}",
+    disabled: "已禁用 {name}",
+    connectedStatus: '已连接',
+    disconnectedStatus: '未连接',
+    disabledStatus: '已禁用',
+    toolList: '工具列表',
+    count: '个',
+    more: '更多',
+    removeFailed: '移除服务器失败',
+    testOk: '测试成功 — {count} 个工具可用',
+    testEmpty: '测试未返回工具',
+    testFailed: '测试失败',
+    edit: '编辑',
+    test: '测试',
+    reload: '重载',
+    remove: '移除',
+    confirmRemove: '确认删除服务器 "{name}"？',
+    cancel: '取消',
+    add: '添加',
+    save: '保存',
+    addTitle: '添加 MCP 服务器',
+    editTitle: '编辑 MCP 服务器',
+    invalidJson: 'JSON 格式错误',
+    invalidYaml: 'YAML 格式错误',
+    invalidConfig: '配置格式错误',
+    invalidServerConfig: '服务器配置无效',
+    missingCommandOrUrl: '必须包含 command 或 url',
+    manageTools: '管理工具',
+    toolsVisibilityTitle: '工具可见性管理',
+    fetchTools: '获取工具列表',
+    fetchToolsFailed: '获取工具列表失败',
+    toolsMode: '模式：',
+    toolsModeAll: '全部',
+    toolsModeInclude: '包含',
+    toolsModeExclude: '排除',
+    toolsListHeader: '工具名称',
+    toolsEmpty: '暂无工具，请先获取工具列表',
+    toolsSummaryAll: '共 {count} 个工具，全部启用',
+    toolsSummaryInclude: '共 {total} 个工具，已选 {count} 个',
+    toolsSummaryExclude: '共 {total} 个工具，已排除 {count} 个',
+    toolsVisibilitySaved: '工具可见性已保存',
+    toolsSelectAll: '全选',
+    toolsClearSelection: '取消全选',
+    toolsExcludeAll: '全部排除',
+    toolsClearExcluded: '清空排除',
+  },
+
+  sidebar: {
+    chat: '对话',
+    search: '搜索',
+    apiRelay: '中转站',
+    history: '历史',
+    jobs: '任务',
+    kanban: '看板',
+    models: '模型',
+    profiles: '用户',
+    plugins: '插件',
+    mcp: 'MCP',
+    skills: '技能',
+    memory: '记忆',
+    logs: '日志',
+    usage: '用量',
+    performance: '性能监控',
+    skillsUsage: '技能用量',
+    channels: '频道',
+    gateways: '网关',
+    terminal: '终端',
+    groupChat: '群聊',
+    files: '文件',
+    groupConversation: '对话',
+    groupConversationShort: '对话',
+    groupPlatform: '平台',
+    groupAgent: '代理',
+    groupAgentShort: '代理',
+    groupSystem: '系统',
+    groupSystemShort: '系统',
+    groupMonitoring: '监控',
+    groupMonitoringShort: '监控',
+    groupTools: '工具',
+    groupToolsShort: "工具",
+    codingAgents: "编程工具",
+    versionPreview: "版本预览",
+    settings: '设置',
+    about: '关于',
+    connected: '已连接',
+    disconnected: '未连接',
+    collapse: '收起菜单',
+    expand: '展开菜单',
+    updateTip: '在终端运行 "hermes-web-ui update" 即可更新',
+    updateVersion: '升级版本 v{version}',
+    reloadClientVersion: '刷新到 v{version}',
+    updating: '正在更新...',
+    updateSuccess: '更新成功，请稍后刷新页面，如长时间未启动，请手动启动',
+    updateFailed: '更新失败',
+    logout: '退出登录',
+    nodeVersionWarning: '检测到 Node.js v{version}，请升级到23以上版本。',
+    changelog: '更新日志',
+    noChangelog: '暂无更新日志',
+  },
+
+  performance: {
+    title: '性能监控',
+    subtitle: '查看系统资源、Bridge Broker、Workers 和活跃会话',
+    refresh: '刷新',
+    autoRefreshOn: '自动刷新',
+    autoRefreshOff: '手动刷新',
+    loadFailed: '性能数据加载失败',
+    systemCpu: '系统 CPU',
+    systemMemory: '系统内存',
+    activeSessions: '活跃会话',
+    runningSessions: '运行中 {count}',
+    workers: 'Workers',
+    totalWorkerMemory: 'Worker 总内存',
+    processes: '进程',
+    uptime: '运行',
+    running: '运行中',
+    stopped: '已停止',
+    workerMemory: 'Worker 内存',
+    lastUpdated: '更新时间',
+    profile: 'Profile',
+    memory: '内存',
+    sessions: '会话',
+    runningActiveSessions: '运行中 / 活跃',
+    lastUsed: '最后使用',
+    status: '状态',
+    noWorkers: '暂无 Worker',
+    sessionsByProfile: '按 Profile 统计会话',
+    noActiveSessions: '暂无活跃会话',
+  },
+
+  // 抽屉
+  drawer: {
+    terminal: '终端',
+    files: '工作区',
+  },
+
+  // 对话
+  chat: {
+    contextRemaining: '剩余',
+    contextClickToEdit: '点击编辑上下文长度',
+    contextEditTitle: '编辑上下文长度',
+    contextEditDesc: '设置当前模型的上下文长度限制（token 数量）',
+    contextEditPlaceholder: '请输入上下文长度',
+    contextEditHint: '常见值：256k (灵犀 默认), 128k (GPT-4), 32k (GPT-3.5)',
+    contextEditSave: '保存',
+    contextEditCancel: '取消',
+    contextEditInvalid: '请输入有效的上下文长度',
+    contextEditSuccess: '上下文长度已更新',
+    contextEditFailed: '更新失败',
+    emptyState: '开始与 灵犀 Agent 对话',
+    cliEmptyState: '开始 CLI 对话',
+    outlineTitle: '会话大纲',
+    outlineEmpty: '暂无会话内容',
+    outlineUserQuestion: '用户问题',
+    inputPlaceholder: '输入消息... (Enter 发送，Shift+Enter 换行)',
+    slashCommandArgs: {
+      message: '<消息>',
+      title: '<标题>',
+      text: '<文本>',
+    },
+    slashCommands: {
+      usage: '计算当前会话用量',
+      status: '查看会话状态和队列',
+      abort: '停止当前 Bridge 运行',
+      queue: '把消息加入当前运行后的队列',
+      plan: '生成一份 Markdown 实施计划',
+      goal: '设置一个跨轮次持续推进的目标',
+      goalStatus: '查看当前目标状态',
+      goalPause: '暂停当前目标循环',
+      goalResume: '继续已暂停的目标循环',
+      goalDone: '完成并清除当前目标',
+      goalClear: '清除当前目标',
+      subgoal: '为当前目标追加验收条件',
+      clear: '清空当前显示内容',
+      clearHistory: '删除当前会话已入库的消息历史',
+      title: '重命名当前会话',
+      compress: '空闲时触发上下文压缩',
+      steer: '向当前 Bridge 运行发送引导文本',
+      destroy: '释放当前会话的 Bridge Agent',
+      reloadMcp: '重载 MCP 服务器',
+    },
+    attachFiles: '添加附件',
+    autoPlaySpeech: '自动播放语音',
+    showToolCalls: '显示工具调用',
+    hideToolCalls: '隐藏工具调用',
+    messageQueue: '消息队列',
+    removeQueuedMessage: '移除队列消息',
+    stop: '停止',
+    start: '启动',
+    stopGateway: '停止网关',
+    send: '发送',
+    contextUsed: '上下文已用:',
+    sessions: '会话',
+    webUiSessions: '会话',
+    allProfiles: '全部配置',
+    profileMissingModelsTip: '该会话所属配置「{profile}」没有可用的 provider 或模型',
+    sessionScopeHint: '这里只显示当前会话；CLI、Telegram、Discord、Cron 等通道会话在历史中只读查看。',
+    openHistory: '打开历史',
+    hermesHistory: '灵犀 历史',
+    historyScopeHint: '这里按来源只读查看当前 profile 的 灵犀 历史会话。',
+    noSessions: '暂无会话',
+    searchTitle: '搜索会话',
+    searchSubtitle: '按标题或消息内容搜索',
+    searchScope: '搜索范围：仅 Web UI 本地会话库；不包含只读 灵犀 历史会话。',
+    searchHint: 'Cmd/Ctrl+K',
+    searchPlaceholder: '搜索会话...',
+    searchEmpty: '最近会话',
+    searchRecent: '最近会话',
+    searchNoResults: '没有匹配的会话',
+    searchNoSnippet: '没有可显示的摘要',
+    searchEnterHint: 'Enter 打开 · Esc 关闭',
+    searchFailed: '搜索会话失败',
+    newChat: '新建对话',
+    approvalKicker: '终端授权',
+    approvalTitle: '运行前请确认命令',
+    approvalAllowOnce: '仅本次允许',
+    approvalAllowSession: '本会话允许',
+    approvalAlways: '始终允许',
+    approvalDeny: '拒绝',
+    clarifyKicker: 'Agent 需要确认',
+    clarifyTitle: 'Agent 有一个问题需要您回答',
+    clarifyPlaceholder: '输入你的回答...',
+    clarifySubmit: '回复',
+    clarifyDismiss: '忽略',
+    newCliChat: '新建 CLI',
+    deleteSession: '确定删除此会话？',
+    sessionDeleted: '会话已删除',
+    toggleBatchMode: '批量选择',
+    selectAll: '全选',
+    confirmBatchDelete: '确定删除选中的 {count} 个会话？',
+    batchDeleteSuccess: '已删除 {count} 个会话',
+    batchDeletePartial: '{failed} 个会话删除失败',
+    batchDeleteFailed: '批量删除失败',
+    importToWebUi: '导入到 Web UI',
+    importSessionSuccess: '会话已导入 Web UI',
+    importSessionAlreadyExists: '会话已存在于 Web UI',
+    importSessionFailed: '导入会话失败',
+    rename: '重命名',
+    pin: '置顶',
+    unpin: '取消置顶',
+    pinned: '已置顶',
+    chatMode: '聊天',
+    liveMode: '实时',
+    liveSessions: '实时会话',
+    recentBadge: '最近',
+    linkedSessions: '关联 {count} 个会话',
+    noVisibleMessages: '没有人类可见消息。',
+    monitorRoleUser: '用户',
+    monitorRoleAssistant: '助手',
+    copySessionLink: '复制会话链接',
+    openSessionInNewTab: '在新标签页打开',
+    sessionLinkCopied: 'Session link copied',
+    copySessionId: '复制会话 ID',
+    export: '导出',
+    exportFull: '全量导出 (JSON)',
+    exportCompressed: '压缩导出 (TXT)',
+    exportCompressing: '正在压缩上下文，请稍候...',
+    exportSuccess: '会话已导出',
+    exportFailed: '导出失败',
+    renamed: '已重命名',
+    renameFailed: '重命名失败',
+    renameSession: '重命名会话',
+    sessionNotFound: '会话未找到',
+    enterNewTitle: '输入新标题',
+    workspace: '工作区',
+    setWorkspace: '设置工作区',
+    setWorkspaceTitle: '设置会话工作区',
+    workspacePlaceholder: '输入项目路径，例如 /home/user/project',
+    workspaceSet: '工作区已设置',
+    workspaceSetFailed: '设置工作区失败',
+    setModel: '设置模型',
+    setModelTitle: '设置会话模型',
+    modelSet: '模型已设置',
+    modelSetFailed: '设置模型失败',
+    other: '其他',
+    runFailed: '运行失败',
+    error: '错误',
+    tool: '工具',
+    arguments: '参数',
+    result: '结果',
+    truncated: '... (已截断)',
+    executionDuration: '执行时长',
+    thinkingLabel: '思考过程',
+    thinkingInProgress: '思考中…',
+    thinkingShow: '展开思考过程',
+    thinkingHide: '收起思考过程',
+    thinkingDuration: '已观察 {duration}',
+    thinkingChars: '{count} 字',
+    copyBubble: '复制消息',
+    copiedBubble: '已复制',
+    copyFailed: '复制失败',
+    playSpeech: '播放语音',
+    pauseSpeech: '暂停',
+    resumeSpeech: '继续',
+    stopSpeech: '停止',
+    speechNotSupported: '此浏览器不支持语音播放',
+  },
+
+  // 看板
+  kanban: {
+    title: '看板',
+    createTask: '新建任务',
+    noTasks: '暂无任务',
+    allStatuses: '全部状态',
+    allAssignees: '全部负责人',
+    board: {
+      create: '新建看板',
+      archive: '归档看板',
+      slugPlaceholder: '看板标识，例如 project-a',
+      namePlaceholder: '显示名称（可选）',
+      slugRequired: '看板标识不能为空',
+      created: '看板已创建',
+      archived: '看板已归档',
+      archiveConfirm: '确定归档当前看板？',
+    },
+    columns: {
+      triage: '待分拣',
+      todo: '待办',
+      ready: '就绪',
+      running: '进行中',
+      blocked: '阻塞',
+      done: '已完成',
+      archived: '已归档',
+    },
+    form: {
+      title: '标题',
+      titlePlaceholder: '任务标题',
+      titleRequired: '标题不能为空',
+      body: '描述',
+      bodyPlaceholder: '任务描述（可选）',
+      assignee: '负责人',
+      selectAssignee: '选择负责人...',
+      priority: '优先级',
+      selectPriority: '选择优先级...',
+    },
+    card: {
+      assigneeTooltip: '负责人',
+      priority: {
+        low: '低',
+        medium: '中',
+        high: '高',
+      },
+      timeAgo: {
+        justNow: '刚刚',
+        minutes: '{count}分钟前',
+        hours: '{count}小时前',
+        days: '{count}天前',
+      },
+    },
+    detail: {
+      status: '状态',
+      assignee: '负责人',
+      priority: '优先级',
+      tenant: '租户',
+      createdAt: '创建时间',
+      startedAt: '开始时间',
+      completedAt: '完成时间',
+      comments: '评论',
+      events: '事件',
+      runs: '运行记录',
+      result: '完成结果',
+      sessions: '关联会话',
+      sessionMessages: '会话记录',
+      noSessions: '未找到关联会话。',
+      artifacts: '产出文件',
+      sources: '数据来源',
+      highlights: '关键信息',
+    },
+    action: {
+      title: '操作',
+      complete: '完成',
+      completeSummary: '完成摘要（可选）',
+      block: '阻塞',
+      blockReason: '阻塞原因',
+      unblock: '解除阻塞',
+      assign: '分配',
+      assignTo: '分配给...',
+    },
+    message: {
+      taskCreated: '任务已创建',
+      taskCompleted: '任务已完成',
+      taskBlocked: '任务已阻塞',
+      taskUnblocked: '任务已解除阻塞',
+      taskAssigned: '任务已分配',
+      loadFailed: '加载任务失败',
+    },
+    stats: {
+      total: '总计',
+      tasks: '任务数',
+    },
+  },
+
+  // 定时任务
+  jobs: {
+    title: '定时任务',
+    createJob: '创建任务',
+    editJob: '编辑任务',
+    noJobs: '暂无定时任务，创建一个开始吧。',
+    name: '名称',
+    namePlaceholder: '任务名称',
+    schedule: '调度表达式 (Cron)',
+    schedulePlaceholder: '例如 0 9 * * *',
+    quickPresets: '快速预设',
+    selectPreset: '选择预设...',
+    presetEveryMinute: '每分钟',
+    presetEvery5Min: '每 5 分钟',
+    presetEveryHour: '每小时',
+    presetEveryDay: '每天 00:00',
+    presetEveryDay9: '每天 09:00',
+    presetEveryMonday: '每周一 09:00',
+    presetEveryMonth: '每月 1 日 09:00',
+    prompt: '提示词',
+    promptPlaceholder: '要执行的内容',
+    deliverTarget: '投递目标',
+    origin: '来源',
+    local: '本地',
+    repeatCount: '重复次数（可选）',
+    modelPlaceholder: 'Default model',
+    repeatPlaceholder: '留空表示无限重复',
+    jobCreated: '任务已创建',
+    jobUpdated: '任务已更新',
+    nameRequired: '名称为必填项',
+    scheduleRequired: '调度表达式为必填项',
+    loadFailed: '加载任务失败',
+    jobPaused: '任务已暂停',
+    jobResumed: '任务已恢复',
+    jobTriggered: '任务已触发',
+    modelUpdated: 'Model updated',
+    jobDeleted: '任务已删除',
+    status: {
+      running: '运行中',
+      paused: '已暂停',
+      disabled: '已禁用',
+      scheduled: '已调度',
+    },
+    info: {
+      model: 'Model',
+      schedule: 'Schedule',
+      lastRun: '上次运行',
+      nextRun: '下次运行',
+      deliver: '投递',
+      repeat: '重复',
+    },
+    action: {
+      pause: '暂停',
+      pauseJob: '暂停任务',
+      resume: '恢复',
+      resumeJob: '恢复任务',
+      runNow: '立即运行',
+      triggerImmediately: '立即触发',
+    },
+    runHistory: {
+      title: '运行历史',
+      runs: '次运行',
+      noRuns: '暂无运行历史。',
+    },
+  },
+
+  // 技能
+  skills: {
+    title: '技能',
+    searchPlaceholder: '搜索技能...',
+    noMatch: '没有匹配的技能',
+    noSkills: '暂无技能',
+    backTo: '返回',
+    attachedFiles: '附件文件',
+    loadFailed: '加载技能失败',
+    fileLoadFailed: '加载文件失败',
+    modified: '用户已修改',
+    archived: '已归档',
+    pinned: '已置顶',
+    pin: '置顶技能',
+    unpin: '取消置顶',
+    pinFailed: '更改置顶状态失败',
+    toggleFailed: '切换技能状态失败',
+    source: {
+      builtin: '内置',
+      hub: 'Hub 安装',
+      local: '本地安装',
+      external: '外部目录',
+    },
+  },
+
+  // 插件
+  plugins: {
+    title: '插件',
+    refresh: '刷新',
+    notice: '只读展示可发现的 灵犀 插件 manifest。发现元数据读取不会加载插件代码。v1 管理动作仍保留在 CLI，新 灵犀 会话生效。',
+    loadFailed: '加载插件失败',
+    commandCopied: '命令已复制',
+    searchPlaceholder: '搜索 key、名称、描述、路径...',
+    source: '来源',
+    kind: '类型',
+    statusTitle: '状态',
+    configStatus: '配置：{status}',
+    notAvailable: '无',
+    copyCommand: '复制命令',
+    managedElsewhere: '由其他位置管理',
+    noMatch: '没有匹配当前筛选条件的插件',
+    enabled: '已启用',
+    disabled: '已禁用',
+    summary: {
+      total: '总数',
+      active: '已启用 / 自动',
+      inactive: '未启用',
+      disabled: '已禁用',
+      providerManaged: 'Provider 管理',
+    },
+    status: {
+      enabled: '已启用',
+      'auto-active': '自动启用',
+      inactive: '未启用',
+      disabled: '已禁用',
+      'provider-managed': 'Provider 管理',
+    },
+    statusLabel: {
+      enabled: '配置启用',
+      'auto-active': '自动启用',
+      inactive: '未启用',
+      disabled: '已禁用',
+      'provider-managed': 'Provider 管理',
+    },
+    configStatuses: {
+      enabled: '已启用',
+      disabled: '已禁用',
+      'not-enabled': '未启用',
+      auto: '自动',
+      'provider-managed': 'Provider 管理',
+    },
+    table: {
+      plugin: '插件',
+      status: '状态',
+      source: '来源',
+      kind: '类型',
+      capabilities: '能力',
+      path: '路径 / 入口',
+      cli: 'CLI',
+    },
+    capabilities: {
+      tools: '{count} 个工具',
+      hooks: '{count} 个 hook',
+      env: '{count} 个环境变量',
+    },
+    metadata: {
+      agentRoot: 'Agent 根目录',
+      python: 'Python',
+      scanCwd: '扫描 cwd',
+      projectPlugins: '项目插件',
+    },
+  },
+
+  // 记忆
+  memory: {
+    title: '记忆',
+    refresh: '刷新',
+    loadFailed: '加载记忆失败',
+    myNotes: '我的笔记',
+    noNotes: '暂无笔记。',
+    notesPlaceholder: '输入笔记内容...',
+    userProfile: '用户画像',
+    noProfile: '暂无画像。',
+    profilePlaceholder: '输入用户画像...',
+    soul: '灵魂',
+    noSoul: '暂无灵魂配置。',
+    soulPlaceholder: '输入灵魂配置...',
+  },
+
+  // 模型
+  models: {
+    title: '模型',
+    searchPlaceholder: '搜索模型...',
+    addProvider: '添加 Provider',
+    providerType: 'Provider 类型',
+    preset: '预设',
+    custom: '自定义',
+    selectProvider: '选择 Provider',
+    chooseProvider: '选择一个 provider...',
+    getApiKey: '获取 API Key',
+    name: '名称',
+    autoGeneratedName: '根据 Base URL 自动生成',
+    baseUrl: 'Base URL',
+    region: '区域',
+    regionIntl: '国际版',
+    regionCn: '中国大陆',
+    baseUrlPlaceholder: '例如 https://api.example.com/v1',
+    apiKey: 'API Key',
+    apiKeyPlaceholder: 'sk-...',
+    defaultModel: '默认模型',
+    selectOrInput: '选择或输入模型名称...',
+    selectModel: '选择模型...',
+    providerAdded: 'Provider 已添加',
+    providerDeleted: 'Provider 已删除',
+    deleteProvider: '删除 Provider',
+    deleteConfirm: '确定删除 "{name}" 吗？',
+    codexLoginTitle: 'OpenAI Codex 登录',
+    codexWaiting: '在授权页面输入以下代码完成登录：',
+    codexCopyCode: '代码已复制',
+    codexOpenLink: '打开授权页面',
+    codexApproved: '登录成功',
+    codexExpired: '授权已过期，请重试。',
+    nousLoginTitle: 'Nous Portal 登录',
+    nousWaiting: '在授权页面输入此代码完成登录:',
+    nousCopyCode: '代码已复制',
+    nousOpenLink: '打开授权页面',
+    nousApproved: '登录成功',
+    nousDenied: '授权被拒绝，请重试。',
+    nousExpired: '授权已过期，请重试。',
+    copilotLoginTitle: 'GitHub Copilot 登录',
+    copilotWaiting: '请前往 GitHub 输入下方设备代码完成授权。授权完成后窗口会自动关闭。',
+    copilotCopyCode: '代码已复制',
+    copilotOpenLink: '打开 GitHub 授权页',
+    copilotApproved: '登录成功！',
+    copilotDenied: '授权被拒绝。',
+    copilotExpired: '授权链接已过期，请重试。',
+    copilotAddDetectedTitle: '检测到 GitHub Copilot',
+    copilotAddDetected: '已在本机检测到 GitHub Copilot OAuth 凭证，点击「添加」即可在 灵犀 中启用 Copilot。',
+    copilotAddSourceEnv: '来源：~/.hermes/.env（COPILOT_GITHUB_TOKEN）',
+    copilotAddSourceGhCli: '来源：gh CLI（gh auth token）',
+    copilotAddSourceAppsJson: '来源：VS Code Copilot 插件（apps.json）',
+    copilotDeleteHintEnv: '此操作会清除 ~/.hermes/.env 中的 COPILOT_GITHUB_TOKEN，不影响其他工具。',
+    copilotDeleteHintGhCli: 'Copilot 将从 灵犀 列表移除。不会影响 gh CLI —— `gh auth status` 仍显示已登录。',
+    copilotDeleteHintAppsJson: 'Copilot 将从 灵犀 列表移除。不会影响 VS Code Copilot 插件的登录。',
+    xaiLoginTitle: 'xAI Grok OAuth 登录',
+    xaiWaiting: '请在打开的 xAI 页面完成授权。授权完成后窗口会自动关闭。',
+    xaiOpenLink: '打开 xAI 授权页',
+    xaiCopyLink: '复制授权链接',
+    xaiApproved: '登录成功！',
+    xaiExpired: '授权链接已过期，请重试。',
+    customBadge: '自定义',
+    previewBadge: '预览',
+    disabledBadge: '不可用',
+    disabledTooltip: "此模型当前账号不可用",
+    customModelPlaceholder: '未列出的模型 ID',
+    customModelHint: '仅用于 provider 支持但未返回的模型；不是重命名。按回车加载。',
+    removeCustomModel: '移除这个未列出的模型',
+    noProviders: '暂无 Provider，添加一个开始吧。',
+    models: '模型列表',
+    count: '个模型',
+    more: '个更多',
+    aliasEdit: '重命名',
+    aliasTitle: '模型显示名',
+    aliasTitleFor: '{model} 的显示名',
+    aliasPlaceholder: '留空则使用原始模型 ID',
+    aliasHint: '仅修改 Web UI 显示名，发送给 灵犀 的仍是原始模型 ID。',
+    aliasCanonical: '原始 ID：{model}',
+    aliasUseOriginal: '恢复原始 ID',
+    aliasManage: '显示名',
+    aliasManageFor: '{provider} 的显示名',
+    aliasSaveFailed: '保存显示名失败',
+    manageVisibleModels: '管理可见模型',
+    manageVisibleModelsFor: '管理 {name} 可见模型',
+    visibilityHint: '仅影响 Web UI 的模型选择器和模型页展示，不会改写 灵犀 CLI 的 provider/model 配置。实际调用仍使用原始模型 ID。',
+    visibilitySelectOne: '至少保留一个可见模型',
+    visibilitySaved: '可见模型已保存',
+    visibilitySaveFailed: '保存可见模型失败',
+    showAllModels: '显示全部模型',
+    clearVisibleModels: '取消全选',
+    currentDefault: '当前默认',
+    defaultShort: '默认',
+    builtIn: '内置',
+    customType: '自定义',
+    provider: 'Provider',
+    contextLength: '上下文长度',
+    contextLengthPlaceholder: '例如 256000（可选）',
+    local: '本地 ({host})',
+    selectProviderRequired: '请选择 Provider',
+    baseUrlRequired: 'Base URL 为必填项',
+    apiKeyRequired: 'API Key 为必填项',
+    modelRequired: '默认模型为必填项',
+    enterBaseUrl: '请先输入 Base URL',
+    unexpectedFormat: '响应格式异常',
+    foundModels: '找到 {count} 个模型',
+    fetchFailed: '获取模型失败',
+  },
+
+  // 配置
+  profiles: {
+    title: '配置',
+    create: '创建配置',
+    import: '导入',
+    export: '导出',
+    rename: '重命名',
+    delete: '删除',
+    switchTo: '切换 灵犀 Profile',
+    switchConfirm: '将执行 `hermes profile use {name}` 并切换 灵犀 CLI 的 active profile，是否继续？',
+    switchSuccess: '灵犀 active profile 已切换为 "{name}"',
+    switchFailed: '切换 灵犀 Profile 失败，网关可能需要手动重启',
+    createSuccess: '配置 "{name}" 已创建',
+    createFailed: '创建配置失败',
+    renameSuccess: '配置已重命名',
+    renameFailed: '重命名配置失败',
+    deleteConfirm: '确定删除配置 "{name}" 吗？',
+    deleteSuccess: '配置已删除',
+    deleteFailed: '删除配置失败',
+    exportSuccess: '配置已导出',
+    exportFailed: '导出配置失败',
+    importSuccess: '配置已导入',
+    importFailed: '导入配置失败',
+    importSelectFile: '选择归档文件',
+    importInvalidFile: '请选择有效的归档文件 (.tar.gz, .tgz, .gz, .zip)',
+    name: '配置名称',
+    namePlaceholder: '仅限小写字母、数字、连字符',
+    nameValidation: '配置名称只能包含小写字母、数字、下划线和连字符',
+    newName: '新名称',
+    newNamePlaceholder: '小写字母、数字、连字符',
+    cloneFromCurrent: '从当前配置克隆',
+    cloneCleanupNotice: '克隆时会自动跳过独占型平台凭据（Weixin / Telegram / Slack 等），避免与源配置冲突',
+    cloneStrippedCredentials: '已清理 {count} 项独占凭据：{list}',
+    cloneDisabledPlatforms: '已禁用 {count} 个平台：{list}',
+    cloneStrippedConfigCredentials: '已清理 config.yaml 中 {count} 项内嵌凭据：{list}',
+    archivePath: '归档路径',
+    archivePathPlaceholder: '归档文件的服务器路径',
+    importName: '配置名称（可选）',
+    importNamePlaceholder: '留空则使用归档名称',
+    active: '活跃',
+    model: '模型',
+    gateway: '网关',
+    alias: '别名',
+    provider: 'Provider',
+    path: '路径',
+    skills: '技能',
+    hasEnv: '有 .env',
+    hasSoulMd: '有 soul.md',
+    noProfiles: '暂无配置，创建一个开始吧。',
+    avatar: {
+      title: '自定义头像',
+      customize: '头像',
+      upload: '上传图片',
+      random: '随机生成',
+      reset: '恢复默认',
+      hint: '支持 PNG、JPEG、WebP，最大 1MB',
+      invalidType: '请选择 PNG、JPEG 或 WebP 图片',
+      tooLarge: '头像图片不能超过 1MB',
+      saveSuccess: '头像已保存',
+      saveFailed: '保存头像失败',
+      resetSuccess: '已恢复默认头像',
+      resetFailed: '恢复默认头像失败',
+    },
+    runtime: {
+      activeProfile: '当前：{name}',
+      bridgeWorker: '桥接状态',
+      gateway: '网关',
+      active: '活跃',
+      activeTag: '当前',
+      idle: '空闲',
+      checking: '检测中',
+      running: '运行中',
+      stopped: '已停止',
+      restartGateway: '重启网关',
+      restartProfile: '重启配置',
+      switchProfile: '切换前端配置',
+      gatewayRestarted: '网关已重启：{name}',
+      gatewayRestartFailed: '重启网关失败',
+      profileRestarted: '配置已重启：{name}',
+      profileRestartFailed: '重启配置失败',
+    },
+  },
+
+  // 日志
+  logs: {
+    title: '日志',
+    all: '全部',
+    searchPlaceholder: '搜索...',
+    refresh: '刷新',
+    noEntries: '暂无日志',
+  },
+
+  // 设置
+  settings: {
+    title: '设置',
+    saved: '已保存',
+    saveFailed: '保存失败',
+    tabs: {
+      display: '显示',
+      account: '当前账户',
+      users: '账户管理',
+      agent: '代理',
+      memory: '记忆',
+      compression: '上下文压缩',
+      session: '会话',
+      privacy: '隐私',
+      apiServer: 'API 服务器',
+      models: '模型',
+      voice: '语音',
+    },
+    models: {
+      apiKey: 'API Key',
+      apiKeyPlaceholder: '输入 API Key',
+      save: '保存',
+      saved: '已保存',
+      saveFailed: '保存失败',
+      noProviders: '暂无已配置的模型',
+    },
+    display: {
+      streaming: '流式响应',
+      streamingHint: '实时显示 AI 回复',
+      compact: '紧凑模式',
+      compactHint: '减少消息间距',
+      showReasoning: '显示推理过程',
+      showReasoningHint: '展示模型思考过程',
+      showCost: '显示费用',
+      showCostHint: '在回复中显示 token 使用量',
+      inlineDiffs: '内联差异',
+      inlineDiffsHint: '代码变更以内联方式显示',
+      bellOnComplete: '完成提示音',
+      bellOnCompleteHint: 'AI 回复完成时播放提示音',
+      busyInputMode: '忙碌输入模式',
+      busyInputModeHint: 'AI 处理中仍可输入',
+      theme: '主题',
+      themeHint: '选择浅色、暗色或跟随系统',
+      themeLight: '浅色',
+      themeDark: '暗色',
+      themeSystem: '跟随系统',
+    },
+    agent: {
+      maxTurns: '最大轮次',
+      maxTurnsHint: '单次对话最大交互轮数',
+      gatewayTimeout: '网关超时',
+      gatewayTimeoutHint: '单次请求超时时间（秒）',
+      restartDrainTimeout: '重启排空超时',
+      restartDrainTimeoutHint: '重启前排空请求的超时时间（秒）',
+      toolEnforcement: '工具执行策略',
+      toolEnforcementHint: '控制工具调用的执行模式',
+      auto: '自动',
+      always: '始终',
+      never: '从不',
+    },
+    memory: {
+      enabled: '启用记忆',
+      enabledHint: '允许 AI 记住对话上下文',
+      userProfile: '用户画像',
+      userProfileHint: '允许 AI 记住用户偏好信息',
+      charLimit: '记忆字符上限',
+      charLimitHint: 'MEMORY.md 最大字符数',
+      userCharLimit: '用户画像字符上限',
+      userCharLimitHint: 'USER.md 最大字符数',
+    },
+    compression: {
+      enabled: '启用压缩',
+      enabledHint: '长对话接近模型上下文上限前自动压缩历史',
+      threshold: '压缩阈值',
+      thresholdHint: '预计 token 超过上下文比例时开始压缩',
+      targetRatio: '目标比例',
+      targetRatioHint: '压缩后历史保留到上下文的目标比例',
+      protectLastN: '保护最近消息',
+      protectLastNHint: '最近多少条消息不参与压缩',
+      protectFirstN: '保护开头消息',
+      protectFirstNHint: '最早多少条消息不参与压缩',
+    },
+    session: {
+      mode: '重置模式',
+      modeHint: '会话重置的触发条件',
+      modeBoth: '空闲 + 定时',
+      modeIdle: '仅空闲',
+      modeDaily: '仅定时',
+      modeNone: '永不（仅手动）',
+      idleMinutes: '空闲超时',
+      idleMinutesHint: '无操作后自动重置的等待时间（分钟）',
+      atHour: '定时重置时间',
+      humanOnly: '仅显示人类会话',
+      humanOnlyHint: '默认隐藏子代理和会话监看噪音',
+      liveMonitorHumanOnly: '实时监看：仅显示人类会话',
+      liveMonitorHumanOnlyHint: '在实时监看中默认隐藏子代理和会话监看噪音',
+      atHourHint: '每天在指定小时重置会话',
+      requireAuth: '会话授权',
+      requireAuthHint: '修改会话操作是否授权',
+    },
+    privacy: {
+      redactPii: '脱敏 PII',
+      redactPiiHint: '自动检测并隐藏敏感信息（密码、密钥等）',
+    },
+    apiServer: {
+      enable: '启用',
+      enableHint: '启用 API 服务器',
+      host: '主机',
+      hostHint: '监听地址',
+      port: '端口',
+      portHint: '监听端口',
+      key: '密钥',
+      keyHint: 'API 访问密钥',
+      cors: 'CORS 来源',
+      corsHint: '允许的跨域来源',
+    },
+    lockedIps: {
+      title: '锁定 IP 管理',
+      count: '{count} 个 IP 被锁定',
+      empty: '暂无锁定 IP',
+      unlock: '解锁',
+      unlockAll: '全部解锁',
+      unlockAllConfirm: '确认解锁所有锁定的 IP？',
+      unlocked: 'IP 已解锁',
+      allUnlocked: '已解锁 {count} 个 IP',
+    },
+    voice: {
+      ttsProvider: 'TTS 提供者',
+      ttsProviderHint: '选择消息朗读使用的语音引擎',
+      providerWebSpeech: 'WebSpeech API（浏览器内置）',
+      providerOpenai: 'OpenAI TTS',
+      providerCustom: '自定义端点（兼容 OpenAI）',
+      providerEdge: 'Edge TTS（免费，无需 API Key）',
+
+      // WebSpeech
+      webspeechVoice: '音色',
+      webspeechVoiceHint: '从浏览器或系统提供的语音中选择',
+      webspeechVoicePlaceholder: '自动（默认语音）',
+
+      // OpenAI
+      openaiKey: 'API 密钥',
+      openaiKeyHint: '具有 TTS 权限的 OpenAI API Key',
+      openaiUrl: 'API 基础地址',
+      openaiUrlHint: '例如 https://api.openai.com/v1/audio/speech',
+      openaiModel: '模型',
+      openaiModelHint: 'tts-1（快速）/ tts-1-hd（高音质）',
+      openaiVoice: '音色',
+      openaiVoiceHint: '用于语音合成的音色',
+
+      // 自定义端点
+      customHint: '支持任何 OpenAI 兼容的 TTS 服务——可用于 GPT-SoVITS、CosyVoice 等自部署服务。',
+      customUrl: 'API 地址',
+      customUrlHint: 'TTS 服务的完整基础地址',
+      customUrlPlaceholder: '本地适配器中配置的地址 如：http://127.0.0.1:9880',
+      customApiKey: 'API 密钥（可选）',
+      customApiKeyHint: '部分自部署服务需要身份验证',
+      customApiKeyPlaceholder: '不需要则留空',
+      // Edge TTS
+      edgeHint: '由 Microsoft Edge TTS 驱动（node-edge-tts）。',
+      edgeUrl: '适配器地址',
+      edgeUrlHint: 'Edge TTS 适配器地址，例如 http://127.0.0.1:9882',
+      edgeUrlPlaceholder: 'http://127.0.0.1:9882',
+      edgeVoice: '音色',
+      edgeVoiceHint: '选择用于语音合成的音色',
+      edgeRate: '语速',
+      edgeRateHint: '调整语音速度（0.5～2.0 倍）',
+      edgePitch: '音调',
+      edgePitchHint: '调整语音音调（-20～+20 Hz）',
+
+      // 试听
+      testTitle: '试听测试',
+      testText: '测试文本',
+      testTextPlaceholder: '输入测试文本...',
+      testTextDefault: '你好，这是一个语音测试。',
+      testButton: '试听',
+      testButtonPlaying: '播放中...',
+      testFailed: '测试失败：{error}',
+
+      // MiMo TTS
+      providerMimo: 'MiMo TTS',
+      mimoHint: '小米 MiMo TTS，支持预置音色、音色设计、音色复刻三种模式',
+      mimoApiKey: 'API Key',
+      mimoApiKeyHint: '在 platform.xiaomimimo.com 获取',
+      mimoApiKeyPlaceholder: 'MiMo API Key',
+      mimoBaseUrl: 'Base URL',
+      mimoBaseUrlHint: 'MiMo API 端点地址',
+      mimoModel: '模型',
+      mimoModelHint: '选择语音合成模型',
+      mimoModelPreset: '预置音色',
+      mimoModelVoiceDesign: '音色设计',
+      mimoModelVoiceClone: '音色复刻',
+      mimoVoice: '音色',
+      mimoVoiceHint: '选择预置音色',
+      mimoVoiceDesignPrompt: '音色描述',
+      mimoVoiceDesignPromptHint: '描述你想要的音色特征',
+      mimoVoiceDesignPromptPlaceholder: '例如：温柔的年轻女声，语速稍慢，带着磁性',
+      mimoCloneAudio: '上传音频',
+      mimoCloneAudioHint: '上传音频样本用于音色复刻，支持 mp3/wav，最大 10MB',
+      mimoCloneAudioUpload: '选择文件',
+      mimoCloneAudioClear: '清除音频',
+      mimoStylePrompt: '风格指令',
+      mimoStylePromptHint: '可选，用自然语言描述语音风格',
+      mimoStylePromptPlaceholder: '例如：用轻快上扬的语调，语速稍快',
+    },
+  },
+  githubPreview: {
+    title: "版本预览",
+    description: "将选中的 GitHub tag 克隆到 Web UI 预览工作目录，安装依赖并以开发端口运行。",
+    refresh: "刷新",
+    selectTag: "选择 tag",
+    prepare: "准备代码",
+    install: "安装依赖",
+    start: "开启预览",
+    stop: "停止",
+    note: "预览代码存放在 Web UI 数据目录下。正式环境仍使用 8648，预览开发环境使用前端 8651、后端 8650。",
+    path: "预览路径",
+    webuiHome: "预览数据目录",
+    currentTag: "当前 Tag",
+    repoReady: "仓库就绪",
+    dependencies: "依赖已安装",
+    running: "运行状态",
+    notRunning: "未运行",
+    open: "打开预览",
+    log: "操作日志路径",
+    logOutput: "日志输出",
+    actionLog: "操作日志",
+    devLog: "开发服务日志",
+    yes: "是",
+    no: "否",
+    actionFailed: "操作失败",
+    nodeEnvironmentMissing: "未检测到可用的 Node/npm 环境，请先安装 Node.js 后重试。",
+    prepareSuccess: "预览代码已准备好",
+    installSuccess: "依赖安装完成",
+    startSuccess: "预览已完成",
+    stopSuccess: "预览已停止",
+  },
+
+  codingAgents: {
+    title: "编程工具",
+    notice: "并非所有提供商和模型都兼容。",
+    claudeDescription: "Anthropic CLI，适合 print mode 单次任务和交互式编程会话。",
+    codexDescription: "OpenAI CLI，以及 灵犀 openai-codex provider 的仓库任务流程。",
+    copyCommand: "复制",
+    commandCopied: "命令已复制",
+    commandCopyFailed: "复制失败",
+    refresh: "刷新",
+    checking: "检测中",
+    installStatus: "安装情况",
+    installed: "已安装",
+    notInstalled: "未安装",
+    installNow: "一键安装",
+    installing: "安装中",
+    installSuccess: "安装完成",
+    installFailed: "安装失败",
+    nodeEnvironmentMissing: "未检测到可用的 Node/npm 环境，请先安装 Node.js 后重试。",
+    deleteNow: "删除",
+    deleting: "删除中",
+    deleteSuccess: "删除完成",
+    deleteFailed: "删除失败",
+    configFiles: "配置文件",
+    profileScope: "配置",
+    providerScope: "提供商",
+    providerPlaceholder: "例如 custom:glm",
+    modelScope: "模型",
+    modelPlaceholder: "选择模型",
+    launchModeScope: "启动方式",
+    launchModeGlobal: "全局默认配置",
+    launchModeScoped: "选择提供商和模型",
+    protocolScope: "协议",
+    protocolOpenAiChat: "OpenAI Chat Completions (/v1/chat/completions)",
+    protocolOpenAiResponses: "OpenAI Responses (/v1/responses)",
+    protocolAnthropicMessages: "Anthropic Messages (/v1/messages)",
+    reloadConfig: "重新读取配置",
+    configFileNotCreated: "未创建",
+    configLoadFailed: "读取配置文件失败",
+    loadFailed: "检测编程工具失败",
+    launch: "启动",
+    launchTitle: "启动编程工具",
+    nativeTerminal: "原生终端",
+    builtInTerminal: "内置终端",
+    launchPrepared: "启动配置已生成",
+    launchPrepareFailed: "生成启动配置失败",
+    nativeLaunchStarted: "已打开原生终端",
+    nativeLaunchFailed: "打开原生终端失败",
+    terminalTitle: "编程工具终端",
+    loadProvidersFailed: "读取当前配置的提供商失败",
+    selectProviderModel: "请选择提供商和模型",
+    launchConfigDir: "启动配置目录",
+    launchCommand: "启动命令",
+    table: {
+      tool: "工具",
+      kind: "步骤",
+      command: "命令",
+      note: "说明",
+      action: "操作",
+    },
+    kinds: {
+      install: "安装",
+      auth: "认证",
+      health: "检查",
+      run: "运行",
+    },
+    notes: {
+      claudeInstall: "全局安装 Claude Code CLI。",
+      codexInstall: "全局安装 Codex CLI。",
+      claudeAuth: "检查 Claude Code 登录状态；未登录时先运行 claude。",
+      codexAuth: "添加 灵犀 管理的 OpenAI Codex OAuth 凭证。",
+      claudeHealth: "检查自动更新器和本地 CLI 健康状态。",
+      codexHealth: "确认 Codex CLI 已在 PATH 中可用。",
+      claudeRun: "Print mode 最适合 API 驱动的单次任务。",
+      codexRun: "Codex 单次任务需要在 git 仓库中运行。",
+    },
+  },
+
+  // 平台频道设置
+  platform: {
+    requireMention: "需要 {'@'}提及",
+    requireMentionGroup: "群组中需要 {'@'}机器人 才会响应",
+    requireMentionChannel: "频道中需要 {'@'}机器人 才会响应",
+    requireMentionRoom: "房间中需要 {'@'}机器人 才会响应",
+    reactions: '表情回应',
+    reactionsHint: '对消息添加表情回应',
+    freeResponseChats: '自由响应聊天',
+    freeResponseChatsHint: "不需要 {'@'}提及即响应的聊天 ID（逗号分隔）",
+    freeResponseChannels: '自由响应频道',
+    freeResponseChannelsHint: "不需要 {'@'}提及即响应的频道 ID（逗号分隔）",
+    freeResponseRooms: '自由响应房间',
+    freeResponseRoomsHint: "不需要 {'@'}提及即响应的房间 ID（逗号分隔）",
+    mentionPatterns: '自定义提及模式',
+    mentionPatternsHint: '额外的触发模式列表',
+    autoThread: '自动创建线程',
+    autoThreadHint: "{'@'}提及 后自动创建回复线程",
+    autoThreadHintRoom: '在房间中自动创建回复线程',
+    dmMentionThreads: 'DM 提及线程',
+    dmMentionThreadsHint: '在私聊中也使用线程回复提及',
+    allowBots: '允许机器人消息',
+    allowBotsHint: '响应其他机器人发送的消息',
+    allowedChannels: '允许的频道',
+    allowedChannelsHint: '白名单频道 ID（逗号分隔）',
+    ignoredChannels: '忽略的频道',
+    ignoredChannelsHint: '不响应的频道 ID（逗号分隔）',
+    noThreadChannels: '无线程频道',
+    noThreadChannelsHint: '不创建线程的频道 ID（逗号分隔）',
+    exclusiveTokenWarning: '此平台使用独占 token 锁。每个 profile 必须使用不同的身份 token，否则会与其他 profile 冲突导致 gateway 启动失败。',
+    botToken: 'Bot Token',
+    botTokenHint: '开发者门户获取的 Bot Token',
+    accessToken: 'Access Token',
+    accessTokenHint: 'Matrix Access Token',
+    homeserver: 'Homeserver URL',
+    homeserverHint: 'Matrix 服务器地址',
+    appId: 'App ID',
+    appIdHint: '飞书 App ID',
+    appSecret: 'App Secret',
+    appSecretHint: '飞书 App Secret',
+    clientId: 'Client ID',
+    clientIdHint: '钉钉 Client ID',
+    clientSecret: 'Client Secret',
+    clientSecretHint: '钉钉 Client Secret',
+    cardTemplateId: 'AI 卡片模板 ID',
+    cardTemplateIdHint: '钉钉 AI 卡片模板 ID；留空则不启用 AI 卡片',
+    allowedUsers: '允许用户',
+    allowedUsersHint: '用户 ID 或 OpenID 白名单，多个用英文逗号分隔',
+    allowAllUsers: '允许所有用户',
+    allowAllUsersHint: '允许任意用户发起消息；关闭后使用白名单',
+    botId: 'Bot ID',
+    botIdHint: '企业微信 Bot ID',
+    wecomSecretHint: '企业微信 Bot Secret',
+    waEnabled: '启用 WhatsApp',
+    waEnabledHint: '通过二维码配对启用 WhatsApp',
+    weixinToken: '微信 Token',
+    weixinTokenHint: '通过 weixin CLI 扫码登录获取 (hermes weixin)',
+    accountId: 'Account ID',
+    accountIdHint: '微信 Account ID',
+    qrLogin: '扫码登录',
+    qrRelogin: '重新登录',
+    qrFetching: '正在获取二维码...',
+    qrScanHint: '使用微信扫描二维码登录',
+    qrScanedHint: '已扫描，请在手机上确认...',
+    // QQ
+    qqAppId: 'App ID',
+    qqAppIdHint: 'QQ 开放平台机器人 App ID',
+    qqAppSecret: 'App Secret',
+    qqAppSecretHint: 'QQ 开放平台机器人 App Secret',
+    qqMarkdown: 'Markdown 支持',
+    qqMarkdownHint: '启用 Markdown 格式消息（部分客户端可能不支持）',
+    qqSandbox: '沙箱模式',
+    qqSandboxHint: '启用沙箱环境（测试用）',
+    qqQrScanHint: '使用 QQ 扫描上方二维码，或在手机上打开链接完成绑定',
+  },
+
+  // 网关
+  gateways: {
+    title: '网关',
+    running: '运行中',
+    stopped: '已停止',
+    started: '已启动',
+    startFailed: '启动失败',
+    stopFailed: '停止失败',
+  },
+
+  // 语言
+  language: {
+    label: '语言',
+    zh: '中文',
+    en: 'English',
+  },
+
+  // 终端
+  terminal: {
+    sessions: '会话',
+    newTab: '新建终端',
+    closeSession: '关闭此会话？',
+    sessionExited: '已退出',
+    processExited: '进程已退出，代码 {code}',
+    noSessions: '暂无终端会话',
+    connectionFailed: '终端服务连接失败',
+    connectionClosed: '终端连接已关闭',
+    connectionError: '终端连接错误',
+  },
+
+  // 群聊
+  groupChat: {
+    title: '群聊',
+    createRoom: '创建房间',
+    joinByCode: '通过邀请码加入',
+    roomName: '房间名称',
+    roomNamePlaceholder: '输入房间名称',
+    inviteCode: '邀请码',
+    autoGenerate: '自动生成',
+    noRooms: '暂无房间',
+    selectOrCreate: '选择或创建一个房间开始聊天',
+    agents: '智能体',
+    addAgent: '添加智能体',
+    selectProfile: '选择一个配置',
+    agentAdded: '智能体已添加',
+    agentAlreadyInRoom: '该智能体已在房间中',
+    agentAddFailedCount: '{count} 个智能体未添加：{details}',
+    noAgents: '当前房间暂无智能体',
+    members: '成员',
+    roomCreated: '房间已创建',
+    roomDeleted: '房间已删除',
+    roomCloned: '房间已克隆',
+    cloneRoom: '克隆房间',
+    copyRoomLink: '复制房间链接',
+    deleteRoomConfirm: '确定删除这个房间吗？',
+    clearContext: '清理上下文',
+    clearContextConfirm: '确定清理当前房间上下文吗？消息和压缩快照会被删除，智能体和成员会保留。',
+    contextCleared: '上下文已清理',
+    you: '你',
+    joined: '已加入房间',
+    joinFailed: '加入房间失败',
+    inputPlaceholder: '输入消息... (Enter 发送)',
+    enterCode: '输入邀请码',
+    yourName: '你的名称',
+    yourNamePlaceholder: '输入你的群聊昵称',
+    yourDescription: '自我描述（选填）',
+    yourDescriptionPlaceholder: '介绍一下你自己...',
+    agentName: 'Agent 名称',
+    agentNamePlaceholder: '自定义名称（留空则使用 profile 名称）',
+    agentDesc: 'Agent 描述',
+    agentDescPlaceholder: '描述这个 agent 的作用...',
+    agentReplying: '正在回复...',
+    agentCompressing: '正在压缩上下文...',
+    compressionSettings: '压缩设置',
+    triggerTokens: '触发压缩 Token 数',
+    triggerTokensDesc: '消息 token 数超过此值时触发上下文压缩',
+    maxHistoryTokens: '最大历史 Token 数',
+    maxHistoryTokensDesc: '压缩后发送给 LLM 的最大 token 数',
+    tailMessageCount: '保留最近消息数',
+    tailMessageCountDesc: '压缩后保留最近的原始消息条数',
+    compressionConfig: '压缩配置',
+    compressionSaved: '压缩配置已保存',
+    compressNow: '立即压缩',
+    compressingInProgress: '正在压缩中，请稍后',
+  },
+
+  // 用量统计
+  usage: {
+    title: '用量统计',
+    refresh: '刷新',
+    totalTokens: '总 Token 数',
+    inputTokens: '输入',
+    outputTokens: '输出',
+    totalSessions: '总会话数',
+    avgPerDay: '日均 ~{n}',
+    estimatedCost: '预估费用',
+    cacheHitRate: '缓存命中率',
+    modelBreakdown: '模型分布',
+    dailyTrend: '每日用量',
+    date: '日期',
+    tokens: 'Token',
+    cache: '缓存',
+    cacheRead: '缓存读取',
+    cacheWrite: '缓存写入',
+    sessions: '会话',
+    cost: '费用',
+    noData: '暂无用量数据',
+  },
+  skillsUsage: {
+    title: '技能用量',
+    subtitle: '跟踪 灵犀 会话中的技能加载和编辑',
+    refresh: '刷新',
+    periodSelector: '技能用量周期',
+    periodLabel: '{days}天',
+    summary: '概览',
+    totalActions: '操作',
+    loads: '加载',
+    edits: '编辑',
+    distinctSkills: '技能数',
+    topSkills: '热门',
+    dailyTrend: '趋势',
+    periodSummary: '最近 {days} 天',
+    skill: '技能',
+    share: '占比',
+    lastUsed: '最近',
+    noData: '暂无技能用量数据',
+    loadFailed: '技能用量加载失败',
+    otherSkills: '其他技能',
+  },
+
+  // 文件管理
+  files: {
+    title: '文件',
+    fileTree: '文件树',
+    tree: '目录树',
+    list: '文件列表',
+    breadcrumbRoot: '根目录',
+    newFile: '新建文件',
+    newFolder: '新建文件夹',
+    upload: '上传',
+    refresh: '刷新',
+    open: '打开',
+    edit: '编辑',
+    preview: '预览',
+    download: '下载',
+    copyPath: '复制路径',
+    rename: '重命名',
+    delete: '删除',
+    name: '名称',
+    size: '大小',
+    modified: '修改时间',
+    actions: '操作',
+    emptyDir: '空目录',
+    loading: '加载中...',
+    confirmDelete: '确定要删除「{name}」吗？',
+    confirmDeleteDir: '确定要删除目录「{name}」及其所有内容吗？',
+    deleteFailed: '删除失败',
+    deleted: '已删除',
+    renameTo: '重命名为',
+    newFileName: '文件名',
+    newFolderName: '文件夹名',
+    created: '已创建',
+    createFailed: '创建失败',
+    renamed: '已重命名',
+    renameFailed: '重命名失败',
+    uploadSuccess: '已上传 {count} 个文件',
+    uploadFailed: '上传失败',
+    saveFailed: '保存失败',
+    saved: '已保存',
+    unsavedChanges: '有未保存的更改，是否丢弃？',
+    pathCopied: '路径已复制',
+    fileTooLarge: '文件过大（最大 10MB）',
+    permissionDenied: '无法修改受保护的文件',
+    notFound: '文件或目录不存在',
+    backendError: '文件操作失败',
+    dragDropHint: '拖拽文件到此处上传',
+    closeEditor: '关闭编辑器',
+    closePreview: '关闭',
+    saveFile: '保存',
+  },
+  // 下载
+  download: {
+    downloading: '正在下载...',
+    downloadFailed: '下载失败',
+    fileNotFound: '文件不存在或已被删除',
+    fileTooLarge: '文件过大（超过限制）',
+    backendError: '文件读取失败，远程环境可能不可用',
+    backendTimeout: '文件读取超时',
+    unsupportedBackend: '当前 terminal backend 暂不支持文件下载',
+    invalidPath: '无效的文件路径',
+    contentDisplay: '内容展示',
+    download: '下载',
+    downloadFile: '下载文件',
+  },
+
+  // 更新日志
+  changelog: {
+    new_0_6_7_1: '桌面版默认使用 8748 端口，支持局域网内访问，也可以直接用本机浏览器打开 Web UI',
+    new_0_6_7_9: '桌面端下载入口已补充到官网 https://hermes-studio.ai/，也可以继续从 GitHub Releases 获取最新安装包',
+    new_0_6_7_2: 'MCP 工具链继续完善：修复 bridge 工具发现与 MCP 管理生命周期，并在管理页支持按模型控制工具可见性',
+    new_0_6_7_3: '消息列表体验优化：修复空状态居中、滚动抖动、历史会话加载串消息，并在切换会话时保留滚动位置与 1.5 秒淡入效果',
+    new_0_6_7_4: 'Bridge 与运行态更稳定：保持文本和 tool-call 顺序、修复 Profile runtime 状态加载、改进 Node/npm 检测，并避免生产环境自动创建数据目录',
+    new_0_6_7_5: 'Desktop 分发链路补齐 Electron 打包、应用命名、preload 构建、release artifact 上传、Windows 灵犀 CLI 启动、Linux 图标与可写数据路径、macOS 无证书跳过签名和 Windows 启动无窗口体验',
+    new_0_6_7_6: '官网发布支持下载页和部署工作流，并修复没有 rsync 的环境下部署失败的问题',
+    new_0_6_7_7: '服务端与认证修复：Windows 凭据目录使用 dirname 解析，头像上传 body 限制提高，避免大图触发 413',
+    new_0_6_7_8: '补充 coding agents 仓库 harness、验证文档和 agent 指南，同时移除过期 setup script 文档',
+    new_0_6_4_1: 'CI 流程加固：PR 检查固定 npm 安装路径，并补齐 Docker smoke 校验',
+    new_0_6_4_2: '聊天消息列表新增虚拟分页，长会话滚动和加载更稳定',
+    new_0_6_4_3: 'Docker 镜像发布改为仅在 release 场景执行，避免普通 PR 触发发布流程',
+    new_0_6_4_4: '新增版本预览工作流：超级管理员可选择 main 或 GitHub tag，准备预览代码、安装依赖、启动/停止预览并查看日志',
+    new_0_6_4_5: '预览实例隔离前后端端口、Web UI home 和 agent bridge endpoint，并在运行时修补旧版本的端口、WebSocket、base URL 与嵌套预览入口',
+    new_0_6_4_6: '修复 legacy session_usage 表缺少 created_at 时的迁移问题，旧数据会以默认值补齐',
+    new_0_6_4_7: '预览和正式环境的 bridge profile worker endpoint 按 broker 隔离，避免同名 Profile 并发聊天时互相抢占导致 unknown run',
+    new_0_6_5_1: 'Coding Agents 新增完整启动工作流：支持 Claude Code 与 Codex、全局配置启动、按配置/提供商隔离的工作区，以及内置/原生终端启动',
+    new_0_6_5_2: 'Codex 启动补齐 OpenAI Chat Completions、OpenAI Responses 和 Anthropic Messages 三种协议，并通过本地代理适配不同提供商',
+    new_0_6_5_3: 'Windows 下 Coding Agents 安装检测与终端启动更稳定，支持 .cmd/.bat shim，Claude Code 自定义模型启动也避开本地型号校验',
+    new_0_6_5_4: '消息列表、History 分页、TTS 认证、群聊 agent 提及、版本检查开关和 bridge worker transport 等运行体验继续完善',
+    new_0_6_3_1: 'Bridge spinner 状态不再写入模型 reasoning，避免装饰性 thinking 文案污染后续上下文',
+    new_0_6_3_2: 'History 新增 灵犀 CLI 会话导入控制，并在导入时更安全地规范化消息结构',
+    new_0_6_3_3: 'Provider 配置支持编辑内置 base URL，新增 LM Studio 内置 Provider，并支持从 LM Studio /models 实时发现模型',
+    new_0_6_3_4: '通过 Web UI bridge 发起的 OpenRouter 请求会携带 灵犀 Web UI 应用归因 headers',
+    new_0_6_3_5: '公开 auth status 接口不再向未登录请求暴露第一个用户名',
+    new_0_6_3_6: '钉钉设置新增 AI Card Template ID，并持久化为 DINGTALK_CARD_TEMPLATE_ID',
+    new_0_6_3_7: 'Bridge socket JSON 输出会清洗孤立 Unicode surrogate 字符，避免聊天 SSE 崩溃',
+    new_0_6_2_1: 'Web Bridge 支持 /plan 命令，计划命令会正确启动并展示运行状态',
+    new_0_6_2_2: '聊天输入框指令菜单新增 /goal 和 /subgoal，支持状态、暂停、恢复、完成和清空等操作',
+    new_0_6_2_3: 'Goal 和 subgoal 工作流接入聊天会话，支持目标延续和状态更新',
+    new_0_6_2_4: '修复任务投递目标渠道选项，定时任务可以选择正确的投递位置',
+    new_0_6_2_5: '上下文 token 用量在重连后会按快照感知逻辑准确恢复',
+    new_0_6_2_6: '上下文检查点压缩对较慢的 Codex 总结更稳定：Web UI 等待 5 分钟，Python bridge broker 不再在 2 分钟后提前切断 worker 请求',
+    new_0_6_2_7: '修复聊天队列推进，queued 消息不会提前跳入消息列表，多窗口同步场景也保持一致',
+    new_0_6_2_8: 'Clarify 弹窗输入框不再按 Enter 直接提交，已回复的 Clarify 也不会在切换会话后重复弹出',
+    new_0_6_2_9: 'Bridge 终端环境刷新和 stale pid 清理收敛到更准确的作用域，减少前端运行状态残留',
+    new_0_6_2_10: '默认上下文长度遵循 灵犀 规范，调整为 256,000 tokens',
+    new_0_5_35_1: 'Bridge 会话支持不同 session 并发运行，同一 session 仍保持串行，避免消息顺序错乱',
+    new_0_5_35_2: '新增“性能监控”页面，可查看系统 CPU/内存、Web UI、Bridge Broker、Workers 和活跃会话状态',
+    new_0_5_35_3: '新增 Worker 级资源统计，展示每个 worker 的 CPU、内存、Profile、会话数和运行状态',
+    new_0_5_35_4: '优化 Bridge worker 生命周期清理，Broker 关闭或父进程退出时会回收 worker，减少残留 Python 进程',
+    new_0_5_35_5: '监控接口增强跨平台兼容，支持 macOS、Windows、Linux、Docker 和 Termux 的资源采集降级',
+    new_0_5_35_6: '性能监控不再因为 Agent 初始化中的 worker 请求而阻塞，降低 Windows 上 request timed out 的概率',
+    new_0_5_35_7: '聊天 Markdown 新增文本内容内联预览，下载图标会直接下载文件，避免被预览弹窗拦截',
+    new_0_5_35_8: '优化内容展示抽屉：移动端全宽并提供关闭入口，桌面端加宽到 800px，文本与 Markdown 背景保持一致',
+    new_0_6_0_1: '分账户、分 Profile 管理现在统一覆盖会话、模型、用量、看板、任务、上传、媒体以及相关 灵犀 API',
+    new_0_6_0_2: '内置媒体 Skills 仅在媒体接口使用生成的服务端 token，并按请求的 Profile 读取 fun-codex/xAI 凭据',
+    new_0_6_0_3: '单聊和群聊都会向运行提示词注入当前 灵犀 Profile，方便 Skills 请求时带上 X-灵犀-Profile',
+    new_0_6_0_4: 'delegate_task 的 subagent 进度会实时展示到聊天界面，包含开始、工具调用、进度和完成状态',
+    new_0_6_0_5: '停止或中断运行时会清理临时事件，避免旧的 abort 状态带入下一次聊天',
+    new_0_6_0_6: '同步更新文档和官网文案，覆盖账户管理、默认凭据、分账户分 Profile 管理、上传下载和内置媒体 Skills',
+    new_0_6_0_7: '新增 CLI 维护命令，用于清理登录 IP 锁和重置默认 admin / 123456 登录账户',
+    new_0_6_0_8: '0.6.0 是 Web UI 从单用户走向多用户的分界版本；如果多用户模式遇到问题，请提交 issue，必要时可回退到 0.5.35 单用户版本',
+    new_0_6_1_1: '会话列表默认展示当前账户可用的全部 Profile；只有显式选择 Profile 过滤时才按 Profile 限定，同时 CLI start/stop/status 不再打印 node:sqlite 实验警告',
+    new_0_6_1_2: 'Clarify 和确认回复现在会通过已鉴权的聊天 socket 传到 灵犀 bridge，并补充了响应链路测试',
+    new_0_6_1_3: '导航项和聊天会话行改为原生链接，支持新标签打开、复制链接，并保留侧边栏折叠状态',
+    new_0_6_1_4: '会话链接不再把路由 Profile 泄漏到普通会话列表过滤里，并补齐“在新标签页打开”的多语言文案',
+    new_0_6_1_5: 'Skills 会读取当前 Profile config 中的 skills.external_dirs，标记 external 来源，保持本地优先，并支持读取外部 skill 文件',
+    new_0_6_1_6: '登录 IP 锁阈值提升到 10 次失败，锁定后的登录页会提示清锁和重置默认登录的恢复命令',
+    new_0_6_1_7: '移动端或后台导致的聊天断连会按临时断连处理，重连后从服务端恢复运行状态',
+    new_0_6_1_8: 'Bridge 工具标记 flush 会在工具和运行边界持久化残留的工具调用前缀，避免刷新后内容截断',
+    new_0_6_1_9: 'History 和会话删除改为携带 Profile 精确目标，并在全局 Profile 切换时刷新历史页',
+    new_0_6_1_10: '移除旧的 AUTH_DISABLED 认证绕过以适配多用户权限模型，同时保留 AUTH_TOKEN 支持',
+
+  },
+}
diff --git a/packages/client/src/i18n/messages.ts b/packages/client/src/i18n/messages.ts
new file mode 100644
index 0000000..d842e7b
--- /dev/null
+++ b/packages/client/src/i18n/messages.ts
@@ -0,0 +1,43 @@
+import en from './locales/en'
+import zh from './locales/zh'
+import zhTW from './locales/zh-TW'
+import ja from './locales/ja'
+import ko from './locales/ko'
+import fr from './locales/fr'
+import es from './locales/es'
+import de from './locales/de'
+import pt from './locales/pt'
+
+export type LocaleMessages = Record<string, any>
+
+export const supportedLocales = ['en', 'zh', 'zh-TW', 'ja', 'ko', 'fr', 'es', 'de', 'pt'] as const
+export type SupportedLocale = (typeof supportedLocales)[number]
+
+function isPlainObject(value: unknown): value is LocaleMessages {
+  return !!value && typeof value === 'object' && !Array.isArray(value)
+}
+
+export function mergeMessagesWithFallback(
+  fallback: LocaleMessages,
+  locale: LocaleMessages,
+): LocaleMessages {
+  const merged: LocaleMessages = { ...fallback }
+
+  for (const [key, value] of Object.entries(locale)) {
+    const fallbackValue = fallback[key]
+    merged[key] = isPlainObject(fallbackValue) && isPlainObject(value)
+      ? mergeMessagesWithFallback(fallbackValue, value)
+      : value
+  }
+
+  return merged
+}
+
+const rawMessages: Record<string, LocaleMessages> = { en, zh, 'zh-TW': zhTW, ja, ko, fr, es, de, pt }
+
+export const messages: Record<string, LocaleMessages> = {}
+for (const [locale, msg] of Object.entries(rawMessages)) {
+  messages[locale] = locale === 'en' ? msg : mergeMessagesWithFallback({ ...en }, { ...msg })
+}
+
+export { en }
diff --git a/packages/client/src/main.ts b/packages/client/src/main.ts
new file mode 100644
index 0000000..609c3e0
--- /dev/null
+++ b/packages/client/src/main.ts
@@ -0,0 +1,40 @@
+import { createApp } from 'vue'
+import { createPinia } from 'pinia'
+import router from './router'
+import { i18n } from './i18n'
+import App from './App.vue'
+import './styles/global.scss'
+import 'katex/dist/katex.min.css'
+
+// Apply theme classes before mount to prevent FOUC (Flash of Unstyled Content)
+const savedBrightness = localStorage.getItem('hermes_brightness') || 'system'
+const savedStyle = localStorage.getItem('hermes_style') || 'ink'
+
+// Resolve dark mode
+const prefersDark = window.matchMedia('(prefers-color-scheme: dark)').matches
+const isDark = savedBrightness === 'dark' || (savedBrightness === 'system' && prefersDark)
+
+// Resolve style
+const isComic = savedStyle === 'comic'
+
+// Apply classes to prevent FOUC
+if (isDark) {
+  document.documentElement.classList.add('dark')
+}
+if (isComic) {
+  document.documentElement.classList.add('comic')
+}
+
+// Read token from URL BEFORE router initializes (hash router strips params)
+const urlParams = new URLSearchParams(window.location.search)
+const hashQuery = window.location.hash.split('?')[1]
+const urlToken = urlParams.get('token') || (hashQuery ? new URLSearchParams(hashQuery).get('token') : null)
+if (urlToken) {
+  ;(window as any).__LOGIN_TOKEN__ = urlToken
+}
+
+const app = createApp(App)
+app.use(createPinia())
+app.use(i18n)
+app.use(router)
+app.mount('#app')
diff --git a/packages/client/src/router/index.ts b/packages/client/src/router/index.ts
new file mode 100644
index 0000000..4fbe92f
--- /dev/null
+++ b/packages/client/src/router/index.ts
@@ -0,0 +1,171 @@
+import { createRouter, createWebHashHistory } from 'vue-router'
+import { hasApiKey, isStoredSuperAdmin } from '@/api/client'
+
+const router = createRouter({
+  history: createWebHashHistory(),
+  routes: [
+    {
+      path: '/',
+      name: 'login',
+      component: () => import('@/views/LoginView.vue'),
+      meta: { public: true },
+    },
+    {
+      path: '/hermes/chat',
+      name: 'hermes.chat',
+      component: () => import('@/views/hermes/ChatView.vue'),
+    },
+    {
+      path: '/hermes/session/:sessionId',
+      name: 'hermes.session',
+      component: () => import('@/views/hermes/ChatView.vue'),
+    },
+    {
+      path: '/hermes/history',
+      name: 'hermes.history',
+      component: () => import('@/views/hermes/HistoryView.vue'),
+    },
+    {
+      path: '/hermes/history/session/:sessionId',
+      name: 'hermes.historySession',
+      component: () => import('@/views/hermes/HistoryView.vue'),
+    },
+    {
+      path: '/hermes/jobs',
+      name: 'hermes.jobs',
+      component: () => import('@/views/hermes/JobsView.vue'),
+    },
+    {
+      path: '/hermes/kanban',
+      name: 'hermes.kanban',
+      component: () => import('@/views/hermes/KanbanView.vue'),
+    },
+    {
+      path: '/hermes/models',
+      name: 'hermes.models',
+      component: () => import('@/views/hermes/ModelsView.vue'),
+    },
+    {
+      path: '/hermes/profiles',
+      name: 'hermes.profiles',
+      component: () => import('@/views/hermes/ProfilesView.vue'),
+      meta: { requiresSuperAdmin: true },
+    },
+    {
+      path: '/hermes/logs',
+      name: 'hermes.logs',
+      component: () => import('@/views/hermes/LogsView.vue'),
+    },
+    {
+      path: '/hermes/usage',
+      name: 'hermes.usage',
+      component: () => import('@/views/hermes/UsageView.vue'),
+    },
+    {
+      path: '/hermes/performance',
+      name: 'hermes.performance',
+      component: () => import('@/views/hermes/PerformanceView.vue'),
+      meta: { requiresSuperAdmin: true },
+    },
+    {
+      path: '/hermes/skills-usage',
+      name: 'hermes.skillsUsage',
+      component: () => import('@/views/hermes/SkillsUsageView.vue'),
+    },
+    {
+      path: '/hermes/skills',
+      name: 'hermes.skills',
+      component: () => import('@/views/hermes/SkillsView.vue'),
+    },
+    {
+      path: '/hermes/plugins',
+      name: 'hermes.plugins',
+      component: () => import('@/views/hermes/PluginsView.vue'),
+    },
+    {
+      path: '/hermes/memory',
+      name: 'hermes.memory',
+      component: () => import('@/views/hermes/MemoryView.vue'),
+    },
+    {
+      path: '/hermes/settings',
+      name: 'hermes.settings',
+      component: () => import('@/views/hermes/SettingsView.vue'),
+    },
+    {
+      path: '/hermes/channels',
+      name: 'hermes.channels',
+      component: () => import('@/views/hermes/ChannelsView.vue'),
+    },
+    {
+      path: '/hermes/terminal',
+      name: 'hermes.terminal',
+      component: () => import('@/views/hermes/TerminalView.vue'),
+    },
+    {
+      path: '/hermes/group-chat',
+      name: 'hermes.groupChat',
+      component: () => import('@/views/hermes/GroupChatView.vue'),
+    },
+    {
+      path: '/hermes/group-chat/room/:roomId',
+      name: 'hermes.groupChatRoom',
+      component: () => import('@/views/hermes/GroupChatView.vue'),
+    },
+    {
+      path: '/hermes/files',
+      name: 'hermes.files',
+      component: () => import('@/views/hermes/FilesView.vue'),
+    },
+    {
+      path: '/hermes/coding-agents',
+      name: 'hermes.codingAgents',
+      component: () => import('@/views/hermes/CodingAgentsView.vue'),
+    },
+    {
+      path: '/hermes/about',
+      name: 'hermes.about',
+      component: () => import('@/views/hermes/AboutView.vue'),
+    },
+    {
+      path: '/hermes/version-preview',
+      name: 'hermes.versionPreview',
+      component: () => import('@/views/hermes/VersionPreviewView.vue'),
+      meta: { requiresSuperAdmin: true },
+    },
+    {
+      path: '/hermes/mcp',
+      name: 'hermes.mcp',
+      component: () => import('@/views/hermes/McpManagerView.vue'),
+      meta: { requiresSuperAdmin: true },
+    },
+  ],
+})
+
+router.beforeEach((to, _from, next) => {
+  // Public pages don't need auth
+  if (to.meta.public) {
+    // Already has key, skip login
+    if (to.name === 'login' && hasApiKey()) {
+      next({ path: '/hermes/chat' })
+      return
+    }
+    next()
+    return
+  }
+
+  // All other pages require token
+  if (!hasApiKey()) {
+    next({ name: 'login' })
+    return
+  }
+
+  if (to.meta.requiresSuperAdmin && !isStoredSuperAdmin()) {
+    next({ name: 'hermes.chat' })
+    return
+  }
+
+  next()
+})
+
+export default router
diff --git a/packages/client/src/shared/session-display.ts b/packages/client/src/shared/session-display.ts
new file mode 100644
index 0000000..6648b99
--- /dev/null
+++ b/packages/client/src/shared/session-display.ts
@@ -0,0 +1,38 @@
+const SOURCE_LABELS: Record<string, string> = {
+  telegram: 'Telegram',
+  api_server: 'API Server',
+  cli: 'CLI',
+  discord: 'Discord',
+  slack: 'Slack',
+  matrix: 'Matrix',
+  whatsapp: 'WhatsApp',
+  signal: 'Signal',
+  email: 'Email',
+  sms: 'SMS',
+  dingtalk: 'DingTalk',
+  feishu: 'Feishu',
+  wecom: 'WeCom',
+  weixin: 'WeChat',
+  bluebubbles: 'iMessage',
+  mattermost: 'Mattermost',
+  cron: 'Cron',
+}
+
+export function getSourceLabel(source?: string): string {
+  if (!source) return ''
+  return SOURCE_LABELS[source] || source
+}
+
+export function formatTimestampMs(timestamp: number): string {
+  if (!timestamp) return ''
+  const date = new Date(timestamp)
+  const now = new Date()
+  if (date.toDateString() === now.toDateString()) {
+    return date.toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' })
+  }
+  return date.toLocaleDateString([], { month: 'short', day: 'numeric' })
+}
+
+export function formatTimestampSeconds(timestamp: number): string {
+  return formatTimestampMs(timestamp * 1000)
+}
diff --git a/packages/client/src/stores/hermes/app.ts b/packages/client/src/stores/hermes/app.ts
new file mode 100644
index 0000000..d55b114
--- /dev/null
+++ b/packages/client/src/stores/hermes/app.ts
@@ -0,0 +1,365 @@
+import { defineStore } from 'pinia'
+import { ref } from 'vue'
+import {
+  checkHealth,
+  fetchAvailableModels,
+  addCustomModel as persistCustomModel,
+  removeCustomModel as deletePersistedCustomModel,
+  updateDefaultModel,
+  updateModelVisibility,
+  triggerUpdate,
+  updateModelAlias,
+  type AvailableModelGroup,
+  type AvailableModelsResponse,
+  type ProfileAvailableModels,
+  type ModelVisibility,
+  type ModelVisibilityRule,
+} from '@/api/hermes/system'
+import { hasApiKey } from '@/api/client'
+
+const WEB_UI_VERSION = __APP_VERSION__
+
+const SIDEBAR_COLLAPSED_KEY = 'hermes_sidebar_collapsed'
+const ACTIVE_PROFILE_STORAGE_KEY = 'hermes_active_profile_name'
+const MODELS_CACHE_TTL_MS = 30000
+
+export const useAppStore = defineStore('app', () => {
+  const sidebarOpen = ref(false)
+  // Desktop-only collapsed state (icon-rail mode). Persisted to localStorage.
+  const sidebarCollapsed = ref(localStorage.getItem(SIDEBAR_COLLAPSED_KEY) === '1')
+
+  const connected = ref(false)
+  const serverVersion = ref(WEB_UI_VERSION)
+  const latestVersion = ref('')
+  const updateAvailable = ref(false)
+  const clientOutdated = ref(false)
+  const updating = ref(false)
+  const modelGroups = ref<AvailableModelGroup[]>([])
+  const profileModelGroups = ref<ProfileAvailableModels[]>([])
+  const selectedModel = ref('')
+  const selectedProvider = ref('')
+  const customModels = ref<Record<string, string[]>>({})
+  const modelAliases = ref<Record<string, Record<string, string>>>({})
+  const modelVisibility = ref<ModelVisibility>({})
+  const healthPollTimer = ref<ReturnType<typeof setInterval>>()
+  const nodeVersion = ref('')
+
+  // Settings
+  const streamEnabled = ref(true)
+  const sessionPersistence = ref(true)
+  const maxTokens = ref(4096)
+  let modelsLoadPromise: Promise<void> | null = null
+  let modelsLastRequestedAt = 0
+
+  async function doUpdate(): Promise<boolean> {
+    updating.value = true
+    try {
+      const res = await triggerUpdate()
+      if (res.success) {
+        updateAvailable.value = false
+        await checkConnection()
+      }
+      return res.success
+    } catch (err) {
+      console.error('Failed to update Hermes Web UI:', err)
+      return false
+    } finally {
+      updating.value = false
+    }
+  }
+
+  async function checkConnection() {
+    try {
+      const res = await checkHealth()
+      connected.value = res.status === 'ok'
+      if (res.webui_version) serverVersion.value = res.webui_version
+      clientOutdated.value = !!res.webui_version && res.webui_version !== WEB_UI_VERSION
+      if (res.webui_latest) latestVersion.value = res.webui_latest
+      updateAvailable.value = !!res.webui_update_available
+      if (res.node_version) nodeVersion.value = res.node_version
+    } catch {
+      connected.value = false
+      clientOutdated.value = false
+    }
+  }
+
+  function applyAvailableModelsResponse(res: AvailableModelsResponse) {
+    modelGroups.value = res.groups
+    profileModelGroups.value = res.profiles || []
+    modelAliases.value = res.model_aliases || {}
+    modelVisibility.value = res.model_visibility || {}
+    customModels.value = res.custom_models || {}
+
+    const activeProfileName = localStorage.getItem(ACTIVE_PROFILE_STORAGE_KEY) || ''
+    const activeProfileModels = activeProfileName
+      ? profileModelGroups.value.find(entry => entry.profile === activeProfileName)
+      : undefined
+    const defaultSource = activeProfileModels || res
+    const defaultGroups = defaultSource.groups || []
+    const defaultModel = defaultSource.default || ''
+    const defaultProvider = defaultSource.default_provider || ''
+    const explicitGroup = defaultGroups.find(g => g.provider === defaultProvider && g.models.includes(defaultModel))
+    const inferredGroup = defaultGroups.find(g => g.models.includes(defaultModel))
+    const fallbackGroup = defaultGroups.find(g => g.models.length > 0)
+
+    const providerGroup = defaultProvider ? defaultGroups.find(g => g.provider === defaultProvider) : undefined
+    const allProvider = defaultProvider ? res.allProviders.find(g => g.provider === defaultProvider) : undefined
+    const providerCatalog = providerGroup?.available_models?.length
+      ? providerGroup.available_models
+      : allProvider?.available_models?.length
+        ? allProvider.available_models
+        : allProvider?.models || []
+    const visibilityRule = defaultProvider ? modelVisibility.value[defaultProvider] : undefined
+    const hiddenByVisibility = !!(
+      defaultModel &&
+      visibilityRule?.mode === 'include' &&
+      !visibilityRule.models.includes(defaultModel) &&
+      (providerCatalog.length === 0 || providerCatalog.includes(defaultModel))
+    )
+    const unlistedDefault = !!(
+      defaultModel &&
+      defaultProvider &&
+      providerGroup &&
+      !providerGroup.models.includes(defaultModel) &&
+      !hiddenByVisibility
+    )
+
+    if (explicitGroup || inferredGroup) {
+      const selectedGroup = explicitGroup || inferredGroup!
+      selectedModel.value = defaultModel
+      selectedProvider.value = selectedGroup.provider
+    } else if (unlistedDefault) {
+      selectedModel.value = defaultModel
+      selectedProvider.value = defaultProvider
+      customModels.value = {
+        ...customModels.value,
+        [defaultProvider]: Array.from(new Set([...(customModels.value[defaultProvider] || []), defaultModel])),
+      }
+    } else if (fallbackGroup) {
+      selectedModel.value = fallbackGroup.models[0]
+      selectedProvider.value = fallbackGroup.provider
+    } else {
+      selectedModel.value = ''
+      selectedProvider.value = ''
+    }
+  }
+
+  async function loadModels(force = false) {
+    if (!hasApiKey()) return
+    if (!force && modelsLoadPromise) return modelsLoadPromise
+    if (!force && modelsLastRequestedAt > 0 && Date.now() - modelsLastRequestedAt < MODELS_CACHE_TTL_MS) return
+    modelsLastRequestedAt = Date.now()
+    modelsLoadPromise = (async () => {
+      try {
+        const res = await fetchAvailableModels()
+        applyAvailableModelsResponse(res)
+      } catch {
+        // ignore
+      } finally {
+        modelsLoadPromise = null
+      }
+    })()
+    return modelsLoadPromise
+  }
+
+  async function waitForModelsForRun(timeoutMs = 15000) {
+    if (!hasApiKey()) return
+    const pending = modelsLoadPromise || (modelsLastRequestedAt === 0 ? loadModels() : null)
+    if (!pending) return
+    await Promise.race([
+      pending,
+      new Promise<void>(resolve => setTimeout(resolve, timeoutMs)),
+    ])
+  }
+
+  async function reloadModels() {
+    return loadModels(true)
+  }
+
+  function getModelAlias(modelId: string, provider?: string): string {
+    if (provider) return modelAliases.value[provider]?.[modelId] || ''
+    for (const aliases of Object.values(modelAliases.value)) {
+      if (aliases[modelId]) return aliases[modelId]
+    }
+    return ''
+  }
+
+  function displayModelName(modelId: string, provider?: string): string {
+    return getModelAlias(modelId, provider) || modelId
+  }
+
+  function removeModelFromGroupList(groups: AvailableModelGroup[], provider: string, modelId: string): AvailableModelGroup[] {
+    return groups.map(group => {
+      if (group.provider !== provider) return group
+      return {
+        ...group,
+        models: group.models.filter(model => model !== modelId),
+        available_models: group.available_models?.filter(model => model !== modelId),
+      }
+    })
+  }
+
+  function removeModelFromLoadedGroups(provider: string, modelId: string) {
+    modelGroups.value = removeModelFromGroupList(modelGroups.value, provider, modelId)
+    profileModelGroups.value = profileModelGroups.value.map(profileEntry => ({
+      ...profileEntry,
+      groups: removeModelFromGroupList(profileEntry.groups, provider, modelId),
+    }))
+  }
+
+  async function setModelAlias(modelId: string, provider: string, alias: string) {
+    const cleanAlias = alias.trim()
+    await updateModelAlias({ provider, model: modelId, alias: cleanAlias })
+    const next = { ...modelAliases.value }
+    const providerAliases = { ...(next[provider] || {}) }
+    if (cleanAlias) {
+      providerAliases[modelId] = cleanAlias
+      next[provider] = providerAliases
+    } else {
+      delete providerAliases[modelId]
+      if (Object.keys(providerAliases).length > 0) next[provider] = providerAliases
+      else delete next[provider]
+    }
+    modelAliases.value = next
+  }
+
+  async function switchModel(modelId: string, providerOverride?: string) {
+    try {
+      // Find the group containing this model to get provider info
+      const group = modelGroups.value.find(g => g.models.includes(modelId))
+      const provider = providerOverride || group?.provider || ''
+      await updateDefaultModel({ default: modelId, provider })
+      selectedModel.value = modelId
+      selectedProvider.value = provider || ''
+      // Track as custom if not already in the server-fetched list
+      if (provider && !modelGroups.value.find(g => g.provider === provider)?.models.includes(modelId)) {
+        const res = await persistCustomModel({ provider, model: modelId })
+        customModels.value = res.custom_models || {}
+      }
+    } catch (err: any) {
+      console.error('Failed to switch model:', err)
+    }
+  }
+
+  async function removeCustomModel(modelId: string, provider: string) {
+    const providerModels = customModels.value[provider] || []
+    if (!providerModels.includes(modelId)) return
+
+    const nextCustomModels = { ...customModels.value }
+    const remaining = providerModels.filter(m => m !== modelId)
+    if (remaining.length > 0) nextCustomModels[provider] = remaining
+    else delete nextCustomModels[provider]
+    try {
+      const res = await deletePersistedCustomModel({ provider, model: modelId })
+      customModels.value = res.custom_models || nextCustomModels
+    } catch (err) {
+      console.error('Failed to remove custom model:', err)
+      customModels.value = nextCustomModels
+    }
+    removeModelFromLoadedGroups(provider, modelId)
+
+    if (selectedModel.value === modelId && selectedProvider.value === provider) {
+      const providerGroup = modelGroups.value.find(g => g.provider === provider && g.models.length > 0)
+      const fallbackGroup = providerGroup || modelGroups.value.find(g => g.models.length > 0)
+      if (fallbackGroup) {
+        await switchModel(fallbackGroup.models[0], fallbackGroup.provider)
+      } else {
+        selectedModel.value = ''
+        selectedProvider.value = ''
+      }
+    }
+  }
+
+  function getProviderVisibility(provider: string): ModelVisibilityRule {
+    return modelVisibility.value[provider] || { mode: 'all', models: [] }
+  }
+
+  function isModelVisible(provider: string, model: string): boolean {
+    const rule = getProviderVisibility(provider)
+    return rule.mode !== 'include' || rule.models.includes(model)
+  }
+
+  async function setModelVisibility(provider: string, rule: ModelVisibilityRule) {
+    const res = await updateModelVisibility({ provider, mode: rule.mode, models: rule.models })
+    modelVisibility.value = res.model_visibility || {}
+    await reloadModels()
+  }
+
+  function startHealthPolling(interval = 30000) {
+    stopHealthPolling()
+    checkConnection()
+    healthPollTimer.value = setInterval(checkConnection, interval)
+  }
+
+  function stopHealthPolling() {
+    if (healthPollTimer.value) {
+      clearInterval(healthPollTimer.value)
+      healthPollTimer.value = undefined
+    }
+  }
+
+  function reloadClient() {
+    const url = new URL(window.location.href)
+    url.searchParams.set('__hwui_reload', Date.now().toString())
+    window.location.replace(url.toString())
+  }
+
+  function toggleSidebar() {
+    sidebarOpen.value = !sidebarOpen.value
+  }
+
+  function closeSidebar() {
+    sidebarOpen.value = false
+  }
+
+  function toggleSidebarCollapsed() {
+    sidebarCollapsed.value = !sidebarCollapsed.value
+    try {
+      localStorage.setItem(SIDEBAR_COLLAPSED_KEY, sidebarCollapsed.value ? '1' : '0')
+    } catch {
+      // ignore quota errors — fallback to in-memory only
+    }
+  }
+
+  return {
+    sidebarOpen,
+    sidebarCollapsed,
+    toggleSidebar,
+    closeSidebar,
+    toggleSidebarCollapsed,
+    connected,
+    serverVersion,
+    latestVersion,
+    nodeVersion,
+    updateAvailable,
+    clientOutdated,
+    updating,
+    doUpdate,
+    reloadClient,
+    modelGroups,
+    profileModelGroups,
+    customModels,
+    modelAliases,
+    modelVisibility,
+    selectedModel,
+    selectedProvider,
+    streamEnabled,
+    sessionPersistence,
+    maxTokens,
+    checkConnection,
+    loadModels,
+    waitForModelsForRun,
+    reloadModels,
+    applyAvailableModelsResponse,
+    switchModel,
+    removeCustomModel,
+    getModelAlias,
+    displayModelName,
+    setModelAlias,
+    getProviderVisibility,
+    isModelVisible,
+    setModelVisibility,
+    startHealthPolling,
+    stopHealthPolling,
+  }
+})
diff --git a/packages/client/src/stores/hermes/chat.ts b/packages/client/src/stores/hermes/chat.ts
new file mode 100644
index 0000000..8cce8a3
--- /dev/null
+++ b/packages/client/src/stores/hermes/chat.ts
@@ -0,0 +1,2694 @@
+import { startRunViaSocket, resumeSession, registerSessionHandlers, unregisterSessionHandlers, getChatRunSocket, respondToolApproval, onPeerUserMessage, onSessionCommand, respondClarify, type RunEvent, type ResumeSessionPayload, type ContentBlock as ContentBlockImport } from '@/api/hermes/chat'
+import { deleteSession as deleteSessionApi, fetchSessionMessagesPage, fetchSessions, setSessionModel, type HermesMessage, type SessionSummary } from '@/api/hermes/sessions'
+import { getActiveProfileName } from '@/api/client'
+import { getDownloadUrl } from '@/api/hermes/download'
+import { defineStore } from 'pinia'
+import { ref, computed } from 'vue'
+import { useAppStore } from './app'
+import { useProfilesStore } from './profiles'
+import { useSettingsStore } from './settings'
+import { primeCompletionSound, playCompletionSound } from '@/utils/completion-sound'
+import { detectThinkingBoundary } from '@/utils/thinking-parser'
+
+// Re-export ContentBlock for convenience
+export type ContentBlock = ContentBlockImport
+
+export interface Attachment {
+  id: string
+  name: string
+  type: string
+  size: number
+  url: string
+  file?: File
+}
+
+export interface Message {
+  id: string
+  role: 'user' | 'assistant' | 'system' | 'tool' | 'command'
+  content: string
+  timestamp: number
+  toolName?: string
+  toolCallId?: string
+  toolPreview?: string
+  toolArgs?: string
+  toolResult?: string
+  toolStatus?: 'running' | 'done' | 'error'
+  toolDuration?: number  // 工具执行时长（秒）
+  isStreaming?: boolean
+  attachments?: Attachment[]
+  // 思考/推理文本。两条来源：
+  //   1) 历史消息：来自 HermesMessage.reasoning 字段
+  //   2) 流式：由 reasoning.delta / thinking.delta / reasoning.available 事件累加
+  // 不含 <think> 包裹标签；内容自身可以为多段纯文本。
+  reasoning?: string
+  queued?: boolean
+  systemType?: 'command' | 'error'
+  commandAction?: string
+  commandData?: Record<string, unknown>
+}
+
+export interface PendingApproval {
+  sessionId: string
+  approvalId: string
+  command: string
+  description: string
+  choices: Array<'once' | 'session' | 'always' | 'deny'>
+  allowPermanent: boolean
+  requestedAt: number
+}
+
+export interface PendingClarify {
+  sessionId: string
+  clarifyId: string
+  question: string
+  choices: string[] | null
+  timeoutMs: number
+  requestedAt: number
+}
+
+export interface Session {
+  id: string
+  profile?: string
+  title: string
+  source?: string
+  messages: Message[]
+  createdAt: number
+  updatedAt: number
+  model?: string
+  provider?: string
+  messageCount?: number
+  messageTotal?: number
+  loadedMessageCount?: number
+  hasMoreBefore?: boolean
+  isLoadingOlderMessages?: boolean
+  inputTokens?: number
+  outputTokens?: number
+  contextTokens?: number
+  endedAt?: number | null
+  lastActiveAt?: number
+  workspace?: string | null
+}
+
+interface CompressionState {
+  compressing: boolean
+  messageCount: number
+  beforeTokens: number
+  afterTokens: number
+  compressed: boolean | null
+  error?: string
+}
+
+function uid(): string {
+  return Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+}
+
+function isToolOutputError(output: unknown): boolean {
+  if (typeof output !== 'string' || !output.trim()) return false
+  try {
+    const parsed = JSON.parse(output)
+    if (parsed && typeof parsed === 'object') {
+      const record = parsed as Record<string, unknown>
+      if (record.success === false) return true
+      if (record.error != null && String(record.error).trim() !== '') return true
+    }
+  } catch {
+    return false
+  }
+  return false
+}
+
+async function uploadFiles(attachments: Attachment[]): Promise<{ name: string; path: string }[]> {
+  if (attachments.length === 0) return []
+  const formData = new FormData()
+  for (const att of attachments) {
+    if (att.file) formData.append('file', att.file, att.name)
+  }
+  const token = localStorage.getItem('hermes_api_key') || ''
+  const profileName = getActiveProfileName()
+  const headers: Record<string, string> = {}
+  if (token) headers.Authorization = `Bearer ${token}`
+  if (profileName) headers['X-Hermes-Profile'] = profileName
+  const res = await fetch('/upload', {
+    method: 'POST',
+    body: formData,
+    headers,
+  })
+  if (!res.ok) throw new Error(`Upload failed: ${res.status}`)
+  const data = await res.json() as { files: { name: string; path: string }[] }
+  return data.files
+}
+
+async function buildContentBlocks(
+  content: string,
+  attachments?: Attachment[],
+  uploadedFiles?: { name: string; path: string }[]
+): Promise<ContentBlock[]> {
+  const blocks: ContentBlock[] = []
+
+  // Add text block if content is not empty
+  if (content.trim()) {
+    blocks.push({ type: 'text', text: content.trim() })
+  }
+
+  // Add attachment blocks using uploaded file paths
+  if (attachments && attachments.length > 0 && uploadedFiles) {
+    for (let i = 0; i < uploadedFiles.length; i++) {
+      const uploaded = uploadedFiles[i]
+      const attachment = attachments[i]
+
+      // Check if it's an image
+      if (attachment?.type.startsWith('image/')) {
+        blocks.push({
+          type: 'image',
+          name: uploaded.name,
+          path: uploaded.path,
+          media_type: attachment.type,
+        })
+      } else {
+        // Other files
+        blocks.push({
+          type: 'file',
+          name: uploaded.name,
+          path: uploaded.path,
+          media_type: attachment?.type,
+        })
+      }
+    }
+  }
+
+  return blocks
+}
+
+function mapHermesMessages(msgs: HermesMessage[]): Message[] {
+  // Filter out assistant messages with no display content unless they carry tool call metadata
+  // needed to name later tool result rows when resuming persisted history.
+  const filteredMsgs = msgs.filter(m => {
+    if (m.role === 'assistant') {
+      return (m.tool_calls?.length || 0) > 0 || (m.content && m.content.trim() !== '')
+    }
+    return true
+  })
+
+  // Build lookups from assistant messages with tool_calls
+  const toolNameMap = new Map<string, string>()
+  const toolArgsMap = new Map<string, string>()
+  for (const msg of filteredMsgs) {
+    if (msg.role === 'assistant' && msg.tool_calls) {
+      for (const tc of msg.tool_calls) {
+        if (tc.id) {
+          if (tc.function?.name) toolNameMap.set(tc.id, tc.function.name)
+          if (tc.function?.arguments) toolArgsMap.set(tc.id, tc.function.arguments)
+        }
+      }
+    }
+  }
+
+  const result: Message[] = []
+  for (const msg of filteredMsgs) {
+    // Skip assistant messages that only contain tool_calls (no meaningful content)
+    if (msg.role === 'assistant' && msg.tool_calls?.length && !msg.content?.trim()) {
+      // Emit a tool.started message for each tool call
+      for (const tc of msg.tool_calls) {
+        result.push({
+          id: String(msg.id) + '_' + tc.id,
+          role: 'tool',
+          content: '',
+          timestamp: Math.round(msg.timestamp * 1000),
+          toolName: tc.function?.name || undefined,
+          toolCallId: tc.id,
+          toolArgs: tc.function?.arguments || undefined,
+          toolStatus: 'done',
+        })
+      }
+      continue
+    }
+
+    // Tool result messages
+    if (msg.role === 'tool') {
+      const tcId = msg.tool_call_id || ''
+      const toolName = msg.tool_name || toolNameMap.get(tcId) || undefined
+      const toolArgs = toolArgsMap.get(tcId) || undefined
+      // Extract a short preview from the content
+      let preview = ''
+      if (msg.content) {
+        try {
+          const parsed = JSON.parse(msg.content)
+          preview = parsed.url || parsed.title || parsed.preview || parsed.summary || ''
+        } catch {
+          preview = msg.content.slice(0, 80)
+        }
+      }
+      // Find and remove the matching placeholder from tool_calls above
+      const placeholderIdx = result.findIndex(
+        m => m.role === 'tool' && m.toolName === toolName && !m.toolResult && m.id.includes('_' + tcId)
+      )
+      if (placeholderIdx !== -1) {
+        result.splice(placeholderIdx, 1)
+      }
+      result.push({
+        id: String(msg.id),
+        role: 'tool',
+        content: '',
+        timestamp: Math.round(msg.timestamp * 1000),
+        toolName,
+        toolCallId: tcId || undefined,
+        toolArgs,
+        toolPreview: typeof preview === 'string' ? preview.slice(0, 100) || undefined : undefined,
+        toolResult: msg.content || undefined,
+        toolStatus: 'done',
+      })
+      continue
+    }
+
+    // Normal user/assistant/command messages
+    result.push({
+      id: String(msg.id),
+      role: msg.role,
+      content: msg.content || '',
+      timestamp: Math.round(msg.timestamp * 1000),
+      reasoning: msg.reasoning ? msg.reasoning : undefined,
+      systemType: msg.role === 'command' ? 'command' : undefined,
+    })
+  }
+  return result
+}
+
+function mapHermesSession(s: SessionSummary): Session {
+  return {
+    id: s.id,
+    profile: s.profile || 'default',
+    title: s.title || '',
+    source: s.source || undefined,
+    messages: [],
+    createdAt: Math.round(s.started_at * 1000),
+    updatedAt: Math.round((s.last_active || s.ended_at || s.started_at) * 1000),
+    model: s.model,
+    provider: s.provider || (s as any).billing_provider || '',
+    messageCount: s.message_count,
+    messageTotal: s.message_count,
+    loadedMessageCount: 0,
+    hasMoreBefore: false,
+    inputTokens: s.input_tokens,
+    outputTokens: s.output_tokens,
+    endedAt: s.ended_at != null ? Math.round(s.ended_at * 1000) : null,
+    lastActiveAt: s.last_active != null ? Math.round(s.last_active * 1000) : undefined,
+    workspace: s.workspace || null,
+  }
+}
+
+const STORAGE_KEY_PREFIX = 'hermes_active_session_'
+const LEGACY_STORAGE_KEY = 'hermes_active_session'
+
+// 获取当前 profile 名称，用于隔离缓存。
+// 从 profiles store 的 activeProfileName（同步 localStorage）读取，
+// 避免异步加载导致 chat store 初始化时拿到 null。
+function getProfileName(): string {
+  try {
+    return useProfilesStore().activeProfileName || 'default'
+  } catch {
+    return 'default'
+  }
+}
+
+function storageKey(): string { return STORAGE_KEY_PREFIX + getProfileName() }
+function legacyStorageKey(): string | null { return getProfileName() === 'default' ? LEGACY_STORAGE_KEY : null }
+
+function isQuotaExceededError(error: unknown): boolean {
+  if (!error || typeof error !== 'object') return false
+  const e = error as { name?: string, code?: number }
+  return e.name === 'QuotaExceededError' || e.code === 22 || e.code === 1014
+}
+
+function recoverStorageQuota() {
+  try {
+    // 清理所有会话相关的旧缓存（已完全废弃）
+    const prefixes = [
+      'hermes_sessions_cache_v1_',
+      'hermes_session_msgs_v1_',
+      'hermes_session_pins_v1_',
+      'hermes_human_only_v1_',
+    ]
+    const keysToRemove: string[] = []
+    for (let i = 0; i < localStorage.length; i++) {
+      const key = localStorage.key(i)
+      if (!key) continue
+      if (key === storageKey() || key === LEGACY_STORAGE_KEY) continue
+      if (prefixes.some(prefix => key.startsWith(prefix))) {
+        keysToRemove.push(key)
+      }
+    }
+    keysToRemove.forEach(key => removeItem(key))
+    if (keysToRemove.length > 0) {
+      console.log(`Recovered storage: cleared ${keysToRemove.length} old session cache entries`)
+    }
+  } catch {
+    // ignore
+  }
+}
+
+function setItemBestEffort(key: string, value: string) {
+  try {
+    localStorage.setItem(key, value)
+    return
+  } catch (error) {
+    if (!isQuotaExceededError(error)) return
+  }
+
+  recoverStorageQuota()
+
+  try {
+    localStorage.setItem(key, value)
+  } catch {
+    // quota exceeded or private mode — ignore, cache is best-effort
+  }
+}
+
+function getItemBestEffort(key: string): string | null {
+  try {
+    return localStorage.getItem(key)
+  } catch {
+    return null
+  }
+}
+
+function removeItem(key: string) {
+  try {
+    localStorage.removeItem(key)
+  } catch {
+    // ignore
+  }
+}
+
+// Strip the circular `file: File` reference from attachments before caching —
+// File objects don't serialize and we only need name/type/size/url for display.
+
+export const useChatStore = defineStore('chat', () => {
+  const seenSessionCommandEvents = new WeakSet<RunEvent>()
+  const sessions = ref<Session[]>([])
+  const activeSessionId = ref<string | null>(null)
+  const focusMessageId = ref<string | null>(null)
+  const streamStates = ref<Map<string, { abort: () => void }>>(new Map())
+  /** sessionId → server-reported isWorking status */
+  const serverWorking = ref<Set<string>>(new Set())
+  const sessionProfileFilter = ref<string | null>(null)
+  /** sessionId → queued message count */
+  const queueLengths = ref<Map<string, number>>(new Map())
+  /** sessionId → queued user messages not yet visible in the transcript */
+  const queuedUserMessages = ref<Map<string, Message[]>>(new Map())
+  /** sessionId → queue ids that server reported as dequeued before the peer message arrived */
+  const dequeuedQueueIds = ref<Map<string, Set<string>>>(new Map())
+  const pendingApprovals = ref<Map<string, PendingApproval>>(new Map())
+  const activePendingApproval = computed(() => {
+    const sid = activeSessionId.value
+    return sid ? pendingApprovals.value.get(sid) || null : null
+  })
+
+  const pendingClarifies = ref<Map<string, PendingClarify>>(new Map())
+  const activePendingClarify = computed(() => {
+    const sid = activeSessionId.value
+    return sid ? pendingClarifies.value.get(sid) || null : null
+  })
+
+  // 自动播放语音开关
+  const autoPlaySpeechEnabled = ref(false)
+
+  function setAutoPlaySpeech(enabled: boolean) {
+    autoPlaySpeechEnabled.value = enabled
+  }
+  const isStreaming = computed(() => {
+    const sid = activeSessionId.value
+    if (sid == null) return false
+    return streamStates.value.has(sid) || serverWorking.value.has(sid)
+  })
+  const isLoadingSessions = ref(false)
+  const sessionsLoaded = ref(false)
+  const isLoadingMessages = ref(false)
+  const isRunActive = computed(() => isStreaming.value)
+
+  // Compression state is scoped per session because sockets can stay joined to
+  // background sessions while another chat is active.
+  const compressionStates = ref<Map<string, CompressionState>>(new Map())
+  const compressionState = computed<CompressionState | null>(() => {
+    const sid = activeSessionId.value
+    return sid ? compressionStates.value.get(sid) || null : null
+  })
+
+  function setCompressionState(sessionId: string | null | undefined, state: CompressionState | null) {
+    if (!sessionId) return
+    const next = new Map(compressionStates.value)
+    if (state) next.set(sessionId, state)
+    else next.delete(sessionId)
+    compressionStates.value = next
+  }
+
+  const abortState = ref<{
+    aborting: boolean
+    synced: boolean | null
+    error?: string
+  } | null>(null)
+  const isAborting = computed(() => abortState.value?.aborting === true)
+
+  function setAbortState(state: typeof abortState.value) {
+    abortState.value = state
+  }
+
+  const activeSession = ref<Session | null>(null)
+  const messages = computed<Message[]>(() => activeSession.value?.messages || [])
+
+  function isSessionLive(sessionId: string): boolean {
+    return streamStates.value.has(sessionId) || serverWorking.value.has(sessionId)
+  }
+
+  function clearActiveSession() {
+    const sid = activeSessionId.value
+    activeSessionId.value = null
+    activeSession.value = null
+    focusMessageId.value = null
+    setAbortState(null)
+    setCompressionState(sid, null)
+    removeItem(storageKey())
+  }
+
+  async function loadSessions(profile?: string | null, preferredSessionId?: string | null) {
+    isLoadingSessions.value = true
+    try {
+      const list = await fetchSessions(undefined, undefined, profile || undefined)
+      const fresh = list.map(mapHermesSession)
+      // Preserve already-loaded messages for sessions that are still present,
+      // so we don't blow away the active session's messages on refresh.
+      const runtimeByIdBefore = new Map(sessions.value.map(s => [s.id, {
+        messages: s.messages,
+        contextTokens: s.contextTokens,
+      }]))
+      for (const s of fresh) {
+        const prev = runtimeByIdBefore.get(s.id)
+        if (prev?.messages?.length) s.messages = prev.messages
+        if (prev?.contextTokens != null) s.contextTokens = prev.contextTokens
+      }
+      sessions.value = fresh
+
+      // Restore route-selected session first (tab-local source of truth),
+      // then current in-memory session, then persisted legacy/default choice,
+      // then fallback to the most recent session.
+      const currentId = activeSessionId.value
+      const legacyActiveKey = legacyStorageKey()
+      const storedId = getItemBestEffort(storageKey()) || (legacyActiveKey ? getItemBestEffort(LEGACY_STORAGE_KEY) : null)
+      const targetId = preferredSessionId && sessions.value.some(s => s.id === preferredSessionId)
+        ? preferredSessionId
+        : currentId && sessions.value.some(s => s.id === currentId)
+          ? currentId
+          : storedId && sessions.value.some(s => s.id === storedId)
+            ? storedId
+            : sessions.value[0]?.id
+      if (targetId) {
+        await switchSession(targetId)
+      } else {
+        clearActiveSession()
+      }
+    } catch (err) {
+      console.error('Failed to load sessions:', err)
+    } finally {
+      isLoadingSessions.value = false
+      sessionsLoaded.value = true
+    }
+  }
+
+  // Re-pull active session from server. Used on tab-visible events.
+  async function refreshActiveSession(): Promise<boolean> {
+    const sid = activeSessionId.value
+    if (!sid) return false
+    try {
+      const target = sessions.value.find(s => s.id === sid)
+      if (!target) return false
+      const limit = Math.max(target.loadedMessageCount || 300, 300)
+      const detail = await fetchSessionMessagesPage(sid, 0, limit, activeSession.value?.profile)
+      if (!detail) return false
+      const mapped = mapHermesMessages(detail.messages || [])
+      target.messages = mapped
+      target.loadedMessageCount = detail.messages.length
+      target.messageTotal = detail.total
+      target.messageCount = detail.total
+      target.hasMoreBefore = detail.hasMore
+      if (detail.session.title) target.title = detail.session.title
+      return true
+    } catch (err) {
+      console.error('Failed to refresh active session:', err)
+      return false
+    }
+  }
+
+
+  function createSession(options: { profile?: string; model?: string; provider?: string } = {}): Session {
+    const session: Session = {
+      id: uid(),
+      profile: options.profile || useProfilesStore().activeProfileName || 'default',
+      title: '',
+      source: 'cli',
+      messages: [],
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+      model: options.model || undefined,
+      provider: options.provider || '',
+    }
+    sessions.value.unshift(session)
+    return session
+  }
+
+  function newCliSession(): Session {
+    const now = new Date()
+    const ts = [
+      now.getFullYear(),
+      String(now.getMonth() + 1).padStart(2, '0'),
+      String(now.getDate()).padStart(2, '0'),
+      '_',
+      String(now.getHours()).padStart(2, '0'),
+      String(now.getMinutes()).padStart(2, '0'),
+      String(now.getSeconds()).padStart(2, '0'),
+    ].join('')
+    const hex = Math.random().toString(16).slice(2, 8)
+    const session: Session = {
+      id: `${ts}_${hex}`,
+      title: '',
+      source: 'cli',
+      messages: [],
+      createdAt: Date.now(),
+      updatedAt: Date.now(),
+    }
+    sessions.value.unshift(session)
+    return session
+  }
+
+  async function switchSession(sessionId: string, focusId?: string | null) {
+    clearThinkingObservationFor(sessionId)
+    activeSessionId.value = sessionId
+    focusMessageId.value = focusId ?? null
+    setItemBestEffort(storageKey(), sessionId)
+    const legacyActiveKey = legacyStorageKey()
+    if (legacyActiveKey) removeItem(legacyActiveKey)
+    activeSession.value = sessions.value.find(s => s.id === sessionId) || null
+
+    if (!activeSession.value) return
+
+    isLoadingMessages.value = true
+
+    try {
+      // Load messages via Socket.IO resume (server loads from DB if not in memory)
+      await new Promise<void>((resolve, reject) => {
+        const timeout = setTimeout(() => reject(new Error('resume timeout')), 15_000)
+        resumeSession(sessionId, (data) => {
+          clearTimeout(timeout)
+          if (data.session_id !== sessionId || activeSessionId.value !== sessionId) {
+            resolve()
+            return
+          }
+          const target = sessions.value.find(s => s.id === sessionId)
+          if (!target) {
+            resolve()
+            return
+          }
+          if (data.isWorking) {
+            serverWorking.value.add(sessionId)
+          } else {
+            serverWorking.value.delete(sessionId)
+          }
+          if (data.queueLength && data.queueLength > 0) {
+            queueLengths.value.set(sessionId, data.queueLength)
+          } else {
+            queueLengths.value.delete(sessionId)
+          }
+          if (Array.isArray((data as any).queueMessages)) {
+            replaceQueuedUserMessages(sessionId, normalizeQueuedUserMessages((data as any).queueMessages))
+          } else if (!data.queueLength) {
+            replaceQueuedUserMessages(sessionId, [])
+          }
+          if ((data as any).isAborting) {
+            setAbortState({ aborting: true, synced: null })
+          } else if (!data.isWorking) {
+            setAbortState(null)
+          }
+          if (!data.isWorking) setCompressionState(sessionId, null)
+          if (data.inputTokens != null) target.inputTokens = data.inputTokens
+          if (data.outputTokens != null) target.outputTokens = data.outputTokens
+          if ((data as any).contextTokens != null) target.contextTokens = (data as any).contextTokens
+          if (data.messages?.length) {
+            target.messages = mapHermesMessages(data.messages as any[])
+            target.loadedMessageCount = data.messageLoadedCount ?? data.messages.length
+            target.messageTotal = data.messageTotal ?? target.messageCount ?? target.loadedMessageCount
+            target.messageCount = target.messageTotal
+            target.hasMoreBefore = data.hasMoreBefore ?? target.loadedMessageCount < target.messageTotal
+          }
+          if (!target.title) {
+            const firstUser = target.messages.find(m => m.role === 'user')
+            if (firstUser) {
+              const t = firstUser.content.slice(0, 40)
+              target.title = t + (firstUser.content.length > 40 ? '...' : '')
+            }
+          }
+          activeSession.value = target
+          // Process replayed events (compression state etc.)
+          if (data.events?.length) {
+            for (const evt of data.events) {
+              const e = evt.data as any
+              if (e.event === 'compression.started') {
+                setCompressionState(sessionId, {
+                  compressing: true,
+                  messageCount: e.message_count || 0,
+                  beforeTokens: e.token_count || 0,
+                  afterTokens: 0,
+                  compressed: null,
+                })
+              } else if (e.event === 'compression.completed') {
+                const afterTokens = e.contextTokens || e.afterTokens || 0
+                setCompressionState(sessionId, {
+                  compressing: false,
+                  messageCount: e.totalMessages || 0,
+                  beforeTokens: e.beforeTokens || 0,
+                  afterTokens,
+                  compressed: e.compressed ?? false,
+                  error: e.error,
+                })
+                if (e.contextTokens != null) target.contextTokens = e.contextTokens
+              } else if (e.event === 'abort.started') {
+                setAbortState({ aborting: true, synced: null })
+              } else if (e.event === 'abort.completed') {
+                setAbortState({ aborting: false, synced: e.synced ?? false })
+              } else if (e.event === 'approval.requested') {
+                setPendingApproval({ ...e, session_id: sessionId } as RunEvent)
+              } else if (e.event === 'approval.resolved') {
+                clearPendingApproval({ ...e, session_id: sessionId } as RunEvent)
+              } else if (e.event === 'clarify.requested') {
+                setPendingClarify({ ...e, session_id: sessionId } as RunEvent)
+              } else if (e.event === 'clarify.resolved') {
+                clearPendingClarify({ ...e, session_id: sessionId } as RunEvent)
+              } else if (e.event === 'run.failed') {
+                addAgentErrorMessage(sessionId, e.error)
+                serverWorking.value.delete(sessionId)
+                queueLengths.value.delete(sessionId)
+              } else if (e.event === 'tool.started') {
+                const msgs = getSessionMsgs(sessionId)
+                const toolCallId = e.tool_call_id as string | undefined
+                const existingTool = toolCallId
+                  ? msgs.find(m => m.role === 'tool' && m.toolCallId === toolCallId)
+                  : null
+                if (existingTool) {
+                  updateMessage(sessionId, existingTool.id, {
+                    toolName: e.tool || e.name,
+                    toolArgs: typeof e.arguments === 'string' ? e.arguments : existingTool.toolArgs,
+                    toolPreview: e.preview || existingTool.toolPreview,
+                    toolStatus: existingTool.toolStatus || 'running',
+                  })
+                } else {
+                  addMessage(sessionId, {
+                    id: uid(),
+                    role: 'tool',
+                    content: '',
+                    timestamp: Date.now(),
+                    toolName: e.tool || e.name,
+                    toolCallId,
+                    toolPreview: e.preview,
+                    toolArgs: typeof e.arguments === 'string' ? e.arguments : undefined,
+                    toolStatus: 'running',
+                  })
+                }
+              } else if (e.event === 'tool.completed') {
+                const msgs = getSessionMsgs(sessionId)
+                const toolCallId = e.tool_call_id as string | undefined
+                const toolMsgs = toolCallId
+                  ? msgs.filter(m => m.role === 'tool' && m.toolCallId === toolCallId)
+                  : msgs.filter(m => m.role === 'tool' && m.toolStatus === 'running')
+                if (toolMsgs.length > 0) {
+                  const output = typeof e.output === 'string' ? e.output : undefined
+                  updateMessage(sessionId, toolMsgs[toolMsgs.length - 1].id, {
+                    toolStatus: e.error === true || isToolOutputError(output) ? 'error' : 'done',
+                    toolDuration: e.duration,
+                    toolResult: output,
+                  })
+                }
+              } else if (String(e.event || '').startsWith('subagent.')) {
+                handleSubagentEvent(sessionId, e as RunEvent)
+              }
+            }
+          }
+          resolve()
+        }, activeSession.value?.profile)
+      })
+    } catch (err) {
+      console.error('Failed to load session messages via resume:', err)
+    } finally {
+      isLoadingMessages.value = false
+    }
+
+    // Resume in-flight run event listeners if needed
+    if (activeSessionId.value === sessionId) {
+      resumeServerWorkingRun(sessionId)
+    }
+  }
+
+  async function loadOlderMessages(sessionId = activeSessionId.value): Promise<boolean> {
+    if (!sessionId) return false
+    const target = sessions.value.find(s => s.id === sessionId)
+    if (!target || target.isLoadingOlderMessages || !target.hasMoreBefore) return false
+    const offset = target.loadedMessageCount || 0
+    const limit = 300
+    target.isLoadingOlderMessages = true
+    try {
+      const page = await fetchSessionMessagesPage(sessionId, offset, limit, target.profile)
+      if (!page || page.messages.length === 0) {
+        target.hasMoreBefore = false
+        return false
+      }
+
+      const existingIds = new Set(target.messages.map(message => message.id))
+      const olderMessages = mapHermesMessages(page.messages).filter(message => !existingIds.has(message.id))
+      target.messages = [...olderMessages, ...target.messages]
+      target.loadedMessageCount = offset + page.messages.length
+      target.messageTotal = page.total
+      target.messageCount = page.total
+      target.hasMoreBefore = page.hasMore
+      return olderMessages.length > 0
+    } catch (err) {
+      console.error('Failed to load older session messages:', err)
+      return false
+    } finally {
+      target.isLoadingOlderMessages = false
+    }
+  }
+
+  function newChat(options: { profile?: string; model?: string; provider?: string } = {}): Session {
+    const appStore = useAppStore()
+    const session = createSession({
+      profile: options.profile,
+      model: options.model || appStore.selectedModel || undefined,
+      provider: options.provider || appStore.selectedProvider || '',
+    })
+    void switchSession(session.id)
+    return session
+  }
+
+  async function switchSessionModel(modelId: string, provider?: string, sessionId?: string): Promise<boolean> {
+    const targetId = sessionId || activeSession.value?.id
+    if (!targetId) return false
+    const ok = await setSessionModel(targetId, modelId, provider || '')
+    if (!ok) return false
+    const target = sessions.value.find(s => s.id === targetId)
+    if (target) {
+      target.model = modelId
+      target.provider = provider || ''
+    }
+    if (activeSession.value?.id === targetId) {
+      activeSession.value.model = modelId
+      activeSession.value.provider = provider || ''
+    }
+    return true
+  }
+
+  async function deleteSession(sessionId: string) {
+    const target = sessions.value.find(s => s.id === sessionId)
+    await deleteSessionApi(sessionId, target?.profile)
+    sessions.value = sessions.value.filter(s => s.id !== sessionId)
+    if (activeSessionId.value === sessionId) {
+      if (sessions.value.length > 0) {
+        await switchSession(sessions.value[0].id)
+      } else {
+        const session = createSession()
+        switchSession(session.id)
+      }
+    }
+  }
+
+  function getSessionMsgs(sessionId: string): Message[] {
+    const s = sessions.value.find(s => s.id === sessionId)
+    return s?.messages || []
+  }
+
+  function addMessage(sessionId: string, msg: Message) {
+    const s = sessions.value.find(s => s.id === sessionId)
+    if (s) s.messages.push(msg)
+  }
+
+  function addOrUpdateSession(session: Session) {
+    const existingIndex = sessions.value.findIndex(s => s.id === session.id)
+    if (existingIndex !== -1) {
+      // Update existing session
+      sessions.value[existingIndex] = session
+    } else {
+      // Add new session
+      sessions.value.push(session)
+    }
+  }
+
+  function updateMessage(sessionId: string, id: string, update: Partial<Message>) {
+    const s = sessions.value.find(s => s.id === sessionId)
+    if (!s) return
+    const idx = s.messages.findIndex(m => m.id === id)
+    if (idx !== -1) {
+      s.messages[idx] = { ...s.messages[idx], ...update }
+    }
+  }
+
+  function clearAgentEventMessages(sessionId: string) {
+    const s = sessions.value.find(s => s.id === sessionId)
+    if (!s) return
+    s.messages = s.messages.filter(m => m.commandAction !== 'agent.event')
+  }
+
+  function handleSubagentEvent(sessionId: string, evt: RunEvent) {
+    const eventName = String(evt.event || '')
+    if (!eventName.startsWith('subagent.')) return
+
+    const subagentId = String((evt as any).subagent_id || `${(evt as any).task_index ?? 0}`)
+    const toolCallId = `subagent:${evt.run_id || 'run'}:${subagentId}`
+    const taskIndex = Number((evt as any).task_index ?? 0)
+    const taskCount = Number((evt as any).task_count ?? 1)
+    const label = `${taskIndex + 1}/${Math.max(1, taskCount || 1)}`
+    const toolName = String((evt as any).tool || (evt as any).name || '')
+    const toolCount = Number((evt as any).tool_count || 0)
+    const goal = String((evt as any).goal || '').trim()
+    const text = String(evt.text || evt.preview || '').trim()
+    const summary = String((evt as any).summary || '').trim()
+    const duration = Number((evt as any).duration_seconds ?? (evt as any).duration)
+
+    let preview = text || summary || goal
+    if (eventName === 'subagent.start') {
+      preview = `subagent ${label} started${goal ? `: ${goal}` : ''}`
+    } else if (eventName === 'subagent.tool') {
+      const prefix = `subagent ${label}${toolCount ? ` turn ${toolCount}` : ''}`
+      preview = `${prefix}${toolName ? `: ${toolName}` : ''}${text ? ` - ${text}` : ''}`
+    } else if (eventName === 'subagent.progress') {
+      preview = `subagent ${label}: ${text || 'working'}`
+    } else if (eventName === 'subagent.complete') {
+      const status = String((evt as any).status || 'completed')
+      preview = `subagent ${label} ${status}${summary ? `: ${summary}` : ''}`
+    }
+
+    const msgs = getSessionMsgs(sessionId)
+    const existing = msgs.find(m => m.role === 'tool' && m.toolCallId === toolCallId)
+    const toolStatus = eventName === 'subagent.complete'
+      ? ((evt as any).status && String((evt as any).status) !== 'completed' ? 'error' : 'done')
+      : 'running'
+    const update: Partial<Message> = {
+      toolName: 'delegate_task',
+      toolCallId,
+      toolPreview: preview.slice(0, 220),
+      toolStatus,
+      toolDuration: Number.isFinite(duration) ? duration : undefined,
+      toolResult: eventName === 'subagent.complete'
+        ? JSON.stringify({
+            status: (evt as any).status || 'completed',
+            summary: summary || text,
+            api_calls: (evt as any).api_calls,
+            input_tokens: (evt as any).input_tokens,
+            output_tokens: (evt as any).output_tokens,
+          }, null, 2)
+        : undefined,
+    }
+
+    if (existing) {
+      updateMessage(sessionId, existing.id, update)
+      return
+    }
+
+    addMessage(sessionId, {
+      id: uid(),
+      role: 'tool',
+      content: '',
+      timestamp: Date.now(),
+      ...update,
+    })
+  }
+
+  function addAgentErrorMessage(sessionId: string, error?: string | null) {
+    const content = error ? `Error: ${error}` : 'Run failed'
+    const msgs = getSessionMsgs(sessionId)
+    const last = msgs[msgs.length - 1]
+    if (last?.isStreaming) {
+      updateMessage(sessionId, last.id, {
+        role: 'assistant',
+        content,
+        isStreaming: false,
+        systemType: 'error',
+      })
+      return
+    }
+    if (last?.role === 'assistant' && last.systemType === 'error' && last.content === content) return
+    addMessage(sessionId, {
+      id: uid(),
+      role: 'assistant',
+      content,
+      timestamp: Date.now(),
+      systemType: 'error',
+    })
+  }
+
+  function handleSessionCommandEvent(evt: RunEvent) {
+    if (seenSessionCommandEvents.has(evt)) return
+    seenSessionCommandEvents.add(evt)
+
+    const sid = evt.session_id
+    if (!sid) return
+    const target = sessions.value.find(s => s.id === sid)
+    const action = (evt as any).action as string | undefined
+    const command = String((evt as any).command || '').toLowerCase()
+    if ((evt as any).started === true && (evt as any).terminal === false) {
+      serverWorking.value.add(sid)
+    }
+
+    if (action === 'clear' && command === 'clear') {
+      if (target) target.messages = []
+      queuedUserMessages.value.delete(sid)
+      queueLengths.value.delete(sid)
+      if ((evt as any).clearHistory) {
+        const message = String((evt as any).message || '')
+        if (message) {
+          addMessage(sid, {
+            id: uid(),
+            role: 'command',
+            content: message,
+            timestamp: Date.now(),
+            systemType: (evt as any).ok === false ? 'error' : 'command',
+            commandAction: action,
+            commandData: { ...(evt as any) },
+          })
+        }
+      }
+      return
+    }
+
+    if (action === 'title' && target && typeof (evt as any).title === 'string') {
+      target.title = (evt as any).title
+      target.updatedAt = Date.now()
+    }
+
+    if (action === 'usage' && target) {
+      target.inputTokens = (evt as any).inputTokens
+      target.outputTokens = (evt as any).outputTokens
+      if ((evt as any).contextTokens != null) target.contextTokens = (evt as any).contextTokens
+    }
+
+    if (action === 'destroy') {
+      streamStates.value.delete(sid)
+      serverWorking.value.delete(sid)
+      queueLengths.value.delete(sid)
+      queuedUserMessages.value.delete(sid)
+      setAbortState(null)
+      const msgs = getSessionMsgs(sid)
+      msgs.forEach(m => {
+        if (m.isStreaming) updateMessage(sid, m.id, { isStreaming: false })
+        if (m.role === 'tool' && m.toolStatus === 'running') m.toolStatus = 'error'
+      })
+    }
+
+    const message = String((evt as any).message || '')
+    if (message) {
+      addMessage(sid, {
+        id: uid(),
+        role: 'command',
+        content: message,
+        timestamp: Date.now(),
+        systemType: (evt as any).ok === false ? 'error' : 'command',
+        commandAction: action,
+        commandData: { ...(evt as any) },
+      })
+    }
+  }
+
+  function handleAgentEvent(evt: RunEvent) {
+    const sid = evt.session_id
+    if (!sid) return
+    const text = String((evt as any).text || (evt as any).message || '').trim()
+    if (!text) return
+
+    const msgs = getSessionMsgs(sid)
+    const last = msgs[msgs.length - 1]
+    const commandData = { ...(evt as any) }
+    if (last?.role === 'system' && last.commandAction === 'agent.event') {
+      if (last.content === text) return
+      updateMessage(sid, last.id, {
+        content: text,
+        timestamp: Date.now(),
+        commandData,
+      })
+      return
+    }
+
+    addMessage(sid, {
+      id: uid(),
+      role: 'system',
+      content: text,
+      timestamp: Date.now(),
+      systemType: 'command',
+      commandAction: 'agent.event',
+      commandData,
+    })
+  }
+
+  function enqueueUserMessage(sessionId: string, message: Message) {
+    const queue = queuedUserMessages.value.get(sessionId) || []
+    if (queue.some(item => item.id === message.id)) return
+    const nextMap = new Map(queuedUserMessages.value)
+    nextMap.set(sessionId, [...queue, { ...message, queued: true }])
+    queuedUserMessages.value = nextMap
+  }
+
+  function updateQueuedUserMessage(sessionId: string, messageId: string, patch: Partial<Message>) {
+    const queue = queuedUserMessages.value.get(sessionId)
+    if (!queue?.length) return
+    const next = queue.map(message => message.id === messageId
+      ? { ...message, ...patch, queued: true }
+      : message)
+    const nextMap = new Map(queuedUserMessages.value)
+    nextMap.set(sessionId, next)
+    queuedUserMessages.value = nextMap
+  }
+
+  function dropQueuedUserMessage(sessionId: string, messageId: string): boolean {
+    const queue = queuedUserMessages.value.get(sessionId)
+    if (!queue?.length) return false
+    const next = queue.filter(message => message.id !== messageId)
+    if (next.length === queue.length) return false
+    const nextMap = new Map(queuedUserMessages.value)
+    if (next.length > 0) {
+      nextMap.set(sessionId, next)
+      queueLengths.value.set(sessionId, next.length)
+    } else {
+      nextMap.delete(sessionId)
+      queueLengths.value.delete(sessionId)
+    }
+    queuedUserMessages.value = nextMap
+    return true
+  }
+
+  function removeQueuedMessage(sessionId: string, messageId: string) {
+    if (!dropQueuedUserMessage(sessionId, messageId)) return
+    getChatRunSocket()?.emit('cancel_queued_run', {
+      session_id: sessionId,
+      queue_id: messageId,
+    })
+  }
+
+  function normalizeQueuedUserMessages(rawMessages: unknown): Message[] {
+    if (!Array.isArray(rawMessages)) return []
+    return rawMessages.flatMap((raw) => {
+      const peer = raw as NonNullable<RunEvent['queued_messages']>[number]
+      const content = typeof peer?.content === 'string' ? peer.content : ''
+      const messageId = peer?.id != null ? String(peer.id) : ''
+      if (!messageId || !content.trim()) return []
+      const timestamp = typeof peer?.timestamp === 'number' && Number.isFinite(peer.timestamp)
+        ? Math.round(peer.timestamp * 1000)
+        : Date.now()
+      const role = peer?.role === 'command' ? 'command' : 'user'
+      return [{
+        id: messageId,
+        role,
+        content,
+        timestamp,
+        queued: true,
+        systemType: role === 'command' ? 'command' as const : undefined,
+      }]
+    })
+  }
+
+  function replaceQueuedUserMessages(sessionId: string, messages: Message[]) {
+    const existingById = new Map((queuedUserMessages.value.get(sessionId) || []).map(message => [message.id, message]))
+    const merged = messages.map(message => ({
+      ...(existingById.get(message.id) || {}),
+      ...message,
+      attachments: existingById.get(message.id)?.attachments || message.attachments,
+      queued: true,
+    }))
+    const nextMap = new Map(queuedUserMessages.value)
+    if (merged.length > 0) {
+      nextMap.set(sessionId, merged)
+    } else {
+      nextMap.delete(sessionId)
+    }
+    queuedUserMessages.value = nextMap
+  }
+
+  function markDequeuedQueueId(sessionId: string, messageId: string) {
+    const nextMap = new Map(dequeuedQueueIds.value)
+    const ids = new Set(nextMap.get(sessionId) || [])
+    ids.add(messageId)
+    nextMap.set(sessionId, ids)
+    dequeuedQueueIds.value = nextMap
+  }
+
+  function consumeDequeuedQueueId(sessionId: string, messageId: string): boolean {
+    const ids = dequeuedQueueIds.value.get(sessionId)
+    if (!ids?.has(messageId)) return false
+    const nextIds = new Set(ids)
+    nextIds.delete(messageId)
+    const nextMap = new Map(dequeuedQueueIds.value)
+    if (nextIds.size > 0) nextMap.set(sessionId, nextIds)
+    else nextMap.delete(sessionId)
+    dequeuedQueueIds.value = nextMap
+    return true
+  }
+
+  function handleRunQueuedEvent(sessionId: string, evt: RunEvent) {
+    const queueLength = Number((evt as any).queue_length || 0)
+    if (queueLength > 0) {
+      queueLengths.value.set(sessionId, queueLength)
+    } else {
+      queueLengths.value.delete(sessionId)
+    }
+
+    const dequeuedId = (evt as any).dequeued_queue_id != null
+      ? String((evt as any).dequeued_queue_id)
+      : ''
+    if (dequeuedId) {
+      const existingQueue = queuedUserMessages.value.get(sessionId) || []
+      const dequeued = existingQueue.find(message => message.id === dequeuedId)
+      if (Array.isArray((evt as any).queued_messages)) {
+        const queued = normalizeQueuedUserMessages((evt as any).queued_messages)
+        replaceQueuedUserMessages(sessionId, queued)
+      } else {
+        const nextQueue = existingQueue.filter(message => message.id !== dequeuedId)
+        replaceQueuedUserMessages(sessionId, nextQueue)
+      }
+      if (dequeued && !getSessionMsgs(sessionId).some(message => message.id === dequeued.id)) {
+        addMessage(sessionId, { ...dequeued, queued: false })
+        updateSessionTitle(sessionId)
+      } else if (!dequeued) {
+        markDequeuedQueueId(sessionId, dequeuedId)
+      }
+      return
+    }
+
+    if (Array.isArray((evt as any).queued_messages)) {
+      const queued = normalizeQueuedUserMessages((evt as any).queued_messages)
+      replaceQueuedUserMessages(sessionId, queued)
+      return
+    }
+
+    const peer = evt.message
+    const content = typeof peer?.content === 'string' ? peer.content : ''
+    const messageId = peer?.id != null ? String(peer.id) : ''
+    if (!messageId || !content.trim()) return
+
+    if ((queuedUserMessages.value.get(sessionId) || []).some(msg => msg.id === messageId)) return
+
+    const timestamp = typeof peer?.timestamp === 'number' && Number.isFinite(peer.timestamp)
+      ? Math.round(peer.timestamp * 1000)
+      : Date.now()
+    const msgs = getSessionMsgs(sessionId)
+    const existingIndex = msgs.findIndex(msg => msg.id === messageId && msg.role === 'user')
+    const existing = existingIndex >= 0 ? msgs[existingIndex] : null
+    if (existingIndex >= 0) {
+      msgs.splice(existingIndex, 1)
+    }
+
+    enqueueUserMessage(sessionId, {
+      ...(existing || {}),
+      id: messageId,
+      role: peer?.role === 'command' ? 'command' : 'user',
+      content,
+      timestamp: existing?.timestamp || timestamp,
+      attachments: existing?.attachments,
+      queued: true,
+      systemType: peer?.role === 'command' ? 'command' : existing?.systemType,
+    })
+  }
+
+  function setPendingApproval(evt: RunEvent) {
+    const sid = evt.session_id
+    const approvalId = (evt as any).approval_id as string | undefined
+    if (!sid || !approvalId) return
+    const rawChoices = Array.isArray((evt as any).choices) ? (evt as any).choices : ['once', 'session', 'deny']
+    const choices = rawChoices
+      .filter((choice: unknown): choice is PendingApproval['choices'][number] =>
+        choice === 'once' || choice === 'session' || choice === 'always' || choice === 'deny')
+    pendingApprovals.value.set(sid, {
+      sessionId: sid,
+      approvalId,
+      command: String((evt as any).command || ''),
+      description: String((evt as any).description || ''),
+      choices: choices.length ? choices : ['once', 'session', 'deny'],
+      allowPermanent: Boolean((evt as any).allow_permanent),
+      requestedAt: Date.now(),
+    })
+    pendingApprovals.value = new Map(pendingApprovals.value)
+  }
+
+  function clearPendingApproval(evt: RunEvent) {
+    const sid = evt.session_id
+    if (!sid) return
+    const current = pendingApprovals.value.get(sid)
+    if (!current) return
+    const approvalId = (evt as any).approval_id
+    if (approvalId && current.approvalId !== approvalId) return
+    pendingApprovals.value.delete(sid)
+    pendingApprovals.value = new Map(pendingApprovals.value)
+  }
+
+  function setPendingClarify(evt: RunEvent) {
+    const sid = evt.session_id
+    const clarifyId = (evt as any).clarify_id as string | undefined
+    if (!sid || !clarifyId) return
+    pendingClarifies.value.set(sid, {
+      sessionId: sid,
+      clarifyId,
+      question: String((evt as any).question || ''),
+      choices: Array.isArray((evt as any).choices) ? (evt as any).choices : null,
+      timeoutMs: Number((evt as any).timeout_ms) || 300000,
+      requestedAt: Date.now(),
+    })
+    pendingClarifies.value = new Map(pendingClarifies.value)
+  }
+
+  function clearPendingClarify(evt: RunEvent) {
+    const sid = evt.session_id
+    if (!sid) return
+    const current = pendingClarifies.value.get(sid)
+    if (!current) return
+    const clarifyId = (evt as any).clarify_id
+    if (clarifyId && current.clarifyId !== clarifyId) return
+    pendingClarifies.value.delete(sid)
+    pendingClarifies.value = new Map(pendingClarifies.value)
+  }
+
+  function clearPendingInteractions(sessionId: string) {
+    let changed = false
+    if (pendingApprovals.value.has(sessionId)) {
+      pendingApprovals.value.delete(sessionId)
+      changed = true
+    }
+    if (pendingClarifies.value.has(sessionId)) {
+      pendingClarifies.value.delete(sessionId)
+      changed = true
+    }
+    if (changed) {
+      pendingApprovals.value = new Map(pendingApprovals.value)
+      pendingClarifies.value = new Map(pendingClarifies.value)
+    }
+  }
+
+  function respondToClarify(response: string) {
+    const pending = activePendingClarify.value
+    if (!pending) return
+    respondClarify(pending.sessionId, pending.clarifyId, response)
+    pendingClarifies.value.delete(pending.sessionId)
+    pendingClarifies.value = new Map(pendingClarifies.value)
+  }
+
+
+  function respondApproval(choice: PendingApproval['choices'][number]) {
+    const pending = activePendingApproval.value
+    if (!pending) return
+    respondToolApproval(pending.sessionId, pending.approvalId, choice)
+    pendingApprovals.value.delete(pending.sessionId)
+    pendingApprovals.value = new Map(pendingApprovals.value)
+  }
+
+  function updateSessionTitle(sessionId: string) {
+    const target = sessions.value.find(s => s.id === sessionId)
+    if (!target) return
+    if (!target.title) {
+      const firstUser = target.messages.find(m => m.role === 'user')
+      if (firstUser) {
+        const title = firstUser.attachments?.length
+          ? firstUser.attachments.map(a => a.name).join(', ')
+          : firstUser.content
+        target.title = title.slice(0, 40) + (title.length > 40 ? '...' : '')
+      }
+    }
+    target.updatedAt = Date.now()
+  }
+
+  function primeCompletionBellIfEnabled() {
+    if (useSettingsStore().display.bell_on_complete) {
+      primeCompletionSound()
+    }
+  }
+
+  function playCompletionBellIfEnabled() {
+    if (useSettingsStore().display.bell_on_complete) {
+      void playCompletionSound()
+    }
+  }
+
+  async function sendMessage(content: string, attachments?: Attachment[]) {
+    if ((!content.trim() && !(attachments && attachments.length > 0))) return
+
+    primeCompletionBellIfEnabled()
+
+    if (!activeSession.value) {
+      const session = createSession()
+      switchSession(session.id)
+    }
+
+    // Capture session ID at send time — all callbacks use this, not activeSessionId
+    const sid = activeSessionId.value!
+    const shouldSendInitialSessionConfig = activeSession.value
+      ? activeSession.value.messageCount == null || activeSession.value.messageCount === 0
+      : false
+    const isBridgeSlashCommand = content.trim().startsWith('/')
+    const isBridgeCompressCommand = isBridgeSlashCommand && /^\/compress(?:\s|$)/i.test(content.trim())
+    const isBridgePlanCommand = isBridgeSlashCommand && /^\/plan(?:\s|$)/i.test(content.trim())
+    const isBridgeGoalCommand = isBridgeSlashCommand && /^\/goal(?:\s|$)/i.test(content.trim())
+    const wasLiveBeforeSend = isSessionLive(sid)
+    const shouldQueue = wasLiveBeforeSend && (!isBridgeSlashCommand || isBridgePlanCommand)
+
+    const userMsg: Message = {
+      id: uid(),
+      role: isBridgeSlashCommand ? 'command' : 'user',
+      content: content.trim(),
+      timestamp: Date.now(),
+      attachments: attachments && attachments.length > 0 ? attachments : undefined,
+      queued: shouldQueue,
+      systemType: isBridgeSlashCommand ? 'command' : undefined,
+    }
+
+    if (shouldQueue) {
+      enqueueUserMessage(sid, userMsg)
+    } else {
+      addMessage(sid, userMsg)
+      updateSessionTitle(sid)
+      serverWorking.value.add(sid)
+    }
+
+    let runSubmitted = false
+    try {
+
+      // Build input in Anthropic format
+      let input: string | ContentBlock[]
+      if (attachments && attachments.length > 0) {
+        // Has attachments: upload first, then build content blocks
+        const uploaded = await uploadFiles(attachments)
+
+        // Update attachment URLs on the user message for display
+        const urlMap = new Map(uploaded.map(f => {
+          return [f.name, getDownloadUrl(f.path, f.name)]
+        }))
+        if (shouldQueue && userMsg.attachments) {
+          userMsg.attachments = userMsg.attachments.map(a => {
+            const dl = urlMap.get(a.name)
+            return dl ? { ...a, url: dl } : a
+          })
+          updateQueuedUserMessage(sid, userMsg.id, { attachments: userMsg.attachments })
+        } else {
+          const msgs = getSessionMsgs(sid)
+          const lastUser = msgs.findLast(m => m.id === userMsg.id)
+          if (lastUser?.attachments) {
+            lastUser.attachments = lastUser.attachments.map(a => {
+              const dl = urlMap.get(a.name)
+              return dl ? { ...a, url: dl } : a
+            })
+          }
+        }
+
+        // Build content blocks with uploaded file paths
+        input = await buildContentBlocks(content, attachments, uploaded)
+      } else {
+        // No attachments: use plain text format
+        input = content.trim()
+      }
+
+      const appStore = useAppStore()
+      await appStore.waitForModelsForRun()
+      const sessionModel = activeSession.value?.model || appStore.selectedModel
+      const sessionProvider = activeSession.value?.provider || appStore.selectedProvider
+      const runPayload = {
+        input,
+        session_id: sid,
+        profile: activeSession.value?.profile || useProfilesStore().activeProfileName || undefined,
+        model: shouldSendInitialSessionConfig ? sessionModel || undefined : undefined,
+        provider: shouldSendInitialSessionConfig ? sessionProvider || undefined : undefined,
+        model_groups: appStore.modelGroups.map(group => ({
+          provider: group.provider,
+          models: group.models,
+        })),
+        queue_id: userMsg.id,
+        source: 'cli' as const,
+      }
+      if (shouldSendInitialSessionConfig && activeSession.value) {
+        activeSession.value.messageCount = Math.max(activeSession.value.messageCount || 0, 1)
+      }
+
+      // Helper to clean up this session's stream state
+      const cleanup = () => {
+        streamStates.value.delete(sid)
+        serverWorking.value.delete(sid)
+      }
+
+      // Per-active-run flags used to detect silently-swallowed errors at run.completed.
+      // hermes-agent occasionally emits run.completed with empty output and no
+      // usage when the agent layer caught an upstream error (e.g. invalid API
+      // key). We need to distinguish: (a) run with assistant text produced,
+      // (b) run with only tool activity, (c) run with truly nothing visible.
+      // Reset on every run.started because one handler may span multiple queued runs.
+      let runProducedAssistantText = false
+      let runHadToolActivity = false
+      let activeAssistantMessageId: string | null = null
+
+      const closeStreamingAssistant = () => {
+        const msgs = getSessionMsgs(sid)
+        msgs.forEach(m => {
+          if (m.role === 'assistant' && m.isStreaming) {
+            updateMessage(sid, m.id, { isStreaming: false })
+          }
+        })
+        activeAssistantMessageId = null
+      }
+
+      const applyReconnectResume = (data: ResumeSessionPayload) => {
+        if (data.session_id !== sid) return
+        const target = sessions.value.find(s => s.id === sid)
+        if (!target) return
+
+        if (data.isWorking) serverWorking.value.add(sid)
+        else serverWorking.value.delete(sid)
+
+        if (data.queueLength && data.queueLength > 0) {
+          queueLengths.value.set(sid, data.queueLength)
+        } else {
+          queueLengths.value.delete(sid)
+        }
+
+        if (Array.isArray(data.queueMessages)) {
+          replaceQueuedUserMessages(sid, normalizeQueuedUserMessages(data.queueMessages))
+        } else if (!data.queueLength) {
+          replaceQueuedUserMessages(sid, [])
+        }
+
+        if (data.isAborting) {
+          setAbortState({ aborting: true, synced: null })
+        } else if (!data.isWorking) {
+          setAbortState(null)
+        }
+        if (!data.isWorking) setCompressionState(sid, null)
+
+        if (data.inputTokens != null) target.inputTokens = data.inputTokens
+        if (data.outputTokens != null) target.outputTokens = data.outputTokens
+        if (data.contextTokens != null) target.contextTokens = data.contextTokens
+
+        if (Array.isArray(data.messages)) {
+          target.messages = mapHermesMessages(data.messages as any[])
+          target.loadedMessageCount = data.messageLoadedCount ?? data.messages.length
+          target.messageTotal = data.messageTotal ?? target.messageCount ?? target.loadedMessageCount
+          target.messageCount = target.messageTotal
+          target.hasMoreBefore = data.hasMoreBefore ?? target.loadedMessageCount < target.messageTotal
+          const lastAssistant = [...target.messages].reverse().find(m => m.role === 'assistant')
+          if (data.isWorking && lastAssistant) {
+            lastAssistant.isStreaming = true
+            activeAssistantMessageId = lastAssistant.id
+            if (lastAssistant.reasoning) noteReasoningStart(lastAssistant.id)
+          } else {
+            activeAssistantMessageId = null
+          }
+        }
+
+        if (data.events?.length) {
+          for (const evt of data.events) {
+            const e = evt.data as RunEvent
+            switch (e.event) {
+              case 'compression.started':
+                setCompressionState(sid, {
+                  compressing: true,
+                  messageCount: (e as any).message_count || 0,
+                  beforeTokens: (e as any).token_count || 0,
+                  afterTokens: 0,
+                  compressed: null,
+                })
+                break
+              case 'compression.completed': {
+                const afterTokens = (e as any).contextTokens || (e as any).afterTokens || 0
+                setCompressionState(sid, {
+                  compressing: false,
+                  messageCount: (e as any).totalMessages || 0,
+                  beforeTokens: (e as any).beforeTokens || 0,
+                  afterTokens,
+                  compressed: (e as any).compressed ?? false,
+                  error: (e as any).error,
+                })
+                if ((e as any).contextTokens != null) target.contextTokens = (e as any).contextTokens
+                break
+              }
+              case 'abort.started':
+                setAbortState({ aborting: true, synced: null })
+                break
+              case 'abort.completed':
+                setAbortState({ aborting: false, synced: (e as any).synced ?? false })
+                break
+              case 'approval.requested':
+                setPendingApproval({ ...e, session_id: sid })
+                break
+              case 'approval.resolved':
+                clearPendingApproval({ ...e, session_id: sid })
+                break
+              case 'clarify.requested':
+                setPendingClarify({ ...e, session_id: sid })
+                break
+              case 'clarify.resolved':
+                clearPendingClarify({ ...e, session_id: sid })
+                break
+              case 'run.failed':
+                addAgentErrorMessage(sid, e.error)
+                break
+              case 'agent.event':
+                handleAgentEvent(e)
+                break
+            }
+          }
+        }
+
+        if (activeSessionId.value === sid) activeSession.value = target
+        if (!data.isWorking && !(data.queueLength && data.queueLength > 0)) {
+          clearAgentEventMessages(sid)
+          cleanup()
+          activeAssistantMessageId = null
+          updateSessionTitle(sid)
+        }
+      }
+
+      // Send run via Socket.IO and listen to streamed events — all closures capture `sid`
+      const ctrl = startRunViaSocket(
+        runPayload,
+        // onEvent
+        (evt: RunEvent) => {
+          switch (evt.event) {
+            case 'run.started':
+              clearAgentEventMessages(sid)
+              setAbortState(null)
+              setCompressionState(sid, null)
+              runProducedAssistantText = false
+              runHadToolActivity = false
+              closeStreamingAssistant()
+              if ((evt as any).queue_length > 0) {
+                queueLengths.value.set(sid, (evt as any).queue_length)
+              } else {
+                queueLengths.value.delete(sid)
+              }
+              break
+
+            case 'run.queued': {
+              handleRunQueuedEvent(sid, evt)
+              break
+            }
+
+            case 'session.command': {
+              handleSessionCommandEvent(evt)
+              break
+            }
+
+            case 'agent.event': {
+              handleAgentEvent(evt)
+              break
+            }
+
+            case 'compression.started': {
+              setCompressionState(sid, {
+                compressing: true,
+                messageCount: (evt as any).message_count || 0,
+                beforeTokens: (evt as any).token_count || 0,
+                afterTokens: 0,
+                compressed: null,
+              })
+              break
+            }
+
+            case 'compression.completed': {
+              const afterTokens = (evt as any).contextTokens || (evt as any).afterTokens || 0
+              setCompressionState(sid, {
+                compressing: false,
+                messageCount: (evt as any).totalMessages || 0,
+                beforeTokens: (evt as any).beforeTokens || 0,
+                afterTokens,
+                compressed: (evt as any).compressed ?? false,
+                error: (evt as any).error,
+              })
+              if ((evt as any).contextTokens != null) {
+                const target = sessions.value.find(s => s.id === sid)
+                if (target) target.contextTokens = (evt as any).contextTokens
+              }
+              // Auto-clear after 5s
+              setTimeout(() => {
+                const state = compressionStates.value.get(sid)
+                if (state && !state.compressing) {
+                  setCompressionState(sid, null)
+                }
+              }, 5000)
+              break
+            }
+
+            case 'abort.started': {
+              setAbortState({ aborting: true, synced: null })
+              break
+            }
+
+            case 'abort.completed': {
+              setAbortState({ aborting: false, synced: (evt as any).synced ?? false })
+              clearPendingInteractions(sid)
+              if ((evt as any).queue_length > 0) {
+                queueLengths.value.set(sid, (evt as any).queue_length)
+                setAbortState(null)
+                break
+              }
+              const msgs = getSessionMsgs(sid)
+              const lastMsg = msgs[msgs.length - 1]
+              if (lastMsg?.isStreaming) {
+                updateMessage(sid, lastMsg.id, { isStreaming: false })
+              }
+              msgs.forEach((m, i) => {
+                if (m.role === 'tool' && m.toolStatus === 'running') {
+                  msgs[i] = { ...m, toolStatus: 'done' }
+                }
+              })
+              cleanup()
+              setAbortState(null)
+              break
+            }
+
+            case 'reasoning.delta':
+            case 'thinking.delta': {
+              const text = evt.text || evt.delta || ''
+              if (!text) break
+              runProducedAssistantText = true
+              const msgs = getSessionMsgs(sid)
+              const last = activeAssistantMessageId
+                ? msgs.find(m => m.id === activeAssistantMessageId)
+                : null
+              if (last?.role === 'assistant' && last.isStreaming) {
+                last.reasoning = (last.reasoning || '') + text
+                noteReasoningStart(last.id)
+              } else {
+                const newId = uid()
+                addMessage(sid, {
+                  id: newId,
+                  role: 'assistant',
+                  content: '',
+                  timestamp: Date.now(),
+                  isStreaming: true,
+                  reasoning: text,
+                })
+                activeAssistantMessageId = newId
+                noteReasoningStart(newId)
+              }
+
+              break
+            }
+
+            case 'reasoning.available': {
+              // Upstream run_agent.py fires reasoning.available with
+              // `assistant_message.content[:500]` as the preview — i.e.,
+              // the main answer, not real reasoning. Ignore the payload
+              // and only use this event as a "thinking ended" signal so
+              // the duration counter stops.
+              const msgs = getSessionMsgs(sid)
+              const last = msgs[msgs.length - 1]
+              if (last?.role === 'assistant' && last.isStreaming) {
+                // 只有当 reasoning.delta 事件曾经启动过计时，才标记结束；
+                // 否则（上游未转发 delta，只发这一次 available）不显示时长。
+                noteReasoningEnd(last.id)
+              }
+
+              break
+            }
+
+            case 'message.delta': {
+              if (evt.delta) runProducedAssistantText = true
+              const msgs = getSessionMsgs(sid)
+              const last = activeAssistantMessageId
+                ? msgs.find(m => m.id === activeAssistantMessageId)
+                : null
+              if (last?.role === 'assistant' && last.isStreaming) {
+                const prev = last.content
+                const next = prev + (evt.delta || '')
+                noteThinkingDelta(last.id, prev, next)
+                // 若之前有 reasoning 累积，则 content 到达即视为推理结束。
+                if (last.reasoning) noteReasoningEnd(last.id)
+                last.content = next
+              } else {
+                const newId = uid()
+                const nextContent = evt.delta || ''
+                noteThinkingDelta(newId, '', nextContent)
+                addMessage(sid, {
+                  id: newId,
+                  role: 'assistant',
+                  content: nextContent,
+                  timestamp: Date.now(),
+                  isStreaming: true,
+                })
+                activeAssistantMessageId = newId
+              }
+
+              break
+            }
+
+            case 'tool.started': {
+              runHadToolActivity = true
+              const msgs = getSessionMsgs(sid)
+              const toolCallId = (evt as any).tool_call_id as string | undefined
+              const last = activeAssistantMessageId
+                ? msgs.find(m => m.id === activeAssistantMessageId)
+                : msgs[msgs.length - 1]
+              if (last?.isStreaming) {
+                updateMessage(sid, last.id, { isStreaming: false })
+              }
+              activeAssistantMessageId = null
+              const existingTool = toolCallId
+                ? msgs.find(m => m.role === 'tool' && m.toolCallId === toolCallId)
+                : null
+              if (existingTool) {
+                updateMessage(sid, existingTool.id, {
+                  toolName: evt.tool || evt.name,
+                  toolArgs: typeof (evt as any).arguments === 'string' ? (evt as any).arguments : existingTool.toolArgs,
+                  toolPreview: evt.preview || existingTool.toolPreview,
+                  toolStatus: existingTool.toolStatus || 'running',
+                })
+                break
+              }
+              addMessage(sid, {
+                id: uid(),
+                role: 'tool',
+                content: '',
+                timestamp: Date.now(),
+                toolName: evt.tool || evt.name,
+                toolCallId,
+                toolPreview: evt.preview,
+                toolArgs: typeof (evt as any).arguments === 'string' ? (evt as any).arguments : undefined,
+                toolStatus: 'running',
+              })
+
+              break
+            }
+
+            case 'tool.completed': {
+              runHadToolActivity = true
+              const msgs = getSessionMsgs(sid)
+              const toolCallId = (evt as any).tool_call_id as string | undefined
+              const toolMsgs = toolCallId
+                ? msgs.filter(m => m.role === 'tool' && m.toolCallId === toolCallId)
+                : msgs.filter(m => m.role === 'tool' && m.toolStatus === 'running')
+              if (toolMsgs.length > 0) {
+                const last = toolMsgs[toolMsgs.length - 1]
+                const output = typeof (evt as any).output === 'string' ? (evt as any).output : undefined
+                const hasError = (evt as any).error === true || isToolOutputError(output)
+                const duration = (evt as any).duration
+                updateMessage(sid, last.id, {
+                  toolStatus: hasError ? 'error' : 'done',
+                  toolDuration: duration,
+                  toolResult: output,
+                })
+              }
+
+              break
+            }
+
+            case 'subagent.start':
+            case 'subagent.tool':
+            case 'subagent.progress':
+            case 'subagent.complete': {
+              runHadToolActivity = true
+              handleSubagentEvent(sid, evt)
+              break
+            }
+
+            case 'approval.requested': {
+              setPendingApproval(evt)
+              break
+            }
+
+            case 'approval.resolved': {
+              clearPendingApproval(evt)
+              break
+            }
+
+            case 'clarify.requested': {
+              setPendingClarify(evt)
+              break
+            }
+
+            case 'clarify.resolved': {
+              clearPendingClarify(evt)
+              break
+            }
+
+            case 'run.completed': {
+              clearAgentEventMessages(sid)
+              const msgs = getSessionMsgs(sid)
+              const lastMsg = activeAssistantMessageId
+                ? msgs.find(m => m.id === activeAssistantMessageId)
+                : msgs[msgs.length - 1]
+              if (lastMsg?.isStreaming) {
+                updateMessage(sid, lastMsg.id, { isStreaming: false })
+              }
+              // Server-computed usage (local countTokens, snapshot-aware)
+              if ((evt as any).inputTokens != null) {
+                const target = sessions.value.find(s => s.id === sid)
+                if (target) {
+                  target.inputTokens = (evt as any).inputTokens
+                  target.outputTokens = (evt as any).outputTokens
+                  if ((evt as any).contextTokens != null) target.contextTokens = (evt as any).contextTokens
+                }
+              }
+              // Belt-and-suspenders: some providers may deliver the final
+              // assistant text only via run.completed.output (no message.delta
+              // stream). If we never produced assistant text but the gateway
+              // reports a non-empty output, fall back to rendering it as a
+              // single assistant message so the user actually sees the reply.
+
+              // Check if backend provided parsed content (from stringified array format)
+              let finalOutputTrimmed = ''
+              if ((evt as any).parsed_content !== undefined) {
+                // Backend has parsed stringified array format, update last assistant message
+                const msgs = getSessionMsgs(sid)
+                const lastAssistant = activeAssistantMessageId
+                  ? msgs.find(m => m.id === activeAssistantMessageId)
+                  : [...msgs].reverse().find(m => m.role === 'assistant')
+                if (lastAssistant) {
+                  updateMessage(sid, lastAssistant.id, {
+                    content: (evt as any).parsed_content || '',
+                  })
+                  if ((evt as any).parsed_reasoning) {
+                    updateMessage(sid, lastAssistant.id, {
+                      reasoning: (evt as any).parsed_reasoning,
+                    })
+                  }
+                  finalOutputTrimmed = ((evt as any).parsed_content || '').trim()
+                }
+              } else {
+                // Fallback to output field (legacy behavior)
+                const finalOutput =
+                  typeof evt.output === 'string' ? evt.output : ''
+                finalOutputTrimmed = finalOutput.trim()
+                if (!runProducedAssistantText && finalOutputTrimmed !== '') {
+                  addMessage(sid, {
+                    id: uid(),
+                    role: 'assistant',
+                    content: finalOutput,
+                    timestamp: Date.now(),
+                  })
+                  runProducedAssistantText = true
+                }
+              }
+              // Workaround for upstream hermes-agent bug: when the agent
+              // layer silently swallows an error (e.g. invalid API key,
+              // unsupported model), the gateway still emits run.completed
+              // with an empty output. Without surfacing it here the chat UI
+              // looks frozen / "succeeded with no reply". Detect by the
+              // combination of: no assistant text AND no tool activity AND
+              // empty final output. Usage being zero is a *supporting*
+              // signal but not required, since some providers/local models
+              // legitimately omit usage.
+              const swallowedError =
+                !runProducedAssistantText &&
+                !runHadToolActivity &&
+                finalOutputTrimmed === ''
+              if (swallowedError) {
+                addMessage(sid, {
+                  id: uid(),
+                  role: 'system',
+                  content: 'Error: Agent returned no output. The model call may have failed (e.g. invalid API key, model not supported by provider, or context exceeded). Check the hermes-agent logs for details.',
+                  timestamp: Date.now(),
+                })
+              } else {
+                playCompletionBellIfEnabled()
+              }
+
+              // 自动播放语音
+              if (autoPlaySpeechEnabled.value) {
+                const msgs = getSessionMsgs(sid)
+                const lastAssistant = [...msgs].reverse().find(m => m.role === 'assistant')
+                if (lastAssistant?.content) {
+                  // 延迟一小会儿再播放，确保 UI 更新完成
+                  setTimeout(() => {
+                    playMessageSpeech(lastAssistant.id, lastAssistant.content)
+                  }, 300)
+                }
+              }
+
+              if ((evt as any).queue_remaining > 0) {
+                queueLengths.value.set(sid, (evt as any).queue_remaining)
+              } else {
+                cleanup()
+              }
+              activeAssistantMessageId = null
+              updateSessionTitle(sid)
+              break
+            }
+
+            case 'run.failed': {
+              clearAgentEventMessages(sid)
+              if ((evt as any).inputTokens != null) {
+                const target = sessions.value.find(s => s.id === sid)
+                if (target) {
+                  target.inputTokens = (evt as any).inputTokens
+                  target.outputTokens = (evt as any).outputTokens
+                  if ((evt as any).contextTokens != null) target.contextTokens = (evt as any).contextTokens
+                }
+              }
+              addAgentErrorMessage(sid, evt.error)
+              const msgs = getSessionMsgs(sid)
+              msgs.forEach((m, i) => {
+                if (m.role === 'tool' && m.toolStatus === 'running') {
+                  msgs[i] = { ...m, toolStatus: 'error' }
+                }
+              })
+              if ((evt as any).queue_remaining > 0) {
+                queueLengths.value.set(sid, (evt as any).queue_remaining)
+              } else {
+                cleanup()
+              }
+              break
+            }
+
+            case 'usage.updated': {
+              const target = sessions.value.find(s => s.id === sid)
+              if (target) {
+                target.inputTokens = (evt as any).inputTokens
+                target.outputTokens = (evt as any).outputTokens
+                if ((evt as any).contextTokens != null) target.contextTokens = (evt as any).contextTokens
+              }
+              break
+            }
+          }
+        },
+        // onDone
+        () => {
+          const msgs = getSessionMsgs(sid)
+          const last = msgs[msgs.length - 1]
+          if (last?.isStreaming) {
+            updateMessage(sid, last.id, { isStreaming: false })
+          }
+          cleanup()
+          updateSessionTitle(sid)
+        },
+        // onError
+        (err) => {
+          console.warn('Socket.IO run stream error:', err.message)
+          addAgentErrorMessage(sid, err.message)
+          const msgs = getSessionMsgs(sid)
+          msgs.forEach((m, i) => {
+            if (m.role === 'tool' && m.toolStatus === 'running') {
+              msgs[i] = { ...m, toolStatus: 'error' }
+            }
+          })
+          cleanup()
+        },
+        undefined,
+        { onReconnectResume: applyReconnectResume },
+      )
+      runSubmitted = true
+
+      if (!isBridgeSlashCommand || isBridgeCompressCommand || isBridgePlanCommand || isBridgeGoalCommand) {
+        streamStates.value.set(sid, ctrl)
+      }
+    } catch (err: any) {
+      if (shouldQueue && !runSubmitted) {
+        dropQueuedUserMessage(sid, userMsg.id)
+      }
+      if (!shouldQueue && !runSubmitted) {
+        serverWorking.value.delete(sid)
+      }
+      addMessage(sid, {
+        id: uid(),
+        role: 'system',
+        content: `Error: ${err.message}`,
+        timestamp: Date.now(),
+      })
+    }
+  }
+
+  /**
+   * Resume an in-flight run after page refresh.
+   * Emits 'resume' to join the session room on the server,
+   * then sets up event listeners to receive ongoing events.
+   */
+  function resumeServerWorkingRun(sid: string, force = false) {
+    // Don't register duplicate listeners if already streaming
+    if (streamStates.value.has(sid)) return
+    // Only set up listeners if the server reported an active run during resume.
+    if (!force && !serverWorking.value.has(sid)) return
+
+    let closed = false
+    let runProducedAssistantText = false
+    let runHadToolActivity = false
+    let activeAssistantMessageId: string | null = null
+
+    const cleanup = () => {
+      if (closed) return
+      closed = true
+      streamStates.value.delete(sid)
+      serverWorking.value.delete(sid)
+      // Unregister from global session handlers
+      unregisterSessionHandlers(sid)
+    }
+
+    const closeStreamingAssistant = () => {
+      const msgs = getSessionMsgs(sid)
+      msgs.forEach(m => {
+        if (m.role === 'assistant' && m.isStreaming) {
+          updateMessage(sid, m.id, { isStreaming: false })
+        }
+      })
+      activeAssistantMessageId = null
+    }
+
+    // Shared event handler — filters by session_id tag
+    function handleEvent(evt: RunEvent) {
+      if (closed) return
+      // Filter events for this session (server tags all events with session_id)
+      if (evt.session_id && evt.session_id !== sid) return
+      switch (evt.event) {
+        case 'run.queued': {
+          handleRunQueuedEvent(sid, evt)
+          break
+        }
+
+        case 'session.command': {
+          handleSessionCommandEvent(evt)
+          break
+        }
+
+        case 'agent.event': {
+          handleAgentEvent(evt)
+          break
+        }
+
+        case 'run.started':
+          clearAgentEventMessages(sid)
+          setAbortState(null)
+          setCompressionState(sid, null)
+          runProducedAssistantText = false
+          runHadToolActivity = false
+          closeStreamingAssistant()
+          if ((evt as any).queue_length > 0) {
+            queueLengths.value.set(sid, (evt as any).queue_length)
+          } else {
+            queueLengths.value.delete(sid)
+          }
+          break
+
+        case 'compression.started': {
+          setCompressionState(sid, {
+            compressing: true,
+            messageCount: (evt as any).message_count || 0,
+            beforeTokens: (evt as any).token_count || 0,
+            afterTokens: 0,
+            compressed: null,
+          })
+          break
+        }
+
+        case 'compression.completed': {
+          const afterTokens = (evt as any).contextTokens || (evt as any).afterTokens || 0
+          setCompressionState(sid, {
+            compressing: false,
+            messageCount: (evt as any).totalMessages || 0,
+            beforeTokens: (evt as any).beforeTokens || 0,
+            afterTokens,
+            compressed: (evt as any).compressed ?? false,
+            error: (evt as any).error,
+          })
+          if ((evt as any).contextTokens != null) {
+            const target = sessions.value.find(s => s.id === sid)
+            if (target) target.contextTokens = (evt as any).contextTokens
+          }
+          setTimeout(() => {
+            const state = compressionStates.value.get(sid)
+            if (state && !state.compressing) {
+              setCompressionState(sid, null)
+            }
+          }, 5000)
+          break
+        }
+
+        case 'abort.started': {
+          setAbortState({ aborting: true, synced: null })
+          break
+        }
+
+        case 'abort.completed': {
+          setAbortState({ aborting: false, synced: (evt as any).synced ?? false })
+          clearPendingInteractions(sid)
+          if ((evt as any).queue_length > 0) {
+            queueLengths.value.set(sid, (evt as any).queue_length)
+            setAbortState(null)
+            break
+          }
+          const msgs = getSessionMsgs(sid)
+          const lastMsg = msgs[msgs.length - 1]
+          if (lastMsg?.isStreaming) {
+            updateMessage(sid, lastMsg.id, { isStreaming: false })
+          }
+          msgs.forEach((m, i) => {
+            if (m.role === 'tool' && m.toolStatus === 'running') {
+              msgs[i] = { ...m, toolStatus: 'done' }
+            }
+          })
+          cleanup()
+          setAbortState(null)
+          break
+        }
+
+        case 'reasoning.delta':
+        case 'thinking.delta': {
+          const text = evt.text || evt.delta || ''
+          if (!text) break
+          runProducedAssistantText = true
+          const msgs = getSessionMsgs(sid)
+          const last = activeAssistantMessageId
+            ? msgs.find(m => m.id === activeAssistantMessageId)
+            : null
+          if (last?.role === 'assistant' && last.isStreaming) {
+            last.reasoning = (last.reasoning || '') + text
+            noteReasoningStart(last.id)
+          } else {
+            const newId = uid()
+            addMessage(sid, {
+              id: newId,
+              role: 'assistant',
+              content: '',
+              timestamp: Date.now(),
+              isStreaming: true,
+              reasoning: text,
+            })
+            activeAssistantMessageId = newId
+            noteReasoningStart(newId)
+          }
+
+          break
+        }
+
+        case 'reasoning.available': {
+          const msgs = getSessionMsgs(sid)
+          const last = msgs[msgs.length - 1]
+          if (last?.role === 'assistant' && last.isStreaming) {
+            noteReasoningEnd(last.id)
+          }
+
+          break
+        }
+
+        case 'message.delta': {
+          if (evt.delta) runProducedAssistantText = true
+          const msgs = getSessionMsgs(sid)
+          const last = activeAssistantMessageId
+            ? msgs.find(m => m.id === activeAssistantMessageId)
+            : null
+          if (last?.role === 'assistant' && last.isStreaming) {
+            const prev = last.content
+            const next = prev + (evt.delta || '')
+            noteThinkingDelta(last.id, prev, next)
+            if (last.reasoning) noteReasoningEnd(last.id)
+            last.content = next
+          } else {
+            const newId = uid()
+            const nextContent = evt.delta || ''
+            noteThinkingDelta(newId, '', nextContent)
+            addMessage(sid, {
+              id: newId,
+              role: 'assistant',
+              content: nextContent,
+              timestamp: Date.now(),
+              isStreaming: true,
+            })
+            activeAssistantMessageId = newId
+          }
+
+          break
+        }
+
+        case 'tool.started': {
+          runHadToolActivity = true
+          const msgs = getSessionMsgs(sid)
+          const toolCallId = (evt as any).tool_call_id as string | undefined
+          const last = activeAssistantMessageId
+            ? msgs.find(m => m.id === activeAssistantMessageId)
+            : msgs[msgs.length - 1]
+          if (last?.isStreaming) {
+            updateMessage(sid, last.id, { isStreaming: false })
+          }
+          activeAssistantMessageId = null
+          const existingTool = toolCallId
+            ? msgs.find(m => m.role === 'tool' && m.toolCallId === toolCallId)
+            : null
+          if (existingTool) {
+            updateMessage(sid, existingTool.id, {
+              toolName: evt.tool || evt.name,
+              toolArgs: typeof (evt as any).arguments === 'string' ? (evt as any).arguments : existingTool.toolArgs,
+              toolPreview: evt.preview || existingTool.toolPreview,
+              toolStatus: existingTool.toolStatus || 'running',
+            })
+            break
+          }
+          addMessage(sid, {
+            id: uid(),
+            role: 'tool',
+            content: '',
+            timestamp: Date.now(),
+            toolName: evt.tool || evt.name,
+            toolCallId,
+            toolPreview: evt.preview,
+            toolArgs: typeof (evt as any).arguments === 'string' ? (evt as any).arguments : undefined,
+            toolStatus: 'running',
+          })
+
+          break
+        }
+
+        case 'tool.completed': {
+          runHadToolActivity = true
+          const msgs = getSessionMsgs(sid)
+          const toolCallId = (evt as any).tool_call_id as string | undefined
+          const toolMsgs = toolCallId
+            ? msgs.filter(m => m.role === 'tool' && m.toolCallId === toolCallId)
+            : msgs.filter(m => m.role === 'tool' && m.toolStatus === 'running')
+          if (toolMsgs.length > 0) {
+            const output = typeof (evt as any).output === 'string' ? (evt as any).output : undefined
+            const hasError = (evt as any).error === true || isToolOutputError(output)
+            updateMessage(sid, toolMsgs[toolMsgs.length - 1].id, {
+              toolStatus: hasError ? 'error' : 'done',
+              toolDuration: (evt as any).duration,
+              toolResult: output,
+            })
+          }
+
+          break
+        }
+
+        case 'subagent.start':
+        case 'subagent.tool':
+        case 'subagent.progress':
+        case 'subagent.complete': {
+          runHadToolActivity = true
+          handleSubagentEvent(sid, evt)
+          break
+        }
+
+        case 'approval.requested': {
+          setPendingApproval(evt)
+          break
+        }
+
+        case 'approval.resolved': {
+          clearPendingApproval(evt)
+          break
+        }
+
+        case 'clarify.requested': {
+          setPendingClarify(evt)
+          break
+        }
+
+        case 'clarify.resolved': {
+          clearPendingClarify(evt)
+          break
+        }
+
+        case 'run.completed': {
+          clearAgentEventMessages(sid)
+          const hasQueue = (evt as any).queue_remaining > 0
+          if (hasQueue) {
+            queueLengths.value.set(sid, (evt as any).queue_remaining)
+          } else {
+            queueLengths.value.delete(sid)
+          }
+          const msgs = getSessionMsgs(sid)
+          const lastMsg = activeAssistantMessageId
+            ? msgs.find(m => m.id === activeAssistantMessageId)
+            : msgs[msgs.length - 1]
+          if (lastMsg?.isStreaming) {
+            updateMessage(sid, lastMsg.id, { isStreaming: false })
+          }
+          // Server-computed usage (local countTokens, snapshot-aware)
+          if ((evt as any).inputTokens != null) {
+            const target = sessions.value.find(s => s.id === sid)
+            if (target) {
+              target.inputTokens = (evt as any).inputTokens
+              target.outputTokens = (evt as any).outputTokens
+              if ((evt as any).contextTokens != null) target.contextTokens = (evt as any).contextTokens
+            }
+          }
+          // Check if backend provided parsed content (from stringified array format)
+          let finalOutputTrimmed = ''
+          if ((evt as any).parsed_content !== undefined) {
+            // Backend has parsed stringified array format, update last assistant message
+            const msgs = getSessionMsgs(sid)
+            const lastAssistant = activeAssistantMessageId
+              ? msgs.find(m => m.id === activeAssistantMessageId)
+              : [...msgs].reverse().find(m => m.role === 'assistant')
+            if (lastAssistant) {
+              updateMessage(sid, lastAssistant.id, {
+                content: (evt as any).parsed_content || '',
+              })
+              if ((evt as any).parsed_reasoning) {
+                updateMessage(sid, lastAssistant.id, {
+                  reasoning: (evt as any).parsed_reasoning,
+                })
+              }
+              finalOutputTrimmed = ((evt as any).parsed_content || '').trim()
+            }
+          } else {
+            // Fallback to output field (legacy behavior)
+            const finalOutput = typeof evt.output === 'string' ? evt.output : ''
+            finalOutputTrimmed = finalOutput.trim()
+            if (!runProducedAssistantText && finalOutputTrimmed !== '') {
+              addMessage(sid, {
+                id: uid(),
+                role: 'assistant',
+                content: finalOutput,
+                timestamp: Date.now(),
+              })
+            }
+          }
+          const swallowedError = !runProducedAssistantText && !runHadToolActivity && finalOutputTrimmed === ''
+          if (swallowedError) {
+            addMessage(sid, {
+              id: uid(),
+              role: 'system',
+              content: 'Error: Agent returned no output. The model call may have failed (e.g. invalid API key, model not supported by provider, or context exceeded). Check the hermes-agent logs for details.',
+              timestamp: Date.now(),
+            })
+          } else {
+            playCompletionBellIfEnabled()
+          }
+
+          // Auto-play speech for every completed assistant message
+          if (autoPlaySpeechEnabled.value) {
+            const msgs = getSessionMsgs(sid)
+            const lastAssistant = [...msgs].reverse().find(m => m.role === 'assistant')
+            if (lastAssistant?.content) {
+              setTimeout(() => {
+                playMessageSpeech(lastAssistant.id, lastAssistant.content)
+              }, 300)
+            }
+          }
+
+          if (!hasQueue) {
+            cleanup()
+            activeAssistantMessageId = null
+          } else {
+            // More runs pending — reset for next run but don't cleanup
+            activeAssistantMessageId = null
+          }
+          updateSessionTitle(sid)
+          break
+        }
+
+        case 'run.failed': {
+          clearAgentEventMessages(sid)
+          if ((evt as any).inputTokens != null) {
+            const target = sessions.value.find(s => s.id === sid)
+            if (target) {
+              target.inputTokens = (evt as any).inputTokens
+              target.outputTokens = (evt as any).outputTokens
+              if ((evt as any).contextTokens != null) target.contextTokens = (evt as any).contextTokens
+            }
+          }
+          const hasQueue = (evt as any).queue_remaining > 0
+          if (hasQueue) {
+            queueLengths.value.set(sid, (evt as any).queue_remaining)
+          } else {
+            queueLengths.value.delete(sid)
+          }
+          addAgentErrorMessage(sid, evt.error)
+          const msgs = getSessionMsgs(sid)
+          msgs.forEach((m, i) => {
+            if (m.role === 'tool' && m.toolStatus === 'running') {
+              msgs[i] = { ...m, toolStatus: 'error' }
+            }
+          })
+          if (!hasQueue) {
+            cleanup()
+          }
+          break
+        }
+
+        case 'usage.updated': {
+          const target = sessions.value.find(s => s.id === sid)
+          if (target) {
+            target.inputTokens = (evt as any).inputTokens
+            target.outputTokens = (evt as any).outputTokens
+            if ((evt as any).contextTokens != null) target.contextTokens = (evt as any).contextTokens
+          }
+          break
+        }
+      }
+    }
+
+    // Register handlers in global session map
+    registerSessionHandlers(sid, {
+      onMessageDelta: (evt) => handleEvent(evt),
+      onReasoningDelta: (evt) => handleEvent(evt),
+      onThinkingDelta: (evt) => handleEvent(evt),
+      onReasoningAvailable: (evt) => handleEvent(evt),
+      onToolStarted: (evt) => handleEvent(evt),
+      onToolCompleted: (evt) => handleEvent(evt),
+      onSubagentEvent: (evt) => handleEvent(evt),
+      onRunStarted: (evt) => handleEvent(evt),
+      onRunCompleted: (evt) => handleEvent(evt),
+      onRunFailed: (evt) => handleEvent(evt),
+      onCompressionStarted: (evt) => handleEvent(evt),
+      onCompressionCompleted: (evt) => handleEvent(evt),
+      onAbortStarted: (evt) => handleEvent(evt),
+      onAbortCompleted: (evt) => handleEvent(evt),
+      onUsageUpdated: (evt) => handleEvent(evt),
+      onAgentEvent: (evt) => handleEvent(evt),
+      onSessionCommand: (evt) => handleEvent(evt),
+      onRunQueued: (evt) => handleEvent(evt),
+      onClarifyRequested: (evt) => handleEvent(evt),
+      onClarifyResolved: (evt) => handleEvent(evt),
+    })
+
+    // No need to emit resume here — switchSession already did it.
+    // Server already joined room and replayed events.
+    // Just set up handlers for ongoing streaming events.
+
+    // Mark as streaming so UI shows the indicator and can still abort after refresh.
+    streamStates.value.set(sid, {
+      abort: () => {
+        getChatRunSocket()?.emit('abort', { session_id: sid })
+      },
+    })
+  }
+
+  function handlePeerUserMessage(evt: RunEvent) {
+    const sid = evt.session_id
+    if (!sid || activeSessionId.value !== sid || !activeSession.value) return
+
+    const peer = evt.message
+    const content = typeof peer?.content === 'string' ? peer.content : ''
+    if (!content.trim()) return
+
+    const messageId = peer?.id != null ? String(peer.id) : ''
+    const msgs = getSessionMsgs(sid)
+    if (messageId && msgs.some(msg => msg.id === messageId)) {
+      serverWorking.value.add(sid)
+      resumeServerWorkingRun(sid, true)
+      return
+    }
+    if (messageId && (queuedUserMessages.value.get(sid) || []).some(msg => msg.id === messageId)) {
+      serverWorking.value.add(sid)
+      resumeServerWorkingRun(sid, true)
+      return
+    }
+
+    const timestamp = typeof peer?.timestamp === 'number' && Number.isFinite(peer.timestamp)
+      ? Math.round(peer.timestamp * 1000)
+      : Date.now()
+
+    const message: Message = {
+      id: messageId || uid(),
+      role: peer?.role === 'command' ? 'command' : 'user',
+      content,
+      timestamp,
+      queued: !!peer?.queued,
+      systemType: peer?.role === 'command' ? 'command' : undefined,
+    }
+    const wasDequeued = messageId ? consumeDequeuedQueueId(sid, messageId) : false
+    if (peer?.queued || (!wasDequeued && isSessionLive(sid))) {
+      enqueueUserMessage(sid, message)
+    } else {
+      addMessage(sid, message)
+      updateSessionTitle(sid)
+    }
+    serverWorking.value.add(sid)
+    resumeServerWorkingRun(sid, true)
+  }
+
+  onPeerUserMessage(handlePeerUserMessage)
+
+  function handleGlobalSessionCommand(evt: RunEvent) {
+    const sid = evt.session_id
+    if (!sid || activeSessionId.value !== sid || !activeSession.value) return
+    const shouldAttachToStartedRun = (evt as any).started === true && (evt as any).terminal === false
+    handleSessionCommandEvent(evt)
+    if (shouldAttachToStartedRun) {
+      serverWorking.value.add(sid)
+      resumeServerWorkingRun(sid, true)
+    }
+  }
+
+  onSessionCommand(handleGlobalSessionCommand)
+
+  function stopStreaming() {
+    const sid = activeSessionId.value
+    if (!sid) return
+    if (isAborting.value) return
+    clearPendingInteractions(sid)
+    const ctrl = streamStates.value.get(sid)
+    if (ctrl) {
+      setAbortState({ aborting: true, synced: null })
+      ctrl.abort()
+      const msgs = getSessionMsgs(sid)
+      const lastMsg = msgs[msgs.length - 1]
+      if (lastMsg?.isStreaming) {
+        updateMessage(sid, lastMsg.id, { isStreaming: false })
+      }
+      window.setTimeout(() => {
+        if (activeSessionId.value === sid && abortState.value?.aborting) {
+          streamStates.value.delete(sid)
+          serverWorking.value.delete(sid)
+          setAbortState(null)
+        }
+      }, 20_000)
+    }
+  }
+
+  // Tab visibility: re-sync when returning to foreground
+  if (typeof document !== 'undefined') {
+    document.addEventListener('visibilitychange', () => {
+      if (document.visibilityState === 'visible' && activeSessionId.value && !isStreaming.value) {
+        const sid = activeSessionId.value
+        if (sid && !streamStates.value.has(sid)) {
+          // Re-load messages via resume (server loads from DB)
+          resumeSession(sid, (data) => {
+            if (data.isWorking) {
+              serverWorking.value.add(sid)
+            } else {
+              serverWorking.value.delete(sid)
+            }
+            if (data.isAborting) {
+              setAbortState({ aborting: true, synced: null })
+            } else if (!data.isWorking) {
+              setAbortState(null)
+            }
+            if (!data.isWorking) setCompressionState(sid, null)
+            if (data.messages?.length && activeSession.value) {
+              activeSession.value.messages = mapHermesMessages(data.messages as any[])
+              activeSession.value.loadedMessageCount = data.messageLoadedCount ?? data.messages.length
+              activeSession.value.messageTotal = data.messageTotal ?? activeSession.value.messageCount ?? activeSession.value.loadedMessageCount
+              activeSession.value.messageCount = activeSession.value.messageTotal
+              activeSession.value.hasMoreBefore = data.hasMoreBefore ?? activeSession.value.loadedMessageCount < activeSession.value.messageTotal
+            }
+            resumeServerWorkingRun(sid)
+          }, activeSession.value?.profile)
+        }
+      }
+    })
+  }
+
+  // Transient observation of <think> boundaries during active streaming.
+  // Not persisted; cleared on session switch. See spec §5.3.
+  const thinkingObservation = new Map<string, { startedAt?: number; endedAt?: number }>()
+
+  function getThinkingObservation(messageId: string) {
+    return thinkingObservation.get(messageId)
+  }
+
+  function noteThinkingDelta(messageId: string, prevContent: string, nextContent: string) {
+    const { startedAtBoundary, endedAtBoundary } = detectThinkingBoundary(prevContent, nextContent)
+    if (!startedAtBoundary && !endedAtBoundary) return
+    const existing = thinkingObservation.get(messageId) || {}
+    if (startedAtBoundary && existing.startedAt === undefined) {
+      existing.startedAt = Date.now()
+    }
+    if (endedAtBoundary && existing.endedAt === undefined) {
+      existing.endedAt = Date.now()
+    }
+    thinkingObservation.set(messageId, existing)
+  }
+
+  /** 第一次见到某条消息的 reasoning 文本时，标记 startedAt。 */
+  function noteReasoningStart(messageId: string) {
+    const existing = thinkingObservation.get(messageId) || {}
+    if (existing.startedAt === undefined) {
+      existing.startedAt = Date.now()
+      thinkingObservation.set(messageId, existing)
+    }
+  }
+
+  /** 内容首次到达（视为推理结束）或显式收到 reasoning.available 时，标记 endedAt。 */
+  function noteReasoningEnd(messageId: string) {
+    const existing = thinkingObservation.get(messageId)
+    if (!existing || existing.startedAt === undefined) return
+    if (existing.endedAt === undefined) {
+      existing.endedAt = Date.now()
+      thinkingObservation.set(messageId, existing)
+    }
+  }
+
+  function clearProviderFromSessions(provider: string) {
+    if (!provider) return
+    const target = provider.toLowerCase()
+    for (const s of sessions.value) {
+      if ((s.provider || '').toLowerCase() === target) {
+        s.model = undefined
+        s.provider = ''
+      }
+    }
+  }
+
+  function clearThinkingObservationFor(_sessionId: string) {
+    // messageId 与 sessionId 的关联未单独持有；方案是切会话时一律清空。
+    // 这符合 spec 定义：observation 是"当前会话范围内"的 transient 状态。
+    thinkingObservation.clear()
+  }
+
+  // 播放消息语音
+  function playMessageSpeech(messageId: string, content: string) {
+    // 触发自定义事件，让 MessageItem 组件处理播放
+    const event = new CustomEvent('auto-play-speech', {
+      detail: { messageId, content }
+    })
+    window.dispatchEvent(event)
+  }
+
+  return {
+    sessions,
+    activeSessionId,
+    activeSession,
+    focusMessageId,
+    messages,
+    isStreaming,
+    isRunActive,
+    isSessionLive,
+    sessionProfileFilter,
+    compressionState,
+    abortState,
+    isAborting,
+    queueLengths,
+    queuedUserMessages,
+    pendingApprovals,
+    activePendingApproval,
+    activePendingClarify,
+    removeQueuedMessage,
+    isLoadingSessions,
+    sessionsLoaded,
+    isLoadingMessages,
+
+    newChat,
+    newCliSession,
+    switchSession,
+    loadOlderMessages,
+    switchSessionModel,
+    addOrUpdateSession,
+    clearProviderFromSessions,
+    deleteSession,
+    sendMessage,
+    stopStreaming,
+    respondApproval,
+    respondToClarify,
+    loadSessions,
+    refreshActiveSession,
+    getThinkingObservation,
+    noteThinkingDelta,
+    noteReasoningStart,
+    noteReasoningEnd,
+    clearThinkingObservationFor,
+    setAutoPlaySpeech,
+    playMessageSpeech,
+  }
+})
diff --git a/packages/client/src/stores/hermes/files.ts b/packages/client/src/stores/hermes/files.ts
new file mode 100644
index 0000000..b6bb0a2
--- /dev/null
+++ b/packages/client/src/stores/hermes/files.ts
@@ -0,0 +1,241 @@
+import { defineStore } from 'pinia'
+import { ref, computed } from 'vue'
+import * as filesApi from '@/api/hermes/files'
+import type { FileEntry } from '@/api/hermes/files'
+
+const EXT_LANG_MAP: Record<string, string> = {
+  '.js': 'javascript', '.jsx': 'javascript',
+  '.ts': 'typescript', '.tsx': 'typescript',
+  '.json': 'json', '.jsonc': 'json',
+  '.html': 'html', '.htm': 'html',
+  '.css': 'css', '.scss': 'scss', '.less': 'less',
+  '.md': 'markdown', '.markdown': 'markdown',
+  '.py': 'python',
+  '.yaml': 'yaml', '.yml': 'yaml',
+  '.xml': 'xml',
+  '.sh': 'shell', '.bash': 'shell', '.zsh': 'shell',
+  '.sql': 'sql',
+  '.go': 'go',
+  '.rs': 'rust',
+  '.java': 'java',
+  '.c': 'c', '.h': 'c',
+  '.cpp': 'cpp', '.hpp': 'cpp',
+  '.toml': 'ini',
+  '.ini': 'ini',
+  '.env': 'ini',
+  '.vue': 'html',
+  '.dockerfile': 'dockerfile',
+  '.graphql': 'graphql',
+  '.lua': 'lua',
+  '.r': 'r',
+  '.rb': 'ruby',
+  '.php': 'php',
+  '.swift': 'swift',
+  '.kt': 'kotlin',
+}
+
+function getLanguageFromPath(filePath: string): string {
+  const name = filePath.split('/').pop() || ''
+  if (name === 'Dockerfile') return 'dockerfile'
+  if (name === 'Makefile') return 'makefile'
+  const ext = '.' + name.split('.').pop()?.toLowerCase()
+  return EXT_LANG_MAP[ext] || 'plaintext'
+}
+
+const IMAGE_EXTS = new Set(['.png', '.jpg', '.jpeg', '.gif', '.svg', '.webp', '.bmp', '.ico'])
+
+function getFileExt(name: string): string {
+  const idx = name.lastIndexOf('.')
+  return idx >= 0 ? name.slice(idx).toLowerCase() : ''
+}
+
+export function isImageFile(name: string): boolean {
+  return IMAGE_EXTS.has(getFileExt(name))
+}
+
+export function isMarkdownFile(name: string): boolean {
+  const ext = getFileExt(name)
+  return ext === '.md' || ext === '.markdown'
+}
+
+export function isTextFile(name: string): boolean {
+  const binaryExts = new Set(['.png', '.jpg', '.jpeg', '.gif', '.webp', '.bmp', '.ico', '.zip', '.gz', '.tar', '.7z', '.rar', '.pdf', '.doc', '.docx', '.xls', '.xlsx', '.ppt', '.pptx', '.mp3', '.mp4', '.wav', '.webm', '.avi', '.mov', '.exe', '.dll', '.so', '.dylib', '.bin', '.dat', '.db', '.sqlite'])
+  return !binaryExts.has(getFileExt(name))
+}
+
+// Returns true if `targetPath` is the same as `changedPath` or lives inside it
+// when `changedIsDir` is true. Used to invalidate preview/editor state when
+// the underlying file is deleted or renamed.
+function isAffected(targetPath: string, changedPath: string, changedIsDir: boolean): boolean {
+  if (targetPath === changedPath) return true
+  if (changedIsDir && targetPath.startsWith(changedPath + '/')) return true
+  return false
+}
+
+export const useFilesStore = defineStore('files', () => {
+  const currentPath = ref('')
+  const entries = ref<FileEntry[]>([])
+  const loading = ref(false)
+  const sortBy = ref<'name' | 'size' | 'modTime'>('name')
+  const sortOrder = ref<'asc' | 'desc'>('asc')
+
+  const editingFile = ref<{
+    path: string
+    content: string
+    originalContent: string
+    language: string
+  } | null>(null)
+
+  const previewFile = ref<{
+    path: string
+    type: 'image' | 'markdown'
+    content?: string
+  } | null>(null)
+
+  const pathSegments = computed(() => {
+    if (!currentPath.value) return []
+    return currentPath.value.split('/').filter(Boolean)
+  })
+
+  const sortedEntries = computed(() => {
+    const copy = [...entries.value]
+    copy.sort((a, b) => {
+      if (a.isDir !== b.isDir) return a.isDir ? -1 : 1
+      let cmp = 0
+      switch (sortBy.value) {
+        case 'name': cmp = a.name.localeCompare(b.name); break
+        case 'size': cmp = a.size - b.size; break
+        case 'modTime': cmp = a.modTime.localeCompare(b.modTime); break
+      }
+      return sortOrder.value === 'asc' ? cmp : -cmp
+    })
+    return copy
+  })
+
+  async function fetchEntries(path?: string) {
+    if (path !== undefined && path !== currentPath.value) {
+      // Switching directory invalidates the current preview; close it so the
+      // file list becomes visible again. The editor has its own dirty-check
+      // (see hasUnsavedChanges), so we leave editingFile alone here.
+      previewFile.value = null
+    }
+    if (path !== undefined) currentPath.value = path
+    loading.value = true
+    try {
+      const result = await filesApi.listFiles(currentPath.value)
+      entries.value = result.entries
+    } catch (err) {
+      console.error('Failed to fetch files:', err)
+      throw err
+    } finally {
+      loading.value = false
+    }
+  }
+
+  function navigateTo(path: string) { return fetchEntries(path) }
+  function navigateUp() {
+    const parts = currentPath.value.split('/').filter(Boolean)
+    parts.pop()
+    return fetchEntries(parts.join('/'))
+  }
+
+  async function openEditor(filePath: string) {
+    const result = await filesApi.readFile(filePath)
+    editingFile.value = {
+      path: filePath,
+      content: result.content,
+      originalContent: result.content,
+      language: getLanguageFromPath(filePath),
+    }
+  }
+
+  async function saveEditor() {
+    if (!editingFile.value) return
+    await filesApi.writeFile(editingFile.value.path, editingFile.value.content)
+    editingFile.value.originalContent = editingFile.value.content
+  }
+
+  function closeEditor() { editingFile.value = null }
+
+  async function openPreview(entry: FileEntry) {
+    if (isImageFile(entry.name)) {
+      previewFile.value = { path: entry.path, type: 'image' }
+    } else if (isMarkdownFile(entry.name)) {
+      const result = await filesApi.readFile(entry.path)
+      previewFile.value = { path: entry.path, type: 'markdown', content: result.content }
+    }
+  }
+
+  function closePreview() { previewFile.value = null }
+
+  async function createDir(name: string) {
+    const path = currentPath.value ? `${currentPath.value}/${name}` : name
+    await filesApi.mkDir(path)
+    await fetchEntries()
+  }
+
+  async function createFile(name: string) {
+    const path = currentPath.value ? `${currentPath.value}/${name}` : name
+    await filesApi.writeFile(path, '')
+    await fetchEntries()
+  }
+
+  async function deleteEntry(entry: FileEntry) {
+    await filesApi.deleteFile(entry.path, entry.isDir)
+    if (previewFile.value && isAffected(previewFile.value.path, entry.path, entry.isDir)) {
+      previewFile.value = null
+    }
+    if (editingFile.value && isAffected(editingFile.value.path, entry.path, entry.isDir)) {
+      editingFile.value = null
+    }
+    await fetchEntries()
+  }
+
+  async function renameEntry(entry: FileEntry, newName: string) {
+    const parentPath = entry.path.includes('/') ? entry.path.slice(0, entry.path.lastIndexOf('/')) : ''
+    const newPath = parentPath ? `${parentPath}/${newName}` : newName
+    await filesApi.renameFile(entry.path, newPath)
+    if (previewFile.value && isAffected(previewFile.value.path, entry.path, entry.isDir)) {
+      previewFile.value = null
+    }
+    if (editingFile.value && isAffected(editingFile.value.path, entry.path, entry.isDir)) {
+      editingFile.value = null
+    }
+    await fetchEntries()
+  }
+
+  async function copyEntry(entry: FileEntry, destPath: string) {
+    await filesApi.copyFile(entry.path, destPath)
+    await fetchEntries()
+  }
+
+  async function uploadFiles(files: File[]) {
+    await filesApi.uploadFiles(currentPath.value, files)
+    await fetchEntries()
+  }
+
+  function setSort(by: 'name' | 'size' | 'modTime') {
+    if (sortBy.value === by) {
+      sortOrder.value = sortOrder.value === 'asc' ? 'desc' : 'asc'
+    } else {
+      sortBy.value = by
+      sortOrder.value = 'asc'
+    }
+  }
+
+  const hasUnsavedChanges = computed(() => {
+    if (!editingFile.value) return false
+    return editingFile.value.content !== editingFile.value.originalContent
+  })
+
+  return {
+    currentPath, entries, loading, sortBy, sortOrder,
+    editingFile, previewFile,
+    pathSegments, sortedEntries, hasUnsavedChanges,
+    fetchEntries, navigateTo, navigateUp,
+    openEditor, saveEditor, closeEditor,
+    openPreview, closePreview,
+    createDir, createFile, deleteEntry, renameEntry, copyEntry,
+    uploadFiles, setSort,
+  }
+})
diff --git a/packages/client/src/stores/hermes/group-chat.ts b/packages/client/src/stores/hermes/group-chat.ts
new file mode 100644
index 0000000..e005b98
--- /dev/null
+++ b/packages/client/src/stores/hermes/group-chat.ts
@@ -0,0 +1,858 @@
+import { defineStore } from 'pinia'
+import { ref, computed } from 'vue'
+import { getApiKey } from '@/api/client'
+import { getDownloadUrl } from '@/api/hermes/download'
+import type { Attachment, ContentBlock } from './chat'
+import {
+    connectGroupChat,
+    disconnectGroupChat,
+    getSocket,
+    getStoredUserId,
+    getStoredUserName,
+    type RoomInfo,
+    type RoomAgent,
+    type ChatMessage,
+    type MemberInfo,
+    createRoom,
+    listRooms,
+    getRoomDetail,
+    joinRoomByCode,
+    addAgent,
+    listAgents,
+    removeAgent,
+    cloneRoom as cloneRoomApi,
+    deleteRoom as deleteRoomApi,
+    clearRoomContext,
+} from '@/api/hermes/group-chat'
+
+async function uploadGroupFiles(attachments: Attachment[]): Promise<{ name: string; path: string }[]> {
+    const formData = new FormData()
+    for (const att of attachments) {
+        if (att.file) formData.append('file', att.file, att.name)
+    }
+    const token = getApiKey()
+    const res = await fetch('/upload', {
+        method: 'POST',
+        body: formData,
+        headers: token ? { Authorization: `Bearer ${token}` } : {},
+    })
+    if (!res.ok) throw new Error(`Upload failed: ${res.status}`)
+    const data = await res.json() as { files: { name: string; path: string }[] }
+    return data.files
+}
+
+function buildGroupContentBlocks(content: string, attachments: Attachment[], files: { name: string; path: string }[]): ContentBlock[] {
+    const blocks: ContentBlock[] = []
+    if (content.trim()) blocks.push({ type: 'text', text: content.trim() })
+    for (let i = 0; i < files.length; i += 1) {
+        const file = files[i]
+        const attachment = attachments[i]
+        if (attachment?.type.startsWith('image/')) {
+            blocks.push({
+                type: 'image',
+                name: file.name,
+                path: file.path,
+                media_type: attachment.type,
+            })
+        } else {
+            blocks.push({
+                type: 'file',
+                name: file.name,
+                path: file.path,
+                media_type: attachment?.type,
+            })
+        }
+    }
+    return blocks
+}
+
+function uid(): string {
+    return Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+}
+
+const STREAM_FINAL_CONTENT_RECOVERY_DELAY_MS = 300
+
+function normalizeLocalFilePath(path: string): string {
+    return /^[a-zA-Z]:\\/.test(path) ? path.replace(/\\/g, '/') : path
+}
+
+function hasText(value?: string | null): boolean {
+    return !!value?.trim()
+}
+
+function hasToolCalls(message: ChatMessage): boolean {
+    return !!message.tool_calls?.length
+}
+
+function needsFinalContentRecovery(message: ChatMessage): boolean {
+    return message.role === 'assistant' && !hasText(message.content) && hasText(message.reasoning) && !hasToolCalls(message)
+}
+
+function mergeFinalMessage(existing: ChatMessage | null, msg: ChatMessage): ChatMessage {
+    return {
+        ...msg,
+        content: hasText(msg.content) ? msg.content : existing?.content || msg.content || '',
+        reasoning: hasText(msg.reasoning) ? msg.reasoning : existing?.reasoning ?? msg.reasoning ?? null,
+        reasoning_content: hasText(msg.reasoning_content) ? msg.reasoning_content : existing?.reasoning_content ?? msg.reasoning_content ?? null,
+        isStreaming: false,
+        attachments: existing?.attachments || msg.attachments,
+    }
+}
+
+export interface GroupPendingApproval {
+    roomId: string
+    agentName: string
+    approvalId: string
+    command: string
+    description: string
+    choices: Array<'once' | 'session' | 'always' | 'deny'>
+    allowPermanent: boolean
+    requestedAt: number
+}
+
+export const useGroupChatStore = defineStore('groupChat', () => {
+    // ─── State ─────────────────────────────────────────────
+    const connected = ref(false)
+    const currentRoomId = ref<string | null>(null)
+    const rooms = ref<RoomInfo[]>([])
+    const messages = ref<ChatMessage[]>([])
+    const members = ref<MemberInfo[]>([])
+    const agents = ref<RoomAgent[]>([])
+    const roomName = ref('')
+    const isJoining = ref(false)
+    const error = ref<string | null>(null)
+    const typingUsers = ref<Map<string, { name: string; timer: ReturnType<typeof setTimeout> }>>(new Map())
+    const contextStatuses = ref<Map<string, { agentName: string; status: string }>>(new Map())
+    const autoPlaySpeechEnabled = ref(false)
+    const pendingApprovals = ref<Map<string, GroupPendingApproval>>(new Map())
+    const totalMessages = ref(0)
+    const loadedMessageCount = ref(0)
+    const hasMoreBefore = ref(false)
+    const isLoadingOlderMessages = ref(false)
+
+    function resetMessagePaging() {
+        totalMessages.value = 0
+        loadedMessageCount.value = 0
+        hasMoreBefore.value = false
+        isLoadingOlderMessages.value = false
+    }
+
+    function applyMessagePaging(res: { messages: ChatMessage[]; total?: number; hasMore?: boolean }) {
+        loadedMessageCount.value = res.messages.length
+        totalMessages.value = res.total ?? res.messages.length
+        hasMoreBefore.value = res.hasMore ?? loadedMessageCount.value < totalMessages.value
+    }
+
+    function setAutoPlaySpeech(enabled: boolean) {
+        autoPlaySpeechEnabled.value = enabled
+    }
+
+    function playMessageSpeech(messageId: string, content: string) {
+        window.dispatchEvent(new CustomEvent('auto-play-speech', {
+            detail: { messageId, content },
+        }))
+    }
+
+    async function recoverMissingFinalContent(roomId: string, messageId: string) {
+        if (currentRoomId.value !== roomId) return
+        const idx = messages.value.findIndex(m => m.id === messageId)
+        if (idx < 0 || !needsFinalContentRecovery(messages.value[idx])) return
+
+        try {
+            const res = await getRoomDetail(roomId)
+            const recovered = res.messages.find(m => m.id === messageId)
+            if (!recovered || !hasText(recovered.content)) return
+
+            const currentIdx = messages.value.findIndex(m => m.id === messageId)
+            if (currentIdx < 0 || !needsFinalContentRecovery(messages.value[currentIdx])) return
+            messages.value[currentIdx] = mergeFinalMessage(messages.value[currentIdx], recovered)
+            messages.value = [...messages.value]
+        } catch {
+            // Keep the reasoning-only bubble visible; a later final message event can still merge it.
+        }
+    }
+
+    function scheduleMissingFinalContentRecovery(roomId: string, messageId: string) {
+        setTimeout(() => {
+            void recoverMissingFinalContent(roomId, messageId)
+        }, STREAM_FINAL_CONTENT_RECOVERY_DELAY_MS)
+    }
+
+    // Computed: returns first active status for backward compat
+    const contextStatus = computed(() => {
+        for (const [, status] of contextStatuses.value) {
+            return status
+        }
+        return null
+    })
+    const activePendingApproval = computed(() => {
+        if (!currentRoomId.value) return null
+        for (const approval of pendingApprovals.value.values()) {
+            if (approval.roomId === currentRoomId.value) return approval
+        }
+        return null
+    })
+    const userId = ref(getStoredUserId())
+    const userName = ref(getStoredUserName() || '')
+
+    // ─── Computed ───────────────────────────────────────────
+    const sortedMessages = computed(() => mapGroupMessages([...messages.value].sort((a, b) => a.timestamp - b.timestamp)))
+
+    const memberNames = computed(() => {
+        return members.value.map(m => m.name)
+    })
+
+    const typingNames = computed(() => {
+        return Array.from(typingUsers.value.values()).map(u => u.name)
+    })
+
+    const typingText = computed(() => {
+        const names = typingNames.value
+        if (names.length === 0) return ''
+        if (names.length === 1) return `${names[0]} is typing...`
+        if (names.length === 2) return `${names[0]} and ${names[1]} are typing...`
+        return `${names[0]} and ${names.length - 1} others are typing...`
+    })
+
+    // ─── Connection ────────────────────────────────────────
+    function connect() {
+        const socket = connectGroupChat({
+            userId: userId.value,
+            userName: userName.value || undefined,
+        })
+        console.log('[GroupChat] connecting...', { userId: userId.value, userName: userName.value })
+
+        socket.on('connect', () => {
+            console.log('[GroupChat] connected, socket id:', socket.id)
+            connected.value = true
+            error.value = null
+        })
+
+        socket.on('disconnect', (reason) => {
+            console.log('[GroupChat] disconnected:', reason)
+            connected.value = false
+        })
+
+        socket.on('connect_error', (err: Error) => {
+            console.error('[GroupChat] connect_error:', err.message)
+            error.value = err.message
+            connected.value = false
+        })
+
+        socket.on('message', (msg: ChatMessage) => {
+            if (msg.roomId === currentRoomId.value) {
+                const idx = messages.value.findIndex(m => m.id === msg.id)
+                const existing = idx >= 0 ? messages.value[idx] : null
+                const resolvedMsg = mergeFinalMessage(existing, msg)
+                if (idx >= 0) {
+                    messages.value[idx] = resolvedMsg
+                    messages.value = [...messages.value]
+                } else {
+                    messages.value.push(resolvedMsg)
+                    loadedMessageCount.value += 1
+                    totalMessages.value = Math.max(totalMessages.value + 1, loadedMessageCount.value)
+                }
+                if (autoPlaySpeechEnabled.value && resolvedMsg.role === 'assistant' && resolvedMsg.content?.trim()) {
+                    setTimeout(() => playMessageSpeech(resolvedMsg.id, resolvedMsg.content), 300)
+                }
+            }
+        })
+
+        socket.on('message_stream_start', (msg: ChatMessage) => {
+            if (msg.roomId !== currentRoomId.value) return
+            messages.value = messages.value.filter(m => !(
+                m.roomId === msg.roomId &&
+                m.senderId === msg.senderId &&
+                m.id !== msg.id &&
+                m.isStreaming &&
+                !m.content?.trim() &&
+                !m.reasoning?.trim() &&
+                !m.tool_calls?.length
+            ))
+            msg.isStreaming = true
+            const idx = messages.value.findIndex(m => m.id === msg.id)
+            if (idx >= 0) {
+                const existing = messages.value[idx]
+                if (!existing.isStreaming) return
+                messages.value[idx] = {
+                    ...existing,
+                    ...msg,
+                    content: hasText(msg.content) ? msg.content : existing.content || '',
+                    reasoning: hasText(msg.reasoning) ? msg.reasoning : existing.reasoning,
+                    reasoning_content: hasText(msg.reasoning_content) ? msg.reasoning_content : existing.reasoning_content,
+                    isStreaming: true,
+                }
+                messages.value = [...messages.value]
+            } else {
+                messages.value.push(msg)
+                loadedMessageCount.value += 1
+                totalMessages.value = Math.max(totalMessages.value + 1, loadedMessageCount.value)
+            }
+        })
+
+        socket.on('message_stream_delta', (data: { roomId: string; id: string; delta: string }) => {
+            if (data.roomId !== currentRoomId.value) return
+            const idx = messages.value.findIndex(m => m.id === data.id)
+            if (idx < 0 || !messages.value[idx].isStreaming) return
+            messages.value[idx] = {
+                ...messages.value[idx],
+                content: messages.value[idx].content + data.delta,
+            }
+            messages.value = [...messages.value]
+        })
+
+        socket.on('message_reasoning_delta', (data: { roomId: string; id: string; delta: string }) => {
+            if (data.roomId !== currentRoomId.value) return
+            const idx = messages.value.findIndex(m => m.id === data.id)
+            if (idx < 0 || !messages.value[idx].isStreaming) return
+            messages.value[idx] = {
+                ...messages.value[idx],
+                reasoning: (messages.value[idx].reasoning || '') + data.delta,
+                reasoning_content: (messages.value[idx].reasoning_content || '') + data.delta,
+                isStreaming: true,
+            }
+            messages.value = [...messages.value]
+        })
+
+        socket.on('message_stream_end', (data: { roomId: string; id: string }) => {
+            if (data.roomId !== currentRoomId.value) return
+            const idx = messages.value.findIndex(m => m.id === data.id)
+            if (
+                idx >= 0 &&
+                !messages.value[idx].content?.trim() &&
+                !messages.value[idx].reasoning?.trim() &&
+                !messages.value[idx].tool_calls?.length
+            ) {
+                messages.value.splice(idx, 1)
+            } else if (idx >= 0) {
+                messages.value[idx] = {
+                    ...messages.value[idx],
+                    isStreaming: false,
+                }
+                messages.value = [...messages.value]
+                if (needsFinalContentRecovery(messages.value[idx])) {
+                    scheduleMissingFinalContentRecovery(data.roomId, data.id)
+                }
+            }
+        })
+
+        socket.on('member_joined', (data: { roomId: string; members: MemberInfo[] }) => {
+            if (data.roomId === currentRoomId.value) {
+                members.value = data.members
+            }
+        })
+
+        socket.on('member_left', (data: { roomId: string; members: MemberInfo[] }) => {
+            if (data.roomId === currentRoomId.value) {
+                members.value = data.members
+            }
+        })
+
+        socket.on('typing', (data: { roomId: string; userId: string; userName: string }) => {
+            if (data.roomId === currentRoomId.value && !typingUsers.value.has(data.userId)) {
+                const timer = setTimeout(() => typingUsers.value.delete(data.userId), 5000)
+                typingUsers.value.set(data.userId, { name: data.userName, timer })
+            }
+        })
+
+        socket.on('stop_typing', (data: { roomId: string; userId: string }) => {
+            if (data.roomId === currentRoomId.value && typingUsers.value.has(data.userId)) {
+                const entry = typingUsers.value.get(data.userId)!
+                clearTimeout(entry.timer)
+                typingUsers.value.delete(data.userId)
+            }
+        })
+
+        socket.on('context_status', (data: { roomId: string; agentName: string; status: string }) => {
+            if (data.roomId === currentRoomId.value) {
+                if (data.status === 'ready') {
+                    contextStatuses.value.delete(data.agentName)
+                    messages.value = messages.value
+                        .map(m => (
+                            m.senderName === data.agentName && m.isStreaming
+                                ? { ...m, isStreaming: false }
+                                : m
+                        ))
+                        .filter(m => !(
+                            m.senderName === data.agentName &&
+                            !m.content?.trim() &&
+                            !m.reasoning?.trim() &&
+                            !m.tool_calls?.length
+                        ))
+                } else {
+                    contextStatuses.value.set(data.agentName, { agentName: data.agentName, status: data.status })
+                }
+                // Trigger reactivity
+                contextStatuses.value = new Map(contextStatuses.value)
+            }
+        })
+
+        socket.on('approval.requested', (data: { roomId: string; agentName?: string; approval_id?: string; command?: string; description?: string; choices?: string[]; allow_permanent?: boolean }) => {
+            if (!data.approval_id) return
+            const choices = (Array.isArray(data.choices) ? data.choices : ['once', 'session', 'deny'])
+                .filter((choice): choice is GroupPendingApproval['choices'][number] =>
+                    choice === 'once' || choice === 'session' || choice === 'always' || choice === 'deny')
+            pendingApprovals.value.set(data.approval_id, {
+                roomId: data.roomId,
+                agentName: data.agentName || '',
+                approvalId: data.approval_id,
+                command: data.command || '',
+                description: data.description || '',
+                choices: choices.length ? choices : ['once', 'session', 'deny'],
+                allowPermanent: Boolean(data.allow_permanent),
+                requestedAt: Date.now(),
+            })
+            pendingApprovals.value = new Map(pendingApprovals.value)
+        })
+
+        socket.on('approval.resolved', (data: { approval_id?: string }) => {
+            if (!data.approval_id) return
+            pendingApprovals.value.delete(data.approval_id)
+            pendingApprovals.value = new Map(pendingApprovals.value)
+        })
+
+        socket.on('room_updated', (data: { roomId: string; totalTokens: number }) => {
+            const room = rooms.value.find(r => r.id === data.roomId)
+            if (room) room.totalTokens = data.totalTokens
+        })
+
+        socket.on('room_cleared', (data: { roomId: string; totalTokens: number }) => {
+            const room = rooms.value.find(r => r.id === data.roomId)
+            if (room) room.totalTokens = data.totalTokens
+            if (data.roomId === currentRoomId.value) {
+                messages.value = []
+                resetMessagePaging()
+                typingUsers.value.clear()
+                contextStatuses.value.clear()
+                pendingApprovals.value.clear()
+            }
+        })
+    }
+
+    function disconnect() {
+        disconnectGroupChat()
+        connected.value = false
+        currentRoomId.value = null
+        messages.value = []
+        resetMessagePaging()
+        members.value = []
+        agents.value = []
+        roomName.value = ''
+        typingUsers.value.clear()
+        contextStatuses.value.clear()
+        pendingApprovals.value.clear()
+    }
+
+    function setUserInfo(name: string, description: string) {
+        userName.value = name
+        localStorage.setItem('gc_user_name', name)
+        localStorage.setItem('gc_user_description', description)
+    }
+
+    // ─── Room Actions ──────────────────────────────────────
+    async function joinRoom(roomId: string) {
+        isJoining.value = true
+        error.value = null
+
+        try {
+            const res = await getRoomDetail(roomId)
+            currentRoomId.value = res.room.id
+            roomName.value = res.room.name
+            messages.value = res.messages
+            applyMessagePaging(res)
+            agents.value = res.agents
+            members.value = res.members || []
+        } catch (err: any) {
+            error.value = err.message
+            throw err
+        } finally {
+            isJoining.value = false
+        }
+
+        // Join via socket for real-time updates
+        const socket = getSocket()
+        if (socket) {
+            await new Promise<void>((resolve) => {
+                socket.emit('join', {
+                    roomId,
+                    name: userName.value || undefined,
+                    description: localStorage.getItem('gc_user_description') || undefined,
+                }, (res: any) => {
+                    if (!res?.error) {
+                        members.value = res.members || []
+                        if (res.agents) agents.value = res.agents
+
+                        // Restore typing state from server
+                        if (res.typingUsers) {
+                            for (const u of res.typingUsers) {
+                                if (!typingUsers.value.has(u.userId)) {
+                                    const timer = setTimeout(() => typingUsers.value.delete(u.userId), 5000)
+                                    typingUsers.value.set(u.userId, { name: u.userName, timer })
+                                }
+                            }
+                        }
+
+                        // Restore context statuses from server
+                        if (res.contextStatuses) {
+                            contextStatuses.value = new Map(
+                                res.contextStatuses.map((s: any) => [s.agentName, s])
+                            )
+                        }
+                    }
+                    resolve()
+                })
+            })
+        }
+    }
+
+    async function loadOlderMessages(): Promise<boolean> {
+        const roomId = currentRoomId.value
+        if (!roomId || isLoadingOlderMessages.value || !hasMoreBefore.value) return false
+        const offset = loadedMessageCount.value
+        isLoadingOlderMessages.value = true
+        try {
+            const res = await getRoomDetail(roomId, { offset, limit: 300 })
+            const existingIds = new Set(messages.value.map(message => message.id))
+            const olderMessages = res.messages.filter(message => !existingIds.has(message.id))
+            messages.value = [...olderMessages, ...messages.value]
+            loadedMessageCount.value = offset + res.messages.length
+            totalMessages.value = res.total ?? totalMessages.value
+            hasMoreBefore.value = res.hasMore ?? loadedMessageCount.value < totalMessages.value
+            return olderMessages.length > 0
+        } catch (err: any) {
+            error.value = err.message
+            return false
+        } finally {
+            isLoadingOlderMessages.value = false
+        }
+    }
+
+    async function sendMessage(content: string, attachments?: Attachment[]) {
+        const socket = getSocket()
+        if (!socket || !currentRoomId.value) return
+        emitStopTyping()
+        const messageId = uid()
+        let finalContent: string | ContentBlock[] = content.trim()
+        if (attachments?.length) {
+            const uploaded = await uploadGroupFiles(attachments)
+            finalContent = buildGroupContentBlocks(content, attachments, uploaded)
+            const urlMap = new Map(uploaded.map(f => {
+                return [f.name, getDownloadUrl(normalizeLocalFilePath(f.path), f.name)]
+            }))
+            messages.value.push({
+                id: messageId,
+                roomId: currentRoomId.value,
+                senderId: userId.value,
+                senderName: userName.value || 'You',
+                content: JSON.stringify(finalContent),
+                timestamp: Date.now(),
+                role: 'user',
+                attachments: attachments.map(att => ({ ...att, url: urlMap.get(att.name) || att.url, file: undefined })),
+            })
+            loadedMessageCount.value += 1
+            totalMessages.value = Math.max(totalMessages.value + 1, loadedMessageCount.value)
+        }
+
+        return new Promise<void>((resolve, reject) => {
+            socket!.emit('message', { roomId: currentRoomId.value, id: messageId, content: finalContent }, (res: { id?: string; error?: string }) => {
+                if (res.error) {
+                    messages.value = messages.value.filter(m => m.id !== messageId)
+                    reject(new Error(res.error))
+                    return
+                }
+                resolve()
+            })
+        })
+    }
+
+    async function loadRooms() {
+        try {
+            const res = await listRooms()
+            rooms.value = res.rooms
+        } catch (err: any) {
+            error.value = err.message
+        }
+    }
+
+    async function createNewRoom(name: string, inviteCode: string, agentList?: { profile: string; name?: string; description?: string; invited?: boolean }[], compression?: { triggerTokens: number; maxHistoryTokens: number; tailMessageCount: number }) {
+        try {
+            const res = await createRoom({
+                name,
+                inviteCode,
+                agents: agentList,
+                compression: compression || { triggerTokens: 100000, maxHistoryTokens: 32000, tailMessageCount: 10 },
+            })
+            rooms.value.push(res.room)
+            return res
+        } catch (err: any) {
+            error.value = err.message
+            throw err
+        }
+    }
+
+    async function joinByCode(code: string) {
+        try {
+            const res = await joinRoomByCode(code)
+            await joinRoom(res.room.id)
+            return res.room
+        } catch (err: any) {
+            error.value = err.message
+            throw err
+        }
+    }
+
+    async function deleteRoom(roomId: string) {
+        try {
+            await deleteRoomApi(roomId)
+            rooms.value = rooms.value.filter(r => r.id !== roomId)
+            if (currentRoomId.value === roomId) {
+                currentRoomId.value = null
+                messages.value = []
+                resetMessagePaging()
+                members.value = []
+                agents.value = []
+                roomName.value = ''
+            }
+        } catch (err: any) {
+            error.value = err.message
+            throw err
+        }
+    }
+
+    async function cloneRoom(roomId: string, data?: { name?: string; inviteCode?: string }) {
+        try {
+            const res = await cloneRoomApi(roomId, data)
+            rooms.value.push(res.room)
+            return res
+        } catch (err: any) {
+            error.value = err.message
+            throw err
+        }
+    }
+
+    async function clearCurrentRoomContext() {
+        if (!currentRoomId.value) return
+        try {
+            const res = await clearRoomContext(currentRoomId.value)
+            messages.value = []
+            resetMessagePaging()
+            typingUsers.value.clear()
+            contextStatuses.value.clear()
+            const idx = rooms.value.findIndex(r => r.id === currentRoomId.value)
+            if (idx >= 0 && res.room) rooms.value[idx] = res.room
+            return res
+        } catch (err: any) {
+            error.value = err.message
+            throw err
+        }
+    }
+
+    // ─── Agent Actions ─────────────────────────────────────
+    async function loadAgents(roomId: string) {
+        try {
+            const res = await listAgents(roomId)
+            agents.value = res.agents
+        } catch { /* ignore */ }
+    }
+
+    async function addAgentToRoom(roomId: string, data: { profile: string; name?: string; description?: string; invited?: boolean }) {
+        try {
+            const res = await addAgent(roomId, data)
+            agents.value.push(res.agent)
+            return res.agent
+        } catch (err: any) {
+            error.value = err.message
+            throw err
+        }
+    }
+
+    async function removeAgentFromRoom(roomId: string, agentId: string) {
+        try {
+            const res = await removeAgent(roomId, agentId)
+            agents.value = res.agents ?? agents.value.filter(a => a.id !== agentId && a.agentId !== agentId)
+            if (res.members) members.value = res.members
+        } catch (err: any) {
+            error.value = err.message
+            throw err
+        }
+    }
+
+    // ─── Typing ────────────────────────────────────────────
+    let _typingTimer: ReturnType<typeof setTimeout> | null = null
+
+    function emitTyping() {
+        const socket = getSocket()
+        if (!socket || !currentRoomId.value) return
+        socket.emit('typing', { roomId: currentRoomId.value })
+        if (_typingTimer) clearTimeout(_typingTimer)
+        _typingTimer = setTimeout(() => emitStopTyping(), 4000)
+    }
+
+    function emitStopTyping() {
+        const socket = getSocket()
+        if (!socket || !currentRoomId.value) return
+        socket.emit('stop_typing', { roomId: currentRoomId.value })
+        if (_typingTimer) { clearTimeout(_typingTimer); _typingTimer = null }
+    }
+
+    async function interruptAgent(agentName: string) {
+        const socket = getSocket()
+        if (!socket || !currentRoomId.value) return
+        await new Promise<void>((resolve, reject) => {
+            socket.emit('interrupt_agent', { roomId: currentRoomId.value, agentName }, (res: any) => {
+                if (res?.error) reject(new Error(res.error))
+                else resolve()
+            })
+        })
+    }
+
+    async function respondApproval(choice: GroupPendingApproval['choices'][number]) {
+        const socket = getSocket()
+        const pending = activePendingApproval.value
+        if (!socket || !pending) return
+        await new Promise<void>((resolve, reject) => {
+            socket.emit('approval.respond', {
+                roomId: pending.roomId,
+                approval_id: pending.approvalId,
+                choice,
+            }, (res: any) => {
+                if (res?.error) reject(new Error(res.error))
+                else resolve()
+            })
+        })
+        pendingApprovals.value.delete(pending.approvalId)
+        pendingApprovals.value = new Map(pendingApprovals.value)
+    }
+
+    return {
+        // State
+        connected,
+        currentRoomId,
+        rooms,
+        messages,
+        members,
+        agents,
+        roomName,
+        isJoining,
+        error,
+        contextStatus,
+        contextStatuses,
+        pendingApprovals,
+        activePendingApproval,
+        autoPlaySpeechEnabled,
+        totalMessages,
+        loadedMessageCount,
+        hasMoreBefore,
+        isLoadingOlderMessages,
+        userId,
+        userName,
+        // Computed
+        sortedMessages,
+        memberNames,
+        typingNames,
+        typingText,
+        // Actions
+        connect,
+        disconnect,
+        setUserInfo,
+        setAutoPlaySpeech,
+        joinRoom,
+        loadOlderMessages,
+        sendMessage,
+        loadRooms,
+        emitTyping,
+        emitStopTyping,
+        interruptAgent,
+        respondApproval,
+        createNewRoom,
+        joinByCode,
+        deleteRoom,
+        cloneRoom,
+        clearCurrentRoomContext,
+        loadAgents,
+        addAgentToRoom,
+        removeAgentFromRoom,
+    }
+})
+
+function mapGroupMessages(msgs: ChatMessage[]): ChatMessage[] {
+    const toolNameMap = new Map<string, string>()
+    const toolArgsMap = new Map<string, string>()
+    for (const msg of msgs) {
+        if (msg.role === 'assistant' && msg.tool_calls?.length) {
+            for (const tc of msg.tool_calls) {
+                if (!tc?.id) continue
+                if (tc.function?.name) toolNameMap.set(tc.id, tc.function.name)
+                if (tc.function?.arguments) toolArgsMap.set(tc.id, tc.function.arguments)
+            }
+        }
+    }
+
+    const result: ChatMessage[] = []
+    for (const msg of msgs) {
+        if (
+            msg.role !== 'tool' &&
+            !msg.tool_calls?.length &&
+            !msg.content?.trim() &&
+            !msg.reasoning?.trim() &&
+            (!msg.isStreaming || msg.finish_reason === 'streaming')
+        ) {
+            continue
+        }
+
+        if (msg.role === 'assistant' && msg.tool_calls?.length && !msg.content?.trim()) {
+            for (const tc of msg.tool_calls) {
+                result.push({
+                    ...msg,
+                    id: `${msg.id}_${tc.id}`,
+                    role: 'tool',
+                    content: '',
+                    toolName: tc.function?.name || undefined,
+                    toolCallId: tc.id,
+                    toolArgs: tc.function?.arguments || undefined,
+                    toolStatus: 'running',
+                })
+            }
+            continue
+        }
+
+        if (msg.role === 'tool') {
+            const tcId = msg.tool_call_id || ''
+            const toolName = msg.tool_name || toolNameMap.get(tcId) || undefined
+            const toolArgs = toolArgsMap.get(tcId) || undefined
+            let preview = ''
+            if (msg.content) {
+                try {
+                    const parsed = JSON.parse(msg.content)
+                    preview = parsed.url || parsed.title || parsed.preview || parsed.summary || ''
+                } catch {
+                    preview = msg.content.slice(0, 80)
+                }
+            }
+            const placeholderIdx = result.findIndex(
+                m => m.role === 'tool' && m.toolCallId === tcId && !m.toolResult
+            )
+            const merged: ChatMessage = {
+                ...msg,
+                id: placeholderIdx !== -1 ? result[placeholderIdx].id : msg.id,
+                senderId: placeholderIdx !== -1 ? result[placeholderIdx].senderId : msg.senderId,
+                senderName: placeholderIdx !== -1 ? result[placeholderIdx].senderName : msg.senderName,
+                timestamp: placeholderIdx !== -1 ? result[placeholderIdx].timestamp : msg.timestamp,
+                role: 'tool',
+                content: '',
+                toolName: toolName || (placeholderIdx !== -1 ? result[placeholderIdx].toolName : undefined),
+                toolCallId: tcId || undefined,
+                toolArgs: toolArgs || (placeholderIdx !== -1 ? result[placeholderIdx].toolArgs : undefined),
+                toolPreview: typeof preview === 'string' ? preview.slice(0, 100) || undefined : undefined,
+                toolResult: msg.content || undefined,
+                toolStatus: 'done',
+            }
+            if (placeholderIdx !== -1) result[placeholderIdx] = merged
+            else result.push(merged)
+            continue
+        }
+
+        result.push(msg)
+    }
+    return result
+}
diff --git a/packages/client/src/stores/hermes/jobs.ts b/packages/client/src/stores/hermes/jobs.ts
new file mode 100644
index 0000000..504b74d
--- /dev/null
+++ b/packages/client/src/stores/hermes/jobs.ts
@@ -0,0 +1,72 @@
+import { defineStore } from 'pinia'
+import { ref } from 'vue'
+import * as jobsApi from '@/api/hermes/jobs'
+import type { Job, CreateJobRequest, UpdateJobRequest } from '@/api/hermes/jobs'
+
+function matchId(job: Job, id: string): boolean {
+  return job.job_id === id || job.id === id
+}
+
+export const useJobsStore = defineStore('jobs', () => {
+  const jobs = ref<Job[]>([])
+  const loading = ref(false)
+
+  async function fetchJobs() {
+    loading.value = true
+    try {
+      jobs.value = await jobsApi.listJobs()
+    } catch (err) {
+      console.error('Failed to fetch jobs:', err)
+    } finally {
+      loading.value = false
+    }
+  }
+
+  async function createJob(data: CreateJobRequest): Promise<Job> {
+    const job = await jobsApi.createJob(data)
+    jobs.value.unshift(job)
+    return job
+  }
+
+  async function updateJob(jobId: string, data: UpdateJobRequest): Promise<Job> {
+    const job = await jobsApi.updateJob(jobId, data)
+    const idx = jobs.value.findIndex(j => matchId(j, jobId))
+    if (idx !== -1) jobs.value[idx] = job
+    return job
+  }
+
+  async function deleteJob(jobId: string) {
+    await jobsApi.deleteJob(jobId)
+    jobs.value = jobs.value.filter(j => !matchId(j, jobId))
+  }
+
+  async function pauseJob(jobId: string) {
+    const job = await jobsApi.pauseJob(jobId)
+    const idx = jobs.value.findIndex(j => matchId(j, jobId))
+    if (idx !== -1) jobs.value[idx] = job
+  }
+
+  async function resumeJob(jobId: string) {
+    const job = await jobsApi.resumeJob(jobId)
+    const idx = jobs.value.findIndex(j => matchId(j, jobId))
+    if (idx !== -1) jobs.value[idx] = job
+  }
+
+  async function runJob(jobId: string) {
+    const job = await jobsApi.runJob(jobId)
+    const idx = jobs.value.findIndex(j => matchId(j, jobId))
+    if (idx !== -1) jobs.value[idx] = job
+  }
+
+  return {
+    jobs,
+    loading,
+    fetchJobs,
+    createJob,
+    updateJob,
+    deleteJob,
+    pauseJob,
+    resumeJob,
+    runJob,
+  }
+})
diff --git a/packages/client/src/stores/hermes/kanban.ts b/packages/client/src/stores/hermes/kanban.ts
new file mode 100644
index 0000000..6f2cbae
--- /dev/null
+++ b/packages/client/src/stores/hermes/kanban.ts
@@ -0,0 +1,513 @@
+import { defineStore } from 'pinia'
+import { computed, ref } from 'vue'
+import * as kanbanApi from '@/api/hermes/kanban'
+import type { KanbanTask, KanbanStats, KanbanAssignee, KanbanBoard, KanbanCapabilities, KanbanDiagnosticsOptions, KanbanDispatchOptions, KanbanBulkUpdateRequest } from '@/api/hermes/kanban'
+
+export const KANBAN_SELECTED_BOARD_STORAGE_KEY = 'hermes.kanban.selectedBoard'
+export const DEFAULT_KANBAN_BOARD = 'default'
+
+const BOARD_SLUG_RE = /^[a-z0-9][a-z0-9_-]{0,63}$/
+
+function safeStorageGet(key: string): string | null {
+  if (typeof window === 'undefined') return null
+  try {
+    return window.localStorage.getItem(key)
+  } catch {
+    return null
+  }
+}
+
+function safeStorageSet(key: string, value: string) {
+  if (typeof window === 'undefined') return
+  try {
+    window.localStorage.setItem(key, value)
+  } catch {
+    // Ignore storage failures; selectedBoard still remains explicit in-memory.
+  }
+}
+
+export function normalizeBoardSlug(board?: string | null): string {
+  const trimmed = board?.trim().toLowerCase()
+  if (!trimmed) return DEFAULT_KANBAN_BOARD
+  return BOARD_SLUG_RE.test(trimmed) ? trimmed : DEFAULT_KANBAN_BOARD
+}
+
+export const useKanbanStore = defineStore('kanban', () => {
+  const tasks = ref<KanbanTask[]>([])
+  const stats = ref<KanbanStats | null>(null)
+  const assignees = ref<KanbanAssignee[]>([])
+  const boards = ref<KanbanBoard[]>([])
+  const capabilities = ref<KanbanCapabilities | null>(null)
+  const loading = ref(false)
+  const boardsLoading = ref(false)
+  const boardWarning = ref<string | null>(null)
+
+  const selectedBoard = ref(normalizeBoardSlug(safeStorageGet(KANBAN_SELECTED_BOARD_STORAGE_KEY)))
+
+  const filterStatus = ref<string | null>(null)
+  const filterAssignee = ref<string | null>(null)
+
+  let boardGeneration = 0
+  let boardsRequestSeq = 0
+  let tasksRequestSeq = 0
+  let statsRequestSeq = 0
+  let assigneesRequestSeq = 0
+  let loadingRequestSeq = 0
+  let eventStreamSeq = 0
+  let eventSocket: WebSocket | null = null
+  let eventReconnectTimer: ReturnType<typeof setTimeout> | null = null
+  let eventRefreshTimer: ReturnType<typeof setTimeout> | null = null
+  let eventStreamEnabled = false
+
+  const activeBoards = computed(() => {
+    const visible = boards.value.filter(board => !board.archived)
+    if (!visible.some(board => board.slug === DEFAULT_KANBAN_BOARD)) {
+      return [{
+        slug: DEFAULT_KANBAN_BOARD,
+        name: 'Default',
+        description: '',
+        icon: '',
+        color: '',
+        created_at: null,
+        archived: false,
+        counts: {},
+        total: 0,
+      }, ...visible]
+    }
+    return visible
+  })
+
+  function isCapabilitySupported(key: string): boolean {
+    if (!capabilities.value) return false
+    const detail = capabilities.value.capabilities?.find(capability => capability.key === key)
+    if (detail) return detail.status === 'supported'
+    if (capabilities.value.missing?.includes(key)) return false
+    return capabilities.value.supports?.[key] === true
+  }
+
+  function assertCapability(key: string): void {
+    if (!isCapabilitySupported(key)) {
+      throw new Error(`Kanban capability "${key}" is not supported by the current Hermes backend`)
+    }
+  }
+
+  function hasCapabilityStatus(key: string, statuses: Array<'supported' | 'partial' | 'missing'>): boolean {
+    const detail = capabilities.value?.capabilities?.find(capability => capability.key === key)
+    if (detail) return statuses.includes(detail.status)
+    if (statuses.includes('supported')) return isCapabilitySupported(key)
+    return false
+  }
+
+  function assertCapabilityStatus(key: string, statuses: Array<'supported' | 'partial' | 'missing'>): void {
+    if (!hasCapabilityStatus(key, statuses)) {
+      throw new Error(`Kanban capability "${key}" is not available with the required status`)
+    }
+  }
+
+  function boardExists(board: string): boolean {
+    return activeBoards.value.some(item => item.slug === board)
+  }
+
+  function resolveAvailableBoard(candidate?: string | null): string {
+    const normalized = normalizeBoardSlug(candidate)
+    if (boards.value.length > 0 && !boardExists(normalized)) return DEFAULT_KANBAN_BOARD
+    return normalized
+  }
+
+  function clearBoardScopedState() {
+    tasks.value = []
+    stats.value = null
+    assignees.value = []
+  }
+
+  function clearEventTimers() {
+    if (eventReconnectTimer) clearTimeout(eventReconnectTimer)
+    if (eventRefreshTimer) clearTimeout(eventRefreshTimer)
+    eventReconnectTimer = null
+    eventRefreshTimer = null
+  }
+
+  function closeEventSocket() {
+    if (!eventSocket) return
+    const socket = eventSocket
+    eventSocket = null
+    socket.onclose = null
+    socket.onerror = null
+    socket.onmessage = null
+    try { socket.close() } catch { }
+  }
+
+  function stopEventStream() {
+    eventStreamEnabled = false
+    eventStreamSeq++
+    clearEventTimers()
+    closeEventSocket()
+  }
+
+  function scheduleEventRefresh(board: string, generation: number, seq: number) {
+    if (eventRefreshTimer) clearTimeout(eventRefreshTimer)
+    eventRefreshTimer = setTimeout(() => {
+      if (!eventStreamEnabled || seq !== eventStreamSeq || generation !== boardGeneration || board !== selectedBoard.value) return
+      void Promise.all([fetchBoards(), fetchTasks(true), fetchStats(), fetchAssignees()])
+    }, 100)
+  }
+
+  function scheduleEventReconnect(board: string, generation: number, seq: number) {
+    if (eventReconnectTimer) clearTimeout(eventReconnectTimer)
+    eventReconnectTimer = setTimeout(() => {
+      if (!eventStreamEnabled || seq !== eventStreamSeq || generation !== boardGeneration || board !== selectedBoard.value) return
+      connectEventStream(board, generation, seq)
+    }, 3000)
+  }
+
+  function connectEventStream(board: string, generation: number, seq: number) {
+    closeEventSocket()
+    let socket: WebSocket
+    try {
+      socket = kanbanApi.openKanbanEventStream({ board })
+    } catch (err) {
+      console.error('Failed to open kanban event stream:', err)
+      scheduleEventReconnect(board, generation, seq)
+      return
+    }
+    eventSocket = socket
+    socket.onmessage = (event) => {
+      if (!eventStreamEnabled || seq !== eventStreamSeq || generation !== boardGeneration || board !== selectedBoard.value) return
+      try {
+        const payload = JSON.parse(String(event.data))
+        if (payload?.type === 'event') scheduleEventRefresh(board, generation, seq)
+      } catch {
+        scheduleEventRefresh(board, generation, seq)
+      }
+    }
+    socket.onerror = () => {
+      if (eventSocket === socket) console.error('Kanban event stream error')
+    }
+    socket.onclose = () => {
+      if (eventSocket === socket) {
+        eventSocket = null
+        scheduleEventReconnect(board, generation, seq)
+      }
+    }
+  }
+
+  function hasEventStreamCapability(): boolean {
+    const status = capabilities.value?.capabilities?.find(capability => capability.key === 'events')?.status
+    return status === 'supported' || status === 'partial' || isCapabilitySupported('events')
+  }
+
+  function startEventStream() {
+    if (!hasEventStreamCapability()) return false
+    eventStreamEnabled = true
+    const seq = ++eventStreamSeq
+    const generation = boardGeneration
+    const board = selectedBoard.value
+    clearEventTimers()
+    connectEventStream(board, generation, seq)
+    return true
+  }
+
+  function restartEventStreamIfActive() {
+    if (eventStreamEnabled) startEventStream()
+  }
+
+  function setSelectedBoard(board?: string | null): string {
+    const resolved = resolveAvailableBoard(board)
+    const changed = selectedBoard.value !== resolved
+    selectedBoard.value = resolved
+    safeStorageSet(KANBAN_SELECTED_BOARD_STORAGE_KEY, resolved)
+    boardWarning.value = null
+    if (changed) {
+      clearBoardScopedState()
+      boardGeneration++
+      restartEventStreamIfActive()
+    }
+    return resolved
+  }
+
+  function recoverSelectedBoard(candidate?: string | null): { board: string; recovered: boolean } {
+    const normalized = normalizeBoardSlug(candidate)
+    const resolved = resolveAvailableBoard(normalized)
+    const recovered = resolved !== normalized
+    setSelectedBoard(resolved)
+    if (recovered) {
+      boardWarning.value = `Board "${normalized}" is unavailable; fell back to "${resolved}".`
+    }
+    return { board: resolved, recovered }
+  }
+
+  function nextRequestContext(nextSeq: () => number) {
+    const seq = nextSeq()
+    const generation = boardGeneration
+    const board = selectedBoard.value
+    return { seq, generation, board }
+  }
+
+  function isCurrentRequest(seq: number, generation: number, board: string, currentSeq: number): boolean {
+    return seq === currentSeq && generation === boardGeneration && board === selectedBoard.value
+  }
+
+  async function fetchBoards(includeArchived = false) {
+    const seq = ++boardsRequestSeq
+    boardsLoading.value = true
+    try {
+      const nextBoards = await kanbanApi.listBoards({ includeArchived })
+      if (seq !== boardsRequestSeq) return
+      boards.value = nextBoards
+      const resolved = resolveAvailableBoard(selectedBoard.value)
+      if (resolved !== selectedBoard.value) recoverSelectedBoard(selectedBoard.value)
+    } catch (err) {
+      if (seq === boardsRequestSeq) console.error('Failed to fetch kanban boards:', err)
+    } finally {
+      if (seq === boardsRequestSeq) boardsLoading.value = false
+    }
+  }
+
+  async function fetchCapabilities() {
+    try {
+      capabilities.value = await kanbanApi.getCapabilities()
+    } catch (err) {
+      console.error('Failed to fetch kanban capabilities:', err)
+    }
+  }
+
+  async function createBoard(data: { slug: string; name?: string; description?: string; icon?: string; color?: string; switchCurrent?: boolean }) {
+    const board = await kanbanApi.createBoard(data)
+    await fetchBoards()
+    setSelectedBoard(board.slug)
+    await refreshAll()
+    return board
+  }
+
+  async function archiveSelectedBoard() {
+    const board = selectedBoard.value
+    if (board === DEFAULT_KANBAN_BOARD) throw new Error('Cannot archive the default kanban board')
+    await kanbanApi.archiveBoard(board)
+    await fetchBoards()
+    setSelectedBoard(DEFAULT_KANBAN_BOARD)
+    await refreshAll()
+  }
+
+  async function fetchTasks(silent = false) {
+    const { seq, generation, board } = nextRequestContext(() => ++tasksRequestSeq)
+    const loadingSeq = silent ? 0 : ++loadingRequestSeq
+    if (!silent) loading.value = true
+    try {
+      const nextTasks = await kanbanApi.listTasks({
+        board,
+        status: filterStatus.value || undefined,
+        assignee: filterAssignee.value || undefined,
+        includeArchived: true,
+      })
+      if (isCurrentRequest(seq, generation, board, tasksRequestSeq)) tasks.value = nextTasks
+    } catch (err) {
+      if (isCurrentRequest(seq, generation, board, tasksRequestSeq)) console.error('Failed to fetch kanban tasks:', err)
+    } finally {
+      if (!silent && loadingSeq === loadingRequestSeq) loading.value = false
+    }
+  }
+
+  async function fetchStats() {
+    const { seq, generation, board } = nextRequestContext(() => ++statsRequestSeq)
+    try {
+      const nextStats = await kanbanApi.getStats({ board })
+      if (isCurrentRequest(seq, generation, board, statsRequestSeq)) stats.value = nextStats
+    } catch (err) {
+      if (isCurrentRequest(seq, generation, board, statsRequestSeq)) console.error('Failed to fetch kanban stats:', err)
+    }
+  }
+
+  async function fetchAssignees() {
+    const { seq, generation, board } = nextRequestContext(() => ++assigneesRequestSeq)
+    try {
+      const nextAssignees = await kanbanApi.getAssignees({ board })
+      if (isCurrentRequest(seq, generation, board, assigneesRequestSeq)) assignees.value = nextAssignees
+    } catch (err) {
+      if (isCurrentRequest(seq, generation, board, assigneesRequestSeq)) console.error('Failed to fetch kanban assignees:', err)
+    }
+  }
+
+  async function createTask(data: { title: string; body?: string; assignee?: string; priority?: number; tenant?: string }) {
+    const board = selectedBoard.value
+    const task = await kanbanApi.createTask(data, { board })
+    if (board === selectedBoard.value) {
+      tasks.value.unshift(task)
+      await Promise.all([fetchStats(), fetchBoards()])
+    }
+    return task
+  }
+
+  async function completeTasks(taskIds: string[], summary?: string) {
+    const board = selectedBoard.value
+    await kanbanApi.completeTasks(taskIds, summary, { board })
+    if (board === selectedBoard.value) {
+      for (const id of taskIds) {
+        const task = tasks.value.find(t => t.id === id)
+        if (task) task.status = 'done'
+      }
+      await Promise.all([fetchStats(), fetchBoards()])
+    }
+  }
+
+  async function blockTask(taskId: string, reason: string) {
+    const board = selectedBoard.value
+    await kanbanApi.blockTask(taskId, reason, { board })
+    if (board === selectedBoard.value) {
+      const task = tasks.value.find(t => t.id === taskId)
+      if (task) task.status = 'blocked'
+      await Promise.all([fetchStats(), fetchBoards()])
+    }
+  }
+
+  async function unblockTasks(taskIds: string[]) {
+    const board = selectedBoard.value
+    await kanbanApi.unblockTasks(taskIds, { board })
+    if (board === selectedBoard.value) {
+      for (const id of taskIds) {
+        const task = tasks.value.find(t => t.id === id)
+        if (task) task.status = 'ready'
+      }
+      await Promise.all([fetchStats(), fetchBoards()])
+    }
+  }
+
+  async function assignTask(taskId: string, profile: string) {
+    const board = selectedBoard.value
+    await kanbanApi.assignTask(taskId, profile, { board })
+    if (board === selectedBoard.value) {
+      const task = tasks.value.find(t => t.id === taskId)
+      if (task) task.assignee = profile
+      await Promise.all([fetchStats(), fetchAssignees()])
+    }
+  }
+
+  async function addComment(taskId: string, body: string, author?: string) {
+    assertCapability('commentsWrite')
+    return kanbanApi.addComment(taskId, { body, author }, { board: selectedBoard.value })
+  }
+
+  async function linkTasks(parentId: string, childId: string) {
+    assertCapability('links')
+    const board = selectedBoard.value
+    const result = await kanbanApi.linkTasks({ parent_id: parentId, child_id: childId }, { board })
+    if (board === selectedBoard.value) await Promise.all([fetchTasks(true), fetchStats(), fetchBoards()])
+    return result
+  }
+
+  async function unlinkTasks(parentId: string, childId: string) {
+    assertCapability('links')
+    const board = selectedBoard.value
+    const result = await kanbanApi.unlinkTasks({ parent_id: parentId, child_id: childId }, { board })
+    if (board === selectedBoard.value) await Promise.all([fetchTasks(true), fetchStats(), fetchBoards()])
+    return result
+  }
+
+  async function bulkUpdateTasks(data: Omit<KanbanBulkUpdateRequest, 'ids'> & { ids: string[] }) {
+    assertCapabilityStatus('bulk', ['supported', 'partial'])
+    const board = selectedBoard.value
+    const result = await kanbanApi.bulkUpdateTasks(data, { board })
+    if (board === selectedBoard.value) await Promise.all([fetchTasks(true), fetchStats(), fetchBoards(), fetchAssignees()])
+    return result
+  }
+
+  async function getTaskLog(taskId: string, tail?: number) {
+    assertCapability('taskLog')
+    return kanbanApi.getTaskLog(taskId, { board: selectedBoard.value, tail })
+  }
+
+  async function getDiagnostics(opts: Omit<KanbanDiagnosticsOptions, 'board'> = {}) {
+    assertCapability('diagnostics')
+    return kanbanApi.getDiagnostics({ ...opts, board: selectedBoard.value })
+  }
+
+  async function reclaimTask(taskId: string, reason?: string) {
+    assertCapability('reclaim')
+    const board = selectedBoard.value
+    const result = await kanbanApi.reclaimTask(taskId, { board, reason })
+    if (board === selectedBoard.value) await Promise.all([fetchTasks(true), fetchStats(), fetchBoards()])
+    return result
+  }
+
+  async function reassignTask(taskId: string, profile: string, opts: { reclaim?: boolean; reason?: string } = {}) {
+    assertCapability('reassign')
+    const board = selectedBoard.value
+    const result = await kanbanApi.reassignTask(taskId, profile, { board, ...opts })
+    if (board === selectedBoard.value) {
+      const task = tasks.value.find(t => t.id === taskId)
+      if (task) task.assignee = profile === 'none' ? null : profile
+      await Promise.all([fetchStats(), fetchAssignees()])
+    }
+    return result
+  }
+
+  async function specifyTask(taskId: string, author?: string) {
+    assertCapability('specify')
+    const board = selectedBoard.value
+    const result = await kanbanApi.specifyTask(taskId, { board, author })
+    if (board === selectedBoard.value) await Promise.all([fetchTasks(true), fetchStats(), fetchBoards()])
+    return result
+  }
+
+  async function dispatch(opts: Omit<KanbanDispatchOptions, 'board'> = {}) {
+    assertCapability('dispatch')
+    const board = selectedBoard.value
+    const result = await kanbanApi.dispatch({ ...opts, board })
+    if (board === selectedBoard.value) await Promise.all([fetchTasks(true), fetchStats(), fetchBoards()])
+    return result
+  }
+
+  function setFilter(key: 'status' | 'assignee', value: string | null) {
+    if (key === 'status') filterStatus.value = value
+    else filterAssignee.value = value
+  }
+
+  async function refreshAll() {
+    await Promise.all([fetchBoards(), fetchTasks(), fetchStats(), fetchAssignees()])
+  }
+
+  return {
+    tasks,
+    stats,
+    assignees,
+    boards,
+    capabilities,
+    activeBoards,
+    isCapabilitySupported,
+    loading,
+    boardsLoading,
+    boardWarning,
+    selectedBoard,
+    filterStatus,
+    filterAssignee,
+    fetchBoards,
+    fetchCapabilities,
+    fetchTasks,
+    fetchStats,
+    fetchAssignees,
+    createTask,
+    createBoard,
+    archiveSelectedBoard,
+    completeTasks,
+    blockTask,
+    unblockTasks,
+    assignTask,
+    addComment,
+    linkTasks,
+    unlinkTasks,
+    bulkUpdateTasks,
+    getTaskLog,
+    getDiagnostics,
+    reclaimTask,
+    reassignTask,
+    specifyTask,
+    dispatch,
+    setFilter,
+    setSelectedBoard,
+    startEventStream,
+    stopEventStream,
+    recoverSelectedBoard,
+    resolveAvailableBoard,
+    clearBoardScopedState,
+    refreshAll,
+  }
+})
diff --git a/packages/client/src/stores/hermes/models.ts b/packages/client/src/stores/hermes/models.ts
new file mode 100644
index 0000000..1cad742
--- /dev/null
+++ b/packages/client/src/stores/hermes/models.ts
@@ -0,0 +1,87 @@
+import { defineStore } from 'pinia'
+import { ref, computed } from 'vue'
+import * as systemApi from '@/api/hermes/system'
+import type { AvailableModelGroup, CustomProvider } from '@/api/hermes/system'
+import { hasApiKey } from '@/api/client'
+import { useAppStore } from './app'
+import { useProfilesStore } from './profiles'
+
+export const useModelsStore = defineStore('models', () => {
+  const providers = ref<AvailableModelGroup[]>([])
+  const allProviders = ref<AvailableModelGroup[]>([])
+  const defaultModel = ref('')
+  const defaultProvider = ref('')
+  const loading = ref(false)
+
+  const customProviders = computed(() =>
+    providers.value.filter(g => g.provider.startsWith('custom:')),
+  )
+
+  const builtinProviders = computed(() =>
+    providers.value.filter(g => !g.provider.startsWith('custom:')),
+  )
+
+  const allModels = computed(() =>
+    providers.value.flatMap(g =>
+      g.models.map(m => ({
+        id: m,
+        provider: g.provider,
+        label: g.label,
+        base_url: g.base_url,
+        isDefault: m === defaultModel.value && g.provider === defaultProvider.value,
+      })),
+    ),
+  )
+
+  async function fetchProviders() {
+    if (!hasApiKey()) return
+    loading.value = true
+    try {
+      const profile = useProfilesStore().activeProfileName || 'default'
+      const res = await systemApi.fetchAvailableModelsForProfile(profile)
+      providers.value = res.groups
+      allProviders.value = res.allProviders
+      defaultModel.value = res.default
+      defaultProvider.value = res.default_provider || ''
+    } catch (err) {
+      console.error('Failed to fetch providers:', err)
+    } finally {
+      loading.value = false
+    }
+  }
+
+  async function setDefaultModel(modelId: string, provider: string) {
+    await systemApi.updateDefaultModel({ default: modelId, provider })
+    defaultModel.value = modelId
+    defaultProvider.value = provider
+    const appStore = useAppStore()
+    appStore.reloadModels()
+  }
+
+  async function addProvider(data: CustomProvider) {
+    await systemApi.addCustomProvider(data)
+    await fetchProviders()
+    await useAppStore().reloadModels()
+  }
+
+  async function removeProvider(name: string) {
+    await systemApi.removeCustomProvider(name)
+    await fetchProviders()
+    await useAppStore().reloadModels()
+  }
+
+  return {
+    providers,
+    allProviders,
+    defaultModel,
+    defaultProvider,
+    loading,
+    customProviders,
+    builtinProviders,
+    allModels,
+    fetchProviders,
+    setDefaultModel,
+    addProvider,
+    removeProvider,
+  }
+})
diff --git a/packages/client/src/stores/hermes/profiles.ts b/packages/client/src/stores/hermes/profiles.ts
new file mode 100644
index 0000000..0f51c9e
--- /dev/null
+++ b/packages/client/src/stores/hermes/profiles.ts
@@ -0,0 +1,192 @@
+import { defineStore } from 'pinia'
+import { ref } from 'vue'
+import * as profilesApi from '@/api/hermes/profiles'
+import type { HermesProfile, HermesProfileDetail } from '@/api/hermes/profiles'
+import { useAppStore } from './app'
+
+const ACTIVE_PROFILE_STORAGE_KEY = 'hermes_active_profile_name'
+
+export const useProfilesStore = defineStore('profiles', () => {
+  const profiles = ref<HermesProfile[]>([])
+  // 初始化时同步读 localStorage，确保其他 store（如 chat）在启动时能拿到 profile name
+  const activeProfileName = ref<string | null>(localStorage.getItem(ACTIVE_PROFILE_STORAGE_KEY))
+  const activeProfile = ref<HermesProfile | null>(null)
+  const detailMap = ref<Record<string, HermesProfileDetail>>({})
+  const loading = ref(false)
+  const switching = ref(false)
+
+  async function fetchProfiles() {
+    loading.value = true
+    try {
+      profiles.value = await profilesApi.fetchProfiles()
+      const storedName = activeProfileName.value || localStorage.getItem(ACTIVE_PROFILE_STORAGE_KEY)
+      let selected = profiles.value.find(p => p.name === storedName) ?? null
+      if (!selected && profiles.value.length > 0) {
+        selected = profiles.value[0]
+        activeProfileName.value = selected.name
+        localStorage.setItem(ACTIVE_PROFILE_STORAGE_KEY, selected.name)
+      }
+      profiles.value = profiles.value.map(profile => ({
+        ...profile,
+        active: !!selected && profile.name === selected.name,
+      }))
+      activeProfile.value = selected
+      if (selected) {
+        activeProfileName.value = selected.name
+      } else {
+        activeProfileName.value = null
+        localStorage.removeItem(ACTIVE_PROFILE_STORAGE_KEY)
+      }
+      // 清理所有会话缓存（不再使用 localStorage 缓存）
+      clearAllSessionCaches()
+    } catch (err) {
+      console.error('Failed to fetch profiles:', err)
+    } finally {
+      loading.value = false
+    }
+  }
+
+  async function fetchHermesProfiles() {
+    loading.value = true
+    try {
+      profiles.value = await profilesApi.fetchProfiles()
+      activeProfile.value = profiles.value.find(profile => profile.active) ?? null
+      clearAllSessionCaches()
+    } catch (err) {
+      console.error('Failed to fetch Hermes profiles:', err)
+    } finally {
+      loading.value = false
+    }
+  }
+
+  async function fetchProfileDetail(name: string) {
+    if (detailMap.value[name]) return detailMap.value[name]
+    try {
+      const detail = await profilesApi.fetchProfileDetail(name)
+      detailMap.value[name] = detail
+      return detail
+    } catch {
+      return null
+    }
+  }
+
+  async function updateAvatar(name: string, avatar: profilesApi.ProfileAvatar) {
+    const saved = await profilesApi.updateProfileAvatar(name, avatar)
+    profiles.value = profiles.value.map(profile => (
+      profile.name === name ? { ...profile, avatar: saved } : profile
+    ))
+    if (detailMap.value[name]) {
+      detailMap.value[name] = { ...detailMap.value[name], avatar: saved }
+    }
+    if (activeProfile.value?.name === name) {
+      activeProfile.value = { ...activeProfile.value, avatar: saved }
+    }
+    return saved
+  }
+
+  async function deleteAvatar(name: string) {
+    await profilesApi.deleteProfileAvatar(name)
+    profiles.value = profiles.value.map(profile => (
+      profile.name === name ? { ...profile, avatar: null } : profile
+    ))
+    if (detailMap.value[name]) {
+      detailMap.value[name] = { ...detailMap.value[name], avatar: null }
+    }
+    if (activeProfile.value?.name === name) {
+      activeProfile.value = { ...activeProfile.value, avatar: null }
+    }
+  }
+
+  async function createProfile(name: string, clone?: boolean) {
+    const res = await profilesApi.createProfile(name, clone)
+    if (res.success) await fetchProfiles()
+    return res
+  }
+
+  async function deleteProfile(name: string) {
+    const ok = await profilesApi.deleteProfile(name)
+    if (ok) {
+      delete detailMap.value[name]
+      await fetchProfiles()
+    }
+    return ok
+  }
+
+  // 清理所有 profile 的会话缓存
+  function clearAllSessionCaches() {
+    // 注意：不再清理任何缓存，因为已经不再使用 localStorage 缓存会话数据
+    // 所有会话数据都从服务器实时获取
+  }
+
+  async function renameProfile(name: string, newName: string) {
+    const ok = await profilesApi.renameProfile(name, newName)
+    if (ok) {
+      delete detailMap.value[name]
+      await fetchProfiles()
+    }
+    return ok
+  }
+
+  async function switchProfile(name: string) {
+    switching.value = true
+    try {
+      const ok = await profilesApi.switchProfile(name)
+      if (ok) {
+        activeProfileName.value = name
+        localStorage.setItem(ACTIVE_PROFILE_STORAGE_KEY, name)
+        profiles.value = profiles.value.map(profile => ({
+          ...profile,
+          active: profile.name === name,
+        }))
+        activeProfile.value = profiles.value.find(profile => profile.name === name) ?? null
+        await useAppStore().reloadModels()
+      }
+      return ok
+    } finally {
+      switching.value = false
+    }
+  }
+
+  async function switchHermesProfile(name: string) {
+    switching.value = true
+    try {
+      const ok = await profilesApi.switchHermesProfile(name)
+      if (ok) await fetchHermesProfiles()
+      return ok
+    } finally {
+      switching.value = false
+    }
+  }
+
+  async function exportProfile(name: string) {
+    return profilesApi.exportProfile(name)
+  }
+
+  async function importProfile(file: File) {
+    const ok = await profilesApi.importProfile(file)
+    if (ok) await fetchProfiles()
+    return ok
+  }
+
+  return {
+    profiles,
+    activeProfile,
+    activeProfileName,
+    detailMap,
+    loading,
+    switching,
+    fetchProfiles,
+    fetchHermesProfiles,
+    fetchProfileDetail,
+    createProfile,
+    deleteProfile,
+    renameProfile,
+    switchProfile,
+    switchHermesProfile,
+    exportProfile,
+    importProfile,
+    updateAvatar,
+    deleteAvatar,
+    clearAllSessionCaches,
+  }
+})
diff --git a/packages/client/src/stores/hermes/session-browser-prefs.ts b/packages/client/src/stores/hermes/session-browser-prefs.ts
new file mode 100644
index 0000000..1af3276
--- /dev/null
+++ b/packages/client/src/stores/hermes/session-browser-prefs.ts
@@ -0,0 +1,117 @@
+import { defineStore } from 'pinia'
+import { ref, watch } from 'vue'
+import { useProfilesStore } from './profiles'
+
+const PIN_KEY_PREFIX = 'hermes_session_pins_v1_'
+const HUMAN_ONLY_KEY_PREFIX = 'hermes_human_only_v1_'
+
+function currentProfileName(): string {
+  try {
+    return useProfilesStore().activeProfileName || 'default'
+  } catch {
+    // Fallback during store initialization
+    return localStorage.getItem('hermes_active_profile_name') || 'default'
+  }
+}
+
+function pinsKey(profileName: string): string {
+  return `${PIN_KEY_PREFIX}${profileName}`
+}
+
+function humanOnlyKey(profileName: string): string {
+  return `${HUMAN_ONLY_KEY_PREFIX}${profileName}`
+}
+
+function loadJson<T>(key: string, fallback: T): T {
+  try {
+    const raw = localStorage.getItem(key)
+    return raw ? JSON.parse(raw) as T : fallback
+  } catch {
+    return fallback
+  }
+}
+
+function saveJson(key: string, value: unknown) {
+  try {
+    localStorage.setItem(key, JSON.stringify(value))
+  } catch {
+    // ignore quota/storage errors — fall back to in-memory only
+  }
+}
+
+function sameIds(a: string[], b: string[]): boolean {
+  return a.length === b.length && a.every((value, index) => value === b[index])
+}
+
+export const useSessionBrowserPrefsStore = defineStore('session-browser-prefs', () => {
+  const profileName = ref(currentProfileName())
+  const pinnedIds = ref<string[]>(loadJson<string[]>(pinsKey(profileName.value), []))
+  const humanOnly = ref<boolean>(loadJson<boolean>(humanOnlyKey(profileName.value), true))
+
+  function reload() {
+    profileName.value = currentProfileName()
+    pinnedIds.value = loadJson<string[]>(pinsKey(profileName.value), [])
+    humanOnly.value = loadJson<boolean>(humanOnlyKey(profileName.value), true)
+  }
+
+  function persistPins() {
+    saveJson(pinsKey(profileName.value), pinnedIds.value)
+  }
+
+  function persistHumanOnly() {
+    saveJson(humanOnlyKey(profileName.value), humanOnly.value)
+  }
+
+  function isPinned(sessionId: string): boolean {
+    return pinnedIds.value.includes(sessionId)
+  }
+
+  function togglePinned(sessionId: string) {
+    if (isPinned(sessionId)) {
+      pinnedIds.value = pinnedIds.value.filter(id => id !== sessionId)
+    } else {
+      pinnedIds.value = [...pinnedIds.value, sessionId]
+    }
+    persistPins()
+  }
+
+  function removePinned(sessionId: string): boolean {
+    if (!isPinned(sessionId)) return false
+    pinnedIds.value = pinnedIds.value.filter(id => id !== sessionId)
+    persistPins()
+    return true
+  }
+
+  function setHumanOnly(value: boolean) {
+    if (humanOnly.value === value) return
+    humanOnly.value = value
+    persistHumanOnly()
+  }
+
+  function pruneMissingSessions(existingIds: string[]): boolean {
+    if (existingIds.length === 0) return false
+    const existing = new Set(existingIds)
+    const nextPinnedIds = pinnedIds.value.filter(id => existing.has(id))
+    if (sameIds(nextPinnedIds, pinnedIds.value)) return false
+    pinnedIds.value = nextPinnedIds
+    persistPins()
+    return true
+  }
+
+  watch(
+    () => useProfilesStore().activeProfileName,
+    () => reload(),
+  )
+
+  return {
+    profileName,
+    pinnedIds,
+    humanOnly,
+    reload,
+    isPinned,
+    togglePinned,
+    removePinned,
+    setHumanOnly,
+    pruneMissingSessions,
+  }
+})
diff --git a/packages/client/src/stores/hermes/settings.ts b/packages/client/src/stores/hermes/settings.ts
new file mode 100644
index 0000000..95f6d56
--- /dev/null
+++ b/packages/client/src/stores/hermes/settings.ts
@@ -0,0 +1,133 @@
+import { defineStore } from 'pinia'
+import { ref } from 'vue'
+import * as configApi from '@/api/hermes/config'
+import type { DisplayConfig, AgentConfig, MemoryConfig, CompressionConfig, SessionResetConfig, PrivacyConfig, ApprovalConfig } from '@/api/hermes/config'
+
+export const useSettingsStore = defineStore('settings', () => {
+  const loading = ref(false)
+  const saving = ref(false)
+
+  const display = ref<DisplayConfig>({})
+  const agent = ref<AgentConfig>({})
+  const memory = ref<MemoryConfig>({})
+  const compression = ref<CompressionConfig>({})
+  const sessionReset = ref<SessionResetConfig>({})
+  const privacy = ref<PrivacyConfig>({})
+  const approvals = ref<ApprovalConfig>({})
+  const telegram = ref<Record<string, any>>({})
+  const discord = ref<Record<string, any>>({})
+  const slack = ref<Record<string, any>>({})
+  const whatsapp = ref<Record<string, any>>({})
+  const matrix = ref<Record<string, any>>({})
+  const wecom = ref<Record<string, any>>({})
+  const feishu = ref<Record<string, any>>({})
+  const dingtalk = ref<Record<string, any>>({})
+  const qqbot = ref<Record<string, any>>({})
+  const weixin = ref<Record<string, any>>({})
+  const platforms = ref<Record<string, any>>({})
+
+  async function fetchSettings() {
+    loading.value = true
+    try {
+      const data = await configApi.fetchConfig()
+      display.value = data.display || {}
+      agent.value = data.agent || {}
+      memory.value = data.memory || {}
+      compression.value = data.compression || {}
+      sessionReset.value = data.session_reset || {}
+      privacy.value = data.privacy || {}
+      approvals.value = data.approvals || {}
+      telegram.value = data.telegram || {}
+      discord.value = data.discord || {}
+      slack.value = data.slack || {}
+      whatsapp.value = data.whatsapp || {}
+      matrix.value = data.matrix || {}
+      wecom.value = data.wecom || {}
+      feishu.value = data.feishu || {}
+      dingtalk.value = data.dingtalk || {}
+      qqbot.value = data.qqbot || {}
+      weixin.value = data.weixin || {}
+      platforms.value = data.platforms || {}
+    } catch (err) {
+      console.error('Failed to fetch settings:', err)
+    } finally {
+      loading.value = false
+    }
+  }
+
+  function updateLocal(section: string, values: Record<string, any>) {
+    switch (section) {
+      case 'display': display.value = { ...display.value, ...values }; break
+      case 'agent': agent.value = { ...agent.value, ...values }; break
+      case 'memory': memory.value = { ...memory.value, ...values }; break
+      case 'compression': compression.value = { ...compression.value, ...values }; break
+      case 'session_reset': sessionReset.value = { ...sessionReset.value, ...values }; break
+      case 'privacy': privacy.value = { ...privacy.value, ...values }; break
+      case 'approvals': approvals.value = { ...approvals.value, ...values }; break
+      case 'telegram': telegram.value = { ...telegram.value, ...values }; break
+      case 'discord': discord.value = { ...discord.value, ...values }; break
+      case 'slack': slack.value = { ...slack.value, ...values }; break
+      case 'whatsapp': whatsapp.value = { ...whatsapp.value, ...values }; break
+      case 'matrix': matrix.value = { ...matrix.value, ...values }; break
+      case 'wecom': wecom.value = { ...wecom.value, ...values }; break
+      case 'feishu': feishu.value = { ...feishu.value, ...values }; break
+      case 'dingtalk': dingtalk.value = { ...dingtalk.value, ...values }; break
+      case 'qqbot': qqbot.value = { ...qqbot.value, ...values }; break
+      case 'weixin': weixin.value = { ...weixin.value, ...values }; break
+      case 'platforms': {
+        for (const [key, val] of Object.entries(values)) {
+          platforms.value = {
+            ...platforms.value,
+            [key]: { ...(platforms.value[key] || {}), ...(val as Record<string, any>) },
+          }
+        }
+        break
+      }
+    }
+  }
+
+  async function saveSection(section: string, values: Record<string, any>, options?: { restart?: boolean }) {
+    saving.value = true
+    try {
+      await configApi.updateConfigSection(section, values, options)
+    switch (section) {
+      case 'display': display.value = { ...display.value, ...values }; break
+      case 'agent': agent.value = { ...agent.value, ...values }; break
+      case 'memory': memory.value = { ...memory.value, ...values }; break
+      case 'compression': compression.value = { ...compression.value, ...values }; break
+      case 'session_reset': sessionReset.value = { ...sessionReset.value, ...values }; break
+      case 'privacy': privacy.value = { ...privacy.value, ...values }; break
+      case 'approvals': approvals.value = { ...approvals.value, ...values }; break
+      case 'telegram': telegram.value = { ...telegram.value, ...values }; break
+      case 'discord': discord.value = { ...discord.value, ...values }; break
+      case 'slack': slack.value = { ...slack.value, ...values }; break
+      case 'whatsapp': whatsapp.value = { ...whatsapp.value, ...values }; break
+      case 'matrix': matrix.value = { ...matrix.value, ...values }; break
+      case 'wechat': case 'wecom': wecom.value = { ...wecom.value, ...values }; break
+      case 'feishu': feishu.value = { ...feishu.value, ...values }; break
+      case 'dingtalk': dingtalk.value = { ...dingtalk.value, ...values }; break
+      case 'qqbot': qqbot.value = { ...qqbot.value, ...values }; break
+      case 'weixin': weixin.value = { ...weixin.value, ...values }; break
+      case 'platforms': {
+        // Deep-merge each platform's credentials
+        for (const [key, val] of Object.entries(values)) {
+          platforms.value = {
+            ...platforms.value,
+            [key]: { ...(platforms.value[key] || {}), ...(val as Record<string, any>) },
+          }
+        }
+        break
+      }
+    }
+    } finally {
+      saving.value = false
+    }
+  }
+
+  return {
+    loading, saving,
+    display, agent, memory, compression, sessionReset, privacy, approvals,
+    telegram, discord, slack, whatsapp, matrix, wecom, feishu, dingtalk, qqbot, weixin, platforms,
+    fetchSettings, saveSection, updateLocal,
+  }
+})
diff --git a/packages/client/src/stores/hermes/usage.ts b/packages/client/src/stores/hermes/usage.ts
new file mode 100644
index 0000000..f1f78ec
--- /dev/null
+++ b/packages/client/src/stores/hermes/usage.ts
@@ -0,0 +1,177 @@
+import { fetchUsageStats, type UsageStatsResponse } from '@/api/hermes/sessions'
+import { defineStore } from 'pinia'
+import { computed, ref } from 'vue'
+
+interface DailyUsage {
+  date: string
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  sessions: number
+  errors: number
+  cost: number
+  visualTokens: number
+  inputPercent: number
+  outputPercent: number
+  cachePercent: number
+}
+
+interface ModelUsage {
+  model: string
+  inputTokens: number
+  outputTokens: number
+  cacheTokens: number
+  cacheWriteTokens: number
+  totalTokens: number
+  visualTokens: number
+  sessions: number
+  color: string
+  inputPercent: number
+  outputPercent: number
+  cachePercent: number
+}
+
+const MODEL_COLORS = [
+  '#4fd1c5',
+  '#63b3ed',
+  '#f6ad55',
+  '#b794f4',
+  '#68d391',
+  '#fc8181',
+  '#f687b3',
+  '#90cdf4',
+  '#fbd38d',
+  '#9ae6b4',
+]
+
+function normalizeModel(model: string | null | undefined): string {
+  const trimmed = (model || '').trim()
+  return trimmed || 'unknown'
+}
+
+function percent(part: number, total: number): number {
+  if (total <= 0) return 0
+  return part / total * 100
+}
+
+function getModelColor(model: string): string {
+  const normalized = normalizeModel(model)
+  let hash = 0
+  for (let i = 0; i < normalized.length; i += 1) {
+    hash = ((hash << 5) - hash) + normalized.charCodeAt(i)
+    hash |= 0
+  }
+  return MODEL_COLORS[Math.abs(hash) % MODEL_COLORS.length]
+}
+
+export const useUsageStore = defineStore('usage', () => {
+  const stats = ref<UsageStatsResponse | null>(null)
+  const isLoading = ref(false)
+  let latestRequestId = 0
+
+  async function loadSessions(days = 30) {
+    const requestId = ++latestRequestId
+    isLoading.value = true
+    try {
+      const response = await fetchUsageStats(days)
+      if (requestId === latestRequestId) {
+        stats.value = response
+      }
+    } catch (err) {
+      if (requestId === latestRequestId) {
+        console.error('Failed to load usage stats:', err)
+      }
+    } finally {
+      if (requestId === latestRequestId) {
+        isLoading.value = false
+      }
+    }
+  }
+
+  const hasData = computed(() => !!stats.value && stats.value.total_sessions > 0)
+
+  const totalInputTokens = computed(() => stats.value?.total_input_tokens ?? 0)
+  const totalOutputTokens = computed(() => stats.value?.total_output_tokens ?? 0)
+  const totalTokens = computed(() => totalInputTokens.value + totalOutputTokens.value)
+  const totalSessions = computed(() => stats.value?.total_sessions ?? 0)
+
+  const totalCacheTokens = computed(() => stats.value?.total_cache_read_tokens ?? 0)
+
+  const cacheHitRate = computed(() => {
+    const total = totalInputTokens.value + totalCacheTokens.value
+    if (total === 0) return null
+    return ((totalCacheTokens.value / total) * 100)
+  })
+
+  const estimatedCost = computed(() => stats.value?.total_cost ?? 0)
+
+  const modelUsage = computed<ModelUsage[]>(() => {
+    if (!stats.value) return []
+    return stats.value.model_usage.map(m => {
+      const model = normalizeModel(m.model)
+      const totalTokens = m.input_tokens + m.output_tokens
+      const visualTokens = totalTokens + m.cache_read_tokens
+      return {
+        model,
+        inputTokens: m.input_tokens,
+        outputTokens: m.output_tokens,
+        cacheTokens: m.cache_read_tokens,
+        cacheWriteTokens: m.cache_write_tokens,
+        totalTokens,
+        visualTokens,
+        sessions: m.sessions,
+        color: getModelColor(model),
+        inputPercent: percent(m.input_tokens, visualTokens),
+        outputPercent: percent(m.output_tokens, visualTokens),
+        cachePercent: percent(m.cache_read_tokens, visualTokens),
+      }
+    }).sort((a, b) => b.visualTokens - a.visualTokens)
+  })
+
+  const modelLegend = computed(() => {
+    const seen = new Set<string>()
+    return modelUsage.value.filter(m => {
+      if (seen.has(m.model)) return false
+      seen.add(m.model)
+      return true
+    }).map(m => ({ model: m.model, color: m.color }))
+  })
+
+  const dailyUsage = computed<DailyUsage[]>(() => (stats.value?.daily_usage ?? []).map(d => {
+    const visualTokens = d.input_tokens + d.output_tokens + d.cache_read_tokens
+    return {
+      ...d,
+      visualTokens,
+      inputPercent: percent(d.input_tokens, visualTokens),
+      outputPercent: percent(d.output_tokens, visualTokens),
+      cachePercent: percent(d.cache_read_tokens, visualTokens),
+    }
+  }))
+
+  const avgSessionsPerDay = computed(() => {
+    if (!stats.value || stats.value.daily_usage.length === 0) return 0
+    const daysWithActivity = stats.value.daily_usage.filter(d => d.sessions > 0).length
+    const days = Math.max(1, daysWithActivity)
+    return totalSessions.value / days
+  })
+
+  return {
+    stats,
+    isLoading,
+    hasData,
+    loadSessions,
+    totalInputTokens,
+    totalOutputTokens,
+    totalTokens,
+    totalSessions,
+    totalCacheTokens,
+    cacheHitRate,
+    estimatedCost,
+    modelUsage,
+    modelLegend,
+    dailyUsage,
+    avgSessionsPerDay,
+    getModelColor,
+  }
+})
diff --git a/packages/client/src/styles/code-block.scss b/packages/client/src/styles/code-block.scss
new file mode 100644
index 0000000..5138436
--- /dev/null
+++ b/packages/client/src/styles/code-block.scss
@@ -0,0 +1,170 @@
+@use 'variables' as *;
+
+// Shared code-block styles used by markdown rendering and tool payload details.
+// Keep these global so v-html output in both MarkdownRenderer.vue and MessageItem.vue
+// stays styled even though the HTML is not compiled as Vue template content.
+
+.hljs-code-block {
+  margin: 8px 0;
+  border-radius: $radius-sm;
+  overflow: hidden;
+  background: $code-bg;
+  border: 1px solid $border-color;
+
+  .code-header {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: 6px 12px;
+    background: rgba(0, 0, 0, 0.03);
+    border-bottom: 1px solid $border-color;
+
+    .code-lang {
+      font-size: 11px;
+      color: $text-muted;
+      text-transform: uppercase;
+    }
+
+    .copy-btn {
+      font-size: 11px;
+      color: $text-muted;
+      background: none;
+      border: none;
+      cursor: pointer;
+      padding: 2px 6px;
+      border-radius: 3px;
+      transition: all $transition-fast;
+
+      &:hover {
+        color: $text-primary;
+        background: rgba(0, 0, 0, 0.05);
+      }
+    }
+  }
+
+  code.hljs {
+    display: block;
+    padding: 12px;
+    font-family: $font-code;
+    font-size: 13px;
+    line-height: 1.5;
+    overflow-x: auto;
+  }
+}
+
+// highlight.js theme override — higher-contrast, still calm
+.hljs-code-block {
+  .hljs {
+    color: #1f2937;
+    background: none;
+  }
+
+  .hljs-keyword,
+  .hljs-selector-tag,
+  .hljs-meta .hljs-keyword {
+    color: #2563eb;
+    font-weight: 600;
+  }
+
+  .hljs-string,
+  .hljs-attr,
+  .hljs-regexp,
+  .hljs-template-variable {
+    color: #0f766e;
+  }
+
+  .hljs-number,
+  .hljs-literal,
+  .hljs-symbol,
+  .hljs-bullet {
+    color: #b45309;
+  }
+
+  .hljs-comment,
+  .hljs-quote {
+    color: #6b7280;
+    font-style: italic;
+  }
+
+  .hljs-built_in,
+  .hljs-title.class_,
+  .hljs-title.function_ {
+    color: #2563eb;
+  }
+
+  .hljs-type,
+  .hljs-variable,
+  .hljs-property,
+  .hljs-params {
+    color: #b91c1c;
+  }
+
+  .hljs-tag,
+  .hljs-name,
+  .hljs-section,
+  .hljs-title {
+    color: #1f2937;
+  }
+
+  .hljs-meta {
+    color: #6b7280;
+  }
+}
+
+// Dark mode highlight.js — clearer separation without neon
+.dark .hljs-code-block {
+  .hljs {
+    color: #e5e7eb;
+  }
+
+  .hljs-keyword,
+  .hljs-selector-tag,
+  .hljs-meta .hljs-keyword {
+    color: #c084fc;
+    font-weight: 600;
+  }
+
+  .hljs-string,
+  .hljs-attr,
+  .hljs-regexp,
+  .hljs-template-variable {
+    color: #5eead4;
+  }
+
+  .hljs-number,
+  .hljs-literal,
+  .hljs-symbol,
+  .hljs-bullet {
+    color: #fbbf24;
+  }
+
+  .hljs-comment,
+  .hljs-quote {
+    color: #94a3b8;
+    font-style: italic;
+  }
+
+  .hljs-built_in,
+  .hljs-title.class_,
+  .hljs-title.function_ {
+    color: #93c5fd;
+  }
+
+  .hljs-type,
+  .hljs-variable,
+  .hljs-property,
+  .hljs-params {
+    color: #fca5a5;
+  }
+
+  .hljs-tag,
+  .hljs-name,
+  .hljs-section,
+  .hljs-title {
+    color: #f3f4f6;
+  }
+
+  .hljs-meta {
+    color: #94a3b8;
+  }
+}
diff --git a/packages/client/src/styles/global.scss b/packages/client/src/styles/global.scss
new file mode 100644
index 0000000..ade7419
--- /dev/null
+++ b/packages/client/src/styles/global.scss
@@ -0,0 +1,229 @@
+@use 'variables' as *;
+@use 'code-block';
+
+@font-face {
+  font-family: 'Comic Neue';
+  font-style: normal;
+  font-weight: 400;
+  font-display: swap;
+  src: url('/fonts/ComicNeue-Bold.ttf') format('truetype');
+}
+
+@font-face {
+  font-family: 'ZCOOL KuaiLe';
+  font-style: normal;
+  font-weight: 400;
+  font-display: swap;
+  src: url('/fonts/ZCOOLKuaiLe-Regular.ttf') format('truetype');
+}
+
+@font-face {
+  font-family: 'Zen Maru Gothic';
+  font-style: normal;
+  font-weight: 400;
+  font-display: swap;
+  src: url('/fonts/ZenMaruGothic-Regular.ttf') format('truetype');
+}
+
+@font-face {
+  font-family: 'Zen Maru Gothic';
+  font-style: normal;
+  font-weight: 700;
+  font-display: swap;
+  src: url('/fonts/ZenMaruGothic-Bold.ttf') format('truetype');
+}
+
+@font-face {
+  font-family: 'Gaegu';
+  font-style: normal;
+  font-weight: 400;
+  font-display: swap;
+  src: url('/fonts/Gaegu-Regular.ttf') format('truetype');
+}
+
+@font-face {
+  font-family: 'Gaegu';
+  font-style: normal;
+  font-weight: 700;
+  font-display: swap;
+  src: url('/fonts/Gaegu-Bold.ttf') format('truetype');
+}
+
+*,
+*::before,
+*::after {
+  margin: 0;
+  padding: 0;
+  box-sizing: border-box;
+}
+
+button,
+input,
+select,
+textarea {
+  font-family: inherit;
+}
+
+:root {
+  --vh: 1vh;
+}
+
+// Fix mobile viewport height (address bar)
+@supports (height: 100dvh) {
+  :root {
+    --vh: 1dvh;
+  }
+}
+
+// Theme transition (applied programmatically on toggle, not on load)
+html.theme-transitioning,
+html.theme-transitioning *,
+html.theme-transitioning *::before,
+html.theme-transitioning *::after {
+  transition: background-color 0.3s ease, color 0.3s ease, border-color 0.3s ease,
+              box-shadow 0.3s ease, fill 0.3s ease, stroke 0.3s ease !important;
+}
+
+html, body {
+  position: fixed;
+  top: 0;
+  left: 0;
+  width: 100%;
+  height: 100%;
+  overflow: hidden;
+}
+
+#app {
+  height: 100%;
+  width: 100%;
+  overflow: hidden;
+}
+
+body {
+  font-family: $font-ui;
+  background-color: $bg-primary;
+  color: $text-primary;
+  font-size: 14px;
+  line-height: 1.6;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+
+
+code, pre, .mono {
+  font-family: $font-code;
+}
+
+a {
+  color: $accent-primary;
+  text-decoration: none;
+
+  &:hover {
+    color: $accent-hover;
+  }
+}
+
+::-webkit-scrollbar {
+  width: 6px;
+  height: 6px;
+}
+
+::-webkit-scrollbar-track {
+  background: transparent;
+}
+
+::-webkit-scrollbar-thumb {
+  background: $border-color;
+  border-radius: 3px;
+
+  &:hover {
+    background: $text-muted;
+  }
+}
+
+::selection {
+  background: rgba(var(--accent-primary-rgb), 0.3);
+}
+
+// Shared page header
+.page-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 21px 20px;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+}
+
+.header-title {
+  font-size: 16px;
+  font-weight: 600;
+  color: $text-primary;
+}
+
+// Responsive utility classes for inline width replacement
+.input-sm { width: 90px; }
+.input-md { width: 200px; }
+.input-lg { width: 300px; }
+
+// Mobile drawer backdrop
+.mobile-backdrop {
+  display: none;
+  position: fixed;
+  inset: 0;
+  background: rgba(0, 0, 0, 0.4);
+  z-index: 999;
+}
+
+// Hamburger button (mobile only)
+.hamburger-btn {
+  display: none;
+  position: fixed;
+  top: 10px;
+  left: 12px;
+  z-index: 99;
+  width: 36px;
+  height: 36px;
+  border: none;
+  background: $bg-card;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  align-items: center;
+  justify-content: center;
+  box-shadow: 0 1px 4px rgba(0, 0, 0, 0.1);
+}
+
+// Mobile responsive
+@media (max-width: $breakpoint-mobile) {
+  .mobile-backdrop {
+    display: block;
+  }
+
+  .hamburger-btn {
+    display: flex;
+  }
+
+  .page-header {
+    padding: 16px 12px 16px 52px !important;
+  }
+
+  .input-sm,
+  .input-md,
+  .input-lg {
+    width: 100%;
+  }
+}
+
+// Prevent iOS Safari auto-zoom on input focus by ensuring font-size is at least 16px
+@media (max-width: 768px) {
+  input,
+  textarea,
+  select,
+  .n-input,
+  .n-input__input-element,
+  .n-input__textarea-el,
+  .n-input__textarea-element {
+    font-size: 16px !important;
+  }
+}
diff --git a/packages/client/src/styles/theme.ts b/packages/client/src/styles/theme.ts
new file mode 100644
index 0000000..691b142
--- /dev/null
+++ b/packages/client/src/styles/theme.ts
@@ -0,0 +1,175 @@
+import type { GlobalThemeOverrides } from 'naive-ui'
+
+const fontUI = "'Plus Jakarta Sans', 'Noto Sans SC', system-ui, sans-serif"
+const fontMono = "'IBM Plex Mono', 'JetBrains Mono', 'Fira Code', Consolas, monospace"
+
+export const lightThemeOverrides: GlobalThemeOverrides = {
+  common: {
+    primaryColor: '#2563eb',
+    primaryColorHover: '#1d4ed8',
+    primaryColorPressed: '#1e40af',
+    primaryColorSuppl: '#2563eb',
+    bodyColor: '#f4f7fb',
+    cardColor: '#ffffff',
+    modalColor: '#ffffff',
+    popoverColor: '#ffffff',
+    tableColor: '#ffffff',
+    inputColor: '#ffffff',
+    actionColor: '#e8eef6',
+    textColorBase: '#0f172a',
+    textColor1: '#0f172a',
+    textColor2: '#475569',
+    textColor3: '#94a3b8',
+    dividerColor: '#d8e2ef',
+    borderColor: '#d8e2ef',
+    hoverColor: 'rgba(37, 99, 235, 0.06)',
+    borderRadius: '10px',
+    borderRadiusSmall: '8px',
+    fontSize: '14px',
+    fontSizeMedium: '14px',
+    heightMedium: '38px',
+    fontFamily: fontUI,
+    fontFamilyMono: fontMono,
+  },
+  Layout: {
+    color: '#f4f7fb',
+    siderColor: '#ffffff',
+    headerColor: '#ffffff',
+  },
+  Menu: {
+    itemTextColorActive: '#2563eb',
+    itemTextColorActiveHover: '#1d4ed8',
+    itemTextColorChildActive: '#2563eb',
+    itemIconColorActive: '#2563eb',
+    itemIconColorActiveHover: '#1d4ed8',
+    itemColorActive: 'rgba(37, 99, 235, 0.1)',
+    itemColorActiveHover: 'rgba(37, 99, 235, 0.14)',
+    arrowColorActive: '#2563eb',
+    borderRadius: '8px',
+  },
+  Button: {
+    textColorPrimary: '#ffffff',
+    colorPrimary: '#2563eb',
+    colorHoverPrimary: '#1d4ed8',
+    colorPressedPrimary: '#1e40af',
+    borderRadiusMedium: '8px',
+  },
+  Input: {
+    color: '#ffffff',
+    colorFocus: '#ffffff',
+    border: '1px solid #d8e2ef',
+    borderHover: '1px solid #2563eb',
+    borderFocus: '1px solid #2563eb',
+    placeholderColor: '#94a3b8',
+    caretColor: '#2563eb',
+    borderRadiusMedium: '8px',
+  },
+  Card: {
+    color: '#ffffff',
+    borderColor: '#d8e2ef',
+    borderRadius: '12px',
+    boxShadow: '0 4px 16px -4px rgba(15, 23, 42, 0.08)',
+  },
+  Modal: {
+    color: '#ffffff',
+    borderRadius: '14px',
+  },
+  Tag: {
+    borderRadius: '6px',
+  },
+}
+
+export const darkThemeOverrides: GlobalThemeOverrides = {
+  common: {
+    primaryColor: '#3b82f6',
+    primaryColorHover: '#60a5fa',
+    primaryColorPressed: '#2563eb',
+    primaryColorSuppl: '#3b82f6',
+    bodyColor: '#0b1120',
+    cardColor: '#151f35',
+    modalColor: '#151f35',
+    popoverColor: '#151f35',
+    tableColor: '#151f35',
+    inputColor: '#111a2e',
+    actionColor: '#1c2a45',
+    textColorBase: '#e8edf5',
+    textColor1: '#e8edf5',
+    textColor2: '#94a8c4',
+    textColor3: '#5c7090',
+    dividerColor: '#243049',
+    borderColor: '#243049',
+    hoverColor: 'rgba(59, 130, 246, 0.1)',
+    borderRadius: '10px',
+    borderRadiusSmall: '8px',
+    fontSize: '14px',
+    fontSizeMedium: '14px',
+    heightMedium: '38px',
+    fontFamily: fontUI,
+    fontFamilyMono: fontMono,
+  },
+  Layout: {
+    color: '#0b1120',
+    siderColor: '#0f1729',
+    headerColor: '#0b1120',
+  },
+  Menu: {
+    itemTextColorActive: '#3b82f6',
+    itemTextColorActiveHover: '#60a5fa',
+    itemTextColorChildActive: '#3b82f6',
+    itemIconColorActive: '#3b82f6',
+    itemIconColorActiveHover: '#60a5fa',
+    itemColorActive: 'rgba(59, 130, 246, 0.15)',
+    itemColorActiveHover: 'rgba(59, 130, 246, 0.2)',
+    arrowColorActive: '#3b82f6',
+    borderRadius: '8px',
+  },
+  Button: {
+    textColorPrimary: '#ffffff',
+    colorPrimary: '#3b82f6',
+    colorHoverPrimary: '#60a5fa',
+    colorPressedPrimary: '#2563eb',
+    borderRadiusMedium: '8px',
+  },
+  Input: {
+    color: '#111a2e',
+    colorFocus: '#111a2e',
+    border: '1px solid #243049',
+    borderHover: '1px solid #3b82f6',
+    borderFocus: '1px solid #3b82f6',
+    placeholderColor: '#5c7090',
+    caretColor: '#3b82f6',
+    borderRadiusMedium: '8px',
+  },
+  Card: {
+    color: '#151f35',
+    borderColor: '#243049',
+    borderRadius: '12px',
+    boxShadow: '0 8px 24px -6px rgba(0, 0, 0, 0.4)',
+  },
+  Modal: {
+    color: '#151f35',
+    borderRadius: '14px',
+  },
+  Tag: {
+    borderRadius: '6px',
+  },
+  Switch: {
+    railColor: '#243049',
+    railColorActive: '#3b82f6',
+    loadingColor: '#60a5fa',
+    opacityDisabled: 0.4,
+  },
+}
+
+export function getThemeOverrides(isDark: boolean, isComic?: boolean): GlobalThemeOverrides {
+  const base = isDark ? darkThemeOverrides : lightThemeOverrides
+  if (!isComic) return base
+  const comicFont = "'Comic Neue', 'ZCOOL KuaiLe', 'Zen Maru Gothic', 'Gaegu', cursive, sans-serif"
+  return {
+    ...base,
+    common: {
+      ...base.common!,
+      fontFamily: comicFont,
+    },
+  }
+}
diff --git a/packages/client/src/styles/variables.scss b/packages/client/src/styles/variables.scss
new file mode 100644
index 0000000..6ed991b
--- /dev/null
+++ b/packages/client/src/styles/variables.scss
@@ -0,0 +1,185 @@
+// 晶蓝流光 — Crystal Flow
+// 清爽蓝青配色 + 顶栏布局 + 浅色侧栏
+// 支持 light / dark / comic 三主题
+
+// ─── CSS Custom Properties ─────────────────────────────────────
+
+:root {
+  // Typography
+  --font-ui: 'Plus Jakarta Sans', 'Noto Sans SC', system-ui, sans-serif;
+  --font-display: 'Plus Jakarta Sans', 'Noto Sans SC', system-ui, sans-serif;
+
+  // Backgrounds
+  --bg-primary: #f4f7fb;
+  --bg-secondary: #e8eef6;
+  --bg-sidebar: #ffffff;
+  --bg-topbar: rgba(255, 255, 255, 0.92);
+  --bg-card: #ffffff;
+  --bg-card-hover: #f0f5fc;
+  --bg-input: #ffffff;
+
+  // Borders
+  --border-color: #d8e2ef;
+  --border-light: #e8eef6;
+
+  // Accent — royal blue + cyan
+  --accent-primary: #2563eb;
+  --accent-hover: #1d4ed8;
+  --accent-muted: #93c5fd;
+  --accent-secondary: #0891b2;
+  --accent-secondary-hover: #0e7490;
+
+  // Text
+  --text-primary: #0f172a;
+  --text-secondary: #475569;
+  --text-muted: #94a3b8;
+  --text-sidebar: #334155;
+  --text-sidebar-muted: #64748b;
+
+  // Status
+  --success: #059669;
+  --error: #dc2626;
+  --warning: #d97706;
+
+  // Message bubbles
+  --msg-user-bg: #dbeafe;
+  --msg-assistant-bg: #ffffff;
+  --msg-system-border: #2563eb;
+
+  // Code
+  --code-bg: #eef2f8;
+
+  // Utility
+  --text-on-accent: #ffffff;
+  --text-on-overlay: #ffffff;
+  --accent-info: #0891b2;
+  --nav-active-bg: #2563eb;
+  --nav-active-text: #ffffff;
+
+  // RGB components
+  --accent-primary-rgb: 37, 99, 235;
+  --accent-hover-rgb: 29, 78, 216;
+  --accent-secondary-rgb: 8, 145, 178;
+  --text-primary-rgb: 15, 23, 42;
+  --text-muted-rgb: 148, 163, 184;
+  --success-rgb: 5, 150, 105;
+  --error-rgb: 220, 38, 38;
+  --warning-rgb: 217, 119, 6;
+  --accent-info-rgb: 8, 145, 178;
+}
+
+.dark {
+  --bg-primary: #0b1120;
+  --bg-secondary: #131c31;
+  --bg-sidebar: #0f1729;
+  --bg-topbar: rgba(11, 17, 32, 0.94);
+  --bg-card: #151f35;
+  --bg-card-hover: #1c2a45;
+  --bg-input: #111a2e;
+
+  --border-color: #243049;
+  --border-light: #1a2740;
+
+  --accent-primary: #3b82f6;
+  --accent-hover: #60a5fa;
+  --accent-muted: #1d4ed8;
+  --accent-secondary: #22d3ee;
+  --accent-secondary-hover: #67e8f9;
+
+  --text-primary: #e8edf5;
+  --text-secondary: #94a8c4;
+  --text-muted: #5c7090;
+  --text-sidebar: #c8d6ea;
+  --text-sidebar-muted: #6b82a3;
+
+  --success: #34d399;
+  --error: #f87171;
+  --warning: #fbbf24;
+
+  --msg-user-bg: #172554;
+  --msg-assistant-bg: #151f35;
+  --msg-system-border: #3b82f6;
+
+  --code-bg: #0d1526;
+
+  --text-on-accent: #ffffff;
+  --text-on-overlay: #e8edf5;
+  --accent-info: #22d3ee;
+  --nav-active-bg: #3b82f6;
+  --nav-active-text: #ffffff;
+
+  --accent-primary-rgb: 59, 130, 246;
+  --accent-hover-rgb: 96, 165, 250;
+  --accent-secondary-rgb: 34, 211, 238;
+  --text-primary-rgb: 232, 237, 245;
+  --text-muted-rgb: 92, 112, 144;
+  --success-rgb: 52, 211, 153;
+  --error-rgb: 248, 113, 113;
+  --warning-rgb: 251, 191, 36;
+  --accent-info-rgb: 34, 211, 238;
+}
+
+.comic {
+  --border-color: #1a1a1a;
+  --border-light: #555555;
+  --msg-system-border: #1a1a1a;
+  --font-ui: 'Comic Neue', 'ZCOOL KuaiLe', 'Zen Maru Gothic', 'Gaegu', cursive, sans-serif;
+  --comic-border-width: 2.5px;
+  --comic-shadow: 3px 3px 0px rgba(0, 0, 0, 0.15);
+}
+
+.dark.comic {
+  --border-color: #666666;
+  --border-light: #555555;
+  --msg-system-border: #888888;
+  --comic-shadow: 3px 3px 0px rgba(255, 255, 255, 0.08);
+}
+
+// ─── SCSS Variables ────────────────────────────────────────────
+
+$bg-primary: var(--bg-primary);
+$bg-secondary: var(--bg-secondary);
+$bg-sidebar: var(--bg-sidebar);
+$bg-topbar: var(--bg-topbar);
+$bg-card: var(--bg-card);
+$bg-card-hover: var(--bg-card-hover);
+$bg-input: var(--bg-input);
+
+$border-color: var(--border-color);
+$border-light: var(--border-light);
+
+$accent-primary: var(--accent-primary);
+$accent-hover: var(--accent-hover);
+$accent-muted: var(--accent-muted);
+
+$text-primary: var(--text-primary);
+$text-secondary: var(--text-secondary);
+$text-muted: var(--text-muted);
+
+$success: var(--success);
+$error: var(--error);
+$warning: var(--warning);
+$info: var(--accent-info);
+
+$msg-user-bg: var(--msg-user-bg);
+$msg-assistant-bg: var(--msg-assistant-bg);
+$msg-system-border: var(--msg-system-border);
+
+$code-bg: var(--code-bg);
+
+$font-ui: var(--font-ui);
+$font-display: var(--font-display);
+$font-code: 'IBM Plex Mono', 'JetBrains Mono', 'Fira Code', Consolas, monospace;
+
+$topbar-height: 56px;
+$sidebar-width: 220px;
+$sidebar-collapsed-width: 68px;
+$header-height: 60px;
+$breakpoint-mobile: 768px;
+
+$radius-sm: 8px;
+$radius-md: 12px;
+$radius-lg: 18px;
+
+$transition-fast: 0.16s ease;
+$transition-normal: 0.24s ease;
diff --git a/packages/client/src/utils/clipboard.ts b/packages/client/src/utils/clipboard.ts
new file mode 100644
index 0000000..f559729
--- /dev/null
+++ b/packages/client/src/utils/clipboard.ts
@@ -0,0 +1,46 @@
+/**
+ * Copy text to clipboard with a fallback for non-secure contexts (HTTP, non-localhost).
+ * `navigator.clipboard` is only available in secure contexts; intranet HTTP deployments
+ * must fall back to the legacy `document.execCommand('copy')` flow via a hidden textarea.
+ */
+export async function copyToClipboard(text: string): Promise<boolean> {
+  if (typeof navigator !== 'undefined' && navigator.clipboard && window.isSecureContext) {
+    try {
+      await navigator.clipboard.writeText(text)
+      return true
+    } catch {
+      // fall through to legacy fallback
+    }
+  }
+
+  if (typeof document === 'undefined') return false
+
+  const textarea = document.createElement('textarea')
+  textarea.value = text
+  textarea.setAttribute('readonly', '')
+  textarea.style.position = 'fixed'
+  textarea.style.top = '0'
+  textarea.style.left = '0'
+  textarea.style.width = '1px'
+  textarea.style.height = '1px'
+  textarea.style.padding = '0'
+  textarea.style.border = 'none'
+  textarea.style.outline = 'none'
+  textarea.style.boxShadow = 'none'
+  textarea.style.background = 'transparent'
+  textarea.style.opacity = '0'
+  document.body.appendChild(textarea)
+
+  let ok = false
+  try {
+    textarea.focus()
+    textarea.select()
+    textarea.setSelectionRange(0, text.length)
+    ok = document.execCommand('copy')
+  } catch {
+    ok = false
+  } finally {
+    document.body.removeChild(textarea)
+  }
+  return ok
+}
diff --git a/packages/client/src/utils/completion-sound.ts b/packages/client/src/utils/completion-sound.ts
new file mode 100644
index 0000000..0a0fb99
--- /dev/null
+++ b/packages/client/src/utils/completion-sound.ts
@@ -0,0 +1,68 @@
+type AudioContextConstructor = typeof AudioContext
+
+type WindowWithWebkitAudio = Window & typeof globalThis & {
+  webkitAudioContext?: AudioContextConstructor
+}
+
+let audioContext: AudioContext | null = null
+
+function getAudioContext(): AudioContext | null {
+  if (typeof window === 'undefined') return null
+
+  const AudioContextCtor = window.AudioContext || (window as WindowWithWebkitAudio).webkitAudioContext
+  if (!AudioContextCtor) return null
+
+  if (!audioContext) {
+    audioContext = new AudioContextCtor()
+  }
+
+  return audioContext
+}
+
+export function primeCompletionSound(): void {
+  const ctx = getAudioContext()
+  if (!ctx || ctx.state !== 'suspended') return
+
+  void ctx.resume().catch(() => {
+    // Browser autoplay policy may still reject until a user gesture. Ignore; the
+    // next send action will try again.
+  })
+}
+
+export async function playCompletionSound(): Promise<boolean> {
+  const ctx = getAudioContext()
+  if (!ctx) return false
+
+  try {
+    if (ctx.state === 'suspended') {
+      await ctx.resume()
+    }
+
+    const now = ctx.currentTime
+    const duration = 0.16
+    const oscillator = ctx.createOscillator()
+    const gain = ctx.createGain()
+
+    oscillator.type = 'sine'
+    oscillator.frequency.setValueAtTime(880, now)
+    oscillator.frequency.exponentialRampToValueAtTime(660, now + duration)
+
+    gain.gain.setValueAtTime(0.0001, now)
+    gain.gain.exponentialRampToValueAtTime(0.18, now + 0.015)
+    gain.gain.exponentialRampToValueAtTime(0.0001, now + duration)
+
+    oscillator.connect(gain)
+    gain.connect(ctx.destination)
+    oscillator.start(now)
+    oscillator.stop(now + duration)
+
+    return true
+  } catch (err) {
+    console.warn('Failed to play completion sound:', err)
+    return false
+  }
+}
+
+export function __resetCompletionSoundForTests(): void {
+  audioContext = null
+}
diff --git a/packages/client/src/utils/file-path.ts b/packages/client/src/utils/file-path.ts
new file mode 100644
index 0000000..e9bee14
--- /dev/null
+++ b/packages/client/src/utils/file-path.ts
@@ -0,0 +1,5 @@
+import type { FileEntry } from '@/api/hermes/files'
+
+export function getClipboardPathForEntry(entry: FileEntry): string {
+  return entry.absolutePath || entry.path
+}
diff --git a/packages/client/src/utils/hermes/kanban-assignees.ts b/packages/client/src/utils/hermes/kanban-assignees.ts
new file mode 100644
index 0000000..6cf9099
--- /dev/null
+++ b/packages/client/src/utils/hermes/kanban-assignees.ts
@@ -0,0 +1,21 @@
+export const DEFAULT_KANBAN_ASSIGNEE = 'default'
+
+export interface KanbanAssigneeSummary {
+  name: string
+  counts?: Record<string, number> | null
+}
+
+export function assigneeTaskTotal(assignee: KanbanAssigneeSummary): number {
+  return Object.values(assignee.counts || {}).reduce((sum, count) => sum + count, 0)
+}
+
+export function withDefaultAssignee<T extends KanbanAssigneeSummary>(
+  assignees: T[],
+  byAssignee: Record<string, number> = {},
+): KanbanAssigneeSummary[] {
+  const defaultCount = byAssignee[DEFAULT_KANBAN_ASSIGNEE] || 0
+  return assignees.map(assignee => {
+    if (assignee.name !== DEFAULT_KANBAN_ASSIGNEE || assignee.counts) return assignee
+    return { ...assignee, counts: { total: defaultCount } }
+  })
+}
diff --git a/packages/client/src/utils/providerBaseUrl.ts b/packages/client/src/utils/providerBaseUrl.ts
new file mode 100644
index 0000000..a918637
--- /dev/null
+++ b/packages/client/src/utils/providerBaseUrl.ts
@@ -0,0 +1,16 @@
+const APIKEY_FUN_BASE_URL = 'https://api.apikey.fun/v1'
+
+export function normalizeCustomProviderBaseUrl(baseUrl: string): string {
+  const value = baseUrl.trim()
+  if (!value) return value
+
+  try {
+    const parsed = new URL(value)
+    if (parsed.hostname.toLowerCase() === 'api.apikey.fun') return APIKEY_FUN_BASE_URL
+  } catch {
+    // Fall back to a string match so partially typed values still normalize on submit.
+    if (/^https:\/\/api\.apikey\.fun(?:\/|$)/i.test(value)) return APIKEY_FUN_BASE_URL
+  }
+
+  return value
+}
diff --git a/packages/client/src/utils/thinking-parser.ts b/packages/client/src/utils/thinking-parser.ts
new file mode 100644
index 0000000..7eaef59
--- /dev/null
+++ b/packages/client/src/utils/thinking-parser.ts
@@ -0,0 +1,109 @@
+export interface ParsedThinking {
+  segments: string[]
+  pending: string | null
+  body: string
+  hasThinking: boolean
+}
+
+export interface ParseOptions {
+  streaming: boolean
+}
+
+const TAG_RE = /<(think|thinking|reasoning)>([\s\S]*?)<\/\1>/gi
+
+const PLACEHOLDER_PREFIX = '\u0000THKCODE'
+const PLACEHOLDER_SUFFIX = '\u0000'
+
+const FENCED_RE = /(^|\n)( {0,3})(`{3,}|~{3,})[^\n]*\n[\s\S]*?\n\2\3[ \t]*(?=\n|$)/g
+const INLINE_CODE_RE = /`[^`\n]*`/g
+
+function protectCodeBlocks(input: string): { masked: string; blocks: string[] } {
+  const blocks: string[] = []
+  let masked = input.replace(FENCED_RE, (m) => {
+    blocks.push(m)
+    return `${PLACEHOLDER_PREFIX}${blocks.length - 1}${PLACEHOLDER_SUFFIX}`
+  })
+  masked = masked.replace(INLINE_CODE_RE, (m) => {
+    blocks.push(m)
+    return `${PLACEHOLDER_PREFIX}${blocks.length - 1}${PLACEHOLDER_SUFFIX}`
+  })
+  return { masked, blocks }
+}
+
+function restoreCodeBlocks(text: string, blocks: string[]): string {
+  if (blocks.length === 0) return text
+
+  const placeholderRe = new RegExp(`${PLACEHOLDER_PREFIX}(\\d+)${PLACEHOLDER_SUFFIX}`, 'g')
+  let restored = text
+
+  for (let i = 0; i < blocks.length; i += 1) {
+    const next = restored.replace(
+      placeholderRe,
+      (_, idx) => blocks[Number(idx)] ?? '',
+    )
+    if (next === restored) break
+    restored = next
+  }
+
+  return restored
+}
+
+export function parseThinking(content: string, opts: ParseOptions): ParsedThinking {
+  const { masked, blocks } = protectCodeBlocks(content)
+
+  const segments: string[] = []
+  let pending: string | null = null
+  let body = ''
+  let lastIndex = 0
+
+  TAG_RE.lastIndex = 0
+  let m: RegExpExecArray | null
+  while ((m = TAG_RE.exec(masked)) !== null) {
+    body += masked.slice(lastIndex, m.index)
+    segments.push(m[2])
+    lastIndex = m.index + m[0].length
+  }
+  const rest = masked.slice(lastIndex)
+
+  const openRe = /<(think|thinking|reasoning)>([\s\S]*)$/i
+  const openMatch = rest.match(openRe)
+  if (openMatch) {
+    body += rest.slice(0, openMatch.index)
+    if (opts.streaming) {
+      pending = openMatch[2]
+    } else {
+      body += rest.slice(openMatch.index!)
+    }
+  } else {
+    body += rest
+  }
+
+  return {
+    segments: segments.map(s => restoreCodeBlocks(s, blocks)),
+    pending: pending === null ? null : restoreCodeBlocks(pending, blocks),
+    body: restoreCodeBlocks(body, blocks),
+    hasThinking: segments.length > 0 || pending !== null,
+  }
+}
+
+export function countThinkingChars(parsed: ParsedThinking): number {
+  const len = (s: string) => [...s].length
+  return parsed.segments.reduce((a, s) => a + len(s), 0) + len(parsed.pending || '')
+}
+
+export interface ThinkingBoundary {
+  startedAtBoundary: boolean
+  endedAtBoundary: boolean
+}
+
+const ANY_OPEN_RE = /<(think|thinking|reasoning)>/i
+const ANY_CLOSE_RE = /<\/(think|thinking|reasoning)>/i
+
+export function detectThinkingBoundary(prev: string, next: string): ThinkingBoundary {
+  const prevMasked = protectCodeBlocks(prev).masked
+  const nextMasked = protectCodeBlocks(next).masked
+  return {
+    startedAtBoundary: !ANY_OPEN_RE.test(prevMasked) && ANY_OPEN_RE.test(nextMasked),
+    endedAtBoundary: !ANY_CLOSE_RE.test(prevMasked) && ANY_CLOSE_RE.test(nextMasked),
+  }
+}
diff --git a/packages/client/src/utils/ttsHelpers.ts b/packages/client/src/utils/ttsHelpers.ts
new file mode 100644
index 0000000..6656765
--- /dev/null
+++ b/packages/client/src/utils/ttsHelpers.ts
@@ -0,0 +1,16 @@
+/**
+ * 语速倍率 → Edge TTS rate 字符串
+ * 1.0 → "0%", 1.2 → "+20%", 0.5 → "-50%"
+ */
+export function speedToEdgeRate(speed: number): string {
+  const percent = Math.round((speed - 1) * 100)
+  return percent >= 0 ? `+${percent}%` : `${percent}%`
+}
+
+/**
+ * Hz 偏移值 → Edge TTS pitch 字符串
+ * 0 → "0Hz", 12 → "+12Hz", -8 → "-8Hz"
+ */
+export function hzToEdgePitch(hz: number): string {
+  return hz >= 0 ? `+${hz}Hz` : `${hz}Hz`
+}
diff --git a/packages/client/src/views/LoginView.vue b/packages/client/src/views/LoginView.vue
new file mode 100644
index 0000000..acd5df3
--- /dev/null
+++ b/packages/client/src/views/LoginView.vue
@@ -0,0 +1,382 @@
+<script setup lang="ts">
+import { ref, onMounted } from "vue";
+import { useRouter } from "vue-router";
+import { useI18n } from "vue-i18n";
+import { setApiKey, hasApiKey } from "@/api/client";
+import { fetchAuthStatus, loginWithPassword } from "@/api/auth";
+import AppLogo from "@/components/common/AppLogo.vue";
+
+const { t } = useI18n();
+const router = useRouter();
+
+const username = ref("");
+const password = ref("");
+const loading = ref(false);
+const errorMsg = ref("");
+const showLockResetHint = ref(false);
+
+if (hasApiKey()) {
+  router.replace("/hermes/chat");
+}
+
+onMounted(async () => {
+  try {
+    await fetchAuthStatus();
+  } catch {
+    // Login remains available; the submit request will surface connection errors.
+  }
+});
+
+async function handleLogin() {
+  await handlePasswordLogin();
+}
+
+async function handlePasswordLogin() {
+  if (!username.value.trim() || !password.value) {
+    errorMsg.value = t("login.credentialsRequired");
+    return;
+  }
+
+  loading.value = true;
+  errorMsg.value = "";
+  showLockResetHint.value = false;
+
+  try {
+    const sessionToken = await loginWithPassword(username.value.trim(), password.value);
+    setApiKey(sessionToken);
+    router.replace("/hermes/chat");
+  } catch (err: any) {
+    if (err.status === 429 || err.status === 503) {
+      errorMsg.value = t("login.tooManyAttempts");
+      showLockResetHint.value = true;
+    } else {
+      errorMsg.value = err.message || t("login.invalidCredentials");
+    }
+  } finally {
+    loading.value = false;
+  }
+}
+</script>
+
+<template>
+  <div class="login-view">
+    <section class="login-brand">
+      <div class="brand-content">
+        <AppLogo :size="56" show-text />
+        <p class="brand-tagline">{{ t("login.description") }}</p>
+        <ul class="brand-features">
+          <li>多模型 AI 对话</li>
+          <li>Agent 工作流编排</li>
+          <li>本地私有化部署</li>
+        </ul>
+      </div>
+      <div class="brand-decoration" aria-hidden="true" />
+    </section>
+
+    <section class="login-panel">
+      <div class="login-card">
+        <div class="mobile-brand">
+          <AppLogo :size="40" show-text />
+        </div>
+        <h1 class="login-title">{{ t("login.title") }}</h1>
+        <p class="login-subtitle">欢迎回来，请登录您的账户</p>
+
+        <form class="login-form" @submit.prevent="handleLogin">
+          <div class="input-group">
+            <label class="input-label">{{ t("login.usernamePlaceholder") }}</label>
+            <input
+              v-model="username"
+              type="text"
+              class="login-input"
+              :placeholder="t('login.usernamePlaceholder')"
+              autofocus
+              :disabled="loading"
+            />
+          </div>
+
+          <div class="input-group">
+            <label class="input-label">{{ t("login.passwordPlaceholder") }}</label>
+            <input
+              v-model="password"
+              type="password"
+              class="login-input"
+              placeholder="••••••••"
+              @keyup.enter="handleLogin"
+              :disabled="loading"
+            />
+          </div>
+
+          <div v-if="errorMsg" class="login-error">
+            <span class="error-icon">!</span>
+            {{ errorMsg }}
+          </div>
+
+          <div v-if="showLockResetHint" class="login-lock-hint">
+            <p>{{ t("login.lockResetHint") }}</p>
+            <code>hermes-web-ui clear-login-locks --restart</code>
+          </div>
+
+          <button type="submit" class="login-btn" :disabled="loading">
+            <span v-if="loading" class="btn-loader" />
+            <span v-else>{{ t("login.submit") }}</span>
+          </button>
+        </form>
+
+        <p class="login-footer-hint">{{ t("login.defaultCredentialsHint") }}</p>
+      </div>
+    </section>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.login-view {
+  display: flex;
+  height: calc(100 * var(--vh));
+  width: 100vw;
+  overflow: hidden;
+  font-family: $font-ui;
+}
+
+.login-brand {
+  position: relative;
+  flex: 1;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 48px;
+  background: linear-gradient(145deg, #1e40af 0%, #0891b2 55%, #0e7490 100%);
+  color: #ffffff;
+  overflow: hidden;
+
+  @media (max-width: 900px) {
+    display: none;
+  }
+}
+
+.brand-decoration {
+  position: absolute;
+  inset: 0;
+  background:
+    radial-gradient(circle at 20% 80%, rgba(255, 255, 255, 0.12) 0%, transparent 40%),
+    radial-gradient(circle at 80% 20%, rgba(255, 255, 255, 0.08) 0%, transparent 35%);
+  pointer-events: none;
+}
+
+.brand-content {
+  position: relative;
+  z-index: 1;
+  max-width: 400px;
+
+  :deep(.app-logo__text) {
+    color: #ffffff;
+    font-size: 28px;
+  }
+}
+
+.brand-tagline {
+  margin: 20px 0 28px;
+  font-size: 16px;
+  line-height: 1.6;
+  color: rgba(255, 255, 255, 0.85);
+}
+
+.brand-features {
+  list-style: none;
+  padding: 0;
+  margin: 0;
+  display: flex;
+  flex-direction: column;
+  gap: 12px;
+
+  li {
+    display: flex;
+    align-items: center;
+    gap: 10px;
+    font-size: 14px;
+    color: rgba(255, 255, 255, 0.9);
+
+    &::before {
+      content: '';
+      width: 6px;
+      height: 6px;
+      border-radius: 50%;
+      background: #67e8f9;
+      flex-shrink: 0;
+    }
+  }
+}
+
+.login-panel {
+  flex: 0 0 480px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 32px;
+  background: $bg-primary;
+
+  @media (max-width: 900px) {
+    flex: 1;
+  }
+}
+
+.login-card {
+  width: 100%;
+  max-width: 380px;
+}
+
+.mobile-brand {
+  display: none;
+  margin-bottom: 20px;
+
+  @media (max-width: 900px) {
+    display: block;
+  }
+}
+
+.login-title {
+  font-size: 26px;
+  font-weight: 700;
+  color: $text-primary;
+  margin: 0 0 6px;
+}
+
+.login-subtitle {
+  font-size: 14px;
+  color: $text-muted;
+  margin: 0 0 32px;
+}
+
+.login-form {
+  display: flex;
+  flex-direction: column;
+  gap: 18px;
+}
+
+.input-group {
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+}
+
+.input-label {
+  font-size: 13px;
+  font-weight: 600;
+  color: $text-secondary;
+}
+
+.login-input {
+  width: 100%;
+  padding: 12px 14px;
+  border: 1px solid $border-color;
+  border-radius: $radius-sm;
+  font-size: 15px;
+  color: $text-primary;
+  background: $bg-input;
+  outline: none;
+  transition: all $transition-fast;
+  box-sizing: border-box;
+
+  &::placeholder {
+    color: $text-muted;
+  }
+
+  &:focus {
+    border-color: $accent-primary;
+    box-shadow: 0 0 0 3px rgba(var(--accent-primary-rgb), 0.12);
+  }
+}
+
+.login-error {
+  padding: 10px 14px;
+  border-radius: $radius-sm;
+  background: rgba(var(--error-rgb), 0.08);
+  color: $error;
+  font-size: 13px;
+  display: flex;
+  align-items: center;
+  gap: 8px;
+
+  .error-icon {
+    width: 18px;
+    height: 18px;
+    background: $error;
+    color: white;
+    border-radius: 50%;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    font-size: 12px;
+    font-weight: 800;
+    flex-shrink: 0;
+  }
+}
+
+.login-lock-hint {
+  padding: 12px;
+  border: 1px solid rgba(var(--warning-rgb), 0.25);
+  border-radius: $radius-sm;
+  background: rgba(var(--warning-rgb), 0.06);
+  color: $text-secondary;
+  font-size: 12px;
+
+  p { margin: 0 0 6px; }
+
+  code {
+    display: block;
+    padding: 6px;
+    background: $code-bg;
+    border-radius: 4px;
+    font-family: $font-code;
+    word-break: break-all;
+  }
+}
+
+.login-btn {
+  width: 100%;
+  padding: 13px;
+  margin-top: 4px;
+  border: none;
+  border-radius: $radius-sm;
+  background: $accent-primary;
+  color: var(--text-on-accent);
+  font-size: 15px;
+  font-weight: 600;
+  cursor: pointer;
+  transition: all $transition-fast;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+
+  &:hover:not(:disabled) {
+    background: $accent-hover;
+  }
+
+  &:disabled {
+    opacity: 0.6;
+    cursor: not-allowed;
+  }
+}
+
+.btn-loader {
+  width: 18px;
+  height: 18px;
+  border: 2px solid rgba(255, 255, 255, 0.3);
+  border-top-color: white;
+  border-radius: 50%;
+  animation: spin 0.8s linear infinite;
+}
+
+@keyframes spin {
+  to { transform: rotate(360deg); }
+}
+
+.login-footer-hint {
+  margin-top: 24px;
+  font-size: 12px;
+  color: $text-muted;
+  text-align: center;
+  font-family: $font-code;
+}
+</style>
diff --git a/packages/client/src/views/hermes/AboutView.vue b/packages/client/src/views/hermes/AboutView.vue
new file mode 100644
index 0000000..f0548fa
--- /dev/null
+++ b/packages/client/src/views/hermes/AboutView.vue
@@ -0,0 +1,231 @@
+<script setup lang="ts">
+import { NCard, NGrid, NGridItem, NButton } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+
+const { t } = useI18n()
+console.log(t('common.ok')) // Suppress unused 't' if necessary, or just remove it if really unused
+
+</script>
+
+<template>
+  <div class="about-container">
+    <div class="about-hero">
+      <h1 class="hero-title animate-reveal">灵犀 (Lingxi)</h1>
+      <p class="hero-subtitle animate-reveal-delay">心有灵犀，智能相随</p>
+      <div class="hero-description animate-reveal-delay-2">
+        灵犀是一款专为高效 AI 交互设计的自托管仪表盘。它不仅是一个聊天界面，更是您的智能数字中枢。
+      </div>
+    </div>
+
+    <n-grid :cols="1" :x-gap="24" :y-gap="24" responsive="screen" item-responsive class="feature-grid">
+      <n-grid-item span="m:1">
+        <n-card title="核心特性" class="feature-card animate-float">
+          <div class="feature-list">
+            <div class="feature-item">
+              <div class="feature-icon">🚀</div>
+              <div class="feature-content">
+                <h3>多模型无缝切换</h3>
+                <p>支持 OpenAI, Anthropic, Gemini, DeepSeek, xAI 等全球顶尖模型，按需切换，灵活掌控。</p>
+              </div>
+            </div>
+            <div class="feature-item">
+              <div class="feature-icon">🧩</div>
+              <div class="feature-content">
+                <h3>强大的扩展能力</h3>
+                <p>内置丰富的技能系统 (Skills) 与插件支持，轻松扩展 AI 的能力边界，实现复杂工作流。</p>
+              </div>
+            </div>
+            <div class="feature-item">
+              <div class="feature-icon">💾</div>
+              <div class="feature-content">
+                <h3>本地优先，隐私无忧</h3>
+                <p>基于 SQLite 的本地存储机制，确保您的对话历史、配置信息和记忆数据始终掌握在自己手中。</p>
+              </div>
+            </div>
+            <div class="feature-item">
+              <div class="feature-icon">🎨</div>
+              <div class="feature-content">
+                <h3>极致视觉体验</h3>
+                <p>精心雕琢的 UI/UX 设计，支持深色/浅色模式，提供极致流畅的交互反馈，让工具更具美感。</p>
+              </div>
+            </div>
+          </div>
+        </n-card>
+      </n-grid-item>
+
+      <n-grid-item span="m:1">
+        <n-card title="新觅资源" class="resource-card">
+          <div class="resource-links">
+            <n-button quaternary type="primary" tag="a" href="https://xinmi.cloud/" target="_blank">
+              新觅官网
+            </n-button>
+            <n-button quaternary type="primary" tag="a" href="http://code.xinmi.cloud/" target="_blank">
+              新觅源码库
+            </n-button>
+          </div>
+        </n-card>
+      </n-grid-item>
+    </n-grid>
+
+    <div class="about-footer">
+      <p>&copy; 2026 灵犀 Studio. Powered by Xinmi Cloud.</p>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.about-container {
+  padding: 48px 24px;
+  max-width: 900px;
+  margin: 0 auto;
+  min-height: 100%;
+  display: flex;
+  flex-direction: column;
+  gap: 48px;
+}
+
+.about-hero {
+  text-align: center;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 16px;
+
+  .hero-title {
+    font-size: 3.5rem;
+    font-weight: 800;
+    margin: 0;
+    background: linear-gradient(135deg, var(--accent-primary) 0%, #a855f7 100%);
+    -webkit-background-clip: text;
+    -webkit-text-fill-color: transparent;
+    letter-spacing: -1px;
+  }
+
+  .hero-subtitle {
+    font-size: 1.5rem;
+    color: var(--text-secondary);
+    font-weight: 500;
+  }
+
+  .hero-description {
+    font-size: 1.1rem;
+    color: var(--text-muted);
+    max-width: 600px;
+    line-height: 1.6;
+    margin-top: 8px;
+  }
+}
+
+.feature-card {
+  border-radius: 24px;
+  background-color: var(--bg-card);
+  transition: transform 0.3s ease, box-shadow 0.3s ease;
+  border: 1px solid var(--border-color);
+
+  &:hover {
+    transform: translateY(-4px);
+    box-shadow: 0 12px 24px rgba(0, 0, 0, 0.1);
+  }
+}
+
+.feature-list {
+  display: grid;
+  grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+  gap: 32px;
+  padding: 12px 0;
+}
+
+.feature-item {
+  display: flex;
+  gap: 20px;
+  align-items: flex-start;
+
+  .feature-icon {
+    font-size: 2rem;
+    padding: 12px;
+    background: rgba(var(--accent-primary-rgb), 0.1);
+    border-radius: 16px;
+    line-height: 1;
+  }
+
+  .feature-content {
+    h3 {
+      margin: 0 0 8px 0;
+      font-size: 1.25rem;
+      font-weight: 600;
+    }
+
+    p {
+      margin: 0;
+      color: var(--text-secondary);
+      font-size: 0.95rem;
+      line-height: 1.5;
+    }
+  }
+}
+
+.resource-card {
+  border-radius: 20px;
+  text-align: center;
+  
+  .resource-links {
+    display: flex;
+    justify-content: center;
+    gap: 16px;
+    flex-wrap: wrap;
+  }
+}
+
+.about-footer {
+  margin-top: auto;
+  text-align: center;
+  color: var(--text-muted);
+  font-size: 0.9rem;
+  padding-bottom: 24px;
+}
+
+// Animations
+.animate-reveal {
+  opacity: 0;
+  transform: translateY(20px);
+  animation: reveal 0.8s cubic-bezier(0.23, 1, 0.32, 1) forwards;
+}
+
+.animate-reveal-delay {
+  opacity: 0;
+  transform: translateY(20px);
+  animation: reveal 0.8s cubic-bezier(0.23, 1, 0.32, 1) forwards 0.2s;
+}
+
+.animate-reveal-delay-2 {
+  opacity: 0;
+  transform: translateY(20px);
+  animation: reveal 0.8s cubic-bezier(0.23, 1, 0.32, 1) forwards 0.4s;
+}
+
+@keyframes reveal {
+  to {
+    opacity: 1;
+    transform: translateY(0);
+  }
+}
+
+.animate-float {
+  animation: float 6s ease-in-out infinite;
+}
+
+@keyframes float {
+  0%, 100% { transform: translateY(0); }
+  50% { transform: translateY(-10px); }
+}
+
+@media (max-width: 640px) {
+  .about-hero .hero-title {
+    font-size: 2.5rem;
+  }
+  
+  .feature-list {
+    grid-template-columns: 1fr;
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/ChannelsView.vue b/packages/client/src/views/hermes/ChannelsView.vue
new file mode 100644
index 0000000..a688146
--- /dev/null
+++ b/packages/client/src/views/hermes/ChannelsView.vue
@@ -0,0 +1,54 @@
+<script setup lang="ts">
+import { onMounted } from 'vue'
+import { NSpin } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useSettingsStore } from '@/stores/hermes/settings'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import PlatformSettings from '@/components/hermes/settings/PlatformSettings.vue'
+
+const settingsStore = useSettingsStore()
+const profilesStore = useProfilesStore()
+const { t } = useI18n()
+
+async function loadSettingsForProfile() {
+  if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+    await profilesStore.fetchProfiles()
+  }
+  await settingsStore.fetchSettings()
+}
+
+onMounted(() => {
+  void loadSettingsForProfile()
+})
+</script>
+
+<template>
+  <div class="channels-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('sidebar.channels') }}</h2>
+    </header>
+
+    <div class="channels-content">
+      <NSpin :show="settingsStore.loading || settingsStore.saving" size="large" :description="t('common.loading')">
+        <PlatformSettings v-if="!settingsStore.loading" />
+      </NSpin>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.channels-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.channels-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+  position: relative;
+}
+</style>
diff --git a/packages/client/src/views/hermes/ChatView.vue b/packages/client/src/views/hermes/ChatView.vue
new file mode 100644
index 0000000..9f92331
--- /dev/null
+++ b/packages/client/src/views/hermes/ChatView.vue
@@ -0,0 +1,75 @@
+<script setup lang="ts">
+import { computed, onMounted, watch } from 'vue'
+import { useRoute, useRouter } from 'vue-router'
+import ChatPanel from '@/components/hermes/chat/ChatPanel.vue'
+import { useAppStore } from '@/stores/hermes/app'
+import { useChatStore } from '@/stores/hermes/chat'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { useSettingsStore } from '@/stores/hermes/settings'
+
+const appStore = useAppStore()
+const chatStore = useChatStore()
+const profilesStore = useProfilesStore()
+const settingsStore = useSettingsStore()
+const route = useRoute()
+const router = useRouter()
+
+const routeSessionId = computed(() => {
+  const value = route.params.sessionId
+  return typeof value === 'string' && value.trim() ? value : null
+})
+
+const routeProfile = computed(() => {
+  const value = route.query.profile
+  return typeof value === 'string' && value.trim() ? value : null
+})
+
+async function loadRouteSession() {
+  await chatStore.loadSessions(chatStore.sessionProfileFilter, routeSessionId.value)
+  if (routeSessionId.value && chatStore.activeSessionId !== routeSessionId.value) {
+    await router.replace({ name: 'hermes.chat' })
+  }
+}
+
+onMounted(async () => {
+  appStore.loadModels()
+  // 先加载 profile，确保缓存 key 使用正确的 profile name；同时预取显示设置，
+  // 让聊天完成提示音不依赖用户先打开 Settings 页面。
+  await Promise.all([
+    profilesStore.fetchProfiles(),
+    settingsStore.fetchSettings(),
+  ])
+  await loadRouteSession()
+})
+
+watch([routeSessionId, routeProfile], async ([sessionId]) => {
+  if (!chatStore.sessionsLoaded) return
+  if (!sessionId) {
+    await chatStore.loadSessions(chatStore.sessionProfileFilter)
+    return
+  }
+  if (chatStore.activeSessionId === sessionId) return
+
+  const exists = chatStore.sessions.some(session => session.id === sessionId)
+  if (!exists) {
+    await loadRouteSession()
+    return
+  }
+
+  await chatStore.switchSession(sessionId)
+})
+</script>
+
+<template>
+  <div class="chat-view">
+    <ChatPanel />
+  </div>
+</template>
+
+<style scoped lang="scss">
+.chat-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+</style>
diff --git a/packages/client/src/views/hermes/CodingAgentsView.vue b/packages/client/src/views/hermes/CodingAgentsView.vue
new file mode 100644
index 0000000..3ab0c90
--- /dev/null
+++ b/packages/client/src/views/hermes/CodingAgentsView.vue
@@ -0,0 +1,980 @@
+<script setup lang="ts">
+import { computed, onMounted, ref } from 'vue'
+import { NAlert, NButton, NForm, NFormItem, NInput, NModal, NRadioButton, NRadioGroup, NSelect, NSpace, NSpin, NTag, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import {
+  deleteCodingAgent,
+  fetchCodingAgentsStatus,
+  installCodingAgent,
+  launchCodingAgentNativeTerminal,
+  prepareCodingAgentLaunch,
+  readCodingAgentConfigFile,
+  writeCodingAgentConfigFile,
+  type CodingAgentApiMode,
+  type CodingAgentId,
+  type CodingAgentLaunchMode,
+  type CodingAgentLaunchResult,
+  type CodingAgentToolStatus,
+} from '@/api/coding-agents'
+import { fetchAvailableModelsForProfile, type AvailableModelGroup } from '@/api/hermes/system'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import TerminalPanel from '@/components/hermes/chat/TerminalPanel.vue'
+
+type CodingAgentBlock = {
+  id: CodingAgentId
+  tool: 'Claude Code' | 'Codex'
+  provider: 'Anthropic' | 'OpenAI'
+}
+
+type ConfigFileEntry = {
+  key: string
+  path: string
+  language: string
+}
+
+type ConfigEditorState = {
+  selectedKey: string
+  content: string
+  originalContent: string
+  loading: boolean
+  saving: boolean
+  absolutePath?: string
+  exists?: boolean
+}
+
+const { t } = useI18n()
+const message = useMessage()
+const profilesStore = useProfilesStore()
+const loading = ref(false)
+const loadError = ref('')
+const tools = ref<CodingAgentToolStatus[]>([])
+const installing = ref<Record<CodingAgentId, boolean>>({
+  'claude-code': false,
+  codex: false,
+})
+const deleting = ref<Record<CodingAgentId, boolean>>({
+  'claude-code': false,
+  codex: false,
+})
+const launchModalVisible = ref(false)
+const launchLoading = ref(false)
+const launchPreparing = ref(false)
+const nativeLaunchPreparing = ref(false)
+const launchAgentId = ref<CodingAgentId>('claude-code')
+const launchProviders = ref<AvailableModelGroup[]>([])
+const launchMode = ref<CodingAgentLaunchMode>('scoped')
+const launchProvider = ref('')
+const launchModel = ref('')
+const launchApiMode = ref<CodingAgentApiMode>('codex_responses')
+const launchResult = ref<CodingAgentLaunchResult | null>(null)
+const terminalVisible = ref(false)
+const terminalCommand = ref('')
+const terminalKey = ref(0)
+
+const agentLogos: Record<CodingAgentBlock['tool'], string> = {
+  'Claude Code': '/coding-agents/claude-code.svg',
+  Codex: '/coding-agents/codex-openai.png',
+}
+
+const agentBlocks: CodingAgentBlock[] = [
+  {
+    id: 'claude-code',
+    tool: 'Claude Code',
+    provider: 'Anthropic',
+  },
+  {
+    id: 'codex',
+    tool: 'Codex',
+    provider: 'OpenAI',
+  },
+]
+
+const configFiles: Record<CodingAgentId, ConfigFileEntry[]> = {
+  'claude-code': [
+    { key: 'settings', path: '~/.claude/settings.json', language: 'json' },
+    { key: 'mcp', path: '~/.claude.json', language: 'json' },
+    { key: 'prompt', path: '~/.claude/CLAUDE.md', language: 'markdown' },
+  ],
+  codex: [
+    { key: 'auth', path: '~/.codex/auth.json', language: 'json' },
+    { key: 'config', path: '~/.codex/config.toml', language: 'ini' },
+    { key: 'agents', path: '~/.codex/AGENTS.md', language: 'markdown' },
+  ],
+}
+
+const configEditorStates = ref<Record<CodingAgentId, ConfigEditorState>>({
+  'claude-code': {
+    selectedKey: 'settings',
+    content: '',
+    originalContent: '',
+    loading: false,
+    saving: false,
+  },
+  codex: {
+    selectedKey: 'config',
+    content: '',
+    originalContent: '',
+    loading: false,
+    saving: false,
+  },
+})
+
+const statusById = computed(() => {
+  return tools.value.reduce((acc, tool) => {
+    acc[tool.id] = tool
+    return acc
+  }, {} as Partial<Record<CodingAgentId, CodingAgentToolStatus>>)
+})
+
+const activeProfileName = computed(() => profilesStore.activeProfileName || 'default')
+
+const launchProviderOptions = computed(() => launchProviders.value.map(provider => ({
+  label: provider.label && provider.label !== provider.provider
+    ? `${provider.label} (${provider.provider})`
+    : provider.provider,
+  value: provider.provider,
+})))
+
+const selectedLaunchProvider = computed(() => (
+  launchProviders.value.find(provider => provider.provider === launchProvider.value) || null
+))
+
+const launchModelOptions = computed(() => (
+  selectedLaunchProvider.value?.models.map(model => ({ label: model, value: model })) || []
+))
+
+const launchProtocolOptions = computed(() => [
+  { label: t('codingAgents.protocolOpenAiChat'), value: 'chat_completions' },
+  { label: t('codingAgents.protocolOpenAiResponses'), value: 'codex_responses' },
+  { label: t('codingAgents.protocolAnthropicMessages'), value: 'anthropic_messages' },
+])
+
+const launchModeOptions = computed(() => [
+  { label: t('codingAgents.launchModeGlobal'), value: 'global' },
+  { label: t('codingAgents.launchModeScoped'), value: 'scoped' },
+])
+
+const launchModeThemeOverrides = {
+  buttonColorActive: '#111827',
+  buttonTextColorActive: '#fff',
+  buttonBorderColorActive: '#111827',
+  buttonBoxShadow: 'inset 0 0 0 1px var(--border-color)',
+  buttonBoxShadowHover: 'inset 0 0 0 1px #111827',
+}
+
+const useGlobalLaunchConfig = computed(() => (
+  launchMode.value === 'global'
+))
+
+function statusFor(id: CodingAgentId) {
+  return statusById.value[id]
+}
+
+function configFilesFor(id: CodingAgentId) {
+  return configFiles[id]
+}
+
+function selectedConfigFile(id: CodingAgentId) {
+  return configFiles[id].find(file => file.key === configEditorStates.value[id].selectedKey) || configFiles[id][0]
+}
+
+function hasConfigUnsavedChanges(id: CodingAgentId) {
+  const state = configEditorStates.value[id]
+  return state.content !== state.originalContent
+}
+
+async function loadStatus() {
+  loading.value = true
+  loadError.value = ''
+  try {
+    const data = await fetchCodingAgentsStatus()
+    tools.value = data.tools
+  } catch (err: any) {
+    loadError.value = err?.message || t('codingAgents.loadFailed')
+  } finally {
+    loading.value = false
+  }
+}
+
+async function loadConfigFile(agentId: CodingAgentId, file: ConfigFileEntry) {
+  const state = configEditorStates.value[agentId]
+  state.selectedKey = file.key
+  state.loading = true
+  try {
+    const result = await readCodingAgentConfigFile(agentId, file.key)
+    state.content = result.content
+    state.originalContent = result.content
+    state.absolutePath = result.absolutePath
+    state.exists = result.exists
+  } catch (err: any) {
+    message.error(err?.message || t('codingAgents.configLoadFailed'))
+  } finally {
+    state.loading = false
+  }
+}
+
+async function saveConfigFile(agentId: CodingAgentId) {
+  const state = configEditorStates.value[agentId]
+  const file = selectedConfigFile(agentId)
+  if (!file) return
+  state.saving = true
+  try {
+    const result = await writeCodingAgentConfigFile(
+      agentId,
+      file.key,
+      state.content,
+    )
+    state.originalContent = result.content
+    state.absolutePath = result.absolutePath
+    state.exists = result.exists
+    message.success(t('files.saved'))
+  } catch (err: any) {
+    message.error(err?.message || t('files.saveFailed'))
+  } finally {
+    state.saving = false
+  }
+}
+
+function resetLaunchSelection() {
+  const firstProvider = launchProviders.value[0]
+  launchProvider.value = firstProvider?.provider || ''
+  launchModel.value = firstProvider?.models[0] || ''
+  launchApiMode.value = defaultLaunchApiMode(firstProvider)
+}
+
+function handleLaunchProviderChange(value: string) {
+  const provider = launchProviders.value.find(item => item.provider === value)
+  launchModel.value = provider?.models[0] || ''
+  launchApiMode.value = defaultLaunchApiMode(provider)
+}
+
+function defaultLaunchApiMode(provider?: AvailableModelGroup | null): CodingAgentApiMode {
+  const providerKey = String(provider?.provider || '').toLowerCase()
+  const baseUrl = String(provider?.base_url || '').toLowerCase()
+  if (
+    providerKey.includes('claude') ||
+    providerKey === 'anthropic' ||
+    baseUrl.includes('anthropic') ||
+    baseUrl.includes('/anthropic')
+  ) {
+    return 'anthropic_messages'
+  }
+  if (
+    providerKey === 'deepseek' ||
+    providerKey === 'lmstudio' ||
+    baseUrl.includes('deepseek') ||
+    baseUrl.includes('127.0.0.1') ||
+    baseUrl.includes('localhost')
+  ) {
+    return 'chat_completions'
+  }
+  return 'codex_responses'
+}
+
+async function openLaunchModal(agentId: CodingAgentId) {
+  launchAgentId.value = agentId
+  launchMode.value = 'scoped'
+  launchModalVisible.value = true
+  launchResult.value = null
+  launchLoading.value = true
+  try {
+    const result = await fetchAvailableModelsForProfile(activeProfileName.value)
+    launchProviders.value = result.groups || []
+    resetLaunchSelection()
+  } catch (err: any) {
+    message.error(err?.message || t('codingAgents.loadProvidersFailed'))
+  } finally {
+    launchLoading.value = false
+  }
+}
+
+function currentLaunchRequest() {
+  if (useGlobalLaunchConfig.value) {
+    return {
+      mode: 'global' as const,
+      profile: activeProfileName.value,
+    }
+  }
+  const provider = selectedLaunchProvider.value
+  return {
+    mode: 'scoped' as const,
+    profile: activeProfileName.value,
+    provider: launchProvider.value,
+    model: launchModel.value,
+    baseUrl: provider?.base_url || '',
+    apiKey: provider?.api_key || '',
+    apiMode: launchApiMode.value,
+  }
+}
+
+function codingAgentMessage(code?: string, fallback?: string, fallbackKey = 'codingAgents.installFailed'): string {
+  if (code === 'node_environment_missing') return t('codingAgents.nodeEnvironmentMissing')
+  return fallback || t(fallbackKey)
+}
+
+function parseErrorPayload(err: any): { message?: string; code?: string } | null {
+  const messageText = String(err?.message || '')
+  const jsonStart = messageText.indexOf('{')
+  if (jsonStart < 0) return null
+  try {
+    const parsed = JSON.parse(messageText.slice(jsonStart))
+    return parsed && typeof parsed === 'object' ? parsed : null
+  } catch {
+    return null
+  }
+}
+
+async function launchBuiltInTerminal() {
+  if (!useGlobalLaunchConfig.value && (!launchProvider.value || !launchModel.value)) {
+    message.error(t('codingAgents.selectProviderModel'))
+    return
+  }
+  launchPreparing.value = true
+  try {
+    launchResult.value = await prepareCodingAgentLaunch(launchAgentId.value, currentLaunchRequest())
+    terminalCommand.value = launchResult.value.shellCommand
+    terminalKey.value += 1
+    launchModalVisible.value = false
+    terminalVisible.value = true
+    message.success(t('codingAgents.launchPrepared'))
+  } catch (err: any) {
+    message.error(err?.message || t('codingAgents.launchPrepareFailed'))
+  } finally {
+    launchPreparing.value = false
+  }
+}
+
+async function launchNativeTerminal() {
+  if (!useGlobalLaunchConfig.value && (!launchProvider.value || !launchModel.value)) {
+    message.error(t('codingAgents.selectProviderModel'))
+    return
+  }
+  nativeLaunchPreparing.value = true
+  try {
+    await launchCodingAgentNativeTerminal(launchAgentId.value, currentLaunchRequest())
+    launchModalVisible.value = false
+    message.success(t('codingAgents.nativeLaunchStarted'))
+  } catch (err: any) {
+    message.error(err?.message || t('codingAgents.nativeLaunchFailed'))
+  } finally {
+    nativeLaunchPreparing.value = false
+  }
+}
+
+async function handleInstall(id: CodingAgentId) {
+  installing.value[id] = true
+  try {
+    const result = await installCodingAgent(id)
+    tools.value = result.tools
+    if (result.success) {
+      message.success(t('codingAgents.installSuccess'))
+    } else {
+      message.error(codingAgentMessage(result.code, result.message, 'codingAgents.installFailed'))
+    }
+  } catch (err: any) {
+    const payload = parseErrorPayload(err)
+    message.error(codingAgentMessage(payload?.code, payload?.message || err?.message, 'codingAgents.installFailed'))
+  } finally {
+    installing.value[id] = false
+  }
+}
+
+async function handleDelete(id: CodingAgentId) {
+  deleting.value[id] = true
+  try {
+    const result = await deleteCodingAgent(id)
+    tools.value = result.tools
+    if (result.success) {
+      message.success(t('codingAgents.deleteSuccess'))
+    } else {
+      message.error(codingAgentMessage(result.code, result.message, 'codingAgents.deleteFailed'))
+    }
+  } catch (err: any) {
+    const payload = parseErrorPayload(err)
+    message.error(codingAgentMessage(payload?.code, payload?.message || err?.message, 'codingAgents.deleteFailed'))
+  } finally {
+    deleting.value[id] = false
+  }
+}
+
+onMounted(() => {
+  void loadStatus()
+  void loadConfigFile('claude-code', configFiles['claude-code'][0])
+  void loadConfigFile('codex', configFiles.codex[1])
+})
+</script>
+
+<template>
+  <div class="coding-agents-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('codingAgents.title') }}</h2>
+      <NButton size="small" quaternary :loading="loading" @click="loadStatus">
+        {{ t('codingAgents.refresh') }}
+      </NButton>
+    </header>
+
+    <div class="coding-agents-content">
+      <NAlert v-if="loadError" type="error" class="status-alert">
+        {{ loadError }}
+      </NAlert>
+      <p class="content-description">{{ t('codingAgents.notice') }}</p>
+
+      <div class="agent-blocks">
+        <section v-for="block in agentBlocks" :key="block.tool" class="agent-block">
+          <header class="agent-block-header">
+            <img class="agent-logo" :src="agentLogos[block.tool]" alt="" />
+            <div>
+              <h3>{{ block.tool }}</h3>
+              <NTag class="provider-tag" size="small">{{ block.provider }}</NTag>
+            </div>
+          </header>
+
+          <div class="agent-install-state">
+            <div class="install-state-main">
+              <div class="install-state-title">{{ t('codingAgents.installStatus') }}</div>
+              <div class="install-state-value">
+                <NTag v-if="loading && !statusFor(block.id)" size="small">
+                  {{ t('codingAgents.checking') }}
+                </NTag>
+                <template v-else-if="statusFor(block.id)?.installed">
+                  <NTag size="small" type="success">{{ t('codingAgents.installed') }}</NTag>
+                  <span class="version-text">
+                    {{ statusFor(block.id)?.version || statusFor(block.id)?.rawVersion }}
+                  </span>
+                </template>
+                <NTag v-else size="small" type="warning">{{ t('codingAgents.notInstalled') }}</NTag>
+              </div>
+            </div>
+            <NButton
+              v-if="statusFor(block.id)?.installed"
+              size="small"
+              type="error"
+              secondary
+              :loading="deleting[block.id]"
+              @click="handleDelete(block.id)"
+            >
+              {{ deleting[block.id] ? t('codingAgents.deleting') : t('codingAgents.deleteNow') }}
+            </NButton>
+            <NButton
+              v-else
+              size="small"
+              type="primary"
+              secondary
+              :loading="installing[block.id]"
+              :disabled="loading && !statusFor(block.id)"
+              @click="handleInstall(block.id)"
+            >
+              {{ installing[block.id] ? t('codingAgents.installing') : t('codingAgents.installNow') }}
+            </NButton>
+          </div>
+
+          <div class="config-file-section">
+            <div class="config-file-title">{{ t('codingAgents.configFiles') }}</div>
+            <div class="config-file-list">
+              <button
+                v-for="file in configFilesFor(block.id)"
+                :key="file.key"
+                class="config-file-cell"
+                :class="{ active: configEditorStates[block.id].selectedKey === file.key }"
+                type="button"
+                @click="loadConfigFile(block.id, file)"
+              >
+                {{ file.path }}
+              </button>
+            </div>
+          </div>
+
+          <div class="inline-config-editor">
+            <div class="config-editor-meta">
+              <span class="config-editor-path">
+                {{ selectedConfigFile(block.id)?.path }}
+              </span>
+              <NTag v-if="configEditorStates[block.id].exists === false" size="small" type="warning">
+                {{ t('codingAgents.configFileNotCreated') }}
+              </NTag>
+            </div>
+            <NSpin :show="configEditorStates[block.id].loading">
+              <NInput
+                v-model:value="configEditorStates[block.id].content"
+                type="textarea"
+                class="config-textarea"
+                :disabled="configEditorStates[block.id].loading"
+              />
+            </NSpin>
+            <div class="config-editor-actions">
+              <NSpace justify="end">
+                <NButton
+                  size="small"
+                  type="primary"
+                  :loading="configEditorStates[block.id].saving"
+                  :disabled="configEditorStates[block.id].loading || !hasConfigUnsavedChanges(block.id)"
+                  @click="saveConfigFile(block.id)"
+                >
+                  {{ t('files.saveFile') }}
+                </NButton>
+                <NButton
+                  size="small"
+                  type="primary"
+                  :disabled="!statusFor(block.id)?.installed"
+                  @click="openLaunchModal(block.id)"
+                >
+                  {{ t('codingAgents.launch') }}
+                </NButton>
+              </NSpace>
+            </div>
+          </div>
+        </section>
+      </div>
+    </div>
+
+    <NModal
+      v-model:show="launchModalVisible"
+      preset="card"
+      class="launch-modal"
+      :style="{ width: '620px', maxWidth: 'calc(100vw - 32px)' }"
+      :title="t('codingAgents.launchTitle')"
+      :bordered="false"
+    >
+      <NSpin :show="launchLoading">
+        <NForm label-placement="top">
+          <NFormItem :label="t('codingAgents.profileScope')">
+            <NTag size="small">{{ activeProfileName }}</NTag>
+          </NFormItem>
+          <NFormItem :label="t('codingAgents.launchModeScope')">
+            <NRadioGroup
+              v-model:value="launchMode"
+              name="coding-agent-launch-mode"
+              :theme-overrides="launchModeThemeOverrides"
+            >
+              <NRadioButton
+                v-for="option in launchModeOptions"
+                :key="option.value"
+                :value="option.value"
+              >
+                {{ option.label }}
+              </NRadioButton>
+            </NRadioGroup>
+          </NFormItem>
+          <NFormItem v-if="!useGlobalLaunchConfig" :label="t('codingAgents.providerScope')">
+            <NSelect
+              v-model:value="launchProvider"
+              :options="launchProviderOptions"
+              :placeholder="t('codingAgents.providerPlaceholder')"
+              filterable
+              @update:value="handleLaunchProviderChange"
+            />
+          </NFormItem>
+          <NFormItem v-if="!useGlobalLaunchConfig" :label="t('codingAgents.modelScope')">
+            <NSelect
+              v-model:value="launchModel"
+              :options="launchModelOptions"
+              :placeholder="t('codingAgents.modelPlaceholder')"
+              filterable
+            />
+          </NFormItem>
+          <NFormItem v-if="!useGlobalLaunchConfig" :label="t('codingAgents.protocolScope')">
+            <NSelect
+              v-model:value="launchApiMode"
+              :options="launchProtocolOptions"
+            />
+          </NFormItem>
+        </NForm>
+      </NSpin>
+      <template #footer>
+        <NSpace justify="end">
+          <NButton
+            secondary
+            :loading="launchPreparing"
+            :disabled="nativeLaunchPreparing"
+            @click="launchBuiltInTerminal"
+          >
+            {{ t('codingAgents.builtInTerminal') }}
+          </NButton>
+          <NButton
+            type="primary"
+            :loading="nativeLaunchPreparing"
+            :disabled="launchPreparing"
+            @click="launchNativeTerminal"
+          >
+            {{ t('codingAgents.nativeTerminal') }}
+          </NButton>
+        </NSpace>
+      </template>
+    </NModal>
+
+    <Teleport to="body">
+      <div v-if="terminalVisible" class="drawer-overlay" @click="terminalVisible = false"></div>
+      <div :class="['drawer-panel', { show: terminalVisible }]">
+        <div class="drawer-header">
+          <div class="drawer-tabs">
+            <button class="tab-button active" type="button">
+              {{ t('codingAgents.terminalTitle') }}
+            </button>
+          </div>
+          <button class="close-button" type="button" @click="terminalVisible = false">
+            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+              <line x1="18" y1="6" x2="6" y2="18" />
+              <line x1="6" y1="6" x2="18" y2="18" />
+            </svg>
+          </button>
+        </div>
+
+        <div class="drawer-content">
+          <div class="drawer-pane">
+            <TerminalPanel
+              :key="terminalKey"
+              :visible="terminalVisible"
+              :initial-command="terminalCommand"
+            />
+          </div>
+        </div>
+      </div>
+    </Teleport>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.coding-agents-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.coding-agents-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+  background: $bg-secondary;
+}
+
+.content-description {
+  margin: 0 0 14px;
+  color: $text-secondary;
+  font-size: 12px;
+  line-height: 1.35;
+}
+
+.agent-blocks {
+  display: grid;
+  grid-template-columns: repeat(2, minmax(0, 1fr));
+  gap: 14px;
+}
+
+.agent-block {
+  border: 1px solid $border-light;
+  border-radius: $radius-md;
+  background: $bg-card;
+  overflow: hidden;
+}
+
+.status-alert {
+  margin-bottom: 14px;
+}
+
+.agent-block-header {
+  padding: 14px;
+  display: grid;
+  grid-template-columns: 36px minmax(0, 1fr);
+  align-items: flex-start;
+  gap: 12px;
+  border-bottom: 1px solid $border-light;
+
+  h3 {
+    margin: 0;
+    font-size: 16px;
+    line-height: 1.2;
+  }
+}
+
+.provider-tag {
+  margin-top: 8px;
+}
+
+.agent-logo {
+  width: 36px;
+  height: 36px;
+  object-fit: contain;
+  border-radius: 8px;
+  background: $bg-secondary;
+  padding: 6px;
+}
+
+.agent-install-state {
+  min-height: 58px;
+  padding: 10px 14px;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 10px;
+  border-bottom: 1px solid $border-light;
+}
+
+.install-state-main {
+  min-width: 0;
+  display: flex;
+  flex-direction: column;
+  gap: 7px;
+}
+
+.install-state-title {
+  color: $text-secondary;
+  font-size: 12px;
+  line-height: 1.2;
+}
+
+.install-state-value {
+  min-width: 0;
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+
+.version-text {
+  min-width: 0;
+  color: $text-secondary;
+  font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
+  font-size: 13px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.config-file-section {
+  padding: 12px 14px;
+  border-bottom: 1px solid $border-light;
+}
+
+.config-file-title {
+  margin-bottom: 8px;
+  color: $text-secondary;
+  font-size: 12px;
+  line-height: 1.2;
+}
+
+.config-file-list {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px;
+}
+
+.config-file-cell {
+  border: none;
+  color: $text-secondary;
+  background: $code-bg;
+  padding: 3px 6px;
+  border-radius: 6px;
+  cursor: pointer;
+  font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
+  font-size: 12px;
+
+  &:hover {
+    color: $text-primary;
+    background: $bg-card-hover;
+  }
+
+  &.active {
+    color: $text-primary;
+    background: $bg-card-hover;
+    box-shadow: inset 0 0 0 1px $border-color;
+  }
+}
+
+.config-editor-meta {
+  min-height: 28px;
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  margin-bottom: 8px;
+}
+
+.config-editor-path {
+  min-width: 0;
+  color: $text-secondary;
+  font-size: 12px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.inline-config-editor {
+  padding: 12px 14px 14px;
+}
+
+.config-textarea {
+  width: 100%;
+  height: 300px;
+
+  :deep(.n-input-wrapper),
+  :deep(.n-input__textarea) {
+    height: 100%;
+  }
+
+  :deep(.n-input__textarea-el) {
+    height: 100%;
+    font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
+    font-size: 12px;
+    line-height: 1.5;
+  }
+}
+
+.config-editor-actions {
+  display: flex;
+  justify-content: flex-end;
+  padding-top: 12px;
+}
+
+.launch-modal {
+  max-width: 620px;
+}
+
+.launch-result {
+  margin-top: 4px;
+  padding: 12px;
+  border: 1px solid $border-light;
+  border-radius: $radius-sm;
+  background: $bg-secondary;
+
+  code {
+    display: block;
+    margin-bottom: 10px;
+    color: $text-primary;
+    word-break: break-all;
+  }
+
+  pre {
+    margin: 0;
+    padding: 10px;
+    border-radius: $radius-sm;
+    background: $code-bg;
+    color: $text-primary;
+    white-space: pre-wrap;
+    word-break: break-all;
+  }
+}
+
+.launch-result-label {
+  margin-bottom: 6px;
+  font-size: 12px;
+  color: $text-secondary;
+}
+
+.drawer-overlay {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background: rgba(0, 0, 0, 0.5);
+  z-index: 999;
+}
+
+.drawer-panel {
+  position: fixed;
+  top: 0;
+  right: min(-1180px, -88vw);
+  width: min(1180px, 88vw);
+  height: calc(100 * var(--vh));
+  max-height: calc(100 * var(--vh));
+  background: $bg-card;
+  box-shadow: -2px 0 8px rgba(0, 0, 0, 0.15);
+  display: flex;
+  flex-direction: column;
+  z-index: 1000;
+  transition: right 0.3s ease;
+
+  &.show {
+    right: 0;
+  }
+}
+
+.drawer-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 16px;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+}
+
+.drawer-tabs {
+  display: flex;
+  gap: 8px;
+}
+
+.tab-button {
+  padding: 8px 16px;
+  border: none;
+  background: transparent;
+  color: $text-secondary;
+  cursor: pointer;
+  font-size: 14px;
+  font-weight: 500;
+  border-bottom: 2px solid transparent;
+  transition: all 0.2s;
+  flex-shrink: 0;
+  white-space: nowrap;
+  border-radius: $radius-sm;
+
+  &:hover {
+    color: $text-primary;
+    background: rgba(var(--accent-primary-rgb), 0.05);
+  }
+
+  &.active {
+    color: var(--accent-primary);
+    background: rgba(var(--accent-primary-rgb), 0.1);
+  }
+}
+
+.close-button {
+  padding: 8px;
+  border: none;
+  background: rgba(var(--accent-primary-rgb), 0.08);
+  color: $text-secondary;
+  cursor: pointer;
+  border-radius: $radius-sm;
+  transition: all 0.2s;
+  flex-shrink: 0;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+
+  &:hover {
+    color: $text-primary;
+    background: rgba(var(--accent-primary-rgb), 0.15);
+  }
+}
+
+.drawer-content {
+  flex: 1;
+  overflow: hidden;
+  position: relative;
+  min-height: 0;
+}
+
+.drawer-pane {
+  height: 100%;
+  overflow: auto;
+}
+
+@media (max-width: 760px) {
+  .agent-blocks {
+    grid-template-columns: 1fr;
+  }
+
+  .coding-agents-content {
+    padding: 14px;
+  }
+
+  .drawer-panel {
+    width: 100%;
+    right: -100%;
+
+    &.show {
+      right: 0;
+    }
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/FilesView.vue b/packages/client/src/views/hermes/FilesView.vue
new file mode 100644
index 0000000..053deb3
--- /dev/null
+++ b/packages/client/src/views/hermes/FilesView.vue
@@ -0,0 +1,128 @@
+<script setup lang="ts">
+import { ref, onMounted } from 'vue'
+import { useFilesStore } from '@/stores/hermes/files'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import FileTree from '@/components/hermes/files/FileTree.vue'
+import FileBreadcrumb from '@/components/hermes/files/FileBreadcrumb.vue'
+import FileToolbar from '@/components/hermes/files/FileToolbar.vue'
+import FileList from '@/components/hermes/files/FileList.vue'
+import FileContextMenu from '@/components/hermes/files/FileContextMenu.vue'
+import FileEditor from '@/components/hermes/files/FileEditor.vue'
+import FilePreview from '@/components/hermes/files/FilePreview.vue'
+import FileUploadModal from '@/components/hermes/files/FileUploadModal.vue'
+import FileRenameModal from '@/components/hermes/files/FileRenameModal.vue'
+import type { FileEntry } from '@/api/hermes/files'
+
+const filesStore = useFilesStore()
+const profilesStore = useProfilesStore()
+
+const contextMenuRef = ref<InstanceType<typeof FileContextMenu> | null>(null)
+const showUpload = ref(false)
+const showRenameModal = ref(false)
+const renameMode = ref<'newFile' | 'newFolder' | 'rename'>('newFile')
+const renameEntry = ref<FileEntry | null>(null)
+
+function handleContextMenu(e: MouseEvent, entry: FileEntry) {
+  contextMenuRef.value?.show(e, entry)
+}
+
+function handleShowNewFile() {
+  renameMode.value = 'newFile'
+  renameEntry.value = null
+  showRenameModal.value = true
+}
+
+function handleShowNewFolder() {
+  renameMode.value = 'newFolder'
+  renameEntry.value = null
+  showRenameModal.value = true
+}
+
+function handleRename(entry: FileEntry) {
+  renameMode.value = 'rename'
+  renameEntry.value = entry
+  showRenameModal.value = true
+}
+
+async function loadRoot() {
+  if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+    await profilesStore.fetchProfiles()
+  }
+  await filesStore.fetchEntries('')
+}
+
+onMounted(() => {
+  void loadRoot()
+})
+</script>
+
+<template>
+  <div class="files-view">
+    <div class="files-tree-panel">
+      <FileTree />
+    </div>
+    <div class="files-main-panel">
+      <FileToolbar
+        @show-new-file="handleShowNewFile"
+        @show-new-folder="handleShowNewFolder"
+        @show-upload="showUpload = true"
+      />
+      <FileBreadcrumb />
+      <div class="files-content">
+        <FileEditor v-if="filesStore.editingFile" />
+        <FilePreview v-else-if="filesStore.previewFile" />
+        <FileList v-else @contextmenu-entry="handleContextMenu" />
+      </div>
+    </div>
+    <FileContextMenu ref="contextMenuRef" @rename="handleRename" />
+    <FileUploadModal v-model:show="showUpload" />
+    <FileRenameModal v-model:show="showRenameModal" :mode="renameMode" :entry="renameEntry" />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.files-view {
+  display: flex;
+  height: 100%;
+  overflow: hidden;
+}
+
+.files-tree-panel {
+  width: 240px;
+  min-width: 180px;
+  max-width: 400px;
+  border-right: 1px solid $border-color;
+  overflow-y: auto;
+  flex-shrink: 0;
+}
+
+.files-main-panel {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  min-width: 0;
+  overflow: hidden;
+}
+
+.files-content {
+  flex: 1;
+  overflow-y: auto;
+  min-height: 0;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .files-view {
+    flex-direction: column;
+  }
+
+  .files-tree-panel {
+    width: 100%;
+    max-width: none;
+    height: 200px;
+    border-right: none;
+    border-bottom: 1px solid $border-color;
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/GroupChatView.vue b/packages/client/src/views/hermes/GroupChatView.vue
new file mode 100644
index 0000000..de7176b
--- /dev/null
+++ b/packages/client/src/views/hermes/GroupChatView.vue
@@ -0,0 +1,59 @@
+<script setup lang="ts">
+import { computed, onMounted, onUnmounted, watch } from 'vue'
+import { useRoute, useRouter } from 'vue-router'
+import GroupChatPanel from '@/components/hermes/group-chat/GroupChatPanel.vue'
+import { useGroupChatStore } from '@/stores/hermes/group-chat'
+
+const store = useGroupChatStore()
+const route = useRoute()
+const router = useRouter()
+
+const routeRoomId = computed(() => {
+    const value = route.params.roomId
+    return typeof value === 'string' && value.trim() ? value : null
+})
+
+async function syncRouteRoom() {
+    const roomId = routeRoomId.value
+    if (!roomId) return
+
+    if (!store.rooms.some(room => room.id === roomId)) {
+        await router.replace({ name: 'hermes.groupChat' })
+        return
+    }
+
+    if (store.currentRoomId !== roomId) {
+        await store.joinRoom(roomId)
+    }
+}
+
+onMounted(async () => {
+    store.connect()
+    await store.loadRooms()
+    await syncRouteRoom()
+})
+
+watch(routeRoomId, async (roomId) => {
+    if (!roomId) return
+    if (store.rooms.length === 0) return
+    await syncRouteRoom()
+})
+
+onUnmounted(() => {
+    store.disconnect()
+})
+</script>
+
+<template>
+    <div class="group-chat-view">
+        <GroupChatPanel />
+    </div>
+</template>
+
+<style scoped lang="scss">
+.group-chat-view {
+    height: calc(100 * var(--vh));
+    display: flex;
+    flex-direction: column;
+}
+</style>
diff --git a/packages/client/src/views/hermes/HistoryView.vue b/packages/client/src/views/hermes/HistoryView.vue
new file mode 100644
index 0000000..40bd911
--- /dev/null
+++ b/packages/client/src/views/hermes/HistoryView.vue
@@ -0,0 +1,1226 @@
+<script setup lang="ts">
+import { computed, onMounted, onUnmounted, ref, watch } from 'vue'
+import { useRoute, useRouter } from 'vue-router'
+import { type Session } from '@/stores/hermes/chat'
+import { useAppStore } from '@/stores/hermes/app'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { useSessionBrowserPrefsStore } from '@/stores/hermes/session-browser-prefs'
+import { NButton, NDropdown, NPopconfirm, NTooltip, useMessage, type DropdownOption } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { getSourceLabel } from '@/shared/session-display'
+import { copyToClipboard } from '@/utils/clipboard'
+import HistoryMessageList from '@/components/hermes/chat/HistoryMessageList.vue'
+import SessionListItem from '@/components/hermes/chat/SessionListItem.vue'
+import OutlinePanel from '@/components/hermes/chat/OutlinePanel.vue'
+import { batchDeleteSessions, deleteSession, fetchHermesSessions, fetchHermesSession, fetchSessionMessagesPage, importHermesSession, type HermesMessage, type SessionSummary } from '@/api/hermes/sessions'
+
+const appStore = useAppStore()
+const profilesStore = useProfilesStore()
+const sessionBrowserPrefsStore = useSessionBrowserPrefsStore()
+const message = useMessage()
+const { t } = useI18n()
+const route = useRoute()
+const router = useRouter()
+
+const routeSessionId = computed(() => {
+  const value = route.params.sessionId
+  return typeof value === 'string' && value.trim() ? value : null
+})
+
+const routeProfile = computed(() => {
+  const value = route.query.profile
+  return typeof value === 'string' && value.trim() ? value : null
+})
+
+const effectiveHistoryProfile = computed(() => profilesStore.activeProfileName || routeProfile.value || null)
+
+// Hermes history sessions (exclude api_server)
+const hermesSessions = ref<SessionSummary[]>([])
+const hermesSessionsLoading = ref(false)
+const hermesSessionsLoaded = ref(false)
+// History page's own selected session (independent from chatStore)
+const historySessionId = ref<string | null>(null)
+const historySession = ref<Session | null>(null)
+const showOutline = ref(false)
+const historyMessageListRef = ref<InstanceType<typeof HistoryMessageList> | null>(null)
+const isBatchMode = ref(false)
+const isBatchDeleting = ref(false)
+const showBatchDeleteConfirm = ref(false)
+const selectedSessionKeys = ref<Set<string>>(new Set())
+const contextSessionId = ref<string | null>(null)
+const showContextMenu = ref(false)
+const contextMenuX = ref(0)
+const contextMenuY = ref(0)
+let hermesSessionsRequestId = 0
+
+const HISTORY_PAGE_SIZE = 300
+
+function handleOutlineNavigate(target: { messageId: string; anchorId: string }) {
+  historyMessageListRef.value?.scrollToAnchor(target.messageId, target.anchorId)
+}
+
+async function loadHermesSessions() {
+  const requestId = ++hermesSessionsRequestId
+  hermesSessionsLoading.value = true
+  try {
+    const sessions = await fetchHermesSessions(undefined, undefined, effectiveHistoryProfile.value)
+    if (requestId !== hermesSessionsRequestId) return
+    hermesSessions.value = sessions
+    hermesSessionsLoaded.value = true
+  } catch (err) {
+    console.error('Failed to load Hermes sessions:', err)
+  } finally {
+    if (requestId === hermesSessionsRequestId) {
+      hermesSessionsLoading.value = false
+    }
+  }
+}
+
+// Initialize synchronously from the media query so first paint is correct.
+const showSessions = ref(
+  typeof window === 'undefined' || !window.matchMedia('(max-width: 768px)').matches,
+)
+let mobileQuery: MediaQueryList | null = null
+const isMobile = ref(false)
+
+function findHistorySession(sessionId: string): SessionSummary | undefined {
+  return hermesSessions.value.find(session => session.id === sessionId)
+}
+
+const contextSessionSummary = computed(() =>
+  contextSessionId.value ? findHistorySession(contextSessionId.value) || null : null,
+)
+
+const contextSessionPinned = computed(() =>
+  contextSessionId.value ? sessionBrowserPrefsStore.isPinned(contextSessionId.value) : false,
+)
+
+const contextMenuOptions = computed<DropdownOption[]>(() => {
+  const options: DropdownOption[] = [
+    {
+      label: t('chat.importToWebUi'),
+      key: 'import-webui',
+      disabled: Boolean(contextSessionSummary.value?.webui_imported),
+    },
+    { label: t(contextSessionPinned.value ? 'chat.unpin' : 'chat.pin'), key: 'pin' },
+    { label: t('chat.copySessionLink'), key: 'copy-link' },
+    { label: t('chat.copySessionId'), key: 'copy-id' },
+  ]
+  return options
+})
+
+function mapHistoryMessages(messages: HermesMessage[]): Session['messages'] {
+  return messages.map(m => {
+    const msg: Session['messages'][number] = {
+      id: String(m.id),
+      role: m.role,
+      content: m.content || '',
+      timestamp: m.timestamp * 1000,
+      reasoning: m.reasoning || undefined,
+      systemType: m.role === 'command' ? 'command' : undefined,
+    }
+
+    if (m.role === 'tool') {
+      msg.toolName = m.tool_name || undefined
+      msg.toolCallId = m.tool_call_id || undefined
+      msg.toolArgs = m.tool_calls?.[0]?.function?.arguments
+        ? JSON.stringify(m.tool_calls[0].function.arguments)
+        : undefined
+      msg.toolStatus = 'done'
+      msg.toolResult = m.content || undefined
+      msg.content = ''
+    }
+
+    return msg
+  })
+}
+
+function sessionFromSummary(summary: SessionSummary, messages: Session['messages'] = []): Session {
+  return {
+    id: summary.id,
+    profile: summary.profile || undefined,
+    title: summary.title || '',
+    source: summary.source,
+    createdAt: summary.started_at * 1000,
+    updatedAt: (summary.last_active || summary.ended_at || summary.started_at) * 1000,
+    model: summary.model,
+    provider: summary.provider,
+    messageCount: summary.message_count,
+    messageTotal: summary.message_count,
+    loadedMessageCount: messages.length,
+    hasMoreBefore: false,
+    inputTokens: summary.input_tokens,
+    outputTokens: summary.output_tokens,
+    endedAt: summary.ended_at ? summary.ended_at * 1000 : undefined,
+    lastActiveAt: summary.last_active ? summary.last_active * 1000 : undefined,
+    workspace: summary.workspace || undefined,
+    messages,
+  }
+}
+
+async function loadHistorySession(sessionId: string, profile?: string | null) {
+  const summary = findHistorySession(sessionId)
+  const sessionProfile = profile || summary?.profile || null
+  const page = await fetchSessionMessagesPage(sessionId, 0, HISTORY_PAGE_SIZE, sessionProfile)
+  let sessionData: Session | null = null
+
+  if (page) {
+    const base = summary || page.session
+    sessionData = sessionFromSummary(base, mapHistoryMessages(page.messages))
+    sessionData.profile = summary?.profile || sessionProfile || undefined
+    sessionData.messageCount = page.total
+    sessionData.messageTotal = page.total
+    sessionData.loadedMessageCount = page.messages.length
+    sessionData.hasMoreBefore = page.hasMore
+  } else {
+    // Some imported/legacy Hermes sessions may only exist in Hermes state.db.
+    // Keep the old full-detail path as a compatibility fallback.
+    const sessionDetail = await fetchHermesSession(sessionId, sessionProfile)
+    if (!sessionDetail) {
+      message.error(t('chat.sessionNotFound'))
+      return
+    }
+
+    sessionData = {
+      id: sessionDetail.id,
+      profile: sessionDetail.profile || sessionProfile || undefined,
+      title: sessionDetail.title || '',
+      source: sessionDetail.source,
+      createdAt: sessionDetail.started_at * 1000,
+      updatedAt: (sessionDetail.last_active || sessionDetail.started_at) * 1000,
+      model: sessionDetail.model,
+      provider: sessionDetail.provider,
+      messageCount: sessionDetail.message_count,
+      messageTotal: sessionDetail.message_count,
+      loadedMessageCount: sessionDetail.messages.length,
+      hasMoreBefore: false,
+      inputTokens: sessionDetail.input_tokens,
+      outputTokens: sessionDetail.output_tokens,
+      endedAt: sessionDetail.ended_at ? sessionDetail.ended_at * 1000 : undefined,
+      lastActiveAt: sessionDetail.last_active ? sessionDetail.last_active * 1000 : undefined,
+      workspace: sessionDetail.workspace || undefined,
+      messages: mapHistoryMessages(sessionDetail.messages),
+    }
+  }
+
+  // Set history page's own session state (independent from chatStore)
+  historySessionId.value = sessionData.id
+  historySession.value = sessionData
+
+  if (mobileQuery?.matches) showSessions.value = false
+}
+
+async function loadOlderHistoryMessages(sessionId: string): Promise<boolean> {
+  const target = historySession.value
+  if (!target || target.id !== sessionId || target.isLoadingOlderMessages || !target.hasMoreBefore) return false
+  const offset = target.loadedMessageCount || 0
+  target.isLoadingOlderMessages = true
+  try {
+    const page = await fetchSessionMessagesPage(sessionId, offset, HISTORY_PAGE_SIZE, target.profile)
+    if (!page || page.messages.length === 0) {
+      target.hasMoreBefore = false
+      return false
+    }
+
+    const existingIds = new Set(target.messages.map(message => message.id))
+    const olderMessages = mapHistoryMessages(page.messages).filter(message => !existingIds.has(message.id))
+    target.messages = [...olderMessages, ...target.messages]
+    target.loadedMessageCount = offset + page.messages.length
+    target.messageTotal = page.total
+    target.messageCount = page.total
+    target.hasMoreBefore = page.hasMore
+    return olderMessages.length > 0
+  } catch (err) {
+    console.error('Failed to load older history messages:', err)
+    return false
+  } finally {
+    target.isLoadingOlderMessages = false
+  }
+}
+
+async function handleSessionClick(sessionId: string, profile?: string | null) {
+  await router.push({
+    name: 'hermes.historySession',
+    params: { sessionId },
+    query: profile ? { profile } : undefined,
+  })
+}
+
+async function openDefaultHistorySession(replace = false) {
+  const firstCliSession = hermesSessions.value.find(s => s.source === 'cli')
+  const firstSession = firstCliSession || hermesSessions.value[0]
+  if (!firstSession) {
+    historySessionId.value = null
+    historySession.value = null
+    if (routeSessionId.value) await router.replace({ name: 'hermes.history' })
+    return
+  }
+
+  if (collapsedGroups.value.has(firstSession.source)) {
+    collapsedGroups.value = new Set([...collapsedGroups.value].filter(source => source !== firstSession.source))
+  }
+
+  const location = {
+    name: 'hermes.historySession',
+    params: { sessionId: firstSession.id },
+    query: firstSession.profile ? { profile: firstSession.profile } : undefined,
+  }
+  if (replace) await router.replace(location)
+  else await router.push(location)
+}
+
+async function syncRouteSession() {
+  const sessionId = routeSessionId.value
+  if (!sessionId) return
+
+  if (!hermesSessions.value.some(s => s.id === sessionId)) {
+    historySessionId.value = null
+    historySession.value = null
+    await router.replace({ name: 'hermes.history' })
+    return
+  }
+
+  const sessionProfile = routeProfile.value || findHistorySession(sessionId)?.profile || null
+  const currentProfile = historySession.value?.profile || null
+  if (historySessionId.value !== sessionId || currentProfile !== sessionProfile) {
+    historySessionId.value = sessionId
+    historySession.value = null
+    await loadHistorySession(sessionId, sessionProfile)
+  }
+}
+
+function handleMobileChange(e: MediaQueryListEvent | MediaQueryList) {
+  isMobile.value = e.matches
+  if (e.matches && showSessions.value) {
+    showSessions.value = false
+  }
+}
+
+onMounted(async () => {
+  appStore.loadModels()
+  await profilesStore.fetchProfiles()
+  await loadHermesSessions()
+  await syncRouteSession()
+
+  mobileQuery = window.matchMedia('(max-width: 768px)')
+  handleMobileChange(mobileQuery)
+  mobileQuery.addEventListener('change', handleMobileChange)
+})
+
+onUnmounted(() => {
+  mobileQuery?.removeEventListener('change', handleMobileChange)
+})
+
+watch([routeSessionId, routeProfile], async ([sessionId]) => {
+  if (!sessionId) {
+    historySessionId.value = null
+    historySession.value = null
+    return
+  }
+  if (!hermesSessionsLoaded.value) return
+  if (routeProfile.value && !hermesSessions.value.some(s => s.profile === routeProfile.value)) {
+    await loadHermesSessions()
+  }
+  await syncRouteSession()
+})
+
+watch(() => profilesStore.activeProfileName, async () => {
+  if (!hermesSessionsLoaded.value) return
+  if (profilesStore.switching) return
+  historySessionId.value = null
+  historySession.value = null
+  await loadHermesSessions()
+  await openDefaultHistorySession(true)
+})
+
+const collapsedGroups = ref<Set<string>>(new Set(JSON.parse(localStorage.getItem('hermes_collapsed_groups') || '[]')))
+
+// Convert SessionSummary to Session format
+function sessionSummaryToSession(summary: SessionSummary): Session {
+  return {
+    id: summary.id,
+    profile: summary.profile || undefined,
+    title: summary.title || '',
+    source: summary.source,
+    createdAt: summary.started_at * 1000,
+    updatedAt: (summary.last_active || summary.started_at) * 1000,
+    model: summary.model,
+    provider: summary.provider,
+    messageCount: summary.message_count,
+    inputTokens: summary.input_tokens,
+    outputTokens: summary.output_tokens,
+    endedAt: summary.ended_at ? summary.ended_at * 1000 : undefined,
+    lastActiveAt: summary.last_active ? summary.last_active * 1000 : undefined,
+    workspace: summary.workspace || undefined,
+    messages: [],
+  }
+}
+
+// Computed sessions from Hermes API
+const historySessions = computed<Session[]>(() =>
+  hermesSessions.value.map(sessionSummaryToSession)
+)
+
+function sessionSelectionKey(session: Pick<Session, 'id' | 'profile'>): string {
+  return `${session.profile || 'default'}\u0000${session.id}`
+}
+
+function toggleBatchMode() {
+  if (isBatchDeleting.value) return
+  isBatchMode.value = !isBatchMode.value
+  if (!isBatchMode.value) {
+    selectedSessionKeys.value.clear()
+    showBatchDeleteConfirm.value = false
+  }
+}
+
+function toggleSessionSelection(session: Session) {
+  if (isBatchDeleting.value) return
+  const key = sessionSelectionKey(session)
+  if (selectedSessionKeys.value.has(key)) {
+    selectedSessionKeys.value.delete(key)
+  } else {
+    selectedSessionKeys.value.add(key)
+  }
+  selectedSessionKeys.value = new Set(selectedSessionKeys.value)
+  if (selectedSessionKeys.value.size === 0) {
+    showBatchDeleteConfirm.value = false
+  }
+}
+
+function isSessionSelected(session: Session): boolean {
+  return selectedSessionKeys.value.has(sessionSelectionKey(session))
+}
+
+function toggleSelectAllSessions() {
+  if (isBatchDeleting.value) return
+  if (allSessionsSelected.value) {
+    selectedSessionKeys.value.clear()
+    selectedSessionKeys.value = new Set(selectedSessionKeys.value)
+    showBatchDeleteConfirm.value = false
+    return
+  }
+  selectedSessionKeys.value.clear()
+  for (const session of historySessions.value) {
+    selectedSessionKeys.value.add(sessionSelectionKey(session))
+  }
+  selectedSessionKeys.value = new Set(selectedSessionKeys.value)
+}
+
+const selectedCount = computed(() => selectedSessionKeys.value.size)
+const canSelectAll = computed(() => historySessions.value.length > 0)
+const allSessionsSelected = computed(() =>
+  historySessions.value.length > 0 && selectedSessionKeys.value.size === historySessions.value.length
+)
+
+// Source sort order: api_server first, cron last, others alphabetical
+function sourceSortKey(source: string): number {
+  if (source === 'api_server') return -1
+  if (source === 'cron') return 999
+  return 0
+}
+
+function sortSessionsWithActiveFirst(items: Session[]): Session[] {
+  return [...items].sort((a, b) => {
+    return (b.updatedAt || 0) - (a.updatedAt || 0)
+  })
+}
+
+// Group sessions by source, with sort order
+interface SessionGroup {
+  source: string
+  label: string
+  sessions: Session[]
+}
+
+const pinnedSessions = computed(() =>
+  sortSessionsWithActiveFirst(historySessions.value.filter(session => sessionBrowserPrefsStore.isPinned(session.id))),
+)
+
+const groupedSessions = computed<SessionGroup[]>(() => {
+  const map = new Map<string, Session[]>()
+  for (const s of historySessions.value) {
+    if (sessionBrowserPrefsStore.isPinned(s.id)) continue
+    const key = s.source || ''
+    if (!map.has(key)) map.set(key, [])
+    map.get(key)!.push(s)
+  }
+
+  const keys = [...map.keys()].sort((a, b) => {
+    const ka = sourceSortKey(a)
+    const kb = sourceSortKey(b)
+    if (ka !== kb) return ka - kb
+    return a.localeCompare(b)
+  })
+
+  return keys.map(key => ({
+    source: key,
+    label: key ? getSourceLabel(key) : t('chat.other'),
+    sessions: sortSessionsWithActiveFirst(map.get(key)!),
+  }))
+})
+
+function toggleGroup(source: string) {
+  const isExpanded = !collapsedGroups.value.has(source)
+  if (isExpanded) {
+    collapsedGroups.value = new Set([...collapsedGroups.value, source])
+  } else {
+    collapsedGroups.value = new Set(
+      groupedSessions.value.map(g => g.source).filter(s => s !== source),
+    )
+    const group = groupedSessions.value.find(g => g.source === source)
+    if (group?.sessions.length) {
+      // Auto-select and load first session when expanding group
+      void handleSessionClick(group.sessions[0].id, group.sessions[0].profile)
+    }
+  }
+  localStorage.setItem('hermes_collapsed_groups', JSON.stringify([...collapsedGroups.value]))
+}
+
+watch(groupedSessions, groups => {
+  if (localStorage.getItem('hermes_collapsed_groups') !== null) {
+    const activeSource = historySession.value?.source
+    if (activeSource && collapsedGroups.value.has(activeSource)) {
+      collapsedGroups.value = new Set([...collapsedGroups.value].filter(source => source !== activeSource))
+      localStorage.setItem('hermes_collapsed_groups', JSON.stringify([...collapsedGroups.value]))
+    }
+    return
+  }
+  // Default: collapse all groups except the first one
+  if (groups.length > 0) {
+    collapsedGroups.value = new Set(groups.slice(1).map(group => group.source))
+    localStorage.setItem('hermes_collapsed_groups', JSON.stringify([...collapsedGroups.value]))
+  }
+}, { once: true })
+
+// Auto-load the first CLI session when Hermes sessions are loaded.
+watch(hermesSessionsLoaded, (loaded) => {
+  if (loaded && hermesSessions.value.length > 0 && !routeSessionId.value) {
+    void openDefaultHistorySession(false)
+  }
+}, { once: true })
+
+const activeSessionTitle = computed(() =>
+  historySession.value?.title || t('chat.newChat'),
+)
+
+const activeSessionSource = computed(() =>
+  historySession.value?.source || '',
+)
+
+async function copySessionId(id?: string) {
+  const sessionId = id || historySessionId.value
+  if (sessionId) {
+    const ok = await copyToClipboard(sessionId)
+    if (ok) message.success(t('common.copied'))
+    else message.error(t('common.copied') + ' ✗')
+  }
+}
+
+function historySessionProfile(sessionId: string): string | null {
+  return historySession.value?.id === sessionId
+    ? historySession.value.profile || null
+    : findHistorySession(sessionId)?.profile || null
+}
+
+function buildHistorySessionUrl(sessionId: string, profile?: string | null) {
+  const href = router.resolve({
+    name: 'hermes.historySession',
+    params: { sessionId },
+    query: profile ? { profile } : undefined,
+  }).href
+  return `${window.location.origin}${window.location.pathname}${href}`
+}
+
+async function copySessionLink(id?: string) {
+  const sessionId = id || historySessionId.value
+  if (sessionId) {
+    const ok = await copyToClipboard(buildHistorySessionUrl(sessionId, historySessionProfile(sessionId)))
+    if (ok) message.success(t('common.copied'))
+    else message.error(t('common.copied') + ' ✗')
+  }
+}
+
+function handleContextMenu(e: MouseEvent, sessionId: string) {
+  e.preventDefault()
+  contextSessionId.value = sessionId
+  showContextMenu.value = true
+  contextMenuX.value = e.clientX
+  contextMenuY.value = e.clientY
+}
+
+function handleClickOutside() {
+  showContextMenu.value = false
+}
+
+async function handleImportToWebUi(sessionId: string) {
+  const summary = findHistorySession(sessionId)
+  try {
+    const result = await importHermesSession(sessionId, summary?.profile || null)
+    if (result.ok) {
+      message.success(t(result.imported ? 'chat.importSessionSuccess' : 'chat.importSessionAlreadyExists'))
+      await loadHermesSessions()
+      return
+    }
+  } catch {
+    // Fall through to the shared failure message.
+  }
+  message.error(t('chat.importSessionFailed'))
+}
+
+async function handleContextMenuSelect(key: string) {
+  showContextMenu.value = false
+  if (!contextSessionId.value) return
+  if (key === 'pin') {
+    sessionBrowserPrefsStore.togglePinned(contextSessionId.value)
+  } else if (key === 'copy-link') {
+    await copySessionLink(contextSessionId.value)
+  } else if (key === 'copy-id') {
+    await copySessionId(contextSessionId.value)
+  } else if (key === 'import-webui') {
+    await handleImportToWebUi(contextSessionId.value)
+  }
+}
+
+async function handleDeleteSession(id: string, profile?: string | null) {
+  const summary = findHistorySession(id)
+  const sessionProfile = profile || summary?.profile || null
+  const ok = await deleteSession(id, sessionProfile)
+  if (!ok) {
+    message.error(t('common.deleteFailed'))
+    return
+  }
+
+  sessionBrowserPrefsStore.removePinned(id)
+  hermesSessions.value = hermesSessions.value.filter(s => s.id !== id)
+
+  if (historySessionId.value === id) {
+    historySessionId.value = null
+    historySession.value = null
+    const next = historySessions.value[0]
+    if (next) await handleSessionClick(next.id, next.profile)
+    else await router.replace({ name: 'hermes.history' })
+  }
+
+  message.success(t('chat.sessionDeleted'))
+}
+
+async function handleBatchDelete() {
+  if (selectedSessionKeys.value.size === 0 || isBatchDeleting.value) return
+
+  const sessionsByKey = new Map(historySessions.value.map(session => [sessionSelectionKey(session), session]))
+  const targets = Array.from(selectedSessionKeys.value)
+    .map(key => sessionsByKey.get(key))
+    .filter((session): session is Session => Boolean(session))
+    .map(session => ({ id: session.id, profile: session.profile || null }))
+  if (targets.length === 0) return
+
+  const activeWasSelected = historySession.value
+    ? selectedSessionKeys.value.has(sessionSelectionKey(historySession.value))
+    : false
+
+  isBatchDeleting.value = true
+  try {
+    const result = await batchDeleteSessions(targets)
+    if (result.deleted > 0) {
+      for (const target of targets) {
+        sessionBrowserPrefsStore.removePinned(target.id)
+      }
+
+      await loadHermesSessions()
+
+      if (activeWasSelected || (historySessionId.value && !findHistorySession(historySessionId.value))) {
+        historySessionId.value = null
+        historySession.value = null
+        await openDefaultHistorySession(true)
+      }
+
+      message.success(t('chat.batchDeleteSuccess', { count: result.deleted }))
+      if (result.failed > 0) {
+        message.warning(t('chat.batchDeletePartial', { failed: result.failed }))
+      }
+    } else {
+      message.error(t('chat.batchDeleteFailed'))
+    }
+  } catch {
+    message.error(t('chat.batchDeleteFailed'))
+  } finally {
+    isBatchDeleting.value = false
+    showBatchDeleteConfirm.value = false
+    isBatchMode.value = false
+    selectedSessionKeys.value.clear()
+  }
+}
+
+function handleBatchDeleteConfirm() {
+  void handleBatchDelete()
+  return false
+}
+
+</script>
+
+<template>
+  <div class="history-panel">
+    <div class="session-backdrop" :class="{ active: showSessions }" @click="showSessions = false" />
+    <aside class="session-list" :class="{ collapsed: !showSessions }">
+      <div class="session-list-header">
+        <span v-if="showSessions" class="session-list-title">{{ t('chat.hermesHistory') }}</span>
+        <div class="session-list-actions">
+          <button class="session-close-btn" @click="showSessions = false">
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>
+          </button>
+          <NButton
+            v-if="!isBatchMode"
+            quaternary
+            size="tiny"
+            :disabled="hermesSessions.length === 0"
+            :title="t('chat.toggleBatchMode')"
+            @click="toggleBatchMode"
+          >
+            <template #icon>
+              <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <path d="M9 11l3 3L22 4" />
+                <path d="M21 12v7a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h11" />
+              </svg>
+            </template>
+          </NButton>
+          <NButton
+            v-if="isBatchMode"
+            quaternary
+            size="tiny"
+            :disabled="!canSelectAll || isBatchDeleting"
+            :title="allSessionsSelected ? t('common.cancel') : t('chat.selectAll')"
+            @click="toggleSelectAllSessions"
+          >
+            <template #icon>
+              <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <path d="M9 11l3 3L22 4" />
+                <path d="M21 12v7a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h11" />
+              </svg>
+            </template>
+          </NButton>
+          <NPopconfirm
+            v-if="isBatchMode && selectedCount > 0"
+            v-model:show="showBatchDeleteConfirm"
+            :positive-button-props="{ loading: isBatchDeleting, disabled: isBatchDeleting }"
+            :negative-button-props="{ disabled: isBatchDeleting }"
+            @positive-click="handleBatchDeleteConfirm"
+          >
+            <template #trigger>
+              <NButton quaternary size="tiny" type="error" :loading="isBatchDeleting" :disabled="isBatchDeleting">
+                <template #icon>
+                  <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                    <polyline points="3 6 5 6 21 6" />
+                    <path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2" />
+                  </svg>
+                </template>
+              </NButton>
+            </template>
+            {{ t('chat.confirmBatchDelete', { count: selectedCount }) }}
+          </NPopconfirm>
+          <NButton
+            v-if="isBatchMode"
+            quaternary
+            size="tiny"
+            :disabled="isBatchDeleting"
+            @click="toggleBatchMode"
+          >
+            <template #icon>
+              <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>
+            </template>
+          </NButton>
+        </div>
+      </div>
+      <div v-if="showSessions" class="session-scope-note">
+        {{ t('chat.historyScopeHint') }}
+      </div>
+      <div v-if="showSessions" class="session-items">
+        <div v-if="hermesSessionsLoading && hermesSessions.length === 0" class="session-loading">{{ t('common.loading') }}</div>
+        <div v-else-if="hermesSessions.length === 0" class="session-empty">{{ t('chat.noSessions') }}</div>
+
+        <template v-if="pinnedSessions.length > 0">
+          <div class="session-group-header session-group-header--static">
+            <span class="session-group-label">{{ t('chat.pinned') }}</span>
+            <span class="session-group-count">{{ pinnedSessions.length }}</span>
+          </div>
+          <SessionListItem
+            v-for="s in pinnedSessions"
+            :key="`pinned-${s.id}`"
+            :session="s"
+            :active="s.id === historySessionId"
+            :pinned="true"
+            :can-delete="true"
+            :streaming="false"
+            :selectable="isBatchMode"
+            :selected="isSessionSelected(s)"
+            :show-profile="false"
+            @select="isBatchMode ? toggleSessionSelection(s) : handleSessionClick(s.id, s.profile)"
+            @contextmenu="handleContextMenu($event, s.id)"
+            @delete="handleDeleteSession(s.id, s.profile)"
+            @toggle-select="toggleSessionSelection(s)"
+          />
+        </template>
+
+        <template v-for="group in groupedSessions" :key="group.source">
+          <div class="session-group-header" @click="toggleGroup(group.source)">
+            <svg width="10" height="10" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" class="group-chevron" :class="{ collapsed: collapsedGroups.has(group.source) }"><polyline points="9 18 15 12 9 6"/></svg>
+            <span class="session-group-label">{{ group.label }}</span>
+            <span class="session-group-count">{{ group.sessions.length }}</span>
+          </div>
+          <template v-if="!collapsedGroups.has(group.source)">
+            <SessionListItem
+              v-for="s in group.sessions"
+              :key="s.id"
+              :session="s"
+              :active="s.id === historySessionId"
+              :pinned="false"
+              :can-delete="true"
+              :streaming="false"
+              :selectable="isBatchMode"
+              :selected="isSessionSelected(s)"
+              :show-profile="false"
+              @select="isBatchMode ? toggleSessionSelection(s) : handleSessionClick(s.id, s.profile)"
+              @contextmenu="handleContextMenu($event, s.id)"
+              @delete="handleDeleteSession(s.id, s.profile)"
+              @toggle-select="toggleSessionSelection(s)"
+            />
+          </template>
+        </template>
+      </div>
+    </aside>
+
+    <NDropdown
+      placement="bottom-start"
+      trigger="manual"
+      :x="contextMenuX"
+      :y="contextMenuY"
+      :options="contextMenuOptions"
+      :show="showContextMenu"
+      @select="handleContextMenuSelect"
+      @clickoutside="handleClickOutside"
+    />
+
+    <div class="chat-main">
+      <header class="chat-header">
+        <div class="header-left">
+          <NButton quaternary size="small" @click="showSessions = !showSessions" circle>
+            <template #icon>
+              <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><rect x="3" y="3" width="7" height="7"/><rect x="14" y="3" width="7" height="7"/><rect x="3" y="14" width="7" height="7"/><rect x="14" y="14" width="7" height="7"/></svg>
+            </template>
+          </NButton>
+          <span class="header-session-title">{{ activeSessionTitle }}</span>
+          <span v-if="activeSessionSource" class="source-badge">{{ getSourceLabel(activeSessionSource) }}</span>
+          <span v-if="historySession?.workspace" class="workspace-badge" :title="historySession.workspace">📁 {{ historySession.workspace.split('/').pop() || historySession.workspace }}</span>
+        </div>
+        <div class="header-actions">
+          <NTooltip trigger="hover">
+            <template #trigger>
+              <NButton quaternary size="small" @click="showOutline = !showOutline" circle>
+                <template #icon>
+                  <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M3 12h18M3 6h18M3 18h18"/></svg>
+                </template>
+              </NButton>
+            </template>
+            {{ t('chat.outlineTitle') }}
+          </NTooltip>
+          <NTooltip trigger="hover">
+            <template #trigger>
+              <NButton quaternary size="small" @click="copySessionId()" circle>
+                <template #icon>
+                  <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><rect x="9" y="9" width="13" height="13" rx="2" ry="2"/><path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"/></svg>
+                </template>
+              </NButton>
+            </template>
+            {{ t('chat.copySessionId') }}
+          </NTooltip>
+        </div>
+      </header>
+
+      <div class="history-content-wrapper">
+        <div class="history-main-content">
+          <HistoryMessageList
+            ref="historyMessageListRef"
+            :session="historySession"
+            :load-older="loadOlderHistoryMessages"
+          />
+        </div>
+        <OutlinePanel
+          v-if="showOutline && historySession"
+          :messages="historySession.messages || []"
+          @navigate="handleOutlineNavigate"
+        />
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.history-panel {
+  display: flex;
+  height: 100%;
+  position: relative;
+}
+
+.history-content-wrapper {
+  flex: 1;
+  display: flex;
+  overflow: hidden;
+  position: relative;
+}
+
+.history-main-content {
+  flex: 1;
+  overflow: hidden;
+  display: flex;
+  flex-direction: column;
+  min-width: 0;
+}
+
+.session-list {
+  width: 220px;
+  border-right: 1px solid $border-color;
+  display: flex;
+  flex-direction: column;
+  flex-shrink: 0;
+  transition: width $transition-normal, opacity $transition-normal;
+  overflow: hidden;
+
+  &.collapsed {
+    width: 0;
+    border-right: none;
+    opacity: 0;
+    pointer-events: none;
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    position: absolute;
+    left: 0;
+    top: 0;
+    height: 100%;
+    z-index: 120;
+    background: $bg-card;
+    box-shadow: 2px 0 8px rgba(0, 0, 0, 0.1);
+    width: 280px;
+
+    &.collapsed {
+      transform: translateX(-100%);
+      opacity: 0;
+    }
+  }
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .session-close-btn {
+    display: flex;
+  }
+
+  .session-backdrop {
+    position: absolute;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.4);
+    z-index: 110;
+    opacity: 0;
+    pointer-events: none;
+    transition: opacity $transition-fast;
+
+    &.active {
+      opacity: 1;
+      pointer-events: auto;
+    }
+  }
+}
+
+.session-list-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 12px;
+  flex-shrink: 0;
+}
+
+.session-list-actions {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+}
+
+.session-close-btn {
+  display: none;
+  border: none;
+  background: none;
+  cursor: pointer;
+  color: $text-secondary;
+  padding: 4px;
+  border-radius: $radius-sm;
+
+  &:hover {
+    background: rgba($accent-primary, 0.06);
+  }
+}
+
+.session-list-title {
+  font-size: 12px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+}
+
+.session-scope-note {
+  margin: 0 12px 10px;
+  padding: 8px 10px;
+  border: 1px solid rgba($accent-primary, 0.16);
+  border-radius: $radius-sm;
+  background: rgba($accent-primary, 0.06);
+  color: $text-secondary;
+  font-size: 11px;
+  line-height: 1.45;
+}
+
+.session-group-header {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  padding: 6px 10px 4px;
+  cursor: pointer;
+  user-select: none;
+}
+
+.session-group-header--static {
+  cursor: default;
+}
+
+.group-chevron {
+  flex-shrink: 0;
+  transition: transform 0.15s ease;
+  transform: rotate(90deg);
+
+  &.collapsed {
+    transform: rotate(0deg);
+  }
+}
+
+.session-group-label {
+  font-size: 10px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+}
+
+.session-group-count {
+  font-size: 10px;
+  color: $text-muted;
+  font-weight: 400;
+}
+
+.session-items {
+  flex: 1;
+  overflow-y: auto;
+  padding: 0 6px 12px;
+}
+
+.session-loading,
+.session-empty {
+  padding: 16px 10px;
+  font-size: 12px;
+  color: $text-muted;
+  text-align: center;
+}
+
+:deep(.session-item) {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  width: 100%;
+  padding: 8px 10px;
+  border: none;
+  background: none;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  text-align: left;
+  color: $text-secondary;
+  transition: all $transition-fast;
+  margin-bottom: 2px;
+
+  &:hover {
+    background: rgba($accent-primary, 0.06);
+    color: $text-primary;
+
+    .session-item-delete {
+      opacity: 1;
+    }
+  }
+
+  &.active {
+    background: rgba(var(--accent-primary-rgb), 0.12);
+    color: $text-primary;
+    font-weight: 500;
+  }
+
+  &.active .session-item-title {
+    color: $accent-primary;
+  }
+}
+
+:deep(.session-item-content) {
+  flex: 1;
+  overflow: hidden;
+}
+
+:deep(.session-item-title-row) {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  min-width: 0;
+}
+
+:deep(.session-item-title) {
+  display: block;
+  flex: 1 1 auto;
+  min-width: 0;
+  font-size: 13px;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+:deep(.session-item-streaming) {
+  display: inline-block;
+  flex-shrink: 0;
+  margin-right: 4px;
+  vertical-align: middle;
+  animation: spin 1.2s linear infinite;
+  color: $accent-primary;
+}
+
+@keyframes spin {
+  from { transform: rotate(0deg); }
+  to { transform: rotate(360deg); }
+}
+
+:deep(.session-item-pin) {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  flex-shrink: 0;
+  color: $accent-primary;
+}
+
+:deep(.session-item-time) {
+  font-size: 11px;
+  color: $text-muted;
+}
+
+:deep(.session-item-meta) {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  margin-top: 2px;
+}
+
+:deep(.session-item-model) {
+  font-size: 10px;
+  color: $accent-primary;
+  background: rgba($accent-primary, 0.08);
+  padding: 0 5px;
+  border-radius: 3px;
+  line-height: 16px;
+  flex-shrink: 0;
+  max-width: 100px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+:deep(.session-item-delete) {
+  flex-shrink: 0;
+  opacity: 0.5;
+  padding: 2px;
+  border: none;
+  background: none;
+  color: $text-muted;
+  cursor: pointer;
+  border-radius: 3px;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: $error;
+    background: rgba($error, 0.1);
+  }
+}
+
+.chat-main {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  overflow: hidden;
+  min-width: 0;
+}
+
+.chat-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 21px 20px;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+}
+
+.header-left {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  overflow: hidden;
+  flex: 1;
+  min-width: 0;
+}
+
+.header-session-title {
+  font-size: 16px;
+  font-weight: 600;
+  color: $text-primary;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+.source-badge {
+  font-size: 10px;
+  color: $text-muted;
+  background: rgba($text-muted, 0.12);
+  padding: 1px 7px;
+  border-radius: 8px;
+  flex-shrink: 0;
+  white-space: nowrap;
+  line-height: 16px;
+}
+
+.header-actions {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  flex-shrink: 0;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .chat-header {
+    padding: 16px 12px 16px 52px;
+  }
+}
+
+.workspace-badge {
+  font-size: 11px;
+  color: $text-muted;
+  background: rgba(255, 255, 255, 0.05);
+  padding: 2px 8px;
+  border-radius: 4px;
+  max-width: 160px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  cursor: default;
+}
+</style>
diff --git a/packages/client/src/views/hermes/JobsView.vue b/packages/client/src/views/hermes/JobsView.vue
new file mode 100644
index 0000000..aaf436f
--- /dev/null
+++ b/packages/client/src/views/hermes/JobsView.vue
@@ -0,0 +1,147 @@
+<script setup lang="ts">
+import { ref, computed, onMounted } from 'vue'
+import { NButton, NSpin } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import JobsPanel from '@/components/hermes/jobs/JobsPanel.vue'
+import JobRunHistory from '@/components/hermes/jobs/JobRunHistory.vue'
+import JobFormModal from '@/components/hermes/jobs/JobFormModal.vue'
+import { useJobsStore } from '@/stores/hermes/jobs'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+
+const { t } = useI18n()
+const jobsStore = useJobsStore()
+const profilesStore = useProfilesStore()
+const showModal = ref(false)
+const editingJob = ref<string | null>(null)
+const selectedJobId = ref<string | null>(null)
+const activeProfileName = computed(() => profilesStore.activeProfileName || 'default')
+
+const jobNameMap = computed(() => {
+  const map: Record<string, string> = {}
+  for (const job of jobsStore.jobs) {
+    const id = job.job_id || job.id
+    map[id] = job.name
+  }
+  return map
+})
+
+async function ensureProfileSelection() {
+  if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+    await profilesStore.fetchProfiles()
+  }
+}
+
+async function reloadJobsForProfile() {
+  selectedJobId.value = null
+  jobsStore.jobs = []
+  await ensureProfileSelection()
+  await jobsStore.fetchJobs()
+}
+
+onMounted(() => {
+  void reloadJobsForProfile()
+})
+
+function openCreateModal() {
+  editingJob.value = null
+  showModal.value = true
+}
+
+function openEditModal(jobId: string) {
+  editingJob.value = jobId
+  showModal.value = true
+}
+
+function handleModalClose() {
+  showModal.value = false
+  editingJob.value = null
+}
+
+async function handleSave() {
+  await jobsStore.fetchJobs()
+  handleModalClose()
+}
+
+function handleSelectJob(jobId: string | null) {
+  selectedJobId.value = selectedJobId.value === jobId ? null : jobId
+}
+</script>
+
+<template>
+  <div class="jobs-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('jobs.title') }}</h2>
+      <NButton type="primary" size="small" @click="openCreateModal">
+        <template #icon>
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="12" y1="5" x2="12" y2="19"/><line x1="5" y1="12" x2="19" y2="12"/></svg>
+        </template>
+        {{ t('jobs.createJob') }}
+      </NButton>
+    </header>
+
+    <div class="jobs-split">
+      <div class="jobs-top">
+        <NSpin :show="jobsStore.loading && jobsStore.jobs.length === 0">
+          <JobsPanel
+            :selected-job-id="selectedJobId"
+            @edit="openEditModal"
+            @select="handleSelectJob"
+          />
+        </NSpin>
+      </div>
+
+      <div class="splitter" />
+
+      <div class="jobs-bottom">
+        <JobRunHistory
+          :selected-job-id="selectedJobId"
+          :job-name-map="jobNameMap"
+          :profile-key="activeProfileName"
+        />
+      </div>
+    </div>
+
+    <JobFormModal
+      v-if="showModal"
+      :job-id="editingJob"
+      @close="handleModalClose"
+      @saved="handleSave"
+    />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.jobs-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.jobs-split {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  min-height: 0;
+}
+
+.jobs-top {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+  min-height: 120px;
+}
+
+.splitter {
+  height: 1px;
+  background: $border-light;
+  flex-shrink: 0;
+}
+
+.jobs-bottom {
+  flex: 1;
+  min-height: 120px;
+  overflow: hidden;
+}
+</style>
diff --git a/packages/client/src/views/hermes/KanbanView.vue b/packages/client/src/views/hermes/KanbanView.vue
new file mode 100644
index 0000000..9036d39
--- /dev/null
+++ b/packages/client/src/views/hermes/KanbanView.vue
@@ -0,0 +1,511 @@
+<script setup lang="ts">
+import { ref, computed, onMounted, onUnmounted, watch } from 'vue'
+import { NButton, NSelect, NSpin, NCollapse, NCollapseItem, NModal, NInput, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { useRoute, useRouter } from 'vue-router'
+import KanbanTaskCard from '@/components/hermes/kanban/KanbanTaskCard.vue'
+import KanbanTaskDrawer from '@/components/hermes/kanban/KanbanTaskDrawer.vue'
+import KanbanCreateForm from '@/components/hermes/kanban/KanbanCreateForm.vue'
+import { DEFAULT_KANBAN_BOARD, useKanbanStore } from '@/stores/hermes/kanban'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { withDefaultAssignee } from '@/utils/hermes/kanban-assignees'
+import type { KanbanTaskStatus } from '@/api/hermes/kanban'
+import type { ProfileAvatar } from '@/api/hermes/profiles'
+
+const { t } = useI18n()
+const route = useRoute()
+const router = useRouter()
+const message = useMessage()
+const kanbanStore = useKanbanStore()
+const profilesStore = useProfilesStore()
+
+const showCreateForm = ref(false)
+const showCreateBoardForm = ref(false)
+const selectedTaskId = ref<string | null>(null)
+const newBoardSlug = ref('')
+const newBoardName = ref('')
+const boardActionLoading = ref(false)
+const refreshTimer = ref<ReturnType<typeof setInterval> | null>(null)
+const routeReady = ref(false)
+
+const boardStatuses: KanbanTaskStatus[] = ['triage', 'todo', 'ready', 'running', 'blocked', 'done', 'archived']
+const expandedStatusNames = ref<string[]>([...boardStatuses])
+
+function firstQueryString(value: unknown): string | null {
+  if (Array.isArray(value)) return typeof value[0] === 'string' ? value[0] : null
+  return typeof value === 'string' ? value : null
+}
+
+function routeBoard(): string | null {
+  return firstQueryString(route.query.board)
+}
+
+async function replaceRouteBoard(board: string) {
+  if (routeBoard() === board) return
+  await router.replace({ query: { ...route.query, board } })
+}
+
+async function applyBoardSelection(candidate: string | null, notify = true, forceRefresh = false) {
+  const previousBoard = kanbanStore.selectedBoard
+  const { board, recovered } = kanbanStore.recoverSelectedBoard(candidate || kanbanStore.selectedBoard || DEFAULT_KANBAN_BOARD)
+  selectedTaskId.value = null
+  showCreateForm.value = false
+  showCreateBoardForm.value = false
+  if (notify && recovered && kanbanStore.boardWarning) message.warning(kanbanStore.boardWarning)
+  await replaceRouteBoard(board)
+  if (forceRefresh || board !== previousBoard) {
+    await kanbanStore.refreshAll()
+  }
+}
+
+function taskCountLabel(count: number): string {
+  return `${t('kanban.stats.tasks')}: ${count}`
+}
+
+const boardOptions = computed(() => kanbanStore.activeBoards.map(board => {
+  const count = typeof board.total === 'number' ? board.total : 0
+  return {
+    label: `${t('kanban.title')}: ${board.icon ? `${board.icon} ` : ''}${board.name || board.slug} · ${taskCountLabel(count)}`,
+    value: board.slug,
+  }
+}))
+
+const selectedBoardValue = computed({
+  get: () => kanbanStore.selectedBoard,
+  set: (value: string) => {
+    void applyBoardSelection(value || DEFAULT_KANBAN_BOARD)
+  },
+})
+
+const tasksByStatus = computed(() => {
+  const grouped: Record<string, typeof kanbanStore.tasks> = {}
+  for (const status of boardStatuses) {
+    grouped[status] = kanbanStore.tasks
+      .filter(t => t.status === status)
+      .sort((a, b) => b.created_at - a.created_at)
+  }
+  return grouped
+})
+
+const visibleBoardStatuses = computed(() => {
+  const status = kanbanStore.filterStatus as KanbanTaskStatus | null
+  return status && boardStatuses.includes(status) ? [status] : boardStatuses
+})
+
+const visibleAssignees = computed(() => withDefaultAssignee(kanbanStore.assignees, kanbanStore.stats?.by_assignee || {}))
+
+const profileAvatarByName = computed<Record<string, ProfileAvatar | null>>(() => {
+  return Object.fromEntries(profilesStore.profiles.map(profile => [profile.name, profile.avatar || null]))
+})
+
+const statusFilterOptions = computed(() => [
+  { label: t('kanban.allStatuses'), value: '' },
+  ...boardStatuses.map(s => ({ label: t(`kanban.columns.${s}`, s), value: s })),
+])
+
+const assigneeFilterOptions = computed(() => [
+  { label: t('kanban.allAssignees'), value: '' },
+  ...visibleAssignees.value.map(a => ({ label: a.name, value: a.name })),
+])
+
+const filterStatusValue = computed({
+  get: () => kanbanStore.filterStatus || '',
+  set: (v: string) => kanbanStore.setFilter('status', v || null),
+})
+
+const filterAssigneeValue = computed({
+  get: () => kanbanStore.filterAssignee || '',
+  set: (v: string) => kanbanStore.setFilter('assignee', v || null),
+})
+
+watch(() => route.query.board, async () => {
+  if (!routeReady.value) return
+  await applyBoardSelection(routeBoard(), false)
+})
+
+watch(visibleBoardStatuses, statuses => {
+  expandedStatusNames.value = [...statuses]
+}, { immediate: true })
+
+onMounted(async () => {
+  await Promise.all([
+    kanbanStore.fetchBoards(),
+    kanbanStore.fetchCapabilities(),
+    profilesStore.profiles.length === 0 ? profilesStore.fetchProfiles() : Promise.resolve(),
+  ])
+  await applyBoardSelection(routeBoard(), true, true)
+  kanbanStore.startEventStream()
+  routeReady.value = true
+  refreshTimer.value = setInterval(() => {
+    if (document.visibilityState === 'visible') {
+      void Promise.all([kanbanStore.fetchBoards(), kanbanStore.fetchTasks(true), kanbanStore.fetchStats()])
+    }
+  }, 15000)
+})
+
+onUnmounted(() => {
+  kanbanStore.stopEventStream()
+  if (refreshTimer.value) clearInterval(refreshTimer.value)
+})
+
+function handleTaskClick(taskId: string) {
+  selectedTaskId.value = taskId
+}
+
+function handleDrawerClose() {
+  selectedTaskId.value = null
+}
+
+async function handleDrawerUpdated() {
+  await Promise.all([kanbanStore.fetchTasks(), kanbanStore.fetchStats()])
+}
+
+async function handleApplyFilter() {
+  await kanbanStore.fetchTasks()
+}
+
+async function handleStatusChipClick(status: KanbanTaskStatus | null) {
+  kanbanStore.setFilter('status', status)
+  expandedStatusNames.value = status ? [status] : [...boardStatuses]
+  await kanbanStore.fetchTasks()
+}
+
+async function handleTaskCreated() {
+  await Promise.all([kanbanStore.fetchTasks(), kanbanStore.fetchStats(), kanbanStore.fetchBoards()])
+}
+
+async function handleCreateBoard() {
+  const slug = newBoardSlug.value.trim()
+  if (!slug) {
+    message.warning(t('kanban.board.slugRequired'))
+    return
+  }
+  boardActionLoading.value = true
+  try {
+    const board = await kanbanStore.createBoard({
+      slug,
+      name: newBoardName.value.trim() || undefined,
+    })
+    newBoardSlug.value = ''
+    newBoardName.value = ''
+    showCreateBoardForm.value = false
+    await replaceRouteBoard(board.slug)
+    message.success(t('kanban.board.created'))
+  } catch (err: any) {
+    message.error(err.message)
+  } finally {
+    boardActionLoading.value = false
+  }
+}
+
+async function handleArchiveSelectedBoard() {
+  if (kanbanStore.selectedBoard === DEFAULT_KANBAN_BOARD) return
+  if (!window.confirm(t('kanban.board.archiveConfirm'))) return
+  boardActionLoading.value = true
+  try {
+    await kanbanStore.archiveSelectedBoard()
+    await replaceRouteBoard(DEFAULT_KANBAN_BOARD)
+    message.success(t('kanban.board.archived'))
+  } catch (err: any) {
+    message.error(err.message)
+  } finally {
+    boardActionLoading.value = false
+  }
+}
+</script>
+
+<template>
+  <div class="kanban-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('kanban.title') }}</h2>
+      <div class="header-actions">
+        <NSelect
+          v-model:value="selectedBoardValue"
+          :options="boardOptions"
+          :loading="kanbanStore.boardsLoading"
+          size="small"
+          style="width: 260px;"
+        />
+        <NButton size="small" :loading="boardActionLoading" @click="showCreateBoardForm = true">
+          {{ t('common.add') }}
+        </NButton>
+        <NButton
+          size="small"
+          secondary
+          :disabled="kanbanStore.selectedBoard === DEFAULT_KANBAN_BOARD"
+          :loading="boardActionLoading"
+          @click="handleArchiveSelectedBoard"
+        >
+          {{ t('kanban.board.archive') }}
+        </NButton>
+        <NSelect
+          v-model:value="filterStatusValue"
+          :options="statusFilterOptions"
+          size="small"
+          style="width: 150px;"
+          @update:value="handleApplyFilter"
+        />
+        <NSelect
+          v-model:value="filterAssigneeValue"
+          :options="assigneeFilterOptions"
+          size="small"
+          style="width: 170px;"
+          @update:value="handleApplyFilter"
+        />
+        <NButton type="primary" size="small" @click="showCreateForm = true">
+          <template #icon>
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="12" y1="5" x2="12" y2="19"/><line x1="5" y1="12" x2="19" y2="12"/></svg>
+          </template>
+          {{ t('kanban.createTask') }}
+        </NButton>
+      </div>
+    </header>
+
+    <!-- Stats bar -->
+    <div v-if="kanbanStore.stats" class="stats-bar">
+      <button
+        v-for="status in boardStatuses"
+        :key="status"
+        type="button"
+        class="stat-chip"
+        :class="[status, { active: kanbanStore.filterStatus === status }]"
+        :aria-pressed="kanbanStore.filterStatus === status"
+        @click="handleStatusChipClick(status)"
+      >
+        <span class="stat-count">{{ kanbanStore.stats.by_status[status] || 0 }}</span>
+        <span class="stat-label">{{ t(`kanban.columns.${status}`, status) }}</span>
+      </button>
+      <button
+        type="button"
+        class="stat-chip total"
+        :class="{ active: !kanbanStore.filterStatus }"
+        :aria-pressed="!kanbanStore.filterStatus"
+        @click="handleStatusChipClick(null)"
+      >
+        <span class="stat-count">{{ kanbanStore.stats.total }}</span>
+        <span class="stat-label">{{ t('kanban.stats.total') }}</span>
+      </button>
+    </div>
+
+    <!-- Board -->
+    <NSpin :show="kanbanStore.loading && kanbanStore.tasks.length === 0">
+      <div class="kanban-board">
+        <NCollapse v-model:expanded-names="expandedStatusNames">
+          <NCollapseItem
+            v-for="status in visibleBoardStatuses"
+            :key="status"
+            :title="`${t(`kanban.columns.${status}`, status)} (${tasksByStatus[status].length})`"
+            :name="status"
+            :class="['kanban-column', `status-${status}`]"
+          >
+            <template #header>
+              <span class="column-header" :class="`status-${status}`">
+                <span class="status-dot" aria-hidden="true" />
+                <span>{{ t(`kanban.columns.${status}`, status) }} ({{ tasksByStatus[status].length }})</span>
+              </span>
+            </template>
+            <div class="task-list" :class="`status-${status}`">
+              <KanbanTaskCard
+                v-for="task in tasksByStatus[status]"
+                :key="task.id"
+                :task="task"
+                :assignee-avatar="task.assignee ? profileAvatarByName[task.assignee] || null : null"
+                @click="handleTaskClick(task.id)"
+              />
+              <div v-if="tasksByStatus[status].length === 0" class="column-empty">
+                {{ t('kanban.noTasks') }}
+              </div>
+            </div>
+          </NCollapseItem>
+        </NCollapse>
+      </div>
+    </NSpin>
+
+    <!-- Task detail drawer -->
+    <KanbanTaskDrawer
+      :task-id="selectedTaskId"
+      @close="handleDrawerClose"
+      @updated="handleDrawerUpdated"
+    />
+
+    <!-- Board management -->
+    <NModal v-model:show="showCreateBoardForm" preset="dialog" :title="t('kanban.board.create')" style="width: 420px;">
+      <div class="board-form">
+        <NInput v-model:value="newBoardSlug" :placeholder="t('kanban.board.slugPlaceholder')" />
+        <NInput v-model:value="newBoardName" :placeholder="t('kanban.board.namePlaceholder')" />
+      </div>
+      <template #action>
+        <NButton @click="showCreateBoardForm = false">{{ t('common.cancel') }}</NButton>
+        <NButton type="primary" :loading="boardActionLoading" @click="handleCreateBoard">{{ t('common.create') }}</NButton>
+      </template>
+    </NModal>
+
+    <!-- Create form -->
+    <KanbanCreateForm
+      v-if="showCreateForm"
+      @close="showCreateForm = false"
+      @created="handleTaskCreated"
+    />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.kanban-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.page-header {
+  padding: 21px 20px;
+  border-bottom: 1px solid $border-color;
+}
+
+.header-title {
+  font-size: 16px;
+}
+
+.header-actions {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+}
+
+.stats-bar {
+  display: flex;
+  gap: 8px;
+  padding: 12px 20px;
+  flex-shrink: 0;
+  flex-wrap: wrap;
+}
+
+.stat-chip,
+.column-header,
+.task-list {
+  --kanban-status-color: #64748b;
+
+  &.triage,
+  &.status-triage { --kanban-status-color: #94a3b8; }
+  &.todo,
+  &.status-todo { --kanban-status-color: #38bdf8; }
+  &.ready,
+  &.status-ready { --kanban-status-color: #f59e0b; }
+  &.running,
+  &.status-running { --kanban-status-color: #2563eb; }
+  &.blocked,
+  &.status-blocked { --kanban-status-color: #ef4444; }
+  &.done,
+  &.status-done { --kanban-status-color: #22c55e; }
+  &.archived,
+  &.status-archived { --kanban-status-color: #64748b; }
+  &.total { --kanban-status-color: #e2e8f0; }
+}
+
+.stat-chip {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  padding: 4px 12px;
+  border-radius: 16px;
+  font-size: 12px;
+  border: 1px solid $border-light;
+  border-left: 3px solid var(--kanban-status-color);
+  background: transparent;
+  color: inherit;
+  cursor: pointer;
+  font: inherit;
+  line-height: inherit;
+
+  &:hover,
+  &.active {
+    border-color: var(--kanban-status-color);
+    background-color: rgba(var(--accent-primary-rgb), 0.08);
+  }
+
+  &.active .stat-label,
+  &.active .stat-count {
+    color: var(--kanban-status-color);
+  }
+
+  &:focus-visible {
+    outline: 2px solid var(--kanban-status-color);
+    outline-offset: 2px;
+  }
+}
+
+.stat-count {
+  font-weight: 600;
+  color: $text-primary;
+}
+
+.stat-label {
+  color: $text-muted;
+}
+
+.kanban-board {
+  padding: 14px 20px 20px;
+  flex: 1;
+  min-height: 0;
+  overflow-y: auto;
+}
+
+.column-header {
+  display: inline-flex;
+  align-items: center;
+  gap: 8px;
+  color: var(--kanban-status-color);
+  font-weight: 600;
+}
+
+.status-dot {
+  width: 8px;
+  height: 8px;
+  border-radius: 999px;
+  background: var(--kanban-status-color);
+  box-shadow: 0 0 0 3px color-mix(in srgb, var(--kanban-status-color) 18%, transparent);
+  flex-shrink: 0;
+}
+
+.task-list {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+  border-left: 2px solid var(--kanban-status-color);
+  padding-left: 10px;
+}
+
+.column-empty {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  min-height: 40px;
+  font-size: 12px;
+  color: $text-muted;
+}
+
+.board-form {
+  display: flex;
+  flex-direction: column;
+  gap: 10px;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .page-header {
+    padding: 16px 12px 16px 52px;
+    position: sticky;
+    top: 0;
+    z-index: 20;
+    flex-direction: column;
+    align-items: flex-start;
+    background: $bg-primary;
+    gap: 10px;
+  }
+
+  .header-actions {
+    flex-wrap: wrap;
+    width: 100%;
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/LogsView.vue b/packages/client/src/views/hermes/LogsView.vue
new file mode 100644
index 0000000..5a42b22
--- /dev/null
+++ b/packages/client/src/views/hermes/LogsView.vue
@@ -0,0 +1,305 @@
+<script setup lang="ts">
+import { ref, onMounted, computed } from 'vue'
+import { NSelect, NButton, NSpin, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { fetchLogFiles, fetchLogs, type LogEntry } from '@/api/hermes/logs'
+
+const { t } = useI18n()
+const message = useMessage()
+const logFiles = ref<{ name: string; size: string; modified: string }[]>([])
+const selectedLog = ref('agent')
+const entries = ref<LogEntry[]>([])
+const loading = ref(false)
+const lineCount = ref(100)
+const levelFilter = ref<string>('')
+const searchQuery = ref('')
+
+const logOptions = computed(() =>
+  logFiles.value.map(f => ({ label: `${f.name} (${f.size})`, value: f.name })),
+)
+
+const levelOptions = computed(() => [
+  { label: t('logs.all'), value: '' },
+  { label: 'ERROR', value: 'ERROR' },
+  { label: 'WARNING', value: 'WARNING' },
+  { label: 'INFO', value: 'INFO' },
+  { label: 'DEBUG', value: 'DEBUG' },
+])
+
+const lineOptions = [
+  { label: '50', value: 50 },
+  { label: '100', value: 100 },
+  { label: '200', value: 200 },
+  { label: '500', value: 500 },
+]
+
+const filteredEntries = computed(() => {
+  if (!searchQuery.value) return entries.value
+  const q = searchQuery.value.toLowerCase()
+  return entries.value.filter(e =>
+    e.message.toLowerCase().includes(q) ||
+    e.logger.toLowerCase().includes(q) ||
+    e.raw.toLowerCase().includes(q),
+  )
+})
+
+function levelClass(level: string): string {
+  switch (level) {
+    case 'ERROR': return 'level-error'
+    case 'WARNING': return 'level-warning'
+    case 'DEBUG': return 'level-debug'
+    default: return 'level-info'
+  }
+}
+
+function formatTime(ts: string): string {
+  const match = ts.match(/\d{2}:\d{2}:\d{2}/)
+  return match ? match[0] : ts
+}
+
+function parseAccessLog(msg: string) {
+  const match = msg.match(/"(\w+)\s+(\S+)\s+HTTP\/[^"]+"\s+(\d+)/)
+  if (match) return { method: match[1], path: match[2], status: match[3] }
+  return null
+}
+
+async function loadLogs() {
+  loading.value = true
+  try {
+    const data = await fetchLogs(selectedLog.value, {
+      lines: lineCount.value,
+      level: levelFilter.value || undefined,
+    })
+    entries.value = data.filter((e): e is LogEntry => e !== null)
+  } catch (e: any) {
+    message.error(e.message)
+  } finally {
+    loading.value = false
+  }
+}
+
+onMounted(async () => {
+  logFiles.value = await fetchLogFiles()
+  await loadLogs()
+})
+</script>
+
+<template>
+  <div class="logs-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('logs.title') }}</h2>
+      <div class="header-actions">
+        <NSelect
+          v-model:value="selectedLog"
+          :options="logOptions"
+          size="small"
+          class="input-md"
+          @update:value="loadLogs"
+        />
+        <NSelect
+          :value="levelFilter"
+          :options="levelOptions"
+          size="small"
+          class="input-sm"
+          @update:value="(v: string) => { levelFilter = v; loadLogs() }"
+        />
+        <NSelect
+          :value="lineCount"
+          :options="lineOptions"
+          size="small"
+          class="input-sm"
+          @update:value="(v: number) => { lineCount = v; loadLogs() }"
+        />
+        <input
+          v-model="searchQuery"
+          class="search-input"
+          :placeholder="t('logs.searchPlaceholder')"
+        />
+        <NButton size="small" :loading="loading" @click="loadLogs">{{ t('logs.refresh') }}</NButton>
+      </div>
+    </header>
+
+    <div class="logs-body">
+      <NSpin :show="loading" class="logs-spin">
+        <div v-if="filteredEntries.length === 0 && !loading" class="logs-empty">
+          {{ t('logs.noEntries') }}
+        </div>
+        <div class="log-list">
+          <div
+            v-for="(entry, idx) in filteredEntries"
+            :key="idx"
+            class="log-entry"
+            :class="levelClass(entry.level)"
+          >
+            <span class="log-time">{{ formatTime(entry.timestamp) }}</span>
+            <span class="log-level" :class="levelClass(entry.level)">{{ entry.level }}</span>
+            <span class="log-logger">{{ entry.logger }}</span>
+            <template v-if="parseAccessLog(entry.message)">
+              <span class="access-method">{{ parseAccessLog(entry.message)!.method }}</span>
+              <span class="access-path">{{ parseAccessLog(entry.message)!.path }}</span>
+              <span class="access-status" :class="'status-' + (parseAccessLog(entry.message)!.status?.[0] || 'x')">
+                {{ parseAccessLog(entry.message)!.status }}
+              </span>
+            </template>
+            <span v-else class="log-message">{{ entry.message }}</span>
+          </div>
+        </div>
+      </NSpin>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.logs-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.page-header {
+  gap: 12px;
+  flex-wrap: wrap;
+}
+
+.header-actions {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  flex-wrap: wrap;
+}
+
+.search-input {
+  padding: 4px 10px;
+  border: 1px solid $border-color;
+  border-radius: $radius-sm;
+  background: $bg-input;
+  color: $text-primary;
+  font-size: 13px;
+  outline: none;
+  width: 160px;
+  transition: border-color $transition-fast;
+
+  &:focus { border-color: $accent-primary; }
+  &::placeholder { color: $text-muted; }
+}
+
+.logs-body {
+  flex: 1;
+  overflow-y: auto;
+  min-height: 0;
+}
+
+.logs-spin {
+  min-height: 100%;
+  display: block;
+
+  :deep(.n-spin-container),
+  :deep(.n-spin-content) {
+    min-height: 100%;
+  }
+}
+
+.logs-empty {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  height: 100%;
+  color: $text-muted;
+  font-size: 13px;
+}
+
+.log-list {
+  padding: 4px 0;
+  min-height: 100%;
+}
+
+.log-entry {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 3px 20px;
+  font-family: $font-code;
+  font-size: 12px;
+  line-height: 1.6;
+  border-left: 2px solid transparent;
+
+  &:hover {
+    background-color: rgba(var(--accent-primary-rgb), 0.03);
+  }
+
+  &.level-error {
+    border-left-color: $error;
+    .log-message { color: $error; }
+  }
+
+  &.level-warning {
+    border-left-color: $warning;
+    .log-message { color: $warning; }
+  }
+}
+
+.log-time {
+  color: $text-muted;
+  flex-shrink: 0;
+  font-variant-numeric: tabular-nums;
+}
+
+.log-level {
+  flex-shrink: 0;
+  font-weight: 600;
+  font-size: 10px;
+  padding: 0 4px;
+  border-radius: 2px;
+  min-width: 42px;
+  text-align: center;
+
+  &.level-error { background: rgba(var(--error-rgb), 0.12); color: $error; }
+  &.level-warning { background: rgba(var(--warning-rgb), 0.12); color: $warning; }
+  &.level-debug { background: rgba(var(--accent-primary-rgb), 0.06); color: $text-muted; }
+  &.level-info { background: rgba(var(--accent-primary-rgb), 0.06); color: $text-muted; }
+}
+
+.log-logger {
+  color: $text-muted;
+  flex-shrink: 0;
+  max-width: 160px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.log-message {
+  color: $text-secondary;
+  overflow: visible;
+  white-space: normal;
+  word-break: break-word;
+  min-width: 0;
+}
+
+.access-method {
+  font-weight: 600;
+  color: $text-primary;
+  flex-shrink: 0;
+}
+
+.access-path {
+  color: $accent-primary;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  min-width: 0;
+}
+
+.access-status {
+  font-weight: 600;
+  flex-shrink: 0;
+  font-size: 11px;
+
+  &.status-2 { color: $success; }
+  &.status-3 { color: $warning; }
+  &.status-4 { color: $error; }
+  &.status-5 { color: $error; }
+}
+</style>
diff --git a/packages/client/src/views/hermes/McpManagerView.vue b/packages/client/src/views/hermes/McpManagerView.vue
new file mode 100644
index 0000000..5a90cb1
--- /dev/null
+++ b/packages/client/src/views/hermes/McpManagerView.vue
@@ -0,0 +1,911 @@
+<script setup lang="ts">
+import { computed, onUnmounted, ref } from 'vue'
+import yaml from 'js-yaml'
+import {
+  NAlert, NButton, NEmpty, NInput, NModal,
+  NSpin, NRadioGroup, NRadioButton, useMessage,
+  NCheckbox, NScrollbar,
+} from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import McpServerCard from '@/components/hermes/mcp/McpServerCard.vue'
+import {
+  fetchMcpServers, fetchMcpTools, mcpServerAdd, mcpServerRemove,
+  mcpServerUpdate, mcpServerTest, mcpReload,
+  type McpServerInfo, type McpServerConfig,
+} from '@/api/hermes/mcp'
+
+const { t } = useI18n()
+const message = useMessage()
+
+const servers = ref<McpServerInfo[]>([])
+const loading = ref(false)
+const error = ref('')
+const searchQuery = ref('')
+
+const showModal = ref(false)
+const modalMode = ref<'add' | 'edit'>('add')
+const editingName = ref('')
+const jsonText = ref('')
+const jsonError = ref('')
+const saving = ref(false)
+const inputMode = ref<'json' | 'yaml'>('json')
+
+// Tools visibility modal
+const showToolsModal = ref(false)
+const toolsModalServer = ref<McpServerInfo | null>(null)
+const toolsMode = ref<'all' | 'include' | 'exclude'>('all')
+const selectedTools = ref<string[]>([])
+const allTools = ref<string[]>([])
+const fetchingTools = ref(false)
+
+const jsonPlaceholder = '{\n  "my-server": {\n    "command": "npx",\n    "args": ["-y", "@modelcontextprotocol/server-filesystem", "/path"]\n  }\n}'
+const yamlPlaceholder = 'my-server:\n  command: npx\n  args:\n    - "-y"\n    - "@modelcontextprotocol/server-filesystem"\n    - "/path"'
+
+const placeholder = computed(() => inputMode.value === 'json' ? jsonPlaceholder : yamlPlaceholder)
+
+let formatTimer: ReturnType<typeof setTimeout> | null = null
+let _pendingReload: ReturnType<typeof setTimeout> | null = null
+let _autoRetryCount = 0
+const MAX_AUTO_RETRIES = 5
+const BASE_RETRY_DELAY = 2000 // 2s base
+
+function scheduleReload(delay = 3000) {
+  if (_pendingReload) clearTimeout(_pendingReload)
+  _pendingReload = setTimeout(() => { _pendingReload = null; loadServers() }, delay)
+}
+
+onUnmounted(() => {
+  if (formatTimer) { clearTimeout(formatTimer); formatTimer = null }
+  if (_pendingReload) { clearTimeout(_pendingReload); _pendingReload = null }
+})
+
+function handleInput(text: string) {
+  if (formatTimer) clearTimeout(formatTimer)
+  if (!text.trim()) {
+    jsonError.value = ''
+    return
+  }
+  const { data, error: parseErr } = parseConfig(text)
+  if (parseErr) {
+    jsonError.value = parseErr
+    return
+  }
+  const { servers: extracted, error: extractErr } = extractServers(data)
+  if (extractErr) {
+    jsonError.value = extractErr
+    return
+  }
+  jsonError.value = ''
+  formatTimer = setTimeout(() => {
+    const formatted = inputMode.value === 'json'
+      ? JSON.stringify(extracted, null, 2)
+      : yaml.dump(extracted, { indent: 2, lineWidth: -1 }).trimEnd()
+    if (formatted !== text) jsonText.value = formatted
+  }, 1500)
+}
+
+function handleModeChange(mode: 'json' | 'yaml') {
+  if (!jsonText.value.trim()) return
+  // Try to parse current content in old format
+  const oldMode = mode === 'json' ? 'yaml' : 'json'
+  let data: Record<string, unknown> | null = null
+  try {
+    if (oldMode === 'json') {
+      data = JSON.parse(jsonText.value)
+    } else {
+      data = yaml.load(jsonText.value, { schema: yaml.JSON_SCHEMA }) as Record<string, unknown>
+    }
+  } catch {
+    // If parse fails, try the new format
+    try {
+      if (mode === 'json') {
+        data = JSON.parse(jsonText.value)
+      } else {
+        data = yaml.load(jsonText.value, { schema: yaml.JSON_SCHEMA }) as Record<string, unknown>
+      }
+    } catch {
+      return
+    }
+  }
+  if (!data || typeof data !== 'object') return
+  // Convert to new format
+  if (mode === 'json') {
+    jsonText.value = JSON.stringify(data, null, 2)
+  } else {
+    jsonText.value = yaml.dump(data, { indent: 2, lineWidth: -1 }).trimEnd()
+  }
+  jsonError.value = ''
+}
+
+function parseConfig(text: string): { data: Record<string, unknown> | null; error: string } {
+  if (inputMode.value === 'json') {
+    try {
+      const obj = JSON.parse(text)
+      if (typeof obj !== 'object' || obj === null || Array.isArray(obj)) {
+        return { data: null, error: t('mcp.invalidJson') }
+      }
+      return { data: obj, error: '' }
+    } catch {
+      return { data: null, error: t('mcp.invalidJson') }
+    }
+  } else {
+    try {
+      const obj = yaml.load(text, { schema: yaml.JSON_SCHEMA })
+      if (typeof obj !== 'object' || obj === null || Array.isArray(obj)) {
+        return { data: null, error: t('mcp.invalidYaml') }
+      }
+      return { data: obj as Record<string, unknown>, error: '' }
+    } catch (e: any) {
+      return { data: null, error: `${t('mcp.invalidYaml')}: ${e.message || ''}` }
+    }
+  }
+}
+
+function extractServers(data: Record<string, unknown> | null): { servers: Record<string, unknown>; error: string } {
+  if (!data) return { servers: {}, error: t('mcp.invalidConfig') }
+  // Unwrap mcpServers/mcp_servers wrapper
+  if (data.mcpServers && typeof data.mcpServers === 'object' && !data.command) {
+    return { servers: data.mcpServers as Record<string, unknown>, error: '' }
+  }
+  if (data.mcp_servers && typeof data.mcp_servers === 'object' && !data.command) {
+    return { servers: data.mcp_servers as Record<string, unknown>, error: '' }
+  }
+  return { servers: data, error: '' }
+}
+
+function validateServerConfig(name: string, config: unknown): string | null {
+  if (typeof config !== 'object' || config === null) {
+    return `${name}: ${t('mcp.invalidServerConfig')}`
+  }
+  const cfg = config as Record<string, unknown>
+  if (!cfg.command && !cfg.url) {
+    return `${name}: ${t('mcp.missingCommandOrUrl')}`
+  }
+  return null
+}
+
+function parseAndValidate(text: string): { servers: Record<string, unknown>; error: string } {
+  const { data, error: parseErr } = parseConfig(text)
+  if (parseErr) return { servers: {}, error: parseErr }
+  const { servers, error: extractErr } = extractServers(data)
+  if (extractErr) return { servers: {}, error: extractErr }
+  // Validate each server has command or url
+  for (const [name, config] of Object.entries(servers)) {
+    const err = validateServerConfig(name, config)
+    if (err) return { servers: {}, error: err }
+  }
+  return { servers, error: '' }
+}
+
+const toolsByServer = ref<Record<string, {name: string, description: string}[]>>({})
+
+const summary = computed(() => {
+  let connected = 0, totalTools = 0
+  for (const s of servers.value) {
+    if (s.connected) connected++
+    totalTools += s.tools_registered
+  }
+  return { total: servers.value.length, connected, disconnected: servers.value.length - connected, totalTools }
+})
+
+const filteredServers = computed(() => {
+  const query = searchQuery.value.trim().toLowerCase()
+  if (!query) return servers.value
+  return servers.value.filter(s =>
+    s.name.toLowerCase().includes(query) ||
+    s.transport.includes(query) ||
+    s.tool_names.some(n => n.toLowerCase().includes(query))
+  )
+})
+
+async function loadServers() {
+  loading.value = true
+  error.value = ''
+  try {
+    const data = await fetchMcpServers()
+    servers.value = data.servers ?? []
+    // Populate toolsByServer from embedded tool_details, including empty filtered results.
+    const nextToolsByServer: Record<string, {name: string, description: string}[]> = {}
+    for (const s of servers.value) {
+      nextToolsByServer[s.name] = (s.tool_details || []).map(t => ({
+        name: t.name,
+        description: t.description || '',
+      }))
+    }
+    toolsByServer.value = nextToolsByServer
+    // Auto-retry with exponential backoff if enabled servers are still disconnected
+    const hasPending = servers.value.some(s => s.raw_config.enabled !== false && !s.connected)
+    if (hasPending && _autoRetryCount < MAX_AUTO_RETRIES) {
+      const delay = BASE_RETRY_DELAY * Math.pow(2, _autoRetryCount) // 2s, 4s, 8s, 16s, 32s
+      _autoRetryCount++
+      scheduleReload(delay)
+    } else {
+      _autoRetryCount = 0
+    }
+  } catch (err: any) {
+    error.value = err?.message || t('mcp.loadFailed')
+  } finally {
+    loading.value = false
+  }
+}
+
+async function handleReload(server?: string) {
+  try {
+    const res = await mcpReload(server)
+    if (res.ok) {
+      if (server) {
+        const { [server]: _, ...rest } = toolsByServer.value
+        toolsByServer.value = rest
+      } else {
+        toolsByServer.value = {}
+      }
+      message.success(server ? t('mcp.reloaded', { server }) : t('mcp.reloadedAll'))
+      scheduleReload()
+    } else {
+      message.error(res.error || t('mcp.reloadFailed'))
+    }
+  } catch (err: any) {
+    message.error(err.message || t('mcp.reloadFailed'))
+  }
+}
+
+function openAddModal() {
+  modalMode.value = 'add'
+  editingName.value = ''
+  jsonText.value = ''
+  jsonError.value = ''
+  inputMode.value = 'json'
+  showModal.value = true
+}
+
+function openEditModal(server: McpServerInfo) {
+  modalMode.value = 'edit'
+  editingName.value = server.name
+  const serverConfig = { [server.name]: server.raw_config }
+  jsonText.value = inputMode.value === 'yaml'
+    ? yaml.dump(serverConfig, { indent: 2, lineWidth: -1 }).trimEnd()
+    : JSON.stringify(serverConfig, null, 2)
+  jsonError.value = ''
+  showModal.value = true
+}
+
+async function saveServer() {
+  if (formatTimer) { clearTimeout(formatTimer); formatTimer = null }
+  const { servers: parsed, error: validationErr } = parseAndValidate(jsonText.value)
+  if (validationErr) {
+    jsonError.value = validationErr
+    return
+  }
+  jsonError.value = ''
+  saving.value = true
+  try {
+    if (modalMode.value === 'add') {
+      // Expect: { "server-name": { "command": "...", ... } }
+      const entries = Object.entries(parsed)
+      if (entries.length === 0) {
+        jsonError.value = t('mcp.invalidConfig')
+        saving.value = false
+        return
+      }
+      let added = 0
+      for (const [name, config] of entries) {
+        if (typeof config !== 'object' || config === null) continue
+        const res = await mcpServerAdd(name, config as McpServerConfig)
+        if (res.ok) added++
+        else message.error(`${name}: ${res.error || t('mcp.addFailed')}`)
+      }
+      if (added > 0) {
+        showModal.value = false
+        message.success(t('mcp.serverAdded', { name: `${added} server(s)` }))
+        // Immediately show server from config (disconnected)
+        await loadServers()
+        // Delayed refresh to show updated connection status after discovery
+        scheduleReload()
+      }
+    } else {
+      const name = editingName.value
+      // For edit, config can be flat or wrapped: { "name": { ... } }
+      const config = (parsed[name] && typeof parsed[name] === 'object')
+        ? parsed[name] as Record<string, unknown>
+        : parsed
+      const res = await mcpServerUpdate(name, config)
+      if (res.ok) {
+        showModal.value = false
+        message.success(t('mcp.serverUpdated', { name: editingName.value }))
+        // Immediately show updated config
+        await loadServers()
+        // Delayed refresh to show reconnection status
+        scheduleReload()
+      } else {
+        message.error(res.error || t('mcp.updateFailed'))
+      }
+    }
+  } catch (err: any) {
+    message.error(err.message || t('mcp.saveFailed'))
+  } finally {
+    saving.value = false
+  }
+}
+
+async function handleRemove(server: McpServerInfo) {
+  try {
+    const res = await mcpServerRemove(server.name)
+    if (res.ok) {
+      message.success(t('mcp.serverRemoved', { name: server.name }))
+      const { [server.name]: _, ...rest } = toolsByServer.value
+      toolsByServer.value = rest
+      await loadServers()
+    } else {
+      message.error(res.error || t('mcp.removeFailed'))
+    }
+  } catch (err: any) {
+    message.error(err.message || t('mcp.removeFailed'))
+  }
+}
+
+async function handleToggleEnabled(server: McpServerInfo) {
+  const newValue = !server.raw_config.enabled
+  try {
+    const config = { ...server.raw_config, enabled: newValue }
+    const res = await mcpServerUpdate(server.name, config)
+    if (res.ok) {
+      message.success(t(newValue ? 'mcp.enabled' : 'mcp.disabled', { name: server.name }))
+      const { [server.name]: _, ...rest } = toolsByServer.value
+      toolsByServer.value = rest
+      await mcpReload(server.name)
+      scheduleReload()
+    } else {
+      message.error(res.error || t('mcp.updateFailed'))
+    }
+  } catch (err: any) {
+    message.error(err.message || t('mcp.updateFailed'))
+  }
+}
+
+async function handleTest(server: McpServerInfo) {
+  try {
+    const res = await mcpServerTest(server.name)
+    if (res.ok && res.tools) {
+      message.success(t('mcp.testOk', { count: res.tools.length }), { duration: 3000 })
+    } else {
+      message.warning(res.error || t('mcp.testEmpty'))
+    }
+  } catch (err: any) {
+    message.error(err.message || t('mcp.testFailed'))
+  }
+}
+
+
+void loadServers()
+
+function openToolsModal(server: McpServerInfo) {
+  toolsModalServer.value = server
+  // Load mode from config
+  const tools = server.raw_config.tools
+  if (!tools || (!tools.include && !tools.exclude)) {
+    toolsMode.value = 'all'
+    selectedTools.value = [...server.tool_names]
+  } else if (tools.include) {
+    toolsMode.value = 'include'
+    selectedTools.value = [...tools.include]
+  } else {
+    toolsMode.value = 'exclude'
+    selectedTools.value = [...(tools.exclude || [])]
+  }
+  allTools.value = [...server.tool_names]
+  showToolsModal.value = true
+}
+
+async function fetchToolsList() {
+  if (!toolsModalServer.value) return
+  fetchingTools.value = true
+  try {
+    const res = await fetchMcpTools(toolsModalServer.value.name, true)
+    if (res.ok && res.results?.length) {
+      const serverResult = res.results.find((r: { server: string }) => r.server === toolsModalServer.value!.name)
+      if (serverResult?.tools) {
+        allTools.value = serverResult.tools.map((t: { name: string }) => t.name)
+        // Reset selection to current mode
+        if (toolsMode.value === 'all') {
+          selectedTools.value = [...allTools.value]
+        }
+      }
+    }
+  } catch (err: any) {
+    message.error(err.message || t('mcp.fetchToolsFailed'))
+  } finally {
+    fetchingTools.value = false
+  }
+}
+
+function handleToolsModeChange(mode: 'all' | 'include' | 'exclude') {
+  toolsMode.value = mode
+  if (mode === 'all') {
+    selectedTools.value = [...allTools.value]
+  } else {
+    // Load from config for include/exclude mode
+    const server = toolsModalServer.value
+    if (server) {
+      const tools = server.raw_config.tools
+      if (mode === 'include' && tools?.include) {
+        selectedTools.value = [...tools.include]
+      } else if (mode === 'exclude' && tools?.exclude) {
+        selectedTools.value = [...tools.exclude]
+      } else {
+        selectedTools.value = []
+      }
+    }
+  }
+}
+
+function handleToolCheck(tool: string, checked: boolean) {
+  if (checked) {
+    if (!selectedTools.value.includes(tool)) {
+      selectedTools.value.push(tool)
+    }
+  } else {
+    selectedTools.value = selectedTools.value.filter(t => t !== tool)
+  }
+}
+
+function selectAllTools() {
+  selectedTools.value = [...allTools.value]
+}
+
+function clearSelectedTools() {
+  selectedTools.value = []
+}
+
+async function saveToolsVisibility() {
+  const server = toolsModalServer.value
+  if (!server) return
+
+  const config = { ...server.raw_config }
+
+  if (toolsMode.value === 'all') {
+    delete config.tools
+  } else if (toolsMode.value === 'include') {
+    config.tools = { include: [...selectedTools.value] }
+  } else {
+    config.tools = { exclude: [...selectedTools.value] }
+  }
+
+  try {
+    const res = await mcpServerUpdate(server.name, config)
+    if (res.ok) {
+      message.success(t('mcp.toolsVisibilitySaved'))
+      showToolsModal.value = false
+      await loadServers()
+      scheduleReload()
+    } else {
+      message.error(res.error || t('mcp.updateFailed'))
+    }
+  } catch (err: any) {
+    message.error(err.message || t('mcp.updateFailed'))
+  }
+}
+</script>
+
+<template>
+  <div class="mcp-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('mcp.title') }}</h2>
+      <div class="header-actions">
+        <NButton size="small" quaternary :loading="loading" @click="_autoRetryCount = 0; loadServers()">
+          {{ t('mcp.refresh') }}
+        </NButton>
+      </div>
+    </header>
+
+    <div class="mcp-content">
+      <NAlert v-if="error" type="error" class="mcp-notice">
+        {{ error }}
+      </NAlert>
+
+      <div class="summary-grid">
+        <div class="summary-card">
+          <span class="summary-label">{{ t('mcp.total') }}</span>
+          <strong>{{ summary.total }}</strong>
+        </div>
+        <div class="summary-card success">
+          <span class="summary-label">{{ t('mcp.connected') }}</span>
+          <strong>{{ summary.connected }}</strong>
+        </div>
+        <div class="summary-card warning">
+          <span class="summary-label">{{ t('mcp.disconnected') }}</span>
+          <strong>{{ summary.disconnected }}</strong>
+        </div>
+        <div class="summary-card info">
+          <span class="summary-label">{{ t('mcp.tool') }}</span>
+          <strong>{{ summary.totalTools }}</strong>
+        </div>
+      </div>
+
+      <div class="toolbar-row">
+        <NInput
+          v-model:value="searchQuery"
+          :placeholder="t('mcp.searchPlaceholder')"
+          clearable
+          size="small"
+          class="search-input"
+        />
+        <div class="btn-group">
+          <NButton size="small" type="primary" @click="handleReload()">
+            {{ t('mcp.reloadAll') }}
+          </NButton>
+          <NButton type="primary" size="small" @click="openAddModal">
+            {{ t('mcp.addServer') }}
+          </NButton>
+        </div>
+      </div>
+
+      <NSpin :show="loading && servers.length === 0">
+        <div v-if="filteredServers.length" class="servers-grid">
+          <McpServerCard
+            v-for="server in filteredServers"
+            :key="server.name"
+            :server="server"
+            :tools-by-server="toolsByServer"
+            @edit="openEditModal"
+            @test="handleTest"
+            @reload="handleReload"
+            @remove="handleRemove"
+            @toggle-enabled="handleToggleEnabled"
+            @manage-tools="openToolsModal"
+          />
+        </div>
+        <NEmpty v-else-if="!loading" :description="t('mcp.empty')" />
+      </NSpin>
+    </div>
+
+    <NModal v-model:show="showModal" :title="modalMode === 'add' ? t('mcp.addTitle') : t('mcp.editTitle')" preset="card" :style="{ width: 'min(520px, calc(100vw - 32px))' }">
+      <div class="mode-switch-row">
+        <NRadioGroup v-model:value="inputMode" size="small" @update:value="handleModeChange">
+          <NRadioButton value="json">JSON</NRadioButton>
+          <NRadioButton value="yaml">YAML</NRadioButton>
+        </NRadioGroup>
+      </div>
+      <NInput
+        v-model:value="jsonText"
+        type="textarea"
+        :rows="16"
+        class="config-textarea"
+        :placeholder="placeholder"
+        :status="jsonError ? 'error' : undefined"
+        @input="handleInput"
+      />
+      <div v-if="jsonError" class="config-error">{{ jsonError }}</div>
+      <div class="modal-actions">
+        <NButton @click="showModal = false">{{ t('mcp.cancel') }}</NButton>
+        <NButton type="primary" :loading="saving" @click="saveServer">
+          {{ modalMode === 'add' ? t('mcp.add') : t('mcp.save') }}
+        </NButton>
+      </div>
+    </NModal>
+
+    <!-- Tools Visibility Modal -->
+    <NModal v-model:show="showToolsModal" :title="t('mcp.toolsVisibilityTitle')" preset="card" :style="{ width: 'min(480px, calc(100vw - 32px))' }">
+      <div v-if="toolsModalServer" class="tools-modal-content">
+        <div class="tools-modal-header">
+          <span class="server-name-label">{{ toolsModalServer.name }}</span>
+          <NButton size="small" :loading="fetchingTools" @click="fetchToolsList">
+            {{ t('mcp.fetchTools') }}
+          </NButton>
+        </div>
+
+        <div class="tools-mode-selector">
+          <span class="mode-label">{{ t('mcp.toolsMode') }}</span>
+          <NRadioGroup v-model:value="toolsMode" size="small" @update:value="handleToolsModeChange">
+            <NRadioButton value="all">{{ t('mcp.toolsModeAll') }}</NRadioButton>
+            <NRadioButton value="include">{{ t('mcp.toolsModeInclude') }}</NRadioButton>
+            <NRadioButton value="exclude">{{ t('mcp.toolsModeExclude') }}</NRadioButton>
+          </NRadioGroup>
+        </div>
+
+        <div class="tools-list-container">
+          <div class="tools-list-header">
+            <span>{{ t('mcp.toolsListHeader') }}</span>
+            <div v-if="toolsMode !== 'all'" class="tools-list-actions">
+              <NButton size="tiny" quaternary @click="selectAllTools">
+                {{ toolsMode === 'exclude' ? t('mcp.toolsExcludeAll') : t('mcp.toolsSelectAll') }}
+              </NButton>
+              <NButton size="tiny" quaternary @click="clearSelectedTools">
+                {{ toolsMode === 'exclude' ? t('mcp.toolsClearExcluded') : t('mcp.toolsClearSelection') }}
+              </NButton>
+            </div>
+          </div>
+          <NScrollbar style="max-height: 300px;">
+            <div v-if="allTools.length" class="tools-checkbox-list">
+              <div v-for="tool in allTools" :key="tool" class="tool-checkbox-item" :class="{ disabled: toolsMode === 'all' }">
+                <NCheckbox
+                  :checked="selectedTools.includes(tool)"
+                  :disabled="toolsMode === 'all'"
+                  @update:checked="(val: boolean) => handleToolCheck(tool, val)"
+                />
+                <span class="tool-name" :title="tool">{{ tool }}</span>
+              </div>
+            </div>
+            <div v-else class="tools-empty">
+              <span class="muted">{{ t('mcp.toolsEmpty') }}</span>
+            </div>
+          </NScrollbar>
+        </div>
+
+        <div class="tools-summary">
+          <span v-if="toolsMode === 'all'">{{ t('mcp.toolsSummaryAll', { count: allTools.length }) }}</span>
+          <span v-else-if="toolsMode === 'include'">{{ t('mcp.toolsSummaryInclude', { count: selectedTools.length, total: allTools.length }) }}</span>
+          <span v-else>{{ t('mcp.toolsSummaryExclude', { count: selectedTools.length, total: allTools.length }) }}</span>
+        </div>
+
+        <div class="modal-actions">
+          <NButton @click="showToolsModal = false">{{ t('mcp.cancel') }}</NButton>
+          <NButton type="primary" @click="saveToolsVisibility">{{ t('mcp.save') }}</NButton>
+        </div>
+      </div>
+    </NModal>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.mcp-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.mcp-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+}
+
+.page-header {
+  display: flex;
+  flex-shrink: 0;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  padding: 21px 20px;
+  border-bottom: 1px solid $border-color;
+}
+
+.header-title {
+  margin: 0;
+  color: $text-primary;
+  font-size: 16px;
+  font-weight: 600;
+}
+
+.header-actions {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  min-width: 80px;
+  justify-content: flex-end;
+}
+
+.mcp-notice {
+  margin-bottom: 14px;
+}
+
+.summary-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(140px, 1fr));
+  gap: 12px;
+  margin-bottom: 16px;
+}
+
+.summary-card {
+  padding: 14px;
+  border: 1px solid $border-color;
+  border-radius: 12px;
+  background: $bg-secondary;
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+
+  strong {
+    font-size: 24px;
+    line-height: 1;
+  }
+
+  &.success strong { color: $success; }
+  &.warning strong { color: $warning; }
+  &.error strong { color: $error; }
+  &.info strong { color: $accent-primary; }
+}
+
+.summary-label {
+  font-size: 11px;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+}
+
+.toolbar-row {
+  display: flex;
+  flex-wrap: wrap;
+  align-items: center;
+  gap: 10px;
+  margin-bottom: 16px;
+
+  .search-input {
+    flex: 1;
+    min-width: 0;
+    max-width: 360px;
+  }
+}
+
+.btn-group {
+  display: flex;
+  gap: 8px;
+  flex-shrink: 1;
+  min-width: 0;
+
+  .n-button {
+    flex: 1;
+    white-space: nowrap;
+  }
+}
+
+.servers-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(min(100%, 420px), 1fr));
+  gap: 14px;
+}
+
+.mode-switch-row {
+  display: flex;
+  justify-content: center;
+  margin-bottom: 8px;
+}
+
+.config-textarea {
+  font-family: monospace;
+  font-size: 13px;
+}
+
+.config-error {
+  color: var(--n-error-color);
+  font-size: 12px;
+  margin-top: 4px;
+}
+
+.modal-actions {
+  display: flex;
+  gap: 8px;
+  justify-content: flex-end;
+  margin-top: 16px;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .summary-grid {
+    grid-template-columns: repeat(2, 1fr);
+  }
+
+  .toolbar-row {
+    flex-direction: column;
+    align-items: stretch;
+
+    .search-input {
+      max-width: none;
+    }
+
+    .btn-group {
+      width: 100%;
+    }
+  }
+
+  .servers-grid {
+    grid-template-columns: 1fr;
+  }
+}
+
+.tools-modal-content {
+  display: flex;
+  flex-direction: column;
+  gap: 16px;
+}
+
+.tools-modal-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+}
+
+.server-name-label {
+  font-weight: 600;
+  font-size: 14px;
+}
+
+.tools-mode-selector {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  flex-wrap: wrap;
+}
+
+.mode-label {
+  font-size: 13px;
+  color: $text-muted;
+  white-space: nowrap;
+}
+
+.tools-list-container {
+  border: 1px solid $border-color;
+  border-radius: 8px;
+  overflow: hidden;
+}
+
+.tools-list-header {
+  padding: 10px 12px;
+  background: $bg-secondary;
+  font-size: 12px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 8px;
+}
+
+.tools-list-actions {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  text-transform: none;
+  letter-spacing: 0;
+  font-weight: 400;
+}
+
+.tools-checkbox-list {
+  padding: 8px 0;
+}
+
+.tool-checkbox-item {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  padding: 6px 12px;
+  transition: background 0.15s;
+
+  &:hover {
+    background: $bg-secondary;
+  }
+
+  &.disabled {
+    opacity: 0.6;
+    cursor: not-allowed;
+  }
+}
+
+.tool-name {
+  font-size: 13px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.tools-empty {
+  padding: 24px 12px;
+  text-align: center;
+}
+
+.tools-summary {
+  font-size: 12px;
+  color: $text-muted;
+  text-align: center;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .tools-mode-selector {
+    flex-direction: column;
+    align-items: flex-start;
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/MemoryView.vue b/packages/client/src/views/hermes/MemoryView.vue
new file mode 100644
index 0000000..df4e7ea
--- /dev/null
+++ b/packages/client/src/views/hermes/MemoryView.vue
@@ -0,0 +1,367 @@
+<script setup lang="ts">
+import { ref, onMounted, computed } from 'vue'
+import { NButton, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import MarkdownRenderer from '@/components/hermes/chat/MarkdownRenderer.vue'
+import { fetchMemory, saveMemory, type MemoryData } from '@/api/hermes/skills'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+
+const { t } = useI18n()
+const message = useMessage()
+const profilesStore = useProfilesStore()
+const loading = ref(false)
+const data = ref<MemoryData | null>(null)
+const editingSection = ref<'memory' | 'user' | 'soul' | null>(null)
+const editContent = ref('')
+const saving = ref(false)
+
+onMounted(loadMemory)
+
+async function loadMemory() {
+  loading.value = true
+  try {
+    if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+      await profilesStore.fetchProfiles()
+    }
+    data.value = await fetchMemory()
+  } catch (err: any) {
+    console.error('Failed to load memory:', err)
+    message.error(t('memory.loadFailed'))
+  } finally {
+    loading.value = false
+  }
+}
+
+function startEdit(section: 'memory' | 'user' | 'soul') {
+  editingSection.value = section
+  editContent.value = data.value?.[section] || ''
+}
+
+function cancelEdit() {
+  editingSection.value = null
+  editContent.value = ''
+}
+
+async function handleSave() {
+  if (!editingSection.value) return
+  saving.value = true
+  try {
+    await saveMemory(editingSection.value, editContent.value)
+    await loadMemory()
+    editingSection.value = null
+    editContent.value = ''
+    message.success(t('common.saved'))
+  } catch (err: any) {
+    message.error(`${t('common.saveFailed')}: ${err.message}`)
+  } finally {
+    saving.value = false
+  }
+}
+
+function formatTime(ts: number | null): string {
+  if (!ts) return ''
+  return new Date(ts).toLocaleString([], {
+    month: 'short',
+    day: 'numeric',
+    hour: '2-digit',
+    minute: '2-digit',
+  })
+}
+
+const memoryEmpty = computed(() => !data.value?.memory?.trim())
+const userEmpty = computed(() => !data.value?.user?.trim())
+const soulEmpty = computed(() => !data.value?.soul?.trim())
+
+const displayMemory = computed(() => (data.value?.memory || '').replace(/§/g, '\n\n'))
+const displayUser = computed(() => (data.value?.user || '').replace(/§/g, '\n\n'))
+const displaySoul = computed(() => (data.value?.soul || '').replace(/§/g, '\n\n'))
+</script>
+
+<template>
+  <div class="memory-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('memory.title') }}</h2>
+      <NButton size="small" quaternary @click="loadMemory">
+        <template #icon>
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+            <polyline points="23 4 23 10 17 10" />
+            <path d="M20.49 15a9 9 0 1 1-2.12-9.36L23 10" />
+          </svg>
+        </template>
+        {{ t('memory.refresh') }}
+      </NButton>
+    </header>
+
+    <div class="memory-content">
+      <div v-if="loading && !data" class="memory-loading">{{ t('common.loading') }}</div>
+      <div v-else class="memory-sections">
+          <!-- My Notes -->
+          <div class="memory-section">
+            <div class="section-header">
+              <div class="section-title-row">
+                <span class="section-icon">
+                  <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+                    <path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z" />
+                    <polyline points="14 2 14 8 20 8" />
+                    <line x1="16" y1="13" x2="8" y2="13" />
+                    <line x1="16" y1="17" x2="8" y2="17" />
+                  </svg>
+                </span>
+                <span class="section-title">{{ t('memory.myNotes') }}</span>
+                <span v-if="data?.memory_mtime" class="section-mtime">{{ formatTime(data.memory_mtime) }}</span>
+              </div>
+              <NButton v-if="editingSection !== 'memory'" size="tiny" quaternary @click="startEdit('memory')">
+                <template #icon>
+                  <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+                    <path d="M11 4H4a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2v-7" />
+                    <path d="M18.5 2.5a2.121 2.121 0 0 1 3 3L12 15l-4 1 1-4 9.5-9.5z" />
+                  </svg>
+                </template>
+                {{ t('common.edit') }}
+              </NButton>
+            </div>
+
+            <!-- View mode -->
+            <div v-if="editingSection !== 'memory'" class="section-body">
+              <MarkdownRenderer v-if="!memoryEmpty" :content="displayMemory" />
+              <p v-else class="empty-text">{{ t('memory.noNotes') }}</p>
+            </div>
+
+            <!-- Edit mode -->
+            <div v-else class="section-edit">
+              <textarea
+                v-model="editContent"
+                class="edit-textarea"
+                :placeholder="t('memory.notesPlaceholder')"
+                spellcheck="false"
+              ></textarea>
+              <div class="edit-actions">
+                <NButton size="small" @click="cancelEdit">{{ t('common.cancel') }}</NButton>
+                <NButton size="small" type="primary" :loading="saving" @click="handleSave">{{ t('common.save') }}</NButton>
+              </div>
+            </div>
+          </div>
+
+          <!-- User Profile -->
+          <div class="memory-section">
+            <div class="section-header">
+              <div class="section-title-row">
+                <span class="section-icon">
+                  <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+                    <path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2" />
+                    <circle cx="12" cy="7" r="4" />
+                  </svg>
+                </span>
+                <span class="section-title">{{ t('memory.userProfile') }}</span>
+                <span v-if="data?.user_mtime" class="section-mtime">{{ formatTime(data.user_mtime) }}</span>
+              </div>
+              <NButton v-if="editingSection !== 'user'" size="tiny" quaternary @click="startEdit('user')">
+                <template #icon>
+                  <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+                    <path d="M11 4H4a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2v-7" />
+                    <path d="M18.5 2.5a2.121 2.121 0 0 1 3 3L12 15l-4 1 1-4 9.5-9.5z" />
+                  </svg>
+                </template>
+                {{ t('common.edit') }}
+              </NButton>
+            </div>
+
+            <!-- View mode -->
+            <div v-if="editingSection !== 'user'" class="section-body">
+              <MarkdownRenderer v-if="!userEmpty" :content="displayUser" />
+              <p v-else class="empty-text">{{ t('memory.noProfile') }}</p>
+            </div>
+
+            <!-- Edit mode -->
+            <div v-else class="section-edit">
+              <textarea
+                v-model="editContent"
+                class="edit-textarea"
+                :placeholder="t('memory.profilePlaceholder')"
+                spellcheck="false"
+              ></textarea>
+              <div class="edit-actions">
+                <NButton size="small" @click="cancelEdit">{{ t('common.cancel') }}</NButton>
+                <NButton size="small" type="primary" :loading="saving" @click="handleSave">{{ t('common.save') }}</NButton>
+              </div>
+            </div>
+          </div>
+
+          <!-- Soul -->
+          <div class="memory-section">
+            <div class="section-header">
+              <div class="section-title-row">
+                <span class="section-icon">
+                  <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+                    <path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2z" />
+                    <path d="M8 14s1.5 2 4 2 4-2 4-2" />
+                    <line x1="9" y1="9" x2="9.01" y2="9" />
+                    <line x1="15" y1="9" x2="15.01" y2="9" />
+                  </svg>
+                </span>
+                <span class="section-title">{{ t('memory.soul') }}</span>
+                <span v-if="data?.soul_mtime" class="section-mtime">{{ formatTime(data.soul_mtime) }}</span>
+              </div>
+              <NButton v-if="editingSection !== 'soul'" size="tiny" quaternary @click="startEdit('soul')">
+                <template #icon>
+                  <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5">
+                    <path d="M11 4H4a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2v-7" />
+                    <path d="M18.5 2.5a2.121 2.121 0 0 1 3 3L12 15l-4 1 1-4 9.5-9.5z" />
+                  </svg>
+                </template>
+                {{ t('common.edit') }}
+              </NButton>
+            </div>
+
+            <!-- View mode -->
+            <div v-if="editingSection !== 'soul'" class="section-body">
+              <MarkdownRenderer v-if="!soulEmpty" :content="displaySoul" />
+              <p v-else class="empty-text">{{ t('memory.noSoul') }}</p>
+            </div>
+
+            <!-- Edit mode -->
+            <div v-else class="section-edit">
+              <textarea
+                v-model="editContent"
+                class="edit-textarea"
+                :placeholder="t('memory.soulPlaceholder')"
+                spellcheck="false"
+              ></textarea>
+              <div class="edit-actions">
+                <NButton size="small" @click="cancelEdit">{{ t('common.cancel') }}</NButton>
+                <NButton size="small" type="primary" :loading="saving" @click="handleSave">{{ t('common.save') }}</NButton>
+              </div>
+            </div>
+          </div>
+        </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.memory-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.memory-content {
+  flex: 1;
+  overflow: hidden;
+  padding: 20px;
+  display: flex;
+  flex-direction: column;
+}
+
+.memory-loading {
+  flex: 1;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  font-size: 13px;
+  color: $text-muted;
+}
+
+.memory-sections {
+  display: flex;
+  gap: 16px;
+  flex: 1;
+  min-height: 0;
+
+  @media (max-width: $breakpoint-mobile) {
+    flex-direction: column;
+  }
+}
+
+.memory-section {
+  flex: 1;
+  min-height: 0;
+  border: 1px solid $border-color;
+  border-radius: $radius-md;
+  overflow: hidden;
+  display: flex;
+  flex-direction: column;
+}
+
+.section-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 10px 16px;
+  background: $bg-secondary;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+}
+
+.section-title-row {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+
+.section-icon {
+  color: $text-secondary;
+  display: flex;
+}
+
+.section-title {
+  font-size: 14px;
+  font-weight: 600;
+  color: $text-primary;
+}
+
+.section-mtime {
+  font-size: 11px;
+  color: $text-muted;
+}
+
+.section-body {
+  flex: 1;
+  overflow-y: auto;
+  padding: 16px;
+  min-height: 0;
+}
+
+.empty-text {
+  color: $text-muted;
+  font-style: italic;
+  font-size: 13px;
+}
+
+.section-edit {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  padding: 12px 16px;
+  min-height: 0;
+}
+
+.edit-textarea {
+  flex: 1;
+  width: 100%;
+  min-height: 0;
+  padding: 12px;
+  border: 1px solid $border-color;
+  border-radius: $radius-sm;
+  background: $bg-input;
+  color: $text-primary;
+  font-family: $font-code;
+  font-size: 13px;
+  line-height: 1.6;
+  resize: none;
+  outline: none;
+
+  &:focus {
+    border-color: $accent-primary;
+  }
+}
+
+.edit-actions {
+  display: flex;
+  justify-content: flex-end;
+  gap: 8px;
+  margin-top: 10px;
+}
+</style>
diff --git a/packages/client/src/views/hermes/ModelsView.vue b/packages/client/src/views/hermes/ModelsView.vue
new file mode 100644
index 0000000..5d040e5
--- /dev/null
+++ b/packages/client/src/views/hermes/ModelsView.vue
@@ -0,0 +1,85 @@
+<script setup lang="ts">
+import { ref, onMounted } from 'vue'
+import { NButton, NSpin } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import ProvidersPanel from '@/components/hermes/models/ProvidersPanel.vue'
+import ProviderFormModal from '@/components/hermes/models/ProviderFormModal.vue'
+import { useModelsStore } from '@/stores/hermes/models'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { checkCopilotToken } from '@/api/hermes/copilot-auth'
+
+const { t } = useI18n()
+const modelsStore = useModelsStore()
+const profilesStore = useProfilesStore()
+const showModal = ref(false)
+
+async function loadProvidersForProfile() {
+  if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+    await profilesStore.fetchProfiles()
+  }
+  // 先 invalidate 后端 copilot 缓存（gh logout / VS Code 退出后下一次 list 立刻反映），
+  // 再拉 providers 与 appStore 的模型显示名配置。check-token 失败不阻断。
+  try { await checkCopilotToken() } catch { /* ignore */ }
+  await modelsStore.fetchProviders()
+}
+
+onMounted(async () => {
+  await loadProvidersForProfile()
+})
+
+function openCreateModal() {
+  showModal.value = true
+}
+
+function handleModalClose() {
+  showModal.value = false
+}
+
+async function handleSaved() {
+  await modelsStore.fetchProviders()
+  handleModalClose()
+}
+</script>
+
+<template>
+  <div class="models-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('models.title') }}</h2>
+      <NButton type="primary" size="small" @click="openCreateModal">
+        <template #icon>
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="12" y1="5" x2="12" y2="19"/><line x1="5" y1="12" x2="19" y2="12"/></svg>
+        </template>
+        {{ t('models.addProvider') }}
+      </NButton>
+    </header>
+
+    <div class="models-content">
+      <NSpin :show="modelsStore.loading && modelsStore.providers.length === 0">
+        <ProvidersPanel />
+      </NSpin>
+    </div>
+
+    <ProviderFormModal
+      v-if="showModal"
+      @close="handleModalClose"
+      @saved="handleSaved"
+    />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.models-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+
+.models-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+}
+</style>
diff --git a/packages/client/src/views/hermes/PerformanceView.vue b/packages/client/src/views/hermes/PerformanceView.vue
new file mode 100644
index 0000000..7a9b538
--- /dev/null
+++ b/packages/client/src/views/hermes/PerformanceView.vue
@@ -0,0 +1,493 @@
+<script setup lang="ts">
+import { computed, onBeforeUnmount, onMounted, ref } from 'vue'
+import { NButton, NSpin, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { fetchPerformanceRuntime, type PerformanceRuntimeSnapshot } from '@/api/hermes/performance-monitor'
+
+const { t } = useI18n()
+const message = useMessage()
+const snapshot = ref<PerformanceRuntimeSnapshot | null>(null)
+const loading = ref(false)
+const autoRefresh = ref(true)
+let timer: ReturnType<typeof setInterval> | undefined
+
+const brokerMemory = computed(() => snapshot.value?.bridge.broker.process?.memoryRssBytes ?? null)
+const webRssMemory = computed(() => snapshot.value?.web.memory.rss ?? null)
+const workerCount = computed(() => snapshot.value?.bridge.workers.length ?? 0)
+const runningWorkerCount = computed(() => snapshot.value?.bridge.workers.filter(worker => worker.running).length ?? 0)
+
+function formatBytes(value?: number | null): string {
+  if (value == null || !Number.isFinite(value)) return '-'
+  const units = ['B', 'KB', 'MB', 'GB', 'TB']
+  let size = value
+  let unit = 0
+  while (size >= 1024 && unit < units.length - 1) {
+    size /= 1024
+    unit += 1
+  }
+  return `${size.toFixed(unit === 0 ? 0 : 1)} ${units[unit]}`
+}
+
+function formatPercent(value?: number | null): string {
+  return value == null || !Number.isFinite(value) ? '-' : `${value.toFixed(1)}%`
+}
+
+function formatDuration(seconds?: number | null): string {
+  if (seconds == null || !Number.isFinite(seconds)) return '-'
+  const days = Math.floor(seconds / 86400)
+  const hours = Math.floor((seconds % 86400) / 3600)
+  const minutes = Math.floor((seconds % 3600) / 60)
+  if (days > 0) return `${days}d ${hours}h`
+  if (hours > 0) return `${hours}h ${minutes}m`
+  return `${minutes}m`
+}
+
+function formatTime(seconds?: number): string {
+  if (!seconds) return '-'
+  return new Date(seconds * 1000).toLocaleString()
+}
+
+function statusText(running: boolean): string {
+  return running ? t('performance.running') : t('performance.stopped')
+}
+
+async function loadRuntime(showError = true) {
+  loading.value = true
+  try {
+    snapshot.value = await fetchPerformanceRuntime()
+  } catch (err: any) {
+    if (showError) message.error(err?.message || t('performance.loadFailed'))
+  } finally {
+    loading.value = false
+  }
+}
+
+function setAutoRefresh(enabled: boolean) {
+  autoRefresh.value = enabled
+  if (timer) {
+    clearInterval(timer)
+    timer = undefined
+  }
+  if (enabled) {
+    timer = setInterval(() => loadRuntime(false), 5000)
+  }
+}
+
+onMounted(() => {
+  loadRuntime()
+  setAutoRefresh(true)
+})
+
+onBeforeUnmount(() => {
+  if (timer) clearInterval(timer)
+})
+</script>
+
+<template>
+  <div class="performance-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('performance.title') }}</h2>
+      <div class="header-actions">
+        <NButton size="small" :type="autoRefresh ? 'primary' : 'default'" secondary @click="setAutoRefresh(!autoRefresh)">
+          {{ autoRefresh ? t('performance.autoRefreshOn') : t('performance.autoRefreshOff') }}
+        </NButton>
+        <NButton size="small" :loading="loading" @click="loadRuntime()">{{ t('performance.refresh') }}</NButton>
+      </div>
+    </header>
+
+    <NSpin :show="loading && !snapshot" class="performance-spin">
+      <main v-if="snapshot" class="performance-content">
+        <section class="summary-grid">
+          <div class="summary-item">
+            <span class="summary-label">{{ t('performance.systemCpu') }}</span>
+            <strong>{{ formatPercent(snapshot.system.cpuPercent) }}</strong>
+            <div class="meter"><span :style="{ width: `${snapshot.system.cpuPercent || 0}%` }" /></div>
+          </div>
+          <div class="summary-item">
+            <span class="summary-label">{{ t('performance.systemMemory') }}</span>
+            <strong>{{ formatPercent(snapshot.system.memoryPercent) }}</strong>
+            <small>{{ formatBytes(snapshot.system.usedMemoryBytes) }} / {{ formatBytes(snapshot.system.totalMemoryBytes) }}</small>
+            <div class="meter"><span :style="{ width: `${snapshot.system.memoryPercent || 0}%` }" /></div>
+          </div>
+          <div class="summary-item">
+            <span class="summary-label">{{ t('performance.activeSessions') }}</span>
+            <strong>{{ snapshot.sessions.active }}</strong>
+            <small>{{ t('performance.runningSessions', { count: snapshot.sessions.running }) }}</small>
+          </div>
+          <div class="summary-item">
+            <span class="summary-label">{{ t('performance.workers') }}</span>
+            <strong>{{ runningWorkerCount }} / {{ workerCount }}</strong>
+            <small>{{ t('performance.totalWorkerMemory') }} {{ formatBytes(snapshot.bridge.totalWorkerMemoryRssBytes) }}</small>
+          </div>
+        </section>
+
+        <section class="runtime-section">
+          <div class="section-header">
+            <h3>{{ t('performance.processes') }}</h3>
+            <span>{{ snapshot.system.platform }} {{ snapshot.system.arch }} · {{ snapshot.system.cpuCount }} CPU · {{ t('performance.uptime') }} {{ formatDuration(snapshot.system.uptimeSeconds) }}</span>
+          </div>
+          <div class="process-grid">
+            <div class="process-row">
+              <div>
+                <strong>Web UI</strong>
+                <span>PID {{ snapshot.web.pid }}</span>
+              </div>
+              <span>{{ formatPercent(snapshot.web.cpuPercent) }}</span>
+              <span>{{ formatBytes(webRssMemory) }}</span>
+              <span class="status running">{{ statusText(true) }}</span>
+            </div>
+            <div class="process-row">
+              <div>
+                <strong>Bridge Broker</strong>
+                <span>{{ snapshot.bridge.endpoint }}</span>
+              </div>
+              <span>{{ formatPercent(snapshot.bridge.broker.process?.cpuPercent) }}</span>
+              <span>{{ formatBytes(brokerMemory) }}</span>
+              <span class="status" :class="{ running: snapshot.bridge.reachable && snapshot.bridge.broker.running }">
+                {{ snapshot.bridge.reachable && snapshot.bridge.broker.running ? statusText(true) : statusText(false) }}
+              </span>
+            </div>
+          </div>
+          <div v-if="snapshot.bridge.error" class="runtime-error">{{ snapshot.bridge.error }}</div>
+        </section>
+
+        <section class="runtime-section">
+          <div class="section-header">
+            <h3>{{ t('performance.workerMemory') }}</h3>
+            <span>{{ t('performance.lastUpdated') }} {{ new Date(snapshot.timestamp).toLocaleTimeString() }}</span>
+          </div>
+          <div class="worker-table-wrap">
+            <table class="worker-table">
+              <thead>
+                <tr>
+                  <th>{{ t('performance.profile') }}</th>
+                  <th>PID</th>
+                  <th>CPU</th>
+                  <th>{{ t('performance.memory') }}</th>
+                  <th>{{ t('performance.runningActiveSessions') }}</th>
+                  <th>{{ t('performance.lastUsed') }}</th>
+                  <th>{{ t('performance.status') }}</th>
+                </tr>
+              </thead>
+              <tbody>
+                <tr v-if="snapshot.bridge.workers.length === 0">
+                  <td colspan="7" class="empty-cell">{{ t('performance.noWorkers') }}</td>
+                </tr>
+                <tr v-for="worker in snapshot.bridge.workers" :key="worker.profile || worker.pid">
+                  <td>{{ worker.profile || '-' }}</td>
+                  <td>{{ worker.pid || '-' }}</td>
+                  <td>{{ formatPercent(worker.cpuPercent) }}</td>
+                  <td>{{ formatBytes(worker.memoryRssBytes) }}</td>
+                  <td>{{ worker.runningSessionCount }} / {{ worker.sessionCount }}</td>
+                  <td>{{ formatTime(worker.lastUsedAt) }}</td>
+                  <td><span class="status" :class="{ running: worker.running }">{{ statusText(worker.running) }}</span></td>
+                </tr>
+              </tbody>
+            </table>
+          </div>
+        </section>
+
+        <section class="runtime-section">
+          <div class="section-header">
+            <h3>{{ t('performance.sessionsByProfile') }}</h3>
+          </div>
+          <div class="session-list">
+            <div v-if="Object.keys(snapshot.sessions.byProfile).length === 0" class="session-empty">
+              {{ t('performance.noActiveSessions') }}
+            </div>
+            <div v-for="(count, profile) in snapshot.sessions.byProfile" :key="profile" class="session-row">
+              <span>{{ profile }}</span>
+              <strong>{{ count }}</strong>
+            </div>
+          </div>
+        </section>
+      </main>
+    </NSpin>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.performance-view {
+  height: 100%;
+  display: flex;
+  flex-direction: column;
+}
+
+.page-header {
+  display: flex;
+  flex-shrink: 0;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  padding: 21px 20px;
+  border-bottom: 1px solid $border-color;
+}
+
+.header-title {
+  margin: 0;
+  color: $text-primary;
+  font-size: 16px;
+  font-weight: 600;
+}
+
+.header-actions {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+
+.performance-spin {
+  flex: 1;
+  min-height: 0;
+}
+
+.performance-content {
+  height: 100%;
+  overflow-y: auto;
+  padding: 20px;
+}
+
+.summary-grid {
+  display: grid;
+  grid-template-columns: repeat(4, minmax(0, 1fr));
+  gap: 12px;
+  margin-bottom: 16px;
+}
+
+.summary-item,
+.runtime-section {
+  border: 1px solid $border-color;
+  border-radius: $radius-sm;
+  background: $bg-card;
+}
+
+.summary-item {
+  min-height: 108px;
+  padding: 14px;
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+}
+
+.summary-label,
+.summary-item small,
+.section-header span,
+.process-row div span {
+  color: $text-muted;
+  font-size: 12px;
+}
+
+.summary-item strong {
+  color: $text-primary;
+  font-size: 24px;
+  font-weight: 650;
+}
+
+.meter {
+  height: 6px;
+  overflow: hidden;
+  border-radius: 999px;
+  background: $bg-secondary;
+
+  span {
+    display: block;
+    height: 100%;
+    border-radius: inherit;
+    background: $accent-primary;
+  }
+}
+
+.runtime-section {
+  margin-top: 12px;
+  overflow: hidden;
+}
+
+.section-header {
+  min-height: 46px;
+  padding: 12px 14px;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  border-bottom: 1px solid $border-light;
+
+  h3 {
+    margin: 0;
+    color: $text-primary;
+    font-size: 14px;
+    font-weight: 600;
+  }
+}
+
+.process-grid {
+  display: grid;
+  grid-template-columns: 1fr;
+}
+
+.process-row {
+  min-height: 56px;
+  padding: 10px 14px;
+  display: grid;
+  grid-template-columns: minmax(0, 1fr) 80px 110px 86px;
+  align-items: center;
+  gap: 12px;
+  border-bottom: 1px solid $border-light;
+  color: $text-secondary;
+  font-size: 13px;
+
+  &:last-child {
+    border-bottom: 0;
+  }
+
+  div {
+    min-width: 0;
+    display: flex;
+    flex-direction: column;
+    gap: 3px;
+  }
+
+  strong {
+    color: $text-primary;
+    font-size: 13px;
+  }
+
+  span {
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+  }
+}
+
+.status {
+  width: fit-content;
+  max-width: 100%;
+  padding: 2px 8px;
+  border: 1px solid $border-color;
+  border-radius: 999px;
+  color: $text-muted;
+  font-size: 12px;
+
+  &.running {
+    border-color: rgba(var(--success-rgb), 0.35);
+    color: $success;
+    background: rgba(var(--success-rgb), 0.08);
+  }
+}
+
+.runtime-error {
+  padding: 10px 14px;
+  border-top: 1px solid $border-light;
+  color: $error;
+  font-size: 12px;
+}
+
+.worker-table-wrap {
+  overflow-x: auto;
+}
+
+.worker-table {
+  width: 100%;
+  min-width: 760px;
+  border-collapse: collapse;
+  color: $text-secondary;
+  font-size: 13px;
+
+  th,
+  td {
+    padding: 11px 14px;
+    border-bottom: 1px solid $border-light;
+    text-align: left;
+    white-space: nowrap;
+  }
+
+  th {
+    color: $text-muted;
+    font-size: 12px;
+    font-weight: 600;
+  }
+
+  td:first-child {
+    color: $text-primary;
+    font-weight: 600;
+  }
+
+  tr:last-child td {
+    border-bottom: 0;
+  }
+}
+
+.empty-cell,
+.session-empty {
+  color: $text-muted;
+  text-align: center;
+}
+
+.session-list {
+  padding: 6px 14px;
+}
+
+.session-row {
+  min-height: 34px;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  border-bottom: 1px solid $border-light;
+  color: $text-secondary;
+  font-size: 13px;
+
+  &:last-child {
+    border-bottom: 0;
+  }
+
+  strong {
+    color: $text-primary;
+  }
+}
+
+.session-empty {
+  padding: 18px 0;
+  font-size: 13px;
+}
+
+@media (max-width: 960px) {
+  .summary-grid {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .page-header,
+  .header-actions,
+  .section-header {
+    align-items: flex-start;
+    flex-direction: column;
+  }
+
+  .page-header {
+    position: sticky;
+    top: 0;
+    z-index: 20;
+    background: $bg-primary;
+  }
+
+  .header-actions {
+    width: 100%;
+  }
+
+  .summary-grid {
+    grid-template-columns: 1fr;
+  }
+
+  .process-row {
+    grid-template-columns: 1fr 72px;
+
+    > span:nth-child(3),
+    > span:nth-child(4) {
+      justify-self: start;
+    }
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/PluginsView.vue b/packages/client/src/views/hermes/PluginsView.vue
new file mode 100644
index 0000000..0064354
--- /dev/null
+++ b/packages/client/src/views/hermes/PluginsView.vue
@@ -0,0 +1,405 @@
+<script setup lang="ts">
+import { computed, ref, watch } from 'vue'
+import { NAlert, NButton, NEmpty, NInput, NSelect, NSpin, NTag, useMessage } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import { fetchPlugins, type HermesPluginInfo, type HermesPluginsMetadata } from '@/api/hermes/plugins'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+
+const { t, te } = useI18n()
+const message = useMessage()
+const profilesStore = useProfilesStore()
+
+const plugins = ref<HermesPluginInfo[]>([])
+const warnings = ref<string[]>([])
+const metadata = ref<HermesPluginsMetadata | null>(null)
+const loading = ref(false)
+const error = ref('')
+
+const searchQuery = ref('')
+const sourceFilter = ref<string | null>(null)
+const kindFilter = ref<string | null>(null)
+const statusFilter = ref<string | null>(null)
+
+const statusValues = ['enabled', 'auto-active', 'inactive', 'disabled', 'provider-managed'] as const
+const statusOptions = computed(() => statusValues.map(value => ({
+  label: t(`plugins.status.${value}`),
+  value,
+})))
+
+const sourceOptions = computed(() => toOptions(plugins.value.map(p => p.source)))
+const kindOptions = computed(() => toOptions(plugins.value.map(p => p.kind)))
+
+const summary = computed(() => ({
+  total: plugins.value.length,
+  active: plugins.value.filter(p => p.effectiveStatus === 'enabled' || p.effectiveStatus === 'auto-active').length,
+  inactive: plugins.value.filter(p => p.effectiveStatus === 'inactive').length,
+  disabled: plugins.value.filter(p => p.effectiveStatus === 'disabled').length,
+  providerManaged: plugins.value.filter(p => p.effectiveStatus === 'provider-managed').length,
+}))
+
+const filteredPlugins = computed(() => {
+  const query = searchQuery.value.trim().toLowerCase()
+  return plugins.value.filter((plugin) => {
+    if (sourceFilter.value && plugin.source !== sourceFilter.value) return false
+    if (kindFilter.value && plugin.kind !== kindFilter.value) return false
+    if (statusFilter.value && plugin.effectiveStatus !== statusFilter.value) return false
+    if (!query) return true
+    return [plugin.key, plugin.name, plugin.description, plugin.path, plugin.source, plugin.kind]
+      .some(value => String(value || '').toLowerCase().includes(query))
+  })
+})
+
+function toOptions(values: string[]) {
+  return Array.from(new Set(values.filter(Boolean))).sort((a, b) => a.localeCompare(b)).map(value => ({
+    label: value,
+    value,
+  }))
+}
+
+async function loadPlugins() {
+  loading.value = true
+  error.value = ''
+  try {
+    if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+      await profilesStore.fetchProfiles()
+    }
+    const data = await fetchPlugins()
+    plugins.value = data.plugins ?? []
+    warnings.value = data.warnings ?? []
+    metadata.value = data.metadata ?? null
+  } catch (err: any) {
+    error.value = err?.message || t('plugins.loadFailed')
+  } finally {
+    loading.value = false
+  }
+}
+
+function statusLabel(plugin: HermesPluginInfo) {
+  const key = `plugins.statusLabel.${plugin.effectiveStatus}`
+  return te(key) ? t(key) : plugin.effectiveStatus
+}
+
+function configStatusLabel(plugin: HermesPluginInfo) {
+  const key = `plugins.configStatuses.${plugin.configStatus}`
+  return te(key) ? t(key) : plugin.configStatus
+}
+
+function statusTagType(plugin: HermesPluginInfo): 'success' | 'warning' | 'error' | 'info' | 'default' {
+  switch (plugin.effectiveStatus) {
+    case 'enabled':
+    case 'auto-active':
+      return 'success'
+    case 'disabled':
+      return 'error'
+    case 'provider-managed':
+      return 'info'
+    default:
+      return 'warning'
+  }
+}
+
+function pluginCommand(plugin: HermesPluginInfo) {
+  const escapedKey = plugin.key.replace(/'/g, `'\\''`)
+  if (plugin.effectiveStatus === 'disabled' || plugin.effectiveStatus === 'inactive') {
+    return `hermes plugins enable '${escapedKey}'`
+  }
+  if (plugin.effectiveStatus === 'enabled') {
+    return `hermes plugins disable '${escapedKey}'`
+  }
+  return ''
+}
+
+async function copyCommand(plugin: HermesPluginInfo) {
+  const command = pluginCommand(plugin)
+  if (!command) return
+  await navigator.clipboard.writeText(command)
+  message.success(t('plugins.commandCopied'))
+}
+
+watch(() => profilesStore.activeProfileName || 'default', () => {
+  plugins.value = []
+  warnings.value = []
+  metadata.value = null
+  void loadPlugins()
+}, { immediate: true })
+</script>
+
+<template>
+  <div class="plugins-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('plugins.title') }}</h2>
+      <NButton size="small" quaternary :loading="loading" @click="loadPlugins">
+        {{ t('plugins.refresh') }}
+      </NButton>
+    </header>
+
+    <div class="plugins-content">
+      <NAlert type="info" :bordered="false" class="plugins-notice">
+        {{ t('plugins.notice') }}
+      </NAlert>
+
+      <NAlert v-if="error" type="error" class="plugins-notice">
+        {{ error }}
+      </NAlert>
+
+      <NAlert v-for="warning in warnings" :key="warning" type="warning" class="plugins-notice">
+        {{ warning }}
+      </NAlert>
+
+      <div class="summary-grid">
+        <div class="summary-card">
+          <span class="summary-label">{{ t('plugins.summary.total') }}</span>
+          <strong>{{ summary.total }}</strong>
+        </div>
+        <div class="summary-card success">
+          <span class="summary-label">{{ t('plugins.summary.active') }}</span>
+          <strong>{{ summary.active }}</strong>
+        </div>
+        <div class="summary-card warning">
+          <span class="summary-label">{{ t('plugins.summary.inactive') }}</span>
+          <strong>{{ summary.inactive }}</strong>
+        </div>
+        <div class="summary-card error">
+          <span class="summary-label">{{ t('plugins.summary.disabled') }}</span>
+          <strong>{{ summary.disabled }}</strong>
+        </div>
+        <div class="summary-card info">
+          <span class="summary-label">{{ t('plugins.summary.providerManaged') }}</span>
+          <strong>{{ summary.providerManaged }}</strong>
+        </div>
+      </div>
+
+      <div class="filter-row">
+        <NInput v-model:value="searchQuery" :placeholder="t('plugins.searchPlaceholder')" clearable />
+        <NSelect v-model:value="sourceFilter" :options="sourceOptions" :placeholder="t('plugins.source')" clearable />
+        <NSelect v-model:value="kindFilter" :options="kindOptions" :placeholder="t('plugins.kind')" clearable />
+        <NSelect v-model:value="statusFilter" :options="statusOptions" :placeholder="t('plugins.statusTitle')" clearable />
+      </div>
+
+      <NSpin :show="loading && plugins.length === 0">
+        <div v-if="filteredPlugins.length" class="plugins-table-wrap">
+          <table class="plugins-table">
+            <thead>
+              <tr>
+                <th>{{ t('plugins.table.plugin') }}</th>
+                <th>{{ t('plugins.table.status') }}</th>
+                <th>{{ t('plugins.table.source') }}</th>
+                <th>{{ t('plugins.table.kind') }}</th>
+                <th>{{ t('plugins.table.capabilities') }}</th>
+                <th>{{ t('plugins.table.path') }}</th>
+                <th>{{ t('plugins.table.cli') }}</th>
+              </tr>
+            </thead>
+            <tbody>
+              <tr v-for="plugin in filteredPlugins" :key="plugin.key">
+                <td>
+                  <div class="plugin-name">
+                    <strong>{{ plugin.key }}</strong>
+                    <span v-if="plugin.name !== plugin.key">{{ plugin.name }}</span>
+                  </div>
+                  <div v-if="plugin.description" class="description">{{ plugin.description }}</div>
+                  <div v-if="plugin.version || plugin.author" class="meta-line">
+                    <span v-if="plugin.version">v{{ plugin.version }}</span>
+                    <span v-if="plugin.author">{{ plugin.author }}</span>
+                  </div>
+                </td>
+                <td>
+                  <NTag size="small" :type="statusTagType(plugin)">{{ statusLabel(plugin) }}</NTag>
+                  <div class="config-status">{{ t('plugins.configStatus', { status: configStatusLabel(plugin) }) }}</div>
+                </td>
+                <td><NTag size="small" round>{{ plugin.source }}</NTag></td>
+                <td><NTag size="small" round>{{ plugin.kind }}</NTag></td>
+                <td>
+                  <div class="capability-list">
+                    <span>{{ t('plugins.capabilities.tools', { count: plugin.providesTools.length }) }}</span>
+                    <span>{{ t('plugins.capabilities.hooks', { count: plugin.providesHooks.length }) }}</span>
+                    <span>{{ t('plugins.capabilities.env', { count: plugin.requiresEnv.length }) }}</span>
+                  </div>
+                </td>
+                <td><code class="path-cell">{{ plugin.path || t('plugins.notAvailable') }}</code></td>
+                <td>
+                  <NButton v-if="pluginCommand(plugin)" size="tiny" secondary @click="copyCommand(plugin)">
+                    {{ t('plugins.copyCommand') }}
+                  </NButton>
+                  <span v-else class="muted">{{ t('plugins.managedElsewhere') }}</span>
+                </td>
+              </tr>
+            </tbody>
+          </table>
+        </div>
+        <NEmpty v-else-if="!loading" :description="t('plugins.noMatch')" />
+      </NSpin>
+
+      <div v-if="metadata" class="metadata-panel">
+        <span>{{ t('plugins.metadata.agentRoot') }}: <code>{{ metadata.hermesAgentRoot }}</code></span>
+        <span>{{ t('plugins.metadata.python') }}: <code>{{ metadata.pythonExecutable }}</code></span>
+        <span>{{ t('plugins.metadata.scanCwd') }}: <code>{{ metadata.cwd }}</code></span>
+        <span>{{ t('plugins.metadata.projectPlugins') }}: <code>{{ metadata.projectPluginsEnabled ? t('plugins.enabled') : t('plugins.disabled') }}</code></span>
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.plugins-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.plugins-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+}
+
+.plugins-notice {
+  margin-bottom: 14px;
+}
+
+.summary-grid {
+  display: grid;
+  grid-template-columns: repeat(5, minmax(120px, 1fr));
+  gap: 12px;
+  margin-bottom: 16px;
+}
+
+.summary-card {
+  padding: 14px;
+  border: 1px solid $border-color;
+  border-radius: 12px;
+  background: $bg-secondary;
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+
+  strong {
+    font-size: 24px;
+    line-height: 1;
+  }
+
+  &.success strong { color: $success; }
+  &.warning strong { color: $warning; }
+  &.error strong { color: $error; }
+  &.info strong { color: $accent-primary; }
+}
+
+.summary-label {
+  font-size: 11px;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+}
+
+.filter-row {
+  display: grid;
+  grid-template-columns: minmax(240px, 1fr) repeat(3, minmax(140px, 180px));
+  gap: 10px;
+  margin-bottom: 16px;
+}
+
+.plugins-table-wrap {
+  overflow-x: auto;
+  border: 1px solid $border-color;
+  border-radius: 12px;
+  background: $bg-secondary;
+}
+
+.plugins-table {
+  width: 100%;
+  border-collapse: collapse;
+  min-width: 980px;
+
+  th,
+  td {
+    padding: 12px;
+    border-bottom: 1px solid $border-color;
+    text-align: left;
+    vertical-align: top;
+    font-size: 13px;
+  }
+
+  th {
+    color: $text-muted;
+    font-size: 11px;
+    text-transform: uppercase;
+    letter-spacing: 0.04em;
+    background: rgba(var(--accent-primary-rgb), 0.04);
+  }
+
+  tr:last-child td {
+    border-bottom: none;
+  }
+}
+
+.plugin-name {
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+
+  span {
+    color: $text-muted;
+    font-size: 12px;
+  }
+}
+
+.description {
+  margin-top: 6px;
+  color: $text-secondary;
+  max-width: 420px;
+}
+
+.meta-line,
+.config-status,
+.muted {
+  margin-top: 6px;
+  color: $text-muted;
+  font-size: 11px;
+}
+
+.meta-line {
+  display: flex;
+  gap: 8px;
+}
+
+.capability-list {
+  display: flex;
+  flex-direction: column;
+  gap: 4px;
+  color: $text-secondary;
+}
+
+.path-cell {
+  display: inline-block;
+  max-width: 320px;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  color: $text-muted;
+  background: rgba(var(--accent-primary-rgb), 0.06);
+  padding: 2px 6px;
+  border-radius: 6px;
+}
+
+.metadata-panel {
+  margin-top: 16px;
+  display: flex;
+  flex-wrap: wrap;
+  gap: 10px 16px;
+  color: $text-muted;
+  font-size: 11px;
+
+  code {
+    color: $text-secondary;
+  }
+}
+
+@media (max-width: 900px) {
+  .summary-grid,
+  .filter-row {
+    grid-template-columns: 1fr;
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/ProfilesView.vue b/packages/client/src/views/hermes/ProfilesView.vue
new file mode 100644
index 0000000..de3bd72
--- /dev/null
+++ b/packages/client/src/views/hermes/ProfilesView.vue
@@ -0,0 +1,107 @@
+<script setup lang="ts">
+import { ref, onMounted } from 'vue'
+import { NButton, NSpin } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import ProfilesPanel from '@/components/hermes/profiles/ProfilesPanel.vue'
+import ProfileCreateModal from '@/components/hermes/profiles/ProfileCreateModal.vue'
+import ProfileRenameModal from '@/components/hermes/profiles/ProfileRenameModal.vue'
+import ProfileImportModal from '@/components/hermes/profiles/ProfileImportModal.vue'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+
+const { t } = useI18n()
+const profilesStore = useProfilesStore()
+
+const showCreateModal = ref(false)
+const showImportModal = ref(false)
+const renamingProfile = ref<string | null>(null)
+
+onMounted(() => {
+  profilesStore.fetchHermesProfiles()
+})
+
+function handleCreated() {
+  showCreateModal.value = false
+}
+
+function handleRenamed() {
+  renamingProfile.value = null
+}
+
+function handleImported() {
+  showImportModal.value = false
+}
+</script>
+
+<template>
+  <div class="profiles-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('profiles.title') }}</h2>
+      <div class="header-actions">
+        <NButton size="small" @click="showImportModal = true">
+          <template #icon>
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+              <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4" />
+              <polyline points="17 8 12 3 7 8" />
+              <line x1="12" y1="3" x2="12" y2="15" />
+            </svg>
+          </template>
+          {{ t('profiles.import') }}
+        </NButton>
+        <NButton type="primary" size="small" @click="showCreateModal = true">
+          <template #icon>
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+              <line x1="12" y1="5" x2="12" y2="19" />
+              <line x1="5" y1="12" x2="19" y2="12" />
+            </svg>
+          </template>
+          {{ t('profiles.create') }}
+        </NButton>
+      </div>
+    </header>
+
+    <div class="profiles-content">
+      <NSpin :show="profilesStore.loading && profilesStore.profiles.length === 0">
+        <ProfilesPanel @rename="renamingProfile = $event" />
+      </NSpin>
+    </div>
+
+    <ProfileCreateModal
+      v-if="showCreateModal"
+      @close="showCreateModal = false"
+      @saved="handleCreated"
+    />
+    <ProfileRenameModal
+      v-if="renamingProfile"
+      :profile-name="renamingProfile"
+      @close="renamingProfile = null"
+      @saved="handleRenamed"
+    />
+    <ProfileImportModal
+      v-if="showImportModal"
+      @close="showImportModal = false"
+      @saved="handleImported"
+    />
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.profiles-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.header-actions {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+
+.profiles-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+}
+</style>
diff --git a/packages/client/src/views/hermes/SettingsView.vue b/packages/client/src/views/hermes/SettingsView.vue
new file mode 100644
index 0000000..487da39
--- /dev/null
+++ b/packages/client/src/views/hermes/SettingsView.vue
@@ -0,0 +1,139 @@
+<script setup lang="ts">
+import { computed, onMounted, ref, watch } from "vue";
+import { useRoute, useRouter } from "vue-router";
+import {
+  NTabs,
+  NTabPane,
+  NSpin,
+} from "naive-ui";
+import { useI18n } from "vue-i18n";
+import { useSettingsStore } from "@/stores/hermes/settings";
+import DisplaySettings from "@/components/hermes/settings/DisplaySettings.vue";
+import AgentSettings from "@/components/hermes/settings/AgentSettings.vue";
+import MemorySettings from "@/components/hermes/settings/MemorySettings.vue";
+import CompressionSettings from "@/components/hermes/settings/CompressionSettings.vue";
+import SessionSettings from "@/components/hermes/settings/SessionSettings.vue";
+import PrivacySettings from "@/components/hermes/settings/PrivacySettings.vue";
+import ModelSettings from "@/components/hermes/settings/ModelSettings.vue";
+import AccountSettings from "@/components/hermes/settings/AccountSettings.vue";
+import UserManagementSettings from "@/components/hermes/settings/UserManagementSettings.vue";
+import VoiceSettings from "@/components/hermes/settings/VoiceSettings.vue";
+import { isStoredSuperAdmin } from "@/api/client";
+import { useProfilesStore } from "@/stores/hermes/profiles";
+
+const settingsStore = useSettingsStore();
+const profilesStore = useProfilesStore();
+const { t } = useI18n();
+const canManageUsers = isStoredSuperAdmin();
+const route = useRoute();
+const router = useRouter();
+const activeTab = ref("account");
+
+const validTabs = computed(() => new Set([
+  "account",
+  ...(canManageUsers ? ["users"] : []),
+  "display",
+  "agent",
+  "memory",
+  "compression",
+  "session",
+  "privacy",
+  "models",
+  "voice",
+]));
+
+function normalizeTab(value: unknown): string {
+  const tab = typeof value === "string" ? value : "";
+  return validTabs.value.has(tab) ? tab : "account";
+}
+
+function handleTabUpdate(tab: string) {
+  activeTab.value = normalizeTab(tab);
+  router.replace({
+    query: {
+      ...route.query,
+      tab: activeTab.value === "account" ? undefined : activeTab.value,
+    },
+  });
+}
+
+watch(() => route.query.tab, (tab) => {
+  activeTab.value = normalizeTab(tab);
+}, { immediate: true });
+
+async function loadSettingsForProfile() {
+  if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+    await profilesStore.fetchProfiles();
+  }
+  await settingsStore.fetchSettings();
+}
+
+onMounted(() => {
+  void loadSettingsForProfile();
+});
+</script>
+
+<template>
+  <div class="settings-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t("settings.title") }}</h2>
+    </header>
+
+    <div class="settings-content">
+      <NSpin
+        :show="settingsStore.loading || settingsStore.saving"
+        size="large"
+        :description="t('common.loading')"
+      >
+        <NTabs v-model:value="activeTab" type="line" animated @update:value="handleTabUpdate">
+          <NTabPane name="account" :tab="t('settings.tabs.account')">
+            <AccountSettings />
+          </NTabPane>
+          <NTabPane v-if="canManageUsers" name="users" :tab="t('settings.tabs.users')">
+            <UserManagementSettings />
+          </NTabPane>
+          <NTabPane name="display" :tab="t('settings.tabs.display')">
+            <DisplaySettings />
+          </NTabPane>
+          <NTabPane name="agent" :tab="t('settings.tabs.agent')">
+            <AgentSettings />
+          </NTabPane>
+          <NTabPane name="memory" :tab="t('settings.tabs.memory')">
+            <MemorySettings />
+          </NTabPane>
+          <NTabPane name="compression" :tab="t('settings.tabs.compression')">
+            <CompressionSettings />
+          </NTabPane>
+          <NTabPane name="session" :tab="t('settings.tabs.session')">
+            <SessionSettings />
+          </NTabPane>
+          <NTabPane name="privacy" :tab="t('settings.tabs.privacy')">
+            <PrivacySettings />
+          </NTabPane>
+          <NTabPane name="models" :tab="t('settings.tabs.models')">
+            <ModelSettings />
+          </NTabPane>
+          <NTabPane name="voice" :tab="t('settings.tabs.voice')">
+            <VoiceSettings />
+          </NTabPane>
+        </NTabs>
+      </NSpin>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.settings-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.settings-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+}
+</style>
diff --git a/packages/client/src/views/hermes/SkillsUsageView.vue b/packages/client/src/views/hermes/SkillsUsageView.vue
new file mode 100644
index 0000000..59c909e
--- /dev/null
+++ b/packages/client/src/views/hermes/SkillsUsageView.vue
@@ -0,0 +1,686 @@
+<script setup lang="ts">
+import { computed, onMounted, ref } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { NButton } from 'naive-ui'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import {
+  fetchSkillUsageStats,
+  type SkillUsageDailyRow,
+  type SkillUsageRow,
+  type SkillUsageStats,
+} from '@/api/hermes/skills'
+
+const { t } = useI18n()
+const profilesStore = useProfilesStore()
+const periodOptions = [7, 30, 90, 365]
+const maxVisibleChartSkills = 6
+const skillPalette = [
+  '#2f6eea',
+  '#f26d3d',
+  '#f49a5c',
+  '#9aa7ff',
+  '#8f2c8f',
+  '#00c2d1',
+]
+const otherSkillColor = '#5b6b84'
+
+interface ChartSegment {
+  key: string
+  label: string
+  count: number
+  color: string
+}
+
+const selectedDays = ref(7)
+const loading = ref(false)
+const error = ref('')
+const statsByPeriod = ref<Record<number, SkillUsageStats | undefined>>({})
+let requestSeq = 0
+const latestRequestByPeriod: Record<number, number> = {}
+
+const stats = computed(() => statsByPeriod.value[selectedDays.value] ?? null)
+const hasData = computed(() => (stats.value?.summary.total_skill_actions ?? 0) > 0)
+const maxDailyActions = computed(() => Math.max(...(stats.value?.by_day ?? []).map(day => day.total_count), 1))
+const isRefreshing = computed(() => loading.value && !!stats.value)
+const hoveredDayKey = ref<string | null>(null)
+const hoveredDayIndex = ref<number | null>(null)
+const hoveredDay = computed(() => stats.value?.by_day.find(day => day.date === hoveredDayKey.value) ?? null)
+const hoveredSegments = computed(() => hoveredDay.value ? chartSegments(hoveredDay.value) : [])
+const tooltipAlignment = computed(() => {
+  const dayCount = stats.value?.by_day.length ?? 0
+  if (hoveredDayIndex.value === null || dayCount <= 0) return 'align-right'
+  return hoveredDayIndex.value >= dayCount / 2 ? 'align-left' : 'align-right'
+})
+const chartSkills = computed(() => (stats.value?.top_skills ?? []).slice(0, maxVisibleChartSkills))
+const chartSkillSet = computed(() => new Set(chartSkills.value.map(skill => skill.skill)))
+
+function formatPercent(value: number): string {
+  return `${value.toFixed(1)}%`
+}
+
+function formatLastUsed(timestamp: number | null): string {
+  if (!timestamp) return '—'
+  return new Date(timestamp * 1000).toLocaleString()
+}
+
+function dailyBarHeight(total: number): string {
+  return `${Math.max(2, (total / maxDailyActions.value) * 100)}%`
+}
+
+function segmentFlex(value: number): number {
+  return Math.max(value, 0)
+}
+
+function totalSkillActions(skill: Pick<SkillUsageRow, 'view_count' | 'manage_count' | 'total_count'>): number {
+  return skill.total_count || skill.view_count + skill.manage_count
+}
+
+function otherSkillsLabel(): string {
+  const hiddenCount = Math.max((stats.value?.top_skills.length ?? 0) - maxVisibleChartSkills, 0)
+  return hiddenCount > 0 ? `${t('skillsUsage.otherSkills')} (+${hiddenCount})` : t('skillsUsage.otherSkills')
+}
+
+function colorForSkill(skillName: string): string {
+  const index = chartSkills.value.findIndex(skill => skill.skill === skillName)
+  return index >= 0 ? skillPalette[index % skillPalette.length] : otherSkillColor
+}
+
+function chartSegments(day: SkillUsageDailyRow): ChartSegment[] {
+  const daySkills = day.skills ?? []
+  const bySkill = new Map(daySkills.map(skill => [skill.skill, totalSkillActions(skill)]))
+  const segments: ChartSegment[] = chartSkills.value
+    .map(skill => ({
+      key: skill.skill,
+      label: skill.skill,
+      count: bySkill.get(skill.skill) ?? 0,
+      color: colorForSkill(skill.skill),
+    }))
+    .filter(segment => segment.count > 0)
+
+  const otherTotal = daySkills
+    .filter(skill => !chartSkillSet.value.has(skill.skill))
+    .reduce((sum, skill) => sum + totalSkillActions(skill), 0)
+
+  if (otherTotal > 0) {
+    segments.push({
+      key: 'other-skills',
+      label: otherSkillsLabel(),
+      count: otherTotal,
+      color: otherSkillColor,
+    })
+  }
+
+  return segments
+}
+
+function showTooltip(day: SkillUsageDailyRow, index: number) {
+  hoveredDayKey.value = day.date
+  hoveredDayIndex.value = index
+}
+
+function hideTooltip(day: SkillUsageDailyRow) {
+  if (hoveredDayKey.value === day.date) {
+    hoveredDayKey.value = null
+    hoveredDayIndex.value = null
+  }
+}
+
+async function loadStats(days = selectedDays.value, force = false) {
+  selectedDays.value = days
+  if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+    await profilesStore.fetchProfiles()
+  }
+  const seq = ++requestSeq
+  latestRequestByPeriod[days] = seq
+  loading.value = true
+  if (!statsByPeriod.value[days] || force) error.value = ''
+
+  try {
+    const next = await fetchSkillUsageStats(days)
+    if (latestRequestByPeriod[days] === seq) {
+      statsByPeriod.value = {
+        ...statsByPeriod.value,
+        [days]: next,
+      }
+    }
+    if (seq === requestSeq) error.value = ''
+  } catch (err: any) {
+    if (seq === requestSeq) error.value = err?.message || t('skillsUsage.loadFailed')
+  } finally {
+    if (seq === requestSeq) loading.value = false
+  }
+}
+
+onMounted(() => {
+  void loadStats(7)
+})
+</script>
+
+<template>
+  <div class="skills-usage-view">
+    <header class="page-header">
+      <div class="header-text">
+        <h2 class="header-title">{{ t('skillsUsage.title') }}</h2>
+        <p class="header-subtitle">{{ t('skillsUsage.subtitle') }}</p>
+      </div>
+      <div class="skills-usage-toolbar">
+        <div class="period-selector" role="group" :aria-label="t('skillsUsage.periodSelector')">
+          <NButton
+            v-for="days in periodOptions"
+            :key="days"
+            size="small"
+            :secondary="selectedDays === days"
+            :quaternary="selectedDays !== days"
+            :type="selectedDays === days ? 'primary' : 'default'"
+            :aria-pressed="selectedDays === days ? 'true' : 'false'"
+            @click="loadStats(days)"
+          >
+            {{ t('skillsUsage.periodLabel', { days }) }}
+          </NButton>
+        </div>
+        <NButton size="small" quaternary :loading="loading" @click="loadStats(selectedDays, true)">
+          {{ t('skillsUsage.refresh') }}
+        </NButton>
+      </div>
+    </header>
+
+    <div class="skills-usage-content">
+      <div v-if="error && !stats" class="skills-usage-state error">
+        {{ error }}
+      </div>
+      <div v-else-if="loading && !stats" class="skills-usage-state">
+        {{ t('common.loading') }}
+      </div>
+      <template v-else-if="stats">
+        <div v-if="error" class="inline-error">
+          {{ error }}
+        </div>
+        <section class="overview-grid">
+          <div class="usage-panel chart-panel" :class="{ 'is-refreshing': isRefreshing }" data-testid="skills-usage-chart">
+            <div class="panel-header">
+              <h3>{{ t('skillsUsage.dailyTrend') }}</h3>
+              <span>{{ t('skillsUsage.periodSummary', { days: stats.period_days }) }}</span>
+            </div>
+            <div v-if="!hasData" class="skills-usage-state compact">
+              {{ t('skillsUsage.noData') }}
+            </div>
+            <template v-else>
+              <div class="skill-bar-chart">
+                <div
+                  v-for="(day, index) in stats.by_day"
+                  :key="day.date"
+                  class="skill-bar-col"
+                  tabindex="0"
+                  @mouseenter="showTooltip(day, index)"
+                  @focusin="showTooltip(day, index)"
+                  @mouseleave="hideTooltip(day)"
+                  @focusout="hideTooltip(day)"
+                >
+                  <div class="skill-bar-track">
+                    <div class="skill-bar-fill" :style="{ height: dailyBarHeight(day.total_count) }">
+                      <div
+                        v-for="segment in chartSegments(day)"
+                        :key="segment.key"
+                        class="skill-bar-segment"
+                        :data-skill="segment.key"
+                        :style="{ flex: segmentFlex(segment.count), background: segment.color }"
+                      />
+                    </div>
+                  </div>
+                </div>
+              </div>
+              <div v-if="hoveredDay" class="floating-tooltip" :class="tooltipAlignment">
+                <div class="tooltip-date">{{ hoveredDay.date }}</div>
+                <div v-for="segment in hoveredSegments" :key="segment.key" class="tooltip-row">
+                  <i class="tooltip-dot" :style="{ background: segment.color }" />
+                  <span>{{ segment.label }}</span>
+                  <strong>{{ segment.count }}</strong>
+                </div>
+                <div class="tooltip-row total">
+                  <span>{{ t('skillsUsage.totalActions') }}</span>
+                  <strong>{{ hoveredDay.total_count }}</strong>
+                </div>
+              </div>
+              <div class="bar-dates">
+                <span>{{ stats.by_day[0]?.date.slice(5) }}</span>
+                <span>{{ stats.by_day[stats.by_day.length - 1]?.date.slice(5) }}</span>
+              </div>
+            </template>
+          </div>
+
+          <div class="summary-grid" data-testid="skills-usage-stats" :aria-label="t('skillsUsage.summary')">
+            <div class="summary-card primary">
+              <div class="summary-label">{{ t('skillsUsage.totalActions') }}</div>
+              <div class="summary-value">{{ stats.summary.total_skill_actions }}</div>
+            </div>
+            <div class="summary-card">
+              <div class="summary-label">{{ t('skillsUsage.loads') }}</div>
+              <div class="summary-value">{{ stats.summary.total_skill_loads }}</div>
+            </div>
+            <div class="summary-card">
+              <div class="summary-label">{{ t('skillsUsage.edits') }}</div>
+              <div class="summary-value">{{ stats.summary.total_skill_edits }}</div>
+            </div>
+            <div class="summary-card">
+              <div class="summary-label">{{ t('skillsUsage.distinctSkills') }}</div>
+              <div class="summary-value">{{ stats.summary.distinct_skills_used }}</div>
+            </div>
+          </div>
+        </section>
+
+        <section class="usage-panel">
+          <div class="panel-header">
+            <h3>{{ t('skillsUsage.topSkills') }}</h3>
+            <span>{{ t('skillsUsage.periodSummary', { days: stats.period_days }) }}</span>
+          </div>
+          <div v-if="!hasData" class="skills-usage-state compact">
+            {{ t('skillsUsage.noData') }}
+          </div>
+          <div v-else class="skills-table" role="table" :aria-label="t('skillsUsage.topSkills')">
+            <div class="skills-row table-head" role="row">
+              <span role="columnheader">{{ t('skillsUsage.skill') }}</span>
+              <span role="columnheader">{{ t('skillsUsage.loads') }}</span>
+              <span role="columnheader">{{ t('skillsUsage.edits') }}</span>
+              <span role="columnheader">{{ t('skillsUsage.share') }}</span>
+              <span role="columnheader">{{ t('skillsUsage.lastUsed') }}</span>
+            </div>
+            <div v-for="skill in stats.top_skills" :key="skill.skill" class="skills-row" role="row">
+              <span class="skill-name" role="cell">
+                <i class="skill-color-dot" :style="{ background: colorForSkill(skill.skill) }" />
+                {{ skill.skill }}
+              </span>
+              <span role="cell">{{ skill.view_count }}</span>
+              <span role="cell">{{ skill.manage_count }}</span>
+              <span class="share-cell" role="cell">
+                <span class="share-bar"><span :style="{ width: formatPercent(skill.percentage), background: colorForSkill(skill.skill) }" /></span>
+                {{ formatPercent(skill.percentage) }}
+              </span>
+              <span class="last-used" role="cell">{{ formatLastUsed(skill.last_used_at) }}</span>
+            </div>
+          </div>
+        </section>
+      </template>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.skills-usage-view {
+  height: 100%;
+  display: flex;
+  flex-direction: column;
+}
+
+.page-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  flex-shrink: 0;
+  padding: 21px 20px;
+  border-bottom: 1px solid $border-color;
+}
+
+.header-text {
+  display: flex;
+  align-items: baseline;
+  gap: 8px;
+}
+
+.header-subtitle {
+  margin: 4px 0 0;
+  color: $text-muted;
+  font-size: 13px;
+}
+
+.skills-usage-toolbar {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  flex-wrap: wrap;
+  justify-content: flex-end;
+}
+
+.period-selector {
+  display: flex;
+  gap: 4px;
+  flex-wrap: wrap;
+}
+
+.skills-usage-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+  max-width: 1120px;
+  margin: 0 auto;
+  width: 100%;
+  scrollbar-width: none;
+  -ms-overflow-style: none;
+
+  &::-webkit-scrollbar {
+    display: none;
+  }
+}
+
+.overview-grid {
+  display: grid;
+  grid-template-columns: minmax(0, 1.7fr) minmax(260px, 0.9fr);
+  gap: 16px;
+  margin-bottom: 16px;
+}
+
+.summary-grid {
+  display: grid;
+  grid-template-columns: repeat(2, minmax(0, 1fr));
+  gap: 12px;
+}
+
+.summary-card,
+.usage-panel {
+  background: $bg-secondary;
+  border: 1px solid $border-color;
+  border-radius: 12px;
+}
+
+.summary-card {
+  padding: 14px;
+
+  &.primary {
+    grid-column: span 2;
+  }
+}
+
+.summary-label {
+  color: $text-muted;
+  font-size: 12px;
+}
+
+.summary-value {
+  margin-top: 6px;
+  color: $text-primary;
+  font-size: 24px;
+  font-weight: 700;
+}
+
+.usage-panel {
+  padding: 16px;
+  position: relative;
+
+  &.is-refreshing::after {
+    content: '';
+    position: absolute;
+    top: 10px;
+    right: 12px;
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    background: $accent-primary;
+    box-shadow: 0 0 0 4px $accent-muted;
+    animation: refresh-pulse 1s ease-in-out infinite;
+  }
+}
+
+@keyframes refresh-pulse {
+  0%, 100% {
+    opacity: 0.45;
+    transform: scale(0.8);
+  }
+  50% {
+    opacity: 1;
+    transform: scale(1);
+  }
+}
+
+.inline-error {
+  margin-bottom: 12px;
+  color: $error;
+  font-size: 12px;
+}
+
+.panel-header {
+  display: flex;
+  align-items: baseline;
+  justify-content: space-between;
+  gap: 12px;
+  margin-bottom: 12px;
+
+  h3 {
+    margin: 0;
+    font-size: 16px;
+    color: $text-primary;
+  }
+
+  span {
+    color: $text-muted;
+    font-size: 12px;
+  }
+}
+
+.skill-bar-chart {
+  display: flex;
+  gap: 3px;
+  min-height: 180px;
+  align-items: flex-end;
+}
+
+.skill-bar-col {
+  flex: 1;
+  min-width: 3px;
+  position: relative;
+  outline: none;
+
+  &:focus-visible .skill-bar-track {
+    box-shadow: 0 0 0 2px $accent-muted;
+  }
+}
+
+.skill-bar-track {
+  height: 180px;
+  display: flex;
+  align-items: flex-end;
+  background: $bg-card;
+  border-radius: 3px 3px 0 0;
+  overflow: hidden;
+}
+
+.skill-bar-fill {
+  width: 100%;
+  min-height: 2px;
+  display: flex;
+  flex-direction: column-reverse;
+  border-radius: 3px 3px 0 0;
+  overflow: hidden;
+  transition: height 0.2s ease;
+}
+
+.skill-bar-segment {
+  min-height: 1px;
+}
+
+.floating-tooltip {
+  position: absolute;
+  top: 50px;
+  width: min(360px, calc(100% - 32px));
+  max-height: calc(100% - 70px);
+  overflow-y: auto;
+  background: $bg-secondary;
+  color: $text-primary;
+  border: 1px solid $border-color;
+  box-shadow: 0 12px 30px rgba(0, 0, 0, 0.35);
+  padding: 8px 10px;
+  border-radius: $radius-sm;
+  font-size: 11px;
+  white-space: nowrap;
+  z-index: 20;
+  pointer-events: none;
+
+  &.align-left {
+    left: 16px;
+    right: auto;
+  }
+
+  &.align-right {
+    right: 16px;
+    left: auto;
+  }
+}
+
+.tooltip-date {
+  font-weight: 600;
+  margin-bottom: 6px;
+}
+
+.tooltip-row {
+  display: grid;
+  grid-template-columns: 8px minmax(0, 1fr) auto;
+  align-items: center;
+  gap: 7px;
+  color: $text-secondary;
+  font-size: 10px;
+  line-height: 1.6;
+
+  span {
+    overflow: hidden;
+    text-overflow: ellipsis;
+  }
+
+  strong {
+    color: $text-primary;
+    font-weight: 600;
+  }
+
+  &.total {
+    grid-template-columns: minmax(0, 1fr) auto;
+    margin-top: 4px;
+    padding-top: 4px;
+    border-top: 1px solid $border-color;
+  }
+}
+
+.tooltip-dot {
+  width: 8px;
+  height: 8px;
+  border-radius: 2px;
+}
+
+.bar-dates {
+  display: flex;
+  justify-content: space-between;
+  color: $text-muted;
+  font-size: 11px;
+  margin-top: 8px;
+}
+
+.skill-color-dot {
+  width: 8px;
+  height: 8px;
+  border-radius: 50%;
+  flex-shrink: 0;
+}
+
+.skills-table {
+  display: grid;
+  gap: 2px;
+}
+
+.skills-row {
+  display: grid;
+  grid-template-columns: minmax(180px, 1fr) 80px 80px minmax(120px, 160px) minmax(160px, 1fr);
+  align-items: center;
+  gap: 12px;
+  padding: 10px 8px;
+  border-radius: 8px;
+  color: $text-secondary;
+  font-size: 13px;
+
+  &:not(.table-head):hover {
+    background: $bg-card-hover;
+  }
+}
+
+.table-head {
+  color: $text-muted;
+  font-size: 12px;
+  font-weight: 600;
+  text-transform: uppercase;
+}
+
+.skill-name {
+  display: inline-flex;
+  align-items: center;
+  gap: 8px;
+  color: $text-primary;
+  font-weight: 600;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.share-cell {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+
+.share-bar {
+  width: 54px;
+  height: 6px;
+  background: $bg-card;
+  border-radius: 999px;
+  overflow: hidden;
+
+  span {
+    display: block;
+    height: 100%;
+    border-radius: inherit;
+  }
+}
+
+.last-used {
+  color: $text-muted;
+}
+
+.skills-usage-state {
+  text-align: center;
+  padding: 60px 0;
+  color: $text-muted;
+  font-size: 14px;
+
+  &.compact {
+    padding: 24px 0;
+  }
+
+  &.error {
+    color: $error;
+  }
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .page-header {
+    flex-direction: column;
+    align-items: stretch;
+  }
+
+  .skills-usage-toolbar {
+    justify-content: flex-start;
+  }
+
+  .overview-grid {
+    grid-template-columns: 1fr;
+  }
+
+  .summary-grid {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+
+  .skills-row {
+    grid-template-columns: minmax(140px, 1fr) repeat(3, 64px);
+
+    span:last-child {
+      display: none;
+    }
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/SkillsView.vue b/packages/client/src/views/hermes/SkillsView.vue
new file mode 100644
index 0000000..07178b0
--- /dev/null
+++ b/packages/client/src/views/hermes/SkillsView.vue
@@ -0,0 +1,388 @@
+<script setup lang="ts">
+import { ref, computed, onMounted, onUnmounted, watch } from 'vue'
+import { NInput } from 'naive-ui'
+import { useI18n } from 'vue-i18n'
+import SkillList from '@/components/hermes/skills/SkillList.vue'
+import SkillDetail from '@/components/hermes/skills/SkillDetail.vue'
+import MarkdownRenderer from '@/components/hermes/chat/MarkdownRenderer.vue'
+import { fetchSkills, type SkillCategory, type SkillSource, type SkillInfo } from '@/api/hermes/skills'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+
+type SourceFilter = SkillSource | 'modified'
+
+const { t, locale } = useI18n()
+const profilesStore = useProfilesStore()
+const categories = ref<SkillCategory[]>([])
+const archived = ref<SkillInfo[]>([])
+const loading = ref(false)
+const selectedCategory = ref('')
+const selectedSkill = ref('')
+const searchQuery = ref('')
+const showSidebar = ref(true)
+const sourceFilter = ref<SourceFilter | null>(null)
+const recommendations = ref('')
+let mobileQuery: MediaQueryList | null = null
+let recommendationsRequestSeq = 0
+
+const recommendationsPath = computed(() => {
+  return String(locale.value).startsWith('zh')
+    ? '/skill-recommendations.zh.md'
+    : '/skill-recommendations.en.md'
+})
+
+const selectedSkillData = computed(() => {
+  if (!selectedCategory.value || !selectedSkill.value) return null
+  if (selectedCategory.value === '.archive') {
+    return archived.value.find(s => s.name === selectedSkill.value) ?? null
+  }
+  const cat = categories.value.find(c => c.name === selectedCategory.value)
+  return cat?.skills.find(s => s.name === selectedSkill.value) ?? null
+})
+
+function handleMobileChange(e: MediaQueryListEvent | MediaQueryList) {
+  showSidebar.value = !e.matches
+}
+
+onMounted(() => {
+  mobileQuery = window.matchMedia('(max-width: 768px)')
+  handleMobileChange(mobileQuery)
+  mobileQuery.addEventListener('change', handleMobileChange)
+  loadSkills()
+  loadRecommendations()
+})
+
+onUnmounted(() => {
+  mobileQuery?.removeEventListener('change', handleMobileChange)
+})
+
+async function loadSkills() {
+  loading.value = true
+  try {
+    if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+      await profilesStore.fetchProfiles()
+    }
+    const data = await fetchSkills()
+    categories.value = data.categories
+    archived.value = data.archived
+  } catch (err: any) {
+    console.error('Failed to load skills:', err)
+  } finally {
+    loading.value = false
+  }
+}
+
+async function loadRecommendations() {
+  const requestSeq = ++recommendationsRequestSeq
+  try {
+    const response = await fetch(recommendationsPath.value)
+    if (!response.ok) throw new Error(`HTTP ${response.status}`)
+    const text = await response.text()
+    if (/^\s*<!doctype html/i.test(text) || /^\s*<html[\s>]/i.test(text)) {
+      throw new Error('Skill recommendations file was not found')
+    }
+    if (requestSeq === recommendationsRequestSeq) {
+      recommendations.value = text
+    }
+  } catch (err) {
+    if (requestSeq === recommendationsRequestSeq) {
+      recommendations.value = ''
+    }
+    console.error('Failed to load skill recommendations:', err)
+  }
+}
+
+watch(recommendationsPath, loadRecommendations)
+
+function toggleFilter(filter: SourceFilter) {
+  sourceFilter.value = sourceFilter.value === filter ? null : filter
+}
+
+function handleSelect(category: string, skill: string) {
+  if (selectedCategory.value === category && selectedSkill.value === skill) {
+    selectedCategory.value = ''
+    selectedSkill.value = ''
+    return
+  }
+  selectedCategory.value = category
+  selectedSkill.value = skill
+  if (window.innerWidth <= 768) {
+    showSidebar.value = false
+  }
+}
+
+function handlePinToggled(name: string, pinned: boolean) {
+  // Update local state so the pin icon updates immediately
+  if (selectedCategory.value === '.archive') {
+    const skill = archived.value.find(s => s.name === name)
+    if (skill) skill.pinned = pinned
+  } else {
+    const cat = categories.value.find(c => c.name === selectedCategory.value)
+    const skill = cat?.skills.find(s => s.name === name)
+    if (skill) skill.pinned = pinned
+  }
+}
+</script>
+
+<template>
+  <div class="skills-view">
+    <header class="page-header">
+      <div style="display: flex; align-items: center; gap: 8px;">
+        <h2 class="header-title">{{ t('skills.title') }}</h2>
+        <button v-if="!showSidebar" class="sidebar-toggle" @click="showSidebar = true">
+          <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
+        </button>
+      </div>
+      <div class="source-legend">
+        <button class="legend-item" :class="{ active: sourceFilter === 'builtin' }" @click="toggleFilter('builtin')">
+          <span class="legend-dot dot-builtin" />{{ t('skills.source.builtin') }}
+        </button>
+        <button class="legend-item" :class="{ active: sourceFilter === 'hub' }" @click="toggleFilter('hub')">
+          <span class="legend-dot dot-hub" />{{ t('skills.source.hub') }}
+        </button>
+        <button class="legend-item" :class="{ active: sourceFilter === 'local' }" @click="toggleFilter('local')">
+          <span class="legend-dot dot-local" />{{ t('skills.source.local') }}
+        </button>
+        <button class="legend-item" :class="{ active: sourceFilter === 'external' }" @click="toggleFilter('external')">
+          <span class="legend-dot dot-external" />{{ t('skills.source.external') }}
+        </button>
+        <button class="legend-item" :class="{ active: sourceFilter === 'modified' }" @click="toggleFilter('modified')">
+          <span class="modified-icon">✎</span>{{ t('skills.modified') }}
+        </button>
+      </div>
+      <NInput
+        v-model:value="searchQuery"
+        :placeholder="t('skills.searchPlaceholder')"
+        size="small"
+        clearable
+        style="width: 160px"
+      />
+    </header>
+
+    <div class="skills-content">
+      <div v-if="loading && categories.length === 0" class="skills-loading">{{ t('common.loading') }}</div>
+      <div v-else class="skills-layout">
+          <div class="mobile-backdrop" :class="{ active: showSidebar }" @click="showSidebar = false" />
+          <div v-if="showSidebar" class="skills-sidebar">
+            <SkillList
+              :categories="categories"
+              :archived="archived"
+              :selected-skill="selectedCategory && selectedSkill ? `${selectedCategory}/${selectedSkill}` : null"
+              :search-query="searchQuery"
+              :source-filter="sourceFilter"
+              @select="handleSelect"
+            />
+          </div>
+          <div class="skills-main">
+            <SkillDetail
+              v-if="selectedCategory && selectedSkill"
+              :category="selectedCategory"
+              :skill="selectedSkill"
+              :skill-name="selectedSkillData?.name || selectedSkill"
+              :patch-count="selectedSkillData?.patchCount"
+              :use-count="selectedSkillData?.useCount"
+              :view-count="selectedSkillData?.viewCount"
+              :pinned="selectedSkillData?.pinned"
+              @pin-toggled="handlePinToggled"
+            />
+            <div v-else class="recommendations-panel">
+              <MarkdownRenderer v-if="recommendations" :content="recommendations" />
+              <div v-else class="empty-detail">
+                <svg width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" opacity="0.2">
+                  <polygon points="12 2 2 7 12 12 22 7 12 2" />
+                  <polyline points="2 17 12 22 22 17" />
+                  <polyline points="2 12 12 17 22 12" />
+                </svg>
+                <span>{{ t('skills.noMatch') }}</span>
+              </div>
+            </div>
+          </div>
+        </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.skills-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.source-legend {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  flex: 1;
+  flex-wrap: wrap;
+  margin-left: 16px;
+}
+
+.legend-item {
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+  font-size: 11px;
+  color: $text-muted;
+  white-space: nowrap;
+  padding: 2px 6px;
+  border: 1px solid transparent;
+  border-radius: 10px;
+  background: none;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: $text-secondary;
+    background: rgba(var(--accent-primary-rgb), 0.04);
+  }
+
+  &.active {
+    color: $text-primary;
+    border-color: $border-color;
+    background: rgba(var(--accent-primary-rgb), 0.08);
+  }
+}
+
+.legend-dot {
+  display: inline-block;
+  width: 8px;
+  height: 8px;
+  border-radius: 50%;
+  flex-shrink: 0;
+}
+
+.legend-dot.dot-builtin { background: #888; }
+.legend-dot.dot-hub { background: #4a90d9; }
+.legend-dot.dot-local { background: #66bb6a; }
+.legend-dot.dot-external { background: #f59e0b; }
+
+.modified-icon {
+  font-size: 11px;
+  color: $warning;
+  opacity: 0.7;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .source-legend {
+    display: none;
+  }
+}
+
+.search-input {
+  width: 100px;
+
+  @media (max-width: $breakpoint-mobile) {
+    width: 100%;
+  }
+}
+
+.skills-content {
+  flex: 1;
+  overflow: hidden;
+}
+
+.skills-loading {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  height: 100%;
+  font-size: 13px;
+  color: $text-muted;
+}
+
+.skills-layout {
+  display: flex;
+  height: 100%;
+}
+
+.skills-sidebar {
+  width: 280px;
+  border-right: 1px solid $border-color;
+  flex-shrink: 0;
+  display: flex;
+  flex-direction: column;
+  overflow: hidden;
+  min-height: 0;
+}
+
+.skills-main {
+  flex: 1;
+  overflow-y: auto;
+  padding: 16px 20px;
+  min-width: 0;
+}
+
+.sidebar-toggle {
+  display: none;
+  border: none;
+  background: none;
+  cursor: pointer;
+  color: $text-secondary;
+  padding: 4px;
+  border-radius: $radius-sm;
+
+  &:hover {
+    background: rgba(var(--accent-primary-rgb), 0.06);
+  }
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .sidebar-toggle {
+    display: flex;
+  }
+
+  .skills-sidebar {
+    position: absolute;
+    left: 0;
+    top: 0;
+    height: 100%;
+    z-index: 10;
+    background: $bg-card;
+    box-shadow: 2px 0 8px rgba(0, 0, 0, 0.1);
+  }
+
+  .skills-layout {
+    position: relative;
+  }
+
+  .mobile-backdrop {
+    display: block;
+    position: absolute;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.4);
+    z-index: 9;
+    opacity: 0;
+    pointer-events: none;
+    transition: opacity $transition-fast;
+
+    &.active {
+      opacity: 1;
+      pointer-events: auto;
+    }
+  }
+}
+
+.empty-detail {
+  height: 100%;
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  gap: 12px;
+  color: $text-muted;
+  font-size: 13px;
+}
+
+.recommendations-panel {
+  max-width: 920px;
+  margin: 0 auto;
+  padding: 4px 0 40px;
+
+  :deep(.markdown-body) {
+    font-size: 14px;
+    line-height: 1.7;
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/TerminalView.vue b/packages/client/src/views/hermes/TerminalView.vue
new file mode 100644
index 0000000..70503d7
--- /dev/null
+++ b/packages/client/src/views/hermes/TerminalView.vue
@@ -0,0 +1,1102 @@
+<script setup lang="ts">
+import { ref, onMounted, onUnmounted, computed } from "vue";
+import { Terminal } from "@xterm/xterm";
+import { FitAddon } from "@xterm/addon-fit";
+import { WebLinksAddon } from "@xterm/addon-web-links";
+import "@xterm/xterm/css/xterm.css";
+import { getApiKey, getBaseUrlValue } from "@/api/client";
+import { NButton, NPopconfirm, NTooltip, NSelect, useMessage } from "naive-ui";
+import { useI18n } from "vue-i18n";
+import type { ITheme } from "@xterm/xterm";
+
+const { t } = useI18n();
+const message = useMessage();
+
+// ─── Terminal themes ────────────────────────────────────────────
+
+const TERMINAL_THEMES: Record<string, { label: string; theme: ITheme }> = {
+  default: {
+    label: "Default",
+    theme: {
+      background: "#1a1a2e",
+      foreground: "#e0e0e0",
+      cursor: "#4cc9f0",
+      cursorAccent: "#1a1a2e",
+      selectionBackground: "rgba(76, 201, 240, 0.3)",
+      black: "#000000", red: "#e06c75", green: "#98c379", yellow: "#e5c07b",
+      blue: "#61afef", magenta: "#c678dd", cyan: "#56b6c2", white: "#abb2bf",
+      brightBlack: "#5c6370", brightRed: "#e06c75", brightGreen: "#98c379",
+      brightYellow: "#e5c07b", brightBlue: "#61afef", brightMagenta: "#c678dd",
+      brightCyan: "#56b6c2", brightWhite: "#ffffff",
+    },
+  },
+  "solarized-dark": {
+    label: "Solarized Dark",
+    theme: {
+      background: "#002b36", foreground: "#839496",
+      cursor: "#93a1a1", cursorAccent: "#002b36",
+      selectionBackground: "rgba(147, 161, 161, 0.3)",
+      black: "#073642", red: "#dc322f", green: "#859900", yellow: "#b58900",
+      blue: "#268bd2", magenta: "#d33682", cyan: "#2aa198", white: "#eee8d5",
+      brightBlack: "#002b36", brightRed: "#cb4b16", brightGreen: "#586e75",
+      brightYellow: "#657b83", brightBlue: "#839496", brightMagenta: "#6c71c4",
+      brightCyan: "#93a1a1", brightWhite: "#fdf6e3",
+    },
+  },
+  "solarized-light": {
+    label: "Solarized Light",
+    theme: {
+      background: "#fdf6e3", foreground: "#657b83",
+      cursor: "#586e75", cursorAccent: "#fdf6e3",
+      selectionBackground: "rgba(88, 110, 117, 0.3)",
+      black: "#073642", red: "#dc322f", green: "#859900", yellow: "#b58900",
+      blue: "#268bd2", magenta: "#d33682", cyan: "#2aa198", white: "#eee8d5",
+      brightBlack: "#002b36", brightRed: "#cb4b16", brightGreen: "#586e75",
+      brightYellow: "#657b83", brightBlue: "#839496", brightMagenta: "#6c71c4",
+      brightCyan: "#93a1a1", brightWhite: "#fdf6e3",
+    },
+  },
+  monokai: {
+    label: "Monokai",
+    theme: {
+      background: "#272822", foreground: "#f8f8f2",
+      cursor: "#f8f8f0", cursorAccent: "#272822",
+      selectionBackground: "rgba(248, 248, 242, 0.2)",
+      black: "#272822", red: "#f92672", green: "#a6e22e", yellow: "#f4bf75",
+      blue: "#66d9ef", magenta: "#ae81ff", cyan: "#a1efe4", white: "#f8f8f2",
+      brightBlack: "#75715e", brightRed: "#fd971f", brightGreen: "#a6e22e",
+      brightYellow: "#e6db74", brightBlue: "#66d9ef", brightMagenta: "#ae81ff",
+      brightCyan: "#a1efe4", brightWhite: "#f9f8f5",
+    },
+  },
+  dracula: {
+    label: "Dracula",
+    theme: {
+      background: "#282a36", foreground: "#f8f8f2",
+      cursor: "#f8f8f2", cursorAccent: "#282a36",
+      selectionBackground: "rgba(248, 248, 242, 0.2)",
+      black: "#21222c", red: "#ff5555", green: "#50fa7b", yellow: "#f1fa8c",
+      blue: "#bd93f9", magenta: "#ff79c6", cyan: "#8be9fd", white: "#f8f8f2",
+      brightBlack: "#6272a4", brightRed: "#ff6e6e", brightGreen: "#69ff94",
+      brightYellow: "#ffffa5", brightBlue: "#d6acff", brightMagenta: "#ff92df",
+      brightCyan: "#a4ffff", brightWhite: "#ffffff",
+    },
+  },
+  nord: {
+    label: "Nord",
+    theme: {
+      background: "#2e3440", foreground: "#d8dee9",
+      cursor: "#d8dee9", cursorAccent: "#2e3440",
+      selectionBackground: "rgba(216, 222, 233, 0.2)",
+      black: "#3b4252", red: "#bf616a", green: "#a3be8c", yellow: "#ebcb8b",
+      blue: "#81a1c1", magenta: "#b48ead", cyan: "#88c0d0", white: "#e5e9f0",
+      brightBlack: "#4c566a", brightRed: "#bf616a", brightGreen: "#a3be8c",
+      brightYellow: "#ebcb8b", brightBlue: "#81a1c1", brightMagenta: "#b48ead",
+      brightCyan: "#8fbcbb", brightWhite: "#eceff4",
+    },
+  },
+  "one-dark": {
+    label: "One Dark",
+    theme: {
+      background: "#282c34", foreground: "#abb2bf",
+      cursor: "#528bff", cursorAccent: "#282c34",
+      selectionBackground: "rgba(82, 139, 255, 0.25)",
+      black: "#282c34", red: "#e06c75", green: "#98c379", yellow: "#e5c07b",
+      blue: "#61afef", magenta: "#c678dd", cyan: "#56b6c2", white: "#abb2bf",
+      brightBlack: "#5c6370", brightRed: "#e06c75", brightGreen: "#98c379",
+      brightYellow: "#e5c07b", brightBlue: "#61afef", brightMagenta: "#c678dd",
+      brightCyan: "#56b6c2", brightWhite: "#ffffff",
+    },
+  },
+  "github-dark": {
+    label: "GitHub Dark",
+    theme: {
+      background: "#0d1117", foreground: "#c9d1d9",
+      cursor: "#58a6ff", cursorAccent: "#0d1117",
+      selectionBackground: "rgba(88, 166, 255, 0.25)",
+      black: "#484f58", red: "#ff7b72", green: "#7ee787", yellow: "#ffa657",
+      blue: "#79c0ff", magenta: "#d2a8ff", cyan: "#a5d6ff", white: "#c9d1d9",
+      brightBlack: "#6e7681", brightRed: "#ffa198", brightGreen: "#56d364",
+      brightYellow: "#e3b341", brightBlue: "#58a6ff", brightMagenta: "#bc8cff",
+      brightCyan: "#79c0ff", brightWhite: "#f0f6fc",
+    },
+  },
+  "tokyo-night": {
+    label: "Tokyo Night",
+    theme: {
+      background: "#1a1b26", foreground: "#a9b1d6",
+      cursor: "#c0caf5", cursorAccent: "#1a1b26",
+      selectionBackground: "rgba(192, 202, 245, 0.2)",
+      black: "#15161e", red: "#f7768e", green: "#9ece6a", yellow: "#e0af68",
+      blue: "#7aa2f7", magenta: "#bb9af7", cyan: "#7dcfff", white: "#a9b1d6",
+      brightBlack: "#414868", brightRed: "#f7768e", brightGreen: "#9ece6a",
+      brightYellow: "#e0af68", brightBlue: "#7aa2f7", brightMagenta: "#bb9af7",
+      brightCyan: "#7dcfff", brightWhite: "#c0caf5",
+    },
+  },
+  "github-light": {
+    label: "GitHub Light",
+    theme: {
+      background: "#ffffff", foreground: "#24292f",
+      cursor: "#0969da", cursorAccent: "#ffffff",
+      selectionBackground: "rgba(9, 105, 218, 0.2)",
+      black: "#24292f", red: "#cf222e", green: "#116329", yellow: "#4d2d00",
+      blue: "#0969da", magenta: "#8250df", cyan: "#1b7c83", white: "#57606a",
+      brightBlack: "#57606a", brightRed: "#a40e26", brightGreen: "#1a7f37",
+      brightYellow: "#633c01", brightBlue: "#218bff", brightMagenta: "#a475f4",
+      brightCyan: "#3192aa", brightWhite: "#8c959f",
+    },
+  },
+  "catppuccin-latte": {
+    label: "Catppuccin Latte",
+    theme: {
+      background: "#eff1f5", foreground: "#4c4f69",
+      cursor: "#dc8a78", cursorAccent: "#eff1f5",
+      selectionBackground: "rgba(220, 138, 120, 0.2)",
+      black: "#5c5f77", red: "#d20f39", green: "#40a02b", yellow: "#df8e1d",
+      blue: "#1e66f5", magenta: "#ea76cb", cyan: "#179299", white: "#4c4f69",
+      brightBlack: "#6c6f85", brightRed: "#d20f39", brightGreen: "#40a02b",
+      brightYellow: "#df8e1d", brightBlue: "#1e66f5", brightMagenta: "#ea76cb",
+      brightCyan: "#179299", brightWhite: "#bcc0cc",
+    },
+  },
+  "alabaster-light": {
+    label: "Alabaster",
+    theme: {
+      background: "#f7f7f7", foreground: "#434343",
+      cursor: "#528bff", cursorAccent: "#f7f7f7",
+      selectionBackground: "rgba(82, 139, 255, 0.2)",
+      black: "#000000", red: "#aa3731", green: "#448c27", yellow: "#cb9000",
+      blue: "#325cc0", magenta: "#7a3e9d", cyan: "#0083b2", white: "#434343",
+      brightBlack: "#777777", brightRed: "#f05050", brightGreen: "#60cb00",
+      brightYellow: "#ffbc5d", brightBlue: "#0070ea", brightMagenta: "#ca64e2",
+      brightCyan: "#00aacb", brightWhite: "#999999",
+    },
+  },
+  "xterm-light": {
+    label: "XTerm Light",
+    theme: {
+      background: "#fafafa", foreground: "#383a42",
+      cursor: "#526fff", cursorAccent: "#fafafa",
+      selectionBackground: "rgba(82, 111, 255, 0.2)",
+      black: "#383a42", red: "#e45649", green: "#50a14f", yellow: "#c18401",
+      blue: "#4078f2", magenta: "#a626a4", cyan: "#0184bc", white: "#a0a1a7",
+      brightBlack: "#4f525e", brightRed: "#e06c75", brightGreen: "#98c379",
+      brightYellow: "#e5c07b", brightBlue: "#61afef", brightMagenta: "#c678dd",
+      brightCyan: "#56b6c2", brightWhite: "#ffffff",
+    },
+  },
+  "one-light": {
+    label: "One Light",
+    theme: {
+      background: "#fafafa", foreground: "#383a42",
+      cursor: "#526eff", cursorAccent: "#fafafa",
+      selectionBackground: "rgba(82, 110, 255, 0.2)",
+      black: "#383a42", red: "#e45649", green: "#50a14f", yellow: "#c18401",
+      blue: "#4078f2", magenta: "#a626a4", cyan: "#0184bc", white: "#a0a1a7",
+      brightBlack: "#4f525e", brightRed: "#e06c75", brightGreen: "#98c379",
+      brightYellow: "#e5c07b", brightBlue: "#61afef", brightMagenta: "#c678dd",
+      brightCyan: "#56b6c2", brightWhite: "#ffffff",
+    },
+  },
+  "gruvbox-light": {
+    label: "Gruvbox Light",
+    theme: {
+      background: "#fbf1c7", foreground: "#3c3836",
+      cursor: "#9d0006", cursorAccent: "#fbf1c7",
+      selectionBackground: "rgba(157, 0, 6, 0.15)",
+      black: "#fbf1c7", red: "#cc241d", green: "#98971a", yellow: "#d79921",
+      blue: "#458588", magenta: "#b16286", cyan: "#689d6a", white: "#504945",
+      brightBlack: "#928374", brightRed: "#9d0006", brightGreen: "#79740e",
+      brightYellow: "#b57614", brightBlue: "#076678", brightMagenta: "#8f3f71",
+      brightCyan: "#427b58", brightWhite: "#3c3836",
+    },
+  },
+};
+
+const STORAGE_KEY_THEME = "hermes_terminal_theme";
+
+// ─── Types ──────────────────────────────────────────────────────
+
+interface SessionInfo {
+  id: string;
+  shell: string;
+  pid: number;
+  title: string;
+  createdAt: number;
+  exited: boolean;
+}
+
+// ─── State ──────────────────────────────────────────────────────
+
+const terminalRef = ref<HTMLDivElement | null>(null);
+const showSessions = ref(true);
+const sessions = ref<SessionInfo[]>([]);
+const activeSessionId = ref<string | null>(null);
+const selectedTheme = ref(localStorage.getItem(STORAGE_KEY_THEME) || "default");
+
+let ws: WebSocket | null = null;
+// Keep all terminal instances alive, only dispose on close
+const termMap = new Map<
+  string,
+  { term: Terminal; fitAddon: FitAddon; opened: boolean }
+>();
+let activeTerm: Terminal | null = null;
+let activeFitAddon: FitAddon | null = null;
+let resizeObserver: ResizeObserver | null = null;
+let mobileQuery: MediaQueryList | null = null;
+let touchScrollLastY: number | null = null;
+let touchScrollRemainder = 0;
+const TOUCH_SCROLL_LINE_PX = 18;
+
+// ─── Computed ──────────────────────────────────────────────────
+
+const activeSession = computed(
+  () => sessions.value.find((s) => s.id === activeSessionId.value) || null,
+);
+
+const themeOptions = computed(() =>
+  Object.entries(TERMINAL_THEMES).map(([key, val]) => ({
+    label: val.label,
+    value: key,
+  })),
+);
+
+const terminalBg = computed(
+  () => TERMINAL_THEMES[selectedTheme.value]?.theme.background ?? "#1a1a2e",
+);
+
+// ─── WebSocket ──────────────────────────────────────────────────
+
+function formatHostForPort(hostname: string, port: number): string {
+  if (hostname.startsWith("[") && hostname.endsWith("]")) {
+    return `${hostname}:${port}`;
+  }
+  return hostname.includes(":") ? `[${hostname}]:${port}` : `${hostname}:${port}`;
+}
+
+function buildWsUrl(): string {
+  const token = getApiKey();
+  const base = getBaseUrlValue();
+  const wsProtocol = base
+    ? base.startsWith("https")
+      ? "wss:"
+      : "ws:"
+    : location.protocol === "https:"
+      ? "wss:"
+      : "ws:";
+
+  if (base) {
+    return `${wsProtocol}//${new URL(base).host}/api/hermes/terminal${token ? `?token=${encodeURIComponent(token)}` : ""}`;
+  }
+
+  const directDevPort = import.meta.env.VITE_HERMES_DIRECT_WS_PORT;
+  const host = import.meta.env.DEV && directDevPort
+    ? formatHostForPort(location.hostname, Number(directDevPort))
+    : location.host;
+  return `${wsProtocol}//${host}/api/hermes/terminal${token ? `?token=${encodeURIComponent(token)}` : ""}`;
+}
+
+function connect() {
+  const url = buildWsUrl();
+  ws = new WebSocket(url);
+
+  ws.onopen = () => {
+    // Server auto-creates the first session and sends 'created'
+  };
+
+  ws.onmessage = (event) => {
+    const data = typeof event.data === "string" ? event.data : "";
+    if (data.charCodeAt(0) === 0x7b) {
+      try {
+        handleControl(JSON.parse(data));
+      } catch {}
+    } else {
+      activeTerm?.write(data);
+    }
+  };
+
+  // On reconnect, recreate all terminals for existing sessions
+  ws.onopen = () => {
+    // Server will auto-create the first session again
+  };
+
+  ws.onclose = () => {
+    // Reconnect after delay
+    setTimeout(connect, 3000);
+  };
+
+  ws.onerror = () => {
+    // let onclose handle reconnect
+  };
+}
+
+function send(data: object | string) {
+  if (!ws || ws.readyState !== WebSocket.OPEN) return;
+  ws.send(typeof data === "string" ? data : JSON.stringify(data));
+}
+
+// ─── Control message handlers ──────────────────────────────────
+
+function handleControl(msg: any) {
+  switch (msg.type) {
+    case "created":
+      sessions.value.push({
+        id: msg.id,
+        shell: msg.shell,
+        pid: msg.pid,
+        title: `${msg.shell} #${sessions.value.length + 1}`,
+        createdAt: Date.now(),
+        exited: false,
+      });
+      switchSession(msg.id);
+      break;
+
+    case "switched":
+      // Server confirmed switch — frontend already mounted in switchSession()
+      break;
+
+    case "exited": {
+      const s = sessions.value.find((s) => s.id === msg.id);
+      if (s) {
+        s.exited = true;
+        if (activeSessionId.value === msg.id) {
+          activeTerm?.write(
+            `\r\n\x1b[90m[${t("terminal.processExited", { code: msg.exitCode })}]\x1b[0m\r\n`,
+          );
+        }
+      }
+      break;
+    }
+
+    case "error":
+      message.error(msg.message);
+      break;
+  }
+}
+
+// ─── Session actions ────────────────────────────────────────────
+
+function createSession() {
+  send({ type: "create" });
+}
+
+function getOrCreateTerm(id: string): { term: Terminal; fitAddon: FitAddon } {
+  let entry = termMap.get(id);
+  if (!entry) {
+    const term = new Terminal({
+      cursorBlink: true,
+      fontSize: 14,
+      fontFamily: 'Menlo, Monaco, "Courier New", monospace',
+      theme: { ...TERMINAL_THEMES[selectedTheme.value].theme },
+    });
+    const fitAddon = new FitAddon();
+    term.loadAddon(fitAddon);
+    term.loadAddon(new WebLinksAddon());
+    term.onData((data) => {
+      if (ws?.readyState === WebSocket.OPEN) {
+        ws.send(data);
+      }
+    });
+    entry = { term, fitAddon, opened: false };
+    termMap.set(id, entry);
+  }
+  return entry;
+}
+
+function switchSession(id: string) {
+  if (activeSessionId.value === id) return;
+  activeSessionId.value = id;
+  const entry = getOrCreateTerm(id);
+  activeTerm = entry.term;
+  activeFitAddon = entry.fitAddon;
+  mountActiveTerminal();
+  send({ type: "switch", sessionId: id });
+  if (mobileQuery?.matches) showSessions.value = false;
+}
+
+function closeSession(id: string) {
+  send({ type: "close", sessionId: id });
+  sessions.value = sessions.value.filter((s) => s.id !== id);
+  // Dispose terminal instance
+  const entry = termMap.get(id);
+  if (entry) {
+    entry.term.dispose();
+    termMap.delete(id);
+  }
+  if (activeSessionId.value === id) {
+    activeSessionId.value =
+      sessions.value.length > 0 ? sessions.value[0].id : null;
+    activeTerm = null;
+    activeFitAddon = null;
+    if (activeSessionId.value) {
+      switchSession(activeSessionId.value);
+    } else {
+      unmountActiveTerminal();
+      createSession();
+    }
+  }
+}
+
+// ─── Terminal mount/unmount ─────────────────────────────────────
+
+function mountActiveTerminal() {
+  if (!terminalRef.value) return;
+  const container = terminalRef.value;
+  // Remove old terminal DOM from container
+  while (container.firstChild) container.removeChild(container.firstChild);
+
+  const entry = termMap.get(activeSessionId.value!);
+  if (!entry) return;
+
+  if (!entry.opened) {
+    // First time: call open()
+    entry.term.open(container);
+    entry.opened = true;
+  } else {
+    // Already opened: move the existing DOM element
+    const termEl = entry.term.element;
+    if (termEl) {
+      container.appendChild(termEl);
+    }
+  }
+
+  // Resize observer
+  resizeObserver?.disconnect();
+  resizeObserver = new ResizeObserver(() => {
+    tryFit();
+    sendResize();
+  });
+  resizeObserver.observe(terminalRef.value);
+
+  // Fit after DOM is ready
+  setTimeout(() => tryFit(), 50);
+  setTimeout(() => tryFit(), 200);
+}
+
+function unmountActiveTerminal() {
+  if (!terminalRef.value) return;
+  const container = terminalRef.value;
+  while (container.firstChild) container.removeChild(container.firstChild);
+}
+
+function tryFit() {
+  if (!activeFitAddon) return;
+  try {
+    activeFitAddon.fit();
+  } catch {}
+}
+
+function sendResize() {
+  if (!activeTerm || !ws || ws.readyState !== WebSocket.OPEN) return;
+  try {
+    send({
+      type: "resize",
+      cols: activeTerm.cols,
+      rows: activeTerm.rows,
+    });
+  } catch {}
+}
+
+function handleTerminalTouchStart(event: TouchEvent) {
+  if (event.touches.length !== 1) {
+    touchScrollLastY = null;
+    touchScrollRemainder = 0;
+    return;
+  }
+  touchScrollLastY = event.touches[0].clientY;
+  touchScrollRemainder = 0;
+}
+
+function handleTerminalTouchMove(event: TouchEvent) {
+  if (!activeTerm || event.touches.length !== 1 || touchScrollLastY === null) return;
+  const nextY = event.touches[0].clientY;
+  touchScrollRemainder += touchScrollLastY - nextY;
+  touchScrollLastY = nextY;
+
+  const lines = Math.trunc(touchScrollRemainder / TOUCH_SCROLL_LINE_PX);
+  if (lines === 0) return;
+
+  activeTerm.scrollLines(lines);
+  touchScrollRemainder -= lines * TOUCH_SCROLL_LINE_PX;
+  event.preventDefault();
+}
+
+function handleTerminalTouchEnd() {
+  touchScrollLastY = null;
+  touchScrollRemainder = 0;
+}
+
+// ─── Theme ───────────────────────────────────────────────────────
+
+function applyTheme(themeName: string) {
+  selectedTheme.value = themeName;
+  localStorage.setItem(STORAGE_KEY_THEME, themeName);
+  const themeObj = TERMINAL_THEMES[themeName]?.theme;
+  if (!themeObj) return;
+  for (const entry of termMap.values()) {
+    entry.term.options.theme = { ...themeObj };
+  }
+}
+
+// ─── Helpers ────────────────────────────────────────────────────
+
+function formatTime(ts: number) {
+  const d = new Date(ts);
+  return d.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" });
+}
+
+function handleMobileChange(e: MediaQueryListEvent | MediaQueryList) {
+  if (e.matches && showSessions.value) showSessions.value = false;
+}
+
+// ─── Lifecycle ──────────────────────────────────────────────────
+
+onMounted(() => {
+  mobileQuery = window.matchMedia("(max-width: 768px)");
+  handleMobileChange(mobileQuery);
+  mobileQuery.addEventListener("change", handleMobileChange);
+  connect();
+});
+
+onUnmounted(() => {
+  mobileQuery?.removeEventListener("change", handleMobileChange);
+  unmountActiveTerminal();
+  // Dispose all terminal instances
+  for (const entry of termMap.values()) {
+    entry.term.dispose();
+  }
+  termMap.clear();
+  activeTerm = null;
+  activeFitAddon = null;
+  ws?.close();
+  ws = null;
+});
+</script>
+
+<template>
+  <div class="terminal-panel">
+    <!-- Session backdrop (mobile) -->
+    <div
+      class="session-backdrop"
+      :class="{ active: showSessions }"
+      @click="showSessions = false"
+    />
+
+    <!-- Session list sidebar -->
+    <aside class="session-list" :class="{ collapsed: !showSessions }">
+      <div class="session-list-header">
+        <span v-if="showSessions" class="session-list-title">{{
+          t("terminal.sessions")
+        }}</span>
+        <div class="session-list-actions">
+          <!-- <button class="session-close-btn" @click="showSessions = false">
+            <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>
+          </button> -->
+          <NTooltip trigger="hover">
+            <template #trigger>
+              <NButton quaternary size="tiny" @click="createSession" circle>
+                <template #icon>
+                  <svg
+                    width="14"
+                    height="14"
+                    viewBox="0 0 24 24"
+                    fill="none"
+                    stroke="currentColor"
+                    stroke-width="2"
+                  >
+                    <line x1="12" y1="5" x2="12" y2="19" />
+                    <line x1="5" y1="12" x2="19" y2="12" />
+                  </svg>
+                </template>
+              </NButton>
+            </template>
+            {{ t("terminal.newTab") }}
+          </NTooltip>
+        </div>
+      </div>
+      <div v-if="showSessions" class="session-items">
+        <div v-if="sessions.length === 0" class="session-empty">
+          {{ t("common.loading") }}
+        </div>
+        <button
+          v-for="s in sessions"
+          :key="s.id"
+          class="session-item"
+          :class="{ active: s.id === activeSessionId, exited: s.exited }"
+          @click="switchSession(s.id)"
+        >
+          <div class="session-item-content">
+            <span class="session-item-title">{{ s.title }}</span>
+            <span class="session-item-meta">
+              <span class="session-item-shell">{{ s.shell }}</span>
+              <span v-if="s.exited" class="session-item-status">{{
+                t("terminal.sessionExited")
+              }}</span>
+              <span v-else class="session-item-time">{{
+                formatTime(s.createdAt)
+              }}</span>
+            </span>
+          </div>
+          <NPopconfirm
+            v-if="sessions.length > 1"
+            @positive-click="closeSession(s.id)"
+          >
+            <template #trigger>
+              <button class="session-item-delete" @click.stop>
+                <svg
+                  width="12"
+                  height="12"
+                  viewBox="0 0 24 24"
+                  fill="none"
+                  stroke="currentColor"
+                  stroke-width="2"
+                >
+                  <line x1="18" y1="6" x2="6" y2="18" />
+                  <line x1="6" y1="6" x2="18" y2="18" />
+                </svg>
+              </button>
+            </template>
+            {{ t("terminal.closeSession") }}
+          </NPopconfirm>
+        </button>
+      </div>
+    </aside>
+
+    <!-- Main terminal area -->
+    <div class="terminal-main">
+      <header class="terminal-header">
+        <div class="header-left">
+          <NButton
+            quaternary
+            size="small"
+            @click="showSessions = !showSessions"
+            circle
+          >
+            <template #icon>
+              <svg
+                width="16"
+                height="16"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="1.5"
+              >
+                <rect x="3" y="3" width="7" height="7" />
+                <rect x="14" y="3" width="7" height="7" />
+                <rect x="3" y="14" width="7" height="7" />
+                <rect x="14" y="14" width="7" height="7" />
+              </svg>
+            </template>
+          </NButton>
+          <span v-if="activeSession" class="header-session-title">{{
+            activeSession.title
+          }}</span>
+        </div>
+        <div class="header-actions">
+          <NSelect
+            :value="selectedTheme"
+            :options="themeOptions"
+            size="small"
+            :consistent-menu-width="false"
+            class="theme-select"
+            @update:value="applyTheme"
+          />
+          <NButton size="small" @click="createSession">
+            <template #icon>
+              <svg
+                width="14"
+                height="14"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+              >
+                <line x1="12" y1="5" x2="12" y2="19" />
+                <line x1="5" y1="12" x2="19" y2="12" />
+              </svg>
+            </template>
+            {{ t("terminal.newTab") }}
+          </NButton>
+        </div>
+      </header>
+      <div class="terminal-container">
+        <div
+          ref="terminalRef"
+          class="terminal-xterm"
+          :style="{ backgroundColor: terminalBg }"
+          @touchstart="handleTerminalTouchStart"
+          @touchmove="handleTerminalTouchMove"
+          @touchend="handleTerminalTouchEnd"
+          @touchcancel="handleTerminalTouchEnd"
+        />
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.terminal-panel {
+  display: flex;
+  height: 100%;
+  position: relative;
+}
+
+// ─── Session list ──────────────────────────────────────────────
+
+.session-list {
+  width: 220px;
+  border-right: 1px solid $border-color;
+  display: flex;
+  flex-direction: column;
+  flex-shrink: 0;
+  transition:
+    width $transition-normal,
+    opacity $transition-normal;
+  overflow: hidden;
+
+  &.collapsed {
+    width: 0;
+    border-right: none;
+    opacity: 0;
+    pointer-events: none;
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    position: absolute;
+    left: 0;
+    top: 0;
+    height: 100%;
+    z-index: 10;
+    background: $bg-card;
+    box-shadow: 2px 0 8px rgba(0, 0, 0, 0.1);
+    width: 280px;
+
+    &.collapsed {
+      transform: translateX(-100%);
+      opacity: 0;
+    }
+  }
+}
+
+.session-list-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 12px;
+  flex-shrink: 0;
+}
+
+.session-list-actions {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+}
+
+.session-list-title {
+  font-size: 12px;
+  font-weight: 600;
+  color: $text-muted;
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+}
+
+.session-items {
+  flex: 1;
+  overflow-y: auto;
+  padding: 0 6px 12px;
+}
+
+.session-empty {
+  padding: 16px 10px;
+  font-size: 12px;
+  color: $text-muted;
+  text-align: center;
+}
+
+.session-item {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  width: 100%;
+  padding: 8px 10px;
+  border: none;
+  background: none;
+  border-radius: $radius-sm;
+  cursor: pointer;
+  text-align: left;
+  color: $text-secondary;
+  transition: all $transition-fast;
+  margin-bottom: 2px;
+
+  &:hover {
+    background: rgba(var(--accent-primary-rgb), 0.06);
+    color: $text-primary;
+
+    .session-item-delete {
+      opacity: 1;
+    }
+  }
+
+  &.active {
+    background: rgba(var(--accent-primary-rgb), 0.1);
+    color: $text-primary;
+    font-weight: 500;
+  }
+
+  &.exited {
+    opacity: 0.5;
+  }
+}
+
+.session-item-content {
+  flex: 1;
+  overflow: hidden;
+}
+
+.session-item-title {
+  display: block;
+  font-size: 13px;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+.session-item-meta {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  margin-top: 2px;
+}
+
+.session-item-shell {
+  font-size: 10px;
+  color: $accent-primary;
+  background: rgba(var(--accent-primary-rgb), 0.08);
+  padding: 0 5px;
+  border-radius: 3px;
+  line-height: 16px;
+}
+
+.session-item-time {
+  font-size: 11px;
+  color: $text-muted;
+}
+
+.session-item-status {
+  font-size: 11px;
+  color: $text-muted;
+  font-style: italic;
+}
+
+.session-item-delete {
+  flex-shrink: 0;
+  opacity: 0.5;
+  padding: 2px;
+  border: none;
+  background: none;
+  color: $text-muted;
+  cursor: pointer;
+  border-radius: 3px;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: $error;
+    background: rgba(var(--error-rgb), 0.1);
+  }
+}
+
+.session-close-btn {
+  display: none;
+  border: none;
+  background: none;
+  cursor: pointer;
+  color: $text-secondary;
+  padding: 4px;
+  border-radius: $radius-sm;
+
+  &:hover {
+    background: rgba(var(--accent-primary-rgb), 0.06);
+  }
+}
+
+// ─── Main area ──────────────────────────────────────────────────
+
+.terminal-main {
+  flex: 1;
+  display: flex;
+  flex-direction: column;
+  overflow: hidden;
+  min-width: 0;
+}
+
+.terminal-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 21px 20px;
+  border-bottom: 1px solid $border-color;
+  flex-shrink: 0;
+}
+
+.header-left {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  overflow: hidden;
+  flex: 1;
+  min-width: 0;
+}
+
+.header-session-title {
+  font-size: 16px;
+  font-weight: 600;
+  color: $text-primary;
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis;
+}
+
+.header-actions {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  flex-shrink: 0;
+}
+
+.theme-select {
+  width: 130px;
+}
+
+// ─── Terminal container ─────────────────────────────────────────
+
+.terminal-container {
+  flex: 1;
+  margin: 10px;
+  overflow: hidden;
+  min-height: 0;
+  display: flex;
+  flex-direction: column;
+}
+
+.terminal-xterm {
+  flex: 1;
+  border-radius: $radius-md;
+  overflow: hidden;
+  border: 1px solid $border-color;
+
+  :deep(.xterm) {
+    height: 100%;
+    padding: 8px;
+  }
+
+  :deep(.xterm-viewport) {
+    overflow-y: scroll !important;
+    scrollbar-width: none !important;
+    -ms-overflow-style: none !important;
+    background-color: transparent !important;
+  }
+
+  :deep(.xterm-viewport::-webkit-scrollbar) {
+    display: none !important;
+  }
+
+  :deep(.xterm-screen) {
+    background-color: transparent !important;
+  }
+
+  :deep(.xterm-scrollable-element) {
+    scrollbar-width: none !important;
+    -ms-overflow-style: none !important;
+  }
+
+  :deep(.xterm-scrollable-element::-webkit-scrollbar) {
+    display: none !important;
+  }
+}
+
+// ─── Mobile ─────────────────────────────────────────────────────
+
+@media (max-width: $breakpoint-mobile) {
+  .terminal-panel {
+    height: calc(100 * var(--vh));
+    max-height: calc(100 * var(--vh));
+  }
+
+  .terminal-main {
+    min-height: 0;
+  }
+
+  .terminal-container {
+    margin-bottom: calc(8px + env(safe-area-inset-bottom, 0px));
+  }
+
+  .session-close-btn {
+    display: flex;
+  }
+
+  .session-backdrop {
+    position: absolute;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.4);
+    z-index: 9;
+    opacity: 0;
+    pointer-events: none;
+    transition: opacity $transition-fast;
+
+    &.active {
+      opacity: 1;
+      pointer-events: auto;
+    }
+  }
+
+  .terminal-header {
+    padding: 16px 12px 16px 52px;
+  }
+
+  .terminal-container {
+    padding: 8px;
+  }
+
+  .terminal-xterm {
+    left: 0;
+    right: 0;
+    bottom: 0;
+
+    :deep(.xterm-viewport),
+    :deep(.xterm-scrollable-element) {
+      touch-action: pan-y;
+      -webkit-overflow-scrolling: touch;
+      overscroll-behavior: contain;
+      scrollbar-width: thin !important;
+    }
+
+    :deep(.xterm-viewport::-webkit-scrollbar),
+    :deep(.xterm-scrollable-element::-webkit-scrollbar) {
+      display: block !important;
+      width: 6px !important;
+    }
+  }
+}
+</style>
+
+<style lang="scss">
+/* Global: xterm scrollbar (scoped :deep can't reach dynamically created elements) */
+.xterm .scrollbar {
+  width: 6px !important;
+  border-radius: 3px !important;
+  background: rgba(255, 255, 255, 0.08) !important;
+}
+
+.xterm .scrollbar .slider {
+  border-radius: 3px !important;
+  background: rgba(255, 255, 255, 0.2) !important;
+  transition: background 0.15s ease !important;
+}
+
+.xterm .scrollbar:hover .slider {
+  background: rgba(255, 255, 255, 0.35) !important;
+}
+</style>
diff --git a/packages/client/src/views/hermes/UsageView.vue b/packages/client/src/views/hermes/UsageView.vue
new file mode 100644
index 0000000..4128e8d
--- /dev/null
+++ b/packages/client/src/views/hermes/UsageView.vue
@@ -0,0 +1,163 @@
+<script setup lang="ts">
+import { NButton } from 'naive-ui'
+import { onMounted, ref } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useUsageStore } from '@/stores/hermes/usage'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import StatCards from '@/components/hermes/usage/StatCards.vue'
+import ModelBreakdown from '@/components/hermes/usage/ModelBreakdown.vue'
+import DailyTrend from '@/components/hermes/usage/DailyTrend.vue'
+
+const { t } = useI18n()
+const usageStore = useUsageStore()
+const profilesStore = useProfilesStore()
+
+const periodOptions = [
+  { label: '7d', days: 7 },
+  { label: '30d', days: 30 },
+  { label: '90d', days: 90 },
+  { label: '365d', days: 365 },
+] as const
+
+const selectedPeriod = ref(30)
+
+async function ensureProfileSelection() {
+  if (!profilesStore.activeProfileName || profilesStore.profiles.length === 0) {
+    await profilesStore.fetchProfiles()
+  }
+}
+
+async function loadUsage(days = selectedPeriod.value) {
+  selectedPeriod.value = days
+  await ensureProfileSelection()
+  await usageStore.loadSessions(days)
+}
+
+onMounted(() => {
+  void loadUsage(30)
+})
+</script>
+
+<template>
+  <div class="usage-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('usage.title') }}</h2>
+      <div class="usage-toolbar">
+        <div class="period-selector" role="group" aria-label="Usage statistics period">
+          <NButton
+            v-for="option in periodOptions"
+            :key="option.days"
+            class="period-option"
+            size="small"
+            :type="selectedPeriod === option.days ? 'primary' : 'default'"
+            :secondary="selectedPeriod === option.days"
+            :quaternary="selectedPeriod !== option.days"
+            :aria-pressed="selectedPeriod === option.days"
+            @click="loadUsage(option.days)"
+          >
+            {{ option.label }}
+          </NButton>
+        </div>
+        <NButton class="refresh-button" size="small" quaternary :loading="usageStore.isLoading" @click="loadUsage()">
+          {{ t('usage.refresh') }}
+        </NButton>
+      </div>
+    </header>
+
+    <div class="usage-content">
+      <div v-if="usageStore.isLoading && !usageStore.hasData" class="usage-loading">
+        {{ t('common.loading') }}
+      </div>
+
+      <template v-else-if="usageStore.hasData">
+        <StatCards />
+        <ModelBreakdown />
+        <DailyTrend />
+      </template>
+
+      <div v-else class="usage-empty">
+        {{ t('usage.noData') }}
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use '@/styles/variables' as *;
+
+.usage-view {
+  height: 100%;
+  display: flex;
+  flex-direction: column;
+}
+
+.page-header {
+  display: flex;
+  flex-shrink: 0;
+  align-items: center;
+  justify-content: space-between;
+  gap: 12px;
+  padding: 21px 20px;
+  border-bottom: 1px solid $border-color;
+}
+
+.header-title {
+  margin: 0;
+  color: $text-primary;
+  font-size: 16px;
+  font-weight: 600;
+}
+
+.usage-toolbar,
+.period-selector {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+
+.period-selector {
+  padding: 2px;
+  border: 1px solid $border-light;
+  border-radius: $radius-sm;
+  background: $bg-secondary;
+}
+
+.usage-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+  max-width: 960px;
+  margin: 0 auto;
+  width: 100%;
+  scrollbar-width: none;
+  -ms-overflow-style: none;
+
+  &::-webkit-scrollbar {
+    display: none;
+  }
+}
+
+.usage-loading,
+.usage-empty {
+  text-align: center;
+  padding: 60px 0;
+  color: $text-muted;
+  font-size: 14px;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .page-header,
+  .usage-toolbar {
+    align-items: flex-start;
+    flex-direction: column;
+  }
+
+  .usage-toolbar {
+    width: 100%;
+  }
+
+  .period-selector {
+    flex-wrap: wrap;
+  }
+}
+</style>
diff --git a/packages/client/src/views/hermes/VersionPreviewView.vue b/packages/client/src/views/hermes/VersionPreviewView.vue
new file mode 100644
index 0000000..a789343
--- /dev/null
+++ b/packages/client/src/views/hermes/VersionPreviewView.vue
@@ -0,0 +1,34 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+import GithubPreviewSettings from '@/components/hermes/settings/GithubPreviewSettings.vue'
+
+const { t } = useI18n()
+</script>
+
+<template>
+  <div class="version-preview-view">
+    <header class="page-header">
+      <h2 class="header-title">{{ t('githubPreview.title') }}</h2>
+    </header>
+
+    <div class="page-content">
+      <GithubPreviewSettings />
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+@use "@/styles/variables" as *;
+
+.version-preview-view {
+  height: calc(100 * var(--vh));
+  display: flex;
+  flex-direction: column;
+}
+
+.page-content {
+  flex: 1;
+  overflow-y: auto;
+  padding: 20px;
+}
+</style>
diff --git a/packages/desktop/README.md b/packages/desktop/README.md
new file mode 100644
index 0000000..1ed2028
--- /dev/null
+++ b/packages/desktop/README.md
@@ -0,0 +1,40 @@
+# Hermes Studio
+
+Electron desktop distribution for Hermes Studio.
+
+## Install
+
+Download the latest macOS, Windows, or Linux installer for your CPU
+architecture from the project
+[GitHub Releases](https://github.com/EKKOLearnAI/hermes-web-ui/releases/latest).
+
+The desktop app bundles the Web UI runtime and launches it locally from the
+native shell app.
+
+## Data directories
+
+Hermes Agent data is stored in the same platform-specific location as native
+Hermes installs:
+
+- Windows: `%LOCALAPPDATA%\hermes` (falls back to `%APPDATA%\hermes`)
+- macOS/Linux: `~/.hermes`
+
+The desktop wrapper's own Web UI state is stored separately in
+`~/.hermes-web-ui` unless `HERMES_WEB_UI_HOME` is set.
+
+## China mirror environment
+
+These mirrors are optional and are not required in CI:
+
+```sh
+export NPM_CONFIG_REGISTRY=https://registry.npmmirror.com
+export ELECTRON_MIRROR=https://npmmirror.com/mirrors/electron/
+export ELECTRON_BUILDER_BINARIES_MIRROR=https://npmmirror.com/mirrors/electron-builder-binaries/
+```
+
+If GitHub release downloads are slow, `fetch-python.mjs` can also use a compatible
+python-build-standalone release mirror:
+
+```sh
+export PBS_BASE_URL=https://github.com/astral-sh/python-build-standalone/releases/download
+```
diff --git a/packages/desktop/build/icon.icns b/packages/desktop/build/icon.icns
new file mode 100644
index 0000000..9419e36
Binary files /dev/null and b/packages/desktop/build/icon.icns differ
diff --git a/packages/desktop/build/icon.ico b/packages/desktop/build/icon.ico
new file mode 100644
index 0000000..89f8c3b
Binary files /dev/null and b/packages/desktop/build/icon.ico differ
diff --git a/packages/desktop/build/icon.png b/packages/desktop/build/icon.png
new file mode 100644
index 0000000..14c2d55
Binary files /dev/null and b/packages/desktop/build/icon.png differ
diff --git a/packages/desktop/build/icons/128x128.png b/packages/desktop/build/icons/128x128.png
new file mode 100644
index 0000000..8c1407d
Binary files /dev/null and b/packages/desktop/build/icons/128x128.png differ
diff --git a/packages/desktop/build/icons/16x16.png b/packages/desktop/build/icons/16x16.png
new file mode 100644
index 0000000..0f44785
Binary files /dev/null and b/packages/desktop/build/icons/16x16.png differ
diff --git a/packages/desktop/build/icons/256x256.png b/packages/desktop/build/icons/256x256.png
new file mode 100644
index 0000000..31ca586
Binary files /dev/null and b/packages/desktop/build/icons/256x256.png differ
diff --git a/packages/desktop/build/icons/32x32.png b/packages/desktop/build/icons/32x32.png
new file mode 100644
index 0000000..df8f031
Binary files /dev/null and b/packages/desktop/build/icons/32x32.png differ
diff --git a/packages/desktop/build/icons/48x48.png b/packages/desktop/build/icons/48x48.png
new file mode 100644
index 0000000..6bb9be4
Binary files /dev/null and b/packages/desktop/build/icons/48x48.png differ
diff --git a/packages/desktop/build/icons/512x512.png b/packages/desktop/build/icons/512x512.png
new file mode 100644
index 0000000..5815f8d
Binary files /dev/null and b/packages/desktop/build/icons/512x512.png differ
diff --git a/packages/desktop/build/icons/64x64.png b/packages/desktop/build/icons/64x64.png
new file mode 100644
index 0000000..b286ee6
Binary files /dev/null and b/packages/desktop/build/icons/64x64.png differ
diff --git a/packages/desktop/build/installer.nsh b/packages/desktop/build/installer.nsh
new file mode 100644
index 0000000..ed2954d
--- /dev/null
+++ b/packages/desktop/build/installer.nsh
@@ -0,0 +1,8 @@
+!macro customInit
+  IfFileExists "$INSTDIR\Hermes Studio.exe" 0 hermesStudioStopDone
+    DetailPrint "Stopping Hermes Studio..."
+    nsExec::ExecToLog '"$INSTDIR\Hermes Studio.exe" --quit'
+    Sleep 5000
+    nsExec::ExecToLog 'taskkill.exe /IM "Hermes Studio.exe" /T /F'
+  hermesStudioStopDone:
+!macroend
diff --git a/packages/desktop/build/runtime-release.json b/packages/desktop/build/runtime-release.json
new file mode 100644
index 0000000..c5b3b64
--- /dev/null
+++ b/packages/desktop/build/runtime-release.json
@@ -0,0 +1,3 @@
+{
+  "tag": "hermes-0.15.2-runtime"
+}
diff --git a/packages/desktop/build/trayTemplate.png b/packages/desktop/build/trayTemplate.png
new file mode 100644
index 0000000..c458a32
Binary files /dev/null and b/packages/desktop/build/trayTemplate.png differ
diff --git a/packages/desktop/build/trayWindows.png b/packages/desktop/build/trayWindows.png
new file mode 100644
index 0000000..7c3c63e
Binary files /dev/null and b/packages/desktop/build/trayWindows.png differ
diff --git a/packages/desktop/electron-builder.yml b/packages/desktop/electron-builder.yml
new file mode 100644
index 0000000..c7189e6
--- /dev/null
+++ b/packages/desktop/electron-builder.yml
@@ -0,0 +1,85 @@
+appId: com.hermeswebui.studio
+productName: Hermes Studio
+copyright: Copyright © 2026
+
+directories:
+  output: release
+  buildResources: build
+
+publish:
+  provider: generic
+  url: https://download.ekkolearnai.com
+
+# Don't auto-prune our root node_modules; we curate `files` and `extraResources` ourselves.
+buildDependenciesFromSource: false
+nodeGypRebuild: false
+npmRebuild: false
+
+files:
+  - "dist/**/*"
+  - "package.json"
+  - "!**/node_modules/*/{CHANGELOG.md,README.md,README,readme.md,readme,LICENSE,LICENSE.txt,license,*.d.ts}"
+  - "!**/node_modules/.bin"
+  - "!**/{.DS_Store,.git,.gitignore,.eslintrc*,.prettierrc*,*.map,tsconfig.json}"
+
+# Web UI source (built dist) lives outside the asar. Python/Node/Git runtime
+# assets are downloaded into the user's Web UI home on first launch.
+# This package lives at packages/desktop, so ../.. is the hermes-web-ui repo root.
+extraResources:
+  - from: "build"
+    to: "build"
+    filter:
+      - "icon.png"
+      - "icon.ico"
+      - "trayTemplate.png"
+      - "trayWindows.png"
+      - "runtime-release.json"
+  - from: "../.."
+    to: "webui"
+    filter:
+      - "package.json"
+      - "dist/**"
+      - "node_modules/**"
+      # Drop other-platform node-pty prebuilds (saves ~45MB)
+      - "!node_modules/node-pty/prebuilds/!(${platform}-${arch})/**"
+      - "!node_modules/node-pty/build/**"
+      - "!packages/desktop/**"
+      - "!**/{.git,.github,docs,tests,playwright.config.ts,README*,scripts,*.map}"
+      - "!node_modules/**/*.md"
+
+asarUnpack:
+  - "**/*.node"
+
+mac:
+  target:
+    - target: dmg
+      arch: [arm64, x64]
+    - target: zip
+      arch: [arm64, x64]
+  category: public.app-category.developer-tools
+  hardenedRuntime: true
+  gatekeeperAssess: false
+  notarize: true
+  artifactName: "Hermes.Studio-${version}-${arch}.${ext}"
+
+win:
+  target:
+    - target: nsis
+      arch: [x64]
+  artifactName: "Hermes.Studio-${version}-${arch}.${ext}"
+
+linux:
+  icon: build/icons
+  target:
+    - target: AppImage
+      arch: [x64, arm64]
+    - target: deb
+      arch: [x64]   # fpm has no arm64 binary; deb only on x64
+  category: Development
+  artifactName: "Hermes.Studio-${version}-${arch}.${ext}"
+
+nsis:
+  oneClick: false
+  allowToChangeInstallationDirectory: true
+  perMachine: false
+  include: build/installer.nsh
diff --git a/packages/desktop/package-lock.json b/packages/desktop/package-lock.json
new file mode 100644
index 0000000..0b219f0
--- /dev/null
+++ b/packages/desktop/package-lock.json
@@ -0,0 +1,4616 @@
+{
+  "name": "hermes-studio",
+  "version": "0.6.9",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "hermes-studio",
+      "version": "0.6.9",
+      "license": "BSL-1.1",
+      "dependencies": {
+        "electron-updater": "^6.3.9"
+      },
+      "devDependencies": {
+        "@types/node": "^24.12.2",
+        "electron": "^42.3.0",
+        "electron-builder": "^25.1.8",
+        "typescript": "~5.6.3"
+      }
+    },
+    "node_modules/@develar/schema-utils": {
+      "version": "2.6.5",
+      "resolved": "https://registry.npmjs.org/@develar/schema-utils/-/schema-utils-2.6.5.tgz",
+      "integrity": "sha512-0cp4PsWQ/9avqTVMCtZ+GirikIA36ikvjtHweU4/j8yLtgObI0+JUPhYFScgwlteveGB1rt3Cm8UhN04XayDig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ajv": "^6.12.0",
+        "ajv-keywords": "^3.4.1"
+      },
+      "engines": {
+        "node": ">= 8.9.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/webpack"
+      }
+    },
+    "node_modules/@electron/asar": {
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/@electron/asar/-/asar-3.4.1.tgz",
+      "integrity": "sha512-i4/rNPRS84t0vSRa2HorerGRXWyF4vThfHesw0dmcWHp+cspK743UanA0suA5Q5y8kzY2y6YKrvbIUn69BCAiA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "commander": "^5.0.0",
+        "glob": "^7.1.6",
+        "minimatch": "^3.0.4"
+      },
+      "bin": {
+        "asar": "bin/asar.js"
+      },
+      "engines": {
+        "node": ">=10.12.0"
+      }
+    },
+    "node_modules/@electron/asar/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@electron/asar/node_modules/brace-expansion": {
+      "version": "1.1.15",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
+      "integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/@electron/asar/node_modules/minimatch": {
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/@electron/get": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/@electron/get/-/get-5.0.0.tgz",
+      "integrity": "sha512-pjoBpru1KdEtcExBnuHAP1cAc/5faoedw0hzJkL3o4/IJp7HNF1+fbrdxT3gMYRX2oJfvnA/WXeCTVQpYYxyJA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.1.1",
+        "env-paths": "^3.0.0",
+        "graceful-fs": "^4.2.11",
+        "progress": "^2.0.3",
+        "semver": "^7.6.3",
+        "sumchecker": "^3.0.1"
+      },
+      "engines": {
+        "node": ">=22.12.0"
+      },
+      "optionalDependencies": {
+        "undici": "^7.24.4"
+      }
+    },
+    "node_modules/@electron/notarize": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/@electron/notarize/-/notarize-2.5.0.tgz",
+      "integrity": "sha512-jNT8nwH1f9X5GEITXaQ8IF/KdskvIkOFfB2CvwumsveVidzpSc+mvhhTMdAGSYF3O+Nq49lJ7y+ssODRXu06+A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.1.1",
+        "fs-extra": "^9.0.1",
+        "promise-retry": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 10.0.0"
+      }
+    },
+    "node_modules/@electron/notarize/node_modules/fs-extra": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
+      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "at-least-node": "^1.0.0",
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@electron/osx-sign": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/@electron/osx-sign/-/osx-sign-1.3.1.tgz",
+      "integrity": "sha512-BAfviURMHpmb1Yb50YbCxnOY0wfwaLXH5KJ4+80zS0gUkzDX3ec23naTlEqKsN+PwYn+a1cCzM7BJ4Wcd3sGzw==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "compare-version": "^0.1.2",
+        "debug": "^4.3.4",
+        "fs-extra": "^10.0.0",
+        "isbinaryfile": "^4.0.8",
+        "minimist": "^1.2.6",
+        "plist": "^3.0.5"
+      },
+      "bin": {
+        "electron-osx-flat": "bin/electron-osx-flat.js",
+        "electron-osx-sign": "bin/electron-osx-sign.js"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/@electron/osx-sign/node_modules/isbinaryfile": {
+      "version": "4.0.10",
+      "resolved": "https://registry.npmjs.org/isbinaryfile/-/isbinaryfile-4.0.10.tgz",
+      "integrity": "sha512-iHrqe5shvBUcFbmZq9zOQHBoeOhZJu6RQGrDpBgenUm/Am+F3JM2MgQj+rK3Z601fzrL5gLZWtAPH2OBaSVcyw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 8.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/gjtorikian/"
+      }
+    },
+    "node_modules/@electron/rebuild": {
+      "version": "3.6.1",
+      "resolved": "https://registry.npmjs.org/@electron/rebuild/-/rebuild-3.6.1.tgz",
+      "integrity": "sha512-f6596ZHpEq/YskUd8emYvOUne89ij8mQgjYFA5ru25QwbrRO+t1SImofdDv7kKOuWCmVOuU5tvfkbgGxIl3E/w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@malept/cross-spawn-promise": "^2.0.0",
+        "chalk": "^4.0.0",
+        "debug": "^4.1.1",
+        "detect-libc": "^2.0.1",
+        "fs-extra": "^10.0.0",
+        "got": "^11.7.0",
+        "node-abi": "^3.45.0",
+        "node-api-version": "^0.2.0",
+        "node-gyp": "^9.0.0",
+        "ora": "^5.1.0",
+        "read-binary-file-arch": "^1.0.6",
+        "semver": "^7.3.5",
+        "tar": "^6.0.5",
+        "yargs": "^17.0.1"
+      },
+      "bin": {
+        "electron-rebuild": "lib/cli.js"
+      },
+      "engines": {
+        "node": ">=12.13.0"
+      }
+    },
+    "node_modules/@electron/universal": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@electron/universal/-/universal-2.0.1.tgz",
+      "integrity": "sha512-fKpv9kg4SPmt+hY7SVBnIYULE9QJl8L3sCfcBsnqbJwwBwAeTLokJ9TRt9y7bK0JAzIW2y78TVVjvnQEms/yyA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@electron/asar": "^3.2.7",
+        "@malept/cross-spawn-promise": "^2.0.0",
+        "debug": "^4.3.1",
+        "dir-compare": "^4.2.0",
+        "fs-extra": "^11.1.1",
+        "minimatch": "^9.0.3",
+        "plist": "^3.1.0"
+      },
+      "engines": {
+        "node": ">=16.4"
+      }
+    },
+    "node_modules/@electron/universal/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@electron/universal/node_modules/brace-expansion": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.1.tgz",
+      "integrity": "sha512-WR1cURNjuvBLMZBMbqM0UoE+WAfdUcEV1ccD8PVBVOI+Z3ND4+SZbN8RsfT2bMuG1qwz5RFvPukSZm5fF2D5eA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/@electron/universal/node_modules/fs-extra": {
+      "version": "11.3.5",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.5.tgz",
+      "integrity": "sha512-eKpRKAovdpZtR1WopLHxlBWvAgPny3c4gX1G5Jhwmmw4XJj0ifSD5qB5TOo8hmA0wlRKDAOAhEE1yVPgs6Fgcg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=14.14"
+      }
+    },
+    "node_modules/@electron/universal/node_modules/minimatch": {
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/@gar/promisify": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@gar/promisify/-/promisify-1.1.3.tgz",
+      "integrity": "sha512-k2Ty1JcVojjJFwrg/ThKi2ujJ7XNLYaFGNB/bWT9wGR+oSMJHMa5w+CUq6p/pVrKeNNgA7pCqEcjSnHVoqJQFw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@isaacs/cliui": {
+      "version": "8.0.2",
+      "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
+      "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^5.1.2",
+        "string-width-cjs": "npm:string-width@^4.2.0",
+        "strip-ansi": "^7.0.1",
+        "strip-ansi-cjs": "npm:strip-ansi@^6.0.1",
+        "wrap-ansi": "^8.1.0",
+        "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@isaacs/cliui/node_modules/ansi-regex": {
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
+      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "node_modules/@isaacs/cliui/node_modules/ansi-styles": {
+      "version": "6.2.3",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz",
+      "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/@isaacs/cliui/node_modules/emoji-regex": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
+      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@isaacs/cliui/node_modules/string-width": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
+      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "eastasianwidth": "^0.2.0",
+        "emoji-regex": "^9.2.2",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/@isaacs/cliui/node_modules/strip-ansi": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
+      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^6.2.2"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
+    "node_modules/@isaacs/cliui/node_modules/wrap-ansi": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
+      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^6.1.0",
+        "string-width": "^5.0.1",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/@malept/cross-spawn-promise": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@malept/cross-spawn-promise/-/cross-spawn-promise-2.0.0.tgz",
+      "integrity": "sha512-1DpKU0Z5ThltBwjNySMC14g0CkbyhCaz9FkhxqNsZI6uAPJXFS8cMXlBKo26FJ8ZuW6S9GCMcR9IO5k2X5/9Fg==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/malept"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/subscription/pkg/npm-.malept-cross-spawn-promise?utm_medium=referral&utm_source=npm_fund"
+        }
+      ],
+      "license": "Apache-2.0",
+      "dependencies": {
+        "cross-spawn": "^7.0.1"
+      },
+      "engines": {
+        "node": ">= 12.13.0"
+      }
+    },
+    "node_modules/@malept/flatpak-bundler": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@malept/flatpak-bundler/-/flatpak-bundler-0.4.0.tgz",
+      "integrity": "sha512-9QOtNffcOF/c1seMCDnjckb3R9WHcG34tky+FHpNKKCW0wc/scYLwMtO+ptyGUfMW0/b/n4qRiALlaFHc9Oj7Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.1.1",
+        "fs-extra": "^9.0.0",
+        "lodash": "^4.17.15",
+        "tmp-promise": "^3.0.2"
+      },
+      "engines": {
+        "node": ">= 10.0.0"
+      }
+    },
+    "node_modules/@malept/flatpak-bundler/node_modules/fs-extra": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
+      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "at-least-node": "^1.0.0",
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@npmcli/fs": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-2.1.2.tgz",
+      "integrity": "sha512-yOJKRvohFOaLqipNtwYB9WugyZKhC/DZC4VYPmpaCzDBrA8YpK3qHZ8/HGscMnE4GqbkLNuVcCnxkeQEdGt6LQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "@gar/promisify": "^1.1.3",
+        "semver": "^7.3.5"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/@npmcli/move-file": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@npmcli/move-file/-/move-file-2.0.1.tgz",
+      "integrity": "sha512-mJd2Z5TjYWq/ttPLLGqArdtnC74J6bOzg4rMDnN+p1xTacZ2yPRCk2y0oSWQtygLR9YVQXgOcONrwtnk3JupxQ==",
+      "deprecated": "This functionality has been moved to @npmcli/fs",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mkdirp": "^1.0.4",
+        "rimraf": "^3.0.2"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/@pkgjs/parseargs": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
+      "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@sindresorhus/is": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.6.0.tgz",
+      "integrity": "sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/is?sponsor=1"
+      }
+    },
+    "node_modules/@szmarczak/http-timer": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-4.0.6.tgz",
+      "integrity": "sha512-4BAffykYOgO+5nzBWYwE3W90sBgLJoUPRWWcL8wlyiM8IB8ipJz3UMJ9KXQd1RKQXpKp8Tutn80HZtWsu2u76w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "defer-to-connect": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@tootallnate/once": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.1.tgz",
+      "integrity": "sha512-HqmEUIGRJ5fSXchkVgR5F7qn48bDBzv0kWj/Kfu5e6uci4UlEeng4331LnBkWffb++Ei3FOVLxo8JJWMFBDMeQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/@types/cacheable-request": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.3.tgz",
+      "integrity": "sha512-IQ3EbTzGxIigb1I3qPZc1rWJnH0BmSKv5QYTalEwweFvyBDLSAe24zP0le/hyi7ecGfZVlIVAg4BZqb8WBwKqw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/http-cache-semantics": "*",
+        "@types/keyv": "^3.1.4",
+        "@types/node": "*",
+        "@types/responselike": "^1.0.0"
+      }
+    },
+    "node_modules/@types/debug": {
+      "version": "4.1.13",
+      "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.13.tgz",
+      "integrity": "sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/ms": "*"
+      }
+    },
+    "node_modules/@types/fs-extra": {
+      "version": "9.0.13",
+      "resolved": "https://registry.npmjs.org/@types/fs-extra/-/fs-extra-9.0.13.tgz",
+      "integrity": "sha512-nEnwB++1u5lVDM2UI4c1+5R+FYaKfaAzS4OococimjVm3nQw3TuzH5UNsocrcTBbhnerblyHj4A49qXbIiZdpA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/http-cache-semantics": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz",
+      "integrity": "sha512-L3LgimLHXtGkWikKnsPg0/VFx9OGZaC+eN1u4r+OB1XRqH3meBIAVC2zr1WdMH+RHmnRkqliQAOHNJ/E0j/e0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/keyv": {
+      "version": "3.1.4",
+      "resolved": "https://registry.npmjs.org/@types/keyv/-/keyv-3.1.4.tgz",
+      "integrity": "sha512-BQ5aZNSCpj7D6K2ksrRCTmKRLEpnPvWDiLPfoGyhZ++8YtiK9d/3DBKPJgry359X/P1PfruyYwvnvwFjuEiEIg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/ms": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz",
+      "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/node": {
+      "version": "24.12.4",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.12.4.tgz",
+      "integrity": "sha512-GUUEShf+PBCGW2KaXwcIt3Yk+e3pkKwWKb9GSyM9WQVE+ep2jzmHdGsHzu4wgcZy5fN9FBdVzjpBQsYlpfpgLA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~7.16.0"
+      }
+    },
+    "node_modules/@types/plist": {
+      "version": "3.0.5",
+      "resolved": "https://registry.npmjs.org/@types/plist/-/plist-3.0.5.tgz",
+      "integrity": "sha512-E6OCaRmAe4WDmWNsL/9RMqdkkzDCY1etutkflWk4c+AcjDU07Pcz1fQwTX0TQz+Pxqn9i4L1TU3UFpjnrcDgxA==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@types/node": "*",
+        "xmlbuilder": ">=11.0.1"
+      }
+    },
+    "node_modules/@types/responselike": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@types/responselike/-/responselike-1.0.3.tgz",
+      "integrity": "sha512-H/+L+UkTV33uf49PH5pCAUBVPNj2nDBXTN+qS1dOwyyg24l3CcicicCA7ca+HMvJBZcFgl5r8e+RR6elsb4Lyw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/verror": {
+      "version": "1.10.11",
+      "resolved": "https://registry.npmjs.org/@types/verror/-/verror-1.10.11.tgz",
+      "integrity": "sha512-RlDm9K7+o5stv0Co8i8ZRGxDbrTxhJtgjqjFyVh/tXQyl/rYtTKlnTvZ88oSTeYREWurwx20Js4kTuKCsFkUtg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true
+    },
+    "node_modules/@types/yauzl": {
+      "version": "2.10.3",
+      "resolved": "https://registry.npmjs.org/@types/yauzl/-/yauzl-2.10.3.tgz",
+      "integrity": "sha512-oJoftv0LSuaDZE3Le4DbKX+KS9G36NzOeSap90UIK0yMA/NhKJhqlSGtNDORNRaIbQfzjXDrQa0ytJ6mNRGz/Q==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@xmldom/xmldom": {
+      "version": "0.9.10",
+      "resolved": "https://registry.npmjs.org/@xmldom/xmldom/-/xmldom-0.9.10.tgz",
+      "integrity": "sha512-A9gOqLdi6cV4ibazAjcQufGj0B1y/vDqYrcuP6d/6x8P27gRS8643Dj9o1dEKtB6O7fwxb2FgBmJS2mX7gpvdw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.6"
+      }
+    },
+    "node_modules/7zip-bin": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/7zip-bin/-/7zip-bin-5.2.0.tgz",
+      "integrity": "sha512-ukTPVhqG4jNzMro2qA9HSCSSVJN3aN7tlb+hfqYCt3ER0yWroeA2VR38MNrOHLQ/cVj+DaIMad0kFCtWWowh/A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/abbrev": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz",
+      "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/agent-base": {
+      "version": "7.1.4",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz",
+      "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/agentkeepalive": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/agentkeepalive/-/agentkeepalive-4.6.0.tgz",
+      "integrity": "sha512-kja8j7PjmncONqaTsB8fQ+wE2mSU2DJ9D4XKoJ5PFWIdRMa6SLSN1ff4mOr4jCbfRSsxR4keIiySJU0N9T5hIQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "humanize-ms": "^1.2.1"
+      },
+      "engines": {
+        "node": ">= 8.0.0"
+      }
+    },
+    "node_modules/aggregate-error": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz",
+      "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "clean-stack": "^2.0.0",
+        "indent-string": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ajv": {
+      "version": "6.15.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
+      "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/ajv-keywords": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz",
+      "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "ajv": "^6.9.1"
+      }
+    },
+    "node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/app-builder-bin": {
+      "version": "5.0.0-alpha.10",
+      "resolved": "https://registry.npmjs.org/app-builder-bin/-/app-builder-bin-5.0.0-alpha.10.tgz",
+      "integrity": "sha512-Ev4jj3D7Bo+O0GPD2NMvJl+PGiBAfS7pUGawntBNpCbxtpncfUixqFj9z9Jme7V7s3LBGqsWZZP54fxBX3JKJw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/app-builder-lib": {
+      "version": "25.1.8",
+      "resolved": "https://registry.npmjs.org/app-builder-lib/-/app-builder-lib-25.1.8.tgz",
+      "integrity": "sha512-pCqe7dfsQFBABC1jeKZXQWhGcCPF3rPCXDdfqVKjIeWBcXzyC1iOWZdfFhGl+S9MyE/k//DFmC6FzuGAUudNDg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@develar/schema-utils": "~2.6.5",
+        "@electron/notarize": "2.5.0",
+        "@electron/osx-sign": "1.3.1",
+        "@electron/rebuild": "3.6.1",
+        "@electron/universal": "2.0.1",
+        "@malept/flatpak-bundler": "^0.4.0",
+        "@types/fs-extra": "9.0.13",
+        "async-exit-hook": "^2.0.1",
+        "bluebird-lst": "^1.0.9",
+        "builder-util": "25.1.7",
+        "builder-util-runtime": "9.2.10",
+        "chromium-pickle-js": "^0.2.0",
+        "config-file-ts": "0.2.8-rc1",
+        "debug": "^4.3.4",
+        "dotenv": "^16.4.5",
+        "dotenv-expand": "^11.0.6",
+        "ejs": "^3.1.8",
+        "electron-publish": "25.1.7",
+        "form-data": "^4.0.0",
+        "fs-extra": "^10.1.0",
+        "hosted-git-info": "^4.1.0",
+        "is-ci": "^3.0.0",
+        "isbinaryfile": "^5.0.0",
+        "js-yaml": "^4.1.0",
+        "json5": "^2.2.3",
+        "lazy-val": "^1.0.5",
+        "minimatch": "^10.0.0",
+        "resedit": "^1.7.0",
+        "sanitize-filename": "^1.6.3",
+        "semver": "^7.3.8",
+        "tar": "^6.1.12",
+        "temp-file": "^3.4.0"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      },
+      "peerDependencies": {
+        "dmg-builder": "25.1.8",
+        "electron-builder-squirrel-windows": "25.1.8"
+      }
+    },
+    "node_modules/aproba": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/aproba/-/aproba-2.1.0.tgz",
+      "integrity": "sha512-tLIEcj5GuR2RSTnxNKdkK0dJ/GrC7P38sUkiDmDuHfsHmbagTFAxDVIBltoklXEVIQ/f14IL8IMJ5pn9Hez1Ew==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/archiver": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/archiver/-/archiver-5.3.2.tgz",
+      "integrity": "sha512-+25nxyyznAXF7Nef3y0EbBeqmGZgeN/BxHX29Rs39djAfaFalmQ89SE6CWyDCHzGL0yt/ycBtNOmGTW0FyGWNw==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "archiver-utils": "^2.1.0",
+        "async": "^3.2.4",
+        "buffer-crc32": "^0.2.1",
+        "readable-stream": "^3.6.0",
+        "readdir-glob": "^1.1.2",
+        "tar-stream": "^2.2.0",
+        "zip-stream": "^4.1.0"
+      },
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/archiver-utils": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/archiver-utils/-/archiver-utils-2.1.0.tgz",
+      "integrity": "sha512-bEL/yUb/fNNiNTuUz979Z0Yg5L+LzLxGJz8x79lYmR54fmTIb6ob/hNQgkQnIUDWIFjZVQwl9Xs356I6BAMHfw==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "glob": "^7.1.4",
+        "graceful-fs": "^4.2.0",
+        "lazystream": "^1.0.0",
+        "lodash.defaults": "^4.2.0",
+        "lodash.difference": "^4.5.0",
+        "lodash.flatten": "^4.4.0",
+        "lodash.isplainobject": "^4.0.6",
+        "lodash.union": "^4.6.0",
+        "normalize-path": "^3.0.0",
+        "readable-stream": "^2.0.0"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/archiver-utils/node_modules/readable-stream": {
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+      "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      }
+    },
+    "node_modules/archiver-utils/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/archiver-utils/node_modules/string_decoder": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "safe-buffer": "~5.1.0"
+      }
+    },
+    "node_modules/are-we-there-yet": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-3.0.1.tgz",
+      "integrity": "sha512-QZW4EDmGwlYur0Yyf/b2uGucHQMa8aFUP7eu9ddR73vvhFyt4V0Vl3QHPcTNJ8l6qYOBdxgXdnBXQrHilfRQBg==",
+      "deprecated": "This package is no longer supported.",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "delegates": "^1.0.0",
+        "readable-stream": "^3.6.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/argparse": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
+      "license": "Python-2.0"
+    },
+    "node_modules/assert-plus": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
+      "integrity": "sha512-NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "engines": {
+        "node": ">=0.8"
+      }
+    },
+    "node_modules/astral-regex": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz",
+      "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/async": {
+      "version": "3.2.6",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
+      "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/async-exit-hook": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/async-exit-hook/-/async-exit-hook-2.0.1.tgz",
+      "integrity": "sha512-NW2cX8m1Q7KPA7a5M2ULQeZ2wR5qI5PAbw5L0UOMxdioVk9PMZ0h1TmyZEkPYrCvYjDlFICusOu1dlEKAAeXBw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "node_modules/asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/at-least-node": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz",
+      "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">= 4.0.0"
+      }
+    },
+    "node_modules/balanced-match": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/base64-js": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
+      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/bl": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz",
+      "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "buffer": "^5.5.0",
+        "inherits": "^2.0.4",
+        "readable-stream": "^3.4.0"
+      }
+    },
+    "node_modules/bluebird": {
+      "version": "3.7.2",
+      "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz",
+      "integrity": "sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/bluebird-lst": {
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/bluebird-lst/-/bluebird-lst-1.0.9.tgz",
+      "integrity": "sha512-7B1Rtx82hjnSD4PGLAjVWeYH3tHAcVUmChh85a3lltKQm6FresXh9ErQo6oAv6CqxttczC3/kEg8SY5NluPuUw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "bluebird": "^3.5.5"
+      }
+    },
+    "node_modules/brace-expansion": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
+    },
+    "node_modules/buffer": {
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz",
+      "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "base64-js": "^1.3.1",
+        "ieee754": "^1.1.13"
+      }
+    },
+    "node_modules/buffer-crc32": {
+      "version": "0.2.13",
+      "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz",
+      "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/buffer-from": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
+      "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/builder-util": {
+      "version": "25.1.7",
+      "resolved": "https://registry.npmjs.org/builder-util/-/builder-util-25.1.7.tgz",
+      "integrity": "sha512-7jPjzBwEGRbwNcep0gGNpLXG9P94VA3CPAZQCzxkFXiV2GMQKlziMbY//rXPI7WKfhsvGgFXjTcXdBEwgXw9ww==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/debug": "^4.1.6",
+        "7zip-bin": "~5.2.0",
+        "app-builder-bin": "5.0.0-alpha.10",
+        "bluebird-lst": "^1.0.9",
+        "builder-util-runtime": "9.2.10",
+        "chalk": "^4.1.2",
+        "cross-spawn": "^7.0.3",
+        "debug": "^4.3.4",
+        "fs-extra": "^10.1.0",
+        "http-proxy-agent": "^7.0.0",
+        "https-proxy-agent": "^7.0.0",
+        "is-ci": "^3.0.0",
+        "js-yaml": "^4.1.0",
+        "source-map-support": "^0.5.19",
+        "stat-mode": "^1.0.0",
+        "temp-file": "^3.4.0"
+      }
+    },
+    "node_modules/builder-util-runtime": {
+      "version": "9.2.10",
+      "resolved": "https://registry.npmjs.org/builder-util-runtime/-/builder-util-runtime-9.2.10.tgz",
+      "integrity": "sha512-6p/gfG1RJSQeIbz8TK5aPNkoztgY1q5TgmGFMAXcY8itsGW6Y2ld1ALsZ5UJn8rog7hKF3zHx5iQbNQ8uLcRlw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.3.4",
+        "sax": "^1.2.4"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/cacache": {
+      "version": "16.1.3",
+      "resolved": "https://registry.npmjs.org/cacache/-/cacache-16.1.3.tgz",
+      "integrity": "sha512-/+Emcj9DAXxX4cwlLmRI9c166RuL3w30zp4R7Joiv2cQTtTtA+jeuCAjH3ZlGnYS3tKENSrKhAzVVP9GVyzeYQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "@npmcli/fs": "^2.1.0",
+        "@npmcli/move-file": "^2.0.0",
+        "chownr": "^2.0.0",
+        "fs-minipass": "^2.1.0",
+        "glob": "^8.0.1",
+        "infer-owner": "^1.0.4",
+        "lru-cache": "^7.7.1",
+        "minipass": "^3.1.6",
+        "minipass-collect": "^1.0.2",
+        "minipass-flush": "^1.0.5",
+        "minipass-pipeline": "^1.2.4",
+        "mkdirp": "^1.0.4",
+        "p-map": "^4.0.0",
+        "promise-inflight": "^1.0.1",
+        "rimraf": "^3.0.2",
+        "ssri": "^9.0.0",
+        "tar": "^6.1.11",
+        "unique-filename": "^2.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/cacache/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/cacache/node_modules/brace-expansion": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.1.tgz",
+      "integrity": "sha512-WR1cURNjuvBLMZBMbqM0UoE+WAfdUcEV1ccD8PVBVOI+Z3ND4+SZbN8RsfT2bMuG1qwz5RFvPukSZm5fF2D5eA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/cacache/node_modules/glob": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz",
+      "integrity": "sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^5.0.1",
+        "once": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/cacache/node_modules/lru-cache": {
+      "version": "7.18.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz",
+      "integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/cacache/node_modules/minimatch": {
+      "version": "5.1.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+      "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/cacheable-lookup": {
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.4.tgz",
+      "integrity": "sha512-2/kNscPhpcxrOigMZzbiWF7dz8ilhb/nIHU3EyZiXWXpeq/au8qJ8VhdftMkty3n7Gj6HIGalQG8oiBNB3AJgA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.6.0"
+      }
+    },
+    "node_modules/cacheable-request": {
+      "version": "7.0.4",
+      "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-7.0.4.tgz",
+      "integrity": "sha512-v+p6ongsrp0yTGbJXjgxPow2+DL93DASP4kXCDKb8/bwRtt9OEF3whggkkDkGNzgcWy2XaF4a8nZglC7uElscg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "clone-response": "^1.0.2",
+        "get-stream": "^5.1.0",
+        "http-cache-semantics": "^4.0.0",
+        "keyv": "^4.0.0",
+        "lowercase-keys": "^2.0.0",
+        "normalize-url": "^6.0.1",
+        "responselike": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/call-bind-apply-helpers": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
+      "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/chownr": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz",
+      "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/chromium-pickle-js": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/chromium-pickle-js/-/chromium-pickle-js-0.2.0.tgz",
+      "integrity": "sha512-1R5Fho+jBq0DDydt+/vHWj5KJNJCKdARKOCwZUen84I5BreWoLqRLANH1U87eJy1tiASPtMnGqJJq0ZsLoRPOw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/ci-info": {
+      "version": "3.9.0",
+      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz",
+      "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/sibiraj-s"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/clean-stack": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz",
+      "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/cli-cursor": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz",
+      "integrity": "sha512-I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "restore-cursor": "^3.1.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/cli-spinners": {
+      "version": "2.9.2",
+      "resolved": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz",
+      "integrity": "sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/cli-truncate": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-2.1.0.tgz",
+      "integrity": "sha512-n8fOixwDD6b/ObinzTrp1ZKFzbgvKZvuz/TvejnLn1aQfC6r52XEx85FmuC+3HI+JM7coBRXUvNqEU2PHVrHpg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "slice-ansi": "^3.0.0",
+        "string-width": "^4.2.0"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/cliui": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
+      "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.1",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/clone": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/clone/-/clone-1.0.4.tgz",
+      "integrity": "sha512-JQHZ2QMW6l3aH/j6xCqQThY/9OH4D/9ls34cgkUBiEeocRTU04tHfKPBsUK1PqZCUQM7GiA0IIXJSuXHI64Kbg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.8"
+      }
+    },
+    "node_modules/clone-response": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/clone-response/-/clone-response-1.0.3.tgz",
+      "integrity": "sha512-ROoL94jJH2dUVML2Y/5PEDNaSHgeOdSDicUyS7izcF63G6sTc/FTjLub4b8Il9S8S0beOfYt0TaA5qvFK+w0wA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mimic-response": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/color-support": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-support/-/color-support-1.1.3.tgz",
+      "integrity": "sha512-qiBjkpbMLO/HL68y+lh4q0/O1MZFj2RX6X/KmMa3+gJD3z+WwI1ZzDHysvqHGS3mP6mznPckpXmw1nI9cJjyRg==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "color-support": "bin.js"
+      }
+    },
+    "node_modules/combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "delayed-stream": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/commander": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz",
+      "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/compare-version": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/compare-version/-/compare-version-0.1.2.tgz",
+      "integrity": "sha512-pJDh5/4wrEnXX/VWRZvruAGHkzKdr46z11OlTPN+VrATlWWhSKewNCJ1futCO5C7eJB3nPMFZA1LeYtcFboZ2A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/compress-commons": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/compress-commons/-/compress-commons-4.1.2.tgz",
+      "integrity": "sha512-D3uMHtGc/fcO1Gt1/L7i1e33VOvD4A9hfQLP+6ewd+BvG/gQ84Yh4oftEhAdjSMgBgwGL+jsppT7JYNpo6MHHg==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "buffer-crc32": "^0.2.13",
+        "crc32-stream": "^4.0.2",
+        "normalize-path": "^3.0.0",
+        "readable-stream": "^3.6.0"
+      },
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/config-file-ts": {
+      "version": "0.2.8-rc1",
+      "resolved": "https://registry.npmjs.org/config-file-ts/-/config-file-ts-0.2.8-rc1.tgz",
+      "integrity": "sha512-GtNECbVI82bT4RiDIzBSVuTKoSHufnU7Ce7/42bkWZJZFLjmDF2WBpVsvRkhKCfKBnTBb3qZrBwPpFBU/Myvhg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "glob": "^10.3.12",
+        "typescript": "^5.4.3"
+      }
+    },
+    "node_modules/config-file-ts/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/config-file-ts/node_modules/brace-expansion": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.1.tgz",
+      "integrity": "sha512-WR1cURNjuvBLMZBMbqM0UoE+WAfdUcEV1ccD8PVBVOI+Z3ND4+SZbN8RsfT2bMuG1qwz5RFvPukSZm5fF2D5eA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/config-file-ts/node_modules/glob": {
+      "version": "10.5.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
+      "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "foreground-child": "^3.1.0",
+        "jackspeak": "^3.1.2",
+        "minimatch": "^9.0.4",
+        "minipass": "^7.1.2",
+        "package-json-from-dist": "^1.0.0",
+        "path-scurry": "^1.11.1"
+      },
+      "bin": {
+        "glob": "dist/esm/bin.mjs"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/config-file-ts/node_modules/minimatch": {
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/config-file-ts/node_modules/minipass": {
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz",
+      "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      }
+    },
+    "node_modules/console-control-strings": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz",
+      "integrity": "sha512-ty/fTekppD2fIwRvnZAVdeOiGd1c7YXEixbgJTNzqcxJWKQnjJ/V1bNEEE6hygpM3WjwHFUVK6HTjWSzV4a8sQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/core-util-is": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
+      "integrity": "sha512-3lqz5YjWTYnW6dlDa5TLaTCcShfar1e40rmcJVwCBJC6mWlFuj0eCHIElmG1g5kyuJ/GD+8Wn4FFCcz4gJPfaQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/crc": {
+      "version": "3.8.0",
+      "resolved": "https://registry.npmjs.org/crc/-/crc-3.8.0.tgz",
+      "integrity": "sha512-iX3mfgcTMIq3ZKLIsVFAbv7+Mc10kxabAGQb8HvjA1o3T1PIYprbakQ65d3I+2HGHt6nSKkM9PYjgoJO2KcFBQ==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "buffer": "^5.1.0"
+      }
+    },
+    "node_modules/crc-32": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz",
+      "integrity": "sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "peer": true,
+      "bin": {
+        "crc32": "bin/crc32.njs"
+      },
+      "engines": {
+        "node": ">=0.8"
+      }
+    },
+    "node_modules/crc32-stream": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/crc32-stream/-/crc32-stream-4.0.3.tgz",
+      "integrity": "sha512-NT7w2JVU7DFroFdYkeq8cywxrgjPHWkdX1wjpRQXPX5Asews3tA+Ght6lddQO5Mkumffp3X7GEqku3epj2toIw==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "crc-32": "^1.2.0",
+        "readable-stream": "^3.4.0"
+      },
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/cross-spawn": {
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/debug": {
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/decompress-response": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz",
+      "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mimic-response": "^3.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/decompress-response/node_modules/mimic-response": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz",
+      "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/defaults": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/defaults/-/defaults-1.0.4.tgz",
+      "integrity": "sha512-eFuaLoy/Rxalv2kr+lqMlUnrDWV+3j4pljOIJgLIhI058IQfWJ7vXhyEIHu+HtC738klGALYxOKDO0bQP3tg8A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "clone": "^1.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/defer-to-connect": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz",
+      "integrity": "sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/delegates": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz",
+      "integrity": "sha512-bd2L678uiWATM6m5Z1VzNCErI3jiGzt6HGY8OVICs40JQq/HALfbyNJmp0UDakEY4pMMaN0Ly5om/B1VI/+xfQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/detect-libc": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
+      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/dir-compare": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/dir-compare/-/dir-compare-4.2.0.tgz",
+      "integrity": "sha512-2xMCmOoMrdQIPHdsTawECdNPwlVFB9zGcz3kuhmBO6U3oU+UQjsue0i8ayLKpgBcm+hcXPMVSGUN9d+pvJ6+VQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "minimatch": "^3.0.5",
+        "p-limit": "^3.1.0 "
+      }
+    },
+    "node_modules/dir-compare/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/dir-compare/node_modules/brace-expansion": {
+      "version": "1.1.15",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
+      "integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/dir-compare/node_modules/minimatch": {
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/dmg-builder": {
+      "version": "25.1.8",
+      "resolved": "https://registry.npmjs.org/dmg-builder/-/dmg-builder-25.1.8.tgz",
+      "integrity": "sha512-NoXo6Liy2heSklTI5OIZbCgXC1RzrDQsZkeEwXhdOro3FT1VBOvbubvscdPnjVuQ4AMwwv61oaH96AbiYg9EnQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "app-builder-lib": "25.1.8",
+        "builder-util": "25.1.7",
+        "builder-util-runtime": "9.2.10",
+        "fs-extra": "^10.1.0",
+        "iconv-lite": "^0.6.2",
+        "js-yaml": "^4.1.0"
+      },
+      "optionalDependencies": {
+        "dmg-license": "^1.0.11"
+      }
+    },
+    "node_modules/dmg-license": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/dmg-license/-/dmg-license-1.0.11.tgz",
+      "integrity": "sha512-ZdzmqwKmECOWJpqefloC5OJy1+WZBBse5+MR88z9g9Zn4VY+WYUkAyojmhzJckH5YbbZGcYIuGAkY5/Ys5OM2Q==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "dependencies": {
+        "@types/plist": "^3.0.1",
+        "@types/verror": "^1.10.3",
+        "ajv": "^6.10.0",
+        "crc": "^3.8.0",
+        "iconv-corefoundation": "^1.1.7",
+        "plist": "^3.0.4",
+        "smart-buffer": "^4.0.2",
+        "verror": "^1.10.0"
+      },
+      "bin": {
+        "dmg-license": "bin/dmg-license.js"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/dotenv": {
+      "version": "16.6.1",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.6.1.tgz",
+      "integrity": "sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://dotenvx.com"
+      }
+    },
+    "node_modules/dotenv-expand": {
+      "version": "11.0.7",
+      "resolved": "https://registry.npmjs.org/dotenv-expand/-/dotenv-expand-11.0.7.tgz",
+      "integrity": "sha512-zIHwmZPRshsCdpMDyVsqGmgyP0yT8GAgXUnkdAoJisxvf33k7yO6OuoKmcTGuXPWSsm8Oh88nZicRLA9Y0rUeA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "dotenv": "^16.4.5"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://dotenvx.com"
+      }
+    },
+    "node_modules/dunder-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
+      "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.2.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/eastasianwidth": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
+      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/ejs": {
+      "version": "3.1.10",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz",
+      "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "jake": "^10.8.5"
+      },
+      "bin": {
+        "ejs": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/electron": {
+      "version": "42.3.0",
+      "resolved": "https://registry.npmjs.org/electron/-/electron-42.3.0.tgz",
+      "integrity": "sha512-9ZiLdRXk+WDxW1OgIUz8J2rIQ5TYU9o629gCOjU48Q3dQiOmym7osWsH5Ubs/Jh4uuFLn6m6SBD2rmRXLAPz9g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@electron/get": "^5.0.0",
+        "@types/node": "^24.9.0",
+        "extract-zip": "^2.0.1"
+      },
+      "bin": {
+        "electron": "cli.js",
+        "install-electron": "install.js"
+      },
+      "engines": {
+        "node": ">= 22.12.0"
+      }
+    },
+    "node_modules/electron-builder": {
+      "version": "25.1.8",
+      "resolved": "https://registry.npmjs.org/electron-builder/-/electron-builder-25.1.8.tgz",
+      "integrity": "sha512-poRgAtUHHOnlzZnc9PK4nzG53xh74wj2Jy7jkTrqZ0MWPoHGh1M2+C//hGeYdA+4K8w4yiVCNYoLXF7ySj2Wig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "app-builder-lib": "25.1.8",
+        "builder-util": "25.1.7",
+        "builder-util-runtime": "9.2.10",
+        "chalk": "^4.1.2",
+        "dmg-builder": "25.1.8",
+        "fs-extra": "^10.1.0",
+        "is-ci": "^3.0.0",
+        "lazy-val": "^1.0.5",
+        "simple-update-notifier": "2.0.0",
+        "yargs": "^17.6.2"
+      },
+      "bin": {
+        "electron-builder": "cli.js",
+        "install-app-deps": "install-app-deps.js"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/electron-builder-squirrel-windows": {
+      "version": "25.1.8",
+      "resolved": "https://registry.npmjs.org/electron-builder-squirrel-windows/-/electron-builder-squirrel-windows-25.1.8.tgz",
+      "integrity": "sha512-2ntkJ+9+0GFP6nAISiMabKt6eqBB0kX1QqHNWFWAXgi0VULKGisM46luRFpIBiU3u/TDmhZMM8tzvo2Abn3ayg==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "app-builder-lib": "25.1.8",
+        "archiver": "^5.3.1",
+        "builder-util": "25.1.7",
+        "fs-extra": "^10.1.0"
+      }
+    },
+    "node_modules/electron-publish": {
+      "version": "25.1.7",
+      "resolved": "https://registry.npmjs.org/electron-publish/-/electron-publish-25.1.7.tgz",
+      "integrity": "sha512-+jbTkR9m39eDBMP4gfbqglDd6UvBC7RLh5Y0MhFSsc6UkGHj9Vj9TWobxevHYMMqmoujL11ZLjfPpMX+Pt6YEg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/fs-extra": "^9.0.11",
+        "builder-util": "25.1.7",
+        "builder-util-runtime": "9.2.10",
+        "chalk": "^4.1.2",
+        "fs-extra": "^10.1.0",
+        "lazy-val": "^1.0.5",
+        "mime": "^2.5.2"
+      }
+    },
+    "node_modules/electron-updater": {
+      "version": "6.8.3",
+      "resolved": "https://registry.npmjs.org/electron-updater/-/electron-updater-6.8.3.tgz",
+      "integrity": "sha512-Z6sgw3jgbikWKXei1ENdqFOxBP0WlXg3TtKfz0rgw2vIZFJUyI4pD7ZN7jrkm7EoMK+tcm/qTnPUdqfZukBlBQ==",
+      "license": "MIT",
+      "dependencies": {
+        "builder-util-runtime": "9.5.1",
+        "fs-extra": "^10.1.0",
+        "js-yaml": "^4.1.0",
+        "lazy-val": "^1.0.5",
+        "lodash.escaperegexp": "^4.1.2",
+        "lodash.isequal": "^4.5.0",
+        "semver": "~7.7.3",
+        "tiny-typed-emitter": "^2.1.0"
+      }
+    },
+    "node_modules/electron-updater/node_modules/builder-util-runtime": {
+      "version": "9.5.1",
+      "resolved": "https://registry.npmjs.org/builder-util-runtime/-/builder-util-runtime-9.5.1.tgz",
+      "integrity": "sha512-qt41tMfgHTllhResqM5DcnHyDIWNgzHvuY2jDcYP9iaGpkWxTUzV6GQjDeLnlR1/DtdlcsWQbA7sByMpmJFTLQ==",
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.3.4",
+        "sax": "^1.2.4"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/electron-updater/node_modules/semver": {
+      "version": "7.7.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+      "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/encoding": {
+      "version": "0.1.13",
+      "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz",
+      "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "iconv-lite": "^0.6.2"
+      }
+    },
+    "node_modules/end-of-stream": {
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz",
+      "integrity": "sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "once": "^1.4.0"
+      }
+    },
+    "node_modules/env-paths": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-3.0.0.tgz",
+      "integrity": "sha512-dtJUTepzMW3Lm/NPxRf3wP4642UWhjL2sQxc+ym2YMj1m/H2zDNQOlezafzkHwn6sMstjHTwG6iQQsctDW/b1A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/err-code": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/err-code/-/err-code-2.0.3.tgz",
+      "integrity": "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
+      "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.2.tgz",
+      "integrity": "sha512-HWcBoN6NileqtSydK2FqHbS/LoDd2pqrnQHLyJzBj4kOp/ky2MWMN694xOfkK8/SnUsW2DH7EfyVlydKCsm1Zw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-set-tostringtag": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz",
+      "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.6",
+        "has-tostringtag": "^1.0.2",
+        "hasown": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/escalade": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
+      "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/exponential-backoff": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/exponential-backoff/-/exponential-backoff-3.1.3.tgz",
+      "integrity": "sha512-ZgEeZXj30q+I0EN+CbSSpIyPaJ5HVQD18Z1m+u1FXbAeT94mr1zw50q4q6jiiC447Nl/YTcIYSAftiGqetwXCA==",
+      "dev": true,
+      "license": "Apache-2.0"
+    },
+    "node_modules/extract-zip": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-2.0.1.tgz",
+      "integrity": "sha512-GDhU9ntwuKyGXdZBUgTIe+vXnWj0fppUEtMDL0+idd5Sta8TGpHssn/eusA9mrPr9qNDym6SxAYZjNvCn/9RBg==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "debug": "^4.1.1",
+        "get-stream": "^5.1.0",
+        "yauzl": "^2.10.0"
+      },
+      "bin": {
+        "extract-zip": "cli.js"
+      },
+      "engines": {
+        "node": ">= 10.17.0"
+      },
+      "optionalDependencies": {
+        "@types/yauzl": "^2.9.1"
+      }
+    },
+    "node_modules/extsprintf": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.4.1.tgz",
+      "integrity": "sha512-Wrk35e8ydCKDj/ArClo1VrPVmN8zph5V4AtHwIuHhvMXsKf73UT3BOD+azBIW+3wOJ4FhEH7zyaJCFvChjYvMA==",
+      "dev": true,
+      "engines": [
+        "node >=0.6.0"
+      ],
+      "license": "MIT",
+      "optional": true
+    },
+    "node_modules/fast-deep-equal": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/fast-json-stable-stringify": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
+      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/fd-slicer": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz",
+      "integrity": "sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "pend": "~1.2.0"
+      }
+    },
+    "node_modules/filelist": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.6.tgz",
+      "integrity": "sha512-5giy2PkLYY1cP39p17Ech+2xlpTRL9HLspOfEgm0L6CwBXBTgsK5ou0JtzYuepxkaQ/tvhCFIJ5uXo0OrM2DxA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "minimatch": "^5.0.1"
+      }
+    },
+    "node_modules/filelist/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/filelist/node_modules/brace-expansion": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.1.tgz",
+      "integrity": "sha512-WR1cURNjuvBLMZBMbqM0UoE+WAfdUcEV1ccD8PVBVOI+Z3ND4+SZbN8RsfT2bMuG1qwz5RFvPukSZm5fF2D5eA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/filelist/node_modules/minimatch": {
+      "version": "5.1.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+      "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/foreground-child": {
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz",
+      "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "cross-spawn": "^7.0.6",
+        "signal-exit": "^4.0.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/foreground-child/node_modules/signal-exit": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
+      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/form-data": {
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
+      "integrity": "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.8",
+        "es-set-tostringtag": "^2.1.0",
+        "hasown": "^2.0.2",
+        "mime-types": "^2.1.12"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/fs-constants": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
+      "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/fs-extra": {
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz",
+      "integrity": "sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==",
+      "license": "MIT",
+      "dependencies": {
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/fs-minipass": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz",
+      "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "minipass": "^3.0.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/gauge": {
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/gauge/-/gauge-4.0.4.tgz",
+      "integrity": "sha512-f9m+BEN5jkg6a0fZjleidjN51VE1X+mPFQ2DJ0uv1V39oCLCbsGe6yjbBnp7eK7z/+GAon99a3nHuqbuuthyPg==",
+      "deprecated": "This package is no longer supported.",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "aproba": "^1.0.3 || ^2.0.0",
+        "color-support": "^1.1.3",
+        "console-control-strings": "^1.1.0",
+        "has-unicode": "^2.0.1",
+        "signal-exit": "^3.0.7",
+        "string-width": "^4.2.3",
+        "strip-ansi": "^6.0.1",
+        "wide-align": "^1.1.5"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": "6.* || 8.* || >= 10.*"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
+      "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.1.1",
+        "function-bind": "^1.1.2",
+        "get-proto": "^1.0.1",
+        "gopd": "^1.2.0",
+        "has-symbols": "^1.1.0",
+        "hasown": "^2.0.2",
+        "math-intrinsics": "^1.1.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-proto": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
+      "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "dunder-proto": "^1.0.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/get-stream": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz",
+      "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "pump": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/glob": {
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
+      "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.1.1",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/glob/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/glob/node_modules/brace-expansion": {
+      "version": "1.1.15",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.15.tgz",
+      "integrity": "sha512-EwOCDEex4quD37XhqM3omwtMoJjr//isUZz1JopUNWms+4Z2ViyM/k1YIRePpoVNnQhENnxtFjLaxNHrT7xIUg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/glob/node_modules/minimatch": {
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
+      "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/got": {
+      "version": "11.8.6",
+      "resolved": "https://registry.npmjs.org/got/-/got-11.8.6.tgz",
+      "integrity": "sha512-6tfZ91bOr7bOXnK7PRDCGBLa1H4U080YHNaAQ2KsMGlLEzRbk44nsZF2E1IeRc3vtJHPVbKCYgdFbaGO2ljd8g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@sindresorhus/is": "^4.0.0",
+        "@szmarczak/http-timer": "^4.0.5",
+        "@types/cacheable-request": "^6.0.1",
+        "@types/responselike": "^1.0.0",
+        "cacheable-lookup": "^5.0.3",
+        "cacheable-request": "^7.0.2",
+        "decompress-response": "^6.0.0",
+        "http2-wrapper": "^1.0.0-beta.5.2",
+        "lowercase-keys": "^2.0.0",
+        "p-cancelable": "^2.0.0",
+        "responselike": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10.19.0"
+      },
+      "funding": {
+        "url": "https://github.com/sindresorhus/got?sponsor=1"
+      }
+    },
+    "node_modules/graceful-fs": {
+      "version": "4.2.11",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
+      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
+      "license": "ISC"
+    },
+    "node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
+      "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-tostringtag": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-symbols": "^1.0.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-unicode": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz",
+      "integrity": "sha512-8Rf9Y83NBReMnx0gFzA8JImQACstCYWUplepDa9xprwwtmgEZUF0h/i5xSA625zB/I37EtrswSST6OXxwaaIJQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/hasown": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.4.tgz",
+      "integrity": "sha512-T2UbfbBEF32wiepXIsMlTW9+dDYC6wMh/t/vYA4tuOMKqWz/n3vr1NFSxQiyP+zk2mXsoMA/i/7qV6LKut1t1A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/hosted-git-info": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-4.1.0.tgz",
+      "integrity": "sha512-kyCuEOWjJqZuDbRHzL8V93NzQhwIB71oFWSyzVo+KPZI+pnQPPxucdkrOZvkLRnrf5URsQM+IJ09Dw29cRALIA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "lru-cache": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/http-cache-semantics": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz",
+      "integrity": "sha512-dTxcvPXqPvXBQpq5dUr6mEMJX4oIEFv6bwom3FDwKRDsuIjjJGANqhBuoAn9c1RQJIdAKav33ED65E2ys+87QQ==",
+      "dev": true,
+      "license": "BSD-2-Clause"
+    },
+    "node_modules/http-proxy-agent": {
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz",
+      "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "^7.1.0",
+        "debug": "^4.3.4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/http2-wrapper": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-1.0.3.tgz",
+      "integrity": "sha512-V+23sDMr12Wnz7iTcDeJr3O6AIxlnvT/bmaAAAP/Xda35C90p9599p0F1eHR/N1KILWSoWVAiOMFjBBXaXSMxg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "quick-lru": "^5.1.1",
+        "resolve-alpn": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=10.19.0"
+      }
+    },
+    "node_modules/https-proxy-agent": {
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz",
+      "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "^7.1.2",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/humanize-ms": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/humanize-ms/-/humanize-ms-1.2.1.tgz",
+      "integrity": "sha512-Fl70vYtsAFb/C06PTS9dZBo7ihau+Tu/DNCk/OyHhea07S+aeMWpFFkUaXRa8fI+ScZbEI8dfSxwY7gxZ9SAVQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.0.0"
+      }
+    },
+    "node_modules/iconv-corefoundation": {
+      "version": "1.1.7",
+      "resolved": "https://registry.npmjs.org/iconv-corefoundation/-/iconv-corefoundation-1.1.7.tgz",
+      "integrity": "sha512-T10qvkw0zz4wnm560lOEg0PovVqUXuOFhhHAkixw8/sycy7TJt7v/RrkEKEQnAw2viPSJu6iAkErxnzR0g8PpQ==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "dependencies": {
+        "cli-truncate": "^2.1.0",
+        "node-addon-api": "^1.6.3"
+      },
+      "engines": {
+        "node": "^8.11.2 || >=10"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
+      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ieee754": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
+      "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/imurmurhash": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+      "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.8.19"
+      }
+    },
+    "node_modules/indent-string": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz",
+      "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/infer-owner": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/infer-owner/-/infer-owner-1.0.4.tgz",
+      "integrity": "sha512-IClj+Xz94+d7irH5qRyfJonOdfTzuDaifE6ZPWfx0N0+/ATZCbuTPq2prFl526urkQd90WyUKIh1DfBQ2hMz9A==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
+      "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/ip-address": {
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz",
+      "integrity": "sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/is-ci": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/is-ci/-/is-ci-3.0.1.tgz",
+      "integrity": "sha512-ZYvCgrefwqoQ6yTyYUbQu64HsITZ3NfKX1lzaEYdkTDcfKzzCI/wthRRYKkdjHKFVgNiXKAKm65Zo1pk2as/QQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ci-info": "^3.2.0"
+      },
+      "bin": {
+        "is-ci": "bin.js"
+      }
+    },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-interactive": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-interactive/-/is-interactive-1.0.0.tgz",
+      "integrity": "sha512-2HvIEKRoqS62guEC+qBjpvRubdX910WCMuJTZ+I9yvqKU2/12eSL549HMwtabb4oupdj2sMP50k+XJfB/8JE6w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-lambda": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-lambda/-/is-lambda-1.0.1.tgz",
+      "integrity": "sha512-z7CMFGNrENq5iFB9Bqo64Xk6Y9sg+epq1myIcdHaGnbMTYOxvzsEtdYqQUylB7LxfkvgrrjP32T6Ywciio9UIQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/is-unicode-supported": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz",
+      "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/isarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+      "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/isbinaryfile": {
+      "version": "5.0.7",
+      "resolved": "https://registry.npmjs.org/isbinaryfile/-/isbinaryfile-5.0.7.tgz",
+      "integrity": "sha512-gnWD14Jh3FzS3CPhF0AxNOJ8CxqeblPTADzI38r0wt8ZyQl5edpy75myt08EG2oKvpyiqSqsx+Wkz9vtkbTqYQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 18.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/gjtorikian/"
+      }
+    },
+    "node_modules/isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/jackspeak": {
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz",
+      "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "@isaacs/cliui": "^8.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      },
+      "optionalDependencies": {
+        "@pkgjs/parseargs": "^0.11.0"
+      }
+    },
+    "node_modules/jake": {
+      "version": "10.9.4",
+      "resolved": "https://registry.npmjs.org/jake/-/jake-10.9.4.tgz",
+      "integrity": "sha512-wpHYzhxiVQL+IV05BLE2Xn34zW1S223hvjtqk0+gsPrwd/8JNLXJgZZM/iPFsYc1xyphF+6M6EvdE5E9MBGkDA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "async": "^3.2.6",
+        "filelist": "^1.0.4",
+        "picocolors": "^1.1.1"
+      },
+      "bin": {
+        "jake": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/js-yaml": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+      "license": "MIT",
+      "dependencies": {
+        "argparse": "^2.0.1"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/json-buffer": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz",
+      "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/json-schema-traverse": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/json5": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "json5": "lib/cli.js"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/jsonfile": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.1.tgz",
+      "integrity": "sha512-zwOTdL3rFQ/lRdBnntKVOX6k5cKJwEc1HdilT71BWEu7J41gXIB2MRp+vxduPSwZJPWBxEzv4yH1wYLJGUHX4Q==",
+      "license": "MIT",
+      "dependencies": {
+        "universalify": "^2.0.0"
+      },
+      "optionalDependencies": {
+        "graceful-fs": "^4.1.6"
+      }
+    },
+    "node_modules/keyv": {
+      "version": "4.5.4",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz",
+      "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "json-buffer": "3.0.1"
+      }
+    },
+    "node_modules/lazy-val": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/lazy-val/-/lazy-val-1.0.5.tgz",
+      "integrity": "sha512-0/BnGCCfyUMkBpeDgWihanIAF9JmZhHBgUhEqzvf+adhNGLoP6TaiI5oF8oyb3I45P+PcnrqihSf01M0l0G5+Q==",
+      "license": "MIT"
+    },
+    "node_modules/lazystream": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/lazystream/-/lazystream-1.0.1.tgz",
+      "integrity": "sha512-b94GiNHQNy6JNTrt5w6zNyffMrNkXZb3KTkCZJb2V1xaEGCk093vkZ2jk3tpaeP33/OiXC+WvK9AxUebnf5nbw==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "readable-stream": "^2.0.5"
+      },
+      "engines": {
+        "node": ">= 0.6.3"
+      }
+    },
+    "node_modules/lazystream/node_modules/readable-stream": {
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+      "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      }
+    },
+    "node_modules/lazystream/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/lazystream/node_modules/string_decoder": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "safe-buffer": "~5.1.0"
+      }
+    },
+    "node_modules/lodash": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/lodash.defaults": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz",
+      "integrity": "sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/lodash.difference": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/lodash.difference/-/lodash.difference-4.5.0.tgz",
+      "integrity": "sha512-dS2j+W26TQ7taQBGN8Lbbq04ssV3emRw4NY58WErlTO29pIqS0HmoT5aJ9+TUQ1N3G+JOZSji4eugsWwGp9yPA==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/lodash.escaperegexp": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/lodash.escaperegexp/-/lodash.escaperegexp-4.1.2.tgz",
+      "integrity": "sha512-TM9YBvyC84ZxE3rgfefxUWiQKLilstD6k7PTGt6wfbtXF8ixIJLOL3VYyV/z+ZiPLsVxAsKAFVwWlWeb2Y8Yyw==",
+      "license": "MIT"
+    },
+    "node_modules/lodash.flatten": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/lodash.flatten/-/lodash.flatten-4.4.0.tgz",
+      "integrity": "sha512-C5N2Z3DgnnKr0LOpv/hKCgKdb7ZZwafIrsesve6lmzvZIRZRGaZ/l6Q8+2W7NaT+ZwO3fFlSCzCzrDCFdJfZ4g==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/lodash.isequal": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
+      "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==",
+      "deprecated": "This package is deprecated. Use require('node:util').isDeepStrictEqual instead.",
+      "license": "MIT"
+    },
+    "node_modules/lodash.isplainobject": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
+      "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/lodash.union": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/lodash.union/-/lodash.union-4.6.0.tgz",
+      "integrity": "sha512-c4pB2CdGrGdjMKYLA+XiRDO7Y0PRQbm/Gzg8qMj+QH+pFVAoTp5sBpO0odL3FjoPCGjK96p6qsP+yQoiLoOBcw==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/log-symbols": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz",
+      "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "chalk": "^4.1.0",
+        "is-unicode-supported": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/lowercase-keys": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-2.0.0.tgz",
+      "integrity": "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/make-fetch-happen": {
+      "version": "10.2.1",
+      "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-10.2.1.tgz",
+      "integrity": "sha512-NgOPbRiaQM10DYXvN3/hhGVI2M5MtITFryzBGxHM5p4wnFxsVCbxkrBrDsk+EZ5OB4jEOT7AjDxtdF+KVEFT7w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "agentkeepalive": "^4.2.1",
+        "cacache": "^16.1.0",
+        "http-cache-semantics": "^4.1.0",
+        "http-proxy-agent": "^5.0.0",
+        "https-proxy-agent": "^5.0.0",
+        "is-lambda": "^1.0.1",
+        "lru-cache": "^7.7.1",
+        "minipass": "^3.1.6",
+        "minipass-collect": "^1.0.2",
+        "minipass-fetch": "^2.0.3",
+        "minipass-flush": "^1.0.5",
+        "minipass-pipeline": "^1.2.4",
+        "negotiator": "^0.6.3",
+        "promise-retry": "^2.0.1",
+        "socks-proxy-agent": "^7.0.0",
+        "ssri": "^9.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/make-fetch-happen/node_modules/agent-base": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
+      "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 6.0.0"
+      }
+    },
+    "node_modules/make-fetch-happen/node_modules/http-proxy-agent": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz",
+      "integrity": "sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@tootallnate/once": "2",
+        "agent-base": "6",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/make-fetch-happen/node_modules/https-proxy-agent": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
+      "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "6",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/make-fetch-happen/node_modules/lru-cache": {
+      "version": "7.18.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz",
+      "integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/math-intrinsics": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
+      "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/mime": {
+      "version": "2.6.0",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz",
+      "integrity": "sha512-USPkMeET31rOMiarsBNIHZKLGgvKc/LrjofAnBlOttf5ajRvqiRA8QsenbcooctK6d6Ts6aqZXBA+XbkKthiQg==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "mime": "cli.js"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mimic-fn": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz",
+      "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/mimic-response": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-1.0.1.tgz",
+      "integrity": "sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/minimatch": {
+      "version": "10.2.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "brace-expansion": "^5.0.5"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/minimist": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
+      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/minipass": {
+      "version": "3.3.6",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz",
+      "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/minipass-collect": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/minipass-collect/-/minipass-collect-1.0.2.tgz",
+      "integrity": "sha512-6T6lH0H8OG9kITm/Jm6tdooIbogG9e0tLgpY6mphXSm/A9u8Nq1ryBG+Qspiub9LjWlBPsPS3tWQ/Botq4FdxA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "minipass": "^3.0.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/minipass-fetch": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-2.1.2.tgz",
+      "integrity": "sha512-LT49Zi2/WMROHYoqGgdlQIZh8mLPZmOrN2NdJjMXxYe4nkN6FUyuPuOAOedNJDrx0IRGg9+4guZewtp8hE6TxA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "minipass": "^3.1.6",
+        "minipass-sized": "^1.0.3",
+        "minizlib": "^2.1.2"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      },
+      "optionalDependencies": {
+        "encoding": "^0.1.13"
+      }
+    },
+    "node_modules/minipass-flush": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/minipass-flush/-/minipass-flush-1.0.7.tgz",
+      "integrity": "sha512-TbqTz9cUwWyHS2Dy89P3ocAGUGxKjjLuR9z8w4WUTGAVgEj17/4nhgo2Du56i0Fm3Pm30g4iA8Lcqctc76jCzA==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "minipass": "^3.0.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/minipass-pipeline": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/minipass-pipeline/-/minipass-pipeline-1.2.4.tgz",
+      "integrity": "sha512-xuIq7cIOt09RPRJ19gdi4b+RiNvDFYe5JH+ggNvBqGqpQXcru3PcRmOZuHBKWK1Txf9+cQ+HMVN4d6z46LZP7A==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "minipass": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/minipass-sized": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/minipass-sized/-/minipass-sized-1.0.3.tgz",
+      "integrity": "sha512-MbkQQ2CTiBMlA2Dm/5cY+9SWFEN8pzzOXi6rlM5Xxq0Yqbda5ZQy9sU75a673FE9ZK0Zsbr6Y5iP6u9nktfg2g==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "minipass": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/minizlib": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz",
+      "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "minipass": "^3.0.0",
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/mkdirp": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
+      "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "mkdirp": "bin/cmd.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
+    },
+    "node_modules/negotiator": {
+      "version": "0.6.4",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.4.tgz",
+      "integrity": "sha512-myRT3DiWPHqho5PrJaIRyaMv2kgYf0mUVgBNOYMuCH5Ki1yEiQaf/ZJuQ62nvpc44wL5WDbTX7yGJi1Neevw8w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/node-abi": {
+      "version": "3.92.0",
+      "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-3.92.0.tgz",
+      "integrity": "sha512-KdHvFWZjEKDf0cakgFjebl371GPsISX2oZHcuyKqM7DtogIsHrqKeLTo8wBHxaXRAQlY2PsPlZmfo+9ZCxEREQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.3.5"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/node-addon-api": {
+      "version": "1.7.2",
+      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-1.7.2.tgz",
+      "integrity": "sha512-ibPK3iA+vaY1eEjESkQkM0BbCqFOaZMiXRTtdB0u7b4djtY6JnsjvPdUHVMg6xQt3B8fpTTWHI9A+ADjM9frzg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true
+    },
+    "node_modules/node-api-version": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/node-api-version/-/node-api-version-0.2.1.tgz",
+      "integrity": "sha512-2xP/IGGMmmSQpI1+O/k72jF/ykvZ89JeuKX3TLJAYPDVLUalrshrLHkeVcCCZqG/eEa635cr8IBYzgnDvM2O8Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.3.5"
+      }
+    },
+    "node_modules/node-gyp": {
+      "version": "9.4.1",
+      "resolved": "https://registry.npmjs.org/node-gyp/-/node-gyp-9.4.1.tgz",
+      "integrity": "sha512-OQkWKbjQKbGkMf/xqI1jjy3oCTgMKJac58G2+bjZb3fza6gW2YrCSdMQYaoTb70crvE//Gngr4f0AgVHmqHvBQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "env-paths": "^2.2.0",
+        "exponential-backoff": "^3.1.1",
+        "glob": "^7.1.4",
+        "graceful-fs": "^4.2.6",
+        "make-fetch-happen": "^10.0.3",
+        "nopt": "^6.0.0",
+        "npmlog": "^6.0.0",
+        "rimraf": "^3.0.2",
+        "semver": "^7.3.5",
+        "tar": "^6.1.2",
+        "which": "^2.0.2"
+      },
+      "bin": {
+        "node-gyp": "bin/node-gyp.js"
+      },
+      "engines": {
+        "node": "^12.13 || ^14.13 || >=16"
+      }
+    },
+    "node_modules/node-gyp/node_modules/env-paths": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/env-paths/-/env-paths-2.2.1.tgz",
+      "integrity": "sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/nopt": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/nopt/-/nopt-6.0.0.tgz",
+      "integrity": "sha512-ZwLpbTgdhuZUnZzjd7nb1ZV+4DoiC6/sfiVKok72ym/4Tlf+DFdlHYmT2JPmcNNWV6Pi3SDf1kT+A4r9RTuT9g==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "abbrev": "^1.0.0"
+      },
+      "bin": {
+        "nopt": "bin/nopt.js"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/normalize-url": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-6.1.0.tgz",
+      "integrity": "sha512-DlL+XwOy3NxAQ8xuC0okPgK46iuVNAK01YN7RueYBqqFeGsBjV9XmCAzAdgt+667bCl5kPh9EqKKDwnaPG1I7A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/npmlog": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/npmlog/-/npmlog-6.0.2.tgz",
+      "integrity": "sha512-/vBvz5Jfr9dT/aFWd0FIRf+T/Q2WBsLENygUaFUqstqsycmZAP/t5BvFJTK0viFmSUxiUKTUplWy5vt+rvKIxg==",
+      "deprecated": "This package is no longer supported.",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "are-we-there-yet": "^3.0.0",
+        "console-control-strings": "^1.1.0",
+        "gauge": "^4.0.3",
+        "set-blocking": "^2.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "wrappy": "1"
+      }
+    },
+    "node_modules/onetime": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz",
+      "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "mimic-fn": "^2.1.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/ora": {
+      "version": "5.4.1",
+      "resolved": "https://registry.npmjs.org/ora/-/ora-5.4.1.tgz",
+      "integrity": "sha512-5b6Y85tPxZZ7QytO+BQzysW31HJku27cRIlkbAXaNx+BdcVi+LlRFmVXzeF6a7JCwJpyw5c4b+YSVImQIrBpuQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "bl": "^4.1.0",
+        "chalk": "^4.1.0",
+        "cli-cursor": "^3.1.0",
+        "cli-spinners": "^2.5.0",
+        "is-interactive": "^1.0.0",
+        "is-unicode-supported": "^0.1.0",
+        "log-symbols": "^4.1.0",
+        "strip-ansi": "^6.0.0",
+        "wcwidth": "^1.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/p-cancelable": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-2.1.1.tgz",
+      "integrity": "sha512-BZOr3nRQHOntUjTrH8+Lh54smKHoHyur8We1V8DSMVrl5A2malOOwuJRnKRDjSnkoeBh4at6BwEnb5I7Jl31wg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/p-limit": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
+      "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "yocto-queue": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/p-map": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz",
+      "integrity": "sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "aggregate-error": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/package-json-from-dist": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz",
+      "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==",
+      "dev": true,
+      "license": "BlueOak-1.0.0"
+    },
+    "node_modules/path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/path-scurry": {
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
+      "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "lru-cache": "^10.2.0",
+        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/path-scurry/node_modules/lru-cache": {
+      "version": "10.4.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz",
+      "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/path-scurry/node_modules/minipass": {
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz",
+      "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      }
+    },
+    "node_modules/pe-library": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/pe-library/-/pe-library-0.4.1.tgz",
+      "integrity": "sha512-eRWB5LBz7PpDu4PUlwT0PhnQfTQJlDDdPa35urV4Osrm0t0AqQFGn+UIkU3klZvwJ8KPO3VbBFsXquA6p6kqZw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12",
+        "npm": ">=6"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/jet2jet"
+      }
+    },
+    "node_modules/pend": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",
+      "integrity": "sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/picocolors": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/plist": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/plist/-/plist-3.1.1.tgz",
+      "integrity": "sha512-ZIfcLJC+7E7FBFnDxm9MPmt7D+DidyQ26lewieO75AdhA2ayMtsJSES0iWzqJQbcVRSrTufQoy0DR94xHue0oA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@xmldom/xmldom": "^0.9.10",
+        "base64-js": "^1.5.1",
+        "xmlbuilder": "^15.1.1"
+      },
+      "engines": {
+        "node": ">=10.4.0"
+      }
+    },
+    "node_modules/process-nextick-args": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
+      "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/progress": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz",
+      "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/promise-inflight": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/promise-inflight/-/promise-inflight-1.0.1.tgz",
+      "integrity": "sha512-6zWPyEOFaQBJYcGMHBKTKJ3u6TBsnMFOIZSa6ce1e/ZrrsOlnHRHbabMjLiBYKp+n44X9eUI6VUPaukCXHuG4g==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/promise-retry": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/promise-retry/-/promise-retry-2.0.1.tgz",
+      "integrity": "sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "err-code": "^2.0.2",
+        "retry": "^0.12.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/pump": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.4.tgz",
+      "integrity": "sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "end-of-stream": "^1.1.0",
+        "once": "^1.3.1"
+      }
+    },
+    "node_modules/punycode": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
+      "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/quick-lru": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz",
+      "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/read-binary-file-arch": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/read-binary-file-arch/-/read-binary-file-arch-1.0.6.tgz",
+      "integrity": "sha512-BNg9EN3DD3GsDXX7Aa8O4p92sryjkmzYYgmgTAc6CA4uGLEDzFfxOxugu21akOxpcXHiEgsYkC6nPsQvLLLmEg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "^4.3.4"
+      },
+      "bin": {
+        "read-binary-file-arch": "cli.js"
+      }
+    },
+    "node_modules/readable-stream": {
+      "version": "3.6.2",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
+      "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "inherits": "^2.0.3",
+        "string_decoder": "^1.1.1",
+        "util-deprecate": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/readdir-glob": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/readdir-glob/-/readdir-glob-1.1.3.tgz",
+      "integrity": "sha512-v05I2k7xN8zXvPD9N+z/uhXPaj0sUFCe2rcWZIpBsqxfP7xXFQ0tipAd/wjj1YxWyWtUS5IDJpOG82JKt2EAVA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "peer": true,
+      "dependencies": {
+        "minimatch": "^5.1.0"
+      }
+    },
+    "node_modules/readdir-glob/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true
+    },
+    "node_modules/readdir-glob/node_modules/brace-expansion": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.1.tgz",
+      "integrity": "sha512-WR1cURNjuvBLMZBMbqM0UoE+WAfdUcEV1ccD8PVBVOI+Z3ND4+SZbN8RsfT2bMuG1qwz5RFvPukSZm5fF2D5eA==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/readdir-glob/node_modules/minimatch": {
+      "version": "5.1.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.9.tgz",
+      "integrity": "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw==",
+      "dev": true,
+      "license": "ISC",
+      "peer": true,
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/resedit": {
+      "version": "1.7.2",
+      "resolved": "https://registry.npmjs.org/resedit/-/resedit-1.7.2.tgz",
+      "integrity": "sha512-vHjcY2MlAITJhC0eRD/Vv8Vlgmu9Sd3LX9zZvtGzU5ZImdTN3+d6e/4mnTyV8vEbyf1sgNIrWxhWlrys52OkEA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "pe-library": "^0.4.1"
+      },
+      "engines": {
+        "node": ">=12",
+        "npm": ">=6"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/jet2jet"
+      }
+    },
+    "node_modules/resolve-alpn": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz",
+      "integrity": "sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/responselike": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/responselike/-/responselike-2.0.1.tgz",
+      "integrity": "sha512-4gl03wn3hj1HP3yzgdI7d3lCkF95F21Pz4BPGvKHinyQzALR5CapwC8yIi0Rh58DEMQ/SguC03wFj2k0M/mHhw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "lowercase-keys": "^2.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/restore-cursor": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz",
+      "integrity": "sha512-l+sSefzHpj5qimhFSE5a8nufZYAM3sBSVMAPtYkmC+4EH2anSGaEMXSD0izRQbu9nfyQ9y5JrVmp7E8oZrUjvA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "onetime": "^5.1.0",
+        "signal-exit": "^3.0.2"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/retry": {
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz",
+      "integrity": "sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/rimraf": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
+      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
+      "deprecated": "Rimraf versions prior to v4 are no longer supported",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "glob": "^7.1.3"
+      },
+      "bin": {
+        "rimraf": "bin.js"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/sanitize-filename": {
+      "version": "1.6.4",
+      "resolved": "https://registry.npmjs.org/sanitize-filename/-/sanitize-filename-1.6.4.tgz",
+      "integrity": "sha512-9ZyI08PsvdQl2r/bBIGubpVdR3RR9sY6RDiWFPreA21C/EFlQhmgo20UZlNjZMMZNubusLhAQozkA0Od5J21Eg==",
+      "dev": true,
+      "license": "WTFPL OR ISC",
+      "dependencies": {
+        "truncate-utf8-bytes": "^1.0.0"
+      }
+    },
+    "node_modules/sax": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.6.0.tgz",
+      "integrity": "sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==",
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": ">=11.0.0"
+      }
+    },
+    "node_modules/semver": {
+      "version": "7.8.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.1.tgz",
+      "integrity": "sha512-rkVq3IXh+4FDGch+KwzX3aV9W3kO54GyEgpvBzSyctDA6Xtd7RJQV1xmXbeQp5v7+VzLOfVqiutSE6GICgPFvg==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/set-blocking": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
+      "integrity": "sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "shebang-regex": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/signal-exit": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
+      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/simple-update-notifier": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz",
+      "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "semver": "^7.5.3"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/slice-ansi": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz",
+      "integrity": "sha512-pSyv7bSTC7ig9Dcgbw9AuRNUb5k5V6oDudjZoMBSr13qpLBG7tB+zgCkARjq7xIUgdz5P1Qe8u+rSGdouOOIyQ==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "astral-regex": "^2.0.0",
+        "is-fullwidth-code-point": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/smart-buffer": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz",
+      "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 6.0.0",
+        "npm": ">= 3.0.0"
+      }
+    },
+    "node_modules/socks": {
+      "version": "2.8.9",
+      "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.9.tgz",
+      "integrity": "sha512-LJhUYUvItdQ0LkJTmPeaEObWXAqFyfmP85x0tch/ez9cahmhlBBLbIqDFnvBnUJGagb0JbIQrkBs1wJ+yRYpEw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ip-address": "^10.1.1",
+        "smart-buffer": "^4.2.0"
+      },
+      "engines": {
+        "node": ">= 10.0.0",
+        "npm": ">= 3.0.0"
+      }
+    },
+    "node_modules/socks-proxy-agent": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-7.0.0.tgz",
+      "integrity": "sha512-Fgl0YPZ902wEsAyiQ+idGd1A7rSFx/ayC1CQVMw5P+EQx2V0SgpGtf6OKFhVjPflPUl9YMmEOnmfjCdMUsygww==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "^6.0.2",
+        "debug": "^4.3.3",
+        "socks": "^2.6.2"
+      },
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/socks-proxy-agent/node_modules/agent-base": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
+      "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 6.0.0"
+      }
+    },
+    "node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/source-map-support": {
+      "version": "0.5.21",
+      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz",
+      "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "buffer-from": "^1.0.0",
+        "source-map": "^0.6.0"
+      }
+    },
+    "node_modules/ssri": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/ssri/-/ssri-9.0.1.tgz",
+      "integrity": "sha512-o57Wcn66jMQvfHG1FlYbWeZWW/dHZhJXjpIcTfXldXEk5nz5lStPo3mK0OJQfGR3RbZUlbISexbljkJzuEj/8Q==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "minipass": "^3.1.1"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/stat-mode": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/stat-mode/-/stat-mode-1.0.0.tgz",
+      "integrity": "sha512-jH9EhtKIjuXZ2cWxmXS8ZP80XyC3iasQxMDV8jzhNJpfDb7VbQLVW4Wvsxz9QZvzV+G4YoSfBUVKDOyxLzi/sg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/string_decoder": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
+      "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "safe-buffer": "~5.2.0"
+      }
+    },
+    "node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/string-width-cjs": {
+      "name": "string-width",
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-ansi-cjs": {
+      "name": "strip-ansi",
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/sumchecker": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/sumchecker/-/sumchecker-3.0.1.tgz",
+      "integrity": "sha512-MvjXzkz/BOfyVDkG0oFOtBxHX2u3gKbMHIF/dXblZsgD3BWOFLmHovIpZY7BykJdAjcqRCBi1WYBNdEC9yI7vg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "debug": "^4.1.0"
+      },
+      "engines": {
+        "node": ">= 8.0"
+      }
+    },
+    "node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/tar": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz",
+      "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==",
+      "deprecated": "Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "chownr": "^2.0.0",
+        "fs-minipass": "^2.0.0",
+        "minipass": "^5.0.0",
+        "minizlib": "^2.1.1",
+        "mkdirp": "^1.0.3",
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/tar-stream": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz",
+      "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "bl": "^4.0.3",
+        "end-of-stream": "^1.4.1",
+        "fs-constants": "^1.0.0",
+        "inherits": "^2.0.3",
+        "readable-stream": "^3.1.1"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/tar/node_modules/minipass": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz",
+      "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/temp-file": {
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/temp-file/-/temp-file-3.4.0.tgz",
+      "integrity": "sha512-C5tjlC/HCtVUOi3KWVokd4vHVViOmGjtLwIh4MuzPo/nMYTV/p1urt3RnMz2IWXDdKEGJH3k5+KPxtqRsUYGtg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "async-exit-hook": "^2.0.1",
+        "fs-extra": "^10.0.0"
+      }
+    },
+    "node_modules/tiny-typed-emitter": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/tiny-typed-emitter/-/tiny-typed-emitter-2.1.0.tgz",
+      "integrity": "sha512-qVtvMxeXbVej0cQWKqVSSAHmKZEHAvxdF8HEUBFWts8h+xEo5m/lEiPakuyZ3BnCBjOD8i24kzNOiOLLgsSxhA==",
+      "license": "MIT"
+    },
+    "node_modules/tmp": {
+      "version": "0.2.7",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.7.tgz",
+      "integrity": "sha512-e0votIpp4Uo2AJYSzVHV6xCcawuiez3DzqDAbrTc3YxBkplN6e+dM13ZeIcZnDg/QpSuU2zfZ3rzwY8ukEnaXw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=14.14"
+      }
+    },
+    "node_modules/tmp-promise": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-3.0.3.tgz",
+      "integrity": "sha512-RwM7MoPojPxsOBYnyd2hy0bxtIlVrihNs9pj5SUvY8Zz1sQcQG2tG1hSr8PDxfgEB8RNKDhqbIlroIarSNDNsQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tmp": "^0.2.0"
+      }
+    },
+    "node_modules/truncate-utf8-bytes": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/truncate-utf8-bytes/-/truncate-utf8-bytes-1.0.2.tgz",
+      "integrity": "sha512-95Pu1QXQvruGEhv62XCMO3Mm90GscOCClvrIUwCM0PYOXK3kaF3l3sIHxx71ThJfcbM2O5Au6SO3AWCSEfW4mQ==",
+      "dev": true,
+      "license": "WTFPL",
+      "dependencies": {
+        "utf8-byte-length": "^1.0.1"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.6.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz",
+      "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/undici": {
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-7.26.0.tgz",
+      "integrity": "sha512-3O9Tf67pGhgOv9jM35AbhkXAKi13f3oy3aE4CSgr+TckGeY+/iu97ZXN+J7DpHPzLbVApFd1IFhcnBjREYXYcg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "engines": {
+        "node": ">=20.18.1"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "7.16.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
+      "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/unique-filename": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/unique-filename/-/unique-filename-2.0.1.tgz",
+      "integrity": "sha512-ODWHtkkdx3IAR+veKxFV+VBkUMcN+FaqzUUd7IZzt+0zhDZFPFxhlqwPF3YQvMHx1TD0tdgYl+kuPnJ8E6ql7A==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "unique-slug": "^3.0.0"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/unique-slug": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/unique-slug/-/unique-slug-3.0.0.tgz",
+      "integrity": "sha512-8EyMynh679x/0gqE9fT9oilG+qEt+ibFyqjuVTsZn1+CMxH+XLlpvr2UZx4nVcCwTpx81nICr2JQFkM+HPLq4w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "imurmurhash": "^0.1.4"
+      },
+      "engines": {
+        "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+      }
+    },
+    "node_modules/universalify": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
+      "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 10.0.0"
+      }
+    },
+    "node_modules/uri-js": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
+      "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "node_modules/utf8-byte-length": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/utf8-byte-length/-/utf8-byte-length-1.0.5.tgz",
+      "integrity": "sha512-Xn0w3MtiQ6zoz2vFyUVruaCL53O/DwUvkEeOvj+uulMm0BkUGYWmBYVyElqZaSLhY6ZD0ulfU3aBra2aVT4xfA==",
+      "dev": true,
+      "license": "(WTFPL OR MIT)"
+    },
+    "node_modules/util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/verror": {
+      "version": "1.10.1",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.1.tgz",
+      "integrity": "sha512-veufcmxri4e3XSrT0xwfUR7kguIkaxBeosDg00yDWhk49wdwkSUrvvsm7nc75e1PUyvIeZj6nS8VQRYz2/S4Xg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "assert-plus": "^1.0.0",
+        "core-util-is": "1.0.2",
+        "extsprintf": "^1.2.0"
+      },
+      "engines": {
+        "node": ">=0.6.0"
+      }
+    },
+    "node_modules/wcwidth": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/wcwidth/-/wcwidth-1.0.1.tgz",
+      "integrity": "sha512-XHPEwS0q6TaxcvG85+8EYkbiCux2XtWG2mkc47Ng2A77BQu9+DqIOJldST4HgPkuea7dvKSj5VgX3P1d4rW8Tg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "defaults": "^1.0.3"
+      }
+    },
+    "node_modules/which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "isexe": "^2.0.0"
+      },
+      "bin": {
+        "node-which": "bin/node-which"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/wide-align": {
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.5.tgz",
+      "integrity": "sha512-eDMORYaPNZ4sQIuuYPDHdQvf4gyCF9rEEV/yPxGfwPkRodwEgiMUUXTx/dex+Me0wxx53S+NgUHaP7y3MGlDmg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^1.0.2 || 2 || 3 || 4"
+      }
+    },
+    "node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi-cjs": {
+      "name": "wrap-ansi",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/xmlbuilder": {
+      "version": "15.1.1",
+      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-15.1.1.tgz",
+      "integrity": "sha512-yMqGBqtXyeN1e3TGYvgNgDVZ3j84W4cwkOXQswghol6APgZWaff9lnbvN7MHYJOiXsvGPXtjTYJEiC9J2wv9Eg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
+    "node_modules/y18n": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
+      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/yargs": {
+      "version": "17.7.2",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
+      "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cliui": "^8.0.1",
+        "escalade": "^3.1.1",
+        "get-caller-file": "^2.0.5",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.3",
+        "y18n": "^5.0.5",
+        "yargs-parser": "^21.1.1"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/yargs-parser": {
+      "version": "21.1.1",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz",
+      "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==",
+      "dev": true,
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/yauzl": {
+      "version": "2.10.0",
+      "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz",
+      "integrity": "sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "buffer-crc32": "~0.2.3",
+        "fd-slicer": "~1.1.0"
+      }
+    },
+    "node_modules/yocto-queue": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
+      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/zip-stream": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/zip-stream/-/zip-stream-4.1.1.tgz",
+      "integrity": "sha512-9qv4rlDiopXg4E69k+vMHjNN63YFMe9sZMrdlvKnCjlCRWeCBswPPMPUfx+ipsAWq1LXHe70RcbaHdJJpS6hyQ==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "archiver-utils": "^3.0.4",
+        "compress-commons": "^4.1.2",
+        "readable-stream": "^3.6.0"
+      },
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/zip-stream/node_modules/archiver-utils": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/archiver-utils/-/archiver-utils-3.0.4.tgz",
+      "integrity": "sha512-KVgf4XQVrTjhyWmx6cte4RxonPLR9onExufI1jhvw/MQ4BB6IsZD5gT8Lq+u/+pRkWna/6JoHpiQioaqFP5Rzw==",
+      "dev": true,
+      "license": "MIT",
+      "peer": true,
+      "dependencies": {
+        "glob": "^7.2.3",
+        "graceful-fs": "^4.2.0",
+        "lazystream": "^1.0.0",
+        "lodash.defaults": "^4.2.0",
+        "lodash.difference": "^4.5.0",
+        "lodash.flatten": "^4.4.0",
+        "lodash.isplainobject": "^4.0.6",
+        "lodash.union": "^4.6.0",
+        "normalize-path": "^3.0.0",
+        "readable-stream": "^3.6.0"
+      },
+      "engines": {
+        "node": ">= 10"
+      }
+    }
+  }
+}
diff --git a/packages/desktop/package.json b/packages/desktop/package.json
new file mode 100644
index 0000000..a37e595
--- /dev/null
+++ b/packages/desktop/package.json
@@ -0,0 +1,42 @@
+{
+  "name": "hermes-studio",
+  "version": "0.6.9",
+  "description": "Hermes Studio desktop distribution with bundled Python runtime and hermes-agent",
+  "homepage": "https://hermes-studio.ai",
+  "author": {
+    "name": "Hermes Studio Contributors",
+    "email": "noreply@hermes-studio.local"
+  },
+  "license": "BSL-1.1",
+  "private": true,
+  "main": "dist/main/index.js",
+  "scripts": {
+    "build:main": "tsc -p tsconfig.json",
+    "build": "npm run build:main",
+    "fetch:node": "node scripts/fetch-node.mjs",
+    "fetch:git": "node scripts/fetch-git.mjs",
+    "fetch:python": "node scripts/fetch-python.mjs",
+    "install:hermes": "node scripts/install-hermes.mjs",
+    "patch:hermes": "node scripts/apply-hermes-patches.mjs",
+    "write:runtime-release": "node scripts/write-runtime-release.mjs",
+    "prepare:runtime": "npm run fetch:node && npm run fetch:git && npm run fetch:python && npm run install:hermes && npm run patch:hermes && npm run prune:python",
+    "prepare:python": "npm run prepare:runtime",
+    "package:runtime": "node scripts/package-runtime.mjs",
+    "runtime:asset-name": "node scripts/runtime-asset-name.mjs",
+    "prune:python": "node scripts/prune-python.mjs",
+    "dev": "npm run build:main && electron .",
+    "dist": "npm run build && electron-builder",
+    "dist:mac": "npm run build && electron-builder --mac",
+    "dist:win": "npm run build && electron-builder --win",
+    "dist:linux": "npm run build && electron-builder --linux"
+  },
+  "devDependencies": {
+    "@types/node": "^24.12.2",
+    "electron": "^42.3.0",
+    "electron-builder": "^25.1.8",
+    "typescript": "~5.6.3"
+  },
+  "dependencies": {
+    "electron-updater": "^6.3.9"
+  }
+}
diff --git a/packages/desktop/scripts/apply-hermes-patches.mjs b/packages/desktop/scripts/apply-hermes-patches.mjs
new file mode 100644
index 0000000..73aba6f
--- /dev/null
+++ b/packages/desktop/scripts/apply-hermes-patches.mjs
@@ -0,0 +1,342 @@
+#!/usr/bin/env node
+// Apply locally-curated patches to hermes-agent inside the bundled venv.
+// Each patch is idempotent: a marker string is searched for first, and the
+// edit is skipped if the patch is already in place.
+//
+// Run after `install-hermes.mjs`. Designed to be safe to re-run.
+
+import { readFileSync, writeFileSync, existsSync, readdirSync } from 'node:fs'
+import { resolve, dirname, join } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { platform as osPlatform, arch as osArch } from 'node:os'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const ROOT = resolve(__dirname, '..')
+
+const TARGET_OS = process.env.TARGET_OS || osPlatform()
+const TARGET_ARCH = process.env.TARGET_ARCH || osArch()
+const OS_LABEL = TARGET_OS === 'win32' ? 'win' : TARGET_OS === 'darwin' ? 'mac' : TARGET_OS
+const PY_DIR = resolve(ROOT, 'resources', 'python', `${OS_LABEL}-${TARGET_ARCH}`)
+
+// Allow the CI sanity-check path to point at a temp install dir without
+// the full bundled-Python layout (e.g. `pip install --target /tmp/foo`).
+const sitePkgs = process.env.HERMES_AGENT_SITE_PACKAGES ?? (
+  TARGET_OS === 'win32'
+    ? join(PY_DIR, 'Lib', 'site-packages')
+    : (() => {
+        const libDir = join(PY_DIR, 'lib')
+        if (!existsSync(libDir)) throw new Error(`No lib dir at ${libDir}`)
+        const py = readdirSync(libDir).find(n => /^python\d+\.\d+$/.test(n))
+        if (!py) throw new Error(`Could not locate pythonX.Y under ${libDir}`)
+        return join(libDir, py, 'site-packages')
+      })()
+)
+
+const dtPath = join(sitePkgs, 'gateway', 'platforms', 'dingtalk.py')
+const browserToolPath = join(sitePkgs, 'tools', 'browser_tool.py')
+const sitecustomizePath = join(sitePkgs, 'sitecustomize.py')
+if (!existsSync(dtPath)) {
+  console.error(`dingtalk.py not found at ${dtPath} — is hermes-agent installed?`)
+  process.exit(1)
+}
+
+let src = readFileSync(dtPath, 'utf-8')
+const before = src
+let applied = 0
+let skipped = 0
+
+function patch(id, marker, find, replace) {
+  if (src.includes(marker)) {
+    console.log(`  · ${id}  (already applied)`)
+    skipped++
+    return
+  }
+  if (!src.includes(find)) {
+    console.log(`  ✗ ${id}  (anchor not found — upstream changed?)`)
+    return
+  }
+  src = src.replace(find, replace)
+  console.log(`  ✓ ${id}`)
+  applied++
+}
+
+function patchText(text, id, marker, find, replace) {
+  if (text.includes(marker)) {
+    console.log(`  · ${id}  (already applied)`)
+    skipped++
+    return text
+  }
+  if (!text.includes(find)) {
+    console.log(`  ✗ ${id}  (anchor not found — upstream changed?)`)
+    return text
+  }
+  applied++
+  console.log(`  ✓ ${id}`)
+  return text.replace(find, replace)
+}
+
+console.log(`Patching ${dtPath}`)
+
+// NOTE: the former `dt-pre-start` patch was retired — hermes-agent now ships
+// `_IncomingHandler.pre_start()` natively (present in 0.15.x and on main), so
+// re-adding it just injected a duplicate method.
+
+// ── dt-card-tpl-env ─────────────────────────────────────────────
+// Fall back to DINGTALK_CARD_TEMPLATE_ID env var.
+patch(
+  'dt-card-tpl-env',
+  '# patch:dt-card-tpl-env',
+  `        self._card_template_id: Optional[str] = extra.get("card_template_id")`,
+  `        # patch:dt-card-tpl-env — env var fallback
+        self._card_template_id: Optional[str] = (
+            extra.get("card_template_id") or os.getenv("DINGTALK_CARD_TEMPLATE_ID")
+        )`,
+)
+
+// ── dt-card-before-webhook ──────────────────────────────────────
+// Try AI Card *before* validating session_webhook — Card SDK does not need
+// a webhook URL. Move the lookup of `current_message` and the AI Card block
+// up before the webhook gate.
+patch(
+  'dt-card-before-webhook',
+  '# patch:dt-card-before-webhook',
+  `        # Check metadata first (for direct webhook sends)
+        session_webhook = metadata.get("session_webhook")
+        if not session_webhook:
+            webhook_info = self._get_valid_webhook(chat_id)
+            if not webhook_info:
+                logger.warning(
+                    "[%s] No valid session_webhook for chat_id=%s",
+                    self.name, chat_id,
+                )
+                return SendResult(
+                    success=False,
+                    error="No valid session_webhook available. Reply must follow an incoming message.",
+                )
+            session_webhook, _ = webhook_info
+
+        if not self._http_client:
+            return SendResult(success=False, error="HTTP client not initialized")
+
+        # Look up the inbound message for this chat (for AI Card routing)
+        current_message = self._message_contexts.get(chat_id)`,
+  `        # patch:dt-card-before-webhook — try AI Card first; webhook gate moved below.
+        if not self._http_client:
+            return SendResult(success=False, error="HTTP client not initialized")
+
+        # Look up the inbound message for this chat (for AI Card routing)
+        current_message = self._message_contexts.get(chat_id)
+        session_webhook = metadata.get("session_webhook")`,
+)
+
+// The above leaves the existing AI Card block intact; we still need to add
+// the deferred webhook gate AFTER the AI Card attempt. The original code
+// had `logger.debug("[%s] Sending via webhook", self.name)` immediately
+// after the AI Card fallback log. Insert the gate right before that.
+patch(
+  'dt-card-before-webhook-gate',
+  '# patch:dt-card-before-webhook-gate',
+  `            logger.warning("[%s] AI Card send failed, falling back to webhook", self.name)
+
+        logger.debug("[%s] Sending via webhook", self.name)`,
+  `            logger.warning("[%s] AI Card send failed, falling back to webhook", self.name)
+
+        # patch:dt-card-before-webhook-gate — webhook required only for fallback path
+        if not session_webhook:
+            webhook_info = self._get_valid_webhook(chat_id)
+            if not webhook_info:
+                logger.warning(
+                    "[%s] No valid session_webhook for chat_id=%s",
+                    self.name, chat_id,
+                )
+                return SendResult(
+                    success=False,
+                    error="No valid session_webhook available. Reply must follow an incoming message.",
+                )
+            session_webhook, _ = webhook_info
+
+        logger.debug("[%s] Sending via webhook", self.name)`,
+)
+
+// ── dt-dm-robot-code ────────────────────────────────────────────
+patch(
+  'dt-dm-robot-code',
+  '# patch:dt-dm-robot-code',
+  `                    im_robot_open_deliver_model=(
+                        dingtalk_card_models.DeliverCardRequestImRobotOpenDeliverModel(
+                            space_type="IM_ROBOT",
+                        )
+                    ),`,
+  `                    im_robot_open_deliver_model=(
+                        dingtalk_card_models.DeliverCardRequestImRobotOpenDeliverModel(
+                            space_type="IM_ROBOT",
+                            robot_code=self._robot_code,  # patch:dt-dm-robot-code
+                        )
+                    ),`,
+)
+
+// ── dt-card-autolayout ──────────────────────────────────────────
+patch(
+  'dt-card-autolayout',
+  '# patch:dt-card-autolayout',
+  `                card_data=dingtalk_card_models.CreateCardRequestCardData(
+                    card_param_map={"content": ""},
+                ),`,
+  `                card_data=dingtalk_card_models.CreateCardRequestCardData(
+                    # patch:dt-card-autolayout — wide-screen via sys_full_json_obj
+                    card_param_map={
+                        "content": "",
+                        "sys_full_json_obj": json.dumps({"config": {"autoLayout": True}}),
+                    },
+                ),`,
+)
+
+if (src !== before) {
+  writeFileSync(dtPath, src)
+}
+
+if (existsSync(browserToolPath)) {
+  console.log(`Patching ${browserToolPath}`)
+  let browserSrc = readFileSync(browserToolPath, 'utf-8')
+  const browserBefore = browserSrc
+
+  browserSrc = patchText(
+    browserSrc,
+    'browser-stdout-decode-fallback',
+    '# patch:browser-stdout-decode-fallback',
+    `from hermes_cli.config import cfg_get\n`,
+    `from hermes_cli.config import cfg_get
+
+# patch:browser-stdout-decode-fallback
+def _hermes_read_browser_output(path: str) -> str:
+    data = Path(path).read_bytes()
+    for encoding in ("utf-8", "gb18030"):
+        try:
+            return data.decode(encoding)
+        except UnicodeDecodeError:
+            pass
+    return data.decode("utf-8", errors="replace")
+`,
+  )
+
+  for (const [id, find, replace] of [
+    [
+      'browser-fallback-stdout-read',
+      `            with open(stdout_path, "r", encoding="utf-8") as f:
+                stdout = f.read().strip()`,
+      `            # patch:browser-fallback-stdout-read
+            stdout = _hermes_read_browser_output(stdout_path).strip()`,
+    ],
+    [
+      'browser-command-stdout-read',
+      `            with open(stdout_path, "r", encoding="utf-8") as f:
+                stdout = f.read()
+            with open(stderr_path, "r", encoding="utf-8") as f:
+                stderr = f.read()`,
+      `            # patch:browser-command-stdout-read
+            stdout = _hermes_read_browser_output(stdout_path)
+            stderr = _hermes_read_browser_output(stderr_path)`,
+    ],
+  ]) {
+    browserSrc = patchText(
+      browserSrc,
+      id,
+      `# patch:${id}`,
+      find,
+      replace,
+    )
+  }
+
+  if (browserSrc !== browserBefore) {
+    writeFileSync(browserToolPath, browserSrc)
+  }
+}
+
+const brotlicffiCompatMarker = '# patch:brotlicffi-error-compat'
+const brotlicffiCompat = `
+${brotlicffiCompatMarker}
+try:
+    import brotlicffi as _hermes_brotlicffi
+    if not hasattr(_hermes_brotlicffi, "error"):
+        _hermes_brotlicffi.error = (
+            getattr(_hermes_brotlicffi, "Error", None)
+            or getattr(_hermes_brotlicffi, "BrotliError", None)
+            or Exception
+        )
+except Exception:
+    pass
+`
+
+const desktopHiddenSubprocessMarker = '# patch:desktop-hidden-subprocess-defaults'
+const desktopHiddenSubprocessDefaults = `
+${desktopHiddenSubprocessMarker}
+try:
+    import os as _hermes_os
+    if _hermes_os.name == "nt" and _hermes_os.environ.get("HERMES_DESKTOP", "").strip().lower() == "true":
+        import asyncio as _hermes_asyncio
+        import subprocess as _hermes_subprocess
+        if not getattr(_hermes_subprocess, "_hermes_desktop_hidden_defaults_installed", False):
+            _hermes_create_no_window = getattr(_hermes_subprocess, "CREATE_NO_WINDOW", 0) or 0x08000000
+
+            def _hermes_apply_hidden_process_options(kwargs):
+                flags = kwargs.get("creationflags", 0) or 0
+                try:
+                    kwargs["creationflags"] = int(flags) | _hermes_create_no_window
+                except Exception:
+                    kwargs["creationflags"] = _hermes_create_no_window
+
+                startupinfo = kwargs.get("startupinfo")
+                if startupinfo is None:
+                    try:
+                        startupinfo = _hermes_subprocess.STARTUPINFO()
+                    except Exception:
+                        return
+                    kwargs["startupinfo"] = startupinfo
+                try:
+                    startupinfo.dwFlags |= getattr(_hermes_subprocess, "STARTF_USESHOWWINDOW", 1)
+                    startupinfo.wShowWindow = getattr(_hermes_subprocess, "SW_HIDE", 0)
+                except Exception:
+                    pass
+
+            _hermes_original_popen = _hermes_subprocess.Popen
+            _hermes_original_create_subprocess_exec = _hermes_asyncio.create_subprocess_exec
+            _hermes_original_create_subprocess_shell = _hermes_asyncio.create_subprocess_shell
+
+            class _HermesHiddenPopen(_hermes_original_popen):
+                def __init__(self, *args, **kwargs):
+                    _hermes_apply_hidden_process_options(kwargs)
+                    super().__init__(*args, **kwargs)
+
+            async def _hermes_hidden_create_subprocess_exec(*args, **kwargs):
+                _hermes_apply_hidden_process_options(kwargs)
+                return await _hermes_original_create_subprocess_exec(*args, **kwargs)
+
+            async def _hermes_hidden_create_subprocess_shell(*args, **kwargs):
+                _hermes_apply_hidden_process_options(kwargs)
+                return await _hermes_original_create_subprocess_shell(*args, **kwargs)
+
+            _hermes_subprocess.Popen = _HermesHiddenPopen
+            _hermes_asyncio.create_subprocess_exec = _hermes_hidden_create_subprocess_exec
+            _hermes_asyncio.create_subprocess_shell = _hermes_hidden_create_subprocess_shell
+            _hermes_subprocess._hermes_desktop_hidden_defaults_installed = True
+except Exception:
+    pass
+`
+
+function appendSitecustomizePatch(id, marker, body) {
+  const sitecustomize = existsSync(sitecustomizePath) ? readFileSync(sitecustomizePath, 'utf-8') : ''
+  if (sitecustomize.includes(marker)) {
+    console.log(`  · ${id}  (already applied)`)
+    skipped++
+    return
+  }
+  const nextSitecustomize = `${sitecustomize.replace(/\s*$/, '')}\n${body.trim()}\n`
+  writeFileSync(sitecustomizePath, nextSitecustomize)
+  console.log(`  ✓ ${id}`)
+  applied++
+}
+
+appendSitecustomizePatch('brotlicffi-error-compat', brotlicffiCompatMarker, brotlicffiCompat)
+appendSitecustomizePatch('desktop-hidden-subprocess-defaults', desktopHiddenSubprocessMarker, desktopHiddenSubprocessDefaults)
+
+console.log(`Done. Applied ${applied}, skipped ${skipped}.`)
diff --git a/packages/desktop/scripts/fetch-git.mjs b/packages/desktop/scripts/fetch-git.mjs
new file mode 100644
index 0000000..5a4bf24
--- /dev/null
+++ b/packages/desktop/scripts/fetch-git.mjs
@@ -0,0 +1,85 @@
+#!/usr/bin/env node
+// Download Git for Windows MinGit for Windows builds. Other platforms create
+// an empty resource directory so electron-builder can use the same resource map.
+import { existsSync, mkdirSync, rmSync, writeFileSync } from 'node:fs'
+import { dirname, resolve } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { arch as osArch, platform as osPlatform, tmpdir } from 'node:os'
+import { spawnSync } from 'node:child_process'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const ROOT = resolve(__dirname, '..')
+
+const TARGET_OS = process.env.TARGET_OS || osPlatform()
+const TARGET_ARCH = process.env.TARGET_ARCH || osArch()
+const OS_LABEL = TARGET_OS === 'win32' ? 'win' : TARGET_OS === 'darwin' ? 'mac' : TARGET_OS
+const OUT_DIR = resolve(ROOT, 'resources', 'git', `${OS_LABEL}-${TARGET_ARCH}`)
+
+mkdirSync(OUT_DIR, { recursive: true })
+
+if (TARGET_OS !== 'win32') {
+  writeFileSync(resolve(OUT_DIR, '.placeholder'), 'Git for Windows is only bundled on Windows.\n')
+  console.log(`Git resource placeholder ready at ${OUT_DIR}`)
+  process.exit(0)
+}
+
+if (TARGET_ARCH !== 'x64') {
+  console.error(`Unsupported Git for Windows target: ${TARGET_OS}-${TARGET_ARCH}`)
+  process.exit(1)
+}
+
+if (existsSync(resolve(OUT_DIR, 'cmd', 'git.exe'))) {
+  console.log(`Git for Windows already present at ${OUT_DIR}, skipping`)
+  process.exit(0)
+}
+
+async function latestMinGitUrl() {
+  if (process.env.GIT_FOR_WINDOWS_URL?.trim()) return process.env.GIT_FOR_WINDOWS_URL.trim()
+
+  const headers = { 'User-Agent': 'hermes-studio-desktop-build' }
+  const token = process.env.GH_TOKEN || process.env.GITHUB_TOKEN
+  if (token?.trim()) headers.Authorization = `Bearer ${token.trim()}`
+
+  const response = await fetch('https://api.github.com/repos/git-for-windows/git/releases/latest', {
+    headers,
+  })
+  if (!response.ok) {
+    throw new Error(`GitHub API returned ${response.status}`)
+  }
+  const release = await response.json()
+  const asset = release.assets?.find(candidate =>
+    typeof candidate?.name === 'string'
+    && /^MinGit-.*-64-bit\.zip$/.test(candidate.name)
+    && typeof candidate.browser_download_url === 'string',
+  )
+  if (!asset) throw new Error('Could not find MinGit 64-bit zip in latest Git for Windows release')
+  return asset.browser_download_url
+}
+
+let url
+try {
+  url = await latestMinGitUrl()
+} catch (err) {
+  console.error(`Failed to resolve Git for Windows download URL: ${err instanceof Error ? err.message : String(err)}`)
+  process.exit(1)
+}
+
+const file = url.split('/').pop() || 'mingit.zip'
+const archivePath = resolve(tmpdir(), file)
+
+console.log(`Fetching ${url}`)
+const curl = spawnSync('curl', ['-fL', '--retry', '3', '-o', archivePath, url], { stdio: 'inherit' })
+if (curl.status !== 0) {
+  console.error('curl failed')
+  process.exit(curl.status ?? 1)
+}
+
+console.log(`Extracting into ${OUT_DIR}`)
+const extract = spawnSync('tar', ['-xf', archivePath, '-C', OUT_DIR], { stdio: 'inherit' })
+if (extract.status !== 0) {
+  console.error('extract failed')
+  process.exit(extract.status ?? 1)
+}
+
+rmSync(archivePath, { force: true })
+console.log(`Git for Windows ready at ${OUT_DIR}`)
diff --git a/packages/desktop/scripts/fetch-node.mjs b/packages/desktop/scripts/fetch-node.mjs
new file mode 100644
index 0000000..724be1e
--- /dev/null
+++ b/packages/desktop/scripts/fetch-node.mjs
@@ -0,0 +1,61 @@
+#!/usr/bin/env node
+// Download a portable Node.js runtime for the current (or target) platform/arch
+// and extract into resources/node/<os>-<arch>/.
+import { existsSync, mkdirSync, rmSync } from 'node:fs'
+import { dirname, join, resolve } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { arch as osArch, platform as osPlatform, tmpdir } from 'node:os'
+import { spawnSync } from 'node:child_process'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const ROOT = resolve(__dirname, '..')
+
+const TARGET_OS = process.env.TARGET_OS || osPlatform()
+const TARGET_ARCH = process.env.TARGET_ARCH || osArch()
+const NODE_VERSION = (process.env.HERMES_DESKTOP_NODE_VERSION || process.env.NODE_VERSION || process.versions.node).replace(/^v/, '')
+
+const OS_LABEL = TARGET_OS === 'win32' ? 'win' : TARGET_OS === 'darwin' ? 'mac' : TARGET_OS
+const OUT_DIR = resolve(ROOT, 'resources', 'node', `${OS_LABEL}-${TARGET_ARCH}`)
+
+const DIST_PLATFORM = TARGET_OS === 'win32' ? 'win' : TARGET_OS === 'darwin' ? 'darwin' : TARGET_OS
+const DIST_ARCH = TARGET_ARCH === 'x64' ? 'x64' : TARGET_ARCH === 'arm64' ? 'arm64' : ''
+if (!DIST_ARCH || !['win', 'darwin', 'linux'].includes(DIST_PLATFORM)) {
+  console.error(`Unsupported target: ${TARGET_OS}-${TARGET_ARCH}`)
+  process.exit(1)
+}
+
+const ext = TARGET_OS === 'win32' ? 'zip' : 'tar.gz'
+const file = `node-v${NODE_VERSION}-${DIST_PLATFORM}-${DIST_ARCH}.${ext}`
+const baseUrl = (process.env.NODE_DIST_BASE_URL || 'https://nodejs.org/dist').replace(/\/$/, '')
+const url = `${baseUrl}/v${NODE_VERSION}/${file}`
+const marker = TARGET_OS === 'win32' ? 'node.exe' : join('bin', 'node')
+
+if (existsSync(resolve(OUT_DIR, marker))) {
+  console.log(`Node.js already present at ${OUT_DIR}, skipping`)
+  process.exit(0)
+}
+
+mkdirSync(OUT_DIR, { recursive: true })
+const archivePath = resolve(tmpdir(), file)
+
+console.log(`Fetching ${url}`)
+const curl = spawnSync('curl', ['-fL', '--retry', '3', '-o', archivePath, url], { stdio: 'inherit' })
+if (curl.status !== 0) {
+  console.error('curl failed')
+  process.exit(curl.status ?? 1)
+}
+
+console.log(`Extracting into ${OUT_DIR}`)
+let extract
+if (TARGET_OS === 'win32') {
+  extract = spawnSync('tar', ['-xf', archivePath, '-C', OUT_DIR, '--strip-components=1'], { stdio: 'inherit' })
+} else {
+  extract = spawnSync('tar', ['-xzf', archivePath, '-C', OUT_DIR, '--strip-components=1'], { stdio: 'inherit' })
+}
+if (extract.status !== 0) {
+  console.error('extract failed')
+  process.exit(extract.status ?? 1)
+}
+
+rmSync(archivePath, { force: true })
+console.log(`Node.js ready at ${OUT_DIR}`)
diff --git a/packages/desktop/scripts/fetch-python.mjs b/packages/desktop/scripts/fetch-python.mjs
new file mode 100644
index 0000000..6bc389d
--- /dev/null
+++ b/packages/desktop/scripts/fetch-python.mjs
@@ -0,0 +1,67 @@
+#!/usr/bin/env node
+// Download python-build-standalone for the current (or target) platform/arch
+// and extract into resources/python/<os>-<arch>/
+import { mkdirSync, existsSync, createWriteStream, rmSync } from 'node:fs'
+import { resolve, dirname } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { spawnSync } from 'node:child_process'
+import { tmpdir, platform as osPlatform, arch as osArch } from 'node:os'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const ROOT = resolve(__dirname, '..')
+
+// Pin a known-good python-build-standalone release. Bump intentionally.
+const PBS_TAG = process.env.PBS_TAG || '20260510'
+const PYTHON_VERSION = process.env.PBS_PY || '3.12.13'
+
+const TARGET_OS = process.env.TARGET_OS || osPlatform() // darwin | win32 | linux
+const TARGET_ARCH = process.env.TARGET_ARCH || osArch() // arm64 | x64
+
+const TRIPLE_MAP = {
+  'darwin-arm64': 'aarch64-apple-darwin',
+  'darwin-x64': 'x86_64-apple-darwin',
+  'win32-x64': 'x86_64-pc-windows-msvc',
+  'linux-x64': 'x86_64-unknown-linux-gnu',
+  'linux-arm64': 'aarch64-unknown-linux-gnu',
+}
+
+const key = `${TARGET_OS}-${TARGET_ARCH}`
+const triple = TRIPLE_MAP[key]
+if (!triple) {
+  console.error(`Unsupported target: ${key}`)
+  process.exit(1)
+}
+
+// electron-builder uses `mac`/`win`/`linux` for `${os}` — match that
+const OS_LABEL = TARGET_OS === 'win32' ? 'win' : TARGET_OS === 'darwin' ? 'mac' : TARGET_OS
+const OUT_DIR = resolve(ROOT, 'resources', 'python', `${OS_LABEL}-${TARGET_ARCH}`)
+const FLAVOR = 'install_only_stripped'
+const FILE = `cpython-${PYTHON_VERSION}+${PBS_TAG}-${triple}-${FLAVOR}.tar.gz`
+const PBS_BASE_URL = (process.env.PBS_BASE_URL || 'https://github.com/astral-sh/python-build-standalone/releases/download').replace(/\/$/, '')
+const URL = `${PBS_BASE_URL}/${PBS_TAG}/${FILE}`
+
+if (existsSync(resolve(OUT_DIR, 'python')) || existsSync(resolve(OUT_DIR, 'bin', 'python3'))) {
+  console.log(`✓ Python already present at ${OUT_DIR}, skipping`)
+  process.exit(0)
+}
+
+mkdirSync(OUT_DIR, { recursive: true })
+const tarPath = resolve(tmpdir(), FILE)
+
+console.log(`→ Fetching ${URL}`)
+const curl = spawnSync('curl', ['-fL', '--retry', '3', '-o', tarPath, URL], { stdio: 'inherit' })
+if (curl.status !== 0) {
+  console.error('curl failed')
+  process.exit(curl.status ?? 1)
+}
+
+console.log(`→ Extracting into ${OUT_DIR}`)
+// PBS tarballs unpack to a top-level "python/" directory; --strip-components=1 flattens it
+const tar = spawnSync('tar', ['-xzf', tarPath, '-C', OUT_DIR, '--strip-components=1'], { stdio: 'inherit' })
+if (tar.status !== 0) {
+  console.error('tar failed')
+  process.exit(tar.status ?? 1)
+}
+
+rmSync(tarPath, { force: true })
+console.log(`✓ Python ready at ${OUT_DIR}`)
diff --git a/packages/desktop/scripts/install-hermes.mjs b/packages/desktop/scripts/install-hermes.mjs
new file mode 100644
index 0000000..5ac1199
--- /dev/null
+++ b/packages/desktop/scripts/install-hermes.mjs
@@ -0,0 +1,479 @@
+#!/usr/bin/env node
+// Install hermes-agent into the bundled Python at resources/python/<os>-<arch>/.
+// Prefers `uv` (10-100x faster, more deterministic) and falls back to pip.
+import {
+  chmodSync,
+  copyFileSync,
+  cpSync,
+  existsSync,
+  lstatSync,
+  mkdirSync,
+  readdirSync,
+  rmSync,
+  symlinkSync,
+  unlinkSync,
+  writeFileSync,
+} from 'node:fs'
+import { basename, resolve, dirname, join } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { spawnSync } from 'node:child_process'
+import { platform as osPlatform, arch as osArch, homedir as osHomedir } from 'node:os'
+import { hermesVersion } from './runtime-config.mjs'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const ROOT = resolve(__dirname, '..')
+
+const TARGET_OS = process.env.TARGET_OS || osPlatform()
+const TARGET_ARCH = process.env.TARGET_ARCH || osArch()
+const HERMES_VERSION = hermesVersion()
+// Match the packaged runtime to the channel list exposed at /hermes/channels.
+// Telegram, Discord, and Slack are covered by "messaging". We intentionally
+// install Matrix's plaintext deps below instead of using the "matrix" extra:
+// that extra pulls mautrix[encryption] -> python-olm, which needs a fragile
+// native build on desktop packaging machines. WhatsApp, QQBot, and Weixin do
+// not expose dedicated hermes-agent extras; their deps are covered by base or
+// the channel extras below.
+const HERMES_EXTRAS = [
+  'mcp',
+  'messaging',
+  'slack',
+  'wecom',
+  'dingtalk',
+  'feishu',
+].join(',')
+const HERMES_PACKAGE = process.env.HERMES_PACKAGE || `hermes-agent[${HERMES_EXTRAS}]==${HERMES_VERSION}`
+const EXTRA_PYTHON_PACKAGES = splitPackageList(
+  process.env.HERMES_EXTRA_PYTHON_PACKAGES || [
+    'websockets',
+    'mautrix==0.21.0',
+    'Markdown==3.10.2',
+    'aiosqlite==0.22.1',
+    'asyncpg==0.31.0',
+    'aiohttp-socks==0.11.0',
+  ].join(' '),
+)
+const BROWSER_PACKAGES = splitPackageList(
+  process.env.HERMES_BROWSER_PACKAGES || 'agent-browser@^0.26.0 @askjo/camofox-browser@^1.5.2',
+)
+const SKIP_BROWSER_RUNTIME = process.env.HERMES_SKIP_BROWSER_RUNTIME === '1'
+  || process.env.HERMES_SKIP_BROWSER_RUNTIME?.toLowerCase() === 'true'
+
+const OS_LABEL = TARGET_OS === 'win32' ? 'win' : TARGET_OS === 'darwin' ? 'mac' : TARGET_OS
+const PY_DIR = resolve(ROOT, 'resources', 'python', `${OS_LABEL}-${TARGET_ARCH}`)
+const NODE_DIR = resolve(ROOT, 'resources', 'node', `${OS_LABEL}-${TARGET_ARCH}`)
+const NODE_PREFIX = resolve(PY_DIR, 'node')
+const AGENT_BROWSER_HOME = resolve(PY_DIR, 'agent-browser')
+const PLAYWRIGHT_BROWSERS_PATH = resolve(PY_DIR, 'ms-playwright')
+
+const pyBin = TARGET_OS === 'win32'
+  ? resolve(PY_DIR, 'python.exe')
+  : resolve(PY_DIR, 'bin', 'python3')
+
+if (!existsSync(pyBin)) {
+  console.error(`Python not found at ${pyBin}. Run: npm run fetch:python`)
+  process.exit(1)
+}
+
+function hasUv() {
+  const r = spawnSync('uv', ['--version'], { stdio: 'ignore' })
+  return r.status === 0
+}
+
+function splitPackageList(value) {
+  return value
+    .split(/[,\s]+/)
+    .map(part => part.trim())
+    .filter(Boolean)
+}
+
+function run(command, args, options = {}) {
+  const result = spawnSync(command, args, { stdio: 'inherit', ...options })
+  if (result.status !== 0) process.exit(result.status ?? 1)
+  return result
+}
+
+function optionalRun(command, args, options = {}) {
+  return spawnSync(command, args, { stdio: 'inherit', ...options })
+}
+
+function commandInvocation(command) {
+  if (TARGET_OS === 'win32' && command.toLowerCase().endsWith('.cmd')) {
+    const cmdCommand = /[\s&()[\]{}^=;!'+,`~]/.test(command) ? `"${command}"` : command
+    return { command: 'cmd.exe', argsPrefix: ['/d', '/s', '/c', cmdCommand] }
+  }
+  return { command, argsPrefix: [] }
+}
+
+function runInvocation(invocation, args, options = {}) {
+  return run(invocation.command, [...invocation.argsPrefix, ...args], options)
+}
+
+function optionalRunInvocation(invocation, args, options = {}) {
+  return optionalRun(invocation.command, [...invocation.argsPrefix, ...args], options)
+}
+
+function pythonBuildEnv() {
+  if (TARGET_OS !== 'darwin') return process.env
+
+  const env = { ...process.env }
+  if (!env.AR && existsSync('/usr/bin/ar')) env.AR = '/usr/bin/ar'
+  if (!env.RANLIB && existsSync('/usr/bin/ranlib')) env.RANLIB = '/usr/bin/ranlib'
+  return env
+}
+
+function installPythonPackages(packages, label) {
+  if (packages.length === 0) return
+  const env = pythonBuildEnv()
+  if (hasUv()) {
+    console.log(`→ Installing ${label} via uv: ${packages.join(' ')}`)
+    run('uv', [
+      'pip', 'install',
+      '--python', pyBin,
+      ...packages,
+    ], { env })
+  } else {
+    console.log(`→ Installing ${label} via pip: ${packages.join(' ')}`)
+    run(pyBin, [
+      '-m', 'pip', 'install',
+      ...packages,
+      '--no-warn-script-location',
+      '--disable-pip-version-check',
+    ], { env })
+  }
+}
+
+function npmCommand() {
+  const bundled = TARGET_OS === 'win32'
+    ? resolve(NODE_DIR, 'npm.cmd')
+    : resolve(NODE_DIR, 'bin', 'npm')
+  const candidates = TARGET_OS === 'win32'
+    ? [bundled, 'npm.cmd', 'npm.exe', 'npm']
+    : [bundled, 'npm']
+  for (const candidate of candidates) {
+    if (candidate === bundled && !existsSync(candidate)) continue
+    const invocation = commandInvocation(candidate)
+    const result = optionalRunInvocation(invocation, ['--version'], { stdio: 'ignore', env: browserRuntimeEnv(false) })
+    if (result.status === 0) return invocation
+  }
+  return null
+}
+
+function agentBrowserCommand() {
+  if (TARGET_OS === 'win32') {
+    return resolve(NODE_PREFIX, 'agent-browser.cmd')
+  }
+  return resolve(NODE_PREFIX, 'bin', 'agent-browser')
+}
+
+function browserRuntimeEnv(includeAgentBrowser = true) {
+  const bundledNodeBin = TARGET_OS === 'win32'
+    ? NODE_DIR
+    : resolve(NODE_DIR, 'bin')
+  const nodePath = TARGET_OS === 'win32'
+    ? NODE_PREFIX
+    : resolve(NODE_PREFIX, 'bin')
+  const inheritedPath = process.env.PATH || process.env.Path || ''
+  const pathKey = TARGET_OS === 'win32' ? 'Path' : 'PATH'
+  const browserExecutable = includeAgentBrowser ? ensureBundledBrowserExecutable() : null
+  const pathEntries = includeAgentBrowser
+    ? [nodePath, bundledNodeBin, inheritedPath]
+    : [bundledNodeBin, inheritedPath]
+  const env = {
+    ...process.env,
+    [pathKey]: pathEntries.filter(Boolean).join(TARGET_OS === 'win32' ? ';' : ':'),
+    HERMES_AGENT_NODE: TARGET_OS === 'win32' ? resolve(NODE_DIR, 'node.exe') : resolve(NODE_DIR, 'bin', 'node'),
+    HERMES_AGENT_NODE_ROOT: NODE_DIR,
+    AGENT_BROWSER_HOME,
+    PLAYWRIGHT_BROWSERS_PATH,
+  }
+  if (browserExecutable) env.AGENT_BROWSER_EXECUTABLE_PATH = browserExecutable
+  return env
+}
+
+function bundledBrowserExecutableNames() {
+  if (TARGET_OS === 'win32') return new Set(['chrome.exe'])
+  if (TARGET_OS === 'darwin') return new Set(['Google Chrome for Testing', 'Google Chrome', 'Chromium', 'chrome'])
+  return new Set(['chrome', 'chromium', 'chromium-browser'])
+}
+
+function defaultAgentBrowserHomes() {
+  const candidates = [
+    process.env.USERPROFILE,
+    process.env.UserProfile,
+    process.env.HOME,
+    process.env.HOMEDRIVE && process.env.HOMEPATH
+      ? `${process.env.HOMEDRIVE}${process.env.HOMEPATH}`
+      : null,
+    osHomedir(),
+  ]
+  return Array.from(new Set(
+    candidates
+      .map(home => home?.trim())
+      .filter(Boolean)
+      .map(home => resolve(home, '.agent-browser')),
+  ))
+}
+
+function findBrowserInstallInHome(home) {
+  const names = bundledBrowserExecutableNames()
+  const browsersDir = join(home, 'browsers')
+  const bundleDirs = []
+
+  if (existsSync(browsersDir)) {
+    try {
+      for (const entry of readdirSync(browsersDir, { withFileTypes: true })) {
+        if (entry.isDirectory()) bundleDirs.push(join(browsersDir, entry.name))
+      }
+    } catch {}
+  }
+
+  for (const bundleDir of bundleDirs) {
+    const executable = findBrowserExecutableUnder(bundleDir, names)
+    if (executable) return { executable, bundleDir }
+  }
+
+  return null
+}
+
+function findBrowserExecutableUnder(root, names) {
+  const stack = [root].filter(existsSync)
+  const visited = new Set()
+
+  while (stack.length > 0) {
+    const dir = stack.pop()
+    if (!dir || visited.has(dir)) continue
+    visited.add(dir)
+
+    let entries
+    try {
+      entries = readdirSync(dir, { withFileTypes: true })
+    } catch {
+      continue
+    }
+
+    for (const entry of entries) {
+      const path = join(dir, entry.name)
+      if (entry.isFile() && names.has(entry.name)) return path
+      if (entry.isDirectory()) stack.push(path)
+    }
+  }
+
+  return null
+}
+
+function findBundledBrowserExecutable() {
+  return findBrowserInstallInHome(AGENT_BROWSER_HOME)?.executable ?? null
+}
+
+function ensureBundledBrowserExecutable() {
+  const bundled = findBrowserInstallInHome(AGENT_BROWSER_HOME)
+  if (bundled) return bundled.executable
+
+  const searchedHomes = []
+  for (const fallbackHome of defaultAgentBrowserHomes()) {
+    if (fallbackHome === AGENT_BROWSER_HOME) continue
+    searchedHomes.push(fallbackHome)
+
+    const fallback = findBrowserInstallInHome(fallbackHome)
+    if (!fallback) continue
+
+    const targetBrowsersDir = join(AGENT_BROWSER_HOME, 'browsers')
+    const targetBundleDir = join(targetBrowsersDir, basename(fallback.bundleDir))
+    mkdirSync(targetBrowsersDir, { recursive: true })
+    cpSync(fallback.bundleDir, targetBundleDir, { recursive: true, force: true, verbatimSymlinks: true })
+    console.log(`✓ copied Chrome bundle into ${targetBundleDir}`)
+
+    return findBundledBrowserExecutable()
+  }
+
+  if (searchedHomes.length > 0) {
+    console.warn(`! no Chrome bundle found in fallback agent-browser homes: ${searchedHomes.join(', ')}`)
+  }
+  return null
+}
+
+function sitePackagesDir() {
+  if (TARGET_OS === 'win32') {
+    return resolve(PY_DIR, 'Lib', 'site-packages')
+  }
+  const libDir = resolve(PY_DIR, 'lib')
+  const py = readdirSync(libDir).find(n => /^python\d+\.\d+$/.test(n))
+  if (!py) throw new Error(`Could not locate pythonX.Y under ${libDir}`)
+  return resolve(libDir, py, 'site-packages')
+}
+
+function pythonModuleExists(moduleName) {
+  const result = optionalRun(pyBin, [
+    '-c',
+    `import importlib.util, sys; sys.exit(0 if importlib.util.find_spec(${JSON.stringify(moduleName)}) else 1)`,
+  ], { stdio: 'ignore' })
+  return result.status === 0
+}
+
+function removeBrokenDashboardAuthPlugin() {
+  if (pythonModuleExists('hermes_cli.dashboard_auth')) return
+
+  const pluginDir = resolve(sitePackagesDir(), 'plugins', 'dashboard_auth', 'nous')
+  if (!existsSync(pluginDir)) return
+
+  rmSync(pluginDir, { recursive: true, force: true })
+  console.warn(
+    '! Removed bundled dashboard_auth/nous plugin because hermes_cli.dashboard_auth is missing from the hermes-agent package',
+  )
+}
+
+function installBrowserRuntime() {
+  if (SKIP_BROWSER_RUNTIME) {
+    console.warn('! Skipping bundled browser runtime because HERMES_SKIP_BROWSER_RUNTIME is set')
+    return
+  }
+  if (BROWSER_PACKAGES.length === 0) {
+    console.warn('! Skipping bundled browser runtime because HERMES_BROWSER_PACKAGES is empty')
+    return
+  }
+
+  const npm = npmCommand()
+  if (!npm) {
+    console.error('npm not found; bundled browser runtime requires Node.js/npm')
+    process.exit(1)
+  }
+
+  console.log(`→ Installing browser runtime via npm prefix ${NODE_PREFIX}`)
+  runInvocation(npm, [
+    'install',
+    '-g',
+    '--prefix',
+    NODE_PREFIX,
+    '--silent',
+    '--ignore-scripts',
+    ...BROWSER_PACKAGES,
+  ])
+
+  const ab = agentBrowserCommand()
+  if (!existsSync(ab)) {
+    console.error(`agent-browser binary not found at ${ab} after npm install`)
+    process.exit(1)
+  }
+
+  console.log(`→ Installing Chromium for bundled agent-browser at ${AGENT_BROWSER_HOME}`)
+  runInvocation(commandInvocation(ab), ['install'], { env: browserRuntimeEnv() })
+
+  const browserExecutable = ensureBundledBrowserExecutable()
+  if (!browserExecutable) {
+    console.error(`Bundled Chrome executable not found under ${AGENT_BROWSER_HOME} after agent-browser install`)
+    process.exit(1)
+  }
+  console.log(`✓ bundled Chrome executable available at ${browserExecutable}`)
+}
+
+installPythonPackages([HERMES_PACKAGE], 'hermes-agent')
+installPythonPackages(EXTRA_PYTHON_PACKAGES, 'extra Python runtime packages')
+removeBrokenDashboardAuthPlugin()
+installBrowserRuntime()
+
+run(pyBin, [
+  '-c',
+  [
+    'import importlib.util',
+    'import mcp',
+    'import tools.mcp_tool as t',
+    'assert t._MCP_AVAILABLE',
+    'assert importlib.util.find_spec("websockets") is not None',
+  ].join('; '),
+])
+
+const hermesBin = TARGET_OS === 'win32'
+  ? resolve(PY_DIR, 'Scripts', 'hermes.exe')
+  : resolve(PY_DIR, 'bin', 'hermes')
+const hermesCheckCommand = TARGET_OS === 'win32' ? pyBin : hermesBin
+const hermesCheckArgs = TARGET_OS === 'win32' ? ['-m', 'hermes_cli.main', '--version'] : ['--version']
+
+if (!existsSync(hermesBin)) {
+  console.error(`hermes binary not found at ${hermesBin} after install`)
+  process.exit(1)
+}
+
+// hermes-web-ui's agent-bridge searches for `run_agent.py` at <python_root>/run_agent.py
+// (and a few neighbouring dirs). pip places it at site-packages/run_agent.py — surface
+// it at the venv root with a *relative* symlink so the venv stays portable when copied
+// into the packaged .app/.exe (an absolute symlink would break the moment the bundle
+// is moved to /Applications/...).
+function siteRunAgentRelative() {
+  if (TARGET_OS === 'win32') {
+    return ['Lib', 'site-packages', 'run_agent.py'].join('\\')
+  }
+  return `${sitePackagesDir().slice(PY_DIR.length + 1)}/run_agent.py`
+}
+{
+  const relSrc = siteRunAgentRelative()
+  const absSrc = resolve(PY_DIR, relSrc)
+  const dst = resolve(PY_DIR, 'run_agent.py')
+  if (existsSync(absSrc)) {
+    try { lstatSync(dst); unlinkSync(dst) } catch {}
+    if (TARGET_OS === 'win32') copyFileSync(absSrc, dst)
+    else symlinkSync(relSrc, dst)
+    console.log(`✓ run_agent.py linked at venv root (relative → ${relSrc})`)
+  } else {
+    console.warn(`! run_agent.py not found at ${absSrc} — agent-bridge may fail`)
+  }
+}
+
+// Relocate: replace the pip-generated launcher (which embeds an absolute
+// shebang to the build-time Python path) with a relative wrapper so the
+// bundled venv works after being moved into the .app/.exe payload.
+if (TARGET_OS === 'win32') {
+  // Windows: pip generates a .exe launcher that embeds a relative shebang
+  // already. Add a .cmd wrapper that prefers the colocated python.exe.
+  const cmdPath = resolve(PY_DIR, 'Scripts', 'hermes.cmd')
+  writeFileSync(
+    cmdPath,
+    [
+      '@echo off',
+      'set "PY=%~dp0..\\python.exe"',
+      '"%PY%" -m hermes_cli.main %*',
+    ].join('\r\n'),
+  )
+} else {
+  const launcher = [
+    '#!/bin/sh',
+    'DIR="$(cd "$(dirname "$0")" && pwd)"',
+    'exec "$DIR/python3" -m hermes_cli.main "$@"',
+    '',
+  ].join('\n')
+  writeFileSync(hermesBin, launcher, { mode: 0o755 })
+  chmodSync(hermesBin, 0o755)
+  // Same for hermes-agent / hermes-acp (they all just dispatch into modules)
+  for (const [name, mod] of [
+    ['hermes-agent', 'run_agent'],
+    ['hermes-acp', 'acp_adapter.entry'],
+  ]) {
+    const p = resolve(PY_DIR, 'bin', name)
+    if (existsSync(p)) {
+      writeFileSync(p, launcher.replace('hermes_cli.main', mod), { mode: 0o755 })
+      chmodSync(p, 0o755)
+    }
+  }
+}
+
+console.log(`✓ hermes installed at ${hermesBin} (relocatable launcher)`)
+
+run(hermesCheckCommand, hermesCheckArgs)
+
+if (!SKIP_BROWSER_RUNTIME) {
+  run(pyBin, [
+    '-c',
+    [
+      'import os, shutil',
+      `os.environ["PLAYWRIGHT_BROWSERS_PATH"] = ${JSON.stringify(PLAYWRIGHT_BROWSERS_PATH)}`,
+      'from tools.browser_tool import _chromium_installed',
+      'assert shutil.which("agent-browser") is not None',
+      'assert _chromium_installed()',
+    ].join('; '),
+  ], { env: browserRuntimeEnv() })
+}
+
+if (SKIP_BROWSER_RUNTIME) {
+  console.log('✓ hermes Python, MCP, and websockets checks passed; browser runtime skipped')
+} else {
+  console.log('✓ hermes Python, MCP, websockets, agent-browser, and Chromium checks passed')
+}
diff --git a/packages/desktop/scripts/merge-mac-latest-yml.mjs b/packages/desktop/scripts/merge-mac-latest-yml.mjs
new file mode 100644
index 0000000..20c2736
--- /dev/null
+++ b/packages/desktop/scripts/merge-mac-latest-yml.mjs
@@ -0,0 +1,74 @@
+#!/usr/bin/env node
+// Merge two per-arch `latest-mac.yml` manifests (arm64 + x64) into a single
+// manifest whose `files:` array lists BOTH dmgs, so electron-updater can pick
+// the right architecture.
+//
+// Why this exists: our Release workflow builds macOS arm64 and x64 in separate
+// matrix jobs, each emitting its own `latest-mac.yml`. When the publish job
+// flattens the artifacts they collide and only one arch survives — leaving the
+// other arch's users served a mismatched dmg (runs under Rosetta / fails the
+// updater signature check). Merging the `files` lists fixes that.
+//
+// Usage: node merge-mac-latest-yml.mjs <a.yml> <b.yml> > latest-mac.yml
+//
+// The manifest shape electron-builder emits is small and regular, so we parse
+// it with a focused extractor rather than pulling in a YAML dependency.
+
+import { readFileSync } from 'node:fs'
+
+function parse(path) {
+  const text = readFileSync(path, 'utf-8')
+  const version = (text.match(/^version:\s*(.+)$/m) || [])[1]?.trim()
+  const releaseDate = (text.match(/^releaseDate:\s*(.+)$/m) || [])[1]?.trim()
+  // Each entry under `files:` is `- url: ...` then indented sha512/size lines.
+  const files = []
+  const re = /- url:\s*(\S+)\s*\n\s*sha512:\s*(\S+)\s*\n\s*size:\s*(\d+)/g
+  let m
+  while ((m = re.exec(text)) !== null) {
+    files.push({ url: m[1], sha512: m[2], size: Number(m[3]) })
+  }
+  if (!version || files.length === 0) {
+    throw new Error(`Could not parse manifest at ${path} (version=${version}, files=${files.length})`)
+  }
+  return { version, releaseDate, files }
+}
+
+const [, , aPath, bPath] = process.argv
+if (!aPath || !bPath) {
+  console.error('Usage: merge-mac-latest-yml.mjs <a.yml> <b.yml>')
+  process.exit(1)
+}
+
+const a = parse(aPath)
+const b = parse(bPath)
+
+if (a.version !== b.version) {
+  console.error(`Version mismatch: ${aPath}=${a.version} vs ${bPath}=${b.version}`)
+  process.exit(1)
+}
+
+// Dedupe by url, preserving order (a first, then b).
+const seen = new Set()
+const files = []
+for (const f of [...a.files, ...b.files]) {
+  if (seen.has(f.url)) continue
+  seen.add(f.url)
+  files.push(f)
+}
+
+// Top-level path/sha512/size are the legacy single-file fields; point them at
+// the first entry (arm64 when arm64 is passed first). electron-updater >=6
+// selects from `files` by arch; these remain as a fallback for old clients.
+const head = files[0]
+const releaseDate = a.releaseDate || b.releaseDate
+
+const lines = [`version: ${a.version}`, 'files:']
+for (const f of files) {
+  lines.push(`  - url: ${f.url}`)
+  lines.push(`    sha512: ${f.sha512}`)
+  lines.push(`    size: ${f.size}`)
+}
+lines.push(`path: ${head.url}`)
+lines.push(`sha512: ${head.sha512}`)
+if (releaseDate) lines.push(`releaseDate: ${releaseDate}`)
+process.stdout.write(lines.join('\n') + '\n')
diff --git a/packages/desktop/scripts/package-runtime.mjs b/packages/desktop/scripts/package-runtime.mjs
new file mode 100644
index 0000000..4783ebf
--- /dev/null
+++ b/packages/desktop/scripts/package-runtime.mjs
@@ -0,0 +1,121 @@
+#!/usr/bin/env node
+// Package prepared Python/Node/Git runtime resources into a release asset.
+import {
+  cpSync,
+  createReadStream,
+  existsSync,
+  mkdirSync,
+  mkdtempSync,
+  rmSync,
+  statSync,
+  writeFileSync,
+} from 'node:fs'
+import { createHash } from 'node:crypto'
+import { arch as osArch, platform as osPlatform, tmpdir } from 'node:os'
+import { dirname, join, resolve } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { spawnSync } from 'node:child_process'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const ROOT = resolve(__dirname, '..')
+const TARGET_OS = process.env.TARGET_OS || osPlatform()
+const TARGET_ARCH = process.env.TARGET_ARCH || osArch()
+const OS_LABEL = TARGET_OS === 'win32' ? 'win' : TARGET_OS === 'darwin' ? 'mac' : TARGET_OS
+const PLATFORM = `${OS_LABEL}-${TARGET_ARCH}`
+const OUT_DIR = resolve(ROOT, 'release', 'runtime')
+
+const PY_DIR = resolve(ROOT, 'resources', 'python', PLATFORM)
+const NODE_DIR = resolve(ROOT, 'resources', 'node', PLATFORM)
+const GIT_DIR = resolve(ROOT, 'resources', 'git', PLATFORM)
+const pyBin = TARGET_OS === 'win32'
+  ? resolve(PY_DIR, 'python.exe')
+  : resolve(PY_DIR, 'bin', 'python3')
+
+function run(command, args, options = {}) {
+  const result = spawnSync(command, args, { stdio: 'inherit', ...options })
+  if (result.status !== 0) process.exit(result.status ?? 1)
+  return result
+}
+
+function output(command, args) {
+  const result = spawnSync(command, args, { encoding: 'utf-8' })
+  if (result.status !== 0) {
+    process.stderr.write(result.stderr || result.stdout || '')
+    process.exit(result.status ?? 1)
+  }
+  return result.stdout.trim()
+}
+
+async function sha256File(file) {
+  const hash = createHash('sha256')
+  await new Promise((resolvePromise, rejectPromise) => {
+    const stream = createReadStream(file)
+    stream.on('data', chunk => hash.update(chunk))
+    stream.on('end', resolvePromise)
+    stream.on('error', rejectPromise)
+  })
+  return hash.digest('hex')
+}
+
+for (const dir of [PY_DIR, NODE_DIR]) {
+  if (!existsSync(dir)) {
+    console.error(`Runtime directory missing: ${dir}`)
+    process.exit(1)
+  }
+}
+
+const hermesAgentVersion = output(pyBin, [
+  '-c',
+  'import importlib.metadata as m; print(m.version("hermes-agent"))',
+])
+const assetName = `hermes-runtime-hermes-agent-${hermesAgentVersion}-${PLATFORM}.tar.gz`
+const manifestName = `hermes-runtime-${PLATFORM}.json`
+
+mkdirSync(OUT_DIR, { recursive: true })
+const stage = mkdtempSync(join(tmpdir(), `hermes-runtime-${PLATFORM}-`))
+
+try {
+  cpSync(PY_DIR, join(stage, 'python'), { recursive: true, force: true, verbatimSymlinks: true })
+  cpSync(NODE_DIR, join(stage, 'node'), { recursive: true, force: true, verbatimSymlinks: true })
+  if (existsSync(GIT_DIR)) {
+    cpSync(GIT_DIR, join(stage, 'git'), { recursive: true, force: true, verbatimSymlinks: true })
+  } else {
+    mkdirSync(join(stage, 'git'), { recursive: true })
+    writeFileSync(join(stage, 'git', '.placeholder'), 'Git for Windows is only bundled on Windows.\n')
+  }
+
+  const runtimeManifest = {
+    schema: 1,
+    platform: PLATFORM,
+    targetOs: TARGET_OS,
+    targetArch: TARGET_ARCH,
+    hermesAgentVersion,
+    asset: {
+      name: assetName,
+    },
+  }
+  writeFileSync(join(stage, 'runtime-manifest.json'), JSON.stringify(runtimeManifest, null, 2) + '\n')
+
+  const assetPath = resolve(OUT_DIR, assetName)
+  rmSync(assetPath, { force: true })
+  run('tar', ['-czf', assetPath, '-C', stage, '.'])
+
+  const sha256 = await sha256File(assetPath)
+  writeFileSync(`${assetPath}.sha256`, `${sha256}  ${assetName}\n`)
+
+  const platformManifest = {
+    ...runtimeManifest,
+    createdAt: new Date().toISOString(),
+    asset: {
+      name: assetName,
+      sha256,
+      size: statSync(assetPath).size,
+    },
+  }
+  writeFileSync(resolve(OUT_DIR, manifestName), JSON.stringify(platformManifest, null, 2) + '\n')
+
+  console.log(`Runtime asset: ${assetPath}`)
+  console.log(`Runtime manifest: ${resolve(OUT_DIR, manifestName)}`)
+} finally {
+  rmSync(stage, { recursive: true, force: true })
+}
diff --git a/packages/desktop/scripts/prune-python.mjs b/packages/desktop/scripts/prune-python.mjs
new file mode 100644
index 0000000..390f83d
--- /dev/null
+++ b/packages/desktop/scripts/prune-python.mjs
@@ -0,0 +1,58 @@
+#!/usr/bin/env node
+// Strip __pycache__, *.pyc, tests, idle, tkinter from bundled Python to shrink the installer.
+import { resolve, dirname, join } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { readdirSync, statSync, rmSync, existsSync } from 'node:fs'
+import { platform as osPlatform, arch as osArch } from 'node:os'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const ROOT = resolve(__dirname, '..')
+
+const TARGET_OS = process.env.TARGET_OS || osPlatform()
+const TARGET_ARCH = process.env.TARGET_ARCH || osArch()
+const OS_LABEL = TARGET_OS === 'win32' ? 'win' : TARGET_OS === 'darwin' ? 'mac' : TARGET_OS
+const PY_DIR = resolve(ROOT, 'resources', 'python', `${OS_LABEL}-${TARGET_ARCH}`)
+
+if (!existsSync(PY_DIR)) {
+  console.error(`No bundled python at ${PY_DIR}`)
+  process.exit(1)
+}
+
+const PRUNE_DIR_NAMES = new Set(['__pycache__', 'test', 'tests', 'idle_test', 'idlelib', 'turtledemo', 'tkinter', 'ensurepip'])
+const PRUNE_FILE_SUFFIXES = ['.pyc', '.pyo']
+
+let bytesFreed = 0
+function walk(dir) {
+  let entries
+  try { entries = readdirSync(dir) } catch { return }
+  for (const name of entries) {
+    const p = join(dir, name)
+    let st
+    try { st = statSync(p) } catch { continue }
+    if (st.isDirectory()) {
+      if (PRUNE_DIR_NAMES.has(name)) {
+        bytesFreed += dirSize(p)
+        rmSync(p, { recursive: true, force: true })
+      } else {
+        walk(p)
+      }
+    } else if (PRUNE_FILE_SUFFIXES.some(s => name.endsWith(s))) {
+      bytesFreed += st.size
+      rmSync(p, { force: true })
+    }
+  }
+}
+function dirSize(dir) {
+  let total = 0
+  try {
+    for (const name of readdirSync(dir)) {
+      const p = join(dir, name)
+      const st = statSync(p)
+      total += st.isDirectory() ? dirSize(p) : st.size
+    }
+  } catch {}
+  return total
+}
+
+walk(PY_DIR)
+console.log(`✓ Pruned ~${(bytesFreed / 1024 / 1024).toFixed(1)} MB from ${PY_DIR}`)
diff --git a/packages/desktop/scripts/runtime-asset-name.mjs b/packages/desktop/scripts/runtime-asset-name.mjs
new file mode 100644
index 0000000..65e1173
--- /dev/null
+++ b/packages/desktop/scripts/runtime-asset-name.mjs
@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+import { arch as osArch, platform as osPlatform } from 'node:os'
+import { hermesVersion, runtimeReleaseTag } from './runtime-config.mjs'
+
+const TARGET_OS = process.env.TARGET_OS || osPlatform()
+const TARGET_ARCH = process.env.TARGET_ARCH || osArch()
+const HERMES_VERSION = hermesVersion()
+const RUNTIME_RELEASE_TAG = runtimeReleaseTag()
+const OS_LABEL = TARGET_OS === 'win32' ? 'win' : TARGET_OS === 'darwin' ? 'mac' : TARGET_OS
+
+if (!['win', 'mac', 'linux'].includes(OS_LABEL) || !['x64', 'arm64'].includes(TARGET_ARCH)) {
+  console.error(`Unsupported runtime target: ${TARGET_OS}-${TARGET_ARCH}`)
+  process.exit(1)
+}
+
+const platform = `${OS_LABEL}-${TARGET_ARCH}`
+const asset = `hermes-runtime-hermes-agent-${HERMES_VERSION}-${platform}.tar.gz`
+const manifest = `hermes-runtime-${platform}.json`
+
+if (process.argv.includes('--manifest')) {
+  console.log(manifest)
+} else if (process.argv.includes('--platform')) {
+  console.log(platform)
+} else if (process.argv.includes('--release-tag')) {
+  console.log(RUNTIME_RELEASE_TAG)
+} else {
+  console.log(asset)
+}
diff --git a/packages/desktop/scripts/runtime-config.mjs b/packages/desktop/scripts/runtime-config.mjs
new file mode 100644
index 0000000..58ca082
--- /dev/null
+++ b/packages/desktop/scripts/runtime-config.mjs
@@ -0,0 +1,12 @@
+export const DEFAULT_HERMES_VERSION = '0.15.2'
+
+export function hermesVersion(env = process.env) {
+  return env.HERMES_VERSION || DEFAULT_HERMES_VERSION
+}
+
+export function runtimeReleaseTag(env = process.env) {
+  const version = hermesVersion(env)
+  return env.HERMES_DESKTOP_RUNTIME_RELEASE_TAG
+    || env.RUNTIME_RELEASE_TAG
+    || `hermes-${version}-runtime`
+}
diff --git a/packages/desktop/scripts/write-runtime-release.mjs b/packages/desktop/scripts/write-runtime-release.mjs
new file mode 100644
index 0000000..0096669
--- /dev/null
+++ b/packages/desktop/scripts/write-runtime-release.mjs
@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+import { mkdirSync, writeFileSync } from 'node:fs'
+import { dirname, resolve } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { runtimeReleaseTag } from './runtime-config.mjs'
+
+const __dirname = dirname(fileURLToPath(import.meta.url))
+const ROOT = resolve(__dirname, '..')
+const outFile = resolve(ROOT, 'build', 'runtime-release.json')
+const tag = runtimeReleaseTag()
+
+mkdirSync(dirname(outFile), { recursive: true })
+writeFileSync(outFile, JSON.stringify({ tag }, null, 2) + '\n')
+console.log(`Runtime release metadata: ${tag}`)
diff --git a/packages/desktop/src/main/cli-constants.ts b/packages/desktop/src/main/cli-constants.ts
new file mode 100644
index 0000000..c34be5a
--- /dev/null
+++ b/packages/desktop/src/main/cli-constants.ts
@@ -0,0 +1 @@
+export const HERMES_CLI_ARG = '--hermes-cli'
diff --git a/packages/desktop/src/main/cli-shim.ts b/packages/desktop/src/main/cli-shim.ts
new file mode 100644
index 0000000..1435218
--- /dev/null
+++ b/packages/desktop/src/main/cli-shim.ts
@@ -0,0 +1,232 @@
+import { execFile } from 'node:child_process'
+import {
+  appendFileSync,
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  writeFileSync,
+} from 'node:fs'
+import { homedir } from 'node:os'
+import { delimiter, dirname, join, resolve } from 'node:path'
+import { promisify } from 'node:util'
+import { HERMES_CLI_ARG } from './cli-constants'
+
+const execFileAsync = promisify(execFile)
+
+const SHIM_MARKER = 'HERMES_STUDIO_CLI_SHIM'
+const PATH_MARKER_START = '# >>> Hermes Studio CLI shim >>>'
+const PATH_MARKER_END = '# <<< Hermes Studio CLI shim <<<'
+
+type ShimInstallStatus = 'installed' | 'updated' | 'unchanged' | 'skipped'
+
+export interface CliShimInstallResult {
+  shimPath: string
+  status: ShimInstallStatus
+  pathUpdated: boolean
+  reason?: string
+}
+
+interface CliShimInstallOptions {
+  env?: NodeJS.ProcessEnv
+  executablePath?: string
+  homeDir?: string
+  platform?: NodeJS.Platform
+}
+
+function platformDelimiter(platform: NodeJS.Platform): string {
+  return platform === 'win32' ? ';' : delimiter
+}
+
+function pathKey(value: string, platform: NodeJS.Platform): string {
+  const normalized = resolve(value)
+  return platform === 'win32' ? normalized.toLowerCase() : normalized
+}
+
+export function pathContainsDir(pathValue: string | undefined, binDir: string, platform: NodeJS.Platform = process.platform): boolean {
+  if (!pathValue) return false
+  const target = pathKey(binDir, platform)
+  return pathValue
+    .split(platformDelimiter(platform))
+    .map(entry => entry.trim())
+    .filter(Boolean)
+    .some(entry => pathKey(entry, platform) === target)
+}
+
+function executableForShim(options: Required<Pick<CliShimInstallOptions, 'env' | 'executablePath' | 'platform'>>): string {
+  const appImage = options.platform === 'linux' ? options.env.APPIMAGE?.trim() : ''
+  return appImage || options.executablePath
+}
+
+export function shimPathForPlatform(binDir: string, platform: NodeJS.Platform = process.platform): string {
+  return join(binDir, platform === 'win32' ? 'hermes-studio.cmd' : 'hermes-studio')
+}
+
+function shellQuote(value: string): string {
+  return `'${value.replace(/'/g, `'\\''`)}'`
+}
+
+export function createShimContent(executablePath: string, platform: NodeJS.Platform = process.platform): string {
+  if (platform === 'win32') {
+    return [
+      '@echo off',
+      `rem ${SHIM_MARKER}`,
+      `set "APP=${executablePath}"`,
+      'if not exist "%APP%" (',
+      '  echo Hermes Studio executable not found at "%APP%" 1>&2',
+      '  exit /b 127',
+      ')',
+      'set ELECTRON_RUN_AS_NODE=',
+      `"${'%APP%'}" -- ${HERMES_CLI_ARG} %*`,
+      'exit /b %ERRORLEVEL%',
+      '',
+    ].join('\r\n')
+  }
+
+  return [
+    '#!/bin/sh',
+    `# ${SHIM_MARKER}`,
+    `APP=${shellQuote(executablePath)}`,
+    'if [ ! -x "$APP" ]; then',
+    '  echo "Hermes Studio executable not found at $APP" >&2',
+    '  exit 127',
+    'fi',
+    'unset ELECTRON_RUN_AS_NODE',
+    `exec "$APP" -- ${HERMES_CLI_ARG} "$@"`,
+    '',
+  ].join('\n')
+}
+
+function isManagedShim(content: string): boolean {
+  return content.includes(SHIM_MARKER) && content.includes(HERMES_CLI_ARG)
+}
+
+function writeShim(shimPath: string, content: string, platform: NodeJS.Platform): ShimInstallStatus {
+  if (existsSync(shimPath)) {
+    const existing = readFileSync(shimPath, 'utf-8')
+    if (existing === content) return 'unchanged'
+    if (!isManagedShim(existing)) return 'skipped'
+    writeFileSync(shimPath, content, 'utf-8')
+    if (platform !== 'win32') chmodSync(shimPath, 0o755)
+    return 'updated'
+  }
+
+  writeFileSync(shimPath, content, { encoding: 'utf-8', mode: platform === 'win32' ? 0o644 : 0o755 })
+  if (platform !== 'win32') chmodSync(shimPath, 0o755)
+  return 'installed'
+}
+
+function shellProfilePaths(homeDir: string, platform: NodeJS.Platform, env: NodeJS.ProcessEnv): string[] {
+  if (platform === 'win32') return []
+
+  const shell = env.SHELL?.trim() || ''
+  const name = shell.split('/').pop() || ''
+  if (name === 'fish') return [join(homeDir, '.config', 'fish', 'conf.d', 'hermes-studio.fish')]
+  if (name === 'bash') return [join(homeDir, '.bash_profile'), join(homeDir, '.bashrc')]
+  if (name === 'zsh' || platform === 'darwin') return [join(homeDir, '.zprofile'), join(homeDir, '.zshrc')]
+  return [join(homeDir, '.profile')]
+}
+
+function profileMentionsUserBin(content: string, homeDir: string): boolean {
+  return content.includes('$HOME/bin')
+    || content.includes('~/bin')
+    || content.includes(resolve(homeDir, 'bin'))
+}
+
+function shellPathSnippet(platform: NodeJS.Platform, profilePath: string): string {
+  if (platform !== 'win32' && profilePath.endsWith('.fish')) {
+    return [
+      '',
+      PATH_MARKER_START,
+      'fish_add_path -m "$HOME/bin"',
+      PATH_MARKER_END,
+      '',
+    ].join('\n')
+  }
+
+  return [
+    '',
+    PATH_MARKER_START,
+    'case ":$PATH:" in',
+    '  *":$HOME/bin:"*) ;;',
+    '  *) export PATH="$HOME/bin:$PATH" ;;',
+    'esac',
+    PATH_MARKER_END,
+    '',
+  ].join('\n')
+}
+
+async function ensureWindowsUserPath(binDir: string): Promise<boolean> {
+  let currentPath = ''
+  try {
+    const { stdout } = await execFileAsync('reg.exe', ['query', 'HKCU\\Environment', '/v', 'Path'], {
+      encoding: 'utf-8',
+      timeout: 1500,
+      windowsHide: true,
+    })
+    const line = stdout.split(/\r?\n/).find(row => /^\s*Path\s+REG_/.test(row))
+    if (line) currentPath = line.replace(/^\s*Path\s+REG_\w+\s+/, '').trim()
+  } catch {
+    currentPath = process.env.Path || process.env.PATH || ''
+  }
+
+  if (pathContainsDir(currentPath, binDir, 'win32')) return false
+
+  const separator = currentPath ? ';' : ''
+  await execFileAsync('reg.exe', ['add', 'HKCU\\Environment', '/v', 'Path', '/t', 'REG_EXPAND_SZ', '/d', `${binDir}${separator}${currentPath}`, '/f'], {
+    encoding: 'utf-8',
+    timeout: 1500,
+    windowsHide: true,
+  })
+  return true
+}
+
+function ensureUnixShellPath(homeDir: string, binDir: string, platform: NodeJS.Platform, env: NodeJS.ProcessEnv): boolean {
+  if (pathContainsDir(env.PATH, binDir, platform)) return false
+
+  let updated = false
+  for (const profilePath of shellProfilePaths(homeDir, platform, env)) {
+    const existing = existsSync(profilePath) ? readFileSync(profilePath, 'utf-8') : ''
+    if (existing.includes(PATH_MARKER_START) || profileMentionsUserBin(existing, homeDir)) continue
+
+    mkdirSync(dirname(profilePath), { recursive: true })
+    appendFileSync(profilePath, shellPathSnippet(platform, profilePath), 'utf-8')
+    updated = true
+    break
+  }
+  return updated
+}
+
+async function ensureUserBinOnPath(homeDir: string, binDir: string, platform: NodeJS.Platform, env: NodeJS.ProcessEnv): Promise<boolean> {
+  if (platform === 'win32') {
+    return await ensureWindowsUserPath(binDir)
+  }
+  return ensureUnixShellPath(homeDir, binDir, platform, env)
+}
+
+export async function installHermesStudioCliShim(options: CliShimInstallOptions = {}): Promise<CliShimInstallResult> {
+  const platform = options.platform || process.platform
+  const env = options.env || process.env
+  const homeDir = options.homeDir || homedir()
+  const binDir = resolve(homeDir, 'bin')
+  const executablePath = executableForShim({
+    env,
+    executablePath: options.executablePath || process.execPath,
+    platform,
+  })
+  const shimPath = shimPathForPlatform(binDir, platform)
+
+  mkdirSync(binDir, { recursive: true })
+  const status = writeShim(shimPath, createShimContent(executablePath, platform), platform)
+  const pathUpdated = await ensureUserBinOnPath(homeDir, binDir, platform, env).catch((err) => {
+    console.warn(`[cli-shim] failed to update PATH: ${err instanceof Error ? err.message : String(err)}`)
+    return false
+  })
+
+  return {
+    shimPath,
+    status,
+    pathUpdated,
+    reason: status === 'skipped' ? 'existing hermes-studio shim is not managed by Hermes Studio' : undefined,
+  }
+}
diff --git a/packages/desktop/src/main/desktop-i18n.ts b/packages/desktop/src/main/desktop-i18n.ts
new file mode 100644
index 0000000..7b59554
--- /dev/null
+++ b/packages/desktop/src/main/desktop-i18n.ts
@@ -0,0 +1,289 @@
+import { app } from 'electron'
+
+type DesktopLocale = 'en' | 'zh' | 'zh-TW' | 'ja' | 'ko' | 'fr' | 'es' | 'de' | 'pt'
+
+type TranslationKey =
+  | 'tray.show'
+  | 'tray.hide'
+  | 'tray.checkForUpdates'
+  | 'tray.openAtLogin'
+  | 'tray.quit'
+  | 'update.upToDateTitle'
+  | 'update.upToDateMessage'
+  | 'update.checkingTitle'
+  | 'update.checkingMessage'
+  | 'update.currentVersion'
+  | 'update.availableTitle'
+  | 'update.availableMessage'
+  | 'update.downloading'
+  | 'update.readyTitle'
+  | 'update.readyMessage'
+  | 'update.readyDetail'
+  | 'update.restartNow'
+  | 'update.download'
+  | 'update.later'
+  | 'update.failedTitle'
+  | 'update.failedMessage'
+  | 'update.noUpdateInfoMessage'
+  | 'update.packagedOnlyMessage'
+  | 'common.ok'
+
+const supportedLocales: DesktopLocale[] = ['en', 'zh', 'zh-TW', 'ja', 'ko', 'fr', 'es', 'de', 'pt']
+
+const translations: Record<DesktopLocale, Record<TranslationKey, string>> = {
+  en: {
+    'tray.show': 'Show Hermes Studio',
+    'tray.hide': 'Hide Hermes Studio',
+    'tray.checkForUpdates': 'Check for Updates',
+    'tray.openAtLogin': 'Open at Login',
+    'tray.quit': 'Quit Hermes Studio',
+    'update.upToDateTitle': 'Hermes Studio',
+    'update.upToDateMessage': 'Hermes Studio is up to date.',
+    'update.checkingTitle': 'Hermes Studio',
+    'update.checkingMessage': 'Checking for updates...',
+    'update.currentVersion': 'Current version: {version}',
+    'update.availableTitle': 'Update available',
+    'update.availableMessage': 'Hermes Studio {version} is available.',
+    'update.downloading': 'The update is downloading in the background.',
+    'update.readyTitle': 'Update ready',
+    'update.readyMessage': 'Hermes Studio {version} is ready to install.',
+    'update.readyDetail': 'Restart now to apply the update, or it will be installed on next quit.',
+    'update.restartNow': 'Restart now',
+    'update.download': 'Download',
+    'update.later': 'Later',
+    'update.failedTitle': 'Update check failed',
+    'update.failedMessage': 'Could not check for Hermes Studio updates.',
+    'update.noUpdateInfoMessage': 'Update information is not available for this platform yet.',
+    'update.packagedOnlyMessage': 'Automatic updates are only available in the packaged desktop app.',
+    'common.ok': 'OK',
+  },
+  zh: {
+    'tray.show': '显示 Hermes Studio',
+    'tray.hide': '隐藏 Hermes Studio',
+    'tray.checkForUpdates': '检查更新',
+    'tray.openAtLogin': '开机启动',
+    'tray.quit': '退出 Hermes Studio',
+    'update.upToDateTitle': 'Hermes Studio',
+    'update.upToDateMessage': 'Hermes Studio 已是最新版本。',
+    'update.checkingTitle': 'Hermes Studio',
+    'update.checkingMessage': '正在检查更新...',
+    'update.currentVersion': '当前版本：{version}',
+    'update.availableTitle': '发现新版本',
+    'update.availableMessage': 'Hermes Studio {version} 可用。',
+    'update.downloading': '更新正在后台下载。',
+    'update.readyTitle': '更新已就绪',
+    'update.readyMessage': 'Hermes Studio {version} 已准备好安装。',
+    'update.readyDetail': '立即重启以应用更新，或下次退出时自动安装。',
+    'update.restartNow': '立即重启',
+    'update.download': '下载',
+    'update.later': '稍后',
+    'update.failedTitle': '检查更新失败',
+    'update.failedMessage': '无法检查 Hermes Studio 更新。',
+    'update.noUpdateInfoMessage': '当前平台的更新信息暂不可用。',
+    'update.packagedOnlyMessage': '自动更新仅在打包后的桌面应用中可用。',
+    'common.ok': '确定',
+  },
+  'zh-TW': {
+    'tray.show': '顯示 Hermes Studio',
+    'tray.hide': '隱藏 Hermes Studio',
+    'tray.checkForUpdates': '檢查更新',
+    'tray.openAtLogin': '開機啟動',
+    'tray.quit': '結束 Hermes Studio',
+    'update.upToDateTitle': 'Hermes Studio',
+    'update.upToDateMessage': 'Hermes Studio 已是最新版本。',
+    'update.checkingTitle': 'Hermes Studio',
+    'update.checkingMessage': '正在檢查更新...',
+    'update.currentVersion': '目前版本：{version}',
+    'update.availableTitle': '發現新版本',
+    'update.availableMessage': 'Hermes Studio {version} 可用。',
+    'update.downloading': '更新正在背景下載。',
+    'update.readyTitle': '更新已就緒',
+    'update.readyMessage': 'Hermes Studio {version} 已準備好安裝。',
+    'update.readyDetail': '立即重新啟動以套用更新，或下次結束時自動安裝。',
+    'update.restartNow': '立即重新啟動',
+    'update.download': '下載',
+    'update.later': '稍後',
+    'update.failedTitle': '檢查更新失敗',
+    'update.failedMessage': '無法檢查 Hermes Studio 更新。',
+    'update.noUpdateInfoMessage': '目前平台的更新資訊暫不可用。',
+    'update.packagedOnlyMessage': '自動更新僅可在打包後的桌面應用中使用。',
+    'common.ok': '確定',
+  },
+  ja: {
+    'tray.show': 'Hermes Studio を表示',
+    'tray.hide': 'Hermes Studio を隠す',
+    'tray.checkForUpdates': 'アップデートを確認',
+    'tray.openAtLogin': 'ログイン時に開く',
+    'tray.quit': 'Hermes Studio を終了',
+    'update.upToDateTitle': 'Hermes Studio',
+    'update.upToDateMessage': 'Hermes Studio は最新です。',
+    'update.checkingTitle': 'Hermes Studio',
+    'update.checkingMessage': 'アップデートを確認しています...',
+    'update.currentVersion': '現在のバージョン: {version}',
+    'update.availableTitle': 'アップデートがあります',
+    'update.availableMessage': 'Hermes Studio {version} が利用できます。',
+    'update.downloading': 'アップデートをバックグラウンドでダウンロードしています。',
+    'update.readyTitle': 'アップデートの準備ができました',
+    'update.readyMessage': 'Hermes Studio {version} をインストールできます。',
+    'update.readyDetail': '今すぐ再起動して適用するか、次回終了時にインストールされます。',
+    'update.restartNow': '今すぐ再起動',
+    'update.download': 'ダウンロード',
+    'update.later': '後で',
+    'update.failedTitle': 'アップデート確認に失敗しました',
+    'update.failedMessage': 'Hermes Studio のアップデートを確認できませんでした。',
+    'update.noUpdateInfoMessage': 'このプラットフォームのアップデート情報はまだ利用できません。',
+    'update.packagedOnlyMessage': '自動アップデートはパッケージ版デスクトップアプリでのみ利用できます。',
+    'common.ok': 'OK',
+  },
+  ko: {
+    'tray.show': 'Hermes Studio 표시',
+    'tray.hide': 'Hermes Studio 숨기기',
+    'tray.checkForUpdates': '업데이트 확인',
+    'tray.openAtLogin': '로그인 시 열기',
+    'tray.quit': 'Hermes Studio 종료',
+    'update.upToDateTitle': 'Hermes Studio',
+    'update.upToDateMessage': 'Hermes Studio가 최신 버전입니다.',
+    'update.checkingTitle': 'Hermes Studio',
+    'update.checkingMessage': '업데이트를 확인하는 중...',
+    'update.currentVersion': '현재 버전: {version}',
+    'update.availableTitle': '업데이트 사용 가능',
+    'update.availableMessage': 'Hermes Studio {version}을 사용할 수 있습니다.',
+    'update.downloading': '업데이트를 백그라운드에서 다운로드하고 있습니다.',
+    'update.readyTitle': '업데이트 준비 완료',
+    'update.readyMessage': 'Hermes Studio {version}을 설치할 준비가 되었습니다.',
+    'update.readyDetail': '지금 다시 시작해 업데이트를 적용하거나 다음 종료 시 설치합니다.',
+    'update.restartNow': '지금 다시 시작',
+    'update.download': '다운로드',
+    'update.later': '나중에',
+    'update.failedTitle': '업데이트 확인 실패',
+    'update.failedMessage': 'Hermes Studio 업데이트를 확인할 수 없습니다.',
+    'update.noUpdateInfoMessage': '이 플랫폼의 업데이트 정보를 아직 사용할 수 없습니다.',
+    'update.packagedOnlyMessage': '자동 업데이트는 패키징된 데스크톱 앱에서만 사용할 수 있습니다.',
+    'common.ok': '확인',
+  },
+  fr: {
+    'tray.show': 'Afficher Hermes Studio',
+    'tray.hide': 'Masquer Hermes Studio',
+    'tray.checkForUpdates': 'Rechercher les mises a jour',
+    'tray.openAtLogin': 'Ouvrir a la connexion',
+    'tray.quit': 'Quitter Hermes Studio',
+    'update.upToDateTitle': 'Hermes Studio',
+    'update.upToDateMessage': 'Hermes Studio est a jour.',
+    'update.checkingTitle': 'Hermes Studio',
+    'update.checkingMessage': 'Recherche de mises a jour...',
+    'update.currentVersion': 'Version actuelle : {version}',
+    'update.availableTitle': 'Mise a jour disponible',
+    'update.availableMessage': 'Hermes Studio {version} est disponible.',
+    'update.downloading': 'La mise a jour se telecharge en arriere-plan.',
+    'update.readyTitle': 'Mise a jour prete',
+    'update.readyMessage': 'Hermes Studio {version} est pret a etre installe.',
+    'update.readyDetail': 'Redemarrez maintenant pour appliquer la mise a jour, ou elle sera installee a la prochaine fermeture.',
+    'update.restartNow': 'Redemarrer maintenant',
+    'update.download': 'Telecharger',
+    'update.later': 'Plus tard',
+    'update.failedTitle': 'Echec de la recherche de mise a jour',
+    'update.failedMessage': 'Impossible de rechercher les mises a jour de Hermes Studio.',
+    'update.noUpdateInfoMessage': 'Les informations de mise a jour ne sont pas encore disponibles pour cette plateforme.',
+    'update.packagedOnlyMessage': 'Les mises a jour automatiques ne sont disponibles que dans l application de bureau packagee.',
+    'common.ok': 'OK',
+  },
+  es: {
+    'tray.show': 'Mostrar Hermes Studio',
+    'tray.hide': 'Ocultar Hermes Studio',
+    'tray.checkForUpdates': 'Buscar actualizaciones',
+    'tray.openAtLogin': 'Abrir al iniciar sesion',
+    'tray.quit': 'Salir de Hermes Studio',
+    'update.upToDateTitle': 'Hermes Studio',
+    'update.upToDateMessage': 'Hermes Studio esta actualizado.',
+    'update.checkingTitle': 'Hermes Studio',
+    'update.checkingMessage': 'Buscando actualizaciones...',
+    'update.currentVersion': 'Version actual: {version}',
+    'update.availableTitle': 'Actualizacion disponible',
+    'update.availableMessage': 'Hermes Studio {version} esta disponible.',
+    'update.downloading': 'La actualizacion se esta descargando en segundo plano.',
+    'update.readyTitle': 'Actualizacion lista',
+    'update.readyMessage': 'Hermes Studio {version} esta listo para instalarse.',
+    'update.readyDetail': 'Reinicia ahora para aplicar la actualizacion, o se instalara al salir.',
+    'update.restartNow': 'Reiniciar ahora',
+    'update.download': 'Descargar',
+    'update.later': 'Mas tarde',
+    'update.failedTitle': 'Error al buscar actualizaciones',
+    'update.failedMessage': 'No se pudieron buscar actualizaciones de Hermes Studio.',
+    'update.noUpdateInfoMessage': 'La informacion de actualizacion aun no esta disponible para esta plataforma.',
+    'update.packagedOnlyMessage': 'Las actualizaciones automaticas solo estan disponibles en la app de escritorio empaquetada.',
+    'common.ok': 'Aceptar',
+  },
+  de: {
+    'tray.show': 'Hermes Studio anzeigen',
+    'tray.hide': 'Hermes Studio ausblenden',
+    'tray.checkForUpdates': 'Nach Updates suchen',
+    'tray.openAtLogin': 'Beim Anmelden offnen',
+    'tray.quit': 'Hermes Studio beenden',
+    'update.upToDateTitle': 'Hermes Studio',
+    'update.upToDateMessage': 'Hermes Studio ist auf dem neuesten Stand.',
+    'update.checkingTitle': 'Hermes Studio',
+    'update.checkingMessage': 'Suche nach Updates...',
+    'update.currentVersion': 'Aktuelle Version: {version}',
+    'update.availableTitle': 'Update verfugbar',
+    'update.availableMessage': 'Hermes Studio {version} ist verfugbar.',
+    'update.downloading': 'Das Update wird im Hintergrund heruntergeladen.',
+    'update.readyTitle': 'Update bereit',
+    'update.readyMessage': 'Hermes Studio {version} ist zur Installation bereit.',
+    'update.readyDetail': 'Jetzt neu starten, um das Update anzuwenden, oder es wird beim nachsten Beenden installiert.',
+    'update.restartNow': 'Jetzt neu starten',
+    'update.download': 'Herunterladen',
+    'update.later': 'Spater',
+    'update.failedTitle': 'Update-Prufung fehlgeschlagen',
+    'update.failedMessage': 'Updates fur Hermes Studio konnten nicht gepruft werden.',
+    'update.noUpdateInfoMessage': 'Update-Informationen sind fur diese Plattform noch nicht verfugbar.',
+    'update.packagedOnlyMessage': 'Automatische Updates sind nur in der paketierten Desktop-App verfugbar.',
+    'common.ok': 'OK',
+  },
+  pt: {
+    'tray.show': 'Mostrar Hermes Studio',
+    'tray.hide': 'Ocultar Hermes Studio',
+    'tray.checkForUpdates': 'Verificar atualizacoes',
+    'tray.openAtLogin': 'Abrir ao iniciar sessao',
+    'tray.quit': 'Sair do Hermes Studio',
+    'update.upToDateTitle': 'Hermes Studio',
+    'update.upToDateMessage': 'Hermes Studio esta atualizado.',
+    'update.checkingTitle': 'Hermes Studio',
+    'update.checkingMessage': 'Verificando atualizacoes...',
+    'update.currentVersion': 'Versao atual: {version}',
+    'update.availableTitle': 'Atualizacao disponivel',
+    'update.availableMessage': 'Hermes Studio {version} esta disponivel.',
+    'update.downloading': 'A atualizacao esta sendo baixada em segundo plano.',
+    'update.readyTitle': 'Atualizacao pronta',
+    'update.readyMessage': 'Hermes Studio {version} esta pronto para instalar.',
+    'update.readyDetail': 'Reinicie agora para aplicar a atualizacao, ou ela sera instalada ao sair.',
+    'update.restartNow': 'Reiniciar agora',
+    'update.download': 'Baixar',
+    'update.later': 'Depois',
+    'update.failedTitle': 'Falha ao verificar atualizacoes',
+    'update.failedMessage': 'Nao foi possivel verificar atualizacoes do Hermes Studio.',
+    'update.noUpdateInfoMessage': 'As informacoes de atualizacao ainda nao estao disponiveis para esta plataforma.',
+    'update.packagedOnlyMessage': 'Atualizacoes automaticas estao disponiveis apenas no app desktop empacotado.',
+    'common.ok': 'OK',
+  },
+}
+
+function resolveLocale(): DesktopLocale {
+  const tag = app.getLocale()
+  const lower = tag.toLowerCase()
+  if (lower.startsWith('zh')) {
+    return lower.includes('hant') || lower.includes('-tw') || lower.includes('-hk') || lower.includes('-mo')
+      ? 'zh-TW'
+      : 'zh'
+  }
+
+  const short = tag.slice(0, 2) as DesktopLocale
+  return supportedLocales.includes(short) ? short : 'en'
+}
+
+export function t(key: TranslationKey, params: Record<string, string> = {}): string {
+  const message = translations[resolveLocale()][key] || translations.en[key]
+  return Object.entries(params).reduce(
+    (value, [name, replacement]) => value.replaceAll(`{${name}}`, replacement),
+    message,
+  )
+}
diff --git a/packages/desktop/src/main/hermes-cli.ts b/packages/desktop/src/main/hermes-cli.ts
new file mode 100644
index 0000000..7eeb8f3
--- /dev/null
+++ b/packages/desktop/src/main/hermes-cli.ts
@@ -0,0 +1,96 @@
+import { spawn } from 'node:child_process'
+import { existsSync, mkdirSync } from 'node:fs'
+import { delimiter, dirname, join } from 'node:path'
+import {
+  bundledBrowserExecutable,
+  bundledGit,
+  bundledNode,
+  bundledPython,
+  gitPathDirs,
+  hermesBin,
+  hermesHome,
+  nodeBinDir,
+  pythonDir,
+  webUiHome,
+} from './paths'
+import { HERMES_CLI_ARG } from './cli-constants'
+import { ensureDesktopRuntime } from './runtime-manager'
+
+export function parseHermesCliArgs(argv: string[] = process.argv): string[] | null {
+  const index = argv.indexOf(HERMES_CLI_ARG)
+  if (index < 0) return null
+  return argv.slice(index + 1)
+}
+
+export async function runBundledHermesCli(args: string[]): Promise<number> {
+  try {
+    await ensureDesktopRuntime()
+  } catch (err) {
+    console.error(`Failed to prepare Hermes runtime: ${err instanceof Error ? err.message : String(err)}`)
+    return 1
+  }
+
+  const command = hermesBin()
+  if (!existsSync(command)) {
+    console.error(`hermes binary missing at ${command}`)
+    console.error('Run: npm run prepare:runtime (to build a local Hermes runtime)')
+    return 127
+  }
+
+  mkdirSync(webUiHome(), { recursive: true })
+  mkdirSync(hermesHome(), { recursive: true })
+
+  const binDir = dirname(command)
+  const bundledNodeBin = nodeBinDir()
+  const bundledAgentBrowserBin = process.platform === 'win32'
+    ? join(pythonDir(), 'node')
+    : join(pythonDir(), 'node', 'bin')
+  const inheritedPath = process.env.PATH || process.env.Path || ''
+  const pathValue = [
+    binDir,
+    bundledAgentBrowserBin,
+    bundledNodeBin,
+    gitPathDirs().join(delimiter),
+    inheritedPath,
+  ].filter(Boolean).join(delimiter)
+  const gitBin = bundledGit()
+  const browserExecutable = process.env.AGENT_BROWSER_EXECUTABLE_PATH?.trim() || bundledBrowserExecutable()
+  const env: NodeJS.ProcessEnv = {
+    ...process.env,
+    HERMES_DESKTOP: 'true',
+    HERMES_BIN: command,
+    HERMES_AGENT_BRIDGE_PYTHON: bundledPython(),
+    HERMES_AGENT_CLI_PYTHON: bundledPython(),
+    HERMES_AGENT_ROOT: pythonDir(),
+    HERMES_AGENT_NODE: bundledNode(),
+    HERMES_AGENT_NODE_ROOT: process.platform === 'win32' ? bundledNodeBin : dirname(bundledNodeBin),
+    AGENT_BROWSER_HOME: process.env.AGENT_BROWSER_HOME?.trim() || join(hermesHome(), 'agent-browser'),
+    ...(browserExecutable ? { AGENT_BROWSER_EXECUTABLE_PATH: browserExecutable } : {}),
+    PLAYWRIGHT_BROWSERS_PATH: process.env.PLAYWRIGHT_BROWSERS_PATH || join(pythonDir(), 'ms-playwright'),
+    ...(gitBin ? { HERMES_AGENT_GIT: gitBin } : {}),
+    HERMES_HOME: hermesHome(),
+    HERMES_WEB_UI_HOME: webUiHome(),
+    HERMES_WEBUI_STATE_DIR: webUiHome(),
+    PATH: pathValue,
+  }
+
+  return await new Promise(resolve => {
+    const child = spawn(command, args, {
+      env,
+      stdio: 'inherit',
+      windowsHide: false,
+    })
+    child.once('error', (err) => {
+      console.error(`Failed to run bundled Hermes CLI: ${err.message}`)
+      resolve(1)
+    })
+    child.once('exit', (code, signal) => {
+      if (typeof code === 'number') {
+        resolve(code)
+        return
+      }
+      console.error(`Bundled Hermes CLI exited from signal ${signal || 'unknown'}`)
+      resolve(1)
+    })
+  })
+}
diff --git a/packages/desktop/src/main/index.ts b/packages/desktop/src/main/index.ts
new file mode 100644
index 0000000..d0d319a
--- /dev/null
+++ b/packages/desktop/src/main/index.ts
@@ -0,0 +1,368 @@
+import { app, BrowserWindow, Menu, Tray, shell, ipcMain, nativeImage } from 'electron'
+import { join } from 'node:path'
+import { startWebUiServer, stopWebUiServer, getToken } from './webui-server'
+import { desktopIcon, desktopTrayTemplateIcon, desktopWindowsTrayIcon, hermesBinExists, hermesBin } from './paths'
+import { checkForDesktopUpdates, initAutoUpdater } from './updater'
+import { t } from './desktop-i18n'
+import { installHermesStudioCliShim } from './cli-shim'
+import { parseHermesCliArgs, runBundledHermesCli } from './hermes-cli'
+import { ensureDesktopRuntime, type RuntimeProgress } from './runtime-manager'
+
+const PORT = Number(process.env.HERMES_DESKTOP_PORT) || 8748
+const START_HIDDEN = process.argv.includes('--hidden')
+const QUIT_EXISTING = process.argv.includes('--quit')
+
+let mainWindow: BrowserWindow | null = null
+let serverUrl: string | null = null
+let tray: Tray | null = null
+let isQuitting = false
+let isBootstrapping = false
+
+function showMainWindow() {
+  if (!mainWindow) {
+    createWindow()
+  }
+  if (!mainWindow) return
+  if (mainWindow.isMinimized()) mainWindow.restore()
+  mainWindow.show()
+  mainWindow.focus()
+}
+
+function quitApp() {
+  isQuitting = true
+  app.quit()
+}
+
+function loginItemOptions() {
+  return {
+    path: process.execPath,
+    args: ['--hidden'],
+  }
+}
+
+function getOpenAtLogin(): boolean {
+  return app.getLoginItemSettings(loginItemOptions()).openAtLogin
+}
+
+function setOpenAtLogin(openAtLogin: boolean) {
+  app.setLoginItemSettings({
+    ...loginItemOptions(),
+    openAtLogin,
+    openAsHidden: true,
+  })
+}
+
+function updateTrayMenu() {
+  if (!tray) return
+  const isVisible = !!mainWindow && mainWindow.isVisible()
+  const menu = Menu.buildFromTemplate([
+    {
+      label: isVisible ? t('tray.hide') : t('tray.show'),
+      click: () => {
+        if (mainWindow?.isVisible()) {
+          mainWindow.hide()
+        } else {
+          showMainWindow()
+        }
+        updateTrayMenu()
+      },
+    },
+    {
+      label: t('tray.checkForUpdates'),
+      click: () => {
+        checkForDesktopUpdates(true).catch(err => {
+          console.error('[tray] update check failed:', err)
+        })
+      },
+    },
+    {
+      label: t('tray.openAtLogin'),
+      type: 'checkbox',
+      checked: getOpenAtLogin(),
+      click: (item) => {
+        setOpenAtLogin(item.checked)
+        updateTrayMenu()
+      },
+    },
+    { type: 'separator' },
+    {
+      label: t('tray.quit'),
+      click: quitApp,
+    },
+  ])
+  tray.setContextMenu(menu)
+}
+
+function createTray() {
+  if (tray) return
+  const source = process.platform === 'darwin'
+    ? desktopTrayTemplateIcon()
+    : process.platform === 'win32'
+      ? desktopWindowsTrayIcon()
+      : desktopIcon()
+  const icon = nativeImage.createFromPath(source).resize({
+    width: process.platform === 'darwin' ? 18 : process.platform === 'win32' ? 24 : 16,
+    height: process.platform === 'darwin' ? 18 : process.platform === 'win32' ? 24 : 16,
+    quality: 'best',
+  })
+  if (process.platform === 'darwin') {
+    icon.setTemplateImage(true)
+  }
+  tray = new Tray(icon)
+  tray.setToolTip('Hermes Studio')
+  tray.on('click', () => {
+    showMainWindow()
+    updateTrayMenu()
+  })
+  updateTrayMenu()
+}
+
+function createWindow() {
+  mainWindow = new BrowserWindow({
+    width: 1280,
+    height: 820,
+    minWidth: 960,
+    minHeight: 600,
+    title: 'Hermes Studio',
+    backgroundColor: '#1a1a1a',
+    autoHideMenuBar: true,
+    show: !START_HIDDEN,
+    ...(process.platform === 'linux' ? { icon: desktopIcon() } : {}),
+    webPreferences: {
+      preload: join(__dirname, '..', 'preload', 'index.js'),
+      contextIsolation: true,
+      nodeIntegration: false,
+      sandbox: false,
+    },
+  })
+
+  mainWindow.on('close', (event) => {
+    if (isQuitting) return
+    event.preventDefault()
+    mainWindow?.hide()
+    updateTrayMenu()
+  })
+
+  mainWindow.on('show', updateTrayMenu)
+  mainWindow.on('hide', updateTrayMenu)
+
+  // External links → system browser
+  mainWindow.webContents.setWindowOpenHandler(({ url }) => {
+    if (url.startsWith('http://127.0.0.1') || url.startsWith('http://localhost')) {
+      return { action: 'allow' }
+    }
+    shell.openExternal(url).catch(() => undefined)
+    return { action: 'deny' }
+  })
+
+  // If the Web UI server is already up (re-opening window after close on
+  // macOS), go straight to it. Otherwise show a loading splash; bootstrap()
+  // will swap in the real URL once the server is ready.
+  if (serverUrl) {
+    mainWindow.loadURL(serverUrl)
+  } else {
+    mainWindow.loadURL(splashHtml())
+  }
+  updateTrayMenu()
+}
+
+function splashHtml(): string {
+  const html = `<!doctype html><html><head><meta charset="utf-8"><title>Hermes Studio</title>
+<style>
+  html,body{margin:0;height:100%;background:#1a1a1a;color:#e5e5e5;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif;}
+  .wrap{display:flex;flex-direction:column;align-items:center;justify-content:center;height:100%;gap:20px}
+  .dot{width:10px;height:10px;border-radius:50%;background:#888;animation:pulse 1.2s ease-in-out infinite}
+  @keyframes pulse{0%,100%{opacity:.3}50%{opacity:1}}
+  .row{display:flex;gap:8px}
+  .row .dot:nth-child(2){animation-delay:.2s}.row .dot:nth-child(3){animation-delay:.4s}
+  .label{font-size:14px;color:#b8b8b8}
+  .detail{min-height:18px;font-size:12px;color:#7f7f7f}
+  .progress{width:320px;height:6px;border-radius:999px;background:#2b2b2b;overflow:hidden}
+  .bar{width:0;height:100%;background:#d8d8d8;transition:width .18s ease}
+  h1{font-weight:500;margin:0;font-size:18px}
+</style></head><body><div class="wrap">
+<h1>Hermes Studio</h1>
+<div class="row"><div class="dot"></div><div class="dot"></div><div class="dot"></div></div>
+<div id="label" class="label">Starting local services...</div>
+<div class="progress"><div id="bar" class="bar"></div></div>
+<div id="detail" class="detail"></div>
+</div></body></html>`
+  return 'data:text/html;charset=utf-8,' + encodeURIComponent(html)
+}
+
+function formatBytes(bytes: number): string {
+  if (bytes < 1024) return `${bytes} B`
+  const units = ['KB', 'MB', 'GB']
+  let value = bytes / 1024
+  let unit = units[0]
+  for (let i = 1; i < units.length && value >= 1024; i += 1) {
+    value /= 1024
+    unit = units[i]
+  }
+  return `${value.toFixed(value >= 100 ? 0 : 1)} ${unit}`
+}
+
+function updateSplash(progress: RuntimeProgress) {
+  if (!mainWindow || mainWindow.isDestroyed()) return
+  const label = progress.message
+  const percent = typeof progress.percent === 'number' ? Math.round(progress.percent) : null
+  let detail = ''
+  if (progress.receivedBytes && progress.totalBytes) {
+    detail = `${formatBytes(progress.receivedBytes)} / ${formatBytes(progress.totalBytes)}`
+    if (percent !== null) detail += ` (${percent}%)`
+  } else if (percent !== null) {
+    detail = `${percent}%`
+  }
+
+  mainWindow.webContents.executeJavaScript(`
+    {
+      const label = document.getElementById('label');
+      const detail = document.getElementById('detail');
+      const bar = document.getElementById('bar');
+      if (label) label.textContent = ${JSON.stringify(label)};
+      if (detail) detail.textContent = ${JSON.stringify(detail)};
+      if (bar) bar.style.width = ${JSON.stringify(percent === null ? '100%' : `${percent}%`)};
+    }
+  `).catch(() => undefined)
+}
+
+async function bootstrap() {
+  if (isBootstrapping) return
+  isBootstrapping = true
+
+  try {
+    await ensureDesktopRuntime(updateSplash)
+  } catch (err) {
+    console.error('Failed to prepare Hermes runtime:', err)
+    if (mainWindow) {
+      const msg = String(err instanceof Error ? err.message : err).replace(/[<>]/g, '')
+      mainWindow.loadURL('data:text/html;charset=utf-8,' + encodeURIComponent(
+        `<html><body style="font-family:system-ui;padding:32px;background:#1a1a1a;color:#eee">
+         <h2>Failed to prepare Hermes runtime</h2><pre style="white-space:pre-wrap;color:#f88">${msg}</pre>
+         <button id="retry" style="margin-top:16px;padding:8px 14px;border:1px solid #555;border-radius:6px;background:#2b2b2b;color:#eee;cursor:pointer">Retry</button>
+         <script>
+           document.getElementById('retry')?.addEventListener('click', () => {
+             window.hermesDesktop?.retryBootstrap?.()
+           })
+         </script>
+         </body></html>`,
+      ))
+    }
+    isBootstrapping = false
+    return
+  }
+
+  if (!hermesBinExists()) {
+    console.error(`hermes binary missing at ${hermesBin()}`)
+    console.error('Run: npm run prepare:runtime (to build a local Hermes runtime)')
+  }
+
+  try {
+    const url = await startWebUiServer(PORT)
+    serverUrl = url
+    if (mainWindow) await mainWindow.loadURL(url)
+  } catch (err) {
+    console.error('Failed to start Web UI server:', err)
+    if (mainWindow) {
+      const msg = String(err instanceof Error ? err.message : err).replace(/[<>]/g, '')
+      mainWindow.loadURL('data:text/html;charset=utf-8,' + encodeURIComponent(
+        `<html><body style="font-family:system-ui;padding:32px;background:#1a1a1a;color:#eee">
+         <h2>Failed to start local services</h2><pre style="white-space:pre-wrap;color:#f88">${msg}</pre>
+         </body></html>`,
+      ))
+    }
+  } finally {
+    isBootstrapping = false
+  }
+}
+
+ipcMain.handle('hermes-desktop:get-token', () => getToken())
+ipcMain.handle('hermes-desktop:retry-bootstrap', async () => {
+  if (serverUrl) {
+    await mainWindow?.loadURL(serverUrl)
+    return
+  }
+  await mainWindow?.loadURL(splashHtml())
+  await bootstrap()
+})
+
+function runDesktopApp() {
+  const gotLock = app.requestSingleInstanceLock()
+  if (!gotLock) {
+    app.quit()
+    return
+  }
+
+  app.on('second-instance', (_event, argv) => {
+    if (argv.includes('--quit')) {
+      quitApp()
+      return
+    }
+    showMainWindow()
+  })
+
+  app.whenReady().then(() => {
+    if (QUIT_EXISTING) {
+      quitApp()
+      return
+    }
+
+    // Drop the default File/Edit/View/Window menu on Windows/Linux. The web
+    // UI provides its own in-page controls, so the native menu bar is just
+    // visual clutter. macOS keeps a menu (system requirement) but Electron's
+    // default is fine there.
+    if (process.platform !== 'darwin') Menu.setApplicationMenu(null)
+    if (app.isPackaged) {
+      installHermesStudioCliShim().then(result => {
+        if (result.status === 'skipped') {
+          console.warn(`[cli-shim] ${result.reason}: ${result.shimPath}`)
+        }
+      }).catch(err => {
+        console.warn(`[cli-shim] failed to install hermes-studio command: ${err instanceof Error ? err.message : String(err)}`)
+      })
+    }
+    createTray()
+    createWindow()
+    bootstrap()
+    initAutoUpdater({
+      beforeQuitAndInstall: () => {
+        isQuitting = true
+      },
+    })
+    app.on('activate', () => {
+      if (BrowserWindow.getAllWindows().length === 0) {
+        createWindow()
+      } else if (mainWindow) {
+        showMainWindow()
+      }
+    })
+  })
+
+  app.on('window-all-closed', () => {
+    if (isQuitting && process.platform !== 'darwin') app.quit()
+  })
+
+  app.on('before-quit', async (e) => {
+    if (!isQuitting && process.platform !== 'darwin') {
+      e.preventDefault()
+      mainWindow?.hide()
+      updateTrayMenu()
+      return
+    }
+    e.preventDefault()
+    await stopWebUiServer().catch(() => undefined)
+    app.exit(0)
+  })
+}
+
+const hermesCliArgs = parseHermesCliArgs(process.argv)
+if (hermesCliArgs) {
+  runBundledHermesCli(hermesCliArgs)
+    .then(code => app.exit(code))
+    .catch(err => {
+      console.error(`Failed to run bundled Hermes CLI: ${err instanceof Error ? err.message : String(err)}`)
+      app.exit(1)
+    })
+} else {
+  runDesktopApp()
+}
diff --git a/packages/desktop/src/main/paths.ts b/packages/desktop/src/main/paths.ts
new file mode 100644
index 0000000..b722ec4
--- /dev/null
+++ b/packages/desktop/src/main/paths.ts
@@ -0,0 +1,190 @@
+import { app } from 'electron'
+import { existsSync, readdirSync } from 'node:fs'
+import { join, resolve } from 'node:path'
+import { homedir, platform, arch } from 'node:os'
+
+const isWin = platform() === 'win32'
+const osLabel = isWin ? 'win' : platform() === 'darwin' ? 'mac' : platform() // mac | linux | win
+const archLabel = arch() // arm64 | x64
+
+export function isPackaged() {
+  return app.isPackaged
+}
+
+// Bundled web-ui directory.
+// dev:  <repo root> (or HERMES_WEB_UI_DIR)
+// prod: <resources>/webui
+export function webuiDir(): string {
+  if (app.isPackaged) return resolve(process.resourcesPath, 'webui')
+  return process.env.HERMES_WEB_UI_DIR?.trim() || resolve(app.getAppPath(), '..', '..')
+}
+
+export function webuiServerEntry(): string {
+  return join(webuiDir(), 'dist', 'server', 'index.js')
+}
+
+export function runtimePlatformKey(): string {
+  return `${osLabel}-${archLabel}`
+}
+
+export function desktopRuntimeDir(): string {
+  const override = process.env.HERMES_DESKTOP_RUNTIME_DIR?.trim()
+  if (override) return resolve(override)
+  return join(webUiHome(), 'desktop-runtime', runtimePlatformKey())
+}
+
+function packagedResourceDir(name: string): string {
+  return resolve(process.resourcesPath, name)
+}
+
+// dev:  packages/desktop/resources/python/<os>-<arch>
+// prod: <resources>/python when present, otherwise downloaded runtime cache.
+export function pythonDir(): string {
+  if (app.isPackaged) {
+    const packaged = packagedResourceDir('python')
+    return existsSync(packaged) ? packaged : join(desktopRuntimeDir(), 'python')
+  }
+  return resolve(app.getAppPath(), 'resources', 'python', runtimePlatformKey())
+}
+
+export function nodeDir(): string {
+  if (app.isPackaged) {
+    const packaged = packagedResourceDir('node')
+    return existsSync(packaged) ? packaged : join(desktopRuntimeDir(), 'node')
+  }
+  return resolve(app.getAppPath(), 'resources', 'node', runtimePlatformKey())
+}
+
+export function nodeBinDir(): string {
+  const dir = nodeDir()
+  return isWin ? dir : join(dir, 'bin')
+}
+
+export function bundledNode(): string {
+  return isWin ? join(nodeDir(), 'node.exe') : join(nodeBinDir(), 'node')
+}
+
+export function gitDir(): string {
+  if (app.isPackaged) {
+    const packaged = packagedResourceDir('git')
+    return existsSync(packaged) ? packaged : join(desktopRuntimeDir(), 'git')
+  }
+  return resolve(app.getAppPath(), 'resources', 'git', runtimePlatformKey())
+}
+
+export function gitPathDirs(): string[] {
+  if (!isWin) return []
+  const dir = gitDir()
+  return [
+    join(dir, 'cmd'),
+    join(dir, 'mingw64', 'bin'),
+    join(dir, 'usr', 'bin'),
+  ].filter(existsSync)
+}
+
+export function bundledGit(): string | undefined {
+  if (!isWin) return undefined
+  const git = join(gitDir(), 'cmd', 'git.exe')
+  return existsSync(git) ? git : undefined
+}
+
+export function bundledAgentBrowserHome(): string {
+  return join(pythonDir(), 'agent-browser')
+}
+
+function browserExecutableNames(): Set<string> {
+  if (isWin) return new Set(['chrome.exe'])
+  if (platform() === 'darwin') return new Set(['Google Chrome for Testing', 'Google Chrome', 'Chromium', 'chrome'])
+  return new Set(['chrome', 'chromium', 'chromium-browser'])
+}
+
+export function bundledBrowserExecutable(): string | undefined {
+  const names = browserExecutableNames()
+  const stack = [join(bundledAgentBrowserHome(), 'browsers'), bundledAgentBrowserHome()].filter(existsSync)
+  const visited = new Set<string>()
+
+  while (stack.length > 0) {
+    const dir = stack.pop()
+    if (!dir || visited.has(dir)) continue
+    visited.add(dir)
+
+    let entries
+    try {
+      entries = readdirSync(dir, { withFileTypes: true })
+    } catch {
+      continue
+    }
+
+    for (const entry of entries) {
+      const path = join(dir, entry.name)
+      if (entry.isFile() && names.has(entry.name)) return path
+      if (entry.isDirectory()) stack.push(path)
+    }
+  }
+
+  return undefined
+}
+
+export function pythonBinDir(): string {
+  const dir = pythonDir()
+  return isWin ? join(dir, 'Scripts') : join(dir, 'bin')
+}
+
+export function bundledPython(): string {
+  const dir = pythonDir()
+  return isWin ? join(dir, 'python.exe') : join(dir, 'bin', 'python3')
+}
+
+export function hermesBin(): string {
+  return isWin ? join(pythonBinDir(), 'hermes.exe') : join(pythonBinDir(), 'hermes')
+}
+
+export function hermesBinExists(): boolean {
+  return existsSync(hermesBin())
+}
+
+export function desktopIcon(): string {
+  if (app.isPackaged) return resolve(process.resourcesPath, 'build', 'icon.png')
+  return resolve(app.getAppPath(), 'build', 'icon.png')
+}
+
+export function desktopWindowsTrayIcon(): string {
+  if (app.isPackaged) return resolve(process.resourcesPath, 'build', 'trayWindows.png')
+  return resolve(app.getAppPath(), 'build', 'trayWindows.png')
+}
+
+export function desktopTrayTemplateIcon(): string {
+  if (app.isPackaged) return resolve(process.resourcesPath, 'build', 'trayTemplate.png')
+  return resolve(app.getAppPath(), 'build', 'trayTemplate.png')
+}
+
+export function webUiHome(): string {
+  return process.env.HERMES_WEB_UI_HOME?.trim() || resolve(homedir(), '.hermes-web-ui')
+}
+
+export function hermesHome(): string {
+  const override = process.env.HERMES_HOME?.trim()
+  if (override) return resolve(override)
+
+  const defaultHome = resolve(homedir(), '.hermes')
+
+  if (isWin) {
+    const candidates = [
+      process.env.LOCALAPPDATA,
+      process.env.APPDATA,
+    ]
+      .map(value => value?.trim())
+      .filter((value): value is string => !!value)
+      .map(value => resolve(value, 'hermes'))
+
+    for (const candidate of candidates) {
+      if (existsSync(candidate)) return candidate
+    }
+  }
+
+  return defaultHome
+}
+
+export function tokenFile(): string {
+  return join(webUiHome(), '.token')
+}
diff --git a/packages/desktop/src/main/runtime-manager.ts b/packages/desktop/src/main/runtime-manager.ts
new file mode 100644
index 0000000..48f7587
--- /dev/null
+++ b/packages/desktop/src/main/runtime-manager.ts
@@ -0,0 +1,319 @@
+import { execFile } from 'node:child_process'
+import { createHash } from 'node:crypto'
+import {
+  createReadStream,
+  createWriteStream,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  renameSync,
+  rmSync,
+  statSync,
+  writeFileSync,
+} from 'node:fs'
+import { get as httpGet } from 'node:http'
+import { get as httpsGet } from 'node:https'
+import { basename, dirname, join, relative } from 'node:path'
+import { promisify } from 'node:util'
+import { app } from 'electron'
+import {
+  bundledGit,
+  bundledNode,
+  desktopRuntimeDir,
+  hermesBinExists,
+  runtimePlatformKey,
+} from './paths'
+
+const execFileAsync = promisify(execFile)
+const DEFAULT_RUNTIME_BASE_URL = 'https://download.ekkolearnai.com'
+const RUNTIME_MANIFEST_NAME = 'runtime-manifest.json'
+const PACKAGED_RUNTIME_RELEASE_NAME = 'runtime-release.json'
+
+type RuntimeManifest = {
+  schema: number
+  platform: string
+  hermesAgentVersion?: string
+  asset?: {
+    name: string
+    url?: string
+    sha256?: string
+    size?: number
+  }
+}
+
+type RuntimeDescriptor = {
+  name: string
+  url: string
+  sha256?: string
+  hermesAgentVersion?: string
+}
+
+export type RuntimeProgress = {
+  stage: 'resolve' | 'download' | 'verify' | 'extract' | 'ready'
+  message: string
+  percent?: number
+  receivedBytes?: number
+  totalBytes?: number
+}
+
+type RuntimeProgressHandler = (progress: RuntimeProgress) => void
+
+function requiredRuntimeFiles(root: string): string[] {
+  const pythonBin = process.platform === 'win32'
+    ? join(root, 'python', 'python.exe')
+    : join(root, 'python', 'bin', 'python3')
+  const hermesBin = process.platform === 'win32'
+    ? join(root, 'python', 'Scripts', 'hermes.exe')
+    : join(root, 'python', 'bin', 'hermes')
+  const nodeBin = process.platform === 'win32'
+    ? join(root, 'node', 'node.exe')
+    : join(root, 'node', 'bin', 'node')
+  const files = [pythonBin, hermesBin, nodeBin, join(root, RUNTIME_MANIFEST_NAME)]
+  if (process.platform === 'win32') files.push(join(root, 'git', 'cmd', 'git.exe'))
+  return files
+}
+
+function missingRuntimeFiles(root: string): string[] {
+  return requiredRuntimeFiles(root).filter(file => !existsSync(file))
+}
+
+function runtimeReady(): boolean {
+  const gitReady = process.platform !== 'win32' || !!bundledGit()
+  return hermesBinExists() && existsSync(bundledNode()) && gitReady
+}
+
+function releaseTagCandidates(): string[] {
+  const override = process.env.HERMES_DESKTOP_RUNTIME_RELEASE_TAG?.trim()
+  if (override) return [override]
+
+  const version = app.getVersion()
+  const candidates = [packagedRuntimeReleaseTag(), version, `v${version}`, 'latest']
+  return Array.from(new Set(candidates.filter((tag): tag is string => typeof tag === 'string' && tag.length > 0)))
+}
+
+function packagedRuntimeReleaseTag(): string | null {
+  const candidates = app.isPackaged
+    ? [join(process.resourcesPath, 'build', PACKAGED_RUNTIME_RELEASE_NAME)]
+    : [join(app.getAppPath(), 'build', PACKAGED_RUNTIME_RELEASE_NAME)]
+
+  for (const candidate of candidates) {
+    if (!existsSync(candidate)) continue
+    try {
+      const metadata = JSON.parse(readFileSync(candidate, 'utf-8')) as { tag?: unknown }
+      if (typeof metadata.tag === 'string' && metadata.tag.trim()) return metadata.tag.trim()
+    } catch {}
+  }
+
+  return null
+}
+
+function runtimeAssetUrl(assetName: string, tag: string): string {
+  const repo = process.env.HERMES_DESKTOP_RUNTIME_REPO?.trim()
+  if (repo) {
+    if (tag === 'latest') {
+      return `https://github.com/${repo}/releases/latest/download/${encodeURIComponent(assetName)}`
+    }
+    return `https://github.com/${repo}/releases/download/${encodeURIComponent(tag)}/${encodeURIComponent(assetName)}`
+  }
+
+  const template = process.env.HERMES_DESKTOP_RUNTIME_BASE_URL?.trim() || DEFAULT_RUNTIME_BASE_URL
+  if (template.includes('{asset}') || template.includes('{tag}')) {
+    return template
+      .replace(/\{asset\}/g, encodeURIComponent(assetName))
+      .replace(/\{tag\}/g, encodeURIComponent(tag))
+  }
+  return `${template.replace(/\/$/, '')}/${encodeURIComponent(tag)}/${encodeURIComponent(assetName)}`
+}
+
+async function fetchJson<T>(url: string): Promise<T> {
+  const response = await fetch(url)
+  if (!response.ok) {
+    throw new Error(`GET ${url} returned ${response.status}`)
+  }
+  return await response.json() as T
+}
+
+async function resolveRuntimeDescriptor(): Promise<RuntimeDescriptor> {
+  const directUrl = process.env.HERMES_DESKTOP_RUNTIME_URL?.trim()
+  if (directUrl) {
+    return { name: basename(new URL(directUrl).pathname) || 'hermes-runtime.tar.gz', url: directUrl }
+  }
+
+  const platformManifestName = `hermes-runtime-${runtimePlatformKey()}.json`
+  const manifestOverride = process.env.HERMES_DESKTOP_RUNTIME_MANIFEST_URL?.trim()
+  const candidates = manifestOverride
+    ? [{ tag: '', url: manifestOverride }]
+    : releaseTagCandidates().map(tag => ({ tag, url: runtimeAssetUrl(platformManifestName, tag) }))
+
+  let lastError: Error | null = null
+  for (const candidate of candidates) {
+    try {
+      const manifest = await fetchJson<RuntimeManifest>(candidate.url)
+      if (!manifest.asset?.name) {
+        throw new Error(`runtime manifest is missing asset.name: ${candidate.url}`)
+      }
+      return {
+        name: manifest.asset.name,
+        url: manifest.asset.url || runtimeAssetUrl(manifest.asset.name, candidate.tag),
+        sha256: manifest.asset.sha256,
+        hermesAgentVersion: manifest.hermesAgentVersion,
+      }
+    } catch (err) {
+      lastError = err instanceof Error ? err : new Error(String(err))
+    }
+  }
+
+  throw lastError || new Error('Unable to resolve Hermes desktop runtime package')
+}
+
+function readCachedRuntimeManifest(root: string): RuntimeManifest | null {
+  const file = join(root, RUNTIME_MANIFEST_NAME)
+  if (!existsSync(file)) return null
+  try {
+    return JSON.parse(readFileSync(file, 'utf-8')) as RuntimeManifest
+  } catch {
+    return null
+  }
+}
+
+function cachedRuntimeMatches(root: string, descriptor: RuntimeDescriptor): boolean {
+  if (!runtimeReady()) return false
+  const manifest = readCachedRuntimeManifest(root)
+  if (!manifest?.asset?.name) return true
+  return manifest.asset.name === descriptor.name
+}
+
+function downloadFile(
+  url: string,
+  target: string,
+  onProgress?: RuntimeProgressHandler,
+  redirects = 5,
+): Promise<void> {
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url)
+    const getter = parsed.protocol === 'http:' ? httpGet : httpsGet
+    const req = getter(parsed, response => {
+      const status = response.statusCode || 0
+      const location = response.headers.location
+      if (status >= 300 && status < 400 && location && redirects > 0) {
+        response.resume()
+        downloadFile(new URL(location, url).toString(), target, onProgress, redirects - 1).then(resolve, reject)
+        return
+      }
+      if (status < 200 || status >= 300) {
+        response.resume()
+        reject(new Error(`GET ${url} returned ${status}`))
+        return
+      }
+
+      const totalBytes = Number(response.headers['content-length']) || undefined
+      let receivedBytes = 0
+      response.on('data', chunk => {
+        receivedBytes += Buffer.isBuffer(chunk) ? chunk.length : Buffer.byteLength(chunk)
+        onProgress?.({
+          stage: 'download',
+          message: 'Downloading Hermes runtime...',
+          percent: totalBytes ? Math.min(100, (receivedBytes / totalBytes) * 100) : undefined,
+          receivedBytes,
+          totalBytes,
+        })
+      })
+
+      const file = createWriteStream(target)
+      response.pipe(file)
+      file.on('finish', () => file.close(() => resolve()))
+      file.on('error', reject)
+    })
+    req.on('error', reject)
+  })
+}
+
+async function sha256File(file: string): Promise<string> {
+  const hash = createHash('sha256')
+  await new Promise<void>((resolve, reject) => {
+    const stream = createReadStream(file)
+    stream.on('data', chunk => hash.update(chunk))
+    stream.on('end', resolve)
+    stream.on('error', reject)
+  })
+  return hash.digest('hex')
+}
+
+async function extractRuntimeArchive(archive: string, targetRoot: string): Promise<void> {
+  const parent = dirname(targetRoot)
+  const tempRoot = join(parent, `.runtime-${process.pid}-${Date.now()}`)
+  rmSync(tempRoot, { recursive: true, force: true })
+  mkdirSync(tempRoot, { recursive: true })
+
+  try {
+    await execFileAsync(process.platform === 'win32' ? 'tar.exe' : 'tar', ['-xzf', archive, '-C', tempRoot], {
+      windowsHide: true,
+    })
+    const missing = missingRuntimeFiles(tempRoot)
+    if (missing.length > 0) {
+      throw new Error(`Runtime archive is missing required files: ${missing.map(file => relative(tempRoot, file)).join(', ')}`)
+    }
+    rmSync(targetRoot, { recursive: true, force: true })
+    mkdirSync(parent, { recursive: true })
+    renameSync(tempRoot, targetRoot)
+  } catch (err) {
+    rmSync(tempRoot, { recursive: true, force: true })
+    throw err
+  }
+}
+
+export async function ensureDesktopRuntime(onProgress?: RuntimeProgressHandler): Promise<void> {
+  const runtimeRoot = desktopRuntimeDir()
+  mkdirSync(runtimeRoot, { recursive: true })
+
+  let descriptor: RuntimeDescriptor
+  try {
+    onProgress?.({ stage: 'resolve', message: 'Checking Hermes runtime...' })
+    descriptor = await resolveRuntimeDescriptor()
+  } catch (err) {
+    if (runtimeReady() && !process.env.HERMES_DESKTOP_RUNTIME_FORCE_UPDATE) {
+      console.warn(`[runtime] using cached Hermes runtime because update check failed: ${err instanceof Error ? err.message : String(err)}`)
+      return
+    }
+    throw err
+  }
+
+  if (cachedRuntimeMatches(runtimeRoot, descriptor) && !process.env.HERMES_DESKTOP_RUNTIME_FORCE_UPDATE) return
+
+  const archive = join(dirname(runtimeRoot), `${descriptor.name}.download`)
+  console.log(`[runtime] downloading Hermes runtime ${descriptor.name}`)
+  onProgress?.({ stage: 'download', message: `Downloading ${descriptor.name}...` })
+  let archiveSize = 0
+  try {
+    await downloadFile(descriptor.url, archive, onProgress)
+    archiveSize = statSync(archive).size
+    if (descriptor.sha256) {
+      onProgress?.({ stage: 'verify', message: 'Verifying Hermes runtime...' })
+      const actual = await sha256File(archive)
+      if (actual !== descriptor.sha256) {
+        throw new Error(`Runtime checksum mismatch for ${descriptor.name}`)
+      }
+    }
+
+    onProgress?.({ stage: 'extract', message: 'Extracting Hermes runtime...' })
+    await extractRuntimeArchive(archive, runtimeRoot)
+  } finally {
+    rmSync(archive, { force: true })
+  }
+
+  const manifestPath = join(runtimeRoot, RUNTIME_MANIFEST_NAME)
+  if (!existsSync(manifestPath)) {
+    writeFileSync(manifestPath, JSON.stringify({
+      schema: 1,
+      platform: runtimePlatformKey(),
+      hermesAgentVersion: descriptor.hermesAgentVersion,
+      asset: {
+        name: descriptor.name,
+        sha256: descriptor.sha256,
+        size: archiveSize,
+      },
+    }, null, 2))
+  }
+  onProgress?.({ stage: 'ready', message: 'Hermes runtime ready.' })
+  console.log(`[runtime] Hermes runtime ready at ${runtimeRoot}`)
+}
diff --git a/packages/desktop/src/main/updater.ts b/packages/desktop/src/main/updater.ts
new file mode 100644
index 0000000..ac952d4
--- /dev/null
+++ b/packages/desktop/src/main/updater.ts
@@ -0,0 +1,194 @@
+import { app, dialog } from 'electron'
+import { autoUpdater, type ProgressInfo, type UpdateDownloadedEvent, type UpdateInfo } from 'electron-updater'
+import { t } from './desktop-i18n'
+
+let initialized = false
+let checking = false
+let updateDownloaded = false
+
+const LATEST_RELEASE_DOWNLOAD_URL = 'https://github.com/EKKOLearnAI/hermes-web-ui/releases/latest/download'
+const CLOUDFLARE_DOWNLOAD_BASE_URL = 'https://download.ekkolearnai.com'
+
+class MissingUpdateInfoError extends Error {
+  constructor(public readonly url: string) {
+    super(`Update information is not available at ${url}`)
+    this.name = 'MissingUpdateInfoError'
+  }
+}
+
+interface AutoUpdaterOptions {
+  beforeQuitAndInstall?: () => void
+}
+
+let options: AutoUpdaterOptions = {}
+
+async function getLatestReleaseTag(assetName: string): Promise<string> {
+  const res = await fetch(`${LATEST_RELEASE_DOWNLOAD_URL}/${encodeURIComponent(assetName)}`, {
+    method: 'HEAD',
+    redirect: 'manual',
+    headers: {
+      'User-Agent': `Hermes-Studio/${app.getVersion()}`,
+    },
+  })
+
+  if (res.status < 300 || res.status >= 400) throw new Error(`GitHub returned ${res.status}`)
+
+  const location = res.headers.get('location')
+  if (!location) throw new Error('Latest release redirect did not include a location')
+
+  const redirectUrl = new URL(location, LATEST_RELEASE_DOWNLOAD_URL)
+  const parts = redirectUrl.pathname.split('/')
+  const downloadIndex = parts.indexOf('download')
+  const tag = downloadIndex >= 0 ? parts[downloadIndex + 1]?.trim() : ''
+  if (!tag) throw new Error('Latest release redirect did not include a tag')
+  return tag
+}
+
+function updateManifestFile(): string {
+  if (process.platform === 'darwin') return 'latest-mac.yml'
+  if (process.platform === 'win32') return 'latest.yml'
+  return 'latest-linux.yml'
+}
+
+async function assertUpdateManifestExists(feedUrl: string): Promise<void> {
+  const manifestUrl = `${feedUrl}/${updateManifestFile()}`
+  const res = await fetch(manifestUrl, {
+    method: 'HEAD',
+    headers: {
+      'User-Agent': `Hermes-Studio/${app.getVersion()}`,
+    },
+  })
+  if (res.status === 404) throw new MissingUpdateInfoError(manifestUrl)
+  if (!res.ok) throw new Error(`Update feed returned ${res.status}`)
+}
+
+async function configureFeedFromLatestRelease(): Promise<void> {
+  const tag = await getLatestReleaseTag(updateManifestFile())
+  const feedUrl = `${CLOUDFLARE_DOWNLOAD_BASE_URL}/${tag}`
+  await assertUpdateManifestExists(feedUrl)
+  autoUpdater.setFeedURL({
+    provider: 'generic',
+    url: feedUrl,
+  })
+}
+
+function showUpToDate(info?: UpdateInfo) {
+  const version = info?.version || app.getVersion()
+  dialog.showMessageBox({
+    type: 'info',
+    title: t('update.upToDateTitle'),
+    message: t('update.upToDateMessage'),
+    detail: t('update.currentVersion', { version }),
+    buttons: [t('common.ok')],
+  }).catch(() => undefined)
+}
+
+function showUpdateCheckFailed(err: unknown) {
+  const isMissingUpdateInfo = err instanceof MissingUpdateInfoError
+  dialog.showMessageBox({
+    type: isMissingUpdateInfo ? 'info' : 'error',
+    title: isMissingUpdateInfo ? t('update.upToDateTitle') : t('update.failedTitle'),
+    message: isMissingUpdateInfo ? t('update.noUpdateInfoMessage') : t('update.failedMessage'),
+    buttons: [t('common.ok')],
+  }).catch(() => undefined)
+}
+
+export function initAutoUpdater(nextOptions: AutoUpdaterOptions = {}) {
+  options = { ...options, ...nextOptions }
+  if (initialized) return
+  initialized = true
+
+  if (!app.isPackaged) return // dev mode: skip
+
+  autoUpdater.autoDownload = true
+  autoUpdater.autoInstallOnAppQuit = true
+
+  autoUpdater.on('update-available', info => {
+    console.log(`[updater] update available: ${info.version}`)
+    dialog.showMessageBox({
+      type: 'info',
+      title: t('update.availableTitle'),
+      message: t('update.availableMessage', { version: info.version }),
+      detail: t('update.downloading'),
+      buttons: [t('common.ok')],
+    }).catch(() => undefined)
+  })
+  autoUpdater.on('update-not-available', info => {
+    console.log('[updater] up to date')
+    if (checking) showUpToDate(info)
+  })
+  autoUpdater.on('error', err => {
+    console.error('[updater] error:', err)
+    if (checking) showUpdateCheckFailed(err)
+  })
+  autoUpdater.on('download-progress', (info: ProgressInfo) => {
+    console.log(`[updater] download ${Math.round(info.percent)}%`)
+  })
+  autoUpdater.on('update-downloaded', async (info: UpdateDownloadedEvent) => {
+    updateDownloaded = true
+    const { response } = await dialog.showMessageBox({
+      type: 'info',
+      title: t('update.readyTitle'),
+      message: t('update.readyMessage', { version: info.version }),
+      detail: t('update.readyDetail'),
+      buttons: [t('update.restartNow'), t('update.later')],
+      defaultId: 0,
+      cancelId: 1,
+    })
+    if (response === 0) {
+      options.beforeQuitAndInstall?.()
+      autoUpdater.quitAndInstall()
+    }
+  })
+
+  if (process.env.HERMES_DESKTOP_ENABLE_AUTO_UPDATE !== 'false') {
+    checkForDesktopUpdates(false).catch(err => {
+      console.error('[updater] initial check failed:', err)
+    })
+  }
+
+  // Recheck every 6h while app is running
+  setInterval(() => {
+    checkForDesktopUpdates(false).catch(() => undefined)
+  }, 6 * 60 * 60 * 1000)
+}
+
+export async function checkForDesktopUpdates(manual: boolean): Promise<void> {
+  if (!app.isPackaged) {
+    if (manual) {
+      await dialog.showMessageBox({
+        type: 'info',
+        title: t('update.checkingTitle'),
+        message: t('update.packagedOnlyMessage'),
+        buttons: [t('common.ok')],
+      })
+    }
+    return
+  }
+
+  if (updateDownloaded) {
+    options.beforeQuitAndInstall?.()
+    autoUpdater.quitAndInstall()
+    return
+  }
+
+  if (manual) {
+    await dialog.showMessageBox({
+      type: 'info',
+      title: t('update.checkingTitle'),
+      message: t('update.checkingMessage'),
+      buttons: [t('common.ok')],
+    })
+  }
+
+  checking = manual
+  try {
+    await configureFeedFromLatestRelease()
+    await autoUpdater.checkForUpdates()
+  } catch (err) {
+    if (manual) showUpdateCheckFailed(err)
+    throw err
+  } finally {
+    checking = false
+  }
+}
diff --git a/packages/desktop/src/main/webui-server.ts b/packages/desktop/src/main/webui-server.ts
new file mode 100644
index 0000000..6d5d3bf
--- /dev/null
+++ b/packages/desktop/src/main/webui-server.ts
@@ -0,0 +1,444 @@
+import { ChildProcess, execFile, spawn } from 'node:child_process'
+import { mkdirSync, readFileSync, writeFileSync, chmodSync, existsSync, readdirSync } from 'node:fs'
+import { createServer } from 'node:net'
+import { homedir } from 'node:os'
+import { dirname, delimiter, join } from 'node:path'
+import { randomBytes } from 'node:crypto'
+import { promisify } from 'node:util'
+import { app } from 'electron'
+import {
+  bundledBrowserExecutable,
+  bundledGit,
+  bundledNode,
+  gitPathDirs,
+  webuiServerEntry,
+  webuiDir,
+  hermesBin,
+  webUiHome,
+  hermesHome,
+  nodeBinDir,
+  tokenFile,
+  pythonDir,
+} from './paths'
+
+const DEFAULT_PORT = 8748
+const DEFAULT_READY_TIMEOUT_MS = 120_000
+const AGENT_BRIDGE_STARTED_MARKER = '[bootstrap] agent bridge started'
+const AGENT_BRIDGE_FAILED_MARKER = '[bootstrap] agent bridge failed to start'
+const execFileAsync = promisify(execFile)
+
+let serverProc: ChildProcess | null = null
+let cachedToken: string | null = null
+
+function killProcessTree(proc: ChildProcess): void {
+  if (!proc.pid || proc.killed) return
+  if (process.platform === 'win32') {
+    try {
+      const killer = spawn('taskkill.exe', ['/PID', String(proc.pid), '/T', '/F'], {
+        stdio: 'ignore',
+        windowsHide: true,
+      })
+      killer.once('error', () => undefined)
+      return
+    } catch {
+      /* fall through */
+    }
+  }
+  try {
+    proc.kill('SIGKILL')
+  } catch {
+    /* ignore */
+  }
+}
+
+function envPositiveInt(name: string): number | undefined {
+  const raw = process.env[name]
+  if (!raw) return undefined
+  const value = Number(raw)
+  return Number.isFinite(value) && value > 0 ? value : undefined
+}
+
+function readyTimeoutMs(): number {
+  return envPositiveInt('HERMES_DESKTOP_READY_TIMEOUT_MS') || DEFAULT_READY_TIMEOUT_MS
+}
+
+function createAgentBridgeStartupTracker(): {
+  observe: (chunk: Buffer) => void
+  wait: (timeoutMs: number) => Promise<void>
+} {
+  let output = ''
+  let state: 'pending' | 'started' | 'failed' = 'pending'
+  let resolveReady: (() => void) | null = null
+  let rejectReady: ((err: Error) => void) | null = null
+
+  const settle = (nextState: 'started' | 'failed') => {
+    if (state !== 'pending') return
+    state = nextState
+    if (nextState === 'started') {
+      resolveReady?.()
+    } else {
+      rejectReady?.(new Error('Agent bridge failed to start'))
+    }
+  }
+
+  const observe = (chunk: Buffer) => {
+    if (state !== 'pending') return
+    output = (output + chunk.toString('utf-8')).slice(-4096)
+    if (output.includes(AGENT_BRIDGE_STARTED_MARKER)) {
+      settle('started')
+    } else if (output.includes(AGENT_BRIDGE_FAILED_MARKER)) {
+      settle('failed')
+    }
+  }
+
+  const wait = (timeoutMs: number) => {
+    if (state === 'started') return Promise.resolve()
+    if (state === 'failed') return Promise.reject(new Error('Agent bridge failed to start'))
+
+    return new Promise<void>((resolve, reject) => {
+      const timer = setTimeout(() => {
+        if (state !== 'pending') return
+        state = 'failed'
+        reject(new Error(`Agent bridge did not become ready within ${timeoutMs}ms`))
+      }, timeoutMs)
+
+      resolveReady = () => {
+        clearTimeout(timer)
+        resolve()
+      }
+      rejectReady = (err) => {
+        clearTimeout(timer)
+        reject(err)
+      }
+    })
+  }
+
+  return { observe, wait }
+}
+
+function ensureToken(): string {
+  if (cachedToken) return cachedToken
+  const file = tokenFile()
+  mkdirSync(dirname(file), { recursive: true })
+  if (existsSync(file)) {
+    cachedToken = readFileSync(file, 'utf-8').trim()
+    if (cachedToken) return cachedToken
+  }
+  cachedToken = randomBytes(32).toString('hex')
+  writeFileSync(file, cachedToken + '\n', { mode: 0o600 })
+  return cachedToken
+}
+
+// node-pty ships per-platform prebuilds with a `spawn-helper` binary that
+// loses its +x bit when copied across some filesystems. Restore it.
+function ensureNativeModules() {
+  try {
+    const helper = join(
+      webuiDir(),
+      'node_modules',
+      'node-pty',
+      'prebuilds',
+      `${process.platform}-${process.arch}`,
+      'spawn-helper',
+    )
+    if (existsSync(helper)) chmodSync(helper, 0o755)
+  } catch {
+    /* ignore */
+  }
+}
+
+const COMMON_USER_BIN_DIRS = process.platform === 'win32'
+  ? []
+  : [
+      '/opt/homebrew/bin',
+      '/usr/local/bin',
+      '/usr/bin',
+      '/bin',
+      '/usr/sbin',
+      '/sbin',
+    ]
+const PATH_MARKER_START = '__HERMES_DESKTOP_PATH_START__'
+const PATH_MARKER_END = '__HERMES_DESKTOP_PATH_END__'
+
+function mergePathEntries(...paths: Array<string | undefined | null>): string {
+  const seen = new Set<string>()
+  const entries: string[] = []
+  for (const rawPath of paths) {
+    if (!rawPath) continue
+    for (const entry of rawPath.split(delimiter)) {
+      const trimmed = entry.trim()
+      if (!trimmed) continue
+      const key = process.platform === 'win32' ? trimmed.toLowerCase() : trimmed
+      if (seen.has(key)) continue
+      seen.add(key)
+      entries.push(trimmed)
+    }
+  }
+  return entries.join(delimiter)
+}
+
+function extractMarkedPath(output: string): string | null {
+  const start = output.lastIndexOf(PATH_MARKER_START)
+  const end = output.lastIndexOf(PATH_MARKER_END)
+  if (start < 0 || end <= start) return null
+  const value = output.slice(start + PATH_MARKER_START.length, end).trim()
+  return value || null
+}
+
+function compareNodeVersionDesc(left: string, right: string): number {
+  const leftParts = left.replace(/^v/, '').split('.').map(part => Number.parseInt(part, 10) || 0)
+  const rightParts = right.replace(/^v/, '').split('.').map(part => Number.parseInt(part, 10) || 0)
+  for (let index = 0; index < Math.max(leftParts.length, rightParts.length); index += 1) {
+    const diff = (rightParts[index] || 0) - (leftParts[index] || 0)
+    if (diff !== 0) return diff
+  }
+  return right.localeCompare(left)
+}
+
+function getNvmNodeBinPaths(): string {
+  if (process.platform === 'win32') return ''
+
+  const nvmDir = process.env.NVM_DIR?.trim() || join(homedir(), '.nvm')
+  const versionsDir = join(nvmDir, 'versions', 'node')
+  if (!existsSync(versionsDir)) return ''
+
+  try {
+    return readdirSync(versionsDir, { withFileTypes: true })
+      .filter(entry => entry.isDirectory())
+      .map(entry => entry.name)
+      .sort(compareNodeVersionDesc)
+      .map(version => join(versionsDir, version, 'bin'))
+      .filter(binDir => existsSync(binDir))
+      .join(delimiter)
+  } catch {
+    return ''
+  }
+}
+
+async function getLoginShellPath(): Promise<string | null> {
+  if (process.platform === 'win32') return null
+
+  const shell = process.env.SHELL?.trim() || (process.platform === 'darwin' ? '/bin/zsh' : '/bin/sh')
+  if (!existsSync(shell)) return null
+
+  try {
+    const { stdout } = await execFileAsync(shell, ['-l', '-c', `printf '\\n${PATH_MARKER_START}%s${PATH_MARKER_END}\\n' "$PATH"`], {
+      encoding: 'utf-8',
+      timeout: 1500,
+      windowsHide: true,
+      env: process.env,
+    })
+    return extractMarkedPath(stdout) || stdout.trim() || null
+  } catch {
+    return null
+  }
+}
+
+export function getToken(): string {
+  return ensureToken()
+}
+
+export function getServerUrl(port = DEFAULT_PORT): string {
+  return `http://127.0.0.1:${port}`
+}
+
+async function getFreeTcpPort(): Promise<number> {
+  return await new Promise((resolveFreePort, rejectFreePort) => {
+    const server = createServer()
+    server.unref()
+    server.once('error', rejectFreePort)
+    server.listen(0, '127.0.0.1', () => {
+      const address = server.address()
+      server.close(() => {
+        if (typeof address === 'object' && address?.port) {
+          resolveFreePort(address.port)
+        } else {
+          rejectFreePort(new Error('Unable to allocate local TCP port'))
+        }
+      })
+    })
+  })
+}
+
+async function canBindTcpPort(port: number): Promise<boolean> {
+  return await new Promise((resolveCanBind) => {
+    const server = createServer()
+    server.unref()
+    server.once('error', () => resolveCanBind(false))
+    server.listen(port, '127.0.0.1', () => {
+      server.close(() => resolveCanBind(true))
+    })
+  })
+}
+
+async function getFreeTcpPortInRange(min: number, max: number): Promise<number> {
+  for (let attempt = 0; attempt < 100; attempt += 1) {
+    const port = min + (randomBytes(2).readUInt16BE(0) % (max - min + 1))
+    if (await canBindTcpPort(port)) return port
+  }
+  return getFreeTcpPort()
+}
+
+export async function startWebUiServer(port = DEFAULT_PORT): Promise<string> {
+  ensureNativeModules()
+  const token = ensureToken()
+  const entry = webuiServerEntry()
+  if (!existsSync(entry)) {
+    throw new Error(`Web UI server entry not found at ${entry}. Run: npm run build:webui`)
+  }
+
+  const home = webUiHome()
+  const agentHome = hermesHome()
+  mkdirSync(home, { recursive: true })
+  mkdirSync(agentHome, { recursive: true })
+
+  // Tell agent-bridge to use the bundled Python directly. Otherwise the
+  // bridge auto-detects Python from HERMES_BIN's shebang — which on our
+  // setup is a #!/bin/sh wrapper, not a python interpreter, so detection
+  // resolves to /bin/sh and the bridge crashes (exit code 2) immediately.
+  const isWin = process.platform === 'win32'
+  const bundledPython = isWin
+    ? join(pythonDir(), 'python.exe')
+    : join(pythonDir(), 'bin', 'python3')
+  const bundledAgentBrowserBin = isWin
+    ? join(pythonDir(), 'node')
+    : join(pythonDir(), 'node', 'bin')
+  const bundledNodeBin = nodeBinDir()
+  const bundledGitPath = gitPathDirs().join(delimiter)
+  const bridgePort = await getFreeTcpPort()
+  const workerPortBase = await getFreeTcpPortInRange(20000, 59000)
+  const loginShellPath = await getLoginShellPath()
+  const nvmNodeBinPaths = getNvmNodeBinPaths()
+  const runtimePath = mergePathEntries(
+    dirname(hermesBin()),
+    bundledAgentBrowserBin,
+    bundledNodeBin,
+    bundledGitPath,
+    loginShellPath,
+    nvmNodeBinPaths,
+    process.env.PATH,
+    process.env.Path,
+    COMMON_USER_BIN_DIRS.join(delimiter),
+  )
+  const browserExecutable = process.env.AGENT_BROWSER_EXECUTABLE_PATH?.trim() || bundledBrowserExecutable()
+  const gitBin = bundledGit()
+
+  // Run via Electron's "run as Node" mode — Electron binary doubles as Node.
+  const env: NodeJS.ProcessEnv = {
+    ...process.env,
+    ELECTRON_RUN_AS_NODE: '1',
+    NODE_ENV: 'production',
+    HERMES_DESKTOP: 'true',
+    HERMES_BIN: hermesBin(),
+    // The bridge and its per-profile workers need working stdout/stderr for
+    // ready handshakes. Use python.exe on Windows and hide windows at the
+    // process creation layer instead of switching the bridge to pythonw.exe.
+    HERMES_AGENT_BRIDGE_PYTHON: bundledPython,
+    HERMES_AGENT_CLI_PYTHON: bundledPython,
+    HERMES_AGENT_ROOT: pythonDir(),
+    HERMES_AGENT_NODE: bundledNode(),
+    HERMES_AGENT_NODE_ROOT: isWin ? bundledNodeBin : dirname(bundledNodeBin),
+    AGENT_BROWSER_HOME: process.env.AGENT_BROWSER_HOME?.trim() || join(agentHome, 'agent-browser'),
+    ...(browserExecutable ? { AGENT_BROWSER_EXECUTABLE_PATH: browserExecutable } : {}),
+    PLAYWRIGHT_BROWSERS_PATH: process.env.PLAYWRIGHT_BROWSERS_PATH || join(pythonDir(), 'ms-playwright'),
+    ...(gitBin ? { HERMES_AGENT_GIT: gitBin } : {}),
+    // Force TCP loopback for the agent bridge. The default `ipc:///tmp/...`
+    // unix socket is rejected on macOS in some EDR/sandbox setups (silent
+    // SIGKILL of the bridge child within ~150ms). TCP on 127.0.0.1 works
+    // identically and avoids the issue cross-platform.
+    HERMES_AGENT_BRIDGE_ENDPOINT: `tcp://127.0.0.1:${bridgePort}`,
+    // Desktop opens the UI as soon as the Web UI HTTP server is ready, while
+    // the Python bridge starts in the background. Let the first chat/context
+    // request wait for broker readiness instead of failing during cold start.
+    HERMES_AGENT_BRIDGE_CONNECT_RETRY_MS: process.env.HERMES_AGENT_BRIDGE_CONNECT_RETRY_MS ?? '120000',
+    // Force TCP for worker endpoints too (upstream #1106). Same EDR/sandbox
+    // reason as above — default ipc:// unix sockets in /tmp get killed.
+    HERMES_AGENT_BRIDGE_WORKER_TRANSPORT: 'tcp',
+    HERMES_AGENT_BRIDGE_WORKER_PORT_BASE: String(workerPortBase),
+    // And for preview-mode bridges spawned by the in-app update controller.
+    HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_TRANSPORT: 'tcp',
+    // Suppress the npm-registry update prompt (upstream #1105). hermes-web-ui
+    // is bundled here; users can't `npm i -g` to upgrade, they have to wait
+    // for the wrapper app to ship a new release.
+    HERMES_WEB_UI_DISABLE_UPDATE_CHECK: 'true',
+    // Single-user desktop install: open the gateway's user allowlist by
+    // default. Otherwise the gateway silently drops every inbound platform
+    // message (DingTalk/Slack/Telegram) with a startup warning. Users can
+    // still override by setting GATEWAY_ALLOW_ALL_USERS=false in their
+    // HERMES_HOME/.env or by configuring per-platform allowlists.
+    GATEWAY_ALLOW_ALL_USERS: process.env.GATEWAY_ALLOW_ALL_USERS ?? 'true',
+    // Keep the bundled Hermes Agent, bridge, gateway, and Web UI path helpers
+    // on the same data directory. Native Windows uses an existing
+    // %LOCALAPPDATA%\hermes or %APPDATA%\hermes; otherwise all platforms keep
+    // the standard ~/.hermes layout.
+    HERMES_HOME: agentHome,
+    HERMES_WEB_UI_HOME: home,
+    HERMES_WEBUI_STATE_DIR: home,
+    AUTH_TOKEN: token,
+    PORT: String(port),
+    // Prepend bundled Python's bin to PATH so any incidental `python` resolution lands on ours
+    PATH: runtimePath,
+  }
+
+  serverProc = spawn(process.execPath, [entry], {
+    env,
+    stdio: ['ignore', 'pipe', 'pipe'],
+    windowsHide: true,
+  })
+
+  const bridgeStartup = createAgentBridgeStartupTracker()
+
+  serverProc.stdout?.on('data', (chunk: Buffer) => {
+    bridgeStartup.observe(chunk)
+    process.stdout.write(`[webui] ${chunk}`)
+  })
+  serverProc.stderr?.on('data', (chunk: Buffer) => {
+    bridgeStartup.observe(chunk)
+    process.stderr.write(`[webui] ${chunk}`)
+  })
+  serverProc.on('exit', (code, signal) => {
+    console.error(`[webui] server exited code=${code} signal=${signal}`)
+    serverProc = null
+    if (!app.isReady() || code !== 0) {
+      // Best-effort: if server dies abnormally during startup, surface to user
+    }
+  })
+
+  const timeoutMs = readyTimeoutMs()
+  void bridgeStartup.wait(timeoutMs).catch(err => {
+    console.warn(`[webui] agent bridge was not ready during startup: ${err instanceof Error ? err.message : String(err)}`)
+  })
+  await waitForReady(port, timeoutMs)
+  return getServerUrl(port)
+}
+
+async function waitForReady(port: number, timeoutMs: number): Promise<void> {
+  const deadline = Date.now() + timeoutMs
+  const url = `http://127.0.0.1:${port}/api/health`
+  while (Date.now() < deadline) {
+    try {
+      const res = await fetch(url, { signal: AbortSignal.timeout(1000) })
+      if (res.ok || res.status === 401) return // 401 = up but auth-gated, server is alive
+    } catch {
+      /* not ready yet */
+    }
+    await new Promise(r => setTimeout(r, 300))
+  }
+  throw new Error(`Web UI server did not become ready within ${timeoutMs}ms`)
+}
+
+export function stopWebUiServer(): Promise<void> {
+  return new Promise(resolve => {
+    if (!serverProc || serverProc.killed) return resolve()
+    const proc = serverProc
+    const timer = setTimeout(() => {
+      killProcessTree(proc)
+      resolve()
+    }, 3000)
+    proc.once('exit', () => {
+      clearTimeout(timer)
+      resolve()
+    })
+    try { proc.kill('SIGTERM') } catch { resolve() }
+  })
+}
diff --git a/packages/desktop/src/preload/index.ts b/packages/desktop/src/preload/index.ts
new file mode 100644
index 0000000..547db69
--- /dev/null
+++ b/packages/desktop/src/preload/index.ts
@@ -0,0 +1,134 @@
+import { contextBridge, ipcRenderer } from 'electron'
+
+contextBridge.exposeInMainWorld('hermesDesktop', {
+  getToken: (): Promise<string> => ipcRenderer.invoke('hermes-desktop:get-token'),
+  retryBootstrap: (): Promise<void> => ipcRenderer.invoke('hermes-desktop:retry-bootstrap'),
+  platform: process.platform,
+  isDesktop: true,
+})
+
+const API_KEY_LS = 'hermes_api_key'
+const DEFAULT_USERNAME = 'admin'
+const DEFAULT_PASSWORD = '123456'
+
+// Auto-login the bundled web UI so users don't see a login screen on launch.
+// We POST to /api/auth/login with the well-known default credentials, using
+// the server's AUTH_TOKEN as the bearer (the server requires *some* auth on
+// /api/auth/login from a packaged client). The returned JWT is dropped into
+// localStorage where the Vue client expects it.
+async function autoLogin(token: string): Promise<void> {
+  if (localStorage.getItem(API_KEY_LS)) return
+  try {
+    const res = await fetch('/api/auth/login', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${token}`,
+      },
+      body: JSON.stringify({ username: DEFAULT_USERNAME, password: DEFAULT_PASSWORD }),
+    })
+    if (!res.ok) return
+    const body = await res.json().catch(() => null) as { token?: string; jwt?: string } | null
+    const jwt = body?.token || body?.jwt
+    if (jwt) localStorage.setItem(API_KEY_LS, jwt)
+  } catch {
+    /* ignore — first-load race or server still starting */
+  }
+}
+
+// Silently strip the "你必须修改默认密码" flag from /api/auth/me responses on
+// desktop. Users on a single-machine install don't benefit from a managed
+// password. The Web UI client uses BOTH fetch and axios (which goes through
+// XMLHttpRequest), so we patch both code paths.
+function isAuthMeUrl(url: string): boolean {
+  return /\/api\/auth\/me(?:\?|$)/.test(url)
+}
+
+function stripCredentialFlag(text: string): string {
+  try {
+    const data = JSON.parse(text)
+    if (data?.user && data.user.requiresCredentialChange) {
+      data.user.requiresCredentialChange = false
+      return JSON.stringify(data)
+    }
+  } catch { /* not JSON */ }
+  return text
+}
+
+function installFetchPatch(): void {
+  const origFetch = window.fetch.bind(window)
+  const patchedFetch = (async (input, init) => {
+    const res = await origFetch(input, init)
+    try {
+      const url = typeof input === 'string' ? input : (input as Request).url
+      if (url && isAuthMeUrl(url) && res.ok) {
+        const text = await res.clone().text()
+        const patched = stripCredentialFlag(text)
+        if (patched !== text) {
+          return new Response(patched, {
+            status: res.status,
+            statusText: res.statusText,
+            headers: res.headers,
+          })
+        }
+      }
+    } catch { /* fall through */ }
+    return res
+  }) as typeof window.fetch
+  window.fetch = patchedFetch
+
+  const OrigXHR = window.XMLHttpRequest
+  type XHRWithDesktop = XMLHttpRequest & { __hermesDesktopUrl?: string }
+  const origOpen = OrigXHR.prototype.open
+  OrigXHR.prototype.open = function (
+    this: XHRWithDesktop,
+    method: string,
+    url: string | URL,
+    ...rest: unknown[]
+  ) {
+    this.__hermesDesktopUrl = String(url)
+    // @ts-expect-error — forwarding variadic
+    return origOpen.call(this, method, url, ...rest)
+  }
+  const origGetResponse = Object.getOwnPropertyDescriptor(OrigXHR.prototype, 'response')
+  const origGetResponseText = Object.getOwnPropertyDescriptor(OrigXHR.prototype, 'responseText')
+  if (origGetResponse?.get && origGetResponseText?.get) {
+    Object.defineProperty(OrigXHR.prototype, 'responseText', {
+      configurable: true,
+      get(this: XHRWithDesktop) {
+        const raw = origGetResponseText.get!.call(this) as string
+        if (this.__hermesDesktopUrl && isAuthMeUrl(this.__hermesDesktopUrl) && typeof raw === 'string') {
+          return stripCredentialFlag(raw)
+        }
+        return raw
+      },
+    })
+    Object.defineProperty(OrigXHR.prototype, 'response', {
+      configurable: true,
+      get(this: XHRWithDesktop) {
+        const raw = origGetResponse.get!.call(this)
+        if (this.__hermesDesktopUrl && isAuthMeUrl(this.__hermesDesktopUrl)) {
+          if (typeof raw === 'string') return stripCredentialFlag(raw)
+          if (raw && typeof raw === 'object' && (raw as { user?: { requiresCredentialChange?: boolean } }).user?.requiresCredentialChange) {
+            return { ...(raw as object), user: { ...(raw as { user: object }).user, requiresCredentialChange: false } }
+          }
+        }
+        return raw
+      },
+    })
+  }
+}
+
+installFetchPatch()
+
+window.addEventListener('DOMContentLoaded', async () => {
+  try {
+    const token = await ipcRenderer.invoke('hermes-desktop:get-token')
+    if (token) {
+      try { localStorage.setItem('AUTH_TOKEN', token) } catch { /* */ }
+      await autoLogin(token)
+    }
+  } catch {
+    /* ignore */
+  }
+})
diff --git a/packages/desktop/tsconfig.json b/packages/desktop/tsconfig.json
new file mode 100644
index 0000000..12d5809
--- /dev/null
+++ b/packages/desktop/tsconfig.json
@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "CommonJS",
+    "moduleResolution": "node",
+    "outDir": "dist",
+    "rootDir": "src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "resolveJsonModule": true,
+    "sourceMap": true,
+    "declaration": false
+  },
+  "include": ["src/**/*"]
+}
diff --git a/packages/server/src/config.ts b/packages/server/src/config.ts
new file mode 100644
index 0000000..b5d8d1a
--- /dev/null
+++ b/packages/server/src/config.ts
@@ -0,0 +1,59 @@
+import { join, resolve } from 'path'
+import { homedir } from 'os'
+
+/**
+ * Web UI environment variables.
+ *
+ * Server/listen:
+ * - PORT: Web UI listen port. Default: 8648.
+ * - BIND_HOST: Web UI bind host. Default: 0.0.0.0.
+ * - CORS_ORIGINS: Koa CORS origin setting. Default: *.
+ *
+ * Web UI storage:
+ * - HERMES_WEB_UI_HOME: Web UI data home for auth token, credentials, logs, DB, and default uploads.
+ * - HERMES_WEBUI_STATE_DIR: Compatibility alias for HERMES_WEB_UI_HOME.
+ *   Default: join(homedir(), '.hermes-web-ui').
+ * - UPLOAD_DIR: Upload directory override. Default: join(HERMES_WEB_UI_HOME, 'upload').
+ * - dataDir: Development-only internal Web UI runtime data directory.
+ *
+ * Auth:
+ * - AUTH_TOKEN: Explicit bearer token. If unset, Web UI stores an auto-generated token under HERMES_WEB_UI_HOME.
+ *
+ * Runtime behavior:
+ * - PROFILE: Initial Hermes profile name. Default: default.
+ * - GATEWAY_HOST: Default gateway host written into profile config. Default: 127.0.0.1.
+ * - HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN: Whether Web UI shutdown also stops gateways.
+ * - WORKSPACE_BASE: Base directory for workspace browsing. Default: /opt/data/workspace.
+ *
+ * Limits/logging:
+ * - MAX_DOWNLOAD_SIZE: Max file download size. Default: 200MB.
+ * - MAX_EDIT_SIZE: Max editable file size. Default: 10MB.
+ * - LOG_LEVEL: Server log level. Default: info.
+ * - BRIDGE_LOG_LEVEL: Bridge log level. Default: LOG_LEVEL or info.
+ */
+
+export function getListenHost(env: Record<string, string | undefined> = process.env): string {
+  const host = env.BIND_HOST?.trim()
+  return host || '0.0.0.0'
+}
+
+export function getWebUiHome(env: Record<string, string | undefined> = process.env): string {
+  const appHome = env.HERMES_WEB_UI_HOME?.trim() || env.HERMES_WEBUI_STATE_DIR?.trim()
+  return appHome ? resolve(appHome) : join(homedir(), '.hermes-web-ui')
+}
+
+export function shouldCreateWebUiDataDir(env: Record<string, string | undefined> = process.env): boolean {
+  return env.NODE_ENV !== 'production'
+}
+
+const appHome = getWebUiHome()
+
+export const config = {
+  port: parseInt(process.env.PORT || '8648', 10),
+  // Default to IPv4 for stable WSL/Windows browser access. Use BIND_HOST=:: explicitly for IPv6.
+  host: getListenHost(),
+  appHome,
+  uploadDir: process.env.UPLOAD_DIR || join(appHome, 'upload'),
+  dataDir: resolve(__dirname, '..', 'data'),
+  corsOrigins: process.env.CORS_ORIGINS || '*',
+}
diff --git a/packages/server/src/controllers/auth.ts b/packages/server/src/controllers/auth.ts
new file mode 100644
index 0000000..2be258d
--- /dev/null
+++ b/packages/server/src/controllers/auth.ts
@@ -0,0 +1,423 @@
+import type { Context } from 'koa'
+import { checkPassword, recordPasswordFailure, recordPasswordSuccess, extractIp, getLockedIps, unlockIp, unlockAll } from '../services/login-limiter'
+import {
+  DEFAULT_PASSWORD,
+  DEFAULT_USERNAME,
+  bootstrapDefaultSuperAdmin,
+  countActiveSuperAdmins,
+  countUsers,
+  createUser,
+  deleteUser,
+  findUserById,
+  findUserByUsername,
+  listUsers,
+  updateUser,
+  updateUsername,
+  updateUserPassword,
+  verifyPassword,
+  type UserRole,
+  type UserStatus,
+} from '../db/hermes/users-store'
+import { issueUserJwt } from '../middleware/user-auth'
+import { listProfileNamesFromDisk } from '../services/hermes/hermes-profile'
+
+/**
+ * GET /api/auth/status
+ * Check if username/password login is configured (public).
+ */
+export async function authStatus(ctx: Context) {
+  ctx.body = {
+    hasPasswordLogin: true,
+    hasUsers: countUsers() > 0,
+  }
+}
+
+/**
+ * GET /api/auth/me
+ * Return the authenticated account.
+ */
+export async function currentUser(ctx: Context) {
+  const userId = ctx.state.user?.id
+  const user = userId ? findUserById(userId) : null
+  if (!user) {
+    ctx.status = 404
+    ctx.body = { error: 'User not found' }
+    return
+  }
+  ctx.body = {
+    user: {
+      id: user.id,
+      username: user.username,
+      role: user.role,
+      status: user.status,
+      created_at: user.created_at,
+      updated_at: user.updated_at,
+      last_login_at: user.last_login_at,
+      requiresCredentialChange: process.env.HERMES_DESKTOP === 'true'
+        ? false
+        : user.username === DEFAULT_USERNAME && verifyPassword(DEFAULT_PASSWORD, user.password_hash),
+    },
+  }
+}
+
+/**
+ * POST /api/auth/login
+ * Authenticate with username/password (public).
+ * Returns a user-scoped JWT on success.
+ */
+export async function login(ctx: Context) {
+  const { username, password } = ctx.request.body as { username?: string; password?: string }
+  if (!username || !password) {
+    ctx.status = 400
+    ctx.body = { error: 'Username and password are required' }
+    return
+  }
+
+  const ip = extractIp(ctx)
+  const result = checkPassword(ip)
+  if (!result.allowed) {
+    ctx.status = result.status
+    ctx.body = { error: 'Too many login attempts, please try again later' }
+    return
+  }
+
+  const existingUserCount = countUsers()
+  const user = existingUserCount === 0
+    ? bootstrapDefaultSuperAdmin(username, password)
+    : findUserByUsername(username)
+
+  if (!user || user.status !== 'active' || (existingUserCount > 0 && !verifyPassword(password, user.password_hash))) {
+    recordPasswordFailure(ip)
+    ctx.status = 401
+    ctx.body = { error: 'Invalid username or password' }
+    return
+  }
+
+  let token: string
+  try {
+    token = await issueUserJwt(user)
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err?.message || 'Failed to issue login token' }
+    return
+  }
+
+  recordPasswordSuccess(ip)
+  ctx.body = { token }
+}
+
+/**
+ * POST /api/auth/setup
+ * Set up username/password (protected).
+ */
+export async function setupPassword(ctx: Context) {
+  ctx.status = 400
+  ctx.body = { error: 'Password login is managed by user accounts' }
+}
+
+/**
+ * POST /api/auth/change-password
+ * Change password (protected).
+ */
+export async function changePassword(ctx: Context) {
+  const { currentPassword, newPassword } = ctx.request.body as { currentPassword?: string; newPassword?: string }
+  if (!currentPassword || !newPassword) {
+    ctx.status = 400
+    ctx.body = { error: 'Current password and new password are required' }
+    return
+  }
+  if (newPassword.length < 6) {
+    ctx.status = 400
+    ctx.body = { error: 'New password must be at least 6 characters' }
+    return
+  }
+
+  const userId = ctx.state.user?.id
+  const user = userId ? findUserById(userId) : null
+  if (!user || !verifyPassword(currentPassword, user.password_hash)) {
+    ctx.status = 400
+    ctx.body = { error: 'Current password is incorrect' }
+    return
+  }
+
+  updateUserPassword(user.id, newPassword)
+  ctx.body = { success: true }
+}
+
+/**
+ * POST /api/auth/change-username
+ * Change username (protected).
+ */
+export async function changeUsername(ctx: Context) {
+  const { currentPassword, newUsername } = ctx.request.body as { currentPassword?: string; newUsername?: string }
+  if (!currentPassword || !newUsername) {
+    ctx.status = 400
+    ctx.body = { error: 'Current password and new username are required' }
+    return
+  }
+  if (newUsername.length < 2) {
+    ctx.status = 400
+    ctx.body = { error: 'Username must be at least 2 characters' }
+    return
+  }
+
+  const userId = ctx.state.user?.id
+  const user = userId ? findUserById(userId) : null
+  if (!user || !verifyPassword(currentPassword, user.password_hash)) {
+    ctx.status = 400
+    ctx.body = { error: 'Current password is incorrect' }
+    return
+  }
+
+  const existing = findUserByUsername(newUsername)
+  if (existing && existing.id !== user.id) {
+    ctx.status = 409
+    ctx.body = { error: 'Username already exists' }
+    return
+  }
+
+  updateUsername(user.id, newUsername)
+  ctx.body = { success: true }
+}
+
+/**
+ * DELETE /api/auth/password
+ * Remove username/password login (protected).
+ */
+export async function removePassword(ctx: Context) {
+  ctx.status = 400
+  ctx.body = { error: 'Password login cannot be removed for user accounts' }
+}
+
+function normalizeRole(value: unknown): UserRole | null {
+  return value === 'super_admin' || value === 'admin' ? value : null
+}
+
+function normalizeStatus(value: unknown): UserStatus | null {
+  return value === 'active' || value === 'disabled' ? value : null
+}
+
+function normalizeProfiles(value: unknown): string[] {
+  if (!Array.isArray(value)) return []
+  return [...new Set(value.map(item => String(item || '').trim()).filter(Boolean))]
+}
+
+function validateProfiles(profiles: string[]): string | null {
+  const available = new Set(listProfileNamesFromDisk())
+  const missing = profiles.find(profile => !available.has(profile))
+  return missing || null
+}
+
+/**
+ * GET /api/auth/users
+ * Super admin user management list.
+ */
+export async function listManagedUsers(ctx: Context) {
+  ctx.body = {
+    users: listUsers(),
+    profiles: listProfileNamesFromDisk(),
+  }
+}
+
+/**
+ * POST /api/auth/users
+ * Create a user account. Super admin only.
+ */
+export async function createManagedUser(ctx: Context) {
+  const body = ctx.request.body as {
+    username?: string
+    password?: string
+    role?: unknown
+    status?: unknown
+    profiles?: unknown
+    defaultProfile?: string | null
+  }
+  const username = String(body.username || '').trim()
+  const password = String(body.password || '')
+  const role = normalizeRole(body.role || 'admin')
+  const status = normalizeStatus(body.status || 'active')
+  const profiles = normalizeProfiles(body.profiles)
+
+  if (username.length < 2) {
+    ctx.status = 400
+    ctx.body = { error: 'Username must be at least 2 characters' }
+    return
+  }
+  if (password.length < 6) {
+    ctx.status = 400
+    ctx.body = { error: 'Password must be at least 6 characters' }
+    return
+  }
+  if (!role || !status) {
+    ctx.status = 400
+    ctx.body = { error: 'Invalid role or status' }
+    return
+  }
+  if (findUserByUsername(username)) {
+    ctx.status = 409
+    ctx.body = { error: 'Username already exists' }
+    return
+  }
+
+  const missingProfile = validateProfiles(profiles)
+  if (missingProfile) {
+    ctx.status = 400
+    ctx.body = { error: `Profile "${missingProfile}" does not exist` }
+    return
+  }
+
+  const user = createUser({
+    username,
+    password,
+    role,
+    status,
+    profiles: role === 'super_admin' ? [] : profiles,
+    defaultProfile: body.defaultProfile,
+  })
+  ctx.status = 201
+  ctx.body = { user, users: listUsers() }
+}
+
+/**
+ * PUT /api/auth/users/:id
+ * Update user account metadata, password, and profile bindings.
+ */
+export async function updateManagedUser(ctx: Context) {
+  const id = Number(ctx.params.id)
+  const user = Number.isInteger(id) ? findUserById(id) : null
+  if (!user) {
+    ctx.status = 404
+    ctx.body = { error: 'User not found' }
+    return
+  }
+
+  const body = ctx.request.body as {
+    username?: string
+    password?: string
+    role?: unknown
+    status?: unknown
+    profiles?: unknown
+    defaultProfile?: string | null
+  }
+  const username = body.username == null ? undefined : String(body.username).trim()
+  const password = body.password == null ? undefined : String(body.password)
+  const role = body.role == null ? undefined : normalizeRole(body.role)
+  const status = body.status == null ? undefined : normalizeStatus(body.status)
+  const profiles = body.profiles == null ? undefined : normalizeProfiles(body.profiles)
+
+  if (username !== undefined && username.length < 2) {
+    ctx.status = 400
+    ctx.body = { error: 'Username must be at least 2 characters' }
+    return
+  }
+  if (password !== undefined && password.length > 0 && password.length < 6) {
+    ctx.status = 400
+    ctx.body = { error: 'Password must be at least 6 characters' }
+    return
+  }
+  if (body.role != null && !role || body.status != null && !status) {
+    ctx.status = 400
+    ctx.body = { error: 'Invalid role or status' }
+    return
+  }
+  if (username && username !== user.username) {
+    const existing = findUserByUsername(username)
+    if (existing && existing.id !== user.id) {
+      ctx.status = 409
+      ctx.body = { error: 'Username already exists' }
+      return
+    }
+  }
+
+  const nextRole = role || user.role
+  const nextStatus = status || user.status
+  const currentUserId = ctx.state.user?.id
+  if (user.id === currentUserId && nextStatus !== 'active') {
+    ctx.status = 400
+    ctx.body = { error: 'You cannot disable your own account' }
+    return
+  }
+  if (user.role === 'super_admin' && user.status === 'active' && (nextRole !== 'super_admin' || nextStatus !== 'active') && countActiveSuperAdmins(user.id) === 0) {
+    ctx.status = 400
+    ctx.body = { error: 'At least one active super administrator is required' }
+    return
+  }
+
+  if (profiles) {
+    const missingProfile = validateProfiles(profiles)
+    if (missingProfile) {
+      ctx.status = 400
+      ctx.body = { error: `Profile "${missingProfile}" does not exist` }
+      return
+    }
+  }
+
+  updateUser({
+    userId: user.id,
+    username,
+    password: password || undefined,
+    role: role || undefined,
+    status: status || undefined,
+    profiles: nextRole === 'super_admin' ? [] : profiles,
+    defaultProfile: body.defaultProfile,
+  })
+  ctx.body = { user: findUserById(user.id), users: listUsers() }
+}
+
+/**
+ * DELETE /api/auth/users/:id
+ * Delete a user account. Super admin only.
+ */
+export async function deleteManagedUser(ctx: Context) {
+  const id = Number(ctx.params.id)
+  const user = Number.isInteger(id) ? findUserById(id) : null
+  if (!user) {
+    ctx.status = 404
+    ctx.body = { error: 'User not found' }
+    return
+  }
+
+  if (ctx.state.user?.id === user.id) {
+    ctx.status = 400
+    ctx.body = { error: 'You cannot delete your own account' }
+    return
+  }
+  if (user.role === 'super_admin' && user.status === 'active' && countActiveSuperAdmins(user.id) === 0) {
+    ctx.status = 400
+    ctx.body = { error: 'At least one active super administrator is required' }
+    return
+  }
+
+  deleteUser(user.id)
+  ctx.body = { success: true, users: listUsers() }
+}
+
+/**
+ * GET /api/auth/locked-ips
+ * List all currently locked IPs (protected).
+ */
+export async function listLockedIps(ctx: Context) {
+  const locks = getLockedIps()
+  ctx.body = { locks }
+}
+
+/**
+ * DELETE /api/auth/locked-ips?ip=xxx
+ * Unlock a specific IP. No ip param = unlock all.
+ */
+export async function unlockIpHandler(ctx: Context) {
+  const ip = ctx.query.ip as string
+  if (ip) {
+    const found = unlockIp(ip)
+    if (!found) {
+      ctx.status = 404
+      ctx.body = { error: 'IP not locked' }
+      return
+    }
+    ctx.body = { success: true }
+    return
+  }
+  // No IP specified — unlock all
+  const count = unlockAll()
+  ctx.body = { success: true, count }
+}
diff --git a/packages/server/src/controllers/coding-agents.ts b/packages/server/src/controllers/coding-agents.ts
new file mode 100644
index 0000000..1ae5d64
--- /dev/null
+++ b/packages/server/src/controllers/coding-agents.ts
@@ -0,0 +1,119 @@
+import type { Context } from 'koa'
+import {
+  deleteCodingAgent,
+  getCodingAgentsStatus,
+  installCodingAgent,
+  openCodingAgentNativeTerminal,
+  prepareCodingAgentLaunch,
+  readCodingAgentConfigFile,
+  writeCodingAgentConfigFile,
+  type CodingAgentConfigScope,
+} from '../services/coding-agents'
+
+function configScope(ctx: Context): CodingAgentConfigScope {
+  const body = ctx.request.body as { profile?: unknown; provider?: unknown } | undefined
+  return {
+    profile: ctx.state.profile?.name || (typeof ctx.query.profile === 'string' ? ctx.query.profile : '') || (typeof body?.profile === 'string' ? body.profile : ''),
+    provider: (typeof ctx.query.provider === 'string' ? ctx.query.provider : '') || (typeof body?.provider === 'string' ? body.provider : ''),
+  }
+}
+
+export async function status(ctx: Context) {
+  try {
+    ctx.body = await getCodingAgentsStatus()
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message || 'Failed to inspect coding agents' }
+  }
+}
+
+export async function install(ctx: Context) {
+  try {
+    const result = await installCodingAgent(ctx.params.id)
+    ctx.body = result
+  } catch (err: any) {
+    ctx.status = err.status || 500
+    ctx.body = { error: err.message || 'Failed to install coding agent' }
+  }
+}
+
+export async function remove(ctx: Context) {
+  try {
+    const result = await deleteCodingAgent(ctx.params.id)
+    ctx.body = result
+  } catch (err: any) {
+    ctx.status = err.status || 500
+    ctx.body = { error: err.message || 'Failed to delete coding agent' }
+  }
+}
+
+export async function readConfigFile(ctx: Context) {
+  try {
+    ctx.body = await readCodingAgentConfigFile(ctx.params.id, ctx.params.key, configScope(ctx))
+  } catch (err: any) {
+    ctx.status = err.status || 500
+    ctx.body = { error: err.message || 'Failed to read coding agent config file' }
+  }
+}
+
+export async function writeConfigFile(ctx: Context) {
+  try {
+    const { content } = ctx.request.body as { content?: string }
+    ctx.body = await writeCodingAgentConfigFile(ctx.params.id, ctx.params.key, content || '', configScope(ctx))
+  } catch (err: any) {
+    ctx.status = err.status || 500
+    ctx.body = { error: err.message || 'Failed to write coding agent config file' }
+  }
+}
+
+export async function prepareLaunch(ctx: Context) {
+  try {
+    const body = ctx.request.body as {
+      mode?: any
+      profile?: string
+      provider?: string
+      model?: string
+      baseUrl?: string
+      apiKey?: string
+      apiMode?: any
+    }
+    ctx.body = await prepareCodingAgentLaunch(ctx.params.id, {
+      mode: body.mode,
+      profile: ctx.state.profile?.name || body.profile,
+      provider: body.provider,
+      model: body.model,
+      baseUrl: body.baseUrl,
+      apiKey: body.apiKey,
+      apiMode: body.apiMode,
+    })
+  } catch (err: any) {
+    ctx.status = err.status || 500
+    ctx.body = { error: err.message || 'Failed to prepare coding agent launch' }
+  }
+}
+
+export async function nativeLaunch(ctx: Context) {
+  try {
+    const body = ctx.request.body as {
+      mode?: any
+      profile?: string
+      provider?: string
+      model?: string
+      baseUrl?: string
+      apiKey?: string
+      apiMode?: any
+    }
+    ctx.body = await openCodingAgentNativeTerminal(ctx.params.id, {
+      mode: body.mode,
+      profile: ctx.state.profile?.name || body.profile,
+      provider: body.provider,
+      model: body.model,
+      baseUrl: body.baseUrl,
+      apiKey: body.apiKey,
+      apiMode: body.apiMode,
+    })
+  } catch (err: any) {
+    ctx.status = err.status || 500
+    ctx.body = { error: err.message || 'Failed to launch native terminal' }
+  }
+}
diff --git a/packages/server/src/controllers/health.ts b/packages/server/src/controllers/health.ts
new file mode 100644
index 0000000..62ce153
--- /dev/null
+++ b/packages/server/src/controllers/health.ts
@@ -0,0 +1,100 @@
+import { existsSync, readFileSync } from 'fs'
+import { resolve } from 'path'
+import * as hermesCli from '../services/hermes/hermes-cli'
+
+declare const __APP_VERSION__: string
+
+type PackageInfo = {
+  name: string
+  version: string
+}
+
+function readPackageInfo(): PackageInfo | null {
+  const candidatePaths = [
+    // ts-node dev: packages/server/src/controllers -> repo root
+    resolve(__dirname, '../../../../package.json'),
+    // bundled server: dist/server -> repo root/package root
+    resolve(__dirname, '../../package.json'),
+    // fallback for dev/test processes started at the repo root
+    resolve(process.cwd(), 'package.json'),
+  ]
+
+  for (const packagePath of candidatePaths) {
+    if (!existsSync(packagePath)) continue
+
+    try {
+      const pkg = JSON.parse(readFileSync(packagePath, 'utf-8'))
+      if (pkg?.name && pkg?.version) {
+        return {
+          name: String(pkg.name),
+          version: String(pkg.version),
+        }
+      }
+    } catch {
+      // Try the next candidate path.
+    }
+  }
+
+  return null
+}
+
+const PACKAGE_INFO = readPackageInfo()
+const LOCAL_VERSION = typeof __APP_VERSION__ !== 'undefined'
+  ? __APP_VERSION__
+  : PACKAGE_INFO?.version || ''
+
+let cachedLatestVersion = ''
+
+/**
+ * Whether the periodic npm-registry version check is disabled.
+ *
+ * Useful when hermes-web-ui is bundled inside a packaged distribution
+ * (e.g. a desktop app) where the user can't `npm install -g hermes-web-ui@latest`
+ * to upgrade — the "update available" prompt would be misleading and
+ * the periodic outbound HTTP request to the npm registry is unnecessary.
+ *
+ * Set HERMES_WEB_UI_DISABLE_UPDATE_CHECK=true (or 1, on, yes) to disable.
+ */
+function isUpdateCheckDisabled(): boolean {
+  const raw = (process.env.HERMES_WEB_UI_DISABLE_UPDATE_CHECK || '').trim().toLowerCase()
+  return raw === 'true' || raw === '1' || raw === 'on' || raw === 'yes'
+}
+
+export async function checkLatestVersion(): Promise<void> {
+  if (isUpdateCheckDisabled()) return
+  try {
+    const packageName = PACKAGE_INFO?.name || 'hermes-web-ui'
+    const registryName = encodeURIComponent(packageName)
+    const res = await fetch(`https://registry.npmjs.org/${registryName}/latest`, { signal: AbortSignal.timeout(10000) })
+    if (res.ok) {
+      const data = await res.json() as { version: string }
+      cachedLatestVersion = data.version
+      if (LOCAL_VERSION && cachedLatestVersion !== LOCAL_VERSION) {
+        console.log(`Update available: ${LOCAL_VERSION} → ${cachedLatestVersion}`)
+      }
+    }
+  } catch { /* ignore */ }
+}
+
+export function startVersionCheck(): void {
+  if (isUpdateCheckDisabled()) return
+  setTimeout(checkLatestVersion, 5000)
+  setInterval(checkLatestVersion, 30 * 60 * 1000)
+}
+
+export async function healthCheck(ctx: any) {
+  const raw = await hermesCli.getVersion()
+  const hermesVersion = raw.split('\n')[0].replace('Hermes Agent ', '') || ''
+  ctx.body = {
+    status: 'ok',
+    platform: 'hermes-agent',
+    version: hermesVersion,
+    gateway: 'running',
+    webui_version: LOCAL_VERSION,
+    webui_latest: isUpdateCheckDisabled() ? '' : cachedLatestVersion,
+    webui_update_available: isUpdateCheckDisabled()
+      ? false
+      : Boolean(LOCAL_VERSION && cachedLatestVersion && cachedLatestVersion !== LOCAL_VERSION),
+    node_version: process.versions.node,
+  }
+}
diff --git a/packages/server/src/controllers/hermes/codex-auth.ts b/packages/server/src/controllers/hermes/codex-auth.ts
new file mode 100644
index 0000000..4760a51
--- /dev/null
+++ b/packages/server/src/controllers/hermes/codex-auth.ts
@@ -0,0 +1,243 @@
+import { randomUUID } from 'crypto'
+import { join, dirname } from 'path'
+import { homedir } from 'os'
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs'
+import { getActiveProfileName, getProfileDir } from '../../services/hermes/hermes-profile'
+import { logger } from '../../services/logger'
+
+// --- OAuth Constants ---
+const CODEX_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann'
+const CODEX_DEVICE_AUTH_URL = 'https://auth.openai.com/api/accounts/deviceauth/usercode'
+const CODEX_DEVICE_TOKEN_URL = 'https://auth.openai.com/api/accounts/deviceauth/token'
+const CODEX_OAUTH_TOKEN_URL = 'https://auth.openai.com/oauth/token'
+const CODEX_DEFAULT_BASE_URL = 'https://chatgpt.com/backend-api/codex'
+const CODEX_REDIRECT_URI = 'https://auth.openai.com/deviceauth/callback'
+const CODEX_VERIFICATION_URL = 'https://auth.openai.com/codex/device'
+const CODEX_HOME = join(homedir(), '.codex')
+const POLL_MAX_DURATION = 15 * 60 * 1000
+const POLL_DEFAULT_INTERVAL = 5000
+
+// --- Session Store ---
+interface CodexSession {
+  id: string; userCode: string; deviceAuthId: string
+  profile: string
+  status: 'pending' | 'approved' | 'expired' | 'error'
+  error?: string; accessToken?: string; refreshToken?: string; createdAt: number
+}
+
+const sessions = new Map<string, CodexSession>()
+
+function cleanupExpiredSessions() {
+  const now = Date.now()
+  sessions.forEach((session, id) => { if (now - session.createdAt > POLL_MAX_DURATION + 60000) { sessions.delete(id) } })
+}
+
+// --- Auth file helpers ---
+interface AuthJson { version?: number; active_provider?: string; providers?: Record<string, any>; credential_pool?: Record<string, any[]>; updated_at?: string }
+interface CodexCredentialRef {
+  accessToken: string
+  refreshToken?: string
+  lastRefresh?: string
+  provider?: any
+  poolEntry?: any
+}
+
+function loadAuthJson(authPath: string): AuthJson {
+  try { return JSON.parse(readFileSync(authPath, 'utf-8')) as AuthJson } catch { return { version: 1 } }
+}
+
+function saveAuthJson(authPath: string, data: AuthJson): void {
+  data.updated_at = new Date().toISOString()
+  const dir = dirname(authPath)
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true })
+  writeFileSync(authPath, JSON.stringify(data, null, 2) + '\n', { mode: 0o600 })
+}
+
+function saveCodexCliTokens(accessToken: string, refreshToken: string): void {
+  const codexHome = process.env.CODEX_HOME || CODEX_HOME
+  const codexAuthPath = join(codexHome, 'auth.json')
+  const dir = dirname(codexAuthPath)
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true })
+  writeFileSync(codexAuthPath, JSON.stringify({ tokens: { access_token: accessToken, refresh_token: refreshToken }, last_refresh: new Date().toISOString() }, null, 2) + '\n', { mode: 0o600 })
+}
+
+function requestedProfile(ctx: any): string {
+  const headerProfile = typeof ctx.get === 'function' ? ctx.get('x-hermes-profile') : ''
+  const queryProfile = typeof ctx.query?.profile === 'string' ? ctx.query.profile : ''
+  const bodyProfile = typeof ctx.request?.body?.profile === 'string' ? ctx.request.body.profile : ''
+  return ctx.state?.profile?.name ||
+    headerProfile.trim() ||
+    queryProfile.trim() ||
+    bodyProfile.trim() ||
+    getActiveProfileName() ||
+    'default'
+}
+
+function authPathForProfile(profile: string): string {
+  return join(getProfileDir(profile), 'auth.json')
+}
+
+function decodeJwtExp(token: string): number | null {
+  try {
+    const parts = token.split('.')
+    if (parts.length !== 3) return null
+    const payload = Buffer.from(parts[1], 'base64url').toString('utf-8')
+    const claims = JSON.parse(payload)
+    return typeof claims.exp === 'number' ? claims.exp : null
+  } catch { return null }
+}
+
+function getCodexCredential(auth: AuthJson): CodexCredentialRef | null {
+  const provider = auth.providers?.['openai-codex']
+  const providerTokens = provider?.tokens
+  const providerAccessToken = providerTokens?.access_token || provider?.access_token
+  const pool = auth.credential_pool?.['openai-codex']
+  const poolEntry = Array.isArray(pool) ? pool.find(entry => entry?.access_token) : undefined
+
+  if (providerAccessToken) {
+    return {
+      accessToken: providerAccessToken,
+      refreshToken: providerTokens?.refresh_token || provider?.refresh_token,
+      lastRefresh: provider.last_refresh,
+      provider,
+      poolEntry,
+    }
+  }
+
+  if (poolEntry?.access_token) {
+    return {
+      accessToken: poolEntry.access_token,
+      refreshToken: poolEntry.refresh_token,
+      lastRefresh: poolEntry.last_refresh,
+      poolEntry,
+    }
+  }
+
+  return null
+}
+
+// --- Background login worker ---
+export function saveCodexOAuthTokensForProfile(profile: string, accessToken: string, refreshToken: string): void {
+  const authPath = authPathForProfile(profile)
+  const auth = loadAuthJson(authPath)
+  if (!auth.providers) auth.providers = {}
+  auth.providers['openai-codex'] = { tokens: { access_token: accessToken, refresh_token: refreshToken }, last_refresh: new Date().toISOString(), auth_mode: 'chatgpt' }
+  if (!auth.credential_pool) auth.credential_pool = {}
+  auth.credential_pool['openai-codex'] = [{ id: `openai-codex-${Date.now()}`, label: 'OpenAI Codex', base_url: CODEX_DEFAULT_BASE_URL, access_token: accessToken, last_status: null }]
+  saveAuthJson(authPath, auth)
+  saveCodexCliTokens(accessToken, refreshToken)
+}
+
+async function codexLoginWorker(session: CodexSession): Promise<void> {
+  const startTime = Date.now()
+  const interval = POLL_DEFAULT_INTERVAL
+  while (Date.now() - startTime < POLL_MAX_DURATION) {
+    await new Promise(resolve => setTimeout(resolve, interval))
+    if (session.status !== 'pending') return
+    try {
+      const pollRes = await fetch(CODEX_DEVICE_TOKEN_URL, {
+        method: 'POST', headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ device_auth_id: session.deviceAuthId, user_code: session.userCode }),
+        signal: AbortSignal.timeout(10000),
+      })
+      if (pollRes.status === 200) {
+        const pollData = await pollRes.json() as { authorization_code: string; code_verifier: string }
+        const tokenRes = await fetch(CODEX_OAUTH_TOKEN_URL, {
+          method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+          body: new URLSearchParams({ grant_type: 'authorization_code', code: pollData.authorization_code, redirect_uri: CODEX_REDIRECT_URI, client_id: CODEX_CLIENT_ID, code_verifier: pollData.code_verifier }).toString(),
+          signal: AbortSignal.timeout(15000),
+        })
+        if (!tokenRes.ok) { const errText = await tokenRes.text(); logger.error('Token exchange failed: %d %s', tokenRes.status, errText); session.status = 'error'; session.error = `Token exchange failed: ${tokenRes.status}`; return }
+        const tokenData = await tokenRes.json() as { access_token: string; refresh_token?: string }
+        const refreshToken = tokenData.refresh_token || ''
+        session.accessToken = tokenData.access_token; session.refreshToken = refreshToken; session.status = 'approved'
+        saveCodexOAuthTokensForProfile(session.profile, tokenData.access_token, refreshToken)
+        logger.info('Login successful')
+        return
+      }
+      if (pollRes.status === 403 || pollRes.status === 404) { continue }
+      logger.error('Poll failed: %d', pollRes.status); session.status = 'error'; session.error = `Poll failed: ${pollRes.status}`; return
+    } catch (err: any) {
+      if (err.name === 'TimeoutError' || err.name === 'AbortError') { continue }
+      logger.error(err, 'Poll error'); session.status = 'error'; session.error = err.message; return
+    }
+  }
+  session.status = 'expired'
+}
+
+// --- Controller functions ---
+
+export async function start(ctx: any) {
+  try {
+    cleanupExpiredSessions()
+    const res = await fetch(CODEX_DEVICE_AUTH_URL, {
+      method: 'POST', headers: { 'Content-Type': 'application/json', 'Accept': 'application/json', 'User-Agent': 'node-fetch' },
+      body: JSON.stringify({ client_id: CODEX_CLIENT_ID }), signal: AbortSignal.timeout(10000),
+    })
+    if (!res.ok) {
+      let errorBody: any = null; try { errorBody = await res.json() } catch { }
+      logger.error('Device code request failed: %d %s', res.status, errorBody)
+      let errorMessage = `Device code request failed: ${res.status}`
+      if (errorBody?.error?.code === 'unsupported_country_region_territory') { errorMessage = 'OpenAI does not support your region. You may need to use a proxy or VPN to access Codex.' }
+      ctx.status = 502; ctx.body = { error: errorMessage, code: errorBody?.error?.code }; return
+    }
+    const data = await res.json() as { user_code: string; device_auth_id: string; interval?: string }
+    const sessionId = randomUUID()
+    const session: CodexSession = { id: sessionId, userCode: data.user_code, deviceAuthId: data.device_auth_id, profile: requestedProfile(ctx), status: 'pending', createdAt: Date.now() }
+    sessions.set(sessionId, session)
+    codexLoginWorker(session).catch(err => { logger.error(err, 'Worker error'); session.status = 'error'; session.error = err.message })
+    ctx.body = { session_id: sessionId, user_code: data.user_code, verification_url: CODEX_VERIFICATION_URL, expires_in: 900 }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message }
+  }
+}
+
+export async function poll(ctx: any) {
+  const session = sessions.get(ctx.params.sessionId)
+  if (!session) { ctx.status = 404; ctx.body = { error: 'Session not found' }; return }
+  ctx.body = { status: session.status, error: session.error || null }
+}
+
+export async function status(ctx: any) {
+  try {
+    const authPath = authPathForProfile(requestedProfile(ctx))
+    const auth = loadAuthJson(authPath)
+    const credential = getCodexCredential(auth)
+    if (!credential) { ctx.body = { authenticated: false }; return }
+    const exp = decodeJwtExp(credential.accessToken)
+    if (exp && exp <= Date.now() / 1000 + 120) {
+      if (credential.refreshToken) {
+        try {
+          const refreshRes = await fetch(CODEX_OAUTH_TOKEN_URL, {
+            method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: new URLSearchParams({ grant_type: 'refresh_token', refresh_token: credential.refreshToken, client_id: CODEX_CLIENT_ID }).toString(),
+            signal: AbortSignal.timeout(15000),
+          })
+          if (refreshRes.ok) {
+            const newTokens = await refreshRes.json() as { access_token: string; refresh_token?: string }
+            const lastRefresh = new Date().toISOString()
+            if (credential.provider?.tokens) {
+              credential.provider.tokens.access_token = newTokens.access_token
+              if (newTokens.refresh_token) { credential.provider.tokens.refresh_token = newTokens.refresh_token }
+              credential.provider.last_refresh = lastRefresh
+            } else if (credential.provider) {
+              credential.provider.access_token = newTokens.access_token
+              if (newTokens.refresh_token) { credential.provider.refresh_token = newTokens.refresh_token }
+              credential.provider.last_refresh = lastRefresh
+            }
+            if (credential.poolEntry) {
+              credential.poolEntry.access_token = newTokens.access_token
+              if (newTokens.refresh_token) { credential.poolEntry.refresh_token = newTokens.refresh_token }
+              credential.poolEntry.last_refresh = lastRefresh
+            }
+            saveAuthJson(authPath, auth)
+            saveCodexCliTokens(newTokens.access_token, newTokens.refresh_token || credential.refreshToken)
+            ctx.body = { authenticated: true, last_refresh: lastRefresh }; return
+          }
+        } catch { }
+      }
+      ctx.body = { authenticated: false }; return
+    }
+    ctx.body = { authenticated: true, last_refresh: credential.lastRefresh }
+  } catch { ctx.body = { authenticated: false } }
+}
diff --git a/packages/server/src/controllers/hermes/config.ts b/packages/server/src/controllers/hermes/config.ts
new file mode 100644
index 0000000..2133fc1
--- /dev/null
+++ b/packages/server/src/controllers/hermes/config.ts
@@ -0,0 +1,236 @@
+import { readFile } from 'fs/promises'
+import { join } from 'path'
+import { getActiveProfileName, getProfileDir } from '../../services/hermes/hermes-profile'
+import { restartGatewayForProfile } from '../../services/hermes/gateway-autostart'
+import { saveEnvValueForProfile } from '../../services/config-helpers'
+import { logger } from '../../services/logger'
+import { safeFileStore } from '../../services/safe-file-store'
+
+const PLATFORM_SECTIONS = new Set([
+  'telegram', 'discord', 'slack', 'whatsapp', 'matrix',
+  'weixin', 'wecom', 'feishu', 'dingtalk', 'qqbot',
+  'approvals',
+])
+
+function requestedProfile(ctx: any): string {
+  return ctx.state?.profile?.name || getActiveProfileName() || 'default'
+}
+
+const configPath = (profile: string) => join(getProfileDir(profile), 'config.yaml')
+const envPath = (profile: string) => join(getProfileDir(profile), '.env')
+
+const envPlatformMap: Record<string, [string, string]> = {
+  TELEGRAM_BOT_TOKEN: ['telegram', 'token'],
+  DISCORD_BOT_TOKEN: ['discord', 'token'],
+  SLACK_BOT_TOKEN: ['slack', 'token'],
+  MATRIX_ACCESS_TOKEN: ['matrix', 'token'],
+  MATRIX_HOMESERVER: ['matrix', 'extra.homeserver'],
+  FEISHU_APP_ID: ['feishu', 'extra.app_id'],
+  FEISHU_APP_SECRET: ['feishu', 'extra.app_secret'],
+  DINGTALK_CLIENT_ID: ['dingtalk', 'extra.client_id'],
+  DINGTALK_CLIENT_SECRET: ['dingtalk', 'extra.client_secret'],
+  DINGTALK_APP_KEY: ['dingtalk', 'extra.app_key'],
+  DINGTALK_CARD_TEMPLATE_ID: ['dingtalk', 'extra.card_template_id'],
+  DINGTALK_ALLOWED_USERS: ['dingtalk', 'allowed_users'],
+  DINGTALK_ALLOW_ALL_USERS: ['dingtalk', 'allow_all_users'],
+  QQ_APP_ID: ['qqbot', 'extra.app_id'],
+  QQ_CLIENT_SECRET: ['qqbot', 'extra.client_secret'],
+  QQ_ALLOWED_USERS: ['qqbot', 'allowed_users'],
+  QQ_ALLOW_ALL_USERS: ['qqbot', 'allow_all_users'],
+  WECOM_BOT_ID: ['wecom', 'extra.bot_id'],
+  WECOM_SECRET: ['wecom', 'extra.secret'],
+  WEIXIN_TOKEN: ['weixin', 'token'],
+  WEIXIN_ACCOUNT_ID: ['weixin', 'extra.account_id'],
+  WEIXIN_BASE_URL: ['weixin', 'extra.base_url'],
+  WHATSAPP_ENABLED: ['whatsapp', 'enabled'],
+}
+
+const platformEnvMap: Record<string, Record<string, string>> = {}
+for (const [envVar, [platform, cfgPath]] of Object.entries(envPlatformMap)) {
+  if (!platformEnvMap[platform]) platformEnvMap[platform] = {}
+  platformEnvMap[platform][cfgPath] = envVar
+}
+
+function parseEnv(raw: string): Record<string, string> {
+  const env: Record<string, string> = {}
+  for (const line of raw.split('\n')) {
+    const trimmed = line.trim()
+    if (!trimmed || trimmed.startsWith('#')) continue
+    const eqIdx = trimmed.indexOf('=')
+    if (eqIdx === -1) continue
+    const key = trimmed.slice(0, eqIdx).trim()
+    const val = trimmed.slice(eqIdx + 1).trim()
+    if (val) env[key] = val
+  }
+  return env
+}
+
+function setNested(obj: Record<string, any>, path: string, value: any) {
+  const parts = path.split('.')
+  let cur = obj
+  for (let i = 0; i < parts.length - 1; i++) { if (!cur[parts[i]]) cur[parts[i]] = {}; cur = cur[parts[i]] }
+  cur[parts[parts.length - 1]] = value
+}
+
+function deepMerge(target: Record<string, any>, source: Record<string, any>): Record<string, any> {
+  for (const key of Object.keys(source)) {
+    if (source[key] && typeof source[key] === 'object' && !Array.isArray(source[key]) &&
+        target[key] && typeof target[key] === 'object' && !Array.isArray(target[key])) {
+      target[key] = deepMerge(target[key], source[key])
+    } else {
+      target[key] = source[key]
+    }
+  }
+  return target
+}
+
+async function readEnvPlatforms(profile: string): Promise<Record<string, any>> {
+  try {
+    const raw = await readFile(envPath(profile), 'utf-8')
+    const env = parseEnv(raw)
+    const platforms: Record<string, any> = {}
+    for (const [envKey, [platform, cfgPath]] of Object.entries(envPlatformMap)) {
+      const val = env[envKey]
+      if (val === undefined || val === '') continue
+      if (!platforms[platform]) platforms[platform] = {}
+      let finalVal: any = val
+      if (cfgPath === 'enabled' || cfgPath === 'allow_all_users') finalVal = val === 'true'
+      setNested(platforms[platform], cfgPath, finalVal)
+    }
+    return platforms
+  } catch { return {} }
+}
+
+async function readConfig(profile: string): Promise<Record<string, any>> {
+  return safeFileStore.readYaml(configPath(profile))
+}
+
+export async function getConfig(ctx: any) {
+  try {
+    const profile = requestedProfile(ctx)
+    const config = await readConfig(profile)
+    const envPlatforms = await readEnvPlatforms(profile)
+    if (Object.keys(envPlatforms).length > 0) {
+      const existing = config.platforms || {}
+      for (const [platform, vals] of Object.entries(envPlatforms)) {
+        existing[platform] = deepMerge(existing[platform] || {}, vals as Record<string, any>)
+      }
+      config.platforms = existing
+    }
+    const { section, sections } = ctx.query
+    if (section) {
+      ctx.body = { [section as string]: config[section as string] || {} }
+    } else if (sections) {
+      const keys = (sections as string).split(',')
+      const result: Record<string, any> = {}
+      for (const key of keys) { result[key.trim()] = config[key.trim()] || {} }
+      ctx.body = result
+    } else {
+      ctx.body = config
+    }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message }
+  }
+}
+
+export async function updateConfig(ctx: any) {
+  const { section, values, restart } = ctx.request.body as { section: string; values: Record<string, any>; restart?: boolean }
+  if (!section || !values) {
+    ctx.status = 400; ctx.body = { error: 'Missing section or values' }; return
+  }
+  try {
+    const profile = requestedProfile(ctx)
+    await safeFileStore.updateYaml(configPath(profile), (config) => {
+      config[section] = deepMerge(config[section] || {}, values)
+      return config
+    }, {
+      backup: true,
+      dumpOptions: {
+        forceQuotes: true,
+      },
+    })
+
+    // Platform adapters run through Hermes gateway; restart it so channel
+    // config changes (Feishu/Weixin/etc.) are applied.
+    if (restart !== false && PLATFORM_SECTIONS.has(section)) {
+      try {
+        const restartResult = await restartGatewayForProfile(profile)
+        logger.info('[config] gateway restarted after config update section=%s profile=%s result=%j', section, profile, restartResult)
+      } catch (err) {
+        logger.error(err, 'Gateway restart failed')
+        ctx.status = 500
+        ctx.body = { error: err instanceof Error ? err.message : 'Gateway restart failed' }
+        return
+      }
+    }
+
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message }
+  }
+}
+
+export async function updateCredentials(ctx: any) {
+  const { platform, values } = ctx.request.body as { platform: string; values: Record<string, any> }
+  if (!platform || !values) {
+    ctx.status = 400; ctx.body = { error: 'Missing platform or values' }; return
+  }
+  try {
+    const profile = requestedProfile(ctx)
+    const envMap = platformEnvMap[platform]
+    if (!envMap) {
+      ctx.status = 400; ctx.body = { error: `Unknown platform: ${platform}` }; return
+    }
+    const flatValues: Record<string, any> = {}
+    for (const [key, val] of Object.entries(values)) {
+      if (key === 'extra' && val && typeof val === 'object') {
+        for (const [subKey, subVal] of Object.entries(val as Record<string, any>)) { flatValues[`extra.${subKey}`] = subVal }
+      } else { flatValues[key] = val }
+    }
+    await safeFileStore.updateYaml(configPath(profile), async (config) => {
+      for (const [cfgPath, val] of Object.entries(flatValues)) {
+        const envVar = envMap[cfgPath]
+        if (!envVar) continue
+        if (val === undefined || val === null || val === '') {
+          await saveEnvValueForProfile(profile, envVar, '')
+          const parts = cfgPath.split('.')
+          let obj: any = config.platforms?.[platform]
+          if (obj) {
+            if (parts.length === 1) { delete obj[parts[0]] }
+            else {
+              let cur = obj
+              for (let i = 0; i < parts.length - 1; i++) { if (!cur[parts[i]]) break; cur = cur[parts[i]] }
+              delete cur[parts[parts.length - 1]]
+              if (obj.extra && Object.keys(obj.extra).length === 0) delete obj.extra
+            }
+            if (Object.keys(obj).length === 0) { if (!config.platforms) config.platforms = {}; delete config.platforms[platform] }
+          }
+        } else {
+          await saveEnvValueForProfile(profile, envVar, String(val))
+        }
+      }
+      return config
+    }, {
+      backup: true,
+      dumpOptions: {
+        forceQuotes: true,
+      },
+    })
+
+    // Platform adapters run through Hermes gateway; restart it so channel
+    // credentials are applied.
+    try {
+      const restartResult = await restartGatewayForProfile(profile)
+      logger.info('[config] gateway restarted after credentials update platform=%s profile=%s result=%j', platform, profile, restartResult)
+    } catch (err) {
+      logger.error(err, 'Gateway restart failed')
+      ctx.status = 500
+      ctx.body = { error: err instanceof Error ? err.message : 'Gateway restart failed' }
+      return
+    }
+
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/copilot-auth.ts b/packages/server/src/controllers/hermes/copilot-auth.ts
new file mode 100644
index 0000000..168a2bf
--- /dev/null
+++ b/packages/server/src/controllers/hermes/copilot-auth.ts
@@ -0,0 +1,238 @@
+import { randomUUID } from 'crypto'
+import { startDeviceFlow, pollDeviceFlow } from '../../services/hermes/copilot-device-flow'
+import { saveEnvValue, updateConfigYaml } from '../../services/config-helpers'
+import {
+  invalidateAllCaches,
+  resolveCopilotOAuthTokenWithSource,
+  type CopilotTokenSource,
+} from '../../services/hermes/copilot-models'
+import { getActiveEnvPath } from '../../services/hermes/hermes-profile'
+import { readAppConfig, writeAppConfig } from '../../services/app-config'
+import { readFile } from 'fs/promises'
+import { logger } from '../../services/logger'
+
+const POLL_MAX_DURATION_MS = 15 * 60 * 1000 // 15 minutes hard ceiling
+const SESSION_GC_GRACE_MS = 60 * 1000
+
+interface CopilotLoginSession {
+  id: string
+  deviceCode: string
+  userCode: string
+  verificationUrl: string
+  expiresIn: number
+  interval: number
+  status: 'pending' | 'approved' | 'denied' | 'expired' | 'error'
+  error?: string
+  createdAt: number
+}
+
+const sessions = new Map<string, CopilotLoginSession>()
+
+function cleanupSessions(): void {
+  const now = Date.now()
+  sessions.forEach((s, id) => {
+    if (now - s.createdAt > POLL_MAX_DURATION_MS + SESSION_GC_GRACE_MS) {
+      sessions.delete(id)
+    }
+  })
+}
+
+async function persistToken(token: string): Promise<void> {
+  // 与 disable 对称：只动 ~/.hermes/.env，apps.json 是 VS Code 的文件不要碰。
+  // 同时把 enabled 置 true —— device flow 完成后用户已显式同意启用 Copilot。
+  // NOTE: 故意不写 process.env.COPILOT_GITHUB_TOKEN —— 否则该值会跨 profile 持续覆盖
+  // resolveCopilotOAuthTokenWithSource 的 .env 读取，导致切到别的 profile 仍解析到当前
+  // profile 的 token。invalidateAllCaches() + .env 文件本身已能保证下次解析读到新 token。
+  await saveEnvValue('COPILOT_GITHUB_TOKEN', token)
+  await writeAppConfig({ copilotEnabled: true })
+  invalidateAllCaches()
+}
+
+async function readEnvContent(): Promise<string> {
+  try { return await readFile(getActiveEnvPath(), 'utf-8') } catch { return '' }
+}
+
+async function loginWorker(session: CopilotLoginSession): Promise<void> {
+  const startTime = Date.now()
+  let interval = Math.max(1, session.interval) * 1000
+
+  while (Date.now() - startTime < POLL_MAX_DURATION_MS) {
+    await new Promise((resolve) => setTimeout(resolve, interval))
+    if (session.status !== 'pending') return
+
+    const result = await pollDeviceFlow(session.deviceCode)
+
+    if (result.kind === 'success') {
+      try {
+        await persistToken(result.access_token)
+        session.status = 'approved'
+        logger.info('Copilot OAuth login successful')
+      } catch (err: any) {
+        logger.error(err, 'Copilot OAuth: failed to persist token')
+        session.status = 'error'
+        session.error = err?.message ?? 'failed to persist token'
+      }
+      return
+    }
+
+    if (result.kind === 'pending') continue
+    if (result.kind === 'slow_down') {
+      interval += 5000
+      continue
+    }
+    if (result.kind === 'denied') {
+      session.status = 'denied'
+      return
+    }
+    if (result.kind === 'expired') {
+      session.status = 'expired'
+      return
+    }
+    logger.error('Copilot OAuth poll error: %s %s', result.error, result.description ?? '')
+    session.status = 'error'
+    session.error = result.description ?? result.error
+    return
+  }
+
+  session.status = 'expired'
+}
+
+export async function start(ctx: any): Promise<void> {
+  cleanupSessions()
+  try {
+    const data = await startDeviceFlow()
+    const sessionId = randomUUID()
+    const session: CopilotLoginSession = {
+      id: sessionId,
+      deviceCode: data.device_code,
+      userCode: data.user_code,
+      verificationUrl: data.verification_uri,
+      expiresIn: data.expires_in,
+      interval: data.interval,
+      status: 'pending',
+      createdAt: Date.now(),
+    }
+    sessions.set(sessionId, session)
+
+    loginWorker(session).catch((err) => {
+      logger.error(err, 'Copilot login worker error')
+      session.status = 'error'
+      session.error = err?.message ?? String(err)
+    })
+
+    ctx.body = {
+      session_id: sessionId,
+      user_code: data.user_code,
+      verification_url: data.verification_uri,
+      expires_in: data.expires_in,
+      interval: data.interval,
+    }
+  } catch (err: any) {
+    logger.error(err, 'Copilot OAuth start failed')
+    if (err?.name === 'TimeoutError' || err?.name === 'AbortError') {
+      ctx.status = 504
+      ctx.body = { error: 'GitHub timeout' }
+      return
+    }
+    ctx.status = 502
+    ctx.body = { error: err?.message ?? 'GitHub OAuth start failed' }
+  }
+}
+
+export async function poll(ctx: any): Promise<void> {
+  const session = sessions.get(ctx.params.sessionId)
+  if (!session) {
+    ctx.status = 404
+    ctx.body = { error: 'Session not found' }
+    return
+  }
+  ctx.body = { status: session.status, error: session.error || null }
+}
+
+/**
+ * Reports current token resolution and whether Copilot is opt-in enabled.
+ * Frontend Add Provider flow uses this to decide whether to show the
+ * "token detected, click Add" confirmation or kick off device flow.
+ *
+ * Side effect: invalidates the model list cache so a subsequent listing
+ * picks up gh-cli logout / VS Code sign-out without server restart.
+ */
+export async function checkToken(ctx: any): Promise<void> {
+  invalidateAllCaches()
+  const env = await readEnvContent()
+  const { token, source } = await resolveCopilotOAuthTokenWithSource(env)
+  const cfg = await readAppConfig()
+  ctx.body = {
+    has_token: Boolean(token),
+    source: source as CopilotTokenSource,
+    enabled: cfg.copilotEnabled === true,
+  }
+}
+
+export async function enable(ctx: any): Promise<void> {
+  await writeAppConfig({ copilotEnabled: true })
+  invalidateAllCaches()
+  ctx.body = { ok: true }
+}
+
+/**
+ * "Soft delete" Copilot from the web-ui provider list.
+ *   - Always: copilotEnabled = false (hides provider regardless of token source).
+ *   - source='env'        → also clear ~/.hermes/.env COPILOT_GITHUB_TOKEN
+ *                           (this token belongs to the hermes ecosystem).
+ *   - source='gh-cli'     → leave gh CLI alone (user's terminal sessions).
+ *   - source='apps-json'  → leave VS Code Copilot plugin alone.
+ * The user can re-add Copilot any time via "Add Provider".
+ */
+export async function disable(ctx: any): Promise<void> {
+  const env = await readEnvContent()
+  const { source } = await resolveCopilotOAuthTokenWithSource(env)
+
+  // 步骤 1：先清掉默认模型（最容易失败的一步：写 yaml 可能失败）。
+  // 不能 swallow —— 否则会出现 "list 已隐藏 copilot 但 default 仍是 copilot" 的中间态。
+  let clearedDefault = false
+  try {
+    clearedDefault = await updateConfigYaml((cfg) => {
+      const modelSection = cfg.model
+      if (typeof modelSection === 'object' && modelSection !== null) {
+        const provider = String(modelSection.provider || '').trim().toLowerCase()
+        if (provider === 'copilot') {
+          cfg.model = {}
+          return { data: cfg, result: true }
+        }
+      }
+      return { data: cfg, result: false, write: false }
+    }) || false
+  } catch (err: any) {
+    logger.error(err, 'Copilot disable failed: cannot clear default model')
+    ctx.status = 500
+    ctx.body = { error: `failed to clear default model: ${err?.message ?? 'unknown error'}` }
+    return
+  }
+
+  // 步骤 2：清 .env（仅当 source='env'）。失败也不能让 enabled flag 偷偷置 false。
+  try {
+    if (source === 'env') {
+      await saveEnvValue('COPILOT_GITHUB_TOKEN', '')
+      delete process.env.COPILOT_GITHUB_TOKEN
+    }
+  } catch (err: any) {
+    logger.error(err, 'Copilot disable failed: cannot clear .env')
+    ctx.status = 500
+    ctx.body = { error: `failed to clear .env: ${err?.message ?? 'unknown error'}` }
+    return
+  }
+
+  // 步骤 3：最后翻 enabled flag。前两步成功才执行。
+  try {
+    await writeAppConfig({ copilotEnabled: false })
+    invalidateAllCaches()
+  } catch (err: any) {
+    logger.error(err, 'Copilot disable failed: cannot persist enabled flag')
+    ctx.status = 500
+    ctx.body = { error: `failed to persist enabled flag: ${err?.message ?? 'unknown error'}` }
+    return
+  }
+
+  ctx.body = { ok: true, cleared_env: source === 'env', cleared_default: clearedDefault }
+}
diff --git a/packages/server/src/controllers/hermes/cron-history.ts b/packages/server/src/controllers/hermes/cron-history.ts
new file mode 100644
index 0000000..3045936
--- /dev/null
+++ b/packages/server/src/controllers/hermes/cron-history.ts
@@ -0,0 +1,308 @@
+import type { Context } from 'koa'
+import { readdir, stat, readFile } from 'fs/promises'
+import { join } from 'path'
+import { existsSync } from 'fs'
+import { getActiveProfileName, getProfileDir } from '../../services/hermes/hermes-profile'
+
+const SYNTHETIC_RUN_FILE = '__scheduler_metadata__.md'
+
+function requestedProfile(ctx: Context): string {
+  return ctx.state?.profile?.name || getActiveProfileName() || 'default'
+}
+
+function getCronOutputDir(profile: string): string {
+  const profileDir = getProfileDir(profile)
+  return join(profileDir, 'cron', 'output')
+}
+
+function getCronJobsFile(profile: string): string {
+  const profileDir = getProfileDir(profile)
+  return join(profileDir, 'cron', 'jobs.json')
+}
+
+export interface RunEntry {
+  jobId: string
+  fileName: string
+  runTime: string
+  size: number
+  hasOutput?: boolean
+  synthetic?: boolean
+  runCount?: number
+  status?: string | null
+  error?: string | null
+}
+
+export interface RunDetail {
+  jobId: string
+  fileName: string
+  runTime: string
+  content: string
+}
+
+interface CronJobMetadata {
+  id?: string
+  job_id?: string
+  name?: string
+  last_run_at?: string | null
+  last_status?: string | null
+  last_error?: string | null
+  run_count?: number | string | null
+  no_agent?: boolean
+  script?: string | null
+}
+
+function stringOrNull(value: unknown): string | null {
+  return typeof value === 'string' && value.length > 0 ? value : null
+}
+
+function getJobId(job: CronJobMetadata): string | null {
+  return stringOrNull(job.job_id) || stringOrNull(job.id)
+}
+
+function isCronJobMetadata(value: unknown): value is CronJobMetadata {
+  return Boolean(value && typeof value === 'object')
+}
+
+function normaliseJobsPayload(payload: unknown): CronJobMetadata[] {
+  if (Array.isArray(payload)) return payload.filter(isCronJobMetadata)
+  if (payload && typeof payload === 'object') {
+    const maybeJobs = (payload as { jobs?: unknown }).jobs
+    if (Array.isArray(maybeJobs)) return maybeJobs.filter(isCronJobMetadata)
+  }
+  return []
+}
+
+async function readCronJobs(profile: string): Promise<CronJobMetadata[]> {
+  const jobsFile = getCronJobsFile(profile)
+  if (!existsSync(jobsFile)) return []
+
+  try {
+    const raw = await readFile(jobsFile, 'utf-8')
+    return normaliseJobsPayload(JSON.parse(raw))
+  } catch {
+    return []
+  }
+}
+
+function coerceRunCount(value: CronJobMetadata['run_count']): number | undefined {
+  if (typeof value === 'number' && Number.isFinite(value)) return value
+  if (typeof value === 'string') {
+    const parsed = Number(value)
+    if (Number.isFinite(parsed)) return parsed
+  }
+  return undefined
+}
+
+function toDisplayTime(value: string): string {
+  const isoLike = value.match(/^(\d{4}-\d{2}-\d{2})T(\d{2})-(\d{2})-(\d{2})/)
+  if (isoLike) return `${isoLike[1]} ${isoLike[2]}:${isoLike[3]}:${isoLike[4]}`
+
+  const legacy = value.match(/^(\d{4}-\d{2}-\d{2})_(\d{2}-\d{2}-\d{2})$/)
+  if (legacy) return `${legacy[1]} ${legacy[2].replace(/-/g, ':')}`
+
+  const parsed = Date.parse(value)
+  if (Number.isFinite(parsed)) {
+    return new Date(parsed).toISOString().replace('T', ' ').slice(0, 19)
+  }
+
+  return value
+}
+
+function parseRunTimeFromFileName(fileName: string): string {
+  const base = fileName.endsWith('.md') ? fileName.slice(0, -3) : fileName
+  return toDisplayTime(base)
+}
+
+function syntheticRunEntry(job: CronJobMetadata): RunEntry | null {
+  const jobId = getJobId(job)
+  const lastRunAt = stringOrNull(job.last_run_at)
+  if (!jobId || !lastRunAt) return null
+
+  return {
+    jobId,
+    fileName: SYNTHETIC_RUN_FILE,
+    runTime: toDisplayTime(lastRunAt),
+    size: 0,
+    hasOutput: false,
+    synthetic: true,
+    runCount: coerceRunCount(job.run_count),
+    status: stringOrNull(job.last_status),
+    error: stringOrNull(job.last_error),
+  }
+}
+
+function hasRunForJobAtOrAfter(runs: RunEntry[], jobId: string, runTime: string): boolean {
+  return runs.some(run => run.jobId === jobId && run.runTime >= runTime)
+}
+
+function inlineCode(value: unknown): string {
+  const text = String(value)
+  let longestBacktickRun = 0
+  let currentBacktickRun = 0
+
+  for (const char of text) {
+    if (char === '`') {
+      currentBacktickRun += 1
+      if (currentBacktickRun > longestBacktickRun) longestBacktickRun = currentBacktickRun
+    } else {
+      currentBacktickRun = 0
+    }
+  }
+
+  const delimiter = '`'.repeat(longestBacktickRun + 1)
+  return `${delimiter} ${text} ${delimiter}`
+}
+
+function buildSyntheticContent(job: CronJobMetadata, runTime: string): string {
+  const explanation = job.no_agent || stringOrNull(job.script)
+    ? 'This is expected for script-only/no-agent watchdog jobs when the script exits successfully with empty stdout: Hermes treats the run as silent, so there is nothing to deliver and no output file to display.'
+    : 'This can happen when a cron run updates scheduler metadata but does not produce a markdown output artifact to display.'
+
+  const lines = [
+    '# Scheduler run recorded',
+    '',
+    'Hermes recorded this cron job as having run, but no markdown output artifact was written for this job.',
+    '',
+    explanation,
+    '',
+    `- Job: ${inlineCode(job.name || getJobId(job) || 'unknown')}`,
+    `- Last run: ${inlineCode(runTime)}`,
+  ]
+
+  const runCount = coerceRunCount(job.run_count)
+  const lastStatus = stringOrNull(job.last_status)
+  const lastError = stringOrNull(job.last_error)
+  const script = stringOrNull(job.script)
+  if (runCount !== undefined) lines.push(`- Recorded runs: ${inlineCode(runCount)}`)
+  if (lastStatus) lines.push(`- Last status: ${inlineCode(lastStatus)}`)
+  if (lastError) lines.push(`- Last error: ${inlineCode(lastError)}`)
+  if (script) lines.push(`- Script: ${inlineCode(script)}`)
+  if (job.no_agent) lines.push('- Mode: `no-agent/script-only`')
+
+  return `${lines.join('\n')}\n`
+}
+
+/** List all run output files, optionally filtered by job ID */
+export async function listRuns(ctx: Context) {
+  const jobId = ctx.query.jobId as string | undefined
+  const profile = requestedProfile(ctx)
+  const cronOutput = getCronOutputDir(profile)
+
+  try {
+    const runs: RunEntry[] = []
+
+    if (existsSync(cronOutput)) {
+      const dirs = await readdir(cronOutput)
+      const targetDirs = jobId ? dirs.filter(d => d === jobId) : dirs
+
+      for (const dir of targetDirs) {
+        const dirPath = join(cronOutput, dir)
+        try {
+          const dirStat = await stat(dirPath)
+          if (!dirStat.isDirectory()) continue
+
+          const files = await readdir(dirPath)
+          // Sort by filename descending (newest first, since filenames are timestamps)
+          const sorted = files.sort().reverse()
+
+          for (const file of sorted) {
+            if (!file.endsWith('.md')) continue
+            const filePath = join(dirPath, file)
+            try {
+              const fileStat = await stat(filePath)
+
+              runs.push({
+                jobId: dir,
+                fileName: file,
+                runTime: parseRunTimeFromFileName(file),
+                size: fileStat.size,
+                hasOutput: true,
+              })
+            } catch { /* skip unreadable files */ }
+          }
+        } catch { /* skip unreadable dirs */ }
+      }
+    }
+
+    const jobs = await readCronJobs(profile)
+    const targetJobs = jobId ? jobs.filter(job => getJobId(job) === jobId) : jobs
+    for (const job of targetJobs) {
+      const id = getJobId(job)
+      if (!id) continue
+      const synthetic = syntheticRunEntry(job)
+      if (synthetic && !hasRunForJobAtOrAfter(runs, id, synthetic.runTime)) runs.push(synthetic)
+    }
+
+    // Sort all runs by runTime descending
+    runs.sort((a, b) => b.runTime.localeCompare(a.runTime))
+
+    ctx.body = { runs }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+/** Read a specific run output file */
+export async function readRun(ctx: Context) {
+  const { jobId, fileName } = ctx.params
+  const profile = requestedProfile(ctx)
+
+  if (!jobId || !fileName) {
+    ctx.status = 400
+    ctx.body = { error: 'jobId and fileName are required' }
+    return
+  }
+
+  // Prevent path traversal
+  if (
+    jobId.includes('..')
+    || fileName.includes('..')
+    || jobId.includes('/')
+    || fileName.includes('/')
+    || jobId.includes('\\')
+    || fileName.includes('\\')
+  ) {
+    ctx.status = 400
+    ctx.body = { error: 'Invalid path' }
+    return
+  }
+
+  if (fileName === SYNTHETIC_RUN_FILE) {
+    const jobs = await readCronJobs(profile)
+    const job = jobs.find(candidate => getJobId(candidate) === jobId)
+    const synthetic = job ? syntheticRunEntry(job) : null
+    if (!job || !synthetic) {
+      ctx.status = 404
+      ctx.body = { error: 'Run output not found' }
+      return
+    }
+
+    ctx.body = {
+      jobId,
+      fileName,
+      runTime: synthetic.runTime,
+      content: buildSyntheticContent(job, synthetic.runTime),
+    } satisfies RunDetail
+    return
+  }
+
+  const cronOutput = getCronOutputDir(profile)
+  const filePath = join(cronOutput, jobId, fileName)
+
+  if (!existsSync(filePath)) {
+    ctx.status = 404
+    ctx.body = { error: 'Run output not found' }
+    return
+  }
+
+  try {
+    const content = await readFile(filePath, 'utf-8')
+    const runTime = parseRunTimeFromFileName(fileName)
+
+    ctx.body = { jobId, fileName, runTime, content } satisfies RunDetail
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/jobs.ts b/packages/server/src/controllers/hermes/jobs.ts
new file mode 100644
index 0000000..96a4b98
--- /dev/null
+++ b/packages/server/src/controllers/hermes/jobs.ts
@@ -0,0 +1,308 @@
+import type { Context } from 'koa'
+import { existsSync, readFileSync } from 'fs'
+import { join } from 'path'
+import { getHermesBin } from '../../services/hermes/hermes-path'
+import { getActiveProfileName, getProfileDir } from '../../services/hermes/hermes-profile'
+import { execHermesWithBin } from '../../services/hermes/hermes-process'
+
+const TIMEOUT_MS = 60_000
+
+type JobRecord = Record<string, any>
+
+function resolveProfile(ctx: Context): string {
+  const requestedProfile = ctx.state?.profile?.name
+  return requestedProfile || getActiveProfileName()
+}
+
+function resolveProfileDir(profile: string): string {
+  return getProfileDir(profile || 'default')
+}
+
+function getJobsPath(profile: string): string {
+  return join(resolveProfileDir(profile), 'cron', 'jobs.json')
+}
+
+function normalizeJob(job: JobRecord): JobRecord {
+  const id = job.job_id || job.id
+  const skills = Array.isArray(job.skills)
+    ? job.skills
+    : (job.skill ? [job.skill] : [])
+
+  return {
+    ...job,
+    id,
+    job_id: id,
+    skills,
+    skill: job.skill ?? skills[0] ?? null,
+    model: job.model ?? null,
+    provider: job.provider ?? null,
+    base_url: job.base_url ?? null,
+    script: job.script ?? null,
+    schedule_display: job.schedule_display ?? job.schedule?.display ?? job.schedule?.expr ?? '',
+    repeat: job.repeat ?? { times: null, completed: 0 },
+    enabled: job.enabled ?? true,
+    state: job.state ?? ((job.enabled ?? true) ? 'scheduled' : 'paused'),
+    paused_at: job.paused_at ?? null,
+    paused_reason: job.paused_reason ?? null,
+    created_at: job.created_at ?? '',
+    next_run_at: job.next_run_at ?? null,
+    last_run_at: job.last_run_at ?? null,
+    last_status: job.last_status ?? null,
+    last_error: job.last_error ?? null,
+    deliver: job.deliver ?? 'local',
+    origin: job.origin ?? null,
+    last_delivery_error: job.last_delivery_error ?? null,
+  }
+}
+
+function readJobs(profile: string, includeDisabled = true): JobRecord[] {
+  const jobsPath = getJobsPath(profile)
+  if (!existsSync(jobsPath)) return []
+
+  const parsed = JSON.parse(readFileSync(jobsPath, 'utf-8'))
+  const rawJobs = Array.isArray(parsed) ? parsed : parsed?.jobs
+  const jobs = Array.isArray(rawJobs) ? rawJobs.map(normalizeJob) : []
+
+  if (includeDisabled) return jobs
+  return jobs.filter((job) => job.enabled !== false)
+}
+
+function findJob(profile: string, jobId: string): JobRecord | null {
+  return readJobs(profile, true).find((job) => job.job_id === jobId || job.id === jobId) ?? null
+}
+
+function boolQuery(value: unknown, defaultValue: boolean): boolean {
+  if (value == null) return defaultValue
+  const text = String(value).toLowerCase()
+  return text === '1' || text === 'true' || text === 'yes'
+}
+
+function getBody(ctx: Context): Record<string, any> {
+  return (ctx.request.body && typeof ctx.request.body === 'object')
+    ? ctx.request.body as Record<string, any>
+    : {}
+}
+
+function getRepeatValue(repeat: unknown): number | null {
+  if (repeat == null || repeat === '') return null
+  if (typeof repeat === 'number' && Number.isFinite(repeat)) return repeat
+  if (typeof repeat === 'object') {
+    const times = (repeat as any).times
+    if (typeof times === 'number' && Number.isFinite(times)) return times
+    if (typeof times === 'string' && times.trim()) {
+      const parsed = Number(times)
+      return Number.isFinite(parsed) ? parsed : null
+    }
+    return null
+  }
+  const parsed = Number(repeat)
+  return Number.isFinite(parsed) ? parsed : null
+}
+
+function hasRepeatField(body: Record<string, any>): boolean {
+  return Object.prototype.hasOwnProperty.call(body, 'repeat')
+}
+
+function getSkills(body: Record<string, any>): string[] | null {
+  if (Array.isArray(body.skills)) {
+    return body.skills.map((skill) => String(skill || '').trim()).filter(Boolean)
+  }
+  if (typeof body.skill === 'string') {
+    const skill = body.skill.trim()
+    return skill ? [skill] : []
+  }
+  return null
+}
+
+async function runHermesCron(profile: string, args: string[]): Promise<void> {
+  const profileDir = resolveProfileDir(profile)
+  try {
+    await execHermesWithBin(getHermesBin(), args, {
+      cwd: process.cwd(),
+      env: { ...process.env, HERMES_HOME: profileDir },
+      timeout: TIMEOUT_MS,
+      maxBuffer: 1024 * 1024,
+      windowsHide: true,
+    })
+  } catch (error: any) {
+    const stderr = String(error?.stderr || '').trim()
+    const stdout = String(error?.stdout || '').trim()
+    throw new Error(stderr || stdout || error?.message || 'Hermes cron command failed')
+  }
+}
+
+function sendJobNotFound(ctx: Context): void {
+  ctx.status = 404
+  ctx.body = { error: { message: 'Job not found' } }
+}
+
+function sendCommandError(ctx: Context, error: any): void {
+  ctx.status = 500
+  ctx.body = { error: { message: error?.message || 'Hermes cron command failed' } }
+}
+
+function findCreatedJob(beforeJobs: JobRecord[], afterJobs: JobRecord[]): JobRecord | null {
+  const beforeIds = new Set(beforeJobs.map((job) => job.job_id || job.id))
+  const created = afterJobs.find((job) => !beforeIds.has(job.job_id || job.id))
+  if (created) return created
+
+  return [...afterJobs].sort((a, b) => {
+    const aTime = Date.parse(a.created_at || '') || 0
+    const bTime = Date.parse(b.created_at || '') || 0
+    return bTime - aTime
+  })[0] ?? null
+}
+
+export async function list(ctx: Context) {
+  const profile = resolveProfile(ctx)
+  const includeDisabled = boolQuery(ctx.query.include_disabled, false)
+  ctx.body = { jobs: readJobs(profile, includeDisabled) }
+}
+
+export async function get(ctx: Context) {
+  const profile = resolveProfile(ctx)
+  const job = findJob(profile, ctx.params.id)
+  if (!job) return sendJobNotFound(ctx)
+  ctx.body = { job }
+}
+
+export async function create(ctx: Context) {
+  const profile = resolveProfile(ctx)
+  const body = getBody(ctx)
+  const schedule = String(body.schedule || body.schedule_display || '').trim()
+  const prompt = String(body.prompt || '').trim()
+
+  if (!schedule) {
+    ctx.status = 400
+    ctx.body = { error: { message: 'Schedule is required' } }
+    return
+  }
+
+  const beforeJobs = readJobs(profile, true)
+  const args = ['cron', 'create']
+  const name = String(body.name || '').trim()
+  if (name) args.push('--name', name)
+  if (body.deliver != null && String(body.deliver).trim()) args.push('--deliver', String(body.deliver).trim())
+
+  const repeat = getRepeatValue(body.repeat)
+  if (repeat != null) {
+    args.push('--repeat', String(repeat))
+  } else if (hasRepeatField(body)) {
+    // Hermes CLI normalizes repeat <= 0 to an unbounded/null repeat.
+    args.push('--repeat', '0')
+  }
+
+  const skills = getSkills(body)
+  for (const skill of skills || []) args.push('--skill', skill)
+
+  if (body.script != null && String(body.script).trim()) args.push('--script', String(body.script).trim())
+  if (body.workdir != null) args.push('--workdir', String(body.workdir))
+  if (body.no_agent === true) args.push('--no-agent')
+
+  args.push(schedule)
+  if (prompt) args.push(prompt)
+
+  try {
+    await runHermesCron(profile, args)
+    const job = findCreatedJob(beforeJobs, readJobs(profile, true))
+    ctx.body = { job }
+  } catch (error: any) {
+    sendCommandError(ctx, error)
+  }
+}
+
+export async function update(ctx: Context) {
+  const profile = resolveProfile(ctx)
+  const body = getBody(ctx)
+  if (!findJob(profile, ctx.params.id)) return sendJobNotFound(ctx)
+
+  const args = ['cron', 'edit', ctx.params.id]
+  if (body.schedule != null || body.schedule_display != null) {
+    args.push('--schedule', String(body.schedule ?? body.schedule_display))
+  }
+  if (body.prompt != null) args.push('--prompt', String(body.prompt))
+  if (body.name != null) args.push('--name', String(body.name))
+  if (body.deliver != null) args.push('--deliver', String(body.deliver))
+
+  const repeat = getRepeatValue(body.repeat)
+  if (repeat != null) {
+    args.push('--repeat', String(repeat))
+  } else if (hasRepeatField(body)) {
+    // Hermes CLI normalizes repeat <= 0 to an unbounded/null repeat.
+    args.push('--repeat', '0')
+  }
+
+  const skills = getSkills(body)
+  if (skills) {
+    if (skills.length === 0) {
+      args.push('--clear-skills')
+    } else {
+      for (const skill of skills) args.push('--skill', skill)
+    }
+  }
+
+  if (body.script != null) args.push('--script', String(body.script))
+  if (body.workdir != null) args.push('--workdir', String(body.workdir))
+  if (body.no_agent === true) args.push('--no-agent')
+  if (body.no_agent === false) args.push('--agent')
+
+  try {
+    await runHermesCron(profile, args)
+    const job = findJob(profile, ctx.params.id)
+    if (!job) return sendJobNotFound(ctx)
+    ctx.body = { job }
+  } catch (error: any) {
+    sendCommandError(ctx, error)
+  }
+}
+
+export async function remove(ctx: Context) {
+  const profile = resolveProfile(ctx)
+  if (!findJob(profile, ctx.params.id)) return sendJobNotFound(ctx)
+
+  try {
+    await runHermesCron(profile, ['cron', 'remove', ctx.params.id])
+    ctx.body = { ok: true }
+  } catch (error: any) {
+    sendCommandError(ctx, error)
+  }
+}
+
+export async function pause(ctx: Context) {
+  const profile = resolveProfile(ctx)
+  if (!findJob(profile, ctx.params.id)) return sendJobNotFound(ctx)
+
+  try {
+    await runHermesCron(profile, ['cron', 'pause', ctx.params.id])
+    const job = findJob(profile, ctx.params.id)
+    ctx.body = { job }
+  } catch (error: any) {
+    sendCommandError(ctx, error)
+  }
+}
+
+export async function resume(ctx: Context) {
+  const profile = resolveProfile(ctx)
+  if (!findJob(profile, ctx.params.id)) return sendJobNotFound(ctx)
+
+  try {
+    await runHermesCron(profile, ['cron', 'resume', ctx.params.id])
+    const job = findJob(profile, ctx.params.id)
+    ctx.body = { job }
+  } catch (error: any) {
+    sendCommandError(ctx, error)
+  }
+}
+
+export async function run(ctx: Context) {
+  const profile = resolveProfile(ctx)
+  if (!findJob(profile, ctx.params.id)) return sendJobNotFound(ctx)
+
+  try {
+    await runHermesCron(profile, ['cron', 'run', ctx.params.id])
+    const job = findJob(profile, ctx.params.id)
+    ctx.body = { job }
+  } catch (error: any) {
+    sendCommandError(ctx, error)
+  }
+}
diff --git a/packages/server/src/controllers/hermes/kanban.ts b/packages/server/src/controllers/hermes/kanban.ts
new file mode 100644
index 0000000..0cc8b6b
--- /dev/null
+++ b/packages/server/src/controllers/hermes/kanban.ts
@@ -0,0 +1,784 @@
+import type { Context } from 'koa'
+import { readFile } from 'fs/promises'
+import { resolve, normalize } from 'path'
+import { homedir } from 'os'
+import * as kanbanCli from '../../services/hermes/hermes-kanban'
+import { isPathWithin } from '../../services/hermes/hermes-path'
+import { listProfileNamesFromDisk } from '../../services/hermes/hermes-profile'
+import {
+  searchSessionSummariesWithProfile,
+  getSessionDetailFromDbWithProfile,
+  getExactSessionDetailFromDbWithProfile,
+  findLatestExactSessionIdWithProfile,
+} from '../../db/hermes/sessions-db'
+import { listUserProfiles } from '../../db/hermes/users-store'
+
+const DEFAULT_PROFILE = 'default'
+
+function profileName(value: string | null | undefined): string {
+  return value?.trim() || DEFAULT_PROFILE
+}
+
+function requestedProfile(ctx: Context): string | null {
+  return ctx.state?.profile?.name || null
+}
+
+function allowedProfileSet(ctx: Context): Set<string> | null {
+  const user = ctx.state?.user
+  if (!user || user.role === 'super_admin') return null
+  return new Set(listUserProfiles(user.id).map(profile => profile.profile_name))
+}
+
+function visibleProfileSet(ctx: Context): Set<string> | null {
+  return allowedProfileSet(ctx)
+}
+
+function canUseProfile(ctx: Context, profile: string | null | undefined): boolean {
+  const allowed = allowedProfileSet(ctx)
+  return !allowed || allowed.has(profileName(profile))
+}
+
+function denyProfileAccess(ctx: Context, profile: string | null | undefined): boolean {
+  if (canUseProfile(ctx, profile)) return false
+  ctx.status = 403
+  ctx.body = { error: `Profile "${profileName(profile)}" is not available for this user` }
+  return true
+}
+
+function taskAssigneeProfile(task: { assignee: string | null }): string {
+  return profileName(task.assignee)
+}
+
+function filterTasksByVisibleProfiles(ctx: Context, tasks: kanbanCli.KanbanTask[]): kanbanCli.KanbanTask[] {
+  const visible = visibleProfileSet(ctx)
+  if (!visible) return tasks
+  return tasks.filter(task => visible.has(taskAssigneeProfile(task)))
+}
+
+function statsForTasks(tasks: kanbanCli.KanbanTask[]): kanbanCli.KanbanStats {
+  const by_status: Record<string, number> = {}
+  const by_assignee: Record<string, number> = {}
+  for (const task of tasks) {
+    by_status[task.status] = (by_status[task.status] || 0) + 1
+    const assignee = taskAssigneeProfile(task)
+    by_assignee[assignee] = (by_assignee[assignee] || 0) + 1
+  }
+  return { by_status, by_assignee, total: tasks.length }
+}
+
+function assignableProfileNames(ctx: Context): Set<string> | null {
+  const user = ctx.state?.user
+  if (!user) return null
+  if (user.role === 'super_admin') return new Set(listProfileNamesFromDisk())
+  return new Set(listUserProfiles(user.id).map(profile => profile.profile_name))
+}
+
+function assigneesForUser(ctx: Context, assignees: kanbanCli.KanbanAssignee[]): kanbanCli.KanbanAssignee[] {
+  const assignable = assignableProfileNames(ctx)
+  if (!assignable) return assignees
+
+  const byName = new Map<string, kanbanCli.KanbanAssignee>()
+  for (const assignee of assignees) {
+    const name = profileName(assignee.name)
+    if (assignable.has(name)) byName.set(name, { ...assignee, name })
+  }
+  for (const name of [...assignable].sort()) {
+    if (!byName.has(name)) byName.set(name, { name, on_disk: true, counts: null })
+  }
+  return [...byName.values()]
+}
+
+async function getVisibleTasksForBoard(ctx: Context, board: string, opts: {
+  status?: string
+  assignee?: string
+  tenant?: string
+  includeArchived?: boolean
+} = {}): Promise<kanbanCli.KanbanTask[]> {
+  if (opts.assignee && denyProfileAccess(ctx, opts.assignee)) return []
+  const tasks = await kanbanCli.listTasks({
+    board,
+    status: opts.status,
+    assignee: opts.assignee,
+    tenant: opts.tenant,
+    includeArchived: opts.includeArchived,
+  })
+  return filterTasksByVisibleProfiles(ctx, tasks)
+}
+
+function getLatestRunProfile(detail: { runs: Array<{ profile: string | null }> }): string | null {
+  return [...detail.runs].reverse().find(run => run.profile)?.profile || null
+}
+
+function firstQueryValue(value: string | string[] | undefined): string | undefined {
+  return Array.isArray(value) ? value[0] : value
+}
+
+function requestBoard(ctx: Context): string | null {
+  const rawBoard = firstQueryValue(ctx.query.board as string | string[] | undefined)
+  if (rawBoard !== undefined && !rawBoard.trim()) {
+    ctx.status = 400
+    ctx.body = { error: 'invalid board slug' }
+    return null
+  }
+  try {
+    return kanbanCli.normalizeBoardSlug(rawBoard)
+  } catch {
+    ctx.status = 400
+    ctx.body = { error: 'invalid board slug' }
+    return null
+  }
+}
+
+function validSeverity(value?: string): value is 'warning' | 'error' | 'critical' {
+  return value === undefined || value === 'warning' || value === 'error' || value === 'critical'
+}
+
+const MAX_LOG_TAIL_BYTES = 1_000_000
+const MAX_DISPATCH_TASKS = 100
+const MAX_DISPATCH_FAILURE_LIMIT = 100
+const MAX_BULK_TASKS = 100
+
+type PositiveIntegerResult = { value?: number; error?: string }
+type StringResult = { value?: string; error?: string }
+type BooleanResult = { value?: boolean; error?: string }
+type BodyResult = { body: Record<string, unknown>; error?: string }
+
+function optionalPositiveInteger(value: unknown, name: string, max: number): PositiveIntegerResult {
+  if (value === undefined || value === null || value === '') return {}
+  if (typeof value !== 'number' || !Number.isInteger(value) || value <= 0) {
+    return { error: `${name} must be a positive integer` }
+  }
+  if (value > max) {
+    return { error: `${name} must be <= ${max}` }
+  }
+  return { value }
+}
+
+function optionalPositiveIntegerQuery(value: string | undefined, name: string, max: number): PositiveIntegerResult {
+  if (value === undefined || value === '') return {}
+  const numeric = Number(value)
+  if (!Number.isInteger(numeric) || numeric <= 0) {
+    return { error: `${name} must be a positive integer` }
+  }
+  if (numeric > max) {
+    return { error: `${name} must be <= ${max}` }
+  }
+  return { value: numeric }
+}
+
+function requestBody(ctx: Context): BodyResult {
+  const body = ctx.request.body
+  if (body === undefined || body === null) return { body: {} }
+  if (typeof body !== 'object' || Array.isArray(body)) {
+    return { body: {}, error: 'request body must be an object' }
+  }
+  return { body: body as Record<string, unknown> }
+}
+
+function optionalString(value: unknown, name: string): StringResult {
+  if (value === undefined || value === null) return {}
+  if (typeof value !== 'string') return { error: `${name} must be a string` }
+  return { value }
+}
+
+function optionalNullableString(value: unknown, name: string): { value?: string | null; error?: string } {
+  if (value === undefined) return {}
+  if (value === null) return { value: null }
+  if (typeof value !== 'string') return { error: `${name} must be a string` }
+  return { value }
+}
+
+function hasOwn(body: Record<string, unknown>, key: string): boolean {
+  return Object.prototype.hasOwnProperty.call(body, key)
+}
+
+function optionalTaskStatus(value: unknown, name: string): { value?: kanbanCli.KanbanTaskStatus; error?: string } {
+  if (value === undefined || value === null) return {}
+  if (value !== 'triage' && value !== 'todo' && value !== 'ready' && value !== 'running' && value !== 'blocked' && value !== 'done' && value !== 'archived') {
+    return { error: `${name} must be a valid kanban task status` }
+  }
+  return { value }
+}
+
+function requiredNonEmptyString(value: unknown, name: string): StringResult {
+  if (typeof value !== 'string' || !value.trim()) return { error: `${name} is required` }
+  return { value }
+}
+
+function requiredNonEmptyStringArray(value: unknown, name: string): { value?: string[]; error?: string } {
+  if (!Array.isArray(value) || value.length === 0 || value.some(item => typeof item !== 'string' || !item.trim())) {
+    return { error: `${name} is required` }
+  }
+  return { value }
+}
+
+function optionalBoolean(value: unknown, name: string): BooleanResult {
+  if (value === undefined || value === null) return {}
+  if (typeof value !== 'boolean') return { error: `${name} must be boolean` }
+  return { value }
+}
+
+function optionalInteger(value: unknown, name: string): PositiveIntegerResult {
+  if (value === undefined || value === null || value === '') return {}
+  if (typeof value !== 'number' || !Number.isInteger(value)) {
+    return { error: `${name} must be an integer` }
+  }
+  return { value }
+}
+
+function rejectBadRequest(ctx: Context, error?: string): boolean {
+  if (!error) return false
+  ctx.status = 400
+  ctx.body = { error }
+  return true
+}
+
+export async function listBoards(ctx: Context) {
+  const includeArchived = firstQueryValue(ctx.query.includeArchived as string | string[] | undefined) === 'true'
+  try {
+    const boards = await kanbanCli.listBoards({ includeArchived })
+    ctx.body = { boards }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function createBoard(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const body = bodyResult.body
+  const slug = requiredNonEmptyString(body.slug, 'slug')
+  const name = optionalString(body.name, 'name')
+  const description = optionalString(body.description, 'description')
+  const icon = optionalString(body.icon, 'icon')
+  const color = optionalString(body.color, 'color')
+  const switchCurrent = optionalBoolean(body.switchCurrent, 'switchCurrent')
+  if (rejectBadRequest(ctx, slug.error || name.error || description.error || icon.error || color.error || switchCurrent.error)) return
+  try {
+    const board = await kanbanCli.createBoard({
+      slug: slug.value!,
+      name: name.value,
+      description: description.value,
+      icon: icon.value,
+      color: color.value,
+      switchCurrent: switchCurrent.value,
+    })
+    ctx.body = { board }
+  } catch (err: any) {
+    ctx.status = err.message?.includes('Invalid kanban board slug') ? 400 : 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function archiveBoard(ctx: Context) {
+  const slug = ctx.params.slug
+  if (!slug?.trim()) {
+    ctx.status = 400
+    ctx.body = { error: 'slug is required' }
+    return
+  }
+  try {
+    await kanbanCli.archiveBoard(slug)
+    ctx.body = { ok: true }
+  } catch (err: any) {
+    ctx.status = err.message?.includes('default') || err.message?.includes('Invalid kanban board slug') ? 400 : 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function capabilities(ctx: Context) {
+  try {
+    const capabilities = await kanbanCli.getCapabilities()
+    ctx.body = { capabilities }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function list(ctx: Context) {
+  const status = firstQueryValue(ctx.query.status as string | string[] | undefined)
+  const assignee = firstQueryValue(ctx.query.assignee as string | string[] | undefined)
+  const tenant = firstQueryValue(ctx.query.tenant as string | string[] | undefined)
+  const includeArchived = firstQueryValue(ctx.query.includeArchived as string | string[] | undefined) === 'true'
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    const tasks = await getVisibleTasksForBoard(ctx, board, { status, assignee, tenant, includeArchived })
+    if (ctx.status === 403) return
+    ctx.body = { tasks }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function get(ctx: Context) {
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    const detail = await kanbanCli.getTask(ctx.params.id, { board })
+    if (!detail) {
+      ctx.status = 404
+      ctx.body = { error: 'Task not found' }
+      return
+    }
+    if (!filterTasksByVisibleProfiles(ctx, [detail.task]).length) {
+      ctx.status = 404
+      ctx.body = { error: 'Task not found' }
+      return
+    }
+
+    // For terminal tasks, find related session from the worker's profile DB.
+    // Archived tasks can still carry the worker result/session users need to inspect.
+    if ((detail.task.status === 'done' || detail.task.status === 'archived') && detail.runs.length > 0) {
+      const profile = getLatestRunProfile(detail)
+      if (profile) {
+        try {
+          const exactSessionId = await findLatestExactSessionIdWithProfile(detail.task.id, profile)
+          if (exactSessionId) {
+            const sessionDetail = await getExactSessionDetailFromDbWithProfile(exactSessionId, profile)
+            if (sessionDetail) {
+              ;(detail as any).session = {
+                id: exactSessionId,
+                title: sessionDetail.title,
+                source: sessionDetail.source,
+                model: sessionDetail.model,
+                started_at: sessionDetail.started_at,
+                ended_at: sessionDetail.ended_at,
+                messages: sessionDetail.messages,
+              }
+            }
+          } else {
+            const results = await searchSessionSummariesWithProfile(detail.task.id, profile, undefined, 5)
+            if (results.length > 0) {
+              const sessionId = results[0].id
+              const sessionDetail = await getSessionDetailFromDbWithProfile(sessionId, profile)
+              if (sessionDetail) {
+                ;(detail as any).session = {
+                  id: sessionId,
+                  title: sessionDetail.title,
+                  source: sessionDetail.source,
+                  model: sessionDetail.model,
+                  started_at: sessionDetail.started_at,
+                  ended_at: sessionDetail.ended_at,
+                  messages: sessionDetail.messages,
+                }
+              }
+            }
+          }
+        } catch {
+          // Session lookup is best-effort, don't fail the whole request
+        }
+      }
+    }
+
+    ctx.body = detail
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function create(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const payload = bodyResult.body
+  const title = requiredNonEmptyString(payload.title, 'title')
+  const body = optionalString(payload.body, 'body')
+  const assignee = optionalString(payload.assignee, 'assignee')
+  const priority = optionalInteger(payload.priority, 'priority')
+  const tenant = optionalString(payload.tenant, 'tenant')
+  if (rejectBadRequest(ctx, title.error || body.error || assignee.error || priority.error || tenant.error)) return
+  const targetAssignee = assignee.value || requestedProfile(ctx) || undefined
+  if (targetAssignee && denyProfileAccess(ctx, targetAssignee)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    const task = await kanbanCli.createTask(title.value!, { board, body: body.value, assignee: targetAssignee, priority: priority.value, tenant: tenant.value })
+    ctx.body = { task }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function complete(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const payload = bodyResult.body
+  const taskIds = requiredNonEmptyStringArray(payload.task_ids, 'task_ids')
+  const summary = optionalString(payload.summary, 'summary')
+  if (rejectBadRequest(ctx, taskIds.error || summary.error)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    await kanbanCli.completeTasks(taskIds.value!, summary.value, { board })
+    ctx.body = { ok: true }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function block(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const reason = requiredNonEmptyString(bodyResult.body.reason, 'reason')
+  if (rejectBadRequest(ctx, reason.error)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    await kanbanCli.blockTask(ctx.params.id, reason.value!, { board })
+    ctx.body = { ok: true }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function unblock(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const taskIds = requiredNonEmptyStringArray(bodyResult.body.task_ids, 'task_ids')
+  if (rejectBadRequest(ctx, taskIds.error)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    await kanbanCli.unblockTasks(taskIds.value!, { board })
+    ctx.body = { ok: true }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function assign(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const profile = requiredNonEmptyString(bodyResult.body.profile, 'profile')
+  if (rejectBadRequest(ctx, profile.error)) return
+  if (denyProfileAccess(ctx, profile.value)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    await kanbanCli.assignTask(ctx.params.id, profile.value!, { board })
+    ctx.body = { ok: true }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function addComment(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const bodyPayload = bodyResult.body
+  const body = requiredNonEmptyString(bodyPayload.body, 'body')
+  const author = optionalString(bodyPayload.author, 'author')
+  if (rejectBadRequest(ctx, body.error || author.error)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    ctx.body = await kanbanCli.addComment(ctx.params.id, body.value!, { board, author: author.value })
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function linkTasks(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const parentId = requiredNonEmptyString(bodyResult.body.parent_id, 'parent_id')
+  const childId = requiredNonEmptyString(bodyResult.body.child_id, 'child_id')
+  if (rejectBadRequest(ctx, parentId.error || childId.error)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    ctx.body = await kanbanCli.linkTasks(parentId.value!.trim(), childId.value!.trim(), { board })
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function unlinkTasks(ctx: Context) {
+  const parentId = requiredNonEmptyString(firstQueryValue(ctx.query.parent_id as string | string[] | undefined), 'parent_id')
+  const childId = requiredNonEmptyString(firstQueryValue(ctx.query.child_id as string | string[] | undefined), 'child_id')
+  if (rejectBadRequest(ctx, parentId.error || childId.error)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    ctx.body = await kanbanCli.unlinkTasks(parentId.value!.trim(), childId.value!.trim(), { board })
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function bulkUpdateTasks(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const body = bodyResult.body
+  const ids = requiredNonEmptyStringArray(body.ids, 'ids')
+  const status = optionalTaskStatus(body.status, 'status')
+  const assignee = optionalNullableString(body.assignee, 'assignee')
+  const archive = optionalBoolean(body.archive, 'archive')
+  const summary = optionalString(body.summary, 'summary')
+  const reason = optionalString(body.reason, 'reason')
+  if (rejectBadRequest(ctx, ids.error || status.error || assignee.error || archive.error || summary.error || reason.error)) return
+  if (assignee.value && denyProfileAccess(ctx, assignee.value)) return
+  if (!archive.value && status.value === undefined && !hasOwn(body, 'assignee')) {
+    ctx.status = 400
+    ctx.body = { error: 'at least one bulk action is required' }
+    return
+  }
+  if (ids.value!.length > MAX_BULK_TASKS) {
+    ctx.status = 400
+    ctx.body = { error: `ids must contain <= ${MAX_BULK_TASKS} tasks` }
+    return
+  }
+  if (archive.value && status.value !== undefined) {
+    ctx.status = 400
+    ctx.body = { error: 'archive cannot be combined with status' }
+    return
+  }
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    ctx.body = await kanbanCli.bulkUpdateTasks({
+      board,
+      ids: ids.value!.map(id => id.trim()),
+      status: status.value,
+      assignee: assignee.value,
+      archive: archive.value,
+      summary: summary.value,
+      reason: reason.value,
+    })
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function taskLog(ctx: Context) {
+  const board = requestBoard(ctx)
+  if (!board) return
+  const tailRaw = firstQueryValue(ctx.query.tail as string | string[] | undefined)
+  const tail = optionalPositiveIntegerQuery(tailRaw, 'tail', MAX_LOG_TAIL_BYTES)
+  if (rejectBadRequest(ctx, tail.error)) return
+  try {
+    ctx.body = await kanbanCli.getTaskLog(ctx.params.id, { board, tail: tail.value })
+  } catch (err: any) {
+    ctx.status = err.message?.includes('not found') ? 404 : 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function diagnostics(ctx: Context) {
+  const board = requestBoard(ctx)
+  if (!board) return
+  const task = firstQueryValue(ctx.query.task as string | string[] | undefined)
+  const severity = firstQueryValue(ctx.query.severity as string | string[] | undefined)
+  if (!validSeverity(severity)) {
+    ctx.status = 400
+    ctx.body = { error: 'severity must be warning, error, or critical' }
+    return
+  }
+  try {
+    const diagnostics = await kanbanCli.getDiagnostics({ board, task, severity })
+    ctx.body = { diagnostics }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function reclaim(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const body = bodyResult.body
+  const reason = optionalString(body.reason, 'reason')
+  if (rejectBadRequest(ctx, reason.error)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    ctx.body = await kanbanCli.reclaimTask(ctx.params.id, { board, reason: reason.value })
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function reassign(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const body = bodyResult.body
+  const profile = requiredNonEmptyString(body.profile, 'profile')
+  const reclaim = optionalBoolean(body.reclaim, 'reclaim')
+  const reason = optionalString(body.reason, 'reason')
+  if (rejectBadRequest(ctx, profile.error || reclaim.error || reason.error)) return
+  if (denyProfileAccess(ctx, profile.value)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    ctx.body = await kanbanCli.reassignTask(ctx.params.id, profile.value!, { board, reclaim: reclaim.value, reason: reason.value })
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function specify(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const body = bodyResult.body
+  const author = optionalString(body.author, 'author')
+  if (rejectBadRequest(ctx, author.error)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    const results = await kanbanCli.specifyTask(ctx.params.id, { board, author: author.value })
+    ctx.body = { results }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function dispatch(ctx: Context) {
+  const bodyResult = requestBody(ctx)
+  if (rejectBadRequest(ctx, bodyResult.error)) return
+  const body = bodyResult.body
+  const dryRun = optionalBoolean(body.dryRun, 'dryRun')
+  const max = optionalPositiveInteger(body.max, 'max', MAX_DISPATCH_TASKS)
+  const failureLimit = optionalPositiveInteger(body.failureLimit, 'failureLimit', MAX_DISPATCH_FAILURE_LIMIT)
+  if (rejectBadRequest(ctx, dryRun.error || max.error || failureLimit.error)) return
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    const result = await kanbanCli.dispatch({ board, dryRun: dryRun.value, max: max.value, failureLimit: failureLimit.value })
+    ctx.body = { result }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function stats(ctx: Context) {
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    const visible = visibleProfileSet(ctx)
+    const stats = visible
+      ? statsForTasks(await getVisibleTasksForBoard(ctx, board, { includeArchived: true }))
+      : await kanbanCli.getStats({ board })
+    ctx.body = { stats }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function assignees(ctx: Context) {
+  const board = requestBoard(ctx)
+  if (!board) return
+  try {
+    const assignees = assigneesForUser(ctx, await kanbanCli.getAssignees({ board }))
+    ctx.body = { assignees }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function readArtifact(ctx: Context) {
+  const filePath = ctx.query.path as string | undefined
+  if (!filePath) {
+    ctx.status = 400
+    ctx.body = { error: 'path is required' }
+    return
+  }
+
+  const kanbanDir = resolve(homedir(), '.hermes', 'kanban', 'workspaces')
+  const resolved = resolve(normalize(filePath))
+
+  if (!isPathWithin(resolved, kanbanDir)) {
+    ctx.status = 403
+    ctx.body = { error: 'Path must be within kanban workspaces' }
+    return
+  }
+
+  try {
+    const data = await readFile(resolved, 'utf-8')
+    ctx.body = { content: data, path: filePath }
+  } catch (err: any) {
+    if (err.code === 'ENOENT') {
+      ctx.status = 404
+      ctx.body = { error: 'File not found' }
+    } else {
+      ctx.status = 500
+      ctx.body = { error: err.message }
+    }
+  }
+}
+
+export async function searchSessions(ctx: Context) {
+  const { task_id, profile, q } = ctx.query as {
+    task_id?: string
+    profile?: string
+    q?: string
+  }
+  if (!task_id || !profile) {
+    ctx.status = 400
+    ctx.body = { error: 'task_id and profile are required' }
+    return
+  }
+  if (denyProfileAccess(ctx, profile)) return
+  try {
+    if (!q) {
+      const exactSessionId = await findLatestExactSessionIdWithProfile(task_id, profile)
+      if (exactSessionId) {
+        const sessionDetail = await getExactSessionDetailFromDbWithProfile(exactSessionId, profile)
+        if (sessionDetail) {
+          ctx.body = {
+            results: [{
+              id: exactSessionId,
+              source: sessionDetail.source,
+              title: sessionDetail.title,
+              preview: sessionDetail.preview,
+              model: sessionDetail.model,
+              started_at: sessionDetail.started_at,
+              ended_at: sessionDetail.ended_at,
+              last_active: sessionDetail.last_active,
+              message_count: sessionDetail.message_count,
+              tool_call_count: sessionDetail.tool_call_count,
+              input_tokens: sessionDetail.input_tokens,
+              output_tokens: sessionDetail.output_tokens,
+              cache_read_tokens: sessionDetail.cache_read_tokens,
+              cache_write_tokens: sessionDetail.cache_write_tokens,
+              reasoning_tokens: sessionDetail.reasoning_tokens,
+              billing_provider: sessionDetail.billing_provider,
+              estimated_cost_usd: sessionDetail.estimated_cost_usd,
+              actual_cost_usd: sessionDetail.actual_cost_usd,
+              cost_status: sessionDetail.cost_status,
+              matched_message_id: null,
+              snippet: sessionDetail.preview,
+              rank: 0,
+            }],
+          }
+          return
+        }
+      }
+    }
+
+    const searchQuery = q || task_id
+    const results = await searchSessionSummariesWithProfile(searchQuery, profile, undefined, 10)
+    ctx.body = { results }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/logs.ts b/packages/server/src/controllers/hermes/logs.ts
new file mode 100644
index 0000000..05bd3a2
--- /dev/null
+++ b/packages/server/src/controllers/hermes/logs.ts
@@ -0,0 +1,123 @@
+import { existsSync, statSync } from 'fs'
+import { readFile } from 'fs/promises'
+import { join } from 'path'
+import * as hermesCli from '../../services/hermes/hermes-cli'
+import { config } from '../../config'
+
+const WEBUI_LOG_FILE = join(config.appHome, 'logs', 'server.log')
+const BRIDGE_LOG_FILE = join(config.appHome, 'logs', 'bridge.log')
+
+interface LogEntry {
+  timestamp: string; level: string; logger: string; message: string; raw: string
+}
+
+function appendPinoContext(message: string, obj: any): string {
+  const parts: string[] = []
+  const runtime = obj.runtime && typeof obj.runtime === 'object' ? obj.runtime : null
+  if (runtime) {
+    if (runtime.profile) parts.push(`profile=${runtime.profile}`)
+    if (runtime.cwd) parts.push(`cwd=${runtime.cwd}`)
+    if (runtime.profile_dir) parts.push(`profile_dir=${runtime.profile_dir}`)
+    if (runtime.config_path) parts.push(`config=${runtime.config_path}`)
+  } else if (obj.profile) {
+    parts.push(`profile=${obj.profile}`)
+  }
+  if (obj.request?.action) parts.push(`action=${obj.request.action}`)
+  if (obj.err?.message) parts.push(`error=${obj.err.message}`)
+  if (obj.sessionId) parts.push(`session=${obj.sessionId}`)
+  if (obj.runId) parts.push(`run=${obj.runId}`)
+  if (obj.status) parts.push(`status=${obj.status}`)
+  return parts.length > 0 ? `${message} ${parts.join(' ')}` : message
+}
+
+function parseLine(line: string): LogEntry {
+  try {
+    const obj = JSON.parse(line)
+    if (obj.level && obj.time) {
+      const ts = new Date(obj.time).toLocaleString('zh-CN', { hour12: false }).replace(/\//g, '-')
+      const levelMap: Record<number, string> = { 10: 'TRACE', 20: 'DEBUG', 30: 'INFO', 40: 'WARN', 50: 'ERROR', 60: 'FATAL' }
+      // Pino 日志格式: { level, time, msg, name (logger name), hostname, pid, ... }
+      const loggerName = obj.name || obj.logger || 'app'
+      const message = obj.msg || (obj.err ? obj.err.message : '')
+      const baseMessage = typeof message === 'string' ? message : JSON.stringify(message)
+      return { timestamp: ts, level: levelMap[obj.level] || 'INFO', logger: loggerName, message: appendPinoContext(baseMessage, obj), raw: line }
+    }
+  } catch {}
+  let match = line.match(/^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3})\s+(DEBUG|INFO|WARNING|ERROR|CRITICAL)\s+(\S+?):\s(.*)$/)
+  if (match) { return { timestamp: match[1], level: match[2], logger: match[3], message: match[4], raw: line } }
+  match = line.match(/^\[(\S+?)\]\s+\[(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3})\]\s+\[(DEBUG|INFO|WARNING|ERROR|CRITICAL)\]\s(.*)$/)
+  if (match) { return { timestamp: match[2], level: match[3], logger: match[1], message: match[4], raw: line } }
+  return { timestamp: '', level: '', logger: '', message: line, raw: line }
+}
+
+export async function list(ctx: any) {
+  const files = await hermesCli.listLogFiles()
+  if (existsSync(WEBUI_LOG_FILE)) {
+    try {
+      const stat = statSync(WEBUI_LOG_FILE)
+      const size = stat.size > 1024 * 1024 ? `${(stat.size / 1024 / 1024).toFixed(1)}MB` : `${(stat.size / 1024).toFixed(1)}KB`
+      const modified = stat.mtime.toLocaleString()
+      files.push({ name: 'webui', size, modified })
+    } catch { }
+  }
+  if (existsSync(BRIDGE_LOG_FILE)) {
+    try {
+      const stat = statSync(BRIDGE_LOG_FILE)
+      const size = stat.size > 1024 * 1024 ? `${(stat.size / 1024 / 1024).toFixed(1)}MB` : `${(stat.size / 1024).toFixed(1)}KB`
+      const modified = stat.mtime.toLocaleString()
+      files.push({ name: 'bridge', size, modified })
+    } catch { }
+  }
+  ctx.body = { files }
+}
+
+export async function read(ctx: any) {
+  const logName = ctx.params.name
+  const lines = ctx.query.lines ? parseInt(ctx.query.lines as string, 10) : 100
+  const level = (ctx.query.level as string) || undefined
+  const session = (ctx.query.session as string) || undefined
+  const since = (ctx.query.since as string) || undefined
+
+  if (logName === 'webui') {
+    try {
+      if (!existsSync(WEBUI_LOG_FILE)) { ctx.body = { entries: [] }; return }
+      const content = await readFile(WEBUI_LOG_FILE, 'utf-8')
+      const rawLines = content.split('\n')
+      const sliced = rawLines.length > lines ? rawLines.slice(-lines) : rawLines
+      const entries: LogEntry[] = []
+      for (const line of sliced) { if (!line.trim()) continue; entries.push(parseLine(line)) }
+      ctx.body = { entries: entries.reverse() }
+    } catch (err: any) {
+      ctx.status = 500; ctx.body = { error: err.message }
+    }
+    return
+  }
+
+  if (logName === 'bridge') {
+    try {
+      if (!existsSync(BRIDGE_LOG_FILE)) { ctx.body = { entries: [] }; return }
+      const content = await readFile(BRIDGE_LOG_FILE, 'utf-8')
+      const rawLines = content.split('\n')
+      const sliced = rawLines.length > lines ? rawLines.slice(-lines) : rawLines
+      const entries: LogEntry[] = []
+      for (const line of sliced) { if (!line.trim()) continue; entries.push(parseLine(line)) }
+      ctx.body = { entries: entries.reverse() }
+    } catch (err: any) {
+      ctx.status = 500; ctx.body = { error: err.message }
+    }
+    return
+  }
+
+  try {
+    const content = await hermesCli.readLogs(logName, lines, level, session, since)
+    const rawLines = content.split('\n')
+    const entries: (LogEntry | null)[] = []
+    for (const line of rawLines) {
+      if (line.startsWith('---') || line.trim() === '') continue
+      entries.push(parseLine(line))
+    }
+    ctx.body = { entries: entries.reverse() }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/mcp.ts b/packages/server/src/controllers/hermes/mcp.ts
new file mode 100644
index 0000000..3bd7124
--- /dev/null
+++ b/packages/server/src/controllers/hermes/mcp.ts
@@ -0,0 +1,120 @@
+import type { Context } from 'koa'
+import { bridgeMcpAction } from '../../services/hermes/mcp'
+
+function getProfile(ctx: Context): string | undefined {
+  return (ctx.state as any)?.profile?.name || undefined
+}
+
+/** Validate server name: non-empty, no control chars, no path separators */
+function isValidServerName(name: string): boolean {
+  if (!name || name.trim().length === 0) return false
+  if (name.length > 128) return false
+  // Reject path separators and control characters
+  if (/[/\\\x00-\x1f]/.test(name)) return false
+  return true
+}
+
+export async function listServers(ctx: Context) {
+  try {
+    ctx.body = await bridgeMcpAction('mcp_list', {}, getProfile(ctx))
+  } catch (err: any) {
+    ctx.status = 503
+    ctx.body = { error: err.message || 'MCP bridge not available' }
+  }
+}
+
+export async function addServer(ctx: Context) {
+  try {
+    const { name, config } = (ctx.request.body || {}) as Record<string, unknown>
+    if (typeof name !== 'string' || !isValidServerName(name)) {
+      ctx.status = 400
+      ctx.body = { error: 'Valid server name is required' }
+      return
+    }
+    if (!config || typeof config !== 'object') {
+      ctx.status = 400
+      ctx.body = { error: 'config object is required' }
+      return
+    }
+    ctx.body = await bridgeMcpAction('mcp_server_add', { name: name.trim(), config }, getProfile(ctx))
+  } catch (err: any) {
+    ctx.status = 503
+    ctx.body = { error: err.message || 'Failed to add MCP server' }
+  }
+}
+
+export async function updateServer(ctx: Context) {
+  try {
+    const name = ctx.params.name as string
+    const { config } = (ctx.request.body || {}) as Record<string, unknown>
+    if (!name || !isValidServerName(name)) {
+      ctx.status = 400
+      ctx.body = { error: 'Valid server name is required' }
+      return
+    }
+    if (!config || typeof config !== 'object') {
+      ctx.status = 400
+      ctx.body = { error: 'config object is required' }
+      return
+    }
+    ctx.body = await bridgeMcpAction('mcp_server_update', { name, config }, getProfile(ctx))
+  } catch (err: any) {
+    ctx.status = 503
+    ctx.body = { error: err.message || 'Failed to update MCP server' }
+  }
+}
+
+export async function removeServer(ctx: Context) {
+  try {
+    const name = ctx.params.name as string
+    if (!name || !isValidServerName(name)) {
+      ctx.status = 400
+      ctx.body = { error: 'Valid server name is required' }
+      return
+    }
+    ctx.body = await bridgeMcpAction('mcp_server_remove', { name }, getProfile(ctx))
+  } catch (err: any) {
+    ctx.status = 503
+    ctx.body = { error: err.message || 'Failed to remove MCP server' }
+  }
+}
+
+export async function testServer(ctx: Context) {
+  try {
+    const name = ctx.params.name as string
+    if (!name || !isValidServerName(name)) {
+      ctx.status = 400
+      ctx.body = { error: 'Valid server name is required' }
+      return
+    }
+    ctx.body = await bridgeMcpAction('mcp_server_test', { name }, getProfile(ctx))
+  } catch (err: any) {
+    ctx.status = 503
+    ctx.body = { error: err.message || 'Failed to test MCP server' }
+  }
+}
+
+export async function listTools(ctx: Context) {
+  try {
+    const server = ctx.query.server as string | undefined
+    const raw = ctx.query.raw === '1' || ctx.query.raw === 'true'
+    const payload: Record<string, any> = {}
+    if (server) payload.server = server
+    if (raw) payload.raw = true
+    ctx.body = await bridgeMcpAction('mcp_tools_list', payload, getProfile(ctx))
+  } catch (err: any) {
+    ctx.status = 503
+    ctx.body = { error: err.message || 'MCP bridge not available' }
+  }
+}
+
+export async function reloadMcp(ctx: Context) {
+  try {
+    const server = ctx.query.server as string | undefined
+    const payload = server ? { server } : {}
+    ctx.body = await bridgeMcpAction('mcp_reload', payload, getProfile(ctx))
+  } catch (err: any) {
+    ctx.status = 503
+    ctx.body = { error: err.message || 'Failed to reload MCP' }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/media.ts b/packages/server/src/controllers/hermes/media.ts
new file mode 100644
index 0000000..6070583
--- /dev/null
+++ b/packages/server/src/controllers/hermes/media.ts
@@ -0,0 +1,614 @@
+import type { Context } from 'koa'
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs'
+import { dirname, extname, isAbsolute, join, resolve } from 'path'
+import { getActiveProfileName, getProfileDir, listProfileNamesFromDisk } from '../../services/hermes/hermes-profile'
+import { config } from '../../config'
+import { readConfigYamlForProfile } from '../../services/config-helpers'
+
+const XAI_VIDEO_GENERATIONS_URL = 'https://api.x.ai/v1/videos/generations'
+const XAI_VIDEO_STATUS_URL = 'https://api.x.ai/v1/videos'
+const XAI_VIDEO_MODEL = 'grok-imagine-video'
+const APIKEY_IMAGE_PROVIDER = 'fun-codex'
+const APIKEY_IMAGE_MODEL = 'gpt-image-2'
+const APIKEY_IMAGE_TO_IMAGE_MODEL = 'gpt-5.4-mini'
+const MAX_IMAGE_BYTES = 25 * 1024 * 1024
+const DEFAULT_POLL_INTERVAL_MS = 5000
+const DEFAULT_TIMEOUT_MS = 10 * 60 * 1000
+
+type AuthJson = {
+  providers?: Record<string, any>
+  credential_pool?: Record<string, any[]>
+}
+
+type ApiKeyImageMode = 'text' | 'image' | 'edit'
+
+type FunCodexProvider = {
+  apiKey: string
+  baseUrl: string
+  model: string
+}
+
+function requestedProfileName(ctx: Context): string {
+  const headerProfile = ctx.get('x-hermes-profile')
+  const queryProfile = typeof ctx.query.profile === 'string' ? ctx.query.profile : ''
+  const body = ctx.request.body as { profile?: unknown } | undefined
+  const bodyProfile = typeof body?.profile === 'string' ? body.profile : ''
+  return (ctx.state.profile?.name || headerProfile || queryProfile || bodyProfile || '').trim()
+}
+
+function resolveMediaProfile(ctx: Context): string {
+  let requested = requestedProfileName(ctx)
+  if (!requested && ctx.state.user?.role !== 'super_admin' && !ctx.state.serverTokenAuth) {
+    const profiles = ctx.state.user?.profiles || []
+    if (profiles.length === 1) {
+      requested = profiles[0]
+    } else {
+      const err: any = new Error('Profile is required')
+      err.status = 400
+      err.code = 'profile_required'
+      throw err
+    }
+  }
+
+  const profile = requested || getActiveProfileName() || 'default'
+  if (!listProfileNamesFromDisk().includes(profile)) {
+    const err: any = new Error(`Profile "${profile}" does not exist`)
+    err.status = 404
+    err.code = 'profile_not_found'
+    throw err
+  }
+  return profile
+}
+
+function authPathForProfile(profile: string): string {
+  return join(getProfileDir(profile), 'auth.json')
+}
+
+function readJsonFile(path: string): any {
+  try {
+    return JSON.parse(readFileSync(path, 'utf-8'))
+  } catch {
+    return null
+  }
+}
+
+function buildApiUrl(baseUrl: string, pathWithV1: string): string {
+  const base = (baseUrl || 'https://api.apikey.fun/v1').replace(/\/+$/, '')
+  const apiPath = pathWithV1.startsWith('/') ? pathWithV1 : `/${pathWithV1}`
+  if (base.endsWith('/v1') && apiPath.startsWith('/v1/')) return `${base}${apiPath.slice(3)}`
+  return `${base}${apiPath}`
+}
+
+async function resolveFunCodexProvider(profile: string): Promise<FunCodexProvider | null> {
+  const hermesConfig = await readConfigYamlForProfile(profile)
+  const customProviders = Array.isArray(hermesConfig.custom_providers)
+    ? hermesConfig.custom_providers as any[]
+    : []
+  const provider = customProviders.find(entry => String(entry?.name || '').trim() === APIKEY_IMAGE_PROVIDER)
+  const apiKey = String(provider?.api_key || '').trim()
+  const baseUrl = String(provider?.base_url || '').trim()
+  if (!provider || !apiKey || !baseUrl) return null
+  return {
+    apiKey,
+    baseUrl,
+    model: String(provider?.model || '').trim(),
+  }
+}
+
+function resolveXaiToken(profile: string): { token: string; source: string } | null {
+  const envToken = String(process.env.XAI_API_KEY || '').trim()
+  if (envToken) return { token: envToken, source: 'XAI_API_KEY' }
+
+  const auth = readJsonFile(authPathForProfile(profile)) as AuthJson | null
+  const providerToken = String(auth?.providers?.['xai-oauth']?.tokens?.access_token || auth?.providers?.['xai-oauth']?.access_token || '').trim()
+  if (providerToken) return { token: providerToken, source: 'xai-oauth' }
+
+  const pool = auth?.credential_pool?.['xai-oauth']
+  if (Array.isArray(pool)) {
+    const poolToken = String(pool.find(entry => entry?.access_token)?.access_token || '').trim()
+    if (poolToken) return { token: poolToken, source: 'xai-oauth' }
+  }
+
+  return null
+}
+
+function mimeFromPath(path: string): string | null {
+  const ext = extname(path).toLowerCase()
+  if (ext === '.png') return 'image/png'
+  if (ext === '.jpg' || ext === '.jpeg') return 'image/jpeg'
+  if (ext === '.webp') return 'image/webp'
+  return null
+}
+
+function mimeFromMagic(buffer: Buffer): string | null {
+  if (buffer.length >= 8 && buffer.subarray(0, 8).equals(Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a]))) return 'image/png'
+  if (buffer.length >= 3 && buffer[0] === 0xff && buffer[1] === 0xd8 && buffer[2] === 0xff) return 'image/jpeg'
+  if (buffer.length >= 12 && buffer.subarray(0, 4).toString('ascii') === 'RIFF' && buffer.subarray(8, 12).toString('ascii') === 'WEBP') return 'image/webp'
+  return null
+}
+
+function imagePathToDataUri(imagePath: string): string {
+  const resolvedPath = isAbsolute(imagePath) ? imagePath : resolve(process.cwd(), imagePath)
+  const image = readFileSync(resolvedPath)
+  if (image.length > MAX_IMAGE_BYTES) {
+    const err: any = new Error(`image is too large (max ${MAX_IMAGE_BYTES} bytes)`)
+    err.status = 413
+    throw err
+  }
+  const mime = mimeFromMagic(image) || mimeFromPath(resolvedPath)
+  if (!mime) {
+    const err: any = new Error('unsupported image type; use png, jpeg, or webp')
+    err.status = 400
+    throw err
+  }
+  return `data:${mime};base64,${image.toString('base64')}`
+}
+
+function normalizeImageInput(body: any): string {
+  const imageUrl = typeof body.image_url === 'string' ? body.image_url.trim() : ''
+  if (imageUrl) return imageUrl
+
+  const imageBase64 = typeof body.image_base64 === 'string' ? body.image_base64.trim() : ''
+  if (imageBase64) {
+    if (imageBase64.startsWith('data:image/')) return imageBase64
+    const mime = typeof body.mime_type === 'string' ? body.mime_type.trim() : ''
+    if (!mime.startsWith('image/')) {
+      const err: any = new Error('mime_type is required when image_base64 is not a data URI')
+      err.status = 400
+      throw err
+    }
+    return `data:${mime};base64,${imageBase64}`
+  }
+
+  const imagePath = typeof body.image_path === 'string' ? body.image_path.trim() : ''
+  if (!imagePath) {
+    const err: any = new Error('image_path, image_url, or image_base64 is required')
+    err.status = 400
+    throw err
+  }
+  if (!existsSync(isAbsolute(imagePath) ? imagePath : resolve(process.cwd(), imagePath))) {
+    const err: any = new Error('image_path does not exist')
+    err.status = 404
+    throw err
+  }
+  return imagePathToDataUri(imagePath)
+}
+
+function imageDataUriToBytes(dataUri: string): { buffer: Buffer; mime: string; name: string } {
+  const match = dataUri.match(/^data:([^;,]+);base64,(.+)$/)
+  if (!match) {
+    const err: any = new Error('image_base64 must be a valid image data URI for edit mode')
+    err.status = 400
+    throw err
+  }
+  const mime = match[1]
+  if (!mime.startsWith('image/')) {
+    const err: any = new Error('image data URI must use an image mime type')
+    err.status = 400
+    throw err
+  }
+  return {
+    buffer: Buffer.from(match[2], 'base64'),
+    mime,
+    name: `source.${mime === 'image/jpeg' ? 'jpg' : mime.split('/')[1] || 'png'}`,
+  }
+}
+
+async function fetchImageBytes(url: string): Promise<{ buffer: Buffer; mime: string; name: string }> {
+  const res = await fetch(url)
+  if (!res.ok) {
+    const err: any = new Error(`image_url fetch failed: ${res.status} ${res.statusText}`)
+    err.status = 400
+    throw err
+  }
+  const mime = String(res.headers.get('content-type') || '').split(';')[0] || 'image/png'
+  if (!mime.startsWith('image/')) {
+    const err: any = new Error('image_url did not return an image')
+    err.status = 400
+    throw err
+  }
+  const buffer = Buffer.from(await res.arrayBuffer())
+  if (buffer.length > MAX_IMAGE_BYTES) {
+    const err: any = new Error(`image is too large (max ${MAX_IMAGE_BYTES} bytes)`)
+    err.status = 413
+    throw err
+  }
+  const name = new URL(url).pathname.split('/').pop() || 'source.png'
+  return { buffer, mime, name }
+}
+
+async function normalizeImageFile(body: any): Promise<{ buffer: Buffer; mime: string; name: string }> {
+  const imageUrl = typeof body.image_url === 'string' ? body.image_url.trim() : ''
+  if (imageUrl) return fetchImageBytes(imageUrl)
+
+  const imageBase64 = typeof body.image_base64 === 'string' ? body.image_base64.trim() : ''
+  if (imageBase64) {
+    const dataUri = imageBase64.startsWith('data:image/')
+      ? imageBase64
+      : `data:${String(body.mime_type || '').trim()};base64,${imageBase64}`
+    return imageDataUriToBytes(dataUri)
+  }
+
+  const imagePath = typeof body.image_path === 'string' ? body.image_path.trim() : ''
+  if (!imagePath) {
+    const err: any = new Error('image_path, image_url, or image_base64 is required')
+    err.status = 400
+    throw err
+  }
+  const resolvedPath = isAbsolute(imagePath) ? imagePath : resolve(process.cwd(), imagePath)
+  if (!existsSync(resolvedPath)) {
+    const err: any = new Error('image_path does not exist')
+    err.status = 404
+    throw err
+  }
+  const buffer = readFileSync(resolvedPath)
+  if (buffer.length > MAX_IMAGE_BYTES) {
+    const err: any = new Error(`image is too large (max ${MAX_IMAGE_BYTES} bytes)`)
+    err.status = 413
+    throw err
+  }
+  const mime = mimeFromMagic(buffer) || mimeFromPath(resolvedPath)
+  if (!mime) {
+    const err: any = new Error('unsupported image type; use png, jpeg, or webp')
+    err.status = 400
+    throw err
+  }
+  return { buffer, mime, name: resolvedPath.split(/[\\/]/).pop() || 'source.png' }
+}
+
+function normalizeDuration(value: unknown): number {
+  const duration = Number(value || 8)
+  if (!Number.isFinite(duration) || duration < 1 || duration > 15) {
+    const err: any = new Error('duration must be between 1 and 15 seconds')
+    err.status = 400
+    throw err
+  }
+  return duration
+}
+
+export function defaultMediaOutputPath(requestId: string, now = new Date()): string {
+  const safeRequestId = requestId.replace(/[^A-Za-z0-9_-]/g, '_') || `video_${now.getTime()}`
+  return join(config.appHome, 'media', `${safeRequestId}.mp4`)
+}
+
+export function defaultImageOutputPath(requestId: string, index = 0): string {
+  const safeRequestId = requestId.replace(/[^A-Za-z0-9_-]/g, '_') || `image_${Date.now()}`
+  const suffix = index > 0 ? `-${index + 1}` : ''
+  return join(config.appHome, 'media', `${safeRequestId}${suffix}.png`)
+}
+
+function normalizeImageMode(value: unknown): ApiKeyImageMode {
+  const mode = String(value || 'text').trim().toLowerCase()
+  if (mode === 'text' || mode === 'image' || mode === 'edit') return mode
+  const err: any = new Error('mode must be one of text, image, or edit')
+  err.status = 400
+  throw err
+}
+
+function normalizePositiveInt(value: unknown, fallback: number, key: string): number {
+  const parsed = Number(value || fallback)
+  if (!Number.isFinite(parsed) || parsed < 1) {
+    const err: any = new Error(`${key} must be a positive number`)
+    err.status = 400
+    throw err
+  }
+  return Math.floor(parsed)
+}
+
+function collectImageBase64(event: any, images: string[] = []): string[] {
+  if (!event || typeof event !== 'object') return images
+  for (const key of ['b64_json', 'base64', 'image_base64', 'partial_image_b64']) {
+    if (typeof event[key] === 'string' && event[key]) images.push(event[key])
+  }
+  for (const item of event.data || []) collectImageBase64(item, images)
+  for (const item of event.response?.output || []) {
+    if (typeof item?.result === 'string' && item.result) images.push(item.result)
+    collectImageBase64(item, images)
+  }
+  if (typeof event.item?.result === 'string' && event.item.result) images.push(event.item.result)
+  return images
+}
+
+function isPartialImageEvent(event: any): boolean {
+  return event?.type === 'image_generation.partial_image' ||
+    event?.type === 'response.image_generation_call.partial_image'
+}
+
+function throwIfImageStreamError(event: any): void {
+  if (event?.type !== 'error' && event?.type !== 'response.failed') return
+  const err: any = new Error(event?.response?.error?.message || event?.error?.message || 'image generation failed')
+  err.status = 502
+  throw err
+}
+
+async function readSseImageResults(res: Response, limit: number): Promise<string[]> {
+  if (!res.body) throw new Error('image generation response is not readable')
+  const reader = res.body.getReader()
+  const decoder = new TextDecoder()
+  const images: string[] = []
+  let buffer = ''
+  while (true) {
+    const { value, done } = await reader.read()
+    if (done) break
+    buffer += decoder.decode(value, { stream: true })
+    const frames = buffer.split(/\r?\n\r?\n/)
+    buffer = frames.pop() || ''
+    for (const frame of frames) {
+      const data = frame
+        .split(/\r?\n/)
+        .filter(line => line.startsWith('data:'))
+        .map(line => line.slice(5).trimStart())
+        .join('\n')
+        .trim()
+      if (!data || data === '[DONE]') continue
+      const event = JSON.parse(data)
+      throwIfImageStreamError(event)
+      if (isPartialImageEvent(event)) continue
+      collectImageBase64(event, images)
+      if (images.length >= limit) return images.slice(0, limit)
+    }
+  }
+  return images.slice(0, limit)
+}
+
+async function requestApiKeyImage(provider: FunCodexProvider, mode: ApiKeyImageMode, body: any): Promise<string[]> {
+  const prompt = typeof body.prompt === 'string' ? body.prompt.trim() : ''
+  if (!prompt) {
+    const err: any = new Error('prompt is required')
+    err.status = 400
+    throw err
+  }
+
+  const n = normalizePositiveInt(body.n, 1, 'n')
+  const timeoutMs = normalizePositiveInt(body.timeout_ms, DEFAULT_TIMEOUT_MS, 'timeout_ms')
+  const headers = {
+    Accept: 'text/event-stream',
+    Authorization: `Bearer ${provider.apiKey}`,
+  }
+
+  let res: Response
+  if (mode === 'text') {
+    res = await fetch(buildApiUrl(provider.baseUrl, '/v1/images/generations'), {
+      method: 'POST',
+      headers: { ...headers, 'Content-Type': 'application/json' },
+      signal: AbortSignal.timeout(timeoutMs),
+      body: JSON.stringify({
+        model: body.model || APIKEY_IMAGE_MODEL,
+        prompt,
+        n,
+        size: body.size || '1024x1024',
+        quality: body.quality || 'auto',
+        stream: true,
+        response_format: 'b64_json',
+      }),
+    })
+  } else if (mode === 'image') {
+    res = await fetch(buildApiUrl(provider.baseUrl, '/v1/responses'), {
+      method: 'POST',
+      headers: { ...headers, 'Content-Type': 'application/json' },
+      signal: AbortSignal.timeout(timeoutMs),
+      body: JSON.stringify({
+        model: body.model || provider.model || APIKEY_IMAGE_TO_IMAGE_MODEL,
+        stream: true,
+        input: [{
+          role: 'user',
+          content: [
+            { type: 'input_text', text: prompt },
+            { type: 'input_image', image_url: normalizeImageInput(body) },
+          ],
+        }],
+        tools: [{
+          type: 'image_generation',
+          model: body.image_model || APIKEY_IMAGE_MODEL,
+          size: body.size || '1024x1024',
+          quality: body.quality || 'auto',
+          output_format: body.output_format || 'png',
+        }],
+        tool_choice: { type: 'image_generation' },
+      }),
+    })
+  } else {
+    const image = await normalizeImageFile(body)
+    const imageBytes = new Uint8Array(image.buffer.byteLength)
+    imageBytes.set(image.buffer)
+    const form = new FormData()
+    form.append('image', new Blob([imageBytes.buffer], { type: image.mime }), image.name)
+    form.append('prompt', prompt)
+    form.append('model', body.model || APIKEY_IMAGE_MODEL)
+    form.append('n', String(n))
+    form.append('quality', body.quality || 'auto')
+    form.append('size', body.size || '1024x1024')
+    form.append('stream', 'true')
+    form.append('response_format', 'b64_json')
+    res = await fetch(buildApiUrl(provider.baseUrl, '/v1/images/edits'), {
+      method: 'POST',
+      headers,
+      signal: AbortSignal.timeout(timeoutMs),
+      body: form,
+    })
+  }
+
+  if (!res.ok) {
+    const detail = await res.text().catch(() => '')
+    const err: any = new Error(`image generation request failed: ${res.status} ${detail || res.statusText}`)
+    err.status = res.status === 401 || res.status === 403 ? 502 : 502
+    throw err
+  }
+  const images = await readSseImageResults(res, n)
+  if (images.length === 0) {
+    const err: any = new Error('image generation stream ended without image data')
+    err.status = 502
+    throw err
+  }
+  return images
+}
+
+function saveGeneratedImages(images: string[], requestedOutputPath?: string): string[] {
+  return images.map((image, index) => {
+    const outputPath = requestedOutputPath && images.length === 1
+      ? requestedOutputPath
+      : requestedOutputPath
+        ? requestedOutputPath.replace(/(\.[^.\\/]+)?$/, `${index > 0 ? `-${index + 1}` : ''}$1`)
+        : defaultImageOutputPath(`image_${Date.now()}`, index)
+    mkdirSync(dirname(outputPath), { recursive: true })
+    writeFileSync(outputPath, Buffer.from(image, 'base64'))
+    return outputPath
+  })
+}
+
+export async function apiKeyImageGenerate(ctx: Context) {
+  let profile: string
+  try {
+    profile = resolveMediaProfile(ctx)
+  } catch (err: any) {
+    ctx.status = err.status || 400
+    ctx.body = { error: err.message || String(err), code: err.code || 'invalid_profile' }
+    return
+  }
+
+  const provider = await resolveFunCodexProvider(profile)
+  if (!provider) {
+    ctx.status = 401
+    ctx.body = {
+      error: `Missing fun-codex provider in profile "${profile}" config.yaml.`,
+      code: 'missing_fun_codex_provider',
+    }
+    return
+  }
+
+  const body = ctx.request.body as any
+  try {
+    const mode = normalizeImageMode(body.mode)
+    const images = await requestApiKeyImage(provider, mode, body)
+    const requestedOutputPath = typeof body.output_path === 'string' ? body.output_path.trim() : ''
+    const outputPaths = saveGeneratedImages(images, requestedOutputPath || undefined)
+    ctx.body = {
+      ok: true,
+      mode,
+      output_paths: outputPaths,
+      provider: APIKEY_IMAGE_PROVIDER,
+      base_url: provider.baseUrl,
+      profile,
+    }
+  } catch (err: any) {
+    ctx.status = err.status || 500
+    ctx.body = {
+      error: err.message || String(err),
+      code: err.code || 'image_generation_failed',
+    }
+  }
+}
+
+async function requestXaiJson(url: string, token: string, init: RequestInit = {}): Promise<any> {
+  const res = await fetch(url, {
+    ...init,
+    headers: {
+      Accept: 'application/json',
+      Authorization: `Bearer ${token}`,
+      ...(init.headers || {}),
+    },
+  })
+  const text = await res.text()
+  let data: any = null
+  try { data = text ? JSON.parse(text) : null } catch {}
+  if (!res.ok) {
+    const detail = data?.error?.message || data?.error || text || res.statusText
+    const err: any = new Error(`xAI request failed: ${res.status} ${detail}`)
+    err.status = res.status === 401 || res.status === 403 ? 502 : 502
+    throw err
+  }
+  return data
+}
+
+async function downloadVideo(url: string, outputPath: string): Promise<void> {
+  const res = await fetch(url)
+  if (!res.ok) throw new Error(`failed to download generated video: ${res.status} ${res.statusText}`)
+  const arrayBuffer = await res.arrayBuffer()
+  const buffer = Buffer.from(arrayBuffer)
+  mkdirSync(dirname(outputPath), { recursive: true })
+  writeFileSync(outputPath, buffer)
+}
+
+export async function grokImageToVideo(ctx: Context) {
+  let profile: string
+  try {
+    profile = resolveMediaProfile(ctx)
+  } catch (err: any) {
+    ctx.status = err.status || 400
+    ctx.body = { error: err.message || String(err), code: err.code || 'invalid_profile' }
+    return
+  }
+
+  const tokenInfo = resolveXaiToken(profile)
+  if (!tokenInfo) {
+    ctx.status = 401
+    ctx.body = {
+      error: `Missing xAI token for profile "${profile}". Set XAI_API_KEY or complete xAI OAuth login first.`,
+      code: 'missing_xai_token',
+    }
+    return
+  }
+
+  const body = ctx.request.body as any
+  const prompt = typeof body.prompt === 'string' ? body.prompt.trim() : ''
+  if (!prompt) {
+    ctx.status = 400
+    ctx.body = { error: 'prompt is required', code: 'missing_prompt' }
+    return
+  }
+
+  try {
+    const image = normalizeImageInput(body)
+    const duration = normalizeDuration(body.duration)
+    const rawTimeoutMs = Number(body.timeout_ms || DEFAULT_TIMEOUT_MS)
+    const timeoutMs = Number.isFinite(rawTimeoutMs)
+      ? Math.max(10000, Math.min(rawTimeoutMs, 30 * 60 * 1000))
+      : DEFAULT_TIMEOUT_MS
+    const requestedOutputPath = typeof body.output_path === 'string' ? body.output_path.trim() : ''
+
+    const started = await requestXaiJson(XAI_VIDEO_GENERATIONS_URL, tokenInfo.token, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        model: XAI_VIDEO_MODEL,
+        prompt,
+        image: { url: image },
+        duration,
+      }),
+    })
+    const requestId = String(started?.request_id || '').trim()
+    if (!requestId) throw new Error('xAI response missing request_id')
+
+    const deadline = Date.now() + timeoutMs
+    let latest: any = null
+    while (Date.now() < deadline) {
+      await new Promise(resolve => setTimeout(resolve, DEFAULT_POLL_INTERVAL_MS))
+      latest = await requestXaiJson(`${XAI_VIDEO_STATUS_URL}/${encodeURIComponent(requestId)}`, tokenInfo.token)
+      if (latest?.status === 'done') {
+        const videoUrl = String(latest?.video?.url || '').trim()
+        const outputPath = requestedOutputPath || defaultMediaOutputPath(requestId)
+        if (videoUrl) await downloadVideo(videoUrl, outputPath)
+        ctx.body = {
+          request_id: requestId,
+          status: latest.status,
+          video_url: videoUrl,
+          output_path: outputPath,
+          token_source: tokenInfo.source,
+          profile,
+        }
+        return
+      }
+      if (latest?.status === 'expired' || latest?.status === 'failed' || latest?.status === 'error') {
+        ctx.status = 502
+        ctx.body = { request_id: requestId, status: latest.status, error: latest?.error || 'xAI video generation failed' }
+        return
+      }
+    }
+
+    ctx.status = 504
+    ctx.body = { request_id: requestId, status: latest?.status || 'pending', error: 'Timed out waiting for xAI video generation' }
+  } catch (err: any) {
+    ctx.status = err.status || 500
+    ctx.body = { error: err.message || String(err) }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/memory.ts b/packages/server/src/controllers/hermes/memory.ts
new file mode 100644
index 0000000..7a06b7a
--- /dev/null
+++ b/packages/server/src/controllers/hermes/memory.ts
@@ -0,0 +1,57 @@
+import { mkdir, writeFile } from 'fs/promises'
+import { join } from 'path'
+import { safeReadFile, safeStat } from '../../services/config-helpers'
+import { getActiveProfileName, getProfileDir } from '../../services/hermes/hermes-profile'
+
+function requestedProfile(ctx: any): string {
+  return ctx.state?.profile?.name || getActiveProfileName() || 'default'
+}
+
+function requestProfileDir(ctx: any): string {
+  return getProfileDir(requestedProfile(ctx))
+}
+
+export async function get(ctx: any) {
+  const hd = requestProfileDir(ctx)
+  const memoryPath = join(hd, 'memories', 'MEMORY.md')
+  const userPath = join(hd, 'memories', 'USER.md')
+  const soulPath = join(hd, 'SOUL.md')
+  const [memory, user, soul, memoryStat, userStat, soulStat] = await Promise.all([
+    safeReadFile(memoryPath), safeReadFile(userPath), safeReadFile(soulPath),
+    safeStat(memoryPath), safeStat(userPath), safeStat(soulPath),
+  ])
+  ctx.body = {
+    memory: memory || '', user: user || '', soul: soul || '',
+    memory_mtime: memoryStat?.mtime || null, user_mtime: userStat?.mtime || null, soul_mtime: soulStat?.mtime || null,
+  }
+}
+
+export async function save(ctx: any) {
+  const { section, content } = ctx.request.body as { section: string; content: string }
+  if (!section || !content) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing section or content' }
+    return
+  }
+  if (section !== 'memory' && section !== 'user' && section !== 'soul') {
+    ctx.status = 400
+    ctx.body = { error: 'Section must be "memory", "user", or "soul"' }
+    return
+  }
+  let filePath: string
+  const hd = requestProfileDir(ctx)
+  if (section === 'soul') {
+    filePath = join(hd, 'SOUL.md')
+  } else {
+    const fileName = section === 'memory' ? 'MEMORY.md' : 'USER.md'
+    await mkdir(join(hd, 'memories'), { recursive: true })
+    filePath = join(hd, 'memories', fileName)
+  }
+  try {
+    await writeFile(filePath, content, 'utf-8')
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/models.ts b/packages/server/src/controllers/hermes/models.ts
new file mode 100644
index 0000000..b52fa0f
--- /dev/null
+++ b/packages/server/src/controllers/hermes/models.ts
@@ -0,0 +1,1086 @@
+import { readFile } from 'fs/promises'
+import { existsSync, readFileSync } from 'fs'
+import { join } from 'path'
+import { getActiveEnvPath, getActiveAuthPath, getActiveProfileName, getProfileDir, listProfileNamesFromDisk } from '../../services/hermes/hermes-profile'
+import { readConfigYaml, readConfigYamlForProfile, updateConfigYaml, updateConfigYamlForProfile, fetchProviderModels, buildModelGroups, PROVIDER_ENV_MAP } from '../../services/config-helpers'
+import { buildProviderModelMap, PROVIDER_PRESETS } from '../../shared/providers'
+import { getCopilotModelsDetailed, resolveCopilotOAuthToken, type CopilotModelMeta } from '../../services/hermes/copilot-models'
+import { readAppConfig, writeAppConfig, type ModelVisibilityRule } from '../../services/app-config'
+import { getDb } from '../../db'
+import { MODEL_CONTEXT_TABLE } from '../../db/hermes/schemas'
+import { listUserProfiles } from '../../db/hermes/users-store'
+
+const PROVIDER_MODEL_CATALOG = buildProviderModelMap()
+
+type ModelMeta = { preview?: boolean; disabled?: boolean; alias?: string }
+type AvailableGroup = { provider: string; label: string; base_url: string; models: string[]; api_key: string; builtin?: boolean; model_meta?: Record<string, ModelMeta>; available_models?: string[]; base_url_env?: string }
+type ModelVisibility = Record<string, ModelVisibilityRule>
+type CustomModels = Record<string, string[]>
+
+const RESERVED_ALIAS_KEYS = new Set(['__proto__', 'prototype', 'constructor'])
+
+function isSafeAliasKey(value: string): boolean {
+  const trimmed = value.trim()
+  return !!trimmed && trimmed.length <= 512 && !RESERVED_ALIAS_KEYS.has(trimmed)
+}
+
+function createAliasMap(): Record<string, string> {
+  return Object.create(null) as Record<string, string>
+}
+
+function createProviderAliasMap(): Record<string, Record<string, string>> {
+  return Object.create(null) as Record<string, Record<string, string>>
+}
+
+function normalizeAliases(value: unknown): Record<string, Record<string, string>> {
+  const normalized = createProviderAliasMap()
+  if (!value || typeof value !== 'object' || Array.isArray(value)) return normalized
+  for (const [provider, models] of Object.entries(value as Record<string, unknown>)) {
+    if (!isSafeAliasKey(provider) || !models || typeof models !== 'object' || Array.isArray(models)) continue
+    for (const [model, alias] of Object.entries(models as Record<string, unknown>)) {
+      if (!isSafeAliasKey(model) || typeof alias !== 'string') continue
+      const trimmed = alias.trim()
+      if (!trimmed || trimmed.length > 512) continue
+      if (!Object.hasOwn(normalized, provider)) normalized[provider] = createAliasMap()
+      normalized[provider][model] = trimmed
+    }
+  }
+  return normalized
+}
+
+function applyModelAliases<T extends { provider: string; models: string[]; model_meta?: Record<string, ModelMeta> }>(groups: T[], aliases: Record<string, Record<string, string>>): T[] {
+  return groups.map((group) => {
+    const providerAliases = aliases[group.provider]
+    if (!providerAliases) return group
+    const modelMeta: Record<string, ModelMeta> = { ...(group.model_meta || {}) }
+    let changed = false
+    for (const model of group.models) {
+      const alias = providerAliases[model]
+      if (!alias) continue
+      modelMeta[model] = { ...(modelMeta[model] || {}), alias }
+      changed = true
+    }
+    return changed ? { ...group, model_meta: modelMeta } : group
+  })
+}
+
+function uniqueStrings(values: unknown): string[] {
+  if (!Array.isArray(values)) return []
+  return Array.from(new Set(values.map(v => String(v || '').trim()).filter(Boolean)))
+}
+
+function normalizeCustomModels(input: unknown): CustomModels {
+  if (!input || typeof input !== 'object' || Array.isArray(input)) return {}
+  const out: CustomModels = {}
+  for (const [provider, rawModels] of Object.entries(input as Record<string, unknown>)) {
+    const providerKey = String(provider || '').trim()
+    if (!providerKey) continue
+    const models = uniqueStrings(rawModels)
+    if (models.length > 0) out[providerKey] = models
+  }
+  return out
+}
+
+function applyCustomModels(groups: AvailableGroup[], customModels: CustomModels): AvailableGroup[] {
+  return groups.map(group => {
+    const extra = customModels[group.provider] || []
+    if (!extra.length) return group
+    const models = [...new Set([...group.models, ...extra])]
+    const availableModels = [...new Set([...(group.available_models || group.models), ...extra])]
+    return { ...group, models, available_models: availableModels }
+  })
+}
+
+function providerPresetToGroup(p: any, models?: string[]): AvailableGroup {
+  const envMapping = PROVIDER_ENV_MAP[p.value]
+  return {
+    provider: p.value,
+    label: p.label,
+    base_url: p.base_url,
+    models: models || p.models,
+    api_key: '',
+    ...(p.builtin ? { builtin: true } : {}),
+    ...(envMapping?.base_url_env ? { base_url_env: envMapping.base_url_env } : {}),
+  }
+}
+
+function normalizeModelVisibility(input: unknown): ModelVisibility {
+  if (!input || typeof input !== 'object' || Array.isArray(input)) return {}
+  const out: ModelVisibility = {}
+  for (const [provider, rawRule] of Object.entries(input as Record<string, unknown>)) {
+    const providerKey = String(provider || '').trim()
+    if (!providerKey || !rawRule || typeof rawRule !== 'object' || Array.isArray(rawRule)) continue
+    const rule = rawRule as { mode?: unknown; models?: unknown }
+    const mode = rule.mode === 'include' ? 'include' : 'all'
+    const models = uniqueStrings(rule.models)
+    if (mode === 'include') {
+      if (models.length > 0) out[providerKey] = { mode, models }
+    } else {
+      out[providerKey] = { mode: 'all', models: [] }
+    }
+  }
+  return out
+}
+
+function filterModelsForProvider(provider: string, models: string[], visibility: ModelVisibility): string[] {
+  const rule = visibility[provider]
+  if (!rule || rule.mode !== 'include') return models
+  const allowed = new Set(rule.models)
+  const visible = models.filter(model => allowed.has(model))
+  // If a stale hand-edited rule references models that are no longer present,
+  // fail open so the provider remains recoverable from the Web UI.
+  return visible.length > 0 ? visible : models
+}
+
+function applyModelVisibility(groups: AvailableGroup[], visibility: ModelVisibility): AvailableGroup[] {
+  return groups
+    .map(group => {
+      const availableModels = group.available_models || group.models
+      return {
+        ...group,
+        available_models: availableModels,
+        models: filterModelsForProvider(group.provider, availableModels, visibility),
+      }
+    })
+    .filter(group => group.models.length > 0)
+}
+
+function resolveVisibleDefault(defaultModel: string, defaultProvider: string, groups: AvailableGroup[]) {
+  if (defaultModel) {
+    const explicit = groups.find(group => group.provider === defaultProvider && group.models.includes(defaultModel))
+    if (explicit) return { defaultModel, defaultProvider }
+    const inferred = groups.find(group => group.models.includes(defaultModel))
+    if (inferred) return { defaultModel, defaultProvider: inferred.provider }
+  }
+  const fallback = groups.find(group => group.models.length > 0)
+  return { defaultModel: fallback?.models[0] || '', defaultProvider: fallback?.provider || '' }
+}
+
+function profileEnvPath(profile: string): string {
+  return join(getProfileDir(profile), '.env')
+}
+
+function profileAuthPath(profile: string): string {
+  return join(getProfileDir(profile), 'auth.json')
+}
+
+function envReader(envContent: string) {
+  const envHasValue = (key: string): boolean => {
+    if (!key) return false
+    const match = envContent.match(new RegExp(`^${key}\\s*=\\s*(.+)`, 'm'))
+    return !!match && match[1].trim() !== '' && !match[1].trim().startsWith('#')
+  }
+  const envGetValue = (key: string): string => {
+    if (!key) return ''
+    const match = envContent.match(new RegExp(`^${key}\\s*=\\s*(.+)`, 'm'))
+    return match?.[1]?.trim() || ''
+  }
+  return { envHasValue, envGetValue }
+}
+
+function providerKeyForCustom(name: string): string {
+  return `custom:${name.trim().toLowerCase().replace(/ /g, '-')}`
+}
+
+function providerKeyWithoutCustomPrefix(providerKey: string): string {
+  return providerKey.startsWith('custom:') ? providerKey.slice('custom:'.length) : providerKey
+}
+
+function isBuiltinProviderKey(providerKey: string): boolean {
+  const normalized = providerKeyWithoutCustomPrefix(providerKey)
+  return PROVIDER_PRESETS.some((preset: any) => preset.value === normalized && preset.builtin === true)
+}
+
+function providerShouldFetchLiveModels(providerKey: string): boolean {
+  return providerKey === 'openrouter' ||
+    providerKey === 'cliproxyapi' ||
+    providerKey === 'ollama-cloud' ||
+    providerKey === 'lmstudio'
+}
+
+function includeConfiguredDefaultModel(providerKey: string, modelsList: string[], currentDefault: string, currentDefaultProvider: string): string[] {
+  if (!currentDefault || providerKey !== currentDefaultProvider) return modelsList
+  return [...new Set([...modelsList, currentDefault])]
+}
+
+function mergeAvailableGroups(groups: AvailableGroup[]): AvailableGroup[] {
+  const byProvider = new Map<string, AvailableGroup>()
+  for (const group of groups) {
+    const existing = byProvider.get(group.provider)
+    if (!existing) {
+      byProvider.set(group.provider, {
+        ...group,
+        models: [...new Set(group.models)],
+        available_models: [...new Set(group.available_models || group.models)],
+        model_meta: group.model_meta ? { ...group.model_meta } : undefined,
+      })
+      continue
+    }
+    existing.models = [...new Set([...existing.models, ...group.models])]
+    existing.available_models = [...new Set([...(existing.available_models || existing.models), ...(group.available_models || group.models)])]
+    existing.api_key = existing.api_key || group.api_key
+    existing.base_url = existing.base_url || group.base_url
+    existing.builtin = existing.builtin || group.builtin
+    existing.model_meta = { ...(existing.model_meta || {}), ...(group.model_meta || {}) }
+    if (existing.model_meta && Object.keys(existing.model_meta).length === 0) delete existing.model_meta
+  }
+  return [...byProvider.values()]
+}
+
+type ProviderFetchCache = Map<string, Promise<string[]>>
+
+function requestedProfileName(ctx: any): string {
+  const queryProfile = ctx.query?.profile
+  return typeof queryProfile === 'string' && queryProfile.trim() ? queryProfile.trim() : ''
+}
+
+function requestScopedProfileName(ctx: any): string {
+  const headerProfile = typeof ctx.get === 'function' ? ctx.get('x-hermes-profile') : ''
+  const queryProfile = typeof ctx.query?.profile === 'string' ? ctx.query.profile : ''
+  const bodyProfile = typeof ctx.request?.body?.profile === 'string' ? ctx.request.body.profile : ''
+  return ctx.state?.profile?.name ||
+    headerProfile.trim() ||
+    queryProfile.trim() ||
+    bodyProfile.trim() ||
+    getActiveProfileName() ||
+    'default'
+}
+
+function visibleProfileNamesForUser(ctx: any): string[] {
+  const diskProfiles = listProfileNamesFromDisk()
+  const user = ctx.state?.user
+  if (!user || user.role === 'super_admin') return diskProfiles
+  const allowed = new Set(listUserProfiles(user.id).map(profile => profile.profile_name))
+  return diskProfiles.filter(profile => allowed.has(profile))
+}
+
+function cachedProviderModels(
+  cache: ProviderFetchCache,
+  baseUrl: string,
+  apiKey: string,
+  freeOnly = false,
+): Promise<string[]> {
+  const key = `${baseUrl.replace(/\/+$/, '')}\n${apiKey}\n${freeOnly ? 'free' : 'all'}`
+  let pending = cache.get(key)
+  if (!pending) {
+    pending = fetchProviderModels(baseUrl, apiKey, freeOnly)
+    cache.set(key, pending)
+  }
+  return pending
+}
+
+
+// Copilot 授权检测：复用同一套 token 解析逻辑（含 ~/.config/github-copilot/apps.json
+// 与 ghp_ PAT 跳过），与 getCopilotModels 行为一致，避免出现"模型能拉到却被判未授权"。
+async function isCopilotAuthorized(envContent: string): Promise<boolean> {
+  return !!(await resolveCopilotOAuthToken(envContent))
+}
+
+async function buildAvailableForProfile(
+  profile: string,
+  fetchCache: ProviderFetchCache,
+  appConfig: Awaited<ReturnType<typeof readAppConfig>>,
+): Promise<{
+  profile: string
+  default: string
+  default_provider: string
+  groups: AvailableGroup[]
+}> {
+  const config = await readConfigYamlForProfile(profile)
+  const modelSection = config.model
+  let currentDefault = ''
+  let currentDefaultProvider = ''
+  if (typeof modelSection === 'object' && modelSection !== null) {
+    currentDefault = String(modelSection.default || '').trim()
+    currentDefaultProvider = String(modelSection.provider || '').trim()
+    if (currentDefaultProvider === 'custom' && currentDefault) {
+      const cps = Array.isArray(config.custom_providers) ? config.custom_providers as any[] : []
+      const match = cps.find(
+        (cp: any) => cp.base_url?.replace(/\/+$/, '') === String(modelSection.base_url || '').replace(/\/+$/, '')
+          && cp.model === currentDefault,
+      )
+      if (match) currentDefaultProvider = providerKeyForCustom(String(match.name || ''))
+    }
+  } else if (typeof modelSection === 'string') {
+    currentDefault = modelSection.trim()
+  }
+
+  let envContent = ''
+  try { envContent = await readFile(profileEnvPath(profile), 'utf-8') } catch {}
+  const { envHasValue, envGetValue } = envReader(envContent)
+
+  const isOAuthAuthorized = (providerKey: string): boolean => {
+    try {
+      const authPath = profileAuthPath(profile)
+      if (!existsSync(authPath)) return false
+      const auth = JSON.parse(readFileSync(authPath, 'utf-8'))
+      const provider = auth.providers?.[providerKey]
+      const pool = auth.credential_pool?.[providerKey]
+      return !!(
+        provider?.tokens?.access_token ||
+        provider?.access_token ||
+        (Array.isArray(pool) && pool.some((entry: any) => entry?.access_token))
+      )
+    } catch { return false }
+  }
+
+  let copilotLiveModels: CopilotModelMeta[] | null = null
+  const getCopilotLive = async (): Promise<CopilotModelMeta[]> => {
+    if (copilotLiveModels !== null) return copilotLiveModels
+    try { copilotLiveModels = await getCopilotModelsDetailed(envContent) }
+    catch { copilotLiveModels = [] }
+    return copilotLiveModels
+  }
+
+  const groups: AvailableGroup[] = []
+  const seenProviders = new Set<string>()
+  const addGroup = (provider: string, label: string, base_url: string, models: string[], api_key: string, builtin?: boolean, model_meta?: Record<string, ModelMeta>) => {
+    if (seenProviders.has(provider)) return
+    seenProviders.add(provider)
+    const availableModels = [...new Set(models)]
+    groups.push({ provider, label, base_url, models: availableModels, available_models: availableModels, api_key, ...(builtin ? { builtin: true } : {}), ...(model_meta ? { model_meta } : {}) })
+  }
+
+  const copilotEnabled = appConfig.copilotEnabled === true
+  if (!copilotEnabled && currentDefaultProvider.toLowerCase() === 'copilot') {
+    currentDefault = ''
+    currentDefaultProvider = ''
+  }
+
+  for (const [providerKey, envMapping] of Object.entries(PROVIDER_ENV_MAP)) {
+    if (envMapping.api_key_env && !envHasValue(envMapping.api_key_env)) continue
+    if (!envMapping.api_key_env) {
+      if (providerKey === 'copilot') {
+        if (!copilotEnabled) continue
+        if (!(await isCopilotAuthorized(envContent))) continue
+      } else if (!isOAuthAuthorized(providerKey)) {
+        continue
+      }
+    }
+    const preset = PROVIDER_PRESETS.find((p: any) => p.value === providerKey)
+    const label = preset?.label || providerKey.replace(/^custom:/, '')
+    let baseUrl = preset?.base_url || ''
+    if (envMapping.base_url_env && envHasValue(envMapping.base_url_env)) {
+      baseUrl = envGetValue(envMapping.base_url_env) || baseUrl
+    }
+    const catalogModels = PROVIDER_MODEL_CATALOG[providerKey]
+    let modelsList: string[] = catalogModels && catalogModels.length > 0 ? [...catalogModels] : []
+    let modelMeta: Record<string, ModelMeta> | undefined
+    if (providerKey === 'copilot') {
+      const live = await getCopilotLive()
+      if (live.length > 0) {
+        modelsList = live.map((m) => m.id)
+        modelMeta = {}
+        for (const m of live) {
+          if (m.preview || m.disabled) {
+            modelMeta[m.id] = {
+              ...(m.preview ? { preview: true } : {}),
+              ...(m.disabled ? { disabled: true } : {}),
+            }
+          }
+        }
+        if (Object.keys(modelMeta).length === 0) modelMeta = undefined
+      }
+    } else if (providerShouldFetchLiveModels(providerKey)) {
+      if (envMapping.api_key_env) {
+        const apiKey = envGetValue(envMapping.api_key_env)
+        if (apiKey) {
+          try {
+            const fetched = await cachedProviderModels(fetchCache, baseUrl, apiKey, providerKey === 'openrouter')
+            if (fetched.length > 0) modelsList = fetched
+          } catch { /* ignore live catalog failures */ }
+        }
+      }
+    }
+    modelsList = includeConfiguredDefaultModel(providerKey, modelsList, currentDefault, currentDefaultProvider)
+    if (modelsList.length > 0) {
+      const apiKey = envMapping.api_key_env ? envGetValue(envMapping.api_key_env) : ''
+      addGroup(providerKey, label, baseUrl, modelsList, apiKey, true, modelMeta)
+    }
+  }
+
+  const customProviders = Array.isArray(config.custom_providers)
+    ? config.custom_providers as Array<{ name: string; base_url: string; model: string; api_key?: string }>
+    : []
+  const customFetches = await Promise.allSettled(
+    customProviders.map(async cp => {
+      if (!cp.base_url) return null
+      const providerKey = providerKeyForCustom(cp.name)
+      const baseUrl = cp.base_url.replace(/\/+$/, '')
+      let models = [cp.model].filter(Boolean)
+      if (cp.api_key) {
+        const fetched = await cachedProviderModels(fetchCache, baseUrl, cp.api_key)
+        if (fetched.length > 0) models = [...new Set([...models, ...fetched])]
+      }
+      return { providerKey, label: cp.name, base_url: baseUrl, models, api_key: cp.api_key || '', builtin: isBuiltinProviderKey(providerKey) }
+    }),
+  )
+  for (const result of customFetches) {
+    if (result.status === 'fulfilled' && result.value?.models.length) {
+      const { providerKey, label, base_url, models, api_key, builtin } = result.value
+      addGroup(providerKey, label, base_url, models, api_key, builtin)
+    }
+  }
+
+  if (groups.length === 0) {
+    const fallback = buildModelGroups(config)
+    for (const group of fallback.groups) {
+      const models = group.models.map(model => model.id)
+      if (models.length) addGroup(group.provider, group.provider, '', models, '')
+    }
+    currentDefault = currentDefault || fallback.default
+  }
+
+  for (const g of groups) {
+    g.models = Array.from(new Set(g.models))
+    g.available_models = Array.from(new Set(g.available_models || g.models))
+  }
+  const groupsWithCustomModels = applyCustomModels(groups, normalizeCustomModels(appConfig.customModels))
+
+  return { profile, default: currentDefault, default_provider: currentDefaultProvider, groups: groupsWithCustomModels }
+}
+
+export async function getAvailable(ctx: any) {
+  try {
+    const requestedProfile = requestedProfileName(ctx)
+    if (!requestedProfile) {
+      const appConfig = await readAppConfig()
+      const modelAliases = normalizeAliases(appConfig.modelAliases)
+      const modelVisibility = normalizeModelVisibility(appConfig.modelVisibility)
+      const customModels = normalizeCustomModels(appConfig.customModels)
+      const fetchCache: ProviderFetchCache = new Map()
+      const visibleProfiles = visibleProfileNamesForUser(ctx)
+      const profileResults = await Promise.all(
+        visibleProfiles.map(profile => buildAvailableForProfile(profile, fetchCache, appConfig)),
+      )
+      const mergedGroups = mergeAvailableGroups(profileResults.flatMap(result => result.groups))
+      const groupsWithAliases = applyModelAliases(mergedGroups, modelAliases)
+      const visibleGroups = applyModelVisibility(groupsWithAliases, modelVisibility)
+      const activeProfile = requestScopedProfileName(ctx)
+      const defaultProfile = profileResults.find(result => result.profile === activeProfile && (result.default || result.default_provider))
+        || profileResults.find(result => result.default && result.default_provider)
+        || profileResults.find(result => result.default)
+      const visibleDefault = resolveVisibleDefault(
+        defaultProfile?.default || '',
+        defaultProfile?.default_provider || '',
+        visibleGroups,
+      )
+      const allProvidersBase = PROVIDER_PRESETS.map((p: any) => providerPresetToGroup(p))
+      ctx.body = {
+        default: visibleDefault.defaultModel,
+        default_provider: visibleDefault.defaultProvider,
+        groups: visibleGroups,
+        allProviders: applyModelAliases(allProvidersBase, modelAliases),
+        model_aliases: modelAliases,
+        model_visibility: modelVisibility,
+        custom_models: customModels,
+        profiles: profileResults.map(result => ({
+          profile: result.profile,
+          default: result.default,
+          default_provider: result.default_provider,
+          groups: applyModelVisibility(applyModelAliases(result.groups, modelAliases), modelVisibility),
+        })),
+      }
+      return
+    }
+
+    const appConfigForProfile = await readAppConfig()
+    const modelAliasesForProfile = normalizeAliases(appConfigForProfile.modelAliases)
+    const modelVisibilityForProfile = normalizeModelVisibility(appConfigForProfile.modelVisibility)
+    const customModelsForProfile = normalizeCustomModels(appConfigForProfile.customModels)
+    const profileResult = await buildAvailableForProfile(requestedProfile, new Map(), appConfigForProfile)
+    const profileGroupsWithAliases = applyModelAliases(profileResult.groups, modelAliasesForProfile)
+    const visibleProfileGroups = applyModelVisibility(profileGroupsWithAliases, modelVisibilityForProfile)
+    const visibleProfileDefault = resolveVisibleDefault(profileResult.default, profileResult.default_provider, visibleProfileGroups)
+    ctx.body = {
+      default: visibleProfileDefault.defaultModel,
+      default_provider: visibleProfileDefault.defaultProvider,
+      groups: visibleProfileGroups,
+      allProviders: applyModelAliases(PROVIDER_PRESETS.map((p: any) => providerPresetToGroup(p)), modelAliasesForProfile),
+      model_aliases: modelAliasesForProfile,
+      model_visibility: modelVisibilityForProfile,
+      custom_models: customModelsForProfile,
+      profiles: [{
+        profile: profileResult.profile,
+        default: profileResult.default,
+        default_provider: profileResult.default_provider,
+        groups: visibleProfileGroups,
+      }],
+    }
+    return
+
+    const config = await readConfigYaml()
+    const modelSection = config.model
+    let currentDefault = ''
+    let currentDefaultProvider = ''
+    if (typeof modelSection === 'object' && modelSection !== null) {
+      currentDefault = String(modelSection.default || '').trim()
+      currentDefaultProvider = String(modelSection.provider || '').trim()
+      // When hermes CLI sets provider: custom, resolve to custom:name
+      // by matching base_url + model against custom_providers
+      if (currentDefaultProvider === 'custom' && currentDefault) {
+        const cps = Array.isArray(config.custom_providers) ? config.custom_providers as any[] : []
+        const match = cps.find(
+          (cp: any) => cp.base_url?.replace(/\/+$/, '') === String(modelSection.base_url || '').replace(/\/+$/, '')
+            && cp.model === currentDefault,
+        )
+        if (match) {
+          currentDefaultProvider = `custom:${match.name.trim().toLowerCase().replace(/ /g, '-')}`
+        }
+      }
+    } else if (typeof modelSection === 'string') {
+      currentDefault = modelSection.trim()
+    }
+
+    const groups: AvailableGroup[] = []
+    const seenProviders = new Set<string>()
+
+    let envContent = ''
+    try { envContent = await readFile(getActiveEnvPath(), 'utf-8') } catch { }
+
+    const envHasValue = (key: string): boolean => {
+      if (!key) return false
+      const match = envContent.match(new RegExp(`^${key}\\s*=\\s*(.+)`, 'm'))
+      return !!match && match[1].trim() !== '' && !match[1].trim().startsWith('#')
+    }
+    const envGetValue = (key: string): string => {
+      if (!key) return ''
+      const match = envContent.match(new RegExp(`^${key}\\s*=\\s*(.+)`, 'm'))
+      return match?.[1]?.trim() || ''
+    }
+    const addGroup = (provider: string, label: string, base_url: string, models: string[], api_key: string, builtin?: boolean, model_meta?: Record<string, ModelMeta>) => {
+      if (seenProviders.has(provider)) return
+      seenProviders.add(provider)
+      const availableModels = [...models]
+      groups.push({ provider, label, base_url, models: availableModels, available_models: availableModels, api_key, ...(builtin ? { builtin: true } : {}), ...(model_meta ? { model_meta } : {}) })
+    }
+
+    const isOAuthAuthorized = (providerKey: string): boolean => {
+      try {
+        const authPath = getActiveAuthPath()
+        if (!existsSync(authPath)) return false
+        const auth = JSON.parse(readFileSync(authPath, 'utf-8'))
+        const provider = auth.providers?.[providerKey]
+        const pool = auth.credential_pool?.[providerKey]
+        // Legacy OAuth providers are stored under providers.*; newer Hermes
+        // credential pools store Codex-style OAuth entries under
+        // credential_pool.*. Treat either shape as an authorized provider.
+        return !!(
+          provider?.tokens?.access_token ||
+          provider?.access_token ||
+          (Array.isArray(pool) && pool.some((entry: any) => entry?.access_token))
+        )
+      } catch { return false }
+    }
+
+    // 同一请求内复用 copilot 动态模型（getCopilotModelsDetailed 内部有 inflight + 缓存，
+    // 这里再缓存到局部变量进一步减少分支）
+    let copilotLiveModels: CopilotModelMeta[] | null = null
+    const getCopilotLive = async (): Promise<CopilotModelMeta[]> => {
+      if (copilotLiveModels !== null) return copilotLiveModels
+      try { copilotLiveModels = await getCopilotModelsDetailed(envContent) }
+      catch { copilotLiveModels = [] }
+      return copilotLiveModels
+    }
+
+    // Copilot 显式 opt-in：即便能解析到 token，未通过 web-ui Add Provider 显式启用
+    // 时也不返回。避免误把 VS Code/gh CLI 用户的全局凭证当作 hermes provider。
+    const appConfig = await readAppConfig()
+    const copilotEnabled = appConfig.copilotEnabled === true
+    const modelAliases = normalizeAliases(appConfig.modelAliases)
+    const modelVisibility = normalizeModelVisibility(appConfig.modelVisibility)
+    const customModels = normalizeCustomModels(appConfig.customModels)
+
+    // 兼容老用户：上一版本会"自动 fallback discovery"出 Copilot；升级后这些用户的
+    // config.yaml 可能仍把 model.default 指向某个 copilot 模型。若此时 copilot 已不
+    // 启用，把返回的 default 清掉，让前端兜底自动选剩余 provider 的第一个 model。
+    if (!copilotEnabled && currentDefaultProvider.toLowerCase() === 'copilot') {
+      currentDefault = ''
+      currentDefaultProvider = ''
+    }
+
+    for (const [providerKey, envMapping] of Object.entries(PROVIDER_ENV_MAP)) {
+      if (envMapping.api_key_env && !envHasValue(envMapping.api_key_env)) continue
+      if (!envMapping.api_key_env) {
+        if (providerKey === 'copilot') {
+          if (!copilotEnabled) continue
+          if (!(await isCopilotAuthorized(envContent))) continue
+        } else if (!isOAuthAuthorized(providerKey)) {
+          continue
+        }
+      }
+      const preset = PROVIDER_PRESETS.find((p: any) => p.value === providerKey)
+      const label = preset?.label || providerKey.replace(/^custom:/, '')
+      let baseUrl = preset?.base_url || ''
+      if (envMapping.base_url_env && envHasValue(envMapping.base_url_env)) {
+        baseUrl = envGetValue(envMapping.base_url_env) || baseUrl
+      }
+      const catalogModels = PROVIDER_MODEL_CATALOG[providerKey]
+      let modelsList: string[] = catalogModels && catalogModels.length > 0 ? [...catalogModels] : []
+      let modelMeta: Record<string, ModelMeta> | undefined
+      if (providerKey === 'copilot') {
+        const live = await getCopilotLive()
+        if (live.length > 0) {
+          modelsList = live.map((m) => m.id)
+          const nextModelMeta: Record<string, ModelMeta> = {}
+          for (const m of live) {
+            if (m.preview || m.disabled) {
+              nextModelMeta[m.id] = {
+                ...(m.preview ? { preview: true } : {}),
+                ...(m.disabled ? { disabled: true } : {}),
+              }
+            }
+          }
+          modelMeta = Object.keys(nextModelMeta).length > 0 ? nextModelMeta : undefined
+        }
+      } else if (providerShouldFetchLiveModels(providerKey)) {
+        // These providers expose dynamic OpenAI-compatible /models catalogs.
+        if (envMapping.api_key_env) {
+          const apiKey = envGetValue(envMapping.api_key_env)
+          if (apiKey) {
+            try {
+              const fetched = await fetchProviderModels(baseUrl, apiKey, providerKey === 'openrouter')
+              if (fetched.length > 0) modelsList = fetched
+            } catch { /* ignore — leave empty, won't show */ }
+          }
+        }
+      }
+      modelsList = includeConfiguredDefaultModel(providerKey, modelsList, currentDefault, currentDefaultProvider)
+      if (modelsList.length > 0) {
+        const apiKey = envMapping.api_key_env ? envGetValue(envMapping.api_key_env) : ''
+        addGroup(providerKey, label, baseUrl, modelsList, apiKey, true, modelMeta)
+      }
+    }
+
+    const customProviders = Array.isArray(config.custom_providers)
+      ? config.custom_providers as Array<{ name: string; base_url: string; model: string; api_key?: string }>
+      : []
+
+    const customFetches = await Promise.allSettled(
+      customProviders.map(async cp => {
+        if (!cp.base_url) return null
+        const providerKey = `custom:${cp.name.trim().toLowerCase().replace(/ /g, '-')}`
+        const baseUrl = cp.base_url.replace(/\/+$/, '')
+        let models = [cp.model]
+        if (cp.api_key) {
+          try { const fetched = await fetchProviderModels(baseUrl, cp.api_key); if (fetched.length > 0) models = [...new Set([cp.model, ...fetched])] } catch { }
+        }
+        return { providerKey, label: cp.name, base_url: baseUrl, models, api_key: cp.api_key || '', builtin: isBuiltinProviderKey(providerKey) }
+      }),
+    )
+
+    for (const result of customFetches) {
+      const value = (result as { value?: any }).value
+      if (value) {
+        const { providerKey, label, base_url, models, api_key: cpApiKey, builtin: cpBuiltin } = value
+        addGroup(providerKey, label, base_url, models, cpApiKey, cpBuiltin)
+      }
+    }
+
+    for (const g of groups) { g.models = Array.from(new Set(g.models)) }
+    const groupsWithAliases = applyModelAliases(applyCustomModels(groups, customModels), modelAliases)
+    const visibleGroups = applyModelVisibility(groupsWithAliases, modelVisibility)
+    const visibleDefault = resolveVisibleDefault(currentDefault, currentDefaultProvider, visibleGroups)
+
+    // 动态拉一次 copilot 模型用于 allProviders 展示（同一请求复用缓存）
+    // 未启用 Copilot 时跳过拉取，避免空跑网络请求。
+    const liveCopilotModels = copilotEnabled ? await getCopilotLive() : []
+    const liveCopilotIds = liveCopilotModels.map((m) => m.id)
+
+    const allProvidersBase = PROVIDER_PRESETS.map((p: any) => providerPresetToGroup(
+      p,
+      p.value === 'copilot' && liveCopilotIds.length > 0 ? liveCopilotIds : p.models,
+    ))
+    const allProviders = applyModelAliases(allProvidersBase, modelAliases)
+
+    if (groups.length === 0) {
+      const fallback = buildModelGroups(config)
+      const fallbackGroups: AvailableGroup[] = fallback.groups.map(group => {
+        const models = group.models.map(model => model.id)
+        return {
+          provider: group.provider,
+          label: group.provider,
+          base_url: '',
+          models,
+          available_models: models,
+          api_key: '',
+        }
+      })
+      const fallbackGroupsWithAliases = applyModelAliases(fallbackGroups, modelAliases)
+      const visibleFallbackGroups = applyModelVisibility(fallbackGroupsWithAliases, modelVisibility)
+      const fallbackDefault = resolveVisibleDefault(fallback.default, currentDefaultProvider, visibleFallbackGroups)
+      ctx.body = {
+        default: fallbackDefault.defaultModel,
+        default_provider: fallbackDefault.defaultProvider,
+        groups: visibleFallbackGroups,
+        allProviders,
+        model_aliases: modelAliases,
+        model_visibility: modelVisibility,
+        custom_models: customModels,
+      }
+      return
+    }
+
+    ctx.body = {
+      default: visibleDefault.defaultModel,
+      default_provider: visibleDefault.defaultProvider,
+      groups: visibleGroups,
+      allProviders,
+      model_aliases: modelAliases,
+      model_visibility: modelVisibility,
+      custom_models: customModels,
+    }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function addCustomModel(ctx: any) {
+  const { provider, model } = (ctx.request.body || {}) as { provider?: string; model?: string }
+  const providerKey = String(provider || '').trim()
+  const modelId = String(model || '').trim()
+  if (!providerKey || !modelId) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing provider or model' }
+    return
+  }
+
+  try {
+    const appConfig = await readAppConfig()
+    const customModels = normalizeCustomModels(appConfig.customModels)
+    customModels[providerKey] = Array.from(new Set([...(customModels[providerKey] || []), modelId]))
+    const saved = await writeAppConfig({ customModels })
+    ctx.body = { success: true, custom_models: normalizeCustomModels(saved.customModels) }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function removeCustomModel(ctx: any) {
+  const body = (ctx.request.body || {}) as { provider?: string; model?: string }
+  const provider = body.provider ?? ctx.query?.provider
+  const model = body.model ?? ctx.query?.model
+  const providerKey = String(provider || '').trim()
+  const modelId = String(model || '').trim()
+  if (!providerKey || !modelId) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing provider or model' }
+    return
+  }
+
+  try {
+    const appConfig = await readAppConfig()
+    const customModels = normalizeCustomModels(appConfig.customModels)
+    const remaining = (customModels[providerKey] || []).filter(item => item !== modelId)
+    if (remaining.length > 0) customModels[providerKey] = remaining
+    else delete customModels[providerKey]
+    const saved = await writeAppConfig({ customModels })
+    ctx.body = { success: true, custom_models: normalizeCustomModels(saved.customModels) }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function fetchProviderModelList(ctx: any) {
+  try {
+    const body = ctx.request.body as { base_url?: string; api_key?: string; freeOnly?: boolean }
+    const baseUrl = String(body?.base_url || '').trim()
+    const apiKey = String(body?.api_key || '').trim()
+    const freeOnly = body?.freeOnly === true
+
+    if (!baseUrl) {
+      ctx.status = 400
+      ctx.body = { error: 'Missing base_url' }
+      return
+    }
+
+    let parsed: URL
+    try {
+      parsed = new URL(baseUrl)
+    } catch {
+      ctx.status = 400
+      ctx.body = { error: 'Invalid base_url' }
+      return
+    }
+    if (!['http:', 'https:'].includes(parsed.protocol)) {
+      ctx.status = 400
+      ctx.body = { error: 'base_url must use http or https' }
+      return
+    }
+
+    const base = baseUrl.replace(/\/+$/, '')
+    const modelsUrl = /\/v\d+\/?$/.test(base) ? `${base}/models` : `${base}/v1/models`
+    const headers: Record<string, string> = {}
+    if (apiKey) headers.Authorization = `Bearer ${apiKey}`
+
+    const res = await fetch(modelsUrl, {
+      headers,
+      signal: AbortSignal.timeout(8000),
+    })
+    if (!res.ok) {
+      ctx.status = 502
+      ctx.body = { error: `Provider returned HTTP ${res.status}` }
+      return
+    }
+
+    const data = await res.json() as { data?: Array<{ id?: unknown }> }
+    if (!Array.isArray(data.data)) {
+      ctx.status = 502
+      ctx.body = { error: 'Provider returned unexpected format' }
+      return
+    }
+
+    let models = data.data
+      .map(m => String(m?.id || '').trim())
+      .filter(Boolean)
+    if (freeOnly) models = models.filter(m => m.endsWith(':free'))
+    ctx.body = { models: Array.from(new Set(models)).sort() }
+  } catch (err: any) {
+    ctx.status = err?.name === 'TimeoutError' ? 504 : 502
+    ctx.body = { error: err?.message || 'Failed to fetch provider models' }
+  }
+}
+
+
+export async function setModelAlias(ctx: any) {
+  const body = ctx.request.body
+  const provider = body && typeof body === 'object' && !Array.isArray(body) ? body.provider : undefined
+  const model = body && typeof body === 'object' && !Array.isArray(body) ? body.model : undefined
+  const alias = body && typeof body === 'object' && !Array.isArray(body) ? body.alias : undefined
+
+  if (typeof provider !== 'string' || typeof model !== 'string' || (alias !== undefined && typeof alias !== 'string')) {
+    ctx.status = 400
+    ctx.body = { error: 'Invalid provider, model, or alias' }
+    return
+  }
+
+  const cleanProvider = provider.trim()
+  const cleanModel = model.trim()
+  const cleanAlias = (alias || '').trim()
+
+  if (!isSafeAliasKey(cleanProvider) || !isSafeAliasKey(cleanModel)) {
+    ctx.status = 400
+    ctx.body = { error: 'Invalid provider or model' }
+    return
+  }
+
+  if (cleanAlias.length > 512) {
+    ctx.status = 400
+    ctx.body = { error: 'Alias is too long' }
+    return
+  }
+
+  try {
+    const appConfig = await readAppConfig()
+    const modelAliases = normalizeAliases(appConfig.modelAliases)
+    if (cleanAlias) {
+      if (!Object.hasOwn(modelAliases, cleanProvider)) modelAliases[cleanProvider] = createAliasMap()
+      modelAliases[cleanProvider][cleanModel] = cleanAlias
+    } else {
+      if (Object.hasOwn(modelAliases, cleanProvider)) delete modelAliases[cleanProvider][cleanModel]
+      if (Object.hasOwn(modelAliases, cleanProvider) && Object.keys(modelAliases[cleanProvider]).length === 0) {
+        delete modelAliases[cleanProvider]
+      }
+    }
+    await writeAppConfig({ modelAliases })
+    ctx.body = { success: true, model_aliases: modelAliases }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function getConfigModels(ctx: any) {
+  try {
+    const config = await readConfigYamlForProfile(requestScopedProfileName(ctx))
+    ctx.body = buildModelGroups(config)
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function setConfigModel(ctx: any) {
+  const { default: defaultModel, provider: reqProvider } = ctx.request.body as { default: string; provider?: string }
+  if (!defaultModel) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing default model' }
+    return
+  }
+  try {
+    const profile = requestScopedProfileName(ctx)
+    await updateConfigYamlForProfile(profile, (config) => {
+      config.model = {}
+      config.model.default = defaultModel
+      if (reqProvider) { config.model.provider = reqProvider }
+      return config
+    })
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+/**
+ * 设置模型上下文配置（UPSERT：存在则更新，不存在则插入）
+ * 支持路径参数和查询参数两种方式
+ */
+export async function updateModelContext(ctx: any) {
+  // 支持两种方式：
+  // 1. 路径参数: /api/hermes/model-context/:provider/:model
+  // 2. 查询参数: /api/hermes/model-context?provider=xxx&model=xxx
+  let provider: string | undefined
+  let model: string | undefined
+
+  // 优先从路径参数获取
+  if (ctx.params.provider && ctx.params.model) {
+    provider = ctx.params.provider
+    model = ctx.params.model
+  } else {
+    // 从查询参数获取
+    const query = ctx.query as { provider?: string; model?: string }
+    provider = query.provider
+    model = query.model
+  }
+
+  // 如果没有参数，从请求体获取
+  if (!provider || !model) {
+    const body = ctx.request.body as { provider?: string; model?: string; context_limit?: number }
+    provider = body.provider
+    model = body.model
+  }
+
+  const { context_limit } = ctx.request.body as { context_limit: number }
+
+  if (!provider || !model || !context_limit) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing required fields: provider, model, context_limit' }
+    return
+  }
+
+  if (typeof context_limit !== 'number' || context_limit <= 0) {
+    ctx.status = 400
+    ctx.body = { error: 'Context limit must be a positive number' }
+    return
+  }
+
+  try {
+    const db = getDb()
+    if (!db) {
+      ctx.status = 500
+      ctx.body = { error: 'Database not available' }
+      return
+    }
+
+    // 使用 REPLACE 实现 UPSERT：存在则替换，不存在则插入
+    db.prepare(
+      `REPLACE INTO ${MODEL_CONTEXT_TABLE} (provider, model, context_limit) VALUES (?, ?, ?)`
+    ).run(provider, model, context_limit)
+
+    // 查询并返回更新后的数据
+    const row = db.prepare(
+      `SELECT id, provider, model, context_limit FROM ${MODEL_CONTEXT_TABLE} WHERE provider = ? AND model = ?`
+    ).get(provider, model) as { id: number; provider: string; model: string; context_limit: number }
+
+    ctx.body = {
+      success: true,
+      data: row
+    }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+/**
+ * 查询模型上下文配置
+ */
+export async function getModelContext(ctx: any) {
+  // 支持两种方式：
+  // 1. 路径参数: /api/hermes/model-context/:provider/:model
+  // 2. 查询参数: /api/hermes/model-context?provider=xxx&model=xxx
+  let provider: string | undefined
+  let model: string | undefined
+
+  // 优先从路径参数获取
+  if (ctx.params.provider && ctx.params.model) {
+    provider = ctx.params.provider
+    model = ctx.params.model
+  } else {
+    // 从查询参数获取
+    const query = ctx.query as { provider?: string; model?: string }
+    provider = query.provider
+    model = query.model
+  }
+
+  if (!provider || !model) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing provider or model parameter' }
+    return
+  }
+
+  try {
+    const db = getDb()
+    if (!db) {
+      ctx.status = 500
+      ctx.body = { error: 'Database not available' }
+      return
+    }
+
+    const row = db.prepare(
+      `SELECT id, provider, model, context_limit FROM ${MODEL_CONTEXT_TABLE} WHERE provider = ? AND model = ?`
+    ).get(provider, model) as { id: number; provider: string; model: string; context_limit: number } | undefined
+
+    if (!row) {
+      ctx.status = 404
+      ctx.body = { error: 'Model context not found' }
+      return
+    }
+
+    ctx.body = { data: { ...row, limit: row.context_limit } }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+
+export async function setModelVisibility(ctx: any) {
+  const { provider, mode, models } = ctx.request.body as { provider?: string; mode?: string; models?: string[] }
+  const providerKey = String(provider || '').trim()
+  if (!providerKey) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing provider' }
+    return
+  }
+  if (mode !== 'all' && mode !== 'include') {
+    ctx.status = 400
+    ctx.body = { error: 'Invalid visibility mode' }
+    return
+  }
+  const selectedModels = uniqueStrings(models)
+  if (mode === 'include' && selectedModels.length === 0) {
+    ctx.status = 400
+    ctx.body = { error: 'Select at least one model' }
+    return
+  }
+
+  try {
+    const appConfig = await readAppConfig()
+    const modelVisibility = normalizeModelVisibility(appConfig.modelVisibility)
+    if (mode === 'all') {
+      delete modelVisibility[providerKey]
+    } else {
+      modelVisibility[providerKey] = { mode: 'include', models: selectedModels }
+    }
+    const saved = await writeAppConfig({ modelVisibility })
+    ctx.body = { success: true, model_visibility: normalizeModelVisibility(saved.modelVisibility) }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/nous-auth.ts b/packages/server/src/controllers/hermes/nous-auth.ts
new file mode 100644
index 0000000..c473757
--- /dev/null
+++ b/packages/server/src/controllers/hermes/nous-auth.ts
@@ -0,0 +1,314 @@
+import { randomUUID } from 'crypto'
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs'
+import { dirname, join } from 'path'
+import { getActiveProfileName, getProfileDir } from '../../services/hermes/hermes-profile'
+import { logger } from '../../services/logger'
+
+// --- Nous Portal OAuth Constants ---
+const NOUS_PORTAL_URL = 'https://portal.nousresearch.com'
+const NOUS_CLIENT_ID = 'hermes-cli'
+const NOUS_SCOPE = 'inference:mint_agent_key'
+const POLL_MAX_DURATION = 15 * 60 * 1000
+const POLL_DEFAULT_INTERVAL = 5000
+
+// --- Session Store ---
+interface NousSession {
+  id: string
+  profile: string
+  deviceCode: string
+  userCode: string
+  verificationUrl: string
+  verificationUrlComplete: string
+  expiresIn: number
+  interval: number
+  status: 'pending' | 'approved' | 'denied' | 'expired' | 'error'
+  error?: string
+  createdAt: number
+}
+
+const sessions = new Map<string, NousSession>()
+
+function cleanupExpiredSessions() {
+  const now = Date.now()
+  sessions.forEach((s, id) => { if (now - s.createdAt > POLL_MAX_DURATION + 60000) sessions.delete(id) })
+}
+
+// --- Auth file helpers ---
+interface AuthJson {
+  version?: number
+  active_provider?: string
+  providers?: Record<string, any>
+  credential_pool?: Record<string, any[]>
+  updated_at?: string
+}
+
+function loadAuthJson(authPath: string): AuthJson {
+  try { return JSON.parse(readFileSync(authPath, 'utf-8')) as AuthJson } catch { return { version: 1 } }
+}
+
+function saveAuthJson(authPath: string, data: AuthJson): void {
+  data.updated_at = new Date().toISOString()
+  const dir = dirname(authPath)
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true })
+  writeFileSync(authPath, JSON.stringify(data, null, 2) + '\n', { mode: 0o600 })
+}
+
+function requestedProfile(ctx: any): string {
+  const headerProfile = typeof ctx.get === 'function' ? ctx.get('x-hermes-profile') : ''
+  const queryProfile = typeof ctx.query?.profile === 'string' ? ctx.query.profile : ''
+  const bodyProfile = typeof ctx.request?.body?.profile === 'string' ? ctx.request.body.profile : ''
+  return ctx.state?.profile?.name ||
+    headerProfile.trim() ||
+    queryProfile.trim() ||
+    bodyProfile.trim() ||
+    getActiveProfileName() ||
+    'default'
+}
+
+function authPathForProfile(profile: string): string {
+  return join(getProfileDir(profile), 'auth.json')
+}
+
+export function saveNousOAuthTokensForProfile(
+  profile: string,
+  tokenData: {
+    access_token: string
+    refresh_token?: string
+    expires_in?: number
+    inference_base_url?: string
+  },
+  agentKey = '',
+  agentKeyExpiresAt = '',
+): void {
+  const inferenceBaseUrl = tokenData.inference_base_url || 'https://inference-api.nousresearch.com/v1'
+  const auth = loadAuthJson(authPathForProfile(profile))
+  if (!auth.providers) auth.providers = {}
+  const now = new Date()
+  auth.providers['nous'] = {
+    portal_base_url: NOUS_PORTAL_URL,
+    inference_base_url: inferenceBaseUrl,
+    client_id: NOUS_CLIENT_ID,
+    scope: NOUS_SCOPE,
+    token_type: 'Bearer',
+    access_token: tokenData.access_token,
+    refresh_token: tokenData.refresh_token || null,
+    obtained_at: now.toISOString(),
+    expires_at: tokenData.expires_in ? new Date(now.getTime() + tokenData.expires_in * 1000).toISOString() : null,
+    agent_key: agentKey || null,
+    agent_key_expires_at: agentKeyExpiresAt || null,
+    agent_key_obtained_at: agentKey ? now.toISOString() : null,
+  }
+
+  if (!auth.credential_pool) auth.credential_pool = {}
+  auth.credential_pool['nous'] = [{
+    id: `nous-${Date.now()}`,
+    label: 'Nous Portal',
+    auth_type: 'oauth',
+    source: 'device_code',
+    priority: 0,
+    access_token: tokenData.access_token,
+    refresh_token: tokenData.refresh_token || null,
+    portal_base_url: NOUS_PORTAL_URL,
+    inference_base_url: inferenceBaseUrl,
+    agent_key: agentKey || null,
+    agent_key_expires_at: agentKeyExpiresAt || null,
+    base_url: inferenceBaseUrl,
+  }]
+
+  saveAuthJson(authPathForProfile(profile), auth)
+}
+
+// --- Background poll worker ---
+async function nousLoginWorker(session: NousSession): Promise<void> {
+  const startTime = Date.now()
+  let interval = session.interval || POLL_DEFAULT_INTERVAL
+
+  while (Date.now() - startTime < POLL_MAX_DURATION) {
+    await new Promise(resolve => setTimeout(resolve, interval))
+    if (session.status !== 'pending') return
+
+    try {
+      const res = await fetch(`${NOUS_PORTAL_URL}/api/oauth/token`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+          grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+          client_id: NOUS_CLIENT_ID,
+          device_code: session.deviceCode,
+        }).toString(),
+        signal: AbortSignal.timeout(15000),
+      })
+
+      if (res.ok) {
+        const tokenData = await res.json() as {
+          access_token: string
+          refresh_token?: string
+          expires_in?: number
+          inference_base_url?: string
+        }
+
+        // Mint agent key
+        const inferenceBaseUrl = tokenData.inference_base_url || 'https://inference-api.nousresearch.com/v1'
+        let agentKey = ''
+        let agentKeyExpiresAt = ''
+        try {
+          const mintRes = await fetch(`${NOUS_PORTAL_URL}/api/oauth/agent-key`, {
+            method: 'POST',
+            headers: {
+              'Authorization': `Bearer ${tokenData.access_token}`,
+              'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({ min_ttl_seconds: 1800 }),
+            signal: AbortSignal.timeout(15000),
+          })
+          if (mintRes.ok) {
+            const mintData = await mintRes.json() as {
+              api_key: string
+              expires_at: string
+              inference_base_url?: string
+            }
+            agentKey = mintData.api_key
+            agentKeyExpiresAt = mintData.expires_at
+            if (mintData.inference_base_url) {
+              // eslint-disable-next-line @typescript-eslint/no-unused-vars
+              void mintData.inference_base_url
+            }
+          }
+        } catch (err: any) {
+          logger.warn(err, 'Nous agent key minting failed, proceeding without')
+        }
+
+        saveNousOAuthTokensForProfile(session.profile, tokenData, agentKey, agentKeyExpiresAt)
+        session.status = 'approved'
+        logger.info('Nous login successful')
+        return
+      }
+
+      // Parse error
+      const errData = await res.json().catch(() => ({}))
+      const errorCode = errData.error
+
+      if (errorCode === 'authorization_pending') {
+        continue
+      }
+      if (errorCode === 'slow_down') {
+        interval = Math.min(interval + 1000, 30000)
+        continue
+      }
+      if (errorCode === 'access_denied' || errorCode === 'expired_token') {
+        session.status = errorCode === 'access_denied' ? 'denied' : 'expired'
+        return
+      }
+
+      logger.error('Nous poll error: %s %s', res.status, errorCode)
+      session.status = 'error'
+      session.error = `OAuth error: ${errorCode}`
+      return
+    } catch (err: any) {
+      if (err.name === 'TimeoutError' || err.name === 'AbortError') continue
+      logger.error(err, 'Nous poll error')
+      session.status = 'error'
+      session.error = err.message
+      return
+    }
+  }
+
+  session.status = 'expired'
+}
+
+// --- Controller functions ---
+
+export async function start(ctx: any) {
+  try {
+    cleanupExpiredSessions()
+
+    const res = await fetch(`${NOUS_PORTAL_URL}/api/oauth/device/code`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'application/json' },
+      body: new URLSearchParams({
+        client_id: NOUS_CLIENT_ID,
+        scope: NOUS_SCOPE,
+      }).toString(),
+      signal: AbortSignal.timeout(15000),
+    })
+
+    if (!res.ok) {
+      let errorBody: any = null
+      try { errorBody = await res.json() } catch { }
+      logger.error('Nous device code request failed: %d %s', res.status, errorBody)
+      ctx.status = 502
+      ctx.body = { error: `Nous Portal error: ${res.status}` }
+      return
+    }
+
+    const data = await res.json() as {
+      device_code: string
+      user_code: string
+      verification_uri: string
+      verification_uri_complete: string
+      expires_in: number
+      interval: number
+    }
+
+    const sessionId = randomUUID()
+    const session: NousSession = {
+      id: sessionId,
+      profile: requestedProfile(ctx),
+      deviceCode: data.device_code,
+      userCode: data.user_code,
+      verificationUrl: data.verification_uri,
+      verificationUrlComplete: data.verification_uri_complete,
+      expiresIn: data.expires_in,
+      interval: data.interval,
+      status: 'pending',
+      createdAt: Date.now(),
+    }
+    sessions.set(sessionId, session)
+
+    nousLoginWorker(session).catch(err => {
+      logger.error(err, 'Nous login worker error')
+      session.status = 'error'
+      session.error = err.message
+    })
+
+    ctx.body = {
+      session_id: sessionId,
+      user_code: data.user_code,
+      verification_url: data.verification_uri_complete,
+      expires_in: data.expires_in,
+    }
+  } catch (err: any) {
+    if (err.name === 'TimeoutError' || err.name === 'AbortError') {
+      ctx.status = 504
+      ctx.body = { error: 'Nous Portal timeout' }
+      return
+    }
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function poll(ctx: any) {
+  const session = sessions.get(ctx.params.sessionId)
+  if (!session) {
+    ctx.status = 404
+    ctx.body = { error: 'Session not found' }
+    return
+  }
+  ctx.body = { status: session.status, error: session.error || null }
+}
+
+export async function status(ctx: any) {
+  try {
+    const authPath = authPathForProfile(requestedProfile(ctx))
+    const auth = loadAuthJson(authPath)
+    const nousProvider = auth.providers?.['nous']
+    if (!nousProvider?.access_token) {
+      ctx.body = { authenticated: false }
+      return
+    }
+    ctx.body = { authenticated: true }
+  } catch {
+    ctx.body = { authenticated: false }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/performance-monitor.ts b/packages/server/src/controllers/hermes/performance-monitor.ts
new file mode 100644
index 0000000..74dfb8d
--- /dev/null
+++ b/packages/server/src/controllers/hermes/performance-monitor.ts
@@ -0,0 +1,9 @@
+import { createEmptyOpsRuntimeSnapshot, getOpsRuntimeSnapshot } from '../../services/hermes/ops-monitor'
+
+export async function runtime(ctx: any) {
+  try {
+    ctx.body = await getOpsRuntimeSnapshot()
+  } catch (err: any) {
+    ctx.body = createEmptyOpsRuntimeSnapshot(err?.message || 'Failed to read performance metrics')
+  }
+}
diff --git a/packages/server/src/controllers/hermes/plugins.ts b/packages/server/src/controllers/hermes/plugins.ts
new file mode 100644
index 0000000..61b3c2f
--- /dev/null
+++ b/packages/server/src/controllers/hermes/plugins.ts
@@ -0,0 +1,10 @@
+import { listHermesPlugins } from '../../services/hermes/plugins'
+
+export async function list(ctx: any) {
+  try {
+    ctx.body = await listHermesPlugins(ctx.state?.profile?.name)
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message || 'Failed to discover Hermes plugins' }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/profiles.ts b/packages/server/src/controllers/hermes/profiles.ts
new file mode 100644
index 0000000..1f23cd7
--- /dev/null
+++ b/packages/server/src/controllers/hermes/profiles.ts
@@ -0,0 +1,825 @@
+import { createReadStream, existsSync, readFileSync, readdirSync, renameSync, rmSync, unlinkSync, writeFileSync } from 'fs'
+import { mkdir, writeFile } from 'fs/promises'
+import { basename, join } from 'path'
+import { tmpdir } from 'os'
+import { getWebUiHome } from '../../config'
+import * as hermesCli from '../../services/hermes/hermes-cli'
+import { SessionDeleter } from '../../services/hermes/session-deleter'
+import { AgentBridgeClient } from '../../services/hermes/agent-bridge'
+import {
+  getGatewayRuntimeStatusForProfile,
+  restartGatewayForProfile as restartGatewayRuntimeForProfile,
+} from '../../services/hermes/gateway-autostart'
+import { logger } from '../../services/logger'
+import { smartCloneCleanup } from '../../services/hermes/profile-credentials'
+import { detectHermesRootHome } from '../../services/hermes/hermes-path'
+import { getActiveProfileName } from '../../services/hermes/hermes-profile'
+import { HermesSkillInjector } from '../../services/hermes/skill-injector'
+import type { HermesProfile } from '../../services/hermes/hermes-cli'
+import { listUserProfiles } from '../../db/hermes/users-store'
+
+const bridgeCleanupClient = () => new AgentBridgeClient({ connectRetryMs: 0, timeoutMs: 5000 })
+
+interface ProfileAvatarMeta {
+  type: 'generated' | 'image'
+  seed?: string
+  file?: string
+  mime?: string
+  updatedAt?: number
+}
+
+interface ProfileAvatarResponse {
+  type: 'generated' | 'image'
+  seed?: string
+  dataUrl?: string
+  updatedAt?: number
+}
+
+type RuntimeStatus = Awaited<ReturnType<typeof buildRuntimeStatus>>
+
+interface RuntimeStatusCacheEntry {
+  status: RuntimeStatus
+  updatedAt: number
+}
+
+const runtimeStatusCache = new Map<string, RuntimeStatusCacheEntry>()
+let runtimeStatusRefreshPromise: Promise<void> | null = null
+let runtimeStatusMinimumFreshAt = 0
+
+const RESERVED_PROFILE_NAMES = new Set([
+  'hermes', 'default', 'test', 'tmp', 'root', 'sudo',
+])
+
+const HERMES_SUBCOMMAND_PROFILE_NAMES = new Set([
+  'chat', 'model', 'gateway', 'setup', 'whatsapp', 'login', 'logout',
+  'status', 'cron', 'doctor', 'dump', 'config', 'pairing', 'skills', 'tools',
+  'mcp', 'sessions', 'insights', 'version', 'update', 'uninstall',
+  'profile', 'plugins', 'honcho', 'acp',
+])
+
+function normalizeProfileName(name: string): string {
+  return String(name || '').trim().toLowerCase()
+}
+
+function isForbiddenProfileName(name: string): boolean {
+  const normalized = normalizeProfileName(name)
+  if (!normalized || normalized === 'default') return false
+  return RESERVED_PROFILE_NAMES.has(normalized) || HERMES_SUBCOMMAND_PROFILE_NAMES.has(normalized)
+}
+
+function getActiveProfileFile(): string {
+  return join(detectHermesRootHome(), 'active_profile')
+}
+
+function listProfilesFromDisk(activeProfileName: string): HermesProfile[] {
+  const base = detectHermesRootHome()
+  const profiles: HermesProfile[] = [{
+    name: 'default',
+    active: activeProfileName === 'default',
+    model: '—',
+    alias: '',
+  }]
+  const profilesDir = join(base, 'profiles')
+  if (!existsSync(profilesDir)) return profiles
+  for (const entry of readdirSync(profilesDir, { withFileTypes: true })) {
+    if (!entry.isDirectory()) continue
+    const name = entry.name
+    const dir = join(profilesDir, name)
+    if (!existsSync(join(dir, 'config.yaml')) && !existsSync(dir)) continue
+    profiles.push({
+      name,
+      active: name === activeProfileName,
+      model: '—',
+      alias: '',
+    })
+  }
+  return profiles
+}
+
+function profileExistsForManualSwitch(name: string): boolean {
+  const base = detectHermesRootHome()
+  if (!name || name === 'default') return true
+  return existsSync(join(base, 'profiles', name, 'config.yaml')) || existsSync(join(base, 'profiles', name))
+}
+
+async function injectBundledSkillsForProfile(name: string): Promise<void> {
+  try {
+    const targetDir = HermesSkillInjector.resolveTargetDirForProfile(name)
+    const result = await new HermesSkillInjector(undefined, targetDir).injectMissingSkills()
+    const target = result.targets[0]
+    if (target && (target.injected.length > 0 || target.updated.length > 0)) {
+      logger.info({
+        profile: name,
+        targetDir,
+        injected: target.injected,
+        updated: target.updated,
+      }, '[profiles] synced bundled skills for profile')
+    }
+  } catch (err: any) {
+    logger.warn(err, '[profiles] failed to sync bundled skills for profile "%s"', name)
+  }
+}
+
+function deleteForbiddenProfileFromDisk(name: string): boolean {
+  if (!isForbiddenProfileName(name)) return false
+  const base = detectHermesRootHome()
+  const profileDir = join(base, 'profiles', name)
+  if (!existsSync(profileDir)) return false
+  rmSync(profileDir, { recursive: true, force: true })
+  try {
+    if (normalizeProfileName(getActiveProfileName()) === normalizeProfileName(name)) {
+      writeFileSync(getActiveProfileFile(), 'default\n', 'utf-8')
+    }
+  } catch {}
+  logger.warn('[deleteProfile] removed reserved profile "%s" from disk after Hermes CLI rejected deletion', name)
+  return true
+}
+
+function filterVisibleProfiles(profiles: HermesProfile[]): HermesProfile[] {
+  return profiles.filter(profile => !isForbiddenProfileName(profile.name))
+}
+
+function requestedProfileName(ctx: any): string {
+  return ctx.state?.profile?.name || ctx.get?.('x-hermes-profile') || getActiveProfileName()
+}
+
+function filterProfilesForUser(ctx: any, profiles: HermesProfile[]): HermesProfile[] {
+  const user = ctx.state?.user
+  if (!user || user.role === 'super_admin') return profiles
+  const allowed = new Set(listUserProfiles(user.id).map(profile => profile.profile_name))
+  return profiles.filter(profile => allowed.has(profile.name))
+}
+
+function canAccessProfile(ctx: any, profileName: string): boolean {
+  const user = ctx.state?.user
+  if (!user || user.role === 'super_admin') return true
+  return listUserProfiles(user.id).some(profile => profile.profile_name === profileName)
+}
+
+function denyProfile(ctx: any, profileName: string): boolean {
+  if (canAccessProfile(ctx, profileName)) return false
+  ctx.status = 403
+  ctx.body = { error: `Profile "${profileName}" is not available for this user` }
+  return true
+}
+
+function profileMetadataRoot(): string {
+  return join(getWebUiHome(), 'profile-metadata')
+}
+
+function profileMetadataDir(name: string): string {
+  const segment = Buffer.from(name || 'default', 'utf-8').toString('base64url')
+  return join(profileMetadataRoot(), segment)
+}
+
+function profileAvatarMetaPath(name: string): string {
+  return join(profileMetadataDir(name), 'avatar.json')
+}
+
+function profileAvatarImagePath(name: string, file = 'avatar.bin'): string {
+  return join(profileMetadataDir(name), file)
+}
+
+function readProfileAvatar(name: string): ProfileAvatarResponse | null {
+  const metaPath = profileAvatarMetaPath(name)
+  if (!existsSync(metaPath)) return null
+  try {
+    const meta = JSON.parse(readFileSync(metaPath, 'utf-8')) as ProfileAvatarMeta
+    if (meta.type === 'generated') {
+      return {
+        type: 'generated',
+        seed: typeof meta.seed === 'string' ? meta.seed : name,
+        updatedAt: meta.updatedAt,
+      }
+    }
+    if (meta.type === 'image' && meta.file && meta.mime) {
+      const imagePath = profileAvatarImagePath(name, meta.file)
+      if (!existsSync(imagePath)) return null
+      const data = readFileSync(imagePath).toString('base64')
+      return {
+        type: 'image',
+        dataUrl: `data:${meta.mime};base64,${data}`,
+        updatedAt: meta.updatedAt,
+      }
+    }
+  } catch (err) {
+    logger.warn(err, '[profiles] failed to read avatar metadata for profile "%s"', name)
+  }
+  return null
+}
+
+function attachProfileAvatars<T extends HermesProfile>(profiles: T[]): Array<T & { avatar: ProfileAvatarResponse | null }> {
+  return profiles.map(profile => ({
+    ...profile,
+    avatar: readProfileAvatar(profile.name),
+  }))
+}
+
+function parseAvatarDataUrl(dataUrl: string): { mime: string; buffer: Buffer } {
+  const match = dataUrl.match(/^data:(image\/(?:png|jpeg|webp));base64,([a-zA-Z0-9+/=]+)$/)
+  if (!match) throw new Error('Avatar image must be a PNG, JPEG, or WebP data URL')
+  const buffer = Buffer.from(match[2], 'base64')
+  if (buffer.length > 1024 * 1024) throw new Error('Avatar image must be 1MB or smaller')
+  return { mime: match[1], buffer }
+}
+
+function removeProfileMetadata(name: string): void {
+  rmSync(profileMetadataDir(name), { recursive: true, force: true })
+}
+
+function renameProfileMetadata(oldName: string, newName: string): void {
+  const oldDir = profileMetadataDir(oldName)
+  const newDir = profileMetadataDir(newName)
+  if (!existsSync(oldDir) || oldDir === newDir) return
+  rmSync(newDir, { recursive: true, force: true })
+  renameSync(oldDir, newDir)
+}
+
+async function useProfileWithFallback(name: string): Promise<string> {
+  if (isForbiddenProfileName(name)) {
+    throw new Error(`Profile name '${name}' is reserved and cannot be activated`)
+  }
+  try {
+    return await hermesCli.useProfile(name)
+  } catch (err: any) {
+    if (!profileExistsForManualSwitch(name)) throw err
+
+    const base = detectHermesRootHome()
+    writeFileSync(join(base, 'active_profile'), `${name}\n`, 'utf-8')
+    logger.warn(err, '[switchProfile] hermes profile use failed; wrote active_profile directly for existing profile "%s"', name)
+    return `Switched to profile ${name}`
+  }
+}
+
+async function readBridgeWorkers(): Promise<{ reachable: boolean; workers: Record<string, boolean>; error?: string }> {
+  try {
+    const result = await new AgentBridgeClient({ timeoutMs: 5000 }).ping()
+    return {
+      reachable: true,
+      workers: ((result as any).workers || {}) as Record<string, boolean>,
+    }
+  } catch (err: any) {
+    return {
+      reachable: false,
+      workers: {},
+      error: err?.message || 'Bridge broker is not reachable',
+    }
+  }
+}
+
+function gatewayStatusLooksRunning(status?: string): boolean {
+  const normalized = String(status || '').trim().toLowerCase()
+  if (!normalized || normalized === '—') return false
+  if (normalized.includes('not running') || normalized === 'stopped' || normalized === 'stop') return false
+  return normalized.includes('running') || normalized === 'active'
+}
+
+async function buildRuntimeStatus(profile: HermesProfile | string, bridgeState?: Awaited<ReturnType<typeof readBridgeWorkers>>) {
+  const name = typeof profile === 'string' ? profile : profile.name
+  const bridge = bridgeState || await readBridgeWorkers()
+  let gateway: { running: boolean; profile: string; error?: string }
+  if (typeof profile !== 'string' && profile.gatewayStatus !== undefined) {
+    const profileListRunning = gatewayStatusLooksRunning(profile.gatewayStatus)
+    if (profileListRunning) {
+      gateway = {
+        running: true,
+        profile: name,
+      }
+    } else {
+      try {
+        gateway = await getGatewayRuntimeStatusForProfile(name)
+      } catch (err: any) {
+        gateway = {
+          running: false,
+          profile: name,
+          error: err?.message || 'Gateway status check failed',
+        }
+      }
+    }
+  } else {
+    try {
+      gateway = await getGatewayRuntimeStatusForProfile(name)
+    } catch (err: any) {
+      gateway = {
+        running: false,
+        profile: name,
+        error: err?.message || 'Gateway status check failed',
+      }
+    }
+  }
+
+  return {
+    profile: name,
+    bridge: {
+      running: !!bridge.workers[name],
+      profile: name,
+      reachable: bridge.reachable,
+      error: bridge.reachable ? undefined : bridge.error,
+    },
+    gateway,
+  }
+}
+
+function setRuntimeStatusCache(status: RuntimeStatus, checkedAt = Date.now()): void {
+  runtimeStatusCache.set(status.profile, {
+    status,
+    updatedAt: checkedAt,
+  })
+}
+
+function listProfilesForStatusFast(): HermesProfile[] {
+  return filterVisibleProfiles(listProfilesFromDisk(getActiveProfileName()))
+}
+
+async function refreshRuntimeStatusCache(checkedAt: number): Promise<void> {
+  const profiles = await listProfilesForStatus()
+  const bridge = await readBridgeWorkers()
+  const statuses = await Promise.all(profiles.map(profile => buildRuntimeStatus(profile, bridge)))
+  statuses.forEach(status => setRuntimeStatusCache(status, checkedAt))
+}
+
+function startRuntimeStatusRefresh(): void {
+  const startedAt = Date.now()
+  runtimeStatusRefreshPromise = refreshRuntimeStatusCache(startedAt)
+    .catch((err) => {
+      logger.warn(err, '[profiles] failed to refresh runtime status cache')
+    })
+    .finally(() => {
+      runtimeStatusRefreshPromise = null
+      if (runtimeStatusMinimumFreshAt > startedAt) {
+        startRuntimeStatusRefresh()
+      }
+    })
+}
+
+function scheduleRuntimeStatusRefresh(): void {
+  runtimeStatusMinimumFreshAt = Math.max(runtimeStatusMinimumFreshAt, Date.now())
+  if (runtimeStatusRefreshPromise) return
+  startRuntimeStatusRefresh()
+}
+
+export async function list(ctx: any) {
+  try {
+    let profiles: HermesProfile[]
+    try {
+      profiles = await hermesCli.listProfiles()
+    } catch (err: any) {
+      const { getActiveProfileName } = await import('../../services/hermes/hermes-profile')
+      const activeProfileName = getActiveProfileName()
+      if (!isForbiddenProfileName(activeProfileName)) throw err
+
+      logger.warn(err, '[listProfiles] active_profile "%s" is invalid/reserved; resetting to default and listing profiles from disk', activeProfileName)
+      writeFileSync(getActiveProfileFile(), 'default\n', 'utf-8')
+      profiles = listProfilesFromDisk('default')
+    }
+
+    const activeProfileName = requestedProfileName(ctx)
+
+    profiles = filterVisibleProfiles(profiles)
+    profiles = filterProfilesForUser(ctx, profiles)
+
+    // Web UI active profile is request-scoped and comes from X-Hermes-Profile.
+    profiles.forEach(p => {
+      p.active = (p.name === activeProfileName)
+    })
+
+    ctx.body = { profiles: attachProfileAvatars(profiles) }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function create(ctx: any) {
+  const { name, clone } = ctx.request.body as { name?: string; clone?: boolean }
+  if (!name) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing profile name' }
+    return
+  }
+  if (isForbiddenProfileName(name)) {
+    ctx.status = 400
+    ctx.body = { error: `Profile name '${name}' is reserved and cannot be created` }
+    return
+  }
+  try {
+    const output = await hermesCli.createProfile(name, clone)
+
+    // clone=true 时执行智能清理：
+    //   - 删除 .env 中的独占平台凭据（Weixin / Telegram / Slack / ...）
+    //   - 禁用 config.yaml 中对应的平台节点
+    // 避免新 profile 与源 profile 共享同一个 bot token 导致互斥冲突。
+    let strippedCredentials: string[] = []
+    let disabledPlatforms: string[] = []
+    let strippedConfigCredentials: string[] = []
+    if (clone) {
+      try {
+        const cleanup = smartCloneCleanup(name)
+        strippedCredentials = cleanup.strippedCredentials
+        disabledPlatforms = cleanup.disabledPlatforms
+        strippedConfigCredentials = cleanup.strippedConfigCredentials
+        if (
+          strippedCredentials.length > 0 ||
+          disabledPlatforms.length > 0 ||
+          strippedConfigCredentials.length > 0
+        ) {
+          logger.info(
+            'Smart clone cleanup for "%s": stripped %d env credentials (%s), disabled %d platforms (%s), stripped %d config credentials (%s)',
+            name,
+            strippedCredentials.length, strippedCredentials.join(','),
+            disabledPlatforms.length, disabledPlatforms.join(','),
+            strippedConfigCredentials.length, strippedConfigCredentials.join(','),
+          )
+        }
+      } catch (err: any) {
+        // 清理失败不应阻断 profile 创建，仅记日志
+        logger.error(err, 'Smart clone cleanup failed for "%s"', name)
+      }
+    }
+
+    await injectBundledSkillsForProfile(name)
+
+    ctx.body = {
+      success: true,
+      message: output.trim(),
+      strippedCredentials,
+      disabledPlatforms,
+      strippedConfigCredentials,
+    }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function get(ctx: any) {
+  const name = String(ctx.params.name || '').trim() || 'default'
+  if (denyProfile(ctx, name)) return
+  try {
+    const profile = await hermesCli.getProfile(name)
+    ctx.body = { profile: { ...profile, avatar: readProfileAvatar(profile.name) } }
+  } catch (err: any) {
+    ctx.status = err.message.includes('not found') ? 404 : 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function updateAvatar(ctx: any) {
+  const name = String(ctx.params.name || '').trim() || 'default'
+  if (denyProfile(ctx, name)) return
+  if (isForbiddenProfileName(name)) {
+    ctx.status = 400
+    ctx.body = { error: `Profile name '${name}' is reserved` }
+    return
+  }
+  const body = ctx.request.body as { type?: string; seed?: string; dataUrl?: string }
+  try {
+    const dir = profileMetadataDir(name)
+    await mkdir(dir, { recursive: true })
+    const updatedAt = Date.now()
+
+    if (body.type === 'generated') {
+      const seed = String(body.seed || name).trim() || name
+      const meta: ProfileAvatarMeta = { type: 'generated', seed, updatedAt }
+      rmSync(profileAvatarImagePath(name), { force: true })
+      await writeFile(profileAvatarMetaPath(name), JSON.stringify(meta, null, 2) + '\n', { mode: 0o600 })
+      ctx.body = { avatar: readProfileAvatar(name) }
+      return
+    }
+
+    if (body.type === 'image' && typeof body.dataUrl === 'string') {
+      const { mime, buffer } = parseAvatarDataUrl(body.dataUrl)
+      const meta: ProfileAvatarMeta = { type: 'image', file: 'avatar.bin', mime, updatedAt }
+      await writeFile(profileAvatarImagePath(name), buffer, { mode: 0o600 })
+      await writeFile(profileAvatarMetaPath(name), JSON.stringify(meta, null, 2) + '\n', { mode: 0o600 })
+      ctx.body = { avatar: readProfileAvatar(name) }
+      return
+    }
+
+    ctx.status = 400
+    ctx.body = { error: 'Invalid avatar payload' }
+  } catch (err: any) {
+    ctx.status = 400
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function deleteAvatar(ctx: any) {
+  const name = String(ctx.params.name || '').trim() || 'default'
+  if (denyProfile(ctx, name)) return
+  try {
+    removeProfileMetadata(name)
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function runtimeStatus(ctx: any) {
+  const name = String(ctx.params.name || '').trim() || 'default'
+  if (denyProfile(ctx, name)) return
+  if (isForbiddenProfileName(name)) {
+    ctx.status = 400
+    ctx.body = { error: `Profile name '${name}' is reserved` }
+    return
+  }
+  try {
+    const profiles = await listProfilesForStatus()
+    const profile = profiles.find(item => item.name === name)
+    const status = await buildRuntimeStatus(profile || name)
+    setRuntimeStatusCache(status)
+    ctx.body = status
+  } catch {
+    const status = await buildRuntimeStatus(name)
+    setRuntimeStatusCache(status)
+    ctx.body = status
+  }
+}
+
+export async function runtimeStatuses(ctx: any) {
+  try {
+    const refreshParam = ctx.query?.refresh
+    const refreshRequested = refreshParam === undefined || (refreshParam !== '0' && refreshParam !== 'false')
+    if (refreshRequested) scheduleRuntimeStatusRefresh()
+
+    const profiles = filterProfilesForUser(ctx, listProfilesForStatusFast())
+    const statuses: RuntimeStatus[] = []
+    profiles.forEach(profile => {
+      const cached = runtimeStatusCache.get(profile.name)
+      if (cached && cached.updatedAt >= runtimeStatusMinimumFreshAt) {
+        statuses.push(cached.status)
+      }
+    })
+
+    ctx.body = {
+      profiles: statuses,
+      refreshing: !!runtimeStatusRefreshPromise,
+    }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+async function listProfilesForStatus(): Promise<HermesProfile[]> {
+  let profiles: HermesProfile[]
+  try {
+    profiles = await hermesCli.listProfiles()
+  } catch {
+    profiles = listProfilesFromDisk(getActiveProfileName())
+  }
+  return filterVisibleProfiles(profiles)
+}
+
+export async function restartGatewayForProfile(ctx: any) {
+  const name = String(ctx.params.name || '').trim() || 'default'
+  if (denyProfile(ctx, name)) return
+  if (isForbiddenProfileName(name)) {
+    ctx.status = 400
+    ctx.body = { error: `Profile name '${name}' is reserved` }
+    return
+  }
+  try {
+    const gateway = await restartGatewayRuntimeForProfile(name)
+    try {
+      const result = await bridgeCleanupClient().destroyProfile(name)
+      logger.info('[profiles] destroyed bridge sessions after gateway restart profile=%s destroyed=%s', name, result.destroyed)
+      const cached = runtimeStatusCache.get(name)?.status
+      if (cached) {
+        setRuntimeStatusCache({
+          ...cached,
+          bridge: {
+            ...cached.bridge,
+            running: false,
+          },
+          gateway,
+        })
+      }
+    } catch (err) {
+      logger.warn(err, '[profiles] failed to destroy bridge sessions after gateway restart profile=%s', name)
+    }
+    ctx.body = { success: true, gateway }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function restartProfileRuntime(ctx: any) {
+  const name = String(ctx.params.name || '').trim() || 'default'
+  if (denyProfile(ctx, name)) return
+  if (isForbiddenProfileName(name)) {
+    ctx.status = 400
+    ctx.body = { error: `Profile name '${name}' is reserved` }
+    return
+  }
+  try {
+    const result = await bridgeCleanupClient().destroyProfile(name)
+    logger.info('[profiles] destroyed bridge sessions after profile restart profile=%s destroyed=%s', name, result.destroyed)
+    const profiles = await listProfilesForStatus()
+    const profile = profiles.find(item => item.name === name)
+    const status = await buildRuntimeStatus(profile || name)
+    setRuntimeStatusCache(status)
+    ctx.body = {
+      success: true,
+      destroyed: result.destroyed,
+      status,
+    }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function remove(ctx: any) {
+  const { name } = ctx.params
+  if (denyProfile(ctx, name)) return
+  if (name === 'default') {
+    ctx.status = 400
+    ctx.body = { error: 'Cannot delete the default profile' }
+    return
+  }
+  try {
+    try {
+      const result = await bridgeCleanupClient().destroyProfile(name)
+      logger.info('[profiles] destroyed bridge sessions for deleted profile "%s" destroyed=%s', name, result.destroyed)
+    } catch (err) {
+      logger.warn(err, '[profiles] failed to destroy bridge sessions for deleted profile "%s"', name)
+    }
+    const ok = await hermesCli.deleteProfile(name)
+    if (ok) {
+      removeProfileMetadata(name)
+      ctx.body = { success: true }
+    } else if (deleteForbiddenProfileFromDisk(name)) {
+      removeProfileMetadata(name)
+      ctx.body = { success: true, fallback: 'removed_reserved_profile_from_disk' }
+    } else {
+      ctx.status = 500
+      ctx.body = { error: 'Failed to delete profile' }
+    }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function rename(ctx: any) {
+  if (denyProfile(ctx, ctx.params.name)) return
+  const { new_name } = ctx.request.body as { new_name?: string }
+  if (!new_name) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing new_name' }
+    return
+  }
+  try {
+    const ok = await hermesCli.renameProfile(ctx.params.name, new_name)
+    if (ok) {
+      renameProfileMetadata(ctx.params.name, new_name)
+      ctx.body = { success: true }
+    } else {
+      ctx.status = 500
+      ctx.body = { error: 'Failed to rename profile' }
+    }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function switchProfile(ctx: any) {
+  const { name } = ctx.request.body as { name?: string }
+  if (!name) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing profile name' }
+    return
+  }
+  if (isForbiddenProfileName(name)) {
+    ctx.status = 400
+    ctx.body = { error: `Profile name '${name}' is reserved and cannot be activated` }
+    return
+  }
+  try {
+    if (denyProfile(ctx, name)) return
+
+    const output = await useProfileWithFallback(name)
+
+    const actualActive = getActiveProfileName()
+    if (actualActive !== name) {
+      ctx.status = 500
+      ctx.body = { error: `Profile switch verification failed - active profile is ${actualActive}` }
+      return
+    }
+
+    try {
+      const result = await bridgeCleanupClient().destroyProfile(name)
+      logger.info('[switchProfile] destroyed bridge sessions for Hermes profile "%s" destroyed=%s', name, result.destroyed)
+    } catch (err: any) {
+      logger.warn(err, '[switchProfile] failed to destroy bridge sessions for profile "%s"', name)
+    }
+
+    try {
+      const detail = await hermesCli.getProfile(name)
+      logger.debug('Profile detail.path = %s', detail.path)
+
+      const profileConfig = join(detail.path, 'config.yaml')
+      if (!existsSync(profileConfig)) {
+        writeFileSync(profileConfig, '# Hermes Agent Configuration\n', 'utf-8')
+        logger.info('Created config.yaml for: %s', detail.path)
+      }
+
+      const profileEnv = join(detail.path, '.env')
+      if (!existsSync(profileEnv)) {
+        writeFileSync(profileEnv, '# Hermes Agent Environment Configuration\n', 'utf-8')
+        logger.info('Created .env for: %s', detail.path)
+      }
+    } catch (err: any) {
+      logger.error(err, 'Ensure config failed')
+    }
+
+    await injectBundledSkillsForProfile(name)
+    SessionDeleter.getInstance().switchProfile(name)
+    logger.info('[switchProfile] switched session deleter to Hermes profile "%s"', name)
+
+    ctx.body = {
+      success: true,
+      message: output.trim(),
+      active: name,
+    }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function exportProfile(ctx: any) {
+  const { name } = ctx.params
+  if (denyProfile(ctx, name)) return
+  const outputPath = join(tmpdir(), `hermes-profile-${name}.tar.gz`)
+  try {
+    await hermesCli.exportProfile(name, outputPath)
+    if (!existsSync(outputPath)) {
+      ctx.status = 500
+      ctx.body = { error: 'Export file not found' }
+      return
+    }
+    const filename = basename(outputPath)
+    ctx.set('Content-Disposition', `attachment; filename="${filename}"`)
+    ctx.set('Content-Type', 'application/gzip')
+    ctx.body = createReadStream(outputPath)
+    ctx.res.on('finish', () => { try { unlinkSync(outputPath) } catch { } })
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function importProfile(ctx: any) {
+  const contentType = ctx.get('content-type') || ''
+  if (!contentType.startsWith('multipart/form-data')) {
+    ctx.status = 400
+    ctx.body = { error: 'Expected multipart/form-data' }
+    return
+  }
+  const boundary = '--' + contentType.split('boundary=')[1]
+  if (!boundary || boundary === '--undefined') {
+    ctx.status = 400
+    ctx.body = { error: 'Missing boundary' }
+    return
+  }
+  const tmpDir = join(tmpdir(), 'hermes-import')
+  await mkdir(tmpDir, { recursive: true })
+  const chunks: Buffer[] = []
+  for await (const chunk of ctx.req) chunks.push(chunk)
+  const body = Buffer.concat(chunks).toString('latin1')
+  const parts = body.split(boundary).slice(1, -1)
+  let archivePath = ''
+  for (const part of parts) {
+    const headerEnd = part.indexOf('\r\n\r\n')
+    if (headerEnd === -1) continue
+    const header = part.substring(0, headerEnd)
+    const data = part.substring(headerEnd + 4, part.length - 2)
+    const filenameMatch = header.match(/filename="([^"]+)"/)
+    if (!filenameMatch) continue
+    const filename = filenameMatch[1]
+    const ext = filename.includes('.') ? '.' + filename.split('.').pop() : ''
+    if (!['.gz', '.tar.gz', '.zip', '.tgz'].includes(ext)) continue
+    archivePath = join(tmpDir, filename)
+    await writeFile(archivePath, Buffer.from(data, 'binary'))
+    break
+  }
+  if (!archivePath) {
+    ctx.status = 400
+    ctx.body = { error: 'No archive file found (.gz, .zip, .tgz)' }
+    return
+  }
+  try {
+    const result = await hermesCli.importProfile(archivePath)
+    try { unlinkSync(archivePath) } catch { }
+    ctx.body = { success: true, message: result.trim() }
+  } catch (err: any) {
+    try { unlinkSync(archivePath) } catch { }
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/providers.ts b/packages/server/src/controllers/hermes/providers.ts
new file mode 100644
index 0000000..da570e8
--- /dev/null
+++ b/packages/server/src/controllers/hermes/providers.ts
@@ -0,0 +1,247 @@
+import { existsSync, readFileSync } from 'fs'
+import { writeFile } from 'fs/promises'
+import { join } from 'path'
+import { getActiveProfileName, getProfileDir } from '../../services/hermes/hermes-profile'
+import { updateConfigYamlForProfile, saveEnvValueForProfile, PROVIDER_ENV_MAP } from '../../services/config-helpers'
+import { PROVIDER_PRESETS } from '../../shared/providers'
+import { logger } from '../../services/logger'
+
+const OPTIONAL_API_KEY_PROVIDERS = new Set(['cliproxyapi', 'xai-oauth', 'openai-codex'])
+const DIRECT_CONFIG_PROVIDERS = new Set(['xai-oauth', 'openai-codex'])
+
+function requestedProfile(ctx: any): string {
+  return ctx.state?.profile?.name || getActiveProfileName() || 'default'
+}
+
+function authPathForProfile(profile: string): string {
+  return join(getProfileDir(profile), 'auth.json')
+}
+
+async function clearStoredAuthProvider(profile: string, poolKey: string) {
+  try {
+    const authPath = authPathForProfile(profile)
+    if (!existsSync(authPath)) return
+
+    const auth = JSON.parse(readFileSync(authPath, 'utf-8'))
+    let changed = false
+    if (auth.providers && Object.prototype.hasOwnProperty.call(auth.providers, poolKey)) {
+      delete auth.providers[poolKey]
+      changed = true
+    }
+    if (auth.credential_pool && Object.prototype.hasOwnProperty.call(auth.credential_pool, poolKey)) {
+      delete auth.credential_pool[poolKey]
+      changed = true
+    }
+    if (changed) {
+      await writeFile(authPath, JSON.stringify(auth, null, 2) + '\n', 'utf-8')
+    }
+  } catch (err: any) { logger.error(err, 'Failed to clear auth credentials for %s', poolKey) }
+}
+
+function buildProviderEntry(name: string, base_url: string, api_key: string, model: string, context_length?: number) {
+  const entry: any = { name, base_url, api_key, model }
+  if (context_length && context_length > 0) {
+    entry.models = { [model]: { context_length } }
+  }
+  return entry
+}
+
+function normalizeBaseUrl(url: string): string {
+  return String(url || '').trim().replace(/\/+$/, '')
+}
+
+function builtinBaseUrl(poolKey: string, requestedBaseUrl: string): string {
+  return requestedBaseUrl || PROVIDER_PRESETS.find(p => p.value === poolKey)?.base_url || ''
+}
+
+function shouldPersistBuiltinBaseUrl(poolKey: string, requestedBaseUrl: string): boolean {
+  const presetBaseUrl = PROVIDER_PRESETS.find(p => p.value === poolKey)?.base_url || ''
+  if (!requestedBaseUrl || !presetBaseUrl) return !!requestedBaseUrl
+  return normalizeBaseUrl(requestedBaseUrl) !== normalizeBaseUrl(presetBaseUrl)
+}
+
+export async function create(ctx: any) {
+  const { name, base_url, api_key, model, context_length, providerKey } = ctx.request.body as {
+    name: string; base_url: string; api_key: string; model: string; context_length?: number; providerKey?: string | null
+  }
+  const normalizedName = String(name || '').trim()
+  const poolKey = providerKey || `custom:${normalizedName.toLowerCase().replace(/ /g, '-')}`
+  const isBuiltin = poolKey in PROVIDER_ENV_MAP
+  const effectiveBaseUrl = isBuiltin ? builtinBaseUrl(poolKey, base_url) : base_url
+  if (!normalizedName || !effectiveBaseUrl || !model) {
+    ctx.status = 400; ctx.body = { error: 'Missing name, base_url, or model' }; return
+  }
+  if (!api_key && !OPTIONAL_API_KEY_PROVIDERS.has(String(providerKey || ''))) {
+    ctx.status = 400; ctx.body = { error: 'Missing API key' }; return
+  }
+  try {
+    const profile = requestedProfile(ctx)
+    await updateConfigYamlForProfile(profile, async (config) => {
+      if (typeof config.model !== 'object' || config.model === null) { config.model = {} }
+      if (!isBuiltin) {
+        if (!Array.isArray(config.custom_providers)) { config.custom_providers = [] }
+        const existing = (config.custom_providers as any[]).find(
+          (e: any) => `custom:${e.name}` === poolKey
+        )
+        if (existing) {
+          existing.base_url = effectiveBaseUrl
+          existing.api_key = api_key
+          existing.model = model
+          const preset = PROVIDER_PRESETS.find(p => p.value === poolKey.replace('custom:', ''))
+          if (preset?.api_mode) existing.api_mode = preset.api_mode
+          if (context_length && context_length > 0) {
+            if (!existing.models) existing.models = {}
+            existing.models[model] = existing.models[model] || {}
+            existing.models[model].context_length = context_length
+          }
+        } else {
+          const entry = buildProviderEntry(normalizedName.toLowerCase().replace(/ /g, '-'), effectiveBaseUrl, api_key, model, context_length)
+          const preset = PROVIDER_PRESETS.find(p => p.value === poolKey.replace('custom:', ''))
+          if (preset?.api_mode) entry.api_mode = preset.api_mode
+          config.custom_providers.push(entry)
+        }
+        config.model.default = model
+        config.model.provider = poolKey
+      } else {
+        if (PROVIDER_ENV_MAP[poolKey].api_key_env) {
+          await saveEnvValueForProfile(profile, PROVIDER_ENV_MAP[poolKey].api_key_env, api_key)
+          if (PROVIDER_ENV_MAP[poolKey].base_url_env && shouldPersistBuiltinBaseUrl(poolKey, base_url)) { await saveEnvValueForProfile(profile, PROVIDER_ENV_MAP[poolKey].base_url_env, effectiveBaseUrl) }
+          config.model.default = model
+          config.model.provider = poolKey
+        } else if (DIRECT_CONFIG_PROVIDERS.has(poolKey)) {
+          if (PROVIDER_ENV_MAP[poolKey].base_url_env && shouldPersistBuiltinBaseUrl(poolKey, base_url)) { await saveEnvValueForProfile(profile, PROVIDER_ENV_MAP[poolKey].base_url_env, effectiveBaseUrl) }
+          config.model.default = model
+          config.model.provider = poolKey
+        } else {
+          if (!Array.isArray(config.custom_providers)) { config.custom_providers = [] }
+          const existing = (config.custom_providers as any[]).find(
+            (e: any) => `custom:${e.name}` === `custom:${poolKey}`
+          )
+          if (existing) {
+            existing.base_url = effectiveBaseUrl
+            existing.api_key = api_key
+            existing.model = model
+            const preset = PROVIDER_PRESETS.find(p => p.value === poolKey)
+            if (preset?.api_mode) existing.api_mode = preset.api_mode
+            if (context_length && context_length > 0) {
+              if (!existing.models) existing.models = {}
+              existing.models[model] = existing.models[model] || {}
+              existing.models[model].context_length = context_length
+            }
+          } else {
+            const entry = buildProviderEntry(poolKey, effectiveBaseUrl, api_key, model, context_length)
+            const preset = PROVIDER_PRESETS.find(p => p.value === poolKey)
+            if (preset?.api_mode) entry.api_mode = preset.api_mode
+            config.custom_providers.push(entry)
+          }
+          config.model.default = model
+          config.model.provider = `custom:${poolKey}`
+        }
+      }
+      delete config.model.base_url
+      delete config.model.api_key
+      return config
+    })
+    // TODO: Test if provider works without gateway restart
+    // try { await hermesCli.restartGateway() } catch (e: any) { logger.error(e, 'Gateway restart failed') }
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message }
+  }
+}
+
+export async function update(ctx: any) {
+  const poolKey = decodeURIComponent(ctx.params.poolKey)
+  const { name, base_url, api_key, model } = ctx.request.body as {
+    name?: string; base_url?: string; api_key?: string; model?: string
+  }
+  try {
+    const profile = requestedProfile(ctx)
+    const isCustom = poolKey.startsWith('custom:')
+    if (isCustom) {
+      const found = await updateConfigYamlForProfile(profile, (config) => {
+        if (!Array.isArray(config.custom_providers)) return { data: config, result: false, write: false }
+        const entry = (config.custom_providers as any[]).find((e: any) => {
+          return `custom:${e.name.trim().toLowerCase().replace(/ /g, '-')}` === poolKey
+        })
+        if (!entry) return { data: config, result: false, write: false }
+        if (name !== undefined) entry.name = name
+        if (base_url !== undefined) entry.base_url = base_url
+        if (api_key !== undefined) entry.api_key = api_key
+        if (model !== undefined) entry.model = model
+        return { data: config, result: true }
+      })
+      if (!found) {
+        ctx.status = 404; ctx.body = { error: `Custom provider "${poolKey}" not found` }; return
+      }
+    } else {
+      const envMapping = PROVIDER_ENV_MAP[poolKey]
+      if (!envMapping?.api_key_env) {
+        ctx.status = 400; ctx.body = { error: `Cannot update credentials for "${poolKey}"` }; return
+      }
+      if (api_key !== undefined) { await saveEnvValueForProfile(profile, envMapping.api_key_env, api_key) }
+    }
+    // TODO: Test if provider works without gateway restart
+    // try { await hermesCli.restartGateway() } catch (e: any) { logger.error(e, 'Gateway restart failed') }
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message }
+  }
+}
+
+export async function remove(ctx: any) {
+  const poolKey = decodeURIComponent(ctx.params.poolKey)
+  try {
+    const profile = requestedProfile(ctx)
+    const isCustom = poolKey.startsWith('custom:')
+    const removed = await updateConfigYamlForProfile(profile, async (config) => {
+      if (isCustom) {
+        const idx = Array.isArray(config.custom_providers)
+          ? (config.custom_providers as any[]).findIndex((e: any) => {
+            return `custom:${e.name.trim().toLowerCase().replace(/ /g, '-')}` === poolKey
+          })
+          : -1
+        if (idx === -1) return { data: config, result: false, write: false }
+        ;(config.custom_providers as any[]).splice(idx, 1)
+      } else {
+        const envMapping = PROVIDER_ENV_MAP[poolKey]
+        if (envMapping?.api_key_env) {
+          await saveEnvValueForProfile(profile, envMapping.api_key_env, '')
+        }
+        if (envMapping?.base_url_env) {
+          await saveEnvValueForProfile(profile, envMapping.base_url_env, '')
+        }
+      }
+      if (config.model?.provider === poolKey) {
+        const remaining = Array.isArray(config.custom_providers) ? config.custom_providers as any[] : []
+        if (remaining.length > 0) {
+          const fallbackCp = remaining[0]
+          const fallbackKey = `custom:${fallbackCp.name.trim().toLowerCase().replace(/ /g, '-')}`
+          if (typeof config.model !== 'object' || config.model === null) { config.model = {} }
+          config.model.default = fallbackCp.model
+          config.model.provider = fallbackKey
+          delete config.model.base_url
+          delete config.model.api_key
+        } else {
+          config.model = {}
+        }
+      }
+      return { data: config, result: true }
+    })
+    if (!removed) {
+      ctx.status = 404; ctx.body = { error: `Custom provider "${poolKey}" not found` }; return
+    }
+    if (!isCustom) {
+      const envMapping = PROVIDER_ENV_MAP[poolKey]
+      if (!envMapping) {
+        ctx.status = 404; ctx.body = { error: `Provider "${poolKey}" not found` }; return
+      }
+    }
+    await clearStoredAuthProvider(profile, poolKey)
+    // TODO: Test if provider works without gateway restart
+    // try { await hermesCli.restartGateway() } catch (e: any) { logger.error(e, 'Gateway restart failed') }
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/sessions.ts b/packages/server/src/controllers/hermes/sessions.ts
new file mode 100644
index 0000000..e058256
--- /dev/null
+++ b/packages/server/src/controllers/hermes/sessions.ts
@@ -0,0 +1,911 @@
+import * as hermesCli from '../../services/hermes/hermes-cli'
+import { listSessionSummaries, getUsageStatsFromDb, getSessionDetailFromDb, getSessionDetailFromDbWithProfile, getSessionDetailPaginatedFromDbWithProfile, getExactSessionDetailFromDbWithProfile } from '../../db/hermes/sessions-db'
+import {
+  listSessions as localListSessions,
+  searchSessions as localSearchSessions,
+  getSession as localGetSession,
+  getSessionDetail as localGetSessionDetail,
+  deleteSession as localDeleteSession,
+  renameSession as localRenameSession,
+  createSession as localCreateSession,
+  addMessages as localAddMessages,
+  updateSession as localUpdateSession,
+  updateSessionStats as localUpdateSessionStats,
+} from '../../db/hermes/session-store'
+import { ExportCompressor } from '../../lib/context-compressor/export-compressor'
+import { deleteUsage, getUsage, getUsageBatch } from '../../db/hermes/usage-store'
+import type { UsageStatsModelRow, UsageStatsDailyRow } from '../../db/hermes/usage-store'
+import { getModelContextLength } from '../../services/hermes/model-context'
+import { getActiveProfileName, listProfileNamesFromDisk } from '../../services/hermes/hermes-profile'
+import { isPathWithin } from '../../services/hermes/hermes-path'
+import { getGroupChatServer } from '../../routes/hermes/group-chat'
+import { logger } from '../../services/logger'
+import type { ConversationSummary } from '../../services/hermes/conversations'
+import { listUserProfiles } from '../../db/hermes/users-store'
+import { readConfigYamlForProfile } from '../../services/config-helpers'
+
+function getPendingDeletedSessionIds(): Set<string> {
+  return getGroupChatServer()?.getStorage().getPendingDeletedSessionIds() || new Set<string>()
+}
+
+function filterPendingDeletedSessions<T extends { id: string }>(items: T[]): T[] {
+  const pendingIds = getPendingDeletedSessionIds()
+  if (pendingIds.size === 0) return items
+  return items.filter(item => !pendingIds.has(item.id))
+}
+
+function filterPendingDeletedConversationSummaries(items: ConversationSummary[]): ConversationSummary[] {
+  return filterPendingDeletedSessions(items)
+}
+
+function requestedProfile(ctx: any): string | undefined {
+  const value = ctx.state?.profile?.name || (typeof ctx.query?.profile === 'string' ? ctx.query.profile.trim() : '')
+  return value || undefined
+}
+
+function explicitProfileFilter(ctx: any): string | undefined {
+  const value = typeof ctx.query?.profile === 'string' ? ctx.query.profile.trim() : ''
+  return value || undefined
+}
+
+function allowedProfileSet(ctx: any): Set<string> | null {
+  const user = ctx.state?.user
+  if (!user || user.role === 'super_admin') return null
+  return new Set(listUserProfiles(user.id).map(profile => profile.profile_name))
+}
+
+function canAccessProfile(ctx: any, profile: string | null | undefined): boolean {
+  const allowed = allowedProfileSet(ctx)
+  return !allowed || allowed.has(profile || 'default')
+}
+
+function filterByAllowedProfiles<T>(ctx: any, items: T[]): T[] {
+  const allowed = allowedProfileSet(ctx)
+  if (!allowed) return items
+  return items.filter(item => allowed.has(((item as any).profile as string | null | undefined) || 'default'))
+}
+
+function denySessionAccess(ctx: any, session: any | null | undefined): boolean {
+  if (!session || canAccessProfile(ctx, session.profile)) return false
+  ctx.status = 403
+  ctx.body = { error: `Profile "${session.profile || 'default'}" is not available for this user` }
+  return true
+}
+
+interface HermesDeleteResult {
+  attempted: boolean
+  deleted: boolean
+  profile?: string
+  error?: string
+}
+
+interface BatchDeleteTarget {
+  id: string
+  profile?: string | null
+}
+
+interface ProfileDefaultModel {
+  model: string
+  provider: string
+}
+
+interface LocalImportMessage {
+  session_id: string
+  role: string
+  content: string
+  tool_call_id?: string | null
+  tool_calls?: any[] | null
+  tool_name?: string | null
+  timestamp?: number
+  token_count?: number | null
+  finish_reason?: string | null
+  reasoning?: string | null
+  reasoning_details?: string | null
+  reasoning_content?: string | null
+}
+
+function hasProfileOnDisk(profile: string): boolean {
+  return listProfileNamesFromDisk().includes(profile || 'default')
+}
+
+async function deleteHermesSessionIfPresent(sessionId: string, profile?: string | null): Promise<HermesDeleteResult> {
+  const targetProfile = profile || 'default'
+  if (!hasProfileOnDisk(targetProfile)) {
+    return { attempted: false, deleted: false, profile: targetProfile }
+  }
+
+  try {
+    const hermesSession = await getExactSessionDetailFromDbWithProfile(sessionId, targetProfile)
+    if (!hermesSession) {
+      return { attempted: false, deleted: false, profile: targetProfile }
+    }
+
+    const deleted = await hermesCli.deleteSessionForProfile(sessionId, targetProfile)
+    return {
+      attempted: true,
+      deleted,
+      profile: targetProfile,
+      error: deleted ? undefined : 'Failed to delete Hermes session',
+    }
+  } catch (err: any) {
+    const message = err?.message || 'Failed to inspect Hermes session'
+    logger.warn({ err, sessionId, profile: targetProfile }, 'Hermes Session: profile delete skipped')
+    return { attempted: true, deleted: false, profile: targetProfile, error: message }
+  }
+}
+
+async function getProfileDefaultModel(profile: string): Promise<ProfileDefaultModel> {
+  try {
+    const config = await readConfigYamlForProfile(profile)
+    const modelSection = config?.model
+    if (modelSection && typeof modelSection === 'object' && !Array.isArray(modelSection)) {
+      return {
+        model: String(modelSection.default || '').trim(),
+        provider: String(modelSection.provider || '').trim(),
+      }
+    }
+    if (typeof modelSection === 'string') {
+      return { model: modelSection.trim(), provider: '' }
+    }
+  } catch (err) {
+    logger.warn({ err, profile }, 'Hermes Session: failed to read profile default model for import')
+  }
+  return { model: '', provider: '' }
+}
+
+function normalizeImportText(value: unknown): string {
+  if (value == null) return ''
+  if (typeof value === 'string') return value
+  try {
+    return JSON.stringify(value)
+  } catch {
+    return String(value)
+  }
+}
+
+function normalizeImportNullableText(value: unknown): string | null {
+  const text = normalizeImportText(value)
+  return text ? text : null
+}
+
+function normalizeImportToolCalls(value: unknown): any[] | null {
+  if (!Array.isArray(value)) return null
+  const calls = value
+    .map((call: any) => {
+      const id = String(call?.id || '').trim()
+      const fn = call?.function && typeof call.function === 'object' ? call.function : {}
+      const name = String(fn.name || call?.name || '').trim()
+      if (!id || !name) return null
+      const rawArgs = fn.arguments ?? call?.arguments ?? {}
+      const args = typeof rawArgs === 'string' ? rawArgs : normalizeImportText(rawArgs || {})
+      return {
+        id,
+        type: String(call?.type || 'function'),
+        function: { name, arguments: args || '{}' },
+      }
+    })
+    .filter((call): call is { id: string; type: string; function: { name: string; arguments: string } } => Boolean(call))
+  return calls.length > 0 ? calls : null
+}
+
+function buildImportMessages(sessionId: string, messages: any[]): LocalImportMessage[] {
+  const result: LocalImportMessage[] = []
+  const knownToolCallIds = new Set<string>()
+
+  for (const message of messages) {
+    const role = String(message?.role || '').trim()
+    if (role !== 'user' && role !== 'assistant' && role !== 'tool') continue
+
+    const toolCalls = role === 'assistant' ? normalizeImportToolCalls(message.tool_calls) : null
+    if (toolCalls) {
+      for (const call of toolCalls) knownToolCallIds.add(call.id)
+    }
+
+    if (role === 'tool') {
+      const callId = String(message?.tool_call_id || '').trim()
+      if (!callId || !knownToolCallIds.has(callId)) continue
+      result.push({
+        session_id: sessionId,
+        role,
+        content: normalizeImportText(message?.content),
+        tool_call_id: callId,
+        tool_calls: null,
+        tool_name: normalizeImportNullableText(message?.tool_name),
+        timestamp: Number(message?.timestamp || 0),
+        token_count: message?.token_count == null ? null : Number(message.token_count),
+        finish_reason: normalizeImportNullableText(message?.finish_reason),
+        reasoning: null,
+        reasoning_details: null,
+        reasoning_content: null,
+      })
+      continue
+    }
+
+    const content = normalizeImportText(message?.content)
+    if (role === 'assistant' && !content.trim() && !toolCalls) continue
+
+    result.push({
+      session_id: sessionId,
+      role,
+      content,
+      tool_call_id: null,
+      tool_calls: toolCalls,
+      tool_name: null,
+      timestamp: Number(message?.timestamp || 0),
+      token_count: message?.token_count == null ? null : Number(message.token_count),
+      finish_reason: normalizeImportNullableText(message?.finish_reason),
+      reasoning: role === 'assistant' ? normalizeImportNullableText(message?.reasoning) : null,
+      reasoning_details: role === 'assistant' ? normalizeImportNullableText(message?.reasoning_details) : null,
+      reasoning_content: role === 'assistant' ? normalizeImportNullableText(message?.reasoning_content) : null,
+    })
+  }
+
+  return result
+}
+
+export async function listConversations(ctx: any) {
+  const source = (ctx.query.source as string) || undefined
+  const limit = ctx.query.limit ? parseInt(ctx.query.limit as string, 10) : undefined
+
+  const profile = explicitProfileFilter(ctx)
+  const sessions = localListSessions(profile, source, limit && limit > 0 ? limit : 200)
+  const summaries: ConversationSummary[] = sessions.map(s => ({
+    id: s.id,
+    profile: s.profile || null,
+    source: s.source,
+    model: s.model,
+    provider: s.provider,
+    title: s.title,
+    started_at: s.started_at,
+    ended_at: s.ended_at,
+    last_active: s.last_active,
+    message_count: s.message_count,
+    tool_call_count: s.tool_call_count,
+    input_tokens: s.input_tokens,
+    output_tokens: s.output_tokens,
+    cache_read_tokens: s.cache_read_tokens,
+    cache_write_tokens: s.cache_write_tokens,
+    reasoning_tokens: s.reasoning_tokens,
+    billing_provider: s.billing_provider,
+    estimated_cost_usd: s.estimated_cost_usd,
+    actual_cost_usd: s.actual_cost_usd,
+    cost_status: s.cost_status,
+    preview: s.preview,
+    workspace: s.workspace || null,
+    is_active: s.ended_at == null && (Date.now() / 1000 - s.last_active) <= 300,
+    thread_session_count: 1,
+  }))
+  ctx.body = { sessions: filterPendingDeletedConversationSummaries(filterByAllowedProfiles(ctx, summaries)) }
+}
+
+export async function getConversationMessages(ctx: any) {
+  const humanOnly = (ctx.query.humanOnly as string) !== 'false' && ctx.query.humanOnly !== '0'
+
+  const detail = localGetSessionDetail(ctx.params.id)
+  if (!detail) {
+    ctx.status = 404
+    ctx.body = { error: 'Conversation not found' }
+    return
+  }
+  if (denySessionAccess(ctx, detail)) return
+  const messages = detail.messages
+    .filter(m => {
+      if (humanOnly && m.role !== 'user' && m.role !== 'assistant') return false
+      if (!m.content) return false
+      return true
+    })
+    .map(m => ({
+      id: m.id,
+      session_id: m.session_id,
+      role: m.role as 'user' | 'assistant',
+      content: m.content,
+      timestamp: m.timestamp,
+    }))
+  ctx.body = {
+    session_id: ctx.params.id,
+    messages,
+    visible_count: messages.length,
+    thread_session_count: 1,
+  }
+}
+
+export async function list(ctx: any) {
+  const source = (ctx.query.source as string) || undefined
+  const limit = ctx.query.limit ? parseInt(ctx.query.limit as string, 10) : undefined
+  const profile = explicitProfileFilter(ctx)
+  const effectiveLimit = limit && limit > 0 ? limit : 2000
+
+  const allSessions = localListSessions(profile, source, effectiveLimit)
+  const knownProfiles = profile ? null : new Set(listProfileNamesFromDisk())
+  ctx.body = {
+    sessions: filterPendingDeletedSessions(filterByAllowedProfiles(ctx, allSessions).filter(s =>
+      (s.source === 'api_server' || s.source === 'cli') &&
+      (!knownProfiles || knownProfiles.has(s.profile || 'default')),
+    )),
+  }
+}
+
+/**
+ * List Hermes sessions only (exclude api_server source)
+ * GET /api/hermes/sessions/hermes?source=&limit=
+ */
+export async function listHermesSessions(ctx: any) {
+  const source = (ctx.query.source as string) || undefined
+  const limit = ctx.query.limit ? parseInt(ctx.query.limit as string, 10) : undefined
+  const profile = requestedProfile(ctx)
+  const effectiveLimit = limit && limit > 0 ? limit : 2000
+
+  const importedIds = new Set(localListSessions(profile, undefined, effectiveLimit).map(session => session.id))
+  const allSessions = (await listSessionSummaries(source, effectiveLimit, profile))
+    .map(session => ({
+      ...(profile ? { ...session, profile } : session),
+      webui_imported: importedIds.has(session.id),
+    }))
+  ctx.body = { sessions: filterPendingDeletedSessions(filterByAllowedProfiles(ctx, allSessions).filter(s => s.source !== 'api_server')) }
+}
+
+export async function search(ctx: any) {
+  const q = typeof ctx.query.q === 'string' ? ctx.query.q : ''
+  const limit = ctx.query.limit ? parseInt(ctx.query.limit as string, 10) : undefined
+  const profile = explicitProfileFilter(ctx)
+  const results = localSearchSessions(profile, q, limit && limit > 0 ? limit : 20)
+  const knownProfiles = profile ? null : new Set(listProfileNamesFromDisk())
+  ctx.body = {
+    results: filterPendingDeletedSessions(filterByAllowedProfiles(ctx, results).filter(s =>
+      !knownProfiles || knownProfiles.has(s.profile || 'default'),
+    )),
+  }
+}
+
+export async function get(ctx: any) {
+  const session = localGetSessionDetail(ctx.params.id)
+  if (!session) {
+    ctx.status = 404
+    ctx.body = { error: 'Session not found' }
+    return
+  }
+  if (denySessionAccess(ctx, session)) return
+  ctx.body = { session }
+}
+
+/**
+ * Get Hermes session detail only (exclude api_server source)
+ * GET /api/hermes/sessions/hermes/:id
+ */
+export async function getHermesSession(ctx: any) {
+  const profile = requestedProfile(ctx)
+
+  // Prefer the Web UI local session store. Hermes state.db can lag behind or
+  // miss messages for Bridge-backed runs, while the local store is the source
+  // used by chat rendering and compression.
+  const localSession = localGetSessionDetail(ctx.params.id)
+  const localSessionProfile = (localSession?.profile || 'default') as string
+  if (localSession && localSession.source !== 'api_server' && (!profile || localSessionProfile === profile)) {
+    if (denySessionAccess(ctx, localSession)) return
+    ctx.body = { session: localSession }
+    return
+  }
+
+  // Try Hermes state.db next (consistent with listHermesSessions)
+  try {
+    const session = profile
+      ? await getSessionDetailFromDbWithProfile(ctx.params.id, profile)
+      : await getSessionDetailFromDb(ctx.params.id)
+    if (session && session.source !== 'api_server') {
+      const sessionWithProfile = profile ? { ...session, profile } : session
+      if (denySessionAccess(ctx, sessionWithProfile)) return
+      ctx.body = { session: sessionWithProfile }
+      return
+    }
+  } catch (err) {
+    logger.warn(err, 'Hermes Session DB: detail query failed, falling back to CLI')
+  }
+
+  // Fallback to CLI
+  const session = await hermesCli.getSession(ctx.params.id)
+  if (!session) {
+    ctx.status = 404
+    ctx.body = { error: 'Session not found' }
+    return
+  }
+  // Filter out api_server sessions
+  if (session.source === 'api_server') {
+    ctx.status = 404
+    ctx.body = { error: 'Session not found' }
+    return
+  }
+  if (denySessionAccess(ctx, session)) return
+  ctx.body = { session }
+}
+
+export async function importHermesSession(ctx: any) {
+  const sessionId = ctx.params.id
+  const profile = requestedProfile(ctx) || getActiveProfileName()
+  if (!canAccessProfile(ctx, profile)) {
+    ctx.status = 403
+    ctx.body = { error: `Profile "${profile || 'default'}" is not available for this user` }
+    return
+  }
+
+  const existing = localGetSessionDetail(sessionId)
+  if (existing) {
+    ctx.body = { ok: true, imported: false, session: existing }
+    return
+  }
+
+  let detail
+  try {
+    detail = await getSessionDetailFromDbWithProfile(sessionId, profile)
+  } catch (err) {
+    logger.warn({ err, sessionId, profile }, 'Hermes Session: import query failed')
+    ctx.status = 500
+    ctx.body = { error: 'Failed to read Hermes session' }
+    return
+  }
+
+  if (!detail || detail.source === 'api_server') {
+    ctx.status = 404
+    ctx.body = { error: 'Session not found' }
+    return
+  }
+
+  const profileDefault = await getProfileDefaultModel(profile)
+  const importTimestamp = Math.floor(Date.now() / 1000)
+
+  localCreateSession({
+    id: detail.id,
+    profile,
+    source: 'cli',
+    model: profileDefault.model,
+    provider: profileDefault.provider,
+    title: detail.title || undefined,
+  })
+
+  localUpdateSession(detail.id, {
+    source: 'cli',
+    user_id: detail.user_id,
+    model: profileDefault.model,
+    provider: profileDefault.provider,
+    title: detail.title,
+    started_at: detail.started_at,
+    ended_at: detail.ended_at,
+    end_reason: detail.end_reason,
+    message_count: detail.message_count,
+    tool_call_count: detail.tool_call_count,
+    input_tokens: detail.input_tokens,
+    output_tokens: detail.output_tokens,
+    cache_read_tokens: detail.cache_read_tokens,
+    cache_write_tokens: detail.cache_write_tokens,
+    reasoning_tokens: detail.reasoning_tokens,
+    billing_provider: detail.billing_provider,
+    estimated_cost_usd: detail.estimated_cost_usd,
+    actual_cost_usd: detail.actual_cost_usd,
+    cost_status: detail.cost_status,
+    preview: detail.preview,
+    last_active: importTimestamp,
+  })
+
+  const importMessages = buildImportMessages(detail.id, Array.isArray(detail.messages) ? detail.messages : [])
+  localAddMessages(importMessages)
+  localUpdateSessionStats(detail.id)
+  localUpdateSession(detail.id, {
+    tool_call_count: detail.tool_call_count,
+    input_tokens: detail.input_tokens,
+    output_tokens: detail.output_tokens,
+    cache_read_tokens: detail.cache_read_tokens,
+    cache_write_tokens: detail.cache_write_tokens,
+    reasoning_tokens: detail.reasoning_tokens,
+    billing_provider: detail.billing_provider,
+    estimated_cost_usd: detail.estimated_cost_usd,
+    actual_cost_usd: detail.actual_cost_usd,
+    cost_status: detail.cost_status,
+    last_active: importTimestamp,
+    ended_at: detail.ended_at,
+  })
+
+  ctx.body = { ok: true, imported: true, session: localGetSessionDetail(detail.id) }
+}
+
+export async function remove(ctx: any) {
+  const sessionId = ctx.params.id
+  const existing = localGetSession(sessionId)
+  if (denySessionAccess(ctx, existing)) return
+  const hermesProfile = requestedProfile(ctx) || existing?.profile || getActiveProfileName()
+  const hermes = await deleteHermesSessionIfPresent(sessionId, hermesProfile)
+  const localDeleted = existing ? localDeleteSession(sessionId) : true
+  if (!localDeleted) {
+    ctx.status = 500
+    ctx.body = { error: 'Failed to delete session' }
+    return
+  }
+  deleteUsage(sessionId)
+  ctx.body = { ok: true, deleted: Boolean(existing), hermes }
+}
+
+export async function batchRemove(ctx: any) {
+  const { ids, sessions } = ctx.request.body as { ids?: string[]; sessions?: BatchDeleteTarget[] }
+  const rawTargets = Array.isArray(sessions) && sessions.length > 0 ? sessions : ids
+  if (!rawTargets || !Array.isArray(rawTargets) || rawTargets.length === 0) {
+    ctx.status = 400
+    ctx.body = { error: 'ids is required and must be a non-empty array' }
+    return
+  }
+
+  const targets = rawTargets
+    .map((target): BatchDeleteTarget | null => {
+      if (typeof target === 'string') {
+        const id = target.trim()
+        return id ? { id } : null
+      }
+      if (!target || typeof target.id !== 'string') return null
+      const id = target.id.trim()
+      if (!id) return null
+      const profile = typeof target.profile === 'string' && target.profile.trim()
+        ? target.profile.trim()
+        : undefined
+      return { id, profile }
+    })
+    .filter((target): target is BatchDeleteTarget => Boolean(target))
+
+  if (targets.length === 0) {
+    ctx.status = 400
+    ctx.body = { error: 'No valid session ids provided' }
+    return
+  }
+
+  const results = {
+    deleted: 0,
+    failed: 0,
+    hermesDeleted: 0,
+    hermesFailed: 0,
+    errors: [] as Array<{ id: string; error: string }>,
+    hermesErrors: [] as Array<{ id: string; profile?: string; error: string }>
+  }
+
+  for (const target of targets) {
+    const { id } = target
+    const existing = localGetSession(id)
+    const targetProfile = target.profile || existing?.profile
+    if (targetProfile && !canAccessProfile(ctx, targetProfile)) {
+      results.failed++
+      results.errors.push({ id, error: `Profile "${targetProfile || 'default'}" is not available for this user` })
+      continue
+    }
+    if (!targetProfile && existing && !canAccessProfile(ctx, existing.profile)) {
+      results.failed++
+      results.errors.push({ id, error: `Profile "${existing.profile || 'default'}" is not available for this user` })
+      continue
+    }
+
+    const hermes = await deleteHermesSessionIfPresent(id, targetProfile)
+    if (hermes.deleted) {
+      results.hermesDeleted++
+    } else if (hermes.attempted && hermes.error) {
+      results.hermesFailed++
+      results.hermesErrors.push({ id, profile: hermes.profile, error: hermes.error })
+    }
+
+    const shouldDeleteLocal = Boolean(existing && (!targetProfile || existing.profile === targetProfile))
+    if (shouldDeleteLocal) {
+      const ok = localDeleteSession(id)
+      if (ok) {
+        deleteUsage(id)
+        results.deleted++
+      } else {
+        results.failed++
+        results.errors.push({ id, error: 'Failed to delete session' })
+      }
+    } else if (hermes.deleted) {
+      results.deleted++
+    } else {
+      results.failed++
+      results.errors.push({ id, error: 'Session not found' })
+    }
+  }
+
+  ctx.body = { ...results, ok: true }
+}
+
+export async function usageBatch(ctx: any) {
+  const ids = (ctx.query.ids as string)
+  if (!ids) {
+    ctx.body = {}
+    return
+  }
+  const idList = ids.split(',').filter(Boolean)
+  ctx.body = getUsageBatch(idList)
+}
+
+export async function usageSingle(ctx: any) {
+  const session = localGetSession(ctx.params.id)
+  if (denySessionAccess(ctx, session)) return
+  const result = getUsage(ctx.params.id)
+  if (!result) {
+    ctx.body = { input_tokens: 0, output_tokens: 0 }
+    return
+  }
+  ctx.body = result
+}
+
+export async function rename(ctx: any) {
+  const { title } = ctx.request.body as { title?: string }
+  if (!title || typeof title !== 'string') {
+    ctx.status = 400
+    ctx.body = { error: 'title is required' }
+    return
+  }
+  const existing = localGetSession(ctx.params.id)
+  if (denySessionAccess(ctx, existing)) return
+  const ok = localRenameSession(ctx.params.id, title.trim())
+  if (!ok) {
+    ctx.status = 500
+    ctx.body = { error: 'Failed to rename session' }
+    return
+  }
+  ctx.body = { ok: true }
+}
+
+export async function setWorkspace(ctx: any) {
+  const { workspace } = ctx.request.body as { workspace?: string }
+  if (workspace !== undefined && workspace !== null && typeof workspace !== 'string') {
+    ctx.status = 400
+    ctx.body = { error: 'workspace must be a string or null' }
+    return
+  }
+  const { updateSession, getSession, createSession } = await import('../../db/hermes/session-store')
+  const id = ctx.params.id
+  const existing = getSession(id)
+  if (denySessionAccess(ctx, existing)) return
+  if (!existing) {
+    createSession({ id, profile: requestedProfile(ctx) || 'default', title: '' })
+  }
+  updateSession(id, { workspace: workspace || null } as any)
+  ctx.body = { ok: true }
+}
+
+export async function setModel(ctx: any) {
+  const { model, provider } = ctx.request.body as { model?: string; provider?: string }
+  if (!model || typeof model !== 'string') {
+    ctx.status = 400
+    ctx.body = { error: 'model is required' }
+    return
+  }
+  if (provider !== undefined && provider !== null && typeof provider !== 'string') {
+    ctx.status = 400
+    ctx.body = { error: 'provider must be a string' }
+    return
+  }
+  const { updateSession, getSession, createSession } = await import('../../db/hermes/session-store')
+  const id = ctx.params.id
+  const existing = getSession(id)
+  if (denySessionAccess(ctx, existing)) return
+  if (!existing) {
+    createSession({ id, profile: requestedProfile(ctx) || 'default', title: '' })
+  }
+  updateSession(id, { model: model.trim(), provider: (provider || '').trim() } as any)
+  ctx.body = { ok: true }
+}
+
+export async function contextLength(ctx: any) {
+  const profile = requestedProfile(ctx)
+  const model = typeof ctx.query.model === 'string' ? ctx.query.model : undefined
+  const provider = typeof ctx.query.provider === 'string' ? ctx.query.provider : undefined
+  ctx.body = { context_length: getModelContextLength({ profile, model, provider }) }
+}
+
+export async function usageStats(ctx: any) {
+  const rawDays = parseInt(String(ctx.query?.days ?? '30'), 10)
+  const days = Number.isFinite(rawDays) && rawDays > 0 ? Math.min(rawDays, 365) : 30
+  const profile = requestedProfile(ctx)
+
+  let hermes = {
+    input_tokens: 0,
+    output_tokens: 0,
+    cache_read_tokens: 0,
+    cache_write_tokens: 0,
+    reasoning_tokens: 0,
+    sessions: 0,
+    by_model: [] as UsageStatsModelRow[],
+    by_day: [] as UsageStatsDailyRow[],
+    cost: 0,
+    total_api_calls: 0,
+  }
+
+  try {
+    hermes = profile ? await getUsageStatsFromDb(days, undefined, profile) : await getUsageStatsFromDb(days)
+  } catch (err) {
+    logger.warn(err, 'usageStats: failed to load Hermes usage analytics from state.db')
+  }
+
+  const dayMap = new Map<string, UsageStatsDailyRow>()
+  const now = new Date()
+  for (let i = days - 1; i >= 0; i--) {
+    const d = new Date(now)
+    d.setDate(d.getDate() - i)
+    const key = d.toISOString().slice(0, 10)
+    dayMap.set(key, { date: key, input_tokens: 0, output_tokens: 0, cache_read_tokens: 0, cache_write_tokens: 0, sessions: 0, errors: 0, cost: 0 })
+  }
+  for (const d of hermes.by_day) {
+    const existing = dayMap.get(d.date)
+    if (existing) {
+      existing.input_tokens += d.input_tokens; existing.output_tokens += d.output_tokens
+      existing.cache_read_tokens += d.cache_read_tokens; existing.cache_write_tokens += d.cache_write_tokens
+      existing.sessions += d.sessions; existing.errors += d.errors; existing.cost += d.cost
+    }
+  }
+
+  ctx.body = {
+    total_input_tokens: hermes.input_tokens,
+    total_output_tokens: hermes.output_tokens,
+    total_cache_read_tokens: hermes.cache_read_tokens,
+    total_cache_write_tokens: hermes.cache_write_tokens,
+    total_reasoning_tokens: hermes.reasoning_tokens,
+    total_sessions: hermes.sessions,
+    total_cost: hermes.cost,
+    total_api_calls: hermes.total_api_calls,
+    period_days: days,
+    model_usage: hermes.by_model.sort((a, b) => (b.input_tokens + b.output_tokens) - (a.input_tokens + a.output_tokens)),
+    daily_usage: [...dayMap.values()],
+  }
+}
+
+/**
+ * List folders under workspace base path for folder picker.
+ * GET /api/hermes/workspace/folders?path=<relative_path>
+ * Base: /opt/data/workspace (overridable via WORKSPACE_BASE env)
+ */
+export async function listWorkspaceFolders(ctx: any) {
+  const { resolve, join } = await import('path')
+  const { readdir } = await import('fs/promises')
+  const { existsSync } = await import('fs')
+
+  const WORKSPACE_BASE = process.env.WORKSPACE_BASE || '/opt/data/workspace'
+  const subPath = (ctx.query.path as string) || ''
+
+  // Security: prevent path traversal
+  const fullPath = resolve(join(WORKSPACE_BASE, subPath))
+  if (!isPathWithin(fullPath, WORKSPACE_BASE)) {
+    ctx.status = 403
+    ctx.body = { error: 'Access denied' }
+    return
+  }
+
+  if (!existsSync(fullPath)) {
+    ctx.status = 404
+    ctx.body = { error: 'Path not found', folders: [] }
+    return
+  }
+
+  try {
+    const entries = await readdir(fullPath, { withFileTypes: true })
+    const folders = entries
+      .filter(e => e.isDirectory() && !e.name.startsWith('.'))
+      .map(e => ({
+        name: e.name,
+        path: subPath ? `${subPath}/${e.name}` : e.name,
+        fullPath: join(fullPath, e.name),
+      }))
+      .sort((a, b) => a.name.localeCompare(b.name))
+
+    ctx.body = { base: WORKSPACE_BASE, current: subPath, folders }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+const exportCompressor = new ExportCompressor()
+
+export async function exportSession(ctx: any) {
+  const session = localGetSessionDetail(ctx.params.id)
+
+  if (!session) {
+    ctx.status = 404
+    ctx.body = { error: 'Session not found' }
+    return
+  }
+  if (denySessionAccess(ctx, session)) return
+
+  const mode = (ctx.query.mode as string) || 'full'
+  const ext = (ctx.query.ext as string) || (mode === 'compressed' ? 'txt' : 'json')
+  const title = session.title || 'session'
+  const safeName = title.replace(/[^a-zA-Z0-9一-鿿_-]/g, '_').slice(0, 50)
+  const filename = `${safeName}_${ctx.params.id.slice(0, 8)}.${ext}`
+
+  if (mode === 'compressed') {
+    const result = await compressSession(session)
+    if (ext === 'json') {
+      ctx.set('Content-Disposition', `attachment; filename="${encodeURIComponent(filename)}"`)
+      ctx.set('Content-Type', 'application/json')
+      ctx.body = JSON.stringify({ id: session.id, title: session.title, ...result.meta, messages: result.messages }, null, 2)
+    } else {
+      ctx.set('Content-Disposition', `attachment; filename="${encodeURIComponent(filename)}"`)
+      ctx.set('Content-Type', 'text/plain; charset=utf-8')
+      ctx.body = serializeAsText(session.title, result.messages)
+    }
+  } else {
+    if (ext === 'txt') {
+      ctx.set('Content-Disposition', `attachment; filename="${encodeURIComponent(filename)}"`)
+      ctx.set('Content-Type', 'text/plain; charset=utf-8')
+      ctx.body = serializeAsText(session.title, session.messages || [])
+    } else {
+      ctx.set('Content-Disposition', `attachment; filename="${encodeURIComponent(filename)}"`)
+      ctx.set('Content-Type', 'application/json')
+      ctx.body = JSON.stringify(session, null, 2)
+    }
+  }
+}
+
+async function compressSession(session: any) {
+  const profile = session.profile || getActiveProfileName()
+  const upstream = ''
+  const apiKey = undefined
+  const messages = (session.messages || []).map((m: any) => ({
+    role: m.role,
+    content: m.content || '',
+    tool_calls: m.tool_calls,
+    tool_call_id: m.tool_call_id,
+    name: m.tool_name,
+    reasoning_content: m.reasoning,
+  }))
+
+  return exportCompressor.compress(messages, upstream, apiKey, session.id, {
+    profile,
+    model: session.model,
+    provider: session.provider,
+  })
+}
+
+function serializeAsText(title: string | null, messages: any[]): string {
+  const lines: string[] = [`# ${title || 'Untitled'}`, '']
+  for (const msg of messages) {
+    const role = msg.role || 'unknown'
+    const content = typeof msg.content === 'string' ? msg.content : JSON.stringify(msg.content)
+    const ts = msg.timestamp ? new Date(msg.timestamp * 1000).toISOString() : ''
+    lines.push(`[${role}]${ts ? ' ' + ts : ''}`)
+    lines.push(content || '')
+    lines.push('')
+  }
+  return lines.join('\n')
+}
+
+export async function getConversationMessagesPaginated(ctx: any) {
+  const offset = ctx.query.offset ? parseInt(ctx.query.offset as string, 10) : 0
+  const limit = ctx.query.limit ? parseInt(ctx.query.limit as string, 10) : 50
+  const profile = requestedProfile(ctx)
+
+  const { getSessionDetailPaginated } = await import('../../db/hermes/session-store')
+  const localResult = getSessionDetailPaginated(ctx.params.id, offset, limit)
+  const result = localResult && (!profile || localResult.session.profile === profile)
+    ? localResult
+    : await getSessionDetailPaginatedFromDbWithProfile(ctx.params.id, profile || 'default', offset, limit)
+
+  if (!result) {
+    ctx.status = 404
+    ctx.body = { error: 'Conversation not found' }
+    return
+  }
+  const session = { ...result.session, profile: (result.session as any).profile || profile || 'default' }
+  if (denySessionAccess(ctx, session)) return
+
+  ctx.body = {
+    session: {
+      id: session.id,
+      profile: session.profile,
+      source: session.source,
+      model: session.model,
+      title: session.title,
+      started_at: session.started_at,
+      ended_at: session.ended_at,
+      last_active: session.last_active,
+      message_count: session.message_count,
+      input_tokens: session.input_tokens,
+      output_tokens: session.output_tokens,
+    },
+    messages: result.messages,
+    total: result.total,
+    offset: result.offset,
+    limit: result.limit,
+    hasMore: result.hasMore,
+  }
+}
diff --git a/packages/server/src/controllers/hermes/skills.ts b/packages/server/src/controllers/hermes/skills.ts
new file mode 100644
index 0000000..2208457
--- /dev/null
+++ b/packages/server/src/controllers/hermes/skills.ts
@@ -0,0 +1,548 @@
+import { mkdir, readdir, readFile, stat, writeFile } from 'fs/promises'
+import { homedir } from 'os'
+import { join, resolve } from 'path'
+import { createHash } from 'crypto'
+import {
+  readConfigYamlForProfile, updateConfigYamlForProfile,
+  safeReadFile, extractDescription, listFilesRecursive,
+} from '../../services/config-helpers'
+import type { SkillSource } from '../../services/config-helpers'
+import { isPathWithin } from '../../services/hermes/hermes-path'
+import { getActiveProfileName, getProfileDir } from '../../services/hermes/hermes-profile'
+import { getSkillUsageStatsFromDb } from '../../db/hermes/sessions-db'
+
+function requestedProfile(ctx: any): string {
+  return ctx.state?.profile?.name || getActiveProfileName() || 'default'
+}
+
+function requestProfileDir(ctx: any): string {
+  return getProfileDir(requestedProfile(ctx))
+}
+
+function requestSkillsDir(ctx: any): string {
+  return join(requestProfileDir(ctx), 'skills')
+}
+
+function expandConfiguredPath(value: string): string {
+  const expandedEnv = value.replace(/\$\{([^}]+)\}|\$([A-Za-z_][A-Za-z0-9_]*)/g, (_match, braced, bare) => {
+    return process.env[braced || bare] || ''
+  })
+  if (expandedEnv === '~') return homedir()
+  if (expandedEnv.startsWith('~/')) return join(homedir(), expandedEnv.slice(2))
+  return expandedEnv
+}
+
+async function resolveExternalSkillsDirs(config: Record<string, any>, localSkillsDir: string): Promise<string[]> {
+  const rawDirs = config.skills?.external_dirs
+  const entries = typeof rawDirs === 'string'
+    ? [rawDirs]
+    : Array.isArray(rawDirs)
+      ? rawDirs
+      : []
+  const localResolved = resolve(localSkillsDir)
+  const seen = new Set<string>()
+  const dirs: string[] = []
+
+  for (const rawEntry of entries) {
+    const entry = String(rawEntry || '').trim()
+    if (!entry) continue
+    const expanded = expandConfiguredPath(entry)
+    const resolved = resolve(expanded)
+    if (resolved === localResolved || seen.has(resolved)) continue
+    try {
+      const info = await stat(resolved)
+      if (!info.isDirectory()) continue
+    } catch {
+      continue
+    }
+    seen.add(resolved)
+    dirs.push(resolved)
+  }
+
+  return dirs
+}
+
+/** Read bundled manifest as a name→hash map from ~/.hermes/skills/.bundled_manifest */
+function readBundledManifest(manifestContent: string | null): Map<string, string> {
+  const map = new Map<string, string>()
+  if (!manifestContent) return map
+  for (const line of manifestContent.split('\n')) {
+    const trimmed = line.trim()
+    if (!trimmed) continue
+    const idx = trimmed.indexOf(':')
+    if (idx === -1) continue
+    const name = trimmed.slice(0, idx).trim()
+    const hash = trimmed.slice(idx + 1).trim()
+    if (name && hash) map.set(name, hash)
+  }
+  return map
+}
+
+/** Read hub-installed skill names from ~/.hermes/skills/.hub/lock.json */
+function readHubInstalledNames(lockContent: string | null): Set<string> {
+  if (!lockContent) return new Set()
+  try {
+    const data = JSON.parse(lockContent)
+    if (data?.installed && typeof data.installed === 'object') {
+      return new Set(Object.keys(data.installed))
+    }
+  } catch { /* ignore */ }
+  return new Set()
+}
+
+/** Compute md5 hash of all files in a directory (mirrors Hermes _dir_hash), with in-memory cache */
+const hashCache = new Map<string, { hash: string; mtime: number }>()
+const HASH_CACHE_TTL = 60_000 // 1 minute
+
+async function dirHash(directory: string): Promise<string> {
+  const cached = hashCache.get(directory)
+  if (cached && Date.now() - cached.mtime < HASH_CACHE_TTL) return cached.hash
+
+  const hasher = createHash('md5')
+  const files = await listFilesRecursive(directory, '')
+  files.sort((a, b) => a.path < b.path ? -1 : a.path > b.path ? 1 : 0)
+  for (const f of files) {
+    hasher.update(f.path)
+    const content = await readFile(join(directory, f.path))
+    hasher.update(content)
+  }
+  const hash = hasher.digest('hex')
+  hashCache.set(directory, { hash, mtime: Date.now() })
+  return hash
+}
+
+/** Determine the source type of a skill */
+function getSkillSource(
+  dirName: string,
+  bundledManifest: Map<string, string>,
+  hubNames: Set<string>,
+): SkillSource {
+  if (bundledManifest.has(dirName)) return 'builtin'
+  if (hubNames.has(dirName)) return 'hub'
+  return 'local'
+}
+
+/** Read .usage.json as a name→stats map */
+interface UsageStats { patch_count: number; use_count: number; view_count: number; pinned: boolean }
+function readUsageStats(usageContent: string | null): Map<string, UsageStats> {
+  const map = new Map<string, UsageStats>()
+  if (!usageContent) return map
+  try {
+    const data = JSON.parse(usageContent)
+    for (const [name, stats] of Object.entries(data)) {
+      const s = stats as any
+      map.set(name, { patch_count: s.patch_count ?? 0, use_count: s.use_count ?? 0, view_count: s.view_count ?? 0, pinned: !!s.pinned })
+    }
+  } catch { /* ignore */ }
+  return map
+}
+
+async function findSkillDirByName(rootDir: string, skillName: string): Promise<string | null> {
+  let entries: import('fs').Dirent[]
+  try {
+    entries = await readdir(rootDir, { withFileTypes: true })
+  } catch {
+    return null
+  }
+
+  for (const entry of entries) {
+    if (!entry.isDirectory() || entry.name.startsWith('.')) continue
+
+    const entryPath = join(rootDir, entry.name)
+    const skillMd = await safeReadFile(join(entryPath, 'SKILL.md'))
+    if (skillMd !== null) {
+      if (entry.name === skillName) return entryPath
+      // This is another skill root. Do not search inside its references/scripts.
+      continue
+    }
+
+    const found = await findSkillDirByName(entryPath, skillName)
+    if (found) return found
+  }
+
+  return null
+}
+
+async function findSkillDirInRoot(rootDir: string, category: string, skillName: string): Promise<string | null> {
+  if (category === 'misc') {
+    const skillDir = join(rootDir, skillName)
+    const skillMd = await safeReadFile(join(skillDir, 'SKILL.md'))
+    return skillMd !== null ? skillDir : null
+  }
+  return findSkillDirByName(join(rootDir, category), skillName)
+}
+
+async function resolveSkillDirFromConfig(
+  config: Record<string, any>,
+  localSkillsDir: string,
+  category: string,
+  skillName: string,
+): Promise<string | null> {
+  const localSkillDir = await findSkillDirInRoot(localSkillsDir, category, skillName)
+  if (localSkillDir) return localSkillDir
+
+  for (const externalDir of await resolveExternalSkillsDirs(config, localSkillsDir)) {
+    const externalSkillDir = await findSkillDirInRoot(externalDir, category, skillName)
+    if (externalSkillDir) return externalSkillDir
+  }
+  return null
+}
+
+/**
+ * Scan for skills at different directory depths.
+ *
+ * Supports both:
+ *   - Three-level: skills/<category>/<skill-name>/SKILL.md  (category is a container)
+ *   - Two-level:   skills/<skill-name>/SKILL.md            (flat skill under "misc" category)
+ *
+ * Categories are identified by having a DESCRIPTION.md at the category level
+ * or by containing subdirectories with SKILL.md (three-level pattern).
+ * Skills without a parent category (flat skills) are grouped under the "misc" category.
+ */
+async function scanSkillsDir(skillsDir: string, bundledManifest: Map<string, string>, hubNames: Set<string>, disabledList: string[], usageStats: Map<string, UsageStats>) {
+  const allEntries = await readdir(skillsDir, { withFileTypes: true })
+  const dirNames = allEntries
+    .filter(e => e.isDirectory() && !e.name.startsWith('.'))
+    .map(e => e.name)
+
+  // Classify directories: categories vs. flat skills
+  const categoryDirs: { name: string; description: string }[] = []
+  const flatSkills: { name: string; skillMd: string; source: string }[] = []
+
+  for (const dirName of dirNames) {
+    const catDir = join(skillsDir, dirName)
+    const hasDesc = await safeReadFile(join(catDir, 'DESCRIPTION.md'))
+    const hasSkillMd = await safeReadFile(join(catDir, 'SKILL.md'))
+    const subEntries = await readdir(catDir, { withFileTypes: true })
+    const subDirs = subEntries.filter(se => se.isDirectory())
+
+    // Priority: SKILL.md at top level → flat skill
+    //           DESCRIPTION.md or subdirs (without SKILL.md) → category
+    if (hasSkillMd) {
+      // Flat skill: has SKILL.md at the top level (two-level pattern)
+      // Could also have subdirectories (references/, scripts/, etc.)
+      flatSkills.push({
+        name: dirName,
+        skillMd: hasSkillMd,
+        source: getSkillSource(dirName, bundledManifest, hubNames),
+      })
+    } else if (!!hasDesc || subDirs.length > 0) {
+      // True category: has DESCRIPTION.md or subdirs, but no SKILL.md at top level
+      const catDescription = hasDesc ? hasDesc.trim().split('\n')[0].replace(/^#+\s*/, '').slice(0, 100) : ''
+      categoryDirs.push({ name: dirName, description: catDescription })
+    }
+  }
+
+  // Build categories with their nested skills
+  const categories: any[] = []
+
+  for (const cat of categoryDirs) {
+    const catDir = join(skillsDir, cat.name)
+    const subEntries = await readdir(catDir, { withFileTypes: true })
+    const skills: any[] = []
+    // Recursively collect skills from subdirectories (supports nested sub-categories)
+    async function collectSkills(dir: string): Promise<any[]> {
+      const entries = await readdir(dir, { withFileTypes: true })
+      const results: any[] = []
+      for (const entry of entries) {
+        if (!entry.isDirectory() || entry.name.startsWith('.')) continue
+        const entryPath = join(dir, entry.name)
+        const skillMd = await safeReadFile(join(entryPath, 'SKILL.md'))
+        if (skillMd) {
+          const source = getSkillSource(entry.name, bundledManifest, hubNames)
+          let modified = false
+          if (source === 'builtin') {
+            const manifestHash = bundledManifest.get(entry.name)
+            if (manifestHash) {
+              const currentHash = await dirHash(entryPath)
+              modified = currentHash !== manifestHash
+            }
+          }
+          const usage = usageStats.get(entry.name)
+          results.push({
+            name: entry.name,
+            description: extractDescription(skillMd),
+            enabled: !disabledList.includes(entry.name),
+            source,
+            modified: modified || undefined,
+            patchCount: usage?.patch_count,
+            useCount: usage?.use_count,
+            viewCount: usage?.view_count,
+            pinned: usage?.pinned || undefined,
+          })
+        } else {
+          // No SKILL.md — might be a sub-category container, recurse deeper
+          const subResults = await collectSkills(entryPath)
+          results.push(...subResults)
+        }
+      }
+      return results
+    }
+    skills.push(...await collectSkills(catDir))
+    if (skills.length > 0) {
+      categories.push({ name: cat.name, description: cat.description, skills })
+    }
+  }
+
+  // Group flat skills into a "misc" (雜項) category
+  if (flatSkills.length > 0) {
+    const miscSkills: any[] = []
+    for (const fs of flatSkills) {
+      const usage = usageStats.get(fs.name)
+      miscSkills.push({
+        name: fs.name,
+        description: extractDescription(fs.skillMd),
+        enabled: !disabledList.includes(fs.name),
+        source: fs.source,
+        modified: undefined,
+        patchCount: usage?.patch_count,
+        useCount: usage?.use_count,
+        viewCount: usage?.view_count,
+        pinned: usage?.pinned || undefined,
+      })
+    }
+    miscSkills.sort((a: any, b: any) => a.name.localeCompare(b.name))
+    categories.push({
+      name: 'misc',
+      description: '雜項',
+      skills: miscSkills,
+    })
+  }
+
+  categories.sort((a, b) => a.name.localeCompare(b.name))
+  for (const cat of categories) { cat.skills.sort((a: any, b: any) => a.name.localeCompare(b.name)) }
+  return categories
+}
+
+async function scanExternalSkillsDir(skillsDir: string, disabledList: string[], usageStats: Map<string, UsageStats>) {
+  return scanSkillsDir(skillsDir, new Map(), new Set(), disabledList, usageStats).then(categories =>
+    categories.map(category => ({
+      ...category,
+      skills: category.skills.map((skill: any) => ({
+        ...skill,
+        source: 'external' as SkillSource,
+        modified: undefined,
+      })),
+    })),
+  )
+}
+
+function collectSkillNames(categories: any[]): Set<string> {
+  const names = new Set<string>()
+  for (const category of categories) {
+    for (const skill of category.skills || []) {
+      if (skill?.name) names.add(skill.name)
+    }
+  }
+  return names
+}
+
+function mergeExternalCategories(categories: any[], externalCategories: any[]): any[] {
+  const byName = new Map<string, any>()
+  for (const category of categories) {
+    byName.set(category.name, { ...category, skills: [...category.skills] })
+  }
+
+  const seenSkills = collectSkillNames(categories)
+  for (const externalCategory of externalCategories) {
+    const target = byName.get(externalCategory.name) || {
+      name: externalCategory.name,
+      description: externalCategory.description,
+      skills: [],
+    }
+    for (const skill of externalCategory.skills || []) {
+      if (seenSkills.has(skill.name)) continue
+      seenSkills.add(skill.name)
+      target.skills.push(skill)
+    }
+    if (target.skills.length > 0) byName.set(target.name, target)
+  }
+
+  const merged = [...byName.values()]
+    .filter(category => category.skills.length > 0)
+    .sort((a, b) => a.name.localeCompare(b.name))
+  for (const category of merged) {
+    category.skills.sort((a: any, b: any) => a.name.localeCompare(b.name))
+  }
+  return merged
+}
+
+export async function list(ctx: any) {
+  const skillsDir = requestSkillsDir(ctx)
+  try {
+    const config = await readConfigYamlForProfile(requestedProfile(ctx))
+    const disabledList: string[] = config.skills?.disabled || []
+
+    // Read provenance sources
+    const bundledManifest = readBundledManifest(await safeReadFile(join(skillsDir, '.bundled_manifest')))
+    const hubNames = readHubInstalledNames(await safeReadFile(join(skillsDir, '.hub', 'lock.json')))
+    const usageStats = readUsageStats(await safeReadFile(join(skillsDir, '.usage.json')))
+
+    // Scan all skills (supports both two-level and three-level directory structures)
+    let categories = await scanSkillsDir(skillsDir, bundledManifest, hubNames, disabledList, usageStats)
+    for (const externalDir of await resolveExternalSkillsDirs(config, skillsDir)) {
+      const externalCategories = await scanExternalSkillsDir(externalDir, disabledList, usageStats)
+      categories = mergeExternalCategories(categories, externalCategories)
+    }
+
+    // Read archived skills from .archive/
+    const archived: any[] = []
+    const archiveDir = join(skillsDir, '.archive')
+    const archiveEntries = await readdir(archiveDir, { withFileTypes: true }).catch(() => [] as import('fs').Dirent[])
+    for (const entry of archiveEntries) {
+      if (!entry.isDirectory()) continue
+      const skillMd = await safeReadFile(join(archiveDir, entry.name, 'SKILL.md'))
+      if (skillMd) {
+        const usage = usageStats.get(entry.name)
+        archived.push({
+          name: entry.name,
+          description: extractDescription(skillMd),
+          source: getSkillSource(entry.name, bundledManifest, hubNames),
+          patchCount: usage?.patch_count,
+          useCount: usage?.use_count,
+          viewCount: usage?.view_count,
+          pinned: usage?.pinned || undefined,
+        })
+      }
+    }
+    archived.sort((a: any, b: any) => a.name.localeCompare(b.name))
+
+    ctx.body = { categories, archived }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: `Failed to read skills directory: ${err.message}` }
+  }
+}
+
+export async function usageStats(ctx: any) {
+  const rawDays = parseInt(String(ctx.query?.days ?? '7'), 10)
+  const days = Number.isFinite(rawDays) && rawDays > 0 ? Math.min(rawDays, 365) : 7
+
+  try {
+    ctx.body = await getSkillUsageStatsFromDb(days, undefined, requestedProfile(ctx))
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: `Failed to read skill usage stats: ${err.message}` }
+  }
+}
+
+export async function toggle(ctx: any) {
+  const { name, enabled } = ctx.request.body as { name?: string; enabled?: boolean }
+  if (!name || typeof enabled !== 'boolean') {
+    ctx.status = 400
+    ctx.body = { error: 'Missing name or enabled flag' }
+    return
+  }
+  try {
+    await updateConfigYamlForProfile(requestedProfile(ctx), (config) => {
+      if (!config.skills) config.skills = {}
+      if (!Array.isArray(config.skills.disabled)) config.skills.disabled = []
+      const disabled = config.skills.disabled as string[]
+      const idx = disabled.indexOf(name)
+      if (enabled) { if (idx !== -1) disabled.splice(idx, 1) }
+      else { if (idx === -1) disabled.push(name) }
+      return config
+    })
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function listFiles(ctx: any) {
+  const { category, skill } = ctx.params
+  const profileSkillsDir = requestSkillsDir(ctx)
+  try {
+    const config = await readConfigYamlForProfile(requestedProfile(ctx))
+    const skillDir = await resolveSkillDirFromConfig(config, profileSkillsDir, category, skill)
+    if (!skillDir) {
+      ctx.status = 404
+      ctx.body = { error: 'Skill not found' }
+      return
+    }
+    const allFiles = await listFilesRecursive(skillDir, '')
+    const files = allFiles.filter((f: any) => f.path !== 'SKILL.md')
+    ctx.body = { files }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function readFile_(ctx: any) {
+  const filePath = (ctx.params as any).path
+  const profileSkillsDir = requestSkillsDir(ctx)
+  // Handle 'misc' category: real skill dir is skills/<skill>, not skills/misc/<skill>
+  let realPath = filePath
+  if (filePath.startsWith('misc/')) {
+    realPath = filePath.slice(5)
+  }
+  const fullPath = resolve(join(profileSkillsDir, realPath))
+  if (!isPathWithin(fullPath, profileSkillsDir)) {
+    ctx.status = 403
+    ctx.body = { error: 'Access denied' }
+    return
+  }
+  let content = await safeReadFile(fullPath)
+  if (content === null) {
+    // Fallback: recursive search for nested skills (e.g., mlops/lm-evaluation-harness/SKILL.md
+    // where actual path is mlops/evaluation/lm-evaluation-harness/SKILL.md)
+    const parts = filePath.split('/')
+    if (parts.length >= 2) {
+      const category = parts[0]
+      const skillName = parts[1]
+      const restPath = parts.slice(2).join('/')
+      const config = await readConfigYamlForProfile(requestedProfile(ctx))
+      const skillDir = await resolveSkillDirFromConfig(config, profileSkillsDir, category, skillName)
+      if (skillDir) {
+        const resolvedPath = resolve(join(skillDir, restPath))
+        if (isPathWithin(resolvedPath, skillDir)) {
+          const nestedContent = await safeReadFile(resolvedPath)
+          if (nestedContent !== null) {
+            ctx.body = { content: nestedContent }
+            return
+          }
+        }
+      }
+    }
+    ctx.status = 404
+    ctx.body = { error: 'File not found' }
+    return
+  }
+  ctx.body = { content }
+}
+
+async function updatePinnedSkill(skillsDir: string, name: string, pinned: boolean): Promise<void> {
+  await mkdir(skillsDir, { recursive: true })
+  const usagePath = join(skillsDir, '.usage.json')
+  let usage: Record<string, any> = {}
+  const raw = await safeReadFile(usagePath)
+  if (raw) {
+    try {
+      const parsed = JSON.parse(raw)
+      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) usage = parsed
+    } catch { /* rewrite malformed usage file with the requested pin state */ }
+  }
+  const current = usage[name]
+  usage[name] = current && typeof current === 'object' && !Array.isArray(current)
+    ? { ...current, pinned }
+    : { patch_count: 0, use_count: 0, view_count: 0, pinned }
+  await writeFile(usagePath, `${JSON.stringify(usage, null, 2)}\n`, 'utf-8')
+}
+
+export async function pin_(ctx: any) {
+  const { name, pinned } = ctx.request.body as { name?: string; pinned?: boolean }
+  if (!name || typeof pinned !== 'boolean') {
+    ctx.status = 400
+    ctx.body = { error: 'Missing name or pinned flag' }
+    return
+  }
+  try {
+    await updatePinnedSkill(requestSkillsDir(ctx), name, pinned)
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/tts.ts b/packages/server/src/controllers/hermes/tts.ts
new file mode 100644
index 0000000..6f980fb
--- /dev/null
+++ b/packages/server/src/controllers/hermes/tts.ts
@@ -0,0 +1,70 @@
+import type { Context } from 'koa'
+import { textToSpeech, openaiCompatibleTts, speedToEdgeRate } from '../../services/hermes/tts'
+
+export async function generate(ctx: Context) {
+  const { text, lang } = ctx.request.body as {
+    text?: string
+    lang?: string
+  }
+
+  if (!text || typeof text !== 'string') {
+    ctx.status = 400
+    ctx.body = { error: 'text is required' }
+    return
+  }
+
+  if (text.length > 5000) {
+    ctx.status = 400
+    ctx.body = { error: 'text is too long (max 5000 characters)' }
+    return
+  }
+
+  const { audio, engine } = await textToSpeech({ text, lang })
+
+  ctx.set('Content-Type', 'audio/mpeg')
+  ctx.set('Content-Length', String(audio.length))
+  ctx.set('X-TTS-Engine', engine)
+  ctx.body = audio
+}
+
+/**
+ * OpenAI-compatible TTS endpoint.
+ * Accepts: { model, input, voice, speed }
+ * Returns audio/mpeg stream.
+ */
+export async function openaiProxy(ctx: Context) {
+  const body = ctx.request.body as {
+    input?: string
+    voice?: string
+    speed?: number
+    model?: string
+    rate?: string
+    pitch?: string
+  }
+
+  if (!body.input || typeof body.input !== 'string') {
+    ctx.status = 400
+    ctx.body = { error: 'input is required' }
+    return
+  }
+
+  if (body.input.length > 5000) {
+    ctx.status = 400
+    ctx.body = { error: 'input is too long (max 5000 characters)' }
+    return
+  }
+
+  const { audio, engine } = await openaiCompatibleTts({
+    input: body.input,
+    voice: body.voice,
+    speed: body.speed,
+    model: body.model,
+    rate: body.rate,
+    pitch: body.pitch,
+  })
+
+  ctx.set('Content-Type', 'audio/mpeg')
+  ctx.set('Content-Length', String(audio.length))
+  ctx.set('X-TTS-Engine', engine)
+  ctx.body = audio
+}
diff --git a/packages/server/src/controllers/hermes/weixin.ts b/packages/server/src/controllers/hermes/weixin.ts
new file mode 100644
index 0000000..6fbf10d
--- /dev/null
+++ b/packages/server/src/controllers/hermes/weixin.ts
@@ -0,0 +1,55 @@
+import axios from 'axios'
+import { getActiveProfileName } from '../../services/hermes/hermes-profile'
+import { restartGatewayForProfile } from '../../services/hermes/gateway-autostart'
+import { saveEnvValueForProfile } from '../../services/config-helpers'
+
+const ILINK_BASE = 'https://ilinkai.weixin.qq.com'
+
+function requestedProfile(ctx: any): string {
+  return ctx.state?.profile?.name || getActiveProfileName() || 'default'
+}
+
+export async function getQrcode(ctx: any) {
+  try {
+    const res = await axios.get(`${ILINK_BASE}/ilink/bot/get_bot_qrcode`, { params: { bot_type: 3 }, timeout: 15000 })
+    const data = res.data
+    if (!data || !data.qrcode) { ctx.status = 500; ctx.body = { error: 'Failed to get QR code' }; return }
+    ctx.body = { qrcode: data.qrcode, qrcode_url: data.qrcode_img_content }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message || 'Failed to connect to iLink API' }
+  }
+}
+
+export async function pollStatus(ctx: any) {
+  const qrcode = ctx.query.qrcode as string
+  if (!qrcode) { ctx.status = 400; ctx.body = { error: 'Missing qrcode parameter' }; return }
+  try {
+    const res = await axios.get(`${ILINK_BASE}/ilink/bot/get_qrcode_status`, { params: { qrcode }, timeout: 35000 })
+    const data = res.data
+    const status = data?.status || 'wait'
+    if (status === 'confirmed') {
+      ctx.body = { status: 'confirmed', account_id: data.ilink_bot_id, token: data.bot_token, base_url: data.baseurl }
+    } else {
+      ctx.body = { status }
+    }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message || 'Failed to poll QR status' }
+  }
+}
+
+export async function save(ctx: any) {
+  const { account_id, token, base_url } = ctx.request.body as { account_id: string; token: string; base_url?: string }
+  if (!account_id || !token) { ctx.status = 400; ctx.body = { error: 'Missing account_id or token' }; return }
+  try {
+    const profile = requestedProfile(ctx)
+    const entries: Record<string, string> = { WEIXIN_ACCOUNT_ID: account_id, WEIXIN_TOKEN: token }
+    if (base_url) entries.WEIXIN_BASE_URL = base_url
+    for (const [key, val] of Object.entries(entries)) {
+      await saveEnvValueForProfile(profile, key, val)
+    }
+    await restartGatewayForProfile(profile)
+    ctx.body = { success: true }
+  } catch (err: any) {
+    ctx.status = 500; ctx.body = { error: err.message }
+  }
+}
diff --git a/packages/server/src/controllers/hermes/xai-auth.ts b/packages/server/src/controllers/hermes/xai-auth.ts
new file mode 100644
index 0000000..0e5e2e9
--- /dev/null
+++ b/packages/server/src/controllers/hermes/xai-auth.ts
@@ -0,0 +1,369 @@
+import { createHash, randomBytes, randomUUID } from 'crypto'
+import { createServer, type Server } from 'http'
+import { request as httpsRequest, type RequestOptions } from 'https'
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs'
+import { dirname, join } from 'path'
+import { URL } from 'url'
+import { getActiveProfileName, getProfileDir } from '../../services/hermes/hermes-profile'
+import { logger } from '../../services/logger'
+import { updateConfigYamlForProfile } from '../../services/config-helpers'
+
+const XAI_OAUTH_ISSUER = 'https://auth.x.ai'
+const XAI_OAUTH_DISCOVERY_URL = `${XAI_OAUTH_ISSUER}/.well-known/openid-configuration`
+const XAI_OAUTH_CLIENT_ID = 'b1a00492-073a-47ea-816f-4c329264a828'
+const XAI_OAUTH_SCOPE = 'openid profile email offline_access grok-cli:access api:access'
+const XAI_DEFAULT_BASE_URL = 'https://api.x.ai/v1'
+const XAI_REDIRECT_HOST = '127.0.0.1'
+const XAI_CALLBACK_BIND_HOST = process.env.HERMES_WEB_UI_XAI_CALLBACK_BIND_HOST?.trim() || XAI_REDIRECT_HOST
+const XAI_REDIRECT_PORT = 56121
+const XAI_REDIRECT_PATH = '/callback'
+const POLL_MAX_DURATION = 15 * 60 * 1000
+const XAI_DEFAULT_MODEL = 'grok-4.3'
+
+interface XaiSession {
+  id: string
+  profile: string
+  status: 'pending' | 'approved' | 'expired' | 'error'
+  authorizeUrl: string
+  redirectUri: string
+  codeVerifier: string
+  state: string
+  tokenEndpoint: string
+  discovery: Record<string, string>
+  server: Server
+  error?: string
+  createdAt: number
+}
+
+interface AuthJson {
+  version?: number
+  active_provider?: string
+  providers?: Record<string, any>
+  credential_pool?: Record<string, any[]>
+  updated_at?: string
+}
+
+const sessions = new Map<string, XaiSession>()
+
+export function applyXaiOAuthDefaultModel(config: Record<string, any>): Record<string, any> {
+  if (typeof config.model !== 'object' || config.model === null) config.model = {}
+  const currentDefault = String(config.model.default || '').trim()
+  config.model.provider = 'xai-oauth'
+  config.model.default = currentDefault.toLowerCase().startsWith('grok-')
+    ? currentDefault
+    : XAI_DEFAULT_MODEL
+  delete config.model.base_url
+  delete config.model.api_key
+  return config
+}
+
+function cleanupExpiredSessions() {
+  const now = Date.now()
+  sessions.forEach((session, id) => {
+    if (now - session.createdAt > POLL_MAX_DURATION + 60000) {
+      closeServer(session)
+      sessions.delete(id)
+    }
+  })
+}
+
+function closeServer(session: XaiSession) {
+  try { session.server.close() } catch {}
+}
+
+function base64Url(input: Buffer): string {
+  return input.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')
+}
+
+function makeCodeVerifier(): string {
+  return base64Url(randomBytes(48))
+}
+
+function makeCodeChallenge(verifier: string): string {
+  return base64Url(createHash('sha256').update(verifier).digest())
+}
+
+function validateXaiEndpoint(raw: string, field: string): string {
+  const url = new URL(raw)
+  if (url.protocol !== 'https:') throw new Error(`xAI discovery returned non-HTTPS ${field}`)
+  const host = url.hostname.toLowerCase()
+  if (host !== 'x.ai' && !host.endsWith('.x.ai')) {
+    throw new Error(`xAI discovery ${field} host is not on x.ai`)
+  }
+  return raw
+}
+
+async function requestJson(url: string, options: {
+  method?: string
+  headers?: Record<string, string>
+  body?: string
+  timeoutMs?: number
+} = {}): Promise<{ status: number; text: string; json: any }> {
+  const target = new URL(url)
+  const timeoutMs = options.timeoutMs || 15000
+  const body = options.body || ''
+  const headers: Record<string, string> = {
+    Accept: 'application/json',
+    ...(options.headers || {}),
+  }
+  if (body && !headers['Content-Length']) headers['Content-Length'] = Buffer.byteLength(body).toString()
+
+  const requestOptions: RequestOptions = {
+    hostname: target.hostname,
+    port: Number(target.port || 443),
+    path: `${target.pathname}${target.search}`,
+    method: options.method || 'GET',
+    headers,
+    timeout: timeoutMs,
+  }
+
+  return await new Promise((resolve, reject) => {
+    const req = httpsRequest(requestOptions, (res) => {
+      const chunks: Buffer[] = []
+      res.on('data', chunk => chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)))
+      res.on('end', () => {
+        const text = Buffer.concat(chunks).toString('utf-8')
+        let json: any = null
+        try { json = text ? JSON.parse(text) : null } catch {}
+        resolve({ status: res.statusCode || 0, text, json })
+      })
+    })
+    req.once('timeout', () => req.destroy(new Error(`Request timed out after ${timeoutMs}ms`)))
+    req.once('error', reject)
+    if (body) req.write(body)
+    req.end()
+  })
+}
+
+async function discoverXai(): Promise<Record<string, string>> {
+  const res = await requestJson(XAI_OAUTH_DISCOVERY_URL, { timeoutMs: 15000 })
+  if (res.status < 200 || res.status >= 300) throw new Error(`xAI discovery failed: ${res.status}`)
+  const payload = res.json as Record<string, unknown>
+  if (!payload || typeof payload !== 'object') throw new Error('xAI discovery returned invalid JSON')
+  const authorizationEndpoint = String(payload.authorization_endpoint || '').trim()
+  const tokenEndpoint = String(payload.token_endpoint || '').trim()
+  if (!authorizationEndpoint || !tokenEndpoint) throw new Error('xAI discovery missing endpoints')
+  return {
+    authorization_endpoint: validateXaiEndpoint(authorizationEndpoint, 'authorization_endpoint'),
+    token_endpoint: validateXaiEndpoint(tokenEndpoint, 'token_endpoint'),
+  }
+}
+
+function loadAuthJson(authPath: string): AuthJson {
+  try { return JSON.parse(readFileSync(authPath, 'utf-8')) as AuthJson } catch { return { version: 1 } }
+}
+
+function saveAuthJson(authPath: string, data: AuthJson): void {
+  data.updated_at = new Date().toISOString()
+  const dir = dirname(authPath)
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true })
+  writeFileSync(authPath, JSON.stringify(data, null, 2) + '\n', { mode: 0o600 })
+}
+
+function requestedProfile(ctx: any): string {
+  const headerProfile = typeof ctx.get === 'function' ? ctx.get('x-hermes-profile') : ''
+  const queryProfile = typeof ctx.query?.profile === 'string' ? ctx.query.profile : ''
+  const bodyProfile = typeof ctx.request?.body?.profile === 'string' ? ctx.request.body.profile : ''
+  return ctx.state?.profile?.name ||
+    headerProfile.trim() ||
+    queryProfile.trim() ||
+    bodyProfile.trim() ||
+    getActiveProfileName() ||
+    'default'
+}
+
+function authPathForProfile(profile: string): string {
+  return join(getProfileDir(profile), 'auth.json')
+}
+
+export async function saveXaiOAuthTokensForProfile(
+  profile: string,
+  session: Pick<XaiSession, 'discovery' | 'redirectUri'>,
+  tokenData: any,
+) {
+  const accessToken = String(tokenData.access_token || '').trim()
+  const refreshToken = String(tokenData.refresh_token || '').trim()
+  if (!accessToken || !refreshToken) throw new Error('xAI token response missing access_token or refresh_token')
+
+  const lastRefresh = new Date().toISOString()
+  const tokens = {
+    access_token: accessToken,
+    refresh_token: refreshToken,
+    id_token: String(tokenData.id_token || '').trim(),
+    expires_in: tokenData.expires_in,
+    token_type: String(tokenData.token_type || 'Bearer').trim() || 'Bearer',
+  }
+
+  const authPath = authPathForProfile(profile)
+  const auth = loadAuthJson(authPath)
+  if (!auth.providers) auth.providers = {}
+  auth.providers['xai-oauth'] = {
+    tokens,
+    last_refresh: lastRefresh,
+    auth_mode: 'oauth_pkce',
+    discovery: session.discovery,
+    redirect_uri: session.redirectUri,
+  }
+  if (!auth.credential_pool) auth.credential_pool = {}
+  auth.credential_pool['xai-oauth'] = [{
+    id: `xai-oauth-${Date.now()}`,
+    label: 'xAI Grok OAuth (SuperGrok Subscription)',
+    auth_type: 'oauth',
+    source: 'loopback_pkce',
+    priority: 0,
+    access_token: accessToken,
+    refresh_token: refreshToken,
+    base_url: XAI_DEFAULT_BASE_URL,
+  }]
+  saveAuthJson(authPath, auth)
+
+  await updateConfigYamlForProfile(profile, applyXaiOAuthDefaultModel)
+}
+
+async function saveTokens(session: XaiSession, tokenData: any) {
+  await saveXaiOAuthTokensForProfile(session.profile, session, tokenData)
+}
+
+async function exchangeCode(session: XaiSession, code: string) {
+  const res = await requestJson(session.tokenEndpoint, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded', Accept: 'application/json' },
+    body: new URLSearchParams({
+      grant_type: 'authorization_code',
+      code,
+      redirect_uri: session.redirectUri,
+      client_id: XAI_OAUTH_CLIENT_ID,
+      code_verifier: session.codeVerifier,
+    }).toString(),
+    timeoutMs: 20000,
+  })
+  if (res.status < 200 || res.status >= 300) {
+    throw new Error(`xAI token exchange failed: ${res.status}${res.text ? ` ${res.text}` : ''}`)
+  }
+  await saveTokens(session, res.json)
+}
+
+function startCallbackServer(sessionId: string, preferredPort = XAI_REDIRECT_PORT): Promise<{ server: Server; redirectUri: string }> {
+  return new Promise((resolve, reject) => {
+    const server = createServer((req, res) => {
+      const session = sessions.get(sessionId)
+      const url = new URL(req.url || '/', `http://${XAI_REDIRECT_HOST}`)
+      if (req.method === 'OPTIONS') {
+        res.writeHead(204, {
+          'Access-Control-Allow-Origin': 'https://auth.x.ai',
+          'Access-Control-Allow-Methods': 'GET, OPTIONS',
+          'Access-Control-Allow-Headers': 'Content-Type',
+        })
+        res.end()
+        return
+      }
+      if (!session || url.pathname !== XAI_REDIRECT_PATH) {
+        res.writeHead(404)
+        res.end('Not found.')
+        return
+      }
+      res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
+      res.end('<html><body><h1>xAI authorization received.</h1>You can close this tab.</body></html>')
+
+      void (async () => {
+        try {
+          const error = url.searchParams.get('error')
+          if (error) throw new Error(url.searchParams.get('error_description') || error)
+          if (url.searchParams.get('state') !== session.state) throw new Error('xAI OAuth state mismatch')
+          const code = url.searchParams.get('code')
+          if (!code) throw new Error('xAI OAuth callback missing code')
+          await exchangeCode(session, code)
+          session.status = 'approved'
+          closeServer(session)
+        } catch (err: any) {
+          logger.error(err, 'xAI OAuth callback failed')
+          session.status = 'error'
+          session.error = err?.message || String(err)
+          closeServer(session)
+        }
+      })()
+    })
+    server.once('error', (err: any) => {
+      if (preferredPort !== 0 && err?.code === 'EADDRINUSE') {
+        startCallbackServer(sessionId, 0).then(resolve, reject)
+      } else {
+        reject(err)
+      }
+    })
+    server.listen(preferredPort, XAI_CALLBACK_BIND_HOST, () => {
+      const address = server.address()
+      const port = typeof address === 'object' && address ? address.port : preferredPort
+      resolve({ server, redirectUri: `http://${XAI_REDIRECT_HOST}:${port}${XAI_REDIRECT_PATH}` })
+    })
+  })
+}
+
+export async function start(ctx: any) {
+  try {
+    cleanupExpiredSessions()
+    const sessionId = randomUUID()
+    const profile = requestedProfile(ctx)
+    const discovery = await discoverXai()
+    const codeVerifier = makeCodeVerifier()
+    const state = randomUUID().replace(/-/g, '')
+    const nonce = randomUUID().replace(/-/g, '')
+    const { server, redirectUri } = await startCallbackServer(sessionId)
+    const authorizeUrl = `${discovery.authorization_endpoint}?${new URLSearchParams({
+      response_type: 'code',
+      client_id: XAI_OAUTH_CLIENT_ID,
+      redirect_uri: redirectUri,
+      scope: XAI_OAUTH_SCOPE,
+      code_challenge: makeCodeChallenge(codeVerifier),
+      code_challenge_method: 'S256',
+      state,
+      nonce,
+      plan: 'generic',
+      referrer: 'hermes-web-ui',
+    }).toString()}`
+    sessions.set(sessionId, {
+      id: sessionId,
+      profile,
+      status: 'pending',
+      authorizeUrl,
+      redirectUri,
+      codeVerifier,
+      state,
+      tokenEndpoint: discovery.token_endpoint,
+      discovery,
+      server,
+      createdAt: Date.now(),
+    })
+    ctx.body = { session_id: sessionId, authorization_url: authorizeUrl, expires_in: 900 }
+  } catch (err: any) {
+    ctx.status = 500
+    ctx.body = { error: err.message }
+  }
+}
+
+export async function poll(ctx: any) {
+  const session = sessions.get(ctx.params.sessionId)
+  if (!session) { ctx.status = 404; ctx.body = { error: 'Session not found' }; return }
+  if (Date.now() - session.createdAt > POLL_MAX_DURATION) {
+    session.status = 'expired'
+    closeServer(session)
+  }
+  ctx.body = { status: session.status, error: session.error || null }
+}
+
+export async function status(ctx: any) {
+  try {
+    const auth = loadAuthJson(authPathForProfile(requestedProfile(ctx)))
+    const provider = auth.providers?.['xai-oauth']
+    const pool = auth.credential_pool?.['xai-oauth']
+    ctx.body = {
+      authenticated: !!(
+        provider?.tokens?.access_token ||
+        provider?.access_token ||
+        (Array.isArray(pool) && pool.some((entry: any) => entry?.access_token))
+      ),
+      last_refresh: provider?.last_refresh,
+    }
+  } catch {
+    ctx.body = { authenticated: false }
+  }
+}
diff --git a/packages/server/src/controllers/update.ts b/packages/server/src/controllers/update.ts
new file mode 100644
index 0000000..bb582ed
--- /dev/null
+++ b/packages/server/src/controllers/update.ts
@@ -0,0 +1,1282 @@
+import { execFile, execFileSync, spawn, type ChildProcess } from 'child_process'
+import { appendFileSync, closeSync, existsSync, mkdirSync, openSync, readFileSync, rmSync, writeFileSync } from 'fs'
+import { createServer } from 'net'
+import { delimiter, dirname, extname, join, resolve } from 'path'
+import { getWebUiHome } from '../config'
+
+let updateInProgress = false
+const NODE_ENVIRONMENT_MISSING_CODE = 'node_environment_missing'
+
+const PREVIEW_DIR_NAME = 'hermes-web-ui-pereview'
+const PREVIEW_HOME_DIR_NAME = 'hermes-web-ui-pereview-home'
+const PREVIEW_BACKEND_PORT = 8650
+const PREVIEW_FRONTEND_PORT = 8651
+const PREVIEW_AGENT_BRIDGE_PORT = 18650
+const PREVIEW_AGENT_BRIDGE_WORKER_PORT_BASE = 19650
+const PREVIEW_AGENT_BRIDGE_ENDPOINT_ENV = 'HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_ENDPOINT'
+const PREVIEW_AGENT_BRIDGE_TRANSPORT_ENV = 'HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_TRANSPORT'
+const PREVIEW_FRONTEND_URL = `http://localhost:${PREVIEW_FRONTEND_PORT}`
+const PREVIEW_TAG_REF_PATTERN = /^[A-Za-z0-9._/-]+$/
+const PREVIEW_MAIN_REF = 'main'
+const PREVIEW_TAGS_CACHE_MS = 5 * 60 * 1000
+
+type PreviewTagRef = { name: string; sha: string }
+type PreviewTagsCache = { expiresAt: number; tags: PreviewTagRef[] }
+type PreviewActionResult = { success: boolean; message?: string; code?: string }
+
+class PreviewRuntimeState {
+  process: ChildProcess | null = null
+  tagsCache: PreviewTagsCache | null = null
+  activeAction: string | null = null
+  activeActionStartedAt: string | null = null
+  lastAction: string | null = null
+  lastActionCompletedAt: string | null = null
+  lastActionResult: PreviewActionResult | null = null
+
+  getCachedTags(): PreviewTagRef[] | null {
+    return this.tagsCache && this.tagsCache.expiresAt > Date.now()
+      ? this.tagsCache.tags
+      : null
+  }
+
+  setTags(tags: PreviewTagRef[]) {
+    this.tagsCache = { tags, expiresAt: Date.now() + PREVIEW_TAGS_CACHE_MS }
+  }
+
+  beginAction(action: string): boolean {
+    if (this.activeAction) return false
+    this.activeAction = action
+    this.activeActionStartedAt = new Date().toISOString()
+    this.lastAction = null
+    this.lastActionCompletedAt = null
+    this.lastActionResult = null
+    return true
+  }
+
+  endAction(action: string, result: PreviewActionResult) {
+    if (this.activeAction !== action) return
+    this.activeAction = null
+    this.activeActionStartedAt = null
+    this.lastAction = action
+    this.lastActionCompletedAt = new Date().toISOString()
+    this.lastActionResult = result
+  }
+}
+
+const previewState = new PreviewRuntimeState()
+
+interface PackageInfo {
+  name: string
+  version: string
+  repositoryUrl?: string
+}
+
+function readPackageInfo(): PackageInfo | null {
+  const candidatePaths = [
+    // ts-node dev: packages/server/src/controllers -> repo root
+    resolve(__dirname, '../../../../package.json'),
+    // bundled server: dist/server -> repo root/package root
+    resolve(__dirname, '../../package.json'),
+    // fallback for processes started at the repo root
+    resolve(process.cwd(), 'package.json'),
+  ]
+
+  for (const packagePath of candidatePaths) {
+    if (!existsSync(packagePath)) continue
+    try {
+      const pkg = JSON.parse(readFileSync(packagePath, 'utf-8'))
+      if (pkg?.name && pkg?.version) {
+        const repository = typeof pkg.repository === 'string'
+          ? pkg.repository
+          : typeof pkg.repository?.url === 'string'
+            ? pkg.repository.url
+            : ''
+        return {
+          name: String(pkg.name),
+          version: String(pkg.version),
+          repositoryUrl: repository,
+        }
+      }
+    } catch {}
+  }
+
+  return null
+}
+
+function normalizeGithubRepoUrl(raw: string): string {
+  return raw
+    .trim()
+    .replace(/^git\+/, '')
+    .replace(/^git@github\.com:/, 'https://github.com/')
+    .replace(/\.git$/, '')
+}
+
+function getPreviewRepoBaseUrl(): string {
+  const configured = process.env.HERMES_WEB_UI_PREVIEW_REPO?.trim()
+  const repository = configured || readPackageInfo()?.repositoryUrl || ''
+  const normalized = normalizeGithubRepoUrl(repository)
+  if (!normalized) throw new Error('Preview repository is not configured')
+  return normalized
+}
+
+function getPreviewRepoGitUrl(): string {
+  return `${getPreviewRepoBaseUrl()}.git`
+}
+
+function getPreviewRepoApiUrl(): string {
+  const baseUrl = getPreviewRepoBaseUrl()
+  const match = baseUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)$/)
+  if (!match) throw new Error(`Preview zip fallback only supports GitHub repositories: ${baseUrl}`)
+  return `https://api.github.com/repos/${match[1]}/${match[2]}`
+}
+
+function getPreviewGithubRepoParts(): { owner: string; repo: string } {
+  const baseUrl = getPreviewRepoBaseUrl()
+  const match = baseUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+)$/)
+  if (!match) throw new Error(`Preview zip fallback only supports GitHub repositories: ${baseUrl}`)
+  return { owner: match[1], repo: match[2] }
+}
+
+function parsePreviewTagRefs(output: string): PreviewTagRef[] {
+  return output
+    .split(/\r?\n/)
+    .map(line => line.trim())
+    .filter(Boolean)
+    .map(line => {
+      const [sha, ref] = line.split(/\s+/)
+      return { sha: sha || '', name: (ref || '').replace(/^refs\/tags\//, '') }
+    })
+    .filter(tag => tag.name)
+    .reverse()
+}
+
+function execFileText(
+  command: string,
+  args: string[],
+  options: { cwd?: string; timeout?: number; env?: NodeJS.ProcessEnv; maxBuffer?: number } = {},
+): Promise<string> {
+  return new Promise((resolve, reject) => {
+    execFile(command, args, {
+      cwd: options.cwd,
+      encoding: 'utf-8',
+      timeout: options.timeout,
+      env: options.env,
+      windowsHide: true,
+      maxBuffer: options.maxBuffer || 1024 * 1024,
+    }, (error, stdout, stderr) => {
+      if (error) {
+        ;(error as any).stdout = stdout
+        ;(error as any).stderr = stderr
+        reject(error)
+        return
+      }
+      resolve(String(stdout || '').trim())
+    })
+  })
+}
+
+async function listPreviewTagsWithGitAsync(): Promise<PreviewTagRef[]> {
+  const output = await execFileText('git', ['ls-remote', '--tags', '--refs', getPreviewRepoGitUrl()], {
+    timeout: 8_000,
+  })
+  return parsePreviewTagRefs(output)
+}
+
+function getNodeBinDir() {
+  return dirname(process.execPath)
+}
+
+function getNodePrefix() {
+  return process.platform === 'win32' ? getNodeBinDir() : dirname(getNodeBinDir())
+}
+
+function getHomebrewPrefix() {
+  const match = process.execPath.match(/^(.*)\/Cellar\/[^/]+\/[^/]+\/bin\/node$/)
+  return match?.[1] || null
+}
+
+function getNpmCliCandidates() {
+  const prefix = getNodePrefix()
+  const homebrewPrefix = getHomebrewPrefix()
+
+  return process.platform === 'win32'
+    ? [
+        join(prefix, 'node_modules', 'npm', 'bin', 'npm-cli.js'),
+        join(getNodeBinDir(), 'node_modules', 'npm', 'bin', 'npm-cli.js'),
+      ]
+    : [
+        join(prefix, 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js'),
+        ...(homebrewPrefix ? [join(homebrewPrefix, 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js')] : []),
+      ]
+}
+
+function getNpmCliPath() {
+  const candidates = getNpmCliCandidates()
+  const npmCli = candidates.find(existsSync)
+
+  return npmCli || null
+}
+
+function getNpmBin() {
+  return process.platform === 'win32' ? 'npm.cmd' : 'npm'
+}
+
+function windowsCommandNeedsShell(command: string): boolean {
+  const extension = extname(command).toLowerCase()
+  return extension === '.cmd' || extension === '.bat'
+}
+
+function commandExecution(command: string, args: string[]): { command: string; args: string[] } {
+  if (process.platform === 'win32' && windowsCommandNeedsShell(command)) {
+    const commandArg = / /.test(command) ? `"${command}"` : command
+    const argsString = args.map(arg => / /.test(arg) ? `"${arg}"` : arg).join(' ')
+    return {
+      command: 'cmd.exe',
+      args: ['/d', '/s', '/c', `${commandArg} ${argsString}`],
+    }
+  }
+  return { command, args }
+}
+
+function nodeEnvironmentMissingError(): Error {
+  const err = new Error('Node/npm environment was not detected. Please install Node.js and try again.')
+  ;(err as any).code = NODE_ENVIRONMENT_MISSING_CODE
+  return err
+}
+
+function isNodeEnvironmentMissingError(err: any): boolean {
+  const text = [
+    err?.code,
+    err?.message,
+    err?.stderr?.toString?.(),
+    err?.stdout?.toString?.(),
+  ].filter(Boolean).join('\n').toLowerCase()
+  return text.includes('enoent') ||
+    text.includes('spawn npm') ||
+    text.includes('npm: command not found') ||
+    text.includes('npm not found') ||
+    text.includes('node: command not found') ||
+    text.includes('node not found')
+}
+
+function normalizeNodeToolError(err: any): { message: string; code?: string } {
+  if (isNodeEnvironmentMissingError(err)) {
+    return { message: nodeEnvironmentMissingError().message, code: NODE_ENVIRONMENT_MISSING_CODE }
+  }
+  return { message: err?.stderr?.toString() || err?.message || String(err) }
+}
+
+function findCommandPath(command: string, env: NodeJS.ProcessEnv): string | null {
+  try {
+    const lookupCommand = process.platform === 'win32' ? 'where' : 'which'
+    const stdout = execFileSync(lookupCommand, [command], {
+      encoding: 'utf-8',
+      timeout: 3000,
+      stdio: ['pipe', 'pipe', 'pipe'],
+      env,
+      windowsHide: true,
+    })
+    return stdout.split(/\r?\n/).map((line: string) => line.trim()).find(Boolean) || null
+  } catch {
+    return null
+  }
+}
+
+function npmCliFromNpmBin(npmBin: string): { node: string; npmCli: string } | null {
+  const binDir = dirname(npmBin)
+  if (process.platform === 'win32') {
+    const node = join(binDir, 'node.exe')
+    const npmCli = join(binDir, 'node_modules', 'npm', 'bin', 'npm-cli.js')
+    return existsSync(node) && existsSync(npmCli) ? { node, npmCli } : null
+  }
+
+  const node = join(binDir, 'node')
+  const npmCli = join(dirname(binDir), 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js')
+  return existsSync(node) && existsSync(npmCli) ? { node, npmCli } : null
+}
+
+function npmExecution(args: string[], env: NodeJS.ProcessEnv): { command: string; args: string[] } {
+  const bundledNpmCli = getNpmCliPath()
+  if (bundledNpmCli) return { command: process.execPath, args: [bundledNpmCli, ...args] }
+
+  const npmBin = findCommandPath(getNpmBin(), env) || findCommandPath('npm', env)
+  if (!npmBin) throw nodeEnvironmentMissingError()
+
+  const npmCli = npmCliFromNpmBin(npmBin)
+  if (npmCli) return { command: npmCli.node, args: [npmCli.npmCli, ...args] }
+
+  const nodeBin = findCommandPath(process.platform === 'win32' ? 'node.exe' : 'node', env) || findCommandPath('node', env)
+  if (!nodeBin) throw nodeEnvironmentMissingError()
+
+  return commandExecution(npmBin, args)
+}
+
+function isTermuxRuntime() {
+  const prefix = process.env.PREFIX || ''
+  return prefix.includes('/com.termux/') ||
+    existsSync('/data/data/com.termux/files/usr')
+}
+
+function getPreviewViteHostArg() {
+  return isTermuxRuntime() ? '127.0.0.1' : ''
+}
+
+function getGlobalPackageBin(root: string) {
+  return join(root, 'hermes-web-ui', 'bin', 'hermes-web-ui.mjs')
+}
+
+function getCurrentNodeEnv() {
+  return {
+    ...process.env,
+    PATH: [getNodeBinDir(), process.env.PATH].filter(Boolean).join(delimiter),
+    npm_node_execpath: process.execPath,
+  }
+}
+
+function runNpm(args: string[], options: { timeout?: number; cwd?: string; logLabel?: string; env?: NodeJS.ProcessEnv } = {}) {
+  const env = {
+    ...getCurrentNodeEnv(),
+    ...options.env,
+  }
+  const execution = npmExecution(args, env)
+  const label = options.logLabel || ''
+
+  if (label) appendPreviewActionLog(`${label}: ${execution.command} ${execution.args.join(' ')}${options.cwd ? `\ncwd: ${options.cwd}` : ''}`)
+  try {
+    const output = execFileSync(execution.command, execution.args, {
+      encoding: 'utf-8',
+      timeout: options.timeout,
+      stdio: ['pipe', 'pipe', 'pipe'],
+      env,
+      cwd: options.cwd,
+      windowsHide: true,
+    }).trim()
+    if (label) {
+      if (output) appendPreviewActionLog(`${label} output:\n${output}`)
+      appendPreviewActionLog(`${label} completed`)
+    }
+    return output
+  } catch (err: any) {
+    if (label) {
+      const stderr = err.stderr?.toString() || ''
+      const stdout = err.stdout?.toString() || ''
+      appendPreviewActionLog(`${label} failed`)
+      if (stdout) appendPreviewActionLog(`${label} stdout:\n${stdout}`)
+      if (stderr) appendPreviewActionLog(`${label} stderr:\n${stderr}`)
+    }
+    throw err
+  }
+}
+
+async function runNpmAsync(args: string[], options: { timeout?: number; cwd?: string; logLabel?: string; env?: NodeJS.ProcessEnv } = {}) {
+  const env = {
+    ...getCurrentNodeEnv(),
+    ...options.env,
+  }
+  const execution = npmExecution(args, env)
+  const label = options.logLabel || ''
+
+  if (label) appendPreviewActionLog(`${label}: ${execution.command} ${execution.args.join(' ')}${options.cwd ? `\ncwd: ${options.cwd}` : ''}`)
+  try {
+    const output = await execFileText(execution.command, execution.args, {
+      cwd: options.cwd,
+      timeout: options.timeout,
+      env,
+      maxBuffer: 16 * 1024 * 1024,
+    })
+    if (label) {
+      if (output) appendPreviewActionLog(`${label} output:\n${output}`)
+      appendPreviewActionLog(`${label} completed`)
+    }
+    return output
+  } catch (err: any) {
+    if (label) {
+      const stderr = err.stderr?.toString() || ''
+      const stdout = err.stdout?.toString() || ''
+      appendPreviewActionLog(`${label} failed`)
+      if (stdout) appendPreviewActionLog(`${label} stdout:\n${stdout}`)
+      if (stderr) appendPreviewActionLog(`${label} stderr:\n${stderr}`)
+    }
+    throw err
+  }
+}
+
+function getPreviewDir() {
+  return join(getWebUiHome(), PREVIEW_DIR_NAME)
+}
+
+function getPreviewHomeDir() {
+  return join(getWebUiHome(), PREVIEW_HOME_DIR_NAME)
+}
+
+function normalizePreviewAgentBridgeTransport(value: string | undefined) {
+  const transport = value?.trim().toLowerCase()
+  return transport && ['tcp', 'ipc', 'unix'].includes(transport) ? transport : ''
+}
+
+function getPreviewAgentBridgeEndpoint() {
+  const configured = process.env[PREVIEW_AGENT_BRIDGE_ENDPOINT_ENV]?.trim()
+  if (configured) return configured
+
+  const transport = normalizePreviewAgentBridgeTransport(process.env[PREVIEW_AGENT_BRIDGE_TRANSPORT_ENV])
+    || normalizePreviewAgentBridgeTransport(process.env.HERMES_AGENT_BRIDGE_WORKER_TRANSPORT)
+  const useTcp = transport ? transport === 'tcp' : process.platform === 'win32'
+  return useTcp
+    ? `tcp://127.0.0.1:${PREVIEW_AGENT_BRIDGE_PORT}`
+    : `ipc://${join(getPreviewHomeDir(), 'agent-bridge.sock')}`
+}
+
+function getTcpEndpointPort(endpoint: string): number | null {
+  try {
+    const url = new URL(endpoint)
+    if (url.protocol !== 'tcp:') return null
+    const port = Number(url.port)
+    return Number.isInteger(port) && port > 0 && port <= 65535 ? port : null
+  } catch {
+    return null
+  }
+}
+
+function getPreviewListeningPorts() {
+  const agentBridgePort = getTcpEndpointPort(getPreviewAgentBridgeEndpoint())
+  return [
+    PREVIEW_BACKEND_PORT,
+    PREVIEW_FRONTEND_PORT,
+    ...(agentBridgePort ? [agentBridgePort] : []),
+  ]
+}
+
+function getPreviewPackagePath() {
+  return join(getPreviewDir(), 'package.json')
+}
+
+function getPreviewLogPath() {
+  return join(getPreviewDir(), 'preview-dev.log')
+}
+
+function getPreviewActionLogPath() {
+  return join(getPreviewDir(), 'preview-action.log')
+}
+
+function getPreviewInstallEnv() {
+  return {
+    NODE_ENV: 'development',
+    npm_config_production: 'false',
+    npm_config_omit: '',
+    NPM_CONFIG_PRODUCTION: 'false',
+    NPM_CONFIG_OMIT: '',
+  }
+}
+
+function readLogTail(path: string, maxChars = 24_000): string {
+  if (!existsSync(path)) return ''
+  const raw = readFileSync(path, 'utf-8')
+  return raw.length > maxChars ? raw.slice(raw.length - maxChars) : raw
+}
+
+function getCurrentPreviewTag() {
+  const tagPath = join(getPreviewDir(), '.preview-tag')
+  if (!existsSync(tagPath)) return ''
+  try {
+    return readFileSync(tagPath, 'utf-8').trim()
+  } catch {
+    return ''
+  }
+}
+
+function appendPreviewActionLog(message: string) {
+  mkdirSync(getPreviewDir(), { recursive: true })
+  appendFileSync(getPreviewActionLogPath(), `[${new Date().toISOString()}] ${message}\n`, 'utf-8')
+}
+
+function previewPayload(extra: Record<string, any> = {}) {
+  return {
+    ...extra,
+    ...getPreviewStatus(),
+    active_action: previewState.activeAction,
+    active_action_started_at: previewState.activeActionStartedAt,
+    last_action: previewState.lastAction,
+    last_action_completed_at: previewState.lastActionCompletedAt,
+    last_action_success: previewState.lastActionResult?.success ?? null,
+    last_action_message: previewState.lastActionResult?.message || '',
+    last_action_code: previewState.lastActionResult?.code || '',
+    action_log: readLogTail(getPreviewActionLogPath()),
+    dev_log: readLogTail(getPreviewLogPath()),
+  }
+}
+
+function getPreviewStatus() {
+  const previewDir = getPreviewDir()
+  const packagePath = getPreviewPackagePath()
+  const exists = existsSync(previewDir)
+  const hasPackage = existsSync(packagePath)
+  const installed = hasPackage && getMissingPreviewDependencyBins().length === 0
+  const runtimePids = getPreviewListeningPids()
+  const running = Boolean(previewState.process?.pid && !previewState.process.killed) || runtimePids.length > 0
+  const currentTag = getCurrentPreviewTag()
+
+  return {
+    preview_dir: previewDir,
+    exists,
+    has_package: hasPackage,
+    installed,
+    running,
+    pid: running ? previewState.process?.pid || runtimePids[0] || null : null,
+    current_tag: currentTag,
+    frontend_url: PREVIEW_FRONTEND_URL,
+    agent_bridge_endpoint: getPreviewAgentBridgeEndpoint(),
+    log_path: getPreviewLogPath(),
+    action_log_path: getPreviewActionLogPath(),
+    dev_log_path: getPreviewLogPath(),
+    webui_home: getPreviewHomeDir(),
+  }
+}
+
+function sleep(ms: number) {
+  return new Promise(resolve => setTimeout(resolve, ms))
+}
+
+function isPortAvailable(port: number): Promise<boolean> {
+  return new Promise((resolve) => {
+    const server = createServer()
+    server.once('error', () => resolve(false))
+    server.once('listening', () => {
+      server.close(() => resolve(true))
+    })
+    server.listen(port, '127.0.0.1')
+  })
+}
+
+function parsePidLines(output: string): number[] {
+  return [...new Set(output
+    .split(/\r?\n/)
+    .map(line => Number(line.trim()))
+    .filter(pid => Number.isFinite(pid) && pid > 0))]
+}
+
+function getPreviewListeningPids(): number[] {
+  const ports = getPreviewListeningPorts()
+  const pids = new Set<number>()
+
+  if (process.platform === 'win32') {
+    try {
+      const output = execFileSync('netstat.exe', ['-ano', '-p', 'tcp'], { encoding: 'utf-8', windowsHide: true })
+      for (const line of output.split(/\r?\n/)) {
+        const parts = line.trim().split(/\s+/)
+        if (parts.length < 5) continue
+        const [proto, localAddress, , state, pidRaw] = parts
+        if (proto.toUpperCase() !== 'TCP' || state.toUpperCase() !== 'LISTENING') continue
+        const listenPort = Number(localAddress.split(':').pop())
+        if (!ports.includes(listenPort)) continue
+        const pid = Number(pidRaw)
+        if (Number.isFinite(pid) && pid > 0) pids.add(pid)
+      }
+    } catch {}
+    return [...pids]
+  }
+
+  for (const port of ports) {
+    try {
+      for (const pid of parsePidLines(execFileSync('lsof', [`-tiTCP:${port}`, '-sTCP:LISTEN'], {
+        encoding: 'utf-8',
+        stdio: ['ignore', 'pipe', 'ignore'],
+      }))) {
+        pids.add(pid)
+      }
+    } catch {}
+  }
+
+  return [...pids]
+}
+
+function getUnixProcessGroupId(pid: number): number | null {
+  try {
+    const output = execFileSync('ps', ['-o', 'pgid=', '-p', String(pid)], {
+      encoding: 'utf-8',
+      stdio: ['ignore', 'pipe', 'ignore'],
+    }).trim()
+    const pgid = Number(output)
+    return Number.isFinite(pgid) && pgid > 0 ? pgid : null
+  } catch {
+    return null
+  }
+}
+
+async function assertPreviewPortsAvailable() {
+  const ports = getPreviewListeningPorts()
+  const checks = await Promise.all(ports.map(port => isPortAvailable(port)))
+  const busy = ports.filter((_, index) => !checks[index])
+
+  if (busy.length) {
+    throw new Error(`Preview port(s) already in use: ${busy.join(', ')}. Stop the existing dev server and try again.`)
+  }
+}
+
+async function waitForPreviewReady(timeoutMs = 30_000) {
+  const deadline = Date.now() + timeoutMs
+  let lastError = ''
+
+  while (Date.now() < deadline) {
+    if (!previewState.process || previewState.process.killed) {
+      throw new Error(`Preview process exited before it became ready. Check log: ${getPreviewLogPath()}`)
+    }
+
+    try {
+      const res = await fetch(`http://127.0.0.1:${PREVIEW_FRONTEND_PORT}/`, {
+        signal: AbortSignal.timeout(1500),
+      })
+      if (res.ok) return
+      lastError = `HTTP ${res.status}`
+    } catch (err: any) {
+      lastError = err.message || String(err)
+    }
+
+    await sleep(1000)
+  }
+
+  throw new Error(`Preview did not become ready on port ${PREVIEW_FRONTEND_PORT}. Last error: ${lastError}. Check log: ${getPreviewLogPath()}`)
+}
+
+function openPreviewLogFile() {
+  mkdirSync(getPreviewDir(), { recursive: true })
+  writeFileSync(getPreviewLogPath(), `[preview] starting ${new Date().toISOString()}\n`, 'utf-8')
+  return openSync(getPreviewLogPath(), 'a')
+}
+
+async function stopPreviewProcess() {
+  const child = previewState.process
+  const pids = new Set<number>()
+  if (child?.pid && !child.killed) pids.add(child.pid)
+  for (const pid of getPreviewListeningPids()) pids.add(pid)
+
+  if (!pids.size) {
+    previewState.process = null
+    return
+  }
+
+  appendPreviewActionLog(`stopping preview process pid(s)=${[...pids].join(', ')}`)
+  if (process.platform === 'win32') {
+    for (const pid of pids) {
+      try {
+        execFileSync('taskkill.exe', ['/PID', String(pid), '/T', '/F'], { stdio: 'ignore', windowsHide: true })
+      } catch {}
+    }
+  } else {
+    const pgids = new Set<number>()
+    for (const pid of pids) {
+      const pgid = getUnixProcessGroupId(pid)
+      if (pgid) pgids.add(pgid)
+      else pgids.add(pid)
+    }
+    for (const pgid of pgids) {
+      try {
+        process.kill(-pgid, 'SIGTERM')
+      } catch {
+        try { process.kill(pgid, 'SIGTERM') } catch {}
+      }
+    }
+    await sleep(800)
+    const remainingPids = getPreviewListeningPids()
+    const remainingPgids = new Set(remainingPids.map(getUnixProcessGroupId).filter((pgid): pgid is number => Boolean(pgid)))
+    for (const pgid of remainingPgids) {
+      try { process.kill(-pgid, 'SIGKILL') } catch {}
+    }
+  }
+
+  previewState.process = null
+  await sleep(800)
+}
+
+export async function stopPreviewRuntime(): Promise<void> {
+  await stopPreviewProcess()
+}
+
+function assertPreviewPackage() {
+  const packagePath = getPreviewPackagePath()
+  if (!existsSync(packagePath)) {
+    throw new Error(`Preview package.json not found: ${packagePath}`)
+  }
+
+  const pkg = JSON.parse(readFileSync(packagePath, 'utf-8'))
+  if (pkg?.name !== 'hermes-web-ui') {
+    throw new Error(`Preview directory is not hermes-web-ui: ${getPreviewDir()}`)
+  }
+}
+
+function getPreviewBinPath(name: string) {
+  return join(getPreviewDir(), 'node_modules', '.bin', process.platform === 'win32' ? `${name}.cmd` : name)
+}
+
+async function getPreviewNodePtyErrorAsync() {
+  if (!existsSync(join(getPreviewDir(), 'node_modules', 'node-pty'))) {
+    return 'node-pty'
+  }
+
+  try {
+    await execFileText(process.execPath, ['-e', "require('node-pty')"], {
+      cwd: getPreviewDir(),
+      timeout: 30_000,
+    })
+    return ''
+  } catch (err: any) {
+    return `node-pty (${err.stderr?.toString().trim() || err.message || String(err)})`
+  }
+}
+
+function getMissingPreviewDependencyBins() {
+  if (!existsSync(join(getPreviewDir(), 'node_modules'))) {
+    return ['node_modules']
+  }
+
+  const missing = ['concurrently', 'vite', 'nodemon'].filter(name => !existsSync(getPreviewBinPath(name)))
+  if (!existsSync(join(getPreviewDir(), 'node_modules', 'node-pty'))) missing.push('node-pty')
+  return missing
+}
+
+async function getMissingPreviewDependencyBinsAsync() {
+  const missing = getMissingPreviewDependencyBins()
+  if (missing.includes('node_modules') || missing.includes('node-pty')) return missing
+
+  const nodePtyError = await getPreviewNodePtyErrorAsync()
+  if (nodePtyError) missing.push(nodePtyError)
+  return missing
+}
+
+function patchFileIfExists(path: string, patcher: (source: string) => string) {
+  if (!existsSync(path)) return
+  const source = readFileSync(path, 'utf-8')
+  const next = patcher(source)
+  if (next !== source) writeFileSync(path, next, 'utf-8')
+}
+
+function patchPreviewWebSocketClient(source: string) {
+  return source.replace(
+    /const host = import\.meta\.env\.DEV\s*\?\s*formatHostForPort\(location\.hostname,\s*\d+\)\s*:\s*location\.host/g,
+    [
+      'const directDevPort = import.meta.env.VITE_HERMES_DIRECT_WS_PORT',
+      '  const host = import.meta.env.DEV && directDevPort',
+      '    ? formatHostForPort(location.hostname, Number(directDevPort))',
+      '    : location.host',
+    ].join('\n'),
+  )
+}
+
+function patchPreviewApiClient(source: string) {
+  return source.replace(
+    /return localStorage\.getItem\(['"]hermes_server_url['"]\) \|\| DEFAULT_BASE_URL/,
+    "return import.meta.env.VITE_HERMES_PREVIEW === '1' ? DEFAULT_BASE_URL : localStorage.getItem('hermes_server_url') || DEFAULT_BASE_URL",
+  )
+}
+
+function patchPreviewViteConfig(source: string) {
+  let next = source.replace(
+    /const BACKEND = ['"]http:\/\/127\.0\.0\.1:\d+['"]/,
+    [
+      `const BACKEND_PORT = process.env.HERMES_WEB_UI_BACKEND_PORT || '${PREVIEW_BACKEND_PORT}'`,
+      'const BACKEND = `http://127.0.0.1:${BACKEND_PORT}`',
+    ].join('\n'),
+  )
+  if (!next.includes('HERMES_WEB_UI_FRONTEND_PORT')) {
+    next = next.replace(
+      /server:\s*\{/,
+      `server: {\n    port: Number(process.env.HERMES_WEB_UI_FRONTEND_PORT || ${PREVIEW_FRONTEND_PORT}),\n    strictPort: true,`,
+    )
+  }
+  next = next.replace(
+    /(changeOrigin:\s*true,)(?!\s*\n\s*ws:\s*true,)/,
+    '$1\n    ws: true,',
+  )
+  return next
+}
+
+function patchPreviewSidebar(source: string) {
+  let next = source
+  if (!next.includes('VITE_HERMES_PREVIEW')) {
+    next = next.replace(
+      /const isSuperAdmin = computed\(\(\) => isStoredSuperAdmin\(\)\);/,
+      "const isSuperAdmin = computed(() => isStoredSuperAdmin());\nconst isVersionPreview = import.meta.env.VITE_HERMES_PREVIEW === '1';",
+    )
+  }
+  next = next.replace(
+    /<RouteLinkItem v-if="isSuperAdmin" class="nav-item" :to="\{ name: 'hermes\.versionPreview' \}"/,
+    '<RouteLinkItem v-if="isSuperAdmin && !isVersionPreview" class="nav-item" :to="{ name: \'hermes.versionPreview\' }"',
+  )
+  return next
+}
+
+function applyPreviewRuntimePatch() {
+  const previewDir = getPreviewDir()
+  const packagePath = getPreviewPackagePath()
+  const viteConfigPath = join(previewDir, 'vite.config.ts')
+
+  if (existsSync(packagePath)) {
+    const pkg = JSON.parse(readFileSync(packagePath, 'utf-8'))
+    const hostArg = getPreviewViteHostArg()
+    pkg.scripts = {
+      ...pkg.scripts,
+      'dev:client': hostArg
+        ? `vite --host ${hostArg} --port ${PREVIEW_FRONTEND_PORT} --strictPort`
+        : `vite --host --port ${PREVIEW_FRONTEND_PORT} --strictPort`,
+    }
+    writeFileSync(packagePath, JSON.stringify(pkg, null, 2) + '\n', 'utf-8')
+  }
+
+  if (existsSync(viteConfigPath)) {
+    patchFileIfExists(viteConfigPath, patchPreviewViteConfig)
+  }
+
+  patchFileIfExists(join(previewDir, 'packages/client/src/components/hermes/chat/TerminalPanel.vue'), patchPreviewWebSocketClient)
+  patchFileIfExists(join(previewDir, 'packages/client/src/views/hermes/TerminalView.vue'), patchPreviewWebSocketClient)
+  patchFileIfExists(join(previewDir, 'packages/client/src/api/hermes/kanban.ts'), patchPreviewWebSocketClient)
+  patchFileIfExists(join(previewDir, 'packages/client/src/api/client.ts'), patchPreviewApiClient)
+  patchFileIfExists(join(previewDir, 'packages/client/src/components/layout/AppSidebar.vue'), patchPreviewSidebar)
+}
+
+function assertTagRef(tag: unknown): string {
+  const value = typeof tag === 'string' ? tag.trim() : ''
+  if (!value) throw new Error('Tag is required')
+  if (!PREVIEW_TAG_REF_PATTERN.test(value) || value.includes('..')) {
+    throw new Error('Invalid tag')
+  }
+  return value
+}
+
+async function runGitAsync(args: string[], cwd?: string) {
+  return execFileText('git', args, {
+    cwd,
+    timeout: 5 * 60 * 1000,
+  })
+}
+
+function networkErrorMessage(err: any): string {
+  const detail = err.stderr?.toString() || err.message || String(err)
+  return `Unable to connect to GitHub. Please check your network or proxy settings. ${detail}`
+}
+
+function errorMessage(err: any): string {
+  return err.stderr?.toString() || err.message || String(err)
+}
+
+function queuePreviewAction(
+  action: string,
+  work: () => Promise<PreviewActionResult | void>,
+  normalizeError: (err: any) => { message: string; code?: string } = err => ({ message: errorMessage(err) }),
+  onError?: (err: any) => Promise<void>,
+): boolean {
+  if (!previewState.beginAction(action)) return false
+
+  void (async () => {
+    try {
+      const result = await work()
+      const normalized = result || { success: true }
+      previewState.endAction(action, normalized)
+      appendPreviewActionLog(`${action} completed${normalized.success === false ? ': failed' : ''}`)
+    } catch (err: any) {
+      if (onError) {
+        try { await onError(err) } catch {}
+      }
+      const normalized = normalizeError(err)
+      appendPreviewActionLog(`${action} failed: ${normalized.message}`)
+      previewState.endAction(action, {
+        success: false,
+        message: normalized.message,
+        code: normalized.code,
+      })
+    }
+  })()
+
+  return true
+}
+
+function previewActionAlreadyRunning(ctx: any) {
+  ctx.status = 409
+  ctx.body = previewPayload({ success: false, message: `Preview action already running: ${previewState.activeAction}` })
+}
+
+function previewActionAccepted(ctx: any) {
+  ctx.status = 202
+  ctx.body = previewPayload({ success: true, accepted: true })
+}
+
+async function downloadGithubZip(ref: string, targetDir: string, type: 'tag' | 'branch' = 'tag') {
+  const { owner, repo } = getPreviewGithubRepoParts()
+  const refKind = type === 'branch' ? 'heads' : 'tags'
+  const archiveKind = process.platform === 'win32' ? 'zip' : 'tar.gz'
+  const url = `https://codeload.github.com/${owner}/${repo}/${archiveKind}/refs/${refKind}/${encodeURIComponent(ref)}`
+  appendPreviewActionLog(`download archive: ${url}`)
+  const res = await fetch(url, {
+    headers: { 'User-Agent': 'hermes-web-ui-preview' },
+    signal: AbortSignal.timeout(60_000),
+  })
+  if (!res.ok) throw new Error(`Failed to download GitHub archive: HTTP ${res.status}`)
+
+  const tmpRoot = `${targetDir}.download`
+  const archivePath = `${tmpRoot}.${archiveKind === 'zip' ? 'zip' : 'tar.gz'}`
+  rmSync(tmpRoot, { recursive: true, force: true })
+  rmSync(archivePath, { force: true })
+  mkdirSync(tmpRoot, { recursive: true })
+  const archiveBuffer = Buffer.from(await res.arrayBuffer())
+  writeFileSync(archivePath, archiveBuffer)
+  appendPreviewActionLog(`downloaded archive: ${archiveBuffer.length} bytes`)
+
+  try {
+    appendPreviewActionLog(`extract archive: ${archivePath}`)
+    if (process.platform === 'win32') {
+      await execFileText('powershell.exe', [
+        '-NoProfile',
+        '-Command',
+        `Expand-Archive -LiteralPath ${JSON.stringify(archivePath)} -DestinationPath ${JSON.stringify(tmpRoot)} -Force`,
+      ], { timeout: 5 * 60 * 1000 })
+    } else {
+      await execFileText('tar', ['-xzf', archivePath, '-C', tmpRoot], { timeout: 5 * 60 * 1000 })
+    }
+
+    const entries = (await execFileText(process.platform === 'win32' ? 'cmd.exe' : 'ls', process.platform === 'win32' ? ['/c', 'dir', '/b', tmpRoot] : [tmpRoot], {
+      timeout: 30_000,
+    })).trim().split(/\r?\n/).filter(Boolean)
+    const extracted = entries.length === 1 ? join(tmpRoot, entries[0]) : tmpRoot
+    appendPreviewActionLog(`replace preview directory: ${targetDir}`)
+    rmSync(targetDir, { recursive: true, force: true })
+    mkdirSync(dirname(targetDir), { recursive: true })
+    if (process.platform !== 'win32') mkdirSync(targetDir, { recursive: true })
+    await execFileText(process.platform === 'win32' ? 'cmd.exe' : 'cp', process.platform === 'win32'
+      ? ['/c', 'move', extracted, targetDir]
+      : ['-R', `${extracted}/.`, targetDir], {
+      timeout: 5 * 60 * 1000,
+    })
+    appendPreviewActionLog('archive preview code ready')
+  } finally {
+    rmSync(tmpRoot, { recursive: true, force: true })
+    rmSync(archivePath, { force: true })
+  }
+}
+
+async function clonePreview(ref: string) {
+  const previewDir = getPreviewDir()
+  appendPreviewActionLog(`prepare preview clone for tag: ${ref}`)
+  rmSync(previewDir, { recursive: true, force: true })
+  mkdirSync(dirname(previewDir), { recursive: true })
+
+  try {
+    appendPreviewActionLog(`git clone --branch ${ref} --depth 1 ${getPreviewRepoGitUrl()} ${previewDir}`)
+    await runGitAsync(['clone', '--branch', ref, '--depth', '1', getPreviewRepoGitUrl(), previewDir])
+    appendPreviewActionLog('git clone completed')
+  } catch {
+    appendPreviewActionLog('git clone unavailable or failed, falling back to GitHub zip')
+    rmSync(previewDir, { recursive: true, force: true })
+    await downloadGithubZip(ref, previewDir, ref === PREVIEW_MAIN_REF ? 'branch' : 'tag')
+  }
+}
+
+async function checkoutPreview(ref: string) {
+  const previewDir = getPreviewDir()
+  appendPreviewActionLog(`checkout preview tag: ${ref}`)
+  if (!existsSync(previewDir)) {
+    await clonePreview(ref)
+  } else if (existsSync(join(previewDir, '.git'))) {
+    try {
+      appendPreviewActionLog('git fetch --tags --force')
+      await runGitAsync(['fetch', '--tags', '--force'], previewDir)
+      appendPreviewActionLog(`git checkout --force ${ref}`)
+      await runGitAsync(['checkout', '--force', ref], previewDir)
+    } catch (err: any) {
+      appendPreviewActionLog(`git checkout failed, replacing with GitHub zip: ${err.stderr?.toString() || err.message || String(err)}`)
+      rmSync(previewDir, { recursive: true, force: true })
+      await downloadGithubZip(ref, previewDir, ref === PREVIEW_MAIN_REF ? 'branch' : 'tag')
+    }
+  } else {
+    appendPreviewActionLog('preview directory is missing git metadata or package.json, replacing with GitHub zip')
+    rmSync(previewDir, { recursive: true, force: true })
+    await downloadGithubZip(ref, previewDir, ref === PREVIEW_MAIN_REF ? 'branch' : 'tag')
+  }
+
+  assertPreviewPackage()
+  appendPreviewActionLog('apply preview runtime port patch')
+  applyPreviewRuntimePatch()
+  writeFileSync(join(previewDir, '.preview-tag'), `${ref}\n`)
+  appendPreviewActionLog(`preview tag ready: ${ref}`)
+}
+
+function getGlobalRoot() {
+  return runNpm(['root', '-g'])
+}
+
+function getGlobalCliScript() {
+  const cli = getGlobalPackageBin(getGlobalRoot())
+  if (!existsSync(cli)) {
+    throw new Error(`Updated hermes-web-ui CLI not found: ${cli}`)
+  }
+  return cli
+}
+
+function runUpdateInstall() {
+  try {
+    runNpm(['cache', 'clean', '--force'], { timeout: 2 * 60 * 1000 })
+  } catch (err) {
+    console.warn('[update] failed to clean npm cache, continuing update:', err)
+  }
+
+  return runNpm(['install', '-g', 'hermes-web-ui@latest'], { timeout: 10 * 60 * 1000 })
+}
+
+function spawnRestart(port: string) {
+  const cli = getGlobalCliScript()
+
+  return spawn(process.execPath, [cli, 'restart', '--port', port], {
+    detached: true,
+    stdio: 'ignore',
+    windowsHide: true,
+    env: getCurrentNodeEnv(),
+  })
+}
+
+export async function handleUpdate(ctx: any) {
+  if (updateInProgress) {
+    ctx.status = 409
+    ctx.body = {
+      success: false,
+      message: 'hermes-web-ui update is already in progress',
+    }
+    return
+  }
+
+  updateInProgress = true
+
+  try {
+    const output = runUpdateInstall()
+
+    ctx.body = {
+      success: true,
+      message: output.trim() || 'hermes-web-ui updated successfully',
+    }
+
+    setTimeout(() => {
+      let restart
+      try {
+        restart = spawnRestart(process.env.PORT || '8648')
+      } catch (err) {
+        updateInProgress = false
+        console.error('[update] failed to spawn restart:', err)
+        return
+      }
+
+      restart.on('error', (err) => {
+        updateInProgress = false
+        console.error('[update] restart process failed:', err)
+      })
+      restart.on('exit', (code, signal) => {
+        updateInProgress = false
+        const failed = (typeof code === 'number' && code !== 0) || Boolean(signal)
+        if (failed) {
+          console.error(`[update] restart process exited before replacing server: code=${code} signal=${signal}`)
+        }
+      })
+      restart.unref()
+    }, 3000)
+  } catch (err: any) {
+    updateInProgress = false
+    ctx.status = 500
+    ctx.body = {
+      success: false,
+      message: err.stderr?.toString() || err.message || String(err),
+    }
+  }
+}
+
+export async function previewStatus(ctx: any) {
+  ctx.body = previewPayload()
+}
+
+export async function previewTags(ctx: any) {
+  const cachedTags = previewState.getCachedTags()
+  if (cachedTags) {
+    ctx.body = { tags: cachedTags }
+    return
+  }
+
+  try {
+    appendPreviewActionLog('load tags with git ls-remote')
+    const tags = [{ name: PREVIEW_MAIN_REF, sha: '' }, ...await listPreviewTagsWithGitAsync()]
+    previewState.setTags(tags)
+    ctx.body = { tags }
+    return
+  } catch (gitErr: any) {
+    appendPreviewActionLog(`load tags with git failed: ${gitErr.message || String(gitErr)}`)
+  }
+
+  try {
+    appendPreviewActionLog('load tags with GitHub API')
+    const res = await fetch(`${getPreviewRepoApiUrl()}/tags?per_page=100`, {
+      headers: { 'User-Agent': 'hermes-web-ui-preview' },
+      signal: AbortSignal.timeout(15_000),
+    })
+    if (!res.ok) {
+      throw new Error(`GitHub API HTTP ${res.status}`)
+    }
+
+    const tags = await res.json() as Array<{ name?: string; commit?: { sha?: string } }>
+    const parsedTags = [
+      { name: PREVIEW_MAIN_REF, sha: '' },
+      ...tags
+      .filter((tag): tag is { name: string; commit?: { sha?: string } } => typeof tag.name === 'string' && Boolean(tag.name.trim()))
+      .map(tag => ({ name: tag.name, sha: tag.commit?.sha || '' })),
+    ]
+    previewState.setTags(parsedTags)
+    ctx.body = { tags: parsedTags }
+  } catch (apiErr: any) {
+    appendPreviewActionLog(`load tags failed: ${apiErr.message || String(apiErr)}`)
+    ctx.status = 502
+    ctx.body = previewPayload({ error: networkErrorMessage(apiErr) })
+  }
+}
+
+export async function preparePreview(ctx: any) {
+  try {
+    const tag = assertTagRef((ctx.request.body as any)?.tag)
+    const queued = queuePreviewAction('prepare', async () => {
+      appendPreviewActionLog(`prepare requested: ${tag}`)
+      await stopPreviewProcess()
+      await checkoutPreview(tag)
+      return { success: true }
+    })
+    if (!queued) {
+      previewActionAlreadyRunning(ctx)
+      return
+    }
+    previewActionAccepted(ctx)
+  } catch (err: any) {
+    appendPreviewActionLog(`prepare failed: ${errorMessage(err)}`)
+    ctx.status = 500
+    ctx.body = previewPayload({ success: false, message: errorMessage(err) })
+  }
+}
+
+export async function installPreview(ctx: any) {
+  const queued = queuePreviewAction('install', async () => {
+    appendPreviewActionLog('npm install requested')
+    await stopPreviewProcess()
+    assertPreviewPackage()
+    const output = await runNpmAsync(['install', '--include=dev', '--ignore-scripts'], {
+      cwd: getPreviewDir(),
+      timeout: 15 * 60 * 1000,
+      logLabel: 'npm install --include=dev --ignore-scripts',
+      env: getPreviewInstallEnv(),
+    })
+    if (existsSync(join(getPreviewDir(), 'node_modules', 'node-pty'))) {
+      await runNpmAsync(['rebuild', 'node-pty'], {
+        cwd: getPreviewDir(),
+        timeout: 5 * 60 * 1000,
+        logLabel: 'npm rebuild node-pty',
+        env: getPreviewInstallEnv(),
+      })
+    }
+    appendPreviewActionLog(`verify preview dependencies in: ${getPreviewDir()}`)
+    const missing = await getMissingPreviewDependencyBinsAsync()
+    if (missing.length) {
+      const message = `npm install completed but preview dependencies are still missing: ${missing.join(', ')}`
+      appendPreviewActionLog(message)
+      return { success: false, message }
+    }
+    return { success: true, message: output }
+  }, normalizeNodeToolError)
+  if (!queued) {
+    previewActionAlreadyRunning(ctx)
+    return
+  }
+  previewActionAccepted(ctx)
+}
+
+export async function startPreview(ctx: any) {
+  try {
+    const tag = (ctx.request.body as any)?.tag
+    const requestedTag = typeof tag === 'string' && tag.trim() ? assertTagRef(tag) : ''
+    const queued = queuePreviewAction('start', async () => {
+      appendPreviewActionLog(`npm run dev requested${requestedTag ? ` for ${requestedTag}` : ''}`)
+      if (requestedTag && requestedTag !== getCurrentPreviewTag() && previewState.process?.pid && !previewState.process.killed) {
+        await stopPreviewProcess()
+      }
+
+      if (requestedTag) {
+        const currentTag = getCurrentPreviewTag()
+        if (requestedTag === currentTag && existsSync(getPreviewPackagePath())) {
+          appendPreviewActionLog(`skip checkout, preview tag already prepared: ${requestedTag}`)
+          appendPreviewActionLog('apply preview runtime port patch')
+          applyPreviewRuntimePatch()
+        } else {
+          await checkoutPreview(requestedTag)
+        }
+      }
+      assertPreviewPackage()
+      const missingDependencies = await getMissingPreviewDependencyBinsAsync()
+      if (missingDependencies.length) {
+        const message = `Preview dependencies are not installed. Missing: ${missingDependencies.join(', ')}. Run npm install first.`
+        appendPreviewActionLog(`start blocked: ${message}`)
+        return { success: false, message }
+      }
+
+      if (previewState.process?.pid && !previewState.process.killed) {
+        appendPreviewActionLog('preview is already running')
+        return { success: true, message: 'Preview is already running' }
+      }
+
+      await assertPreviewPortsAvailable()
+
+      const env = {
+        ...getCurrentNodeEnv(),
+        NODE_ENV: 'development',
+        PORT: String(PREVIEW_BACKEND_PORT),
+        HERMES_WEB_UI_HOME: getPreviewHomeDir(),
+        HERMES_WEBUI_STATE_DIR: getPreviewHomeDir(),
+        HERMES_AGENT_BRIDGE_ENDPOINT: getPreviewAgentBridgeEndpoint(),
+        HERMES_AGENT_BRIDGE_WORKER_PORT_BASE: String(PREVIEW_AGENT_BRIDGE_WORKER_PORT_BASE),
+        AUTH_TOKEN: '',
+        HERMES_WEB_UI_BACKEND_PORT: String(PREVIEW_BACKEND_PORT),
+        HERMES_WEB_UI_FRONTEND_PORT: String(PREVIEW_FRONTEND_PORT),
+        VITE_HERMES_PREVIEW: '1',
+      }
+      const execution = npmExecution(['run', 'dev'], env)
+      const logFd = openPreviewLogFile()
+      appendPreviewActionLog(`spawn preview process: ${execution.command} ${execution.args.join(' ')}`)
+      previewState.process = spawn(execution.command, execution.args, {
+        cwd: getPreviewDir(),
+        detached: true,
+        stdio: ['ignore', logFd, logFd],
+        windowsHide: true,
+        env,
+      })
+      closeSync(logFd)
+      previewState.process.on('exit', () => {
+        appendPreviewActionLog('preview process exited')
+        previewState.process = null
+      })
+      previewState.process.on('error', (err) => {
+        console.error('[preview] failed:', err)
+        previewState.process = null
+      })
+      previewState.process.unref()
+
+      await waitForPreviewReady()
+
+      appendPreviewActionLog(`preview ready: ${PREVIEW_FRONTEND_URL}`)
+      return { success: true, message: 'Preview started' }
+    }, normalizeNodeToolError, async () => {
+      await stopPreviewProcess()
+    })
+    if (!queued) {
+      previewActionAlreadyRunning(ctx)
+      return
+    }
+    previewActionAccepted(ctx)
+  } catch (err: any) {
+    const normalized = normalizeNodeToolError(err)
+    appendPreviewActionLog(`npm run dev failed: ${normalized.message}`)
+    ctx.status = 500
+    ctx.body = previewPayload({ success: false, message: normalized.message, code: normalized.code })
+  }
+}
+
+export async function stopPreview(ctx: any) {
+  appendPreviewActionLog('stop preview requested')
+  await stopPreviewProcess()
+  ctx.body = previewPayload({ success: true })
+}
diff --git a/packages/server/src/controllers/upload.ts b/packages/server/src/controllers/upload.ts
new file mode 100644
index 0000000..ea80a3f
--- /dev/null
+++ b/packages/server/src/controllers/upload.ts
@@ -0,0 +1,70 @@
+import { randomBytes } from 'crypto'
+import { mkdir, writeFile } from 'fs/promises'
+import { join } from 'path'
+import { getActiveProfileName } from '../services/hermes/hermes-profile'
+import { getProfileUploadDir } from '../services/hermes/upload-paths'
+
+const MAX_UPLOAD_SIZE = 50 * 1024 * 1024 // 50MB
+
+function requestedProfile(ctx: any): string {
+  return ctx.state?.profile?.name || getActiveProfileName() || 'default'
+}
+
+export async function handleUpload(ctx: any) {
+  const contentType = ctx.get('content-type') || ''
+  if (!contentType.startsWith('multipart/form-data')) {
+    ctx.status = 400; ctx.body = { error: 'Expected multipart/form-data' }; return
+  }
+  const boundary = '--' + contentType.split('boundary=')[1]
+  if (!boundary || boundary === '--undefined') {
+    ctx.status = 400; ctx.body = { error: 'Missing boundary' }; return
+  }
+  const chunks: Buffer[] = []
+  let totalSize = 0
+  for await (const chunk of ctx.req) {
+    totalSize += chunk.length
+    if (totalSize > MAX_UPLOAD_SIZE) {
+      ctx.status = 413; ctx.body = { error: `File too large (max ${MAX_UPLOAD_SIZE / 1024 / 1024}MB)` }; return
+    }
+    chunks.push(chunk)
+  }
+  const raw = Buffer.concat(chunks)
+  const boundaryBuf = Buffer.from(boundary)
+  const parts = splitMultipart(raw, boundaryBuf)
+  const results: { name: string; path: string }[] = []
+  const uploadDir = getProfileUploadDir(requestedProfile(ctx))
+  await mkdir(uploadDir, { recursive: true })
+  for (const part of parts) {
+    const headerEnd = part.indexOf(Buffer.from('\r\n\r\n'))
+    if (headerEnd === -1) continue
+    const headerBuf = part.subarray(0, headerEnd)
+    const header = headerBuf.toString('utf-8')
+    const data = part.subarray(headerEnd + 4, part.length - 2)
+    let filename = ''
+    const filenameStarMatch = header.match(/filename\*=UTF-8''(.+)/i)
+    if (filenameStarMatch) { filename = decodeURIComponent(filenameStarMatch[1]) }
+    else {
+      const filenameMatch = header.match(/filename="([^"]+)"/)
+      if (!filenameMatch) continue
+      filename = filenameMatch[1]
+    }
+    const ext = filename.includes('.') ? '.' + filename.split('.').pop() : ''
+    const savedName = randomBytes(8).toString('hex') + ext
+    const savedPath = join(uploadDir, savedName)
+    await writeFile(savedPath, data)
+    results.push({ name: filename, path: savedPath })
+  }
+  ctx.body = { files: results }
+}
+
+function splitMultipart(raw: Buffer, boundary: Buffer): Buffer[] {
+  const parts: Buffer[] = []
+  let start = 0
+  while (true) {
+    const idx = raw.indexOf(boundary, start)
+    if (idx === -1) break
+    if (start > 0) { parts.push(raw.subarray(start + 2, idx)) }
+    start = idx + boundary.length
+  }
+  return parts
+}
diff --git a/packages/server/src/controllers/webhook.ts b/packages/server/src/controllers/webhook.ts
new file mode 100644
index 0000000..ac77729
--- /dev/null
+++ b/packages/server/src/controllers/webhook.ts
@@ -0,0 +1,12 @@
+import { logger } from '../services/logger'
+
+export async function handleWebhook(ctx: any) {
+  const payload = ctx.request.body
+  if (!payload || !payload.event) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing event field' }
+    return
+  }
+  logger.info('Received webhook event: %s', payload.event)
+  ctx.body = { ok: true }
+}
diff --git a/packages/server/src/db/hermes/compression-snapshot.ts b/packages/server/src/db/hermes/compression-snapshot.ts
new file mode 100644
index 0000000..62de36a
--- /dev/null
+++ b/packages/server/src/db/hermes/compression-snapshot.ts
@@ -0,0 +1,40 @@
+/**
+ * SQLite-backed compression snapshot store for 1:1 chat sessions.
+ *
+ * Stores the latest compression summary and the index of the last
+ * compressed message, so incremental compression can pick up where
+ * the previous one left off.
+ */
+
+import { isSqliteAvailable, getDb } from '../index'
+import { COMPRESSION_SNAPSHOT_TABLE as TABLE } from './schemas'
+
+export function getCompressionSnapshot(sessionId: string): { summary: string; lastMessageIndex: number; messageCountAtTime: number } | null {
+  if (!isSqliteAvailable()) return null
+  return getDb()!.prepare(
+    `SELECT summary, last_message_index AS lastMessageIndex, message_count_at_time AS messageCountAtTime FROM ${TABLE} WHERE session_id = ?`,
+  ).get(sessionId) as any ?? null
+}
+
+export function saveCompressionSnapshot(
+  sessionId: string,
+  summary: string,
+  lastMessageIndex: number,
+  messageCountAtTime: number,
+): void {
+  if (!isSqliteAvailable()) return
+  getDb()!.prepare(
+    `INSERT INTO ${TABLE} (session_id, summary, last_message_index, message_count_at_time, updated_at)
+     VALUES (?, ?, ?, ?, ?)
+     ON CONFLICT(session_id) DO UPDATE SET
+       summary = excluded.summary,
+       last_message_index = excluded.last_message_index,
+       message_count_at_time = excluded.message_count_at_time,
+       updated_at = excluded.updated_at`,
+  ).run(sessionId, summary, lastMessageIndex, messageCountAtTime, Date.now())
+}
+
+export function deleteCompressionSnapshot(sessionId: string): void {
+  if (!isSqliteAvailable()) return
+  getDb()!.prepare(`DELETE FROM ${TABLE} WHERE session_id = ?`).run(sessionId)
+}
diff --git a/packages/server/src/db/hermes/conversations-db.ts b/packages/server/src/db/hermes/conversations-db.ts
new file mode 100644
index 0000000..5acb5e1
--- /dev/null
+++ b/packages/server/src/db/hermes/conversations-db.ts
@@ -0,0 +1,537 @@
+import { join } from 'path'
+import { getActiveProfileDir } from '../../services/hermes/hermes-profile'
+import type {
+  ConversationDetail,
+  ConversationListOptions,
+  ConversationMessage,
+  ConversationSummary,
+} from '../../services/hermes/conversations'
+
+const SQLITE_AVAILABLE = (() => {
+  const [major, minor] = process.versions.node.split('.').map(Number)
+  return major > 22 || (major === 22 && minor >= 5)
+})()
+
+const LINEAGE_TOLERANCE_SECONDS = 3
+const LIVE_WINDOW_SECONDS = 300
+const DEFAULT_CONVERSATION_LIMIT = 200
+const SYNTHETIC_USER_PREFIXES = [
+  '[system:',
+  "you've reached the maximum number of tool-calling iterations allowed.",
+  'you have reached the maximum number of tool-calling iterations allowed.',
+]
+
+const VISIBLE_HUMAN_MESSAGE_SQL = `
+  m.content IS NOT NULL
+  AND m.content != ''
+  AND (
+    m.role = 'assistant'
+    OR (
+      m.role = 'user'
+      AND LOWER(m.content) NOT LIKE '[system:%'
+      AND LOWER(m.content) NOT LIKE 'you''ve reached the maximum number of tool-calling iterations allowed.%'
+      AND LOWER(m.content) NOT LIKE 'you have reached the maximum number of tool-calling iterations allowed.%'
+    )
+  )
+`
+
+interface ConversationSessionRow {
+  id: string
+  source: string
+  user_id: string | null
+  model: string
+  title: string | null
+  parent_session_id: string | null
+  started_at: number
+  ended_at: number | null
+  end_reason: string | null
+  message_count: number
+  tool_call_count: number
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  billing_provider: string | null
+  estimated_cost_usd: number
+  actual_cost_usd: number | null
+  cost_status: string
+  preview: string
+  last_active: number
+  has_visible_messages: boolean
+  is_active: boolean
+}
+
+function conversationDbPath(): string {
+  return join(getActiveProfileDir(), 'state.db')
+}
+
+function normalizeNumber(value: unknown, fallback = 0): number {
+  if (value == null || value === '') return fallback
+  const num = Number(value)
+  return Number.isFinite(num) ? num : fallback
+}
+
+function normalizeNullableNumber(value: unknown): number | null {
+  if (value == null || value === '') return null
+  const num = Number(value)
+  return Number.isFinite(num) ? num : null
+}
+
+function normalizeNullableString(value: unknown): string | null {
+  if (value == null || value === '') return null
+  return String(value)
+}
+
+function safeText(value: unknown): string {
+  if (typeof value === 'string') return value
+  if (typeof value === 'number' || typeof value === 'boolean') return String(value)
+  return ''
+}
+
+function textFromContent(value: unknown): string {
+  if (typeof value === 'string') {
+    const trimmed = value.trim()
+    if (trimmed && (trimmed.startsWith('{') || trimmed.startsWith('['))) {
+      try {
+        const parsed = JSON.parse(trimmed)
+        const nested = textFromContent(parsed)
+        if (nested) return nested
+      } catch {
+        // Fall back to the original string below.
+      }
+    }
+    return value
+  }
+  if (typeof value === 'number' || typeof value === 'boolean') return String(value)
+  if (Array.isArray(value)) {
+    return value
+      .map(item => textFromContent(item).trim())
+      .filter(Boolean)
+      .join('\n')
+  }
+  if (!value || typeof value !== 'object') return ''
+
+  const record = value as Record<string, unknown>
+  for (const key of ['text', 'content', 'value'] as const) {
+    const direct = record[key]
+    if (typeof direct === 'string') return direct
+    if (Array.isArray(direct)) {
+      const nested = textFromContent(direct)
+      if (nested) return nested
+    }
+  }
+
+  for (const key of ['parts', 'children', 'items'] as const) {
+    if (Array.isArray(record[key])) {
+      const nested = textFromContent(record[key])
+      if (nested) return nested
+    }
+  }
+
+  const flattened = Object.values(record)
+    .map(entry => textFromContent(entry).trim())
+    .filter(Boolean)
+    .join('\n')
+  if (flattened) return flattened
+
+  try {
+    return JSON.stringify(record)
+  } catch {
+    return ''
+  }
+}
+
+function normalizeText(value: unknown): string {
+  return textFromContent(value).replace(/\s+/g, ' ').trim().toLowerCase()
+}
+
+function excerpt(value: unknown, width = 80): string {
+  const text = textFromContent(value).replace(/\s+/g, ' ').trim()
+  if (!text) return ''
+  return text.length > width ? `${text.slice(0, width)}…` : text
+}
+
+function isSyntheticUserText(content: unknown): boolean {
+  const text = normalizeText(content)
+  return SYNTHETIC_USER_PREFIXES.some(prefix => text.startsWith(prefix))
+}
+
+function mapSessionRow(row: Record<string, unknown>, nowSeconds: number): ConversationSessionRow {
+  const startedAt = normalizeNumber(row.started_at)
+  const endedAt = normalizeNullableNumber(row.ended_at)
+  const preview = excerpt(row.preview || '')
+  const rawTitle = normalizeNullableString(row.title)
+  const title = rawTitle || (preview ? (preview.length > 40 ? `${preview.slice(0, 40)}...` : preview) : null)
+  const lastActive = normalizeNumber(row.last_active, startedAt)
+
+  return {
+    id: String(row.id || ''),
+    source: String(row.source || ''),
+    user_id: normalizeNullableString(row.user_id),
+    model: String(row.model || ''),
+    title,
+    parent_session_id: normalizeNullableString(row.parent_session_id),
+    started_at: startedAt,
+    ended_at: endedAt,
+    end_reason: normalizeNullableString(row.end_reason),
+    message_count: normalizeNumber(row.message_count),
+    tool_call_count: normalizeNumber(row.tool_call_count),
+    input_tokens: normalizeNumber(row.input_tokens),
+    output_tokens: normalizeNumber(row.output_tokens),
+    cache_read_tokens: normalizeNumber(row.cache_read_tokens),
+    cache_write_tokens: normalizeNumber(row.cache_write_tokens),
+    reasoning_tokens: normalizeNumber(row.reasoning_tokens),
+    billing_provider: normalizeNullableString(row.billing_provider),
+    estimated_cost_usd: normalizeNumber(row.estimated_cost_usd),
+    actual_cost_usd: normalizeNullableNumber(row.actual_cost_usd),
+    cost_status: String(row.cost_status || ''),
+    preview,
+    last_active: lastActive,
+    has_visible_messages: !!normalizeNumber(row.has_visible_messages),
+    is_active: endedAt == null && nowSeconds - lastActive <= LIVE_WINDOW_SECONDS,
+  }
+}
+
+function sortByRecency<T extends { last_active: number; started_at: number; id: string }>(items: T[]): T[] {
+  return [...items].sort((a, b) => {
+    if (b.last_active !== a.last_active) return b.last_active - a.last_active
+    if (b.started_at !== a.started_at) return b.started_at - a.started_at
+    return a.id.localeCompare(b.id)
+  })
+}
+
+function timingMatchesParent(parent: ConversationSessionRow | undefined, child: ConversationSessionRow | undefined): boolean {
+  if (!parent || !child || parent.ended_at == null) return false
+  return Math.abs(Number(child.started_at || 0) - Number(parent.ended_at || 0)) <= LINEAGE_TOLERANCE_SECONDS
+}
+
+function isCompressionEndReason(reason: string | null): boolean {
+  return reason === 'compression' || reason === 'compressed'
+}
+
+function continuationCandidates(parent: ConversationSessionRow, byId: Map<string, ConversationSessionRow>, childrenByParent: Map<string | null, string[]>): ConversationSessionRow[] {
+  const childIds = childrenByParent.get(parent.id) || []
+  return childIds
+    .map(childId => byId.get(childId))
+    .filter((child): child is ConversationSessionRow => !!child)
+    .filter(child => child.source !== 'tool')
+    .filter(child => child.source === parent.source)
+    .filter(child => timingMatchesParent(parent, child))
+    .sort((a, b) => {
+      const aDelta = Math.abs(Number(a.started_at || 0) - Number(parent.ended_at || 0))
+      const bDelta = Math.abs(Number(b.started_at || 0) - Number(parent.ended_at || 0))
+      if (aDelta !== bDelta) return aDelta - bDelta
+      return a.id.localeCompare(b.id)
+    })
+}
+
+function nextContinuationChild(parent: ConversationSessionRow, byId: Map<string, ConversationSessionRow>, childrenByParent: Map<string | null, string[]>): ConversationSessionRow | null {
+  if (!isCompressionEndReason(parent.end_reason)) return null
+  const candidates = continuationCandidates(parent, byId, childrenByParent)
+  if (candidates.length === 1) return candidates[0]
+
+  const exactPreviewMatches = candidates.filter(child => {
+    const childPreview = normalizeText(child.preview)
+    const parentPreview = normalizeText(parent.preview)
+    return !!childPreview && childPreview === parentPreview
+  })
+
+  if (exactPreviewMatches.length === 1) return exactPreviewMatches[0]
+  return null
+}
+
+function isCompressionContinuationChild(session: ConversationSessionRow | undefined, byId: Map<string, ConversationSessionRow>, childrenByParent: Map<string | null, string[]>): boolean {
+  if (!session?.parent_session_id) return false
+  const parent = byId.get(session.parent_session_id)
+  if (!parent) return false
+  return nextContinuationChild(parent, byId, childrenByParent)?.id === session.id
+}
+
+function compressionChainRootId(sessionId: string, byId: Map<string, ConversationSessionRow>, childrenByParent: Map<string | null, string[]>): string | null {
+  let current = byId.get(sessionId) || null
+  if (!current || current.source === 'tool') return null
+
+  const seen = new Set<string>()
+  while (current?.parent_session_id && !seen.has(current.id)) {
+    seen.add(current.id)
+    const parent = byId.get(current.parent_session_id)
+    if (!parent) break
+    if (nextContinuationChild(parent, byId, childrenByParent)?.id !== current.id) break
+    current = parent
+  }
+  return current?.id || null
+}
+
+function isVisibleConversationStart(session: ConversationSessionRow | undefined, byId: Map<string, ConversationSessionRow>, childrenByParent: Map<string | null, string[]>): boolean {
+  if (!session || session.source === 'tool') return false
+  return !isCompressionContinuationChild(session, byId, childrenByParent)
+}
+
+function collectConversationChain(rootId: string, byId: Map<string, ConversationSessionRow>, childrenByParent: Map<string | null, string[]>): ConversationSessionRow[] {
+  const chain: ConversationSessionRow[] = []
+  const seen = new Set<string>()
+  let current = byId.get(rootId) || null
+  while (current && !seen.has(current.id)) {
+    chain.push(current)
+    seen.add(current.id)
+    current = nextContinuationChild(current, byId, childrenByParent)
+  }
+  return chain
+}
+
+function toSummary(session: ConversationSessionRow): ConversationSummary {
+  return {
+    id: session.id,
+    source: safeText(session.source),
+    model: safeText(session.model),
+    title: session.title ?? null,
+    started_at: Number(session.started_at || 0),
+    ended_at: session.ended_at ?? null,
+    last_active: session.last_active,
+    message_count: Number(session.message_count || 0),
+    tool_call_count: Number(session.tool_call_count || 0),
+    input_tokens: Number(session.input_tokens || 0),
+    output_tokens: Number(session.output_tokens || 0),
+    cache_read_tokens: Number(session.cache_read_tokens || 0),
+    cache_write_tokens: Number(session.cache_write_tokens || 0),
+    reasoning_tokens: Number(session.reasoning_tokens || 0),
+    billing_provider: session.billing_provider ?? null,
+    estimated_cost_usd: Number(session.estimated_cost_usd || 0),
+    actual_cost_usd: session.actual_cost_usd ?? null,
+    cost_status: safeText(session.cost_status),
+    preview: session.preview,
+    is_active: session.is_active,
+    thread_session_count: 1,
+  }
+}
+
+function aggregateSummary(rootId: string, byId: Map<string, ConversationSessionRow>, childrenByParent: Map<string | null, string[]>): ConversationSummary | null {
+  const chain = collectConversationChain(rootId, byId, childrenByParent)
+  if (!chain.length || !chain.some(session => session.has_visible_messages)) return null
+  const root = chain[0]
+  const last = chain[chain.length - 1]
+  const firstPreview = chain.map(session => session.preview).find(Boolean) || ''
+  const costStatuses = Array.from(new Set(chain.map(session => safeText(session.cost_status)).filter(Boolean)))
+
+  return {
+    ...toSummary(last),
+    title: last.title || root.title || firstPreview || null,
+    preview: last.preview || root.preview || firstPreview,
+    started_at: Number(root.started_at || 0),
+    ended_at: last?.ended_at ?? null,
+    last_active: Math.max(...chain.map(session => session.last_active)),
+    is_active: chain.some(session => session.is_active),
+    billing_provider: last?.billing_provider ?? root.billing_provider ?? null,
+    cost_status: costStatuses.length === 1 ? costStatuses[0] : 'mixed',
+    thread_session_count: chain.length,
+    message_count: chain.reduce((sum, session) => sum + Number(session.message_count || 0), 0),
+    tool_call_count: chain.reduce((sum, session) => sum + Number(session.tool_call_count || 0), 0),
+    input_tokens: chain.reduce((sum, session) => sum + Number(session.input_tokens || 0), 0),
+    output_tokens: chain.reduce((sum, session) => sum + Number(session.output_tokens || 0), 0),
+    cache_read_tokens: chain.reduce((sum, session) => sum + Number(session.cache_read_tokens || 0), 0),
+    cache_write_tokens: chain.reduce((sum, session) => sum + Number(session.cache_write_tokens || 0), 0),
+    reasoning_tokens: chain.reduce((sum, session) => sum + Number(session.reasoning_tokens || 0), 0),
+    estimated_cost_usd: chain.reduce((sum, session) => sum + Number(session.estimated_cost_usd || 0), 0),
+    actual_cost_usd: chain.reduce<number | null>((sum, session) => {
+      const actual = session.actual_cost_usd
+      if (actual == null) return sum
+      return (sum || 0) + Number(actual)
+    }, null),
+  }
+}
+
+function normalizeVisibleMessage(message: { id: number | string, session_id: string, role: string, content: unknown, timestamp: number }, fallbackTimestamp: number): ConversationMessage | null {
+  const role = safeText(message.role)
+  const content = textFromContent(message.content).trim()
+  if (!content) return null
+  if (role !== 'user' && role !== 'assistant') return null
+  if (role === 'user' && isSyntheticUserText(content)) return null
+
+  return {
+    id: message.id,
+    session_id: message.session_id,
+    role,
+    content,
+    timestamp: Number.isFinite(Number(message.timestamp)) && Number(message.timestamp) > 0
+      ? Number(message.timestamp)
+      : fallbackTimestamp,
+  }
+}
+
+async function openConversationDb() {
+  if (!SQLITE_AVAILABLE) {
+    throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`)
+  }
+
+  const { DatabaseSync } = await import('node:sqlite')
+  return new DatabaseSync(conversationDbPath(), { open: true, readOnly: true })
+}
+
+function buildConversationSessionSql(source?: string): { sql: string, params: any[] } {
+  const sql = `
+    SELECT
+      s.id,
+      s.source,
+      COALESCE(s.user_id, '') AS user_id,
+      COALESCE(s.model, '') AS model,
+      COALESCE(s.title, '') AS title,
+      s.parent_session_id AS parent_session_id,
+      COALESCE(s.started_at, 0) AS started_at,
+      s.ended_at AS ended_at,
+      COALESCE(s.end_reason, '') AS end_reason,
+      COALESCE(s.message_count, 0) AS message_count,
+      COALESCE(s.tool_call_count, 0) AS tool_call_count,
+      COALESCE(s.input_tokens, 0) AS input_tokens,
+      COALESCE(s.output_tokens, 0) AS output_tokens,
+      COALESCE(s.cache_read_tokens, 0) AS cache_read_tokens,
+      COALESCE(s.cache_write_tokens, 0) AS cache_write_tokens,
+      COALESCE(s.reasoning_tokens, 0) AS reasoning_tokens,
+      COALESCE(s.billing_provider, '') AS billing_provider,
+      COALESCE(s.estimated_cost_usd, 0) AS estimated_cost_usd,
+      s.actual_cost_usd AS actual_cost_usd,
+      COALESCE(s.cost_status, '') AS cost_status,
+      COALESCE(
+        (
+          SELECT SUBSTR(REPLACE(REPLACE(m.content, CHAR(10), ' '), CHAR(13), ' '), 1, 80)
+          FROM messages m
+          WHERE m.session_id = s.id
+            AND ${VISIBLE_HUMAN_MESSAGE_SQL}
+          ORDER BY m.timestamp, m.id
+          LIMIT 1
+        ),
+        ''
+      ) AS preview,
+      COALESCE((SELECT MAX(m2.timestamp) FROM messages m2 WHERE m2.session_id = s.id), s.started_at) AS last_active,
+      CASE WHEN EXISTS (
+        SELECT 1
+        FROM messages m
+        WHERE m.session_id = s.id
+          AND ${VISIBLE_HUMAN_MESSAGE_SQL}
+      ) THEN 1 ELSE 0 END AS has_visible_messages
+    FROM sessions s
+    WHERE s.source != 'tool'
+      ${source ? 'AND s.source = ?' : ''}
+    ORDER BY s.started_at DESC
+  `
+
+  return { sql, params: source ? [source] : [] }
+}
+
+async function loadConversationSessions(source?: string): Promise<ConversationSessionRow[]> {
+  const db = await openConversationDb()
+  try {
+    const { sql, params } = buildConversationSessionSql(source)
+    const rows = db.prepare(sql).all(...params) as Record<string, unknown>[]
+    const nowSeconds = Date.now() / 1000
+    return rows.map(row => mapSessionRow(row, nowSeconds))
+  } finally {
+    db.close()
+  }
+}
+
+export async function listConversationSummariesFromDb(options: ConversationListOptions = {}): Promise<ConversationSummary[]> {
+  const humanOnly = options.humanOnly !== false
+  const limit = options.limit && options.limit > 0 ? options.limit : DEFAULT_CONVERSATION_LIMIT
+  const sessions = await loadConversationSessions(options.source)
+  const byId = new Map(sessions.map(session => [session.id, session]))
+  const childrenByParent = new Map<string | null, string[]>()
+  for (const session of sessions) {
+    const key = session.parent_session_id ?? null
+    const siblings = childrenByParent.get(key) || []
+    siblings.push(session.id)
+    childrenByParent.set(key, siblings)
+  }
+
+  if (!humanOnly) {
+    return sortByRecency(sessions.map(toSummary)).slice(0, limit)
+  }
+
+  const summaries = sessions
+    .filter(session => isVisibleConversationStart(session, byId, childrenByParent))
+    .map(session => aggregateSummary(session.id, byId, childrenByParent))
+    .filter((summary): summary is ConversationSummary => !!summary)
+
+  return sortByRecency(summaries).slice(0, limit)
+}
+
+export async function getConversationDetailFromDb(sessionId: string, options: ConversationListOptions = {}): Promise<ConversationDetail | null> {
+  const humanOnly = options.humanOnly !== false
+  const sessions = await loadConversationSessions(options.source)
+  const byId = new Map(sessions.map(session => [session.id, session]))
+  const childrenByParent = new Map<string | null, string[]>()
+  for (const session of sessions) {
+    const key = session.parent_session_id ?? null
+    const siblings = childrenByParent.get(key) || []
+    siblings.push(session.id)
+    childrenByParent.set(key, siblings)
+  }
+
+  let chain: ConversationSessionRow[] = []
+  if (!humanOnly) {
+    const session = byId.get(sessionId)
+    if (!session || session.source === 'tool') return null
+    chain = [session]
+  } else {
+    const session = byId.get(sessionId)
+    if (!session || session.source === 'tool') return null
+    const rootId = compressionChainRootId(sessionId, byId, childrenByParent)
+    if (!rootId) return null
+    if (!isVisibleConversationStart(byId.get(rootId), byId, childrenByParent)) return null
+    chain = collectConversationChain(rootId, byId, childrenByParent)
+  }
+
+  if (!chain.length) return null
+
+  const db = await openConversationDb()
+  try {
+    const ids = chain.map(session => session.id)
+    const placeholders = ids.map(() => '?').join(', ')
+    const rows = db.prepare(`
+      SELECT id, session_id, role, content, timestamp
+      FROM messages
+      WHERE session_id IN (${placeholders})
+        AND role IN ('user', 'assistant')
+        AND content IS NOT NULL
+        AND content != ''
+      ORDER BY timestamp, id
+    `).all(...ids) as Array<Record<string, unknown>>
+
+    const sessionById = new Map(chain.map(session => [session.id, session]))
+    const messages = rows
+      .map(row => {
+        const session = sessionById.get(String(row.session_id || ''))
+        return normalizeVisibleMessage({
+          id: row.id as number | string,
+          session_id: String(row.session_id || ''),
+          role: String(row.role || ''),
+          content: row.content,
+          timestamp: normalizeNumber(row.timestamp),
+        }, session?.last_active || session?.started_at || 0)
+      })
+      .filter((message): message is ConversationMessage => !!message)
+      .sort((a, b) => {
+        if (a.timestamp !== b.timestamp) return a.timestamp - b.timestamp
+        return String(a.id).localeCompare(String(b.id))
+      })
+
+    if (!messages.length) {
+      return humanOnly
+        ? null
+        : {
+            session_id: sessionId,
+            messages: [],
+            visible_count: 0,
+            thread_session_count: chain.length,
+          }
+    }
+    return {
+      session_id: sessionId,
+      messages,
+      visible_count: messages.length,
+      thread_session_count: chain.length,
+    }
+  } finally {
+    db.close()
+  }
+}
diff --git a/packages/server/src/db/hermes/init.ts b/packages/server/src/db/hermes/init.ts
new file mode 100644
index 0000000..0f5f754
--- /dev/null
+++ b/packages/server/src/db/hermes/init.ts
@@ -0,0 +1,14 @@
+/**
+ * Unified initializer for all Hermes SQLite stores.
+ * Call this once at bootstrap to create/migrate all tables.
+ *
+ * All table schemas, creation, and migration logic are now centralized
+ * in schemas.ts to avoid duplication and ensure consistency.
+ */
+
+import { initAllHermesTables } from './schemas'
+
+export function initAllStores(): void {
+  // Initialize all tables with centralized schema definitions and migrations
+  initAllHermesTables()
+}
diff --git a/packages/server/src/db/hermes/message-content.ts b/packages/server/src/db/hermes/message-content.ts
new file mode 100644
index 0000000..8b0b377
--- /dev/null
+++ b/packages/server/src/db/hermes/message-content.ts
@@ -0,0 +1,104 @@
+const IMAGE_PART_TYPES = new Set(['image', 'image_url', 'input_image'])
+const DATA_IMAGE_RE = /data:image\/[a-zA-Z0-9.+-]+;base64,[A-Za-z0-9+/=\r\n]+/g
+
+function isPlainRecord(value: unknown): value is Record<string, unknown> {
+  return value !== null && typeof value === 'object' && !Array.isArray(value)
+}
+
+function isContentPart(value: unknown): value is Record<string, unknown> {
+  return isPlainRecord(value) && typeof value.type === 'string'
+}
+
+function summarizeContentParts(parts: unknown[]): string | null {
+  let sawContentPart = false
+  const text: string[] = []
+
+  for (const part of parts) {
+    if (!isContentPart(part)) continue
+    const type = String(part.type)
+    if (type === 'text') {
+      sawContentPart = true
+      const value = part.text
+      if (value != null) text.push(String(value))
+    } else if (IMAGE_PART_TYPES.has(type)) {
+      sawContentPart = true
+      text.push('[screenshot]')
+    }
+  }
+
+  return sawContentPart ? text.filter(Boolean).join('\n') : null
+}
+
+function summarizeMultimodalEnvelope(value: Record<string, unknown>): string | null {
+  if (value._multimodal !== true && !Array.isArray(value.content)) return null
+  const parts = Array.isArray(value.content) ? value.content : []
+  if (!parts.length) return null
+  return summarizeContentParts(parts)
+}
+
+function redactDataImages(value: unknown): unknown {
+  if (typeof value === 'string') return value.replace(DATA_IMAGE_RE, '[screenshot]')
+  if (Array.isArray(value)) return value.map(redactDataImages)
+  if (!isPlainRecord(value)) return value
+
+  const cleaned: Record<string, unknown> = {}
+  for (const [key, child] of Object.entries(value)) {
+    cleaned[key] = redactDataImages(child)
+  }
+  return cleaned
+}
+
+function summarizeKnownMultimodalContent(value: unknown): string | null {
+  if (Array.isArray(value)) {
+    return summarizeContentParts(value)
+  }
+
+  if (isPlainRecord(value)) {
+    return summarizeMultimodalEnvelope(value)
+  }
+
+  return null
+}
+
+function serializeStructuredMessageContent(value: unknown): string | null {
+  const summary = summarizeKnownMultimodalContent(value)
+  if (summary != null) return summary
+  if (Array.isArray(value) || isPlainRecord(value)) return JSON.stringify(redactDataImages(value))
+  return null
+}
+
+function shouldTryParseStructuredString(value: string): boolean {
+  const trimmed = value.trim()
+  if (!trimmed || (!trimmed.startsWith('{') && !trimmed.startsWith('['))) return false
+  if (trimmed.includes('_multimodal') || trimmed.includes('data:image/')) return true
+  return (
+    trimmed.includes('"image_url"') ||
+    trimmed.includes('"input_image"') ||
+    trimmed.includes('"type":"image"') ||
+    trimmed.includes('"type": "image"')
+  )
+}
+
+export function normalizeMessageContentForStorage(content: unknown): string {
+  if (typeof content === 'string') {
+    if (shouldTryParseStructuredString(content)) {
+      try {
+        const parsed = JSON.parse(content.trim())
+        const summary = summarizeKnownMultimodalContent(parsed)
+        if (summary != null) return summary
+        return JSON.stringify(redactDataImages(parsed))
+      } catch {
+        // Fall back to direct redaction below.
+      }
+    }
+    return content.replace(DATA_IMAGE_RE, '[screenshot]')
+  }
+
+  const normalized = serializeStructuredMessageContent(content)
+  if (normalized != null) return normalized
+  return String(content ?? '')
+}
+
+export function normalizeMessageContentForStorageRole(role: string | undefined | null, content: string): string {
+  return role === 'user' ? content : normalizeMessageContentForStorage(content)
+}
diff --git a/packages/server/src/db/hermes/schemas.ts b/packages/server/src/db/hermes/schemas.ts
new file mode 100644
index 0000000..4bb9bed
--- /dev/null
+++ b/packages/server/src/db/hermes/schemas.ts
@@ -0,0 +1,395 @@
+/**
+ * Centralized schema definitions for all Hermes SQLite tables.
+ * All table schemas are defined here for unified management and migration.
+ */
+
+// ============================================================================
+// Usage Store (usage-store.ts)
+// ============================================================================
+
+export const USAGE_TABLE = 'session_usage'
+
+export const USAGE_SCHEMA: Record<string, string> = {
+  id: 'INTEGER PRIMARY KEY AUTOINCREMENT',
+  session_id: 'TEXT NOT NULL',
+  input_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  output_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  cache_read_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  cache_write_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  reasoning_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  model: "TEXT NOT NULL DEFAULT ''",
+  profile: "TEXT NOT NULL DEFAULT 'default'",
+  created_at: 'INTEGER NOT NULL DEFAULT 0',
+}
+
+// ============================================================================
+// Session Store (session-store.ts)
+// ============================================================================
+
+export const SESSIONS_TABLE = 'sessions'
+
+export const SESSIONS_SCHEMA: Record<string, string> = {
+  id: 'TEXT PRIMARY KEY',
+  profile: 'TEXT NOT NULL DEFAULT \'default\'',
+  source: 'TEXT NOT NULL DEFAULT \'api_server\'',
+  user_id: 'TEXT',
+  model: 'TEXT NOT NULL DEFAULT \'\'',
+  provider: 'TEXT NOT NULL DEFAULT \'\'',
+  title: 'TEXT',
+  started_at: 'INTEGER NOT NULL',
+  ended_at: 'INTEGER',
+  end_reason: 'TEXT',
+  message_count: 'INTEGER NOT NULL DEFAULT 0',
+  tool_call_count: 'INTEGER NOT NULL DEFAULT 0',
+  input_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  output_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  cache_read_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  cache_write_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  reasoning_tokens: 'INTEGER NOT NULL DEFAULT 0',
+  billing_provider: 'TEXT',
+  estimated_cost_usd: 'REAL NOT NULL DEFAULT 0',
+  actual_cost_usd: 'REAL',
+  cost_status: 'TEXT NOT NULL DEFAULT \'\'',
+  preview: 'TEXT NOT NULL DEFAULT \'\'',
+  last_active: 'INTEGER NOT NULL',
+  workspace: 'TEXT',
+}
+
+export const MESSAGES_TABLE = 'messages'
+
+export const MESSAGES_SCHEMA: Record<string, string> = {
+  id: 'INTEGER PRIMARY KEY AUTOINCREMENT',
+  session_id: 'TEXT NOT NULL',
+  role: 'TEXT NOT NULL',
+  content: 'TEXT NOT NULL DEFAULT \'\'',
+  tool_call_id: 'TEXT',
+  tool_calls: 'TEXT',
+  tool_name: 'TEXT',
+  timestamp: 'INTEGER NOT NULL',
+  token_count: 'INTEGER',
+  finish_reason: 'TEXT',
+  reasoning: 'TEXT',
+  reasoning_details: 'TEXT',
+  reasoning_content: 'TEXT',
+}
+
+export const MESSAGES_INDEX = 'CREATE INDEX IF NOT EXISTS idx_messages_session_id ON messages(session_id)'
+
+// ============================================================================
+// Compression Snapshot (compression-snapshot.ts)
+// ============================================================================
+
+export const COMPRESSION_SNAPSHOT_TABLE = 'chat_compression_snapshots'
+
+export const COMPRESSION_SNAPSHOT_SCHEMA: Record<string, string> = {
+  session_id: 'TEXT PRIMARY KEY',
+  summary: 'TEXT NOT NULL DEFAULT \'\'',
+  last_message_index: 'INTEGER NOT NULL DEFAULT 0',
+  message_count_at_time: 'INTEGER NOT NULL DEFAULT 0',
+  updated_at: 'INTEGER NOT NULL',
+}
+
+// ============================================================================
+// Model Context (model-context.ts)
+// ============================================================================
+
+export const MODEL_CONTEXT_TABLE = 'model_context'
+
+export const MODEL_CONTEXT_SCHEMA: Record<string, string> = {
+  id: 'INTEGER PRIMARY KEY AUTOINCREMENT',
+  provider: 'TEXT NOT NULL',
+  model: 'TEXT NOT NULL',
+  context_limit: 'INTEGER NOT NULL',
+}
+
+export const MODEL_CONTEXT_INDEX = 'CREATE UNIQUE INDEX IF NOT EXISTS idx_model_context_provider_model ON model_context(provider, model)'
+
+// ============================================================================
+// Users and Profile Access
+// ============================================================================
+
+export const USERS_TABLE = 'users'
+
+export const USERS_SCHEMA: Record<string, string> = {
+  id: 'INTEGER PRIMARY KEY AUTOINCREMENT',
+  username: 'TEXT NOT NULL UNIQUE',
+  password_hash: 'TEXT NOT NULL',
+  role: "TEXT NOT NULL DEFAULT 'admin'",
+  status: "TEXT NOT NULL DEFAULT 'active'",
+  created_at: 'INTEGER NOT NULL',
+  updated_at: 'INTEGER NOT NULL',
+  last_login_at: 'INTEGER',
+}
+
+export const USER_PROFILES_TABLE = 'user_profiles'
+
+export const USER_PROFILES_SCHEMA: Record<string, string> = {
+  user_id: 'INTEGER NOT NULL',
+  profile_name: "TEXT NOT NULL DEFAULT 'default'",
+  is_default: 'INTEGER NOT NULL DEFAULT 0',
+  created_at: 'INTEGER NOT NULL',
+}
+
+export const USER_PROFILES_INDEXES = {
+  idx_user_profiles_user: 'CREATE INDEX IF NOT EXISTS idx_user_profiles_user ON user_profiles(user_id)',
+  idx_user_profiles_profile: 'CREATE INDEX IF NOT EXISTS idx_user_profiles_profile ON user_profiles(profile_name)',
+  idx_user_profiles_default: 'CREATE UNIQUE INDEX IF NOT EXISTS idx_user_profiles_default ON user_profiles(user_id) WHERE is_default = 1',
+}
+
+// ============================================================================
+// Group Chat (services/hermes/group-chat/index.ts)
+// ============================================================================
+
+export const GC_ROOMS_TABLE = 'gc_rooms'
+
+export const GC_ROOMS_SCHEMA: Record<string, string> = {
+  id: 'TEXT PRIMARY KEY',
+  name: 'TEXT NOT NULL',
+  inviteCode: 'TEXT UNIQUE',
+  triggerTokens: 'INTEGER NOT NULL DEFAULT 100000',
+  maxHistoryTokens: 'INTEGER NOT NULL DEFAULT 32000',
+  tailMessageCount: 'INTEGER NOT NULL DEFAULT 10',
+  totalTokens: 'INTEGER NOT NULL DEFAULT 0',
+  sessionSeed: "TEXT NOT NULL DEFAULT '0'",
+}
+
+export const GC_MESSAGES_TABLE = 'gc_messages'
+
+export const GC_MESSAGES_SCHEMA: Record<string, string> = {
+  id: 'TEXT PRIMARY KEY',
+  roomId: 'TEXT NOT NULL',
+  senderId: 'TEXT NOT NULL',
+  senderName: 'TEXT NOT NULL',
+  content: 'TEXT NOT NULL',
+  timestamp: 'INTEGER NOT NULL',
+  role: "TEXT NOT NULL DEFAULT 'user'",
+  tool_call_id: 'TEXT',
+  tool_calls: 'TEXT',
+  tool_name: 'TEXT',
+  finish_reason: 'TEXT',
+  reasoning: 'TEXT',
+  reasoning_details: 'TEXT',
+  reasoning_content: 'TEXT',
+}
+
+export const GC_ROOM_AGENTS_TABLE = 'gc_room_agents'
+
+export const GC_ROOM_AGENTS_SCHEMA: Record<string, string> = {
+  id: 'TEXT PRIMARY KEY',
+  roomId: 'TEXT NOT NULL',
+  agentId: 'TEXT NOT NULL',
+  profile: 'TEXT NOT NULL',
+  name: 'TEXT NOT NULL',
+  description: "TEXT NOT NULL DEFAULT ''",
+  invited: 'INTEGER NOT NULL DEFAULT 0',
+}
+
+export const GC_CONTEXT_SNAPSHOTS_TABLE = 'gc_context_snapshots'
+
+export const GC_CONTEXT_SNAPSHOTS_SCHEMA: Record<string, string> = {
+  roomId: 'TEXT PRIMARY KEY',
+  summary: 'TEXT NOT NULL DEFAULT \'\'',
+  lastMessageId: 'TEXT NOT NULL',
+  lastMessageTimestamp: 'INTEGER NOT NULL',
+  updatedAt: 'INTEGER NOT NULL',
+}
+
+export const GC_ROOM_MEMBERS_TABLE = 'gc_room_members'
+
+export const GC_ROOM_MEMBERS_SCHEMA: Record<string, string> = {
+  id: 'TEXT PRIMARY KEY',
+  roomId: 'TEXT NOT NULL',
+  userId: 'TEXT NOT NULL',
+  userName: 'TEXT NOT NULL',
+  description: "TEXT NOT NULL DEFAULT ''",
+  joinedAt: 'INTEGER NOT NULL',
+  updatedAt: 'INTEGER NOT NULL',
+}
+
+export const GC_PENDING_SESSION_DELETES_TABLE = 'gc_pending_session_deletes'
+
+export const GC_PENDING_SESSION_DELETES_SCHEMA: Record<string, string> = {
+  session_id: 'TEXT PRIMARY KEY',
+  profile_name: 'TEXT NOT NULL',
+  status: "TEXT NOT NULL DEFAULT 'pending'",
+  attempt_count: 'INTEGER NOT NULL DEFAULT 0',
+  last_error: 'TEXT',
+  created_at: 'INTEGER NOT NULL',
+  updated_at: 'INTEGER NOT NULL',
+  next_attempt_at: 'INTEGER NOT NULL DEFAULT 0',
+}
+
+export const GC_SESSION_PROFILES_TABLE = 'gc_session_profiles'
+
+export const GC_SESSION_PROFILES_SCHEMA: Record<string, string> = {
+  session_id: 'TEXT PRIMARY KEY',
+  room_id: 'TEXT NOT NULL',
+  agent_id: 'TEXT NOT NULL',
+  profile_name: 'TEXT NOT NULL',
+  created_at: 'INTEGER NOT NULL',
+}
+
+// ============================================================================
+// Schema Sync Utilities
+// ============================================================================
+
+import { getDb, getStoragePath } from '../index'
+
+function quoteIdentifier(identifier: string): string {
+  return `"${identifier.replace(/"/g, '""')}"`
+}
+
+/**
+ * 检查表是否存在
+ */
+function tableExists(db: NonNullable<ReturnType<typeof getDb>>, tableName: string): boolean {
+  const result = db.prepare(
+    `SELECT name FROM sqlite_master WHERE type='table' AND name=?`
+  ).get(tableName)
+  return !!result
+}
+
+/**
+ * 创建表（带完整 schema）
+ */
+function createTable(
+  db: NonNullable<ReturnType<typeof getDb>>,
+  tableName: string,
+  schema: Record<string, string>,
+  primaryKey?: string
+): void {
+  const colDefs = Object.entries(schema).map(([col, def]) => `${quoteIdentifier(col)} ${def}`)
+
+  // 只在 schema 中没有主键时才添加复合主键
+  const hasPrimaryKeyInSchema = Object.values(schema).some((def) =>
+    def.toUpperCase().includes("PRIMARY KEY")
+  )
+
+  if (primaryKey && !hasPrimaryKeyInSchema) {
+    colDefs.push(`PRIMARY KEY (${primaryKey})`)
+  }
+
+  db.exec(`CREATE TABLE ${quoteIdentifier(tableName)} (${colDefs.join(', ')})`)
+}
+
+function canAddColumnToExistingTable(schemaDef: string): boolean {
+  const normalized = schemaDef.toUpperCase()
+  if (normalized.includes('PRIMARY KEY')) return false
+  if (normalized.includes('NOT NULL') && !normalized.includes('DEFAULT')) return false
+  return true
+}
+
+function addMissingSafeColumns(
+  db: NonNullable<ReturnType<typeof getDb>>,
+  tableName: string,
+  schema: Record<string, string>,
+): void {
+  const columns = db.prepare(`PRAGMA table_info(${quoteIdentifier(tableName)})`).all() as Array<{ name: string }>
+  const existingColumns = new Set(columns.map(col => col.name))
+
+  for (const [columnName, columnDef] of Object.entries(schema)) {
+    if (existingColumns.has(columnName)) continue
+    if (!canAddColumnToExistingTable(columnDef)) {
+      console.warn(`[Schema] ${tableName}.${columnName} cannot be added safely to existing table; skipping`)
+      continue
+    }
+    db.exec(`ALTER TABLE ${quoteIdentifier(tableName)} ADD COLUMN ${quoteIdentifier(columnName)} ${columnDef}`)
+  }
+}
+
+/**
+ * 主同步函数
+ * - 表不存在：创建
+ * - 表存在：只追加安全的新列，不删除、不重建、不修改主键/类型
+ */
+export function syncTable(
+  tableName: string,
+  schema: Record<string, string>,
+  options?: {
+    primaryKey?: string  // 主键定义，如 "roomId, agentId" 或 "id"
+    indexes?: Record<string, string>  // 索引定义
+  }
+): void {
+  const db = getDb()
+  if (!db) return
+
+  // 1. 表不存在 → 直接创建
+  if (!tableExists(db, tableName)) {
+    createTable(db, tableName, schema, options?.primaryKey)
+
+    // 创建索引
+    if (options?.indexes) {
+      for (const indexSQL of Object.values(options.indexes)) {
+        db.exec(indexSQL)
+      }
+    }
+    return
+  }
+
+  addMissingSafeColumns(db, tableName, schema)
+}
+
+// ============================================================================
+// Unified Initializer
+// ============================================================================
+
+/**
+ * Initialize missing Hermes SQLite tables with proper schemas.
+ * Existing tables only receive safe additive columns.
+ * Call this once at application bootstrap.
+ */
+export function initAllHermesTables(): void {
+  const db = getDb()
+  if (!db) return
+
+  try {
+    // Usage store
+    syncTable(USAGE_TABLE, USAGE_SCHEMA, { primaryKey: 'id' })
+
+    // Session store
+    syncTable(SESSIONS_TABLE, SESSIONS_SCHEMA)
+    syncTable(MESSAGES_TABLE, MESSAGES_SCHEMA)
+    db.exec(MESSAGES_INDEX)
+
+    // Compression snapshot
+    syncTable(COMPRESSION_SNAPSHOT_TABLE, COMPRESSION_SNAPSHOT_SCHEMA)
+
+    // Model context
+    syncTable(MODEL_CONTEXT_TABLE, MODEL_CONTEXT_SCHEMA, {
+      indexes: {
+        idx_model_context_provider_model: MODEL_CONTEXT_INDEX,
+      }
+    })
+
+    // Users and profile access
+    syncTable(USERS_TABLE, USERS_SCHEMA)
+    syncTable(USER_PROFILES_TABLE, USER_PROFILES_SCHEMA, {
+      primaryKey: 'user_id, profile_name',
+      indexes: USER_PROFILES_INDEXES,
+    })
+
+    // Group chat - basic tables
+    syncTable(GC_ROOMS_TABLE, GC_ROOMS_SCHEMA)
+    syncTable(GC_MESSAGES_TABLE, GC_MESSAGES_SCHEMA)
+    syncTable(GC_CONTEXT_SNAPSHOTS_TABLE, GC_CONTEXT_SNAPSHOTS_SCHEMA)
+    syncTable(GC_PENDING_SESSION_DELETES_TABLE, GC_PENDING_SESSION_DELETES_SCHEMA)
+    syncTable(GC_SESSION_PROFILES_TABLE, GC_SESSION_PROFILES_SCHEMA)
+
+    // Group chat - single-column primary key tables (PRIMARY KEY in column definition)
+    syncTable(GC_ROOM_AGENTS_TABLE, GC_ROOM_AGENTS_SCHEMA, {
+      indexes: {
+        idx_gc_room_agents_profile: 'CREATE INDEX idx_gc_room_agents_profile ON gc_room_agents(profile)',
+      }
+    })
+
+    syncTable(GC_ROOM_MEMBERS_TABLE, GC_ROOM_MEMBERS_SCHEMA, {
+      indexes: {
+        idx_gc_room_members_user: 'CREATE INDEX idx_gc_room_members_user ON gc_room_members(userId)',
+      }
+    })
+  } catch (e) {
+    console.error('Error initializing Hermes SQLite tables:', e)
+    console.error(`[Schema] Database initialization failed. Existing database was left untouched: ${getStoragePath()}`)
+    throw e
+  }
+}
diff --git a/packages/server/src/db/hermes/session-store.ts b/packages/server/src/db/hermes/session-store.ts
new file mode 100644
index 0000000..26c35a8
--- /dev/null
+++ b/packages/server/src/db/hermes/session-store.ts
@@ -0,0 +1,490 @@
+/**
+ * Self-built session database — completely replaces Hermes CLI dependency.
+ * Uses the same ensureTable/getDb pattern as usage-store.ts.
+ */
+import { isSqliteAvailable, getDb } from '../index'
+import { SESSIONS_TABLE, MESSAGES_TABLE } from './schemas'
+import { normalizeMessageContentForStorageRole } from './message-content'
+
+// Re-export types for compatibility with sessions-db.ts consumers
+export interface HermesSessionRow {
+  id: string
+  profile: string
+  source: string
+  user_id: string | null
+  model: string
+  provider: string
+  title: string | null
+  started_at: number
+  ended_at: number | null
+  end_reason: string | null
+  message_count: number
+  tool_call_count: number
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  billing_provider: string | null
+  estimated_cost_usd: number
+  actual_cost_usd: number | null
+  cost_status: string
+  preview: string
+  last_active: number
+  workspace: string | null
+}
+
+export interface HermesMessageRow {
+  id: number | string
+  session_id: string
+  role: string
+  content: string
+  tool_call_id: string | null
+  tool_calls: any[] | null
+  tool_name: string | null
+  timestamp: number
+  token_count: number | null
+  finish_reason: string | null
+  reasoning: string | null
+  reasoning_details?: string | null
+  reasoning_content?: string | null
+}
+
+export interface HermesSessionSearchRow extends HermesSessionRow {
+  snippet: string
+  matched_message_id: number | null
+}
+
+export interface HermesSessionDetailRow extends HermesSessionRow {
+  messages: HermesMessageRow[]
+  thread_session_count: number
+}
+
+// Note: Table schemas and initialization are now centralized in schemas.ts
+// Tables are created automatically on bootstrap via initAllHermesTables()
+
+// --- Helpers ---
+
+function parseToolCalls(value: unknown): any[] | null {
+  if (value == null || value === '') return null
+  if (Array.isArray(value)) return value
+  if (typeof value !== 'string') return null
+  try {
+    const parsed = JSON.parse(value)
+    return Array.isArray(parsed) ? parsed : null
+  } catch {
+    return null
+  }
+}
+
+function mapSessionRow(row: Record<string, unknown>): HermesSessionRow {
+  const rawTitle = row.title != null ? String(row.title) : null
+  const preview = String(row.preview || '')
+  const title = rawTitle || (preview ? (preview.length > 40 ? preview.slice(0, 40) + '...' : preview) : null)
+  return {
+    id: String(row.id || ''),
+    profile: String(row.profile || 'default'),
+    source: String(row.source || 'api_server'),
+    user_id: row.user_id != null ? String(row.user_id) : null,
+    model: String(row.model || ''),
+    provider: String(row.provider || ''),
+    title,
+    started_at: Number(row.started_at || 0),
+    ended_at: row.ended_at != null ? Number(row.ended_at) : null,
+    end_reason: row.end_reason != null ? String(row.end_reason) : null,
+    message_count: Number(row.message_count || 0),
+    tool_call_count: Number(row.tool_call_count || 0),
+    input_tokens: Number(row.input_tokens || 0),
+    output_tokens: Number(row.output_tokens || 0),
+    cache_read_tokens: Number(row.cache_read_tokens || 0),
+    cache_write_tokens: Number(row.cache_write_tokens || 0),
+    reasoning_tokens: Number(row.reasoning_tokens || 0),
+    billing_provider: row.billing_provider != null ? String(row.billing_provider) : null,
+    estimated_cost_usd: Number(row.estimated_cost_usd || 0),
+    actual_cost_usd: row.actual_cost_usd != null ? Number(row.actual_cost_usd) : null,
+    cost_status: String(row.cost_status || ''),
+    preview: String(row.preview || ''),
+    last_active: Number(row.last_active || 0),
+    workspace: row.workspace != null ? String(row.workspace) : null,
+  }
+}
+
+function mapMessageRow(row: Record<string, unknown>): HermesMessageRow {
+  return {
+    id: typeof row.id === 'number' ? row.id : Number(row.id),
+    session_id: String(row.session_id || ''),
+    role: String(row.role || ''),
+    content: row.content != null ? String(row.content) : '',
+    tool_call_id: row.tool_call_id != null ? String(row.tool_call_id) : null,
+    tool_calls: parseToolCalls(row.tool_calls),
+    tool_name: row.tool_name != null ? String(row.tool_name) : null,
+    timestamp: Number(row.timestamp || 0),
+    token_count: row.token_count != null ? Number(row.token_count) : null,
+    finish_reason: row.finish_reason != null ? String(row.finish_reason) : null,
+    reasoning: row.reasoning != null ? String(row.reasoning) : null,
+    reasoning_details: row.reasoning_details != null ? String(row.reasoning_details) : null,
+    reasoning_content: row.reasoning_content != null ? String(row.reasoning_content) : null,
+  }
+}
+
+// --- Session CRUD ---
+
+export function createSession(data: {
+  id: string
+  profile?: string
+  source?: string
+  model?: string
+  provider?: string
+  title?: string
+  workspace?: string
+}): HermesSessionRow {
+  const now = Math.floor(Date.now() / 1000)
+  const source = data.source || 'api_server'
+  if (!isSqliteAvailable()) {
+    return {
+      id: data.id, profile: data.profile || 'default', source,
+      user_id: null, model: data.model || '', provider: data.provider || '', title: data.title || null,
+      started_at: now, ended_at: null, end_reason: null,
+      message_count: 0, tool_call_count: 0,
+      input_tokens: 0, output_tokens: 0, cache_read_tokens: 0, cache_write_tokens: 0, reasoning_tokens: 0,
+      billing_provider: null, estimated_cost_usd: 0, actual_cost_usd: null,
+      cost_status: '', preview: '', last_active: now, workspace: data.workspace || null,
+    }
+  }
+  const db = getDb()!
+  db.prepare(
+    `INSERT INTO ${SESSIONS_TABLE} (id, profile, source, model, provider, title, started_at, last_active, workspace)
+     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+  ).run(data.id, data.profile || 'default', source, data.model || '', data.provider || '', data.title || null, now, now, data.workspace || null)
+  return getSession(data.id)!
+}
+
+export function getSession(id: string): HermesSessionRow | null {
+  if (!isSqliteAvailable()) return null
+  const db = getDb()!
+  const row = db.prepare(
+    `SELECT * FROM ${SESSIONS_TABLE} WHERE id = ?`,
+  ).get(id) as Record<string, unknown> | undefined
+  return row ? mapSessionRow(row) : null
+}
+
+export function updateSession(id: string, data: Partial<Omit<HermesSessionRow, 'id' | 'profile'>>): void {
+  if (!isSqliteAvailable()) return
+  const db = getDb()!
+  const fields: string[] = []
+  const values: any[] = []
+  for (const [key, val] of Object.entries(data)) {
+    if (key === 'id' || key === 'profile') continue
+    // Skip last_active and ended_at - handle them separately below
+    if (key === 'last_active' || key === 'ended_at') continue
+    fields.push(`"${key}" = ?`)
+    values.push(val)
+  }
+
+  // Handle ended_at - only update if provided, otherwise keep existing value
+  if (data.ended_at !== undefined) {
+    fields.push(`"ended_at" = ?`)
+    values.push(data.ended_at)
+  }
+
+  // Handle last_active - use provided value or current time
+  if (data.last_active !== undefined) {
+    fields.push(`"last_active" = ?`)
+    values.push(data.last_active)
+  }
+
+  if (fields.length === 0) return
+  db.prepare(`UPDATE ${SESSIONS_TABLE} SET ${fields.join(', ')} WHERE id = ?`).run(...values, id)
+}
+
+export function deleteSession(id: string): boolean {
+  if (!isSqliteAvailable()) return false
+  const db = getDb()!
+  db.prepare(`DELETE FROM ${MESSAGES_TABLE} WHERE session_id = ?`).run(id)
+  const result = db.prepare(`DELETE FROM ${SESSIONS_TABLE} WHERE id = ?`).run(id)
+  return result.changes > 0
+}
+
+export function clearSessionMessages(id: string): number {
+  if (!isSqliteAvailable()) return 0
+  const db = getDb()!
+  const result = db.prepare(`DELETE FROM ${MESSAGES_TABLE} WHERE session_id = ?`).run(id)
+  updateSessionStats(id)
+  return Number(result.changes)
+}
+
+export function renameSession(id: string, title: string): boolean {
+  if (!isSqliteAvailable()) return false
+  const db = getDb()!
+  const result = db.prepare(`UPDATE ${SESSIONS_TABLE} SET title = ? WHERE id = ?`).run(title, id)
+  return result.changes > 0
+}
+
+export function listSessions(profile?: string, source?: string, limit = 2000): HermesSessionRow[] {
+  if (!isSqliteAvailable()) return []
+  const db = getDb()!
+  const profileFilter = profile?.trim()
+
+  // Use a subquery to generate preview from first user message if not set
+  const sql = `
+    SELECT
+      s.*,
+      COALESCE(
+        s.preview,
+        (
+          SELECT SUBSTR(REPLACE(REPLACE(m.content, CHAR(10), ' '), CHAR(13), ' '), 1, 63)
+          FROM ${MESSAGES_TABLE} m
+          WHERE m.session_id = s.id AND m.role = 'user' AND m.content IS NOT NULL
+          ORDER BY m.timestamp, m.id
+          LIMIT 1
+        ),
+        ''
+      ) AS preview
+    FROM ${SESSIONS_TABLE} s
+    WHERE 1 = 1
+      ${profileFilter ? 'AND s.profile = ?' : ''}
+      ${source ? 'AND s.source = ?' : ''}
+    ORDER BY s.last_active DESC
+    LIMIT ?
+  `
+
+  const params: any[] = []
+  if (profileFilter) {
+    params.push(profileFilter)
+  }
+  if (source) {
+    params.push(source)
+  }
+  params.push(limit)
+
+  const rows = db.prepare(sql).all(...params) as Record<string, unknown>[]
+  return rows.map(mapSessionRow)
+}
+
+export function searchSessions(profile: string | null | undefined, query: string, limit = 20): HermesSessionSearchRow[] {
+  if (!isSqliteAvailable()) return []
+  const profileFilter = profile?.trim()
+  const trimmed = query.trim()
+  if (!trimmed) {
+    return listSessions(profileFilter, undefined, limit).map(s => ({ ...s, snippet: s.preview || '', matched_message_id: null }))
+  }
+  const db = getDb()!
+  const lowered = trimmed.toLowerCase()
+  const pattern = `%${lowered}%`
+
+  // Step 1: Find matching sessions
+  const sessionRows = db.prepare(
+    `SELECT * FROM ${SESSIONS_TABLE}
+     WHERE 1 = 1
+       ${profileFilter ? 'AND profile = ?' : ''}
+       AND (
+       LOWER(title) LIKE ? OR LOWER(preview) LIKE ?
+       OR id IN (SELECT DISTINCT session_id FROM ${MESSAGES_TABLE} WHERE LOWER(content) LIKE ? OR LOWER(COALESCE(tool_name, '')) LIKE ?)
+     )
+     ORDER BY last_active DESC LIMIT ?`,
+  ).all(...[
+    ...(profileFilter ? [profileFilter] : []),
+    pattern,
+    pattern,
+    pattern,
+    pattern,
+    limit,
+  ]) as Record<string, unknown>[]
+
+  if (sessionRows.length === 0) return []
+
+  // Step 2: For each session, find first matching message id + snippet
+  const msgQuery = db.prepare(
+    `SELECT id, content, tool_name FROM ${MESSAGES_TABLE}
+     WHERE session_id = ? AND (LOWER(content) LIKE ? OR LOWER(COALESCE(tool_name, '')) LIKE ?)
+     ORDER BY timestamp, id LIMIT 1`,
+  )
+
+  return sessionRows.map(row => {
+    const session = mapSessionRow(row)
+    let snippet = ''
+    let matched_message_id: number | null = null
+
+    // Check if session title or preview matches
+    const titleLower = (session.title || '').toLowerCase()
+    const previewLower = (session.preview || '').toLowerCase()
+    const titleIdx = titleLower.indexOf(lowered)
+    const previewIdx = previewLower.indexOf(lowered)
+
+    if (titleIdx >= 0) {
+      snippet = session.title!.substring(Math.max(0, titleIdx - 20), titleIdx + lowered.length + 60)
+    } else if (previewIdx >= 0) {
+      snippet = session.preview.substring(Math.max(0, previewIdx - 20), previewIdx + lowered.length + 60)
+    } else {
+      // Get snippet from matching message
+      const msg = msgQuery.get(session.id, pattern, pattern) as { id: number; content: string; tool_name: string | null } | undefined
+      if (msg) {
+        matched_message_id = msg.id
+        const contentLower = msg.content.toLowerCase()
+        const idx = contentLower.indexOf(lowered)
+        snippet = msg.content.substring(Math.max(0, idx - 20), idx + lowered.length + 60)
+      }
+    }
+
+    return { ...session, snippet, matched_message_id }
+  })
+}
+
+export interface PaginatedSessionDetailResult {
+  session: HermesSessionRow
+  messages: HermesMessageRow[]
+  total: number
+  offset: number
+  limit: number
+  hasMore: boolean
+}
+
+export function getSessionDetail(id: string): HermesSessionDetailRow | null {
+  if (!isSqliteAvailable()) return null
+  const db = getDb()!
+  const sessionRow = db.prepare(`SELECT * FROM ${SESSIONS_TABLE} WHERE id = ?`).get(id) as Record<string, unknown> | undefined
+  if (!sessionRow) return null
+  const msgRows = db.prepare(
+    `SELECT * FROM ${MESSAGES_TABLE} WHERE session_id = ? ORDER BY id`,
+  ).all(id) as Record<string, unknown>[]
+  const session = mapSessionRow(sessionRow)
+  return {
+    ...session,
+    messages: msgRows.map(mapMessageRow),
+    thread_session_count: 1,
+  }
+}
+
+// --- Message CRUD ---
+
+export function addMessage(msg: {
+  session_id: string
+  role: string
+  content: string
+  tool_call_id?: string | null
+  tool_calls?: any[] | null
+  tool_name?: string | null
+  timestamp?: number
+  token_count?: number | null
+  finish_reason?: string | null
+  reasoning?: string | null
+  reasoning_details?: string | null
+  reasoning_content?: string | null
+}): number | undefined {
+  if (!isSqliteAvailable()) return undefined
+  const db = getDb()!
+  const toolCallsJson = msg.tool_calls ? JSON.stringify(msg.tool_calls) : null
+  const result = db.prepare(
+    `INSERT INTO ${MESSAGES_TABLE} (session_id, role, content, tool_call_id, tool_calls, tool_name, timestamp, token_count, finish_reason, reasoning, reasoning_details, reasoning_content)
+     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+  ).run(
+    msg.session_id, msg.role, normalizeMessageContentForStorageRole(msg.role, msg.content),
+    msg.tool_call_id ?? null, toolCallsJson, msg.tool_name ?? null,
+    msg.timestamp ?? Math.floor(Date.now() / 1000),
+    msg.token_count ?? null, msg.finish_reason ?? null,
+    msg.reasoning ?? null, msg.reasoning_details ?? null,
+    msg.reasoning_content ?? null,
+  )
+  return result.lastInsertRowid as number
+}
+
+export function addMessages(msgs: Array<{
+  session_id: string
+  role: string
+  content: string
+  tool_call_id?: string | null
+  tool_calls?: any[] | null
+  tool_name?: string | null
+  timestamp?: number
+  token_count?: number | null
+  finish_reason?: string | null
+  reasoning?: string | null
+  reasoning_details?: string | null
+  reasoning_content?: string | null
+}>): void {
+  if (!isSqliteAvailable() || msgs.length === 0) return
+  const db = getDb()!
+  const insert = db.prepare(
+    `INSERT INTO ${MESSAGES_TABLE} (session_id, role, content, tool_call_id, tool_calls, tool_name, timestamp, token_count, finish_reason, reasoning, reasoning_details, reasoning_content)
+     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+  )
+  db.exec('BEGIN')
+  try {
+    for (const msg of msgs) {
+      const toolCallsJson = msg.tool_calls ? JSON.stringify(msg.tool_calls) : null
+      insert.run(
+        msg.session_id, msg.role, normalizeMessageContentForStorageRole(msg.role, msg.content),
+        msg.tool_call_id ?? null, toolCallsJson, msg.tool_name ?? null,
+        msg.timestamp ?? Math.floor(Date.now() / 1000),
+        msg.token_count ?? null, msg.finish_reason ?? null,
+        msg.reasoning ?? null, msg.reasoning_details ?? null,
+        msg.reasoning_content ?? null,
+      )
+    }
+    db.exec('COMMIT')
+  } catch (e) {
+    db.exec('ROLLBACK')
+    throw e
+  }
+}
+
+export function getMessageCount(sessionId: string): number {
+  if (!isSqliteAvailable()) return 0
+  const db = getDb()!
+  const row = db.prepare(
+    `SELECT COUNT(*) as cnt FROM ${MESSAGES_TABLE} WHERE session_id = ?`,
+  ).get(sessionId) as { cnt: number } | undefined
+  return row?.cnt ?? 0
+}
+
+export function updateSessionStats(id: string): void {
+  if (!isSqliteAvailable()) return
+  const db = getDb()!
+  db.prepare(
+    `UPDATE ${SESSIONS_TABLE}
+     SET message_count = (SELECT COUNT(*) FROM ${MESSAGES_TABLE} WHERE session_id = ?),
+         last_active = COALESCE((SELECT MAX(timestamp) FROM ${MESSAGES_TABLE} WHERE session_id = ?), started_at)
+     WHERE id = ?`,
+  ).run(id, id, id)
+  console.log(`Updated session ${id} stats`)
+}
+
+export function getSessionDetailPaginated(
+  id: string,
+  offset = 0,
+  limit = 300,
+): PaginatedSessionDetailResult | null {
+  if (!isSqliteAvailable()) {
+    return null
+  }
+
+  const db = getDb()!
+
+  // Get session info
+  const sessionRow = db.prepare(`SELECT * FROM ${SESSIONS_TABLE} WHERE id = ?`).get(id) as Record<string, unknown> | undefined
+  if (!sessionRow) return null
+
+  // Get total message count
+  const countResult = db.prepare(
+    `SELECT COUNT(*) as total FROM ${MESSAGES_TABLE} WHERE session_id = ?`,
+  ).get(id) as { total: number } | undefined
+  const total = countResult?.total || 0
+
+  // Get paginated messages (newest first from DB, then reverse).
+  // Timestamp precision is mixed across message sources; id is insertion order.
+  const msgRows = db.prepare(
+    `SELECT * FROM ${MESSAGES_TABLE} WHERE session_id = ? ORDER BY id DESC LIMIT ? OFFSET ?`,
+  ).all(id, limit, offset) as Record<string, unknown>[]
+
+  const session = mapSessionRow(sessionRow)
+  const messages = msgRows.map(mapMessageRow).reverse()  // Reverse to show oldest first
+
+  return {
+    session,
+    messages,
+    total,
+    offset,
+    limit,
+    hasMore: offset + messages.length < total,
+  }
+}
diff --git a/packages/server/src/db/hermes/sessions-db.ts b/packages/server/src/db/hermes/sessions-db.ts
new file mode 100644
index 0000000..130745b
--- /dev/null
+++ b/packages/server/src/db/hermes/sessions-db.ts
@@ -0,0 +1,1538 @@
+import { getActiveProfileDir, getProfileDir } from '../../services/hermes/hermes-profile'
+import { join } from 'path'
+import type { LocalUsageStats } from './usage-store'
+
+const SQLITE_AVAILABLE = (() => {
+  const [major, minor] = process.versions.node.split('.').map(Number)
+  return major > 22 || (major === 22 && minor >= 5)
+})()
+
+const COMPRESSION_END_REASONS = new Set(['compression', 'compressed'])
+const SEARCH_CANDIDATE_MULTIPLIER = 20
+const SEARCH_CANDIDATE_MIN = 100
+
+export interface HermesSessionRow {
+  id: string
+  source: string
+  user_id: string | null
+  model: string
+  title: string | null
+  started_at: number
+  ended_at: number | null
+  end_reason: string | null
+  message_count: number
+  tool_call_count: number
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  billing_provider: string | null
+  estimated_cost_usd: number
+  actual_cost_usd: number | null
+  cost_status: string
+  preview: string
+  last_active: number
+}
+
+export interface HermesSessionSearchRow extends HermesSessionRow {
+  matched_message_id: number | null
+  snippet: string
+  rank: number
+}
+
+export interface HermesMessageRow {
+  id: number | string
+  session_id: string
+  role: string
+  content: string
+  tool_call_id: string | null
+  tool_calls: any[] | null
+  tool_name: string | null
+  timestamp: number
+  token_count: number | null
+  finish_reason: string | null
+  reasoning: string | null
+  reasoning_details?: string | null
+  reasoning_content?: string | null
+}
+
+export interface HermesSessionDetailRow extends HermesSessionRow {
+  messages: HermesMessageRow[]
+  thread_session_count: number
+}
+
+export interface PaginatedHermesSessionDetailResult {
+  session: HermesSessionDetailRow
+  messages: HermesMessageRow[]
+  total: number
+  offset: number
+  limit: number
+  hasMore: boolean
+}
+
+interface HermesSessionInternalRow extends HermesSessionRow {
+  parent_session_id: string | null
+}
+
+function sessionDbPath(): string {
+  return join(getActiveProfileDir(), 'state.db')
+}
+
+function normalizeNumber(value: unknown, fallback = 0): number {
+  if (value == null || value === '') return fallback
+  const num = Number(value)
+  return Number.isFinite(num) ? num : fallback
+}
+
+function normalizeNullableNumber(value: unknown): number | null {
+  if (value == null || value === '') return null
+  const num = Number(value)
+  return Number.isFinite(num) ? num : null
+}
+
+function normalizeNullableString(value: unknown): string | null {
+  if (value == null || value === '') return null
+  return String(value)
+}
+
+function titleFromPreview(preview: string): string | null {
+  if (!preview) return null
+  return preview.length > 40 ? `${preview.slice(0, 40)}...` : preview
+}
+
+function mapRow(row: Record<string, unknown>): HermesSessionRow {
+  const startedAt = normalizeNumber(row.started_at)
+  return {
+    id: String(row.id || ''),
+    source: String(row.source || ''),
+    user_id: normalizeNullableString(row.user_id),
+    model: String(row.model || ''),
+    title: normalizeNullableString(row.title),
+    started_at: startedAt,
+    ended_at: normalizeNullableNumber(row.ended_at),
+    end_reason: normalizeNullableString(row.end_reason),
+    message_count: normalizeNumber(row.message_count),
+    tool_call_count: normalizeNumber(row.tool_call_count),
+    input_tokens: normalizeNumber(row.input_tokens),
+    output_tokens: normalizeNumber(row.output_tokens),
+    cache_read_tokens: normalizeNumber(row.cache_read_tokens),
+    cache_write_tokens: normalizeNumber(row.cache_write_tokens),
+    reasoning_tokens: normalizeNumber(row.reasoning_tokens),
+    billing_provider: normalizeNullableString(row.billing_provider),
+    estimated_cost_usd: normalizeNumber(row.estimated_cost_usd),
+    actual_cost_usd: normalizeNullableNumber(row.actual_cost_usd),
+    cost_status: String(row.cost_status || ''),
+    preview: String(row.preview || ''),
+    last_active: normalizeNumber(row.last_active, startedAt),
+  }
+}
+
+const SESSION_SELECT = `
+  s.id,
+  s.source,
+  COALESCE(s.user_id, '') AS user_id,
+  COALESCE(s.model, '') AS model,
+  COALESCE(s.title, '') AS title,
+  COALESCE(s.started_at, 0) AS started_at,
+  s.ended_at AS ended_at,
+  COALESCE(s.end_reason, '') AS end_reason,
+  COALESCE(s.message_count, 0) AS message_count,
+  COALESCE(s.tool_call_count, 0) AS tool_call_count,
+  COALESCE(s.input_tokens, 0) AS input_tokens,
+  COALESCE(s.output_tokens, 0) AS output_tokens,
+  COALESCE(s.cache_read_tokens, 0) AS cache_read_tokens,
+  COALESCE(s.cache_write_tokens, 0) AS cache_write_tokens,
+  COALESCE(s.reasoning_tokens, 0) AS reasoning_tokens,
+  COALESCE(s.billing_provider, '') AS billing_provider,
+  COALESCE(s.estimated_cost_usd, 0) AS estimated_cost_usd,
+  s.actual_cost_usd AS actual_cost_usd,
+  COALESCE(s.cost_status, '') AS cost_status,
+  COALESCE(
+    (
+      SELECT SUBSTR(REPLACE(REPLACE(m.content, CHAR(10), ' '), CHAR(13), ' '), 1, 63)
+      FROM messages m
+      WHERE m.session_id = s.id AND m.role = 'user' AND m.content IS NOT NULL
+      ORDER BY m.timestamp, m.id
+      LIMIT 1
+    ),
+    ''
+  ) AS preview,
+  COALESCE((SELECT MAX(m2.timestamp) FROM messages m2 WHERE m2.session_id = s.id), s.started_at) AS last_active
+`
+
+function containsCjk(text: string): boolean {
+  for (const ch of text) {
+    const cp = ch.codePointAt(0) ?? 0
+    if (
+      (cp >= 0x4E00 && cp <= 0x9FFF) ||
+      (cp >= 0x3400 && cp <= 0x4DBF) ||
+      (cp >= 0x20000 && cp <= 0x2A6DF) ||
+      (cp >= 0x3000 && cp <= 0x303F) ||
+      (cp >= 0x3040 && cp <= 0x309F) ||
+      (cp >= 0x30A0 && cp <= 0x30FF) ||
+      (cp >= 0xAC00 && cp <= 0xD7AF)
+    ) {
+      return true
+    }
+  }
+  return false
+}
+
+function escapeLikePattern(value: string): string {
+  return value.replace(/[\\%_]/g, (match) => `\\${match}`)
+}
+
+function buildLikePattern(value: string): string {
+  return `%${escapeLikePattern(value)}%`
+}
+
+function normalizeTitleLikeQuery(query: string): string {
+  const tokens = query.match(/"[^"]*"\*?|\S+/g)
+  if (!tokens) return query
+
+  const normalizedTokens = tokens
+    .map((token) => {
+      let value = token.endsWith('*') ? token.slice(0, -1) : token
+      if (value.startsWith('"') && value.endsWith('"')) {
+        value = value.slice(1, -1)
+      }
+      return value
+    })
+    .filter(Boolean)
+
+  return normalizedTokens.join(' ').trim() || query
+}
+
+function shouldUseLiteralContentSearch(query: string): boolean {
+  const trimmed = query.trim()
+  if (!trimmed) return false
+  if (/[^\p{L}\p{N}\s"*.-]/u.test(trimmed)) return true
+
+  const tokens = trimmed.match(/"[^"]*"\*?|\S+/g)
+  if (!tokens) return true
+
+  for (const token of tokens) {
+    if (/^(AND|OR|NOT)$/i.test(token)) continue
+
+    const raw = token.endsWith('*') ? token.slice(0, -1) : token
+    if (!raw) return true
+
+    if (raw.startsWith('"') && raw.endsWith('"')) {
+      const inner = raw.slice(1, -1)
+      if (!inner.trim()) return true
+      if (!/^[\p{L}\p{N}\s.-]+$/u.test(inner)) return true
+      if ((inner.includes('.') || inner.includes('-')) && !/^[\p{L}\p{N}]+(?:[.-][\p{L}\p{N}]+)*(?:\s+[\p{L}\p{N}]+(?:[.-][\p{L}\p{N}]+)*)*$/u.test(inner)) return true
+      continue
+    }
+
+    if (raw.includes('.') || raw.includes('-')) {
+      if (!/^[\p{L}\p{N}]+(?:[.-][\p{L}\p{N}]+)*$/u.test(raw)) return true
+      continue
+    }
+
+    if (!/^[\p{L}\p{N}]+$/u.test(raw)) return true
+  }
+
+  return false
+}
+
+function runLiteralContentSearch(
+  db: { prepare: (sql: string) => { all: (...params: any[]) => Record<string, unknown>[] } },
+  source: string | undefined,
+  query: string,
+  limit: number,
+): Record<string, unknown>[] {
+  const loweredQuery = query.toLowerCase()
+  const likePattern = buildLikePattern(loweredQuery)
+  const sourceClause = source ? 'AND s.source = ?' : ''
+  const sourceParams = source ? [source] : []
+  const likeSql = `
+    WITH base AS (
+      SELECT
+        ${SESSION_SELECT},
+        s.parent_session_id AS parent_session_id
+      FROM sessions s
+      WHERE s.source != 'tool' AND s.id NOT LIKE 'compress_%'
+        ${sourceClause}
+    )
+    SELECT
+      base.*,
+      m.id AS matched_message_id,
+      substr(
+        m.content,
+        max(1, instr(LOWER(m.content), ?) - 40),
+        120
+      ) AS snippet,
+      0 AS rank
+    FROM base
+    JOIN messages m ON m.session_id = base.id
+    WHERE LOWER(m.content) LIKE ? ESCAPE '\\'
+    ORDER BY base.last_active DESC, m.timestamp DESC
+    LIMIT ?
+  `
+  return db.prepare(likeSql).all(...sourceParams, loweredQuery, likePattern, limit) as Record<string, unknown>[]
+}
+
+function sanitizeFtsQuery(query: string): string {
+  const quotedParts: string[] = []
+
+  const preserved = query.replace(/"[^"]*"/g, (match) => {
+    quotedParts.push(match)
+    return `\u0000Q${quotedParts.length - 1}\u0000`
+  })
+
+  let sanitized = preserved.replace(/[+{}()"^]/g, ' ')
+  sanitized = sanitized.replace(/\*+/g, '*')
+  sanitized = sanitized.replace(/(^|\s)\*/g, '$1')
+  sanitized = sanitized.trim().replace(/^(AND|OR|NOT)\b\s*/i, '')
+  sanitized = sanitized.trim().replace(/\s+(AND|OR|NOT)\s*$/i, '')
+  sanitized = sanitized.replace(/\b([\p{L}\p{N}]+(?:[.-][\p{L}\p{N}]+)+)\b/gu, '"$1"')
+
+  for (let i = 0; i < quotedParts.length; i += 1) {
+    sanitized = sanitized.replace(`\u0000Q${i}\u0000`, quotedParts[i])
+  }
+
+  return sanitized.trim()
+}
+
+function toPrefixQuery(query: string): string {
+  const tokens = query.match(/"[^"]*"\*?|\S+/g)
+  if (!tokens) return ''
+  return tokens
+    .map((token) => {
+      if (token === 'AND' || token === 'OR' || token === 'NOT') return token
+      if (token.startsWith('"') && token.endsWith('"')) return token
+      if (token.endsWith('*')) return token
+      return `${token}*`
+    })
+    .join(' ')
+}
+
+function mapSearchRow(row: Record<string, unknown>): HermesSessionSearchRow {
+  return {
+    ...mapRow(row),
+    matched_message_id: normalizeNullableNumber(row.matched_message_id),
+    snippet: String(row.snippet || row.preview || ''),
+    rank: Number.isFinite(Number(row.rank)) ? Number(row.rank) : 0,
+  }
+}
+
+function mapInternalSessionRow(row: Record<string, unknown>): HermesSessionInternalRow {
+  return {
+    ...mapRow(row),
+    parent_session_id: normalizeNullableString(row.parent_session_id),
+  }
+}
+
+function parseToolCalls(value: unknown): any[] | null {
+  if (value == null || value === '') return null
+  if (Array.isArray(value)) return value
+  if (typeof value !== 'string') return null
+  try {
+    const parsed = JSON.parse(value)
+    return Array.isArray(parsed) ? parsed : null
+  } catch {
+    return null
+  }
+}
+
+function normalizeMessageId(value: unknown): number | string {
+  if (typeof value === 'number' && Number.isFinite(value)) return value
+  if (typeof value === 'bigint') return Number(value)
+  const asNumber = Number(value)
+  if (Number.isInteger(asNumber)) return asNumber
+  return String(value || '')
+}
+
+function mapMessageRow(row: Record<string, unknown>): HermesMessageRow {
+  const reasoning = normalizeNullableString(row.reasoning) || normalizeNullableString(row.reasoning_content)
+  return {
+    id: normalizeMessageId(row.id),
+    session_id: String(row.session_id || ''),
+    role: String(row.role || ''),
+    content: row.content == null ? '' : String(row.content),
+    tool_call_id: normalizeNullableString(row.tool_call_id),
+    tool_calls: parseToolCalls(row.tool_calls),
+    tool_name: normalizeNullableString(row.tool_name),
+    timestamp: normalizeNumber(row.timestamp),
+    token_count: normalizeNullableNumber(row.token_count),
+    finish_reason: normalizeNullableString(row.finish_reason),
+    reasoning,
+    reasoning_details: normalizeNullableString(row.reasoning_details),
+    reasoning_content: normalizeNullableString(row.reasoning_content),
+  }
+}
+
+function isCompressionEnded(session: HermesSessionInternalRow | undefined): boolean {
+  return !!session && COMPRESSION_END_REASONS.has(String(session.end_reason || ''))
+}
+
+function isCompressionContinuation(parent: HermesSessionInternalRow | undefined, child: HermesSessionInternalRow | undefined): boolean {
+  if (!parent || !child || !isCompressionEnded(parent) || parent.ended_at == null) return false
+  return child.source !== 'tool' && Number(child.started_at || 0) >= Number(parent.ended_at || 0)
+}
+
+function latestSessionInChain(chain: HermesSessionInternalRow[]): HermesSessionInternalRow {
+  return chain.reduce((latest, session) => {
+    const latestStarted = Number(latest.started_at || 0)
+    const sessionStarted = Number(session.started_at || 0)
+    if (sessionStarted !== latestStarted) return sessionStarted > latestStarted ? session : latest
+    return session.id.localeCompare(latest.id) > 0 ? session : latest
+  }, chain[0])
+}
+
+function projectSessionSummary(root: HermesSessionInternalRow, chain: HermesSessionInternalRow[]): HermesSessionRow {
+  const latest = latestSessionInChain(chain)
+  const firstPreview = chain.map(session => session.preview).find(Boolean) || root.preview
+  const { parent_session_id: _parentSessionId, ...rootRow } = root
+  return {
+    ...rootRow,
+    id: latest.id,
+    model: latest.model || root.model,
+    title: latest.title || root.title || titleFromPreview(firstPreview),
+    ended_at: latest.ended_at,
+    end_reason: latest.end_reason,
+    message_count: latest.message_count,
+    tool_call_count: latest.tool_call_count,
+    input_tokens: latest.input_tokens,
+    output_tokens: latest.output_tokens,
+    cache_read_tokens: latest.cache_read_tokens,
+    cache_write_tokens: latest.cache_write_tokens,
+    reasoning_tokens: latest.reasoning_tokens,
+    billing_provider: latest.billing_provider ?? root.billing_provider,
+    estimated_cost_usd: latest.estimated_cost_usd,
+    actual_cost_usd: latest.actual_cost_usd,
+    cost_status: latest.cost_status,
+    preview: latest.preview || root.preview || firstPreview || '',
+    last_active: latest.last_active || root.last_active,
+  }
+}
+
+// --- In-memory session index for chain traversal ---
+
+interface SessionIndex {
+  byId: Map<string, HermesSessionInternalRow>
+  childrenByParent: Map<string, string[]>
+}
+
+function loadAllSessions(db: { prepare: (sql: string) => { all: (...params: any[]) => Record<string, unknown>[] } }): SessionIndex {
+  const rows = db.prepare(`
+    SELECT
+      ${SESSION_SELECT},
+      s.parent_session_id AS parent_session_id
+    FROM sessions s
+    WHERE s.source != 'tool' AND s.id NOT LIKE 'compress_%'
+  `).all() as Record<string, unknown>[]
+  const sessions = rows.map(mapInternalSessionRow)
+  const byId = new Map(sessions.map(s => [s.id, s]))
+  const childrenByParent = new Map<string, string[]>()
+  for (const s of sessions) {
+    const key = s.parent_session_id ?? ''
+    const list = childrenByParent.get(key) || []
+    list.push(s.id)
+    childrenByParent.set(key, list)
+  }
+  return { byId, childrenByParent }
+}
+
+function getLatestContinuationChild(
+  parent: HermesSessionInternalRow,
+  idx: SessionIndex,
+): HermesSessionInternalRow | null {
+  if (!isCompressionEnded(parent) || parent.ended_at == null) return null
+  const candidates = (idx.childrenByParent.get(parent.id) || [])
+    .map(id => idx.byId.get(id))
+    .filter((c): c is HermesSessionInternalRow => !!c)
+    .filter(c => Number(c.started_at || 0) >= Number(parent.ended_at || 0))
+    .sort((a, b) => {
+      const aDelta = Number(a.started_at || 0) - Number(parent.ended_at || 0)
+      const bDelta = Number(b.started_at || 0) - Number(parent.ended_at || 0)
+      if (aDelta !== bDelta) return aDelta - bDelta
+      return b.id.localeCompare(a.id)
+    })
+  return candidates[0] || null
+}
+
+function collectCompressionPath(
+  session: HermesSessionInternalRow,
+  idx: SessionIndex,
+): HermesSessionInternalRow[] {
+  const reversed: HermesSessionInternalRow[] = [session]
+  const seen = new Set<string>()
+  let current: HermesSessionInternalRow | null = session
+
+  for (let depth = 0; current && current.parent_session_id && depth < 100 && !seen.has(current.id); depth += 1) {
+    seen.add(current.id)
+    const parent = idx.byId.get(current.parent_session_id)
+    if (!parent || !isCompressionContinuation(parent, current)) break
+    reversed.push(parent)
+    current = parent
+  }
+
+  return reversed.reverse()
+}
+
+function extendCompressionChain(
+  chain: HermesSessionInternalRow[],
+  idx: SessionIndex,
+): HermesSessionInternalRow[] {
+  const result = [...chain]
+  const seen = new Set(result.map(s => s.id))
+  let current: HermesSessionInternalRow | null = result[result.length - 1] || null
+
+  for (let depth = 0; current && depth < 100; depth += 1) {
+    const next = getLatestContinuationChild(current, idx)
+    if (!next || seen.has(next.id)) break
+    result.push(next)
+    seen.add(next.id)
+    current = next
+  }
+
+  return result
+}
+
+function collectSessionChain(
+  root: HermesSessionInternalRow,
+  idx: SessionIndex,
+): HermesSessionInternalRow[] {
+  return extendCompressionChain([root], idx)
+}
+
+function collectSessionChainForMatchedSession(
+  session: HermesSessionInternalRow,
+  idx: SessionIndex,
+): HermesSessionInternalRow[] {
+  return extendCompressionChain(collectCompressionPath(session, idx), idx)
+}
+
+type SessionDbLike = {
+  prepare: (sql: string) => { all: (...params: any[]) => Record<string, unknown>[] }
+}
+
+function searchCandidateLimit(limit: number): number {
+  return Math.max(limit * SEARCH_CANDIDATE_MULTIPLIER, SEARCH_CANDIDATE_MIN)
+}
+
+function projectSearchRow(
+  row: Record<string, unknown>,
+  idx: SessionIndex,
+  source?: string,
+): HermesSessionSearchRow | null {
+  const matchedSession = mapInternalSessionRow(row)
+  if (!matchedSession.id) return null
+
+  const chain = collectSessionChainForMatchedSession(matchedSession, idx)
+  const root = chain[0]
+  if (!root) return null
+  if (source && matchedSession.source !== source) return null
+
+  const projected = projectSessionSummary(root, chain)
+  return {
+    ...projected,
+    matched_message_id: normalizeNullableNumber(row.matched_message_id),
+    snippet: String(row.snippet || row.preview || ''),
+    rank: Number.isFinite(Number(row.rank)) ? Number(row.rank) : 0,
+  }
+}
+
+function aggregateSessionDetail(
+  chain: HermesSessionInternalRow[],
+  messages: HermesMessageRow[],
+  requestedSessionId: string,
+): HermesSessionDetailRow {
+  const root = chain[0]
+  const latest = latestSessionInChain(chain)
+  const costStatuses = Array.from(new Set(chain.map(session => String(session.cost_status || '')).filter(Boolean)))
+  const actualCosts = chain
+    .map(session => session.actual_cost_usd)
+    .filter((value): value is number => value != null)
+  const firstPreview = chain.map(session => session.preview).find(Boolean) || root.preview
+
+  const { parent_session_id: _parentSessionId, ...rootRow } = root
+
+  return {
+    ...rootRow,
+    id: requestedSessionId,
+    source: latest.source || root.source,
+    title: latest.title || root.title || titleFromPreview(firstPreview),
+    preview: latest.preview || root.preview || firstPreview || '',
+    model: latest.model || root.model,
+    ended_at: latest.ended_at,
+    end_reason: latest.end_reason,
+    last_active: Math.max(...chain.map(session => session.last_active || session.started_at || 0)),
+    message_count: chain.reduce((sum, session) => sum + Number(session.message_count || 0), 0),
+    tool_call_count: chain.reduce((sum, session) => sum + Number(session.tool_call_count || 0), 0),
+    input_tokens: chain.reduce((sum, session) => sum + Number(session.input_tokens || 0), 0),
+    output_tokens: chain.reduce((sum, session) => sum + Number(session.output_tokens || 0), 0),
+    cache_read_tokens: chain.reduce((sum, session) => sum + Number(session.cache_read_tokens || 0), 0),
+    cache_write_tokens: chain.reduce((sum, session) => sum + Number(session.cache_write_tokens || 0), 0),
+    reasoning_tokens: chain.reduce((sum, session) => sum + Number(session.reasoning_tokens || 0), 0),
+    billing_provider: latest.billing_provider ?? root.billing_provider,
+    estimated_cost_usd: chain.reduce((sum, session) => sum + Number(session.estimated_cost_usd || 0), 0),
+    actual_cost_usd: actualCosts.length ? actualCosts.reduce((sum, value) => sum + Number(value || 0), 0) : null,
+    cost_status: costStatuses.length === 1 ? costStatuses[0] : (costStatuses.length > 1 ? 'mixed' : ''),
+    messages,
+    thread_session_count: chain.length,
+  }
+}
+
+function chainOrderSql(ids: string[]): string {
+  return ids.map((_, index) => `WHEN ? THEN ${index}`).join(' ')
+}
+
+async function openSessionDb(profile?: string) {
+  if (!SQLITE_AVAILABLE) {
+    throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`)
+  }
+  const { DatabaseSync } = await import('node:sqlite')
+  const dbPath = profile ? join(getProfileDir(profile), 'state.db') : sessionDbPath()
+  try {
+    return new DatabaseSync(dbPath, { open: true, readOnly: true })
+  } catch (err: any) {
+    console.error(`[sessions-db] Failed to open session db at ${dbPath}:`, err.message)
+    throw err
+  }
+}
+
+/**
+ * Lightweight alternative: get messages + session row for a single session ID
+ * without chain traversal. Used by syncFromHermes for ephemeral sessions.
+ */
+export async function getSessionMessagesFromDb(sessionId: string): Promise<{
+  messages: HermesMessageRow[]
+  session: HermesSessionRow | null
+} | null> {
+  const db = await openSessionDb()
+  try {
+    const sessionRow = db.prepare(`
+      SELECT ${SESSION_SELECT}
+      FROM sessions s
+      WHERE s.id = ?
+    `).get(sessionId) as Record<string, unknown> | undefined
+
+    const messageRows = db.prepare(`
+      SELECT * FROM messages
+      WHERE session_id = ?
+      ORDER BY id
+    `).all(sessionId) as Record<string, unknown>[]
+
+    return {
+      messages: messageRows.map(mapMessageRow),
+      session: sessionRow ? mapRow(sessionRow) : null,
+    }
+  } finally {
+    db.close()
+  }
+}
+
+export async function getSessionDetailFromDb(sessionId: string): Promise<HermesSessionDetailRow | null> {
+  const db = await openSessionDb()
+  try {
+    const idx = loadAllSessions(db)
+    const requested = idx.byId.get(sessionId) || null
+    if (!requested) return null
+
+    const chain = collectSessionChainForMatchedSession(requested, idx)
+    if (!chain.length) return null
+
+    const ids = chain.map(session => session.id)
+    const placeholders = ids.map(() => '?').join(', ')
+    const orderSql = chainOrderSql(ids)
+    const messageRows = db.prepare(`
+      SELECT * FROM messages
+      WHERE session_id IN (${placeholders})
+      ORDER BY CASE session_id ${orderSql} ELSE ${ids.length} END, id
+    `).all(...ids, ...ids) as Record<string, unknown>[]
+    const messages = messageRows.map(mapMessageRow)
+    return aggregateSessionDetail(chain, messages, sessionId)
+  } finally {
+    db.close()
+  }
+}
+
+export async function getSessionDetailFromDbWithProfile(sessionId: string, profile: string): Promise<HermesSessionDetailRow | null> {
+  const { DatabaseSync } = await import('node:sqlite')
+  const dbPath = join(getProfileDir(profile), 'state.db')
+  const db = new DatabaseSync(dbPath, { open: true, readOnly: true })
+  try {
+    const idx = loadAllSessions(db)
+    const requested = idx.byId.get(sessionId) || null
+    if (!requested) return null
+
+    const chain = collectSessionChainForMatchedSession(requested, idx)
+    if (!chain.length) return null
+
+    const ids = chain.map(session => session.id)
+    const placeholders = ids.map(() => '?').join(', ')
+    const orderSql = chainOrderSql(ids)
+    const messageRows = db.prepare(`
+      SELECT * FROM messages
+      WHERE session_id IN (${placeholders})
+      ORDER BY CASE session_id ${orderSql} ELSE ${ids.length} END, id
+    `).all(...ids, ...ids) as Record<string, unknown>[]
+    const messages = messageRows.map(mapMessageRow)
+    return aggregateSessionDetail(chain, messages, sessionId)
+  } finally {
+    db.close()
+  }
+}
+
+export async function getSessionDetailPaginatedFromDbWithProfile(
+  sessionId: string,
+  profile: string,
+  offset = 0,
+  limit = 300,
+): Promise<PaginatedHermesSessionDetailResult | null> {
+  const db = await openSessionDb(profile)
+  try {
+    const idx = loadAllSessions(db)
+    const requested = idx.byId.get(sessionId) || null
+    if (!requested) return null
+
+    const chain = collectSessionChainForMatchedSession(requested, idx)
+    if (!chain.length) return null
+
+    const ids = chain.map(session => session.id)
+    const placeholders = ids.map(() => '?').join(', ')
+    const orderSql = chainOrderSql(ids)
+    const totalRow = db.prepare(`
+      SELECT COUNT(*) AS total
+      FROM messages
+      WHERE session_id IN (${placeholders})
+    `).get(...ids) as { total: number } | undefined
+    const total = Number(totalRow?.total || 0)
+
+    const messageRows = db.prepare(`
+      SELECT * FROM messages
+      WHERE session_id IN (${placeholders})
+      ORDER BY CASE session_id ${orderSql} ELSE ${ids.length} END DESC, id DESC
+      LIMIT ? OFFSET ?
+    `).all(...ids, ...ids, limit, offset) as Record<string, unknown>[]
+    const messages = messageRows.map(mapMessageRow).reverse()
+
+    return {
+      session: aggregateSessionDetail(chain, messages, sessionId),
+      messages,
+      total,
+      offset,
+      limit,
+      hasMore: offset + messages.length < total,
+    }
+  } finally {
+    db.close()
+  }
+}
+
+export async function getExactSessionDetailFromDbWithProfile(sessionId: string, profile: string): Promise<HermesSessionDetailRow | null> {
+  const { DatabaseSync } = await import('node:sqlite')
+  const dbPath = join(getProfileDir(profile), 'state.db')
+  const db = new DatabaseSync(dbPath, { open: true, readOnly: true })
+  try {
+    const idx = loadAllSessions(db)
+    const requested = idx.byId.get(sessionId) || null
+    if (!requested) return null
+
+    const messageRows = db.prepare(`
+      SELECT * FROM messages
+      WHERE session_id = ?
+      ORDER BY id
+    `).all(sessionId) as Record<string, unknown>[]
+    const messages = messageRows.map(mapMessageRow)
+    return aggregateSessionDetail([requested], messages, sessionId)
+  } finally {
+    db.close()
+  }
+}
+
+export async function findLatestExactSessionIdWithProfile(
+  query: string,
+  profile: string,
+  source?: string,
+): Promise<string | null> {
+  if (!SQLITE_AVAILABLE) {
+    throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`)
+  }
+
+  const trimmed = query.trim()
+  if (!trimmed) return null
+
+  const { DatabaseSync } = await import('node:sqlite')
+  const dbPath = join(getProfileDir(profile), 'state.db')
+  const db = new DatabaseSync(dbPath, { open: true, readOnly: true })
+  const loweredQuery = trimmed.toLowerCase()
+  const likePattern = buildLikePattern(loweredQuery)
+  const kanbanPrompt = `work kanban task ${trimmed}`.toLowerCase()
+  const taskJsonNeedle = `"task_id": "${trimmed}"`.toLowerCase()
+
+  try {
+    const sourceClause = source ? 'AND s.source = ?' : ''
+    const sourceParams = source ? [source] : []
+    const exactPromptSql = `
+      WITH base AS (
+        SELECT
+          ${SESSION_SELECT},
+          s.parent_session_id AS parent_session_id
+        FROM sessions s
+        WHERE s.source != 'tool' AND s.id NOT LIKE 'compress_%'
+          ${sourceClause}
+      )
+      SELECT base.id
+      FROM base
+      JOIN messages m ON m.session_id = base.id
+      WHERE m.role = 'user'
+        AND LOWER(TRIM(m.content)) = ?
+      ORDER BY base.last_active DESC, m.timestamp DESC
+      LIMIT 1
+    `
+    const exactPromptMatch = db.prepare(exactPromptSql).get(...sourceParams, kanbanPrompt) as Record<string, unknown> | undefined
+    if (exactPromptMatch?.id) return String(exactPromptMatch.id)
+
+    const taskJsonSql = `
+      WITH base AS (
+        SELECT
+          ${SESSION_SELECT},
+          s.parent_session_id AS parent_session_id
+        FROM sessions s
+        WHERE s.source != 'tool' AND s.id NOT LIKE 'compress_%'
+          ${sourceClause}
+      )
+      SELECT base.id
+      FROM base
+      JOIN messages m ON m.session_id = base.id
+      WHERE LOWER(m.content) LIKE ? ESCAPE '\\'
+      ORDER BY base.last_active DESC, m.timestamp DESC
+      LIMIT 1
+    `
+    const taskJsonMatch = db.prepare(taskJsonSql).get(...sourceParams, buildLikePattern(taskJsonNeedle)) as Record<string, unknown> | undefined
+    if (taskJsonMatch?.id) return String(taskJsonMatch.id)
+
+    const contentSql = `
+      WITH base AS (
+        SELECT
+          ${SESSION_SELECT},
+          s.parent_session_id AS parent_session_id
+        FROM sessions s
+        WHERE s.source != 'tool' AND s.id NOT LIKE 'compress_%'
+          ${sourceClause}
+      )
+      SELECT base.id
+      FROM base
+      JOIN messages m ON m.session_id = base.id
+      WHERE LOWER(m.content) LIKE ? ESCAPE '\\'
+      ORDER BY base.last_active DESC, m.timestamp DESC
+      LIMIT 1
+    `
+    const contentMatch = db.prepare(contentSql).get(...sourceParams, likePattern) as Record<string, unknown> | undefined
+    if (contentMatch?.id) return String(contentMatch.id)
+
+    const titleSql = `
+      SELECT s.id
+      FROM sessions s
+      WHERE s.source != 'tool' AND s.id NOT LIKE 'compress_%'
+        ${sourceClause}
+        AND LOWER(COALESCE(s.title, '')) LIKE ? ESCAPE '\\'
+      ORDER BY s.started_at DESC
+      LIMIT 1
+    `
+    const titleMatch = db.prepare(titleSql).get(...sourceParams, likePattern) as Record<string, unknown> | undefined
+    return titleMatch?.id ? String(titleMatch.id) : null
+  } finally {
+    db.close()
+  }
+}
+
+export interface HermesUsageStats extends LocalUsageStats {
+  cost: number
+  total_api_calls: number
+}
+
+export interface HermesSkillUsageRow {
+  skill: string
+  view_count: number
+  manage_count: number
+  total_count: number
+  percentage: number
+  last_used_at: number | null
+}
+
+export interface HermesSkillUsageDailySkillRow {
+  skill: string
+  view_count: number
+  manage_count: number
+  total_count: number
+}
+
+export interface HermesSkillUsageDailyRow {
+  date: string
+  view_count: number
+  manage_count: number
+  total_count: number
+  skills: HermesSkillUsageDailySkillRow[]
+}
+
+export interface HermesSkillUsageStats {
+  period_days: number
+  summary: {
+    total_skill_loads: number
+    total_skill_edits: number
+    total_skill_actions: number
+    distinct_skills_used: number
+  }
+  by_day: HermesSkillUsageDailyRow[]
+  top_skills: HermesSkillUsageRow[]
+}
+
+function tableHasColumn(
+  db: { prepare: (sql: string) => { all: (...params: any[]) => Record<string, unknown>[] } },
+  tableName: string,
+  columnName: string,
+): boolean {
+  const columns = db.prepare(`PRAGMA table_info(${tableName})`).all()
+  return columns.some(column => String(column.name || '') === columnName)
+}
+
+function parseJsonObject(value: unknown): Record<string, unknown> | null {
+  if (value && typeof value === 'object' && !Array.isArray(value)) return value as Record<string, unknown>
+  if (typeof value !== 'string') return null
+  try {
+    const parsed = JSON.parse(value)
+    return parsed && typeof parsed === 'object' && !Array.isArray(parsed) ? parsed as Record<string, unknown> : null
+  } catch {
+    return null
+  }
+}
+
+type SkillUsageAction = 'view' | 'manage'
+
+interface RawSkillUsageEvent {
+  skill: string
+  action: SkillUsageAction
+  timestamp: number | null
+}
+
+function extractSkillNameFromViewContent(content: string): string {
+  const match = content.match(/^\[skill_view\]\s+name=(.+?)(?:\s+\(|\s*$)/)
+  if (match?.[1]) return match[1].trim()
+
+  const parsed = parseJsonObject(content)
+  return typeof parsed?.name === 'string' ? parsed.name.trim() : ''
+}
+
+function extractSkillNameFromManageContent(content: string): string {
+  const bracketMatch = content.match(/^\[skill_manage\]\s+name=(.+?)(?:\s+|\(|$)/)
+  if (bracketMatch?.[1]) return bracketMatch[1].trim()
+
+  const parsed = parseJsonObject(content)
+  const message = typeof parsed?.message === 'string' ? parsed.message : content
+  const quotedMatch = message.match(/skill ['"]([^'"]+)['"]/i)
+  if (quotedMatch?.[1]) return quotedMatch[1].trim()
+
+  const namedMatch = message.match(/\bname=([^\s)]+)/i)
+  return namedMatch?.[1]?.trim() || ''
+}
+
+function extractSkillToolCall(row: Record<string, unknown>): { action: SkillUsageAction; skill: string } | null {
+  const toolCallId = typeof row.tool_call_id === 'string' ? row.tool_call_id : ''
+  const rawToolCalls = typeof row.assistant_tool_calls === 'string' ? row.assistant_tool_calls : ''
+  if (!toolCallId || !rawToolCalls) return null
+
+  let parsed: unknown
+  try {
+    parsed = JSON.parse(rawToolCalls)
+  } catch {
+    return null
+  }
+
+  const calls = Array.isArray(parsed) ? parsed : [parsed]
+  for (const call of calls) {
+    if (!call || typeof call !== 'object') continue
+    const record = call as Record<string, unknown>
+    const functionRecord = record.function && typeof record.function === 'object'
+      ? record.function as Record<string, unknown>
+      : {}
+    const ids = [record.id, record.call_id, record.tool_call_id, functionRecord.call_id]
+      .filter((value): value is string => typeof value === 'string')
+    if (!ids.includes(toolCallId)) continue
+
+    const name = typeof functionRecord.name === 'string'
+      ? functionRecord.name
+      : typeof record.name === 'string'
+        ? record.name
+        : ''
+    const action: SkillUsageAction | null = name === 'skill_view'
+      ? 'view'
+      : name === 'skill_manage'
+        ? 'manage'
+        : null
+    if (!action) return null
+
+    const args = parseJsonObject(functionRecord.arguments ?? record.arguments)
+    const skill = typeof args?.name === 'string' ? args.name.trim() : ''
+    return { action, skill }
+  }
+
+  return null
+}
+
+function mapSkillUsageEvent(row: Record<string, unknown>): RawSkillUsageEvent | null {
+  const content = typeof row.content === 'string' ? row.content : ''
+  const toolName = typeof row.tool_name === 'string' ? row.tool_name : ''
+  const toolCall = extractSkillToolCall(row)
+  const action: SkillUsageAction | null = toolName === 'skill_view' || content.startsWith('[skill_view]')
+    ? 'view'
+    : toolName === 'skill_manage' || content.startsWith('[skill_manage]')
+      ? 'manage'
+      : toolCall?.action ?? null
+
+  if (!action) return null
+
+  const skill = toolCall?.skill || (action === 'view'
+    ? extractSkillNameFromViewContent(content)
+    : extractSkillNameFromManageContent(content))
+
+  if (!skill) return null
+
+  return {
+    skill,
+    action,
+    timestamp: normalizeNullableNumber(row.timestamp),
+  }
+}
+
+function formatUnixDate(timestamp: number | null): string {
+  if (timestamp == null) return ''
+  return new Date(timestamp * 1000).toISOString().slice(0, 10)
+}
+
+export async function getSkillUsageStatsFromDb(
+  days = 7,
+  nowSeconds = Math.floor(Date.now() / 1000),
+  profile?: string,
+): Promise<HermesSkillUsageStats> {
+  const normalizedDays = Number.isFinite(days) ? days : 7
+  const safeDays = Math.max(1, Math.floor(normalizedDays))
+  const since = nowSeconds - safeDays * 24 * 60 * 60
+  const db = await openSessionDb(profile)
+
+  try {
+    const hasStartedIndex = db.prepare("PRAGMA index_list(sessions)").all()
+      .some(index => String(index.name || '') === 'idx_sessions_started')
+    const hasMessagesIndex = db.prepare("PRAGMA index_list(messages)").all()
+      .some(index => String(index.name || '') === 'idx_messages_session')
+    const sessionsTable = hasStartedIndex ? 'sessions s INDEXED BY idx_sessions_started' : 'sessions s'
+    const messagesTable = hasMessagesIndex ? 'messages m INDEXED BY idx_messages_session' : 'messages m'
+    const toolPredicate = `
+      m.role = 'tool'
+      AND (
+        m.tool_name IN ('skill_view', 'skill_manage')
+        OR m.content LIKE '[skill_view]%'
+        OR m.content LIKE '[skill_manage]%'
+        OR m.tool_call_id IS NOT NULL
+      )
+    `
+    const recentRows = db.prepare(`
+      SELECT
+        m.tool_name,
+        m.tool_call_id,
+        SUBSTR(m.content, 1, 300) AS content,
+        COALESCE(m.timestamp, s.started_at) AS timestamp,
+        (
+          SELECT a.tool_calls
+          FROM messages a
+          WHERE a.session_id = m.session_id
+            AND a.role = 'assistant'
+            AND m.tool_call_id IS NOT NULL
+            AND a.tool_calls LIKE '%' || m.tool_call_id || '%'
+          ORDER BY a.timestamp DESC
+          LIMIT 1
+        ) AS assistant_tool_calls
+      FROM ${sessionsTable}
+      JOIN ${messagesTable} ON m.session_id = s.id
+      WHERE s.started_at > ?
+        AND ${toolPredicate}
+    `).all(since) as Record<string, unknown>[]
+    const lateRows = db.prepare(`
+      SELECT
+        m.tool_name,
+        m.tool_call_id,
+        SUBSTR(m.content, 1, 300) AS content,
+        COALESCE(m.timestamp, s.started_at) AS timestamp,
+        (
+          SELECT a.tool_calls
+          FROM messages a
+          WHERE a.session_id = m.session_id
+            AND a.role = 'assistant'
+            AND m.tool_call_id IS NOT NULL
+            AND a.tool_calls LIKE '%' || m.tool_call_id || '%'
+          ORDER BY a.timestamp DESC
+          LIMIT 1
+        ) AS assistant_tool_calls
+      FROM ${sessionsTable}
+      JOIN ${messagesTable} ON m.session_id = s.id
+      WHERE s.started_at <= ?
+        AND COALESCE(m.timestamp, s.started_at) > ?
+        AND ${toolPredicate}
+    `).all(since, since) as Record<string, unknown>[]
+
+    const skillMap = new Map<string, { skill: string; view_count: number; manage_count: number; last_used_at: number | null }>()
+    const dayMap = new Map<string, { date: string; view_count: number; manage_count: number }>()
+    const daySkillMap = new Map<string, Map<string, { skill: string; view_count: number; manage_count: number }>>()
+
+    for (const row of [...recentRows, ...lateRows]) {
+      const event = mapSkillUsageEvent(row)
+      if (!event) continue
+
+      const entry = skillMap.get(event.skill) || {
+        skill: event.skill,
+        view_count: 0,
+        manage_count: 0,
+        last_used_at: null,
+      }
+      if (event.action === 'view') entry.view_count += 1
+      else entry.manage_count += 1
+      if (event.timestamp != null && (entry.last_used_at == null || event.timestamp > entry.last_used_at)) {
+        entry.last_used_at = event.timestamp
+      }
+      skillMap.set(event.skill, entry)
+
+      const date = formatUnixDate(event.timestamp)
+      if (date) {
+        const day = dayMap.get(date) || { date, view_count: 0, manage_count: 0 }
+        if (event.action === 'view') day.view_count += 1
+        else day.manage_count += 1
+        dayMap.set(date, day)
+
+        const skillsForDay = daySkillMap.get(date) || new Map<string, { skill: string; view_count: number; manage_count: number }>()
+        const skillForDay = skillsForDay.get(event.skill) || { skill: event.skill, view_count: 0, manage_count: 0 }
+        if (event.action === 'view') skillForDay.view_count += 1
+        else skillForDay.manage_count += 1
+        skillsForDay.set(event.skill, skillForDay)
+        daySkillMap.set(date, skillsForDay)
+      }
+    }
+
+    const totalLoads = [...skillMap.values()].reduce((sum, skill) => sum + skill.view_count, 0)
+    const totalEdits = [...skillMap.values()].reduce((sum, skill) => sum + skill.manage_count, 0)
+    const totalActions = totalLoads + totalEdits
+    const byDay = [...dayMap.values()]
+      .map(day => ({
+        ...day,
+        total_count: day.view_count + day.manage_count,
+        skills: [...(daySkillMap.get(day.date)?.values() || [])]
+          .map(skill => ({
+            ...skill,
+            total_count: skill.view_count + skill.manage_count,
+          }))
+          .sort((a, b) => b.total_count - a.total_count || a.skill.localeCompare(b.skill)),
+      }))
+      .sort((a, b) => a.date.localeCompare(b.date))
+    const topSkills = [...skillMap.values()]
+      .map(skill => ({
+        ...skill,
+        total_count: skill.view_count + skill.manage_count,
+        percentage: totalActions > 0 ? (skill.view_count + skill.manage_count) / totalActions * 100 : 0,
+      }))
+      .sort((a, b) =>
+        b.total_count - a.total_count ||
+        b.view_count - a.view_count ||
+        b.manage_count - a.manage_count ||
+        (b.last_used_at || 0) - (a.last_used_at || 0) ||
+        a.skill.localeCompare(b.skill),
+      )
+
+    return {
+      period_days: safeDays,
+      summary: {
+        total_skill_loads: totalLoads,
+        total_skill_edits: totalEdits,
+        total_skill_actions: totalActions,
+        distinct_skills_used: skillMap.size,
+      },
+      by_day: byDay,
+      top_skills: topSkills,
+    }
+  } finally {
+    db.close()
+  }
+}
+
+export async function getUsageStatsFromDb(
+  days = 30,
+  nowSeconds = Math.floor(Date.now() / 1000),
+  profile?: string,
+): Promise<HermesUsageStats> {
+  const empty: HermesUsageStats = {
+    input_tokens: 0,
+    output_tokens: 0,
+    cache_read_tokens: 0,
+    cache_write_tokens: 0,
+    reasoning_tokens: 0,
+    sessions: 0,
+    by_model: [],
+    by_day: [],
+    cost: 0,
+    total_api_calls: 0,
+  }
+
+  const normalizedDays = Number.isFinite(days) ? days : 30
+  const safeDays = Math.max(1, Math.floor(normalizedDays))
+  const since = nowSeconds - safeDays * 24 * 60 * 60
+  const db = await openSessionDb(profile)
+
+  try {
+    const apiCallsExpr = tableHasColumn(db, 'sessions', 'api_call_count')
+      ? 'COALESCE(SUM(api_call_count), 0)'
+      : '0'
+    const totals = db.prepare(`
+      SELECT
+        COALESCE(SUM(input_tokens), 0) AS input_tokens,
+        COALESCE(SUM(output_tokens), 0) AS output_tokens,
+        COALESCE(SUM(cache_read_tokens), 0) AS cache_read_tokens,
+        COALESCE(SUM(cache_write_tokens), 0) AS cache_write_tokens,
+        COALESCE(SUM(reasoning_tokens), 0) AS reasoning_tokens,
+        COALESCE(SUM(COALESCE(actual_cost_usd, estimated_cost_usd, 0)), 0) AS cost,
+        COUNT(*) AS sessions,
+        ${apiCallsExpr} AS total_api_calls
+      FROM sessions
+      WHERE started_at > ?
+    `).get(since) as Record<string, unknown> | undefined
+
+    if (!totals) return empty
+
+    const byModel = db.prepare(`
+      SELECT
+        COALESCE(model, '') AS model,
+        COALESCE(SUM(input_tokens), 0) AS input_tokens,
+        COALESCE(SUM(output_tokens), 0) AS output_tokens,
+        COALESCE(SUM(cache_read_tokens), 0) AS cache_read_tokens,
+        COALESCE(SUM(cache_write_tokens), 0) AS cache_write_tokens,
+        COALESCE(SUM(reasoning_tokens), 0) AS reasoning_tokens,
+        COUNT(*) AS sessions
+      FROM sessions
+      WHERE started_at > ? AND model IS NOT NULL
+      GROUP BY model
+      ORDER BY COALESCE(SUM(input_tokens), 0) + COALESCE(SUM(output_tokens), 0) DESC
+    `).all(since).map(row => ({
+      model: String(row.model || ''),
+      input_tokens: normalizeNumber(row.input_tokens),
+      output_tokens: normalizeNumber(row.output_tokens),
+      cache_read_tokens: normalizeNumber(row.cache_read_tokens),
+      cache_write_tokens: normalizeNumber(row.cache_write_tokens),
+      reasoning_tokens: normalizeNumber(row.reasoning_tokens),
+      sessions: normalizeNumber(row.sessions),
+    }))
+
+    const byDay = db.prepare(`
+      SELECT
+        date(started_at, 'unixepoch') AS date,
+        COALESCE(SUM(input_tokens), 0) AS input_tokens,
+        COALESCE(SUM(output_tokens), 0) AS output_tokens,
+        COALESCE(SUM(cache_read_tokens), 0) AS cache_read_tokens,
+        COALESCE(SUM(cache_write_tokens), 0) AS cache_write_tokens,
+        COUNT(*) AS sessions,
+        COALESCE(SUM(COALESCE(actual_cost_usd, estimated_cost_usd, 0)), 0) AS cost
+      FROM sessions
+      WHERE started_at > ?
+      GROUP BY date
+      ORDER BY date ASC
+    `).all(since).map(row => ({
+      date: String(row.date || ''),
+      input_tokens: normalizeNumber(row.input_tokens),
+      output_tokens: normalizeNumber(row.output_tokens),
+      cache_read_tokens: normalizeNumber(row.cache_read_tokens),
+      cache_write_tokens: normalizeNumber(row.cache_write_tokens),
+      sessions: normalizeNumber(row.sessions),
+      errors: 0,
+      cost: normalizeNumber(row.cost),
+    }))
+
+    return {
+      input_tokens: normalizeNumber(totals.input_tokens),
+      output_tokens: normalizeNumber(totals.output_tokens),
+      cache_read_tokens: normalizeNumber(totals.cache_read_tokens),
+      cache_write_tokens: normalizeNumber(totals.cache_write_tokens),
+      reasoning_tokens: normalizeNumber(totals.reasoning_tokens),
+      sessions: normalizeNumber(totals.sessions),
+      by_model: byModel,
+      by_day: byDay,
+      cost: normalizeNumber(totals.cost),
+      total_api_calls: normalizeNumber(totals.total_api_calls),
+    }
+  } finally {
+    db.close()
+  }
+}
+
+export async function listSessionSummaries(source?: string, limit = 2000, profile?: string): Promise<HermesSessionRow[]> {
+  if (!SQLITE_AVAILABLE) {
+    throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`)
+  }
+
+  const { DatabaseSync } = await import('node:sqlite')
+  const dbPath = profile ? join(getProfileDir(profile), 'state.db') : sessionDbPath()
+  const db = new DatabaseSync(dbPath, { open: true, readOnly: true })
+
+  try {
+    const clauses = ["s.parent_session_id IS NULL", "s.source != 'tool'", "s.id NOT LIKE 'compress_%'"]
+    const params: any[] = []
+    if (source) {
+      clauses.push('s.source = ?')
+      params.push(source)
+    }
+    params.push(Math.max(limit * 4, limit))
+
+    const rawRows = db.prepare(`
+      SELECT
+        ${SESSION_SELECT},
+        s.parent_session_id AS parent_session_id
+      FROM sessions s
+      WHERE ${clauses.join(' AND ')}
+      ORDER BY s.started_at DESC
+      LIMIT ?
+    `).all(...params) as Record<string, unknown>[] | undefined
+    const roots = (Array.isArray(rawRows) ? rawRows : []).map(mapInternalSessionRow)
+
+    const idx = loadAllSessions(db)
+    return roots
+      .map(root => projectSessionSummary(root, collectSessionChain(root, idx)))
+      .sort((a, b) => Number(b.last_active || b.started_at || 0) - Number(a.last_active || a.started_at || 0))
+      .slice(0, limit)
+  } finally {
+    db.close()
+  }
+}
+
+export async function searchSessionSummariesWithProfile(
+  query: string,
+  profile: string,
+  source?: string,
+  limit = 20,
+): Promise<HermesSessionSearchRow[]> {
+  if (!SQLITE_AVAILABLE) {
+    throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`)
+  }
+
+  const trimmed = query.trim()
+  if (!trimmed) return []
+
+  const { DatabaseSync } = await import('node:sqlite')
+  const dbPath = join(getProfileDir(profile), 'state.db')
+  const db = new DatabaseSync(dbPath, { open: true, readOnly: true })
+  const normalized = sanitizeFtsQuery(trimmed)
+  const prefixQuery = toPrefixQuery(normalized)
+  const titlePattern = buildLikePattern(normalizeTitleLikeQuery(trimmed).toLowerCase())
+  const useLiteralContentSearch = containsCjk(trimmed) || shouldUseLiteralContentSearch(trimmed)
+  const candidateLimit = searchCandidateLimit(limit)
+
+  try {
+    const sourceClause = source ? 'AND s.source = ?' : ''
+    const sourceParams = source ? [source] : []
+    const titleSql = `
+      WITH base AS (
+        SELECT
+          ${SESSION_SELECT},
+          s.parent_session_id AS parent_session_id
+        FROM sessions s
+        WHERE s.source != 'tool' AND s.id NOT LIKE 'compress_%'
+          ${sourceClause}
+      )
+      SELECT
+        base.*,
+        NULL AS matched_message_id,
+        CASE
+          WHEN base.title IS NOT NULL AND base.title != '' THEN base.title
+          ELSE base.preview
+        END AS snippet,
+        0 AS rank
+      FROM base
+      WHERE LOWER(COALESCE(base.title, '')) LIKE ? ESCAPE '\\'
+      ORDER BY base.last_active DESC
+      LIMIT ?
+    `
+    const titleRows = db.prepare(titleSql).all(...sourceParams, titlePattern, candidateLimit) as Record<string, unknown>[]
+
+    const contentSql = `
+      WITH base AS (
+        SELECT
+          ${SESSION_SELECT},
+          s.parent_session_id AS parent_session_id
+        FROM sessions s
+        WHERE s.source != 'tool' AND s.id NOT LIKE 'compress_%'
+          ${sourceClause}
+      )
+      SELECT
+        base.*,
+        m.id AS matched_message_id,
+        snippet(messages_fts, 0, '>>>', '<<<', '...', 40) AS snippet,
+        bm25(messages_fts) AS rank
+      FROM messages_fts
+      JOIN messages m ON m.id = messages_fts.rowid
+      JOIN base ON base.id = m.session_id
+      WHERE messages_fts MATCH ?
+      ORDER BY rank, base.last_active DESC
+      LIMIT ?
+    `
+
+    const contentRows = useLiteralContentSearch
+      ? runLiteralContentSearch(db, source, trimmed, candidateLimit)
+      : prefixQuery
+        ? (db.prepare(contentSql).all(...sourceParams, prefixQuery, candidateLimit) as Record<string, unknown>[])
+        : []
+
+    const idx = loadAllSessions(db)
+    const merged = new Map<string, HermesSessionSearchRow>()
+    for (const row of titleRows) {
+      const mapped = projectSearchRow(row, idx, source)
+      if (mapped) merged.set(mapped.id, mapped)
+    }
+    for (const row of contentRows) {
+      const mapped = projectSearchRow(row, idx, source)
+      if (mapped && !merged.has(mapped.id)) merged.set(mapped.id, mapped)
+    }
+
+    const items = [...merged.values()]
+    items.sort((a, b) => {
+      if (a.rank !== b.rank) return a.rank - b.rank
+      return b.last_active - a.last_active
+    })
+    return items.slice(0, limit)
+  } catch (_err) {
+    return []
+  } finally {
+    db.close()
+  }
+}
+
+export async function searchSessionSummaries(
+  query: string,
+  source?: string,
+  limit = 20,
+): Promise<HermesSessionSearchRow[]> {
+  if (!SQLITE_AVAILABLE) {
+    throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`)
+  }
+
+  const trimmed = query.trim()
+  if (!trimmed) {
+    const recent = await listSessionSummaries(source, limit)
+    return recent.map(row => ({
+      ...row,
+      matched_message_id: null,
+      snippet: row.preview,
+      rank: 0,
+    }))
+  }
+
+  const { DatabaseSync } = await import('node:sqlite')
+  const db = new DatabaseSync(sessionDbPath(), { open: true, readOnly: true })
+  const normalized = sanitizeFtsQuery(trimmed)
+  const prefixQuery = toPrefixQuery(normalized)
+  const titlePattern = buildLikePattern(normalizeTitleLikeQuery(trimmed).toLowerCase())
+  const useLiteralContentSearch = containsCjk(trimmed) || shouldUseLiteralContentSearch(trimmed)
+  const candidateLimit = searchCandidateLimit(limit)
+  let titleRows: Record<string, unknown>[] = []
+
+  try {
+    const sourceClause = source ? 'AND s.source = ?' : ''
+    const sourceParams = source ? [source] : []
+    const allSessionsBaseSql = `
+      SELECT
+        ${SESSION_SELECT},
+        s.parent_session_id AS parent_session_id
+      FROM sessions s
+      WHERE s.source != 'tool' AND s.id NOT LIKE 'compress_%'
+        ${sourceClause}
+    `
+
+    const titleSql = `
+      WITH base AS (
+        ${allSessionsBaseSql}
+      )
+      SELECT
+        base.*,
+        NULL AS matched_message_id,
+        CASE
+          WHEN base.title IS NOT NULL AND base.title != '' THEN base.title
+          ELSE base.preview
+        END AS snippet,
+        0 AS rank
+      FROM base
+      WHERE LOWER(COALESCE(base.title, '')) LIKE ? ESCAPE '\\'
+      ORDER BY base.last_active DESC
+      LIMIT ?
+    `
+
+    const titleStatement = db.prepare(titleSql)
+    titleRows = titleStatement.all(...sourceParams, titlePattern, candidateLimit) as Record<string, unknown>[]
+
+    const contentSql = `
+      WITH base AS (
+        ${allSessionsBaseSql}
+      )
+      SELECT
+        base.*,
+        m.id AS matched_message_id,
+        snippet(messages_fts, 0, '>>>', '<<<', '...', 40) AS snippet,
+        bm25(messages_fts) AS rank
+      FROM messages_fts
+      JOIN messages m ON m.id = messages_fts.rowid
+      JOIN base ON base.id = m.session_id
+      WHERE messages_fts MATCH ?
+      ORDER BY rank, base.last_active DESC
+      LIMIT ?
+    `
+
+    const contentRows = useLiteralContentSearch
+      ? runLiteralContentSearch(db, source, trimmed, candidateLimit)
+      : prefixQuery
+        ? (db.prepare(contentSql).all(...sourceParams, prefixQuery, candidateLimit) as Record<string, unknown>[])
+        : []
+
+    const idx = loadAllSessions(db)
+    const merged = new Map<string, HermesSessionSearchRow>()
+    for (const row of titleRows) {
+      const mapped = projectSearchRow(row, idx, source)
+      if (mapped) merged.set(mapped.id, mapped)
+    }
+    for (const row of contentRows) {
+      const mapped = projectSearchRow(row, idx, source)
+      if (mapped && !merged.has(mapped.id)) {
+        merged.set(mapped.id, mapped)
+      }
+    }
+
+    const items = [...merged.values()]
+    items.sort((a, b) => {
+      if (a.rank !== b.rank) return a.rank - b.rank
+      return b.last_active - a.last_active
+    })
+    return items.slice(0, limit)
+  } catch (_err) {
+    // FTS queries can fail for various inputs (pure numbers, special syntax, etc.)
+    // Fall back to title-only LIKE results + literal content search for CJK
+    const likeRows = containsCjk(normalized)
+      ? runLiteralContentSearch(db, source, trimmed, candidateLimit)
+      : []
+    const idx2 = loadAllSessions(db)
+    const merged = new Map<string, HermesSessionSearchRow>()
+    for (const row of titleRows) {
+      const mapped = projectSearchRow(row, idx2, source)
+      if (mapped) merged.set(mapped.id, mapped)
+    }
+    for (const row of likeRows) {
+      const mapped = projectSearchRow(row, idx2, source)
+      if (mapped && !merged.has(mapped.id)) {
+        merged.set(mapped.id, mapped)
+      }
+    }
+    const items = [...merged.values()]
+    items.sort((a, b) => {
+      if (a.rank !== b.rank) return a.rank - b.rank
+      return b.last_active - a.last_active
+    })
+    return items.slice(0, limit)
+  } finally {
+    db.close()
+  }
+}
diff --git a/packages/server/src/db/hermes/usage-store.ts b/packages/server/src/db/hermes/usage-store.ts
new file mode 100644
index 0000000..4420181
--- /dev/null
+++ b/packages/server/src/db/hermes/usage-store.ts
@@ -0,0 +1,227 @@
+import { isSqliteAvailable, getDb, jsonSet, jsonGet, jsonGetAll, jsonDelete } from '../index'
+import { USAGE_TABLE as TABLE } from './schemas'
+
+export interface UsageRecord {
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  model: string
+  profile: string
+  created_at: number
+}
+
+export function updateUsage(
+  sessionId: string,
+  data: {
+    inputTokens: number
+    outputTokens: number
+    cacheReadTokens?: number
+    cacheWriteTokens?: number
+    reasoningTokens?: number
+    model?: string
+    profile?: string
+  },
+): void {
+  const cacheReadTokens = data.cacheReadTokens ?? 0
+  const cacheWriteTokens = data.cacheWriteTokens ?? 0
+  const reasoningTokens = data.reasoningTokens ?? 0
+  const now = Date.now()
+  const model = data.model || ''
+  const profile = data.profile || 'default'
+  if (isSqliteAvailable()) {
+    const db = getDb()!
+    db.prepare(
+      `INSERT INTO ${TABLE} (session_id, input_tokens, output_tokens, cache_read_tokens, cache_write_tokens, reasoning_tokens, model, profile, created_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+    ).run(sessionId, data.inputTokens, data.outputTokens, cacheReadTokens, cacheWriteTokens, reasoningTokens, model, profile, now)
+  } else {
+    jsonSet(TABLE, sessionId, {
+      input_tokens: data.inputTokens,
+      output_tokens: data.outputTokens,
+      cache_read_tokens: cacheReadTokens,
+      cache_write_tokens: cacheWriteTokens,
+      reasoning_tokens: reasoningTokens,
+      model,
+      profile,
+      created_at: now,
+    })
+  }
+}
+
+export function getUsage(sessionId: string): UsageRecord | undefined {
+  if (isSqliteAvailable()) {
+    return getDb()!.prepare(
+      `SELECT session_id, input_tokens, output_tokens, cache_read_tokens, cache_write_tokens, reasoning_tokens, model, profile, created_at FROM ${TABLE} WHERE session_id = ? ORDER BY id DESC LIMIT 1`,
+    ).get(sessionId) as UsageRecord | undefined
+  }
+  const row = jsonGet(TABLE, sessionId)
+  if (!row) return undefined
+  return {
+    input_tokens: row.input_tokens ?? 0,
+    output_tokens: row.output_tokens ?? 0,
+    cache_read_tokens: row.cache_read_tokens ?? 0,
+    cache_write_tokens: row.cache_write_tokens ?? 0,
+    reasoning_tokens: row.reasoning_tokens ?? 0,
+    model: row.model ?? '',
+    profile: row.profile ?? 'default',
+    created_at: row.created_at ?? 0,
+  }
+}
+
+export function getUsageBatch(sessionIds: string[]): Record<string, UsageRecord> {
+  if (sessionIds.length === 0) return {}
+  if (isSqliteAvailable()) {
+    const db = getDb()!
+    const placeholders = sessionIds.map(() => '?').join(',')
+    const rows = db.prepare(
+      `SELECT session_id, input_tokens, output_tokens, cache_read_tokens, cache_write_tokens, reasoning_tokens, model, profile, created_at
+       FROM ${TABLE}
+       WHERE id IN (SELECT MAX(id) FROM ${TABLE} WHERE session_id IN (${placeholders}) GROUP BY session_id)`,
+    ).all(...sessionIds) as unknown as Array<UsageRecord & { session_id: string }>
+    const map: Record<string, UsageRecord> = {}
+    for (const r of rows) {
+      map[r.session_id] = {
+        input_tokens: r.input_tokens,
+        output_tokens: r.output_tokens,
+        cache_read_tokens: r.cache_read_tokens,
+        cache_write_tokens: r.cache_write_tokens,
+        reasoning_tokens: r.reasoning_tokens,
+        model: r.model,
+        profile: r.profile,
+        created_at: r.created_at,
+      }
+    }
+    return map
+  }
+  const all = jsonGetAll(TABLE)
+  const map: Record<string, UsageRecord> = {}
+  for (const id of sessionIds) {
+    const row = all[id]
+    if (row) {
+      map[id] = {
+        input_tokens: row.input_tokens ?? 0,
+        output_tokens: row.output_tokens ?? 0,
+        cache_read_tokens: row.cache_read_tokens ?? 0,
+        cache_write_tokens: row.cache_write_tokens ?? 0,
+        reasoning_tokens: row.reasoning_tokens ?? 0,
+        model: row.model ?? '',
+        profile: row.profile ?? 'default',
+        created_at: row.created_at ?? 0,
+      }
+    }
+  }
+  return map
+}
+
+export function deleteUsage(sessionId: string): void {
+  if (isSqliteAvailable()) {
+    getDb()!.prepare(`DELETE FROM ${TABLE} WHERE session_id = ?`).run(sessionId)
+  } else {
+    jsonDelete(TABLE, sessionId)
+  }
+}
+
+// --- Aggregation for stats endpoint ---
+
+export interface UsageStatsModelRow {
+  model: string
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  sessions: number
+}
+
+export interface UsageStatsDailyRow {
+  date: string
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  sessions: number
+  errors: number
+  cost: number
+}
+
+export interface LocalUsageStats {
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  sessions: number
+  by_model: UsageStatsModelRow[]
+  by_day: UsageStatsDailyRow[]
+}
+
+export function getLocalUsageStats(profile?: string, days = 30): LocalUsageStats {
+  const empty: LocalUsageStats = {
+    input_tokens: 0, output_tokens: 0, cache_read_tokens: 0,
+    cache_write_tokens: 0, reasoning_tokens: 0, sessions: 0,
+    by_model: [], by_day: [],
+  }
+  if (!isSqliteAvailable()) return empty
+
+  const db = getDb()!
+  const safeDays = Math.max(1, Math.floor(Number.isFinite(days) ? days : 30))
+  const cutoffMs = Date.now() - safeDays * 24 * 60 * 60 * 1000
+  const filters: string[] = ['created_at > ?']
+  const params: any[] = [cutoffMs]
+  if (profile) {
+    filters.unshift('profile = ?')
+    params.unshift(profile)
+  }
+  const whereClause = `WHERE ${filters.join(' AND ')}`
+
+  const totals = db.prepare(`
+    SELECT COALESCE(SUM(input_tokens),0) as input_tokens,
+      COALESCE(SUM(output_tokens),0) as output_tokens,
+      COALESCE(SUM(cache_read_tokens),0) as cache_read_tokens,
+      COALESCE(SUM(cache_write_tokens),0) as cache_write_tokens,
+      COALESCE(SUM(reasoning_tokens),0) as reasoning_tokens,
+      COUNT(DISTINCT session_id) as sessions
+    FROM ${TABLE}
+    ${whereClause}
+  `).get(...params) as any
+
+  const byModel = db.prepare(`
+    SELECT model,
+      COALESCE(SUM(input_tokens),0) as input_tokens,
+      COALESCE(SUM(output_tokens),0) as output_tokens,
+      COALESCE(SUM(cache_read_tokens),0) as cache_read_tokens,
+      COALESCE(SUM(cache_write_tokens),0) as cache_write_tokens,
+      COALESCE(SUM(reasoning_tokens),0) as reasoning_tokens,
+      COUNT(DISTINCT session_id) as sessions
+    FROM ${TABLE}
+    ${whereClause}
+    GROUP BY model
+    ORDER BY COALESCE(SUM(input_tokens),0) + COALESCE(SUM(output_tokens),0) DESC
+  `).all(...params) as unknown as UsageStatsModelRow[]
+
+  const byDay = db.prepare(`
+    SELECT DATE(created_at / 1000, 'unixepoch') as date,
+      COALESCE(SUM(input_tokens),0) as input_tokens,
+      COALESCE(SUM(output_tokens),0) as output_tokens,
+      COALESCE(SUM(cache_read_tokens),0) as cache_read_tokens,
+      COALESCE(SUM(cache_write_tokens),0) as cache_write_tokens,
+      COUNT(DISTINCT session_id) as sessions
+    FROM ${TABLE}
+    ${whereClause}
+    GROUP BY date
+    ORDER BY date
+  `).all(...params) as Array<{ date: string; input_tokens: number; output_tokens: number; cache_read_tokens: number; cache_write_tokens: number; sessions: number }>
+
+  return {
+    input_tokens: totals.input_tokens,
+    output_tokens: totals.output_tokens,
+    cache_read_tokens: totals.cache_read_tokens,
+    cache_write_tokens: totals.cache_write_tokens,
+    reasoning_tokens: totals.reasoning_tokens,
+    sessions: totals.sessions,
+    by_model: byModel,
+    by_day: byDay.map(d => ({ ...d, errors: 0, cost: 0 })),
+  }
+}
diff --git a/packages/server/src/db/hermes/users-store.ts b/packages/server/src/db/hermes/users-store.ts
new file mode 100644
index 0000000..705e21b
--- /dev/null
+++ b/packages/server/src/db/hermes/users-store.ts
@@ -0,0 +1,300 @@
+import { randomBytes, scryptSync, timingSafeEqual } from 'crypto'
+import { getDb } from '../index'
+import { USER_PROFILES_TABLE, USERS_TABLE } from './schemas'
+
+export type UserRole = 'super_admin' | 'admin'
+export type UserStatus = 'active' | 'disabled'
+export type UserId = number | string
+
+export interface UserRecord {
+  id: number
+  username: string
+  password_hash: string
+  role: UserRole
+  status: UserStatus
+  created_at: number
+  updated_at: number
+  last_login_at: number | null
+}
+
+export interface UserProfileRecord {
+  user_id: number
+  profile_name: string
+  is_default: number
+  created_at: number
+}
+
+export interface UserSummary {
+  id: number
+  username: string
+  role: UserRole
+  status: UserStatus
+  profiles: string[]
+  default_profile: string | null
+  created_at: number
+  updated_at: number
+  last_login_at: number | null
+}
+
+export const DEFAULT_USERNAME = 'admin'
+export const DEFAULT_PASSWORD = '123456'
+export const DEFAULT_PROFILE_NAME = 'default'
+
+const SCRYPT_KEY_LEN = 64
+
+function normalizeUserId(id: UserId): number | null {
+  const userId = typeof id === 'number' ? id : Number(id)
+  return Number.isInteger(userId) && userId > 0 ? userId : null
+}
+
+export function hashPassword(password: string): string {
+  const salt = randomBytes(16).toString('hex')
+  const hash = scryptSync(password, salt, SCRYPT_KEY_LEN).toString('hex')
+  return `scrypt:${salt}:${hash}`
+}
+
+export function verifyPassword(password: string, passwordHash: string): boolean {
+  const [scheme, salt, expectedHex] = passwordHash.split(':')
+  if (scheme !== 'scrypt' || !salt || !expectedHex) return false
+  try {
+    const expected = Buffer.from(expectedHex, 'hex')
+    const actual = scryptSync(password, salt, expected.length)
+    return actual.length === expected.length && timingSafeEqual(actual, expected)
+  } catch {
+    return false
+  }
+}
+
+export function findUserById(id: UserId): UserRecord | null {
+  const db = getDb()
+  if (!db) return null
+  const userId = normalizeUserId(id)
+  if (!userId) return null
+  const row = db.prepare(`SELECT * FROM ${USERS_TABLE} WHERE id = ?`).get(userId) as UserRecord | undefined
+  return row || null
+}
+
+export function findUserByUsername(username: string): UserRecord | null {
+  const db = getDb()
+  if (!db) return null
+  const row = db.prepare(`SELECT * FROM ${USERS_TABLE} WHERE username = ?`).get(username) as UserRecord | undefined
+  return row || null
+}
+
+export function findFirstUser(): UserRecord | null {
+  const db = getDb()
+  if (!db) return null
+  const row = db.prepare(`SELECT * FROM ${USERS_TABLE} ORDER BY id ASC LIMIT 1`).get() as UserRecord | undefined
+  return row || null
+}
+
+export function listUsers(): UserSummary[] {
+  const db = getDb()
+  if (!db) return []
+  const users = db.prepare(
+    `SELECT id, username, role, status, created_at, updated_at, last_login_at FROM ${USERS_TABLE} ORDER BY id ASC`
+  ).all() as Array<Omit<UserSummary, 'profiles' | 'default_profile'>>
+  return users.map(user => {
+    const profiles = listUserProfiles(user.id)
+    return {
+      ...user,
+      profiles: profiles.map(profile => profile.profile_name),
+      default_profile: profiles.find(profile => profile.is_default === 1)?.profile_name || null,
+    }
+  })
+}
+
+export function listUserProfiles(userId: UserId): UserProfileRecord[] {
+  const db = getDb()
+  if (!db) return []
+  const id = normalizeUserId(userId)
+  if (!id) return []
+  return db.prepare(
+    `SELECT * FROM ${USER_PROFILES_TABLE} WHERE user_id = ? ORDER BY is_default DESC, profile_name ASC`
+  ).all(id) as unknown as UserProfileRecord[]
+}
+
+export function userCanAccessProfile(userId: UserId, profileName: string): boolean {
+  const db = getDb()
+  if (!db) return false
+  const id = normalizeUserId(userId)
+  if (!id) return false
+  const row = db.prepare(
+    `SELECT 1 FROM ${USER_PROFILES_TABLE} WHERE user_id = ? AND profile_name = ?`
+  ).get(id, profileName)
+  return !!row
+}
+
+export function getDefaultProfileForUser(userId: UserId): string {
+  const db = getDb()
+  if (!db) return DEFAULT_PROFILE_NAME
+  const id = normalizeUserId(userId)
+  if (!id) return DEFAULT_PROFILE_NAME
+  const row = db.prepare(
+    `SELECT profile_name FROM ${USER_PROFILES_TABLE} WHERE user_id = ? AND is_default = 1 LIMIT 1`
+  ).get(id) as { profile_name?: string } | undefined
+  return row?.profile_name || DEFAULT_PROFILE_NAME
+}
+
+export function countUsers(): number {
+  const db = getDb()
+  if (!db) return 0
+  const row = db.prepare(`SELECT COUNT(*) as count FROM ${USERS_TABLE}`).get() as { count?: number } | undefined
+  return Number(row?.count || 0)
+}
+
+export function countActiveSuperAdmins(excludeUserId?: UserId): number {
+  const db = getDb()
+  if (!db) return 0
+  const exclude = excludeUserId == null ? null : normalizeUserId(excludeUserId)
+  const row = exclude
+    ? db.prepare(`SELECT COUNT(*) as count FROM ${USERS_TABLE} WHERE role = 'super_admin' AND status = 'active' AND id != ?`).get(exclude)
+    : db.prepare(`SELECT COUNT(*) as count FROM ${USERS_TABLE} WHERE role = 'super_admin' AND status = 'active'`).get()
+  return Number((row as { count?: number } | undefined)?.count || 0)
+}
+
+export function touchUserLogin(userId: UserId, at = Date.now()): void {
+  const db = getDb()
+  if (!db) return
+  const id = normalizeUserId(userId)
+  if (!id) return
+  db.prepare(`UPDATE ${USERS_TABLE} SET last_login_at = ?, updated_at = ? WHERE id = ?`).run(at, at, id)
+}
+
+export function updateUserPassword(userId: UserId, password: string): boolean {
+  const db = getDb()
+  if (!db) return false
+  const id = normalizeUserId(userId)
+  if (!id) return false
+  const result = db.prepare(`UPDATE ${USERS_TABLE} SET password_hash = ?, updated_at = ? WHERE id = ?`)
+    .run(hashPassword(password), Date.now(), id)
+  return result.changes > 0
+}
+
+export function updateUsername(userId: UserId, username: string): boolean {
+  const db = getDb()
+  if (!db) return false
+  const id = normalizeUserId(userId)
+  if (!id) return false
+  const result = db.prepare(`UPDATE ${USERS_TABLE} SET username = ?, updated_at = ? WHERE id = ?`)
+    .run(username, Date.now(), id)
+  return result.changes > 0
+}
+
+export function createUser(input: {
+  username: string
+  password: string
+  role?: UserRole
+  status?: UserStatus
+  profiles?: string[]
+  defaultProfile?: string | null
+}): UserRecord | null {
+  const db = getDb()
+  if (!db) return null
+  const now = Date.now()
+  const role = input.role || 'admin'
+  const status = input.status || 'active'
+  db.prepare(
+    `INSERT INTO ${USERS_TABLE} (username, password_hash, role, status, created_at, updated_at)
+     VALUES (?, ?, ?, ?, ?, ?)`
+  ).run(input.username, hashPassword(input.password), role, status, now, now)
+
+  const user = findUserByUsername(input.username)
+  if (user) replaceUserProfiles(user.id, input.profiles || [], input.defaultProfile)
+  return user
+}
+
+export function updateUser(input: {
+  userId: UserId
+  username?: string
+  role?: UserRole
+  status?: UserStatus
+  password?: string
+  profiles?: string[]
+  defaultProfile?: string | null
+}): UserRecord | null {
+  const db = getDb()
+  if (!db) return null
+  const id = normalizeUserId(input.userId)
+  if (!id) return null
+
+  const current = findUserById(id)
+  if (!current) return null
+
+  const nextUsername = input.username ?? current.username
+  const nextRole = input.role ?? current.role
+  const nextStatus = input.status ?? current.status
+  const nextPasswordHash = input.password ? hashPassword(input.password) : current.password_hash
+  const now = Date.now()
+
+  db.prepare(
+    `UPDATE ${USERS_TABLE}
+     SET username = ?, password_hash = ?, role = ?, status = ?, updated_at = ?
+     WHERE id = ?`
+  ).run(nextUsername, nextPasswordHash, nextRole, nextStatus, now, id)
+
+  if (input.profiles) replaceUserProfiles(id, input.profiles, input.defaultProfile)
+  return findUserById(id)
+}
+
+export function deleteUser(userId: UserId): boolean {
+  const db = getDb()
+  if (!db) return false
+  const id = normalizeUserId(userId)
+  if (!id) return false
+  db.exec('BEGIN')
+  try {
+    db.prepare(`DELETE FROM ${USER_PROFILES_TABLE} WHERE user_id = ?`).run(id)
+    const result = db.prepare(`DELETE FROM ${USERS_TABLE} WHERE id = ?`).run(id)
+    db.exec('COMMIT')
+    return result.changes > 0
+  } catch (err) {
+    db.exec('ROLLBACK')
+    throw err
+  }
+}
+
+export function replaceUserProfiles(userId: UserId, profiles: string[], defaultProfile?: string | null): void {
+  const db = getDb()
+  if (!db) return
+  const id = normalizeUserId(userId)
+  if (!id) return
+
+  const uniqueProfiles = [...new Set(profiles.map(profile => profile.trim()).filter(Boolean))]
+  const defaultName = defaultProfile && uniqueProfiles.includes(defaultProfile) ? defaultProfile : uniqueProfiles[0] || null
+  const now = Date.now()
+
+  db.exec('BEGIN')
+  try {
+    db.prepare(`DELETE FROM ${USER_PROFILES_TABLE} WHERE user_id = ?`).run(id)
+    const stmt = db.prepare(
+      `INSERT INTO ${USER_PROFILES_TABLE} (user_id, profile_name, is_default, created_at) VALUES (?, ?, ?, ?)`
+    )
+    uniqueProfiles.forEach(profile => {
+      stmt.run(id, profile, profile === defaultName ? 1 : 0, now)
+    })
+    db.exec('COMMIT')
+  } catch (err) {
+    db.exec('ROLLBACK')
+    throw err
+  }
+}
+
+export function createDefaultSuperAdmin(): UserRecord | null {
+  const db = getDb()
+  if (!db) return null
+
+  const now = Date.now()
+  db.prepare(
+    `INSERT INTO ${USERS_TABLE} (username, password_hash, role, status, created_at, updated_at)
+     VALUES (?, ?, ?, ?, ?, ?)`
+  ).run(DEFAULT_USERNAME, hashPassword(DEFAULT_PASSWORD), 'super_admin', 'active', now, now)
+
+  return findUserByUsername(DEFAULT_USERNAME)
+}
+
+export function bootstrapDefaultSuperAdmin(username: string, password: string): UserRecord | null {
+  if (countUsers() > 0) return null
+  if (username !== DEFAULT_USERNAME || password !== DEFAULT_PASSWORD) return null
+  return createDefaultSuperAdmin()
+}
diff --git a/packages/server/src/db/index.ts b/packages/server/src/db/index.ts
new file mode 100644
index 0000000..f3768c8
--- /dev/null
+++ b/packages/server/src/db/index.ts
@@ -0,0 +1,128 @@
+import { DatabaseSync } from 'node:sqlite'
+import { mkdirSync, readFileSync, writeFileSync, existsSync } from 'fs'
+import { resolve } from 'path'
+import { config } from '../config'
+
+const isDev = process.env.NODE_ENV !== 'production'
+const isTest = process.env.VITEST === 'true' || process.env.NODE_ENV === 'test'
+
+// In WSL, always use home directory to avoid cross-filesystem issues
+const DB_DIR = isTest
+  ? resolve(process.cwd(), 'packages/server/data/test-runtime')
+  : isDev
+  ? resolve(process.cwd(), 'packages/server/data')
+  : config.appHome
+const DB_PATH = resolve(DB_DIR, 'hermes-web-ui.db')
+const JSON_PATH = resolve(DB_DIR, 'hermes-web-ui.json')
+
+// --- SQLite availability check ---
+
+const SQLITE_AVAILABLE = (() => {
+  const [major, minor] = process.versions.node.split('.').map(Number)
+  return major > 22 || (major === 22 && minor >= 5)
+})()
+
+export function isSqliteAvailable(): boolean {
+  return SQLITE_AVAILABLE
+}
+
+// --- SQLite backend ---
+
+let _db: DatabaseSync | null = null
+
+export function getDb(): DatabaseSync | null {
+  if (!SQLITE_AVAILABLE) return null
+  if (!_db) {
+    mkdirSync(DB_DIR, { recursive: true })
+    _db = new DatabaseSync(DB_PATH)
+    // Use WAL mode for better concurrency and WSL compatibility
+    if (isDev) {
+      _db.exec('PRAGMA journal_mode=DELETE')
+    } else {
+      _db.exec('PRAGMA journal_mode=WAL')
+      _db.exec('PRAGMA synchronous=NORMAL')
+      _db.exec('PRAGMA busy_timeout=5000')
+      _db.exec('PRAGMA foreign_keys=ON')
+    }
+  }
+  return _db
+}
+
+// --- JSON fallback backend ---
+
+type JsonData = Record<string, Record<string, Record<string, any>>>
+
+function readJsonStore(): JsonData {
+  if (!existsSync(JSON_PATH)) return {}
+  try {
+    return JSON.parse(readFileSync(JSON_PATH, 'utf-8'))
+  } catch {
+    return {}
+  }
+}
+
+function writeJsonStore(data: JsonData): void {
+  mkdirSync(DB_DIR, { recursive: true })
+  writeFileSync(JSON_PATH, JSON.stringify(data, null, 2), 'utf-8')
+}
+
+/**
+ * Get a record from the JSON store.
+ * @param table  Table name (namespace)
+ * @param key    Primary key
+ */
+export function jsonGet(table: string, key: string): Record<string, any> | undefined {
+  const data = readJsonStore()
+  return data[table]?.[key]
+}
+
+/**
+ * Set a record in the JSON store.
+ * @param table  Table name (namespace)
+ * @param key    Primary key
+ * @param value  Record data
+ */
+export function jsonSet(table: string, key: string, value: Record<string, any>): void {
+  const data = readJsonStore()
+  if (!data[table]) data[table] = {}
+  data[table][key] = value
+  writeJsonStore(data)
+}
+
+/**
+ * Get all records from a table in the JSON store.
+ */
+export function jsonGetAll(table: string): Record<string, Record<string, any>> {
+  const data = readJsonStore()
+  return data[table] || {}
+}
+
+/**
+ * Delete a record from the JSON store.
+ */
+export function jsonDelete(table: string, key: string): void {
+  const data = readJsonStore()
+  if (data[table]) {
+    delete data[table][key]
+    writeJsonStore(data)
+  }
+}
+
+/**
+ * Get the storage path for debugging.
+ */
+export function getStoragePath(): string {
+  return SQLITE_AVAILABLE ? DB_PATH : JSON_PATH
+}
+
+/**
+ * Close the SQLite database connection.
+ */
+export function closeDb(): void {
+  if (_db) {
+    try {
+      _db.close()
+    } catch { /* best-effort */ }
+    _db = null
+  }
+}
diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
new file mode 100644
index 0000000..bbb6e30
--- /dev/null
+++ b/packages/server/src/index.ts
@@ -0,0 +1,260 @@
+import Koa from 'koa'
+import cors from '@koa/cors'
+import bodyParser from '@koa/bodyparser'
+import serve from 'koa-static'
+import send from 'koa-send'
+import os from 'os'
+import { resolve } from 'path'
+import { mkdir } from 'fs/promises'
+import { readFileSync } from 'fs'
+import { config, shouldCreateWebUiDataDir } from './config'
+import { initLoginLimiter } from './services/login-limiter'
+import { bindShutdown } from './services/shutdown'
+import { setupTerminalWebSocket } from './routes/hermes/terminal'
+import { setupKanbanEventsWebSocket } from './routes/hermes/kanban-events'
+import { startVersionCheck } from './routes/health'
+import { registerRoutes } from './routes'
+import { setGroupChatServer } from './routes/hermes/group-chat'
+import { setChatRunServer } from './routes/hermes/chat-run'
+import { GroupChatServer } from './services/hermes/group-chat'
+import { ChatRunSocket } from './services/hermes/run-chat'
+import { getAgentBridgeManager, startAgentBridgeManager } from './services/hermes/agent-bridge'
+import { HermesSkillInjector } from './services/hermes/skill-injector'
+import { ensureProfileGatewaysRunning } from './services/hermes/gateway-autostart'
+import { logger } from './services/logger'
+import { requireUserJwt, resolveUserProfile } from './middleware/user-auth'
+
+// Injected by esbuild at build time; fallback to reading package.json in dev mode
+declare const __APP_VERSION__: string
+const APP_VERSION = typeof __APP_VERSION__ !== 'undefined'
+  ? __APP_VERSION__
+  : (() => { try { return JSON.parse(readFileSync(resolve(__dirname, '../../package.json'), 'utf-8')).version } catch { return 'dev' } })()
+
+// Global error handlers
+process.on('uncaughtException', (err) => {
+  console.error('FATAL: Uncaught exception')
+  console.error(err)
+  logger.fatal(err, 'Uncaught exception')
+  process.exit(1)
+})
+
+process.on('unhandledRejection', (reason) => {
+  console.error('Unhandled rejection')
+  console.error(reason)
+  logger.error(reason, 'Unhandled rejection')
+})
+
+let server: any = null
+let servers: any[] = []
+let chatRunServer: any = null
+let agentBridgeManager: any = null
+
+interface ListenResult {
+  primary: any
+  servers: any[]
+}
+
+function listen(app: Koa, port: number, host: string): Promise<any> {
+  return new Promise((resolve, reject) => {
+    const s = app.listen(port, host)
+    s.once('listening', () => resolve(s))
+    s.once('error', reject)
+  })
+}
+
+async function listenWithFallback(app: Koa, port: number, host?: string): Promise<ListenResult> {
+  const bindHost = host || '0.0.0.0'
+  console.log(`[bootstrap] listening on ${bindHost}:${port}`)
+  const primary = await listen(app, port, bindHost)
+  return { primary, servers: [primary] }
+}
+
+/**
+ * 安全获取网络接口信息（兼容 Termux/proot 环境）
+ * 在 proot 环境中 os.networkInterfaces() 会抛出权限错误（errno 13）
+ */
+function safeNetworkInterfaces() {
+  try {
+    return os.networkInterfaces()
+  } catch {
+    return {}
+  }
+}
+
+function isDesktopRuntime(): boolean {
+  return String(process.env.HERMES_DESKTOP || '').trim().toLowerCase() === 'true'
+}
+
+async function startRuntimeServicesBeforeListen(): Promise<void> {
+  try {
+    await ensureProfileGatewaysRunning()
+    console.log('[bootstrap] profile gateways checked')
+  } catch (err) {
+    logger.warn(err, '[bootstrap] failed to ensure profile gateways')
+    console.warn('[bootstrap] failed to ensure profile gateways:', err instanceof Error ? err.message : err)
+  }
+
+  try {
+    agentBridgeManager = await startAgentBridgeManager()
+    console.log('[bootstrap] agent bridge started')
+  } catch (err) {
+    logger.warn(err, '[bootstrap] agent bridge failed to start')
+    console.warn('[bootstrap] agent bridge failed to start:', err instanceof Error ? err.message : err)
+  }
+}
+
+function startRuntimeServicesAfterListen(): void {
+  void (async () => {
+    try {
+      await ensureProfileGatewaysRunning()
+      console.log('[bootstrap] profile gateways checked')
+    } catch (err) {
+      logger.warn(err, '[bootstrap] failed to ensure profile gateways')
+      console.warn('[bootstrap] failed to ensure profile gateways:', err instanceof Error ? err.message : err)
+    }
+  })()
+
+  void (async () => {
+    try {
+      agentBridgeManager = await startAgentBridgeManager()
+      console.log('[bootstrap] agent bridge started')
+    } catch (err) {
+      logger.warn(err, '[bootstrap] agent bridge failed to start')
+      console.warn('[bootstrap] agent bridge failed to start:', err instanceof Error ? err.message : err)
+    }
+  })()
+}
+
+export async function bootstrap() {
+  console.log(`hermes-web-ui v${APP_VERSION} starting...`)
+  await mkdir(config.uploadDir, { recursive: true })
+  if (shouldCreateWebUiDataDir()) {
+    await mkdir(config.dataDir, { recursive: true })
+  }
+
+  await initLoginLimiter()
+  try {
+    const skillInjector = new HermesSkillInjector()
+    const injectionResult = await skillInjector.injectMissingSkills()
+    if (injectionResult.injected.length > 0) {
+      logger.info({
+        injected: [...new Set(injectionResult.injected)],
+        targetCount: injectionResult.targets.length,
+      }, '[bootstrap] bundled skills injected')
+    }
+    if (injectionResult.updated.length > 0) {
+      logger.info({
+        updated: [...new Set(injectionResult.updated)],
+        targetCount: injectionResult.targets.length,
+      }, '[bootstrap] bundled skills updated')
+    }
+  } catch (err) {
+    logger.warn(err, '[bootstrap] failed to inject bundled skills')
+    console.warn('[bootstrap] failed to inject bundled skills:', err instanceof Error ? err.message : err)
+  }
+
+  if (!isDesktopRuntime()) {
+    await startRuntimeServicesBeforeListen()
+  }
+
+  const app = new Koa()
+  await new Promise(resolve => setTimeout(resolve, 1000))
+  // Initialize all web-ui SQLite tables
+  const { initAllStores } = await import('./db/hermes/init')
+  // Wait 1 second before initializing stores to ensure all resources are ready
+  initAllStores()
+  await new Promise(resolve => setTimeout(resolve, 1000))
+  console.log('[bootstrap] all stores initialized')
+
+  app.use(cors({ origin: config.corsOrigins }))
+  // Raise JSON/text limits above the default 1mb: profile avatars are posted
+  // as base64 data URLs (up to ~1MB raw → ~1.37MB base64), which otherwise
+  // tripped a 413 in the body parser before reaching the handler.
+  app.use(bodyParser({ encoding: 'utf-8', jsonLimit: '4mb', textLimit: '4mb' }))
+  console.log('[bootstrap] cors + bodyParser registered')
+
+  // Register all routes (handles auth internally)
+  const proxyMiddleware = registerRoutes(app, [requireUserJwt, resolveUserProfile])
+  app.use(proxyMiddleware)
+  console.log('[bootstrap] routes registered')
+
+  // SPA fallback
+  const distDir = resolve(__dirname, '..', 'client')
+  app.use(serve(distDir))
+  app.use(async (ctx) => {
+    if (!ctx.path.startsWith('/api') &&
+      ctx.path !== '/health' &&
+      ctx.path !== '/upload' &&
+      ctx.path !== '/webhook') {
+      await send(ctx, 'index.html', { root: distDir })
+    }
+  })
+  console.log('[bootstrap] SPA fallback registered')
+
+  // Start server using the configured bind host. Default is IPv4 for WSL stability.
+  const listenResult = await listenWithFallback(app, config.port, config.host)
+  server = listenResult.primary
+  servers = listenResult.servers
+  console.log('[bootstrap] app.listen called')
+
+  setupTerminalWebSocket(servers)
+  setupKanbanEventsWebSocket(servers)
+  console.log('[bootstrap] terminal + kanban websocket setup')
+
+  // Group chat Socket.IO (must be after server is created)
+  const groupChatServer = new GroupChatServer(servers)
+  setGroupChatServer(groupChatServer)
+
+  // Chat run Socket.IO — shares the same Server instance, just adds /chat-run namespace
+  chatRunServer = new ChatRunSocket(groupChatServer.getIO())
+  setChatRunServer(chatRunServer)
+  chatRunServer.init()
+
+  // Session deleter — periodically drain pending session deletes
+  const { SessionDeleter } = await import('./services/hermes/session-deleter')
+  const sessionDeleter = SessionDeleter.getInstance()
+  const activeProfile = process.env.PROFILE || 'default'
+  sessionDeleter.start(activeProfile)
+  console.log('[bootstrap] session deleter started, profile=%s', activeProfile)
+
+  // Catch-all: destroy upgrade requests not handled by terminal or Socket.IO
+  servers.forEach((httpServer) => {
+    httpServer.on('upgrade', (req: any, socket: any) => {
+      const url = new URL(req.url || '', `http://${req.headers.host}`)
+      if (url.pathname !== '/api/hermes/terminal' && url.pathname !== '/api/hermes/kanban/events' && !url.pathname.startsWith('/socket.io/')) {
+        socket.destroy()
+      }
+    })
+  })
+
+  const interfaces = safeNetworkInterfaces()
+  const localIp = Object.values(interfaces).flat().find(i => i?.family === 'IPv4' && !i?.internal)?.address || 'localhost'
+  console.log(`Server: http://localhost:${config.port} (LAN: http://${localIp}:${config.port})`)
+  console.log(`Log: ${config.appHome}/logs/server.log`)
+  logger.info('Server: http://localhost:%d (LAN: http://%s:%d)', config.port, localIp, config.port)
+
+  if (isDesktopRuntime()) {
+    agentBridgeManager = getAgentBridgeManager()
+    startRuntimeServicesAfterListen()
+  }
+
+  // Restore group chat agents after server is ready.
+  groupChatServer.restoreWhenReady()
+
+  servers.forEach((httpServer) => {
+    httpServer.on('error', (err: any) => {
+      console.error('[bootstrap] server error:', err.code || err.message)
+      logger.error({ err }, 'Server error')
+    })
+  })
+
+  bindShutdown(servers, groupChatServer, chatRunServer, agentBridgeManager)
+  startVersionCheck()
+}
+
+bootstrap().catch((error) => {
+  console.error('FATAL: Failed to start Hermes Web UI')
+  console.error(error)
+  logger.fatal(error, 'Fatal error during bootstrap')
+  process.exit(1)
+})
diff --git a/packages/server/src/lib/context-compressor/export-compressor.ts b/packages/server/src/lib/context-compressor/export-compressor.ts
new file mode 100644
index 0000000..503b401
--- /dev/null
+++ b/packages/server/src/lib/context-compressor/export-compressor.ts
@@ -0,0 +1,150 @@
+/**
+ * Export Compressor
+ *
+ * Compresses session context for export purposes.
+ * Reuses the LLM summarization logic from ChatContextCompressor
+ * but does NOT read or write compression snapshots.
+ * Always forces LLM compression regardless of token count.
+ * No tail reservation — all messages are compressed.
+ */
+
+import { logger } from '../../services/logger'
+import {
+  type ChatMessage,
+  type CompressionConfig,
+  type CompressedResult,
+  type SummarizerOptions,
+  DEFAULT_COMPRESSION_CONFIG,
+  countTokens,
+  serializeForSummary,
+  buildFullPrompt,
+  buildIncrementalPrompt,
+  buildConversationHistory,
+  callSummarizer,
+} from './index'
+import { getCompressionSnapshot } from '../../db/hermes/compression-snapshot'
+
+export class ExportCompressor {
+  private config: CompressionConfig
+
+  constructor(opts?: { config?: Partial<CompressionConfig> }) {
+    this.config = { ...DEFAULT_COMPRESSION_CONFIG, ...opts?.config }
+  }
+
+  async compress(
+    messages: ChatMessage[],
+    upstream: string,
+    apiKey: string | undefined,
+    sessionId?: string,
+    summarizer?: string | SummarizerOptions,
+  ): Promise<CompressedResult> {
+    const total = messages.length
+
+    const meta: CompressedResult['meta'] = {
+      totalMessages: total,
+      compressed: false,
+      llmCompressed: false,
+      summaryTokenEstimate: 0,
+      verbatimCount: 0,
+      compressedStartIndex: -1,
+    }
+
+    // Read snapshot for incremental context, but never write
+    const snapshot = sessionId ? getCompressionSnapshot(sessionId) : null
+
+    if (snapshot) {
+      logger.info(
+        '[export-compressor] session=%s: incremental compress with existing snapshot at index %d',
+        sessionId, snapshot.lastMessageIndex,
+      )
+      return this.incrementalCompress(
+        messages, snapshot, upstream, apiKey, meta, summarizer,
+      )
+    }
+
+    logger.info(
+      '[export-compressor] session=%s: full compress %d messages',
+      sessionId, total,
+    )
+    return this.fullCompress(messages, upstream, apiKey, meta, summarizer)
+  }
+
+  private async incrementalCompress(
+    messages: ChatMessage[],
+    snapshot: { summary: string; lastMessageIndex: number },
+    upstream: string,
+    apiKey: string | undefined,
+    meta: CompressedResult['meta'],
+    summarizer?: string | SummarizerOptions,
+  ): Promise<CompressedResult> {
+    const { summary: previousSummary, lastMessageIndex } = snapshot
+    const newMessages = messages.slice(lastMessageIndex + 1)
+
+    let summary: string | null = null
+    try {
+      const contentToSummarize = serializeForSummary(newMessages)
+      const prompt = buildIncrementalPrompt(previousSummary, contentToSummarize, this.config.summaryBudget)
+      const history = buildConversationHistory(newMessages)
+
+      const t0 = Date.now()
+      summary = await callSummarizer(upstream, apiKey, prompt, history, this.config.summarizationTimeoutMs, previousSummary, summarizer)
+      logger.info('[export-compressor] incremental-llm done in %dms, %d chars', Date.now() - t0, summary!.length)
+    } catch (err: any) {
+      logger.warn('[export-compressor] incremental-llm failed: %s — reusing previous summary', err.message)
+      summary = previousSummary
+    }
+
+    const summaryText = summary || previousSummary
+
+    return {
+      messages: [{ role: 'user', content: summaryText }],
+      meta: {
+        ...meta,
+        compressed: true,
+        llmCompressed: true,
+        summaryTokenEstimate: countTokens(summaryText),
+        verbatimCount: 0,
+      },
+    }
+  }
+
+  private async fullCompress(
+    messages: ChatMessage[],
+    upstream: string,
+    apiKey: string | undefined,
+    meta: CompressedResult['meta'],
+    summarizer?: string | SummarizerOptions,
+  ): Promise<CompressedResult> {
+    if (messages.length === 0) {
+      return { messages: [], meta }
+    }
+
+    let summary: string | null = null
+    try {
+      const contentToSummarize = serializeForSummary(messages)
+      const prompt = buildFullPrompt(contentToSummarize, this.config.summaryBudget)
+      const history = buildConversationHistory(messages)
+
+      const t0 = Date.now()
+      summary = await callSummarizer(upstream, apiKey, prompt, history, this.config.summarizationTimeoutMs, undefined, summarizer)
+      logger.info('[export-compressor] full-llm done in %dms, %d chars', Date.now() - t0, summary!.length)
+    } catch (err: any) {
+      logger.warn('[export-compressor] full-llm failed: %s', err.message)
+    }
+
+    if (!summary) {
+      return { messages, meta }
+    }
+
+    return {
+      messages: [{ role: 'user', content: summary }],
+      meta: {
+        ...meta,
+        compressed: true,
+        llmCompressed: true,
+        summaryTokenEstimate: countTokens(summary),
+        verbatimCount: 0,
+      },
+    }
+  }
+}
diff --git a/packages/server/src/lib/context-compressor/index.ts b/packages/server/src/lib/context-compressor/index.ts
new file mode 100644
index 0000000..653e4c3
--- /dev/null
+++ b/packages/server/src/lib/context-compressor/index.ts
@@ -0,0 +1,842 @@
+/**
+ * Chat Context Compressor
+ *
+ * Compresses 1:1 chat conversation history before sending to upstream.
+ * Uses the Hermes structured summary prompt for LLM-based compression.
+ *
+ * Algorithm:
+ * 1. If total tokens < trigger threshold → return as-is
+ * 2. Pre-clean: truncate old tool results (no LLM call)
+ * 3. Load snapshot from SQLite for incremental update
+ * 4. Keep last 10 messages verbatim (tail protection by message count)
+ * 5. Summarize everything before the tail
+ * 6. Save snapshot: last_message_index = index where compression ends
+ */
+
+import { encodingForModel, getEncoding } from 'js-tiktoken'
+import { randomUUID } from 'crypto'
+import { mkdir, writeFile } from 'fs/promises'
+import { resolve } from 'path'
+import { logger } from '../../services/logger'
+import { AgentBridgeClient, type AgentBridgeRunResult } from '../../services/hermes/agent-bridge'
+import {
+  getCompressionSnapshot,
+  saveCompressionSnapshot,
+  deleteCompressionSnapshot,
+} from '../../db/hermes/compression-snapshot'
+
+// ─── Types ───────────────────────────────────────────────
+
+export interface ContentBlock {
+  type: 'text' | 'image' | 'file'
+  text?: string
+  path?: string
+  source?: { type: string; media_type?: string; data?: string }
+}
+
+export interface ChatMessage {
+  role: string
+  content: string | ContentBlock[]
+  tool_calls?: Array<{ id: string; type: string; function: { name: string; arguments: string } }>
+  tool_call_id?: string
+  name?: string
+  reasoning_content?: string | null
+}
+
+export interface CompressionConfig {
+  /** Token threshold to trigger compression (default: contextLength / 2) */
+  triggerTokens: number
+  /** Summary token target (default: 8000) */
+  summaryBudget: number
+  /** Number of earliest messages to keep verbatim (default: 0) */
+  headMessageCount: number
+  /** Number of recent messages to keep verbatim (default: 10) */
+  tailMessageCount: number
+  /** Timeout for LLM summarization call (default: 300_000ms) */
+  summarizationTimeoutMs: number
+}
+
+export const DEFAULT_COMPRESSION_CONFIG: CompressionConfig = {
+  triggerTokens: 100_000,
+  summaryBudget: 8_000,
+  headMessageCount: 0,
+  tailMessageCount: 10,
+  summarizationTimeoutMs: 300_000,
+}
+
+export interface CompressedResult {
+  messages: ChatMessage[]
+  meta: {
+    totalMessages: number
+    compressed: boolean
+    /** true = actually called LLM to summarize; false = assembled from existing snapshot or returned as-is */
+    llmCompressed: boolean
+    summaryTokenEstimate: number
+    verbatimCount: number
+    compressedStartIndex: number
+  }
+}
+
+export interface SummarizerOptions {
+  profile?: string
+  model?: string | null
+  provider?: string | null
+  workerKey?: string
+}
+
+const SUMMARIZER_TRIGGER_MESSAGE = 'Generate the context checkpoint summary now.'
+const SUMMARIZER_DEBUG_DIR = 'logs/context-compressor'
+const SUMMARIZER_DEBUG_FILE = 'summarizer-debug.json'
+
+async function writeSummarizerDebugDump(payload: Record<string, unknown>): Promise<void> {
+  if (process.env.NODE_ENV !== 'development') return
+  try {
+    const debugDir = resolve(process.cwd(), SUMMARIZER_DEBUG_DIR)
+    await mkdir(debugDir, { recursive: true })
+    await writeFile(
+      resolve(debugDir, SUMMARIZER_DEBUG_FILE),
+      `${JSON.stringify(payload, null, 2)}\n`,
+      'utf8',
+    )
+  } catch (err) {
+    logger.warn(err, '[context-compressor] failed to write summarizer debug dump')
+  }
+}
+
+// ─── Token counting ─────────────────────────────────────
+
+let _encoder: ReturnType<typeof getEncoding> | null = null
+
+function getEncoder() {
+  if (!_encoder) {
+    _encoder = getEncoding('cl100k_base')
+  }
+  return _encoder
+}
+
+export function countTokens(text: string): number {
+  try {
+    return getEncoder().encode(text).length
+  } catch {
+    const cjk = (text.match(/[\u2e80-\u9fff\uac00-\ud7af\u3000-\u303f\uff00-\uffef]/g) || []).length
+    const other = text.length - cjk
+    return Math.ceil(cjk * 1.5 + other / 4)
+  }
+}
+
+export function countTokensForModel(text: string, model: string): number {
+  try {
+    const enc = encodingForModel(model as any)
+    return enc.encode(text).length
+  } catch {
+    return countTokens(text)
+  }
+}
+
+function messageTokenEstimate(message: ChatMessage): number {
+  if (typeof message.content === 'string') return countTokens(message.content)
+  if (Array.isArray(message.content)) {
+    return countTokens(message.content.map(block => {
+      if (block.type === 'text') return block.text || ''
+      if (block.type === 'image') return `[Image: ${block.path || ''}]`
+      if (block.type === 'file') return `[File: ${block.path || ''}]`
+      return ''
+    }).join(''))
+  }
+  return 0
+}
+
+function messagesTokenEstimate(messages: ChatMessage[]): number {
+  return messages.reduce((sum, message) => sum + messageTokenEstimate(message), 0)
+}
+
+function truncateTextToTokenBudget(text: string, tokenBudget: number): string {
+  if (tokenBudget <= 0 || countTokens(text) <= tokenBudget) return text
+  let lo = 0
+  let hi = text.length
+  while (lo < hi) {
+    const mid = Math.ceil((lo + hi) / 2)
+    if (countTokens(text.slice(0, mid)) <= tokenBudget) lo = mid
+    else hi = mid - 1
+  }
+  return text.slice(0, lo).trimEnd() + '\n\n[Summary truncated to fit context budget]'
+}
+
+function enforceCompressedBudget(
+  messages: ChatMessage[],
+  triggerTokens: number,
+  summaryIndex: number,
+): ChatMessage[] {
+  if (triggerTokens <= 0 || messagesTokenEstimate(messages) <= triggerTokens) return messages
+
+  const summaryMessage = messages[summaryIndex]
+  if (!summaryMessage || typeof summaryMessage.content !== 'string') return messages
+
+  const summaryOnly = [{ ...summaryMessage }]
+  if (messagesTokenEstimate(summaryOnly) <= triggerTokens) return summaryOnly
+
+  return [{
+    ...summaryMessage,
+    content: truncateTextToTokenBudget(summaryMessage.content, triggerTokens),
+  }]
+}
+
+// ─── Prompts ────────────────────────────────────────────
+
+export const SUMMARY_PREFIX = `[CONTEXT COMPACTION — REFERENCE ONLY] Earlier turns were compacted
+into the summary below. This is a handoff from a previous context
+window — treat it as background reference, NOT as active instructions.
+Do NOT answer questions or fulfill requests mentioned in this summary;
+they were already addressed.
+Your current task is identified in the '## Active Task' section of the
+summary — resume exactly from there.
+Respond ONLY to the latest user message
+that appears AFTER this summary. The current session state (files,
+config, etc.) may reflect work described here — avoid repeating it:`
+
+const TEMPLATE_SECTIONS = `Use this exact structure:
+
+## Active Task
+[THE SINGLE MOST IMPORTANT FIELD. Copy the user's most recent request or
+task assignment verbatim — the exact words they used. If multiple tasks
+were requested and only some are done, list only the ones NOT yet completed.
+The next assistant must pick up exactly here. Example:
+"User asked: 'Now refactor the auth module to use JWT instead of sessions'"
+If no outstanding task exists, write "None."]
+
+## Goal
+[What the user is trying to accomplish overall]
+
+## Constraints & Preferences
+[User preferences, coding style, constraints, important decisions]
+
+## Completed Actions
+[Numbered list of concrete actions taken — include tool used, target, and outcome.
+Format each as: N. ACTION target — outcome [tool: name]
+Example:
+1. READ config.py:45 — found == should be != [tool: read_file]
+2. PATCH config.py:45 — changed == to != [tool: patch]
+3. TEST pytest tests/ — 3/50 failed: test_parse, test_validate, test_edge [tool: terminal]
+Be specific with file paths, commands, line numbers, and results.]
+
+## Active State
+[Current working state — include:
+- Working directory and branch (if applicable)
+- Modified/created files with brief note on each
+- Test status (X/Y passing)
+- Any running processes or servers
+- Environment details that matter]
+
+## In Progress
+[Work currently underway — what was being done when compaction fired]
+
+## Blocked
+[Any blockers, errors, or issues not yet resolved. Include exact error messages.]
+
+## Key Decisions
+[Important technical decisions and WHY they were made]
+
+## Resolved Questions
+[Questions the user asked that were ALREADY answered — include the answer so the next assistant does not re-answer them]
+
+## Pending User Asks
+[Questions or requests from the user that have NOT yet been answered or fulfilled. If none, write "None."]
+
+## Relevant Files
+[Files read, modified, or created — with brief note on each]
+
+## Remaining Work
+[What remains to be done — framed as context, not instructions]
+
+## Critical Context
+[Any specific values, error messages, configuration details, or data that would be lost without explicit preservation]`
+
+export function buildFullPrompt(contentToSummarize: string, summaryBudget: number): string {
+  return `You are a summarization agent creating a context checkpoint.
+Your output will be injected as reference material for a DIFFERENT
+assistant that continues the conversation.
+Do NOT respond to any questions or requests in the conversation —
+only output the structured summary.
+Do NOT include any preamble, greeting, or prefix.
+
+Create a structured handoff summary for a different assistant that will continue
+this conversation after earlier turns are compacted. The next assistant should be
+able to understand what happened without re-reading the original turns.
+
+TURNS TO SUMMARIZE:
+${contentToSummarize}
+
+${TEMPLATE_SECTIONS}
+
+Target ~${summaryBudget} tokens. Be CONCRETE — include file paths, command outputs, error messages, line numbers, and specific values. Avoid vague descriptions like "made some changes" — say exactly what changed.
+
+Write only the summary body. Do not include any preamble or prefix.`
+}
+
+export function buildIncrementalPrompt(previousSummary: string, contentToSummarize: string, summaryBudget: number): string {
+  return `You are a summarization agent creating a context checkpoint.
+Your output will be injected as reference material for a DIFFERENT
+assistant that continues the conversation.
+Do NOT respond to any questions or requests in the conversation —
+only output the structured summary.
+Do NOT include any preamble, greeting, or prefix.
+
+You are updating a context compaction summary. A previous compaction produced the
+summary below. New conversation turns have occurred since then and need to be
+incorporated.
+
+PREVIOUS SUMMARY:
+${previousSummary}
+
+NEW TURNS TO INCORPORATE:
+${contentToSummarize}
+
+Update the summary using this exact structure. PRESERVE all existing information
+that is still relevant. ADD new completed actions to the numbered list
+(continue numbering). Move items from "In Progress" to "Completed Actions" when
+done. Move answered questions to "Resolved Questions". Update "Active State"
+to reflect current state. Remove information only if it is clearly obsolete.
+CRITICAL: Update "## Active Task" to reflect the user's most recent unfulfilled
+request — this is the most important field for task continuity.
+
+${TEMPLATE_SECTIONS}
+
+Target ~${summaryBudget} tokens. Be CONCRETE — include file paths, command outputs, error messages, line numbers, and specific values. Avoid vague descriptions like "made some changes" — say exactly what changed.
+
+Write only the summary body. Do not include any preamble or prefix.`
+}
+
+// ─── Pre-cleaning ───────────────────────────────────────
+
+export function serializeForSummary(messages: ChatMessage[]): string {
+  const parts: string[] = []
+
+  function contentToString(content: string | ContentBlock[]): string {
+    if (typeof content === 'string') return content
+    if (Array.isArray(content)) {
+      return content.map(block => {
+        if (block.type === 'text') return block.text || ''
+        if (block.type === 'image') return `[Image: ${block.path || ''}]`
+        if (block.type === 'file') return `[File: ${block.path || ''}]`
+        return ''
+      }).join('')
+    }
+    return ''
+  }
+
+  for (const msg of messages) {
+    const role = msg.role === 'tool' ? `[tool:${msg.name || 'unknown'}]` : msg.role
+    let content = contentToString(msg.content || '')
+
+    if (msg.role === 'tool' && content.length > 5500) {
+      content = content.slice(0, 4000) + '\n... [truncated]\n...' + content.slice(-1500)
+    }
+
+    if (msg.role === 'assistant' && msg.tool_calls?.length) {
+      const toolsInfo = msg.tool_calls.map(tc => {
+        let args = tc.function.arguments
+        if (args.length > 1500) args = args.slice(0, 1500) + '...'
+        return `[tool_call: ${tc.function.name}(${args})]`
+      }).join('\n')
+      parts.push(`${role}: ${toolsInfo}`)
+      if (content.trim()) parts.push(`${role}: ${content}`)
+    } else {
+      parts.push(`${role}: ${content}`)
+    }
+  }
+  return parts.join('\n\n')
+}
+
+/**
+ * Convert messages to conversation history format for LLM API.
+ * Tool calls are converted to text format within assistant messages.
+ */
+export function buildConversationHistory(messages: ChatMessage[]): Array<{ role: string; content: string }> {
+  const result: Array<{ role: string; content: string }> = []
+
+  for (const msg of messages) {
+    if (msg.role === 'tool') {
+      // Convert tool result to text and append to previous assistant message
+      const toolText = `[Tool result: ${msg.name || 'unknown'}]\n${(msg.content || '').slice(0, 4000)}${msg.content && msg.content.length > 4000 ? '...' : ''}`
+      // Find the last assistant message and append to it
+      const lastAssistant = result.findLast(m => m.role === 'assistant')
+      if (lastAssistant) {
+        lastAssistant.content += `\n\n${toolText}`
+      } else {
+        // Fallback: create an assistant message
+        result.push({ role: 'assistant', content: toolText })
+      }
+    } else if (msg.role === 'assistant' && msg.tool_calls?.length) {
+      // Include tool calls in assistant message
+      const toolsInfo = msg.tool_calls.map(tc => {
+        let args = tc.function.arguments
+        if (args.length > 4000) args = args.slice(0, 4000) + '...'
+        return `[Calling tool: ${tc.function.name} with arguments: ${args}]`
+      }).join('\n')
+      const content = msg.content ? `${msg.content}\n\n${toolsInfo}` : toolsInfo
+      result.push({ role: msg.role, content })
+    } else if (msg.role === 'user') {
+      // Handle ContentBlock[] format: { type: 'text', text: '...' } or { type: 'image', path: '...' }
+      let contentStr = ''
+      const content = msg.content || ''
+      if (typeof content === 'string') {
+        contentStr = content
+      } else if (Array.isArray(content)) {
+        for (const block of content) {
+          if (block.type === 'text') {
+            contentStr += block.text || ''
+          } else if (block.type === 'image') {
+            contentStr += `[Image: ${block.path || ''}]`
+          } else if (block.type === 'file') {
+            contentStr += `[File: ${block.path || ''}]`
+          }
+        }
+      }
+      if (contentStr.length > 4000) contentStr = contentStr.slice(0, 4000) + '...'
+      result.push({ role: 'user', content: contentStr })
+    } else if (msg.role === 'assistant' || msg.role === 'system') {
+      let contentStr = ''
+      const content = msg.content
+      if (typeof content === 'string') {
+        contentStr = content
+      } else if (Array.isArray(content)) {
+        for (const block of content) {
+          if (block.type === 'text') {
+            contentStr += block.text || ''
+          } else if (block.type === 'image') {
+            contentStr += `[Image: ${block.path || ''}]`
+          } else if (block.type === 'file') {
+            contentStr += `[File: ${block.path || ''}]`
+          }
+        }
+      }
+      if (contentStr.length > 4000) contentStr = contentStr.slice(0, 4000) + '...'
+      result.push({ role: msg.role, content: contentStr })
+    }
+    // Skip other roles
+  }
+
+  return result
+}
+
+export function pruneOldToolResults(messages: ChatMessage[], keepRecentCount: number): ChatMessage[] {
+  if (messages.length <= keepRecentCount) return messages
+
+  const tail = messages.slice(-keepRecentCount)
+  const head = messages.slice(0, -keepRecentCount)
+
+  const pruned = head.map(msg => {
+    if (msg.role !== 'tool') return msg
+    let content = ''
+    if (typeof msg.content === 'string') {
+      content = msg.content
+    } else if (Array.isArray(msg.content)) {
+      content = msg.content.map(block => {
+        if (block.type === 'text') return block.text || ''
+        return `[${block.type}]`
+      }).join('')
+    }
+    const preview = content.slice(0, 100).replace(/\n/g, ' ')
+    const truncated = content.length > 100 ? '...' : ''
+    return { ...msg, content: `[${msg.name || 'tool'}] ${preview}${truncated}` }
+  })
+
+  return [...pruned, ...tail]
+}
+
+function pruneFallbackToolResults(messages: ChatMessage[], keepRecentCount: number): ChatMessage[] {
+  return pruneOldToolResults(messages, keepRecentCount)
+}
+
+// ─── LLM Summarization ──────────────────────────────────
+
+export async function callSummarizer(
+  upstream: string,
+  apiKey: string | undefined,
+  prompt: string,
+  history: Array<{ role: string; content: string }>,
+  timeoutMs: number,
+  previousSummary?: string,
+  summarizer?: string | SummarizerOptions,
+): Promise<string> {
+  void upstream
+  void apiKey
+  const options: SummarizerOptions = typeof summarizer === 'string'
+    ? { profile: summarizer }
+    : summarizer || {}
+  const profile = options.profile || 'default'
+  void history
+  const convHistory: Array<{ role: string; content: string }> = []
+
+  if (previousSummary) {
+    convHistory.unshift(
+      { role: 'user', content: `[Previous summary]\n${previousSummary}` },
+      { role: 'assistant', content: 'Understood, I will update the summary.' },
+      { role: 'user', content: prompt },
+    )
+  } else {
+    convHistory.unshift({ role: 'user', content: prompt })
+  }
+
+  const bridge = new AgentBridgeClient({ timeoutMs: timeoutMs + 15_000 })
+  const sessionId = `compress_${Date.now().toString(36)}_${randomUUID().replace(/-/g, '').slice(0, 12)}`
+  const workerKey = options.workerKey || `${profile}:compression:${sessionId}`
+  const message = SUMMARIZER_TRIGGER_MESSAGE
+
+  await writeSummarizerDebugDump({
+    writtenAt: new Date().toISOString(),
+    sessionId,
+    workerKey,
+    profile,
+    model: options.model || null,
+    provider: options.provider || null,
+    message,
+    convHistory,
+  })
+
+  try {
+    const result = await bridge.request<AgentBridgeRunResult>({
+      action: 'chat',
+      session_id: sessionId,
+      message,
+      conversation_history: convHistory,
+      profile,
+      worker_key: workerKey,
+      source: 'api_server',
+      wait: true,
+      timeout: Math.ceil(timeoutMs / 1000),
+      ...(options.model ? { model: options.model } : {}),
+      ...(options.provider ? { provider: options.provider } : {}),
+    }, { timeoutMs: timeoutMs + 15_000 })
+
+    if (result.status === 'error') {
+      throw new Error(result.error || 'Summarization bridge run failed')
+    }
+
+    const payload = result.result as any
+    const output = String(
+      payload?.final_response ||
+      result.output ||
+      '',
+    ).trim()
+    if (!output) throw new Error('Empty summarization response')
+    return output
+  } finally {
+    await bridge.destroy(sessionId, profile, workerKey).catch(() => undefined)
+  }
+}
+
+// ─── Main Compressor ────────────────────────────────────
+
+export class ChatContextCompressor {
+  private config: CompressionConfig
+
+  constructor(opts?: {
+    config?: Partial<CompressionConfig>
+  }) {
+    this.config = { ...DEFAULT_COMPRESSION_CONFIG, ...opts?.config }
+  }
+
+  /**
+   * Assemble and compress conversation history.
+   *
+   * Flow:
+   * 1. Check snapshot → if exists, assemble = summary + new messages after snapshot index
+   * 2. If no snapshot → assemble = all messages
+   * 3. Count tokens of assembled context
+   * 4. Under threshold → return assembled as-is (no LLM call)
+   * 5. Over threshold → LLM compress, keep last N messages, save new snapshot
+   */
+  async compress(
+    messages: ChatMessage[],
+    upstream: string,
+    apiKey: string | undefined,
+    sessionId?: string,
+    summarizer?: string | SummarizerOptions,
+  ): Promise<CompressedResult> {
+    const total = messages.length
+
+    const makeMeta = (opts: Partial<CompressedResult['meta']> = {}): CompressedResult['meta'] => ({
+      totalMessages: total,
+      compressed: false,
+      llmCompressed: false,
+      summaryTokenEstimate: 0,
+      verbatimCount: total,
+      compressedStartIndex: -1,
+      ...opts,
+    })
+
+    // Check if we have a previous compression snapshot
+    const snapshot = sessionId ? getCompressionSnapshot(sessionId) : null
+
+    if (snapshot && snapshot.lastMessageIndex >= 0 && snapshot.lastMessageIndex < messages.length) {
+      // Has snapshot → incremental compress (merge old summary with new messages)
+      logger.info(
+        '[context-compressor] session=%s: incremental compress with snapshot at index %d',
+        sessionId, snapshot.lastMessageIndex,
+      )
+      return this.incrementalCompress(
+        messages, snapshot, upstream, apiKey, sessionId!, makeMeta(), summarizer,
+      )
+    } else {
+      if (snapshot && sessionId) {
+        const fallbackLastMessageIndex = Math.max(-1, messages.length - this.config.tailMessageCount - 1)
+        logger.warn(
+          '[context-compressor] session=%s: stale snapshot index %d for %d messages; using summary plus tail from index %d',
+          sessionId, snapshot.lastMessageIndex, messages.length, fallbackLastMessageIndex,
+        )
+        return this.incrementalCompress(
+          messages,
+          { summary: snapshot.summary, lastMessageIndex: fallbackLastMessageIndex },
+          upstream,
+          apiKey,
+          sessionId,
+          makeMeta(),
+          summarizer,
+        )
+      }
+      // No snapshot → full compress (compress all messages)
+      logger.info(
+        '[context-compressor] session=%s: full compress %d messages',
+        sessionId, total,
+      )
+      return this.fullCompress(messages, upstream, apiKey, sessionId!, makeMeta(), summarizer)
+    }
+  }
+
+  private async incrementalCompress(
+    messages: ChatMessage[],
+    snapshot: { summary: string; lastMessageIndex: number },
+    upstream: string,
+    apiKey: string | undefined,
+    sessionId: string,
+    meta: CompressedResult['meta'],
+    summarizer?: string | SummarizerOptions,
+  ): Promise<CompressedResult> {
+    const { summary: previousSummary, lastMessageIndex } = snapshot
+    const total = messages.length
+    const headCount = Math.min(this.config.headMessageCount, Math.max(0, lastMessageIndex + 1))
+    const head = messages.slice(0, headCount)
+    const newMessages = messages.slice(lastMessageIndex + 1)
+    const tailCount = this.config.tailMessageCount
+    const previousSummaryMessage: ChatMessage = { role: 'user', content: SUMMARY_PREFIX + '\n\n' + previousSummary }
+    const assembledWithPrevious = [
+      ...head,
+      previousSummaryMessage,
+      ...newMessages,
+    ]
+    const assembledOverBudget = messagesTokenEstimate(assembledWithPrevious) > this.config.triggerTokens
+    const canKeepTailWindow = newMessages.length > tailCount
+
+    // If the new segment itself is too small to split but already over budget,
+    // fold all new messages into the existing summary instead of preserving them verbatim.
+    const tailStart = assembledOverBudget && !canKeepTailWindow
+      ? newMessages.length
+      : Math.max(0, newMessages.length - tailCount)
+    const toCompress = newMessages.slice(0, tailStart)
+    const tail = newMessages.slice(tailStart)
+
+    if (toCompress.length === 0) {
+      return {
+        messages: assembledWithPrevious,
+        meta: {
+          ...meta,
+          compressed: true,
+          llmCompressed: false,
+          summaryTokenEstimate: countTokens(SUMMARY_PREFIX + previousSummary),
+          verbatimCount: head.length + newMessages.length,
+          compressedStartIndex: lastMessageIndex,
+        },
+      }
+    }
+
+    logger.info(
+      '[context-compressor] [incremental-llm] compressing %d of %d new messages, keeping %d tail',
+      toCompress.length, newMessages.length, tail.length,
+    )
+
+    let summary: string | null = null
+    try {
+      const contentToSummarize = serializeForSummary(toCompress)
+      const prompt = buildIncrementalPrompt(previousSummary, contentToSummarize, this.config.summaryBudget)
+
+      const t0 = Date.now()
+      summary = await callSummarizer(upstream, apiKey, prompt, [], this.config.summarizationTimeoutMs, previousSummary, summarizer)
+      logger.info('[context-compressor] incremental-llm done in %dms, %d chars', Date.now() - t0, summary.length)
+    } catch (err: any) {
+      logger.warn('[context-compressor] incremental-llm failed: %s — keeping new messages verbatim', err.message)
+      const fallback = [
+        ...head,
+        previousSummaryMessage,
+        ...newMessages,
+      ]
+      const prunedFallback = pruneFallbackToolResults(fallback, this.config.tailMessageCount)
+      const budgetedFallback = enforceCompressedBudget(prunedFallback, this.config.triggerTokens, head.length)
+      return {
+        messages: budgetedFallback,
+        meta: {
+          ...meta,
+          compressed: true,
+          llmCompressed: false,
+          summaryTokenEstimate: countTokens(SUMMARY_PREFIX + previousSummary),
+          verbatimCount: budgetedFallback.length === fallback.length ? head.length + newMessages.length : 0,
+          compressedStartIndex: lastMessageIndex,
+        },
+      }
+    }
+
+    let result: ChatMessage[] = [
+      ...head,
+      { role: 'user', content: SUMMARY_PREFIX + '\n\n' + summary },
+      ...tail,
+    ]
+    result = enforceCompressedBudget(result, this.config.triggerTokens, head.length)
+
+    const newLastIndex = lastMessageIndex + tailStart
+    if (sessionId) {
+      saveCompressionSnapshot(sessionId, summary, newLastIndex, total)
+    }
+
+    return {
+      messages: result,
+      meta: {
+        ...meta,
+        compressed: true,
+        llmCompressed: true,
+        summaryTokenEstimate: countTokens(SUMMARY_PREFIX + summary),
+        verbatimCount: result.length === head.length + 1 + tail.length ? head.length + tail.length : 0,
+        compressedStartIndex: newLastIndex,
+      },
+    }
+  }
+
+  private async fullCompress(
+    messages: ChatMessage[],
+    upstream: string,
+    apiKey: string | undefined,
+    sessionId: string,
+    meta: CompressedResult['meta'],
+    summarizer?: string | SummarizerOptions,
+  ): Promise<CompressedResult> {
+    const total = messages.length
+    const requestedHeadCount = Math.min(this.config.headMessageCount, total)
+    const requestedTailCount = this.config.tailMessageCount
+    const canKeepProtectedWindows = total > requestedHeadCount + requestedTailCount
+    const headCount = canKeepProtectedWindows ? requestedHeadCount : 0
+    const tailCount = canKeepProtectedWindows ? requestedTailCount : 0
+
+    const tailStart = total - tailCount
+    const head = messages.slice(0, headCount)
+    const toCompress = messages.slice(headCount, tailStart)
+    const tail = messages.slice(tailStart)
+
+    logger.info(
+      '[context-compressor] [full-llm] compressing messages %d-%d, keeping first %d and last %d',
+      headCount, tailStart - 1, head.length, tail.length,
+    )
+
+    const contentToSummarize = serializeForSummary(toCompress)
+    const prompt = buildFullPrompt(contentToSummarize, this.config.summaryBudget)
+
+    let summary: string | null = null
+    try {
+      const t0 = Date.now()
+      summary = await callSummarizer(upstream, apiKey, prompt, [], this.config.summarizationTimeoutMs, undefined, summarizer)
+      logger.info('[context-compressor] full-llm done in %dms, %d chars', Date.now() - t0, summary.length)
+    } catch (err: any) {
+      logger.warn('[context-compressor] full-llm failed: %s', err.message)
+    }
+
+    if (!summary) {
+      return { messages: pruneFallbackToolResults(messages, this.config.tailMessageCount), meta }
+    }
+
+    const result: ChatMessage[] = []
+
+    result.push(...head)
+    result.push({ role: 'user', content: SUMMARY_PREFIX + '\n\n' + summary })
+    if (sessionId) {
+      saveCompressionSnapshot(sessionId, summary, tailStart - 1, total)
+    }
+
+    result.push(...tail)
+    const budgetedResult = enforceCompressedBudget(result, this.config.triggerTokens, head.length)
+
+    return {
+      messages: budgetedResult,
+      meta: {
+        ...meta,
+        compressed: true,
+        llmCompressed: !!summary,
+        summaryTokenEstimate: summary ? countTokens(SUMMARY_PREFIX + summary) : 0,
+        verbatimCount: budgetedResult.length === result.length ? head.length + tail.length : 0,
+        compressedStartIndex: tailStart - 1,
+      },
+    }
+  }
+
+  /** Remove snapshot for a session (e.g. when session is deleted) */
+  static invalidateSnapshot(sessionId: string): void {
+    deleteCompressionSnapshot(sessionId)
+  }
+}
+
+async function* readSseFrames(stream: ReadableStream<Uint8Array>): AsyncGenerator<{ event?: string; data: string }> {
+  const decoder = new TextDecoder()
+  const reader = stream.getReader()
+  let buffer = ''
+
+  try {
+    while (true) {
+      const { done, value } = await reader.read()
+      if (done) break
+      buffer += decoder.decode(value, { stream: true })
+
+      let boundary = buffer.indexOf('\n\n')
+      while (boundary >= 0) {
+        const raw = buffer.slice(0, boundary)
+        buffer = buffer.slice(boundary + 2)
+        const frame = parseSseFrame(raw)
+        if (frame?.data) yield frame
+        boundary = buffer.indexOf('\n\n')
+      }
+    }
+
+    buffer += decoder.decode()
+    const frame = parseSseFrame(buffer)
+    if (frame?.data) yield frame
+  } finally {
+    reader.releaseLock()
+  }
+}
+
+function parseSseFrame(raw: string): { event?: string; data: string } | null {
+  let event: string | undefined
+  const data: string[] = []
+  for (const line of raw.split(/\r?\n/)) {
+    if (!line || line.startsWith(':')) continue
+    if (line.startsWith('event:')) {
+      event = line.slice(6).trim()
+    } else if (line.startsWith('data:')) {
+      data.push(line.slice(5).trimStart())
+    }
+  }
+  if (data.length === 0) return null
+  return { event, data: data.join('\n') }
+}
+
+function extractResponseText(response: any): string {
+  const output = Array.isArray(response?.output) ? response.output : []
+  const parts: string[] = []
+  for (const item of output) {
+    if (item.type !== 'message') continue
+    const content = Array.isArray(item.content) ? item.content : []
+    for (const part of content) {
+      if (part.type === 'output_text' || part.type === 'text') {
+        parts.push(part.text || '')
+      }
+    }
+  }
+  if (parts.length > 0) return parts.join('')
+  return typeof response?.output_text === 'string' ? response.output_text : ''
+}
diff --git a/packages/server/src/lib/llm-json.ts b/packages/server/src/lib/llm-json.ts
new file mode 100644
index 0000000..57a6dd9
--- /dev/null
+++ b/packages/server/src/lib/llm-json.ts
@@ -0,0 +1,267 @@
+/**
+ * LLM JSON Parsing Utilities
+ *
+ * Handles unreliable JSON output from large language models.
+ * Provides extraction, tolerant parsing, and validation.
+ *
+ * Based on production-grade patterns for handling LLM JSON:
+ * - Extract JSON from text (code blocks, plain objects)
+ * - Fix common LLM mistakes (single quotes, missing quotes, trailing commas)
+ * - Validate against schema (zod)
+ * - Retry on failure
+ */
+
+/**
+ * Extract JSON string from LLM text output.
+ * Handles: ```json code blocks, plain {...} objects
+ */
+export function extractJSON(text: string): string {
+  if (!text || typeof text !== 'string') {
+    throw new Error('Invalid text: must be non-empty string')
+  }
+
+  const trimmed = text.trim()
+
+  // Extract from ```json ... ``` code block
+  const codeBlockMatch = trimmed.match(/```(?:json)?\s*([\s\S]*?)\s*```/)
+  if (codeBlockMatch) {
+    return codeBlockMatch[1].trim()
+  }
+
+  // Extract first {...} object (greedy match for nested objects)
+  const objectMatch = trimmed.match(/\{[\s\S]*\}/)
+  if (objectMatch) {
+    return objectMatch[0]
+  }
+
+  // Extract first [...] array (greedy match for nested arrays)
+  const arrayMatch = trimmed.match(/\[[\s\S]*\]/)
+  if (arrayMatch) {
+    return arrayMatch[0]
+  }
+
+  throw new Error('No JSON found in text (no code blocks, objects, or arrays detected)')
+}
+
+/**
+ * Fix common LLM JSON mistakes before parsing.
+ * Handles: single quotes, unquoted keys, trailing commas, Python booleans/null
+ */
+export function fixLLMJSON(jsonStr: string): string {
+  if (!jsonStr || typeof jsonStr !== 'string') {
+    throw new Error('Invalid JSON string')
+  }
+
+  let fixed = jsonStr
+
+  // Fix 1: Python boolean/null literals
+  fixed = fixed.replace(/\bTrue\b/g, 'true')
+  fixed = fixed.replace(/\bFalse\b/g, 'false')
+  fixed = fixed.replace(/\bNone\b/g, 'null')
+
+  // Fix 2: Single quotes to double quotes (but be careful with escaped quotes)
+  // This is a simple replacement - works for most cases but may fail on edge cases
+  fixed = fixed.replace(/'/g, '"')
+
+  // Fix 3: Unquoted object keys (e.g., {name: "value"} -> {"name": "value"})
+  // Match word followed by : (not already quoted)
+  fixed = fixed.replace(/(\w+):/g, '"$1":')
+
+  // Fix 4: Trailing commas in objects
+  fixed = fixed.replace(/,\s*}/g, '}')
+
+  // Fix 5: Trailing commas in arrays
+  fixed = fixed.replace(/,\s*]/g, ']')
+
+  // Fix 6: Remove extra text before/after JSON (common in LLM outputs)
+  // Find first { or [ and match to closing bracket
+  const firstBrace = fixed.indexOf('{')
+  const firstBracket = fixed.indexOf('[')
+
+  if (firstBrace >= 0 && (firstBracket < 0 || firstBrace < firstBracket)) {
+    // Object first
+    let depth = 0
+    let start = firstBrace
+    let end = -1
+    for (let i = start; i < fixed.length; i++) {
+      if (fixed[i] === '{') depth++
+      else if (fixed[i] === '}') depth--
+      if (depth === 0) {
+        end = i + 1
+        break
+      }
+    }
+    if (end > 0) fixed = fixed.substring(start, end)
+  } else if (firstBracket >= 0) {
+    // Array first
+    let depth = 0
+    let start = firstBracket
+    let end = -1
+    for (let i = start; i < fixed.length; i++) {
+      if (fixed[i] === '[') depth++
+      else if (fixed[i] === ']') depth--
+      if (depth === 0) {
+        end = i + 1
+        break
+      }
+    }
+    if (end > 0) fixed = fixed.substring(start, end)
+  }
+
+  return fixed
+}
+
+/**
+ * Parse LLM JSON with fallback attempts.
+ * Tries: direct parse -> fixed parse -> extracted parse
+ */
+export function parseLLMJSON(text: string, retries = 3): any {
+  const errors: Error[] = []
+
+  // Attempt 1: Direct parse (already valid JSON)
+  try {
+    return JSON.parse(text)
+  } catch (e) {
+    errors.push(e as Error)
+  }
+
+  for (let attempt = 0; attempt < retries; attempt++) {
+    try {
+      // Attempt 2: Extract and fix
+      const extracted = extractJSON(text)
+      const fixed = fixLLMJSON(extracted)
+      return JSON.parse(fixed)
+    } catch (e) {
+      errors.push(e as Error)
+      // If extraction failed, try fixing the whole text
+      try {
+        const fixed = fixLLMJSON(text)
+        return JSON.parse(fixed)
+      } catch (e2) {
+        errors.push(e2 as Error)
+      }
+    }
+  }
+
+  // All attempts failed
+  const error = new Error(`Failed to parse LLM JSON after ${retries + 1} attempts`)
+  error.cause = errors
+  throw error
+}
+
+/**
+ * Parse LLM JSON with schema validation (zod).
+ * Returns validated data or throws validation error.
+ */
+export async function parseLLMJSONWithSchema<T>(
+  text: string,
+  schema: { parse: (data: any) => T },
+  retries = 3
+): Promise<T> {
+  const data = parseLLMJSON(text, retries)
+
+  try {
+    return schema.parse(data)
+  } catch (e) {
+    const error = new Error('LLM JSON schema validation failed')
+    error.cause = e
+    throw error
+  }
+}
+
+/**
+ * Safe parse - returns null on failure instead of throwing.
+ * Useful for optional JSON fields in LLM responses.
+ */
+export function safeParseLLMJSON(text: string): any | null {
+  try {
+    return parseLLMJSON(text, 1)
+  } catch {
+    return null
+  }
+}
+
+/**
+ * Parse tool_call arguments from LLM output.
+ * Specifically optimized for OpenAI-style tool calls.
+ */
+export function parseToolArguments(args: string | object): any {
+  if (typeof args === 'object') {
+    return args // Already parsed
+  }
+
+  if (typeof args !== 'string') {
+    throw new Error('Invalid arguments: must be string or object')
+  }
+
+  const trimmed = args.trim()
+
+  // Handle empty object
+  if (trimmed === '{}' || trimmed === '[]') {
+    return trimmed === '{}' ? {} : []
+  }
+
+  try {
+    // Try direct parse first
+    return JSON.parse(trimmed)
+  } catch {
+    // Fall back to LLM JSON parsing
+    return parseLLMJSON(trimmed, 2)
+  }
+}
+
+/**
+ * Parse array content from LLM (common in Anthropic-style messages).
+ * Handles Python-style arrays with thinking/text/tool_use blocks.
+ */
+export function parseAnthropicContentArray(content: string): Array<{
+  type: string
+  text?: string
+  thinking?: string
+  id?: string
+  name?: string
+  input?: any
+}> {
+  if (!content || typeof content !== 'string') {
+    return []
+  }
+
+  const trimmed = content.trim()
+
+  // Handle double-serialized content: "[{...}]" -> "[{...}]"
+  let contentToParse = trimmed
+  if (trimmed.startsWith('"') && trimmed.endsWith('"') && trimmed.length >= 2) {
+    contentToParse = trimmed.slice(1, -1)
+  }
+
+  if (!contentToParse.startsWith('[') || !contentToParse.endsWith(']')) {
+    throw new Error('Content is not an array')
+  }
+
+  try {
+    // Parse with Python-to-JSON conversion
+    const parsed = JSON.parse(
+      contentToParse
+        .replace(/'/g, '"') // Python single quotes
+        .replace(/True/g, 'true')
+        .replace(/False/g, 'false')
+        .replace(/None/g, 'null')
+    )
+
+    if (!Array.isArray(parsed)) {
+      throw new Error('Parsed content is not an array')
+    }
+
+    return parsed
+  } catch (e) {
+    // Fall back to full LLM JSON parsing
+    const fixed = fixLLMJSON(contentToParse)
+    const parsed = JSON.parse(fixed)
+
+    if (!Array.isArray(parsed)) {
+      throw new Error('Parsed content is not an array')
+    }
+
+    return parsed
+  }
+}
diff --git a/packages/server/src/lib/llm-prompt.ts b/packages/server/src/lib/llm-prompt.ts
new file mode 100644
index 0000000..405f785
--- /dev/null
+++ b/packages/server/src/lib/llm-prompt.ts
@@ -0,0 +1,91 @@
+/**
+ * LLM System Prompts and Instructions
+ *
+ * This module contains system prompts and format guidelines for LLM agents.
+ * These prompts ensure that AI outputs are correctly rendered by the frontend.
+ */
+
+/**
+ * System prompt for AI output format guidelines
+ * Add this to your agent's system prompt to ensure proper formatting
+ */
+export const AI_OUTPUT_FORMAT_GUIDELINES = `
+# 输出格式规范
+
+当你的回复中包含图片、视频或文件引用时，必须使用 Markdown，并引用本地绝对路径。
+
+## 路径规则
+
+- Unix/macOS/WSL：使用 \`/path/to/file\`，例如 \`/tmp/screenshot.png\`
+- Windows：使用盘符绝对路径，并把反斜杠 \`\\\` 转成正斜杠 \`/\`，例如 \`C:/Users/Administrator/Desktop/screenshot.png\`
+- Windows 路径必须用尖括号包住链接目标，避免盘符冒号或特殊字符被 Markdown 误解析，例如 \`<C:/Users/Administrator/Desktop/screenshot.png>\`
+- 路径包含空格、中文或特殊字符时，必须使用尖括号包住链接目标，或对路径做 URL 编码
+- 确保文件确实存在且路径正确
+
+## 图片格式
+
+使用 Markdown 图片语法：
+
+\`\`\`
+![图片描述](/tmp/screenshot.png)
+![Sub2API Dashboard](/tmp/sub2api-dashboard.png)
+![桌面截图](<C:/Users/Administrator/Desktop/screenshot.png>)
+\`\`\`
+
+## 视频格式
+
+使用 Markdown 链接语法引用视频文件，支持格式：.mp4、.webm、.mov。视频会显示为可播放的视频播放器（最大 640x480），支持原生播放控件。
+
+\`\`\`
+[屏幕录制](/tmp/screen-recording.mp4)
+[操作演示](/tmp/demo.webm)
+[录屏2026-05-08 15.19.46](/Users/ekko/Desktop/录屏2026-05-08%2015.19.46.mov)
+[录屏2026-05-08 15.19.46](</Users/ekko/Desktop/录屏2026-05-08 15.19.46.mov>)
+[Windows 录屏](<C:/Users/Administrator/Desktop/screen recording.mov>)
+\`\`\`
+
+错误示例：
+\`\`\`
+[录屏2026-05-08 15.19.46](/Users/ekko/Desktop/录屏2026-05-08 15.19.46.mov)
+![桌面截图](C:\\Users\\Administrator\\Desktop\\screenshot.png)
+\`\`\`
+
+## 文件链接格式
+
+使用 Markdown 链接语法：
+
+\`\`\`
+[下载报告](/tmp/monthly-report.pdf)
+[下载报告](<C:/Users/Administrator/Desktop/monthly-report.pdf>)
+\`\`\`
+
+## 发送文件给用户
+
+当用户要求"发给我"、"发送给我"、"传给我"等请求文件时，使用上述格式返回文件路径：
+
+\`\`\`
+![图片描述](/path/to/image.png)
+![Windows 图片](<C:/Users/Administrator/Desktop/image.png>)
+[视频名](/path/to/video.mp4)
+[Windows 视频](<C:/Users/Administrator/Desktop/video.mp4>)
+[文件名](/path/to/file.pdf)
+[Windows 文件](<C:/Users/Administrator/Desktop/file.pdf>)
+\`\`\`
+`;
+
+/**
+ * Get the complete system prompt with format guidelines
+ * @param customPrompt - Optional custom system prompt to prepend
+ * @returns Complete system prompt string
+ */
+export function getSystemPrompt(customPrompt?: string): string {
+  const parts: string[] = [];
+
+  if (customPrompt) {
+    parts.push(customPrompt);
+  }
+
+  parts.push(AI_OUTPUT_FORMAT_GUIDELINES);
+
+  return parts.join('\n\n');
+}
diff --git a/packages/server/src/middleware/user-auth.ts b/packages/server/src/middleware/user-auth.ts
new file mode 100644
index 0000000..4922350
--- /dev/null
+++ b/packages/server/src/middleware/user-auth.ts
@@ -0,0 +1,245 @@
+import type { Context, Next } from 'koa'
+import { createHmac, timingSafeEqual } from 'crypto'
+import { getToken } from '../services/auth'
+import {
+  findUserById,
+  listUserProfiles,
+  touchUserLogin,
+  userCanAccessProfile,
+  type UserRecord,
+  type UserRole,
+} from '../db/hermes/users-store'
+
+export interface AuthenticatedUser {
+  id: number
+  username: string
+  role: UserRole
+  profiles?: string[]
+}
+
+export interface RequestProfile {
+  name: string
+}
+
+interface JwtPayload {
+  sub: string
+  username: string
+  role: UserRole
+  type: 'access'
+  aud: 'hermes-web-ui'
+  iat: number
+  exp: number
+}
+
+declare module 'koa' {
+  interface DefaultState {
+    user?: AuthenticatedUser
+    profile?: RequestProfile
+    serverTokenAuth?: boolean
+  }
+}
+
+const JWT_AUDIENCE = 'hermes-web-ui'
+const DEFAULT_EXPIRES_SECONDS = 60 * 60 * 24 * 30
+
+function base64UrlJson(value: unknown): string {
+  return Buffer.from(JSON.stringify(value)).toString('base64url')
+}
+
+function sign(input: string, secret: string): string {
+  return createHmac('sha256', secret).update(input).digest('base64url')
+}
+
+function safeEqual(a: string, b: string): boolean {
+  try {
+    const left = Buffer.from(a)
+    const right = Buffer.from(b)
+    return left.length === right.length && timingSafeEqual(left, right)
+  } catch {
+    return false
+  }
+}
+
+async function getJwtSecret(): Promise<string> {
+  return process.env.AUTH_JWT_SECRET || await getToken()
+}
+
+function requestToken(ctx: Context): string {
+  const auth = ctx.headers.authorization || ''
+  if (typeof auth === 'string' && auth.startsWith('Bearer ')) return auth.slice(7).trim()
+  return typeof ctx.query.token === 'string' ? ctx.query.token.trim() : ''
+}
+
+const SERVER_TOKEN_MEDIA_PATHS = new Set([
+  '/api/hermes/media/apikey-image-generate',
+  '/api/hermes/media/grok-image-to-video',
+])
+
+async function allowServerTokenForMedia(ctx: Context, token: string): Promise<boolean> {
+  if (!token || !SERVER_TOKEN_MEDIA_PATHS.has(ctx.path)) return false
+  const serverToken = await getToken()
+  if (token !== serverToken) return false
+  ctx.state.serverTokenAuth = true
+  return true
+}
+
+function isProtectedHttpPath(path: string): boolean {
+  const lowerPath = path.toLowerCase()
+  return lowerPath.startsWith('/api') ||
+    lowerPath.startsWith('/v1') ||
+    lowerPath.startsWith('/upload')
+}
+
+export function signUserJwt(user: Pick<UserRecord, 'id' | 'username' | 'role'>, secret: string, now = Date.now()): string {
+  const iat = Math.floor(now / 1000)
+  const payload: JwtPayload = {
+    sub: String(user.id),
+    username: user.username,
+    role: user.role,
+    type: 'access',
+    aud: JWT_AUDIENCE,
+    iat,
+    exp: iat + DEFAULT_EXPIRES_SECONDS,
+  }
+  const header = base64UrlJson({ alg: 'HS256', typ: 'JWT' })
+  const body = base64UrlJson(payload)
+  const unsigned = `${header}.${body}`
+  return `${unsigned}.${sign(unsigned, secret)}`
+}
+
+export function verifyUserJwt(token: string, secret: string, now = Date.now()): JwtPayload | null {
+  const parts = token.split('.')
+  if (parts.length !== 3) return null
+
+  const [header, body, signature] = parts
+  const expected = sign(`${header}.${body}`, secret)
+  if (!safeEqual(signature, expected)) return null
+
+  try {
+    const payload = JSON.parse(Buffer.from(body, 'base64url').toString('utf-8')) as Partial<JwtPayload>
+    if (payload.type !== 'access' || payload.aud !== JWT_AUDIENCE) return null
+    if (!payload.sub || !payload.username || !payload.role || !payload.exp) return null
+    if (Math.floor(now / 1000) >= payload.exp) return null
+    return payload as JwtPayload
+  } catch {
+    return null
+  }
+}
+
+export async function issueUserJwt(user: Pick<UserRecord, 'id' | 'username' | 'role'>): Promise<string> {
+  const secret = await getJwtSecret()
+  return signUserJwt(user, secret)
+}
+
+export function toAuthenticatedUser(user: Pick<UserRecord, 'id' | 'username' | 'role'>): AuthenticatedUser {
+  const authenticated: AuthenticatedUser = {
+    id: user.id,
+    username: user.username,
+    role: user.role,
+  }
+  if (user.role !== 'super_admin') {
+    authenticated.profiles = listUserProfiles(user.id).map(profile => profile.profile_name)
+  }
+  return authenticated
+}
+
+export async function authenticateUserToken(token: string): Promise<AuthenticatedUser | null> {
+  const secret = await getJwtSecret()
+
+  const payload = token ? verifyUserJwt(token, secret) : null
+  if (!payload) return null
+
+  const user = findUserById(payload.sub)
+  if (!user || user.status !== 'active') return null
+  return toAuthenticatedUser(user)
+}
+
+export async function isAuthEnabled(): Promise<boolean> {
+  await getJwtSecret()
+  return true
+}
+
+export async function requireUserJwt(ctx: Context, next: Next): Promise<void> {
+  if (!isProtectedHttpPath(ctx.path)) {
+    await next()
+    return
+  }
+
+  const secret = await getJwtSecret()
+  const token = requestToken(ctx)
+  const payload = token ? verifyUserJwt(token, secret) : null
+  if (!payload) {
+    if (await allowServerTokenForMedia(ctx, token)) {
+      await next()
+      return
+    }
+    ctx.status = 401
+    ctx.body = { error: 'Unauthorized' }
+    return
+  }
+
+  const user = findUserById(payload.sub)
+  if (!user || user.status !== 'active') {
+    ctx.status = 403
+    ctx.body = { error: 'User is disabled or does not exist' }
+    return
+  }
+
+  ctx.state.user = toAuthenticatedUser(user)
+  touchUserLogin(user.id)
+  await next()
+}
+
+export async function requireSuperAdmin(ctx: Context, next: Next): Promise<void> {
+  if (ctx.state.user?.role !== 'super_admin') {
+    ctx.status = 403
+    ctx.body = { error: 'Super administrator privileges are required' }
+    return
+  }
+  await next()
+}
+
+export function resolveRequestedProfile(ctx: Context): string {
+  if (ctx.path === '/api/hermes/available-models' && typeof ctx.query.profile !== 'string') {
+    return ''
+  }
+  const headerProfile = ctx.get('x-hermes-profile')
+  const queryProfile = typeof ctx.query.profile === 'string' ? ctx.query.profile : ''
+  const body = ctx.request.body as { profile?: unknown } | undefined
+  const bodyProfile = typeof body?.profile === 'string' ? body.profile : ''
+  return (headerProfile || queryProfile || bodyProfile || '').trim()
+}
+
+export async function resolveUserProfile(ctx: Context, next: Next): Promise<void> {
+  const user = ctx.state.user
+  if (!user) {
+    await next()
+    return
+  }
+
+  const profileName = resolveRequestedProfile(ctx)
+  if (!profileName) {
+    await next()
+    return
+  }
+
+  if (user.role !== 'super_admin' && !userCanAccessProfile(user.id, profileName)) {
+    ctx.status = 403
+    ctx.body = { error: `Profile "${profileName}" is not available for this user` }
+    return
+  }
+
+  ctx.state.profile = { name: profileName }
+  await next()
+}
+
+export async function requireUserProfile(ctx: Context, next: Next): Promise<void> {
+  if (!ctx.state.profile?.name) {
+    ctx.status = 400
+    ctx.body = { error: 'Profile is required' }
+    return
+  }
+  await next()
+}
+
+export const userAuthMiddleware = [requireUserJwt, resolveUserProfile]
diff --git a/packages/server/src/routes/auth.ts b/packages/server/src/routes/auth.ts
new file mode 100644
index 0000000..9144f11
--- /dev/null
+++ b/packages/server/src/routes/auth.ts
@@ -0,0 +1,22 @@
+import Router from '@koa/router'
+import * as ctrl from '../controllers/auth'
+import { requireSuperAdmin } from '../middleware/user-auth'
+
+// Public routes (no auth required)
+export const authPublicRoutes = new Router()
+authPublicRoutes.get('/api/auth/status', ctrl.authStatus)
+authPublicRoutes.post('/api/auth/login', ctrl.login)
+
+// Protected routes (auth required)
+export const authProtectedRoutes = new Router()
+authProtectedRoutes.post('/api/auth/setup', ctrl.setupPassword)
+authProtectedRoutes.get('/api/auth/me', ctrl.currentUser)
+authProtectedRoutes.post('/api/auth/change-password', ctrl.changePassword)
+authProtectedRoutes.post('/api/auth/change-username', ctrl.changeUsername)
+authProtectedRoutes.delete('/api/auth/password', ctrl.removePassword)
+authProtectedRoutes.get('/api/auth/users', requireSuperAdmin, ctrl.listManagedUsers)
+authProtectedRoutes.post('/api/auth/users', requireSuperAdmin, ctrl.createManagedUser)
+authProtectedRoutes.put('/api/auth/users/:id', requireSuperAdmin, ctrl.updateManagedUser)
+authProtectedRoutes.delete('/api/auth/users/:id', requireSuperAdmin, ctrl.deleteManagedUser)
+authProtectedRoutes.get('/api/auth/locked-ips', ctrl.listLockedIps)
+authProtectedRoutes.delete('/api/auth/locked-ips', ctrl.unlockIpHandler)
diff --git a/packages/server/src/routes/claude-code-proxy.ts b/packages/server/src/routes/claude-code-proxy.ts
new file mode 100644
index 0000000..f8a815e
--- /dev/null
+++ b/packages/server/src/routes/claude-code-proxy.ts
@@ -0,0 +1,7 @@
+import Router from '@koa/router'
+import { claudeProxyMessages, claudeProxyModels } from '../services/claude-code-proxy'
+
+export const claudeCodeProxyRoutes = new Router()
+
+claudeCodeProxyRoutes.get('/api/claude-code-proxy/:key/v1/models', claudeProxyModels)
+claudeCodeProxyRoutes.post('/api/claude-code-proxy/:key/v1/messages', claudeProxyMessages)
diff --git a/packages/server/src/routes/codex-proxy.ts b/packages/server/src/routes/codex-proxy.ts
new file mode 100644
index 0000000..f425884
--- /dev/null
+++ b/packages/server/src/routes/codex-proxy.ts
@@ -0,0 +1,7 @@
+import Router from '@koa/router'
+import { codexProxyModels, codexProxyResponses } from '../services/codex-proxy'
+
+export const codexProxyRoutes = new Router()
+
+codexProxyRoutes.get('/api/codex-proxy/:key/v1/models', codexProxyModels)
+codexProxyRoutes.post('/api/codex-proxy/:key/v1/responses', codexProxyResponses)
diff --git a/packages/server/src/routes/coding-agents.ts b/packages/server/src/routes/coding-agents.ts
new file mode 100644
index 0000000..3c86826
--- /dev/null
+++ b/packages/server/src/routes/coding-agents.ts
@@ -0,0 +1,12 @@
+import Router from '@koa/router'
+import * as ctrl from '../controllers/coding-agents'
+
+export const codingAgentRoutes = new Router()
+
+codingAgentRoutes.get('/api/coding-agents', ctrl.status)
+codingAgentRoutes.post('/api/coding-agents/:id/install', ctrl.install)
+codingAgentRoutes.post('/api/coding-agents/:id/launch/prepare', ctrl.prepareLaunch)
+codingAgentRoutes.post('/api/coding-agents/:id/launch/native', ctrl.nativeLaunch)
+codingAgentRoutes.delete('/api/coding-agents/:id', ctrl.remove)
+codingAgentRoutes.get('/api/coding-agents/:id/config-files/:key', ctrl.readConfigFile)
+codingAgentRoutes.put('/api/coding-agents/:id/config-files/:key', ctrl.writeConfigFile)
diff --git a/packages/server/src/routes/health.ts b/packages/server/src/routes/health.ts
new file mode 100644
index 0000000..d860f49
--- /dev/null
+++ b/packages/server/src/routes/health.ts
@@ -0,0 +1,8 @@
+import Router from '@koa/router'
+import * as ctrl from '../controllers/health'
+
+export const healthRoutes = new Router()
+
+healthRoutes.get('/health', ctrl.healthCheck)
+
+export { startVersionCheck } from '../controllers/health'
diff --git a/packages/server/src/routes/hermes/chat-run.ts b/packages/server/src/routes/hermes/chat-run.ts
new file mode 100644
index 0000000..b0fc393
--- /dev/null
+++ b/packages/server/src/routes/hermes/chat-run.ts
@@ -0,0 +1,11 @@
+import type { ChatRunSocket } from '../../services/hermes/run-chat'
+
+let chatRunServer: ChatRunSocket | null = null
+
+export function setChatRunServer(server: ChatRunSocket): void {
+  chatRunServer = server
+}
+
+export function getChatRunServer(): ChatRunSocket | null {
+  return chatRunServer
+}
diff --git a/packages/server/src/routes/hermes/codex-auth.ts b/packages/server/src/routes/hermes/codex-auth.ts
new file mode 100644
index 0000000..79d10c7
--- /dev/null
+++ b/packages/server/src/routes/hermes/codex-auth.ts
@@ -0,0 +1,8 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/codex-auth'
+
+export const codexAuthRoutes = new Router()
+
+codexAuthRoutes.post('/api/hermes/auth/codex/start', ctrl.start)
+codexAuthRoutes.get('/api/hermes/auth/codex/poll/:sessionId', ctrl.poll)
+codexAuthRoutes.get('/api/hermes/auth/codex/status', ctrl.status)
diff --git a/packages/server/src/routes/hermes/config.ts b/packages/server/src/routes/hermes/config.ts
new file mode 100644
index 0000000..8c41945
--- /dev/null
+++ b/packages/server/src/routes/hermes/config.ts
@@ -0,0 +1,8 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/config'
+
+export const configRoutes = new Router()
+
+configRoutes.get('/api/hermes/config', ctrl.getConfig)
+configRoutes.put('/api/hermes/config', ctrl.updateConfig)
+configRoutes.put('/api/hermes/config/credentials', ctrl.updateCredentials)
diff --git a/packages/server/src/routes/hermes/copilot-auth.ts b/packages/server/src/routes/hermes/copilot-auth.ts
new file mode 100644
index 0000000..6152b09
--- /dev/null
+++ b/packages/server/src/routes/hermes/copilot-auth.ts
@@ -0,0 +1,10 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/copilot-auth'
+
+export const copilotAuthRoutes = new Router()
+
+copilotAuthRoutes.post('/api/hermes/auth/copilot/start', ctrl.start)
+copilotAuthRoutes.get('/api/hermes/auth/copilot/poll/:sessionId', ctrl.poll)
+copilotAuthRoutes.get('/api/hermes/auth/copilot/check-token', ctrl.checkToken)
+copilotAuthRoutes.post('/api/hermes/auth/copilot/enable', ctrl.enable)
+copilotAuthRoutes.post('/api/hermes/auth/copilot/disable', ctrl.disable)
diff --git a/packages/server/src/routes/hermes/cron-history.ts b/packages/server/src/routes/hermes/cron-history.ts
new file mode 100644
index 0000000..cb8c41f
--- /dev/null
+++ b/packages/server/src/routes/hermes/cron-history.ts
@@ -0,0 +1,7 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/cron-history'
+
+export const cronHistoryRoutes = new Router()
+
+cronHistoryRoutes.get('/api/cron-history', ctrl.listRuns)
+cronHistoryRoutes.get('/api/cron-history/:jobId/:fileName', ctrl.readRun)
diff --git a/packages/server/src/routes/hermes/download.ts b/packages/server/src/routes/hermes/download.ts
new file mode 100644
index 0000000..d67ca71
--- /dev/null
+++ b/packages/server/src/routes/hermes/download.ts
@@ -0,0 +1,120 @@
+import Router from '@koa/router'
+import { basename, extname, isAbsolute } from 'path'
+import {
+  createFileProvider,
+  localProvider,
+  isInUploadDir,
+  validatePath,
+  resolveHermesPath,
+} from '../../services/hermes/file-provider'
+import { getActiveProfileName } from '../../services/hermes/hermes-profile'
+
+export const downloadRoutes = new Router()
+
+// MIME type mapping for common extensions
+const MIME_MAP: Record<string, string> = {
+  '.txt': 'text/plain',
+  '.html': 'text/html',
+  '.htm': 'text/html',
+  '.css': 'text/css',
+  '.js': 'application/javascript',
+  '.json': 'application/json',
+  '.xml': 'application/xml',
+  '.csv': 'text/csv',
+  '.md': 'text/markdown',
+  '.pdf': 'application/pdf',
+  '.zip': 'application/zip',
+  '.gz': 'application/gzip',
+  '.tar': 'application/x-tar',
+  '.png': 'image/png',
+  '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg',
+  '.gif': 'image/gif',
+  '.svg': 'image/svg+xml',
+  '.webp': 'image/webp',
+  '.mp3': 'audio/mpeg',
+  '.wav': 'audio/wav',
+  '.mp4': 'video/mp4',
+  '.webm': 'video/webm',
+  '.doc': 'application/msword',
+  '.docx': 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+  '.xls': 'application/vnd.ms-excel',
+  '.xlsx': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+  '.ppt': 'application/vnd.ms-powerpoint',
+  '.pptx': 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+  '.py': 'text/x-python',
+  '.ts': 'text/typescript',
+  '.tsx': 'text/typescript',
+  '.rs': 'text/x-rust',
+  '.go': 'text/x-go',
+  '.java': 'text/x-java',
+  '.c': 'text/x-c',
+  '.cpp': 'text/x-c++',
+  '.h': 'text/x-c',
+  '.sh': 'text/x-shellscript',
+  '.yaml': 'text/yaml',
+  '.yml': 'text/yaml',
+  '.toml': 'text/toml',
+  '.log': 'text/plain',
+}
+
+function getMimeType(fileName: string): string {
+  const ext = extname(fileName).toLowerCase()
+  return MIME_MAP[ext] || 'application/octet-stream'
+}
+
+function requestedProfile(ctx: any): string {
+  return ctx.state?.profile?.name || getActiveProfileName() || 'default'
+}
+
+downloadRoutes.get('/api/hermes/download', async (ctx) => {
+  const filePath = ctx.query.path as string | undefined
+  const fileName = ctx.query.name as string | undefined
+
+  if (!filePath) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing path parameter', code: 'missing_path' }
+    return
+  }
+
+  try {
+    const profile = requestedProfile(ctx)
+    // Validate the path first
+    // Support both absolute and relative paths
+    const validPath = isAbsolute(filePath) ? validatePath(filePath) : resolveHermesPath(filePath, profile)
+
+    // Choose provider: always use local for upload directory files
+    let data: Buffer
+    if (isInUploadDir(validPath)) {
+      data = await localProvider.readFile(validPath)
+    } else {
+      const provider = await createFileProvider(profile)
+      data = await provider.readFile(validPath)
+    }
+
+    // Determine filename and MIME type
+    const name = fileName || basename(validPath)
+    const mime = getMimeType(name)
+
+    // Set response headers
+    ctx.set('Content-Type', mime)
+    ctx.set('Content-Disposition', `attachment; filename="${encodeURIComponent(name)}"; filename*=UTF-8''${encodeURIComponent(name)}`)
+    ctx.set('Content-Length', String(data.length))
+    ctx.set('Cache-Control', 'no-cache')
+    ctx.body = data
+  } catch (err: any) {
+    const code = err.code || 'unknown'
+    const statusMap: Record<string, number> = {
+      missing_path: 400,
+      invalid_path: 400,
+      not_found: 404,
+      ENOENT: 404,
+      file_too_large: 413,
+      unsupported_backend: 501,
+      backend_error: 502,
+      backend_timeout: 504,
+    }
+    ctx.status = statusMap[code] || 500
+    ctx.body = { error: err.message, code }
+  }
+})
diff --git a/packages/server/src/routes/hermes/files.ts b/packages/server/src/routes/hermes/files.ts
new file mode 100644
index 0000000..b9746ce
--- /dev/null
+++ b/packages/server/src/routes/hermes/files.ts
@@ -0,0 +1,299 @@
+import Router from '@koa/router'
+import {
+  createFileProvider,
+  resolveHermesPath,
+  isSensitivePath,
+  MAX_EDIT_SIZE,
+} from '../../services/hermes/file-provider'
+
+function requestedProfile(ctx: any): string | undefined {
+  return ctx.state?.profile?.name
+}
+
+function resolveRequestPath(ctx: any, relativePath: string): string {
+  return resolveHermesPath(relativePath, requestedProfile(ctx))
+}
+
+async function createRequestFileProvider(ctx: any) {
+  return createFileProvider(requestedProfile(ctx))
+}
+
+function withAbsolutePath<T extends { path: string }>(ctx: any, entry: T): T & { absolutePath: string } {
+  return { ...entry, absolutePath: resolveRequestPath(ctx, entry.path) }
+}
+
+export const fileRoutes = new Router()
+
+function handleError(ctx: any, err: any) {
+  const code = err.code || 'unknown'
+  const statusMap: Record<string, number> = {
+    missing_path: 400,
+    invalid_path: 400,
+    not_found: 404,
+    ENOENT: 404,
+    already_exists: 409,
+    permission_denied: 403,
+    file_too_large: 413,
+    not_a_directory: 400,
+    not_a_file: 400,
+    unsupported_backend: 501,
+    backend_error: 502,
+    backend_timeout: 504,
+  }
+  ctx.status = statusMap[code] || 500
+  ctx.body = { error: err.message, code }
+}
+
+// GET /api/hermes/files/list?path=
+fileRoutes.get('/api/hermes/files/list', async (ctx) => {
+  const relativePath = (ctx.query.path as string) || ''
+  try {
+    const absPath = resolveRequestPath(ctx, relativePath)
+    const provider = await createRequestFileProvider(ctx)
+    const entries = await provider.listDir(absPath)
+    entries.sort((a, b) => {
+      if (a.isDir !== b.isDir) return a.isDir ? -1 : 1
+      return a.name.localeCompare(b.name)
+    })
+    ctx.body = { entries: entries.map(entry => withAbsolutePath(ctx, entry)), path: relativePath, absolutePath: absPath }
+  } catch (err: any) {
+    handleError(ctx, err)
+  }
+})
+
+// GET /api/hermes/files/stat?path=
+fileRoutes.get('/api/hermes/files/stat', async (ctx) => {
+  const relativePath = ctx.query.path as string
+  if (!relativePath) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing path parameter', code: 'missing_path' }
+    return
+  }
+  try {
+    const absPath = resolveRequestPath(ctx, relativePath)
+    const provider = await createRequestFileProvider(ctx)
+    const info = await provider.stat(absPath)
+    ctx.body = withAbsolutePath(ctx, info)
+  } catch (err: any) {
+    handleError(ctx, err)
+  }
+})
+
+// GET /api/hermes/files/read?path=
+fileRoutes.get('/api/hermes/files/read', async (ctx) => {
+  const relativePath = ctx.query.path as string
+  if (!relativePath) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing path parameter', code: 'missing_path' }
+    return
+  }
+  try {
+    const absPath = resolveRequestPath(ctx, relativePath)
+    const provider = await createRequestFileProvider(ctx)
+    const data = await provider.readFile(absPath)
+    if (data.length > MAX_EDIT_SIZE) {
+      ctx.status = 413
+      ctx.body = { error: 'File too large to edit', code: 'file_too_large' }
+      return
+    }
+    ctx.body = { content: data.toString('utf-8'), path: relativePath, size: data.length }
+  } catch (err: any) {
+    handleError(ctx, err)
+  }
+})
+
+// PUT /api/hermes/files/write  body: { path, content }
+fileRoutes.put('/api/hermes/files/write', async (ctx) => {
+  const { path: relativePath, content } = ctx.request.body as { path?: string; content?: string }
+  if (!relativePath) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing path parameter', code: 'missing_path' }
+    return
+  }
+  if (isSensitivePath(relativePath)) {
+    ctx.status = 403
+    ctx.body = { error: 'Cannot modify sensitive file', code: 'permission_denied' }
+    return
+  }
+  try {
+    const buf = Buffer.from(content || '', 'utf-8')
+    if (buf.length > MAX_EDIT_SIZE) {
+      ctx.status = 413
+      ctx.body = { error: 'Content too large', code: 'file_too_large' }
+      return
+    }
+    const absPath = resolveRequestPath(ctx, relativePath)
+    const provider = await createRequestFileProvider(ctx)
+    await provider.writeFile(absPath, buf)
+    ctx.body = { ok: true, path: relativePath }
+  } catch (err: any) {
+    handleError(ctx, err)
+  }
+})
+
+// DELETE /api/hermes/files/delete  body: { path, recursive? }
+fileRoutes.delete('/api/hermes/files/delete', async (ctx) => {
+  const { path: relativePath, recursive } = ctx.request.body as { path?: string; recursive?: boolean }
+  if (!relativePath) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing path parameter', code: 'missing_path' }
+    return
+  }
+  if (isSensitivePath(relativePath)) {
+    ctx.status = 403
+    ctx.body = { error: 'Cannot delete sensitive file', code: 'permission_denied' }
+    return
+  }
+  try {
+    const absPath = resolveRequestPath(ctx, relativePath)
+    const provider = await createRequestFileProvider(ctx)
+    if (recursive) {
+      await provider.deleteDir(absPath)
+    } else {
+      await provider.deleteFile(absPath)
+    }
+    ctx.body = { ok: true }
+  } catch (err: any) {
+    handleError(ctx, err)
+  }
+})
+
+// POST /api/hermes/files/rename  body: { oldPath, newPath }
+fileRoutes.post('/api/hermes/files/rename', async (ctx) => {
+  const { oldPath, newPath } = ctx.request.body as { oldPath?: string; newPath?: string }
+  if (!oldPath || !newPath) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing oldPath or newPath', code: 'missing_path' }
+    return
+  }
+  if (isSensitivePath(oldPath)) {
+    ctx.status = 403
+    ctx.body = { error: 'Cannot rename sensitive file', code: 'permission_denied' }
+    return
+  }
+  try {
+    const absOld = resolveRequestPath(ctx, oldPath)
+    const absNew = resolveRequestPath(ctx, newPath)
+    const provider = await createRequestFileProvider(ctx)
+    await provider.renameFile(absOld, absNew)
+    ctx.body = { ok: true }
+  } catch (err: any) {
+    handleError(ctx, err)
+  }
+})
+
+// POST /api/hermes/files/mkdir  body: { path }
+fileRoutes.post('/api/hermes/files/mkdir', async (ctx) => {
+  const { path: relativePath } = ctx.request.body as { path?: string }
+  if (!relativePath) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing path parameter', code: 'missing_path' }
+    return
+  }
+  try {
+    const absPath = resolveRequestPath(ctx, relativePath)
+    const provider = await createRequestFileProvider(ctx)
+    await provider.mkDir(absPath)
+    ctx.body = { ok: true }
+  } catch (err: any) {
+    handleError(ctx, err)
+  }
+})
+
+// POST /api/hermes/files/copy  body: { srcPath, destPath }
+fileRoutes.post('/api/hermes/files/copy', async (ctx) => {
+  const { srcPath, destPath } = ctx.request.body as { srcPath?: string; destPath?: string }
+  if (!srcPath || !destPath) {
+    ctx.status = 400
+    ctx.body = { error: 'Missing srcPath or destPath', code: 'missing_path' }
+    return
+  }
+  try {
+    const absSrc = resolveRequestPath(ctx, srcPath)
+    const absDest = resolveRequestPath(ctx, destPath)
+    const provider = await createRequestFileProvider(ctx)
+    await provider.copyFile(absSrc, absDest)
+    ctx.body = { ok: true }
+  } catch (err: any) {
+    handleError(ctx, err)
+  }
+})
+
+// POST /api/hermes/files/upload?path=  (multipart/form-data)
+fileRoutes.post('/api/hermes/files/upload', async (ctx) => {
+  const targetDir = (ctx.query.path as string) || ''
+  const contentType = ctx.get('content-type') || ''
+  if (!contentType.startsWith('multipart/form-data')) {
+    ctx.status = 400
+    ctx.body = { error: 'Expected multipart/form-data', code: 'invalid_request' }
+    return
+  }
+
+  const boundary = '--' + contentType.split('boundary=')[1]
+  if (!boundary || boundary === '--undefined') {
+    ctx.status = 400
+    ctx.body = { error: 'Missing boundary', code: 'invalid_request' }
+    return
+  }
+
+  const chunks: Buffer[] = []
+  for await (const chunk of ctx.req) chunks.push(chunk)
+  const raw = Buffer.concat(chunks)
+
+  const boundaryBuf = Buffer.from(boundary)
+  const parts = splitMultipart(raw, boundaryBuf)
+  const provider = await createRequestFileProvider(ctx)
+  const results: { name: string; path: string }[] = []
+
+  for (const part of parts) {
+    const headerEnd = part.indexOf(Buffer.from('\r\n\r\n'))
+    if (headerEnd === -1) continue
+    const headerBuf = part.subarray(0, headerEnd)
+    const header = headerBuf.toString('utf-8')
+    const data = part.subarray(headerEnd + 4, part.length - 2)
+
+    let filename = ''
+    const filenameStarMatch = header.match(/filename\*=UTF-8''(.+)/i)
+    if (filenameStarMatch) {
+      filename = decodeURIComponent(filenameStarMatch[1])
+    } else {
+      const filenameMatch = header.match(/filename="([^"]+)"/)
+      if (!filenameMatch) continue
+      filename = filenameMatch[1]
+    }
+
+    if (data.length > MAX_EDIT_SIZE) {
+      ctx.status = 413
+      ctx.body = { error: `File ${filename} too large`, code: 'file_too_large' }
+      return
+    }
+
+    const filePath = targetDir ? `${targetDir}/${filename}` : filename
+    if (isSensitivePath(filePath)) {
+      ctx.status = 403
+      ctx.body = { error: `Cannot overwrite sensitive file: ${filename}`, code: 'permission_denied' }
+      return
+    }
+
+    const absPath = resolveRequestPath(ctx, filePath)
+    await provider.writeFile(absPath, data)
+    results.push({ name: filename, path: filePath })
+  }
+
+  ctx.body = { files: results }
+})
+
+function splitMultipart(raw: Buffer, boundary: Buffer): Buffer[] {
+  const parts: Buffer[] = []
+  let start = 0
+  while (true) {
+    const idx = raw.indexOf(boundary, start)
+    if (idx === -1) break
+    if (start > 0) {
+      const partStart = start + 2
+      parts.push(raw.subarray(partStart, idx))
+    }
+    start = idx + boundary.length
+  }
+  return parts
+}
diff --git a/packages/server/src/routes/hermes/group-chat.ts b/packages/server/src/routes/hermes/group-chat.ts
new file mode 100644
index 0000000..7d0aa45
--- /dev/null
+++ b/packages/server/src/routes/hermes/group-chat.ts
@@ -0,0 +1,415 @@
+import Router from '@koa/router'
+import type { GroupChatServer } from '../../services/hermes/group-chat'
+import { isReservedMentionName } from '../../services/hermes/group-chat/mention-routing'
+
+export const groupChatRoutes = new Router()
+
+let chatServer: GroupChatServer | null = null
+
+export function setGroupChatServer(server: GroupChatServer) {
+    chatServer = server
+}
+
+export function getGroupChatServer(): GroupChatServer | null {
+    return chatServer
+}
+
+function generateId(): string {
+    return Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+}
+
+function generateInviteCode(): string {
+    const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789'
+    let code = ''
+    for (let i = 0; i < 6; i++) {
+        code += chars[Math.floor(Math.random() * chars.length)]
+    }
+    return code
+}
+
+type AgentInput = { profile: string; name?: string; description?: string; invited?: boolean | number }
+
+function sanitizeAgentConnectReason(reason?: string): string {
+    return (reason || 'agent runtime connection failed')
+        .replace(/Bearer\s+[A-Za-z0-9._~+\/-]+/gi, 'Bearer [REDACTED]')
+        .replace(/(api[_-]?key|token|secret|password)=([^\s]+)/gi, '$1=[REDACTED]')
+        .split('\n')[0]
+        .slice(0, 240)
+}
+
+function agentConnectFailureBody(profile: string, err: any) {
+    return {
+        code: 'PROFILE_AGENT_CONNECT_FAILED',
+        error: `Failed to connect agent "${profile}" to room`,
+        profile,
+        reason: sanitizeAgentConnectReason(err?.message),
+    }
+}
+
+async function connectAndPersistRoomAgent(server: GroupChatServer, roomId: string, input: AgentInput, agentId = generateId()) {
+    const profile = input.profile
+    const name = input.name || profile
+    const description = input.description || ''
+    const invited = input.invited ? 1 : 0
+    const client = await server.agentClients.createAgent({
+        agentId,
+        profile,
+        name,
+        description,
+        invited,
+    })
+
+    try {
+        await server.agentClients.addAgentToRoom(roomId, client)
+        return server.getStorage().addRoomAgent(roomId, agentId, profile, name, description, invited)
+    } catch (err) {
+        server.agentClients.removeAgentFromRoom(roomId, client.agentId)
+        throw err
+    }
+}
+
+// Create room
+groupChatRoutes.post('/api/hermes/group-chat/rooms', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const { name, inviteCode, agents, compression } = ctx.request.body as {
+        name?: string
+        inviteCode?: string
+        agents?: { profile: string; name?: string; description?: string; invited?: boolean }[]
+        compression?: { triggerTokens?: number; maxHistoryTokens?: number; tailMessageCount?: number }
+    }
+    if (!name || !inviteCode) {
+        ctx.status = 400
+        ctx.body = { error: 'name and inviteCode are required' }
+        return
+    }
+    const reservedAgent = (agents || []).find(a => isReservedMentionName(a.name || a.profile))
+    if (reservedAgent) {
+        ctx.status = 400
+        ctx.body = { error: '`all` is reserved for @all mentions' }
+        return
+    }
+
+    const roomId = generateId()
+    const storage = chatServer.getStorage()
+    storage.saveRoom(roomId, name, inviteCode, compression)
+
+    const addedAgents = []
+    const agentResults = []
+    for (const a of agents || []) {
+        try {
+            const agent = await connectAndPersistRoomAgent(chatServer, roomId, {
+                profile: a.profile,
+                name: a.name || a.profile,
+                description: a.description || '',
+                invited: a.invited,
+            })
+            addedAgents.push(agent)
+            agentResults.push({ profile: a.profile, ok: true, agent })
+        } catch (err: any) {
+            console.error(`[GroupChat] Failed to connect agent ${a.profile} to room ${roomId}: ${sanitizeAgentConnectReason(err.message)}`)
+            agentResults.push({ ok: false, ...agentConnectFailureBody(a.profile, err) })
+        }
+    }
+
+    const room = storage.getRoom(roomId)
+    ctx.body = { room, agents: addedAgents, agentResults }
+})
+
+// Clone room roles/config without copying the conversation context.
+groupChatRoutes.post('/api/hermes/group-chat/rooms/:roomId/clone', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const sourceRoom = chatServer.getStorage().getRoom(ctx.params.roomId)
+    if (!sourceRoom) {
+        ctx.status = 404
+        ctx.body = { error: 'Room not found' }
+        return
+    }
+
+    const { name, inviteCode } = ctx.request.body as { name?: string; inviteCode?: string }
+    const roomId = generateId()
+    const storage = chatServer.getStorage()
+    const code = inviteCode?.trim() || generateInviteCode()
+    storage.saveRoom(roomId, name?.trim() || `${sourceRoom.name} Copy`, code, {
+        triggerTokens: sourceRoom.triggerTokens,
+        maxHistoryTokens: sourceRoom.maxHistoryTokens,
+        tailMessageCount: sourceRoom.tailMessageCount,
+    })
+
+    const addedAgents = []
+    const agentResults = []
+    for (const sourceAgent of storage.getRoomAgents(sourceRoom.id)) {
+        try {
+            const agent = await connectAndPersistRoomAgent(chatServer, roomId, {
+                profile: sourceAgent.profile,
+                name: sourceAgent.name,
+                description: sourceAgent.description,
+                invited: sourceAgent.invited,
+            })
+            addedAgents.push(agent)
+            agentResults.push({ profile: sourceAgent.profile, ok: true, agent })
+        } catch (err: any) {
+            console.error(`[GroupChat] Failed to connect cloned agent ${sourceAgent.profile} to room ${roomId}: ${sanitizeAgentConnectReason(err.message)}`)
+            agentResults.push({ ok: false, ...agentConnectFailureBody(sourceAgent.profile, err) })
+        }
+    }
+
+    const room = storage.getRoom(roomId)
+    ctx.body = { room, agents: addedAgents, agentResults }
+})
+
+// Get room detail and messages
+groupChatRoutes.get('/api/hermes/group-chat/rooms/:roomId', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const room = chatServer.getStorage().getRoom(ctx.params.roomId)
+    if (!room) {
+        ctx.status = 404
+        ctx.body = { error: 'Room not found' }
+        return
+    }
+
+    const offset = ctx.query.offset ? Math.max(0, parseInt(ctx.query.offset as string, 10) || 0) : 0
+    const limit = ctx.query.limit ? Math.max(1, parseInt(ctx.query.limit as string, 10) || 300) : 300
+    const messages = chatServer.getStorage().getMessages(ctx.params.roomId, limit, offset)
+    const total = chatServer.getStorage().getMessageCount(ctx.params.roomId)
+    const agents = chatServer.getStorage().getRoomAgents(ctx.params.roomId)
+    const members = chatServer.getStorage().getRoomMembers(ctx.params.roomId)
+    ctx.body = { room, messages, agents, members, total, offset, limit, hasMore: offset + messages.length < total }
+})
+
+// List rooms
+groupChatRoutes.get('/api/hermes/group-chat/rooms', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const user = ctx.state.user
+    const storage = chatServer.getStorage()
+    const rooms = !user || user.role === 'super_admin'
+        ? storage.getAllRooms()
+        : storage.getRoomsForProfiles(user.profiles || [])
+    ctx.body = { rooms }
+})
+
+// Get room by invite code
+groupChatRoutes.get('/api/hermes/group-chat/rooms/join/:code', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const room = chatServer.getStorage().getRoomByInviteCode(ctx.params.code)
+    if (!room) {
+        ctx.status = 404
+        ctx.body = { error: 'Room not found' }
+        return
+    }
+
+    ctx.body = { room }
+})
+
+// Update room invite code
+groupChatRoutes.put('/api/hermes/group-chat/rooms/:roomId/invite-code', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const { inviteCode } = ctx.request.body as { inviteCode?: string }
+    if (!inviteCode) {
+        ctx.status = 400
+        ctx.body = { error: 'inviteCode is required' }
+        return
+    }
+
+    chatServer.getStorage().updateRoomInviteCode(ctx.params.roomId, inviteCode)
+    ctx.body = { success: true }
+})
+
+// Add agent to room
+groupChatRoutes.post('/api/hermes/group-chat/rooms/:roomId/agents', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const { profile, name, description, invited } = ctx.request.body as { profile?: string; name?: string; description?: string; invited?: boolean }
+    if (!profile) {
+        ctx.status = 400
+        ctx.body = { error: 'profile is required' }
+        return
+    }
+    if (isReservedMentionName(name || profile)) {
+        ctx.status = 400
+        ctx.body = { error: '`all` is reserved for @all mentions' }
+        return
+    }
+
+    // Prevent duplicate agent in same room
+    const existing = chatServer.getStorage().getRoomAgents(ctx.params.roomId)
+    if (existing.find(a => a.profile === profile)) {
+        ctx.status = 409
+        ctx.body = { error: 'Agent already in room' }
+        return
+    }
+
+    try {
+        const agent = await connectAndPersistRoomAgent(chatServer, ctx.params.roomId, {
+            profile,
+            name: name || profile,
+            description: description || '',
+            invited,
+        })
+        ctx.body = { agent }
+    } catch (err: any) {
+        console.error(`[GroupChat] Failed to connect agent ${profile} to room ${ctx.params.roomId}: ${sanitizeAgentConnectReason(err.message)}`)
+        ctx.status = 502
+        ctx.body = agentConnectFailureBody(profile, err)
+    }
+})
+
+// List agents in room
+groupChatRoutes.get('/api/hermes/group-chat/rooms/:roomId/agents', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const agents = chatServer.getStorage().getRoomAgents(ctx.params.roomId)
+    ctx.body = { agents }
+})
+
+// Remove agent from room
+groupChatRoutes.delete('/api/hermes/group-chat/rooms/:roomId/agents/:agentId', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const roomId = ctx.params.roomId
+    const requestedAgentId = ctx.params.agentId
+    const storage = chatServer.getStorage()
+    const agent = storage.getRoomAgent(roomId, requestedAgentId)
+    if (!agent) {
+        ctx.status = 404
+        ctx.body = { error: 'Agent not found' }
+        return
+    }
+
+    storage.removeRoomMembersForAgent(roomId, agent)
+    storage.removeRoomAgent(roomId, requestedAgentId)
+    chatServer.agentClients.removeAgentFromRoom(roomId, agent.agentId)
+    ctx.body = {
+        success: true,
+        agents: storage.getRoomAgents(roomId),
+        members: storage.getRoomMembers(roomId),
+    }
+})
+
+// Delete room
+groupChatRoutes.delete('/api/hermes/group-chat/rooms/:roomId', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const roomId = ctx.params.roomId
+    // Disconnect all agents in room
+    chatServer.agentClients.disconnectRoom(roomId)
+    // Delete all data
+    chatServer.getStorage().deleteRoom(roomId)
+    ctx.body = { success: true }
+})
+
+// Clear current room context while keeping members, agents, and room config.
+groupChatRoutes.post('/api/hermes/group-chat/rooms/:roomId/clear-context', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const roomId = ctx.params.roomId
+    if (!chatServer.getStorage().getRoom(roomId)) {
+        ctx.status = 404
+        ctx.body = { error: 'Room not found' }
+        return
+    }
+
+    chatServer.getStorage().clearRoomContext(roomId)
+    chatServer.clearRoomRuntimeState(roomId)
+    ctx.body = { success: true, room: chatServer.getStorage().getRoom(roomId) }
+})
+
+// Update room compression config
+groupChatRoutes.put('/api/hermes/group-chat/rooms/:roomId/config', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const roomId = ctx.params.roomId
+    const { triggerTokens, maxHistoryTokens, tailMessageCount } = ctx.request.body as {
+        triggerTokens?: number
+        maxHistoryTokens?: number
+        tailMessageCount?: number
+    }
+
+    chatServer.getStorage().updateRoomConfig(roomId, { triggerTokens, maxHistoryTokens, tailMessageCount })
+    const room = chatServer.getStorage().getRoom(roomId)
+    ctx.body = { room }
+})
+
+// Force compress a room's context
+groupChatRoutes.post('/api/hermes/group-chat/rooms/:roomId/compress', async (ctx) => {
+    if (!chatServer) {
+        ctx.status = 503
+        ctx.body = { error: 'Group chat not initialized' }
+        return
+    }
+
+    const roomId = ctx.params.roomId
+    if (!chatServer.getStorage().getRoom(roomId)) {
+        ctx.status = 404
+        ctx.body = { error: 'Room not found' }
+        return
+    }
+
+    const engine = chatServer.getContextEngine()
+    if (!engine) {
+        ctx.status = 503
+        ctx.body = { error: 'Context engine not available' }
+        return
+    }
+
+    try {
+        const result = await engine.forceCompress(roomId)
+        ctx.body = { success: true, summary: result }
+    } catch (err: any) {
+        ctx.status = 500
+        ctx.body = { error: err.message }
+    }
+})
diff --git a/packages/server/src/routes/hermes/jobs.ts b/packages/server/src/routes/hermes/jobs.ts
new file mode 100644
index 0000000..b98d607
--- /dev/null
+++ b/packages/server/src/routes/hermes/jobs.ts
@@ -0,0 +1,13 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/jobs'
+
+export const jobRoutes = new Router()
+
+jobRoutes.get('/api/hermes/jobs', ctrl.list)
+jobRoutes.get('/api/hermes/jobs/:id', ctrl.get)
+jobRoutes.post('/api/hermes/jobs', ctrl.create)
+jobRoutes.patch('/api/hermes/jobs/:id', ctrl.update)
+jobRoutes.delete('/api/hermes/jobs/:id', ctrl.remove)
+jobRoutes.post('/api/hermes/jobs/:id/pause', ctrl.pause)
+jobRoutes.post('/api/hermes/jobs/:id/resume', ctrl.resume)
+jobRoutes.post('/api/hermes/jobs/:id/run', ctrl.run)
diff --git a/packages/server/src/routes/hermes/kanban-events.ts b/packages/server/src/routes/hermes/kanban-events.ts
new file mode 100644
index 0000000..3159bb6
--- /dev/null
+++ b/packages/server/src/routes/hermes/kanban-events.ts
@@ -0,0 +1,109 @@
+import { WebSocketServer } from 'ws'
+import type { WebSocket } from 'ws'
+import type { Server as HttpServer, IncomingMessage } from 'http'
+import { authenticateUserToken, isAuthEnabled } from '../../middleware/user-auth'
+import { userCanAccessProfile } from '../../db/hermes/users-store'
+import { logger } from '../../services/logger'
+import * as kanbanCli from '../../services/hermes/hermes-kanban'
+
+interface KanbanEventsRequest extends IncomingMessage {
+  kanbanBoard?: string
+  kanbanProfile?: string
+}
+
+function sendJson(ws: WebSocket, payload: Record<string, unknown>) {
+  if (ws.readyState === ws.OPEN) ws.send(JSON.stringify(payload))
+}
+
+function streamLines(onLine: (line: string) => void) {
+  let buffer = ''
+  return (chunk: Buffer | string) => {
+    buffer += chunk.toString()
+    const lines = buffer.split(/\r?\n/)
+    buffer = lines.pop() || ''
+    for (const line of lines) {
+      const trimmed = line.trim()
+      if (trimmed) onLine(trimmed)
+    }
+  }
+}
+
+export function setupKanbanEventsWebSocket(httpServers: HttpServer | HttpServer[]) {
+  const wss = new WebSocketServer({ noServer: true })
+  const servers = Array.isArray(httpServers) ? httpServers : [httpServers]
+
+  servers.forEach((httpServer) => {
+    httpServer.on('upgrade', async (req: KanbanEventsRequest, socket, head) => {
+      const url = new URL(req.url || '', `http://${req.headers.host}`)
+      if (url.pathname !== '/api/hermes/kanban/events') return
+
+      if (await isAuthEnabled()) {
+        const token = url.searchParams.get('token') || ''
+        const user = await authenticateUserToken(token)
+        if (!user) {
+          socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n')
+          socket.destroy()
+          return
+        }
+        const profile = (url.searchParams.get('profile') || '').trim()
+        if (profile && user.role !== 'super_admin' && !userCanAccessProfile(user.id, profile)) {
+          socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
+          socket.destroy()
+          return
+        }
+        req.kanbanProfile = profile || undefined
+      }
+
+      try {
+        req.kanbanBoard = kanbanCli.normalizeBoardSlug(url.searchParams.get('board'))
+      } catch {
+        socket.write('HTTP/1.1 400 Bad Request\r\n\r\n')
+        socket.destroy()
+        return
+      }
+
+      wss.handleUpgrade(req, socket, head, (ws) => {
+        wss.emit('connection', ws, req)
+      })
+    })
+  })
+
+  wss.on('connection', (ws, req: KanbanEventsRequest) => {
+    const board = req.kanbanBoard || 'default'
+    const child = kanbanCli.watchEvents({ board, interval: 0.5 })
+    let closed = false
+
+    sendJson(ws, { type: 'connected', board })
+
+    const closeChild = () => {
+      if (closed) return
+      closed = true
+      if (!child.killed) child.kill()
+    }
+
+    child.stdout?.on('data', streamLines((line) => {
+      if (line.toLowerCase().startsWith('watching kanban events')) return
+      sendJson(ws, { type: 'event', board })
+    }))
+
+    child.stderr?.on('data', streamLines((line) => {
+      sendJson(ws, { type: 'error', board, message: line })
+    }))
+
+    child.on('error', (err) => {
+      logger.error(err, 'Hermes CLI: kanban watch failed')
+      sendJson(ws, { type: 'error', board, message: err.message })
+      if (ws.readyState === ws.OPEN) ws.close()
+    })
+
+    child.on('exit', (code, signal) => {
+      sendJson(ws, { type: 'stopped', board, code, signal })
+      if (ws.readyState === ws.OPEN) ws.close()
+    })
+
+    ws.on('close', closeChild)
+    ws.on('error', closeChild)
+  })
+
+  logger.info('WebSocket ready at /api/hermes/kanban/events (kanban watch bridge)')
+}
diff --git a/packages/server/src/routes/hermes/kanban.ts b/packages/server/src/routes/hermes/kanban.ts
new file mode 100644
index 0000000..254b117
--- /dev/null
+++ b/packages/server/src/routes/hermes/kanban.ts
@@ -0,0 +1,30 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/kanban'
+
+export const kanbanRoutes = new Router()
+
+kanbanRoutes.get('/api/hermes/kanban/boards', ctrl.listBoards)
+kanbanRoutes.post('/api/hermes/kanban/boards', ctrl.createBoard)
+kanbanRoutes.delete('/api/hermes/kanban/boards/:slug', ctrl.archiveBoard)
+kanbanRoutes.get('/api/hermes/kanban/capabilities', ctrl.capabilities)
+kanbanRoutes.get('/api/hermes/kanban/stats', ctrl.stats)
+kanbanRoutes.get('/api/hermes/kanban/assignees', ctrl.assignees)
+kanbanRoutes.get('/api/hermes/kanban/diagnostics', ctrl.diagnostics)
+kanbanRoutes.post('/api/hermes/kanban/dispatch', ctrl.dispatch)
+kanbanRoutes.get('/api/hermes/kanban/artifact', ctrl.readArtifact)
+kanbanRoutes.get('/api/hermes/kanban/search-sessions', ctrl.searchSessions)
+kanbanRoutes.post('/api/hermes/kanban/links', ctrl.linkTasks)
+kanbanRoutes.delete('/api/hermes/kanban/links', ctrl.unlinkTasks)
+kanbanRoutes.post('/api/hermes/kanban/tasks/bulk', ctrl.bulkUpdateTasks)
+kanbanRoutes.get('/api/hermes/kanban', ctrl.list)
+kanbanRoutes.get('/api/hermes/kanban/:id', ctrl.get)
+kanbanRoutes.post('/api/hermes/kanban', ctrl.create)
+kanbanRoutes.post('/api/hermes/kanban/complete', ctrl.complete)
+kanbanRoutes.post('/api/hermes/kanban/unblock', ctrl.unblock)
+kanbanRoutes.post('/api/hermes/kanban/:id/block', ctrl.block)
+kanbanRoutes.post('/api/hermes/kanban/:id/assign', ctrl.assign)
+kanbanRoutes.post('/api/hermes/kanban/:id/comments', ctrl.addComment)
+kanbanRoutes.get('/api/hermes/kanban/:id/log', ctrl.taskLog)
+kanbanRoutes.post('/api/hermes/kanban/:id/reclaim', ctrl.reclaim)
+kanbanRoutes.post('/api/hermes/kanban/:id/reassign', ctrl.reassign)
+kanbanRoutes.post('/api/hermes/kanban/:id/specify', ctrl.specify)
diff --git a/packages/server/src/routes/hermes/logs.ts b/packages/server/src/routes/hermes/logs.ts
new file mode 100644
index 0000000..10d535c
--- /dev/null
+++ b/packages/server/src/routes/hermes/logs.ts
@@ -0,0 +1,7 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/logs'
+
+export const logRoutes = new Router()
+
+logRoutes.get('/api/hermes/logs', ctrl.list)
+logRoutes.get('/api/hermes/logs/:name', ctrl.read)
diff --git a/packages/server/src/routes/hermes/mcp.ts b/packages/server/src/routes/hermes/mcp.ts
new file mode 100644
index 0000000..8f46dfd
--- /dev/null
+++ b/packages/server/src/routes/hermes/mcp.ts
@@ -0,0 +1,12 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/mcp'
+
+export const mcpRoutes = new Router()
+
+mcpRoutes.get('/api/hermes/mcp/servers', ctrl.listServers)
+mcpRoutes.post('/api/hermes/mcp/servers', ctrl.addServer)
+mcpRoutes.patch('/api/hermes/mcp/servers/:name', ctrl.updateServer)
+mcpRoutes.delete('/api/hermes/mcp/servers/:name', ctrl.removeServer)
+mcpRoutes.post('/api/hermes/mcp/servers/:name/test', ctrl.testServer)
+mcpRoutes.get('/api/hermes/mcp/tools', ctrl.listTools)
+mcpRoutes.post('/api/hermes/mcp/reload', ctrl.reloadMcp)
diff --git a/packages/server/src/routes/hermes/media.ts b/packages/server/src/routes/hermes/media.ts
new file mode 100644
index 0000000..f217e59
--- /dev/null
+++ b/packages/server/src/routes/hermes/media.ts
@@ -0,0 +1,7 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/media'
+
+export const mediaRoutes = new Router()
+
+mediaRoutes.post('/api/hermes/media/grok-image-to-video', ctrl.grokImageToVideo)
+mediaRoutes.post('/api/hermes/media/apikey-image-generate', ctrl.apiKeyImageGenerate)
diff --git a/packages/server/src/routes/hermes/memory.ts b/packages/server/src/routes/hermes/memory.ts
new file mode 100644
index 0000000..abaa86c
--- /dev/null
+++ b/packages/server/src/routes/hermes/memory.ts
@@ -0,0 +1,7 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/memory'
+
+export const memoryRoutes = new Router()
+
+memoryRoutes.get('/api/hermes/memory', ctrl.get)
+memoryRoutes.post('/api/hermes/memory', ctrl.save)
diff --git a/packages/server/src/routes/hermes/models.ts b/packages/server/src/routes/hermes/models.ts
new file mode 100644
index 0000000..584f0c3
--- /dev/null
+++ b/packages/server/src/routes/hermes/models.ts
@@ -0,0 +1,19 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/models'
+
+export const modelRoutes = new Router()
+
+modelRoutes.get('/api/hermes/available-models', ctrl.getAvailable)
+modelRoutes.post('/api/hermes/provider-models', ctrl.fetchProviderModelList)
+modelRoutes.get('/api/hermes/config/models', ctrl.getConfigModels)
+modelRoutes.put('/api/hermes/config/model', ctrl.setConfigModel)
+modelRoutes.put('/api/hermes/model-alias', ctrl.setModelAlias)
+modelRoutes.put('/api/hermes/model-visibility', ctrl.setModelVisibility)
+modelRoutes.put('/api/hermes/custom-model', ctrl.addCustomModel)
+modelRoutes.delete('/api/hermes/custom-model', ctrl.removeCustomModel)
+
+// Model context routes
+modelRoutes.get('/api/hermes/model-context', ctrl.getModelContext)
+modelRoutes.get('/api/hermes/model-context/:provider/:model', ctrl.getModelContext)
+modelRoutes.put('/api/hermes/model-context/:provider/:model', ctrl.updateModelContext)
+modelRoutes.put('/api/hermes/model-context', ctrl.updateModelContext)
diff --git a/packages/server/src/routes/hermes/nous-auth.ts b/packages/server/src/routes/hermes/nous-auth.ts
new file mode 100644
index 0000000..68eaae4
--- /dev/null
+++ b/packages/server/src/routes/hermes/nous-auth.ts
@@ -0,0 +1,8 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/nous-auth'
+
+export const nousAuthRoutes = new Router()
+
+nousAuthRoutes.post('/api/hermes/auth/nous/start', ctrl.start)
+nousAuthRoutes.get('/api/hermes/auth/nous/poll/:sessionId', ctrl.poll)
+nousAuthRoutes.get('/api/hermes/auth/nous/status', ctrl.status)
diff --git a/packages/server/src/routes/hermes/performance-monitor.ts b/packages/server/src/routes/hermes/performance-monitor.ts
new file mode 100644
index 0000000..e60284c
--- /dev/null
+++ b/packages/server/src/routes/hermes/performance-monitor.ts
@@ -0,0 +1,7 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/performance-monitor'
+import { requireSuperAdmin } from '../../middleware/user-auth'
+
+export const performanceMonitorRoutes = new Router()
+
+performanceMonitorRoutes.get('/api/hermes/performance/runtime', requireSuperAdmin, ctrl.runtime)
diff --git a/packages/server/src/routes/hermes/plugins.ts b/packages/server/src/routes/hermes/plugins.ts
new file mode 100644
index 0000000..7381caa
--- /dev/null
+++ b/packages/server/src/routes/hermes/plugins.ts
@@ -0,0 +1,6 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/plugins'
+
+export const pluginRoutes = new Router()
+
+pluginRoutes.get('/api/hermes/plugins', ctrl.list)
diff --git a/packages/server/src/routes/hermes/profiles.ts b/packages/server/src/routes/hermes/profiles.ts
new file mode 100644
index 0000000..163bed7
--- /dev/null
+++ b/packages/server/src/routes/hermes/profiles.ts
@@ -0,0 +1,20 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/profiles'
+import { requireSuperAdmin } from '../../middleware/user-auth'
+
+export const profileRoutes = new Router()
+
+profileRoutes.get('/api/hermes/profiles', ctrl.list)
+profileRoutes.post('/api/hermes/profiles', ctrl.create)
+profileRoutes.get('/api/hermes/profiles/runtime-statuses', ctrl.runtimeStatuses)
+profileRoutes.get('/api/hermes/profiles/:name/runtime-status', ctrl.runtimeStatus)
+profileRoutes.post('/api/hermes/profiles/:name/restart', ctrl.restartProfileRuntime)
+profileRoutes.post('/api/hermes/profiles/:name/gateway/restart', ctrl.restartGatewayForProfile)
+profileRoutes.put('/api/hermes/profiles/:name/avatar', ctrl.updateAvatar)
+profileRoutes.delete('/api/hermes/profiles/:name/avatar', ctrl.deleteAvatar)
+profileRoutes.get('/api/hermes/profiles/:name', ctrl.get)
+profileRoutes.delete('/api/hermes/profiles/:name', ctrl.remove)
+profileRoutes.post('/api/hermes/profiles/:name/rename', ctrl.rename)
+profileRoutes.put('/api/hermes/profiles/active', requireSuperAdmin, ctrl.switchProfile)
+profileRoutes.post('/api/hermes/profiles/:name/export', ctrl.exportProfile)
+profileRoutes.post('/api/hermes/profiles/import', ctrl.importProfile)
diff --git a/packages/server/src/routes/hermes/providers.ts b/packages/server/src/routes/hermes/providers.ts
new file mode 100644
index 0000000..be722ab
--- /dev/null
+++ b/packages/server/src/routes/hermes/providers.ts
@@ -0,0 +1,8 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/providers'
+
+export const providerRoutes = new Router()
+
+providerRoutes.post('/api/hermes/config/providers', ctrl.create)
+providerRoutes.put('/api/hermes/config/providers/:poolKey', ctrl.update)
+providerRoutes.delete('/api/hermes/config/providers/:poolKey', ctrl.remove)
diff --git a/packages/server/src/routes/hermes/proxy-handler.ts b/packages/server/src/routes/hermes/proxy-handler.ts
new file mode 100644
index 0000000..a7bcf20
--- /dev/null
+++ b/packages/server/src/routes/hermes/proxy-handler.ts
@@ -0,0 +1,295 @@
+import type { Context } from 'koa'
+import { updateUsage } from '../../db/hermes/usage-store'
+
+let gatewayManager: any = null
+
+export function setGatewayManagerForTest(manager: any): void {
+  gatewayManager = manager
+}
+
+function getGatewayManager() { return gatewayManager }
+
+// --- run_id → session_id mapping (in-memory, ephemeral) ---
+
+const runSessionMap = new Map<string, string>()
+
+export function setRunSession(runId: string, sessionId: string): void {
+  runSessionMap.set(runId, sessionId)
+  // Auto-cleanup after 30 minutes
+  setTimeout(() => runSessionMap.delete(runId), 30 * 60 * 1000)
+}
+
+export function getSessionForRun(runId: string): string | undefined {
+  return runSessionMap.get(runId)
+}
+
+// --- Helpers ---
+
+function isTransientGatewayError(err: any): boolean {
+  const msg = String(err?.message || '')
+  const causeCode = String(err?.cause?.code || '')
+  return (
+    causeCode === 'ECONNREFUSED' ||
+    causeCode === 'ECONNRESET' ||
+    /ECONNREFUSED|ECONNRESET|fetch failed|socket hang up/i.test(msg)
+  )
+}
+
+async function waitForGatewayReady(upstream: string, timeoutMs: number = 5000): Promise<boolean> {
+  const deadline = Date.now() + timeoutMs
+  const healthUrl = `${upstream}/health`
+  while (Date.now() < deadline) {
+    try {
+      const res = await fetch(healthUrl, {
+        method: 'GET',
+        signal: AbortSignal.timeout(1200),
+      })
+      if (res.ok) return true
+    } catch { }
+    await new Promise(resolve => setTimeout(resolve, 250))
+  }
+  return false
+}
+
+/** Resolve profile name from request */
+function resolveProfile(ctx: Context): string {
+  // Use header/query from request, but fall back to authoritative source if not provided
+  const requestedProfile = ctx.get('x-hermes-profile') || (ctx.query.profile as string)
+
+  if (requestedProfile) {
+    return requestedProfile
+  }
+
+  // Fallback: read from authoritative source (active_profile file)
+  try {
+    const { getActiveProfileName } = require('../../services/hermes/hermes-profile')
+    return getActiveProfileName()
+  } catch {
+    return 'default'
+  }
+}
+
+/** Resolve upstream URL for a request based on profile header/query */
+function resolveUpstream(ctx: Context): string {
+  const mgr = getGatewayManager()
+  if (!mgr) {
+    throw new Error('GatewayManager not initialized')
+  }
+  const profile = resolveProfile(ctx)
+  if (profile && profile !== 'default') {
+    return mgr.getUpstream(profile)
+  }
+  return mgr.getUpstream()
+}
+
+function buildProxyHeaders(ctx: Context, upstream: string): Record<string, string> {
+  const headers: Record<string, string> = {}
+  for (const [key, value] of Object.entries(ctx.headers)) {
+    if (value == null) continue
+    const lower = key.toLowerCase()
+    if (lower === 'host') {
+      headers['host'] = new URL(upstream).host
+    } else if (lower === 'origin' || lower === 'referer' || lower === 'connection' || lower === 'authorization') {
+      continue
+    } else {
+      const v = Array.isArray(value) ? value[0] : value
+      if (v) headers[key] = v
+    }
+  }
+
+  const mgr = getGatewayManager()
+  if (mgr) {
+    const apiKey = mgr.getApiKey(resolveProfile(ctx))
+    if (apiKey) {
+      headers['authorization'] = `Bearer ${apiKey}`
+    }
+  }
+
+  return headers
+}
+
+// --- SSE stream interception ---
+
+const SSE_EVENTS_PATH = /^\/v1\/runs\/([^/]+)\/events$/
+
+/**
+ * Parse SSE text chunks and extract run.completed events.
+ * Returns the run_id if a run.completed was found.
+ */
+function extractRunCompletedFromChunk(chunk: string, profile: string): string | null {
+  // SSE format: each line is "data: {...}\n\n"
+  const lines = chunk.split('\n')
+  for (const line of lines) {
+    if (!line.startsWith('data: ')) continue
+    try {
+      const data = JSON.parse(line.slice(6))
+      if (data.event === 'run.completed' && data.usage && data.run_id) {
+        const sessionId = getSessionForRun(data.run_id)
+        if (sessionId) {
+          updateUsage(sessionId, {
+            inputTokens: data.usage.input_tokens,
+            outputTokens: data.usage.output_tokens,
+            cacheReadTokens: data.usage.cache_read_tokens,
+            cacheWriteTokens: data.usage.cache_write_tokens,
+            reasoningTokens: data.usage.reasoning_tokens,
+            model: data.model || '',
+            profile,
+          })
+          return data.run_id
+        }
+      }
+    } catch { /* not JSON, skip */ }
+  }
+  return null
+}
+
+/**
+ * Stream an SSE response while intercepting run.completed events.
+ */
+async function streamSSE(ctx: Context, res: Response, profile: string): Promise<void> {
+  if (!res.body) {
+    ctx.res.end()
+    return
+  }
+
+  const reader = res.body.getReader()
+  const decoder = new TextDecoder()
+  let buffer = ''
+
+  try {
+    while (true) {
+      const { done, value } = await reader.read()
+      if (done) break
+
+      // Forward raw bytes to client immediately
+      ctx.res.write(value)
+
+      // Also decode for interception
+      buffer += decoder.decode(value, { stream: true })
+
+      // Process complete SSE lines (delimited by double newline)
+      let newlineIdx: number
+      while ((newlineIdx = buffer.indexOf('\n\n')) !== -1) {
+        const eventBlock = buffer.slice(0, newlineIdx)
+        buffer = buffer.slice(newlineIdx + 2)
+        extractRunCompletedFromChunk(eventBlock, profile)
+      }
+    }
+
+    // Process remaining buffer
+    if (buffer.trim()) {
+      extractRunCompletedFromChunk(buffer, profile)
+    }
+  } finally {
+    ctx.res.end()
+  }
+}
+
+// --- Main proxy function ---
+
+export async function proxy(ctx: Context) {
+  const profile = resolveProfile(ctx)
+  let upstream: string
+  try {
+    upstream = resolveUpstream(ctx)
+  } catch (e: any) {
+    ctx.status = 503
+    ctx.body = { error: { message: e?.message || 'GatewayManager not initialized' } }
+    return
+  }
+  const upstreamPath = ctx.path.replace(/^\/api\/hermes\/v1/, '/v1').replace(/^\/api\/hermes/, '/api')
+  const params = new URLSearchParams(ctx.search || '')
+  params.delete('token')
+  const search = params.toString()
+  const url = `${upstream}${upstreamPath}${search ? `?${search}` : ''}`
+
+  const headers = buildProxyHeaders(ctx, upstream)
+
+  try {
+    let body: string | undefined
+    if (ctx.req.method !== 'GET' && ctx.req.method !== 'HEAD') {
+      // @koa/bodyparser parses JSON into ctx.request.body but doesn't store rawBody
+      // by default. Re-serialize the parsed body to get the string form.
+      const parsed = (ctx as any).request.body
+      if (typeof parsed === 'string') {
+        body = parsed
+      } else if (parsed && typeof parsed === 'object') {
+        body = JSON.stringify(parsed)
+      }
+    }
+
+    const requestInit: RequestInit = { method: ctx.req.method, headers, body }
+
+    let res: Response
+    try {
+      res = await fetch(url, requestInit)
+    } catch (err: any) {
+      if (isTransientGatewayError(err) && await waitForGatewayReady(upstream)) {
+        res = await fetch(url, requestInit)
+      } else {
+        throw err
+      }
+    }
+
+    // Set response headers
+    res.headers.forEach((value, key) => {
+      const lower = key.toLowerCase()
+      if (lower !== 'transfer-encoding' && lower !== 'connection') {
+        ctx.set(key, value)
+      }
+    })
+    ctx.status = res.status
+
+    // Intercept POST /v1/runs to capture run_id → session_id mapping
+    if (ctx.req.method === 'POST' && /\/v1\/runs$/.test(upstreamPath) && body) {
+      try {
+        const parsed = JSON.parse(body)
+        if (parsed.session_id) {
+          const resBody = await res.text()
+          ctx.res.write(resBody)
+          ctx.res.end()
+
+          try {
+            const result = JSON.parse(resBody)
+            if (result.run_id) {
+              setRunSession(result.run_id, parsed.session_id)
+            }
+          } catch { /* response not JSON, ignore */ }
+          return
+        }
+      } catch { /* body not JSON, fall through to normal stream */ }
+      // No session_id in body — fall through to normal response handling below
+    }
+
+    // Intercept SSE streams for /v1/runs/{id}/events
+    const sseMatch = upstreamPath.match(SSE_EVENTS_PATH)
+    if (sseMatch) {
+      await streamSSE(ctx, res, profile)
+      return
+    }
+
+    // Default: pipe response body directly
+    if (res.body) {
+      const reader = res.body.getReader()
+      const pump = async () => {
+        while (true) {
+          const { done, value } = await reader.read()
+          if (done) break
+          ctx.res.write(value)
+        }
+        ctx.res.end()
+      }
+      await pump()
+    } else {
+      ctx.res.end()
+    }
+  } catch (err: any) {
+    if (!ctx.res.headersSent) {
+      ctx.status = 502
+      ctx.set('Content-Type', 'application/json')
+      ctx.body = { error: { message: `Proxy error: ${err.message}` } }
+    } else {
+      ctx.res.end()
+    }
+  }
+}
diff --git a/packages/server/src/routes/hermes/proxy.ts b/packages/server/src/routes/hermes/proxy.ts
new file mode 100644
index 0000000..17f9c9a
--- /dev/null
+++ b/packages/server/src/routes/hermes/proxy.ts
@@ -0,0 +1,17 @@
+import Router from '@koa/router'
+import type { Context, Next } from 'koa'
+import { proxy } from './proxy-handler'
+
+export const proxyRoutes = new Router()
+
+// Proxy unmatched /api/hermes/* and /v1/* to upstream Hermes API
+proxyRoutes.all('/api/hermes/{*any}', proxy)
+proxyRoutes.all('/v1/{*any}', proxy)
+
+// Also register as middleware so it works reliably with nested .use()
+export async function proxyMiddleware(ctx: Context, next: Next) {
+  if (ctx.path.startsWith('/api/hermes/') || ctx.path.startsWith('/v1/')) {
+    return proxy(ctx)
+  }
+  await next()
+}
diff --git a/packages/server/src/routes/hermes/sessions.ts b/packages/server/src/routes/hermes/sessions.ts
new file mode 100644
index 0000000..fb7612c
--- /dev/null
+++ b/packages/server/src/routes/hermes/sessions.ts
@@ -0,0 +1,26 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/sessions'
+
+export const sessionRoutes = new Router()
+
+sessionRoutes.get('/api/hermes/sessions/conversations', ctrl.listConversations)
+sessionRoutes.get('/api/hermes/sessions/conversations/:id/messages', ctrl.getConversationMessages)
+sessionRoutes.get('/api/hermes/sessions/conversations/:id/messages/paginated', ctrl.getConversationMessagesPaginated)
+sessionRoutes.get('/api/hermes/sessions', ctrl.list)
+sessionRoutes.get('/api/hermes/sessions/hermes', ctrl.listHermesSessions)
+sessionRoutes.get('/api/hermes/sessions/hermes/:id', ctrl.getHermesSession)
+sessionRoutes.post('/api/hermes/sessions/hermes/:id/import', ctrl.importHermesSession)
+sessionRoutes.get('/api/hermes/search/sessions', ctrl.search)
+sessionRoutes.get('/api/hermes/sessions/search', ctrl.search)
+sessionRoutes.get('/api/hermes/sessions/usage', ctrl.usageBatch)
+sessionRoutes.get('/api/hermes/usage/stats', ctrl.usageStats)
+sessionRoutes.get('/api/hermes/sessions/context-length', ctrl.contextLength)
+sessionRoutes.get('/api/hermes/sessions/:id', ctrl.get)
+sessionRoutes.get('/api/hermes/sessions/:id/export', ctrl.exportSession)
+sessionRoutes.get('/api/hermes/sessions/:id/usage', ctrl.usageSingle)
+sessionRoutes.delete('/api/hermes/sessions/:id', ctrl.remove)
+sessionRoutes.post('/api/hermes/sessions/batch-delete', ctrl.batchRemove)
+sessionRoutes.post('/api/hermes/sessions/:id/rename', ctrl.rename)
+sessionRoutes.post('/api/hermes/sessions/:id/workspace', ctrl.setWorkspace)
+sessionRoutes.post('/api/hermes/sessions/:id/model', ctrl.setModel)
+sessionRoutes.get('/api/hermes/workspace/folders', ctrl.listWorkspaceFolders)
diff --git a/packages/server/src/routes/hermes/skills.ts b/packages/server/src/routes/hermes/skills.ts
new file mode 100644
index 0000000..b5c42f7
--- /dev/null
+++ b/packages/server/src/routes/hermes/skills.ts
@@ -0,0 +1,11 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/skills'
+
+export const skillRoutes = new Router()
+
+skillRoutes.get('/api/hermes/skills', ctrl.list)
+skillRoutes.get('/api/hermes/skills/usage/stats', ctrl.usageStats)
+skillRoutes.put('/api/hermes/skills/toggle', ctrl.toggle)
+skillRoutes.put('/api/hermes/skills/pin', ctrl.pin_)
+skillRoutes.get('/api/hermes/skills/:category/:skill/files', ctrl.listFiles)
+skillRoutes.get('/api/hermes/skills/{*path}', ctrl.readFile_)
diff --git a/packages/server/src/routes/hermes/terminal.ts b/packages/server/src/routes/hermes/terminal.ts
new file mode 100644
index 0000000..04cdd6c
--- /dev/null
+++ b/packages/server/src/routes/hermes/terminal.ts
@@ -0,0 +1,352 @@
+import { WebSocketServer } from 'ws'
+import type { Server as HttpServer } from 'http'
+import { accessSync, chmodSync, constants as fsConstants, existsSync } from 'fs'
+import { dirname, join, isAbsolute, resolve as resolvePath } from 'path'
+import { homedir } from 'os'
+import { getActiveProfileDir } from '../../services/hermes/hermes-profile'
+import { getTerminalConfig, type TerminalConfig } from '../../services/hermes/file-provider'
+import { authenticateUserToken, isAuthEnabled } from '../../middleware/user-auth'
+import { logger } from '../../services/logger'
+
+let pty: any = null
+
+function ensureNodePtySpawnHelperExecutable() {
+  if (process.platform !== 'darwin') return
+
+  try {
+    const nodePtyRoot = dirname(require.resolve('node-pty/package.json'))
+    const helperCandidates = [
+      join(nodePtyRoot, 'build', 'Release', 'spawn-helper'),
+      join(nodePtyRoot, 'build', 'Debug', 'spawn-helper'),
+      join(nodePtyRoot, 'prebuilds', `${process.platform}-${process.arch}`, 'spawn-helper'),
+    ]
+
+    for (const helperPath of helperCandidates) {
+      if (!existsSync(helperPath)) continue
+      try {
+        accessSync(helperPath, fsConstants.X_OK)
+      } catch {
+        chmodSync(helperPath, 0o755)
+        logger.debug('Restored execute bit for node-pty helper: %s', helperPath)
+      }
+    }
+  } catch (err: any) {
+    logger.warn(err, 'Could not normalize node-pty helper permissions')
+  }
+}
+
+try {
+  ensureNodePtySpawnHelperExecutable()
+  // eslint-disable-next-line @typescript-eslint/no-require-imports
+  pty = require('node-pty')
+} catch (err: any) {
+  logger.warn(err, 'node-pty failed to load, terminal feature disabled')
+}
+
+// ─── Shell detection ────────────────────────────────────────────
+
+function findShell(): string {
+  // Windows 平台：使用 PowerShell
+  if (process.platform === 'win32') {
+    return 'powershell.exe'
+  }
+
+  // Unix 平台：使用 SHELL 环境变量，或回退到常用 shells
+  const candidates = [
+    process.env.SHELL,
+    '/bin/zsh',
+    '/bin/bash',
+  ].filter(Boolean) as string[]
+
+  for (const shell of candidates) {
+    if (existsSync(shell)) return shell
+  }
+  return '/bin/bash'
+}
+
+function shellName(shell: string): string {
+  return shell.split('/').pop() || 'shell'
+}
+
+export function resolveTerminalCwd(
+  cfg: Pick<TerminalConfig, 'cwd'> = getTerminalConfig(),
+  profileDir = getActiveProfileDir(),
+): string {
+  const configured = cfg.cwd?.trim()
+  const fallback = existsSync(profileDir) ? profileDir : homedir()
+  if (!configured) return fallback
+
+  const cwd = isAbsolute(configured) ? configured : resolvePath(profileDir, configured)
+  if (!existsSync(cwd)) {
+    logger.warn({ cwd }, 'Configured terminal cwd does not exist; falling back to Hermes profile directory')
+    return fallback
+  }
+  return cwd
+}
+
+// ─── Session types ──────────────────────────────────────────────
+
+interface PtySession {
+  id: string
+  pty: { pid: number; onData: (cb: (data: string) => void) => void; onExit: (cb: (e: { exitCode: number }) => void) => void; write: (data: string) => void; kill: (signal?: string) => void; resize: (cols: number, rows: number) => void }
+  shell: string
+  pid: number
+  createdAt: number
+}
+
+interface Connection {
+  sessions: Map<string, PtySession>
+  activeSessionId: string | null
+  outputBuffers: Map<string, string[]>
+}
+
+// ─── Helpers ────────────────────────────────────────────────────
+
+function generateId(): string {
+  return Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+}
+
+function createSession(shell: string): PtySession {
+  const id = generateId()
+  let ptyProcess: PtySession['pty']
+  try {
+    ptyProcess = pty.spawn(shell, [], {
+      name: 'xterm-color',
+      cols: 80,
+      rows: 24,
+      cwd: resolveTerminalCwd(),
+    })
+  } catch (err: any) {
+    throw new Error(`Failed to spawn shell "${shell}": ${err.message}`)
+  }
+
+  const session: PtySession = {
+    id,
+    pty: ptyProcess,
+    shell,
+    pid: ptyProcess.pid,
+    createdAt: Date.now(),
+  }
+
+  return session
+}
+
+// ─── WebSocket server setup ─────────────────────────────────────
+
+export function setupTerminalWebSocket(httpServers: HttpServer | HttpServer[]) {
+  if (!pty) {
+    logger.warn('node-pty not available, skipping terminal WebSocket setup')
+    return
+  }
+
+  const wss = new WebSocketServer({ noServer: true })
+  const defaultShell = findShell()
+  const servers = Array.isArray(httpServers) ? httpServers : [httpServers]
+
+  servers.forEach((httpServer) => {
+    httpServer.on('upgrade', async (req, socket, head) => {
+      const url = new URL(req.url || '', `http://${req.headers.host}`)
+      if (url.pathname !== '/api/hermes/terminal') {
+        return
+      }
+
+      // Auth check
+      if (await isAuthEnabled()) {
+        const token = url.searchParams.get('token') || ''
+        if (!await authenticateUserToken(token)) {
+          socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n')
+          socket.destroy()
+          return
+        }
+      }
+
+      wss.handleUpgrade(req, socket, head, (ws) => {
+        wss.emit('connection', ws, req)
+      })
+    })
+  })
+
+  wss.on('connection', (ws) => {
+    const conn: Connection = {
+      sessions: new Map(),
+      activeSessionId: null,
+      outputBuffers: new Map(),
+    }
+
+    // ─── PTY output → WebSocket ──────────────────────────────────
+
+    function attachPtyOutput(session: PtySession) {
+      session.pty.onData((data: string) => {
+        if (ws.readyState !== ws.OPEN) return
+        if (conn.activeSessionId === session.id) {
+          ws.send(data)
+        } else {
+          // Buffer output for inactive sessions
+          let buf = conn.outputBuffers.get(session.id)
+          if (!buf) {
+            buf = []
+            conn.outputBuffers.set(session.id, buf)
+          }
+          buf.push(data)
+          // Cap buffer at 1MB to prevent memory issues
+          if (buf.length > 5000) {
+            buf.splice(0, buf.length - 5000)
+          }
+        }
+      })
+
+      session.pty.onExit(({ exitCode }: { exitCode: number }) => {
+        conn.outputBuffers.delete(session.id)
+        if (ws.readyState === ws.OPEN) {
+          ws.send(JSON.stringify({ type: 'exited', id: session.id, exitCode }))
+        }
+        conn.sessions.delete(session.id)
+        logger.info('Session %s exited (pid %d, code %d)', session.id, session.pid, exitCode)
+      })
+    }
+
+    // ─── Message handler ────────────────────────────────────────
+
+    ws.on('message', (raw) => {
+      const msg = Buffer.isBuffer(raw) ? raw.toString('utf8') : String(raw)
+
+      // JSON control message
+      if (msg.charCodeAt(0) === 0x7B) {
+        try {
+          const parsed = JSON.parse(msg)
+          handleControl(parsed)
+        } catch {
+          // Not valid JSON, fall through to raw input
+          writeRaw(msg)
+        }
+        return
+      }
+
+      writeRaw(msg)
+    })
+
+    function writeRaw(data: string) {
+      const session = conn.activeSessionId ? conn.sessions.get(conn.activeSessionId) : null
+      if (session) {
+        session.pty.write(data)
+      }
+    }
+
+    function handleControl(parsed: any) {
+      switch (parsed.type) {
+        case 'create': {
+          const shell = parsed.shell || defaultShell
+          let session: PtySession
+          try {
+            session = createSession(shell)
+          } catch (err: any) {
+            ws.send(JSON.stringify({ type: 'error', message: err.message }))
+            return
+          }
+          conn.sessions.set(session.id, session)
+          conn.activeSessionId = session.id
+          attachPtyOutput(session)
+          ws.send(JSON.stringify({
+            type: 'created',
+            id: session.id,
+            pid: session.pid,
+            shell: shellName(shell),
+          }))
+          logger.info('Session created: %s (%s, pid %d)', session.id, shellName(shell), session.pid)
+          break
+        }
+
+        case 'switch': {
+          const { sessionId } = parsed
+          const session = conn.sessions.get(sessionId)
+          if (!session) {
+            ws.send(JSON.stringify({ type: 'error', message: 'Session not found' }))
+            return
+          }
+          conn.activeSessionId = sessionId
+
+          // Send switched first so frontend mounts the correct terminal
+          ws.send(JSON.stringify({ type: 'switched', id: sessionId }))
+
+          // Then flush buffered output for this session
+          const buf = conn.outputBuffers.get(sessionId)
+          if (buf && buf.length > 0) {
+            for (const chunk of buf) {
+              ws.send(chunk)
+            }
+            conn.outputBuffers.delete(sessionId)
+          }
+
+          logger.debug('Switched to session %s', sessionId)
+          break
+        }
+
+        case 'close': {
+          const { sessionId } = parsed
+          const session = conn.sessions.get(sessionId)
+          if (!session) return
+          session.pty.kill()
+          conn.sessions.delete(sessionId)
+          conn.outputBuffers.delete(sessionId)
+          if (conn.activeSessionId === sessionId) {
+            // Auto-switch to the first remaining session
+            const remaining = Array.from(conn.sessions.keys())
+            conn.activeSessionId = remaining.length > 0 ? remaining[0] : null
+          }
+          logger.info('Session closed: %s', sessionId)
+          break
+        }
+
+        case 'resize': {
+          const session = conn.activeSessionId ? conn.sessions.get(conn.activeSessionId) : null
+          if (!session) return
+          const cols = Math.max(1, parsed.cols || 0)
+          const rows = Math.max(1, parsed.rows || 0)
+          try { session.pty.resize(cols, rows) } catch { }
+          break
+        }
+      }
+    }
+
+    // ─── Cleanup ────────────────────────────────────────────────
+
+    ws.on('close', () => {
+      for (const session of Array.from(conn.sessions.values())) {
+        try { session.pty.kill() } catch { }
+      }
+      conn.sessions.clear()
+      logger.info('Connection closed, all sessions killed')
+    })
+
+    ws.on('error', () => {
+      for (const session of Array.from(conn.sessions.values())) {
+        try { session.pty.kill() } catch { }
+      }
+      conn.sessions.clear()
+    })
+
+    // ─── Auto-create first session ──────────────────────────────
+
+    let firstSession: PtySession
+    try {
+      firstSession = createSession(defaultShell)
+    } catch (err: any) {
+      ws.send(JSON.stringify({ type: 'error', message: err.message }))
+      logger.error(err, 'Failed to create session')
+      ws.close()
+      return
+    }
+    conn.sessions.set(firstSession.id, firstSession)
+    conn.activeSessionId = firstSession.id
+    attachPtyOutput(firstSession)
+    ws.send(JSON.stringify({
+      type: 'created',
+      id: firstSession.id,
+      pid: firstSession.pid,
+      shell: shellName(defaultShell),
+    }))
+    logger.info('First session created: %s (%s, pid %d)', firstSession.id, shellName(defaultShell), firstSession.pid)
+  })
+
+  logger.info('WebSocket ready at /terminal (shell: %s, transport: node-pty)', defaultShell)
+}
diff --git a/packages/server/src/routes/hermes/tts.ts b/packages/server/src/routes/hermes/tts.ts
new file mode 100644
index 0000000..f1e6c99
--- /dev/null
+++ b/packages/server/src/routes/hermes/tts.ts
@@ -0,0 +1,7 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/tts'
+
+export const ttsRoutes = new Router()
+
+ttsRoutes.post('/api/hermes/tts', ctrl.generate)
+ttsRoutes.post('/api/tts/proxy/audio/speech', ctrl.openaiProxy)
diff --git a/packages/server/src/routes/hermes/weixin.ts b/packages/server/src/routes/hermes/weixin.ts
new file mode 100644
index 0000000..f65ce99
--- /dev/null
+++ b/packages/server/src/routes/hermes/weixin.ts
@@ -0,0 +1,8 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/weixin'
+
+export const weixinRoutes = new Router()
+
+weixinRoutes.get('/api/hermes/weixin/qrcode', ctrl.getQrcode)
+weixinRoutes.get('/api/hermes/weixin/qrcode/status', ctrl.pollStatus)
+weixinRoutes.post('/api/hermes/weixin/save', ctrl.save)
diff --git a/packages/server/src/routes/hermes/xai-auth.ts b/packages/server/src/routes/hermes/xai-auth.ts
new file mode 100644
index 0000000..cc15f6d
--- /dev/null
+++ b/packages/server/src/routes/hermes/xai-auth.ts
@@ -0,0 +1,8 @@
+import Router from '@koa/router'
+import * as ctrl from '../../controllers/hermes/xai-auth'
+
+export const xaiAuthRoutes = new Router()
+
+xaiAuthRoutes.post('/api/hermes/auth/xai/start', ctrl.start)
+xaiAuthRoutes.get('/api/hermes/auth/xai/poll/:sessionId', ctrl.poll)
+xaiAuthRoutes.get('/api/hermes/auth/xai/status', ctrl.status)
diff --git a/packages/server/src/routes/index.ts b/packages/server/src/routes/index.ts
new file mode 100644
index 0000000..419e91c
--- /dev/null
+++ b/packages/server/src/routes/index.ts
@@ -0,0 +1,89 @@
+import type { Context, Next } from 'koa'
+
+// Shared route modules
+import { healthRoutes } from './health'
+import { webhookRoutes } from './webhook'
+import { uploadRoutes } from './upload'
+import { updateRoutes } from './update'
+import { authPublicRoutes, authProtectedRoutes } from './auth'
+import { codingAgentRoutes } from './coding-agents'
+import { claudeCodeProxyRoutes } from './claude-code-proxy'
+import { codexProxyRoutes } from './codex-proxy'
+
+// Hermes route modules
+import { sessionRoutes } from './hermes/sessions'
+import { profileRoutes } from './hermes/profiles'
+import { skillRoutes } from './hermes/skills'
+import { pluginRoutes } from './hermes/plugins'
+import { memoryRoutes } from './hermes/memory'
+import { modelRoutes } from './hermes/models'
+import { providerRoutes } from './hermes/providers'
+import { configRoutes } from './hermes/config'
+import { logRoutes } from './hermes/logs'
+import { codexAuthRoutes } from './hermes/codex-auth'
+import { nousAuthRoutes } from './hermes/nous-auth'
+import { copilotAuthRoutes } from './hermes/copilot-auth'
+import { xaiAuthRoutes } from './hermes/xai-auth'
+import { weixinRoutes } from './hermes/weixin'
+import { fileRoutes } from './hermes/files'
+import { downloadRoutes } from './hermes/download'
+import { jobRoutes } from './hermes/jobs'
+import { cronHistoryRoutes } from './hermes/cron-history'
+import { kanbanRoutes } from './hermes/kanban'
+import { ttsRoutes } from './hermes/tts'
+import { mediaRoutes } from './hermes/media'
+import { proxyRoutes, proxyMiddleware } from './hermes/proxy'
+import { groupChatRoutes, setGroupChatServer } from './hermes/group-chat'
+import { performanceMonitorRoutes } from './hermes/performance-monitor'
+import { mcpRoutes } from './hermes/mcp'
+
+/**
+ * Register all routes on the Koa app.
+ * Public routes are registered first, then auth middleware,
+ * then all protected routes. Returns the proxy middleware (must be mounted last).
+ */
+export function registerRoutes(app: any, authMiddleware: Array<(ctx: Context, next: Next) => Promise<void>>) {
+  // --- Public routes (no auth required) ---
+  app.use(healthRoutes.routes())
+  app.use(webhookRoutes.routes())
+  app.use(authPublicRoutes.routes())
+  app.use(claudeCodeProxyRoutes.routes())
+  app.use(codexProxyRoutes.routes())
+
+  // --- Auth middleware: all routes below require authentication ---
+  authMiddleware.forEach((middleware) => app.use(middleware))
+
+  // --- Protected routes (auth required) ---
+  app.use(authProtectedRoutes.routes())
+  app.use(ttsRoutes.routes())
+  app.use(uploadRoutes.routes())
+  app.use(updateRoutes.routes())           // Must be before proxy (proxy catch-all matches everything)
+  app.use(codingAgentRoutes.routes())
+  app.use(sessionRoutes.routes())
+  app.use(profileRoutes.routes())
+  app.use(skillRoutes.routes())
+  app.use(pluginRoutes.routes())
+  app.use(memoryRoutes.routes())
+  app.use(modelRoutes.routes())
+  app.use(providerRoutes.routes())
+  app.use(configRoutes.routes())
+  app.use(logRoutes.routes())
+  app.use(codexAuthRoutes.routes())
+  app.use(nousAuthRoutes.routes())
+  app.use(copilotAuthRoutes.routes())
+  app.use(xaiAuthRoutes.routes())
+  app.use(weixinRoutes.routes())
+  app.use(groupChatRoutes.routes())       // Must be before proxy
+  app.use(fileRoutes.routes())              // Must be before proxy (proxy catch-all matches everything)
+  app.use(downloadRoutes.routes())          // Must be before proxy
+  app.use(jobRoutes.routes())               // Must be before proxy
+  app.use(cronHistoryRoutes.routes())        // Must be before proxy
+  app.use(kanbanRoutes.routes())             // Must be before proxy
+  app.use(mediaRoutes.routes())              // Must be before proxy
+  app.use(performanceMonitorRoutes.routes())  // Must be before proxy
+  app.use(mcpRoutes.routes())                   // MCP management
+  app.use(proxyRoutes.routes())
+
+  // Proxy catch-all middleware (must be last)
+  return proxyMiddleware
+}
diff --git a/packages/server/src/routes/update.ts b/packages/server/src/routes/update.ts
new file mode 100644
index 0000000..da9e1ca
--- /dev/null
+++ b/packages/server/src/routes/update.ts
@@ -0,0 +1,13 @@
+import Router from '@koa/router'
+import * as ctrl from '../controllers/update'
+import { requireSuperAdmin } from '../middleware/user-auth'
+
+export const updateRoutes = new Router()
+
+updateRoutes.post('/api/hermes/update', ctrl.handleUpdate)
+updateRoutes.get('/api/hermes/update/preview', requireSuperAdmin, ctrl.previewStatus)
+updateRoutes.get('/api/hermes/update/preview/tags', requireSuperAdmin, ctrl.previewTags)
+updateRoutes.post('/api/hermes/update/preview/prepare', requireSuperAdmin, ctrl.preparePreview)
+updateRoutes.post('/api/hermes/update/preview/install', requireSuperAdmin, ctrl.installPreview)
+updateRoutes.post('/api/hermes/update/preview/start', requireSuperAdmin, ctrl.startPreview)
+updateRoutes.post('/api/hermes/update/preview/stop', requireSuperAdmin, ctrl.stopPreview)
diff --git a/packages/server/src/routes/upload.ts b/packages/server/src/routes/upload.ts
new file mode 100644
index 0000000..0407e82
--- /dev/null
+++ b/packages/server/src/routes/upload.ts
@@ -0,0 +1,6 @@
+import Router from '@koa/router'
+import * as ctrl from '../controllers/upload'
+
+export const uploadRoutes = new Router()
+
+uploadRoutes.post('/upload', ctrl.handleUpload)
diff --git a/packages/server/src/routes/webhook.ts b/packages/server/src/routes/webhook.ts
new file mode 100644
index 0000000..f282bde
--- /dev/null
+++ b/packages/server/src/routes/webhook.ts
@@ -0,0 +1,6 @@
+import Router from '@koa/router'
+import * as ctrl from '../controllers/webhook'
+
+export const webhookRoutes = new Router()
+
+webhookRoutes.post('/webhook', ctrl.handleWebhook)
diff --git a/packages/server/src/services/app-config.ts b/packages/server/src/services/app-config.ts
new file mode 100644
index 0000000..4d3fdb3
--- /dev/null
+++ b/packages/server/src/services/app-config.ts
@@ -0,0 +1,62 @@
+import { readFile, writeFile, mkdir } from 'fs/promises'
+import { join } from 'path'
+import { config } from '../config'
+
+const APP_HOME = config.appHome
+const APP_CONFIG_FILE = join(APP_HOME, 'config.json')
+
+export interface ModelVisibilityRule {
+  mode: 'all' | 'include'
+  models: string[]
+}
+
+export interface AppConfig {
+  // Whether GitHub Copilot has been explicitly added by the user in web-ui.
+  // Default false: even when COPILOT_GITHUB_TOKEN / gh-cli / apps.json can
+  // resolve a token, the Copilot provider is hidden until the user opts in
+  // via "Add Provider". Mirrors how the user manages Codex/Nous: the web-ui
+  // owns the provider list, system credentials are merely a fallback source.
+  copilotEnabled?: boolean
+
+  // Web UI-only model display aliases. Keys are provider -> canonical model ID -> display label.
+  // These aliases never replace the canonical model ID sent back to Hermes.
+  modelAliases?: Record<string, Record<string, string>>
+
+  // Web UI-only manually entered model IDs. Keys are provider -> model IDs.
+  // This lets users persist provider-supported models that are absent from a
+  // provider catalog response without changing Hermes Agent config.yaml.
+  customModels?: Record<string, string[]>
+
+  // Web UI-only model picker visibility. This filters what the WUI exposes in
+  // its sidebar/model pages and never renames or rewrites Hermes canonical
+  // provider/model IDs. Hermes CLI config remains the upstream source of truth.
+  modelVisibility?: Record<string, ModelVisibilityRule>
+}
+
+let cache: AppConfig | null = null
+
+export async function readAppConfig(): Promise<AppConfig> {
+  if (cache) return cache
+  try {
+    const raw = await readFile(APP_CONFIG_FILE, 'utf-8')
+    const parsed = JSON.parse(raw) as AppConfig
+    cache = parsed
+    return parsed
+  } catch {
+    cache = {}
+    return cache
+  }
+}
+
+export async function writeAppConfig(patch: Partial<AppConfig>): Promise<AppConfig> {
+  const current = await readAppConfig()
+  const merged: AppConfig = { ...current, ...patch }
+  await mkdir(APP_HOME, { recursive: true })
+  await writeFile(APP_CONFIG_FILE, JSON.stringify(merged, null, 2), { mode: 0o600 })
+  cache = merged
+  return merged
+}
+
+export function __resetAppConfigCacheForTest(): void {
+  cache = null
+}
diff --git a/packages/server/src/services/auth.ts b/packages/server/src/services/auth.ts
new file mode 100644
index 0000000..b437005
--- /dev/null
+++ b/packages/server/src/services/auth.ts
@@ -0,0 +1,76 @@
+import { readFile, writeFile, mkdir } from 'fs/promises'
+import { join } from 'path'
+import { randomBytes } from 'crypto'
+import { checkToken, recordTokenFailure, extractIp } from './login-limiter'
+import { config } from '../config'
+
+const APP_HOME = config.appHome
+const TOKEN_FILE = join(APP_HOME, '.token')
+
+function generateToken(): string {
+  return randomBytes(32).toString('hex')
+}
+
+/**
+ * Get or create the auth token.
+ */
+export async function getToken(): Promise<string> {
+  if (process.env.AUTH_TOKEN) {
+    return process.env.AUTH_TOKEN
+  }
+
+  try {
+    const token = await readFile(TOKEN_FILE, 'utf-8')
+    return token.trim()
+  } catch {
+    const token = generateToken()
+    await mkdir(APP_HOME, { recursive: true })
+    // Only set mode on Unix systems (Windows ignores this)
+    const options: any = {}
+    if (process.platform !== 'win32') {
+      options.mode = 0o600
+    }
+    await writeFile(TOKEN_FILE, token + '\n', options)
+    return token
+  }
+}
+
+/**
+ * Koa middleware: check Authorization header or query token.
+ * No path whitelisting — applied globally after public routes.
+ */
+export function requireAuth(token: string | null) {
+  return async (ctx: any, next: () => Promise<void>) => {
+    const auth = ctx.headers.authorization || ''
+    const provided = auth.startsWith('Bearer ')
+      ? auth.slice(7)
+      : (ctx.query.token as string) || ''
+
+    if (!provided || provided !== token) {
+      // Skip auth for non-API paths (SPA static files)
+      const lowerPath = ctx.path.toLowerCase()
+      if (!lowerPath.startsWith('/api') && !lowerPath.startsWith('/v1') && !lowerPath.startsWith('/upload')) {
+        await next()
+        return
+      }
+
+      // Check rate limiter for token auth failures (separate IP counters from password login)
+      const ip = extractIp(ctx)
+      const result = checkToken(ip)
+      if (!result.allowed) {
+        ctx.status = result.status
+        ctx.set('Content-Type', 'application/json')
+        ctx.body = { error: 'Too many login attempts, please try again later' }
+        return
+      }
+
+      recordTokenFailure(ip)
+      ctx.status = 401
+      ctx.set('Content-Type', 'application/json')
+      ctx.body = { error: 'Unauthorized' }
+      return
+    }
+
+    await next()
+  }
+}
diff --git a/packages/server/src/services/claude-code-proxy.ts b/packages/server/src/services/claude-code-proxy.ts
new file mode 100644
index 0000000..cedc3bc
--- /dev/null
+++ b/packages/server/src/services/claude-code-proxy.ts
@@ -0,0 +1,995 @@
+import { randomBytes } from 'crypto'
+import { Readable } from 'stream'
+import type { Context } from 'koa'
+import { config } from '../config'
+
+export type ApiMode = 'chat_completions' | 'codex_responses' | 'anthropic_messages' | 'bedrock_converse' | 'codex_app_server'
+
+export interface ClaudeCodeProxyTargetInput {
+  provider: string
+  model: string
+  baseUrl: string
+  apiKey: string
+  apiMode?: ApiMode
+}
+
+interface ClaudeCodeProxyTarget extends ClaudeCodeProxyTargetInput {
+  key: string
+  routeKey: string
+  token: string
+  updatedAt: number
+}
+
+const targets = new Map<string, ClaudeCodeProxyTarget>()
+const CLAUDE_PROXY_VISIBLE_MODELS = [
+  'claude-haiku-4-5',
+  'claude-sonnet-4-6',
+  'claude-opus-4-7',
+]
+
+function targetKey(provider: string, model: string, apiMode: ApiMode, baseUrl: string): string {
+  return `${provider}\0${model}\0${apiMode}\0${baseUrl}`
+}
+
+function routeKeyFor(provider: string, model: string, apiMode: ApiMode, baseUrl: string): string {
+  return Buffer.from(targetKey(provider, model, apiMode, baseUrl), 'utf-8').toString('base64url')
+}
+
+function localProxyBaseUrl(routeKey: string): string {
+  return `http://127.0.0.1:${config.port}/api/claude-code-proxy/${routeKey}`
+}
+
+export function registerClaudeCodeProxyTarget(input: ClaudeCodeProxyTargetInput): { baseUrl: string; token: string; routeKey: string } {
+  const provider = input.provider.trim()
+  const model = input.model.trim()
+  const baseUrl = input.baseUrl.replace(/\/+$/, '')
+  const apiMode = input.apiMode || 'chat_completions'
+  const key = targetKey(provider, model, apiMode, baseUrl)
+  const existing = targets.get(key)
+  const routeKey = existing?.routeKey || routeKeyFor(provider, model, apiMode, baseUrl)
+  const token = existing?.token || `hwui_${randomBytes(24).toString('base64url')}`
+
+  targets.set(key, {
+    ...input,
+    provider,
+    model,
+    baseUrl,
+    apiMode,
+    key,
+    routeKey,
+    token,
+    updatedAt: Date.now(),
+  })
+
+  return { baseUrl: localProxyBaseUrl(routeKey), token, routeKey }
+}
+
+function findTarget(routeKey: string): ClaudeCodeProxyTarget | null {
+  for (const target of targets.values()) {
+    if (target.routeKey === routeKey) return target
+  }
+  return null
+}
+
+function authToken(ctx: Context): string {
+  const apiKey = ctx.get('x-api-key').trim()
+  if (apiKey) return apiKey
+  const auth = ctx.get('authorization').trim()
+  const match = auth.match(/^Bearer\s+(.+)$/i)
+  return match?.[1]?.trim() || ''
+}
+
+function requireTarget(ctx: Context): ClaudeCodeProxyTarget | null {
+  const target = findTarget(String(ctx.params.key || ''))
+  if (!target) {
+    ctx.status = 404
+    ctx.body = { type: 'error', error: { type: 'not_found_error', message: 'Claude proxy target not found' } }
+    return null
+  }
+  if (authToken(ctx) !== target.token) {
+    ctx.status = 401
+    ctx.body = { type: 'error', error: { type: 'authentication_error', message: 'Invalid Claude proxy token' } }
+    return null
+  }
+  return target
+}
+
+function stringifyContent(value: unknown): string {
+  if (typeof value === 'string') return value
+  if (Array.isArray(value)) {
+    return value.map((item) => {
+      if (typeof item === 'string') return item
+      if (item && typeof item === 'object' && 'text' in item) return String((item as any).text || '')
+      return JSON.stringify(item)
+    }).filter(Boolean).join('\n')
+  }
+  if (value == null) return ''
+  return JSON.stringify(value)
+}
+
+function shouldPreserveReasoningContent(target: ClaudeCodeProxyTarget): boolean {
+  const identifier = `${target.provider} ${target.model} ${target.baseUrl}`.toLowerCase()
+  return [
+    'deepseek',
+    'moonshot',
+    'kimi',
+    'mimo',
+    'xiaomimimo',
+  ].some(part => identifier.includes(part))
+}
+
+function anthropicContentToOpenAiMessages(message: any, preserveReasoningContent = false): any[] {
+  const content = message?.content
+  if (!Array.isArray(content)) {
+    return [{ role: message.role, content: stringifyContent(content) }]
+  }
+
+  if (message.role === 'assistant') {
+    const textParts: string[] = []
+    const reasoningParts: string[] = []
+    const toolCalls: any[] = []
+    for (const block of content) {
+      if (block?.type === 'text') textParts.push(String(block.text || ''))
+      if (block?.type === 'thinking' && block.thinking) reasoningParts.push(String(block.thinking))
+      if (block?.type === 'redacted_thinking' && preserveReasoningContent) reasoningParts.push('[redacted thinking]')
+      if (block?.type === 'tool_use') {
+        toolCalls.push({
+          id: String(block.id || `tool_${toolCalls.length}`),
+          type: 'function',
+          function: {
+            name: String(block.name || 'tool'),
+            arguments: JSON.stringify(block.input || {}),
+          },
+        })
+      }
+    }
+    const openAiMessage: any = {
+      role: 'assistant',
+      content: textParts.join('\n') || null,
+      ...(toolCalls.length ? { tool_calls: toolCalls } : {}),
+    }
+    if (preserveReasoningContent && (reasoningParts.length || toolCalls.length)) {
+      openAiMessage.reasoning_content = reasoningParts.join('\n') || 'tool call'
+    }
+    return [openAiMessage]
+  }
+
+  const messages: any[] = []
+  const textParts: string[] = []
+  for (const block of content) {
+    if (block?.type === 'text') textParts.push(String(block.text || ''))
+    if (block?.type === 'tool_result') {
+      if (textParts.length) {
+        messages.push({ role: 'user', content: textParts.splice(0).join('\n') })
+      }
+      messages.push({
+        role: 'tool',
+        tool_call_id: String(block.tool_use_id || ''),
+        content: stringifyContent(block.content),
+      })
+    }
+  }
+  if (textParts.length) messages.push({ role: message.role || 'user', content: textParts.join('\n') })
+  return messages.length ? messages : [{ role: message.role || 'user', content: '' }]
+}
+
+function anthropicToOpenAiChat(body: any, target: ClaudeCodeProxyTarget, stream = false): any {
+  const messages: any[] = []
+  const preserveReasoningContent = shouldPreserveReasoningContent(target)
+  const system = body?.system
+  if (system) messages.push({ role: 'system', content: stringifyContent(system) })
+  for (const message of Array.isArray(body?.messages) ? body.messages : []) {
+    messages.push(...anthropicContentToOpenAiMessages(message, preserveReasoningContent))
+  }
+
+  const tools = Array.isArray(body?.tools)
+    ? body.tools.map((tool: any) => ({
+      type: 'function',
+      function: {
+        name: String(tool.name || ''),
+        description: String(tool.description || ''),
+        parameters: tool.input_schema || { type: 'object', properties: {} },
+      },
+    })).filter((tool: any) => tool.function.name)
+    : undefined
+
+  return {
+    model: target.model,
+    messages,
+    ...(typeof body?.max_tokens === 'number' ? { max_tokens: body.max_tokens } : {}),
+    ...(typeof body?.temperature === 'number' ? { temperature: body.temperature } : {}),
+    ...(tools?.length ? { tools } : {}),
+    stream,
+  }
+}
+
+function anthropicToOpenAiResponsesInput(message: any): any[] {
+  const content = Array.isArray(message?.content) ? message.content : [{ type: 'text', text: stringifyContent(message?.content) }]
+
+  if (message.role === 'assistant') {
+    const items: any[] = []
+    const textParts: string[] = []
+    for (const block of content) {
+      if (block?.type === 'text') textParts.push(String(block.text || ''))
+      if (block?.type === 'tool_use') {
+        if (textParts.length) {
+          items.push({ role: 'assistant', content: textParts.splice(0).join('\n') })
+        }
+        items.push({
+          type: 'function_call',
+          call_id: String(block.id || `tool_${items.length}`),
+          name: String(block.name || 'tool'),
+          arguments: JSON.stringify(block.input || {}),
+        })
+      }
+    }
+    if (textParts.length) items.push({ role: 'assistant', content: textParts.join('\n') })
+    return items
+  }
+
+  const items: any[] = []
+  const textParts: string[] = []
+  for (const block of content) {
+    if (block?.type === 'text') textParts.push(String(block.text || ''))
+    if (block?.type === 'tool_result') {
+      if (textParts.length) {
+        items.push({ role: 'user', content: textParts.splice(0).join('\n') })
+      }
+      items.push({
+        type: 'function_call_output',
+        call_id: String(block.tool_use_id || ''),
+        output: stringifyContent(block.content),
+      })
+    }
+  }
+  if (textParts.length) items.push({ role: message.role || 'user', content: textParts.join('\n') })
+  return items.length ? items : [{ role: message.role || 'user', content: '' }]
+}
+
+function anthropicToOpenAiResponses(body: any, target: ClaudeCodeProxyTarget, stream = false): any {
+  const input: any[] = []
+  for (const message of Array.isArray(body?.messages) ? body.messages : []) {
+    input.push(...anthropicToOpenAiResponsesInput(message))
+  }
+
+  const tools = Array.isArray(body?.tools)
+    ? body.tools.map((tool: any) => ({
+      type: 'function',
+      name: String(tool.name || ''),
+      description: String(tool.description || ''),
+      parameters: tool.input_schema || { type: 'object', properties: {} },
+    })).filter((tool: any) => tool.name)
+    : undefined
+
+  return {
+    model: target.model,
+    input,
+    ...(body?.system ? { instructions: stringifyContent(body.system) } : {}),
+    ...(typeof body?.max_tokens === 'number' ? { max_output_tokens: body.max_tokens } : {}),
+    ...(typeof body?.temperature === 'number' ? { temperature: body.temperature } : {}),
+    ...(tools?.length ? { tools } : {}),
+    stream,
+    store: false,
+  }
+}
+
+function safeJsonParse(value: string): any {
+  try {
+    return JSON.parse(value)
+  } catch {
+    return {}
+  }
+}
+
+function mapStopReason(reason: string | null | undefined, hasTools: boolean): string {
+  if (hasTools) return 'tool_use'
+  if (reason === 'length') return 'max_tokens'
+  if (reason === 'content_filter') return 'stop_sequence'
+  return 'end_turn'
+}
+
+function openAiToAnthropicMessage(data: any, target: ClaudeCodeProxyTarget): any {
+  const choice = data?.choices?.[0] || {}
+  const message = choice.message || {}
+  const content: any[] = []
+  if (shouldPreserveReasoningContent(target) && message.reasoning_content) {
+    content.push({ type: 'thinking', thinking: String(message.reasoning_content) })
+  }
+  if (message.content) content.push({ type: 'text', text: String(message.content) })
+  for (const call of Array.isArray(message.tool_calls) ? message.tool_calls : []) {
+    content.push({
+      type: 'tool_use',
+      id: String(call.id || `toolu_${content.length}`),
+      name: String(call.function?.name || 'tool'),
+      input: safeJsonParse(String(call.function?.arguments || '{}')),
+    })
+  }
+
+  const hasTools = content.some(block => block.type === 'tool_use')
+  return {
+    id: String(data?.id || `msg_${Date.now()}`),
+    type: 'message',
+    role: 'assistant',
+    model: target.model,
+    content,
+    stop_reason: mapStopReason(choice.finish_reason, hasTools),
+    stop_sequence: null,
+    usage: {
+      input_tokens: Number(data?.usage?.prompt_tokens || 0),
+      output_tokens: Number(data?.usage?.completion_tokens || 0),
+    },
+  }
+}
+
+function sseEvent(event: string, data: any): string {
+  return `event: ${event}\ndata: ${JSON.stringify(data)}\n\n`
+}
+
+function anthropicMessageToSse(message: any): string {
+  let output = ''
+  output += sseEvent('message_start', {
+    type: 'message_start',
+    message: { ...message, content: [], stop_reason: null, usage: { input_tokens: message.usage.input_tokens, output_tokens: 0 } },
+  })
+
+  message.content.forEach((block: any, index: number) => {
+    if (block.type === 'text') {
+      output += sseEvent('content_block_start', { type: 'content_block_start', index, content_block: { type: 'text', text: '' } })
+      if (block.text) output += sseEvent('content_block_delta', { type: 'content_block_delta', index, delta: { type: 'text_delta', text: block.text } })
+      output += sseEvent('content_block_stop', { type: 'content_block_stop', index })
+    } else if (block.type === 'tool_use') {
+      output += sseEvent('content_block_start', {
+        type: 'content_block_start',
+        index,
+        content_block: { type: 'tool_use', id: block.id, name: block.name, input: {} },
+      })
+      output += sseEvent('content_block_delta', {
+        type: 'content_block_delta',
+        index,
+        delta: { type: 'input_json_delta', partial_json: JSON.stringify(block.input || {}) },
+      })
+      output += sseEvent('content_block_stop', { type: 'content_block_stop', index })
+    }
+  })
+
+  output += sseEvent('message_delta', {
+    type: 'message_delta',
+    delta: { stop_reason: message.stop_reason, stop_sequence: null },
+    usage: { output_tokens: message.usage.output_tokens },
+  })
+  output += sseEvent('message_stop', { type: 'message_stop' })
+  return output
+}
+
+function anthropicMessagesUrl(target: ClaudeCodeProxyTarget): string {
+  if (/\/v\d+$/i.test(target.baseUrl)) return `${target.baseUrl}/messages`
+  return `${target.baseUrl}/v1/messages`
+}
+
+async function readProviderJson(res: Response): Promise<any> {
+  const text = await res.text()
+  try {
+    return JSON.parse(text)
+  } catch {
+    return { error: { message: text || `Provider returned HTTP ${res.status}` } }
+  }
+}
+
+function throwProviderError(res: Response, data: any): never {
+  const err = new Error(data?.error?.message || `Provider returned HTTP ${res.status}`)
+  ;(err as any).status = res.status
+  ;(err as any).providerError = data
+  throw err
+}
+
+function anthropicRequestBody(body: any, target: ClaudeCodeProxyTarget): any {
+  return {
+    ...body,
+    model: target.model,
+  }
+}
+
+async function callAnthropicMessages(target: ClaudeCodeProxyTarget, body: any): Promise<any> {
+  if (target.apiMode !== 'anthropic_messages') {
+    const err = new Error(`Claude proxy Anthropic adapter only supports anthropic_messages targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+  const res = await fetch(anthropicMessagesUrl(target), {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'x-api-key': target.apiKey,
+      'anthropic-version': '2023-06-01',
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(anthropicRequestBody(body, target)),
+  })
+  const data = await readProviderJson(res)
+  if (!res.ok) throwProviderError(res, data)
+  return data
+}
+
+async function callOpenAiChat(target: ClaudeCodeProxyTarget, body: any): Promise<any> {
+  if (target.apiMode !== 'chat_completions') {
+    const err = new Error(`Claude proxy MVP only supports chat_completions targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+  const res = await fetch(`${target.baseUrl}/chat/completions`, {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(anthropicToOpenAiChat(body, target)),
+  })
+  const data = await readProviderJson(res)
+  if (!res.ok) throwProviderError(res, data)
+  return data
+}
+
+async function callOpenAiResponses(target: ClaudeCodeProxyTarget, body: any): Promise<any> {
+  if (target.apiMode !== 'codex_responses') {
+    const err = new Error(`Claude proxy responses adapter only supports codex_responses targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+  const res = await fetch(`${target.baseUrl}/responses`, {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(anthropicToOpenAiResponses(body, target)),
+  })
+  const data = await readProviderJson(res)
+  if (!res.ok) throwProviderError(res, data)
+  return data
+}
+
+function responseOutputText(item: any): string {
+  if (item?.type === 'output_text') return String(item.text || '')
+  if (item?.type === 'message' && Array.isArray(item.content)) {
+    return item.content
+      .map((part: any) => {
+        if (part?.type === 'output_text' || part?.type === 'text') return String(part.text || '')
+        return ''
+      })
+      .filter(Boolean)
+      .join('')
+  }
+  return ''
+}
+
+function openAiResponsesToAnthropicMessage(data: any, target: ClaudeCodeProxyTarget): any {
+  const content: any[] = []
+  const output = Array.isArray(data?.output) ? data.output : []
+
+  for (const item of output) {
+    const text = responseOutputText(item)
+    if (text) content.push({ type: 'text', text })
+    if (item?.type === 'function_call') {
+      content.push({
+        type: 'tool_use',
+        id: String(item.call_id || item.id || `toolu_${content.length}`),
+        name: String(item.name || 'tool'),
+        input: safeJsonParse(String(item.arguments || '{}')),
+      })
+    }
+  }
+
+  if (!content.length && data?.output_text) {
+    content.push({ type: 'text', text: String(data.output_text) })
+  }
+
+  const hasTools = content.some(block => block.type === 'tool_use')
+  return {
+    id: String(data?.id || `msg_${Date.now()}`),
+    type: 'message',
+    role: 'assistant',
+    model: target.model,
+    content,
+    stop_reason: hasTools ? 'tool_use' : (data?.status === 'incomplete' ? 'max_tokens' : 'end_turn'),
+    stop_sequence: null,
+    usage: {
+      input_tokens: Number(data?.usage?.input_tokens || 0),
+      output_tokens: Number(data?.usage?.output_tokens || 0),
+    },
+  }
+}
+
+function getReadableStream(res: Response): AsyncIterable<Uint8Array> {
+  const body = res.body
+  if (!body) throw new Error('Provider returned an empty stream')
+  return body as any
+}
+
+function parseOpenAiSse(buffer: string): { events: string[]; rest: string } {
+  const events: string[] = []
+  let cursor = 0
+  while (true) {
+    const index = buffer.indexOf('\n\n', cursor)
+    if (index < 0) break
+    events.push(buffer.slice(cursor, index))
+    cursor = index + 2
+  }
+  return { events, rest: buffer.slice(cursor) }
+}
+
+function extractSseData(event: string): string[] {
+  return event
+    .split(/\r?\n/)
+    .filter(line => line.startsWith('data:'))
+    .map(line => line.slice(5).trimStart())
+}
+
+function openAiFinishToAnthropic(finishReason: string | null | undefined, sawTool: boolean): string {
+  return mapStopReason(finishReason, sawTool)
+}
+
+async function openAiChatToAnthropicSseStream(target: ClaudeCodeProxyTarget, body: any): Promise<Readable> {
+  if (target.apiMode !== 'chat_completions') {
+    const err = new Error(`Claude proxy MVP only supports chat_completions targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+
+  const res = await fetch(`${target.baseUrl}/chat/completions`, {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(anthropicToOpenAiChat(body, target, true)),
+  })
+  if (!res.ok) {
+    let data: any
+    const text = await res.text()
+    try {
+      data = JSON.parse(text)
+    } catch {
+      data = { error: { message: text || `Provider returned HTTP ${res.status}` } }
+    }
+    const err = new Error(data?.error?.message || `Provider returned HTTP ${res.status}`)
+    ;(err as any).status = res.status
+    ;(err as any).providerError = data
+    throw err
+  }
+
+  const stream = getReadableStream(res)
+  const decoder = new TextDecoder()
+
+  async function* generate() {
+    const messageId = `msg_${Date.now()}`
+    let buffer = ''
+    let thinkingBlockIndex: number | null = null
+    let thinkingBlockStopped = false
+    let textBlockStarted = false
+    let textBlockStopped = false
+    let textBlockIndex: number | null = null
+    let nextIndex = 0
+    let stopReason: string | null = null
+    let outputTokens = 0
+    const toolBlocks = new Map<number, { blockIndex: number; id: string; name: string; started: boolean }>()
+
+    yield sseEvent('message_start', {
+      type: 'message_start',
+      message: {
+        id: messageId,
+        type: 'message',
+        role: 'assistant',
+        model: target.model,
+        content: [],
+        stop_reason: null,
+        stop_sequence: null,
+        usage: { input_tokens: 0, output_tokens: 0 },
+      },
+    })
+
+    const ensureThinkingBlock = function* () {
+      if (thinkingBlockIndex == null) {
+        thinkingBlockIndex = nextIndex++
+        yield sseEvent('content_block_start', {
+          type: 'content_block_start',
+          index: thinkingBlockIndex,
+          content_block: { type: 'thinking', thinking: '' },
+        })
+      }
+      return thinkingBlockIndex
+    }
+
+    const stopThinkingBlock = function* () {
+      if (thinkingBlockIndex != null && !thinkingBlockStopped) {
+        thinkingBlockStopped = true
+        yield sseEvent('content_block_stop', { type: 'content_block_stop', index: thinkingBlockIndex })
+      }
+    }
+
+    const ensureTextBlock = function* () {
+      if (!textBlockStarted) {
+        textBlockStarted = true
+        textBlockIndex = nextIndex
+        yield sseEvent('content_block_start', {
+          type: 'content_block_start',
+          index: textBlockIndex,
+          content_block: { type: 'text', text: '' },
+        })
+        nextIndex += 1
+      }
+      return textBlockIndex ?? 0
+    }
+
+    const ensureToolBlock = function* (toolIndex: number, id?: string, name?: string) {
+      let block = toolBlocks.get(toolIndex)
+      if (!block) {
+        block = {
+          blockIndex: nextIndex++,
+          id: id || `toolu_${toolIndex}`,
+          name: name || 'tool',
+          started: false,
+        }
+        toolBlocks.set(toolIndex, block)
+      } else {
+        if (id) block.id = id
+        if (name) block.name = name
+      }
+      if (!block.started && block.name) {
+        block.started = true
+        yield sseEvent('content_block_start', {
+          type: 'content_block_start',
+          index: block.blockIndex,
+          content_block: { type: 'tool_use', id: block.id, name: block.name, input: {} },
+        })
+      }
+      return block
+    }
+
+    for await (const chunk of stream) {
+      buffer += decoder.decode(chunk, { stream: true })
+      const parsed = parseOpenAiSse(buffer)
+      buffer = parsed.rest
+
+      for (const event of parsed.events) {
+        for (const dataLine of extractSseData(event)) {
+          if (!dataLine || dataLine === '[DONE]') continue
+          const data = safeJsonParse(dataLine)
+          const choice = data?.choices?.[0]
+          if (!choice) continue
+
+          const delta = choice.delta || {}
+          if (shouldPreserveReasoningContent(target) && typeof delta.reasoning_content === 'string' && delta.reasoning_content) {
+            const index = yield* ensureThinkingBlock()
+            yield sseEvent('content_block_delta', {
+              type: 'content_block_delta',
+              index,
+              delta: { type: 'thinking_delta', thinking: delta.reasoning_content },
+            })
+          }
+
+          if (typeof delta.content === 'string' && delta.content) {
+            yield* stopThinkingBlock()
+            const index = yield* ensureTextBlock()
+            yield sseEvent('content_block_delta', {
+              type: 'content_block_delta',
+              index,
+              delta: { type: 'text_delta', text: delta.content },
+            })
+          }
+
+          for (const toolCall of Array.isArray(delta.tool_calls) ? delta.tool_calls : []) {
+            yield* stopThinkingBlock()
+            if (textBlockStarted && !textBlockStopped) {
+              textBlockStopped = true
+              yield sseEvent('content_block_stop', { type: 'content_block_stop', index: textBlockIndex ?? 0 })
+            }
+            const toolIndex = Number(toolCall.index || 0)
+            const block = yield* ensureToolBlock(
+              toolIndex,
+              toolCall.id ? String(toolCall.id) : undefined,
+              toolCall.function?.name ? String(toolCall.function.name) : undefined,
+            )
+            const argsDelta = toolCall.function?.arguments
+            if (typeof argsDelta === 'string' && argsDelta) {
+              yield sseEvent('content_block_delta', {
+                type: 'content_block_delta',
+                index: block.blockIndex,
+                delta: { type: 'input_json_delta', partial_json: argsDelta },
+              })
+            }
+          }
+
+          if (choice.finish_reason) stopReason = String(choice.finish_reason)
+          if (data?.usage?.completion_tokens) outputTokens = Number(data.usage.completion_tokens)
+        }
+      }
+    }
+
+    yield* stopThinkingBlock()
+    if (textBlockStarted && !textBlockStopped) {
+      yield sseEvent('content_block_stop', { type: 'content_block_stop', index: textBlockIndex ?? 0 })
+    }
+    for (const block of toolBlocks.values()) {
+      if (block.started) {
+        yield sseEvent('content_block_stop', { type: 'content_block_stop', index: block.blockIndex })
+      }
+    }
+    yield sseEvent('message_delta', {
+      type: 'message_delta',
+      delta: { stop_reason: openAiFinishToAnthropic(stopReason, toolBlocks.size > 0), stop_sequence: null },
+      usage: { output_tokens: outputTokens },
+    })
+    yield sseEvent('message_stop', { type: 'message_stop' })
+  }
+
+  return Readable.from(generate())
+}
+
+async function anthropicMessagesSseStream(target: ClaudeCodeProxyTarget, body: any): Promise<Readable> {
+  if (target.apiMode !== 'anthropic_messages') {
+    const err = new Error(`Claude proxy Anthropic adapter only supports anthropic_messages targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+
+  const res = await fetch(anthropicMessagesUrl(target), {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'x-api-key': target.apiKey,
+      'anthropic-version': '2023-06-01',
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(anthropicRequestBody(body, target)),
+  })
+  if (!res.ok) {
+    const data = await readProviderJson(res)
+    throwProviderError(res, data)
+  }
+  return Readable.from(getReadableStream(res))
+}
+
+async function openAiResponsesToAnthropicSseStream(target: ClaudeCodeProxyTarget, body: any): Promise<Readable> {
+  if (target.apiMode !== 'codex_responses') {
+    const err = new Error(`Claude proxy responses adapter only supports codex_responses targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+
+  const res = await fetch(`${target.baseUrl}/responses`, {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(anthropicToOpenAiResponses(body, target, true)),
+  })
+  if (!res.ok) {
+    let data: any
+    const text = await res.text()
+    try {
+      data = JSON.parse(text)
+    } catch {
+      data = { error: { message: text || `Provider returned HTTP ${res.status}` } }
+    }
+    const err = new Error(data?.error?.message || `Provider returned HTTP ${res.status}`)
+    ;(err as any).status = res.status
+    ;(err as any).providerError = data
+    throw err
+  }
+
+  const stream = getReadableStream(res)
+  const decoder = new TextDecoder()
+
+  async function* generate() {
+    let messageId = `msg_${Date.now()}`
+    let buffer = ''
+    let textBlockIndex: number | null = null
+    let textBlockStopped = false
+    let nextIndex = 0
+    let stopReason: string | null = null
+    let outputTokens = 0
+    const toolBlocks = new Map<string, { blockIndex: number; id: string; name: string; argsDeltaSeen: boolean; stopped: boolean }>()
+
+    yield sseEvent('message_start', {
+      type: 'message_start',
+      message: {
+        id: messageId,
+        type: 'message',
+        role: 'assistant',
+        model: target.model,
+        content: [],
+        stop_reason: null,
+        stop_sequence: null,
+        usage: { input_tokens: 0, output_tokens: 0 },
+      },
+    })
+
+    const ensureTextBlock = function* () {
+      if (textBlockIndex == null) {
+        textBlockIndex = nextIndex++
+        yield sseEvent('content_block_start', {
+          type: 'content_block_start',
+          index: textBlockIndex,
+          content_block: { type: 'text', text: '' },
+        })
+      }
+      return textBlockIndex
+    }
+
+    const ensureToolBlock = function* (key: string, id?: string, name?: string) {
+      let block = toolBlocks.get(key)
+      if (!block) {
+        block = {
+          blockIndex: nextIndex++,
+          id: id || key || `toolu_${toolBlocks.size}`,
+          name: name || 'tool',
+          argsDeltaSeen: false,
+          stopped: false,
+        }
+        toolBlocks.set(key, block)
+        yield sseEvent('content_block_start', {
+          type: 'content_block_start',
+          index: block.blockIndex,
+          content_block: { type: 'tool_use', id: block.id, name: block.name, input: {} },
+        })
+      } else {
+        if (id) block.id = id
+        if (name && block.name === 'tool') block.name = name
+      }
+      return block
+    }
+
+    for await (const chunk of stream) {
+      buffer += decoder.decode(chunk, { stream: true })
+      const parsed = parseOpenAiSse(buffer)
+      buffer = parsed.rest
+
+      for (const event of parsed.events) {
+        for (const dataLine of extractSseData(event)) {
+          if (!dataLine || dataLine === '[DONE]') continue
+          const data = safeJsonParse(dataLine)
+          const eventType = data?.type
+
+          if (eventType === 'response.created') {
+            messageId = String(data?.response?.id || messageId)
+          }
+
+          if (eventType === 'response.output_text.delta') {
+            const deltaText = String(data?.delta || data?.text || '')
+            if (deltaText) {
+              const index = yield* ensureTextBlock()
+              yield sseEvent('content_block_delta', {
+                type: 'content_block_delta',
+                index,
+                delta: { type: 'text_delta', text: deltaText },
+              })
+            }
+          }
+
+          if (eventType === 'response.output_text.done' && textBlockIndex != null && !textBlockStopped) {
+            textBlockStopped = true
+            yield sseEvent('content_block_stop', { type: 'content_block_stop', index: textBlockIndex })
+          }
+
+          if (eventType === 'response.output_item.added') {
+            const item = data?.item || data?.output_item
+            if (item?.type === 'function_call') {
+              const key = String(item.call_id || item.id || data.output_index || toolBlocks.size)
+              yield* ensureToolBlock(key, String(item.call_id || item.id || key), item.name ? String(item.name) : undefined)
+            }
+          }
+
+          if (eventType === 'response.function_call_arguments.delta') {
+            const key = String(data.call_id || data.item_id || data.output_index || toolBlocks.size)
+            const block = yield* ensureToolBlock(key)
+            const argsDelta = String(data.delta || '')
+            if (argsDelta) {
+              block.argsDeltaSeen = true
+              yield sseEvent('content_block_delta', {
+                type: 'content_block_delta',
+                index: block.blockIndex,
+                delta: { type: 'input_json_delta', partial_json: argsDelta },
+              })
+            }
+          }
+
+          if (eventType === 'response.output_item.done') {
+            const item = data?.item || data?.output_item
+            if (item?.type === 'function_call') {
+              const key = String(item.call_id || item.id || data.output_index || toolBlocks.size)
+              const block = yield* ensureToolBlock(key, String(item.call_id || item.id || key), item.name ? String(item.name) : undefined)
+              const args = String(item.arguments || '')
+              if (args && !block.argsDeltaSeen) {
+                yield sseEvent('content_block_delta', {
+                  type: 'content_block_delta',
+                  index: block.blockIndex,
+                  delta: { type: 'input_json_delta', partial_json: args },
+                })
+              }
+              if (!block.stopped) {
+                block.stopped = true
+                yield sseEvent('content_block_stop', { type: 'content_block_stop', index: block.blockIndex })
+              }
+            }
+          }
+
+          if (eventType === 'response.completed') {
+            const response = data?.response || data
+            outputTokens = Number(response?.usage?.output_tokens || outputTokens)
+            stopReason = response?.status === 'incomplete' ? 'length' : 'stop'
+          }
+        }
+      }
+    }
+
+    if (textBlockIndex != null && !textBlockStopped) {
+      yield sseEvent('content_block_stop', { type: 'content_block_stop', index: textBlockIndex })
+    }
+    for (const block of toolBlocks.values()) {
+      if (!block.stopped) {
+        yield sseEvent('content_block_stop', { type: 'content_block_stop', index: block.blockIndex })
+      }
+    }
+    yield sseEvent('message_delta', {
+      type: 'message_delta',
+      delta: { stop_reason: openAiFinishToAnthropic(stopReason, toolBlocks.size > 0), stop_sequence: null },
+      usage: { output_tokens: outputTokens },
+    })
+    yield sseEvent('message_stop', { type: 'message_stop' })
+  }
+
+  return Readable.from(generate())
+}
+
+export async function claudeProxyModels(ctx: Context) {
+  const target = requireTarget(ctx)
+  if (!target) return
+  const ids = [...new Set([...CLAUDE_PROXY_VISIBLE_MODELS, target.model])]
+  ctx.body = {
+    data: ids.map(id => ({
+      type: 'model',
+      id,
+      display_name: id,
+      created_at: '2026-01-01T00:00:00Z',
+    })),
+    has_more: false,
+    first_id: ids[0],
+    last_id: ids[ids.length - 1],
+  }
+}
+
+export async function claudeProxyMessages(ctx: Context) {
+  const target = requireTarget(ctx)
+  if (!target) return
+  try {
+    const requestBody = ctx.request.body || {}
+    if ((requestBody as any).stream === true) {
+      const stream = target.apiMode === 'anthropic_messages'
+        ? await anthropicMessagesSseStream(target, requestBody)
+        : target.apiMode === 'codex_responses'
+          ? await openAiResponsesToAnthropicSseStream(target, requestBody)
+          : await openAiChatToAnthropicSseStream(target, requestBody)
+      ctx.set('Content-Type', 'text/event-stream; charset=utf-8')
+      ctx.set('Cache-Control', 'no-cache')
+      ctx.body = stream
+    } else {
+      const message = target.apiMode === 'anthropic_messages'
+        ? await callAnthropicMessages(target, requestBody)
+        : target.apiMode === 'codex_responses'
+          ? openAiResponsesToAnthropicMessage(await callOpenAiResponses(target, requestBody), target)
+          : openAiToAnthropicMessage(await callOpenAiChat(target, requestBody), target)
+      ctx.body = message
+    }
+  } catch (err: any) {
+    ctx.status = err.status || 502
+    ctx.body = {
+      type: 'error',
+      error: {
+        type: 'api_error',
+        message: err?.message || 'Claude proxy request failed',
+        provider_error: err?.providerError,
+      },
+    }
+  }
+}
diff --git a/packages/server/src/services/codex-proxy.ts b/packages/server/src/services/codex-proxy.ts
new file mode 100644
index 0000000..bb5cb9e
--- /dev/null
+++ b/packages/server/src/services/codex-proxy.ts
@@ -0,0 +1,908 @@
+import { randomBytes } from 'crypto'
+import { Readable } from 'stream'
+import type { Context } from 'koa'
+import { config } from '../config'
+import type { ApiMode } from './claude-code-proxy'
+
+export interface CodexProxyTargetInput {
+  profile: string
+  provider: string
+  model: string
+  baseUrl: string
+  apiKey: string
+  apiMode?: ApiMode
+}
+
+interface CodexProxyTarget extends CodexProxyTargetInput {
+  key: string
+  routeKey: string
+  token: string
+  updatedAt: number
+}
+
+const targets = new Map<string, CodexProxyTarget>()
+
+function targetKey(profile: string, provider: string, model: string, apiMode: ApiMode, baseUrl: string): string {
+  return `${profile}\0${provider}\0${model}\0${apiMode}\0${baseUrl}`
+}
+
+function routeKeyFor(profile: string, provider: string, model: string, apiMode: ApiMode, baseUrl: string): string {
+  return Buffer.from(targetKey(profile, provider, model, apiMode, baseUrl), 'utf-8').toString('base64url')
+}
+
+function localProxyBaseUrl(routeKey: string): string {
+  return `http://127.0.0.1:${config.port}/api/codex-proxy/${routeKey}/v1`
+}
+
+export function registerCodexProxyTarget(input: CodexProxyTargetInput): { baseUrl: string; token: string; routeKey: string } {
+  const profile = input.profile.trim()
+  const provider = input.provider.trim()
+  const model = input.model.trim()
+  const baseUrl = input.baseUrl.replace(/\/+$/, '')
+  const apiMode = input.apiMode || 'chat_completions'
+  const key = targetKey(profile, provider, model, apiMode, baseUrl)
+  const existing = targets.get(key)
+  const routeKey = existing?.routeKey || routeKeyFor(profile, provider, model, apiMode, baseUrl)
+  const token = existing?.token || `hwui_${randomBytes(24).toString('base64url')}`
+
+  targets.set(key, {
+    ...input,
+    profile,
+    provider,
+    model,
+    baseUrl,
+    apiMode,
+    key,
+    routeKey,
+    token,
+    updatedAt: Date.now(),
+  })
+
+  return { baseUrl: localProxyBaseUrl(routeKey), token, routeKey }
+}
+
+function findTarget(routeKey: string): CodexProxyTarget | null {
+  for (const target of targets.values()) {
+    if (target.routeKey === routeKey) return target
+  }
+  return null
+}
+
+function authToken(ctx: Context): string {
+  const apiKey = ctx.get('x-api-key').trim()
+  if (apiKey) return apiKey
+  const auth = ctx.get('authorization').trim()
+  const match = auth.match(/^Bearer\s+(.+)$/i)
+  return match?.[1]?.trim() || ''
+}
+
+function requireTarget(ctx: Context): CodexProxyTarget | null {
+  const target = findTarget(String(ctx.params.key || ''))
+  if (!target) {
+    ctx.status = 404
+    ctx.body = { error: { type: 'not_found_error', message: 'Codex proxy target not found' } }
+    return null
+  }
+  if (authToken(ctx) !== target.token) {
+    ctx.status = 401
+    ctx.body = { error: { type: 'authentication_error', message: 'Invalid Codex proxy token' } }
+    return null
+  }
+  return target
+}
+
+function stringifyContent(value: unknown): string {
+  if (typeof value === 'string') return value
+  if (Array.isArray(value)) {
+    return value.map((item) => {
+      if (typeof item === 'string') return item
+      if (item && typeof item === 'object') {
+        const block = item as any
+        if (typeof block.text === 'string') return block.text
+        if (typeof block.output === 'string') return block.output
+      }
+      return JSON.stringify(item)
+    }).filter(Boolean).join('\n')
+  }
+  if (value == null) return ''
+  return JSON.stringify(value)
+}
+
+function responseContentToText(content: unknown): string {
+  if (typeof content === 'string') return content
+  if (!Array.isArray(content)) return stringifyContent(content)
+  return content.map((part: any) => {
+    if (typeof part === 'string') return part
+    if (part?.type === 'input_text' || part?.type === 'output_text' || part?.type === 'text') {
+      return String(part.text || '')
+    }
+    return stringifyContent(part)
+  }).filter(Boolean).join('\n')
+}
+
+function responsesInputToChatMessages(body: any): any[] {
+  const messages: any[] = []
+  if (body?.instructions) {
+    messages.push({ role: 'system', content: stringifyContent(body.instructions) })
+  }
+
+  const input = body?.input
+  if (typeof input === 'string') {
+    messages.push({ role: 'user', content: input })
+    return messages
+  }
+
+  for (const item of Array.isArray(input) ? input : []) {
+    if (!item || typeof item !== 'object') continue
+    if (item.type === 'function_call') {
+      const callId = String(item.call_id || item.id || `call_${messages.length}`)
+      messages.push({
+        role: 'assistant',
+        content: null,
+        tool_calls: [{
+          id: callId,
+          type: 'function',
+          function: {
+            name: String(item.name || 'tool'),
+            arguments: String(item.arguments || '{}'),
+          },
+        }],
+      })
+      continue
+    }
+    if (item.type === 'function_call_output') {
+      messages.push({
+        role: 'tool',
+        tool_call_id: String(item.call_id || ''),
+        content: stringifyContent(item.output),
+      })
+      continue
+    }
+    if (item.role) {
+      messages.push({
+        role: chatRoleForResponsesRole(item.role),
+        content: responseContentToText(item.content),
+      })
+    }
+  }
+
+  return messages.length ? messages : [{ role: 'user', content: '' }]
+}
+
+function chatRoleForResponsesRole(role: unknown): string {
+  const value = String(role || '').trim()
+  if (value === 'developer') return 'system'
+  if (value === 'system' || value === 'user' || value === 'assistant' || value === 'tool') return value
+  return 'user'
+}
+
+function responsesToolsToChatTools(tools: unknown): any[] | undefined {
+  if (!Array.isArray(tools)) return undefined
+  const mapped = tools.map((tool: any) => {
+    if (tool?.type !== 'function') return null
+    return {
+      type: 'function',
+      function: {
+        name: String(tool.name || ''),
+        description: String(tool.description || ''),
+        parameters: tool.parameters || { type: 'object', properties: {} },
+      },
+    }
+  }).filter((tool: any) => tool?.function?.name)
+  return mapped.length ? mapped : undefined
+}
+
+function responsesToOpenAiChat(body: any, target: CodexProxyTarget, stream = false): any {
+  const tools = responsesToolsToChatTools(body?.tools)
+  return {
+    model: target.model,
+    messages: responsesInputToChatMessages(body),
+    ...(typeof body?.max_output_tokens === 'number' ? { max_tokens: body.max_output_tokens } : {}),
+    ...(typeof body?.temperature === 'number' ? { temperature: body.temperature } : {}),
+    ...(typeof body?.top_p === 'number' ? { top_p: body.top_p } : {}),
+    ...(tools?.length ? { tools } : {}),
+    stream,
+  }
+}
+
+function responsesRoleToAnthropicRole(role: unknown): 'user' | 'assistant' {
+  return String(role || '') === 'assistant' ? 'assistant' : 'user'
+}
+
+function responsesContentToAnthropicContent(content: unknown, role: 'user' | 'assistant'): any[] {
+  const parts = Array.isArray(content) ? content : [{ type: role === 'assistant' ? 'output_text' : 'input_text', text: stringifyContent(content) }]
+  const mapped = parts.map((part: any) => {
+    if (typeof part === 'string') return { type: 'text', text: part }
+    if (part?.type === 'input_text' || part?.type === 'output_text' || part?.type === 'text') {
+      return { type: 'text', text: String(part.text || '') }
+    }
+    return null
+  }).filter(Boolean)
+  return mapped.length ? mapped : [{ type: 'text', text: '' }]
+}
+
+function responsesInputToAnthropicMessages(body: any): any[] {
+  const messages: any[] = []
+  const input = body?.input
+  if (typeof input === 'string') return [{ role: 'user', content: [{ type: 'text', text: input }] }]
+
+  for (const item of Array.isArray(input) ? input : []) {
+    if (!item || typeof item !== 'object') continue
+    if (item.type === 'function_call') {
+      messages.push({
+        role: 'assistant',
+        content: [{
+          type: 'tool_use',
+          id: String(item.call_id || item.id || `toolu_${messages.length}`),
+          name: String(item.name || 'tool'),
+          input: safeJsonParse(String(item.arguments || '{}')),
+        }],
+      })
+      continue
+    }
+    if (item.type === 'function_call_output') {
+      messages.push({
+        role: 'user',
+        content: [{
+          type: 'tool_result',
+          tool_use_id: String(item.call_id || ''),
+          content: stringifyContent(item.output),
+        }],
+      })
+      continue
+    }
+    if (item.role) {
+      const role = responsesRoleToAnthropicRole(item.role)
+      messages.push({
+        role,
+        content: responsesContentToAnthropicContent(item.content, role),
+      })
+    }
+  }
+
+  return messages.length ? messages : [{ role: 'user', content: [{ type: 'text', text: '' }] }]
+}
+
+function responsesToolsToAnthropicTools(tools: unknown): any[] | undefined {
+  if (!Array.isArray(tools)) return undefined
+  const mapped = tools.map((tool: any) => {
+    if (tool?.type !== 'function') return null
+    return {
+      name: String(tool.name || ''),
+      description: String(tool.description || ''),
+      input_schema: tool.parameters || { type: 'object', properties: {} },
+    }
+  }).filter((tool: any) => tool?.name)
+  return mapped.length ? mapped : undefined
+}
+
+function responsesToAnthropicMessages(body: any, target: CodexProxyTarget, stream = false): any {
+  const tools = responsesToolsToAnthropicTools(body?.tools)
+  return {
+    model: target.model,
+    messages: responsesInputToAnthropicMessages(body),
+    ...(body?.instructions ? { system: stringifyContent(body.instructions) } : {}),
+    ...(typeof body?.max_output_tokens === 'number' ? { max_tokens: body.max_output_tokens } : { max_tokens: 4096 }),
+    ...(typeof body?.temperature === 'number' ? { temperature: body.temperature } : {}),
+    ...(typeof body?.top_p === 'number' ? { top_p: body.top_p } : {}),
+    ...(tools?.length ? { tools } : {}),
+    stream,
+  }
+}
+
+function chatCompletionsUrl(target: CodexProxyTarget): string {
+  if (/\/v\d+$/i.test(target.baseUrl)) return `${target.baseUrl}/chat/completions`
+  return `${target.baseUrl}/v1/chat/completions`
+}
+
+function anthropicMessagesUrl(target: CodexProxyTarget): string {
+  if (/\/v\d+$/i.test(target.baseUrl)) return `${target.baseUrl}/messages`
+  return `${target.baseUrl}/v1/messages`
+}
+
+async function readProviderJson(res: Response): Promise<any> {
+  const text = await res.text()
+  try {
+    return JSON.parse(text)
+  } catch {
+    return { error: { message: text || `Provider returned HTTP ${res.status}` } }
+  }
+}
+
+function throwProviderError(res: Response, data: any): never {
+  const err = new Error(data?.error?.message || `Provider returned HTTP ${res.status}`)
+  ;(err as any).status = res.status
+  ;(err as any).providerError = data
+  throw err
+}
+
+function responseId(data: any): string {
+  return String(data?.id || `resp_${Date.now()}`)
+}
+
+function usageFromChat(data: any) {
+  return {
+    input_tokens: Number(data?.usage?.prompt_tokens || 0),
+    output_tokens: Number(data?.usage?.completion_tokens || 0),
+    total_tokens: Number(data?.usage?.total_tokens || 0),
+  }
+}
+
+function usageFromAnthropic(data: any) {
+  const inputTokens = Number(data?.usage?.input_tokens || 0)
+  const outputTokens = Number(data?.usage?.output_tokens || 0)
+  return {
+    input_tokens: inputTokens,
+    output_tokens: outputTokens,
+    total_tokens: inputTokens + outputTokens,
+  }
+}
+
+function openAiChatToResponses(data: any, target: CodexProxyTarget): any {
+  const choice = data?.choices?.[0] || {}
+  const message = choice.message || {}
+  const output: any[] = []
+
+  if (message.content) {
+    output.push({
+      type: 'message',
+      id: `msg_${responseId(data)}`,
+      status: 'completed',
+      role: 'assistant',
+      content: [{ type: 'output_text', text: String(message.content), annotations: [] }],
+    })
+  }
+
+  for (const call of Array.isArray(message.tool_calls) ? message.tool_calls : []) {
+    output.push({
+      type: 'function_call',
+      id: String(call.id || `fc_${output.length}`),
+      call_id: String(call.id || `call_${output.length}`),
+      name: String(call.function?.name || 'tool'),
+      arguments: String(call.function?.arguments || '{}'),
+    })
+  }
+
+  return {
+    id: responseId(data),
+    object: 'response',
+    created_at: Number(data?.created || Math.floor(Date.now() / 1000)),
+    status: 'completed',
+    model: target.model,
+    output,
+    usage: usageFromChat(data),
+  }
+}
+
+function anthropicMessageToResponses(data: any, target: CodexProxyTarget): any {
+  const output: any[] = []
+  const textParts: string[] = []
+  for (const block of Array.isArray(data?.content) ? data.content : []) {
+    if (block?.type === 'text' && block.text) textParts.push(String(block.text))
+    if (block?.type === 'tool_use') {
+      output.push({
+        type: 'function_call',
+        id: String(block.id || `fc_${output.length}`),
+        call_id: String(block.id || `call_${output.length}`),
+        name: String(block.name || 'tool'),
+        arguments: JSON.stringify(block.input || {}),
+      })
+    }
+  }
+  if (textParts.length) {
+    output.unshift({
+      type: 'message',
+      id: `msg_${responseId(data)}`,
+      status: 'completed',
+      role: 'assistant',
+      content: [{ type: 'output_text', text: textParts.join('\n'), annotations: [] }],
+    })
+  }
+
+  return {
+    id: responseId(data),
+    object: 'response',
+    created_at: Math.floor(Date.now() / 1000),
+    status: 'completed',
+    model: target.model,
+    output,
+    usage: usageFromAnthropic(data),
+  }
+}
+
+async function callOpenAiChat(target: CodexProxyTarget, body: any): Promise<any> {
+  if (target.apiMode !== 'chat_completions') {
+    const err = new Error(`Codex proxy only supports chat_completions targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+  const res = await fetch(chatCompletionsUrl(target), {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(responsesToOpenAiChat(body, target)),
+  })
+  const data = await readProviderJson(res)
+  if (!res.ok) throwProviderError(res, data)
+  return data
+}
+
+async function callAnthropicMessages(target: CodexProxyTarget, body: any): Promise<any> {
+  if (target.apiMode !== 'anthropic_messages') {
+    const err = new Error(`Codex proxy Anthropic adapter only supports anthropic_messages targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+  const res = await fetch(anthropicMessagesUrl(target), {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'x-api-key': target.apiKey,
+      'anthropic-version': '2023-06-01',
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(responsesToAnthropicMessages(body, target)),
+  })
+  const data = await readProviderJson(res)
+  if (!res.ok) throwProviderError(res, data)
+  return data
+}
+
+function sseEvent(event: string, data: any): string {
+  return `event: ${event}\ndata: ${JSON.stringify(data)}\n\n`
+}
+
+function safeJsonParse(value: string): any {
+  try {
+    return JSON.parse(value)
+  } catch {
+    return {}
+  }
+}
+
+function getReadableStream(res: Response): AsyncIterable<Uint8Array> {
+  const body = res.body
+  if (!body) throw new Error('Provider returned an empty stream')
+  return body as any
+}
+
+function parseOpenAiSse(buffer: string): { events: string[]; rest: string } {
+  const events: string[] = []
+  let cursor = 0
+  while (true) {
+    const index = buffer.indexOf('\n\n', cursor)
+    if (index < 0) break
+    events.push(buffer.slice(cursor, index))
+    cursor = index + 2
+  }
+  return { events, rest: buffer.slice(cursor) }
+}
+
+function extractSseData(event: string): string[] {
+  return event
+    .split(/\r?\n/)
+    .filter(line => line.startsWith('data:'))
+    .map(line => line.slice(5).trimStart())
+}
+
+async function openAiChatToResponsesSseStream(target: CodexProxyTarget, body: any): Promise<Readable> {
+  if (target.apiMode !== 'chat_completions') {
+    const err = new Error(`Codex proxy only supports chat_completions targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+
+  const res = await fetch(chatCompletionsUrl(target), {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(responsesToOpenAiChat(body, target, true)),
+  })
+  if (!res.ok) {
+    const data = await readProviderJson(res)
+    throwProviderError(res, data)
+  }
+
+  const stream = getReadableStream(res)
+  const decoder = new TextDecoder()
+
+  async function* generate() {
+    const id = `resp_${Date.now()}`
+    const messageId = `msg_${id}`
+    let buffer = ''
+    let textStarted = false
+    let text = ''
+    const toolCalls = new Map<number, { id: string; name: string; arguments: string; added: boolean }>()
+
+    yield sseEvent('response.created', {
+      type: 'response.created',
+      response: { id, object: 'response', status: 'in_progress', model: target.model, output: [] },
+    })
+
+    for await (const chunk of stream) {
+      buffer += decoder.decode(chunk, { stream: true })
+      const parsed = parseOpenAiSse(buffer)
+      buffer = parsed.rest
+
+      for (const event of parsed.events) {
+        for (const dataLine of extractSseData(event)) {
+          if (!dataLine || dataLine === '[DONE]') continue
+          const data = safeJsonParse(dataLine)
+          const choice = data?.choices?.[0]
+          if (!choice) continue
+
+          const delta = choice.delta || {}
+          if (typeof delta.content === 'string' && delta.content) {
+            if (!textStarted) {
+              textStarted = true
+              yield sseEvent('response.output_item.added', {
+                type: 'response.output_item.added',
+                output_index: 0,
+                item: {
+                  type: 'message',
+                  id: messageId,
+                  status: 'in_progress',
+                  role: 'assistant',
+                  content: [],
+                },
+              })
+              yield sseEvent('response.content_part.added', {
+                type: 'response.content_part.added',
+                item_id: messageId,
+                output_index: 0,
+                content_index: 0,
+                part: { type: 'output_text', text: '', annotations: [] },
+              })
+            }
+            text += delta.content
+            yield sseEvent('response.output_text.delta', {
+              type: 'response.output_text.delta',
+              item_id: messageId,
+              output_index: 0,
+              content_index: 0,
+              delta: delta.content,
+            })
+          }
+
+          for (const toolCall of Array.isArray(delta.tool_calls) ? delta.tool_calls : []) {
+            const index = Number(toolCall.index || 0)
+            let call = toolCalls.get(index)
+            if (!call) {
+              call = {
+                id: String(toolCall.id || `call_${index}`),
+                name: String(toolCall.function?.name || 'tool'),
+                arguments: '',
+                added: false,
+              }
+              toolCalls.set(index, call)
+            }
+            if (toolCall.id) call.id = String(toolCall.id)
+            if (toolCall.function?.name) call.name = String(toolCall.function.name)
+            if (!call.added && call.name) {
+              call.added = true
+              yield sseEvent('response.output_item.added', {
+                type: 'response.output_item.added',
+                output_index: textStarted ? index + 1 : index,
+                item: {
+                  type: 'function_call',
+                  id: call.id,
+                  call_id: call.id,
+                  name: call.name,
+                  arguments: '',
+                },
+              })
+            }
+            const argsDelta = toolCall.function?.arguments
+            if (typeof argsDelta === 'string' && argsDelta) {
+              call.arguments += argsDelta
+              yield sseEvent('response.function_call_arguments.delta', {
+                type: 'response.function_call_arguments.delta',
+                item_id: call.id,
+                output_index: textStarted ? index + 1 : index,
+                delta: argsDelta,
+              })
+            }
+          }
+        }
+      }
+    }
+
+    const output: any[] = []
+    if (textStarted) {
+      const messageItem = {
+        type: 'message',
+        id: messageId,
+        status: 'completed',
+        role: 'assistant',
+        content: [{ type: 'output_text', text, annotations: [] }],
+      }
+      output.push(messageItem)
+      yield sseEvent('response.output_text.done', {
+        type: 'response.output_text.done',
+        item_id: messageId,
+        output_index: 0,
+        content_index: 0,
+        text,
+      })
+      yield sseEvent('response.content_part.done', {
+        type: 'response.content_part.done',
+        item_id: messageId,
+        output_index: 0,
+        content_index: 0,
+        part: { type: 'output_text', text, annotations: [] },
+      })
+      yield sseEvent('response.output_item.done', {
+        type: 'response.output_item.done',
+        output_index: 0,
+        item: messageItem,
+      })
+    }
+
+    for (const [index, call] of toolCalls.entries()) {
+      const outputIndex = textStarted ? index + 1 : index
+      const callItem = {
+        type: 'function_call',
+        id: call.id,
+        call_id: call.id,
+        name: call.name,
+        arguments: call.arguments || '{}',
+      }
+      output.push(callItem)
+      yield sseEvent('response.output_item.done', {
+        type: 'response.output_item.done',
+        output_index: outputIndex,
+        item: callItem,
+      })
+    }
+    yield sseEvent('response.completed', {
+      type: 'response.completed',
+      response: {
+        id,
+        object: 'response',
+        status: 'completed',
+        model: target.model,
+        output,
+      },
+    })
+  }
+
+  return Readable.from(generate())
+}
+
+function extractSseEventName(event: string): string {
+  return event
+    .split(/\r?\n/)
+    .find(line => line.startsWith('event:'))
+    ?.slice(6)
+    .trim() || ''
+}
+
+async function anthropicMessagesToResponsesSseStream(target: CodexProxyTarget, body: any): Promise<Readable> {
+  if (target.apiMode !== 'anthropic_messages') {
+    const err = new Error(`Codex proxy Anthropic adapter only supports anthropic_messages targets, got ${target.apiMode}`)
+    ;(err as any).status = 501
+    throw err
+  }
+
+  const res = await fetch(anthropicMessagesUrl(target), {
+    method: 'POST',
+    headers: {
+      Authorization: `Bearer ${target.apiKey}`,
+      'x-api-key': target.apiKey,
+      'anthropic-version': '2023-06-01',
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(responsesToAnthropicMessages(body, target, true)),
+  })
+  if (!res.ok) {
+    const data = await readProviderJson(res)
+    throwProviderError(res, data)
+  }
+
+  const stream = getReadableStream(res)
+  const decoder = new TextDecoder()
+
+  async function* generate() {
+    let id = `resp_${Date.now()}`
+    let messageId = `msg_${id}`
+    let buffer = ''
+    let textStarted = false
+    let text = ''
+    const toolBlocks = new Map<number, { id: string; name: string; arguments: string; added: boolean }>()
+
+    yield sseEvent('response.created', {
+      type: 'response.created',
+      response: { id, object: 'response', status: 'in_progress', model: target.model, output: [] },
+    })
+
+    const ensureText = function* () {
+      if (!textStarted) {
+        textStarted = true
+        yield sseEvent('response.output_item.added', {
+          type: 'response.output_item.added',
+          output_index: 0,
+          item: { type: 'message', id: messageId, status: 'in_progress', role: 'assistant', content: [] },
+        })
+        yield sseEvent('response.content_part.added', {
+          type: 'response.content_part.added',
+          item_id: messageId,
+          output_index: 0,
+          content_index: 0,
+          part: { type: 'output_text', text: '', annotations: [] },
+        })
+      }
+    }
+
+    const ensureTool = function* (index: number, idValue?: string, name?: string) {
+      let block = toolBlocks.get(index)
+      if (!block) {
+        block = { id: idValue || `toolu_${index}`, name: name || 'tool', arguments: '', added: false }
+        toolBlocks.set(index, block)
+      }
+      if (idValue) block.id = idValue
+      if (name) block.name = name
+      if (!block.added) {
+        block.added = true
+        yield sseEvent('response.output_item.added', {
+          type: 'response.output_item.added',
+          output_index: textStarted ? index + 1 : index,
+          item: { type: 'function_call', id: block.id, call_id: block.id, name: block.name, arguments: '' },
+        })
+      }
+      return block
+    }
+
+    for await (const chunk of stream) {
+      buffer += decoder.decode(chunk, { stream: true })
+      const parsed = parseOpenAiSse(buffer)
+      buffer = parsed.rest
+
+      for (const event of parsed.events) {
+        const eventName = extractSseEventName(event)
+        for (const dataLine of extractSseData(event)) {
+          if (!dataLine || dataLine === '[DONE]') continue
+          const data = safeJsonParse(dataLine)
+
+          if (eventName === 'message_start' || data?.type === 'message_start') {
+            id = String(data?.message?.id || id)
+            messageId = `msg_${id}`
+          }
+
+          if (eventName === 'content_block_start' || data?.type === 'content_block_start') {
+            const contentBlock = data?.content_block || {}
+            if (contentBlock.type === 'tool_use') {
+              yield* ensureTool(Number(data.index || 0), String(contentBlock.id || ''), String(contentBlock.name || 'tool'))
+            }
+          }
+
+          if (eventName === 'content_block_delta' || data?.type === 'content_block_delta') {
+            const delta = data?.delta || {}
+            if (delta.type === 'text_delta' && delta.text) {
+              yield* ensureText()
+              text += String(delta.text)
+              yield sseEvent('response.output_text.delta', {
+                type: 'response.output_text.delta',
+                item_id: messageId,
+                output_index: 0,
+                content_index: 0,
+                delta: String(delta.text),
+              })
+            }
+            if (delta.type === 'input_json_delta' && delta.partial_json) {
+              const index = Number(data.index || 0)
+              const block = yield* ensureTool(index)
+              const argsDelta = String(delta.partial_json)
+              block.arguments += argsDelta
+              yield sseEvent('response.function_call_arguments.delta', {
+                type: 'response.function_call_arguments.delta',
+                item_id: block.id,
+                output_index: textStarted ? index + 1 : index,
+                delta: argsDelta,
+              })
+            }
+          }
+        }
+      }
+    }
+
+    const output: any[] = []
+    if (textStarted) {
+      const messageItem = {
+        type: 'message',
+        id: messageId,
+        status: 'completed',
+        role: 'assistant',
+        content: [{ type: 'output_text', text, annotations: [] }],
+      }
+      output.push(messageItem)
+      yield sseEvent('response.output_text.done', {
+        type: 'response.output_text.done',
+        item_id: messageId,
+        output_index: 0,
+        content_index: 0,
+        text,
+      })
+      yield sseEvent('response.content_part.done', {
+        type: 'response.content_part.done',
+        item_id: messageId,
+        output_index: 0,
+        content_index: 0,
+        part: { type: 'output_text', text, annotations: [] },
+      })
+      yield sseEvent('response.output_item.done', {
+        type: 'response.output_item.done',
+        output_index: 0,
+        item: messageItem,
+      })
+    }
+    for (const [index, block] of toolBlocks.entries()) {
+      const outputIndex = textStarted ? index + 1 : index
+      const item = {
+        type: 'function_call',
+        id: block.id,
+        call_id: block.id,
+        name: block.name,
+        arguments: block.arguments || '{}',
+      }
+      output.push(item)
+      yield sseEvent('response.output_item.done', {
+        type: 'response.output_item.done',
+        output_index: outputIndex,
+        item,
+      })
+    }
+    yield sseEvent('response.completed', {
+      type: 'response.completed',
+      response: { id, object: 'response', status: 'completed', model: target.model, output },
+    })
+  }
+
+  return Readable.from(generate())
+}
+
+export async function codexProxyResponses(ctx: Context) {
+  const target = requireTarget(ctx)
+  if (!target) return
+  try {
+    const requestBody = ctx.request.body || {}
+    if ((requestBody as any).stream === true) {
+      const stream = target.apiMode === 'anthropic_messages'
+        ? await anthropicMessagesToResponsesSseStream(target, requestBody)
+        : await openAiChatToResponsesSseStream(target, requestBody)
+      ctx.set('Content-Type', 'text/event-stream; charset=utf-8')
+      ctx.set('Cache-Control', 'no-cache')
+      ctx.body = stream
+    } else {
+      ctx.body = target.apiMode === 'anthropic_messages'
+        ? anthropicMessageToResponses(await callAnthropicMessages(target, requestBody), target)
+        : openAiChatToResponses(await callOpenAiChat(target, requestBody), target)
+    }
+  } catch (err: any) {
+    ctx.status = err.status || 502
+    ctx.body = {
+      error: {
+        type: 'api_error',
+        message: err?.message || 'Codex proxy request failed',
+        provider_error: err?.providerError,
+      },
+    }
+  }
+}
+
+export async function codexProxyModels(ctx: Context) {
+  const target = requireTarget(ctx)
+  if (!target) return
+  ctx.body = {
+    object: 'list',
+    data: [{
+      id: target.model,
+      object: 'model',
+      created: 0,
+      owned_by: target.provider,
+    }],
+  }
+}
diff --git a/packages/server/src/services/coding-agents.ts b/packages/server/src/services/coding-agents.ts
new file mode 100644
index 0000000..1f18a31
--- /dev/null
+++ b/packages/server/src/services/coding-agents.ts
@@ -0,0 +1,1100 @@
+import { execFile } from 'child_process'
+import { existsSync, readdirSync, realpathSync } from 'fs'
+import { mkdir, readFile, stat, writeFile } from 'fs/promises'
+import { homedir } from 'os'
+import { delimiter, dirname, extname, join } from 'path'
+import { promisify } from 'util'
+import { getWebUiHome } from '../config'
+import { registerClaudeCodeProxyTarget, type ApiMode } from './claude-code-proxy'
+import { registerCodexProxyTarget } from './codex-proxy'
+import { PROVIDER_PRESETS } from '../shared/providers'
+import { getModelContextLength } from './hermes/model-context'
+
+const execFileAsync = promisify(execFile)
+const LAUNCH_API_MODES = new Set<ApiMode>(['chat_completions', 'codex_responses', 'anthropic_messages'])
+const CODING_AGENT_HOME_DIR = 'coding-agent'
+const CODEX_MODEL_CATALOG_FILE = 'codex-model-catalog.json'
+const CODEX_CATALOG_BASE_INSTRUCTIONS = 'You are Codex, a coding agent. Be precise, safe, and helpful.'
+const NODE_ENVIRONMENT_MISSING_CODE = 'node_environment_missing'
+
+export type CodingAgentId = 'claude-code' | 'codex'
+
+export interface CodingAgentDefinition {
+  id: CodingAgentId
+  name: string
+  provider: string
+  command: string
+  packageName: string
+}
+
+export interface CodingAgentToolStatus extends CodingAgentDefinition {
+  installed: boolean
+  version: string
+  rawVersion: string
+  error?: string
+}
+
+export interface CodingAgentsStatus {
+  tools: CodingAgentToolStatus[]
+}
+
+export interface CodingAgentMutationResult extends CodingAgentsStatus {
+  success: boolean
+  tool: CodingAgentToolStatus
+  message?: string
+  code?: string
+}
+
+export interface CodingAgentConfigFileDefinition {
+  key: string
+  path: string
+  absolutePath: string
+  language: string
+}
+
+export interface CodingAgentConfigScope {
+  profile?: string
+  provider?: string
+}
+
+export interface CodingAgentConfigFileContent extends CodingAgentConfigFileDefinition {
+  content: string
+  exists: boolean
+  size: number
+  profile: string
+  provider: string
+  rootDir: string
+}
+
+export interface CodingAgentLaunchInput extends CodingAgentConfigScope {
+  mode?: 'scoped' | 'global'
+  model?: string
+  baseUrl?: string
+  apiKey?: string
+  apiMode?: ApiMode
+}
+
+export interface CodingAgentLaunchResult {
+  agentId: CodingAgentId
+  mode: 'scoped' | 'global'
+  profile: string
+  provider: string
+  model: string
+  rootDir: string
+  workspaceDir: string
+  command: string
+  args: string[]
+  env: Record<string, string>
+  shellCommand: string
+  files: Array<{ key: string; path: string; absolutePath: string }>
+}
+
+export interface CodingAgentNativeLaunchResult extends CodingAgentLaunchResult {
+  nativeTerminal: true
+  terminal: string
+}
+
+const TOOL_DEFINITIONS: CodingAgentDefinition[] = [
+  {
+    id: 'claude-code',
+    name: 'Claude Code',
+    provider: 'Anthropic',
+    command: 'claude',
+    packageName: '@anthropic-ai/claude-code',
+  },
+  {
+    id: 'codex',
+    name: 'Codex',
+    provider: 'OpenAI',
+    command: 'codex',
+    packageName: '@openai/codex',
+  },
+]
+
+const CONFIG_FILE_DEFINITIONS: Record<CodingAgentId, Array<Omit<CodingAgentConfigFileDefinition, 'absolutePath'> & { scopedPath: string }>> = {
+  'claude-code': [
+    { key: 'settings', path: '~/.claude/settings.json', scopedPath: 'settings.json', language: 'json' },
+    { key: 'mcp', path: '~/.claude.json', scopedPath: 'mcp.json', language: 'json' },
+    { key: 'prompt', path: '~/.claude/CLAUDE.md', scopedPath: 'CLAUDE.md', language: 'markdown' },
+  ],
+  codex: [
+    { key: 'auth', path: '~/.codex/auth.json', scopedPath: 'auth.json', language: 'json' },
+    { key: 'config', path: '~/.codex/config.toml', scopedPath: 'config.toml', language: 'ini' },
+    { key: 'agents', path: '~/.codex/AGENTS.md', scopedPath: 'AGENTS.md', language: 'markdown' },
+  ],
+}
+
+const installingTools = new Set<CodingAgentId>()
+const deletingTools = new Set<CodingAgentId>()
+let cachedGlobalNpmBin: string | null | undefined
+const MAX_CONFIG_FILE_SIZE = parseInt(process.env.MAX_EDIT_SIZE || '', 10) || 10 * 1024 * 1024
+
+function getNodeBinDir() {
+  return dirname(process.execPath)
+}
+
+function getNodePrefix() {
+  return process.platform === 'win32' ? getNodeBinDir() : dirname(getNodeBinDir())
+}
+
+function getHomebrewPrefix() {
+  const match = process.execPath.match(/^(.*)\/Cellar\/[^/]+\/[^/]+\/bin\/node$/)
+  return match?.[1] || null
+}
+
+function getNpmCliCandidates() {
+  const prefix = getNodePrefix()
+  const homebrewPrefix = getHomebrewPrefix()
+
+  return process.platform === 'win32'
+    ? [
+        join(prefix, 'node_modules', 'npm', 'bin', 'npm-cli.js'),
+        join(getNodeBinDir(), 'node_modules', 'npm', 'bin', 'npm-cli.js'),
+      ]
+    : [
+        join(prefix, 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js'),
+        ...(homebrewPrefix ? [join(homebrewPrefix, 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js')] : []),
+      ]
+}
+
+function getNpmCliPath() {
+  return getNpmCliCandidates().find(existsSync) || null
+}
+
+function getNpmBin() {
+  return process.platform === 'win32' ? 'npm.cmd' : 'npm'
+}
+
+function compareNodeVersionDesc(left: string, right: string): number {
+  const leftParts = left.replace(/^v/, '').split('.').map(part => Number.parseInt(part, 10) || 0)
+  const rightParts = right.replace(/^v/, '').split('.').map(part => Number.parseInt(part, 10) || 0)
+  for (let index = 0; index < Math.max(leftParts.length, rightParts.length); index += 1) {
+    const diff = (rightParts[index] || 0) - (leftParts[index] || 0)
+    if (diff !== 0) return diff
+  }
+  return right.localeCompare(left)
+}
+
+function getNvmNodeBinPaths(): string {
+  if (process.env.HERMES_DESKTOP !== 'true' || process.platform === 'win32') return ''
+
+  const nvmDir = process.env.NVM_DIR?.trim() || join(homedir(), '.nvm')
+  const versionsDir = join(nvmDir, 'versions', 'node')
+  if (!existsSync(versionsDir)) return ''
+
+  try {
+    return readdirSync(versionsDir, { withFileTypes: true })
+      .filter(entry => entry.isDirectory())
+      .map(entry => entry.name)
+      .sort(compareNodeVersionDesc)
+      .map(version => join(versionsDir, version, 'bin'))
+      .filter(binDir => existsSync(binDir))
+      .join(delimiter)
+  } catch {
+    return ''
+  }
+}
+
+function nodeEnvironmentMissingError(): Error {
+  const err = new Error('Node/npm environment was not detected. Please install Node.js and try again.')
+  ;(err as any).code = NODE_ENVIRONMENT_MISSING_CODE
+  return err
+}
+
+function isNodeEnvironmentMissingError(err: any): boolean {
+  const text = [
+    err?.code,
+    err?.message,
+    typeof err?.stderr === 'string' ? err.stderr : '',
+    typeof err?.stdout === 'string' ? err.stdout : '',
+  ].filter(Boolean).join('\n').toLowerCase()
+  return text.includes('enoent') ||
+    text.includes('spawn npm') ||
+    text.includes('npm: command not found') ||
+    text.includes('npm not found') ||
+    text.includes('node: command not found') ||
+    text.includes('node not found')
+}
+
+function npmCliFromNpmBin(npmBin: string): { node: string; npmCli: string } | null {
+  const binDir = dirname(npmBin)
+  if (process.platform === 'win32') {
+    const node = join(binDir, 'node.exe')
+    const npmCli = join(binDir, 'node_modules', 'npm', 'bin', 'npm-cli.js')
+    return existsSync(node) && existsSync(npmCli) ? { node, npmCli } : null
+  }
+
+  const node = join(binDir, 'node')
+  const npmCli = join(dirname(binDir), 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js')
+  return existsSync(node) && existsSync(npmCli) ? { node, npmCli } : null
+}
+
+function normalizeScopeSegment(value: string | undefined, fallback: string, label: string): string {
+  // Replace invalid filename characters with underscores
+  // Windows invalid chars: < > : " / \ | ? *
+  // Additional problematic chars: control characters
+  const sanitizedValue = String(value || '').trim().replace(/[<>:"/\\|?*\x00-\x1f]/g, '_')
+  const segment = sanitizedValue || fallback
+
+  if (
+    segment === '.' ||
+    segment === '..' ||
+    segment.includes('\0')
+  ) {
+    const err = new Error(`Invalid ${label}`)
+    ;(err as any).status = 400
+    throw err
+  }
+  if (segment.length > 128) {
+    const err = new Error(`${label} is too long`)
+    ;(err as any).status = 400
+    throw err
+  }
+  return segment
+}
+
+function normalizeConfigScope(scope: CodingAgentConfigScope = {}): Required<CodingAgentConfigScope> {
+  return {
+    profile: normalizeScopeSegment(scope.profile, 'default', 'profile'),
+    provider: normalizeScopeSegment(scope.provider, 'default', 'provider'),
+  }
+}
+
+function normalizeLaunchApiMode(value: unknown, fallback: ApiMode): ApiMode {
+  if (!value) return fallback
+  const mode = String(value).trim() as ApiMode
+  if (!LAUNCH_API_MODES.has(mode)) {
+    const err = new Error('Invalid API protocol')
+    ;(err as any).status = 400
+    throw err
+  }
+  return mode
+}
+
+function getScopedConfigRoot(id: CodingAgentId, scope: Required<CodingAgentConfigScope>): string {
+  return join(getWebUiHome(), CODING_AGENT_HOME_DIR, 'model', scope.profile, scope.provider, id)
+}
+
+function getScopedWorkspaceRoot(scope: Required<CodingAgentConfigScope>): string {
+  return join(getWebUiHome(), CODING_AGENT_HOME_DIR, 'workspace', scope.profile, scope.provider)
+}
+
+function displayNameForModel(model: string): string {
+  const trimmed = model.trim()
+  if (!trimmed) return 'Model'
+  const leaf = trimmed.split('/').filter(Boolean).pop() || trimmed
+  return leaf
+    .replace(/[-_]+/g, ' ')
+    .replace(/\b\w/g, char => char.toUpperCase())
+}
+
+function codexCatalogEntry(input: {
+  model: string
+  displayName: string
+  contextWindow: number
+  priority: number
+}) {
+  return {
+    slug: input.model,
+    display_name: input.displayName,
+    description: input.displayName,
+    default_reasoning_level: 'medium',
+    supported_reasoning_levels: [
+      { effort: 'low', description: 'Fast responses with lighter reasoning' },
+      { effort: 'medium', description: 'Balances speed and reasoning depth for everyday tasks' },
+      { effort: 'high', description: 'Greater reasoning depth for complex problems' },
+      { effort: 'xhigh', description: 'Extra high reasoning depth for complex problems' },
+    ],
+    shell_type: 'shell_command',
+    visibility: 'list',
+    supported_in_api: true,
+    priority: 1000 + input.priority,
+    additional_speed_tiers: [],
+    service_tiers: [],
+    default_service_tier: null,
+    availability_nux: null,
+    upgrade: null,
+    base_instructions: CODEX_CATALOG_BASE_INSTRUCTIONS,
+    model_messages: {
+      instructions_template: '{{ base_instructions }}\n\n{{ personality }}',
+      instructions_variables: {
+        base_instructions: CODEX_CATALOG_BASE_INSTRUCTIONS,
+        personality: '',
+        personality_default: '',
+        personality_friendly: '',
+        personality_pragmatic: '',
+      },
+    },
+    supports_reasoning_summaries: true,
+    default_reasoning_summary: 'none',
+    support_verbosity: true,
+    default_verbosity: 'low',
+    apply_patch_tool_type: 'freeform',
+    web_search_tool_type: 'text_and_image',
+    truncation_policy: { mode: 'tokens', limit: 10_000 },
+    supports_parallel_tool_calls: true,
+    supports_image_detail_original: true,
+    context_window: input.contextWindow,
+    max_context_window: input.contextWindow,
+    effective_context_window_percent: 95,
+    experimental_supported_tools: [],
+    input_modalities: ['text'],
+    supports_search_tool: true,
+  }
+}
+
+function buildCodexModelCatalog(input: {
+  profile: string
+  provider: string
+  model: string
+  presetModels: string[]
+}) {
+  const models = [...new Set([input.model, ...input.presetModels].map(item => item.trim()).filter(Boolean))]
+  return {
+    models: models.map((model, index) => codexCatalogEntry({
+      model,
+      displayName: displayNameForModel(model),
+      contextWindow: getModelContextLength({ profile: input.profile, provider: input.provider, model }),
+      priority: index,
+    })),
+  }
+}
+
+function expandHomePath(path: string): string {
+  if (path === '~') return homedir()
+  if (path.startsWith('~/')) return join(homedir(), path.slice(2))
+  return path
+}
+
+function shellQuote(value: string): string {
+  if (/^[A-Za-z0-9_./:=@+-]+$/.test(value)) return value
+  return `'${value.replace(/'/g, `'\\''`)}'`
+}
+
+function powerShellQuote(value: string): string {
+  return `'${value.replace(/'/g, "''")}'`
+}
+
+function cmdQuote(value: string): string {
+  return `"${value.replace(/"/g, '""')}"`
+}
+
+function buildLaunchShellCommand(input: {
+  workspaceDir: string
+  env: Record<string, string>
+  command: string
+  args: string[]
+}): string {
+  if (process.platform === 'win32') {
+    const envAssignments = Object.entries(input.env)
+      .map(([key, value]) => `$env:${key} = ${powerShellQuote(value)}`)
+    return [
+      `Set-Location -LiteralPath ${powerShellQuote(input.workspaceDir)}`,
+      ...envAssignments,
+      `& ${powerShellQuote(input.command)} ${input.args.map(powerShellQuote).join(' ')}`.trim(),
+    ].join('; ')
+  }
+
+  const envPrefix = Object.entries(input.env).map(([key, value]) => `${key}=${shellQuote(value)}`).join(' ')
+  const runCommand = [
+    envPrefix,
+    input.command,
+    ...input.args.map(shellQuote),
+  ].filter(Boolean).join(' ')
+  return `cd ${shellQuote(input.workspaceDir)} && ${runCommand}`
+}
+
+function appleScriptString(value: string): string {
+  return `"${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`
+}
+
+async function commandExists(command: string): Promise<boolean> {
+  try {
+    await execFileAsync(process.platform === 'win32' ? 'where' : 'which', [command], {
+      encoding: 'utf-8',
+      timeout: 3000,
+      windowsHide: true,
+    })
+    return true
+  } catch {
+    return false
+  }
+}
+
+function isDockerRuntime(): boolean {
+  return existsSync('/.dockerenv') || process.env.container === 'docker'
+}
+
+async function openNativeTerminal(shellCommand: string): Promise<string> {
+  if (process.platform === 'win32') {
+    const escapedCommand = shellCommand.replace(/"/g, '""').replace(/\$/g, '`$')
+    await execFileAsync('powershell.exe', [
+      '-NoProfile',
+      '-Command',
+      `Start-Process -FilePath powershell.exe -ArgumentList @('-NoExit', '-Command', "${escapedCommand}")`,
+    ], {
+      encoding: 'utf-8',
+      timeout: 8000,
+      windowsHide: true,
+    })
+    return 'PowerShell'
+  }
+
+  if (process.platform === 'darwin') {
+    await execFileAsync('osascript', [
+      '-e',
+      `tell application "Terminal" to do script ${appleScriptString(shellCommand)}`,
+      '-e',
+      'tell application "Terminal" to activate',
+    ], {
+      encoding: 'utf-8',
+      timeout: 8000,
+      windowsHide: true,
+    })
+    return 'Terminal.app'
+  }
+
+  if (process.platform === 'linux') {
+    if (isDockerRuntime()) {
+      const err = new Error('Native terminal is not available inside Docker')
+      ;(err as any).status = 400
+      throw err
+    }
+    if (!process.env.DISPLAY && !process.env.WAYLAND_DISPLAY) {
+      const err = new Error('Native terminal requires a Linux desktop session')
+      ;(err as any).status = 400
+      throw err
+    }
+
+    const candidates: Array<{ command: string; args: string[] }> = [
+      { command: 'xdg-terminal-exec', args: ['bash', '-lc', shellCommand] },
+      { command: 'gnome-terminal', args: ['--', 'bash', '-lc', shellCommand] },
+      { command: 'konsole', args: ['-e', 'bash', '-lc', shellCommand] },
+      { command: 'xfce4-terminal', args: ['--command', `bash -lc ${shellQuote(shellCommand)}`] },
+      { command: 'kitty', args: ['bash', '-lc', shellCommand] },
+      { command: 'alacritty', args: ['-e', 'bash', '-lc', shellCommand] },
+      { command: 'xterm', args: ['-e', 'bash', '-lc', shellCommand] },
+    ]
+
+    const errors: string[] = []
+    for (const candidate of candidates) {
+      if (!(await commandExists(candidate.command))) continue
+      try {
+        await execFileAsync(candidate.command, candidate.args, {
+          encoding: 'utf-8',
+          timeout: 8000,
+          windowsHide: true,
+        })
+        return candidate.command
+      } catch (err: any) {
+        errors.push(`${candidate.command}: ${normalizeError(err)}`)
+      }
+    }
+
+    const err = new Error(errors[0] || 'No supported Linux terminal command was found')
+    ;(err as any).status = 400
+    throw err
+  }
+
+  const err = new Error('Native terminal launch is not supported on this platform')
+  ;(err as any).status = 400
+  throw err
+}
+
+function getLiveConfigFileDefinition(id: string, key: string): CodingAgentConfigFileDefinition | null {
+  const tool = getCodingAgentDefinition(id)
+  if (!tool) return null
+  const definition = CONFIG_FILE_DEFINITIONS[tool.id].find(file => file.key === key)
+  if (!definition) return null
+  return {
+    key: definition.key,
+    path: definition.path,
+    language: definition.language,
+    absolutePath: expandHomePath(definition.path),
+  }
+}
+
+function getScopedConfigFileDefinition(id: string, key: string, scopeInput: CodingAgentConfigScope = {}): (CodingAgentConfigFileDefinition & Required<CodingAgentConfigScope> & { rootDir: string }) | null {
+  const tool = getCodingAgentDefinition(id)
+  if (!tool) return null
+  const definition = CONFIG_FILE_DEFINITIONS[tool.id].find(file => file.key === key)
+  if (!definition) return null
+  const scope = normalizeConfigScope(scopeInput)
+  const rootDir = getScopedConfigRoot(tool.id, scope)
+  return {
+    key: definition.key,
+    path: definition.path,
+    language: definition.language,
+    ...scope,
+    rootDir,
+    absolutePath: join(rootDir, definition.scopedPath),
+  }
+}
+
+function getCurrentNodeEnv(): NodeJS.ProcessEnv {
+  return {
+    ...process.env,
+    PATH: [getNodeBinDir(), getNvmNodeBinPaths(), process.env.PATH].filter(Boolean).join(delimiter),
+    npm_node_execpath: process.execPath,
+  }
+}
+
+async function npmExecution(args: string[], env: NodeJS.ProcessEnv): Promise<{ command: string; args: string[] }> {
+  const bundledNpmCli = getNpmCliPath()
+  if (bundledNpmCli) return { command: process.execPath, args: [bundledNpmCli, ...args] }
+
+  let npmBin: string | null = null
+  for (const command of [...new Set([getNpmBin(), 'npm'])]) {
+    const paths = await findCommandPaths(command, env)
+    if (paths[0]) {
+      npmBin = paths[0]
+      break
+    }
+  }
+  if (!npmBin) throw nodeEnvironmentMissingError()
+
+  const npmCli = npmCliFromNpmBin(npmBin)
+  if (npmCli) return { command: npmCli.node, args: [npmCli.npmCli, ...args] }
+
+  let nodeBin: string | null = null
+  for (const command of [...new Set([process.platform === 'win32' ? 'node.exe' : 'node', 'node'])]) {
+    const paths = await findCommandPaths(command, env)
+    if (paths[0]) {
+      nodeBin = paths[0]
+      break
+    }
+  }
+  if (!nodeBin) throw nodeEnvironmentMissingError()
+
+  return commandExecution(npmBin, args)
+}
+
+async function runNpm(args: string[], options: { timeout?: number; env?: NodeJS.ProcessEnv } = {}) {
+  const env = {
+    ...getCurrentNodeEnv(),
+    ...options.env,
+  }
+  const execution = await npmExecution(args, env)
+  return execFileAsync(execution.command, execution.args, {
+    encoding: 'utf-8',
+    timeout: options.timeout,
+    windowsHide: true,
+    maxBuffer: 10 * 1024 * 1024,
+    env,
+  })
+}
+
+function normalizeError(err: any): string {
+  if (isNodeEnvironmentMissingError(err)) return nodeEnvironmentMissingError().message
+  const stderr = typeof err?.stderr === 'string' ? err.stderr.trim() : ''
+  const stdout = typeof err?.stdout === 'string' ? err.stdout.trim() : ''
+  const message = stderr || stdout || err?.message || String(err)
+  return message.split(/\r?\n/).filter(Boolean).slice(0, 4).join('\n')
+}
+
+function normalizeErrorCode(err: any): string | undefined {
+  return isNodeEnvironmentMissingError(err) ? NODE_ENVIRONMENT_MISSING_CODE : undefined
+}
+
+async function findCommandPaths(command: string, env: NodeJS.ProcessEnv): Promise<string[]> {
+  try {
+    const lookupCommand = process.platform === 'win32' ? 'where' : 'which'
+    const lookupArgs = process.platform === 'win32' ? [command] : ['-a', command]
+    const { stdout } = await execFileAsync(lookupCommand, lookupArgs, {
+      encoding: 'utf-8',
+      timeout: 5000,
+      windowsHide: true,
+      env,
+    })
+    return stdout.split(/\r?\n/).map(line => line.trim()).filter(Boolean)
+  } catch {
+    return []
+  }
+}
+
+function windowsCommandNeedsShell(command: string): boolean {
+  const extension = extname(command).toLowerCase()
+  return extension === '.cmd' || extension === '.bat'
+}
+
+async function resolveCommandForExecution(command: string, env: NodeJS.ProcessEnv): Promise<string> {
+  if (process.platform !== 'win32') return command
+  const paths = await findCommandPaths(command, env)
+  // On Windows, prioritize paths with .cmd or .bat extensions since where may return
+  // both the unix-style script (without extension) and the Windows shim (.cmd)
+  const windowsPath = paths.find(path => windowsCommandNeedsShell(path))
+  return windowsPath || paths[0] || command
+}
+
+function commandExecution(command: string, args: string[]): { command: string; args: string[] } {
+  if (process.platform === 'win32' && windowsCommandNeedsShell(command)) {
+    // For CMD /C, the command and args need to be passed as a single string
+    // The command path should be quoted if it contains spaces, but args are joined directly
+    const commandArg = / /.test(command) ? `"${command}"` : command
+    const argsString = args.map(arg => / /.test(arg) ? `"${arg}"` : arg).join(' ')
+    return {
+      command: 'cmd.exe',
+      args: ['/d', '/s', '/c', `${commandArg} ${argsString}`],
+    }
+  }
+  return { command, args }
+}
+
+function packageParts(packageName: string): string[] {
+  return packageName.split('/').filter(Boolean)
+}
+
+function getPrefixFromPackagePath(path: string, packageName: string): string | null {
+  const normalized = path.replace(/\\/g, '/')
+  const parts = normalized.split('/').filter(Boolean)
+  const nodeModulesIndex = parts.lastIndexOf('node_modules')
+  const packageNameParts = packageParts(packageName)
+
+  if (nodeModulesIndex <= 0) return null
+  for (let i = 0; i < packageNameParts.length; i += 1) {
+    if (parts[nodeModulesIndex + 1 + i] !== packageNameParts[i]) return null
+  }
+
+  const libIndex = nodeModulesIndex - 1
+  if (parts[libIndex] !== 'lib') return null
+  const prefixParts = parts.slice(0, libIndex)
+  if (prefixParts.length === 0) return process.platform === 'win32' ? null : '/'
+  return `${normalized.startsWith('/') ? '/' : ''}${prefixParts.join('/')}`
+}
+
+async function getCommandPackagePrefixes(definition: CodingAgentDefinition, env: NodeJS.ProcessEnv): Promise<string[]> {
+  const commandPaths = await findCommandPaths(definition.command, env)
+  const prefixes = new Set<string>()
+
+  for (const commandPath of commandPaths) {
+    const candidates = [commandPath]
+    try {
+      candidates.push(realpathSync(commandPath))
+    } catch {
+      // Keep the unresolved command path as the fallback candidate.
+    }
+
+    for (const candidate of candidates) {
+      const prefix = getPrefixFromPackagePath(candidate, definition.packageName)
+      if (prefix) prefixes.add(prefix)
+    }
+  }
+  return [...prefixes]
+}
+
+function extractVersion(raw: string): string {
+  const trimmed = raw.trim()
+  return trimmed.match(/\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?/)?.[0] || trimmed.split(/\s+/)[0] || ''
+}
+
+async function getGlobalNpmBin(): Promise<string | null> {
+  if (typeof cachedGlobalNpmBin !== 'undefined') return cachedGlobalNpmBin
+  try {
+    const { stdout } = await runNpm(['prefix', '-g'], { timeout: 5000 })
+    const prefix = stdout.trim()
+    cachedGlobalNpmBin = prefix ? (process.platform === 'win32' ? prefix : join(prefix, 'bin')) : null
+  } catch {
+    cachedGlobalNpmBin = null
+  }
+  return cachedGlobalNpmBin
+}
+
+async function commandEnv(): Promise<NodeJS.ProcessEnv> {
+  const env = getCurrentNodeEnv()
+  const npmBin = await getGlobalNpmBin()
+  if (npmBin) {
+    const pathKey = Object.keys(env).find(key => key.toLowerCase() === 'path') || 'PATH'
+    const currentPath = env[pathKey] || ''
+    if (!currentPath.split(delimiter).includes(npmBin)) {
+      env[pathKey] = currentPath ? `${npmBin}${delimiter}${currentPath}` : npmBin
+    }
+  }
+  return env
+}
+
+export function getCodingAgentDefinitions(): CodingAgentDefinition[] {
+  return TOOL_DEFINITIONS.map(tool => ({ ...tool }))
+}
+
+export function getCodingAgentDefinition(id: string): CodingAgentDefinition | null {
+  return TOOL_DEFINITIONS.find(tool => tool.id === id) || null
+}
+
+export function getCodingAgentConfigFileDefinitions(id: string): CodingAgentConfigFileDefinition[] {
+  const tool = getCodingAgentDefinition(id)
+  if (!tool) return []
+  return CONFIG_FILE_DEFINITIONS[tool.id].map(file => ({
+    key: file.key,
+    path: file.path,
+    language: file.language,
+    absolutePath: expandHomePath(file.path),
+  }))
+}
+
+export async function getCodingAgentStatus(definition: CodingAgentDefinition): Promise<CodingAgentToolStatus> {
+  try {
+    const env = await commandEnv()
+    const resolvedCommand = await resolveCommandForExecution(definition.command, env)
+    const execution = commandExecution(resolvedCommand, ['--version'])
+    const { stdout, stderr } = await execFileAsync(execution.command, execution.args, {
+      encoding: 'utf-8',
+      timeout: 8000,
+      windowsHide: true,
+      env,
+    })
+    const rawVersion = `${stdout || ''}${stderr || ''}`.trim()
+    return {
+      ...definition,
+      installed: true,
+      version: extractVersion(rawVersion),
+      rawVersion,
+    }
+  } catch (err: any) {
+    return {
+      ...definition,
+      installed: false,
+      version: '',
+      rawVersion: '',
+      error: normalizeError(err),
+    }
+  }
+}
+
+export async function getCodingAgentsStatus(): Promise<CodingAgentsStatus> {
+  return {
+    tools: await Promise.all(TOOL_DEFINITIONS.map(tool => getCodingAgentStatus(tool))),
+  }
+}
+
+export async function installCodingAgent(id: string): Promise<CodingAgentMutationResult> {
+  const tool = getCodingAgentDefinition(id)
+  if (!tool) {
+    const err = new Error('Unknown coding agent')
+    ;(err as any).status = 400
+    throw err
+  }
+  if (installingTools.has(tool.id)) {
+    const err = new Error('Install is already running')
+    ;(err as any).status = 409
+    throw err
+  }
+
+  installingTools.add(tool.id)
+  try {
+    const env = await commandEnv()
+    await runNpm(['install', '-g', tool.packageName], {
+      timeout: 10 * 60 * 1000,
+      env,
+    })
+    cachedGlobalNpmBin = undefined
+    const status = await getCodingAgentStatus(tool)
+    const allStatus = await getCodingAgentsStatus()
+    return {
+      success: status.installed,
+      tool: status,
+      tools: allStatus.tools,
+      message: status.installed ? 'Installed' : status.error || 'Install completed but the command was not found',
+    }
+  } catch (err: any) {
+    const status = await getCodingAgentStatus(tool)
+    const allStatus = await getCodingAgentsStatus()
+    return {
+      success: false,
+      tool: status,
+      tools: allStatus.tools,
+      message: normalizeError(err),
+      code: normalizeErrorCode(err),
+    }
+  } finally {
+    installingTools.delete(tool.id)
+  }
+}
+
+export async function deleteCodingAgent(id: string): Promise<CodingAgentMutationResult> {
+  const tool = getCodingAgentDefinition(id)
+  if (!tool) {
+    const err = new Error('Unknown coding agent')
+    ;(err as any).status = 400
+    throw err
+  }
+  if (deletingTools.has(tool.id)) {
+    const err = new Error('Delete is already running')
+    ;(err as any).status = 409
+    throw err
+  }
+
+  deletingTools.add(tool.id)
+  try {
+    const env = await commandEnv()
+    const packagePrefixes = await getCommandPackagePrefixes(tool, env)
+    const uninstallArgsList = packagePrefixes.length > 0
+      ? packagePrefixes.map(prefix => ['uninstall', '-g', '--prefix', prefix, tool.packageName])
+      : [['uninstall', '-g', tool.packageName]]
+    for (const uninstallArgs of uninstallArgsList) {
+      await runNpm(uninstallArgs, {
+        timeout: 10 * 60 * 1000,
+        env,
+      })
+    }
+    cachedGlobalNpmBin = undefined
+    const status = await getCodingAgentStatus(tool)
+    const allStatus = await getCodingAgentsStatus()
+    return {
+      success: !status.installed,
+      tool: status,
+      tools: allStatus.tools,
+      message: !status.installed ? 'Deleted' : 'Delete completed but the command is still available',
+    }
+  } catch (err: any) {
+    const status = await getCodingAgentStatus(tool)
+    const allStatus = await getCodingAgentsStatus()
+    return {
+      success: false,
+      tool: status,
+      tools: allStatus.tools,
+      message: normalizeError(err),
+      code: normalizeErrorCode(err),
+    }
+  } finally {
+    deletingTools.delete(tool.id)
+  }
+}
+
+export async function readCodingAgentConfigFile(id: string, key: string, scope: CodingAgentConfigScope = {}): Promise<CodingAgentConfigFileContent> {
+  const definition = getLiveConfigFileDefinition(id, key)
+  if (!definition) {
+    const err = new Error('Unknown coding agent config file')
+    ;(err as any).status = 404
+    throw err
+  }
+  const normalizedScope = normalizeConfigScope(scope)
+
+  try {
+    const info = await stat(definition.absolutePath)
+    if (!info.isFile()) {
+      const err = new Error('Config path is not a file')
+      ;(err as any).status = 400
+      throw err
+    }
+    if (info.size > MAX_CONFIG_FILE_SIZE) {
+      const err = new Error('Config file is too large to edit')
+      ;(err as any).status = 413
+      throw err
+    }
+    return {
+      ...definition,
+      ...normalizedScope,
+      rootDir: dirname(definition.absolutePath),
+      content: await readFile(definition.absolutePath, 'utf-8'),
+      exists: true,
+      size: info.size,
+    }
+  } catch (err: any) {
+    if (err?.code !== 'ENOENT') throw err
+    return {
+      ...definition,
+      ...normalizedScope,
+      rootDir: dirname(definition.absolutePath),
+      content: '',
+      exists: false,
+      size: 0,
+    }
+  }
+}
+
+export async function writeCodingAgentConfigFile(id: string, key: string, content: string, scope: CodingAgentConfigScope = {}): Promise<CodingAgentConfigFileContent> {
+  const definition = getLiveConfigFileDefinition(id, key)
+  if (!definition) {
+    const err = new Error('Unknown coding agent config file')
+    ;(err as any).status = 404
+    throw err
+  }
+  const normalizedScope = normalizeConfigScope(scope)
+
+  const buffer = Buffer.from(content || '', 'utf-8')
+  if (buffer.length > MAX_CONFIG_FILE_SIZE) {
+    const err = new Error('Config file content is too large')
+    ;(err as any).status = 413
+    throw err
+  }
+
+  await mkdir(dirname(definition.absolutePath), { recursive: true })
+  await writeFile(definition.absolutePath, buffer)
+  return {
+    ...definition,
+    ...normalizedScope,
+    rootDir: dirname(definition.absolutePath),
+    content,
+    exists: true,
+    size: buffer.length,
+  }
+}
+
+export async function prepareCodingAgentLaunch(id: string, input: CodingAgentLaunchInput): Promise<CodingAgentLaunchResult> {
+  const tool = getCodingAgentDefinition(id)
+  if (!tool) {
+    const err = new Error('Unknown coding agent')
+    ;(err as any).status = 400
+    throw err
+  }
+
+  const mode = input.mode === 'global' ? 'global' : 'scoped'
+  if (mode === 'global') {
+    const scope = normalizeConfigScope({ profile: input.profile, provider: 'global' })
+    const workspaceDir = getScopedWorkspaceRoot(scope)
+    await mkdir(workspaceDir, { recursive: true })
+    const shellCommand = buildLaunchShellCommand({
+      workspaceDir,
+      env: {},
+      command: tool.command,
+      args: [],
+    })
+    return {
+      agentId: tool.id,
+      mode,
+      profile: scope.profile,
+      provider: scope.provider,
+      model: '',
+      rootDir: workspaceDir,
+      workspaceDir,
+      command: tool.command,
+      args: [],
+      env: {},
+      shellCommand,
+      files: [],
+    }
+  }
+
+  const provider = normalizeScopeSegment(input.provider, 'default', 'provider')
+  const scope = normalizeConfigScope({ profile: input.profile, provider })
+  const model = String(input.model || '').trim()
+  if (!model) {
+    const err = new Error('Model is required')
+    ;(err as any).status = 400
+    throw err
+  }
+
+  const baseUrl = String(input.baseUrl || '').trim()
+  const apiKey = String(input.apiKey || '').trim()
+  const preset = PROVIDER_PRESETS.find(item => item.value === provider)
+  const apiMode = normalizeLaunchApiMode(input.apiMode, preset?.api_mode || 'chat_completions')
+  const rootDir = getScopedConfigRoot(tool.id, scope)
+  const workspaceDir = getScopedWorkspaceRoot(scope)
+  await mkdir(rootDir, { recursive: true })
+  await mkdir(workspaceDir, { recursive: true })
+
+  const files: Array<{ key: string; path: string; absolutePath: string }> = []
+  const writeScopedFile = async (key: string, content: string) => {
+    const definition = getScopedConfigFileDefinition(tool.id, key, scope)
+    if (!definition) return
+    await mkdir(dirname(definition.absolutePath), { recursive: true })
+    await writeFile(definition.absolutePath, content, 'utf-8')
+    files.push({ key, path: definition.path, absolutePath: definition.absolutePath })
+  }
+
+  let args: string[] = []
+  let env: Record<string, string> = {}
+
+  if (tool.id === 'claude-code') {
+    const proxyTarget = baseUrl && apiKey
+      ? registerClaudeCodeProxyTarget({ provider, model, baseUrl, apiKey, apiMode })
+      : null
+    const claudeBaseUrl = proxyTarget?.baseUrl || baseUrl
+    const claudeApiKey = proxyTarget?.token || apiKey
+    const modelName = displayNameForModel(model)
+    const settings = {
+      model,
+      env: {
+        ...(claudeApiKey ? { ANTHROPIC_API_KEY: claudeApiKey } : {}),
+        ...(claudeBaseUrl ? { ANTHROPIC_BASE_URL: claudeBaseUrl } : {}),
+        ANTHROPIC_MODEL: model,
+        ANTHROPIC_CUSTOM_MODEL_OPTION: model,
+        ANTHROPIC_CUSTOM_MODEL_OPTION_NAME: modelName,
+        ANTHROPIC_DEFAULT_HAIKU_MODEL: model,
+        ANTHROPIC_DEFAULT_HAIKU_MODEL_NAME: modelName,
+        ANTHROPIC_DEFAULT_SONNET_MODEL: model,
+        ANTHROPIC_DEFAULT_SONNET_MODEL_NAME: modelName,
+        ANTHROPIC_DEFAULT_OPUS_MODEL: model,
+        ANTHROPIC_DEFAULT_OPUS_MODEL_NAME: modelName,
+      },
+    }
+    await writeScopedFile('settings', `${JSON.stringify(settings, null, 2)}\n`)
+    await writeScopedFile('mcp', `${JSON.stringify({ mcpServers: {} }, null, 2)}\n`)
+
+    const settingsPath = join(rootDir, 'settings.json')
+    const mcpPath = join(rootDir, 'mcp.json')
+    args = ['--settings', settingsPath, '--mcp-config', mcpPath]
+  } else {
+    if (apiMode !== 'chat_completions' && apiMode !== 'codex_responses' && apiMode !== 'anthropic_messages') {
+      const err = new Error('Codex launch only supports OpenAI Chat Completions, OpenAI Responses, or Anthropic Messages providers')
+      ;(err as any).status = 400
+      throw err
+    }
+    const proxyTarget = apiMode !== 'codex_responses' && baseUrl && apiKey
+      ? registerCodexProxyTarget({ profile: scope.profile, provider, model, baseUrl, apiKey, apiMode })
+      : null
+    const codexBaseUrl = proxyTarget?.baseUrl || baseUrl
+    const codexApiKey = proxyTarget?.token || apiKey
+    const providerId = 'custom'
+    const catalogPath = join(rootDir, CODEX_MODEL_CATALOG_FILE)
+    const configToml = [
+      `model_catalog_json = ${JSON.stringify(catalogPath)}`,
+      `model_provider = ${JSON.stringify(providerId)}`,
+      `model = ${JSON.stringify(model)}`,
+      'disable_response_storage = true',
+      '',
+      `[model_providers.${providerId}]`,
+      `name = ${JSON.stringify(provider)}`,
+      ...(codexBaseUrl ? [`base_url = ${JSON.stringify(codexBaseUrl)}`] : []),
+      'wire_api = "responses"',
+      'requires_openai_auth = false',
+      ...(codexApiKey ? [`experimental_bearer_token = ${JSON.stringify(codexApiKey)}`] : []),
+      '',
+    ].join('\n')
+    const catalog = buildCodexModelCatalog({
+      profile: scope.profile,
+      provider,
+      model,
+      presetModels: Array.isArray(preset?.models) ? preset.models : [],
+    })
+    await writeFile(catalogPath, `${JSON.stringify(catalog, null, 2)}\n`, 'utf-8')
+    files.push({ key: 'model_catalog', path: CODEX_MODEL_CATALOG_FILE, absolutePath: catalogPath })
+    await writeScopedFile('config', configToml)
+    await writeScopedFile('auth', `${JSON.stringify({}, null, 2)}\n`)
+
+    env = { CODEX_HOME: rootDir }
+    args = ['--model', model]
+  }
+
+  const shellCommand = buildLaunchShellCommand({
+    workspaceDir,
+    env,
+    command: tool.command,
+    args,
+  })
+
+  return {
+    agentId: tool.id,
+    mode,
+    profile: scope.profile,
+    provider: scope.provider,
+    model,
+    rootDir,
+    workspaceDir,
+    command: tool.command,
+    args,
+    env,
+    shellCommand,
+    files,
+  }
+}
+
+export async function openCodingAgentNativeTerminal(id: string, input: CodingAgentLaunchInput): Promise<CodingAgentNativeLaunchResult> {
+  const launch = await prepareCodingAgentLaunch(id, input)
+  const terminal = await openNativeTerminal(launch.shellCommand)
+  return {
+    ...launch,
+    nativeTerminal: true,
+    terminal,
+  }
+}
diff --git a/packages/server/src/services/config-helpers.ts b/packages/server/src/services/config-helpers.ts
new file mode 100644
index 0000000..7f02e43
--- /dev/null
+++ b/packages/server/src/services/config-helpers.ts
@@ -0,0 +1,295 @@
+import { readFile, chmod } from 'fs/promises'
+import { readdir, stat } from 'fs/promises'
+import { existsSync, readFileSync } from 'fs'
+import { join } from 'path'
+import { getActiveProfileDir, getActiveConfigPath, getActiveEnvPath, getProfileDir } from './hermes/hermes-profile'
+import { logger } from './logger'
+import { safeFileStore } from './safe-file-store'
+
+// --- Provider env var mapping (from hermes providers.py HERMES_OVERLAYS + config.py) ---
+export const PROVIDER_ENV_MAP: Record<string, { api_key_env: string; base_url_env: string }> = {
+  'fun-codex': { api_key_env: '', base_url_env: '' },
+  'fun-claude': { api_key_env: '', base_url_env: '' },
+  lmstudio: { api_key_env: 'LM_API_KEY', base_url_env: 'LM_BASE_URL' },
+  openrouter: { api_key_env: 'OPENROUTER_API_KEY', base_url_env: 'OPENROUTER_BASE_URL' },
+  'glm-coding-plan': { api_key_env: '', base_url_env: '' },
+  zai: { api_key_env: 'GLM_API_KEY', base_url_env: 'GLM_BASE_URL' },
+  'kimi-coding': { api_key_env: 'KIMI_API_KEY', base_url_env: 'KIMI_BASE_URL' },
+  'kimi-coding-cn': { api_key_env: 'KIMI_CN_API_KEY', base_url_env: '' },
+  minimax: { api_key_env: 'MINIMAX_API_KEY', base_url_env: 'MINIMAX_BASE_URL' },
+  'minimax-cn': { api_key_env: 'MINIMAX_CN_API_KEY', base_url_env: 'MINIMAX_CN_BASE_URL' },
+  deepseek: { api_key_env: 'DEEPSEEK_API_KEY', base_url_env: 'DEEPSEEK_BASE_URL' },
+  alibaba: { api_key_env: 'DASHSCOPE_API_KEY', base_url_env: 'DASHSCOPE_BASE_URL' },
+  'alibaba-coding-plan': { api_key_env: 'ALIBABA_CODING_PLAN_API_KEY', base_url_env: 'ALIBABA_CODING_PLAN_BASE_URL' },
+  anthropic: { api_key_env: 'ANTHROPIC_API_KEY', base_url_env: 'ANTHROPIC_BASE_URL' },
+  xai: { api_key_env: 'XAI_API_KEY', base_url_env: 'XAI_BASE_URL' },
+  'xai-oauth': { api_key_env: '', base_url_env: '' },
+  xiaomi: { api_key_env: 'XIAOMI_API_KEY', base_url_env: 'XIAOMI_BASE_URL' },
+  'xiaomi-token-plan': { api_key_env: 'XIAOMI_TOKEN_PLAN_API_KEY', base_url_env: 'XIAOMI_TOKEN_PLAN_BASE_URL' },
+  gemini: { api_key_env: 'GEMINI_API_KEY', base_url_env: 'GEMINI_BASE_URL' },
+  kilocode: { api_key_env: 'KILO_API_KEY', base_url_env: 'KILOCODE_BASE_URL' },
+  'ai-gateway': { api_key_env: 'AI_GATEWAY_API_KEY', base_url_env: 'AI_GATEWAY_BASE_URL' },
+  cliproxyapi: { api_key_env: '', base_url_env: '' },
+  'opencode-zen': { api_key_env: 'OPENCODE_ZEN_API_KEY', base_url_env: 'OPENCODE_ZEN_BASE_URL' },
+  'opencode-go': { api_key_env: 'OPENCODE_GO_API_KEY', base_url_env: 'OPENCODE_GO_BASE_URL' },
+  huggingface: { api_key_env: 'HF_TOKEN', base_url_env: 'HF_BASE_URL' },
+  nvidia: { api_key_env: 'NVIDIA_API_KEY', base_url_env: 'NVIDIA_BASE_URL' },
+  novita: { api_key_env: 'NOVITA_API_KEY', base_url_env: 'NOVITA_BASE_URL' },
+  gmi: { api_key_env: 'GMI_API_KEY', base_url_env: 'GMI_BASE_URL' },
+  arcee: { api_key_env: 'ARCEE_API_KEY', base_url_env: 'ARCEE_BASE_URL' },
+  stepfun: { api_key_env: 'STEPFUN_API_KEY', base_url_env: 'STEPFUN_BASE_URL' },
+  'ollama-cloud': { api_key_env: 'OLLAMA_API_KEY', base_url_env: 'OLLAMA_BASE_URL' },
+  nous: { api_key_env: '', base_url_env: '' },
+  'openai-codex': { api_key_env: '', base_url_env: '' },
+  'openai-api': { api_key_env: 'OPENAI_API_KEY', base_url_env: 'OPENAI_BASE_URL' },
+  copilot: { api_key_env: 'GITHUB_TOKEN', base_url_env: '' },
+  longcat: { api_key_env: 'LONGCAT_API_KEY', base_url_env: 'LONGCAT_BASE_URL' },
+  'tencent-tokenhub': { api_key_env: 'TENCENT_TOKENHUB_API_KEY', base_url_env: 'TOKENHUB_BASE_URL' },
+}
+
+// --- Types ---
+
+export type SkillSource = 'builtin' | 'hub' | 'local' | 'external'
+
+export interface SkillInfo {
+  name: string
+  description: string
+  enabled: boolean
+  source?: SkillSource
+}
+
+export interface SkillCategory {
+  name: string
+  description: string
+  skills: SkillInfo[]
+}
+
+export interface ModelInfo {
+  id: string
+  label: string
+}
+
+export interface ModelGroup {
+  provider: string
+  models: ModelInfo[]
+}
+
+// --- Config YAML helpers ---
+
+const configPath = () => getActiveConfigPath()
+const configPathForProfile = (profile: string) => join(getProfileDir(profile), 'config.yaml')
+const envPathForProfile = (profile: string) => join(getProfileDir(profile), '.env')
+
+export async function readConfigYaml(): Promise<Record<string, any>> {
+  return safeFileStore.readYaml(configPath())
+}
+
+export async function readConfigYamlForProfile(profile: string): Promise<Record<string, any>> {
+  return safeFileStore.readYaml(configPathForProfile(profile))
+}
+
+export async function writeConfigYaml(config: Record<string, any>): Promise<void> {
+  await safeFileStore.writeYaml(configPath(), config, { backup: true })
+}
+
+export async function updateConfigYaml<T = void>(
+  updater: (config: Record<string, any>) => Record<string, any> | { data: Record<string, any>; result: T; write?: boolean } | Promise<Record<string, any> | { data: Record<string, any>; result: T; write?: boolean }>,
+): Promise<T | undefined> {
+  return safeFileStore.updateYaml(configPath(), updater, { backup: true })
+}
+
+export async function updateConfigYamlForProfile<T = void>(
+  profile: string,
+  updater: (config: Record<string, any>) => Record<string, any> | { data: Record<string, any>; result: T; write?: boolean } | Promise<Record<string, any> | { data: Record<string, any>; result: T; write?: boolean }>,
+): Promise<T | undefined> {
+  return safeFileStore.updateYaml(configPathForProfile(profile), updater, { backup: true })
+}
+
+export function stripLegacyApiServerGatewayConfig(config: Record<string, any>): { config: Record<string, any>; changed: boolean } {
+  if (!config.platforms || typeof config.platforms !== 'object' || Array.isArray(config.platforms)) {
+    return { config, changed: false }
+  }
+
+  if (config.platforms.api_server !== undefined) {
+    delete config.platforms.api_server
+    if (Object.keys(config.platforms).length === 0) delete config.platforms
+    return { config, changed: true }
+  }
+
+  return { config, changed: false }
+}
+
+// --- .env helpers ---
+
+function assertValidEnvKey(key: string): void {
+  if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key)) {
+    throw new Error(`Invalid .env key: ${JSON.stringify(key)}`)
+  }
+}
+
+async function saveEnvValueAtPath(envPath: string, key: string, value: string): Promise<void> {
+  assertValidEnvKey(key)
+  await safeFileStore.updateText(envPath, (raw) => {
+    const remove = !value
+    const lines = raw.split('\n')
+    let found = false
+    const result: string[] = []
+    for (const line of lines) {
+      const trimmed = line.trim()
+      if (trimmed.startsWith('#') && trimmed.startsWith(`# ${key}=`)) {
+        if (!remove) result.push(`${key}=${value}`)
+        found = true
+      } else {
+        const eqIdx = trimmed.indexOf('=')
+        if (eqIdx !== -1 && trimmed.slice(0, eqIdx).trim() === key) {
+          if (!remove) result.push(`${key}=${value}`)
+          found = true
+        } else {
+          result.push(line)
+        }
+      }
+    }
+    if (!found && !remove) {
+      result.push(`${key}=${value}`)
+    }
+    return result.join('\n').replace(/\n{3,}/g, '\n\n').replace(/\n+$/, '') + '\n'
+  })
+  try { await chmod(envPath, 0o600) } catch { /* ignore */ }
+}
+
+export async function saveEnvValue(key: string, value: string): Promise<void> {
+  await saveEnvValueAtPath(getActiveEnvPath(), key, value)
+}
+
+export async function saveEnvValueForProfile(profile: string, key: string, value: string): Promise<void> {
+  await saveEnvValueAtPath(envPathForProfile(profile), key, value)
+}
+
+// --- File helpers ---
+
+export async function safeReadFile(filePath: string): Promise<string | null> {
+  try {
+    return await readFile(filePath, 'utf-8')
+  } catch {
+    return null
+  }
+}
+
+export async function safeStat(filePath: string): Promise<{ mtime: number } | null> {
+  try {
+    const s = await stat(filePath)
+    return { mtime: Math.round(s.mtimeMs) }
+  } catch {
+    return null
+  }
+}
+
+// --- Skill helpers ---
+
+export function extractDescription(content: string): string {
+  const lines = content.split('\n')
+  let inFrontmatter = false
+  let bodyStarted = false
+
+  for (const line of lines) {
+    if (!bodyStarted && line.trim() === '---') {
+      if (!inFrontmatter) {
+        inFrontmatter = true
+        continue
+      } else {
+        inFrontmatter = false
+        bodyStarted = true
+        continue
+      }
+    }
+    if (inFrontmatter) continue
+    if (line.trim() === '') continue
+    if (line.startsWith('#')) continue
+    return line.trim().slice(0, 80)
+  }
+  return ''
+}
+
+export async function listFilesRecursive(dir: string, prefix: string): Promise<{ path: string; name: string }[]> {
+  const result: { path: string; name: string }[] = []
+  let entries
+  try {
+    entries = await readdir(dir, { withFileTypes: true })
+  } catch {
+    return result
+  }
+  for (const entry of entries) {
+    const relPath = prefix ? `${prefix}/${entry.name}` : entry.name
+    if (entry.isDirectory()) {
+      result.push(...await listFilesRecursive(join(dir, entry.name), relPath))
+    } else {
+      result.push({ path: relPath, name: entry.name })
+    }
+  }
+  return result
+}
+
+// --- Provider model helpers ---
+
+export async function fetchProviderModels(baseUrl: string, apiKey: string, freeOnly = false): Promise<string[]> {
+  const base = baseUrl.replace(/\/+$/, '')
+  const modelsUrl = /\/v\d+\/?$/.test(base) ? `${base}/models` : `${base}/v1/models`
+  try {
+    const res = await fetch(modelsUrl, {
+      headers: { Authorization: `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(8000),
+    })
+    if (!res.ok) {
+      logger.warn('available-models %s returned %d', modelsUrl, res.status)
+      return []
+    }
+    const data = await res.json() as { data?: Array<{ id: string }> }
+    if (!Array.isArray(data.data)) {
+      logger.warn('available-models %s returned unexpected format', modelsUrl)
+      return []
+    }
+    let models = data.data.map(m => m.id)
+    if (freeOnly) models = models.filter(m => m.endsWith(':free'))
+    return models.sort()
+  } catch (err: any) {
+    logger.error(err, 'available-models %s failed', modelsUrl)
+    return []
+  }
+}
+
+export function buildModelGroups(config: Record<string, any>): { default: string; groups: ModelGroup[] } {
+  let defaultModel = ''
+  const groups: ModelGroup[] = []
+
+  // 1. Extract current model
+  const modelSection = config.model
+  if (typeof modelSection === 'object' && modelSection !== null) {
+    defaultModel = String(modelSection.default || '').trim()
+  } else if (typeof modelSection === 'string') {
+    defaultModel = modelSection.trim()
+  }
+
+  // 2. Extract custom_providers section
+  const customProviders = config.custom_providers
+  if (Array.isArray(customProviders)) {
+    const customModels: ModelInfo[] = []
+    for (const entry of customProviders) {
+      if (entry && typeof entry === 'object') {
+        const cName = String(entry.name || '').trim()
+        const cModel = String(entry.model || '').trim()
+        if (cName && cModel) {
+          customModels.push({ id: cModel, label: `${cName}: ${cModel}` })
+        }
+      }
+    }
+    if (customModels.length > 0) {
+      groups.push({ provider: 'Custom', models: customModels })
+    }
+  }
+
+  return { default: defaultModel, groups }
+}
+
+// --- Profile directory helper ---
+
+export const getHermesDir = () => getActiveProfileDir()
diff --git a/packages/server/src/services/credentials.ts b/packages/server/src/services/credentials.ts
new file mode 100644
index 0000000..79287f5
--- /dev/null
+++ b/packages/server/src/services/credentials.ts
@@ -0,0 +1,59 @@
+import { readFile, writeFile, mkdir, unlink } from 'fs/promises'
+import { existsSync } from 'fs'
+import { join } from 'path'
+import { scryptSync, randomBytes } from 'node:crypto'
+import { config } from '../config'
+
+const APP_HOME = config.appHome
+const CREDENTIALS_FILE = join(APP_HOME, '.credentials')
+
+export interface Credentials {
+  username: string
+  password_hash: string
+  salt: string
+  created_at: number
+}
+
+const SCRYPT_OPTIONS = { N: 16384, r: 8, p: 1, maxmem: 64 * 1024 * 1024 }
+
+function hashPassword(password: string, salt: string): string {
+  return scryptSync(password, salt, 64, SCRYPT_OPTIONS).toString('hex')
+}
+
+export async function getCredentials(): Promise<Credentials | null> {
+  try {
+    const data = await readFile(CREDENTIALS_FILE, 'utf-8')
+    return JSON.parse(data)
+  } catch {
+    return null
+  }
+}
+
+export async function setCredentials(username: string, password: string): Promise<Credentials> {
+  const salt = randomBytes(16).toString('hex')
+  const password_hash = hashPassword(password, salt)
+  const cred: Credentials = { username, password_hash, salt, created_at: Date.now() }
+  await mkdir(APP_HOME, { recursive: true })
+  await writeFile(CREDENTIALS_FILE, JSON.stringify(cred, null, 2), { mode: 0o600 })
+  return cred
+}
+
+export async function deleteCredentials(): Promise<void> {
+  try {
+    await unlink(CREDENTIALS_FILE)
+  } catch {
+    // File may not exist
+  }
+}
+
+export async function verifyCredentials(username: string, password: string): Promise<boolean> {
+  const cred = await getCredentials()
+  if (!cred) return false
+  if (cred.username !== username) return false
+  const computed = hashPassword(password, cred.salt)
+  return computed === cred.password_hash
+}
+
+export function credentialsFileExists(): boolean {
+  return existsSync(CREDENTIALS_FILE)
+}
diff --git a/packages/server/src/services/hermes/agent-bridge/README.md b/packages/server/src/services/hermes/agent-bridge/README.md
new file mode 100644
index 0000000..69209fb
--- /dev/null
+++ b/packages/server/src/services/hermes/agent-bridge/README.md
@@ -0,0 +1,99 @@
+# Agent Bridge
+
+Optional backend-side bridge for talking to Hermes Agent by instantiating
+`run_agent.AIAgent` directly in a Python process.
+
+This is intentionally separate from the current Web UI chat path.
+
+## Python Service
+
+```bash
+python packages/server/src/services/hermes/agent-bridge/hermes_bridge.py
+```
+
+Default endpoint:
+
+```text
+ipc:///tmp/hermes-agent-bridge.sock
+```
+
+On Windows, the default endpoint is TCP because Python may not support Unix
+domain sockets there:
+
+```text
+tcp://127.0.0.1:18765
+```
+
+Override with:
+
+```bash
+HERMES_AGENT_BRIDGE_ENDPOINT=tcp://127.0.0.1:8765 python packages/server/src/services/hermes/agent-bridge/hermes_bridge.py
+```
+
+Profile workers use the same platform defaults: TCP on Windows and IPC on
+macOS/Linux. Override worker transport with:
+
+```bash
+HERMES_AGENT_BRIDGE_WORKER_TRANSPORT=tcp HERMES_AGENT_BRIDGE_WORKER_PORT_BASE=18780 python packages/server/src/services/hermes/agent-bridge/hermes_bridge.py
+```
+
+The service discovers Hermes Agent in this order:
+
+1. `--agent-root`
+2. `HERMES_AGENT_ROOT`
+3. the installed `hermes` command path
+4. current working directory and parent directories
+5. common locations such as `~/.hermes/hermes-agent`, `~/hermes-agent`, and `/opt/hermes-agent`
+6. the `hermes-agent` package installed in the selected Python environment
+
+Hermes home is resolved from `--hermes-home`, `HERMES_HOME`, then `~/.hermes`.
+
+Default agent root:
+
+```text
+~/.hermes/hermes-agent
+```
+
+You can pass both paths explicitly:
+
+```bash
+python packages/server/src/services/hermes/agent-bridge/hermes_bridge.py \
+  --agent-root ~/.hermes/hermes-agent \
+  --hermes-home ~/.hermes
+```
+
+If no source checkout containing `run_agent.py` is found, the bridge falls back
+to importing `run_agent` from the Python environment. This supports package
+installs such as `pip install hermes-agent`. The Node manager prefers the source
+checkout's virtualenv when a checkout exists, then the Python interpreter from
+the installed `hermes` command, then the system Python.
+
+The socket transport uses Python and Node standard libraries. No ZMQ dependency
+is required.
+
+## Backend Usage
+
+```ts
+import { AgentBridgeClient } from './services/hermes/agent-bridge'
+
+const bridge = new AgentBridgeClient()
+const run = await bridge.chat(sessionId, message)
+
+for await (const chunk of bridge.streamOutput(run.run_id)) {
+  if (chunk.delta) {
+    // forward chunk.delta to Socket.IO/SSE/etc.
+  }
+}
+```
+
+The external chat call only sends `session_id` and `message`. Provider, model,
+keys, tools, reasoning, and session DB are resolved by hermes-agent from the
+normal Hermes config and environment.
+
+The bridge instantiates `AIAgent` with `platform="cli"` by default so behavior
+matches CLI chat. Override it only if a caller intentionally needs a distinct
+platform identity:
+
+```bash
+HERMES_AGENT_BRIDGE_PLATFORM=agent-bridge python packages/server/src/services/hermes/agent-bridge/hermes_bridge.py
+```
diff --git a/packages/server/src/services/hermes/agent-bridge/client.ts b/packages/server/src/services/hermes/agent-bridge/client.ts
new file mode 100644
index 0000000..1c231f0
--- /dev/null
+++ b/packages/server/src/services/hermes/agent-bridge/client.ts
@@ -0,0 +1,621 @@
+import { setTimeout as delay } from 'timers/promises'
+import { createConnection, type Socket } from 'net'
+import { tmpdir } from 'os'
+import { URL } from 'url'
+import { join } from 'path'
+import { bridgeLogger } from '../../logger'
+import { getActiveProfileName, getProfileDir } from '../hermes-profile'
+import type { McpActionResponse } from '../mcp-types'
+
+function resolveDefaultAgentBridgeEndpoint(): string {
+  if (process.env.VITEST) {
+    return process.platform === 'win32'
+      ? `tcp://127.0.0.1:${28000 + (process.pid % 10000)}`
+      : `ipc://${join(tmpdir(), `hermes-agent-bridge-test-${process.pid}.sock`)}`
+  }
+  return process.platform === 'win32'
+    ? 'tcp://127.0.0.1:18765'
+    : 'ipc:///tmp/hermes-agent-bridge.sock'
+}
+
+export const DEFAULT_AGENT_BRIDGE_ENDPOINT = resolveDefaultAgentBridgeEndpoint()
+export const DEFAULT_AGENT_BRIDGE_TIMEOUT_MS = 120000
+
+function envPositiveInt(name: string): number | undefined {
+  const raw = process.env[name]
+  if (!raw) return undefined
+  const value = Number(raw)
+  return Number.isFinite(value) && value > 0 ? value : undefined
+}
+
+export type AgentBridgeStatus = 'running' | 'complete' | 'interrupted' | 'error'
+
+export interface AgentBridgeOptions {
+  endpoint?: string
+  timeoutMs?: number
+  connectRetryMs?: number
+}
+
+export interface AgentBridgeRequestOptions {
+  timeoutMs?: number
+  serialize?: boolean
+}
+
+export interface AgentBridgeChatOptions {
+  force_compress?: boolean
+  storage_message?: AgentBridgeMessage
+  model?: string
+  provider?: string
+  source?: string
+  wait?: boolean
+  timeout?: number
+}
+
+export type AgentBridgeMessage =
+  | string
+  | Array<Record<string, unknown>>
+
+export interface AgentBridgeResponse {
+  ok: true
+  [key: string]: unknown
+}
+
+export interface AgentBridgeChatStarted extends AgentBridgeResponse {
+  run_id: string
+  session_id: string
+  status: AgentBridgeStatus
+}
+
+export interface AgentBridgeOutput extends AgentBridgeResponse {
+  run_id: string
+  session_id: string
+  status: AgentBridgeStatus
+  delta: string
+  cursor: number
+  output: string
+  done: boolean
+  result?: unknown
+  error?: string | null
+  events: Array<Record<string, unknown>>
+  event_cursor: number
+}
+
+export interface AgentBridgeRunResult extends AgentBridgeResponse {
+  run_id: string
+  session_id: string
+  status: AgentBridgeStatus
+  output: string
+  deltas: string[]
+  events: unknown[]
+  result?: unknown
+  error?: string | null
+}
+
+export interface AgentBridgeContextEstimate extends AgentBridgeResponse {
+  session_id: string
+  token_count?: number | null
+  fixed_context_tokens?: number | null
+  system_prompt_tokens?: number | null
+  tool_tokens?: number | null
+  message_count: number
+  tool_count: number
+  tool_names?: string[]
+  system_prompt_chars: number
+  profile?: string
+  model?: string
+  provider?: string
+}
+
+export interface AgentBridgeCommandResult extends AgentBridgeResponse {
+  session_id: string
+  command: string
+  handled: boolean
+  type?: string
+  action?: string
+  message?: string
+  output?: string
+  notice?: string
+  loaded?: string[]
+  missing?: string[]
+  new_session_id?: string
+  history?: unknown[]
+  retry?: boolean
+  retry_input?: AgentBridgeMessage
+  title?: string
+  kickoff_prompt?: string
+  clear_goal_continuations?: boolean
+  max_turns?: number
+}
+
+export interface AgentBridgeGoalEvaluation extends AgentBridgeResponse {
+  session_id: string
+  handled: boolean
+  active?: boolean
+  status?: string | null
+  should_continue?: boolean
+  continuation_prompt?: string | null
+  verdict?: string
+  reason?: string
+  message?: string
+}
+
+export interface AgentBridgeGoalPause extends AgentBridgeResponse {
+  session_id: string
+  handled: boolean
+  active?: boolean
+  status?: string | null
+  reason?: string
+  message?: string
+}
+
+export class AgentBridgeError extends Error {
+  response?: unknown
+}
+
+export class AgentBridgeClient {
+  readonly endpoint: string
+  readonly timeoutMs: number
+  readonly connectRetryMs: number
+  private lock: Promise<unknown> = Promise.resolve()
+
+  constructor(options: AgentBridgeOptions = {}) {
+    this.endpoint = options.endpoint || process.env.HERMES_AGENT_BRIDGE_ENDPOINT || DEFAULT_AGENT_BRIDGE_ENDPOINT
+    this.timeoutMs = options.timeoutMs ?? envPositiveInt('HERMES_AGENT_BRIDGE_TIMEOUT_MS') ?? DEFAULT_AGENT_BRIDGE_TIMEOUT_MS
+    this.connectRetryMs = options.connectRetryMs ?? envPositiveInt('HERMES_AGENT_BRIDGE_CONNECT_RETRY_MS') ?? 5000
+  }
+
+  private summarizePayload(payload: Record<string, unknown>): Record<string, unknown> {
+    const action = String(payload.action || '')
+    const summary: Record<string, unknown> = { action }
+    for (const key of ['session_id', 'run_id', 'request_id', 'approval_id', 'profile', 'worker_key']) {
+      if (payload[key] != null) summary[key] = payload[key]
+    }
+    if (Array.isArray(payload.conversation_history)) summary.conversation_history_count = payload.conversation_history.length
+    if (Array.isArray(payload.messages)) summary.messages_count = payload.messages.length
+    if (typeof payload.message === 'string') summary.message_chars = payload.message.length
+    else if (Array.isArray(payload.message)) summary.message_parts = payload.message.length
+    if (typeof payload.command === 'string') summary.command = payload.command
+    if (typeof payload.text === 'string') summary.text_chars = payload.text.length
+    if (typeof payload.error === 'string') summary.error = payload.error
+    if (payload.force_compress === true) summary.force_compress = true
+    return summary
+  }
+
+  private summarizeResponse(response: Record<string, unknown>): Record<string, unknown> {
+    const summary: Record<string, unknown> = { ok: response.ok === true }
+    for (const key of ['session_id', 'run_id', 'request_id', 'status', 'cursor', 'event_cursor']) {
+      if (response[key] != null) summary[key] = response[key]
+    }
+    if (typeof response.delta === 'string') summary.delta_chars = response.delta.length
+    if (typeof response.output === 'string') summary.output_chars = response.output.length
+    if (Array.isArray(response.events)) summary.events_count = response.events.length
+    if (typeof response.error === 'string') summary.error = response.error
+    if (Array.isArray(response.history)) summary.history_count = response.history.length
+    return summary
+  }
+
+  private runtimeContext(payload: Record<string, unknown>): Record<string, unknown> {
+    const requestedProfile = typeof payload.profile === 'string' ? payload.profile.trim() : ''
+    let profile = requestedProfile || 'default'
+    try {
+      if (!requestedProfile) profile = getActiveProfileName()
+    } catch {}
+
+    const context: Record<string, unknown> = {
+      profile,
+      cwd: process.cwd(),
+    }
+    try {
+      const profileDir = getProfileDir(profile)
+      context.profile_dir = profileDir
+      context.config_path = join(profileDir, 'config.yaml')
+    } catch {}
+    return context
+  }
+
+  async connect(): Promise<this> {
+    return this
+  }
+
+  async close(): Promise<void> {
+    return undefined
+  }
+
+  private connectSocketOnce(): Promise<Socket> {
+    return new Promise((resolveConnect, rejectConnect) => {
+      const endpoint = this.endpoint
+      let socket: Socket
+      if (endpoint.startsWith('ipc://')) {
+        socket = createConnection(endpoint.slice('ipc://'.length))
+      } else if (endpoint.startsWith('tcp://')) {
+        const url = new URL(endpoint)
+        socket = createConnection({
+          host: url.hostname || '127.0.0.1',
+          port: Number(url.port),
+        })
+      } else {
+        rejectConnect(new Error(`unsupported agent bridge endpoint: ${endpoint}`))
+        return
+      }
+
+      const cleanup = () => {
+        socket.off('connect', onConnect)
+        socket.off('error', onError)
+      }
+      const onConnect = () => {
+        cleanup()
+        resolveConnect(socket)
+      }
+      const onError = (err: Error) => {
+        cleanup()
+        socket.destroy()
+        rejectConnect(err)
+      }
+      socket.once('connect', onConnect)
+      socket.once('error', onError)
+    })
+  }
+
+  private isRetryableConnectError(err: any): boolean {
+    const code = String(err?.code || '')
+    return ['ECONNREFUSED', 'ENOENT', 'ECONNRESET', 'EPIPE', 'ETIMEDOUT'].includes(code)
+  }
+
+  private async connectSocket(): Promise<Socket> {
+    const deadline = Date.now() + Math.max(0, this.connectRetryMs)
+    for (;;) {
+      try {
+        return await this.connectSocketOnce()
+      } catch (err) {
+        if (!this.isRetryableConnectError(err) || Date.now() >= deadline) {
+          throw err
+        }
+        await delay(100)
+      }
+    }
+  }
+
+  private readResponse(socket: Socket, timeoutMs: number): Promise<string> {
+    return new Promise((resolveRead, rejectRead) => {
+      let buffer = ''
+      const timeout = timeoutMs > 0
+        ? setTimeout(() => {
+            cleanup()
+            socket.destroy()
+            rejectRead(new Error(`Agent bridge request timed out after ${timeoutMs}ms`))
+          }, timeoutMs)
+        : null
+
+      const cleanup = () => {
+        if (timeout) clearTimeout(timeout)
+        socket.off('data', onData)
+        socket.off('error', onError)
+        socket.off('end', onEnd)
+        socket.off('close', onClose)
+      }
+      const finish = (line: string) => {
+        cleanup()
+        socket.end()
+        resolveRead(line)
+      }
+      const onData = (chunk: Buffer) => {
+        buffer += chunk.toString('utf8')
+        const idx = buffer.indexOf('\n')
+        if (idx >= 0) finish(buffer.slice(0, idx))
+      }
+      const onError = (err: Error) => {
+        cleanup()
+        socket.destroy()
+        rejectRead(err)
+      }
+      const onEnd = () => {
+        const line = buffer.trim()
+        if (line) finish(line)
+      }
+      const onClose = () => {
+        if (!buffer.trim()) {
+          cleanup()
+          rejectRead(new Error('Agent bridge socket closed without a response'))
+        }
+      }
+
+      socket.on('data', onData)
+      socket.once('error', onError)
+      socket.once('end', onEnd)
+      socket.once('close', onClose)
+    })
+  }
+
+  async request<T extends AgentBridgeResponse = AgentBridgeResponse>(
+    payload: Record<string, unknown>,
+    options: AgentBridgeRequestOptions = {},
+  ): Promise<T> {
+    const run = async (): Promise<T> => {
+      const timeoutMs = options.timeoutMs || this.timeoutMs
+      const startedAt = Date.now()
+      const action = String(payload.action || '')
+      const shouldLogRequest = action !== 'get_output'
+      const runtimeContext = shouldLogRequest ? this.runtimeContext(payload) : undefined
+      if (shouldLogRequest) {
+        bridgeLogger.info({
+          endpoint: this.endpoint,
+          timeoutMs,
+          runtime: runtimeContext,
+          request: this.summarizePayload(payload),
+        }, '[agent-bridge-client] request')
+      }
+      try {
+        const socket = await this.connectSocket()
+        socket.write(`${JSON.stringify(payload)}\n`)
+        const raw = await this.readResponse(socket, timeoutMs)
+        const response = JSON.parse(raw) as { ok?: boolean; error?: string }
+        if (!response.ok) {
+          const error = new AgentBridgeError(response.error || 'Agent bridge request failed')
+          error.response = response
+          bridgeLogger.warn({
+            durationMs: Date.now() - startedAt,
+            runtime: runtimeContext,
+            response: this.summarizeResponse(response as Record<string, unknown>),
+          }, '[agent-bridge-client] request rejected')
+          throw error
+        }
+        if (shouldLogRequest) {
+          bridgeLogger.info({
+            durationMs: Date.now() - startedAt,
+            runtime: runtimeContext,
+            response: this.summarizeResponse(response as Record<string, unknown>),
+          }, '[agent-bridge-client] response')
+        }
+        return response as T
+      } catch (err: any) {
+        if (!(err instanceof AgentBridgeError)) {
+          bridgeLogger.error({
+            durationMs: Date.now() - startedAt,
+            err: { message: err?.message, name: err?.name },
+            runtime: runtimeContext,
+            request: this.summarizePayload(payload),
+          }, '[agent-bridge-client] request failed')
+        }
+        throw err
+      }
+    }
+
+    if (!options.serialize) {
+      return run()
+    }
+
+    const next = this.lock.then(run, run)
+    this.lock = next.catch(() => undefined)
+    return next
+  }
+
+  ping(): Promise<AgentBridgeResponse> {
+    return this.request({ action: 'ping' })
+  }
+
+  chat(
+    sessionId: string,
+    message: AgentBridgeMessage,
+    conversationHistory?: unknown[],
+    instructions?: string,
+    profile?: string,
+    options: AgentBridgeChatOptions = {},
+  ): Promise<AgentBridgeChatStarted> {
+    return this.request<AgentBridgeChatStarted>({
+      action: 'chat',
+      session_id: sessionId,
+      message,
+      ...(options.storage_message !== undefined ? { storage_message: options.storage_message } : {}),
+      ...(conversationHistory ? { conversation_history: conversationHistory } : {}),
+      ...(instructions ? { instructions } : {}),
+      ...(profile ? { profile } : {}),
+      ...(options.model ? { model: options.model } : {}),
+      ...(options.provider ? { provider: options.provider } : {}),
+      ...(options.source ? { source: options.source } : {}),
+      ...(options.wait ? { wait: true } : {}),
+      ...(options.timeout ? { timeout: options.timeout } : {}),
+      ...(options.force_compress ? { force_compress: true } : {}),
+    })
+  }
+
+  contextEstimate(
+    sessionId: string,
+    messages: unknown[],
+    instructions?: string,
+    profile?: string,
+    options: Pick<AgentBridgeChatOptions, 'model' | 'provider'> = {},
+  ): Promise<AgentBridgeContextEstimate> {
+    return this.request<AgentBridgeContextEstimate>({
+      action: 'context_estimate',
+      session_id: sessionId,
+      messages,
+      ...(instructions ? { instructions } : {}),
+      ...(profile ? { profile } : {}),
+      ...(options.model ? { model: options.model } : {}),
+      ...(options.provider ? { provider: options.provider } : {}),
+    })
+  }
+
+  command(sessionId: string, command: string, profile?: string): Promise<AgentBridgeCommandResult> {
+    return this.request<AgentBridgeCommandResult>({
+      action: 'command',
+      session_id: sessionId,
+      command,
+      ...(profile ? { profile } : {}),
+    })
+  }
+
+  goalEvaluate(sessionId: string, finalResponse: string, profile?: string): Promise<AgentBridgeGoalEvaluation> {
+    return this.request<AgentBridgeGoalEvaluation>({
+      action: 'goal_evaluate',
+      session_id: sessionId,
+      final_response: finalResponse,
+      ...(profile ? { profile } : {}),
+    })
+  }
+
+  getOutput(runId: string, cursor = 0, eventCursor = 0, options: AgentBridgeRequestOptions = {}): Promise<AgentBridgeOutput> {
+    return this.request<AgentBridgeOutput>({
+      action: 'get_output',
+      run_id: runId,
+      cursor,
+      event_cursor: eventCursor,
+    }, options)
+  }
+
+  async *streamOutput(
+    runId: string,
+    options: AgentBridgeRequestOptions & { intervalMs?: number } = {},
+  ): AsyncGenerator<AgentBridgeOutput> {
+    const intervalMs = options.intervalMs || 100
+    let cursor = 0
+    let eventCursor = 0
+    for (;;) {
+      const chunk = await this.getOutput(runId, cursor, eventCursor, options)
+      cursor = chunk.cursor
+      eventCursor = chunk.event_cursor
+      if (chunk.delta || chunk.done || (chunk.events && chunk.events.length > 0)) yield chunk
+      if (chunk.done) return
+      await delay(intervalMs)
+    }
+  }
+
+  async chatStream(
+    sessionId: string,
+    message: AgentBridgeMessage,
+    onDelta: (delta: string, chunk: AgentBridgeOutput) => void | Promise<void>,
+    options: AgentBridgeRequestOptions & { intervalMs?: number } = {},
+  ): Promise<AgentBridgeOutput> {
+    const started = await this.chat(sessionId, message)
+    let last: AgentBridgeOutput | null = null
+    for await (const chunk of this.streamOutput(started.run_id, options)) {
+      last = chunk
+      if (chunk.delta) await onDelta(chunk.delta, chunk)
+    }
+    if (!last) throw new Error(`Agent bridge run ${started.run_id} produced no output state`)
+    return last
+  }
+
+  getResult(runId: string, options: AgentBridgeRequestOptions = {}): Promise<AgentBridgeRunResult> {
+    return this.request<AgentBridgeRunResult>({ action: 'get_result', run_id: runId }, options)
+  }
+
+  interrupt(sessionId: string, message?: string, profile?: string): Promise<AgentBridgeResponse> {
+    return this.request({
+      action: 'interrupt',
+      session_id: sessionId,
+      message,
+      ...(profile ? { profile } : {}),
+    })
+  }
+
+  goalPause(sessionId: string, reason: string, profile?: string): Promise<AgentBridgeGoalPause> {
+    return this.request<AgentBridgeGoalPause>({
+      action: 'goal_pause',
+      session_id: sessionId,
+      reason,
+      ...(profile ? { profile } : {}),
+    })
+  }
+
+  steer(sessionId: string, text: string, profile?: string): Promise<AgentBridgeResponse> {
+    return this.request({
+      action: 'steer',
+      session_id: sessionId,
+      text,
+      ...(profile ? { profile } : {}),
+    })
+  }
+
+  approvalRespond(approvalId: string, choice: string): Promise<AgentBridgeResponse> {
+    return this.request({ action: 'approval_respond', approval_id: approvalId, choice })
+  }
+
+  clarifyRespond(clarifyId: string, response: string): Promise<AgentBridgeResponse> {
+    return this.request({ action: 'clarify_respond', clarify_id: clarifyId, response })
+  }
+
+  compressionRespond(
+    requestId: string,
+    payload: { messages?: unknown[]; system_message?: string; error?: string },
+  ): Promise<AgentBridgeResponse> {
+    return this.request({
+      action: 'compression_respond',
+      request_id: requestId,
+      ...payload,
+    }, { timeoutMs: this.timeoutMs })
+  }
+
+  destroyAll(): Promise<AgentBridgeResponse> {
+    return this.request({ action: 'destroy_all' }, { serialize: true })
+  }
+
+  destroyProfile(profile: string): Promise<AgentBridgeResponse> {
+    return this.request({ action: 'destroy_profile', profile }, { serialize: true })
+  }
+
+  getHistory(sessionId: string, profile?: string): Promise<AgentBridgeResponse> {
+    return this.request({
+      action: 'get_history',
+      session_id: sessionId,
+      ...(profile ? { profile } : {}),
+    })
+  }
+
+  status(sessionId: string, profile?: string): Promise<AgentBridgeResponse> {
+    return this.request({
+      action: 'status',
+      session_id: sessionId,
+      ...(profile ? { profile } : {}),
+    })
+  }
+
+  destroy(sessionId: string, profile?: string, workerKey?: string): Promise<AgentBridgeResponse> {
+    return this.request({
+      action: 'destroy',
+      session_id: sessionId,
+      ...(profile ? { profile } : {}),
+      ...(workerKey ? { worker_key: workerKey } : {}),
+    })
+  }
+
+  list(): Promise<AgentBridgeResponse> {
+    return this.request({ action: 'list' })
+  }
+
+  shutdown(): Promise<AgentBridgeResponse> {
+    return this.request({ action: 'shutdown' }, { serialize: true })
+  }
+
+  // ───── MCP Management ─────
+
+  mcpList(profile?: string): Promise<McpActionResponse> {
+    return this.request({ action: 'mcp_list', ...(profile ? { profile } : {}) })
+  }
+
+  mcpAdd(name: string, config: Record<string, unknown>, profile?: string): Promise<McpActionResponse> {
+    return this.request({ action: 'mcp_server_add', name, config, ...(profile ? { profile } : {}) }, { serialize: true })
+  }
+
+  mcpUpdate(name: string, config: Record<string, unknown>, profile?: string): Promise<McpActionResponse> {
+    return this.request({ action: 'mcp_server_update', name, config, ...(profile ? { profile } : {}) }, { serialize: true })
+  }
+
+  mcpRemove(name: string, profile?: string): Promise<McpActionResponse> {
+    return this.request({ action: 'mcp_server_remove', name, ...(profile ? { profile } : {}) }, { serialize: true })
+  }
+
+  mcpTest(name: string, profile?: string): Promise<McpActionResponse> {
+    return this.request({ action: 'mcp_server_test', name, ...(profile ? { profile } : {}) }, { timeoutMs: 180_000 })
+  }
+
+  mcpTools(server?: string, profile?: string, raw?: boolean): Promise<McpActionResponse> {
+    return this.request({ action: 'mcp_tools_list', ...(server ? { server } : {}), ...(profile ? { profile } : {}), ...(raw ? { raw } : {}) })
+  }
+
+  mcpReload(server?: string, profile?: string): Promise<McpActionResponse> {
+    return this.request({ action: 'mcp_reload', ...(server ? { server } : {}), ...(profile ? { profile } : {}) }, { serialize: true })
+  }
+}
+
+export default AgentBridgeClient
diff --git a/packages/server/src/services/hermes/agent-bridge/hermes_bridge.py b/packages/server/src/services/hermes/agent-bridge/hermes_bridge.py
new file mode 100755
index 0000000..e2422bf
--- /dev/null
+++ b/packages/server/src/services/hermes/agent-bridge/hermes_bridge.py
@@ -0,0 +1,3602 @@
+#!/usr/bin/env python3
+"""Hermes in-process agent bridge.
+
+This service intentionally lives outside the existing Web UI chat path. It
+imports hermes-agent from HERMES_AGENT_ROOT (default: ~/.hermes/hermes-agent),
+keeps AIAgent instances in memory by session_id, and exposes a small newline-
+delimited JSON request/response protocol over a local socket.
+"""
+
+from __future__ import annotations
+
+import argparse
+import asyncio
+import atexit
+import copy
+import errno
+import hashlib
+import importlib.util
+import json
+import locale
+import os
+import queue
+import re
+import signal
+import shutil
+import socket
+import subprocess
+import sys
+import tempfile
+import threading
+import time
+import traceback
+import uuid
+from contextlib import contextmanager
+from dataclasses import dataclass, field
+from pathlib import Path
+from urllib.parse import urlparse
+from typing import Any, Callable
+
+
+DEFAULT_ENDPOINT = "tcp://127.0.0.1:18765" if os.name == "nt" else "ipc:///tmp/hermes-agent-bridge.sock"
+DEFAULT_AGENT_ROOT = "~/.hermes/hermes-agent"
+DEFAULT_HERMES_HOME = "~/.hermes"
+APPROVAL_TIMEOUT_SECONDS = 120
+APPROVAL_TIMEOUT_MS = APPROVAL_TIMEOUT_SECONDS * 1000
+PARENT_WATCHDOG_INTERVAL_SECONDS = 2.0
+OPENROUTER_ATTRIBUTION_ENV = {
+    "referer": "HERMES_OPENROUTER_APP_REFERER",
+    "title": "HERMES_OPENROUTER_APP_TITLE",
+    "categories": "HERMES_OPENROUTER_APP_CATEGORIES",
+}
+_SURROGATE_RE = re.compile("[\ud800-\udfff]")
+
+
+def _bridge_platform() -> str:
+    return os.environ.get("HERMES_AGENT_BRIDGE_PLATFORM", "cli").strip() or "cli"
+
+
+def _positive_int(value: str | None) -> int | None:
+    if not value:
+        return None
+    try:
+        parsed = int(value)
+    except (TypeError, ValueError):
+        return None
+    return parsed if parsed > 0 else None
+
+
+def _hidden_subprocess_kwargs() -> dict[str, Any]:
+    if os.name != "nt":
+        return {}
+    if os.environ.get("HERMES_DESKTOP", "").strip().lower() != "true":
+        return {}
+    create_no_window = getattr(subprocess, "CREATE_NO_WINDOW", 0) or 0x08000000
+    kwargs: dict[str, Any] = {"creationflags": create_no_window}
+    try:
+        startupinfo = subprocess.STARTUPINFO()
+        startupinfo.dwFlags |= getattr(subprocess, "STARTF_USESHOWWINDOW", 1)
+        startupinfo.wShowWindow = getattr(subprocess, "SW_HIDE", 0)
+        kwargs["startupinfo"] = startupinfo
+    except Exception:
+        pass
+    return kwargs
+
+
+def _add_hidden_process_options(kwargs: dict[str, Any], create_no_window: int) -> None:
+    flags = kwargs.get("creationflags", 0) or 0
+    try:
+        kwargs["creationflags"] = int(flags) | create_no_window
+    except Exception:
+        kwargs["creationflags"] = create_no_window
+
+    startupinfo = kwargs.get("startupinfo")
+    if startupinfo is None:
+        try:
+            startupinfo = subprocess.STARTUPINFO()
+        except Exception:
+            return
+        kwargs["startupinfo"] = startupinfo
+    try:
+        startupinfo.dwFlags |= getattr(subprocess, "STARTF_USESHOWWINDOW", 1)
+        startupinfo.wShowWindow = getattr(subprocess, "SW_HIDE", 0)
+    except Exception:
+        pass
+
+
+def _install_windows_hidden_subprocess_defaults() -> None:
+    """Hide console windows for subprocesses launched inside desktop bridge runs.
+
+    The desktop bridge itself must keep stdout/stderr pipes for readiness and
+    worker handshakes, so it runs under python.exe. On Windows that means any
+    nested console executable, including git.exe from context expansion, can
+    flash a window unless the child process is created with CREATE_NO_WINDOW.
+    """
+    if os.name != "nt":
+        return
+    if os.environ.get("HERMES_DESKTOP", "").strip().lower() != "true":
+        return
+    if getattr(subprocess, "_hermes_hidden_defaults_installed", False):
+        return
+
+    original_popen = subprocess.Popen
+    original_create_subprocess_exec = asyncio.create_subprocess_exec
+    original_create_subprocess_shell = asyncio.create_subprocess_shell
+    create_no_window = getattr(subprocess, "CREATE_NO_WINDOW", 0) or 0x08000000
+
+    class HiddenPopen(original_popen):  # type: ignore[misc, valid-type]
+        def __init__(self, *args: Any, **kwargs: Any) -> None:
+            _add_hidden_process_options(kwargs, create_no_window)
+            super().__init__(*args, **kwargs)
+
+    async def hidden_create_subprocess_exec(*args: Any, **kwargs: Any) -> Any:
+        _add_hidden_process_options(kwargs, create_no_window)
+        return await original_create_subprocess_exec(*args, **kwargs)
+
+    async def hidden_create_subprocess_shell(*args: Any, **kwargs: Any) -> Any:
+        _add_hidden_process_options(kwargs, create_no_window)
+        return await original_create_subprocess_shell(*args, **kwargs)
+
+    subprocess.Popen = HiddenPopen  # type: ignore[assignment]
+    asyncio.create_subprocess_exec = hidden_create_subprocess_exec  # type: ignore[assignment]
+    asyncio.create_subprocess_shell = hidden_create_subprocess_shell  # type: ignore[assignment]
+    subprocess._hermes_hidden_defaults_installed = True  # type: ignore[attr-defined]
+
+
+_install_windows_hidden_subprocess_defaults()
+
+
+def _process_exists(pid: int) -> bool:
+    if pid <= 0:
+        return False
+    if os.name == "nt":
+        try:
+            result = subprocess.run(
+                ["tasklist.exe", "/FI", f"PID eq {pid}", "/NH"],
+                check=False,
+                capture_output=True,
+                text=True,
+                timeout=5,
+                **_hidden_subprocess_kwargs(),
+            )
+            return str(pid) in (result.stdout or "")
+        except Exception:
+            return True
+    try:
+        os.kill(pid, 0)
+        return True
+    except ProcessLookupError:
+        return False
+    except PermissionError:
+        return True
+    except OSError as exc:
+        return exc.errno != errno.ESRCH
+
+
+def _start_parent_process_watchdog(
+    parent_pid: int | None,
+    stop_event: threading.Event,
+    label: str,
+    interval: float = PARENT_WATCHDOG_INTERVAL_SECONDS,
+) -> None:
+    if not parent_pid or parent_pid == os.getpid():
+        return
+
+    def run() -> None:
+        while not stop_event.wait(interval):
+            if _process_exists(parent_pid):
+                continue
+            print(
+                f"[hermes-bridge] parent pid {parent_pid} exited; stopping {label}",
+                file=sys.stderr,
+                flush=True,
+            )
+            stop_event.set()
+            return
+
+    threading.Thread(target=run, daemon=True, name=f"hermes-bridge-parent-watchdog-{label}").start()
+
+
+def _install_stop_signal_handlers(stop_event: threading.Event) -> Callable[[], None]:
+    if threading.current_thread() is not threading.main_thread():
+        return lambda: None
+
+    previous: list[tuple[signal.Signals, Any]] = []
+
+    def handle_signal(signum: int, _frame: Any) -> None:
+        stop_event.set()
+
+    for signum in (signal.SIGINT, signal.SIGTERM):
+        try:
+            sig = signal.Signals(signum)
+            previous.append((sig, signal.getsignal(sig)))
+            signal.signal(sig, handle_signal)
+        except Exception:
+            pass
+
+    def restore() -> None:
+        for sig, handler in previous:
+            try:
+                signal.signal(sig, handler)
+            except Exception:
+                pass
+
+    return restore
+
+
+def _suppress_bridge_platform_hint() -> None:
+    raw = os.environ.get("HERMES_BRIDGE_SUPPRESS_PLATFORM_HINT", "cli").strip()
+    if raw.lower() in {"0", "false", "no", "off"}:
+        return
+    targets = {part.strip().lower() for part in raw.split(",") if part.strip()}
+    if not targets:
+        return
+    try:
+        from agent import prompt_builder
+
+        for target in targets:
+            prompt_builder.PLATFORM_HINTS.pop(target, None)
+    except Exception:
+        pass
+
+    run_agent_module = sys.modules.get("run_agent")
+    hints = getattr(run_agent_module, "PLATFORM_HINTS", None)
+    if isinstance(hints, dict):
+        for target in targets:
+            hints.pop(target, None)
+
+
+def _candidate_agent_roots(raw: str | None = None) -> list[Path]:
+    candidates: list[Path] = []
+    if raw:
+        candidates.append(Path(raw).expanduser())
+
+    env_root = os.environ.get("HERMES_AGENT_ROOT")
+    if env_root:
+        candidates.append(Path(env_root).expanduser())
+
+    hermes_bin = shutil.which(os.environ.get("HERMES_BIN", "hermes"))
+    if hermes_bin:
+        bin_path = Path(hermes_bin).resolve()
+        candidates.extend([
+            bin_path.parent.parent,
+            bin_path.parent.parent.parent,
+            bin_path.parent.parent / "hermes-agent",
+        ])
+
+    script_path = Path(__file__).resolve()
+    candidates.extend([
+        Path.cwd(),
+        Path.cwd() / ".hermes" / "hermes-agent",
+        Path.cwd() / "hermes-agent",
+        script_path.parent,
+        script_path.parent.parent,
+        script_path.parent.parent.parent,
+        script_path.parent.parent.parent / ".hermes" / "hermes-agent",
+    ])
+    for parent in script_path.parents:
+        candidates.extend([
+            parent / ".hermes" / "hermes-agent",
+            parent / "hermes-agent",
+        ])
+
+    candidates.extend([
+        Path.home() / ".hermes" / "hermes-agent",
+        Path.home() / "hermes-agent",
+        Path("/opt/hermes/hermes-agent"),
+        Path("/opt/hermes-agent"),
+        Path("/usr/local/lib/hermes-agent"),
+        Path("/usr/local/hermes-agent"),
+    ])
+    candidates.append(Path(DEFAULT_AGENT_ROOT).expanduser())
+
+    unique: list[Path] = []
+    seen: set[str] = set()
+    for candidate in candidates:
+        try:
+            resolved = candidate.resolve()
+        except OSError:
+            resolved = candidate
+        key = str(resolved)
+        if key not in seen:
+            seen.add(key)
+            unique.append(resolved)
+    return unique
+
+
+def _find_agent_root(raw: str | None = None) -> Path | None:
+    for candidate in _candidate_agent_roots(raw):
+        if (candidate / "run_agent.py").exists():
+            return candidate
+    return None
+
+
+def _discover_agent_root(raw: str | None = None) -> Path:
+    root = _find_agent_root(raw)
+    if root is not None:
+        return root
+    attempted = ", ".join(str(path) for path in _candidate_agent_roots(raw))
+    raise RuntimeError(
+        "hermes-agent run_agent.py not found. Pass --agent-root or set "
+        f"HERMES_AGENT_ROOT. Tried: {attempted}"
+    )
+
+
+def _discover_hermes_home(raw: str | None = None) -> Path:
+    if raw:
+        return Path(raw).expanduser().resolve()
+    env_home = os.environ.get("HERMES_HOME")
+    if env_home:
+        return Path(env_home).expanduser().resolve()
+    return Path(DEFAULT_HERMES_HOME).expanduser().resolve()
+
+
+def _normalize_base_home(home: Path) -> Path:
+    if home.parent.name == "profiles":
+        return home.parent.parent
+    return home
+
+
+def _jsonable(value: Any) -> Any:
+    try:
+        json.dumps(value)
+        return value
+    except TypeError:
+        if isinstance(value, dict):
+            return {str(k): _jsonable(v) for k, v in value.items()}
+        if isinstance(value, (list, tuple)):
+            return [_jsonable(v) for v in value]
+        return str(value)
+
+
+def _sanitize_surrogates(value: Any) -> Any:
+    if isinstance(value, str):
+        return _SURROGATE_RE.sub("\ufffd", value)
+    if isinstance(value, dict):
+        return {_sanitize_surrogates(k): _sanitize_surrogates(v) for k, v in value.items()}
+    if isinstance(value, (list, tuple)):
+        return [_sanitize_surrogates(v) for v in value]
+    return value
+
+
+def _json_default(value: Any) -> str:
+    return _sanitize_surrogates(str(value))
+
+
+def _json_line_bytes(value: Any) -> bytes:
+    payload = json.dumps(_sanitize_surrogates(value), ensure_ascii=False, default=_json_default) + "\n"
+    return payload.encode("utf-8")
+
+
+def _bridge_log(event: str, payload: dict[str, Any]) -> None:
+    try:
+        body = {"event": event, **payload}
+        print(
+            "[hermes_bridge] " + json.dumps(_sanitize_surrogates(body), ensure_ascii=False, default=_json_default),
+            file=sys.stderr,
+            flush=True,
+        )
+    except Exception:
+        print(f"[hermes_bridge] {event}", file=sys.stderr, flush=True)
+
+
+def _tool_names_from_definitions(tools: Any) -> list[str]:
+    if not isinstance(tools, list):
+        return []
+    names: list[str] = []
+    for tool in tools:
+        name = ""
+        if isinstance(tool, dict):
+            function = tool.get("function")
+            if isinstance(function, dict):
+                name = str(function.get("name") or "")
+            if not name:
+                name = str(tool.get("name") or "")
+        else:
+            name = str(getattr(tool, "name", "") or "")
+        if name:
+            names.append(name)
+    return names
+
+
+def _mcp_tool_names_from_names(tool_names: Any) -> list[str]:
+    if not isinstance(tool_names, list):
+        return []
+    return sorted(str(name) for name in tool_names if str(name).startswith("mcp_"))
+
+
+def _agent_root() -> Path | None:
+    return _find_agent_root(os.environ.get("HERMES_AGENT_ROOT"))
+
+
+def _hermes_home() -> Path:
+    return _discover_hermes_home(os.environ.get("HERMES_HOME"))
+
+
+def _base_hermes_home() -> Path:
+    return _normalize_base_home(_discover_hermes_home(os.environ.get("HERMES_AGENT_BRIDGE_BASE_HOME") or DEFAULT_HERMES_HOME))
+
+
+def _worker_profile() -> str | None:
+    raw = os.environ.get("HERMES_AGENT_BRIDGE_WORKER_PROFILE", "").strip()
+    return raw or None
+
+
+def _profile_home(profile: str | None) -> Path:
+    base = _base_hermes_home()
+    if not profile or profile == "default":
+        return base
+    profile_home = base / "profiles" / profile
+    return profile_home if profile_home.exists() else base
+
+
+def _read_dotenv(path: Path) -> dict[str, str]:
+    if not path.exists():
+        return {}
+    values: dict[str, str] = {}
+    try:
+        for line in path.read_text(encoding="utf-8").splitlines():
+            stripped = line.strip()
+            if not stripped or stripped.startswith("#") or "=" not in stripped:
+                continue
+            if stripped.startswith("export "):
+                stripped = stripped[7:].strip()
+            key, value = stripped.split("=", 1)
+            key = key.strip()
+            if not key or not (key[0].isalpha() or key[0] == "_"):
+                continue
+            if not all(ch.isalnum() or ch == "_" for ch in key):
+                continue
+            value = value.strip()
+            if (value.startswith('"') and value.endswith('"')) or (value.startswith("'") and value.endswith("'")):
+                value = value[1:-1]
+            values[key] = value
+        return values
+    except Exception:
+        return {}
+
+
+def _profile_dotenv_keys() -> set[str]:
+    base = _base_hermes_home()
+    keys = set(_read_dotenv(base / ".env").keys())
+    profiles_dir = base / "profiles"
+    try:
+        for entry in profiles_dir.iterdir():
+            if entry.is_dir():
+                keys.update(_read_dotenv(entry / ".env").keys())
+    except Exception:
+        pass
+    return keys
+
+
+def _set_path_env(agent_root: str | None = None, hermes_home: str | None = None) -> None:
+    resolved_root = _discover_agent_root(agent_root) if agent_root else _find_agent_root()
+    if resolved_root is not None:
+        os.environ["HERMES_AGENT_ROOT"] = str(resolved_root)
+    else:
+        os.environ.pop("HERMES_AGENT_ROOT", None)
+    resolved_home = _discover_hermes_home(hermes_home)
+    os.environ["HERMES_HOME"] = str(resolved_home)
+    os.environ["HERMES_AGENT_BRIDGE_BASE_HOME"] = str(_normalize_base_home(resolved_home))
+
+
+def _ensure_agent_imports() -> None:
+    root = _agent_root()
+    if root is not None:
+        root_s = str(root)
+        if root_s not in sys.path:
+            sys.path.insert(0, root_s)
+    elif importlib.util.find_spec("run_agent") is None:
+        raise RuntimeError(
+            "hermes-agent run_agent.py not found in source locations and the "
+            "current Python environment cannot import run_agent. Install "
+            "hermes-agent or pass --agent-root/HERMES_AGENT_ROOT."
+        )
+    os.environ.setdefault("HERMES_HOME", str(_hermes_home()))
+    os.environ.setdefault("HERMES_AGENT_BRIDGE_BASE_HOME", str(_hermes_home()))
+    _apply_openrouter_attribution_override()
+
+
+def _apply_openrouter_attribution_override() -> None:
+    """Override hermes-agent OpenRouter attribution at bridge runtime only."""
+    referer = os.environ.get(OPENROUTER_ATTRIBUTION_ENV["referer"], "").strip()
+    title = os.environ.get(OPENROUTER_ATTRIBUTION_ENV["title"], "").strip()
+    categories = os.environ.get(OPENROUTER_ATTRIBUTION_ENV["categories"], "").strip()
+    if not (referer or title or categories):
+        return
+    try:
+        from agent import auxiliary_client
+    except Exception:
+        return
+    headers = dict(getattr(auxiliary_client, "_OR_HEADERS_BASE", {}) or {})
+    if referer:
+        headers["HTTP-Referer"] = referer
+    if title:
+        headers.pop("X-Title", None)
+        headers["X-OpenRouter-Title"] = title
+    if categories:
+        headers["X-OpenRouter-Categories"] = categories
+    try:
+        auxiliary_client._OR_HEADERS_BASE = headers
+    except Exception:
+        pass
+
+
+def _load_cfg(profile: str | None = None) -> dict[str, Any]:
+    _ensure_agent_imports()
+    try:
+        from hermes_cli.config import load_config
+
+        cfg = load_config()
+        return cfg if isinstance(cfg, dict) else {}
+    except Exception:
+        try:
+            import yaml
+
+            path = _hermes_home() / "config.yaml"
+            if not path.exists():
+                return {}
+            return yaml.safe_load(path.read_text(encoding="utf-8")) or {}
+        except Exception:
+            return {}
+
+
+def _apply_profile_env(profile: str | None) -> str | None:
+    """Temporarily set HERMES_HOME to the profile directory.
+    Returns the original HERMES_HOME value to restore later.
+    """
+    profile_home = _profile_home(profile)
+    if not (profile_home / "config.yaml").exists():
+        return os.environ.get("HERMES_HOME")
+    original = os.environ.get("HERMES_HOME")
+    os.environ["HERMES_HOME"] = str(profile_home)
+    return original
+
+
+def _restore_profile_env(original: str | None) -> None:
+    """Restore HERMES_HOME after profile-scoped agent creation."""
+    if original is not None:
+        os.environ["HERMES_HOME"] = original
+    else:
+        os.environ.pop("HERMES_HOME", None)
+
+
+def _apply_profile_dotenv(profile: str | None) -> dict[str, str | None]:
+    """Load only the active profile's .env into this bridge process.
+
+    This mirrors Web UI gateway env isolation:
+    - default keeps inherited env for compatibility, then overlays default .env
+    - non-default clears keys seen in any profile .env, then overlays its .env
+    The returned snapshot restores the bridge process after the agent call.
+    """
+    values = _read_dotenv(_profile_home(profile) / ".env")
+    if profile and profile != "default":
+        keys = _profile_dotenv_keys()
+        keys.update(values.keys())
+    else:
+        keys = set(values.keys())
+    snapshot = {key: os.environ.get(key) for key in keys}
+
+    if profile and profile != "default":
+        for key in keys:
+            os.environ.pop(key, None)
+    for key, value in values.items():
+        os.environ[key] = value
+    return snapshot
+
+
+def _restore_profile_dotenv(snapshot: dict[str, str | None]) -> None:
+    for key, value in snapshot.items():
+        if value is None:
+            os.environ.pop(key, None)
+        else:
+            os.environ[key] = value
+
+
+def _set_worker_profile_env(profile: str | None) -> None:
+    profile_home = _profile_home(profile)
+    os.environ["HERMES_HOME"] = str(profile_home)
+    os.environ["HERMES_AGENT_BRIDGE_WORKER_PROFILE"] = profile or "default"
+    _refresh_worker_profile_env()
+
+
+def _refresh_worker_profile_env() -> None:
+    """Overlay the current worker profile .env/config before creating a new agent."""
+    profile = _worker_profile()
+    if not profile:
+        return
+    profile_home = _profile_home(profile)
+    os.environ["HERMES_HOME"] = str(profile_home)
+    values = _read_dotenv(profile_home / ".env")
+    for key, value in values.items():
+        os.environ[key] = value
+    _refresh_terminal_env()
+
+
+@contextmanager
+def _profile_env(profile: str | None):
+    if _worker_profile():
+        yield
+        return
+    original = _apply_profile_env(profile)
+    env_snapshot = _apply_profile_dotenv(profile)
+    try:
+        yield
+    finally:
+        _restore_profile_dotenv(env_snapshot)
+        _restore_profile_env(original)
+
+
+def _refresh_terminal_env() -> None:
+    """Bridge current worker HERMES_HOME/config.yaml terminal config to TERMINAL_* env vars.
+
+    Worker startup first overlays the profile .env, then this function lets
+    terminal config.yaml values override the matching terminal environment vars.
+    """
+    hermes_home = os.environ.get("HERMES_HOME", "")
+    if not hermes_home:
+        return
+    config_path = Path(hermes_home) / "config.yaml"
+    if not config_path.exists():
+        return
+    try:
+        import yaml
+        with open(config_path, encoding="utf-8") as f:
+            cfg = yaml.safe_load(f) or {}
+        terminal_cfg = cfg.get("terminal", {})
+        if not isinstance(terminal_cfg, dict):
+            return
+        TERMINAL_ENV_MAP = {
+            "backend": "TERMINAL_ENV",
+            "cwd": "TERMINAL_CWD",
+            "timeout": "TERMINAL_TIMEOUT",
+            "lifetime_seconds": "TERMINAL_LIFETIME_SECONDS",
+            "ssh_host": "TERMINAL_SSH_HOST",
+            "ssh_user": "TERMINAL_SSH_USER",
+            "ssh_port": "TERMINAL_SSH_PORT",
+            "ssh_key": "TERMINAL_SSH_KEY",
+            "docker_image": "TERMINAL_DOCKER_IMAGE",
+            "docker_forward_env": "TERMINAL_DOCKER_FORWARD_ENV",
+            "singularity_image": "TERMINAL_SINGULARITY_IMAGE",
+            "modal_image": "TERMINAL_MODAL_IMAGE",
+            "daytona_image": "TERMINAL_DAYTONA_IMAGE",
+            "vercel_runtime": "TERMINAL_VERCEL_RUNTIME",
+            "container_cpu": "TERMINAL_CONTAINER_CPU",
+            "container_memory": "TERMINAL_CONTAINER_MEMORY",
+            "container_disk": "TERMINAL_CONTAINER_DISK",
+            "container_persistent": "TERMINAL_CONTAINER_PERSISTENT",
+            "docker_volumes": "TERMINAL_DOCKER_VOLUMES",
+            "docker_env": "TERMINAL_DOCKER_ENV",
+            "docker_mount_cwd_to_workspace": "TERMINAL_DOCKER_MOUNT_CWD_TO_WORKSPACE",
+            "docker_run_as_host_user": "TERMINAL_DOCKER_RUN_AS_HOST_USER",
+            "sandbox_dir": "TERMINAL_SANDBOX_DIR",
+            "persistent_shell": "TERMINAL_PERSISTENT_SHELL",
+            "modal_mode": "TERMINAL_MODAL_MODE",
+        }
+        for cfg_key, env_var in TERMINAL_ENV_MAP.items():
+            if cfg_key in terminal_cfg:
+                val = terminal_cfg[cfg_key]
+                if cfg_key == "cwd" and str(val) in {".", "auto", "cwd"}:
+                    continue
+                if cfg_key == "cwd" and isinstance(val, str):
+                    val = os.path.expanduser(val)
+                if isinstance(val, (list, dict)):
+                    os.environ[env_var] = json.dumps(val)
+                else:
+                    os.environ[env_var] = str(val)
+    except Exception:
+        print(
+            f"[hermes-bridge] Failed to refresh terminal env from {config_path}",
+            file=sys.stderr,
+            flush=True,
+        )
+
+
+def _resolve_model(cfg: dict[str, Any]) -> str:
+    env_model = (
+        os.environ.get("HERMES_MODEL", "")
+        or os.environ.get("HERMES_INFERENCE_MODEL", "")
+    ).strip()
+    if env_model:
+        return env_model
+    model_cfg = cfg.get("model", "")
+    if isinstance(model_cfg, dict):
+        return str(model_cfg.get("default") or "").strip()
+    if isinstance(model_cfg, str):
+        return model_cfg.strip()
+    return ""
+
+
+def _resolve_runtime(model: str, provider: str | None = None) -> dict[str, Any]:
+    _ensure_agent_imports()
+    from hermes_cli.runtime_provider import resolve_runtime_provider
+
+    requested = provider or os.environ.get("HERMES_BRIDGE_PROVIDER", "").strip() or None
+    return resolve_runtime_provider(requested=requested, target_model=model or None)
+
+
+def _load_enabled_toolsets() -> list[str] | None:
+    _ensure_agent_imports()
+    raw = os.environ.get("HERMES_BRIDGE_TOOLSETS", "").strip()
+    if raw:
+        values = [part.strip() for part in raw.split(",") if part.strip()]
+        if any(value in {"all", "*"} for value in values):
+            return None
+        return values or None
+
+    try:
+        from hermes_cli.config import load_config
+        from hermes_cli.tools_config import _get_platform_tools
+        from toolsets import resolve_toolset
+
+        cfg = load_config()
+        platform = _bridge_platform()
+        enabled = sorted(_get_platform_tools(cfg, platform, include_default_mcp_servers=True))
+        if platform != "cli":
+            resolved_tools: set[str] = set()
+            for toolset_name in enabled:
+                try:
+                    resolved_tools.update(resolve_toolset(toolset_name))
+                except Exception:
+                    pass
+            if not resolved_tools:
+                enabled = sorted(_get_platform_tools(cfg, "cli", include_default_mcp_servers=True))
+        return enabled or None
+    except Exception:
+        return None
+
+
+def _discover_bridge_mcp_tools() -> list[str]:
+    _ensure_agent_imports()
+    try:
+        from tools.mcp_tool import discover_mcp_tools
+
+        tools = discover_mcp_tools()
+        return list(tools) if isinstance(tools, list) else []
+    except Exception as exc:
+        print(
+            f"[hermes_bridge] MCP tool discovery failed: {exc}",
+            file=sys.stderr,
+            flush=True,
+        )
+        return []
+
+
+def _log_worker_startup_context(profile: str | None) -> None:
+    profile_name = profile or _worker_profile() or "default"
+    try:
+        cfg = _load_cfg()
+        enabled_toolsets = _load_enabled_toolsets()
+        discovered_mcp_tools = _discover_bridge_mcp_tools()
+        tool_names: list[str] = []
+        tool_error: str | None = None
+        try:
+            from model_tools import get_tool_definitions
+
+            tool_names = _tool_names_from_definitions(
+                get_tool_definitions(
+                    enabled_toolsets=enabled_toolsets,
+                    quiet_mode=True,
+                )
+            )
+        except Exception as exc:
+            tool_error = str(exc)
+
+        mcp_servers = cfg.get("mcp_servers") if isinstance(cfg.get("mcp_servers"), dict) else {}
+        enabled_mcp_servers: list[str] = []
+        disabled_mcp_servers: list[str] = []
+        for name, server_cfg in mcp_servers.items():
+            enabled = True
+            if isinstance(server_cfg, dict):
+                enabled = str(server_cfg.get("enabled", True)).strip().lower() not in {"0", "false", "no", "off"}
+            (enabled_mcp_servers if enabled else disabled_mcp_servers).append(str(name))
+
+        _bridge_log("bridge.worker.initialized", {
+            "profile": profile_name,
+            "platform": _bridge_platform(),
+            "hermes_home": str(_hermes_home()),
+            "base_hermes_home": str(_base_hermes_home()),
+            "config_path": str(_hermes_home() / "config.yaml"),
+            "model": _resolve_model(cfg),
+            "enabled_toolsets": enabled_toolsets,
+            "tool_count": len(tool_names),
+            "tool_names": tool_names,
+            "tool_error": tool_error,
+            "mcp_server_count": len(mcp_servers),
+            "mcp_servers": sorted(str(name) for name in mcp_servers),
+            "enabled_mcp_servers": sorted(enabled_mcp_servers),
+            "disabled_mcp_servers": sorted(disabled_mcp_servers),
+            "mcp_discovered_tool_count": len(discovered_mcp_tools),
+            "mcp_discovered_tool_names": discovered_mcp_tools,
+            "mcp_tool_count": len(_mcp_tool_names_from_names(tool_names)),
+            "mcp_tool_names": _mcp_tool_names_from_names(tool_names),
+        })
+    except Exception as exc:
+        _bridge_log("bridge.worker.initialized", {
+            "profile": profile_name,
+            "error": str(exc),
+        })
+
+
+def _load_reasoning_config() -> dict[str, Any] | None:
+    _ensure_agent_imports()
+    try:
+        from hermes_constants import parse_reasoning_effort
+
+        effort = str((_load_cfg().get("agent") or {}).get("reasoning_effort", "") or "").strip()
+        return parse_reasoning_effort(effort)
+    except Exception:
+        return None
+
+
+def _load_service_tier() -> str | None:
+    raw = str((_load_cfg().get("agent") or {}).get("service_tier", "") or "").strip().lower()
+    if raw in {"fast", "priority", "on"}:
+        return "priority"
+    return None
+
+
+def _cfg_max_turns(cfg: dict[str, Any], default: int = 90) -> int:
+    try:
+        env_max = int(os.environ.get("HERMES_BRIDGE_MAX_TURNS", "") or 0)
+        if env_max > 0:
+            return env_max
+    except ValueError:
+        pass
+    agent_cfg = cfg.get("agent") or {}
+    try:
+        return int(agent_cfg.get("max_turns") or cfg.get("max_turns") or default)
+    except (TypeError, ValueError):
+        return default
+
+
+class SessionDbHolder:
+    def __init__(self) -> None:
+        self._lock = threading.Lock()
+        self._db_by_path: dict[str, Any] = {}
+        self._error: str | None = None
+
+    def get(self, db_path: Path | None = None):
+        with self._lock:
+            key = str((db_path or (_base_hermes_home() / "state.db")).resolve())
+            if key in self._db_by_path:
+                return self._db_by_path[key]
+            _ensure_agent_imports()
+            try:
+                from hermes_state import SessionDB
+
+                db = SessionDB(db_path=Path(key))
+                self._db_by_path[key] = db
+                self._error = None
+                return db
+            except Exception as exc:
+                self._error = str(exc)
+                return None
+
+    @property
+    def error(self) -> str | None:
+        return self._error
+
+    def get_for_profile(self, profile: str | None) -> Any:
+        """Get a SessionDB for the given profile using an explicit DB path."""
+        return self.get(_profile_home(profile) / "state.db")
+
+
+@dataclass
+class RunRecord:
+    run_id: str
+    session_id: str
+    status: str = "running"
+    started_at: float = field(default_factory=time.time)
+    ended_at: float | None = None
+    result: dict[str, Any] | None = None
+    error: str | None = None
+    deltas: list[str] = field(default_factory=list)
+    events: list[dict[str, Any]] = field(default_factory=list)
+
+
+@dataclass
+class AgentSession:
+    session_id: str
+    agent: Any
+    history: list[dict[str, Any]] = field(default_factory=list)
+    config: dict[str, Any] = field(default_factory=dict)
+    running: bool = False
+    current_run_id: str | None = None
+    lock: threading.RLock = field(default_factory=threading.RLock)
+    created_at: float = field(default_factory=time.time)
+    last_used_at: float = field(default_factory=time.time)
+
+
+class AgentPool:
+    def __init__(self) -> None:
+        self._sessions: dict[str, AgentSession] = {}
+        self._runs: dict[str, RunRecord] = {}
+        self._lock = threading.RLock()
+        self._db = SessionDbHolder()
+        self._approval_requests: dict[str, queue.Queue[str]] = {}
+        self._gateway_approval_requests: dict[str, str] = {}
+        self._compression_requests: dict[str, queue.Queue[dict[str, Any]]] = {}
+        self._clarify_requests: dict[str, queue.Queue[str]] = {}
+        self._run_context = threading.local()
+        self._approval_handlers: dict[str, Callable[..., str]] = {}
+        self._exec_ask_depth = 0
+        self._exec_ask_previous: str | None = None
+
+    def get_or_create(
+        self,
+        session_id: str,
+        profile: str | None = None,
+        model: str | None = None,
+        provider: str | None = None,
+    ) -> AgentSession:
+        requested_model = str(model or "").strip()
+        requested_provider = str(provider or "").strip()
+        with self._lock:
+            existing = self._sessions.get(session_id)
+            if existing is not None:
+                # If profile changed, destroy old session and recreate
+                config_changed = bool(
+                    (profile and existing.config.get("profile") != profile)
+                    or (requested_model and existing.config.get("model") != requested_model)
+                    or (requested_provider and existing.config.get("provider") != requested_provider)
+                )
+                if config_changed:
+                    if not existing.running:
+                        self._destroy_session(session_id)
+                    else:
+                        existing.last_used_at = time.time()
+                        return existing
+                else:
+                    existing.last_used_at = time.time()
+                    return existing
+
+            _ensure_agent_imports()
+            _suppress_bridge_platform_hint()
+            from run_agent import AIAgent
+
+            with _profile_env(profile):
+                _refresh_worker_profile_env()
+                discovered_mcp_tools = _discover_bridge_mcp_tools()
+                cfg = _load_cfg()
+                resolved_model = requested_model or _resolve_model(cfg)
+                runtime = _resolve_runtime(resolved_model, requested_provider or None)
+                agent_cfg = cfg.get("agent") or {}
+                prompt = str(agent_cfg.get("system_prompt", "") or "").strip() or None
+
+                agent = AIAgent(
+                    model=resolved_model,
+                    max_iterations=_cfg_max_turns(cfg, 90),
+                    provider=runtime.get("provider"),
+                    base_url=runtime.get("base_url"),
+                    api_key=runtime.get("api_key"),
+                    api_mode=runtime.get("api_mode"),
+                    acp_command=runtime.get("command"),
+                    acp_args=runtime.get("args"),
+                    credential_pool=runtime.get("credential_pool"),
+                    quiet_mode=True,
+                    verbose_logging=False,
+                    reasoning_config=_load_reasoning_config(),
+                    service_tier=_load_service_tier(),
+                    enabled_toolsets=_load_enabled_toolsets(),
+                    platform=_bridge_platform(),
+                    session_id=session_id,
+                    session_db=self._db.get_for_profile(profile),
+                    ephemeral_system_prompt=prompt,
+                    status_callback=self._status_callback(session_id),
+                    thinking_callback=self._make_thinking_callback(session_id),
+                    reasoning_callback=self._text_event_callback(session_id, "reasoning.delta"),
+                    tool_progress_callback=self._tool_progress_callback(session_id),
+                    tool_start_callback=self._tool_start_callback(session_id),
+                    tool_complete_callback=self._tool_complete_callback(session_id),
+                    clarify_callback=self._clarify_callback(session_id),
+                )
+                agent.compression_enabled = False
+                self._install_compression_hook(agent, session_id)
+                mcp_tool_names = self._mcp_tool_names(self._agent_tool_names(getattr(agent, "tools", None) or []))
+
+                session = AgentSession(
+                    session_id=session_id,
+                    agent=agent,
+                    history=[],
+                    config={
+                        "requested_session_id": session_id,
+                        "profile": profile or "default",
+                        "model": resolved_model,
+                        "provider": runtime.get("provider"),
+                        "base_url": runtime.get("base_url"),
+                        "api_mode": runtime.get("api_mode"),
+                        "platform": _bridge_platform(),
+                        "resumed": False,
+                        "resumed_message_count": 0,
+                        "mcp_tool_count": len(discovered_mcp_tools),
+                        "active_mcp_tool_count": len(mcp_tool_names),
+                        "db_error": self._db.error,
+                    },
+                )
+                self._sessions[session_id] = session
+                return session
+
+    def _install_compression_hook(self, agent: Any, session_id: str) -> None:
+        original = getattr(agent, "_compress_context", None)
+        if not callable(original):
+            return
+
+        def wrapped_compress_context(messages, system_message, **kwargs):
+            before_count = len(messages) if isinstance(messages, list) else 0
+            approx_tokens = kwargs.get("approx_tokens")
+            if not isinstance(approx_tokens, int) or approx_tokens <= 0:
+                approx_tokens = self._estimate_context_tokens(agent, messages, system_message)
+            print(
+                "[hermes_bridge] compression requested "
+                f"session={session_id} messages={before_count} "
+                f"tokens={approx_tokens if approx_tokens is not None else 'unknown'} "
+                f"focus={kwargs.get('focus_topic') or ''}",
+                file=sys.stderr,
+                flush=True,
+            )
+            request_id = uuid.uuid4().hex
+            response_queue: queue.Queue[dict[str, Any]] = queue.Queue(maxsize=1)
+            with self._lock:
+                self._compression_requests[request_id] = response_queue
+            self._append_event(session_id, {
+                "event": "bridge.compression.requested",
+                "request_id": request_id,
+                "message_count": before_count,
+                "approx_tokens": approx_tokens,
+                "focus_topic": kwargs.get("focus_topic"),
+                "messages": _jsonable(messages),
+            })
+            try:
+                response = response_queue.get(timeout=180)
+                if response.get("error"):
+                    raise RuntimeError(str(response.get("error")))
+                compressed_messages = response.get("messages")
+                if not isinstance(compressed_messages, list):
+                    raise RuntimeError("bridge compression response missing messages")
+                next_system_message = response.get("system_message", system_message)
+                result_approx_tokens = self._estimate_context_tokens(agent, compressed_messages, next_system_message)
+                self._append_event(session_id, {
+                    "event": "bridge.compression.completed",
+                    "request_id": request_id,
+                    "message_count": before_count,
+                    "result_messages": len(compressed_messages),
+                    "approx_tokens": approx_tokens,
+                    "result_approx_tokens": result_approx_tokens,
+                    "compressed": True,
+                })
+                return compressed_messages, next_system_message
+            except queue.Empty:
+                self._append_event(session_id, {
+                    "event": "bridge.compression.failed",
+                    "request_id": request_id,
+                    "message_count": before_count,
+                    "approx_tokens": approx_tokens,
+                    "error": "bridge compression timed out",
+                })
+                raise RuntimeError("bridge compression timed out")
+            except Exception as exc:
+                self._append_event(session_id, {
+                    "event": "bridge.compression.failed",
+                    "request_id": request_id,
+                    "message_count": before_count,
+                    "approx_tokens": approx_tokens,
+                    "error": str(exc),
+                })
+                raise
+            finally:
+                with self._lock:
+                    self._compression_requests.pop(request_id, None)
+
+        agent._compress_context = wrapped_compress_context
+
+    def _agent_system_prompt(self, agent: Any, system_message: Any = None) -> str:
+        prompt = str(getattr(agent, "_cached_system_prompt", "") or "")
+        if prompt:
+            return prompt
+        try:
+            build_prompt = getattr(agent, "_build_system_prompt", None)
+            if callable(build_prompt):
+                return str(build_prompt(system_message) or "")
+        except Exception:
+            return str(system_message or "")
+        return str(system_message or "")
+
+    def _agent_tool_names(self, tools: Any) -> list[str]:
+        return _tool_names_from_definitions(tools)
+
+    def _mcp_tool_names(self, tool_names: Any) -> list[str]:
+        return _mcp_tool_names_from_names(tool_names)
+
+    def _estimate_context_info(self, agent: Any, messages: Any, system_message: Any = None) -> dict[str, Any]:
+        try:
+            from agent.model_metadata import estimate_request_tokens_rough
+        except Exception:
+            return {}
+
+        prompt = self._agent_system_prompt(agent, system_message)
+        tools = getattr(agent, "tools", None) or []
+        message_list = messages if isinstance(messages, list) else []
+        try:
+            tool_names = self._agent_tool_names(tools)
+            token_count = estimate_request_tokens_rough(message_list, system_prompt=prompt, tools=tools or None)
+            fixed_context_tokens = estimate_request_tokens_rough([], system_prompt=prompt, tools=tools or None)
+            system_prompt_tokens = estimate_request_tokens_rough([], system_prompt=prompt, tools=None)
+            tool_tokens = max(0, int(fixed_context_tokens or 0) - int(system_prompt_tokens or 0))
+            return {
+                "token_count": int(token_count) if isinstance(token_count, (int, float)) and token_count > 0 else None,
+                "fixed_context_tokens": int(fixed_context_tokens) if isinstance(fixed_context_tokens, (int, float)) and fixed_context_tokens >= 0 else None,
+                "system_prompt_tokens": int(system_prompt_tokens) if isinstance(system_prompt_tokens, (int, float)) and system_prompt_tokens >= 0 else None,
+                "tool_tokens": tool_tokens,
+                "message_count": len(message_list),
+                "tool_count": len(tools) if isinstance(tools, list) else 0,
+                "tool_names": tool_names,
+                "mcp_tool_count": len(self._mcp_tool_names(tool_names)),
+                "mcp_tool_names": self._mcp_tool_names(tool_names),
+                "system_prompt_chars": len(prompt),
+            }
+        except Exception:
+            return {}
+
+    def _estimate_context_tokens(self, agent: Any, messages: Any, system_message: Any = None) -> int | None:
+        token_count = self._estimate_context_info(agent, messages, system_message).get("token_count")
+        return int(token_count) if isinstance(token_count, (int, float)) and token_count > 0 else None
+
+    def _bridge_context_ready_event(self, session: AgentSession, instructions: str | None, profile: str | None) -> dict[str, Any]:
+        info = self._estimate_context_info(session.agent, [], instructions)
+        event = {
+            "event": "bridge.context.ready",
+            "session_id": session.session_id,
+            "profile": profile or session.config.get("profile") or "default",
+            "model": session.config.get("model"),
+            "provider": session.config.get("provider"),
+            **info,
+        }
+        session.config["context_info"] = event
+        return event
+
+    def estimate_context(
+        self,
+        session_id: str,
+        messages: list[dict[str, Any]] | None = None,
+        instructions: str | None = None,
+        profile: str | None = None,
+        model: str | None = None,
+        provider: str | None = None,
+    ) -> dict[str, Any]:
+        session = self.get_or_create(session_id, profile=profile, model=model, provider=provider)
+        context_info = self._estimate_context_info(session.agent, messages or [], instructions)
+        print(
+            "[hermes_bridge] context estimate "
+            f"session={session_id} profile={profile or 'default'} "
+            f"messages={len(messages or [])} system_prompt_chars={context_info.get('system_prompt_chars') or 0} "
+            f"tools={context_info.get('tool_count') or 0} "
+            f"fixed_tokens={context_info.get('fixed_context_tokens') if context_info.get('fixed_context_tokens') is not None else 'unknown'} "
+            f"tokens={context_info.get('token_count') if context_info.get('token_count') is not None else 'unknown'}",
+            file=sys.stderr,
+            flush=True,
+        )
+        return {
+            "session_id": session_id,
+            "profile": profile or session.config.get("profile") or "default",
+            "model": session.config.get("model"),
+            "provider": session.config.get("provider"),
+            **context_info,
+        }
+
+    def respond_compression(
+        self,
+        request_id: str,
+        messages: list[dict[str, Any]] | None = None,
+        system_message: str | None = None,
+        error: str | None = None,
+    ) -> dict[str, Any]:
+        with self._lock:
+            response_queue = self._compression_requests.get(request_id)
+        if response_queue is None:
+            raise RuntimeError(f"compression request {request_id} not found")
+        response_queue.put({
+            "messages": messages,
+            "system_message": system_message,
+            "error": error,
+        })
+        return {"request_id": request_id, "handled": True}
+
+    def _destroy_session(self, session_id: str) -> None:
+        session = self._sessions.pop(session_id, None)
+        if session is None:
+            return
+        with self._lock:
+            for rid in list(self._runs):
+                if self._runs[rid].session_id == session_id:
+                    del self._runs[rid]
+
+    def _append_event(self, session_id: str, event: dict[str, Any]) -> None:
+        with self._lock:
+            session = self._sessions.get(session_id)
+            run_id = session.current_run_id if session else None
+            if run_id and run_id in self._runs:
+                self._runs[run_id].events.append(_jsonable(event))
+
+    def _status_callback(self, session_id: str):
+        def callback(kind, text=None):
+            self._append_event(session_id, {"event": "status", "kind": str(kind), "text": None if text is None else str(text)})
+
+        return callback
+
+    def _text_event_callback(self, session_id: str, event_name: str):
+        def callback(text):
+            self._append_event(session_id, {"event": event_name, "text": str(text)})
+
+        return callback
+
+    def _make_thinking_callback(self, session_id: str):
+        """Create a thinking callback that never forwards spinner text as content.
+
+        The hermes-agent CLI uses thinking_callback for its KawaiiSpinner TUI
+        widget — sending decorative text like "(◕‿◕✿) pondering..." during
+        API calls.  This is pure CLI UX decoration; it has no place in Web UI
+        conversation history.
+
+        Prior behaviour forwarded this text as thinking.delta events, which the
+        frontend stored in the message reasoning field.  Over long conversations
+        this contaminated the model's context: the LLM learned to reproduce
+        kaomoji patterns, creating a self-reinforcing degradation loop.
+
+        This callback sends empty text unconditionally.  The model's real
+        reasoning content arrives through reasoning_callback → reasoning.delta,
+        which is unaffected.
+        """
+        def callback(text=None):
+            self._append_event(session_id, {"event": "thinking.delta", "text": ""})
+
+        return callback
+
+    def _tool_start_callback(self, session_id: str):
+        def callback(tool_call_id, function_name, function_args):
+            self._append_event(session_id, {
+                "event": "tool.started",
+                "tool_call_id": str(tool_call_id) if tool_call_id else "",
+                "tool_name": str(function_name) if function_name else "",
+                "args": _jsonable(function_args) if function_args else {},
+            })
+
+        return callback
+
+    def _tool_complete_callback(self, session_id: str):
+        def callback(tool_call_id, function_name, function_args, function_result=None):
+            result_text = "" if function_result is None else str(function_result)
+            print(
+                "[hermes_bridge] tool_complete_callback "
+                f"session={session_id} tool={function_name} "
+                f"tool_call_id={tool_call_id} result_none={function_result is None} "
+                f"result_len={len(result_text)}",
+                file=sys.stderr,
+                flush=True,
+            )
+            self._append_event(session_id, {
+                "event": "tool.completed",
+                "tool_call_id": str(tool_call_id) if tool_call_id else "",
+                "tool_name": str(function_name) if function_name else "",
+                "args": _jsonable(function_args) if function_args else {},
+                "result": _jsonable(function_result) if function_result is not None else None,
+                "result_preview": str(function_result)[:500] if function_result else None,
+            })
+
+        return callback
+
+    def _tool_progress_callback(self, session_id: str):
+        def callback(event_type, function_name=None, preview=None, function_args=None, **kwargs):
+            if event_type in (None, "tool.started", "tool.completed") or str(event_type or "").startswith("subagent."):
+                print(
+                    "[hermes_bridge] tool_progress_callback "
+                    f"session={session_id} event={event_type} tool={function_name} "
+                    f"kwargs_keys={sorted(kwargs.keys())} "
+                    f"preview_len={len(str(preview)) if preview is not None else 0}",
+                    file=sys.stderr,
+                    flush=True,
+                )
+            if event_type == "reasoning.available":
+                self._append_event(session_id, {
+                    "event": "reasoning.available",
+                    "text": str(preview) if preview else "",
+                })
+                return
+
+            if str(event_type or "").startswith("subagent."):
+                payload = {
+                    "event": str(event_type),
+                    "tool_name": str(function_name) if function_name else "",
+                    "text": str(preview) if preview is not None else "",
+                    "args": _jsonable(function_args) if function_args else {},
+                }
+                for key, value in kwargs.items():
+                    payload[str(key)] = _jsonable(value)
+                self._append_event(session_id, payload)
+                return
+
+            if event_type == "_thinking":
+                text = function_name
+                if text:
+                    self._append_event(session_id, {
+                        "event": "reasoning.delta",
+                        "text": str(text),
+                    })
+                return
+
+            if event_type in (None, "tool.started"):
+                # AIAgent also calls tool_start_callback with the real tool_call_id.
+                # Use that event as canonical so resume/replay can match results.
+                return
+
+            if event_type == "tool.completed":
+                # AIAgent sends the full function_result to tool_complete_callback.
+                return
+
+        return callback
+
+    def _step_callback(self, session_id: str):
+        def callback(step_info=None):
+            self._append_event(session_id, {
+                "event": "step",
+                "step_info": _jsonable(step_info) if step_info else None,
+            })
+
+        return callback
+
+    def _stream_delta_callback(self, session_id: str):
+        def callback(delta=None):
+            if delta is None:
+                # Turn boundary signal (tools about to execute)
+                self._append_event(session_id, {
+                    "event": "turn.boundary",
+                })
+                return
+            if delta:
+                self._append_event(session_id, {
+                    "event": "stream.delta",
+                    "delta": str(delta),
+                })
+
+        return callback
+
+    def _approval_callback(self, session_id: str):
+        def callback(command: str, description: str, *, allow_permanent: bool = True) -> str:
+            approval_id = uuid.uuid4().hex
+            response_queue: queue.Queue[str] = queue.Queue(maxsize=1)
+            with self._lock:
+                self._approval_requests[approval_id] = response_queue
+            choices = ["once", "session", "always", "deny"] if allow_permanent else ["once", "session", "deny"]
+            self._append_event(session_id, {
+                "event": "approval.requested",
+                "approval_id": approval_id,
+                "command": str(command or ""),
+                "description": str(description or ""),
+                "choices": choices,
+                "allow_permanent": bool(allow_permanent),
+                "timeout_ms": APPROVAL_TIMEOUT_MS,
+            })
+            try:
+                choice = response_queue.get(timeout=APPROVAL_TIMEOUT_SECONDS)
+            except queue.Empty:
+                choice = "deny"
+            finally:
+                with self._lock:
+                    self._approval_requests.pop(approval_id, None)
+            self._append_event(session_id, {
+                "event": "approval.resolved",
+                "approval_id": approval_id,
+                "choice": choice,
+            })
+            return choice
+
+        return callback
+
+    def _clarify_callback(self, session_id: str):
+        def callback(question: str, choices: list[str] | None = None) -> str:
+            clarify_id = uuid.uuid4().hex
+            response_queue: queue.Queue[str] = queue.Queue(maxsize=1)
+            with self._lock:
+                self._clarify_requests[clarify_id] = response_queue
+            self._append_event(session_id, {
+                "event": "clarify.requested",
+                "clarify_id": clarify_id,
+                "question": str(question or ""),
+                "choices": list(choices) if choices else None,
+                "timeout_ms": 300_000,
+            })
+            try:
+                user_response = response_queue.get(timeout=300)
+            except queue.Empty:
+                user_response = "[user did not respond within 5m]"
+            finally:
+                with self._lock:
+                    self._clarify_requests.pop(clarify_id, None)
+            return user_response
+
+        return callback
+
+    def _approval_dispatcher(self, command: str, description: str, *, allow_permanent: bool = True) -> str:
+        session_id = str(getattr(self._run_context, "session_id", "") or "")
+        if not session_id:
+            return "deny"
+        with self._lock:
+            handler = self._approval_handlers.get(session_id)
+        if handler is None:
+            return "deny"
+        return handler(command, description, allow_permanent=allow_permanent)
+
+    def _install_approval_dispatcher_for_current_thread(self) -> None:
+        from tools.terminal_tool import set_approval_callback
+
+        # terminal_tool stores callbacks in threading.local(), so each run
+        # thread must bind the shared dispatcher for itself.
+        set_approval_callback(self._approval_dispatcher)
+
+    def _enter_exec_ask_scope(self) -> None:
+        with self._lock:
+            if self._exec_ask_depth == 0:
+                self._exec_ask_previous = os.environ.get("HERMES_EXEC_ASK")
+                os.environ["HERMES_EXEC_ASK"] = "1"
+            self._exec_ask_depth += 1
+
+    def _exit_exec_ask_scope(self) -> None:
+        with self._lock:
+            if self._exec_ask_depth <= 0:
+                return
+            self._exec_ask_depth -= 1
+            if self._exec_ask_depth > 0:
+                return
+            previous = self._exec_ask_previous
+            self._exec_ask_previous = None
+            if previous is None:
+                os.environ.pop("HERMES_EXEC_ASK", None)
+            else:
+                os.environ["HERMES_EXEC_ASK"] = previous
+
+    def _gateway_approval_notify(self, session_id: str):
+        def callback(approval_data: dict[str, Any]) -> None:
+            approval_id = uuid.uuid4().hex
+            choices = ["once", "session", "always", "deny"]
+            with self._lock:
+                self._gateway_approval_requests[approval_id] = session_id
+            self._append_event(session_id, {
+                "event": "approval.requested",
+                "approval_id": approval_id,
+                "command": str(approval_data.get("command") or ""),
+                "description": str(approval_data.get("description") or ""),
+                "choices": choices,
+                "allow_permanent": True,
+                "timeout_ms": 300_000,
+            })
+
+        return callback
+
+    def _prepersist_user_message(
+        self,
+        session: AgentSession,
+        message: Any,
+        storage_message: Any | None,
+        conversation_history: list[dict[str, Any]] | None,
+        profile: str | None,
+        source: str | None = None,
+    ) -> bool:
+        persist_message = storage_message if storage_message is not None else message
+        user_content = str(persist_message) if not isinstance(persist_message, dict) else str(persist_message.get("content", persist_message))
+        if not user_content.strip():
+            return False
+
+        db = self._db.get_for_profile(profile)
+        if db is None:
+            return False
+
+        history_len = len(conversation_history) if conversation_history else 0
+
+        try:
+            if hasattr(db, "create_session"):
+                db.create_session(
+                    session_id=session.session_id,
+                    source=source or _bridge_platform(),
+                    model=session.config.get("model"),
+                )
+
+            if hasattr(db, "get_messages"):
+                messages = db.get_messages(session.session_id)
+                if messages:
+                    last = messages[-1]
+                    if last.get("role") == "user" and last.get("content") == user_content:
+                        self._align_prepersist_flush_cursor(session, history_len)
+                        return False
+
+            db.append_message(
+                session_id=session.session_id,
+                role="user",
+                content=user_content,
+            )
+
+            # AIAgent will build messages as conversation_history + current user.
+            # Since the current user was pre-persisted above, align the flush
+            # cursor so the normal end-of-turn flush starts at assistant/tool
+            # messages generated by this run.
+            self._align_prepersist_flush_cursor(session, history_len)
+            return True
+        except Exception:
+            return False
+
+    def _align_prepersist_flush_cursor(self, session: AgentSession, history_len: int) -> None:
+        try:
+            session.agent._last_flushed_db_idx = history_len + 1
+        except Exception:
+            pass
+
+    def _session_db_message_count(self, session_id: str, profile: str | None) -> int | None:
+        db = self._db.get_for_profile(profile)
+        if db is None or not hasattr(db, "get_messages"):
+            return None
+        try:
+            return len(db.get_messages(session_id) or [])
+        except Exception:
+            return None
+
+    def _sync_result_tail_to_session_db(
+        self,
+        session: AgentSession,
+        result: dict[str, Any],
+        conversation_history: list[dict[str, Any]] | None,
+        profile: str | None,
+        db_count_after_prepersist: int | None,
+    ) -> None:
+        db = self._db.get_for_profile(profile)
+        if db is None or db_count_after_prepersist is None:
+            return
+
+        after_count = self._session_db_message_count(session.session_id, profile)
+        if after_count is None or after_count > db_count_after_prepersist:
+            return
+
+        messages = result.get("messages")
+        if not isinstance(messages, list):
+            return
+
+        history_len = len(conversation_history) if conversation_history else 0
+        generated = [
+            msg for msg in messages[history_len + 1:]
+            if isinstance(msg, dict) and msg.get("role") in {"assistant", "tool"}
+        ]
+        if not generated:
+            return
+
+        appended = 0
+        for msg in generated:
+            try:
+                db.append_message(
+                    session_id=session.session_id,
+                    role=str(msg.get("role") or "assistant"),
+                    content=msg.get("content"),
+                    tool_name=msg.get("tool_name"),
+                    tool_calls=msg.get("tool_calls") if isinstance(msg.get("tool_calls"), list) else None,
+                    tool_call_id=msg.get("tool_call_id"),
+                    finish_reason=msg.get("finish_reason"),
+                    reasoning=msg.get("reasoning") if msg.get("role") == "assistant" else None,
+                    reasoning_content=msg.get("reasoning_content") if msg.get("role") == "assistant" else None,
+                    reasoning_details=msg.get("reasoning_details") if msg.get("role") == "assistant" else None,
+                    codex_reasoning_items=msg.get("codex_reasoning_items") if msg.get("role") == "assistant" else None,
+                    codex_message_items=msg.get("codex_message_items") if msg.get("role") == "assistant" else None,
+                )
+                appended += 1
+            except Exception:
+                break
+
+        if appended:
+            print(
+                "[hermes_bridge] synced missing result tail to session db "
+                f"session={session.session_id} appended={appended}",
+                file=sys.stderr,
+                flush=True,
+            )
+
+    def start_chat(
+        self,
+        session_id: str,
+        message: Any,
+        storage_message: Any | None = None,
+        instructions: str | None = None,
+        conversation_history: list[dict[str, Any]] | None = None,
+        profile: str | None = None,
+        force_compress: bool = False,
+        model: str | None = None,
+        provider: str | None = None,
+        source: str | None = None,
+    ) -> RunRecord:
+        session = self.get_or_create(session_id, profile=profile, model=model, provider=provider)
+        with session.lock:
+            if session.running:
+                raise RuntimeError(f"session {session_id} is already running")
+            run_id = uuid.uuid4().hex
+            record = RunRecord(run_id=run_id, session_id=session_id)
+            with self._lock:
+                self._runs[run_id] = record
+            session.running = True
+            session.current_run_id = run_id
+            session.last_used_at = time.time()
+            context_event = self._bridge_context_ready_event(session, instructions, profile)
+            if context_event:
+                record.events.append(_jsonable(context_event))
+
+        thread = threading.Thread(
+            target=self._run_chat,
+            args=(session, record, message, storage_message, instructions, conversation_history, profile, force_compress, source),
+            daemon=True,
+            name=f"hermes-bridge-run-{run_id[:8]}",
+        )
+        thread.start()
+        return record
+
+    def _run_chat(self, session: AgentSession, record: RunRecord, message: Any, storage_message: Any | None = None, instructions: str | None = None, conversation_history: list[dict[str, Any]] | None = None, profile: str | None = None, force_compress: bool = False, source: str | None = None) -> None:
+        with _profile_env(profile):
+            def stream_callback(delta: str) -> None:
+                with self._lock:
+                    text = str(delta)
+                    # Keep `deltas` for the aggregated `output`/resume snapshot,
+                    # AND record each text chunk as an ordered event in the SAME
+                    # `events` list used by tool.started/tool.completed. Text and
+                    # tool events were previously tracked in two parallel lists
+                    # with no relative ordering, so when the model interleaved
+                    # narration and tool calls ("text → tool → more text") the
+                    # consumer reordered them — processing all events before the
+                    # aggregated delta — which visibly split a word across the
+                    # tool boundary. Recording text as ordered events preserves
+                    # the true interleaving.
+                    record.deltas.append(text)
+                    if text:
+                        record.events.append({"event": "stream.delta", "delta": text})
+
+            approval_session_token = None
+            registered_gateway_approval_session = None
+            exec_ask_scope_entered = False
+            try:
+                try:
+                    self._enter_exec_ask_scope()
+                    exec_ask_scope_entered = True
+                    self._install_approval_dispatcher_for_current_thread()
+                    with self._lock:
+                        self._approval_handlers[session.session_id] = self._approval_callback(session.session_id)
+                    self._run_context.session_id = session.session_id
+                except Exception:
+                    self._run_context.session_id = session.session_id
+                try:
+                    from tools.approval import register_gateway_notify, set_current_session_key
+
+                    approval_session_token = set_current_session_key(session.session_id)
+                    register_gateway_notify(session.session_id, self._gateway_approval_notify(session.session_id))
+                    registered_gateway_approval_session = session.session_id
+                except Exception:
+                    pass
+                self._prepersist_user_message(session, message, storage_message, conversation_history, profile, source)
+                db_count_after_prepersist = self._session_db_message_count(session.session_id, profile)
+                if force_compress:
+                    compress = getattr(session.agent, "_compress_context", None)
+                    if callable(compress):
+                        compressed_history, compressed_system = compress(
+                            conversation_history if isinstance(conversation_history, list) else [],
+                            instructions,
+                            approx_tokens=None,
+                            focus_topic="debug_force_compress",
+                        )
+                        if isinstance(compressed_history, list):
+                            conversation_history = compressed_history
+                        if isinstance(compressed_system, str):
+                            instructions = compressed_system
+                kwargs: dict[str, Any] = dict(
+                    task_id=session.session_id,
+                    stream_callback=stream_callback,
+                )
+                if instructions:
+                    kwargs["system_message"] = instructions
+                if conversation_history is not None:
+                    kwargs["conversation_history"] = conversation_history
+                result = session.agent.run_conversation(
+                    message,
+                    **kwargs,
+                )
+                result = _jsonable(result if isinstance(result, dict) else {"value": result})
+                self._sync_result_tail_to_session_db(
+                    session,
+                    result,
+                    conversation_history,
+                    profile,
+                    db_count_after_prepersist,
+                )
+                with session.lock:
+                    if isinstance(result.get("messages"), list):
+                        session.history = result["messages"]
+                    record.status = "interrupted" if result.get("interrupted") else "complete"
+                    record.result = result
+                    record.ended_at = time.time()
+                    session.running = False
+                    session.current_run_id = None
+                    session.last_used_at = time.time()
+            except Exception as exc:
+                with session.lock:
+                    record.status = "error"
+                    record.error = str(exc)
+                    record.result = {"error": str(exc), "traceback": traceback.format_exc()}
+                    record.ended_at = time.time()
+                    session.running = False
+                    session.current_run_id = None
+                    session.last_used_at = time.time()
+            finally:
+                with self._lock:
+                    self._approval_handlers.pop(session.session_id, None)
+                try:
+                    del self._run_context.session_id
+                except AttributeError:
+                    pass
+                if approval_session_token is not None:
+                    try:
+                        from tools.approval import reset_current_session_key, unregister_gateway_notify
+
+                        if registered_gateway_approval_session is not None:
+                            unregister_gateway_notify(registered_gateway_approval_session)
+                        reset_current_session_key(approval_session_token)
+                    except Exception:
+                        pass
+                if exec_ask_scope_entered:
+                    self._exit_exec_ask_scope()
+
+    def interrupt(self, session_id: str, message: str | None = None) -> dict[str, Any]:
+        with self._lock:
+            session = self._sessions.get(session_id)
+        if session is None:
+            raise KeyError(f"unknown session: {session_id}")
+        if not hasattr(session.agent, "interrupt"):
+            raise RuntimeError("agent does not support interrupt")
+        session.agent.interrupt(message)
+        deadline = time.time() + 10.0
+        synced = False
+        while time.time() < deadline:
+            with session.lock:
+                if not session.running:
+                    synced = True
+                    break
+            time.sleep(0.05)
+        return {"status": "interrupted", "session_id": session_id, "synced": synced}
+
+    def steer(self, session_id: str, text: str) -> dict[str, Any]:
+        with self._lock:
+            session = self._sessions.get(session_id)
+        if session is None:
+            raise KeyError(f"unknown session: {session_id}")
+        if not hasattr(session.agent, "steer"):
+            raise RuntimeError("agent does not support steer")
+        accepted = bool(session.agent.steer(text))
+        return {"status": "queued" if accepted else "rejected", "accepted": accepted, "text": text}
+
+    def respond_approval(self, approval_id: str, choice: str) -> dict[str, Any]:
+        cleaned = str(choice or "deny").strip().lower()
+        if cleaned not in {"once", "session", "always", "deny"}:
+            cleaned = "deny"
+        with self._lock:
+            response_queue = self._approval_requests.get(approval_id)
+        if response_queue is None:
+            with self._lock:
+                gateway_session_id = self._gateway_approval_requests.pop(approval_id, None)
+            if gateway_session_id is None:
+                return {"approval_id": approval_id, "resolved": False, "choice": cleaned}
+            try:
+                from tools.approval import resolve_gateway_approval
+
+                resolved = resolve_gateway_approval(gateway_session_id, cleaned) > 0
+            except Exception:
+                resolved = False
+            self._append_event(gateway_session_id, {
+                "event": "approval.resolved",
+                "approval_id": approval_id,
+                "choice": cleaned,
+            })
+            return {"approval_id": approval_id, "resolved": resolved, "choice": cleaned}
+        try:
+            response_queue.put_nowait(cleaned)
+        except queue.Full:
+            pass
+        return {"approval_id": approval_id, "resolved": True, "choice": cleaned}
+
+    def respond_clarify(self, clarify_id: str, response: str) -> dict[str, Any]:
+        with self._lock:
+            response_queue = self._clarify_requests.get(clarify_id)
+        if response_queue is None:
+            return {"clarify_id": clarify_id, "resolved": False}
+        try:
+            response_queue.put_nowait(response)
+        except queue.Full:
+            pass
+        return {"clarify_id": clarify_id, "resolved": True}
+
+    def get_history(self, session_id: str) -> dict[str, Any]:
+        with self._lock:
+            session = self._sessions.get(session_id)
+        if session is None:
+            raise KeyError(f"unknown session: {session_id}")
+        with session.lock:
+            return {"session_id": session_id, "history": copy.deepcopy(session.history)}
+
+    def dispatch_command(self, session_id: str, command: str, profile: str | None = None) -> dict[str, Any]:
+        raw = str(command or "").strip()
+        if raw.startswith("/"):
+            raw = raw[1:].strip()
+        if not raw:
+            raise ValueError("command is required")
+
+        parts = raw.split(maxsplit=1)
+        name = parts[0].lstrip("/").strip().lower()
+        arg = parts[1] if len(parts) > 1 else ""
+
+        with _profile_env(profile):
+            if name == "goal":
+                return self._dispatch_goal_command(session_id, arg)
+            if name == "subgoal":
+                return self._dispatch_subgoal_command(session_id, arg)
+
+            try:
+                try:
+                    from agent.skill_bundles import (
+                        build_bundle_invocation_message,
+                        resolve_bundle_command_key,
+                    )
+
+                    bundle_key = resolve_bundle_command_key(name)
+                    if bundle_key:
+                        bundle_result = build_bundle_invocation_message(
+                            bundle_key,
+                            arg,
+                            task_id=session_id,
+                        )
+                        if bundle_result:
+                            message, loaded_names, missing_names = bundle_result
+                            return {
+                                "session_id": session_id,
+                                "command": name,
+                                "handled": True,
+                                "type": "bundle",
+                                "message": message,
+                                "loaded": loaded_names,
+                                "missing": missing_names,
+                            }
+                except ImportError:
+                    pass
+
+                from agent.skill_commands import (
+                    build_skill_invocation_message,
+                    resolve_skill_command_key,
+                )
+
+                key = resolve_skill_command_key(name)
+                if key:
+                    message = build_skill_invocation_message(
+                        key,
+                        arg,
+                        task_id=session_id,
+                        runtime_note=(
+                            "If you need user clarification, call the clarify tool. "
+                            "Do not output raw JSON question/choices payloads as the final response."
+                        ),
+                    )
+                    if message:
+                        return {
+                            "session_id": session_id,
+                            "command": name,
+                            "handled": True,
+                            "type": "skill",
+                            "message": message,
+                        }
+            except Exception as exc:
+                raise RuntimeError(f"skill command dispatch failed: {exc}") from exc
+
+        return {
+            "session_id": session_id,
+            "command": name,
+            "handled": False,
+            "message": f"not a supported bridge command: /{name}",
+        }
+
+    def _goal_max_turns_from_config(self) -> int:
+        try:
+            from hermes_cli.config import load_config
+
+            goals_cfg = (load_config() or {}).get("goals") or {}
+            return int(goals_cfg.get("max_turns", 20) or 20)
+        except Exception:
+            return 20
+
+    def _goal_manager(self, session_id: str):
+        from hermes_cli.goals import GoalManager
+
+        return GoalManager(
+            session_id=session_id,
+            default_max_turns=self._goal_max_turns_from_config(),
+        )
+
+    def _dispatch_goal_command(self, session_id: str, arg: str) -> dict[str, Any]:
+        mgr = self._goal_manager(session_id)
+        clean_arg = str(arg or "").strip()
+        lower = clean_arg.lower()
+
+        if not clean_arg or lower == "status":
+            return {
+                "session_id": session_id,
+                "command": "goal",
+                "handled": True,
+                "type": "goal",
+                "action": "goal_status",
+                "message": mgr.status_line(),
+            }
+
+        if lower == "pause":
+            state = mgr.pause(reason="user-paused")
+            return {
+                "session_id": session_id,
+                "command": "goal",
+                "handled": True,
+                "type": "goal",
+                "action": "pause",
+                "message": f"⏸ Goal paused: {state.goal}" if state else "No goal set.",
+                "clear_goal_continuations": True,
+            }
+
+        if lower == "resume":
+            state = mgr.resume()
+            prompt = mgr.next_continuation_prompt() if state else None
+            return {
+                "session_id": session_id,
+                "command": "goal",
+                "handled": True,
+                "type": "goal",
+                "action": "resume",
+                "message": f"▶ Goal resumed: {state.goal}" if state else "No goal to resume.",
+                "kickoff_prompt": prompt,
+                "max_turns": state.max_turns if state else None,
+            }
+
+        if lower in {"clear", "stop", "done"}:
+            had = mgr.has_goal()
+            mgr.clear()
+            return {
+                "session_id": session_id,
+                "command": "goal",
+                "handled": True,
+                "type": "goal",
+                "action": "clear",
+                "message": "✓ Goal cleared." if had else "No active goal.",
+                "clear_goal_continuations": True,
+            }
+
+        try:
+            state = mgr.set(clean_arg)
+        except ValueError as exc:
+            return {
+                "session_id": session_id,
+                "command": "goal",
+                "handled": True,
+                "type": "goal",
+                "action": "set",
+                "message": f"Invalid goal: {exc}",
+            }
+
+        return {
+            "session_id": session_id,
+            "command": "goal",
+            "handled": True,
+            "type": "goal",
+            "action": "set",
+            "message": (
+                f"⊙ Goal set ({state.max_turns}-turn budget): {state.goal}\n"
+                "After each turn, a judge model will check if the goal is done. "
+                "Hermes keeps working until it is, you pause/clear it, or the budget is exhausted."
+            ),
+            "kickoff_prompt": state.goal,
+            "max_turns": state.max_turns,
+        }
+
+    def _dispatch_subgoal_command(self, session_id: str, arg: str) -> dict[str, Any]:
+        mgr = self._goal_manager(session_id)
+        clean_arg = str(arg or "").strip()
+        if not mgr.has_goal():
+            return {
+                "session_id": session_id,
+                "command": "subgoal",
+                "handled": True,
+                "type": "goal",
+                "action": "subgoal",
+                "message": "No active goal. Set one with /goal <text>.",
+            }
+
+        if not clean_arg:
+            return {
+                "session_id": session_id,
+                "command": "subgoal",
+                "handled": True,
+                "type": "goal",
+                "action": "subgoal_status",
+                "message": f"{mgr.status_line()}\n{mgr.render_subgoals()}",
+            }
+
+        tokens = clean_arg.split(None, 1)
+        verb = tokens[0].lower()
+        rest = tokens[1].strip() if len(tokens) > 1 else ""
+
+        if verb == "remove":
+            if not rest:
+                message = "Usage: /subgoal remove <n>"
+            else:
+                try:
+                    idx = int(rest.split()[0])
+                    removed = mgr.remove_subgoal(idx)
+                    message = f"✓ Removed subgoal {idx}: {removed}"
+                except ValueError:
+                    message = "/subgoal remove: <n> must be an integer (1-based index)."
+                except (IndexError, RuntimeError) as exc:
+                    message = f"/subgoal remove: {exc}"
+            return {
+                "session_id": session_id,
+                "command": "subgoal",
+                "handled": True,
+                "type": "goal",
+                "action": "subgoal_remove",
+                "message": message,
+            }
+
+        if verb == "clear":
+            try:
+                prev = mgr.clear_subgoals()
+                message = f"✓ Cleared {prev} subgoal{'s' if prev != 1 else ''}." if prev else "No subgoals to clear."
+            except RuntimeError as exc:
+                message = f"/subgoal clear: {exc}"
+            return {
+                "session_id": session_id,
+                "command": "subgoal",
+                "handled": True,
+                "type": "goal",
+                "action": "subgoal_clear",
+                "message": message,
+            }
+
+        try:
+            text = mgr.add_subgoal(clean_arg)
+            idx = len(mgr.state.subgoals) if mgr.state else 0
+            message = f"✓ Added subgoal {idx}: {text}"
+        except (ValueError, RuntimeError) as exc:
+            message = f"/subgoal: {exc}"
+
+        return {
+            "session_id": session_id,
+            "command": "subgoal",
+            "handled": True,
+            "type": "goal",
+            "action": "subgoal_add",
+            "message": message,
+        }
+
+    def evaluate_goal(self, session_id: str, final_response: str, profile: str | None = None) -> dict[str, Any]:
+        with _profile_env(profile):
+            mgr = self._goal_manager(session_id)
+            if not mgr.is_active():
+                return {
+                    "session_id": session_id,
+                    "handled": True,
+                    "active": False,
+                    "should_continue": False,
+                    "continuation_prompt": None,
+                    "message": "",
+                    "verdict": "inactive",
+                }
+            decision = mgr.evaluate_after_turn(str(final_response or ""), user_initiated=True)
+            return {
+                "session_id": session_id,
+                "handled": True,
+                "active": mgr.is_active(),
+                **decision,
+            }
+
+    def pause_goal(self, session_id: str, reason: str, profile: str | None = None) -> dict[str, Any]:
+        with _profile_env(profile):
+            clean_reason = str(reason or "").strip() or "paused"
+            mgr = self._goal_manager(session_id)
+            state = mgr.pause(reason=clean_reason)
+            return {
+                "session_id": session_id,
+                "command": "goal",
+                "handled": True,
+                "type": "goal",
+                "action": "pause",
+                "active": mgr.is_active(),
+                "status": state.status if state else None,
+                "reason": clean_reason,
+                "message": f"⏸ Goal paused: {state.goal}" if state else "No goal set.",
+                "clear_goal_continuations": True,
+            }
+
+    def get_result(self, run_id: str) -> dict[str, Any]:
+        with self._lock:
+            record = self._runs.get(run_id)
+        if record is None:
+            raise KeyError(f"unknown run: {run_id}")
+        return {
+            "run_id": record.run_id,
+            "session_id": record.session_id,
+            "status": record.status,
+            "started_at": record.started_at,
+            "ended_at": record.ended_at,
+            "output": "".join(record.deltas),
+            "deltas": list(record.deltas),
+            "events": list(record.events),
+            "result": record.result,
+            "error": record.error,
+        }
+
+    def get_output(self, run_id: str, cursor: int = 0, event_cursor: int = 0) -> dict[str, Any]:
+        with self._lock:
+            record = self._runs.get(run_id)
+        if record is None:
+            raise KeyError(f"unknown run: {run_id}")
+        cursor = max(0, int(cursor or 0))
+        deltas = list(record.deltas)
+        next_cursor = len(deltas)
+        event_cursor = max(0, int(event_cursor or 0))
+        events = list(record.events)
+        new_events = _jsonable(events[event_cursor:])
+        next_event_cursor = len(events)
+        return {
+            "run_id": record.run_id,
+            "session_id": record.session_id,
+            "status": record.status,
+            "delta": "".join(deltas[cursor:]),
+            "cursor": next_cursor,
+            "output": "".join(deltas),
+            "done": record.status != "running",
+            "result": record.result if record.status != "running" else None,
+            "error": record.error,
+            "events": new_events,
+            "event_cursor": next_event_cursor,
+        }
+
+    def destroy(self, session_id: str) -> dict[str, Any]:
+        with self._lock:
+            session = self._sessions.pop(session_id, None)
+        if session is None:
+            return {"session_id": session_id, "destroyed": False}
+        if session.running and hasattr(session.agent, "interrupt"):
+            try:
+                session.agent.interrupt("Session destroyed")
+            except Exception:
+                pass
+        return {"session_id": session_id, "destroyed": True}
+
+    def destroy_all(self) -> dict[str, Any]:
+        with self._lock:
+            ids = list(self._sessions.keys())
+        destroyed = []
+        for sid in ids:
+            result = self.destroy(sid)
+            destroyed.append(result)
+        return {"destroyed": len(destroyed)}
+
+    def status(self, session_id: str) -> dict[str, Any]:
+        with self._lock:
+            session = self._sessions.get(session_id)
+        if session is None:
+            return {
+                "session_id": session_id,
+                "exists": False,
+                "running": False,
+                "message_count": 0,
+            }
+        with session.lock:
+            return {
+                "session_id": session_id,
+                "exists": True,
+                "running": session.running,
+                "current_run_id": session.current_run_id,
+                "created_at": session.created_at,
+                "last_used_at": session.last_used_at,
+                "message_count": len(session.history),
+                "config": session.config,
+            }
+
+    def list_sessions(self) -> dict[str, Any]:
+        with self._lock:
+            sessions = list(self._sessions.values())
+        return {
+            "sessions": [
+                {
+                    "session_id": s.session_id,
+                    "running": s.running,
+                    "current_run_id": s.current_run_id,
+                    "created_at": s.created_at,
+                    "last_used_at": s.last_used_at,
+                    "message_count": len(s.history),
+                    "config": s.config,
+                }
+                for s in sessions
+            ]
+        }
+
+
+class BridgeServer:
+    IDLE_TIMEOUT_SECONDS = 30 * 60  # 30 minutes
+    GC_INTERVAL_SECONDS = 60  # check every minute
+
+    def __init__(self, endpoint: str) -> None:
+        self.endpoint = endpoint
+        self.pool = AgentPool()
+        self._stop = threading.Event()
+        self._last_gc = time.time()
+
+    def handle(self, req: dict[str, Any]) -> dict[str, Any]:
+        action = str(req.get("action") or "").strip()
+        if not action:
+            raise ValueError("action is required")
+
+        if action == "ping":
+            with self.pool._lock:
+                sessions = list(self.pool._sessions.values())
+            running_sessions = sum(1 for session in sessions if session.running)
+            return {
+                "pong": True,
+                "time": time.time(),
+                "pid": os.getpid(),
+                "agent_root": str(_agent_root()),
+                "profile": _worker_profile() or "default",
+                "hermes_home": str(_hermes_home()),
+                "session_count": len(sessions),
+                "running_session_count": running_sessions,
+            }
+
+        if action == "chat":
+            session_id = str(req.get("session_id") or "").strip() or uuid.uuid4().hex
+            message = req.get("message", req.get("input", ""))
+            storage_message = req.get("storage_message")
+            instructions = req.get("instructions") or req.get("system_message")
+            conversation_history = req.get("conversation_history")
+            profile = req.get("profile")
+            model = req.get("model")
+            provider = req.get("provider")
+            source = req.get("source")
+            record = self.pool.start_chat(
+                session_id,
+                message,
+                storage_message,
+                instructions,
+                conversation_history,
+                profile,
+                bool(req.get("force_compress")),
+                model,
+                provider,
+                source,
+            )
+            if req.get("wait"):
+                timeout = float(req.get("timeout", 0) or 0)
+                deadline = time.time() + timeout if timeout > 0 else None
+                while record.status == "running":
+                    if deadline is not None and time.time() >= deadline:
+                        break
+                    time.sleep(0.05)
+                return self.pool.get_result(record.run_id)
+            return {"run_id": record.run_id, "session_id": session_id, "status": record.status}
+
+        if action == "context_estimate":
+            session_id = str(req.get("session_id") or "").strip() or uuid.uuid4().hex
+            messages = req.get("messages") or req.get("conversation_history") or []
+            if not isinstance(messages, list):
+                raise ValueError("messages must be a list")
+            return self.pool.estimate_context(
+                session_id,
+                messages=messages,
+                instructions=req.get("instructions") or req.get("system_message"),
+                profile=req.get("profile"),
+                model=req.get("model"),
+                provider=req.get("provider"),
+            )
+
+        if action == "get_result":
+            return self.pool.get_result(str(req.get("run_id") or ""))
+
+        if action == "get_output":
+            return self.pool.get_output(
+                str(req.get("run_id") or ""),
+                int(req.get("cursor") or 0),
+                int(req.get("event_cursor") or 0),
+            )
+
+        if action == "interrupt":
+            return self.pool.interrupt(str(req.get("session_id") or ""), req.get("message"))
+
+        if action == "steer":
+            text = str(req.get("text") or req.get("message") or "").strip()
+            if not text:
+                raise ValueError("text is required")
+            return self.pool.steer(str(req.get("session_id") or ""), text)
+
+        if action == "approval_respond":
+            approval_id = str(req.get("approval_id") or "").strip()
+            if not approval_id:
+                raise ValueError("approval_id is required")
+            return self.pool.respond_approval(approval_id, str(req.get("choice") or "deny"))
+
+        if action == "clarify_respond":
+            clarify_id = str(req.get("clarify_id") or "").strip()
+            if not clarify_id:
+                raise ValueError("clarify_id is required")
+            response = str(req.get("response") or "").strip()
+            return self.pool.respond_clarify(clarify_id, response)
+
+        if action == "compression_respond":
+            request_id = str(req.get("request_id") or "").strip()
+            if not request_id:
+                raise ValueError("request_id is required")
+            messages = req.get("messages")
+            if messages is not None and not isinstance(messages, list):
+                raise ValueError("messages must be a list")
+            return self.pool.respond_compression(
+                request_id,
+                messages=messages,
+                system_message=req.get("system_message"),
+                error=req.get("error"),
+            )
+
+        if action == "get_history":
+            return self.pool.get_history(str(req.get("session_id") or ""))
+
+        if action == "command":
+            session_id = str(req.get("session_id") or "").strip()
+            if not session_id:
+                raise ValueError("session_id is required")
+            return self.pool.dispatch_command(
+                session_id,
+                str(req.get("command") or ""),
+                req.get("profile"),
+            )
+
+        if action == "goal_evaluate":
+            session_id = str(req.get("session_id") or "").strip()
+            if not session_id:
+                raise ValueError("session_id is required")
+            return self.pool.evaluate_goal(
+                session_id,
+                str(req.get("final_response") or ""),
+                req.get("profile"),
+            )
+
+        if action == "goal_pause":
+            session_id = str(req.get("session_id") or "").strip()
+            if not session_id:
+                raise ValueError("session_id is required")
+            return self.pool.pause_goal(
+                session_id,
+                str(req.get("reason") or ""),
+                req.get("profile"),
+            )
+
+        if action == "status":
+            return self.pool.status(str(req.get("session_id") or ""))
+
+        if action == "destroy":
+            return self.pool.destroy(str(req.get("session_id") or ""))
+
+        if action == "destroy_all":
+            return self.pool.destroy_all()
+
+        if action == "list":
+            return self.pool.list_sessions()
+
+        if action == "shutdown":
+            self._stop.set()
+            return {"status": "shutting_down"}
+
+        # ───── MCP Management (forwarded from broker) ─────
+        if action.startswith("mcp_"):
+            return self._handle_mcp_action(action, req, req.get("profile"))
+
+        raise ValueError(f"unknown action: {action}")
+
+    # ───── MCP Management Methods (for BridgeServer worker process) ─────
+
+    def _read_mcp_config(self, profile=None):
+        """Read config.yaml for the given profile."""
+        import yaml
+        config_path = _profile_home(profile) / "config.yaml"
+        try:
+            with open(config_path, encoding="utf-8") as f:
+                return yaml.safe_load(f) or {}
+        except Exception:
+            return {}
+
+    def _save_mcp_config(self, cfg, profile=None):
+        """Save config.yaml for the given profile using atomic write."""
+        import yaml
+        from utils import atomic_yaml_write
+        config_path = _profile_home(profile) / "config.yaml"
+        config_path.parent.mkdir(parents=True, exist_ok=True)
+        try:
+            atomic_yaml_write(config_path, cfg, sort_keys=False)
+        except Exception as e:
+            raise RuntimeError(f"Failed to save config to {config_path}: {e}")
+
+    @staticmethod
+    def _run_mcp_discovery_bg(discover_fn, profile: str | None = None):
+        """Run MCP discovery in a background thread to avoid blocking."""
+        def _bg():
+            original = _apply_profile_env(profile)
+            try:
+                discover_fn()
+            except Exception as e:
+                print(f"[mcp-discovery-bg] failed: {e}", file=sys.stderr, flush=True)
+            finally:
+                _restore_profile_env(original)
+        threading.Thread(target=_bg, daemon=True).start()
+
+    def _handle_mcp_action(self, action: str, req: dict[str, Any], profile: str | None = None) -> dict[str, Any]:
+        """Handle MCP management actions in worker process."""
+        try:
+            from tools.mcp_tool import discover_mcp_tools, register_mcp_servers, _run_on_mcp_loop, _servers, _lock
+        except ImportError:
+            return {"error": "MCP tool module not available", "ok": False}
+
+        if profile is None:
+            profile = _worker_profile() or "default"
+
+        dispatch = {
+            "mcp_list":            lambda: self._mcp_list(profile, _servers, _lock),
+            "mcp_server_add":      lambda: self._mcp_server_add(req, profile, discover_mcp_tools),
+            "mcp_server_update":   lambda: self._mcp_server_update(req, profile, _servers, _lock, _run_on_mcp_loop, discover_mcp_tools),
+            "mcp_server_remove":   lambda: self._mcp_server_remove(req, profile, _servers, _lock, _run_on_mcp_loop),
+            "mcp_server_test":     lambda: self._mcp_server_test(req, _servers, _lock),
+            "mcp_tools_list":      lambda: self._mcp_tools_list(req, profile, _servers, _lock),
+            "mcp_reload":          lambda: self._mcp_reload(req, profile, _servers, _lock, _run_on_mcp_loop, discover_mcp_tools, register_mcp_servers),
+        }
+        handler = dispatch.get(action)
+        if handler:
+            return handler()
+        return {"error": f"unknown MCP action: {action}", "ok": False}
+
+    # ───── MCP sub-handlers ─────
+
+    def _build_server_entry(self, name: str, cfg: dict, connected: bool = False,
+                            tools_count: int = 0, registered_count: int = 0,
+                            raw_names: list | None = None, registered_names: list | None = None,
+                            tool_details: list | None = None,
+                            error: str | None = None) -> dict[str, Any]:
+        """Build a normalized server entry dict for API responses."""
+        transport = "http" if cfg.get("url") else "stdio"
+        return {
+            "name": name,
+            "transport": transport,
+            "connected": connected,
+            "tools": tools_count,
+            "tools_registered": registered_count,
+            "tool_names": raw_names or [],
+            "tool_names_registered": registered_names or [],
+            "tool_details": tool_details or [],
+            "error": error,
+            "raw_config": cfg if isinstance(cfg, dict) else {},
+        }
+
+    def _mcp_list(self, profile: str, _servers, _lock) -> dict[str, Any]:
+        servers = []
+        total_tools = 0
+
+        config = self._read_mcp_config(profile)
+        mcp_configs = config.get("mcp_servers", {}) or {} if config else {}
+        profile_server_names = set(mcp_configs.keys())
+
+        with _lock:
+            server_snapshot = list(_servers.items())
+        for name, task in server_snapshot:
+            if name not in profile_server_names:
+                continue
+            raw_tool_names = []
+            try:
+                for mcp_tool in getattr(task, "_tools", []):
+                    if hasattr(mcp_tool, "name"):
+                        raw_tool_names.append(mcp_tool.name)
+            except Exception:
+                pass
+            registered = list(getattr(task, "_registered_tool_names", None) or [])
+            if not registered:
+                registered = list(raw_tool_names)
+            t = getattr(task, "_task", None)
+            connected = bool(t and not t.done())
+            err = getattr(task, "_error", None)
+            cfg = getattr(task, "_config", {})
+            # Build filtered tool_details (name + description) for card display
+            srv_cfg = mcp_configs.get(name, {}) if isinstance(mcp_configs.get(name), dict) else {}
+            tools_filter = srv_cfg.get("tools") if isinstance(srv_cfg.get("tools"), dict) else {}
+            has_include_filter = "include" in tools_filter
+            has_exclude_filter = "exclude" in tools_filter
+            include_set = set(tools_filter.get("include") or [])
+            exclude_set = set(tools_filter.get("exclude") or [])
+            tool_details = []
+            try:
+                for mcp_tool in getattr(task, "_tools", []):
+                    tname = getattr(mcp_tool, "name", "?")
+                    if has_include_filter and tname not in include_set:
+                        continue
+                    if has_exclude_filter and tname in exclude_set:
+                        continue
+                    tool_details.append({
+                        "name": tname,
+                        "description": getattr(mcp_tool, "description", ""),
+                    })
+            except Exception:
+                pass
+            entry = self._build_server_entry(
+                name, cfg, connected=connected,
+                tools_count=len(raw_tool_names), registered_count=len(registered),
+                raw_names=raw_tool_names, registered_names=registered,
+                tool_details=tool_details,
+                error=str(err) if err else None,
+            )
+            servers.append(entry)
+            total_tools += len(registered)
+
+        # Add servers from config that are not in runtime _servers
+        if config:
+            existing = {s["name"] for s in servers}
+            for name, cfg in mcp_configs.items():
+                if name not in existing and isinstance(cfg, dict):
+                    servers.append(self._build_server_entry(name, cfg))
+
+        return {"servers": servers, "total_tools": total_tools, "ok": True}
+
+    def _mcp_server_add(self, req: dict, profile: str, discover_mcp_tools) -> dict[str, Any]:
+        name = str(req.get("name") or "").strip()
+        config = req.get("config", {})
+        if not name or not isinstance(config, dict):
+            return {"error": "name and config are required", "ok": False}
+
+        cfg = self._read_mcp_config(profile)
+        if not cfg:
+            return {"error": "config.yaml not found", "ok": False}
+
+        mcp_servers = cfg.setdefault("mcp_servers", {})
+        if not isinstance(mcp_servers, dict):
+            mcp_servers = {}
+            cfg["mcp_servers"] = mcp_servers
+        if name in mcp_servers:
+            return {"error": f"server '{name}' already exists, use update instead", "ok": False}
+        mcp_servers[name] = config
+
+        self._save_mcp_config(cfg, profile)
+        self._run_mcp_discovery_bg(discover_mcp_tools, profile)
+
+        return {"ok": True, "name": name}
+
+    @staticmethod
+    def _shutdown_mcp_server(name: str, _servers, _lock, run_on_mcp_loop) -> bool:
+        with _lock:
+            task = _servers.get(name)
+        if task is None:
+            return False
+
+        try:
+            run_on_mcp_loop(lambda: task.shutdown(), timeout=15)
+        except Exception as e:
+            print(f"[mcp-server-shutdown] failed for {name}: {e}", file=sys.stderr, flush=True)
+        finally:
+            with _lock:
+                if _servers.get(name) is task:
+                    _servers.pop(name, None)
+        return True
+
+    def _shutdown_mcp_servers(self, names: list[str], _servers, _lock, run_on_mcp_loop) -> int:
+        stopped = 0
+        for name in names:
+            if self._shutdown_mcp_server(name, _servers, _lock, run_on_mcp_loop):
+                stopped += 1
+        return stopped
+
+    def _mcp_server_update(self, req: dict, profile: str, _servers, _lock, run_on_mcp_loop, discover_mcp_tools) -> dict[str, Any]:
+        name = str(req.get("name") or "").strip()
+        config = req.get("config", {})
+        if not name or not isinstance(config, dict):
+            return {"error": "name and config are required", "ok": False}
+
+        cfg = self._read_mcp_config(profile)
+        if not cfg:
+            return {"error": "config.yaml not found", "ok": False}
+
+        mcp_servers = cfg.setdefault("mcp_servers", {})
+        if not isinstance(mcp_servers, dict):
+            mcp_servers = {}
+            cfg["mcp_servers"] = mcp_servers
+        if name not in mcp_servers:
+            return {"error": f"server \'{name}\' not found in config", "ok": False}
+
+        mcp_servers[name] = config
+
+        self._save_mcp_config(cfg, profile)
+
+        self._shutdown_mcp_server(name, _servers, _lock, run_on_mcp_loop)
+
+        self._run_mcp_discovery_bg(discover_mcp_tools, profile)
+
+        return {"ok": True}
+
+    def _mcp_server_remove(self, req: dict, profile: str, _servers, _lock, run_on_mcp_loop) -> dict[str, Any]:
+        name = str(req.get("name") or "").strip()
+        if not name:
+            return {"error": "name is required", "ok": False}
+
+        # Write config first, then remove from memory
+        cfg = self._read_mcp_config(profile)
+        if cfg:
+            mcp_servers = cfg.get("mcp_servers", {})
+            if isinstance(mcp_servers, dict) and name in mcp_servers:
+                del mcp_servers[name]
+                self._save_mcp_config(cfg, profile)
+
+        self._shutdown_mcp_server(name, _servers, _lock, run_on_mcp_loop)
+
+        return {"ok": True}
+
+    def _mcp_server_test(self, req: dict, _servers, _lock) -> dict[str, Any]:
+        name = str(req.get("name") or "").strip()
+        if not name:
+            return {"error": "name is required", "ok": False}
+
+        with _lock:
+            task = _servers.get(name)
+        if not task:
+            return {"error": f"server \'{name}\' is not connected", "ok": False}
+
+        tool_names = []
+        try:
+            for mcp_tool in getattr(task, "_tools", []):
+                if hasattr(mcp_tool, "name"):
+                    tool_names.append(mcp_tool.name)
+        except Exception as e:
+            return {"error": f"failed to list tools: {e}", "ok": False}
+
+        return {"ok": True, "tools": tool_names}
+
+    def _mcp_tools_list(self, req: dict, profile: str, _servers, _lock) -> dict[str, Any]:
+        server_filter = str(req.get("server") or "").strip() or None
+        raw_mode = bool(req.get("raw"))  # Return unfiltered tools for visibility management
+        results = []
+
+        config = self._read_mcp_config(profile)
+        mcp_configs = config.get("mcp_servers", {}) or {} if config else {}
+        profile_server_names = set(mcp_configs.keys())
+
+        with _lock:
+            server_snapshot = list(_servers.items())
+        for sname, task in server_snapshot:
+            if sname not in profile_server_names:
+                continue
+            if server_filter and sname != server_filter:
+                continue
+            registered = set(getattr(task, "_registered_tool_names", None) or [])
+            tools = []
+            srv_cfg = mcp_configs.get(sname, {}) if isinstance(mcp_configs.get(sname), dict) else {}
+            tools_filter = srv_cfg.get("tools") if isinstance(srv_cfg.get("tools"), dict) else {}
+            has_include_filter = "include" in tools_filter
+            has_exclude_filter = "exclude" in tools_filter
+            include_set = set(tools_filter.get("include") or [])
+            exclude_set = set(tools_filter.get("exclude") or [])
+            def _should_include(tn):
+                if raw_mode:
+                    return True  # Skip filter in raw mode
+                if has_include_filter:
+                    return tn in include_set
+                if has_exclude_filter:
+                    return tn not in exclude_set
+                return True
+            try:
+                for mcp_tool in getattr(task, "_tools", []):
+                    tname = getattr(mcp_tool, "name", "?")
+                    if not _should_include(tname):
+                        continue
+                    tools.append({
+                        "name": tname,
+                        "description": getattr(mcp_tool, "description", ""),
+                        "input_schema": getattr(mcp_tool, "inputSchema", {}),
+                    })
+            except Exception as e:
+                results.append({"server": sname, "tools": [], "error": str(e)})
+                continue
+            results.append({"server": sname, "tools": tools})
+
+        return {"ok": True, "results": results}
+
+    def _mcp_reload(self, req: dict, profile: str, _servers, _lock, run_on_mcp_loop,
+                    discover_mcp_tools, register_mcp_servers) -> dict[str, Any]:
+        target = str(req.get("server") or "").strip() or None
+
+        config = self._read_mcp_config(profile)
+        mcp_configs = config.get("mcp_servers", {}) or {} if config else {}
+        profile_server_names = set(mcp_configs.keys())
+
+        if target and target not in mcp_configs:
+            return {"error": "server \'%s\' not found in config" % target, "ok": False}
+
+        if target:
+            self._shutdown_mcp_server(target, _servers, _lock, run_on_mcp_loop)
+        else:
+            self._shutdown_mcp_servers(list(profile_server_names), _servers, _lock, run_on_mcp_loop)
+
+        # Run discovery in background to avoid blocking the request
+        if target:
+            def _reload_single():
+                original = _apply_profile_env(profile)
+                try:
+                    server_config = {target: mcp_configs.get(target, {})}
+                    register_mcp_servers(server_config)
+                finally:
+                    _restore_profile_env(original)
+            self._run_mcp_discovery_bg(_reload_single, profile)
+        else:
+            self._run_mcp_discovery_bg(discover_mcp_tools, profile)
+
+        return {"ok": True, "message": "MCP servers reloaded"}
+
+    def _make_server_socket(self) -> socket.socket:
+        return _make_listen_socket(self.endpoint)
+
+    def _read_request(self, conn: socket.socket) -> dict[str, Any]:
+        return _read_json_request(conn)
+
+    def _write_response(self, conn: socket.socket, resp: dict[str, Any]) -> None:
+        _write_json_response(conn, resp)
+
+    def _gc_idle_sessions(self) -> None:
+        """Destroy sessions idle longer than IDLE_TIMEOUT_SECONDS."""
+        now = time.time()
+        if now - self._last_gc < self.GC_INTERVAL_SECONDS:
+            return
+        self._last_gc = now
+        with self.pool._lock:
+            idle_ids = [
+                sid for sid, s in self.pool._sessions.items()
+                if not s.running and now - s.last_used_at > self.IDLE_TIMEOUT_SECONDS
+            ]
+        for sid in idle_ids:
+            self.pool.destroy(sid)
+
+    def serve_forever(self) -> None:
+        server = self._make_server_socket()
+        restore_signals = _install_stop_signal_handlers(self._stop)
+        _start_parent_process_watchdog(
+            _positive_int(os.environ.get("HERMES_AGENT_BRIDGE_BROKER_PID")),
+            self._stop,
+            f"worker:{_worker_profile() or 'default'}",
+        )
+        try:
+            server.listen(16)
+            server.settimeout(0.2)
+            print(json.dumps({"event": "ready", "endpoint": self.endpoint}), flush=True)
+
+            while not self._stop.is_set():
+                conn: socket.socket | None = None
+                try:
+                    try:
+                        conn, _addr = server.accept()
+                    except socket.timeout:
+                        self._gc_idle_sessions()
+                        continue
+                    try:
+                        req = self._read_request(conn)
+                        data = self.handle(req)
+                        resp = {"ok": True, **_jsonable(data)}
+                    except Exception as exc:
+                        resp = {
+                            "ok": False,
+                            "error": str(exc),
+                            "error_type": exc.__class__.__name__,
+                        }
+                    self._write_response(conn, resp)
+                except KeyboardInterrupt:
+                    break
+                except Exception as exc:
+                    print(f"[hermes-bridge] server loop error: {exc}", file=sys.stderr, flush=True)
+                finally:
+                    if conn is not None:
+                        try:
+                            conn.close()
+                        except OSError:
+                            pass
+        finally:
+            restore_signals()
+            server.close()
+            if self.endpoint.startswith("ipc://"):
+                try:
+                    Path(self.endpoint.removeprefix("ipc://")).unlink(missing_ok=True)
+                except OSError:
+                    pass
+
+
+class WorkerProcess:
+    STARTUP_TIMEOUT_SECONDS = 120
+    REQUEST_TIMEOUT_SECONDS = 120
+
+    def __init__(self, key: str, profile: str, endpoint: str, agent_root: str | None, hermes_home: str | None) -> None:
+        self.key = key or profile or "default"
+        self.profile = profile or "default"
+        self.endpoint = endpoint
+        self.agent_root = agent_root
+        self.hermes_home = hermes_home
+        self.process: subprocess.Popen[str] | None = None
+        self.last_used_at = time.time()
+        self._lock = threading.RLock()
+
+    @property
+    def running(self) -> bool:
+        return self.process is not None and self.process.poll() is None
+
+    @property
+    def pid(self) -> int | None:
+        return self.process.pid if self.process is not None else None
+
+    def start(self) -> None:
+        with self._lock:
+            if self.running:
+                return
+            args = [
+                sys.executable,
+                str(Path(__file__).resolve()),
+                "--endpoint",
+                self.endpoint,
+                "--worker-profile",
+                self.profile,
+            ]
+            if self.agent_root:
+                args.extend(["--agent-root", self.agent_root])
+            if self.hermes_home:
+                args.extend(["--hermes-home", self.hermes_home])
+
+            env = {
+                **os.environ,
+                "HERMES_AGENT_BRIDGE_ENDPOINT": self.endpoint,
+                "HERMES_AGENT_BRIDGE_WORKER_PROFILE": self.profile,
+                "HERMES_AGENT_BRIDGE_BROKER_PID": str(os.getpid()),
+            }
+            self.process = subprocess.Popen(
+                args,
+                env=env,
+                cwd=os.getcwd(),
+                stdin=subprocess.DEVNULL,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                text=True,
+                encoding="utf-8",
+                errors="replace",
+                bufsize=1,
+                **_hidden_subprocess_kwargs(),
+            )
+            self._pipe_stderr()
+            self._wait_ready()
+
+    def _pipe_stderr(self) -> None:
+        proc = self.process
+        if proc is None or proc.stderr is None:
+            return
+
+        def run() -> None:
+            assert proc.stderr is not None
+            for line in proc.stderr:
+                text = line.rstrip()
+                if text:
+                    print(f"[hermes-bridge-worker:{self.key}] {text}", file=sys.stderr, flush=True)
+
+        threading.Thread(target=run, daemon=True, name=f"hermes-bridge-worker-stderr-{self.key}").start()
+
+    def _wait_ready(self) -> None:
+        proc = self.process
+        if proc is None or proc.stdout is None:
+            raise RuntimeError(f"profile worker {self.key} did not start")
+        lines: queue.Queue[str | None] = queue.Queue()
+        ready_event = threading.Event()
+
+        def read_stdout() -> None:
+            assert proc.stdout is not None
+            try:
+                for line in proc.stdout:
+                    if ready_event.is_set():
+                        text = line.rstrip()
+                        if text:
+                            print(f"[hermes-bridge-worker:{self.key}] {text}", file=sys.stderr, flush=True)
+                    else:
+                        lines.put(line)
+            finally:
+                lines.put(None)
+
+        threading.Thread(target=read_stdout, daemon=True, name=f"hermes-bridge-worker-stdout-{self.key}").start()
+        deadline = time.time() + self.STARTUP_TIMEOUT_SECONDS
+        while time.time() < deadline:
+            if proc.poll() is not None:
+                raise RuntimeError(f"profile worker {self.key} exited before ready")
+            try:
+                line = lines.get(timeout=0.1)
+            except queue.Empty:
+                continue
+            if line is None:
+                time.sleep(0.05)
+                continue
+            text = line.strip()
+            if text:
+                print(f"[hermes-bridge-worker:{self.key}] {text}", file=sys.stderr, flush=True)
+            try:
+                data = json.loads(text)
+                if data.get("event") == "ready":
+                    ready_event.set()
+                    return
+            except Exception:
+                pass
+        self.stop()
+        raise RuntimeError(f"profile worker {self.key} did not become ready within {self.STARTUP_TIMEOUT_SECONDS}s")
+
+    def stop(self) -> None:
+        with self._lock:
+            proc = self.process
+            self.process = None
+        if proc is None:
+            return
+        if proc.poll() is None:
+            proc.terminate()
+            try:
+                proc.wait(timeout=3)
+            except subprocess.TimeoutExpired:
+                proc.kill()
+                proc.wait(timeout=3)
+        if self.endpoint.startswith("ipc://"):
+            try:
+                Path(self.endpoint.removeprefix("ipc://")).unlink(missing_ok=True)
+            except OSError:
+                pass
+
+    def request(self, req: dict[str, Any], timeout: float | None = None) -> dict[str, Any]:
+        self.start()
+        self.last_used_at = time.time()
+        request_timeout = timeout if timeout is not None and timeout > 0 else self.REQUEST_TIMEOUT_SECONDS
+        return _send_bridge_request(self.endpoint, req, request_timeout)
+
+
+def _worker_endpoint(key: str, namespace: str | None = None) -> str:
+    namespace_key = f"{namespace or ''}\0{key}"
+    safe = hashlib.sha256(namespace_key.encode("utf-8")).hexdigest()[:16]
+    transport = os.environ.get("HERMES_AGENT_BRIDGE_WORKER_TRANSPORT", "").strip().lower()
+    use_tcp = transport == "tcp" or (transport not in {"ipc", "unix"} and os.name == "nt")
+    if use_tcp:
+        port_base = int(os.environ.get("HERMES_AGENT_BRIDGE_WORKER_PORT_BASE", "18780"))
+        return f"tcp://127.0.0.1:{port_base + int(safe[:4], 16) % 1000}"
+    root = Path(tempfile.gettempdir()) / "hermes-agent-bridge-workers"
+    return f"ipc://{root / f'{safe}.sock'}"
+
+
+def _connect_bridge_socket(endpoint: str, timeout: float) -> socket.socket:
+    if endpoint.startswith("ipc://"):
+        sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+        sock.settimeout(timeout)
+        sock.connect(endpoint.removeprefix("ipc://"))
+        return sock
+    parsed = urlparse(endpoint)
+    if parsed.scheme != "tcp":
+        raise RuntimeError(f"unsupported endpoint scheme: {endpoint}")
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.settimeout(timeout)
+    sock.connect((parsed.hostname or "127.0.0.1", int(parsed.port or 0)))
+    return sock
+
+
+def _send_bridge_request(endpoint: str, req: dict[str, Any], timeout: float) -> dict[str, Any]:
+    sock = _connect_bridge_socket(endpoint, timeout)
+    try:
+        sock.sendall(_json_line_bytes(req))
+        chunks: list[bytes] = []
+        while True:
+            chunk = sock.recv(65536)
+            if not chunk:
+                break
+            chunks.append(chunk)
+            if b"\n" in chunk:
+                break
+        line = b"".join(chunks).split(b"\n", 1)[0].strip()
+        if not line:
+            raise RuntimeError("worker closed without a response")
+        resp = json.loads(line.decode("utf-8"))
+        if not resp.get("ok"):
+            raise RuntimeError(str(resp.get("error") or "worker request failed"))
+        return resp
+    finally:
+        try:
+            sock.close()
+        except OSError:
+            pass
+
+
+def _tcp_endpoint_port(endpoint: str) -> int | None:
+    parsed = urlparse(endpoint)
+    if parsed.scheme != "tcp":
+        return None
+    try:
+        port = int(parsed.port or 0)
+        return port if port > 0 else None
+    except (TypeError, ValueError):
+        return None
+
+
+def _platform_text_encoding() -> str:
+    getencoding = getattr(locale, "getencoding", None)
+    if callable(getencoding):
+        return getencoding() or "utf-8"
+    return locale.getpreferredencoding(False) or "utf-8"
+
+
+def _windows_listening_pids_on_port(port: int) -> list[int]:
+    if os.name != "nt":
+        return []
+    try:
+        result = subprocess.run(
+            ["netstat.exe", "-ano", "-p", "tcp"],
+            check=False,
+            capture_output=True,
+            text=True,
+            encoding=_platform_text_encoding(),
+            errors="ignore",
+            timeout=5,
+            **_hidden_subprocess_kwargs(),
+        )
+    except Exception:
+        return []
+    stdout = result.stdout or ""
+    pids: set[int] = set()
+    for line in stdout.splitlines():
+        parts = line.strip().split()
+        if len(parts) < 5:
+            continue
+        proto, local_address, _remote_address, state, pid_raw = parts[:5]
+        if proto.upper() != "TCP" or state.upper() != "LISTENING":
+            continue
+        if not local_address.endswith(f":{port}"):
+            continue
+        try:
+            pid = int(pid_raw)
+        except ValueError:
+            continue
+        if pid > 0 and pid != os.getpid():
+            pids.add(pid)
+    return sorted(pids)
+
+
+def _kill_windows_endpoint_occupants(endpoint: str) -> None:
+    if os.name != "nt":
+        return
+    port = _tcp_endpoint_port(endpoint)
+    if not port:
+        return
+    for pid in _windows_listening_pids_on_port(port):
+        try:
+            print(
+                f"[hermes-bridge] killing stale process tree pid={pid} port={port}",
+                file=sys.stderr,
+                flush=True,
+            )
+            subprocess.run(
+                ["taskkill.exe", "/PID", str(pid), "/T", "/F"],
+                check=False,
+                capture_output=True,
+                text=True,
+                timeout=10,
+                **_hidden_subprocess_kwargs(),
+            )
+        except Exception as exc:
+            print(
+                f"[hermes-bridge] failed to kill stale process pid={pid}: {exc}",
+                file=sys.stderr,
+                flush=True,
+            )
+    deadline = time.time() + 3
+    while time.time() < deadline:
+        if not _windows_listening_pids_on_port(port):
+            return
+        time.sleep(0.1)
+
+
+def _make_listen_socket(endpoint: str) -> socket.socket:
+    _kill_windows_endpoint_occupants(endpoint)
+    if endpoint.startswith("ipc://"):
+        if not hasattr(socket, "AF_UNIX"):
+            raise RuntimeError("ipc:// endpoints require Unix domain socket support; use tcp://host:port on this platform")
+        sock_path = Path(endpoint.removeprefix("ipc://"))
+        sock_path.parent.mkdir(parents=True, exist_ok=True)
+        try:
+            sock_path.unlink(missing_ok=True)
+        except OSError:
+            pass
+        server = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+        server.bind(str(sock_path))
+        return server
+
+    parsed = urlparse(endpoint)
+    if parsed.scheme != "tcp":
+        raise RuntimeError(f"unsupported endpoint scheme: {endpoint}")
+    host = parsed.hostname or "127.0.0.1"
+    port = int(parsed.port or 0)
+    if port <= 0:
+        raise RuntimeError(f"tcp endpoint requires a port: {endpoint}")
+    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    server.bind((host, port))
+    return server
+
+
+def _read_json_request(conn: socket.socket) -> dict[str, Any]:
+    chunks: list[bytes] = []
+    while True:
+        chunk = conn.recv(65536)
+        if not chunk:
+            break
+        chunks.append(chunk)
+        if b"\n" in chunk:
+            break
+    if not chunks:
+        raise RuntimeError("empty request")
+    line = b"".join(chunks).split(b"\n", 1)[0].strip()
+    if not line:
+        raise RuntimeError("empty request")
+    return json.loads(line.decode("utf-8"))
+
+
+def _write_json_response(conn: socket.socket, resp: dict[str, Any]) -> None:
+    conn.sendall(_json_line_bytes(resp))
+
+
+class BridgeBroker:
+    IDLE_TIMEOUT_SECONDS = 30 * 60
+    GC_INTERVAL_SECONDS = 60
+
+    def __init__(self, endpoint: str, agent_root: str | None = None, hermes_home: str | None = None) -> None:
+        self.endpoint = endpoint
+        self.agent_root = agent_root
+        self.hermes_home = hermes_home
+        self._workers: dict[str, WorkerProcess] = {}
+        self._run_profile: dict[str, str] = {}
+        self._run_worker_key: dict[str, str] = {}
+        self._running_run_profile: dict[str, str] = {}
+        self._running_run_worker_key: dict[str, str] = {}
+        self._session_profile: dict[str, str] = {}
+        self._session_worker_key: dict[str, str] = {}
+        self._approval_profile: dict[str, str] = {}
+        self._approval_worker_key: dict[str, str] = {}
+        self._clarify_profile: dict[str, str] = {}
+        self._clarify_worker_key: dict[str, str] = {}
+        self._compression_profile: dict[str, str] = {}
+        self._compression_worker_key: dict[str, str] = {}
+        self._lock = threading.RLock()
+        self._stop = threading.Event()
+        self._last_gc = time.time()
+
+    def _normalize_profile(self, value: Any) -> str:
+        profile = str(value or "").strip()
+        return profile or "default"
+
+    def _normalize_worker_key(self, profile: str, value: Any = None) -> str:
+        worker_key = str(value or "").strip()
+        return worker_key or profile
+
+    def _worker_for_profile(self, profile: str, worker_key: str | None = None) -> WorkerProcess:
+        profile = self._normalize_profile(profile)
+        key = self._normalize_worker_key(profile, worker_key)
+        with self._lock:
+            worker = self._workers.get(key)
+            if worker is None:
+                worker = WorkerProcess(key, profile, _worker_endpoint(key, self.endpoint), self.agent_root, self.hermes_home)
+                self._workers[key] = worker
+        return worker
+
+    def _route_for_run(self, run_id: str) -> tuple[str, str | None]:
+        with self._lock:
+            profile = self._run_profile.get(run_id)
+            worker_key = self._run_worker_key.get(run_id)
+        if not profile:
+            raise KeyError(f"unknown run: {run_id}")
+        return profile, worker_key
+
+    def _route_for_session(self, session_id: str, fallback_profile: Any = None, worker_key: Any = None) -> tuple[str, str | None]:
+        with self._lock:
+            profile = self._session_profile.get(session_id)
+            stored_worker_key = self._session_worker_key.get(session_id)
+        if not profile:
+            fallback = self._normalize_profile(fallback_profile)
+            if fallback_profile is not None and fallback:
+                return fallback, self._normalize_worker_key(fallback, worker_key)
+            raise KeyError(f"unknown session: {session_id}")
+        return profile, self._normalize_worker_key(profile, worker_key) if worker_key is not None else stored_worker_key
+
+    def _record_response_routes(self, profile: str, worker_key: str, resp: dict[str, Any]) -> None:
+        run_id = str(resp.get("run_id") or "")
+        session_id = str(resp.get("session_id") or "")
+        with self._lock:
+            if run_id:
+                self._run_profile[run_id] = profile
+                self._run_worker_key[run_id] = worker_key
+                if resp.get("status") == "running":
+                    self._running_run_profile[run_id] = profile
+                    self._running_run_worker_key[run_id] = worker_key
+                else:
+                    self._running_run_profile.pop(run_id, None)
+                    self._running_run_worker_key.pop(run_id, None)
+            if session_id:
+                self._session_profile[session_id] = profile
+                self._session_worker_key[session_id] = worker_key
+            for event in resp.get("events") or []:
+                if not isinstance(event, dict):
+                    continue
+                approval_id = str(event.get("approval_id") or "")
+                if approval_id:
+                    self._approval_profile[approval_id] = profile
+                    self._approval_worker_key[approval_id] = worker_key
+                clarify_id = str(event.get("clarify_id") or "")
+                if clarify_id:
+                    self._clarify_profile[clarify_id] = profile
+                    self._clarify_worker_key[clarify_id] = worker_key
+                request_id = str(event.get("request_id") or "")
+                if event.get("event") == "bridge.compression.requested" and request_id:
+                    self._compression_profile[request_id] = profile
+                    self._compression_worker_key[request_id] = worker_key
+                if event.get("event") in {"bridge.compression.completed", "bridge.compression.failed"} and request_id:
+                    self._compression_profile.pop(request_id, None)
+                    self._compression_worker_key.pop(request_id, None)
+
+    def stop(self) -> None:
+        self._stop.set()
+        with self._lock:
+            workers = list(self._workers.values())
+            self._workers.clear()
+            self._run_profile.clear()
+            self._run_worker_key.clear()
+            self._running_run_profile.clear()
+            self._running_run_worker_key.clear()
+            self._session_profile.clear()
+            self._session_worker_key.clear()
+            self._approval_profile.clear()
+            self._approval_worker_key.clear()
+            self._clarify_profile.clear()
+            self._clarify_worker_key.clear()
+            self._compression_profile.clear()
+            self._compression_worker_key.clear()
+        for worker in workers:
+            worker.stop()
+
+    def _forward(self, profile: str, req: dict[str, Any], worker_key: str | None = None) -> dict[str, Any]:
+        profile = self._normalize_profile(profile)
+        key = self._normalize_worker_key(profile, worker_key)
+        worker = self._worker_for_profile(profile, key)
+        forwarded = dict(req)
+        forwarded["profile"] = profile
+        forwarded.pop("worker_key", None)
+        try:
+            resp = worker.request(forwarded, self._worker_request_timeout(req))
+            self._record_response_routes(profile, key, resp)
+            return resp
+        except RuntimeError as e:
+            # Worker returned ok=false or connection error — return error response
+            return {"ok": False, "error": str(e)}
+
+    def _worker_request_timeout(self, req: dict[str, Any]) -> float:
+        try:
+            timeout = float(req.get("timeout", 0) or 0)
+        except (TypeError, ValueError):
+            timeout = 0
+        if timeout <= 0:
+            return WorkerProcess.REQUEST_TIMEOUT_SECONDS
+        return max(WorkerProcess.REQUEST_TIMEOUT_SECONDS, timeout + 10)
+
+    def handle(self, req: dict[str, Any]) -> dict[str, Any]:
+        action = str(req.get("action") or "").strip()
+        if not action:
+            raise ValueError("action is required")
+
+        if action == "ping":
+            with self._lock:
+                worker_details = {
+                    key: {
+                        "running": worker.running,
+                        "pid": worker.pid,
+                        "endpoint": worker.endpoint,
+                        "profile": getattr(worker, "profile", key),
+                        "last_used_at": worker.last_used_at,
+                    }
+                    for key, worker in self._workers.items()
+                }
+                workers = {key: details["running"] for key, details in worker_details.items()}
+                sessions_by_profile: dict[str, int] = {}
+                for profile in self._session_profile.values():
+                    sessions_by_profile[profile] = sessions_by_profile.get(profile, 0) + 1
+                running_sessions_by_profile: dict[str, int] = {}
+                for profile in self._running_run_profile.values():
+                    running_sessions_by_profile[profile] = running_sessions_by_profile.get(profile, 0) + 1
+                active_sessions = len(self._session_profile)
+                running_sessions = len(self._running_run_profile)
+            return {
+                "pong": True,
+                "time": time.time(),
+                "mode": "broker",
+                "broker": {
+                    "pid": os.getpid(),
+                    "endpoint": self.endpoint,
+                },
+                "workers": workers,
+                "worker_details": worker_details,
+                "active_sessions": active_sessions,
+                "running_sessions": running_sessions,
+                "sessions_by_profile": sessions_by_profile,
+                "running_sessions_by_profile": running_sessions_by_profile,
+            }
+
+        if action == "worker_ping":
+            profile = self._normalize_profile(req.get("profile"))
+            worker_key = self._normalize_worker_key(profile, req.get("worker_key"))
+            resp = self._forward(profile, {"action": "ping"}, worker_key)
+            resp["worker_profile"] = profile
+            resp["worker_key"] = worker_key
+            return resp
+
+        if action == "chat":
+            profile = self._normalize_profile(req.get("profile"))
+            return self._forward(profile, req, self._normalize_worker_key(profile, req.get("worker_key")))
+
+        if action == "context_estimate":
+            profile = self._normalize_profile(req.get("profile"))
+            return self._forward(profile, req, self._normalize_worker_key(profile, req.get("worker_key")))
+
+        if action in {"get_result", "get_output"}:
+            profile, worker_key = self._route_for_run(str(req.get("run_id") or ""))
+            return self._forward(profile, req, worker_key)
+
+        if action in {"interrupt", "steer", "command", "goal_evaluate", "goal_pause", "status", "get_history", "destroy"}:
+            session_id = str(req.get("session_id") or "")
+            profile, worker_key = self._route_for_session(session_id, req.get("profile"), req.get("worker_key") if "worker_key" in req else None)
+            resp = self._forward(profile, req, worker_key)
+            if action == "destroy":
+                with self._lock:
+                    self._session_profile.pop(session_id, None)
+                    self._session_worker_key.pop(session_id, None)
+            return resp
+
+        if action == "approval_respond":
+            approval_id = str(req.get("approval_id") or "").strip()
+            if not approval_id:
+                raise ValueError("approval_id is required")
+            with self._lock:
+                profile = self._approval_profile.get(approval_id)
+                worker_key = self._approval_worker_key.get(approval_id)
+            if not profile:
+                raise KeyError(f"unknown approval request: {approval_id}")
+            return self._forward(profile, req, worker_key)
+
+        if action == "clarify_respond":
+            clarify_id = str(req.get("clarify_id") or "").strip()
+            if not clarify_id:
+                raise ValueError("clarify_id is required")
+            with self._lock:
+                profile = self._clarify_profile.get(clarify_id)
+                worker_key = self._clarify_worker_key.get(clarify_id)
+            if not profile:
+                raise KeyError(f"unknown clarify request: {clarify_id}")
+            return self._forward(profile, req, worker_key)
+
+        if action == "compression_respond":
+            request_id = str(req.get("request_id") or "").strip()
+            if not request_id:
+                raise ValueError("request_id is required")
+            with self._lock:
+                profile = self._compression_profile.get(request_id)
+                worker_key = self._compression_worker_key.get(request_id)
+            if not profile:
+                raise KeyError(f"unknown compression request: {request_id}")
+            return self._forward(profile, req, worker_key)
+
+        if action == "destroy_all":
+            with self._lock:
+                workers = list(self._workers.values())
+                self._workers.clear()
+                self._run_profile.clear()
+                self._run_worker_key.clear()
+                self._running_run_profile.clear()
+                self._running_run_worker_key.clear()
+                self._session_profile.clear()
+                self._session_worker_key.clear()
+                self._approval_profile.clear()
+                self._approval_worker_key.clear()
+                self._clarify_profile.clear()
+                self._clarify_worker_key.clear()
+                self._compression_profile.clear()
+                self._compression_worker_key.clear()
+            destroyed = 0
+            for worker in workers:
+                try:
+                    if worker.running:
+                        resp = worker.request({"action": "destroy_all"})
+                        destroyed += int(resp.get("destroyed") or 0)
+                except Exception:
+                    pass
+                finally:
+                    worker.stop()
+            return {"destroyed": destroyed}
+
+        if action == "destroy_profile":
+            profile = self._normalize_profile(req.get("profile"))
+            with self._lock:
+                workers = [
+                    worker
+                    for key, worker in list(self._workers.items())
+                    if getattr(worker, "profile", key) == profile
+                ]
+                for worker in workers:
+                    self._workers.pop(worker.key, None)
+                self._run_profile = {key: value for key, value in self._run_profile.items() if value != profile}
+                self._run_worker_key = {key: value for key, value in self._run_worker_key.items() if key in self._run_profile}
+                self._running_run_profile = {key: value for key, value in self._running_run_profile.items() if value != profile}
+                self._running_run_worker_key = {key: value for key, value in self._running_run_worker_key.items() if key in self._running_run_profile}
+                self._session_profile = {key: value for key, value in self._session_profile.items() if value != profile}
+                self._session_worker_key = {key: value for key, value in self._session_worker_key.items() if key in self._session_profile}
+                self._approval_profile = {key: value for key, value in self._approval_profile.items() if value != profile}
+                self._approval_worker_key = {key: value for key, value in self._approval_worker_key.items() if key in self._approval_profile}
+                self._clarify_profile = {key: value for key, value in self._clarify_profile.items() if value != profile}
+                self._clarify_worker_key = {key: value for key, value in self._clarify_worker_key.items() if key in self._clarify_profile}
+                self._compression_profile = {key: value for key, value in self._compression_profile.items() if value != profile}
+                self._compression_worker_key = {key: value for key, value in self._compression_worker_key.items() if key in self._compression_profile}
+
+            if not workers:
+                return {"profile": profile, "destroyed": 0}
+
+            destroyed = 0
+            for worker in workers:
+                if not worker.running:
+                    worker.stop()
+                    continue
+                try:
+                    resp = worker.request({"action": "destroy_all"})
+                    destroyed += int(resp.get("destroyed") or 0)
+                except Exception:
+                    pass
+                finally:
+                    worker.stop()
+            return {"profile": profile, "destroyed": destroyed}
+
+        if action == "list":
+            sessions: list[Any] = []
+            with self._lock:
+                workers = list(self._workers.items())
+            for key, worker in workers:
+                if not worker.running:
+                    continue
+                try:
+                    resp = worker.request({"action": "list"})
+                    for session in resp.get("sessions") or []:
+                        if isinstance(session, dict):
+                            session.setdefault("profile", getattr(worker, "profile", key))
+                            session.setdefault("worker_key", key)
+                        sessions.append(session)
+                except Exception:
+                    pass
+            return {"sessions": sessions}
+
+        if action == "shutdown":
+            self.stop()
+            return {"status": "shutting_down"}
+
+        # ───── MCP Management ─────
+        if action.startswith("mcp_"):
+            profile = self._normalize_profile(req.get("profile"))
+            return self._forward(profile, req)
+
+        raise ValueError(f"unknown action: {action}")
+
+    def _make_server_socket(self) -> socket.socket:
+        return _make_listen_socket(self.endpoint)
+
+    def _read_request(self, conn: socket.socket) -> dict[str, Any]:
+        return _read_json_request(conn)
+
+    def _write_response(self, conn: socket.socket, resp: dict[str, Any]) -> None:
+        _write_json_response(conn, resp)
+
+    def _handle_connection(self, conn: socket.socket) -> None:
+        try:
+            try:
+                req = self._read_request(conn)
+                data = self.handle(req)
+                resp = {"ok": True, **_jsonable(data)}
+            except Exception as exc:
+                resp = {
+                    "ok": False,
+                    "error": str(exc),
+                    "error_type": exc.__class__.__name__,
+                }
+            self._write_response(conn, resp)
+        except Exception as exc:
+            print(f"[hermes-bridge-broker] connection error: {exc}", file=sys.stderr, flush=True)
+        finally:
+            try:
+                conn.close()
+            except OSError:
+                pass
+
+    def _gc_idle_workers(self) -> None:
+        now = time.time()
+        if now - self._last_gc < self.GC_INTERVAL_SECONDS:
+            return
+        self._last_gc = now
+        with self._lock:
+            idle = [
+                key for key, worker in self._workers.items()
+                if worker.running and now - worker.last_used_at > self.IDLE_TIMEOUT_SECONDS
+            ]
+        for key in idle:
+            with self._lock:
+                worker = self._workers.pop(key, None)
+            if worker:
+                worker.stop()
+
+    def serve_forever(self) -> None:
+        server = self._make_server_socket()
+        restore_signals = _install_stop_signal_handlers(self._stop)
+        atexit.register(self.stop)
+        try:
+            server.listen(64)
+            server.settimeout(0.2)
+            print(json.dumps({"event": "ready", "endpoint": self.endpoint, "mode": "broker"}), flush=True)
+
+            while not self._stop.is_set():
+                try:
+                    try:
+                        conn, _addr = server.accept()
+                    except socket.timeout:
+                        self._gc_idle_workers()
+                        continue
+                    threading.Thread(
+                        target=self._handle_connection,
+                        args=(conn,),
+                        daemon=True,
+                        name="hermes-bridge-broker-connection",
+                    ).start()
+                except KeyboardInterrupt:
+                    break
+                except Exception as exc:
+                    print(f"[hermes-bridge-broker] server loop error: {exc}", file=sys.stderr, flush=True)
+        finally:
+            restore_signals()
+            try:
+                atexit.unregister(self.stop)
+            except Exception:
+                pass
+            self.stop()
+            server.close()
+            if self.endpoint.startswith("ipc://"):
+                try:
+                    Path(self.endpoint.removeprefix("ipc://")).unlink(missing_ok=True)
+                except OSError:
+                    pass
+
+
+def main(argv: list[str] | None = None) -> int:
+    parser = argparse.ArgumentParser(description="Hermes AIAgent in-process bridge")
+    parser.add_argument("--endpoint", default=os.environ.get("HERMES_AGENT_BRIDGE_ENDPOINT", DEFAULT_ENDPOINT))
+    parser.add_argument("--agent-root", default=os.environ.get("HERMES_AGENT_ROOT", DEFAULT_AGENT_ROOT))
+    parser.add_argument("--hermes-home", default=os.environ.get("HERMES_HOME", DEFAULT_HERMES_HOME))
+    parser.add_argument("--worker-profile", default=os.environ.get("HERMES_AGENT_BRIDGE_WORKER_PROFILE"))
+    args = parser.parse_args(argv)
+
+    _set_path_env(args.agent_root, args.hermes_home)
+    _ensure_agent_imports()
+    if args.worker_profile:
+        _set_worker_profile_env(str(args.worker_profile or "default"))
+        _log_worker_startup_context(str(args.worker_profile or "default"))
+        BridgeServer(args.endpoint).serve_forever()
+    else:
+        BridgeBroker(args.endpoint, args.agent_root, args.hermes_home).serve_forever()
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())
diff --git a/packages/server/src/services/hermes/agent-bridge/index.ts b/packages/server/src/services/hermes/agent-bridge/index.ts
new file mode 100644
index 0000000..2a1bde2
--- /dev/null
+++ b/packages/server/src/services/hermes/agent-bridge/index.ts
@@ -0,0 +1,2 @@
+export * from './client'
+export * from './manager'
diff --git a/packages/server/src/services/hermes/agent-bridge/manager.ts b/packages/server/src/services/hermes/agent-bridge/manager.ts
new file mode 100644
index 0000000..ab7deca
--- /dev/null
+++ b/packages/server/src/services/hermes/agent-bridge/manager.ts
@@ -0,0 +1,606 @@
+import { execFileSync, spawn, type ChildProcess } from 'child_process'
+import { existsSync, readFileSync } from 'fs'
+import { createConnection, createServer } from 'net'
+import { dirname, isAbsolute, join, resolve } from 'path'
+import { logger } from '../../logger'
+import { detectHermesHome, getHermesBin } from '../hermes-path'
+import { DEFAULT_AGENT_BRIDGE_ENDPOINT } from './client'
+
+const DEFAULT_AGENT_BRIDGE_STARTUP_TIMEOUT_MS = 120000
+const DEFAULT_AGENT_BRIDGE_RESTART_DELAY_MS = 1000
+const MAX_AGENT_BRIDGE_RESTART_DELAY_MS = 30000
+const OPENROUTER_WEB_UI_ATTRIBUTION_ENV = {
+  HERMES_OPENROUTER_APP_REFERER: 'https://hermes-studio.ai',
+  HERMES_OPENROUTER_APP_TITLE: 'Hermes Web UI',
+  HERMES_OPENROUTER_APP_CATEGORIES: 'cli-agent,personal-agent',
+} as const
+
+export interface AgentBridgeManagerOptions {
+  endpoint?: string
+  python?: string
+  agentRoot?: string
+  hermesHome?: string
+  startupTimeoutMs?: number
+}
+
+export interface BridgeCommand {
+  command: string
+  argsPrefix: string[]
+  agentRoot?: string
+  hermesHome: string
+}
+
+export interface AgentBridgeManagerRuntimeState {
+  endpoint: string
+  running: boolean
+  ready: boolean
+  pid?: number
+  starting: boolean
+  stopping: boolean
+  restartScheduled: boolean
+  restartAttempts: number
+}
+
+function envPositiveInt(name: string): number | undefined {
+  const raw = process.env[name]
+  if (!raw) return undefined
+  const value = Number(raw)
+  return Number.isFinite(value) && value > 0 ? value : undefined
+}
+
+export function buildAgentBridgeProcessEnv(endpoint: string, hermesHome: string | undefined, agentRoot: string | undefined): NodeJS.ProcessEnv {
+  return {
+    ...process.env,
+    HERMES_AGENT_BRIDGE_ENDPOINT: endpoint,
+    HERMES_HOME: hermesHome,
+    HERMES_OPENROUTER_APP_REFERER: process.env.HERMES_OPENROUTER_APP_REFERER || OPENROUTER_WEB_UI_ATTRIBUTION_ENV.HERMES_OPENROUTER_APP_REFERER,
+    HERMES_OPENROUTER_APP_TITLE: process.env.HERMES_OPENROUTER_APP_TITLE || OPENROUTER_WEB_UI_ATTRIBUTION_ENV.HERMES_OPENROUTER_APP_TITLE,
+    HERMES_OPENROUTER_APP_CATEGORIES: process.env.HERMES_OPENROUTER_APP_CATEGORIES || OPENROUTER_WEB_UI_ATTRIBUTION_ENV.HERMES_OPENROUTER_APP_CATEGORIES,
+    ...(agentRoot ? { HERMES_AGENT_ROOT: agentRoot } : {}),
+  }
+}
+
+function pathCandidates(agentRoot?: string): string[] {
+  if (!agentRoot) return []
+  return process.platform === 'win32'
+    ? [
+        join(agentRoot, 'venv', 'Scripts', 'python.exe'),
+        join(agentRoot, 'venv', 'Scripts', 'python3.exe'),
+        join(agentRoot, '.venv', 'Scripts', 'python.exe'),
+        join(agentRoot, '.venv', 'Scripts', 'python3.exe'),
+      ]
+    : [
+        join(agentRoot, 'venv', 'bin', 'python3'),
+        join(agentRoot, 'venv', 'bin', 'python'),
+        join(agentRoot, '.venv', 'bin', 'python3'),
+        join(agentRoot, '.venv', 'bin', 'python'),
+      ]
+}
+
+function uvCandidates(agentRoot?: string): string[] {
+  if (!agentRoot) {
+    return [
+      process.env.HERMES_AGENT_BRIDGE_UV,
+      process.env.UV,
+    ].filter((value): value is string => !!value && value.trim().length > 0)
+  }
+  return [
+    process.env.HERMES_AGENT_BRIDGE_UV,
+    process.env.UV,
+    ...(process.platform === 'win32'
+      ? [
+          agentRoot ? join(agentRoot, 'venv', 'Scripts', 'uv.exe') : '',
+          agentRoot ? join(agentRoot, 'venv', 'Scripts', 'uv.cmd') : '',
+          agentRoot ? join(agentRoot, '.venv', 'Scripts', 'uv.exe') : '',
+          agentRoot ? join(agentRoot, '.venv', 'Scripts', 'uv.cmd') : '',
+        ]
+      : [
+          agentRoot ? join(agentRoot, 'venv', 'bin', 'uv') : '',
+          agentRoot ? join(agentRoot, '.venv', 'bin', 'uv') : '',
+        ]),
+    'uv',
+  ].filter((value): value is string => !!value && value.trim().length > 0)
+}
+
+function resolveExecutable(command: string): string | undefined {
+  const trimmed = command.trim()
+  if (!trimmed) return undefined
+  if (isAbsolute(trimmed) || trimmed.includes('/') || trimmed.includes('\\')) {
+    return existsSync(trimmed) ? resolve(trimmed) : undefined
+  }
+  try {
+    const lookup = process.platform === 'win32'
+      ? execFileSync('where.exe', [trimmed], { encoding: 'utf-8', windowsHide: true })
+      : execFileSync('which', [trimmed], { encoding: 'utf-8' })
+    return lookup.split(/\r?\n/).map(line => line.trim()).find(Boolean)
+  } catch {
+    return undefined
+  }
+}
+
+function agentRootFromHermesBin(): string | undefined {
+  const hermesBin = resolveExecutable(getHermesBin())
+  if (!hermesBin) return undefined
+
+  const binDir = dirname(hermesBin)
+  const rootCandidates = [
+    resolve(binDir, '..'),
+    resolve(binDir, '..', '..'),
+    resolve(binDir, '..', 'hermes-agent'),
+    resolve(binDir, '..', 'lib', 'hermes-agent'),
+    resolve(binDir, '..', '..', 'hermes-agent'),
+  ]
+  const root = rootCandidates.find(candidate => existsSync(join(candidate, 'run_agent.py')))
+  if (root) return root
+
+  try {
+    const first = readFileSync(hermesBin, 'utf-8').split(/\r?\n/, 1)[0]
+    const match = first.match(/^#!\s*(.+)$/)
+    const python = match?.[1]?.trim().split(/\s+/)[0]
+    if (python) {
+      const pyDir = dirname(python)
+      const shebangRootCandidates = [
+        resolve(pyDir, '..', '..'),
+        resolve(pyDir, '..', '..', 'hermes-agent'),
+        resolve(pyDir, '..', '..', 'lib', 'hermes-agent'),
+      ]
+      return shebangRootCandidates.find(candidate => existsSync(join(candidate, 'run_agent.py')))
+    }
+  } catch {}
+  return undefined
+}
+
+function hermesBinPython(): string | undefined {
+  const hermesBin = resolveExecutable(getHermesBin())
+  if (!hermesBin) return undefined
+  try {
+    const first = readFileSync(hermesBin, 'utf-8').split(/\r?\n/, 1)[0]
+    const match = first.match(/^#!\s*(.+)$/)
+    const python = match?.[1]?.trim().split(/\s+/)[0]
+    return python && existsSync(python) ? python : undefined
+  } catch {
+    return undefined
+  }
+}
+
+/** Python from `uv tool install hermes-agent` — avoids pydantic binary mismatches on Windows. */
+function uvToolHermesPython(): string | undefined {
+  const home = process.env.HOME || process.env.USERPROFILE
+  const candidates = process.platform === 'win32'
+    ? [
+        join(process.env.APPDATA || '', 'uv', 'tools', 'hermes-agent', 'Scripts', 'python.exe'),
+        home ? join(home, 'AppData', 'Roaming', 'uv', 'tools', 'hermes-agent', 'Scripts', 'python.exe') : '',
+      ]
+    : [
+        home ? join(home, '.local', 'share', 'uv', 'tools', 'hermes-agent', 'bin', 'python3') : '',
+        home ? join(home, '.local', 'share', 'uv', 'tools', 'hermes-agent', 'bin', 'python') : '',
+      ]
+  return firstExistingExecutable(candidates.filter((value): value is string => !!value && value.trim().length > 0))
+}
+
+function firstExistingExecutable(candidates: string[]): string | undefined {
+  for (const candidate of candidates) {
+    if (!isAbsolute(candidate) && !candidate.includes('/') && !candidate.includes('\\')) {
+      const resolved = resolveExecutable(candidate)
+      if (resolved) return resolved
+      continue
+    }
+    try {
+      if (existsSync(candidate)) return candidate
+    } catch {}
+  }
+  return undefined
+}
+
+function resolveAgentRoot(explicit?: string, hermesHome = detectHermesHome()): string | undefined {
+  const candidates = [
+    explicit,
+    process.env.HERMES_AGENT_ROOT,
+    join(hermesHome, 'hermes-agent'),
+    agentRootFromHermesBin(),
+    process.cwd(),
+    join(process.cwd(), 'hermes-agent'),
+    '/usr/local/lib/hermes-agent',
+    '/usr/local/hermes-agent',
+    '/opt/hermes/hermes-agent',
+    '/opt/hermes-agent',
+  ].filter((value): value is string => !!value && value.trim().length > 0)
+  return candidates.find(candidate => existsSync(join(candidate, 'run_agent.py')))
+}
+
+export function resolveAgentBridgeCommand(options: AgentBridgeManagerOptions = {}): BridgeCommand {
+  const hermesHome = options.hermesHome || detectHermesHome()
+  const agentRoot = resolveAgentRoot(options.agentRoot, hermesHome)
+  const explicitPython = options.python || process.env.HERMES_AGENT_BRIDGE_PYTHON
+  if (explicitPython) {
+    return { command: explicitPython, argsPrefix: [], agentRoot, hermesHome }
+  }
+
+  const venvPython = firstExistingExecutable(pathCandidates(agentRoot))
+  if (venvPython) {
+    return { command: venvPython, argsPrefix: [], agentRoot, hermesHome }
+  }
+
+  const uvToolPython = uvToolHermesPython()
+  if (uvToolPython) {
+    return { command: uvToolPython, argsPrefix: [], agentRoot, hermesHome }
+  }
+
+  const shebangPython = hermesBinPython()
+  if (shebangPython && existsSync(shebangPython)) {
+    return { command: shebangPython, argsPrefix: [], agentRoot, hermesHome }
+  }
+
+  const uv = firstExistingExecutable(uvCandidates(agentRoot))
+  if (uv) {
+    const prefix = ['run']
+    if (agentRoot) prefix.push('--project', agentRoot)
+    prefix.push('python')
+    return { command: uv, argsPrefix: prefix, agentRoot, hermesHome }
+  }
+
+  const fallback = firstExistingExecutable([
+    process.env.PYTHON || '',
+    ...(process.platform === 'win32' ? ['py', 'python', 'python3'] : ['python3', 'python']),
+  ]) || (process.platform === 'win32' ? 'python' : 'python3')
+  return { command: fallback, argsPrefix: [], agentRoot, hermesHome }
+}
+
+function bridgeScriptPath(): string {
+  const candidates = [
+    // Built server: dist/server/index.js -> dist/server/agent-bridge/hermes_bridge.py
+    resolve(__dirname, 'agent-bridge', 'hermes_bridge.py'),
+    // ts-node/dev source tree.
+    resolve(__dirname, 'services/hermes/agent-bridge/hermes_bridge.py'),
+    resolve(process.cwd(), 'packages/server/src/services/hermes/agent-bridge/hermes_bridge.py'),
+  ]
+  const found = candidates.find(candidate => existsSync(candidate))
+  if (!found) {
+    throw new Error(`agent bridge Python script not found. Tried: ${candidates.join(', ')}`)
+  }
+  return found
+}
+
+function isTcpEndpoint(endpoint: string): boolean {
+  return endpoint.startsWith('tcp://')
+}
+
+function isDesktopRuntime(): boolean {
+  return String(process.env.HERMES_DESKTOP || '').trim().toLowerCase() === 'true'
+}
+
+async function canListenTcpEndpoint(endpoint: string): Promise<boolean> {
+  const url = new URL(endpoint)
+  const host = url.hostname || '127.0.0.1'
+  const port = Number(url.port)
+  if (!Number.isFinite(port) || port <= 0) return false
+
+  return await new Promise<boolean>((resolveAvailable) => {
+    const probe = createServer()
+    const done = (available: boolean) => {
+      probe.removeAllListeners()
+      resolveAvailable(available)
+    }
+    probe.once('error', () => done(false))
+    probe.listen(port, host, () => {
+      probe.close(() => done(true))
+    })
+  })
+}
+
+async function canConnectTcpEndpoint(endpoint: string): Promise<boolean> {
+  const url = new URL(endpoint)
+  const host = url.hostname || '127.0.0.1'
+  const port = Number(url.port)
+  if (!Number.isFinite(port) || port <= 0) return false
+
+  return await new Promise<boolean>((resolveConnected) => {
+    const socket = createConnection({ port, host })
+    const done = (connected: boolean) => {
+      socket.removeAllListeners()
+      socket.destroy()
+      resolveConnected(connected)
+    }
+    socket.setTimeout(250)
+    socket.once('connect', () => done(true))
+    socket.once('timeout', () => done(false))
+    socket.once('error', () => done(false))
+  })
+}
+
+function tcpEndpointPort(endpoint: string): number | undefined {
+  if (!isTcpEndpoint(endpoint)) return undefined
+  const url = new URL(endpoint)
+  const port = Number(url.port)
+  return Number.isFinite(port) && port > 0 ? port : undefined
+}
+
+function windowsListeningPidsOnPort(port: number): number[] {
+  try {
+    const output = execFileSync('netstat.exe', ['-ano', '-p', 'tcp'], { windowsHide: true }).toString('utf8')
+    const pids = new Set<number>()
+    for (const line of output.split(/\r?\n/)) {
+      const parts = line.trim().split(/\s+/)
+      if (parts.length < 5) continue
+      const [proto, localAddress, , state, pidRaw] = parts
+      if (proto.toUpperCase() !== 'TCP' || state.toUpperCase() !== 'LISTENING') continue
+      if (!localAddress.endsWith(`:${port}`)) continue
+      const pid = Number(pidRaw)
+      if (Number.isFinite(pid) && pid > 0 && pid !== process.pid) pids.add(pid)
+    }
+    return [...pids]
+  } catch {
+    return []
+  }
+}
+
+async function waitForTcpEndpoint(endpoint: string, timeoutMs: number): Promise<boolean> {
+  const deadline = Date.now() + timeoutMs
+  while (Date.now() < deadline) {
+    if (await canListenTcpEndpoint(endpoint)) return true
+    await new Promise(resolve => setTimeout(resolve, 100))
+  }
+  return canListenTcpEndpoint(endpoint)
+}
+
+async function killWindowsEndpointOccupants(endpoint: string): Promise<void> {
+  const port = tcpEndpointPort(endpoint)
+  if (!port) return
+  const pids = windowsListeningPidsOnPort(port)
+  if (!pids.length) return
+  for (const pid of pids) {
+    try {
+      logger.warn('[agent-bridge] killing stale process tree pid=%d on bridge port %d', pid, port)
+      execFileSync('taskkill.exe', ['/PID', String(pid), '/T', '/F'], { encoding: 'utf-8', windowsHide: true })
+    } catch (err) {
+      logger.warn(err, '[agent-bridge] failed to kill stale bridge process pid=%d', pid)
+    }
+  }
+  await waitForTcpEndpoint(endpoint, 3000)
+}
+
+export class AgentBridgeManager {
+  endpoint: string
+  private readonly options: AgentBridgeManagerOptions
+  private readonly explicitEndpoint: boolean
+  private child: ChildProcess | null = null
+  private starting: Promise<void> | null = null
+  private ready = false
+  private stopping = false
+  private restartTimer: NodeJS.Timeout | null = null
+  private restartAttempts = 0
+
+  constructor(options: AgentBridgeManagerOptions = {}) {
+    this.options = options
+    this.explicitEndpoint = Boolean(options.endpoint || process.env.HERMES_AGENT_BRIDGE_ENDPOINT)
+    this.endpoint = options.endpoint || process.env.HERMES_AGENT_BRIDGE_ENDPOINT || DEFAULT_AGENT_BRIDGE_ENDPOINT
+  }
+
+  get running(): boolean {
+    return !!this.child && !this.child.killed && this.ready
+  }
+
+  getRuntimeState(): AgentBridgeManagerRuntimeState {
+    return {
+      endpoint: this.endpoint,
+      running: this.running,
+      ready: this.ready,
+      pid: this.child?.pid,
+      starting: !!this.starting,
+      stopping: this.stopping,
+      restartScheduled: !!this.restartTimer,
+      restartAttempts: this.restartAttempts,
+    }
+  }
+
+  async start(): Promise<void> {
+    if (this.running) return
+    if (this.starting) return this.starting
+    this.stopping = false
+    if (this.restartTimer) {
+      clearTimeout(this.restartTimer)
+      this.restartTimer = null
+    }
+    this.starting = this.startProcess()
+    try {
+      await this.starting
+    } finally {
+      this.starting = null
+    }
+  }
+
+  private async startProcess(): Promise<void> {
+    const script = bridgeScriptPath()
+    const command = resolveAgentBridgeCommand(this.options)
+    await this.prepareEndpoint()
+    const args = [...command.argsPrefix, script, '--endpoint', this.endpoint]
+    const agentRoot = command.agentRoot
+    const hermesHome = command.hermesHome
+    if (agentRoot) args.push('--agent-root', agentRoot)
+    if (hermesHome) args.push('--hermes-home', hermesHome)
+
+    const env = buildAgentBridgeProcessEnv(this.endpoint, hermesHome, agentRoot)
+
+    logger.info('[agent-bridge] starting: %s %s', command.command, args.join(' '))
+    const child = spawn(command.command, args, {
+      env,
+      cwd: process.cwd(),
+      stdio: ['ignore', 'pipe', 'pipe'],
+      windowsHide: true,
+    })
+    this.child = child
+    this.ready = false
+
+    child.once('exit', (code, signal) => {
+      const shouldRestart = this.ready && !this.stopping && this.child === child && this.autoRestartEnabled()
+      logger.warn('[agent-bridge] exited code=%s signal=%s', code, signal)
+      this.ready = false
+      if (this.child === child) this.child = null
+      if (shouldRestart) this.scheduleRestart(code, signal)
+    })
+
+    child.stderr?.on('data', chunk => {
+      const text = String(chunk).trim()
+      if (text) logger.warn('[agent-bridge] %s', text)
+    })
+
+    await new Promise<void>((resolveReady, rejectReady) => {
+      let buffered = ''
+      const startupTimeoutMs = this.options.startupTimeoutMs
+        ?? envPositiveInt('HERMES_AGENT_BRIDGE_STARTUP_TIMEOUT_MS')
+        ?? DEFAULT_AGENT_BRIDGE_STARTUP_TIMEOUT_MS
+      const timeout = setTimeout(() => {
+        cleanup()
+        rejectReady(new Error(`agent bridge did not become ready within ${startupTimeoutMs}ms`))
+      }, startupTimeoutMs)
+
+      const cleanup = () => {
+        clearTimeout(timeout)
+        child.off('exit', onExitBeforeReady)
+        child.off('error', onError)
+      }
+
+      const markReady = () => {
+        if (readyResolved) return
+        this.ready = true
+        this.restartAttempts = 0
+        readyResolved = true
+        cleanup()
+        child.stdout?.off('data', onStdout)
+        resolveReady()
+      }
+
+      const onError = (err: Error) => {
+        cleanup()
+        child.stdout?.off('data', onStdout)
+        rejectReady(err)
+      }
+
+      const onExitBeforeReady = (code: number | null, signal: NodeJS.Signals | null) => {
+        cleanup()
+        child.stdout?.off('data', onStdout)
+        rejectReady(new Error(`agent bridge exited before ready code=${code} signal=${signal}`))
+      }
+
+      let readyResolved = false
+      const onStdout = (chunk: Buffer) => {
+        const text = chunk.toString('utf8')
+        buffered += text
+        for (;;) {
+          const newline = buffered.indexOf('\n')
+          if (newline < 0) break
+          const line = buffered.slice(0, newline).trim()
+          buffered = buffered.slice(newline + 1)
+          if (!line) continue
+          logger.info('[agent-bridge] %s', line)
+          if (!readyResolved) {
+            try {
+              const parsed = JSON.parse(line)
+              if (parsed?.event === 'ready') {
+                markReady()
+                return
+              }
+            } catch {}
+          }
+        }
+      }
+
+      child.once('error', onError)
+      child.once('exit', onExitBeforeReady)
+      child.stdout?.on('data', onStdout)
+
+      if (isDesktopRuntime() && isTcpEndpoint(this.endpoint)) {
+        const probe = async () => {
+          while (!readyResolved && !child.killed) {
+            if (await canConnectTcpEndpoint(this.endpoint)) {
+              markReady()
+              return
+            }
+            await new Promise(resolve => setTimeout(resolve, 100))
+          }
+        }
+        probe().catch(onError)
+      }
+    })
+
+    logger.info('[agent-bridge] ready at %s', this.endpoint)
+  }
+
+  private async prepareEndpoint(): Promise<void> {
+    if (!this.explicitEndpoint && process.platform === 'win32' && isTcpEndpoint(this.endpoint)) {
+      if (!(await canListenTcpEndpoint(this.endpoint))) {
+        await killWindowsEndpointOccupants(this.endpoint)
+      }
+    }
+    process.env.HERMES_AGENT_BRIDGE_ENDPOINT = this.endpoint
+  }
+
+  private autoRestartEnabled(): boolean {
+    const raw = String(process.env.HERMES_AGENT_BRIDGE_AUTO_RESTART || '').trim().toLowerCase()
+    return !['0', 'false', 'no', 'off'].includes(raw)
+  }
+
+  private scheduleRestart(code: number | null, signal: NodeJS.Signals | null): void {
+    if (this.restartTimer || this.stopping) return
+    this.restartAttempts += 1
+    const envDelay = envPositiveInt('HERMES_AGENT_BRIDGE_RESTART_DELAY_MS') ?? DEFAULT_AGENT_BRIDGE_RESTART_DELAY_MS
+    const delayMs = Math.min(
+      MAX_AGENT_BRIDGE_RESTART_DELAY_MS,
+      envDelay * Math.max(1, this.restartAttempts),
+    )
+    logger.warn(
+      '[agent-bridge] broker exited unexpectedly code=%s signal=%s; restarting in %dms (attempt %d)',
+      code,
+      signal,
+      delayMs,
+      this.restartAttempts,
+    )
+    this.restartTimer = setTimeout(() => {
+      this.restartTimer = null
+      if (this.stopping) return
+      this.start().catch((err) => {
+        logger.warn(err, '[agent-bridge] automatic restart failed')
+        if (!this.stopping) this.scheduleRestart(null, null)
+      })
+    }, delayMs)
+  }
+
+  async stop(): Promise<void> {
+    this.stopping = true
+    if (this.restartTimer) {
+      clearTimeout(this.restartTimer)
+      this.restartTimer = null
+    }
+    const child = this.child
+    if (!child) return
+    this.ready = false
+    this.child = null
+
+    await new Promise<void>((resolveStop) => {
+      const timeout = setTimeout(() => {
+        if (!child.killed) child.kill('SIGKILL')
+        resolveStop()
+      }, 1500)
+      child.once('exit', () => {
+        clearTimeout(timeout)
+        resolveStop()
+      })
+      if (!child.killed) {
+        child.kill('SIGTERM')
+      }
+    })
+  }
+}
+
+let singleton: AgentBridgeManager | null = null
+
+export function getAgentBridgeManager(): AgentBridgeManager {
+  if (!singleton) singleton = new AgentBridgeManager()
+  return singleton
+}
+
+export async function startAgentBridgeManager(): Promise<AgentBridgeManager> {
+  const manager = getAgentBridgeManager()
+  await manager.start()
+  return manager
+}
diff --git a/packages/server/src/services/hermes/context-engine/compressor.ts b/packages/server/src/services/hermes/context-engine/compressor.ts
new file mode 100644
index 0000000..c31b5d1
--- /dev/null
+++ b/packages/server/src/services/hermes/context-engine/compressor.ts
@@ -0,0 +1,463 @@
+import type {
+    StoredMessage,
+    CompressionConfig,
+    CompressedContext,
+    BuildContextInput,
+    MessageFetcher,
+    GatewayCaller,
+    SessionCleaner,
+} from './types'
+import { DEFAULT_COMPRESSION_CONFIG } from './types'
+import { GatewaySummarizer } from './gateway-client'
+import { buildAgentInstructions, buildSummarizationSystemPrompt } from './prompt'
+import { logger } from '../../../services/logger'
+
+export class ContextEngine {
+    private config: CompressionConfig
+    private messageFetcher: MessageFetcher
+    private gatewayCaller: GatewayCaller
+    /** Per-room compression lock to prevent concurrent snapshot overwrites */
+    private _compressLocks = new Map<string, Promise<void>>()
+    private _upstream = ''
+    private _apiKey: string | null = null
+
+    constructor(opts: {
+        config?: Partial<CompressionConfig>
+        messageFetcher: MessageFetcher
+        gatewayCaller?: GatewayCaller
+        sessionCleaner?: SessionCleaner
+    }) {
+        this.config = { ...DEFAULT_COMPRESSION_CONFIG, ...opts.config }
+        this.messageFetcher = opts.messageFetcher
+        this.gatewayCaller = opts.gatewayCaller || new GatewaySummarizer(this.config.summarizationTimeoutMs)
+        this.sessionCleaner = opts.sessionCleaner
+    }
+
+    private sessionCleaner?: SessionCleaner
+
+    setUpstream(upstream: string, apiKey: string | null): void {
+        this._upstream = upstream
+        this._apiKey = apiKey
+    }
+
+    /**
+     * Build context for an agent reply.
+     *
+     * Flow:
+     * 1. Read persisted snapshot (summary + lastMessageId) from SQLite
+     * 2. If snapshot exists:
+     *    a. Collect new messages after lastMessageId
+     *    b. Estimate tokens = summary + new messages
+     *    c. Under threshold → return as-is
+     *    d. Over threshold → incremental compress, update snapshot, return
+     * 3. If no snapshot:
+     *    a. Estimate tokens for all messages
+     *    b. Under threshold → return all verbatim
+     *    c. Over threshold → full compress, save snapshot, return
+     */
+    async buildContext(input: BuildContextInput): Promise<CompressedContext> {
+        // Serialize compression per room to prevent concurrent snapshot overwrites
+        const existing = this._compressLocks.get(input.roomId)
+        if (existing) {
+            await existing
+        }
+        let resolveLock!: () => void
+        const lock = new Promise<void>(r => { resolveLock = r })
+        this._compressLocks.set(input.roomId, lock)
+        try {
+            return await this._buildContextImpl(input)
+        } finally {
+            resolveLock()
+            this._compressLocks.delete(input.roomId)
+        }
+    }
+
+    private async _buildContextImpl(input: BuildContextInput): Promise<CompressedContext> {
+        const config = { ...this.config, ...input.compression }
+        const allMessages = this.messageFetcher.getMessages(input.roomId)
+        // Filter out messages newer than the current one
+        const messages = allMessages.filter(m => m.timestamp <= input.currentMessage.timestamp)
+        const total = messages.length
+
+        logger.debug(`[ContextEngine] buildContext START — room=${input.roomId}, agent=${input.agentName}, totalMessagesInDb=${allMessages.length}, afterFilter=${total}`)
+
+        const instructions = buildAgentInstructions({
+            agentName: input.agentName,
+            roomName: input.roomName,
+            agentDescription: input.agentDescription,
+            memberNames: input.memberNames,
+            members: input.members,
+        })
+
+        const meta: CompressedContext['meta'] = {
+            totalMessages: total,
+            verbatimCount: 0,
+            hadSnapshot: false,
+            compressed: false,
+            summaryTokenEstimate: 0,
+        }
+
+        const snapshot = this.messageFetcher.getContextSnapshot(input.roomId)
+        logger.debug(`[ContextEngine] snapshot=${snapshot ? `EXISTS (lastMsgId=${snapshot.lastMessageId}, summaryLen=${snapshot.summary.length})` : 'NONE'}`)
+
+        const estimateFullContextTokens = async (
+            history: Array<{ role: 'user' | 'assistant'; content: string }>,
+            messageTokenEstimate: number,
+        ): Promise<number> => {
+            try {
+                const estimate = await input.contextTokenEstimator?.(history, instructions)
+                if (typeof estimate === 'number' && Number.isFinite(estimate) && estimate > 0) {
+                    return Math.floor(estimate)
+                }
+            } catch (err: any) {
+                logger.warn(`[ContextEngine] full context estimate failed room=${input.roomId}, agent=${input.agentName}: ${err.message}`)
+            }
+            return messageTokenEstimate
+        }
+
+        const logThresholdCheck = (path: string, messageTokens: number, fullTokens: number): void => {
+            meta.messageTokenEstimate = messageTokens
+            meta.contextTokenEstimate = fullTokens
+            logger.info({
+                roomId: input.roomId,
+                agentName: input.agentName,
+                profile: input.profile || 'default',
+                path,
+                messages: total,
+                messageOnlyTokens: messageTokens,
+                fullContextTokens: fullTokens,
+                triggerTokens: config.triggerTokens,
+                decision: fullTokens > config.triggerTokens ? 'compress' : 'skip',
+            }, '[ContextEngine] threshold check')
+        }
+
+        // ── Path A: Snapshot exists — incremental ────────────
+        if (snapshot) {
+            meta.hadSnapshot = true
+
+            // Find the position of lastMessageId in messages
+            const snapshotIdx = messages.findIndex(m => m.id === snapshot.lastMessageId)
+            // Collect messages after the snapshot position
+            const newMessages = snapshotIdx >= 0
+                ? messages.slice(snapshotIdx + 1)
+                : messages.filter(m => m.timestamp > snapshot.lastMessageTimestamp)
+
+            const summaryTokens = this.countTokens(snapshot.summary)
+            const newTokens = this.estimateTokensFromMessages(newMessages)
+            const messageOnlyTokens = summaryTokens + newTokens
+
+            meta.verbatimCount = newMessages.length
+            meta.summaryTokenEstimate = summaryTokens
+
+            const snapshotHistory = this.buildHistory(snapshot.summary, newMessages, input.agentSocketId, input.agentName)
+            const totalTokens = await estimateFullContextTokens(snapshotHistory, messageOnlyTokens)
+            logThresholdCheck('snapshot', messageOnlyTokens, totalTokens)
+
+            logger.debug(`[ContextEngine] [Path A] snapshotIdx=${snapshotIdx}, newMessages=${newMessages.length}, summaryTokens=~${summaryTokens}, newTokens=~${newTokens}, totalTokens=~${totalTokens}, threshold=${config.triggerTokens}`)
+            logger.debug(`[ContextEngine] [Path A] EXISTING SUMMARY (${snapshot.summary.length} chars): ${snapshot.summary.slice(0, 300)}`)
+            if (newMessages.length > 0) {
+                logger.debug(`[ContextEngine] [Path A] NEW MESSAGES (${newMessages.length}): ${newMessages.map(m => `[${m.senderName}]: ${m.content.slice(0, 80)}`).join(' | ')}`)
+            }
+
+            // Under threshold — return summary + new messages directly
+            if (totalTokens <= config.triggerTokens) {
+                logger.debug(`[ContextEngine] [Path A] UNDER threshold — return summary + ${newMessages.length} verbatim msgs directly`)
+                this.logHistory('Path A (no compress)', snapshotHistory)
+                return { conversationHistory: snapshotHistory, instructions, meta }
+            }
+
+            // Over threshold — incremental compress
+            if (totalTokens > messageOnlyTokens && newMessages.length <= config.tailMessageCount) {
+                throw new Error(
+                    `Context window is too small for group chat agent ${input.agentName}: fixed prompt/tool overhead plus ${newMessages.length} new messages uses ~${totalTokens} tokens, exceeding trigger ${config.triggerTokens}, and there is not enough history to compress.`,
+                )
+            }
+            logger.debug(`[ContextEngine] [Path A] OVER threshold — starting INCREMENTAL compression of ${newMessages.length} msgs...`)
+            logger.debug(`[ContextEngine] [Path A] CONTEXT BEFORE COMPRESSION: summary(${snapshot.summary.length} chars) + ${newMessages.length} new msgs`)
+            meta.compressed = true
+            input.onProgress?.({
+                status: 'compressing',
+                path: 'snapshot',
+                messageCount: newMessages.length,
+                tokenCount: totalTokens,
+            })
+
+            const t0 = Date.now()
+            const result = await this.summarize(
+                input.roomId,
+                newMessages,
+                input.upstream,
+                input.apiKey,
+                input.profile || 'default',
+                snapshot.summary,
+            )
+            const elapsed = Date.now() - t0
+
+            if (result.summary) {
+                const lastMsg = newMessages[newMessages.length - 1]
+                this.messageFetcher.saveContextSnapshot(input.roomId, result.summary, lastMsg.id, lastMsg.timestamp)
+
+                meta.summaryTokenEstimate = this.countTokens(result.summary)
+                logger.debug(`[ContextEngine] [Path A] incremental compression DONE in ${elapsed}ms, newSummaryLen=${result.summary.length}, newLastMsgId=${lastMsg.id}`)
+                logger.debug(`[ContextEngine] [Path A] NEW SUMMARY (${result.summary.length} chars): ${result.summary.slice(0, 300)}`)
+                const history = this.buildHistory(result.summary, newMessages, input.agentSocketId, input.agentName)
+                meta.contextTokenEstimate = await estimateFullContextTokens(history, this.estimateTokens(history))
+                this.logHistory('Path A (after incremental compress)', history)
+                if (result.sessionId) this.sessionCleaner?.(result.sessionId)
+                return { conversationHistory: history, instructions, meta }
+            }
+
+            // Compression failed — degrade
+            logger.warn(`[ContextEngine] [Path A] incremental compression FAILED (${elapsed}ms) — degrading to summary + trimmed verbatim`)
+            const history = this.buildHistory(snapshot.summary, newMessages, input.agentSocketId, input.agentName)
+            this.trimToBudget(history, summaryTokens, config.maxHistoryTokens)
+            return { conversationHistory: history, instructions, meta }
+        }
+
+        // ── Path B: No snapshot — full context ───────────────
+        const messageOnlyTokens = this.estimateTokensFromMessages(messages)
+        meta.verbatimCount = total
+        const fullHistory = messages.map(m => this.mapToHistory(m, input.agentSocketId, input.agentName))
+        const totalTokens = await estimateFullContextTokens(fullHistory, messageOnlyTokens)
+        logThresholdCheck('full', messageOnlyTokens, totalTokens)
+
+        logger.debug(`[ContextEngine] [Path B] no snapshot, totalMessages=${total}, totalTokens=~${totalTokens}, threshold=${config.triggerTokens}`)
+
+        // Under threshold — pass all messages verbatim
+        if (totalTokens <= config.triggerTokens) {
+            logger.debug(`[ContextEngine] [Path B] UNDER threshold — return all ${total} msgs verbatim`)
+            this.logHistory('Path B (no compress)', fullHistory)
+            return { conversationHistory: fullHistory, instructions, meta }
+        }
+
+        // Over threshold — full compress
+        if (totalTokens > messageOnlyTokens && messages.length <= config.tailMessageCount) {
+            throw new Error(
+                `Context window is too small for group chat agent ${input.agentName}: fixed prompt/tool overhead plus ${messages.length} messages uses ~${totalTokens} tokens, exceeding trigger ${config.triggerTokens}, and there is not enough history to compress.`,
+            )
+        }
+        logger.debug(`[ContextEngine] [Path B] OVER threshold — starting FULL compression of ${total} msgs...`)
+        logger.debug(`[ContextEngine] [Path B] CONTEXT BEFORE COMPRESSION: ${total} msgs, ~${totalTokens} tokens`)
+        meta.compressed = true
+        input.onProgress?.({
+            status: 'compressing',
+            path: 'full',
+            messageCount: total,
+            tokenCount: totalTokens,
+        })
+
+        const t0 = Date.now()
+        const result = await this.summarize(
+            input.roomId,
+            messages,
+            input.upstream,
+            input.apiKey,
+            input.profile || 'default',
+        )
+        const elapsed = Date.now() - t0
+
+        if (result.summary) {
+            // Keep recent tail messages verbatim, compress the rest
+            const { tailMessageCount } = config
+            const toCompress = messages.length > tailMessageCount ? messages.slice(0, -tailMessageCount) : messages
+            const tail = messages.length > tailMessageCount ? messages.slice(-tailMessageCount) : []
+            const lastCompressedMsg = toCompress[toCompress.length - 1]
+
+            this.messageFetcher.saveContextSnapshot(input.roomId, result.summary, lastCompressedMsg.id, lastCompressedMsg.timestamp)
+
+            meta.summaryTokenEstimate = this.countTokens(result.summary)
+            logger.debug(`[ContextEngine] [Path B] full compression DONE in ${elapsed}ms, summaryLen=${result.summary.length}, compressed=${toCompress.length} msgs, keptTail=${tail.length} msgs, savedLastMsgId=${lastCompressedMsg.id}`)
+            logger.debug(`[ContextEngine] [Path B] COMPRESSED SUMMARY (${result.summary.length} chars): ${result.summary.slice(0, 300)}`)
+            const history = this.buildHistory(result.summary, tail, input.agentSocketId, input.agentName)
+            meta.contextTokenEstimate = await estimateFullContextTokens(history, this.estimateTokens(history))
+            this.logHistory('Path B (after full compress)', history)
+            if (result.sessionId) this.sessionCleaner?.(result.sessionId)
+            return { conversationHistory: history, instructions, meta }
+        }
+
+        // Compression failed — degrade
+        logger.warn(`[ContextEngine] [Path B] full compression FAILED (${elapsed}ms) — degrading to trimmed verbatim`)
+        const history = messages.map(m => this.mapToHistory(m, input.agentSocketId, input.agentName))
+        this.trimToBudget(history, 0, config.maxHistoryTokens)
+        meta.verbatimCount = history.length
+        return { conversationHistory: history, instructions, meta }
+    }
+
+    invalidateRoom(roomId: string): void {
+        this.messageFetcher.deleteContextSnapshot(roomId)
+    }
+
+    /**
+     * Force compress all messages in a room (full compression).
+     * Used when user manually triggers compression.
+     */
+    async forceCompress(roomId: string, profile?: string): Promise<string> {
+        const allMessages = this.messageFetcher.getMessages(roomId)
+        if (allMessages.length === 0) return ''
+
+        const config = { ...this.config }
+        logger.debug(`[ContextEngine] forceCompress room=${roomId}, messages=${allMessages.length}`)
+
+        const t0 = Date.now()
+        const result = await this.summarize(roomId, allMessages, this._upstream, this._apiKey, profile || 'default')
+        const elapsed = Date.now() - t0
+
+        if (result.summary) {
+            const { tailMessageCount } = config
+            const toCompress = allMessages.length > tailMessageCount ? allMessages.slice(0, -tailMessageCount) : allMessages
+            const lastCompressedMsg = toCompress[toCompress.length - 1]
+
+            this.messageFetcher.saveContextSnapshot(roomId, result.summary, lastCompressedMsg.id, lastCompressedMsg.timestamp)
+            logger.debug(`[ContextEngine] forceCompress DONE in ${elapsed}ms`)
+            if (result.sessionId) this.sessionCleaner?.(result.sessionId)
+            return result.summary
+        }
+
+        throw new Error('Compression failed')
+    }
+
+    // ─── Private ─────────────────────────────────────────────
+
+    /**
+     * Build history array: optional summary prefix + verbatim messages.
+     */
+    private buildHistory(
+        summary: string,
+        messages: StoredMessage[],
+        agentSocketId: string,
+        agentName: string,
+    ): Array<{ role: 'user' | 'assistant'; content: string }> {
+        const history: Array<{ role: 'user' | 'assistant'; content: string }> = []
+
+        if (summary) {
+            history.push(
+                { role: 'user', content: '[Previous conversation summary]\n' + summary },
+                { role: 'assistant', content: 'I have reviewed the conversation history and understand the context.' },
+            )
+        }
+
+        history.push(...messages.map(m => this.mapToHistory(m, agentSocketId, agentName)))
+        return history
+    }
+
+    /**
+     * Summarize messages. If previousSummary is provided, do incremental update.
+     */
+    private async summarize(
+        roomId: string,
+        messages: StoredMessage[],
+        upstream: string,
+        apiKey: string | null,
+        profile: string,
+        previousSummary?: string,
+    ): Promise<{ summary: string | null; sessionId: string | null }> {
+        if (messages.length === 0 && !previousSummary) return { summary: null, sessionId: null }
+
+        try {
+            const result = await this.gatewayCaller.summarize(
+                upstream,
+                apiKey,
+                buildSummarizationSystemPrompt(),
+                messages,
+                roomId,
+                profile,
+                previousSummary,
+            )
+            return { summary: result.summary, sessionId: result.sessionId }
+        } catch (err: any) {
+            logger.warn(`[ContextEngine] Summarization failed for room ${roomId}: ${err.message}`)
+            return { summary: null, sessionId: null }
+        } finally {
+            // Session cleanup handled here if sessionCleaner is provided
+        }
+    }
+
+    private mapToHistory(
+        msg: StoredMessage,
+        agentSocketId: string,
+        agentName: string,
+    ): { role: 'user' | 'assistant'; content: string } {
+        const senderName = msg.senderName || 'unknown'
+        const isOwnAgent = msg.senderId === agentSocketId || senderName === agentName
+
+        if (msg.role === 'tool') {
+            const label = msg.tool_name ? `Tool result: ${msg.tool_name}` : 'Tool result'
+            return { role: 'user', content: `[${senderName}] [${label}]\n${msg.content || ''}` }
+        }
+
+        if (msg.role === 'assistant' && msg.tool_calls?.length) {
+            const toolsInfo = msg.tool_calls.map(tc => {
+                const name = tc.function?.name || 'unknown'
+                let args = tc.function?.arguments || '{}'
+                if (args.length > 4000) args = `${args.slice(0, 4000)}...`
+                return `[Calling tool: ${name} with arguments: ${args}]`
+            }).join('\n')
+            const content = msg.content?.trim()
+            return {
+                role: isOwnAgent ? 'assistant' : 'user',
+                content: content
+                    ? `${this.formatAttributedContent(senderName, content)}\n${this.formatAttributionPrefix(senderName, content)}${toolsInfo}`
+                    : `${this.formatAttributionPrefix(senderName, content)}${toolsInfo}`,
+            }
+        }
+
+        return {
+            role: isOwnAgent ? 'assistant' : 'user',
+            content: this.formatAttributedContent(senderName, msg.content || ''),
+        }
+    }
+
+    private formatAttributedContent(senderName: string, content: string): string {
+        return `${this.formatAttributionPrefix(senderName)}${this.stripMentions(content)}`
+    }
+
+    private formatAttributionPrefix(senderName: string, _content?: string): string {
+        return `[${senderName}]: `
+    }
+
+    private stripMentions(content: string): string {
+        return String(content || '')
+            .replace(/@([^\s@]+)/g, '')
+            .replace(/[ \t]{2,}/g, ' ')
+            .replace(/^\s+/, '')
+    }
+
+    private trimToBudget(
+        history: Array<{ role: 'user' | 'assistant'; content: string }>,
+        summaryTokens: number,
+        maxTokens: number,
+    ): void {
+        let totalTokens = summaryTokens + this.estimateTokens(history)
+        while (totalTokens > maxTokens && history.length > 0) {
+            history.pop()
+            totalTokens = summaryTokens + this.estimateTokens(history)
+        }
+    }
+
+    private estimateTokens(history: Array<{ role: string; content: string }>): number {
+        const text = history.map(m => m.content).join('')
+        return this.countTokens(text)
+    }
+
+    private estimateTokensFromMessages(messages: StoredMessage[]): number {
+        const text = messages.map(m => m.content).join('')
+        return this.countTokens(text)
+    }
+
+    /** Estimate tokens distinguishing CJK (~1.5 tok/char) from Latin (config.charsPerToken per char) */
+    private countTokens(text: string): number {
+        const cjk = (text.match(/[\u2e80-\u9fff\uac00-\ud7af\u3000-\u303f\uff00-\uffef]/g) || []).length
+        const other = text.length - cjk
+        return Math.ceil(cjk * 1.5 + other / this.config.charsPerToken)
+    }
+
+    /** Log assembled history for debugging */
+    private logHistory(label: string, history: Array<{ role: string; content: string }>): void {
+        const totalTokens = this.estimateTokens(history)
+        logger.debug(`[ContextEngine] ASSEMBLED HISTORY (${label}): ${history.length} entries, ~${totalTokens} tokens`)
+        for (const entry of history) {
+            const preview = entry.content.length > 150 ? entry.content.slice(0, 150) + '...' : entry.content
+            logger.debug(`  [${entry.role}] ${preview}`)
+        }
+    }
+}
diff --git a/packages/server/src/services/hermes/context-engine/gateway-client.ts b/packages/server/src/services/hermes/context-engine/gateway-client.ts
new file mode 100644
index 0000000..5f5ea3d
--- /dev/null
+++ b/packages/server/src/services/hermes/context-engine/gateway-client.ts
@@ -0,0 +1,110 @@
+import type { StoredMessage, GatewayCaller } from './types'
+import {
+    buildSummarizationSystemPrompt,
+    buildFullSummaryPrompt,
+    buildIncrementalUpdatePrompt,
+} from './prompt'
+import { updateUsage } from '../../../db/hermes/usage-store'
+import { logger } from '../../logger'
+import { AgentBridgeClient, type AgentBridgeRunResult } from '../agent-bridge'
+
+/**
+ * Calls the local bridge to produce LLM-generated summaries.
+ * The context engine owns history assembly; gateway storage/chaining is not used.
+ */
+export class GatewaySummarizer implements GatewayCaller {
+    private timeoutMs: number
+
+    constructor(timeoutMs = 30_000) {
+        this.timeoutMs = timeoutMs
+    }
+
+    async summarize(
+        _upstream: string,
+        _apiKey: string | null,
+        systemPrompt: string,
+        messages: StoredMessage[],
+        roomId: string,
+        profile: string,
+        previousSummary?: string,
+    ): Promise<{ summary: string; sessionId: string }> {
+        const history: Array<{ role: string; content: string }> = messages.map(m => ({
+            role: 'user',
+            content: summarizeMessageForPrompt(m),
+        }))
+
+        if (previousSummary) {
+            history.unshift(
+                { role: 'user', content: `[Previous summary]\n${previousSummary}` },
+                { role: 'assistant', content: 'Understood, I will update the summary.' },
+            )
+        }
+
+        const userPrompt = previousSummary
+            ? buildIncrementalUpdatePrompt()
+            : buildFullSummaryPrompt()
+
+        const bridge = new AgentBridgeClient({ timeoutMs: this.timeoutMs + 15_000 })
+        const sessionId = `gc_compress_${roomId}_${profile}_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`
+            .replace(/[^a-zA-Z0-9_-]/g, '_')
+            .slice(0, 160)
+
+        try {
+            const result = await bridge.request<AgentBridgeRunResult>({
+                action: 'chat',
+                session_id: sessionId,
+                message: userPrompt,
+                instructions: systemPrompt || buildSummarizationSystemPrompt(),
+                conversation_history: history,
+                profile,
+                source: 'api_server',
+                wait: true,
+                timeout: Math.ceil(this.timeoutMs / 1000),
+            }, { timeoutMs: this.timeoutMs + 15_000 })
+
+            if (result.status === 'error') {
+                throw new Error(result.error || 'Summarization bridge run failed')
+            }
+
+            const payload = result.result as any
+            const output = String(payload?.final_response || result.output || '').trim()
+            if (!output) throw new Error('Empty summarization response')
+
+            const usage = payload?.usage || payload?.response?.usage
+            if (usage) {
+                updateUsage(roomId, {
+                    inputTokens: usage.input_tokens ?? usage.inputTokens ?? 0,
+                    outputTokens: usage.output_tokens ?? usage.outputTokens ?? 0,
+                    cacheReadTokens: usage.cache_read_tokens ?? usage.cacheReadTokens ?? 0,
+                    cacheWriteTokens: usage.cache_write_tokens ?? usage.cacheWriteTokens ?? 0,
+                    reasoningTokens: usage.reasoning_tokens ?? usage.reasoningTokens ?? 0,
+                    model: payload?.model || payload?.response?.model || '',
+                    profile,
+                })
+            }
+            logger.debug(`[GatewaySummarizer] Bridge compression completed for room ${roomId} (profile=${profile})`)
+            return { summary: output, sessionId }
+        } finally {
+            await bridge.destroy(sessionId, profile).catch(() => undefined)
+        }
+    }
+}
+
+function summarizeMessageForPrompt(message: StoredMessage): string {
+    if (message.role === 'tool') {
+        const label = message.tool_name ? `Tool result: ${message.tool_name}` : 'Tool result'
+        return `[${label}]\n${message.content || ''}`
+    }
+
+    if (message.role === 'assistant' && message.tool_calls?.length) {
+        const toolsInfo = message.tool_calls.map(tc => {
+            const name = tc.function?.name || 'tool'
+            const args = tc.function?.arguments || '{}'
+            return `${name}(${args})`
+        }).join(', ')
+        const content = message.content?.trim()
+        return `[${message.senderName}]: ${content ? `${content}\n` : ''}[Tool calls: ${toolsInfo}]`
+    }
+
+    return `[${message.senderName}]: ${message.content}`
+}
diff --git a/packages/server/src/services/hermes/context-engine/index.ts b/packages/server/src/services/hermes/context-engine/index.ts
new file mode 100644
index 0000000..9817bd6
--- /dev/null
+++ b/packages/server/src/services/hermes/context-engine/index.ts
@@ -0,0 +1,13 @@
+export { ContextEngine } from './compressor'
+export { GatewaySummarizer } from './gateway-client'
+export { buildAgentInstructions, buildSummarizationSystemPrompt, buildFullSummaryPrompt, buildIncrementalUpdatePrompt } from './prompt'
+export { DEFAULT_COMPRESSION_CONFIG } from './types'
+export type {
+    StoredMessage,
+    CompressionConfig,
+    CompressedContext,
+    ContextSnapshot,
+    MessageFetcher,
+    GatewayCaller,
+    BuildContextInput,
+} from './types'
diff --git a/packages/server/src/services/hermes/context-engine/prompt.ts b/packages/server/src/services/hermes/context-engine/prompt.ts
new file mode 100644
index 0000000..aff9821
--- /dev/null
+++ b/packages/server/src/services/hermes/context-engine/prompt.ts
@@ -0,0 +1,115 @@
+// ─── Agent Identity Instructions ────────────────────────────
+
+import type { MemberInfo } from './types'
+import { getSystemPrompt } from '../../../lib/llm-prompt'
+
+interface AgentInstructionsParams {
+    agentName: string
+    roomName: string
+    agentDescription: string
+    memberNames: string[]
+    members: MemberInfo[]
+}
+
+export function buildAgentInstructions(params: AgentInstructionsParams): string {
+    // Deduplicate members by name (primary key) to avoid duplicate roles
+    // If multiple entries have the same name, prefer the one with description
+    const uniqueMembersMap = new Map<string, MemberInfo>()
+
+    for (const m of params.members) {
+        const existing = uniqueMembersMap.get(m.name)
+        // Prefer entries with description
+        if (!existing || (m.description && !existing.description)) {
+            uniqueMembersMap.set(m.name, m)
+        }
+    }
+
+    const uniqueMembers = Array.from(uniqueMembersMap.values())
+
+    let memberSection: string
+    if (uniqueMembers.length > 0) {
+        memberSection = uniqueMembers
+            .map(m => m.description ? `- ${m.name}: ${m.description}` : `- ${m.name}`)
+            .join('\n')
+    } else if (params.memberNames.length > 0) {
+        // Deduplicate member names as well
+        const uniqueNames = Array.from(new Set(params.memberNames))
+        memberSection = uniqueNames.map(n => `- ${n}`).join('\n')
+    } else {
+        memberSection = '- 未知'
+    }
+
+    // Handle empty agent description
+    const roleDescription = params.agentDescription?.trim()
+        ? params.agentDescription
+        : '专业的 AI 助手，随时准备协助解决问题。'
+
+    const basePrompt = `你是"${params.agentName}"，群聊房间"${params.roomName}"中的 AI 助手。
+
+你的角色：${roleDescription}
+
+当前房间成员：
+${memberSection}
+
+规则：
+- 当你收到群聊任务时，说明系统已经判断你需要回复；请直接回应当前消息，不要因为消息里同时提及其他成员而拒绝回复或输出空回复。
+- 重点回应提及你的人。
+- 回答简洁、对群聊有帮助。
+	- 不要假装是人类，需要时明确表明自己是 AI。
+	- 对话历史中包含多个人的消息，每条消息前标有发送者名字。
+	- 历史消息里的"[发送者]: ..."只是系统添加的归属标记，用来帮助你理解谁说了这句话；不要在你的回复中复述或模仿这种方括号前缀。
+	- 回复时使用自然语言即可；如果需要点名某人，只使用 @名字，不要输出"[${params.agentName}]:"这类格式。
+	- 对话开头可能包含之前的对话摘要，用于提供更早的上下文。
+	- 回复最新一条提及你的消息。
+	- 群聊系统支持 agent 之间通过 @名字 接力：当你在回复中写出 @某个成员，系统会把消息路由给对应成员。
+	- 如果用户明确要求你叫、让、请某个 agent 执行任务，不要自己代办，不要说你无法指挥其他 agent；请直接用 @名字 转交任务，并简短说明你已转交。
+	- 如果需要其他 agent 协作或明确回复某个人，使用 @名字 来提及对方，并把需要对方执行的任务写清楚。
+	- 不要主动 @ 任何人，除非最新消息明确要求你转交、邀请、询问某个具体成员。
+	- 如果只是回答提问，直接回答，不要在结尾 @ 其他成员继续接力。
+	- 不要为了活跃气氛、征求补充、让别人也看看而 @ 其他 agent 或用户。
+	- 只有在确实需要对方执行动作、提供信息、确认决策时，才可以 @名字。
+	- 自行判断对话是否已经结束——如果问题已解决、达成共识、或对方只是陈述不需要回复，则不要再 @任何人，直接结束回复，避免产生无意义的循环对话。`
+
+    return getSystemPrompt(basePrompt)
+}
+
+// ─── Summarization Prompts ─────────────────────────────────
+
+export function buildSummarizationSystemPrompt(): string {
+    return `你是一个群聊对话的摘要助手。请创建一份结构化摘要，帮助 AI 助手快速理解完整的对话上下文并智能回复。
+
+使用以下格式：
+
+当前话题：
+- 现在在聊什么，目标是什么
+
+已知结论：
+- 已达成哪些共识，哪些问题已经回答过
+
+待回复消息：
+- 还剩谁的问题没回，下一步要做什么
+
+关键人物：
+- 人名、角色、引用关系
+
+重要上下文：
+- 不要丢时间线和立场变化
+- 少写废话，多保留"可行动信息"
+- 重点保留：谁说了什么、结论是什么、下一步是什么
+- 关键的 URL、代码片段、错误信息、约束条件
+
+规则：
+- 基于事实，不要编造信息。
+- 保持简洁（500 字以内）。
+- 聚焦于帮助 AI 回复下一条消息的可行动信息。
+- 使用与对话相同的语言。
+- 不要回复对话内容，只输出摘要。`
+}
+
+export function buildFullSummaryPrompt(): string {
+    return '请对上方对话创建一份简洁的摘要。只输出摘要内容。'
+}
+
+export function buildIncrementalUpdatePrompt(): string {
+    return '对话自上次摘要后有了新的内容。请更新摘要，整合新消息。保持相同格式，更新所有部分。只输出更新后的摘要。'
+}
diff --git a/packages/server/src/services/hermes/context-engine/summary-cache.ts b/packages/server/src/services/hermes/context-engine/summary-cache.ts
new file mode 100644
index 0000000..5adebdd
--- /dev/null
+++ b/packages/server/src/services/hermes/context-engine/summary-cache.ts
@@ -0,0 +1,49 @@
+import type { SummaryCacheEntry } from './types'
+
+const MAX_ENTRIES = 200
+
+export class SummaryCache {
+    private cache = new Map<string, SummaryCacheEntry>()
+    private ttlMs: number
+
+    constructor(ttlMs = 120_000) {
+        this.ttlMs = ttlMs
+    }
+
+    get(roomId: string): SummaryCacheEntry | undefined {
+        const entry = this.cache.get(roomId)
+        if (!entry) return undefined
+        if (Date.now() - entry.createdAt >= this.ttlMs) {
+            this.cache.delete(roomId)
+            return undefined
+        }
+        return entry
+    }
+
+    set(roomId: string, entry: SummaryCacheEntry): void {
+        if (this.cache.size >= MAX_ENTRIES) {
+            let oldestKey = ''
+            let oldestTime = Infinity
+            for (const [k, v] of this.cache) {
+                if (v.createdAt < oldestTime) {
+                    oldestTime = v.createdAt
+                    oldestKey = k
+                }
+            }
+            if (oldestKey) this.cache.delete(oldestKey)
+        }
+        this.cache.set(roomId, entry)
+    }
+
+    invalidate(roomId: string): void {
+        this.cache.delete(roomId)
+    }
+
+    clear(): void {
+        this.cache.clear()
+    }
+
+    get size(): number {
+        return this.cache.size
+    }
+}
diff --git a/packages/server/src/services/hermes/context-engine/types.ts b/packages/server/src/services/hermes/context-engine/types.ts
new file mode 100644
index 0000000..5376427
--- /dev/null
+++ b/packages/server/src/services/hermes/context-engine/types.ts
@@ -0,0 +1,133 @@
+// ─── Message Types ──────────────────────────────────────────
+
+/** Raw message from SQLite messages table */
+export interface StoredMessage {
+    id: string
+    roomId: string
+    senderId: string
+    senderName: string
+    content: string
+    timestamp: number
+    role?: string
+    tool_call_id?: string | null
+    tool_calls?: Array<{ id?: string; type?: string; function?: { name?: string; arguments?: string } }> | null
+    tool_name?: string | null
+    finish_reason?: string | null
+}
+
+// ─── Compression Config ────────────────────────────────────
+
+export interface CompressionConfig {
+    /** Token threshold to trigger compression (estimate all messages) */
+    triggerTokens: number
+    /** Max tokens for the final compressed context sent to LLM */
+    maxHistoryTokens: number
+    /** Number of recent messages to keep verbatim after compression */
+    tailMessageCount: number
+    /** Characters per token for estimation */
+    charsPerToken: number
+    /** Timeout for summarization LLM call in ms */
+    summarizationTimeoutMs: number
+}
+
+export const DEFAULT_COMPRESSION_CONFIG: CompressionConfig = {
+    triggerTokens: 100_000,
+    maxHistoryTokens: 32_000,
+    tailMessageCount: 10,
+    charsPerToken: 6,
+    summarizationTimeoutMs: 30_000,
+}
+
+// ─── Compression Output ────────────────────────────────────
+
+export interface CompressedContext {
+    conversationHistory: Array<{ role: 'user' | 'assistant'; content: string }>
+    instructions: string
+    meta: {
+        totalMessages: number
+        verbatimCount: number
+        hadSnapshot: boolean
+        compressed: boolean
+        summaryTokenEstimate: number
+        contextTokenEstimate?: number
+        messageTokenEstimate?: number
+    }
+}
+
+// ─── Context Snapshot (persisted in SQLite) ────────────────
+
+export interface ContextSnapshot {
+    roomId: string
+    summary: string
+    lastMessageId: string
+    lastMessageTimestamp: number
+    updatedAt: number
+}
+
+// ─── Summary Cache ──────────────────────────────────────────
+
+export interface SummaryCacheEntry {
+    summary: string
+    lastMessageId: string
+    lastMessageTimestamp: number
+    createdAt: number
+}
+
+// ─── Dependency Injection ──────────────────────────────────
+
+export interface MessageFetcher {
+    getMessages(roomId: string, limit?: number): StoredMessage[]
+    getContextSnapshot(roomId: string): ContextSnapshot | null
+    saveContextSnapshot(roomId: string, summary: string, lastMessageId: string, lastMessageTimestamp: number): void
+    deleteContextSnapshot(roomId: string): void
+}
+
+export interface GatewayCaller {
+    summarize(
+        upstream: string,
+        apiKey: string | null,
+        systemPrompt: string,
+        messages: StoredMessage[],
+        roomId: string,
+        profile: string,
+        previousSummary?: string,
+    ): Promise<{ summary: string; sessionId: string }>
+}
+
+export type SessionCleaner = (sessionId: string) => void
+
+export type ContextProgress = (event: {
+    status: 'compressing'
+    path: 'snapshot' | 'full'
+    messageCount: number
+    tokenCount: number
+}) => void
+
+// ─── Build Context Input ───────────────────────────────────
+
+export interface MemberInfo {
+    userId: string
+    name: string
+    description: string
+}
+
+export interface BuildContextInput {
+    roomId: string
+    agentId: string
+    agentName: string
+    agentDescription: string
+    agentSocketId: string
+    roomName: string
+    memberNames: string[]
+    members: MemberInfo[]
+    upstream: string
+    apiKey: string | null
+    currentMessage: StoredMessage
+    compression?: Partial<CompressionConfig>
+    profile?: string
+    contextTokenEstimator?: (
+        history: Array<{ role: 'user' | 'assistant'; content: string }>,
+        instructions: string,
+    ) => Promise<number | null | undefined>
+    onProgress?: ContextProgress
+}
diff --git a/packages/server/src/services/hermes/conversations.ts b/packages/server/src/services/hermes/conversations.ts
new file mode 100644
index 0000000..9d6b474
--- /dev/null
+++ b/packages/server/src/services/hermes/conversations.ts
@@ -0,0 +1,436 @@
+import { exportSessionsRaw, type HermesSessionFull } from './hermes-cli'
+
+const LINEAGE_TOLERANCE_SECONDS = 3
+const LIVE_WINDOW_SECONDS = 300
+const EXPORT_CACHE_TTL_MS = 30000
+const DEFAULT_CONVERSATION_LIMIT = 200
+const SYNTHETIC_USER_PREFIXES = [
+  '[system:',
+  "you've reached the maximum number of tool-calling iterations allowed.",
+  'you have reached the maximum number of tool-calling iterations allowed.',
+]
+
+type HermesMessageLike = {
+  id?: number | string
+  session_id?: string
+  role?: string
+  content?: unknown
+  timestamp?: number
+}
+
+type ConversationSession = HermesSessionFull & {
+  parent_session_id?: string | null
+  preview: string
+  last_active: number
+  is_active: boolean
+}
+
+type CachedExport = {
+  expires_at_ms: number
+  sessions: HermesSessionFull[]
+}
+
+const exportCache = new Map<string, CachedExport>()
+
+export interface ConversationSummary {
+  id: string
+  profile?: string | null
+  source: string
+  model: string
+  title: string | null
+  started_at: number
+  ended_at: number | null
+  last_active: number
+  message_count: number
+  tool_call_count: number
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  billing_provider: string | null
+  estimated_cost_usd: number
+  actual_cost_usd: number | null
+  cost_status: string
+  preview: string
+  is_active: boolean
+  thread_session_count: number
+}
+
+export interface ConversationMessage {
+  id: number | string
+  session_id: string
+  role: 'user' | 'assistant'
+  content: string
+  timestamp: number
+}
+
+export interface ConversationDetail {
+  session_id: string
+  messages: ConversationMessage[]
+  visible_count: number
+  thread_session_count: number
+}
+
+export interface ConversationListOptions {
+  source?: string
+  humanOnly?: boolean
+  limit?: number
+}
+
+function cacheKey(source?: string): string {
+  return source || '__all__'
+}
+
+function safeText(value: unknown): string {
+  if (typeof value === 'string') return value
+  if (typeof value === 'number' || typeof value === 'boolean') return String(value)
+  return ''
+}
+
+function textFromContent(value: unknown): string {
+  if (typeof value === 'string') return value
+  if (typeof value === 'number' || typeof value === 'boolean') return String(value)
+  if (Array.isArray(value)) {
+    return value
+      .map(item => textFromContent(item).trim())
+      .filter(Boolean)
+      .join('\n')
+  }
+  if (!value || typeof value !== 'object') return ''
+
+  const record = value as Record<string, unknown>
+  const directKeys = ['text', 'content', 'value'] as const
+  for (const key of directKeys) {
+    const direct = record[key]
+    if (typeof direct === 'string') return direct
+    if (Array.isArray(direct)) {
+      const nested = textFromContent(direct)
+      if (nested) return nested
+    }
+  }
+
+  const nestedKeys = ['parts', 'children', 'items'] as const
+  for (const key of nestedKeys) {
+    if (Array.isArray(record[key])) {
+      const nested = textFromContent(record[key])
+      if (nested) return nested
+    }
+  }
+
+  const flattened = Object.values(record)
+    .map(entry => textFromContent(entry).trim())
+    .filter(Boolean)
+    .join('\n')
+  if (flattened) return flattened
+
+  try {
+    return JSON.stringify(record)
+  } catch {
+    return ''
+  }
+}
+
+function normalizeText(value: unknown): string {
+  return textFromContent(value).replace(/\s+/g, ' ').trim().toLowerCase()
+}
+
+function excerpt(value: unknown, width = 80): string {
+  const text = textFromContent(value).replace(/\s+/g, ' ').trim()
+  if (!text) return ''
+  return text.length > width ? `${text.slice(0, width)}…` : text
+}
+
+function isSyntheticUserText(content: unknown): boolean {
+  const text = normalizeText(content)
+  return SYNTHETIC_USER_PREFIXES.some(prefix => text.startsWith(prefix))
+}
+
+function visibleHumanMessage(message: HermesMessageLike): boolean {
+  const role = safeText(message.role)
+  const content = textFromContent(message.content).trim()
+  if (!content) return false
+  if (role !== 'user' && role !== 'assistant') return false
+  if (role === 'user' && isSyntheticUserText(content)) return false
+  return true
+}
+
+function firstVisibleHumanText(messages: HermesMessageLike[]): string {
+  const firstVisible = messages.find(visibleHumanMessage)
+  return firstVisible ? textFromContent(firstVisible.content).trim() : ''
+}
+
+function maxMessageTimestamp(messages: HermesMessageLike[]): number {
+  return messages.reduce((max, message) => {
+    const timestamp = Number(message.timestamp || 0)
+    return Number.isFinite(timestamp) && timestamp > max ? timestamp : max
+  }, 0)
+}
+
+function enrichSession(session: HermesSessionFull, nowSeconds: number): ConversationSession {
+  const messages = Array.isArray(session.messages) ? session.messages : []
+  const preview = excerpt(firstVisibleHumanText(messages))
+  const lastActive = maxMessageTimestamp(messages) || Number(session.ended_at || session.started_at || 0)
+  const endedAt = session.ended_at ?? null
+  return {
+    ...session,
+    parent_session_id: (session.parent_session_id as string | null | undefined) ?? null,
+    preview,
+    last_active: lastActive,
+    is_active: endedAt == null && nowSeconds - lastActive <= LIVE_WINDOW_SECONDS,
+  }
+}
+
+function sortByRecency<T extends { last_active: number; started_at: number; id: string }>(items: T[]): T[] {
+  return [...items].sort((a, b) => {
+    if (b.last_active !== a.last_active) return b.last_active - a.last_active
+    if (b.started_at !== a.started_at) return b.started_at - a.started_at
+    return a.id.localeCompare(b.id)
+  })
+}
+
+function timingMatchesParent(parent: ConversationSession | undefined, child: ConversationSession | undefined): boolean {
+  if (!parent || !child || parent.ended_at == null) return false
+  return Math.abs(Number(child.started_at || 0) - Number(parent.ended_at || 0)) <= LINEAGE_TOLERANCE_SECONDS
+}
+
+function isBranchRoot(session: ConversationSession | undefined, byId: Map<string, ConversationSession>): boolean {
+  if (!session?.parent_session_id) return false
+  const parent = byId.get(session.parent_session_id)
+  return !!parent && parent.end_reason === 'branched' && timingMatchesParent(parent, session)
+}
+
+function isVisibleRoot(session: ConversationSession | undefined, byId: Map<string, ConversationSession>): boolean {
+  if (!session || session.source === 'tool') return false
+  return session.parent_session_id == null || isBranchRoot(session, byId)
+}
+
+function continuationCandidates(parent: ConversationSession, byId: Map<string, ConversationSession>, childrenByParent: Map<string | null, string[]>): ConversationSession[] {
+  const childIds = childrenByParent.get(parent.id) || []
+  return childIds
+    .map(childId => byId.get(childId))
+    .filter((child): child is ConversationSession => !!child)
+    .filter(child => child.source !== 'tool')
+    .filter(child => child.source === parent.source)
+    .filter(child => timingMatchesParent(parent, child))
+    .sort((a, b) => {
+      const aDelta = Math.abs(Number(a.started_at || 0) - Number(parent.ended_at || 0))
+      const bDelta = Math.abs(Number(b.started_at || 0) - Number(parent.ended_at || 0))
+      if (aDelta !== bDelta) return aDelta - bDelta
+      return a.id.localeCompare(b.id)
+    })
+}
+
+function nextContinuationChild(parent: ConversationSession, byId: Map<string, ConversationSession>, childrenByParent: Map<string | null, string[]>): ConversationSession | null {
+  if (parent.end_reason !== 'compression') return null
+  const candidates = continuationCandidates(parent, byId, childrenByParent)
+  if (candidates.length === 1) return candidates[0]
+
+  const exactPreviewMatches = candidates.filter(child => {
+    const childPreview = normalizeText(child.preview)
+    const parentPreview = normalizeText(parent.preview)
+    return !!childPreview && childPreview === parentPreview
+  })
+
+  if (exactPreviewMatches.length === 1) return exactPreviewMatches[0]
+  return null
+}
+
+function collectConversationChain(rootId: string, byId: Map<string, ConversationSession>, childrenByParent: Map<string | null, string[]>): ConversationSession[] {
+  const chain: ConversationSession[] = []
+  const seen = new Set<string>()
+  let current = byId.get(rootId) || null
+  while (current && !seen.has(current.id)) {
+    chain.push(current)
+    seen.add(current.id)
+    current = nextContinuationChild(current, byId, childrenByParent)
+  }
+  return chain
+}
+
+function sessionMessages(session: HermesSessionFull): HermesMessageLike[] {
+  return Array.isArray(session.messages) ? session.messages as HermesMessageLike[] : []
+}
+
+function normalizeVisibleMessage(message: HermesMessageLike, session: HermesSessionFull, index: number): ConversationMessage | null {
+  if (!visibleHumanMessage(message)) return null
+  const role = safeText(message.role)
+  const content = textFromContent(message.content).trim()
+  if (role !== 'user' && role !== 'assistant') return null
+  if (!content) return null
+
+  const rawTimestamp = Number(message.timestamp)
+  const timestamp = Number.isFinite(rawTimestamp) && rawTimestamp > 0
+    ? rawTimestamp
+    : Number(session.ended_at || session.started_at || 0)
+  const id = message.id ?? `${session.id}:${index}:${timestamp}`
+
+  return {
+    id,
+    session_id: safeText(message.session_id || session.id),
+    role,
+    content,
+    timestamp,
+  }
+}
+
+function visibleMessagesForSessions(sessions: HermesSessionFull[]): ConversationMessage[] {
+  return sessions
+    .flatMap(session => sessionMessages(session).map((message, index) => normalizeVisibleMessage({ ...message, session_id: safeText(message.session_id || session.id) }, session, index)))
+    .filter((message): message is ConversationMessage => !!message)
+    .sort((a, b) => {
+      if (a.timestamp !== b.timestamp) return a.timestamp - b.timestamp
+      return String(a.id).localeCompare(String(b.id))
+    })
+}
+
+function hasVisibleHumanMessages(sessions: HermesSessionFull[]): boolean {
+  return visibleMessagesForSessions(sessions).length > 0
+}
+
+function toSummary(session: ConversationSession): ConversationSummary {
+  return {
+    id: session.id,
+    source: safeText(session.source),
+    model: safeText(session.model),
+    title: session.title ?? null,
+    started_at: Number(session.started_at || 0),
+    ended_at: session.ended_at ?? null,
+    last_active: session.last_active,
+    message_count: Number(session.message_count || 0),
+    tool_call_count: Number(session.tool_call_count || 0),
+    input_tokens: Number(session.input_tokens || 0),
+    output_tokens: Number(session.output_tokens || 0),
+    cache_read_tokens: Number(session.cache_read_tokens || 0),
+    cache_write_tokens: Number(session.cache_write_tokens || 0),
+    reasoning_tokens: Number(session.reasoning_tokens || 0),
+    billing_provider: session.billing_provider ?? null,
+    estimated_cost_usd: Number(session.estimated_cost_usd || 0),
+    actual_cost_usd: session.actual_cost_usd ?? null,
+    cost_status: safeText(session.cost_status),
+    preview: session.preview,
+    is_active: session.is_active,
+    thread_session_count: 1,
+  }
+}
+
+function aggregateSummary(rootId: string, byId: Map<string, ConversationSession>, childrenByParent: Map<string | null, string[]>): ConversationSummary | null {
+  const chain = collectConversationChain(rootId, byId, childrenByParent)
+  if (!chain.length || !hasVisibleHumanMessages(chain)) return null
+  const root = chain[0]
+  const last = chain[chain.length - 1]
+  const title = root.title || excerpt(firstVisibleHumanText(chain.flatMap(sessionMessages)), 72) || null
+  const preview = root.preview || excerpt(firstVisibleHumanText(chain.flatMap(sessionMessages)))
+  const costStatuses = Array.from(new Set(chain.map(session => safeText(session.cost_status)).filter(Boolean)))
+
+  return {
+    ...toSummary(root),
+    title,
+    preview,
+    model: safeText(last?.model || root.model),
+    ended_at: last?.ended_at ?? null,
+    last_active: Math.max(...chain.map(session => session.last_active)),
+    is_active: chain.some(session => session.is_active),
+    billing_provider: last?.billing_provider ?? root.billing_provider ?? null,
+    cost_status: costStatuses.length === 1 ? costStatuses[0] : 'mixed',
+    thread_session_count: chain.length,
+    message_count: chain.reduce((sum, session) => sum + Number(session.message_count || 0), 0),
+    tool_call_count: chain.reduce((sum, session) => sum + Number(session.tool_call_count || 0), 0),
+    input_tokens: chain.reduce((sum, session) => sum + Number(session.input_tokens || 0), 0),
+    output_tokens: chain.reduce((sum, session) => sum + Number(session.output_tokens || 0), 0),
+    cache_read_tokens: chain.reduce((sum, session) => sum + Number(session.cache_read_tokens || 0), 0),
+    cache_write_tokens: chain.reduce((sum, session) => sum + Number(session.cache_write_tokens || 0), 0),
+    reasoning_tokens: chain.reduce((sum, session) => sum + Number(session.reasoning_tokens || 0), 0),
+    estimated_cost_usd: chain.reduce((sum, session) => sum + Number(session.estimated_cost_usd || 0), 0),
+    actual_cost_usd: chain.reduce<number | null>((sum, session) => {
+      const actual = session.actual_cost_usd
+      if (actual == null) return sum
+      return (sum || 0) + Number(actual)
+    }, null),
+  }
+}
+
+async function loadSessions(source?: string): Promise<ConversationSession[]> {
+  const key = cacheKey(source)
+  const nowMs = Date.now()
+  const cached = exportCache.get(key)
+  const raws = cached && cached.expires_at_ms > nowMs
+    ? cached.sessions
+    : await exportSessionsRaw(source)
+
+  if (!cached || cached.expires_at_ms <= nowMs) {
+    exportCache.set(key, {
+      expires_at_ms: nowMs + EXPORT_CACHE_TTL_MS,
+      sessions: raws,
+    })
+  }
+
+  const nowSeconds = nowMs / 1000
+  return raws.map(raw => enrichSession(raw, nowSeconds))
+}
+
+export async function listConversationSummaries(options: ConversationListOptions = {}): Promise<ConversationSummary[]> {
+  const humanOnly = options.humanOnly !== false
+  const limit = options.limit && options.limit > 0 ? options.limit : DEFAULT_CONVERSATION_LIMIT
+  const sessions = await loadSessions(options.source)
+  const byId = new Map(sessions.map(session => [session.id, session]))
+  const childrenByParent = new Map<string | null, string[]>()
+  for (const session of sessions) {
+    const key = session.parent_session_id ?? null
+    const siblings = childrenByParent.get(key) || []
+    siblings.push(session.id)
+    childrenByParent.set(key, siblings)
+  }
+
+  if (!humanOnly) {
+    return sortByRecency(
+      sessions
+        .filter(session => session.source !== 'tool')
+        .map(toSummary),
+    ).slice(0, limit)
+  }
+
+  const summaries = sessions
+    .filter(session => isVisibleRoot(session, byId))
+    .map(session => aggregateSummary(session.id, byId, childrenByParent))
+    .filter((summary): summary is ConversationSummary => !!summary)
+
+  return sortByRecency(summaries).slice(0, limit)
+}
+
+export async function getConversationDetail(sessionId: string, options: ConversationListOptions = {}): Promise<ConversationDetail | null> {
+  const humanOnly = options.humanOnly !== false
+  const sessions = await loadSessions(options.source)
+  const byId = new Map(sessions.map(session => [session.id, session]))
+  const childrenByParent = new Map<string | null, string[]>()
+  for (const session of sessions) {
+    const key = session.parent_session_id ?? null
+    const siblings = childrenByParent.get(key) || []
+    siblings.push(session.id)
+    childrenByParent.set(key, siblings)
+  }
+
+  if (!humanOnly) {
+    const session = byId.get(sessionId)
+    if (!session || session.source === 'tool') return null
+    const messages = visibleMessagesForSessions([session])
+    return {
+      session_id: sessionId,
+      messages,
+      visible_count: messages.length,
+      thread_session_count: 1,
+    }
+  }
+
+  const root = byId.get(sessionId)
+  if (!isVisibleRoot(root, byId)) return null
+  const chain = collectConversationChain(sessionId, byId, childrenByParent)
+  const messages = visibleMessagesForSessions(chain)
+  if (!messages.length) return null
+  return {
+    session_id: sessionId,
+    messages,
+    visible_count: messages.length,
+    thread_session_count: chain.length,
+  }
+}
diff --git a/packages/server/src/services/hermes/copilot-device-flow.ts b/packages/server/src/services/hermes/copilot-device-flow.ts
new file mode 100644
index 0000000..9645502
--- /dev/null
+++ b/packages/server/src/services/hermes/copilot-device-flow.ts
@@ -0,0 +1,158 @@
+/**
+ * GitHub OAuth Device Flow for Copilot login.
+ *
+ * Mirrors the upstream hermes-agent implementation
+ * (`hermes_cli/copilot_auth.py:155-275`):
+ *   - POST https://github.com/login/device/code  → device_code, user_code, verification_uri
+ *   - POST https://github.com/login/oauth/access_token → access_token (after user approves)
+ *   - Polling rules per RFC 8628: authorization_pending, slow_down, expired_token, access_denied
+ *
+ * Client ID `Ov23li8tweQw6odWQebz` is reused from upstream hermes-agent for now;
+ * a dedicated web-ui OAuth App can be registered later without changing the protocol.
+ */
+
+const GITHUB_DEVICE_CODE_URL = 'https://github.com/login/device/code'
+const GITHUB_ACCESS_TOKEN_URL = 'https://github.com/login/oauth/access_token'
+export const COPILOT_OAUTH_CLIENT_ID = 'Ov23li8tweQw6odWQebz'
+export const COPILOT_OAUTH_SCOPE = 'read:user'
+const FETCH_TIMEOUT_MS = 15_000
+
+export interface DeviceCodeResponse {
+  device_code: string
+  user_code: string
+  verification_uri: string
+  expires_in: number
+  interval: number
+}
+
+export interface AccessTokenSuccess {
+  kind: 'success'
+  access_token: string
+  token_type: string
+  scope: string
+}
+
+export interface AccessTokenPending {
+  kind: 'pending'
+}
+
+export interface AccessTokenSlowDown {
+  kind: 'slow_down'
+}
+
+export interface AccessTokenDenied {
+  kind: 'denied'
+}
+
+export interface AccessTokenExpired {
+  kind: 'expired'
+}
+
+export interface AccessTokenError {
+  kind: 'error'
+  error: string
+  description?: string
+}
+
+export type AccessTokenResult =
+  | AccessTokenSuccess
+  | AccessTokenPending
+  | AccessTokenSlowDown
+  | AccessTokenDenied
+  | AccessTokenExpired
+  | AccessTokenError
+
+/**
+ * Request a fresh device code from GitHub. Throws on network failure or non-2xx.
+ */
+export async function startDeviceFlow(
+  fetchImpl: typeof fetch = fetch,
+): Promise<DeviceCodeResponse> {
+  const res = await fetchImpl(GITHUB_DEVICE_CODE_URL, {
+    method: 'POST',
+    headers: {
+      'Accept': 'application/json',
+      'Content-Type': 'application/x-www-form-urlencoded',
+    },
+    body: new URLSearchParams({
+      client_id: COPILOT_OAUTH_CLIENT_ID,
+      scope: COPILOT_OAUTH_SCOPE,
+    }).toString(),
+    signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),
+  })
+
+  if (!res.ok) {
+    const text = await res.text().catch(() => '')
+    throw new Error(`GitHub device code request failed: ${res.status} ${text}`)
+  }
+
+  const data = await res.json() as Partial<DeviceCodeResponse>
+  if (!data.device_code || !data.user_code || !data.verification_uri) {
+    throw new Error('GitHub device code response missing required fields')
+  }
+  return {
+    device_code: data.device_code,
+    user_code: data.user_code,
+    verification_uri: data.verification_uri,
+    expires_in: typeof data.expires_in === 'number' ? data.expires_in : 900,
+    interval: typeof data.interval === 'number' && data.interval > 0 ? data.interval : 5,
+  }
+}
+
+/**
+ * Poll the access-token endpoint once. Caller is responsible for sleeping the
+ * server-suggested `interval` between calls and handling slow_down/expired.
+ */
+export async function pollDeviceFlow(
+  deviceCode: string,
+  fetchImpl: typeof fetch = fetch,
+): Promise<AccessTokenResult> {
+  let res: Response
+  try {
+    res = await fetchImpl(GITHUB_ACCESS_TOKEN_URL, {
+      method: 'POST',
+      headers: {
+        'Accept': 'application/json',
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: new URLSearchParams({
+        client_id: COPILOT_OAUTH_CLIENT_ID,
+        device_code: deviceCode,
+        grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+      }).toString(),
+      signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),
+    })
+  } catch (err: any) {
+    return { kind: 'error', error: 'network', description: err?.message ?? String(err) }
+  }
+
+  let body: any
+  try {
+    body = await res.json()
+  } catch {
+    return { kind: 'error', error: 'parse', description: `HTTP ${res.status}` }
+  }
+
+  if (body && typeof body.access_token === 'string' && body.access_token) {
+    return {
+      kind: 'success',
+      access_token: body.access_token,
+      token_type: body.token_type ?? 'bearer',
+      scope: body.scope ?? COPILOT_OAUTH_SCOPE,
+    }
+  }
+
+  const code = typeof body?.error === 'string' ? body.error : 'unknown_error'
+  switch (code) {
+    case 'authorization_pending':
+      return { kind: 'pending' }
+    case 'slow_down':
+      return { kind: 'slow_down' }
+    case 'access_denied':
+      return { kind: 'denied' }
+    case 'expired_token':
+      return { kind: 'expired' }
+    default:
+      return { kind: 'error', error: code, description: body?.error_description }
+  }
+}
diff --git a/packages/server/src/services/hermes/copilot-models.ts b/packages/server/src/services/hermes/copilot-models.ts
new file mode 100644
index 0000000..c2dc197
--- /dev/null
+++ b/packages/server/src/services/hermes/copilot-models.ts
@@ -0,0 +1,272 @@
+import { execFile } from 'child_process'
+import { promisify } from 'util'
+import { readFile } from 'fs/promises'
+import { homedir } from 'os'
+import { join } from 'path'
+
+const execFileAsync = promisify(execFile)
+
+const COPILOT_API_TOKEN_URL = 'https://api.github.com/copilot_internal/v2/token'
+const COPILOT_MODELS_URL = 'https://api.githubcopilot.com/models'
+const EDITOR_VERSION = 'vscode/1.104.1'
+const PLUGIN_VERSION = 'copilot-chat/0.20.0'
+const USER_AGENT = 'GithubCopilot/1.155.0'
+const FETCH_TIMEOUT_MS = 8000
+const POSITIVE_TTL_MS = 60 * 60 * 1000
+const NEGATIVE_TTL_MS = 60 * 1000
+
+export interface CopilotModelMeta {
+  id: string
+  preview: boolean
+  disabled: boolean
+}
+
+const FALLBACK_MODELS: CopilotModelMeta[] = [
+  { id: 'gpt-5.5', preview: false, disabled: false },
+  { id: 'gpt-5.4', preview: false, disabled: false },
+  { id: 'gpt-5.4-mini', preview: false, disabled: false },
+  { id: 'gpt-5.4-nano', preview: false, disabled: false },
+  { id: 'gpt-5-mini', preview: false, disabled: false },
+  { id: 'gpt-5.3-codex', preview: false, disabled: false },
+  { id: 'claude-opus-4.8', preview: false, disabled: false },
+  { id: 'claude-opus-4.7', preview: false, disabled: false },
+  { id: 'claude-opus-4.6', preview: false, disabled: false },
+  { id: 'claude-opus-4.6-fast', preview: true, disabled: false },
+  { id: 'claude-opus-4.5', preview: false, disabled: false },
+  { id: 'claude-haiku-4.5', preview: false, disabled: false },
+  { id: 'claude-sonnet-4.6', preview: false, disabled: false },
+  { id: 'claude-sonnet-4.5', preview: false, disabled: false },
+  { id: 'gemini-2.5-pro', preview: false, disabled: false },
+  { id: 'gemini-3-flash', preview: true, disabled: false },
+  { id: 'gemini-3.1-pro', preview: true, disabled: false },
+  { id: 'gemini-3.5-flash', preview: false, disabled: false },
+  { id: 'raptor-mini', preview: true, disabled: false },
+]
+
+interface CacheEntry {
+  value: CopilotModelMeta[]
+  expiresAt: number
+  isFallback: boolean
+}
+
+// 缓存按 oauth token 隔离：避免切换 hermes profile（不同 .env / 不同 Copilot 账号）
+// 时仍命中上一个账号的模型列表 + preview/disabled 状态。key 为 token 的非密码学哈希
+// （不直接用明文 token 作 key，减少日志/调试时泄漏风险）。无 token 场景使用 "__none__"。
+const cacheByToken: Map<string, CacheEntry> = new Map()
+const inflightByToken: Map<string, Promise<CopilotModelMeta[]>> = new Map()
+
+function tokenCacheKey(oauthToken: string): string {
+  if (!oauthToken) return '__none__'
+  // FNV-1a 32-bit；够用作 cache key
+  let h = 0x811c9dc5
+  for (let i = 0; i < oauthToken.length; i++) {
+    h ^= oauthToken.charCodeAt(i)
+    h = Math.imul(h, 0x01000193)
+  }
+  return (h >>> 0).toString(16)
+}
+
+function unquote(raw: string): string {
+  const v = raw.trim()
+  if ((v.startsWith('"') && v.endsWith('"')) || (v.startsWith("'") && v.endsWith("'"))) {
+    return v.slice(1, -1)
+  }
+  return v
+}
+
+function readEnvVar(envContent: string, key: string): string {
+  if (process.env[key]) return unquote(process.env[key]!)
+  const m = envContent.match(new RegExp(`^${key}\\s*=\\s*(.+)`, 'm'))
+  if (m && m[1].trim() && !m[1].trim().startsWith('#')) return unquote(m[1])
+  return ''
+}
+
+// classic PATs (ghp_) cannot be used as Copilot OAuth tokens — mirror upstream
+// hermes-agent copilot_auth.py and skip them so callers fall through.
+function isUsableOAuthToken(token: string): boolean {
+  if (!token) return false
+  if (token.startsWith('ghp_')) return false
+  return true
+}
+
+async function readGhAppsToken(): Promise<string> {
+  const candidates = [
+    join(homedir(), '.config', 'github-copilot', 'apps.json'),
+    join(homedir(), '.config', 'github-copilot', 'hosts.json'),
+  ]
+  for (const path of candidates) {
+    try {
+      const text = await readFile(path, 'utf-8')
+      const data = JSON.parse(text)
+      for (const v of Object.values(data) as any[]) {
+        const tok = v?.oauth_token
+        if (typeof tok === 'string' && isUsableOAuthToken(tok.trim())) return tok.trim()
+      }
+    } catch { /* skip */ }
+  }
+  return ''
+}
+
+/**
+ * 解析 Copilot OAuth token，按 web-ui 的优先级顺序：
+ *   1. COPILOT_GITHUB_TOKEN  2. GH_TOKEN  3. GITHUB_TOKEN
+ *   4. ~/.config/github-copilot/apps.json (VS Code Copilot 插件存储)
+ *   5. `gh auth token` CLI fallback
+ * 跳过 classic PAT (ghp_)，与上游 hermes-agent copilot_auth.py 行为对齐。
+ * 这是单一事实来源 —— 授权检测和模型拉取都应使用此函数。
+ */
+export type CopilotTokenSource = 'env' | 'gh-cli' | 'apps-json' | null
+
+export async function resolveCopilotOAuthTokenWithSource(
+  envContent: string,
+): Promise<{ token: string; source: CopilotTokenSource }> {
+  for (const key of ['COPILOT_GITHUB_TOKEN', 'GH_TOKEN', 'GITHUB_TOKEN']) {
+    const v = readEnvVar(envContent, key)
+    if (isUsableOAuthToken(v)) return { token: v, source: 'env' }
+  }
+  const appsToken = await readGhAppsToken()
+  if (appsToken) return { token: appsToken, source: 'apps-json' }
+  try {
+    const { stdout } = await execFileAsync('gh', ['auth', 'token'], { timeout: 3000, windowsHide: true })
+    const v = stdout.trim()
+    if (isUsableOAuthToken(v)) return { token: v, source: 'gh-cli' }
+  } catch { /* ignore */ }
+  return { token: '', source: null }
+}
+
+export async function resolveCopilotOAuthToken(envContent: string): Promise<string> {
+  const { token } = await resolveCopilotOAuthTokenWithSource(envContent)
+  return token
+}
+
+async function exchangeForCopilotToken(oauthToken: string): Promise<string> {
+  const res = await fetch(COPILOT_API_TOKEN_URL, {
+    headers: {
+      'Authorization': `token ${oauthToken}`,
+      'Editor-Version': EDITOR_VERSION,
+      'Editor-Plugin-Version': PLUGIN_VERSION,
+      'User-Agent': USER_AGENT,
+      'Accept': 'application/json',
+    },
+    signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),
+  })
+  if (!res.ok) throw new Error(`token exchange ${res.status}`)
+  const data = await res.json() as { token?: string }
+  if (!data.token) throw new Error('no token in response')
+  return data.token
+}
+
+// ID 噪音过滤：
+// - text-embedding-* / *-embedding-* —— 嵌入模型（chat type 已过滤掉，但保留显式清单防御）
+// - accounts/msft/routers/* —— Copilot 内部路由模型，UI 模型 ID（带斜杠）会破坏 selectbox，且不可读
+// - rerank* —— rerank 模型
+// 与 opencode/models.dev 的 curated 思路一致：剔除明显非聊天用途的噪音 ID。
+const NOISE_ID_PREFIXES = ['accounts/', 'text-embedding', 'rerank']
+
+function isNoiseModelId(id: string): boolean {
+  const lower = id.toLowerCase()
+  return NOISE_ID_PREFIXES.some((p) => lower.startsWith(p))
+}
+
+async function fetchModelsList(copilotToken: string): Promise<CopilotModelMeta[]> {
+  const res = await fetch(COPILOT_MODELS_URL, {
+    headers: {
+      'Authorization': `Bearer ${copilotToken}`,
+      'Editor-Version': EDITOR_VERSION,
+      'Copilot-Integration-Id': 'vscode-chat',
+      'User-Agent': USER_AGENT,
+      'Accept': 'application/json',
+    },
+    signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),
+  })
+  if (!res.ok) throw new Error(`models fetch ${res.status}`)
+  const data = await res.json() as { data?: any[] }
+  if (!Array.isArray(data.data)) return []
+  // 与上游 hermes-agent hermes_cli/models.py 对齐：只过滤 chat type 且 supports
+  // /chat/completions endpoint。不强制 model_picker_enabled —— 用户可能想用未在 IDE
+  // picker 里的模型（用户决定全量展示，由用户自行判断订阅是否覆盖）。
+  // 额外去掉噪音 ID（embedding/rerank/router）。
+  const seen = new Set<string>()
+  const out: CopilotModelMeta[] = []
+  for (const m of data.data) {
+    if (m?.capabilities?.type !== 'chat') continue
+    const endpoints = m?.supported_endpoints
+    if (Array.isArray(endpoints) && endpoints.length > 0) {
+      if (!endpoints.includes('/chat/completions')) continue
+    }
+    const id = String(m?.id ?? '').trim()
+    if (!id || seen.has(id)) continue
+    if (isNoiseModelId(id)) continue
+    seen.add(id)
+    out.push({
+      id,
+      preview: m?.preview === true,
+      disabled: m?.policy?.state === 'disabled',
+    })
+  }
+  return out
+}
+
+async function loadModelsWithToken(oauth: string): Promise<CopilotModelMeta[]> {
+  if (!oauth) throw new Error('no oauth token')
+  const copilotToken = await exchangeForCopilotToken(oauth)
+  const models = await fetchModelsList(copilotToken)
+  if (models.length === 0) throw new Error('empty model list')
+  return models
+}
+
+/**
+ * 获取 GitHub Copilot 当前账号可用的 chat 模型列表（含 preview/disabled meta）。
+ * - 缓存按 oauth token 隔离（profile 切换不会串
+ * - 正缓存 1 小时（成功结果）
+ * - 负缓存 60 秒（失败时缓存 fallback，避免抖动重复打慢路径）
+ * - 并发请求合并：同一 token 的同时多次调用复用 inflight Promise
+ */
+export async function getCopilotModelsDetailed(envContent: string): Promise<CopilotModelMeta[]> {
+  // 先解析 oauth token —— 这一步本身有 fs 读取，但不会发网络请求；用作 cache key。
+  const oauth = await resolveCopilotOAuthToken(envContent)
+  const key = tokenCacheKey(oauth)
+  const now = Date.now()
+  const hit = cacheByToken.get(key)
+  if (hit && hit.expiresAt > now) return hit.value
+  const existing = inflightByToken.get(key)
+  if (existing) return existing
+  const promise = (async () => {
+    try {
+      const models = await loadModelsWithToken(oauth)
+      cacheByToken.set(key, { value: models, expiresAt: Date.now() + POSITIVE_TTL_MS, isFallback: false })
+      return models
+    } catch {
+      cacheByToken.set(key, { value: FALLBACK_MODELS, expiresAt: Date.now() + NEGATIVE_TTL_MS, isFallback: true })
+      return FALLBACK_MODELS
+    } finally {
+      inflightByToken.delete(key)
+    }
+  })()
+  inflightByToken.set(key, promise)
+  return promise
+}
+
+/** 兼容旧调用：只返回 ID 列表。 */
+export async function getCopilotModels(envContent: string): Promise<string[]> {
+  const detailed = await getCopilotModelsDetailed(envContent)
+  return detailed.map((m) => m.id)
+}
+
+/** 仅供测试使用：清空所有缓存与 inflight 状态。 */
+export function __resetCopilotModelsCacheForTest(): void {
+  cacheByToken.clear()
+  inflightByToken.clear()
+}
+
+/**
+ * 注销 / 切换账号后必须调用：清空所有 token 桶下的模型列表缓存与 inflight。
+ * 否则下一次查询仍会命中旧账号的 cache（key 是 token 哈希；删除 token 后
+ * key 变为 "__none__" 不会撞，但旧 key 的旧数据仍残留并继续返回过期模型）。
+ */
+export function invalidateAllCaches(): void {
+  cacheByToken.clear()
+  inflightByToken.clear()
+}
+
+export const COPILOT_FALLBACK_MODELS = FALLBACK_MODELS
diff --git a/packages/server/src/services/hermes/file-provider.ts b/packages/server/src/services/hermes/file-provider.ts
new file mode 100644
index 0000000..eb80ec1
--- /dev/null
+++ b/packages/server/src/services/hermes/file-provider.ts
@@ -0,0 +1,863 @@
+import { readFile, stat as fsStat, readdir, mkdir, rm, rename, copyFile as fsCopyFile, writeFile as fsWriteFile } from 'fs/promises'
+import { resolve, normalize, isAbsolute, basename, join } from 'path'
+import { execFile } from 'child_process'
+import { promisify } from 'util'
+import { existsSync, readFileSync } from 'fs'
+import YAML from 'js-yaml'
+import { config } from '../../config'
+import { getActiveProfileDir, getActiveEnvPath, getProfileDir } from './hermes-profile'
+import { isPathWithin, relativePathFromBase } from './hermes-path'
+
+const execFileAsync = promisify(execFile)
+const execOpts = { windowsHide: true }
+
+// Max download file size (default 200MB)
+const MAX_DOWNLOAD_SIZE = parseInt(process.env.MAX_DOWNLOAD_SIZE || '', 10) || 200 * 1024 * 1024
+// Backend command timeout (default 30s)
+const BACKEND_TIMEOUT = 30_000
+
+// Max edit/upload file size (default 10MB)
+export const MAX_EDIT_SIZE = parseInt(process.env.MAX_EDIT_SIZE || '', 10) || 10 * 1024 * 1024
+
+// Sensitive files that should not be written/deleted/renamed
+const SENSITIVE_FILES = new Set(['.env', 'auth.json'])
+
+export interface FileEntry {
+  name: string
+  path: string       // relative to hermes home
+  isDir: boolean
+  size: number
+  modTime: string    // ISO 8601
+}
+
+export interface FileStat {
+  name: string
+  path: string       // relative to hermes home
+  isDir: boolean
+  size: number
+  modTime: string    // ISO 8601
+  permissions?: string
+}
+
+export type BackendType = 'local' | 'docker' | 'ssh' | 'singularity' | 'modal' | 'daytona'
+
+export interface FileProvider {
+  type: BackendType
+  readFile(filePath: string): Promise<Buffer>
+  exists(filePath: string): Promise<boolean>
+  listDir(dirPath: string): Promise<FileEntry[]>
+  stat(filePath: string): Promise<FileStat>
+  writeFile(filePath: string, content: Buffer): Promise<void>
+  deleteFile(filePath: string): Promise<void>
+  deleteDir(dirPath: string): Promise<void>
+  renameFile(oldPath: string, newPath: string): Promise<void>
+  mkDir(dirPath: string): Promise<void>
+  copyFile(srcPath: string, destPath: string): Promise<void>
+}
+
+export interface TerminalConfig {
+  backend: BackendType
+  docker_image?: string
+  docker_container_name?: string
+  cwd?: string
+  singularity_image?: string
+  ssh_port?: number
+}
+
+/**
+ * Validate a file path: must be absolute and not contain '..' traversal.
+ */
+export function normalizePlatformPath(filePath: string, platform = process.platform): string {
+  if (platform !== 'win32') return filePath
+  const msysDrivePath = filePath.match(/^\/([a-zA-Z])(?:\/(.*))?$/)
+  if (!msysDrivePath) return filePath
+  const [, drive, rest = ''] = msysDrivePath
+  return `${drive.toUpperCase()}:\\${rest.replace(/\//g, '\\')}`
+}
+
+export function validatePath(filePath: string): string {
+  if (!filePath) throw Object.assign(new Error('Missing file path'), { code: 'missing_path' })
+  const resolved = resolve(normalizePlatformPath(filePath))
+  const normalized = normalize(resolved)
+  if (normalized.includes('..')) {
+    throw Object.assign(new Error('Invalid file path'), { code: 'invalid_path' })
+  }
+  if (!isAbsolute(normalized)) {
+    throw Object.assign(new Error('Path must be absolute'), { code: 'invalid_path' })
+  }
+  return normalized
+}
+
+/**
+ * Check if a path is inside the upload directory.
+ */
+export function isInUploadDir(filePath: string): boolean {
+  return isPathWithin(filePath, config.uploadDir)
+}
+
+function homeDirForProfile(profile?: string): string {
+  return profile ? getProfileDir(profile) : getActiveProfileDir()
+}
+
+function envPathForProfile(profile?: string): string {
+  return profile ? join(getProfileDir(profile), '.env') : getActiveEnvPath()
+}
+
+/**
+ * Check if a relative path refers to a sensitive file.
+ */
+export function isSensitivePath(relativePath: string): boolean {
+  const parts = relativePath.replace(/\\/g, '/').split('/')
+  const fileName = parts[parts.length - 1]
+  return SENSITIVE_FILES.has(fileName)
+}
+
+/**
+ * Resolve a relative path to an absolute path under the hermes home directory.
+ * Validates path safety (no traversal).
+ */
+export function resolveHermesPath(relativePath: string, profile?: string): string {
+  const homeDir = homeDirForProfile(profile)
+  if (!relativePath || relativePath === '.' || relativePath === '/') {
+    return homeDir
+  }
+  const normalized = normalize(relativePath).replace(/\\/g, '/')
+  if (normalized.startsWith('..') || normalized.includes('/../') || normalized.startsWith('/')) {
+    throw Object.assign(new Error('Invalid file path'), { code: 'invalid_path' })
+  }
+  const resolved = resolve(homeDir, normalized)
+  if (!isPathWithin(resolved, homeDir)) {
+    throw Object.assign(new Error('Path traversal detected'), { code: 'invalid_path' })
+  }
+  return resolved
+}
+
+// --- Local ---
+
+export class LocalFileProvider implements FileProvider {
+  type: BackendType = 'local'
+  constructor(private homeDir = getActiveProfileDir()) {}
+
+  async readFile(filePath: string): Promise<Buffer> {
+    const p = validatePath(filePath)
+    const s = await fsStat(p)
+    if (!s.isFile()) throw Object.assign(new Error('Not a file'), { code: 'not_found' })
+    if (s.size > MAX_DOWNLOAD_SIZE) {
+      throw Object.assign(new Error(`File too large: ${s.size} bytes`), { code: 'file_too_large' })
+    }
+    return readFile(p)
+  }
+
+  async exists(filePath: string): Promise<boolean> {
+    try {
+      const p = validatePath(filePath)
+      const s = await fsStat(p)
+      return s.isFile()
+    } catch {
+      return false
+    }
+  }
+
+  async listDir(dirPath: string): Promise<FileEntry[]> {
+    const p = validatePath(dirPath)
+    const entries = await readdir(p, { withFileTypes: true })
+    const results: FileEntry[] = []
+    for (const entry of entries) {
+      try {
+        const fullPath = resolve(p, entry.name)
+        const s = await fsStat(fullPath)
+        const relPath = relativePathFromBase(fullPath, this.homeDir) ?? entry.name
+        results.push({
+          name: entry.name,
+          path: relPath,
+          isDir: s.isDirectory(),
+          size: s.size,
+          modTime: s.mtime.toISOString(),
+        })
+      } catch {
+        // skip entries that fail to stat
+      }
+    }
+    return results
+  }
+
+  async stat(filePath: string): Promise<FileStat> {
+    const p = validatePath(filePath)
+    const s = await fsStat(p)
+    const relPath = relativePathFromBase(p, this.homeDir) ?? basename(p)
+    return {
+      name: basename(p),
+      path: relPath || basename(p),
+      isDir: s.isDirectory(),
+      size: s.size,
+      modTime: s.mtime.toISOString(),
+    }
+  }
+
+  async writeFile(filePath: string, content: Buffer): Promise<void> {
+    const p = validatePath(filePath)
+    await fsWriteFile(p, content)
+  }
+
+  async deleteFile(filePath: string): Promise<void> {
+    const p = validatePath(filePath)
+    const s = await fsStat(p)
+    if (!s.isFile()) throw Object.assign(new Error('Not a file'), { code: 'not_found' })
+    await rm(p)
+  }
+
+  async deleteDir(dirPath: string): Promise<void> {
+    const p = validatePath(dirPath)
+    const s = await fsStat(p)
+    if (!s.isDirectory()) throw Object.assign(new Error('Not a directory'), { code: 'not_found' })
+    await rm(p, { recursive: true })
+  }
+
+  async renameFile(oldPath: string, newPath: string): Promise<void> {
+    const op = validatePath(oldPath)
+    const np = validatePath(newPath)
+    await rename(op, np)
+  }
+
+  async mkDir(dirPath: string): Promise<void> {
+    const p = validatePath(dirPath)
+    await mkdir(p, { recursive: true })
+  }
+
+  async copyFile(srcPath: string, destPath: string): Promise<void> {
+    const sp = validatePath(srcPath)
+    const dp = validatePath(destPath)
+    await fsCopyFile(sp, dp)
+  }
+}
+
+/**
+ * Parse `ls -la --time-style=+%Y-%m-%dT%H:%M:%S` output into FileEntry[].
+ * Example line: `drwxr-xr-x 2 user group 4096 2025-07-20T10:30:00 dirname`
+ * Skips the "total N" line and entries "." and "..".
+ */
+function parseLsOutput(output: string, parentRelPath: string): FileEntry[] {
+  const entries: FileEntry[] = []
+  for (const line of output.split('\n')) {
+    const trimmed = line.trim()
+    if (!trimmed || trimmed.startsWith('total ')) continue
+    const parts = trimmed.split(/\s+/)
+    if (parts.length < 7) continue
+    const permissions = parts[0]
+    const size = parseInt(parts[4], 10) || 0
+    const modTime = parts[5]
+    const name = parts.slice(6).join(' ')
+    if (name === '.' || name === '..') continue
+    const isDir = permissions.startsWith('d')
+    const relPath = parentRelPath ? `${parentRelPath}/${name}` : name
+    entries.push({ name, path: relPath, isDir, size, modTime: modTime.includes('T') ? modTime : new Date(modTime).toISOString() })
+  }
+  return entries
+}
+
+/**
+ * Parse `stat -c '%n|%F|%s|%Y'` output.
+ * Output: `/path/to/file|regular file|1234|1721500000`
+ */
+function parseStatOutput(output: string, relativePath: string): FileStat {
+  const parts = output.trim().split('|')
+  if (parts.length < 4) throw Object.assign(new Error('Failed to parse stat output'), { code: 'backend_error' })
+  const name = basename(parts[0])
+  const fileType = parts[1].toLowerCase()
+  const size = parseInt(parts[2], 10) || 0
+  const modEpoch = parseInt(parts[3], 10) || 0
+  const isDir = fileType.includes('directory')
+  return {
+    name,
+    path: relativePath,
+    isDir,
+    size,
+    modTime: new Date(modEpoch * 1000).toISOString(),
+  }
+}
+
+// --- Docker ---
+
+export class DockerFileProvider implements FileProvider {
+  type: BackendType = 'docker'
+  private containerName: string
+  private homeDir: string
+
+  constructor(containerName: string, homeDir = getActiveProfileDir()) {
+    this.containerName = containerName
+    this.homeDir = homeDir
+  }
+
+  async readFile(filePath: string): Promise<Buffer> {
+    const p = validatePath(filePath)
+    try {
+      // Node.js supports encoding: 'buffer' but @types/node doesn't type it correctly
+      const { stdout } = await execFileAsync('docker', [
+        'exec', this.containerName, 'cat', p,
+      ], { maxBuffer: MAX_DOWNLOAD_SIZE, timeout: BACKEND_TIMEOUT, encoding: 'buffer' as any, ...execOpts })
+      return stdout as unknown as Buffer
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) {
+        throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      }
+      if (err.stderr && /no such file/i.test(String(err.stderr))) {
+        throw Object.assign(new Error('File not found in container'), { code: 'not_found' })
+      }
+      throw Object.assign(new Error(`Docker error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async exists(filePath: string): Promise<boolean> {
+    const p = validatePath(filePath)
+    try {
+      await execFileAsync('docker', [
+        'exec', this.containerName, 'test', '-f', p,
+      ], { timeout: 5000, ...execOpts })
+      return true
+    } catch {
+      return false
+    }
+  }
+
+  async listDir(dirPath: string): Promise<FileEntry[]> {
+    const p = validatePath(dirPath)
+    try {
+      const { stdout } = await execFileAsync('docker', [
+        'exec', this.containerName, 'ls', '-la', '--time-style=+%Y-%m-%dT%H:%M:%S', p,
+      ], { maxBuffer: 10 * 1024 * 1024, timeout: BACKEND_TIMEOUT, ...execOpts })
+      const relParent = relativePathFromBase(p, this.homeDir) ?? ''
+      return parseLsOutput(stdout, relParent)
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      if (err.stderr && /no such file|not a directory/i.test(String(err.stderr)))
+        throw Object.assign(new Error('Directory not found'), { code: 'not_found' })
+      throw Object.assign(new Error(`Docker error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async stat(filePath: string): Promise<FileStat> {
+    const p = validatePath(filePath)
+    try {
+      const { stdout } = await execFileAsync('docker', [
+        'exec', this.containerName, 'stat', '-c', '%n|%F|%s|%Y', p,
+      ], { timeout: BACKEND_TIMEOUT, ...execOpts })
+      const relPath = relativePathFromBase(p, this.homeDir) ?? basename(p)
+      return parseStatOutput(stdout, relPath)
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      if (err.stderr && /no such file/i.test(String(err.stderr))) throw Object.assign(new Error('Not found'), { code: 'not_found' })
+      throw Object.assign(new Error(`Docker error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async writeFile(filePath: string, content: Buffer): Promise<void> {
+    const p = validatePath(filePath)
+    try {
+      await execFileAsync('docker', [
+        'exec', '-i', this.containerName, 'sh', '-c', `cat > '${p.replace(/'/g, "'\\''")}'`,
+      ], { timeout: BACKEND_TIMEOUT, input: content, ...execOpts } as any)
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Docker error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async deleteFile(filePath: string): Promise<void> {
+    const p = validatePath(filePath)
+    try {
+      await execFileAsync('docker', ['exec', this.containerName, 'rm', p], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Docker error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async deleteDir(dirPath: string): Promise<void> {
+    const p = validatePath(dirPath)
+    try {
+      await execFileAsync('docker', ['exec', this.containerName, 'rm', '-rf', p], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Docker error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async renameFile(oldPath: string, newPath: string): Promise<void> {
+    const op = validatePath(oldPath)
+    const np = validatePath(newPath)
+    try {
+      await execFileAsync('docker', ['exec', this.containerName, 'mv', op, np], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Docker error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async mkDir(dirPath: string): Promise<void> {
+    const p = validatePath(dirPath)
+    try {
+      await execFileAsync('docker', ['exec', this.containerName, 'mkdir', '-p', p], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Docker error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async copyFile(srcPath: string, destPath: string): Promise<void> {
+    const sp = validatePath(srcPath)
+    const dp = validatePath(destPath)
+    try {
+      await execFileAsync('docker', ['exec', this.containerName, 'cp', sp, dp], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Docker error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+}
+
+// --- SSH ---
+
+export class SSHFileProvider implements FileProvider {
+  type: BackendType = 'ssh'
+  private host: string
+  private user: string
+  private keyPath?: string
+  private port?: number
+  private homeDir: string
+
+  constructor(host: string, user: string, keyPath?: string, homeDir = getActiveProfileDir(), port?: number) {
+    this.host = host
+    this.user = user
+    this.keyPath = keyPath
+    this.port = port
+    this.homeDir = homeDir
+  }
+
+  private sshArgs(): string[] {
+    const args = ['-o', 'StrictHostKeyChecking=no', '-o', 'BatchMode=yes']
+    if (this.port) args.push('-p', String(this.port))
+    if (this.keyPath) args.push('-i', this.keyPath)
+    args.push(`${this.user}@${this.host}`)
+    return args
+  }
+
+  /**
+   * Shell-escape a string for safe use in a remote SSH command.
+   * Wraps in single quotes and escapes embedded single quotes.
+   */
+  private shellEscape(s: string): string {
+    return "'" + s.replace(/'/g, "'\\''") + "'"
+  }
+
+  async readFile(filePath: string): Promise<Buffer> {
+    const p = validatePath(filePath)
+    try {
+      // Node.js supports encoding: 'buffer' but @types/node doesn't type it correctly
+      // Pass a single quoted command string to prevent shell injection on remote
+      const { stdout } = await execFileAsync('ssh', [
+        ...this.sshArgs(), `cat ${this.shellEscape(p)}`,
+      ], { maxBuffer: MAX_DOWNLOAD_SIZE, timeout: BACKEND_TIMEOUT, encoding: 'buffer' as any, ...execOpts })
+      return stdout as unknown as Buffer
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) {
+        throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      }
+      if (err.stderr && /no such file/i.test(String(err.stderr))) {
+        throw Object.assign(new Error('File not found on remote'), { code: 'not_found' })
+      }
+      throw Object.assign(new Error(`SSH error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async exists(filePath: string): Promise<boolean> {
+    const p = validatePath(filePath)
+    try {
+      await execFileAsync('ssh', [
+        ...this.sshArgs(), `test -f ${this.shellEscape(p)}`,
+      ], { timeout: 5000, ...execOpts })
+      return true
+    } catch {
+      return false
+    }
+  }
+
+  async listDir(dirPath: string): Promise<FileEntry[]> {
+    const p = validatePath(dirPath)
+    try {
+      const { stdout } = await execFileAsync('ssh', [
+        ...this.sshArgs(), `ls -la --time-style=+%Y-%m-%dT%H:%M:%S ${this.shellEscape(p)}`,
+      ], { maxBuffer: 10 * 1024 * 1024, timeout: BACKEND_TIMEOUT, ...execOpts })
+      const relParent = relativePathFromBase(p, this.homeDir) ?? ''
+      return parseLsOutput(stdout, relParent)
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      if (err.stderr && /no such file|not a directory/i.test(String(err.stderr)))
+        throw Object.assign(new Error('Directory not found'), { code: 'not_found' })
+      throw Object.assign(new Error(`SSH error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async stat(filePath: string): Promise<FileStat> {
+    const p = validatePath(filePath)
+    try {
+      const { stdout } = await execFileAsync('ssh', [
+        ...this.sshArgs(), `stat -c '%n|%F|%s|%Y' ${this.shellEscape(p)}`,
+      ], { timeout: BACKEND_TIMEOUT, ...execOpts })
+      const relPath = relativePathFromBase(p, this.homeDir) ?? basename(p)
+      return parseStatOutput(stdout, relPath)
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      if (err.stderr && /no such file/i.test(String(err.stderr))) throw Object.assign(new Error('Not found'), { code: 'not_found' })
+      throw Object.assign(new Error(`SSH error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async writeFile(filePath: string, content: Buffer): Promise<void> {
+    const p = validatePath(filePath)
+    try {
+      await execFileAsync('ssh', [
+        ...this.sshArgs(), `cat > ${this.shellEscape(p)}`,
+      ], { timeout: BACKEND_TIMEOUT, input: content, ...execOpts } as any)
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`SSH error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async deleteFile(filePath: string): Promise<void> {
+    const p = validatePath(filePath)
+    try {
+      await execFileAsync('ssh', [...this.sshArgs(), `rm ${this.shellEscape(p)}`], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`SSH error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async deleteDir(dirPath: string): Promise<void> {
+    const p = validatePath(dirPath)
+    try {
+      await execFileAsync('ssh', [...this.sshArgs(), `rm -rf ${this.shellEscape(p)}`], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`SSH error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async renameFile(oldPath: string, newPath: string): Promise<void> {
+    const op = validatePath(oldPath)
+    const np = validatePath(newPath)
+    try {
+      await execFileAsync('ssh', [...this.sshArgs(), `mv ${this.shellEscape(op)} ${this.shellEscape(np)}`], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`SSH error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async mkDir(dirPath: string): Promise<void> {
+    const p = validatePath(dirPath)
+    try {
+      await execFileAsync('ssh', [...this.sshArgs(), `mkdir -p ${this.shellEscape(p)}`], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`SSH error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async copyFile(srcPath: string, destPath: string): Promise<void> {
+    const sp = validatePath(srcPath)
+    const dp = validatePath(destPath)
+    try {
+      await execFileAsync('ssh', [...this.sshArgs(), `cp ${this.shellEscape(sp)} ${this.shellEscape(dp)}`], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`SSH error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+}
+
+// --- Singularity ---
+
+export class SingularityFileProvider implements FileProvider {
+  type: BackendType = 'singularity'
+  private imagePath: string
+  private homeDir: string
+
+  constructor(imagePath: string, homeDir = getActiveProfileDir()) {
+    this.imagePath = imagePath
+    this.homeDir = homeDir
+  }
+
+  async readFile(filePath: string): Promise<Buffer> {
+    const p = validatePath(filePath)
+    try {
+      // Node.js supports encoding: 'buffer' but @types/node doesn't type it correctly
+      const { stdout } = await execFileAsync('singularity', [
+        'exec', this.imagePath, 'cat', p,
+      ], { maxBuffer: MAX_DOWNLOAD_SIZE, timeout: BACKEND_TIMEOUT, encoding: 'buffer' as any, ...execOpts })
+      return stdout as unknown as Buffer
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) {
+        throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      }
+      if (err.stderr && /no such file/i.test(String(err.stderr))) {
+        throw Object.assign(new Error('File not found in container'), { code: 'not_found' })
+      }
+      throw Object.assign(new Error(`Singularity error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async exists(filePath: string): Promise<boolean> {
+    const p = validatePath(filePath)
+    try {
+      await execFileAsync('singularity', [
+        'exec', this.imagePath, 'test', '-f', p,
+      ], { timeout: 5000, ...execOpts })
+      return true
+    } catch {
+      return false
+    }
+  }
+
+  async listDir(dirPath: string): Promise<FileEntry[]> {
+    const p = validatePath(dirPath)
+    try {
+      const { stdout } = await execFileAsync('singularity', [
+        'exec', this.imagePath, 'ls', '-la', '--time-style=+%Y-%m-%dT%H:%M:%S', p,
+      ], { maxBuffer: 10 * 1024 * 1024, timeout: BACKEND_TIMEOUT, ...execOpts })
+      const relParent = relativePathFromBase(p, this.homeDir) ?? ''
+      return parseLsOutput(stdout, relParent)
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      if (err.stderr && /no such file|not a directory/i.test(String(err.stderr)))
+        throw Object.assign(new Error('Directory not found'), { code: 'not_found' })
+      throw Object.assign(new Error(`Singularity error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async stat(filePath: string): Promise<FileStat> {
+    const p = validatePath(filePath)
+    try {
+      const { stdout } = await execFileAsync('singularity', [
+        'exec', this.imagePath, 'stat', '-c', '%n|%F|%s|%Y', p,
+      ], { timeout: BACKEND_TIMEOUT, ...execOpts })
+      const relPath = relativePathFromBase(p, this.homeDir) ?? basename(p)
+      return parseStatOutput(stdout, relPath)
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      if (err.stderr && /no such file/i.test(String(err.stderr))) throw Object.assign(new Error('Not found'), { code: 'not_found' })
+      throw Object.assign(new Error(`Singularity error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async writeFile(filePath: string, content: Buffer): Promise<void> {
+    const p = validatePath(filePath)
+    try {
+      await execFileAsync('singularity', [
+        'exec', this.imagePath, 'sh', '-c', `cat > '${p.replace(/'/g, "'\\''")}'`,
+      ], { timeout: BACKEND_TIMEOUT, input: content, ...execOpts } as any)
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Singularity error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async deleteFile(filePath: string): Promise<void> {
+    const p = validatePath(filePath)
+    try {
+      await execFileAsync('singularity', ['exec', this.imagePath, 'rm', p], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Singularity error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async deleteDir(dirPath: string): Promise<void> {
+    const p = validatePath(dirPath)
+    try {
+      await execFileAsync('singularity', ['exec', this.imagePath, 'rm', '-rf', p], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Singularity error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async renameFile(oldPath: string, newPath: string): Promise<void> {
+    const op = validatePath(oldPath)
+    const np = validatePath(newPath)
+    try {
+      await execFileAsync('singularity', ['exec', this.imagePath, 'mv', op, np], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Singularity error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async mkDir(dirPath: string): Promise<void> {
+    const p = validatePath(dirPath)
+    try {
+      await execFileAsync('singularity', ['exec', this.imagePath, 'mkdir', '-p', p], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Singularity error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+
+  async copyFile(srcPath: string, destPath: string): Promise<void> {
+    const sp = validatePath(srcPath)
+    const dp = validatePath(destPath)
+    try {
+      await execFileAsync('singularity', ['exec', this.imagePath, 'cp', sp, dp], { timeout: BACKEND_TIMEOUT, ...execOpts })
+    } catch (err: any) {
+      if (err.code === 'ETIMEDOUT' || err.killed) throw Object.assign(new Error('Backend timeout'), { code: 'backend_timeout' })
+      throw Object.assign(new Error(`Singularity error: ${err.message}`), { code: 'backend_error' })
+    }
+  }
+}
+
+// --- Config helpers ---
+
+/**
+ * Read terminal config from hermes config.yaml.
+ */
+export function getTerminalConfig(profile?: string): TerminalConfig {
+  try {
+    const configPath = join(homeDirForProfile(profile), 'config.yaml')
+    if (!existsSync(configPath)) return { backend: 'local' }
+    const raw = readFileSync(configPath, 'utf-8')
+    const doc = YAML.load(raw, { json: true }) as any
+    const t = doc?.terminal || {}
+    return {
+      backend: (t.backend as BackendType) || 'local',
+      docker_image: t.docker_image,
+      docker_container_name: t.docker_container_name,
+      cwd: t.cwd,
+      singularity_image: t.singularity_image,
+    }
+  } catch {
+    return { backend: 'local' }
+  }
+}
+
+/**
+ * Read SSH env vars from hermes .env file.
+ */
+function getSSHEnvVars(profile?: string): { host?: string; user?: string; key?: string; port?: number } {
+  try {
+    const envPath = envPathForProfile(profile)
+    if (!existsSync(envPath)) return {}
+    const raw = readFileSync(envPath, 'utf-8')
+    const vars: Record<string, string> = {}
+    for (const line of raw.split('\n')) {
+      const trimmed = line.trim()
+      if (!trimmed || trimmed.startsWith('#')) continue
+      const eqIdx = trimmed.indexOf('=')
+      if (eqIdx === -1) continue
+      let value = trimmed.slice(eqIdx + 1).trim()
+      if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
+        value = value.slice(1, -1)
+      }
+      vars[trimmed.slice(0, eqIdx).trim()] = value
+    }
+    return {
+      host: vars.TERMINAL_SSH_HOST,
+      user: vars.TERMINAL_SSH_USER,
+      key: vars.TERMINAL_SSH_KEY,
+      port: vars.TERMINAL_SSH_PORT ? parseInt(vars.TERMINAL_SSH_PORT, 10) : undefined,
+    }
+  } catch {
+    return {}
+  }
+}
+
+/**
+ * Resolve Docker container name. If not configured, try to find a running
+ * container based on the configured image.
+ */
+async function resolveDockerContainer(cfg: TerminalConfig): Promise<string> {
+  if (cfg.docker_container_name) return cfg.docker_container_name
+  if (cfg.docker_image) {
+    try {
+      const { stdout } = await execFileAsync('docker', [
+        'ps', '-q', '--filter', `ancestor=${cfg.docker_image}`, '--latest',
+      ], { timeout: 5000, ...execOpts })
+      const id = stdout.trim()
+      if (id) return id
+    } catch { }
+  }
+  throw Object.assign(
+    new Error('Cannot determine Docker container. Set terminal.docker_container_name in hermes config.'),
+    { code: 'backend_error' },
+  )
+}
+
+// --- Factory ---
+
+// Cache providers for a short time to avoid re-reading config on every request
+const providerCache = new Map<string, { provider: FileProvider; cachedAt: number }>()
+const CACHE_TTL = 10_000
+
+/** @internal — for testing only */
+export function _resetFileProviderCache() {
+  providerCache.clear()
+}
+
+/**
+ * Create a FileProvider based on the active hermes terminal config.
+ * Defaults to LocalFileProvider if config cannot be read or backend is unknown.
+ */
+export async function createFileProvider(profile?: string): Promise<FileProvider> {
+  const now = Date.now()
+  const homeDir = homeDirForProfile(profile)
+  const cacheKey = profile || homeDir
+  const cached = providerCache.get(cacheKey)
+  if (cached && now - cached.cachedAt < CACHE_TTL) return cached.provider
+
+  const cfg = getTerminalConfig(profile)
+  let provider: FileProvider
+
+  switch (cfg.backend) {
+    case 'docker': {
+      const container = await resolveDockerContainer(cfg)
+      provider = new DockerFileProvider(container, homeDir)
+      break
+    }
+    case 'ssh': {
+      const ssh = getSSHEnvVars(profile)
+      if (!ssh.host || !ssh.user) {
+        throw Object.assign(
+          new Error('SSH backend requires TERMINAL_SSH_HOST and TERMINAL_SSH_USER in .env'),
+          { code: 'backend_error' },
+        )
+      }
+      provider = new SSHFileProvider(ssh.host, ssh.user, ssh.key, homeDir, ssh.port)
+      break
+    }
+    case 'singularity': {
+      if (!cfg.singularity_image) {
+        throw Object.assign(
+          new Error('Singularity backend requires terminal.singularity_image in config'),
+          { code: 'backend_error' },
+        )
+      }
+      provider = new SingularityFileProvider(cfg.singularity_image, homeDir)
+      break
+    }
+    case 'modal':
+    case 'daytona':
+      throw Object.assign(
+        new Error(`File download not yet supported for '${cfg.backend}' backend`),
+        { code: 'unsupported_backend' },
+      )
+    default:
+      provider = new LocalFileProvider(homeDir)
+  }
+
+  providerCache.set(cacheKey, { provider, cachedAt: now })
+  return provider
+}
+
+// Always-available local provider for upload directory files
+const localProvider = new LocalFileProvider()
+export { localProvider, MAX_DOWNLOAD_SIZE }
diff --git a/packages/server/src/services/hermes/gateway-autostart.ts b/packages/server/src/services/hermes/gateway-autostart.ts
new file mode 100644
index 0000000..00c79b8
--- /dev/null
+++ b/packages/server/src/services/hermes/gateway-autostart.ts
@@ -0,0 +1,294 @@
+import { existsSync, readFileSync } from 'fs'
+import { join } from 'path'
+import { stripLegacyApiServerGatewayConfig } from '../config-helpers'
+import { logger } from '../logger'
+import { safeFileStore } from '../safe-file-store'
+import { getProfileDir, listProfileNamesFromDisk } from './hermes-profile'
+import { startGatewayRunManaged } from './gateway-runner'
+import { parseGatewayStatusesFromProfileList } from './profile-list-parser'
+import { execHermesWithBin } from './hermes-process'
+
+const RESERVED_PROFILE_NAMES = new Set([
+  'hermes', 'test', 'tmp', 'root', 'sudo',
+])
+
+const HERMES_SUBCOMMAND_PROFILE_NAMES = new Set([
+  'chat', 'model', 'gateway', 'setup', 'whatsapp', 'login', 'logout',
+  'status', 'cron', 'doctor', 'dump', 'config', 'pairing', 'skills', 'tools',
+  'mcp', 'sessions', 'insights', 'version', 'update', 'uninstall',
+  'profile', 'plugins', 'honcho', 'acp',
+])
+
+function resolveHermesBin(): string {
+  return process.env.HERMES_BIN?.trim() || 'hermes'
+}
+
+function isReservedProfileName(profile: string): boolean {
+  const normalized = String(profile || '').trim().toLowerCase()
+  if (!normalized || normalized === 'default') return false
+  return RESERVED_PROFILE_NAMES.has(normalized) || HERMES_SUBCOMMAND_PROFILE_NAMES.has(normalized)
+}
+
+function isDockerRuntime(): boolean {
+  return existsSync('/.dockerenv')
+}
+
+function isTermuxRuntime(): boolean {
+  const prefix = process.env.PREFIX || ''
+  return !!process.env.TERMUX_VERSION ||
+    prefix.includes('/com.termux/') ||
+    existsSync('/data/data/com.termux/files/usr')
+}
+
+function envFlagEnabled(name: string): boolean {
+  const value = String(process.env[name] || '').trim().toLowerCase()
+  return ['1', 'true', 'yes', 'on'].includes(value)
+}
+
+export function shouldUseManagedGatewayRun(): boolean {
+  return envFlagEnabled('HERMES_WEB_UI_MANAGED_GATEWAY') ||
+    isDockerRuntime() ||
+    isTermuxRuntime() ||
+    process.platform === 'win32'
+}
+
+export function shouldUseManagedGatewayRunForAutostart(platform: NodeJS.Platform = process.platform): boolean {
+  return envFlagEnabled('HERMES_WEB_UI_MANAGED_GATEWAY') ||
+    isDockerRuntime() ||
+    isTermuxRuntime() ||
+    platform === 'win32'
+}
+
+export function gatewayStatusLooksRunning(output: string): boolean {
+  const text = output.toLowerCase()
+  if (text.includes('gateway is not running') || text.includes('not running')) return false
+  return text.includes('gateway is running') || text.includes('running')
+}
+
+export function gatewayStatusLooksRuntimeLocked(output: string): boolean {
+  const text = output.toLowerCase()
+  return text.includes('runtime lock is already held')
+    || text.includes('gateway runtime lock is already held')
+    || text.includes('already held by another instance')
+}
+
+function isProcessAlive(pid: number): boolean {
+  if (!Number.isFinite(pid) || pid <= 0) return false
+  try {
+    process.kill(pid, 0)
+    return true
+  } catch (err: any) {
+    return err?.code === 'EPERM'
+  }
+}
+
+function readJsonPid(path: string): number | null {
+  if (!existsSync(path)) return null
+  try {
+    const data = JSON.parse(readFileSync(path, 'utf-8'))
+    const pid = typeof data?.pid === 'number' ? data.pid : parseInt(String(data?.pid || ''), 10)
+    return Number.isFinite(pid) && pid > 0 ? pid : null
+  } catch {
+    return null
+  }
+}
+
+export function gatewayStateLooksRunningForProfile(profileDir: string): boolean {
+  const statePath = join(profileDir, 'gateway_state.json')
+  if (existsSync(statePath)) {
+    try {
+      const data = JSON.parse(readFileSync(statePath, 'utf-8'))
+      const state = String(data?.gateway_state || '').toLowerCase()
+      const pid = typeof data?.pid === 'number' ? data.pid : parseInt(String(data?.pid || ''), 10)
+      if ((state === 'running' || state === 'starting') && isProcessAlive(pid)) return true
+    } catch {}
+  }
+
+  const pid = readJsonPid(join(profileDir, 'gateway.pid'))
+  return pid !== null && isProcessAlive(pid)
+}
+
+export function parseGatewayStatusesFromProfileListOutput(stdout: string, profileNames = listProfileNamesFromDisk()): Map<string, string> {
+  return parseGatewayStatusesFromProfileList(stdout, profileNames)
+}
+
+async function listGatewayStatusesFromProfileList(hermesBin: string): Promise<Map<string, string>> {
+  const { stdout } = await execHermesWithBin(hermesBin, ['profile', 'list'], {
+    timeout: 10000,
+    windowsHide: true,
+  })
+  return parseGatewayStatusesFromProfileListOutput(stdout)
+}
+
+async function isGatewayRunningInProfileList(hermesBin: string, profile: string): Promise<boolean> {
+  const statuses = await listGatewayStatusesFromProfileList(hermesBin)
+  const status = statuses.get(profile)
+  return status !== undefined && gatewayStatusLooksRunning(status)
+}
+
+export async function isGatewayRunningForProfile(hermesBin: string, profileDir: string): Promise<boolean> {
+  if (gatewayStateLooksRunningForProfile(profileDir)) return true
+
+  try {
+    const { stdout, stderr } = await execHermesWithBin(hermesBin, ['gateway', 'status'], {
+      timeout: 10000,
+      windowsHide: true,
+      env: {
+        ...process.env,
+        HERMES_HOME: profileDir,
+      },
+    })
+    return gatewayStatusLooksRunning(`${stdout}\n${stderr}`)
+  } catch (err: any) {
+    const output = `${err?.stdout || ''}\n${err?.stderr || ''}\n${err?.message || ''}`
+    if (gatewayStatusLooksRuntimeLocked(output)) {
+      logger.info({ profileDir }, 'Hermes gateway status reported runtime lock held; treating gateway as already running')
+      return true
+    }
+    if (output.trim()) {
+      logger.warn({ err, profileDir }, 'Hermes gateway status failed; treating as not running')
+    }
+    return false
+  }
+}
+
+async function waitForGatewayRunning(hermesBin: string, profile: string, profileDir: string, timeoutMs = 15000): Promise<boolean> {
+  const deadline = Date.now() + timeoutMs
+  while (Date.now() < deadline) {
+    try {
+      if (await isGatewayRunningInProfileList(hermesBin, profile)) return true
+    } catch (err) {
+      logger.warn(err, '[gateway-autostart] Hermes profile list check failed while waiting for gateway profile=%s', profile)
+    }
+    if (await isGatewayRunningForProfile(hermesBin, profileDir)) return true
+    await new Promise(resolve => setTimeout(resolve, 500))
+  }
+  return false
+}
+
+async function stopGatewayForProfile(hermesBin: string, profile: string, profileDir: string): Promise<void> {
+  try {
+    await execHermesWithBin(hermesBin, ['gateway', 'stop'], {
+      timeout: 30000,
+      windowsHide: true,
+      env: {
+        ...process.env,
+        HERMES_HOME: profileDir,
+      },
+    })
+    logger.info('[gateway-autostart] gateway stopped profile=%s home=%s', profile, profileDir)
+  } catch (err) {
+    logger.warn(err, '[gateway-autostart] Hermes CLI gateway stop failed before restart profile=%s home=%s', profile, profileDir)
+  }
+}
+
+export async function startGatewayForProfile(
+  hermesBin: string,
+  profile: string,
+  profileDir: string,
+  opts: { managedRun?: boolean } = {},
+): Promise<void> {
+  if (opts.managedRun ?? shouldUseManagedGatewayRun()) {
+    const result = startGatewayRunManaged(hermesBin, { profileDir })
+    logger.info(
+      '[gateway-autostart] gateway started via background run profile=%s home=%s pid=%s',
+      profile,
+      profileDir,
+      result.pid || 'unknown',
+    )
+    return
+  }
+
+  try {
+    await execHermesWithBin(hermesBin, ['gateway', 'start'], {
+      timeout: 30000,
+      windowsHide: true,
+      env: {
+        ...process.env,
+        HERMES_HOME: profileDir,
+      },
+    })
+    logger.info('[gateway-autostart] gateway started via Hermes CLI service profile=%s home=%s', profile, profileDir)
+  } catch (err) {
+    logger.warn(err, '[gateway-autostart] Hermes CLI gateway start failed; falling back to background run profile=%s home=%s', profile, profileDir)
+    const result = startGatewayRunManaged(hermesBin, { profileDir })
+    logger.info(
+      '[gateway-autostart] gateway started via fallback background run profile=%s home=%s pid=%s',
+      profile,
+      profileDir,
+      result.pid || 'unknown',
+    )
+  }
+}
+
+export async function getGatewayRuntimeStatusForProfile(profile: string): Promise<{ running: boolean; profile: string }> {
+  const hermesBin = resolveHermesBin()
+  const profileDir = getProfileDir(profile)
+  const running = await isGatewayRunningForProfile(hermesBin, profileDir)
+  return { running, profile }
+}
+
+export async function restartGatewayForProfile(profile: string): Promise<{ running: boolean; profile: string }> {
+  const hermesBin = resolveHermesBin()
+  const profileDir = getProfileDir(profile)
+  await clearApiServerForProfile(profileDir)
+  await stopGatewayForProfile(hermesBin, profile, profileDir)
+
+  try {
+    await startGatewayForProfile(hermesBin, profile, profileDir, { managedRun: shouldUseManagedGatewayRun() })
+  } catch (err) {
+    logger.error(err, '[gateway-autostart] Hermes gateway restart failed profile=%s home=%s', profile, profileDir)
+    throw err
+  }
+
+  const running = await waitForGatewayRunning(hermesBin, profile, profileDir)
+  if (!running) throw new Error('Hermes gateway start completed but gateway did not report running within timeout')
+  return { running, profile }
+}
+
+export async function clearApiServerForProfile(profileDir: string): Promise<void> {
+  const configPath = join(profileDir, 'config.yaml')
+  try {
+    await safeFileStore.updateYaml(configPath, (config) => {
+      const result = stripLegacyApiServerGatewayConfig(config)
+      return { data: result.config, result: undefined, write: result.changed }
+    }, { backup: true })
+  } catch (err) {
+    logger.warn(err, 'Failed to clear legacy api_server gateway config before gateway startup: %s', profileDir)
+  }
+}
+
+export async function ensureProfileGatewaysRunning(): Promise<void> {
+  const hermesBin = resolveHermesBin()
+  const profiles = listProfileNamesFromDisk()
+  let gatewayStatuses: Map<string, string> | undefined
+  try {
+    gatewayStatuses = await listGatewayStatusesFromProfileList(hermesBin)
+  } catch (err) {
+    logger.warn(err, '[gateway-autostart] Hermes profile list failed; falling back to per-profile gateway status checks')
+  }
+
+  for (const profile of profiles) {
+    if (isReservedProfileName(profile)) {
+      logger.warn('[gateway-autostart] skipping reserved profile name during gateway autostart profile=%s', profile)
+      continue
+    }
+
+    const profileDir = getProfileDir(profile)
+    const status = gatewayStatuses?.get(profile)
+    const running = status !== undefined && gatewayStatusLooksRunning(status)
+      ? true
+      : await isGatewayRunningForProfile(hermesBin, profileDir)
+    if (running) {
+      logger.info('[gateway-autostart] gateway already running profile=%s home=%s status=%s', profile, profileDir, status || 'status-check')
+      continue
+    }
+
+    await clearApiServerForProfile(profileDir)
+    await startGatewayForProfile(hermesBin, profile, profileDir, { managedRun: shouldUseManagedGatewayRunForAutostart() })
+    const ready = await waitForGatewayRunning(hermesBin, profile, profileDir)
+    if (!ready) {
+      logger.warn('[gateway-autostart] gateway start completed but did not report running within timeout profile=%s home=%s', profile, profileDir)
+    }
+  }
+}
diff --git a/packages/server/src/services/hermes/gateway-manager.ts b/packages/server/src/services/hermes/gateway-manager.ts
new file mode 100644
index 0000000..0dc720c
--- /dev/null
+++ b/packages/server/src/services/hermes/gateway-manager.ts
@@ -0,0 +1,929 @@
+/**
+ * GatewayManager — 多 Profile 网关生命周期管理
+ *
+ * 核心职责：
+ *   1. 启动时检测所有 profile 的网关运行状态（PID、端口、健康检查）
+ *   2. 自动发现端口冲突并重新分配
+ *   3. 启动/停止网关进程
+ *
+ * 启动检测流程（detectStatus）：
+ *   ① 读取 gateway.pid，缺失时回退读取 gateway_state.json → 获取 PID
+ *   ② 读取 config.yaml (platforms.api_server.extra.port/host) → 获取配置端口
+ *   ③ PID 存活且配置端口 health check 通过？
+ *      - 是 → 配置与运行状态匹配，注册网关
+ *      - 否 → 标记为 stopped
+ *
+ * detectStatus 只做只读检测：不会认领未知端口上的进程，也不会探测实际监听端口后回写
+ * config.yaml。
+ *
+ * 端口分配流程（resolvePort，启动前调用）：
+ *   ① 读取配置端口
+ *   ② 如果内存记录或 PID 文件对应的配置端口仍健康运行，复用该端口
+ *   ③ 收集本轮已分配端口、其他已管理网关端口、Web UI 端口
+ *   ④ 从 8642 起递增查找空闲端口，仅返回本次运行使用的端口，不再回写 config.yaml
+ *
+ * 启动模式：
+ *   - 所有平台统一使用 `hermes gateway run --replace`
+ *   - 停止时先尝试 `hermes gateway stop`，再根据 PID / 监听端口清理进程
+ */
+
+import type { ChildProcess } from 'child_process'
+import { join } from 'path'
+import { readFileSync, existsSync, readdirSync, unlinkSync } from 'fs'
+import { execFile } from 'child_process'
+import { promisify } from 'util'
+import { createServer } from 'net'
+import yaml from 'js-yaml'
+import { logger } from '../logger'
+import { detectHermesHome, getHermesBin } from './hermes-path'
+import { execHermesWithBin, spawnHermesWithBin } from './hermes-process'
+
+const execFileAsync = promisify(execFile)
+
+// ============================
+// 常量 & 环境检测
+// ============================
+
+const HERMES_BASE = detectHermesHome()
+const HERMES_BIN = getHermesBin()
+const DEFAULT_WEB_UI_PORT = 8648
+
+const GATEWAY_RUNTIME_ENV_KEYS = new Set([
+  'PATH',
+  'HOME',
+  'USER',
+  'USERNAME',
+  'SHELL',
+  'LANG',
+  'TZ',
+  'TMP',
+  'TEMP',
+  'TMPDIR',
+  'HTTP_PROXY',
+  'HTTPS_PROXY',
+  'ALL_PROXY',
+  'NO_PROXY',
+  'HERMES_BIN',
+  'HERMES_ALLOW_ROOT_GATEWAY',
+  'SYSTEMROOT',
+  'COMSPEC',
+  'APPDATA',
+  'LOCALAPPDATA',
+])
+
+function parseEnvKeys(raw: string): Set<string> {
+  const keys = new Set<string>()
+  for (const line of raw.split(/\r?\n/)) {
+    const match = line.match(/^\s*(?:export\s+)?([A-Za-z_][A-Za-z0-9_]*)\s*=/)
+    if (match) keys.add(match[1])
+  }
+  return keys
+}
+
+function readProfileEnvKeys(): Set<string> {
+  const keys = new Set<string>()
+  const envPaths = [join(HERMES_BASE, '.env')]
+  const profilesDir = join(HERMES_BASE, 'profiles')
+
+  if (existsSync(profilesDir)) {
+    for (const entry of readdirSync(profilesDir, { withFileTypes: true })) {
+      if (entry.isDirectory()) envPaths.push(join(profilesDir, entry.name, '.env'))
+    }
+  }
+
+  for (const envPath of envPaths) {
+    try {
+      for (const key of parseEnvKeys(readFileSync(envPath, 'utf-8'))) keys.add(key)
+    } catch {}
+  }
+
+  return keys
+}
+
+export function buildGatewayProcessEnv(profileName: string, hermesHome: string): NodeJS.ProcessEnv {
+  const base = { ...process.env }
+
+  if (profileName !== 'default') {
+    for (const key of readProfileEnvKeys()) {
+      if (!GATEWAY_RUNTIME_ENV_KEYS.has(key.toUpperCase())) delete base[key]
+    }
+  }
+
+  return {
+    ...base,
+    HERMES_HOME: hermesHome,
+  }
+}
+
+function getWebUiPort(): number | null {
+  const port = parseInt(process.env.PORT || String(DEFAULT_WEB_UI_PORT), 10)
+  return port > 0 && port <= 65535 ? port : null
+}
+
+// ============================
+// 类型定义
+// ============================
+
+export interface GatewayStatus {
+  profile: string
+  port: number
+  host: string
+  url: string
+  running: boolean
+  pid?: number
+  diagnostics?: GatewayDiagnostics
+}
+
+export interface GatewayDiagnostics {
+  pid_path: string
+  config_path: string
+  pid_file_exists: boolean
+  config_exists: boolean
+  health_url: string
+  health_checked_at: string
+  health_ok?: boolean
+  reason: string
+}
+
+interface ManagedGateway {
+  pid: number
+  port: number
+  host: string
+  url: string
+  owned: boolean
+  process?: ChildProcess
+}
+
+interface ResolvedGatewayEndpoint {
+  port: number
+  host: string
+}
+
+function formatHostForUrl(host: string): string {
+  if (host.startsWith('[') && host.endsWith(']')) return host
+  return host.includes(':') ? `[${host}]` : host
+}
+
+function buildHttpUrl(host: string, port: number): string {
+  return `http://${formatHostForUrl(host)}:${port}`
+}
+
+function isLocalHost(host: string): boolean {
+  return ['127.0.0.1', 'localhost', '::1', '[::1]', '0.0.0.0'].includes(host)
+}
+
+function shouldDetachGatewayProcess(): boolean {
+  // In dev mode (nodemon), always detach gateway processes so they survive restarts
+  // Production mode: attach gateways so they can be managed together with the server
+  const override = process.env.HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN?.trim().toLowerCase()
+  const shouldDetach = override === '0' || override === 'false'
+
+  if (shouldDetach) {
+    console.log('[gateway] Detaching gateway process (dev mode: HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN=' + override + ')')
+  } else {
+    console.log('[gateway] Attaching gateway process (prod mode: HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN=' + (override || 'not set') + ')')
+  }
+
+  return shouldDetach
+}
+
+// ============================
+// GatewayManager
+// ============================
+
+export class GatewayManager {
+  /** 已注册的网关：profile name → { pid, port, host, url } */
+  private gateways = new Map<string, ManagedGateway>()
+
+  /** 本次启动过程中已分配的端口集合（防止并发分配到相同端口） */
+  private allocatedPorts = new Set<number>()
+
+  /** 当前活跃的 profile（用于代理路由的默认上游） */
+  private activeProfile: string
+
+  constructor(activeProfile: string) {
+    this.activeProfile = activeProfile
+  }
+
+  // ============================
+  // Profile 目录 & 配置读取
+  // ============================
+
+  /** 获取 profile 的 home 目录路径 */
+  private profileDir(name: string): string {
+    if (name === 'default') return HERMES_BASE
+    return join(HERMES_BASE, 'profiles', name)
+  }
+
+  /**
+   * 从 profile 的 config.yaml 读取 api_server 端口和主机
+   * 读取路径：platforms.api_server.extra.port / extra.host
+   */
+  private readProfilePort(name: string): { port: number; host: string } {
+    const configPath = join(this.profileDir(name), 'config.yaml')
+    const defaultHost = process.env.GATEWAY_HOST || '127.0.0.1'
+
+    if (!existsSync(configPath)) return { port: 8642, host: defaultHost }
+
+    try {
+      const content = readFileSync(configPath, 'utf-8')
+      const cfg = yaml.load(content, { json: true }) as any || {}
+
+      const extra = cfg?.platforms?.api_server?.extra
+      const rawPort = extra?.port || 8642
+      const port = typeof rawPort === 'number' ? rawPort : parseInt(rawPort, 10) || 8642
+      const host = extra?.host || defaultHost
+      // 端口超出合法范围时回退到默认值
+      return { port: port > 0 && port <= 65535 ? port : 8642, host }
+    } catch {
+      return { port: 8642, host: defaultHost }
+    }
+  }
+
+  /** Read a profile gateway PID, falling back to runtime state when gateway.pid is missing. */
+  private readPidFile(name: string): number | null {
+    const profilePath = this.profileDir(name)
+    const pidPath = join(profilePath, 'gateway.pid')
+
+    try {
+      if (existsSync(pidPath)) {
+        const content = readFileSync(pidPath, 'utf-8').trim()
+        const data = JSON.parse(content)
+        return typeof data.pid === 'number' ? data.pid : parseInt(data.pid, 10) || null
+      }
+    } catch {}
+
+    const statePath = join(profilePath, 'gateway_state.json')
+    if (!existsSync(statePath)) return null
+
+    try {
+      const content = readFileSync(statePath, 'utf-8').trim()
+      const data = JSON.parse(content)
+      const pid = typeof data.pid === 'number' ? data.pid : parseInt(data.pid, 10) || null
+      const state = data?.gateway_state
+      return pid && Number.isFinite(pid) && pid > 0 && (state === 'running' || state === 'starting') ? pid : null
+    } catch {
+      return null
+    }
+  }
+
+  // ============================
+  // 进程 & 端口检测工具
+  // ============================
+
+  /** Check process liveness without sending a terminating signal. */
+  private isProcessAlive(pid: number): boolean {
+    try {
+      process.kill(pid, 0)
+      return true
+    } catch (err: any) {
+      return err?.code === 'EPERM'
+    }
+  }
+
+  /** 请求 /health 端点，判断网关是否真正就绪 */
+  private async checkHealth(url: string, timeoutMs = 3000): Promise<boolean> {
+    try {
+      const res = await fetch(`${url.replace(/\/$/, '')}/health`, {
+        signal: AbortSignal.timeout(timeoutMs),
+      })
+      return res.ok
+    } catch {
+      return false
+    }
+  }
+
+  /** 尝试绑定端口，检测端口是否被系统级进程占用 */
+  /** 清理过期的 PID 文件 */
+  private clearPidFile(name: string): void {
+    try {
+      const pidPath = join(this.profileDir(name), 'gateway.pid')
+      if (existsSync(pidPath)) {
+        unlinkSync(pidPath)
+        logger.debug('Cleared stale PID file for profile "%s"', name)
+      }
+    } catch (err) {
+      logger.debug('Failed to clear PID file: %s', err)
+    }
+  }
+
+  /** 从 base 端口开始递增查找空闲端口（上限 65535） */
+  private findFreePort(base: number, host = '127.0.0.1', reservedPorts = new Set<number>()): Promise<number> {
+    return new Promise((resolve, reject) => {
+      const tryPort = (port: number) => {
+        if (port > 65535) {
+          reject(new Error(`No free port found in range ${base}-65535`))
+          return
+        }
+        if (reservedPorts.has(port)) {
+          tryPort(port + 1)
+          return
+        }
+        const server = createServer()
+        server.once('error', () => {
+          server.close()
+          tryPort(port + 1)
+        })
+        server.once('listening', () => {
+          server.close()
+          resolve(port)
+        })
+        server.listen(port, host)
+      }
+      tryPort(base)
+    })
+  }
+
+  // ============================
+  // 端口分配
+  // ============================
+
+  /**
+   * 为 profile 分配可用端口（启动前调用）
+   *
+   * 检测顺序：
+   *   1. 当前 profile 已经健康运行 → 直接使用运行端口
+   *   2. 未运行 → 从 8642 开始找空闲端口
+   *   3. 检查已管理 profile / 本轮已分配端口 / 系统 TCP 占用
+   */
+  private async resolvePort(name: string): Promise<{ port: number; host: string }> {
+    const { port: configuredPort, host } = this.readProfilePort(name)
+    const configuredUrl = buildHttpUrl(host, configuredPort)
+
+    // 检查是否是当前 profile 自己的端口（内存中的记录）
+    const existing = this.gateways.get(name)
+    if (existing && existing.host === host && this.isProcessAlive(existing.pid) && await this.checkHealth(existing.url, 1000)) {
+      // 如果内存中有记录且进程存活，直接使用内存中的端口
+      logger.info('Profile "%s" already running on port %d (in-memory record)', name, existing.port)
+      this.allocatedPorts.add(existing.port)
+      return { port: existing.port, host }
+    }
+
+    // 检查 PID 文件指向的当前 profile 是否仍健康运行
+    const pid = this.readPidFile(name)
+    if (pid && this.isProcessAlive(pid) && await this.checkHealth(configuredUrl, 1000)) {
+      logger.info('Profile "%s" already running on configured port %d (PID: %d)', name, configuredPort, pid)
+      this.gateways.set(name, { pid, port: configuredPort, host, url: configuredUrl, owned: false })
+      this.allocatedPorts.add(configuredPort)
+      return { port: configuredPort, host }
+    }
+
+    // 如果没有 PID 文件也没有内存记录，不认领端口上的未知网关
+    // 如果端口被占用，findFreePort 会分配新端口
+
+    // 收集已占用端口：本次启动已分配的端口 + 其他 profile 的网关端口
+    const usedPorts = new Set<number>(this.allocatedPorts)
+    for (const [profileName, gw] of Array.from(this.gateways.entries())) {
+      // 跳过当前 profile 自己的端口
+      if (profileName === name) continue
+      if (gw.host === host && this.isProcessAlive(gw.pid)) {
+        usedPorts.add(gw.port)
+      }
+    }
+    const webUiPort = getWebUiPort()
+    if (webUiPort !== null) usedPorts.add(webUiPort)
+
+    const port = await this.findFreePort(8642, host, usedPorts)
+    if (configuredPort !== port) {
+      logger.info('Assigning port for profile "%s": %d → %d', name, configuredPort, port)
+    } else {
+      logger.debug('Assigning port %d for profile "%s"', port, name)
+    }
+    this.allocatedPorts.add(port)
+    return { port, host }
+  }
+
+  // ============================
+  // 公开方法：状态查询
+  // ============================
+
+  /** 获取指定 profile 的网关 URL（代理路由使用） */
+  getUpstream(profileName?: string): string {
+    const name = profileName || this.activeProfile
+    const gw = this.gateways.get(name)
+    if (gw?.url) return gw.url
+    const { port, host } = this.readProfilePort(name)
+    return buildHttpUrl(host, port)
+  }
+
+  /** 读取 profile 的 API_SERVER_KEY（从 .env 文件） */
+  getApiKey(profileName?: string): string | null {
+    const name = profileName || this.activeProfile
+    try {
+      const envPath = join(this.profileDir(name), '.env')
+      if (!existsSync(envPath)) return null
+      const content = readFileSync(envPath, 'utf-8')
+      const match = content.match(/^API_SERVER_KEY\s*=\s*"?([^"\n]+)"?/m)
+      return match?.[1]?.trim() || null
+    } catch {
+      return null
+    }
+  }
+
+  getActiveProfile(): string {
+    return this.activeProfile
+  }
+
+  setActiveProfile(name: string) {
+    this.activeProfile = name
+  }
+
+  /** 列出所有已知 profile 名称（通过 hermes CLI 或文件系统扫描） */
+  async listProfiles(): Promise<string[]> {
+    try {
+      const { stdout } = await execHermesWithBin(HERMES_BIN, ['profile', 'list'], {
+        timeout: 10000,
+        windowsHide: true,
+      })
+      const profiles: string[] = []
+      for (const line of stdout.trim().split('\n')) {
+        if (line.startsWith(' Profile') || line.match(/^ ─/)) continue
+        const match = line.match(/^\s+(?:◆)?(.+?)\s+/)
+        if (match) profiles.push(match[1])
+      }
+      return profiles
+    } catch {
+      // CLI 不可用时回退到文件系统扫描
+      const profiles = ['default']
+      const profilesDir = join(HERMES_BASE, 'profiles')
+      if (existsSync(profilesDir)) {
+        for (const entry of readdirSync(profilesDir, { withFileTypes: true })) {
+          if (entry.isDirectory() && existsSync(join(profilesDir, entry.name, 'config.yaml'))) {
+            profiles.push(entry.name)
+          }
+        }
+      }
+      return profiles
+    }
+  }
+
+  /**
+   * 检测单个 profile 的网关状态（只读，不修改任何进程或配置）
+   *
+   * 流程：
+   *   ① 读 PID 文件 → 检查进程是否存活
+   *   ② 读配置端口 → health check
+   *   ③ 两者都通过 → 匹配，注册
+   *   ④ 否则 → 标记为未运行（不杀进程，由 startAll 处理）
+   */
+  async detectStatus(name: string): Promise<GatewayStatus> {
+    const pid = this.readPidFile(name)
+    const { port, host } = this.readProfilePort(name)
+    const url = buildHttpUrl(host, port)
+    const pidPath = join(this.profileDir(name), 'gateway.pid')
+    const configPath = join(this.profileDir(name), 'config.yaml')
+    const diagnostics: GatewayDiagnostics = {
+      pid_path: pidPath,
+      config_path: configPath,
+      pid_file_exists: existsSync(pidPath),
+      config_exists: existsSync(configPath),
+      health_url: `${url.replace(/\/$/, '')}/health`,
+      health_checked_at: new Date().toISOString(),
+      reason: 'stopped',
+    }
+
+    // 首先检查 PID 文件：如果存在且进程存活且健康，则标记为运行
+    if (pid && this.isProcessAlive(pid) && await this.checkHealth(url)) {
+      diagnostics.health_ok = true
+      diagnostics.reason = 'pid alive and health check passed'
+      this.gateways.set(name, { pid, port, host, url, owned: false })
+      return { profile: name, port, host, url, running: true, pid, diagnostics }
+    }
+
+    if (pid) {
+      diagnostics.health_ok = false
+      diagnostics.reason = this.isProcessAlive(pid) ? 'pid alive but health check failed' : 'stale pid file'
+    } else if (!diagnostics.pid_file_exists) {
+      diagnostics.reason = 'missing pid file'
+    }
+
+    // 没有 PID 文件时不认领端口上的未知网关，避免误判其他 profile 的网关
+    this.gateways.delete(name)
+    return { profile: name, port, host, url, running: false, diagnostics }
+  }
+
+  /** 检测所有 profile 的网关状态 */
+  async listAll(): Promise<GatewayStatus[]> {
+    const profiles = await this.listProfiles()
+    const statuses = await Promise.all(profiles.map(name => this.detectStatus(name)))
+    return statuses
+  }
+
+  // ============================
+  // 公开方法：启动 & 停止
+  // ============================
+
+  /**
+   * 启动单个 profile 的网关
+   * 启动前自动调用 resolvePort() 确保端口可用且配置完整
+   */
+  async start(name: string): Promise<GatewayStatus> {
+    // 检查是否已在运行
+    const existing = this.gateways.get(name)
+    if (existing && this.isProcessAlive(existing.pid)) {
+      if (await this.checkHealth(existing.url, 1000)) {
+        logger.info('Gateway for profile "%s" already running (PID: %d, port: %d)', name, existing.pid, existing.port)
+        return { profile: name, port: existing.port, host: existing.host, url: existing.url, running: true, pid: existing.pid }
+      }
+
+      logger.info('Gateway for profile "%s" is alive but unhealthy (PID: %d, port: %d), restarting',
+        name, existing.pid, existing.port)
+      try {
+        await this.stop(name)
+      } catch (err) {
+        logger.debug('Failed to stop unhealthy gateway before restart: %s', err)
+      }
+    }
+
+    const endpoint = await this.resolvePort(name)
+    return this.startResolved(name, endpoint)
+  }
+
+  /** 使用已经解析好的端口启动网关，避免 startAll() 中重复分配端口 */
+  private async startResolved(name: string, endpoint: ResolvedGatewayEndpoint): Promise<GatewayStatus> {
+    const { port, host } = endpoint
+    const hermesHome = this.profileDir(name)
+    const url = buildHttpUrl(host, port)
+
+    // Windows 特定：清理僵尸锁定文件
+    if (process.platform === 'win32') {
+      const lockPath = join(hermesHome, 'gateway.lock')
+      if (existsSync(lockPath)) {
+        try {
+          const content = readFileSync(lockPath, 'utf-8').trim()
+          const lockData = JSON.parse(content)
+          const pid = lockData.pid
+
+          if (pid && !this.isProcessAlive(pid)) {
+            logger.warn('Found stale gateway lock file (PID: %d), attempting cleanup', pid)
+            try {
+              // 使用 Node.js 内置方法删除文件，避免 PowerShell 弹窗
+              unlinkSync(lockPath)
+              logger.info('Successfully removed stale lock file')
+            } catch (err) {
+              logger.debug('Failed to remove lock file: %s', err)
+            }
+          }
+        } catch (err) {
+          logger.debug('Failed to check lock file: %s', err)
+        }
+      }
+    }
+
+    // 所有平台统一使用 run 模式；dev/nodemon 可通过 env 保留 gateway 进程。
+    return new Promise((resolve, reject) => {
+      const env = buildGatewayProcessEnv(name, hermesHome)
+      const detachGateway = shouldDetachGatewayProcess()
+      const child = spawnHermesWithBin(HERMES_BIN, ['gateway', 'run', '--replace'], {
+        stdio: 'ignore',
+        detached: detachGateway,
+        windowsHide: true,
+        env,
+      })
+      if (detachGateway) {
+        child.unref()
+      }
+
+      const pid = child.pid ?? 0
+      logger.info('Starting gateway for profile "%s" (run mode, PID: %d, port: %d, detached: %s)', name, pid, port, detachGateway)
+
+      // 保存子进程引用，用于后续管理
+      this.gateways.set(name, { pid, port, host, url, owned: true, process: child })
+
+      this.waitForReady(name, pid, port, host, url)
+        .then(resolve)
+        .catch(reject)
+    })
+  }
+
+  /** 等待网关健康检查通过，最多 15 秒 */
+  private async waitForReady(name: string, pid: number, port: number, host: string, url: string): Promise<GatewayStatus> {
+    const deadline = Date.now() + 15000
+    while (Date.now() < deadline) {
+      if (pid && !this.isProcessAlive(pid)) {
+        throw new Error(`Gateway process exited unexpectedly (PID: ${pid})`)
+      }
+      if (await this.checkHealth(url, 2000)) {
+        // "gateway start" 自行管理进程，重新从 pid 文件读取实际 PID
+        const actualPid = this.readPidFile(name) ?? pid
+        const previous = this.gateways.get(name)
+        this.gateways.set(name, {
+          pid: actualPid,
+          port,
+          host,
+          url,
+          owned: previous?.owned ?? true,
+          process: previous?.process,
+        })
+        return { profile: name, port, host, url, running: true, pid: actualPid || undefined }
+      }
+      await new Promise(r => setTimeout(r, 500))
+    }
+    throw new Error(`Gateway health check timed out after 15000ms`)
+  }
+
+  private async getListeningPids(port: number): Promise<number[]> {
+    try {
+      if (process.platform === 'win32') {
+        const { stdout } = await execFileAsync('netstat', ['-ano', '-p', 'tcp'], {
+          timeout: 5000,
+          windowsHide: true,
+        })
+        const pids = new Set<number>()
+        for (const line of stdout.split(/\r?\n/)) {
+          const parts = line.trim().split(/\s+/)
+          if (parts.length < 5 || parts[0].toUpperCase() !== 'TCP') continue
+          const localAddress = parts[1]
+          const state = parts[3]?.toUpperCase()
+          const pid = parseInt(parts[4], 10)
+          if (state === 'LISTENING' && localAddress.endsWith(`:${port}`) && Number.isFinite(pid)) {
+            pids.add(pid)
+          }
+        }
+        return Array.from(pids)
+      }
+
+      const { stdout } = await execFileAsync('lsof', [`-tiTCP:${port}`, '-sTCP:LISTEN'], {
+        timeout: 5000,
+      })
+      return stdout
+        .split(/\r?\n/)
+        .map(line => parseInt(line.trim(), 10))
+        .filter(pid => Number.isFinite(pid))
+    } catch {
+      return []
+    }
+  }
+
+  private async killPid(pid: number, force = false): Promise<void> {
+    if (!pid) return
+
+    if (process.platform === 'win32') {
+      try {
+        await execFileAsync('taskkill', ['/PID', String(pid), '/T', '/F'], {
+          timeout: 5000,
+          windowsHide: true,
+        })
+      } catch {
+        try { process.kill(pid) } catch { }
+      }
+      return
+    }
+
+    const signal = force ? 'SIGKILL' : 'SIGTERM'
+    try {
+      process.kill(-pid, signal)
+    } catch {
+      try { process.kill(pid, signal) } catch { }
+    }
+  }
+
+  private async stopViaHermesCli(name: string): Promise<void> {
+    const hermesHome = this.profileDir(name)
+    try {
+      const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, ['gateway', 'stop'], {
+        timeout: 15000,
+        windowsHide: true,
+        env: buildGatewayProcessEnv(name, hermesHome),
+      })
+      const output = `${stdout}${stderr}`.trim()
+      if (output) logger.debug('%s: hermes gateway stop: %s', name, output)
+    } catch (err) {
+      logger.debug('Failed to stop gateway via Hermes CLI for profile "%s": %s', name, err)
+    }
+  }
+
+  /**
+   * 停止单个 profile 的网关
+   * 所有平台使用 run 模式，直接 kill 进程
+   * 返回前等待 health check 确认网关已真正停止
+   */
+  async stop(name: string, timeoutMs = 10000): Promise<void> {
+    // 记录当前 URL，用于确认停止
+    const gw = this.gateways.get(name)
+    const configured = this.readProfilePort(name)
+    const port = gw?.port ?? configured.port
+    const host = gw?.host ?? configured.host
+    const url = gw?.url || buildHttpUrl(host, port)
+
+    // 所有平台使用 run 模式，直接杀进程
+    const pids = new Set<number>()
+    if (gw?.process?.pid) pids.add(gw.process.pid)
+    if (gw?.pid) pids.add(gw.pid)
+    const pidFilePid = this.readPidFile(name)
+    if (pidFilePid) pids.add(pidFilePid)
+    if (isLocalHost(host)) {
+      for (const pid of await this.getListeningPids(port)) {
+        pids.add(pid)
+      }
+    }
+
+    if (pids.size === 0) {
+      if (!(await this.checkHealth(url, 1000))) {
+        this.gateways.delete(name)
+        this.allocatedPorts.delete(port)
+        this.clearPidFile(name)
+        logger.info('Stopped gateway for profile "%s" (already stopped)', name)
+        return
+      }
+      await this.stopViaHermesCli(name)
+      if (!(await this.checkHealth(url, 1000))) {
+        this.gateways.delete(name)
+        this.allocatedPorts.delete(port)
+        this.clearPidFile(name)
+        logger.info('Stopped gateway for profile "%s"', name)
+        return
+      }
+      throw new Error(`Cannot stop gateway for profile "${name}": no PID available`)
+    }
+
+    await this.stopViaHermesCli(name)
+
+    if (!(await this.checkHealth(url, 1000))) {
+      this.gateways.delete(name)
+      this.allocatedPorts.delete(port)
+      this.clearPidFile(name)
+      logger.info('Stopped gateway for profile "%s"', name)
+      return
+    }
+
+    if (gw?.process && !gw.process.killed) {
+      try { gw.process.kill(process.platform === 'win32' ? undefined : 'SIGTERM') } catch { }
+    }
+
+    for (const pid of pids) {
+      await this.killPid(pid)
+    }
+
+    // 等待 health check 失败，确认网关已真正停止
+    const deadline = Date.now() + timeoutMs
+    while (Date.now() < deadline) {
+      if (!(await this.checkHealth(url, 1000))) {
+        this.gateways.delete(name)
+        this.allocatedPorts.delete(port)
+        this.clearPidFile(name)
+        logger.info('Stopped gateway for profile "%s"', name)
+        return
+      }
+      await new Promise(r => setTimeout(r, 300))
+    }
+
+    if (isLocalHost(host)) {
+      const listeningPids = await this.getListeningPids(port)
+      if (listeningPids.length) {
+        logger.warn(
+          'Gateway for profile "%s" still listening on port %d, force killing PIDs: %s',
+          name,
+          port,
+          listeningPids.join(', '),
+        )
+        for (const pid of listeningPids) {
+          await this.killPid(pid, true)
+        }
+
+        const forceDeadline = Date.now() + 3000
+        while (Date.now() < forceDeadline) {
+          if (!(await this.checkHealth(url, 500))) {
+            this.gateways.delete(name)
+            this.allocatedPorts.delete(port)
+            this.clearPidFile(name)
+            logger.info('Stopped gateway for profile "%s" (force killed)', name)
+            return
+          }
+          await new Promise(r => setTimeout(r, 200))
+        }
+      }
+    }
+
+    logger.warn('Failed to stop gateway for profile "%s" within %dms', name, timeoutMs)
+    throw new Error(`Gateway stop timed out after ${timeoutMs}ms`)
+  }
+
+  /** 停止所有已管理的网关（并行执行） */
+  async stopAll(): Promise<void> {
+    const entries = Array.from(this.gateways.entries())
+      .filter(([, gw]) => gw.owned)
+      .map(([name]) => name)
+    await Promise.allSettled(entries.map(name => this.stop(name)))
+  }
+
+  // ============================
+  // 批量操作（启动时调用）
+  // ============================
+
+  /** 扫描所有 profile，检测网关运行状态并注册 */
+  async detectAllOnStartup(): Promise<void> {
+    logger.info('Scanning profiles for running gateways...')
+    const profiles = await this.listProfiles()
+
+    for (const name of profiles) {
+      const status = await this.detectStatus(name)
+      if (status.running) {
+        logger.info('%s: running (PID: %s, port: %d)', name, status.pid, status.port)
+      } else {
+        logger.debug('%s: stopped', name)
+      }
+    }
+  }
+
+  /**
+   * 启动所有未运行的网关
+   *
+   * 两阶段执行：
+   *   Phase 1 — 顺序处理：检查状态、清理旧进程、分配端口
+   *   Phase 2 — 并行启动网关进程
+   */
+  async startAll(): Promise<void> {
+    // 确保使用 default profile 启动网关
+    const currentProfile = this.getActiveProfile()
+    if (currentProfile !== 'default') {
+      logger.info('Current profile is "%s", switching to "default" for gateway startup', currentProfile)
+      try {
+        await execHermesWithBin(HERMES_BIN, ['profile', 'use', 'default'], {
+          timeout: 10000,
+          windowsHide: true,
+        })
+        this.setActiveProfile('default')
+        logger.info('Waiting for profile switch to take effect...')
+        // 等待一下让 profile 切换完全生效，确保配置文件更新完成
+        await new Promise(resolve => setTimeout(resolve, 2000))
+        logger.info('Successfully switched to default profile')
+      } catch (err) {
+        logger.error(err, 'Failed to switch to default profile, continuing with current profile')
+      }
+    }
+
+    // 清空已分配端口集合，确保每次启动都从干净状态开始
+    this.allocatedPorts.clear()
+
+    const profiles = await this.listProfiles()
+    // Phase 1: 顺序处理
+    const toStart: Array<{ name: string; endpoint: ResolvedGatewayEndpoint }> = []
+    for (const name of profiles) {
+      const existing = this.gateways.get(name)
+      if (existing && this.isProcessAlive(existing.pid)) {
+        if (await this.checkHealth(existing.url, 1000)) {
+          logger.info('%s: already running (PID: %d, port: %d)', name, existing.pid, existing.port)
+          continue
+        }
+
+        logger.info('%s: process alive but unhealthy (PID: %d, port: %d), restarting',
+          name, existing.pid, existing.port)
+        try {
+          await this.stop(name)
+        } catch (err) {
+          logger.debug('Failed to stop unhealthy gateway: %s', err)
+        }
+      }
+
+      // Skip remote profiles — local hermes command cannot start remote gateways
+      const { host } = this.readProfilePort(name)
+      if (host && host !== '127.0.0.1' && host !== 'localhost') {
+        logger.info('%s: remote profile (host=%s), skipping auto-start', name, host)
+        continue
+      }
+
+      // 有 PID 文件但进程未在正确端口运行 → 通过 health check 检查网关状态
+      const pid = this.readPidFile(name)
+      if (pid && this.isProcessAlive(pid)) {
+        const { port: configuredPort, host } = this.readProfilePort(name)
+        const configuredUrl = buildHttpUrl(host, configuredPort)
+
+        // 检查配置文件中的端口是否有正常的网关在运行
+        if (await this.checkHealth(configuredUrl, 2000)) {
+          // Health check 通过，说明网关正常工作
+          logger.info('%s: gateway already running on configured port %d (PID: %d, health check passed)',
+            name, configuredPort, pid)
+          // 注册到内存中
+          this.gateways.set(name, { pid, port: configuredPort, host, url: configuredUrl, owned: false })
+          continue
+        } else {
+          // Health check 失败，说明网关有问题（僵尸进程或端口冲突）
+          logger.info('%s: stale process (PID: %d) health check failed on port %d, stopping and restarting',
+            name, pid, configuredPort)
+          try {
+            await this.stop(name)
+          } catch (err) {
+            logger.debug('Failed to stop stale gateway: %s', err)
+          }
+          // 清理过期的 PID 文件
+          this.clearPidFile(name)
+        }
+      }
+
+      // 只为真正需要启动的网关分配端口
+      const endpoint = await this.resolvePort(name)
+      toStart.push({ name, endpoint })
+    }
+
+    // Phase 2: 并行启动
+    // 串行启动网关，避免并发时的lock file竞争条件
+    for (const { name, endpoint } of toStart) {
+      try {
+        await this.startResolved(name, endpoint)
+      } catch (err: any) {
+        logger.error(err, '%s: failed to start', name)
+      }
+    }
+  }
+}
diff --git a/packages/server/src/services/hermes/gateway-runner.ts b/packages/server/src/services/hermes/gateway-runner.ts
new file mode 100644
index 0000000..2ade359
--- /dev/null
+++ b/packages/server/src/services/hermes/gateway-runner.ts
@@ -0,0 +1,22 @@
+import { getActiveProfileDir } from './hermes-profile'
+import { spawnHermesWithBin } from './hermes-process'
+
+export function startGatewayRunManaged(
+  hermesBin: string,
+  opts: { profileDir?: string } = {},
+): { pid: number | null; reused: boolean } {
+  const profileDir = opts.profileDir || getActiveProfileDir()
+  const child = spawnHermesWithBin(hermesBin, ['gateway', 'run', '--replace'], {
+    detached: true,
+    stdio: 'ignore',
+    windowsHide: true,
+    env: {
+      ...process.env,
+      HERMES_HOME: profileDir,
+    },
+  })
+  child.unref()
+
+  const pid = child.pid ?? null
+  return { pid, reused: false }
+}
diff --git a/packages/server/src/services/hermes/group-chat/agent-clients.ts b/packages/server/src/services/hermes/group-chat/agent-clients.ts
new file mode 100644
index 0000000..33c985c
--- /dev/null
+++ b/packages/server/src/services/hermes/group-chat/agent-clients.ts
@@ -0,0 +1,1161 @@
+import { io, Socket } from 'socket.io-client'
+import { randomBytes } from 'crypto'
+import { getToken } from '../../../services/auth'
+import { logger } from '../../../services/logger'
+import { updateUsage } from '../../../db/hermes/usage-store'
+import { countTokens } from '../../../lib/context-compressor'
+import { AgentBridgeClient, type AgentBridgeContextEstimate, type AgentBridgeMessage, type AgentBridgeOutput } from '../agent-bridge'
+import { convertContentBlocksForAgent, isContentBlockArray } from '../run-chat/content-blocks'
+import type { ContentBlock } from '../run-chat/types'
+import {
+    isAllAgentsMentioned,
+    resolveMentionTargets,
+    stripMentionRoutingTokens,
+} from './mention-routing'
+
+export const GROUP_CHAT_AGENT_SOCKET_SECRET = randomBytes(32).toString('hex')
+
+// ─── Types ────────────────────────────────────────────────────
+
+interface AgentConfig {
+    agentId?: string
+    profile: string
+    name: string
+    description: string
+    invited: number
+}
+
+interface MessageData {
+    id: string
+    roomId: string
+    senderId: string
+    senderName: string
+    content: string
+    timestamp: number
+}
+
+type MentionMessage = {
+    content: string
+    senderName: string
+    senderId: string
+    timestamp: number
+    input?: string | ContentBlock[]
+    mentionDepth?: number
+}
+
+type GroupEstimateMessage = { role: 'user' | 'assistant'; content: string }
+
+interface BridgeContextCache {
+    fixedContextTokens: number
+    instructions?: string
+    systemPromptTokens?: number
+    toolTokens?: number
+    systemPromptChars?: number
+    toolCount?: number
+    toolNames?: string[]
+    profile?: string
+    model?: string
+    provider?: string
+}
+
+export function estimateGroupHistoryMessageTokens(history: Array<{ content?: unknown }>): number {
+    return history.reduce((sum, message) => sum + countTokens(String(message.content || '')), 0)
+}
+
+export function groupContextTokensWithFixedOverhead(
+    fixedContextTokens: number | null | undefined,
+    history: Array<{ content?: unknown }>,
+): number | undefined {
+    if (typeof fixedContextTokens !== 'number' || !Number.isFinite(fixedContextTokens) || fixedContextTokens < 0) {
+        return undefined
+    }
+    return Math.floor(fixedContextTokens) + estimateGroupHistoryMessageTokens(history)
+}
+
+export function groupBridgeReasoningDeltaFromEvent(event: Record<string, unknown>): string | null {
+    if (String(event.event || '') !== 'reasoning.delta') return null
+    const text = String(event.text || '')
+    return text ? text : null
+}
+
+interface MemberData {
+    id: string
+    name: string
+    joinedAt: number
+}
+
+interface JoinResult {
+    roomId: string
+    roomName: string
+    members: MemberData[]
+    messages: MessageData[]
+    rooms: string[]
+}
+
+export interface AgentEventHandler {
+    onMessage?: (data: { roomId: string; msg: MessageData }) => void
+    onTyping?: (data: { roomId: string; userId: string; userName: string }) => void
+    onStopTyping?: (data: { roomId: string; userId: string; userName: string }) => void
+    onMemberJoined?: (data: { roomId: string; memberId: string; memberName: string; members: MemberData[] }) => void
+    onMemberLeft?: (data: { roomId: string; memberId: string; memberName: string; members: MemberData[] }) => void
+}
+
+// ─── Agent Client (single connection) ─────────────────────────
+
+class AgentClient {
+    readonly agentId: string
+    readonly profile: string
+    readonly name: string
+    readonly description: string
+    private socket: Socket | null = null
+    private joinedRooms = new Set<string>()
+    private handlers: AgentEventHandler
+    private _reconnecting = false
+    private contextEngine: any = null
+    private storage: any = null
+    private pendingToolCallIds = new Map<string, string[]>()
+    private pendingToolBaseIds = new Map<string, string>()
+    private bridgeContextCache = new Map<string, BridgeContextCache>()
+
+    constructor(config: AgentConfig, handlers: AgentEventHandler = {}) {
+        this.agentId = config.agentId || Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+        this.profile = config.profile
+        this.name = config.name
+        this.description = config.description
+        this.handlers = handlers
+    }
+
+    get connected(): boolean {
+        return this.socket?.connected ?? false
+    }
+
+    get id(): string | undefined {
+        return this.socket?.id
+    }
+
+    setContextEngine(engine: any): void {
+        this.contextEngine = engine
+    }
+
+    setStorage(storage: any): void {
+        this.storage = storage
+    }
+
+    async connect(port?: number): Promise<void> {
+        const actualPort = port ?? parseInt(process.env.PORT || '8648', 10)
+        const token = await getToken()
+
+        this.socket = io(`http://127.0.0.1:${actualPort}/group-chat`, {
+            auth: {
+                token: token || undefined,
+                userId: this.agentId,
+                name: this.name,
+                description: this.description,
+                source: 'agent',
+                agentSocketSecret: GROUP_CHAT_AGENT_SOCKET_SECRET,
+            },
+            transports: ['websocket'],
+            reconnection: true,
+            reconnectionAttempts: Infinity,
+            reconnectionDelay: 1000,
+            reconnectionDelayMax: 30000,
+            randomizationFactor: 0.5,
+            timeout: 30000,
+        })
+
+        this.bindEvents()
+
+        return new Promise((resolve, reject) => {
+            const timeout = setTimeout(() => reject(new Error('Connection timeout')), 10000)
+
+            this.socket!.on('connect', () => {
+                clearTimeout(timeout)
+                logger.debug(`[AgentClient] ${this.name} connected, socket id: ${this.socket!.id}`)
+                resolve()
+            })
+
+            this.socket!.on('connect_error', (err) => {
+                clearTimeout(timeout)
+                logger.error(err, `[AgentClient] ${this.name} connect_error`)
+                reject(err)
+            })
+        })
+    }
+
+    disconnect(): void {
+        if (this.socket) {
+            this.socket.disconnect()
+            this.socket = null
+            this.joinedRooms.clear()
+            this.bridgeContextCache.clear()
+        }
+    }
+
+    async joinRoom(roomId: string): Promise<JoinResult> {
+        this.ensureConnected()
+        return new Promise((resolve, reject) => {
+            this.socket!.emit('join', { roomId }, (res: JoinResult | { error: string }) => {
+                if ('error' in res) {
+                    reject(new Error(res.error))
+                } else {
+                    this.joinedRooms.add(roomId)
+                    resolve(res)
+                }
+            })
+        })
+    }
+
+    sendMessage(roomId: string, content: string, messageId?: string, extra?: Record<string, unknown>): Promise<string> {
+        this.ensureConnected()
+        return new Promise((resolve, reject) => {
+            this.socket!.emit('message', { roomId, content, id: messageId, ...extra }, (res: { id?: string; error?: string }) => {
+                if (res.error) {
+                    reject(new Error(res.error))
+                } else {
+                    resolve(res.id!)
+                }
+            })
+        })
+    }
+
+    startTyping(roomId: string): void {
+        this.ensureConnected()
+        this.socket!.emit('typing', { roomId })
+    }
+
+    stopTyping(roomId: string): void {
+        this.ensureConnected()
+        this.socket!.emit('stop_typing', { roomId })
+    }
+
+    emitContextStatus(roomId: string, status: 'compressing' | 'replying' | 'ready', extra?: Record<string, unknown>): void {
+        this.ensureConnected()
+        this.socket!.emit('context_status', { roomId, agentName: this.name, status, ...extra })
+    }
+
+    emitApprovalRequested(roomId: string, payload: Record<string, unknown>): void {
+        this.ensureConnected()
+        this.socket!.emit('approval.requested', { roomId, agentName: this.name, ...payload })
+    }
+
+    emitApprovalResolved(roomId: string, payload: Record<string, unknown>): void {
+        this.ensureConnected()
+        this.socket!.emit('approval.resolved', { roomId, agentName: this.name, ...payload })
+    }
+
+    async interrupt(roomId: string): Promise<void> {
+        const sessionSeed = String(this.storage?.getRoom?.(roomId)?.sessionSeed || '0')
+        const sessionId = groupBridgeSessionId(roomId, this.profile, this.name, sessionSeed)
+        await new AgentBridgeClient().interrupt(sessionId, 'Interrupted by group chat user', this.profile)
+        this.stopTyping(roomId)
+        this.emitContextStatus(roomId, 'ready')
+    }
+
+    emitMessageStreamStart(roomId: string, messageId: string): void {
+        this.ensureConnected()
+        this.socket!.emit('message_stream_start', {
+            roomId,
+            id: messageId,
+            senderId: this.socket?.id || this.agentId,
+            senderName: this.name,
+            timestamp: Date.now(),
+        })
+    }
+
+    emitMessageStreamDelta(roomId: string, messageId: string, delta: string): void {
+        if (!delta) return
+        this.ensureConnected()
+        this.socket!.emit('message_stream_delta', { roomId, id: messageId, delta })
+    }
+
+    emitMessageReasoningDelta(roomId: string, messageId: string, delta: string): void {
+        if (!delta) return
+        this.ensureConnected()
+        this.socket!.emit('message_reasoning_delta', { roomId, id: messageId, delta })
+    }
+
+    emitMessageStreamEnd(roomId: string, messageId: string): void {
+        this.ensureConnected()
+        this.socket!.emit('message_stream_end', { roomId, id: messageId })
+    }
+
+    getJoinedRooms(): string[] {
+        return Array.from(this.joinedRooms)
+    }
+
+    private finiteToken(value: unknown): number | undefined {
+        return typeof value === 'number' && Number.isFinite(value) && value >= 0
+            ? Math.floor(value)
+            : undefined
+    }
+
+    private cacheBridgeContext(sessionId: string, data: Record<string, unknown> | AgentBridgeContextEstimate, instructions?: string): void {
+        const fixedContextTokens = this.finiteToken(data.fixed_context_tokens)
+        if (fixedContextTokens == null) return
+        this.bridgeContextCache.set(sessionId, {
+            fixedContextTokens,
+            instructions,
+            systemPromptTokens: this.finiteToken(data.system_prompt_tokens),
+            toolTokens: this.finiteToken(data.tool_tokens),
+            systemPromptChars: this.finiteToken(data.system_prompt_chars),
+            toolCount: this.finiteToken(data.tool_count),
+            toolNames: Array.isArray(data.tool_names) ? data.tool_names.map(String) : undefined,
+            profile: typeof data.profile === 'string' ? data.profile : undefined,
+            model: typeof data.model === 'string' ? data.model : undefined,
+            provider: typeof data.provider === 'string' ? data.provider : undefined,
+        })
+    }
+
+    private estimateHistoryMessageTokens(history: GroupEstimateMessage[]): number {
+        return estimateGroupHistoryMessageTokens(history)
+    }
+
+    private estimateWithCachedBridgeContext(sessionId: string, history: GroupEstimateMessage[], instructions?: string): number | undefined {
+        const cache = this.bridgeContextCache.get(sessionId)
+        if (!cache) return undefined
+        if (cache.instructions !== instructions) return undefined
+        return groupContextTokensWithFixedOverhead(cache.fixedContextTokens, history)
+    }
+
+    private async estimateGroupContextTokens(
+        roomId: string,
+        sessionId: string,
+        bridge: AgentBridgeClient,
+        history: GroupEstimateMessage[],
+        instructions: string | undefined,
+        phase: string,
+    ): Promise<number | undefined> {
+        const cachedTokens = this.estimateWithCachedBridgeContext(sessionId, history, instructions)
+        if (cachedTokens != null) {
+            logger.info({
+                roomId,
+                agentName: this.name,
+                profile: this.profile,
+                sessionId,
+                messages: history.length,
+                fixedContextTokens: this.bridgeContextCache.get(sessionId)?.fixedContextTokens,
+                messageTokens: cachedTokens - (this.bridgeContextCache.get(sessionId)?.fixedContextTokens || 0),
+                fullContextTokens: cachedTokens,
+                phase,
+                source: 'cache',
+            }, '[GroupChat] full context estimate')
+            return cachedTokens
+        }
+
+        const estimate = await bridge.contextEstimate(
+            sessionId,
+            history,
+            instructions,
+            this.profile,
+        )
+        this.cacheBridgeContext(sessionId, estimate, instructions)
+        const totalTokens = Number(estimate.token_count || 0)
+        logger.info({
+            roomId,
+            agentName: this.name,
+            profile: this.profile,
+            sessionId,
+            messages: estimate.message_count,
+            toolCount: estimate.tool_count,
+            systemPromptChars: estimate.system_prompt_chars,
+            fixedContextTokens: estimate.fixed_context_tokens,
+            fullContextTokens: estimate.token_count,
+            phase,
+            source: 'bridge',
+        }, '[GroupChat] full context estimate')
+        return Number.isFinite(totalTokens) && totalTokens > 0 ? Math.floor(totalTokens) : undefined
+    }
+
+    private ensureConnected(): void {
+        if (!this.socket?.connected) {
+            throw new Error(`Agent "${this.name}" is not connected`)
+        }
+    }
+
+    // ─── Hermes Agent Bridge Integration ───────────────────────
+
+    /**
+     * Handle an @mention from the server side.
+     * Called by AgentClients.processMentions() — no socket round-trip needed.
+     * onStatus is called to report context compression progress.
+     */
+    async replyToMention(
+        roomId: string,
+        msg: MentionMessage,
+        onStatus?: (status: 'compressing' | 'replying' | 'ready', extra?: Record<string, unknown>) => void,
+    ): Promise<void> {
+        logger.debug(`[AgentClients] ${this.name} mentioned by ${msg.senderName}: "${msg.content.slice(0, 50)}"`)
+        const runMessageId = groupMessageId(roomId, this.profile, this.name)
+        let partIndex = 0
+        let streamMessageId = groupMessagePartId(runMessageId, partIndex)
+        let currentContent = ''
+        let totalContent = ''
+        let reasoningContent = ''
+        let streamStarted = false
+        try {
+            // Notify room that agent is typing
+            this.startTyping(roomId)
+
+            // Build compressed context if context engine is available
+            let conversationHistory: Array<{ role: string; content: string }> = []
+            let instructions: string | undefined
+            const bridge = new AgentBridgeClient()
+            const sessionSeed = String(this.storage?.getRoom?.(roomId)?.sessionSeed || '0')
+            const sessionId = groupBridgeSessionId(roomId, this.profile, this.name, sessionSeed)
+
+            if (this.contextEngine && this.storage) {
+                try {
+                    logger.debug(`[AgentClients] ${this.name}: building context...`)
+                    // Get room members with descriptions for context
+                    const roomMembers: Array<{ userId: string; name: string; description: string }> = this.storage.getRoomMembers(roomId) || []
+                    const memberNames = roomMembers.map((m: any) => m.name)
+                    const members = roomMembers.map((m: any) => ({ userId: m.userId, name: m.name, description: m.description }))
+
+                    // Get room compression config
+                    const roomInfo = this.storage.getRoom(roomId)
+                    const compression = roomInfo ? {
+                        triggerTokens: roomInfo.triggerTokens,
+                        maxHistoryTokens: roomInfo.maxHistoryTokens,
+                        tailMessageCount: roomInfo.tailMessageCount,
+                    } : undefined
+
+                    const ctx = await this.contextEngine.buildContext({
+                        roomId,
+                        agentId: this.agentId,
+                        agentName: this.name,
+                        agentDescription: this.description,
+                        agentSocketId: this.socket?.id || '',
+                        roomName: roomId,
+                        memberNames,
+                        members,
+                        upstream: '',
+                        apiKey: null,
+                        currentMessage: msg,
+                        compression,
+                        profile: this.profile,
+                        onProgress: (event: { status: 'compressing'; messageCount: number; tokenCount: number }) => {
+                            onStatus?.('compressing', {
+                                messageCount: event.messageCount,
+                                totalTokens: event.tokenCount,
+                            })
+                        },
+                        contextTokenEstimator: async (history: Array<{ role: 'user' | 'assistant'; content: string }>, estimateInstructions: string) => {
+                            return this.estimateGroupContextTokens(
+                                roomId,
+                                sessionId,
+                                bridge,
+                                history,
+                                estimateInstructions,
+                                'build',
+                            )
+                        },
+                    })
+                    conversationHistory = ctx.conversationHistory
+                    instructions = ctx.instructions
+                    if (typeof ctx.meta.contextTokenEstimate === 'number' && Number.isFinite(ctx.meta.contextTokenEstimate)) {
+                        this.storage.updateRoomTotalTokens?.(roomId, ctx.meta.contextTokenEstimate)
+                        onStatus?.('replying', { totalTokens: ctx.meta.contextTokenEstimate })
+                    }
+                    logger.debug(`[AgentClients] ${this.name}: context built — historyLen=${conversationHistory.length}, meta=%j`, ctx.meta)
+                    onStatus?.('replying')
+                } catch (err: any) {
+                    logger.warn(`[AgentClients] ${this.name}: context engine failed: ${err.message}`)
+                    onStatus?.('replying')
+                    // Degrade: continue without context
+                }
+            }
+
+            // Keep routing explicit while removing only the mention tokens that
+            // selected this agent. This avoids making @all look like an
+            // instruction for the model to fan out another routing cycle.
+            const routedPrefix = isAllAgentsMentioned(msg.content)
+                ? `群聊系统：这条消息通过 @all 提及所有 agent，你是其中之一，请直接回复。`
+                : `群聊系统：这条消息已经提及你（${this.name}），请直接回复；即使消息同时提及其他成员，也不要因此输出空回复。`
+            const rawInput = msg.input || msg.content
+            const input = isContentBlockArray(rawInput)
+                ? rawInput.map((block) => {
+                    if (block.type !== 'text') return block
+                    const text = stripMentionRoutingTokens(String(block.text || msg.content), this.name)
+                    return { ...block, text: `${routedPrefix}\n\n原始消息：${text || msg.content}` }
+                })
+                : `${routedPrefix}\n\n原始消息：${stripMentionRoutingTokens(msg.content, this.name) || msg.content}`
+            const runContext = [
+                `[Current Hermes profile: ${this.profile}]`,
+                'When calling Hermes Web UI endpoints from tools or skills, include the current Hermes profile as the X-Hermes-Profile header if the endpoint supports profile-scoped behavior.',
+            ].join('\n')
+            instructions = instructions ? `${runContext}\n${instructions}` : runContext
+            const bridgeInput: AgentBridgeMessage = isContentBlockArray(input)
+                ? await convertContentBlocksForAgent(input)
+                : input
+            const flushedAssistantParts = new Set<string>()
+            let lastChunk: AgentBridgeOutput | null = null
+            const started = await bridge.chat(
+                sessionId,
+                bridgeInput,
+                conversationHistory,
+                instructions,
+                this.profile,
+                {
+                    source: 'api_server',
+                },
+            )
+
+            this.emitMessageStreamStart(roomId, streamMessageId)
+            streamStarted = true
+            for await (const chunk of bridge.streamOutput(started.run_id, { timeoutMs: 120000 })) {
+                lastChunk = chunk
+                reasoningContent += await this.recordBridgeEvents(roomId, sessionId, instructions, chunk, () => streamMessageId, async () => {
+                    const toolBaseId = streamMessageId
+                    if (currentContent.trim()) {
+                        await this.sendMessage(roomId, currentContent, streamMessageId, {
+                            role: 'assistant',
+                            mentionDepth: nextMentionDepth(msg),
+                            reasoning: reasoningContent || null,
+                            reasoning_content: reasoningContent || null,
+                        })
+                        flushedAssistantParts.add(streamMessageId)
+                        currentContent = ''
+                    }
+                    this.emitMessageStreamEnd(roomId, toolBaseId)
+                    partIndex += 1
+                    streamMessageId = groupMessagePartId(runMessageId, partIndex)
+                    this.emitMessageStreamStart(roomId, streamMessageId)
+                    streamStarted = true
+                    return toolBaseId
+                })
+                if (chunk.delta) {
+                    currentContent += chunk.delta
+                    totalContent += chunk.delta
+                    this.emitMessageStreamDelta(roomId, streamMessageId, chunk.delta)
+                }
+            }
+
+            if (lastChunk?.status === 'error') {
+                logger.error(`[AgentClients] ${this.name}: bridge response failed: ${lastChunk.error || 'unknown error'}`)
+                await this.sendAgentErrorMessage(roomId, streamMessageId, lastChunk.error || 'Run failed', msg, reasoningContent)
+                this.emitMessageStreamEnd(roomId, streamMessageId)
+                this.stopTyping(roomId)
+                onStatus?.('ready')
+                return
+            }
+
+            if (!totalContent) {
+                currentContent = extractBridgeFinalText(lastChunk)
+                totalContent = currentContent
+            }
+            recordBridgeUsage(roomId, this.profile, lastChunk?.result)
+            logger.debug(`[AgentClients] ${this.name}: bridge response completed, content length=${totalContent.length}`)
+            if (currentContent) {
+                this.stopTyping(roomId)
+                await this.sendMessage(roomId, currentContent, streamMessageId, {
+                    role: 'assistant',
+                    mentionDepth: nextMentionDepth(msg),
+                    reasoning: reasoningContent || null,
+                    reasoning_content: reasoningContent || null,
+                })
+                this.emitMessageStreamEnd(roomId, streamMessageId)
+                await this.refreshRoomFullContextEstimate(roomId, sessionId, bridge, instructions)
+                onStatus?.('ready')
+                return
+            }
+            logger.warn(`[AgentClients] ${this.name}: bridge response completed without content`)
+            this.emitMessageStreamEnd(roomId, streamMessageId)
+            this.stopTyping(roomId)
+            onStatus?.('ready')
+        } catch (err: any) {
+            logger.error(`[AgentClients] ${this.name}: error handling message: ${err.message}`)
+            try {
+                await this.sendAgentErrorMessage(roomId, streamMessageId, err, msg, reasoningContent)
+                if (streamStarted) this.emitMessageStreamEnd(roomId, streamMessageId)
+            } catch (sendErr: any) {
+                logger.warn(`[AgentClients] ${this.name}: failed to send error message: ${sendErr.message}`)
+            }
+            this.stopTyping(roomId)
+            onStatus?.('ready')
+        }
+    }
+
+    private async refreshRoomFullContextEstimate(
+        roomId: string,
+        sessionId: string,
+        bridge: AgentBridgeClient,
+        instructions?: string,
+    ): Promise<void> {
+        if (!this.storage?.getMessages) return
+        try {
+            const history = this.buildRoomEstimateHistory(roomId)
+            const cachedTokens = await this.estimateGroupContextTokens(
+                roomId,
+                sessionId,
+                bridge,
+                history,
+                instructions,
+                'final',
+            )
+            if (cachedTokens == null || cachedTokens <= 0) return
+            const rounded = Math.floor(cachedTokens)
+            this.storage.updateRoomTotalTokens?.(roomId, rounded)
+            this.emitContextStatus(roomId, 'replying', { totalTokens: rounded })
+        } catch (err: any) {
+            logger.warn(`[GroupChat] failed to refresh final context estimate room=${roomId} agent=${this.name}: ${err.message}`)
+        }
+    }
+
+    private buildRoomEstimateHistory(roomId: string): Array<{ role: 'user' | 'assistant'; content: string }> {
+        const messages = this.storage?.getMessages?.(roomId) || []
+        return messages.map((message: any) => this.mapRoomMessageForEstimate(message))
+    }
+
+    private mapRoomMessageForEstimate(message: any): { role: 'user' | 'assistant'; content: string } {
+        const senderName = String(message?.senderName || 'unknown')
+        const role = String(message?.role || 'user')
+        const isOwnAgent = message?.senderId === this.socket?.id || senderName === this.name
+
+        if (role === 'tool') {
+            const label = message?.tool_name ? `Tool result: ${message.tool_name}` : 'Tool result'
+            return { role: 'user', content: `[${senderName}] [${label}]\n${message?.content || ''}` }
+        }
+
+        if (role === 'assistant' && Array.isArray(message?.tool_calls) && message.tool_calls.length > 0) {
+            const toolsInfo = message.tool_calls.map((toolCall: any) => {
+                const name = toolCall?.function?.name || 'unknown'
+                let args = String(toolCall?.function?.arguments || '{}')
+                if (args.length > 4000) args = `${args.slice(0, 4000)}...`
+                return `[Calling tool: ${name} with arguments: ${args}]`
+            }).join('\n')
+            const content = String(message?.content || '').trim()
+            return {
+                role: isOwnAgent ? 'assistant' : 'user',
+                content: content
+                    ? `${this.formatAttributedContent(senderName, content)}\n${this.formatAttributionPrefix(senderName)}${toolsInfo}`
+                    : `${this.formatAttributionPrefix(senderName)}${toolsInfo}`,
+            }
+        }
+
+        return {
+            role: isOwnAgent ? 'assistant' : 'user',
+            content: this.formatAttributedContent(senderName, String(message?.content || '')),
+        }
+    }
+
+    private formatAttributedContent(senderName: string, content: string): string {
+        return `${this.formatAttributionPrefix(senderName)}${this.stripMentions(content)}`
+    }
+
+    private formatAttributionPrefix(senderName: string): string {
+        return `[${senderName}]: `
+    }
+
+    private stripMentions(content: string): string {
+        return String(content || '')
+            .replace(/@([^\s@]+)/g, '')
+            .replace(/[ \t]{2,}/g, ' ')
+            .replace(/^\s+/, '')
+    }
+
+    private async sendAgentErrorMessage(
+        roomId: string,
+        messageId: string,
+        error: unknown,
+        sourceMsg: MentionMessage,
+        reasoningContent = '',
+    ): Promise<void> {
+        const detail = error instanceof Error ? error.message : String(error || 'Run failed')
+        const content = detail.startsWith('Error:') ? detail : `Error: ${detail}`
+        await this.sendMessage(roomId, content, messageId, {
+            role: 'assistant',
+            mentionDepth: nextMentionDepth(sourceMsg),
+            finish_reason: 'error',
+            reasoning: reasoningContent || null,
+            reasoning_content: reasoningContent || null,
+        })
+    }
+
+    private async recordBridgeEvents(
+        roomId: string,
+        sessionId: string,
+        instructions: string | undefined,
+        chunk: AgentBridgeOutput,
+        getCurrentMessageId: () => string,
+        beforeToolStarted: () => Promise<string>,
+    ): Promise<string> {
+        let reasoning = ''
+        for (const ev of chunk.events || []) {
+            const eventType = String((ev as any)?.event || '')
+            if (eventType === 'bridge.context.ready') {
+                this.cacheBridgeContext(sessionId, ev as Record<string, unknown>, instructions)
+            } else if (eventType === 'tool.started') {
+                const toolBaseId = await beforeToolStarted()
+                this.recordToolStarted(roomId, ev as Record<string, unknown>, toolBaseId)
+            } else if (eventType === 'tool.completed') {
+                this.recordToolCompleted(roomId, ev as Record<string, unknown>)
+            } else if (eventType === 'approval.requested') {
+                this.emitApprovalRequested(roomId, {
+                    event: 'approval.requested',
+                    approval_id: (ev as any).approval_id,
+                    command: (ev as any).command,
+                    description: (ev as any).description,
+                    choices: Array.isArray((ev as any).choices) ? (ev as any).choices : undefined,
+                    allow_permanent: (ev as any).allow_permanent,
+                })
+            } else if (eventType === 'approval.resolved') {
+                this.emitApprovalResolved(roomId, {
+                    event: 'approval.resolved',
+                    approval_id: (ev as any).approval_id,
+                    choice: (ev as any).choice,
+                })
+            } else {
+                const text = groupBridgeReasoningDeltaFromEvent(ev as Record<string, unknown>)
+                if (text) {
+                    reasoning += text
+                    this.emitMessageReasoningDelta(roomId, getCurrentMessageId(), text)
+                }
+            }
+        }
+        return reasoning
+    }
+
+    private recordToolStarted(roomId: string, ev: Record<string, unknown>, runMessageId: string): void {
+        const toolName = String(ev.tool_name || ev.tool || ev.name || '')
+        const toolCallId = groupToolCallId(ev.tool_call_id, toolName, this.nextToolIndex(roomId, toolName))
+        this.trackPendingToolCall(roomId, toolName, toolCallId)
+        this.pendingToolBaseIds.set(toolCallId, runMessageId)
+        const timestamp = Date.now()
+        const rawArgs = ev.args ?? ev.arguments ?? ev.input ?? {}
+        const args = normalizeToolArgs(rawArgs)
+        const toolCall = {
+            id: toolCallId,
+            type: 'function',
+            function: {
+                name: toolName,
+                arguments: JSON.stringify(args),
+            },
+        }
+        const msg: MessageData & Record<string, any> = {
+            id: `${runMessageId}_toolcall_${safeId(toolCallId)}`,
+            roomId,
+            senderId: this.socket?.id || this.agentId,
+            senderName: this.name,
+            content: '',
+            timestamp,
+            role: 'assistant',
+            tool_calls: [toolCall],
+            finish_reason: 'tool_calls',
+        }
+        this.sendMessage(roomId, '', msg.id, {
+            role: 'assistant',
+            tool_calls: msg.tool_calls,
+            finish_reason: 'tool_calls',
+            timestamp,
+        }).catch((err: any) => logger.warn(`[AgentClients] failed to record tool call: ${err.message}`))
+    }
+
+    private recordToolCompleted(roomId: string, ev: Record<string, unknown>): void {
+        const toolName = String(ev.tool_name || ev.tool || ev.name || '')
+        const rawId = String(ev.tool_call_id || '').trim()
+        const toolCallId = rawId || this.takePendingToolCall(roomId, toolName) || groupToolCallId(null, toolName, this.nextToolIndex(roomId, toolName))
+        const runMessageId = this.pendingToolBaseIds.get(toolCallId) || groupMessagePartId(groupMessageId(roomId, this.profile, this.name), 0)
+        this.pendingToolBaseIds.delete(toolCallId)
+        const output = bridgeToolOutput(ev)
+        const timestamp = Date.now()
+        const msg: MessageData & Record<string, any> = {
+            id: `${runMessageId}_toolresult_${safeId(toolCallId)}_${Date.now()}`,
+            roomId,
+            senderId: this.socket?.id || this.agentId,
+            senderName: this.name,
+            content: output,
+            timestamp,
+            role: 'tool',
+            tool_call_id: toolCallId,
+            tool_name: toolName || null,
+        }
+        this.sendMessage(roomId, output, msg.id, {
+            role: 'tool',
+            tool_call_id: toolCallId,
+            tool_name: toolName || null,
+            timestamp,
+        }).catch((err: any) => logger.warn(`[AgentClients] failed to record tool result: ${err.message}`))
+    }
+
+    private pendingToolKey(roomId: string, toolName: string): string {
+        return `${roomId}::${toolName || 'tool'}`
+    }
+
+    private trackPendingToolCall(roomId: string, toolName: string, toolCallId: string): void {
+        const key = this.pendingToolKey(roomId, toolName)
+        const list = this.pendingToolCallIds.get(key) || []
+        list.push(toolCallId)
+        this.pendingToolCallIds.set(key, list)
+    }
+
+    private takePendingToolCall(roomId: string, toolName: string): string | undefined {
+        const key = this.pendingToolKey(roomId, toolName)
+        const list = this.pendingToolCallIds.get(key)
+        if (!list?.length) return undefined
+        const id = list.shift()
+        if (list.length) this.pendingToolCallIds.set(key, list)
+        else this.pendingToolCallIds.delete(key)
+        return id
+    }
+
+    private nextToolIndex(roomId: string, toolName: string): number {
+        const key = this.pendingToolKey(roomId, toolName)
+        return (this.pendingToolCallIds.get(key)?.length || 0) + 1
+    }
+
+    private bindEvents(): void {
+        const s = this.socket!
+
+        s.on('typing', (data: any) => {
+            this.handlers.onTyping?.(data)
+        })
+
+        s.on('stop_typing', (data: any) => {
+            this.handlers.onStopTyping?.(data)
+        })
+
+        s.on('member_joined', (data: any) => {
+            this.handlers.onMemberJoined?.(data)
+        })
+
+        s.on('member_left', (data: any) => {
+            this.handlers.onMemberLeft?.(data)
+        })
+
+        // Auto rejoin rooms on reconnect
+        s.io.on('reconnect', async () => {
+            if (this._reconnecting) return
+            this._reconnecting = true
+            logger.info(`[AgentClients] ${this.name} reconnecting, rejoining ${this.joinedRooms.size} rooms...`)
+            const rooms = Array.from(this.joinedRooms)
+            for (const roomId of rooms) {
+                try {
+                    await this.joinRoom(roomId)
+                } catch (err: any) {
+                    logger.error(`[AgentClients] ${this.name} failed to rejoin room ${roomId}: ${err.message}`)
+                }
+            }
+            this._reconnecting = false
+        })
+    }
+}
+
+function groupBridgeSessionId(roomId: string, profile: string, name: string, sessionSeed: string): string {
+    const raw = `gc_${roomId}_${profile}_${name}_${sessionSeed || '0'}`
+    return raw.replace(/[^a-zA-Z0-9_-]/g, '_').slice(0, 120)
+}
+
+function groupMessageId(roomId: string, profile: string, name: string): string {
+    const raw = `gcmsg_${safeId(roomId)}_${safeId(profile)}_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`
+    return raw.replace(/[^a-zA-Z0-9_-]/g, '_').slice(0, 160)
+}
+
+function groupMessagePartId(runMessageId: string, partIndex: number): string {
+    return `${safeId(runMessageId)}_part_${partIndex}`
+}
+
+function groupToolCallId(rawToolCallId: unknown, toolName: string, index: number): string {
+    const raw = String(rawToolCallId || '').trim()
+    if (raw) return raw
+    return `cli_${safeId(toolName || 'tool')}_${Date.now()}_${index}`
+}
+
+function safeId(value: string): string {
+    return String(value || 'item').replace(/[^a-zA-Z0-9_-]/g, '_').slice(0, 80)
+}
+
+function bridgeToolOutput(ev: Record<string, unknown>): string {
+    const value = ev.result ?? ev.output ?? ev.result_preview ?? ev.preview ?? ''
+    return typeof value === 'string' ? value : JSON.stringify(value ?? '')
+}
+
+function normalizeToolArgs(value: unknown): Record<string, unknown> {
+    if (!value) return {}
+    if (typeof value === 'string') {
+        try {
+            const parsed = JSON.parse(value)
+            return parsed && typeof parsed === 'object' && !Array.isArray(parsed) ? parsed as Record<string, unknown> : { value }
+        } catch {
+            return { value }
+        }
+    }
+    return typeof value === 'object' && !Array.isArray(value) ? value as Record<string, unknown> : { value }
+}
+
+function extractBridgeFinalText(chunk: AgentBridgeOutput | null): string {
+    const result = chunk?.result as any
+    const output = result?.final_response || chunk?.output || ''
+    return typeof output === 'string' ? output.trim() : ''
+}
+
+function recordBridgeUsage(roomId: string, profile: string, result: unknown): void {
+    const payload = result as any
+    const usage = payload?.usage || payload?.response?.usage
+    if (!usage) return
+    updateUsage(roomId, {
+        inputTokens: usage.input_tokens ?? usage.inputTokens ?? 0,
+        outputTokens: usage.output_tokens ?? usage.outputTokens ?? 0,
+        cacheReadTokens: usage.cache_read_tokens ?? usage.cacheReadTokens ?? 0,
+        cacheWriteTokens: usage.cache_write_tokens ?? usage.cacheWriteTokens ?? 0,
+        reasoningTokens: usage.reasoning_tokens ?? usage.reasoningTokens ?? 0,
+        model: payload?.model || payload?.response?.model || '',
+        profile,
+    })
+}
+
+// ─── AgentClients (roomId -> agents) ──────────────────────────
+
+export class AgentClients {
+    private rooms = new Map<string, Map<string, AgentClient>>()
+    private _contextEngine: any = null
+    private _storage: any = null
+
+    // Per-room processing lock + mention queue
+    private _processingRooms = new Set<string>()
+    private _mentionQueue = new Map<string, Array<{ agent: AgentClient; msg: MentionMessage }>>()
+
+    /**
+     * Create an agent client and connect it to the server.
+     * The agent will NOT auto-join any room — call addAgentToRoom separately.
+     */
+    async createAgent(config: AgentConfig, handlers?: AgentEventHandler, port?: number): Promise<AgentClient> {
+        const client = new AgentClient(config, handlers)
+        await client.connect(port)
+
+        // Auto-apply stored references (fixes propagation for agents created after set*)
+        if (this._contextEngine) client.setContextEngine(this._contextEngine)
+        if (this._storage) client.setStorage(this._storage)
+
+        logger.info(`[AgentClients] Connected: ${client.name} (${client.agentId})`)
+        return client
+    }
+
+    /**
+     * Connect an agent to a room.
+     */
+    async addAgentToRoom(roomId: string, client: AgentClient): Promise<JoinResult> {
+        let room = this.rooms.get(roomId)
+        if (!room) {
+            room = new Map()
+            this.rooms.set(roomId, room)
+        }
+
+        room.set(client.agentId, client)
+        try {
+            const result = await client.joinRoom(roomId)
+            logger.info(`[AgentClients] ${client.name} joined room: ${roomId}`)
+            return result
+        } catch (err) {
+            room.delete(client.agentId)
+            if (room.size === 0) this.rooms.delete(roomId)
+            client.disconnect()
+            throw err
+        }
+    }
+
+    /**
+     * Remove an agent from a room and disconnect it.
+     */
+    removeAgentFromRoom(roomId: string, agentId: string): void {
+        const room = this.rooms.get(roomId)
+        if (!room) return
+
+        const client = room.get(agentId)
+        if (client) {
+            client.disconnect()
+            room.delete(agentId)
+            logger.info(`[AgentClients] ${client.name} left room: ${roomId}`)
+
+            // Invalidate context engine cache for this agent
+            if (this._contextEngine) {
+                try { this._contextEngine.invalidateRoom(roomId) } catch { /* ignore */ }
+            }
+        }
+
+        if (room.size === 0) {
+            this.rooms.delete(roomId)
+        }
+    }
+
+    /**
+     * Get all agents in a room.
+     */
+    getAgents(roomId: string): AgentClient[] {
+        const room = this.rooms.get(roomId)
+        return room ? Array.from(room.values()) : []
+    }
+
+    /**
+     * Get a specific agent in a room.
+     */
+    getAgent(roomId: string, agentId: string): AgentClient | undefined {
+        return this.rooms.get(roomId)?.get(agentId)
+    }
+
+    /**
+     * Get all room IDs that have agents.
+     */
+    getRoomIds(): string[] {
+        return Array.from(this.rooms.keys())
+    }
+
+    /**
+     * Send a message from a specific agent in a room.
+     */
+    async sendMessage(roomId: string, agentId: string, content: string): Promise<string> {
+        const client = this.getAgent(roomId, agentId)
+        if (!client) {
+            throw new Error(`Agent "${agentId}" not found in room "${roomId}"`)
+        }
+        return client.sendMessage(roomId, content)
+    }
+
+    /**
+     * Broadcast a message from all agents in a room.
+     */
+    async broadcastFromRoom(roomId: string, content: string): Promise<string[]> {
+        const agents = this.getAgents(roomId)
+        return Promise.all(agents.map((agent) => agent.sendMessage(roomId, content)))
+    }
+
+    async interruptAgent(roomId: string, agentName: string): Promise<void> {
+        const agent = this.getAgents(roomId).find(a => a.name === agentName)
+        if (!agent) throw new Error(`Agent "${agentName}" not found in room "${roomId}"`)
+        this._mentionQueue.delete(`${roomId}:${agent.name}`)
+        await agent.interrupt(roomId)
+    }
+
+    /**
+     * Disconnect all agents in a room.
+     */
+    disconnectRoom(roomId: string): void {
+        const room = this.rooms.get(roomId)
+        if (!room) return
+
+        room.forEach((client) => client.disconnect())
+        this.rooms.delete(roomId)
+        logger.info(`[AgentClients] All agents disconnected from room: ${roomId}`)
+
+        // Invalidate context engine cache for this room
+        if (this._contextEngine) {
+            try { this._contextEngine.invalidateRoom(roomId) } catch { /* ignore */ }
+        }
+    }
+
+    resetRoomContext(roomId: string): void {
+        this._mentionQueue.delete(roomId)
+        for (const key of Array.from(this._mentionQueue.keys())) {
+            if (key.startsWith(`${roomId}:`)) this._mentionQueue.delete(key)
+        }
+        for (const key of Array.from(this._processingRooms)) {
+            if (key.startsWith(`${roomId}:`)) this._processingRooms.delete(key)
+        }
+        if (this._contextEngine) {
+            try { this._contextEngine.invalidateRoom(roomId) } catch { /* ignore */ }
+        }
+    }
+
+    /**
+     * Disconnect all agents in all rooms.
+     */
+    disconnectAll(): void {
+        this.rooms.forEach((room) => {
+            room.forEach((client) => client.disconnect())
+        })
+        this.rooms.clear()
+        logger.info('[AgentClients] All agents disconnected')
+    }
+
+    /**
+     * Set context engine for all existing and future agents.
+     */
+    setContextEngine(engine: any): void {
+        this._contextEngine = engine
+        this.rooms.forEach((room) => {
+            room.forEach((client) => client.setContextEngine(engine))
+        })
+    }
+
+    /**
+     * Set message storage for all existing and future agents.
+     */
+    setStorage(storage: any): void {
+        this._storage = storage
+        this.rooms.forEach((room) => {
+            room.forEach((client) => client.setStorage(storage))
+        })
+    }
+
+
+    /**
+     * Server-side: parse @mentions and forward to matching agents directly.
+     * If the room is already processing (compressing/replying), queue the mention.
+     */
+    async processMentions(roomId: string, msg: MentionMessage): Promise<void> {
+        const agents = this.getAgents(roomId)
+        const mentioned = resolveMentionTargets(agents, msg.content, msg.senderId)
+        if (mentioned.length === 0) return
+
+        logger.debug(`[AgentClients] ${mentioned.map(a => a.name).join(', ')} mentioned by ${msg.senderName}`)
+
+        for (const agent of mentioned) {
+            this._processAgentMention(roomId, agent, msg).catch((err) => {
+                logger.error(`[AgentClients] error processing mention for ${agent.name}: ${err.message}`)
+            })
+        }
+    }
+
+    /**
+     * Process a single agent mention with status reporting and queue drain.
+     */
+    private async _processAgentMention(
+        roomId: string,
+        agent: AgentClient,
+        msg: MentionMessage,
+    ): Promise<void> {
+        const agentKey = `${roomId}:${agent.name}`
+        if (this._processingRooms.has(agentKey)) {
+            // Queue for this specific agent
+            let queue = this._mentionQueue.get(agentKey)
+            if (!queue) {
+                queue = []
+                this._mentionQueue.set(agentKey, queue)
+            }
+            queue.push({ agent, msg })
+            logger.debug(`[AgentClients] agent ${agent.name} is processing, queued mention in room ${roomId}`)
+            return
+        }
+
+        this._processingRooms.add(agentKey)
+        const onStatus = (status: 'compressing' | 'replying' | 'ready', extra?: Record<string, unknown>) => {
+            agent.emitContextStatus(roomId, status, extra)
+            logger.debug(`[AgentClients] room ${roomId} agent ${agent.name} status: ${status}`)
+        }
+
+        try {
+            await agent.replyToMention(roomId, msg, onStatus)
+        } finally {
+            this._processingRooms.delete(agentKey)
+            await this._drainQueue(agentKey, roomId)
+        }
+    }
+
+    /**
+     * Drain queued mentions for a room after processing completes.
+     */
+    private async _drainQueue(agentKey: string, roomId: string): Promise<void> {
+        const queue = this._mentionQueue.get(agentKey)
+        if (!queue || queue.length === 0) return
+
+        this._mentionQueue.delete(agentKey)
+        logger.debug(`[AgentClients] draining ${queue.length} queued mention(s) for ${agentKey}`)
+
+        // Process the last queued mention only (most recent, discards stale intermediate ones)
+        const last = queue[queue.length - 1]
+        await this._processAgentMention(roomId, last.agent, last.msg)
+    }
+}
+
+function nextMentionDepth(msg: MentionMessage): number {
+    return Math.max(0, msg.mentionDepth || 0) + 1
+}
diff --git a/packages/server/src/services/hermes/group-chat/index.ts b/packages/server/src/services/hermes/group-chat/index.ts
new file mode 100644
index 0000000..5050919
--- /dev/null
+++ b/packages/server/src/services/hermes/group-chat/index.ts
@@ -0,0 +1,1272 @@
+import { Server, Socket, Namespace } from 'socket.io'
+import type { Server as HttpServer } from 'http'
+import { logger } from '../../../services/logger'
+import { getDb } from '../../../db'
+import { normalizeMessageContentForStorage, normalizeMessageContentForStorageRole } from '../../../db/hermes/message-content'
+import { AgentClients, GROUP_CHAT_AGENT_SOCKET_SECRET } from './agent-clients'
+import { ContextEngine } from '../context-engine/compressor'
+import { SessionDeleter } from '../session-deleter'
+import { countTokens, SUMMARY_PREFIX } from '../../../lib/context-compressor'
+import { AgentBridgeClient } from '../agent-bridge'
+import { authenticateUserToken, isAuthEnabled } from '../../../middleware/user-auth'
+
+// ─── Types ────────────────────────────────────────────────────
+
+interface ChatMessage {
+    id: string
+    roomId: string
+    senderId: string
+    senderName: string
+    content: string
+    timestamp: number
+    role?: string
+    tool_call_id?: string | null
+    tool_calls?: any[] | null
+    tool_name?: string | null
+    finish_reason?: string | null
+    reasoning?: string | null
+    reasoning_details?: string | null
+    reasoning_content?: string | null
+    mentionDepth?: number
+}
+
+function contentToStorageString(content: unknown): string {
+    if (typeof content === 'string') return content
+    return JSON.stringify(content ?? '')
+}
+
+function messageContentForStorage(role: string | undefined, content: string): string {
+    return normalizeMessageContentForStorageRole(role, content)
+}
+
+function contentToText(content: unknown): string {
+    if (typeof content === 'string') {
+        const trimmed = content.trim()
+        if (trimmed.startsWith('[') && trimmed.endsWith(']')) {
+            try {
+                return contentToText(JSON.parse(trimmed))
+            } catch {
+                return content
+            }
+        }
+        return content
+    }
+    if (Array.isArray(content)) {
+        return content.map((block: any) => {
+            if (block?.type === 'text') return block.text || ''
+            if (block?.type === 'image') return `[Image: ${block.name || block.path || ''}]`
+            if (block?.type === 'file') return `[File: ${block.name || block.path || ''}]`
+            return ''
+        }).filter(Boolean).join('\n')
+    }
+    return content == null ? '' : String(content)
+}
+
+interface RoomAgent {
+    id: string
+    roomId: string
+    agentId: string
+    profile: string
+    name: string
+    description: string
+    invited: number
+}
+
+interface RoomInfo {
+    id: string
+    name: string
+    inviteCode: string | null
+    triggerTokens: number
+    maxHistoryTokens: number
+    tailMessageCount: number
+    totalTokens: number
+    sessionSeed: string
+}
+
+interface Member {
+    id: string
+    userId: string
+    name: string
+    description: string
+    joinedAt: number
+    online: boolean
+    socketId: string
+    source?: 'human' | 'agent'
+}
+
+let _tablesEnsured = false
+
+interface PendingSessionDelete {
+    session_id: string
+    profile_name: string
+    status: string
+    attempt_count: number
+    last_error: string | null
+    created_at: number
+    updated_at: number
+    next_attempt_at: number
+}
+
+interface GroupChatSessionProfile {
+    session_id: string
+    room_id: string
+    agent_id: string
+    profile_name: string
+    created_at: number
+}
+
+export interface PendingSessionDeleteDrainResult {
+    deleted: string[]
+    failed: Array<{ sessionId: string; error: string }>
+}
+
+function parseJsonArray(value: unknown): any[] | null {
+    if (value == null || value === '') return null
+    if (Array.isArray(value)) return value
+    if (typeof value !== 'string') return null
+    try {
+        const parsed = JSON.parse(value)
+        return Array.isArray(parsed) ? parsed : null
+    } catch {
+        return null
+    }
+}
+
+function normalizeMessageRole(role: unknown): string {
+    const value = String(role || '').trim()
+    return ['user', 'assistant', 'tool', 'command'].includes(value) ? value : 'user'
+}
+
+function normalizeMentionDepth(depth: unknown): number {
+    const value = Number(depth)
+    return Number.isFinite(value) && value > 0 ? Math.floor(value) : 0
+}
+
+function maxAgentMentionDepth(): number {
+    const value = Number(process.env.HERMES_GROUP_CHAT_MAX_AGENT_MENTION_DEPTH)
+    if (!Number.isFinite(value) || value <= 0) return 4
+    return Math.min(10, Math.floor(value))
+}
+
+function groupRunOrder(id: string): { baseId: string; phase: number } {
+    const value = String(id || '')
+    const partMatch = value.match(/^(.*)_part_(\d+)(?:_(toolcall|toolresult)_.+)?$/)
+    if (partMatch) {
+        const part = Number(partMatch[2] || 0)
+        const kind = partMatch[3] || 'assistant'
+        const offset = kind === 'toolcall' ? 1 : kind === 'toolresult' ? 2 : 0
+        return { baseId: partMatch[1], phase: part * 3 + offset }
+    }
+    const toolIdx = value.indexOf('_toolcall_')
+    if (toolIdx >= 0) return { baseId: value.slice(0, toolIdx), phase: 0 }
+    const resultIdx = value.indexOf('_toolresult_')
+    if (resultIdx >= 0) return { baseId: value.slice(0, resultIdx), phase: 1 }
+    return { baseId: value, phase: 2 }
+}
+
+function sortGroupMessages<T extends { id: string; timestamp: number }>(messages: T[]): T[] {
+    const baseMinTimestamp = new Map<string, number>()
+    for (const msg of messages) {
+        const { baseId } = groupRunOrder(msg.id)
+        const existing = baseMinTimestamp.get(baseId)
+        if (existing == null || msg.timestamp < existing) baseMinTimestamp.set(baseId, msg.timestamp)
+    }
+    return [...messages].sort((a, b) => {
+        const ao = groupRunOrder(a.id)
+        const bo = groupRunOrder(b.id)
+        const at = baseMinTimestamp.get(ao.baseId) ?? a.timestamp
+        const bt = baseMinTimestamp.get(bo.baseId) ?? b.timestamp
+        if (at !== bt) return at - bt
+        if (ao.baseId !== bo.baseId) return ao.baseId.localeCompare(bo.baseId)
+        if (ao.phase !== bo.phase) return ao.phase - bo.phase
+        if (a.timestamp !== b.timestamp) return a.timestamp - b.timestamp
+        return a.id.localeCompare(b.id)
+    })
+}
+
+class ChatStorage {
+    private db() { return getDb() }
+
+    init(): void {
+        if (_tablesEnsured) return
+        const db = this.db()
+        if (!db) return
+        // Tables are now created centrally in initAllHermesTables()
+        // Only create indexes here
+        try { db.exec('CREATE INDEX IF NOT EXISTS idx_gc_messages_room ON gc_messages(roomId, timestamp)') } catch { /* ignore */ }
+        try { db.exec('CREATE INDEX IF NOT EXISTS idx_gc_room_agents_room ON gc_room_agents(roomId)') } catch { /* ignore */ }
+        try { db.exec('CREATE UNIQUE INDEX IF NOT EXISTS idx_gc_room_members_unique ON gc_room_members(roomId, userId)') } catch { /* ignore */ }
+        try { db.exec('CREATE INDEX IF NOT EXISTS idx_gc_pending_session_deletes_profile ON gc_pending_session_deletes(profile_name, status, next_attempt_at, created_at)') } catch { /* ignore */ }
+        try { db.exec('CREATE INDEX IF NOT EXISTS idx_gc_session_profiles_profile ON gc_session_profiles(profile_name, created_at)') } catch { /* ignore */ }
+        _tablesEnsured = true
+    }
+
+    saveSessionProfile(sessionId: string, roomId: string, agentId: string, profileName: string): void {
+        this.db()?.prepare(
+            'INSERT INTO gc_session_profiles (session_id, room_id, agent_id, profile_name, created_at) VALUES (?, ?, ?, ?, ?) ON CONFLICT(session_id) DO UPDATE SET room_id = excluded.room_id, agent_id = excluded.agent_id, profile_name = excluded.profile_name'
+        ).run(sessionId, roomId, agentId, profileName, Date.now())
+    }
+
+    getSessionProfile(sessionId: string): GroupChatSessionProfile | null {
+        return (this.db()?.prepare(
+            'SELECT session_id, room_id, agent_id, profile_name, created_at FROM gc_session_profiles WHERE session_id = ?'
+        ).get(sessionId) as GroupChatSessionProfile | undefined) ?? null
+    }
+
+    deleteSessionProfile(sessionId: string): void {
+        this.db()?.prepare('DELETE FROM gc_session_profiles WHERE session_id = ?').run(sessionId)
+    }
+
+    listPendingSessionDeletes(profileName: string, limit = 50): PendingSessionDelete[] {
+        const rows = this.db()?.prepare(
+            `SELECT session_id, profile_name, status, attempt_count, last_error, created_at, updated_at, next_attempt_at
+             FROM gc_pending_session_deletes
+             WHERE profile_name = ? AND status = 'pending' AND next_attempt_at <= ?
+             ORDER BY created_at ASC
+             LIMIT ?`
+        ).all(profileName, Date.now(), limit) || []
+        return rows.map((row: any) => ({
+            session_id: String(row.session_id || ''),
+            profile_name: String(row.profile_name || ''),
+            status: String(row.status || 'pending'),
+            attempt_count: Number(row.attempt_count || 0),
+            last_error: row.last_error == null ? null : String(row.last_error),
+            created_at: Number(row.created_at || 0),
+            updated_at: Number(row.updated_at || 0),
+            next_attempt_at: Number(row.next_attempt_at || 0),
+        }))
+    }
+
+    enqueuePendingSessionDelete(sessionId: string, profileName: string): void {
+        const now = Date.now()
+        this.db()?.prepare(
+            `INSERT INTO gc_pending_session_deletes (session_id, profile_name, status, attempt_count, last_error, created_at, updated_at, next_attempt_at)
+             VALUES (?, ?, 'pending', 0, NULL, ?, ?, 0)
+             ON CONFLICT(session_id) DO UPDATE SET
+               profile_name = excluded.profile_name,
+               status = 'pending',
+               updated_at = excluded.updated_at,
+               next_attempt_at = 0`
+        ).run(sessionId, profileName, now, now)
+    }
+
+    claimPendingSessionDeletes(profileName: string, limit = 50): PendingSessionDelete[] {
+        const rows = this.listPendingSessionDeletes(profileName, limit)
+        if (rows.length === 0) return []
+        const now = Date.now()
+        const stmt = this.db()?.prepare(
+            `UPDATE gc_pending_session_deletes
+             SET status = 'processing', updated_at = ?
+             WHERE session_id = ? AND status = 'pending'`
+        )
+        const claimed: PendingSessionDelete[] = []
+        for (const row of rows) {
+            const result = stmt?.run(now, row.session_id)
+            if (result?.changes) {
+                claimed.push({ ...row, status: 'processing', updated_at: now })
+            }
+        }
+        return claimed
+    }
+
+    markPendingSessionDeleteFailed(sessionId: string, error: string): void {
+        const now = Date.now()
+        this.db()?.prepare(
+            `UPDATE gc_pending_session_deletes
+             SET status = 'pending',
+                 attempt_count = attempt_count + 1,
+                 last_error = ?,
+                 updated_at = ?,
+                 next_attempt_at = ?
+             WHERE session_id = ?`
+        ).run(error, now, now + 60_000, sessionId)
+    }
+
+    removePendingSessionDelete(sessionId: string): void {
+        this.db()?.prepare('DELETE FROM gc_pending_session_deletes WHERE session_id = ?').run(sessionId)
+    }
+
+    getPendingDeletedSessionIds(): Set<string> {
+        const rows = (this.db()?.prepare(
+            `SELECT session_id FROM gc_pending_session_deletes WHERE status IN ('pending', 'processing')`
+        ).all() || []) as Array<{ session_id: string }>
+        return new Set(rows.map(row => row.session_id))
+    }
+
+    // ─── Rooms ────────────────────────────────────────────────
+
+    getRoom(roomId: string): RoomInfo | undefined {
+        return this.db()?.prepare('SELECT id, name, inviteCode, triggerTokens, maxHistoryTokens, tailMessageCount, totalTokens, sessionSeed FROM gc_rooms WHERE id = ?').get(roomId) as any
+    }
+
+    getRoomByInviteCode(code: string): RoomInfo | undefined {
+        return this.db()?.prepare('SELECT id, name, inviteCode, triggerTokens, maxHistoryTokens, tailMessageCount, totalTokens, sessionSeed FROM gc_rooms WHERE inviteCode = ?').get(code) as any
+    }
+
+    getAllRooms(): RoomInfo[] {
+        return (this.db()?.prepare('SELECT id, name, inviteCode, triggerTokens, maxHistoryTokens, tailMessageCount, totalTokens, sessionSeed FROM gc_rooms ORDER BY id').all() || []) as any[]
+    }
+
+    getRoomsForProfiles(profiles: string[]): RoomInfo[] {
+        const uniqueProfiles = [...new Set(profiles.map(profile => profile.trim()).filter(Boolean))]
+        if (!uniqueProfiles.length) return []
+        const placeholders = uniqueProfiles.map(() => '?').join(', ')
+        return (this.db()?.prepare(
+            `SELECT DISTINCT r.id, r.name, r.inviteCode, r.triggerTokens, r.maxHistoryTokens, r.tailMessageCount, r.totalTokens, r.sessionSeed
+             FROM gc_rooms r
+             INNER JOIN gc_room_agents a ON a.roomId = r.id
+             WHERE a.profile IN (${placeholders})
+             ORDER BY r.id`
+        ).all(...uniqueProfiles) || []) as any[]
+    }
+
+    saveRoom(id: string, name: string, inviteCode?: string, config?: { triggerTokens?: number; maxHistoryTokens?: number; tailMessageCount?: number }): void {
+        this.db()?.prepare(
+            'INSERT OR IGNORE INTO gc_rooms (id, name, inviteCode, triggerTokens, maxHistoryTokens, tailMessageCount) VALUES (?, ?, ?, ?, ?, ?)'
+        ).run(id, name, inviteCode || null, config?.triggerTokens ?? 100000, config?.maxHistoryTokens ?? 32000, config?.tailMessageCount ?? 10)
+    }
+
+    updateRoomConfig(roomId: string, config: { triggerTokens?: number; maxHistoryTokens?: number; tailMessageCount?: number }): void {
+        const sets: string[] = []
+        const vals: any[] = []
+        if (config.triggerTokens !== undefined) { sets.push('triggerTokens = ?'); vals.push(config.triggerTokens) }
+        if (config.maxHistoryTokens !== undefined) { sets.push('maxHistoryTokens = ?'); vals.push(config.maxHistoryTokens) }
+        if (config.tailMessageCount !== undefined) { sets.push('tailMessageCount = ?'); vals.push(config.tailMessageCount) }
+        if (sets.length === 0) return
+        vals.push(roomId)
+        this.db()?.prepare(`UPDATE gc_rooms SET ${sets.join(', ')} WHERE id = ?`).run(...vals)
+    }
+
+    updateRoomInviteCode(roomId: string, inviteCode: string): void {
+        this.db()?.prepare('UPDATE gc_rooms SET inviteCode = ? WHERE id = ?').run(inviteCode, roomId)
+    }
+
+    updateRoomTotalTokens(roomId: string, tokens: number): void {
+        this.db()?.prepare('UPDATE gc_rooms SET totalTokens = ? WHERE id = ?').run(tokens, roomId)
+    }
+
+    rotateRoomSessionSeed(roomId: string): string {
+        const seed = `${Date.now().toString(36)}${Math.random().toString(36).slice(2, 8)}`
+        this.db()?.prepare('UPDATE gc_rooms SET sessionSeed = ? WHERE id = ?').run(seed, roomId)
+        return seed
+    }
+
+    estimateTokens(text: string): number {
+        const cjk = (text.match(/[\u2e80-\u9fff\uac00-\ud7af\u3000-\u303f\uff00-\uffef]/g) || []).length
+        const other = text.length - cjk
+        return Math.ceil(cjk * 1.5 + other / 4)
+    }
+
+    private contentToUsageText(content: unknown): string {
+        if (typeof content === 'string') return content
+        if (!content) return ''
+        if (Array.isArray(content)) {
+            return content.map((block: any) => {
+                if (typeof block?.text === 'string') return block.text
+                if (typeof block?.type === 'string') return `[${block.type}]`
+                return String(block || '')
+            }).join('\n')
+        }
+        return String(content)
+    }
+
+    private estimateUsageTokensFromMessages(messages: ChatMessage[]): { inputTokens: number; outputTokens: number } {
+        const inputTokens = messages
+            .filter(m => (m.role || 'user') === 'user')
+            .reduce((sum, m) => sum + countTokens(this.contentToUsageText(m.content)), 0)
+        const outputTokens = messages
+            .filter(m => m.role === 'assistant' || m.role === 'tool')
+            .reduce((sum, m) => sum + countTokens(this.contentToUsageText(m.content)) + countTokens(String(m.tool_calls || '')), 0)
+        return { inputTokens, outputTokens }
+    }
+
+    private estimateRoomTotalTokens(roomId: string, messages: ChatMessage[]): number {
+        const snapshot = this.getContextSnapshot(roomId)
+        if (snapshot && messages.length) {
+            const snapshotIdx = messages.findIndex(m => m.id === snapshot.lastMessageId)
+            const newMessages = snapshotIdx >= 0
+                ? messages.slice(snapshotIdx + 1)
+                : messages.filter(m => m.timestamp > snapshot.lastMessageTimestamp)
+            const newUsage = this.estimateUsageTokensFromMessages(newMessages)
+            return countTokens(SUMMARY_PREFIX + snapshot.summary) + newUsage.inputTokens + newUsage.outputTokens
+        }
+        const usage = this.estimateUsageTokensFromMessages(messages)
+        return usage.inputTokens + usage.outputTokens
+    }
+
+    // ─── Messages ─────────────────────────────────────────────
+
+    getMessages(roomId: string, limit = 300, offset = 0): ChatMessage[] {
+        const rows = (this.db()?.prepare(
+            'SELECT id, roomId, senderId, senderName, content, timestamp, role, tool_call_id, tool_calls, tool_name, finish_reason, reasoning, reasoning_details, reasoning_content FROM gc_messages WHERE roomId = ? ORDER BY timestamp DESC LIMIT ? OFFSET ?'
+        ).all(roomId, limit, offset) || []) as any[]
+        return sortGroupMessages(rows.map(row => ({
+            ...row,
+            tool_calls: parseJsonArray(row.tool_calls),
+        })))
+    }
+
+    getMessageCount(roomId: string): number {
+        const row = this.db()?.prepare(
+            'SELECT COUNT(*) as total FROM gc_messages WHERE roomId = ?'
+        ).get(roomId) as { total: number } | undefined
+        return row?.total || 0
+    }
+
+    getMessage(messageId: string): ChatMessage | null {
+        const row = this.db()?.prepare(
+            'SELECT id, roomId, senderId, senderName, content, timestamp, role, tool_call_id, tool_calls, tool_name, finish_reason, reasoning, reasoning_details, reasoning_content FROM gc_messages WHERE id = ?'
+        ).get(messageId) as any
+        if (!row) return null
+        return {
+            ...row,
+            tool_calls: parseJsonArray(row.tool_calls),
+        }
+    }
+
+    addMessage(msg: ChatMessage): void {
+        this.upsertMessage(msg)
+    }
+
+    upsertMessage(msg: ChatMessage): void {
+        const toolCallsJson = msg.tool_calls ? JSON.stringify(msg.tool_calls) : null
+        this.db()?.prepare(
+            `INSERT INTO gc_messages (id, roomId, senderId, senderName, content, timestamp, role, tool_call_id, tool_calls, tool_name, finish_reason, reasoning, reasoning_details, reasoning_content)
+             VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
+            + ` ON CONFLICT(id) DO UPDATE SET
+                roomId = excluded.roomId,
+                senderId = excluded.senderId,
+                senderName = excluded.senderName,
+                content = excluded.content,
+                timestamp = excluded.timestamp,
+                role = excluded.role,
+                tool_call_id = excluded.tool_call_id,
+                tool_calls = excluded.tool_calls,
+                tool_name = excluded.tool_name,
+                finish_reason = excluded.finish_reason,
+                reasoning = excluded.reasoning,
+                reasoning_details = excluded.reasoning_details,
+                reasoning_content = excluded.reasoning_content`
+        ).run(
+            msg.id, msg.roomId, msg.senderId, msg.senderName, messageContentForStorage(msg.role, msg.content), msg.timestamp,
+            msg.role || 'user',
+            msg.tool_call_id ?? null,
+            toolCallsJson,
+            msg.tool_name ?? null,
+            msg.finish_reason ?? null,
+            msg.reasoning ?? null,
+            msg.reasoning_details ?? null,
+            msg.reasoning_content ?? null,
+        )
+    }
+
+    saveMessageAndRefreshRoom(msg: ChatMessage, options: { preserveExistingTimestamp?: boolean } = {}): { message: ChatMessage; totalTokens: number } {
+        const db = this.db()
+        if (!db) return { message: msg, totalTokens: 0 }
+        db.exec('BEGIN IMMEDIATE')
+        try {
+            const existing = this.getMessage(msg.id)
+            const message = existing && options.preserveExistingTimestamp ? { ...msg, timestamp: existing.timestamp } : msg
+            this.upsertMessage(message)
+            this.pruneMessages(msg.roomId)
+            const messages = this.getMessages(msg.roomId)
+            const totalTokens = this.estimateRoomTotalTokens(msg.roomId, messages)
+            this.updateRoomTotalTokens(msg.roomId, totalTokens)
+            db.exec('COMMIT')
+            return { message, totalTokens }
+        } catch (err) {
+            try { db.exec('ROLLBACK') } catch { /* ignore */ }
+            throw err
+        }
+    }
+
+    clearRoomContext(roomId: string): void {
+        const db = this.db()
+        if (!db) return
+        db.prepare('DELETE FROM gc_messages WHERE roomId = ?').run(roomId)
+        db.prepare('DELETE FROM gc_context_snapshots WHERE roomId = ?').run(roomId)
+        db.prepare('UPDATE gc_rooms SET totalTokens = 0, sessionSeed = ? WHERE id = ?').run(`${Date.now().toString(36)}${Math.random().toString(36).slice(2, 8)}`, roomId)
+    }
+
+    pruneMessages(roomId: string, keep = 500): void {
+        const db = this.db()
+        if (!db) return
+        const count = (db.prepare('SELECT COUNT(*) as c FROM gc_messages WHERE roomId = ?').get(roomId) as any)?.c
+        if (count > keep) {
+            const cutoff = db.prepare(
+                'SELECT timestamp FROM gc_messages WHERE roomId = ? ORDER BY timestamp DESC LIMIT 1 OFFSET ?'
+            ).get(roomId, keep - 1) as any
+            if (cutoff) {
+                const result = db.prepare('DELETE FROM gc_messages WHERE roomId = ? AND timestamp < ?').run(roomId, cutoff.timestamp)
+                logger.info(`[GroupChat] pruned ${result.changes} messages from room ${roomId} (had ${count}, keeping ${keep})`)
+            }
+        }
+    }
+
+    // ─── Room Agents ──────────────────────────────────────────
+
+    getRoomAgents(roomId: string): RoomAgent[] {
+        return (this.db()?.prepare(
+            'SELECT id, roomId, agentId, profile, name, description, invited FROM gc_room_agents WHERE roomId = ?'
+        ).all(roomId) || []) as unknown as RoomAgent[]
+    }
+
+    addRoomAgent(roomId: string, agentId: string, profile: string, name: string, description: string, invited: number): RoomAgent {
+        const id = Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+        this.db()?.prepare(
+            'INSERT INTO gc_room_agents (id, roomId, agentId, profile, name, description, invited) VALUES (?, ?, ?, ?, ?, ?, ?)'
+        ).run(id, roomId, agentId, profile, name, description, invited)
+        return { id, roomId, agentId, profile, name, description, invited }
+    }
+
+    getRoomAgent(roomId: string, agentRef: string): RoomAgent | null {
+        return (this.db()?.prepare(
+            'SELECT id, roomId, agentId, profile, name, description, invited FROM gc_room_agents WHERE roomId = ? AND (id = ? OR agentId = ?)'
+        ).get(roomId, agentRef, agentRef) as any) ?? null
+    }
+
+    getRoomAgentByAgentId(roomId: string, agentId: string): RoomAgent | null {
+        return (this.db()?.prepare(
+            'SELECT id, roomId, agentId, profile, name, description, invited FROM gc_room_agents WHERE roomId = ? AND agentId = ?'
+        ).get(roomId, agentId) as any) ?? null
+    }
+
+    removeRoomAgent(roomId: string, agentRef: string): void {
+        this.db()?.prepare('DELETE FROM gc_room_agents WHERE roomId = ? AND (id = ? OR agentId = ?)').run(roomId, agentRef, agentRef)
+    }
+
+    // ─── Context Snapshots ──────────────────────────────────
+
+    getContextSnapshot(roomId: string): { roomId: string; summary: string; lastMessageId: string; lastMessageTimestamp: number; updatedAt: number } | null {
+        return (this.db()?.prepare(
+            'SELECT roomId, summary, lastMessageId, lastMessageTimestamp, updatedAt FROM gc_context_snapshots WHERE roomId = ?'
+        ).get(roomId) as any) ?? null
+    }
+
+    saveContextSnapshot(roomId: string, summary: string, lastMessageId: string, lastMessageTimestamp: number): void {
+        this.db()?.prepare(
+            'INSERT INTO gc_context_snapshots (roomId, summary, lastMessageId, lastMessageTimestamp, updatedAt) VALUES (?, ?, ?, ?, ?) ON CONFLICT(roomId) DO UPDATE SET summary = excluded.summary, lastMessageId = excluded.lastMessageId, lastMessageTimestamp = excluded.lastMessageTimestamp, updatedAt = excluded.updatedAt'
+        ).run(roomId, summary, lastMessageId, lastMessageTimestamp, Date.now())
+    }
+
+    deleteContextSnapshot(roomId: string): void {
+        this.db()?.prepare('DELETE FROM gc_context_snapshots WHERE roomId = ?').run(roomId)
+    }
+
+    deleteRoom(roomId: string): void {
+        const db = this.db()
+        if (!db) return
+        db.prepare('DELETE FROM gc_messages WHERE roomId = ?').run(roomId)
+        db.prepare('DELETE FROM gc_room_agents WHERE roomId = ?').run(roomId)
+        db.prepare('DELETE FROM gc_room_members WHERE roomId = ?').run(roomId)
+        db.prepare('DELETE FROM gc_context_snapshots WHERE roomId = ?').run(roomId)
+        db.prepare('DELETE FROM gc_rooms WHERE id = ?').run(roomId)
+    }
+
+    // ─── Room Members ──────────────────────────────────────
+
+    getRoomMembers(roomId: string): { id: string; userId: string; name: string; description: string; joinedAt: number }[] {
+        return (this.db()?.prepare(
+            `SELECT m.id, m.userId, m.userName as name, m.description, m.joinedAt
+             FROM gc_room_members m
+             WHERE m.roomId = ?
+               AND NOT EXISTS (
+                 SELECT 1 FROM gc_room_agents a
+                 WHERE a.roomId = m.roomId
+                   AND (a.agentId = m.userId OR (m.userId NOT GLOB '????????-????-????-????-????????????' AND COALESCE(m.description, '') = '' AND a.name = m.userName))
+               )
+             ORDER BY m.joinedAt`
+        ).all(roomId) || []) as unknown as { id: string; userId: string; name: string; description: string; joinedAt: number }[]
+    }
+
+    removeRoomMembersForAgent(roomId: string, agent: Pick<RoomAgent, 'agentId' | 'name'>): void {
+        this.db()?.prepare(
+            `DELETE FROM gc_room_members
+             WHERE roomId = ?
+               AND (userId = ? OR (userId NOT GLOB '????????-????-????-????-????????????' AND COALESCE(description, '') = '' AND userName = ?))`
+        ).run(roomId, agent.agentId, agent.name)
+    }
+
+    addRoomMember(roomId: string, userId: string, userName: string, description: string): void {
+        const existing = this.getMemberByUserId(roomId, userId)
+        if (existing) {
+            // Update name/description on rejoin, refresh updatedAt
+            this.db()?.prepare(
+                'UPDATE gc_room_members SET userName = ?, description = ?, updatedAt = ? WHERE roomId = ? AND userId = ?'
+            ).run(userName, description, Date.now(), roomId, userId)
+            return
+        }
+        const id = Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+        const now = Date.now()
+        this.db()?.prepare(
+            'INSERT INTO gc_room_members (id, roomId, userId, userName, description, joinedAt, updatedAt) VALUES (?, ?, ?, ?, ?, ?, ?)'
+        ).run(id, roomId, userId, userName, description, now, now)
+    }
+
+    getMemberByUserId(roomId: string, userId: string): Member | null {
+        return (this.db()?.prepare(
+            'SELECT id, userId, userName as name, description, joinedAt FROM gc_room_members WHERE roomId = ? AND userId = ?'
+        ).get(roomId, userId) as any) ?? null
+    }
+
+    updateMemberActivity(roomId: string, userId: string): void {
+        this.db()?.prepare(
+            'UPDATE gc_room_members SET updatedAt = ? WHERE roomId = ? AND userId = ?'
+        ).run(Date.now(), roomId, userId)
+    }
+}
+
+export async function drainPendingSessionDeletes(profileName: string): Promise<PendingSessionDeleteDrainResult> {
+    const deleterResult = await SessionDeleter.getInstance().drain(profileName)
+    return {
+        deleted: deleterResult.deleted,
+        failed: deleterResult.failed.map(id => ({ sessionId: id, error: 'unknown' })),
+    }
+}
+
+// ─── ChatRoom (in-memory, for online members) ─────────────────
+
+class ChatRoom {
+    readonly id: string
+    name: string
+    readonly members = new Map<string, Member>()
+
+    constructor(id: string, name?: string) {
+        this.id = id
+        this.name = name || id
+    }
+
+    addOrUpdateMember(socketId: string, userId: string, name: string, description: string, source: 'human' | 'agent' = 'human'): Member {
+        const existing = this.members.get(userId)
+        if (existing) {
+            existing.name = name
+            existing.description = description
+            existing.online = true
+            existing.socketId = socketId
+            existing.source = source
+            return existing
+        }
+        const member: Member = { id: socketId, userId, name, description, joinedAt: Date.now(), online: true, socketId, source }
+        this.members.set(userId, member)
+        return member
+    }
+
+    removeMember(socketId: string): void {
+        for (const member of this.members.values()) {
+            if (member.socketId === socketId) {
+                member.online = false
+                break
+            }
+        }
+    }
+
+    getMembersList(): Member[] {
+        return Array.from(this.members.values()).filter(member => member.source !== 'agent')
+    }
+
+    getOnlineMemberBySocketId(socketId: string): Member | undefined {
+        for (const member of this.members.values()) {
+            if (member.socketId === socketId && member.online) return member
+        }
+        return undefined
+    }
+
+    hasOnlineMember(socketId: string): boolean {
+        return this.getOnlineMemberBySocketId(socketId) !== undefined
+    }
+}
+
+// ─── GroupChat Server ────────────────────────────────────────
+
+export class GroupChatServer {
+    private io: Server
+    private nsp: Namespace
+    private storage: ChatStorage
+    private rooms = new Map<string, ChatRoom>()
+    /** Map: socket.id → persistent userId */
+    private socketUserMap = new Map<string, string>()
+    /** Map: userId → { name, description } (from auth) */
+    private userInfoMap = new Map<string, { name: string; description: string }>()
+    /** Map: socket.id → requested participant source from handshake */
+    private socketRequestedSourceMap = new Map<string, 'human' | 'agent'>()
+    readonly agentClients = new AgentClients()
+    private _contextEngine: ContextEngine | null = null
+    private _restoreScheduled = false
+    /** roomId -> (userId -> { userName, timer }) */
+    private typingState = new Map<string, Map<string, { userName: string; timer: ReturnType<typeof setTimeout> }>>()
+    /** roomId -> (agentName -> { agentName, status }) */
+    private contextStatusState = new Map<string, Map<string, { agentName: string; status: string }>>()
+
+    constructor(httpServers: HttpServer | HttpServer[]) {
+        this.storage = new ChatStorage()
+        this.storage.init()
+        const servers = Array.isArray(httpServers) ? httpServers : [httpServers]
+
+        this.io = new Server(servers[0], {
+            cors: { origin: '*' },
+            pingInterval: 25_000,
+            pingTimeout: 90_000,
+            connectionStateRecovery: {
+                maxDisconnectionDuration: 2 * 60_000,
+                skipMiddlewares: true,
+            },
+        })
+        servers.slice(1).forEach((httpServer) => this.io.attach(httpServer))
+        this.nsp = this.io.of('/group-chat')
+        this.nsp.use(this.authMiddleware.bind(this))
+        this.nsp.on('connection', this.onConnection.bind(this))
+
+        // Restore persisted rooms into memory
+        this.storage.getAllRooms().forEach((row) => {
+            this.rooms.set(row.id, new ChatRoom(row.id, row.name))
+        })
+
+        logger.info('[GroupChat] Socket.IO ready at /group-chat')
+
+        // Initialize context engine for group chat compression
+        const contextEngine = new ContextEngine({
+            messageFetcher: this.storage,
+            sessionCleaner: async (sessionId: string) => {
+                // TODO: re-enable session deletion after confirming it doesn't
+                // accidentally remove user-created sessions outside group chat.
+                // try {
+                //     const profile = this.storage.getSessionProfile(sessionId)
+                //     const profileName = profile?.profile_name || 'default'
+                //     this.storage.enqueuePendingSessionDelete(sessionId, profileName)
+                // } catch (err: any) {
+                //     logger.warn(`[GroupChat] failed to enqueue compression session delete ${sessionId}: ${err.message}`)
+                // }
+            },
+        })
+        this.agentClients.setContextEngine(contextEngine)
+        this.agentClients.setStorage(this.storage)
+        this._contextEngine = contextEngine
+
+        // Restore agent connections — call restoreAgents() after server is listening
+        this._restoreScheduled = false
+    }
+
+    getIO(): Server {
+        return this.io
+    }
+
+    getStorage(): ChatStorage {
+        return this.storage
+    }
+
+    getContextEngine(): ContextEngine | null {
+        return this._contextEngine || null
+    }
+
+    getRoomIds(): string[] {
+        return Array.from(this.rooms.keys())
+    }
+
+    clearRoomRuntimeState(roomId: string): void {
+        const roomTyping = this.typingState.get(roomId)
+        if (roomTyping) {
+            for (const entry of roomTyping.values()) clearTimeout(entry.timer)
+            this.typingState.delete(roomId)
+        }
+        this.contextStatusState.delete(roomId)
+        this.agentClients.resetRoomContext(roomId)
+        this.nsp.to(roomId).emit('room_cleared', { roomId, totalTokens: 0 })
+        this.nsp.to(roomId).emit('room_updated', { roomId, totalTokens: 0 })
+    }
+
+    // ─── Restore Agents ─────────────────────────────────────────
+
+    /**
+     * Restore persisted agent connections. Safe to call multiple times;
+     * will only execute once.
+     */
+    async restoreWhenReady(): Promise<void> {
+        if (this._restoreScheduled) return
+        this._restoreScheduled = true
+        await this.restoreAgents()
+    }
+
+    private async restoreAgents(): Promise<void> {
+        const rooms = this.storage.getAllRooms()
+        let total = 0
+
+        for (const room of rooms) {
+            const agents = this.storage.getRoomAgents(room.id)
+            for (const agent of agents) {
+                try {
+                    const client = await this.agentClients.createAgent({
+                        agentId: agent.agentId,
+                        profile: agent.profile,
+                        name: agent.name,
+                        description: agent.description,
+                        invited: agent.invited,
+                    })
+                    await this.agentClients.addAgentToRoom(room.id, client)
+                    total++
+                } catch (err: any) {
+                    logger.error(`[GroupChat] Failed to restore agent ${agent.name} in room ${room.id}: ${err.message}`)
+                }
+            }
+        }
+
+        if (total > 0) {
+            logger.info(`[GroupChat] Restored ${total} agent(s) across ${rooms.length} room(s)`)
+        }
+    }
+
+    // ─── Auth ───────────────────────────────────────────────────
+
+    private async authMiddleware(socket: Socket, next: (err?: Error) => void): Promise<void> {
+        const auth = socket.handshake.auth as { source?: string; agentSocketSecret?: string; token?: string }
+        const isAgentSocket = auth.source === 'agent' && auth.agentSocketSecret === GROUP_CHAT_AGENT_SOCKET_SECRET
+        if (isAgentSocket) {
+            next()
+            return
+        }
+
+        const token = auth.token || socket.handshake.query.token || ''
+        if (await isAuthEnabled() && !await authenticateUserToken(String(token))) {
+            return next(new Error('Unauthorized'))
+        }
+        next()
+    }
+
+    // ─── Connection ─────────────────────────────────────────────
+
+    private onConnection(socket: Socket): void {
+        const auth = socket.handshake.auth as { userId?: string; name?: string; description?: string; source?: string; agentSocketSecret?: string }
+        const userId = auth.userId || socket.id
+        const userName = auth.name || `User-${userId.slice(0, 6)}`
+        const description = auth.description || ''
+        const requestedSource = auth.source === 'agent' && auth.agentSocketSecret === GROUP_CHAT_AGENT_SOCKET_SECRET ? 'agent' : 'human'
+
+        this.socketUserMap.set(socket.id, userId)
+        this.socketRequestedSourceMap.set(socket.id, requestedSource)
+        this.userInfoMap.set(userId, { name: userName, description })
+
+        logger.debug(`[GroupChat] Connected: ${userName} (socket=${socket.id}, user=${userId})`)
+
+        socket.on('join', (data: { roomId?: string; name?: string }, ack?: (response?: unknown) => void) => this.handleJoin(socket, data, ack))
+        socket.on('message', (data: Partial<ChatMessage> & { roomId?: string; content: string | Array<Record<string, unknown>>; id?: string; mentionDepth?: number }, ack?: (response?: unknown) => void) => this.handleMessage(socket, data, ack))
+        socket.on('message_stream_start', (data: { roomId?: string; id?: string; senderId?: string; senderName?: string; timestamp?: number }) => this.handleMessageStreamStart(socket, data))
+        socket.on('message_stream_delta', (data: { roomId?: string; id?: string; delta?: string }) => this.handleMessageStreamDelta(socket, data))
+        socket.on('message_reasoning_delta', (data: { roomId?: string; id?: string; delta?: string }) => this.handleMessageReasoningDelta(socket, data))
+        socket.on('message_stream_end', (data: { roomId?: string; id?: string }) => this.handleMessageStreamEnd(socket, data))
+        socket.on('typing', (data: { roomId?: string }) => this.handleTyping(socket, data))
+        socket.on('stop_typing', (data: { roomId?: string }) => this.handleStopTyping(socket, data))
+        socket.on('context_status', (data: { roomId?: string; agentName?: string; status?: string }) => this.handleContextStatus(socket, data))
+        socket.on('interrupt_agent', (data: { roomId?: string; agentName?: string }, ack?: (response?: unknown) => void) => this.handleInterruptAgent(socket, data, ack))
+        socket.on('approval.requested', (data: { roomId?: string; agentName?: string; approval_id?: string; command?: string; description?: string; choices?: string[]; allow_permanent?: boolean }) => this.handleApprovalRequested(socket, data))
+        socket.on('approval.resolved', (data: { roomId?: string; agentName?: string; approval_id?: string; choice?: string }) => this.handleApprovalResolved(socket, data))
+        socket.on('approval.respond', (data: { roomId?: string; approval_id?: string; choice?: string }, ack?: (response?: unknown) => void) => this.handleApprovalRespond(socket, data, ack))
+        socket.on('disconnect', () => this.handleDisconnect(socket))
+    }
+
+    // ─── Handlers ───────────────────────────────────────────────
+
+    private handleJoin(socket: Socket, data: { roomId?: string; name?: string; description?: string }, ack?: (res: any) => void): void {
+        const socketId = socket.id
+        const userId = this.socketUserMap.get(socketId) || socketId
+        const requestedSource = this.socketRequestedSourceMap.get(socketId) || 'human'
+        const roomId = data.roomId || 'general'
+        const roomAgent = this.storage.getRoomAgentByAgentId(roomId, userId)
+        const source = requestedSource === 'agent' && roomAgent ? 'agent' : 'human'
+        if (source === 'human' && roomAgent) {
+            ack?.({ error: 'Reserved member identity' })
+            return
+        }
+        const existingMember = this.storage.getMemberByUserId(roomId, userId)
+        const userInfo = this.userInfoMap.get(userId) || {
+            name: existingMember?.name || `User-${userId.slice(0, 6)}`,
+            description: existingMember?.description || '',
+        }
+        const userName = data.name || existingMember?.name || userInfo.name
+        const description = data.description || existingMember?.description || userInfo.description
+
+        // Update stored user info
+        this.userInfoMap.set(userId, { name: userName, description })
+
+        let room = this.rooms.get(roomId)
+        if (!room) {
+            room = new ChatRoom(roomId)
+            this.rooms.set(roomId, room)
+            this.storage.saveRoom(roomId, roomId)
+        }
+
+        // Persist only human members. Agent sockets are runtime participants
+        // tracked through gc_room_agents and AgentClients; storing them in
+        // gc_room_members makes member counts grow on reconnect/restore.
+        if (source !== 'agent') {
+            this.storage.addRoomMember(roomId, userId, userName, description)
+        }
+
+        // Add to in-memory online participants (keyed by userId)
+        room.addOrUpdateMember(socketId, userId, userName, description, source)
+        socket.join(roomId)
+
+        if (source !== 'agent') {
+            socket.to(roomId).emit('member_joined', {
+                roomId,
+                memberId: userId,
+                memberName: userName,
+                members: room.getMembersList(),
+            })
+        }
+
+        // Load history from SQLite
+        const messages = this.storage.getMessages(roomId)
+        const agents = this.storage.getRoomAgents(roomId)
+
+        ack?.({
+            roomId,
+            roomName: room.name,
+            members: room.getMembersList(),
+            messages,
+            agents,
+            rooms: this.getRoomIds(),
+            typingUsers: this.getTypingUsers(roomId),
+            contextStatuses: this.getContextStatuses(roomId),
+        })
+
+        logger.debug(`[GroupChat] ${userName} (user=${userId}) joined room: ${roomId}`)
+    }
+
+    private handleMessage(socket: Socket, data: Partial<ChatMessage> & { roomId?: string; content: string | Array<Record<string, unknown>>; id?: string; mentionDepth?: number }, ack?: (res: any) => void): void {
+        const socketId = socket.id
+        const roomId = data.roomId || 'general'
+        const room = this.rooms.get(roomId)
+
+        if (!room || !room.hasOnlineMember(socketId)) {
+            ack?.({ error: 'Not in room' })
+            return
+        }
+
+        const member = room.getOnlineMemberBySocketId(socketId)
+        const userId = member?.userId || socketId
+        const userName = member?.name || `User-${socketId.slice(0, 6)}`
+
+        const msg: ChatMessage = {
+            id: this.normalizeClientMessageId(data.id) || this.generateId(),
+            roomId,
+            senderId: userId,
+            senderName: userName,
+            content: contentToStorageString(data.content),
+            timestamp: this.normalizeMessageTimestamp(data.timestamp, data.role),
+            role: normalizeMessageRole(data.role),
+            tool_call_id: data.tool_call_id ?? null,
+            tool_calls: Array.isArray(data.tool_calls) ? data.tool_calls : null,
+            tool_name: data.tool_name ?? null,
+            finish_reason: data.finish_reason ?? null,
+            reasoning: data.reasoning ?? null,
+            reasoning_details: data.reasoning_details ?? null,
+            reasoning_content: data.reasoning_content ?? null,
+        }
+
+        const saved = this.storage.saveMessageAndRefreshRoom(msg)
+        const savedMsg = saved.message
+        const totalTokens = saved.totalTokens
+
+        this.nsp.to(roomId).emit('message', savedMsg)
+        this.nsp.to(roomId).emit('room_updated', { roomId, totalTokens })
+        ack?.({ id: savedMsg.id })
+
+        const mentionDepth = normalizeMentionDepth(data.mentionDepth)
+        const isAgentReply = savedMsg.role === 'assistant' && member?.source === 'agent'
+        const shouldRouteMentions = savedMsg.role === 'user' ||
+            (isAgentReply && mentionDepth < maxAgentMentionDepth())
+
+        if (shouldRouteMentions) {
+            // Server-side @mention routing — parse mentions and invoke agents directly.
+            // Agent replies are allowed to mention other agents, but mentionDepth
+            // bounds chained agent-to-agent handoffs so one prompt cannot loop forever.
+            this.agentClients.processMentions(roomId, {
+                content: contentToText(savedMsg.content),
+                input: Array.isArray(data.content) ? data.content : undefined,
+                senderName: savedMsg.senderName,
+                senderId: savedMsg.senderId,
+                timestamp: savedMsg.timestamp,
+                mentionDepth,
+            }).catch((err) => {
+                logger.error(`[GroupChat] processMentions error: ${err.message}`)
+            })
+        }
+    }
+
+    private handleMessageStreamStart(socket: Socket, data: { roomId?: string; id?: string; senderId?: string; senderName?: string; timestamp?: number }): void {
+        const roomId = data.roomId || 'general'
+        const room = this.rooms.get(roomId)
+        if (!room || !room.hasOnlineMember(socket.id)) return
+        const id = this.normalizeClientMessageId(data.id)
+        if (!id) return
+
+        const member = room.getOnlineMemberBySocketId(socket.id)
+        this.nsp.to(roomId).emit('message_stream_start', {
+            id,
+            roomId,
+            senderId: data.senderId || member?.userId || socket.id,
+            senderName: data.senderName || member?.name || `User-${socket.id.slice(0, 6)}`,
+            content: '',
+            timestamp: data.timestamp || Date.now(),
+            role: 'assistant',
+            finish_reason: 'streaming',
+        })
+    }
+
+    private handleMessageStreamDelta(socket: Socket, data: { roomId?: string; id?: string; delta?: string }): void {
+        const roomId = data.roomId || 'general'
+        const room = this.rooms.get(roomId)
+        if (!room || !room.hasOnlineMember(socket.id)) return
+        const id = this.normalizeClientMessageId(data.id)
+        if (!id || !data.delta) return
+        this.nsp.to(roomId).emit('message_stream_delta', {
+            roomId,
+            id,
+            delta: String(data.delta),
+        })
+    }
+
+    private handleMessageReasoningDelta(socket: Socket, data: { roomId?: string; id?: string; delta?: string }): void {
+        const roomId = data.roomId || 'general'
+        const room = this.rooms.get(roomId)
+        if (!room || !room.hasOnlineMember(socket.id)) return
+        const id = this.normalizeClientMessageId(data.id)
+        if (!id || !data.delta) return
+        this.nsp.to(roomId).emit('message_reasoning_delta', {
+            roomId,
+            id,
+            delta: String(data.delta),
+        })
+    }
+
+    private handleMessageStreamEnd(socket: Socket, data: { roomId?: string; id?: string }): void {
+        const roomId = data.roomId || 'general'
+        const room = this.rooms.get(roomId)
+        if (!room || !room.hasOnlineMember(socket.id)) return
+        const id = this.normalizeClientMessageId(data.id)
+        if (!id) return
+        this.nsp.to(roomId).emit('message_stream_end', { roomId, id })
+    }
+
+    private handleTyping(socket: Socket, data: { roomId?: string }): void {
+        const roomId = data.roomId || 'general'
+        const userId = this.socketUserMap.get(socket.id) || socket.id
+        const userName = this.userInfoMap.get(userId)?.name || `User-${socket.id.slice(0, 6)}`
+
+        // Track typing state for rejoin recovery
+        let roomTyping = this.typingState.get(roomId)
+        if (!roomTyping) {
+            roomTyping = new Map()
+            this.typingState.set(roomId, roomTyping)
+        }
+        const existing = roomTyping.get(userId)
+        if (existing) clearTimeout(existing.timer)
+        roomTyping.set(userId, {
+            userName,
+            timer: setTimeout(() => {
+                roomTyping!.delete(userId)
+                if (roomTyping!.size === 0) this.typingState.delete(roomId)
+            }, 30000),
+        })
+
+        socket.to(roomId).emit('typing', {
+            roomId,
+            userId,
+            userName,
+        })
+    }
+
+    private handleStopTyping(socket: Socket, data: { roomId?: string }): void {
+        const roomId = data.roomId || 'general'
+        const userId = this.socketUserMap.get(socket.id) || socket.id
+
+        // Remove from typing state
+        const roomTyping = this.typingState.get(roomId)
+        if (roomTyping) {
+            const entry = roomTyping.get(userId)
+            if (entry) clearTimeout(entry.timer)
+            roomTyping.delete(userId)
+            if (roomTyping.size === 0) this.typingState.delete(roomId)
+        }
+
+        socket.to(roomId).emit('stop_typing', {
+            roomId,
+            userId,
+        })
+    }
+
+    private handleContextStatus(socket: Socket, data: { roomId?: string; agentName?: string; status?: string; totalTokens?: number }): void {
+        const roomId = data.roomId || 'general'
+        const agentName = data.agentName || ''
+        const status = data.status || ''
+
+        if (!agentName) return
+
+        let roomStatuses = this.contextStatusState.get(roomId)
+        if (!roomStatuses) {
+            roomStatuses = new Map()
+            this.contextStatusState.set(roomId, roomStatuses)
+        }
+
+        if (status === 'ready') {
+            roomStatuses.delete(agentName)
+            if (roomStatuses.size === 0) this.contextStatusState.delete(roomId)
+        } else {
+            roomStatuses.set(agentName, { agentName, status })
+        }
+
+        // Relay to all other sockets in the room
+        socket.to(roomId).emit('context_status', {
+            roomId,
+            agentName,
+            status,
+        })
+
+        if (typeof data.totalTokens === 'number' && Number.isFinite(data.totalTokens) && data.totalTokens >= 0) {
+            this.storage.updateRoomTotalTokens(roomId, Math.floor(data.totalTokens))
+            this.nsp.to(roomId).emit('room_updated', { roomId, totalTokens: Math.floor(data.totalTokens) })
+        }
+    }
+
+    private async handleInterruptAgent(socket: Socket, data: { roomId?: string; agentName?: string }, ack?: (response?: unknown) => void): Promise<void> {
+        const roomId = data.roomId
+        const agentName = data.agentName
+        if (!roomId || !agentName) {
+            ack?.({ error: 'roomId and agentName are required' })
+            return
+        }
+        const room = this.rooms.get(roomId)
+        if (!room?.hasOnlineMember(socket.id)) {
+            ack?.({ error: 'Not in room' })
+            return
+        }
+        try {
+            await this.agentClients.interruptAgent(roomId, agentName)
+            this.nsp.to(roomId).emit('context_status', { roomId, agentName, status: 'ready' })
+            ack?.({ ok: true })
+        } catch (err: any) {
+            logger.warn(`[GroupChat] failed to interrupt agent ${agentName} in room ${roomId}: ${err.message}`)
+            ack?.({ error: err.message || 'interrupt failed' })
+        }
+    }
+
+    private handleApprovalRequested(socket: Socket, data: { roomId?: string; agentName?: string; approval_id?: string; command?: string; description?: string; choices?: string[]; allow_permanent?: boolean }): void {
+        const roomId = data.roomId
+        if (!roomId || !data.approval_id) return
+        this.nsp.to(roomId).emit('approval.requested', {
+            event: 'approval.requested',
+            roomId,
+            agentName: data.agentName || '',
+            approval_id: data.approval_id,
+            command: data.command || '',
+            description: data.description || '',
+            choices: Array.isArray(data.choices) ? data.choices : ['once', 'session', 'deny'],
+            allow_permanent: Boolean(data.allow_permanent),
+        })
+    }
+
+    private handleApprovalResolved(socket: Socket, data: { roomId?: string; agentName?: string; approval_id?: string; choice?: string }): void {
+        const roomId = data.roomId
+        if (!roomId || !data.approval_id) return
+        this.nsp.to(roomId).emit('approval.resolved', {
+            event: 'approval.resolved',
+            roomId,
+            agentName: data.agentName || '',
+            approval_id: data.approval_id,
+            choice: data.choice || '',
+        })
+    }
+
+    private async handleApprovalRespond(socket: Socket, data: { roomId?: string; approval_id?: string; choice?: string }, ack?: (response?: unknown) => void): Promise<void> {
+        const roomId = data.roomId
+        if (!roomId || !data.approval_id) {
+            ack?.({ error: 'roomId and approval_id are required' })
+            return
+        }
+        const room = this.rooms.get(roomId)
+        if (!room?.hasOnlineMember(socket.id)) {
+            ack?.({ error: 'Not in room' })
+            return
+        }
+        try {
+            const result = await new AgentBridgeClient().approvalRespond(data.approval_id, data.choice || 'deny')
+            ack?.({ ok: true, resolved: Boolean((result as any)?.resolved) })
+        } catch (err: any) {
+            logger.warn(`[GroupChat] failed to respond approval ${data.approval_id}: ${err.message}`)
+            ack?.({ error: err.message || 'approval response failed' })
+        }
+    }
+
+    private handleDisconnect(socket: Socket): void {
+        const socketId = socket.id
+        const userId = this.socketUserMap.get(socketId)
+        const userName = userId ? this.userInfoMap.get(userId)?.name : undefined
+
+        logger.debug(`[GroupChat] Disconnected: ${userName || socketId} (socket=${socketId}, user=${userId || socketId})`)
+
+        // Clean up typing state for this socket
+        for (const [roomId, roomTyping] of this.typingState) {
+            const entry = roomTyping.get(userId || socketId)
+            if (entry) {
+                clearTimeout(entry.timer)
+                roomTyping.delete(userId || socketId)
+                if (roomTyping.size === 0) this.typingState.delete(roomId)
+            }
+        }
+
+        this.leaveAllRooms(socket, socketId)
+        this.socketUserMap.delete(socketId)
+        this.socketRequestedSourceMap.delete(socketId)
+        // Don't delete userInfoMap — it persists across reconnects
+    }
+
+    // ─── Helpers ────────────────────────────────────────────────
+
+    private getTypingUsers(roomId: string): Array<{ userId: string; userName: string }> {
+        const roomTyping = this.typingState.get(roomId)
+        if (!roomTyping) return []
+        return Array.from(roomTyping.entries()).map(([userId, entry]) => ({ userId, userName: entry.userName }))
+    }
+
+    private getContextStatuses(roomId: string): Array<{ agentName: string; status: string }> {
+        const roomStatuses = this.contextStatusState.get(roomId)
+        if (!roomStatuses) return []
+        return Array.from(roomStatuses.values())
+    }
+
+    private leaveAllRooms(socket: Socket, socketId: string): void {
+        this.rooms.forEach((room, rid) => {
+            if (room.hasOnlineMember(socketId)) {
+                const member = room.getOnlineMemberBySocketId(socketId)
+                room.removeMember(socketId)
+                socket.leave(rid)
+                if (member?.source !== 'agent') {
+                    this.nsp.to(rid).emit('member_left', {
+                        roomId: rid,
+                        memberId: member?.userId || socketId,
+                        memberName: member?.name || `User-${socketId.slice(0, 6)}`,
+                        members: room.getMembersList(),
+                    })
+                }
+            }
+        })
+    }
+
+    private generateId(): string {
+        return Date.now().toString(36) + Math.random().toString(36).slice(2, 8)
+    }
+
+    private normalizeClientMessageId(id?: string): string | null {
+        const cleaned = String(id || '').trim()
+        if (!cleaned || cleaned.length > 160) return null
+        return /^[a-zA-Z0-9_-]+$/.test(cleaned) ? cleaned : null
+    }
+
+    private normalizeMessageTimestamp(timestamp?: unknown, role?: unknown): number {
+        const normalizedRole = normalizeMessageRole(role)
+        if (normalizedRole !== 'user') {
+            const value = Number(timestamp)
+            if (Number.isFinite(value) && value > 0) return value
+        }
+        return Date.now()
+    }
+}
diff --git a/packages/server/src/services/hermes/group-chat/mention-routing.ts b/packages/server/src/services/hermes/group-chat/mention-routing.ts
new file mode 100644
index 0000000..f5d2e95
--- /dev/null
+++ b/packages/server/src/services/hermes/group-chat/mention-routing.ts
@@ -0,0 +1,103 @@
+export const ALL_AGENTS_MENTION = 'all'
+
+type MentionableAgent = {
+    name: string
+    id?: string
+    agentId?: string
+}
+
+type MentionRange = {
+    start: number
+    end: number
+}
+
+const BEFORE_BOUNDARY = new Set(['(', '[', '{', '<'])
+const AFTER_BOUNDARY = new Set(['.', ',', '!', '?', ';', ':', '，', '。', '！', '？', '；', '：', ')', ']', '}', '>'])
+
+export function escapeMentionName(name: string): string {
+    return name.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+}
+
+export function isReservedMentionName(name: string): boolean {
+    return name.trim().toLowerCase() === ALL_AGENTS_MENTION
+}
+
+function isBeforeBoundary(char: string | undefined): boolean {
+    return char === undefined || /\s/.test(char) || BEFORE_BOUNDARY.has(char)
+}
+
+function isAfterBoundary(char: string | undefined): boolean {
+    return char === undefined || /\s/.test(char) || AFTER_BOUNDARY.has(char)
+}
+
+function findMentionRanges(content: string, mentionName: string): MentionRange[] {
+    if (!content || !mentionName) return []
+
+    const contentLower = content.toLowerCase()
+    const mentionLower = mentionName.toLowerCase()
+    const ranges: MentionRange[] = []
+    let fromIndex = 0
+
+    while (fromIndex < content.length) {
+        const atIndex = contentLower.indexOf(`@${mentionLower}`, fromIndex)
+        if (atIndex === -1) break
+
+        const start = atIndex
+        const end = atIndex + mentionName.length + 1
+        if (isBeforeBoundary(content[start - 1]) && isAfterBoundary(content[end])) {
+            ranges.push({ start, end })
+        }
+        fromIndex = atIndex + 1
+    }
+
+    return ranges
+}
+
+export function isAgentMentioned(content: string, agentName: string): boolean {
+    return findMentionRanges(content, agentName).length > 0
+}
+
+export function isAllAgentsMentioned(content: string): boolean {
+    return isAgentMentioned(content, ALL_AGENTS_MENTION)
+}
+
+function isSenderAgent(agent: MentionableAgent, senderId: string): boolean {
+    return Boolean(senderId && (agent.id === senderId || agent.agentId === senderId))
+}
+
+export function resolveMentionTargets<T extends MentionableAgent>(
+    agents: T[],
+    content: string,
+    senderId: string,
+): T[] {
+    const candidates = agents.filter((agent) => !isSenderAgent(agent, senderId))
+
+    if (isAllAgentsMentioned(content)) {
+        return candidates
+    }
+
+    return candidates.filter((agent) => isAgentMentioned(content, agent.name))
+}
+
+export function stripMentionRoutingTokens(content: string, ownAgentName: string): string {
+    const rangesByKey = new Map<string, MentionRange>()
+    for (const range of [
+        ...findMentionRanges(content, ALL_AGENTS_MENTION),
+        ...findMentionRanges(content, ownAgentName),
+    ]) {
+        rangesByKey.set(`${range.start}:${range.end}`, range)
+    }
+
+    const ranges = [...rangesByKey.values()].sort((a, b) => b.start - a.start)
+
+    let result = content
+    for (const range of ranges) {
+        result = `${result.slice(0, range.start)}${result.slice(range.end)}`
+    }
+
+    return result
+        .replace(/^[\s,，:：;；.!?。！？]+/, '')
+        .replace(/[\s,，:：;；]+$/g, '')
+        .replace(/[ \t]{2,}/g, ' ')
+        .trim()
+}
diff --git a/packages/server/src/services/hermes/hermes-cli.ts b/packages/server/src/services/hermes/hermes-cli.ts
new file mode 100644
index 0000000..5d6456d
--- /dev/null
+++ b/packages/server/src/services/hermes/hermes-cli.ts
@@ -0,0 +1,810 @@
+import { execFile, spawn } from 'child_process'
+import { existsSync, readFileSync, unlinkSync } from 'fs'
+import { join } from 'path'
+import { promisify } from 'util'
+import YAML from 'js-yaml'
+import { logger } from '../logger'
+import { stripLegacyApiServerGatewayConfig, updateConfigYaml } from '../config-helpers'
+import { getActiveProfileDir, getActiveProfileName, getProfileDir, listProfileNamesFromDisk } from './hermes-profile'
+import { startGatewayRunManaged } from './gateway-runner'
+import { isGatewayRunningForProfile } from './gateway-autostart'
+import { parseProfileListRuntimeInfo, type ProfileListRuntimeInfo } from './profile-list-parser'
+import { execHermesWithBin, spawnHermesWithBin } from './hermes-process'
+
+const execFileAsync = promisify(execFile)
+
+const execOpts = { windowsHide: true }
+const isDocker = existsSync('/.dockerenv')
+const isTermux = !!process.env.TERMUX_VERSION ||
+  (process.env.PREFIX || '').includes('/com.termux/') ||
+  existsSync('/data/data/com.termux/files/usr')
+
+/**
+ * 解析 Hermes CLI 二进制路径
+ * 优先使用环境变量 HERMES_BIN，否则使用 PATH 中的 'hermes' 命令
+ */
+function resolveHermesBin(): string {
+  return process.env.HERMES_BIN?.trim() || 'hermes'
+}
+
+const HERMES_BIN = resolveHermesBin()
+
+async function waitForGatewayRunning(profileDir: string, timeoutMs = 15000): Promise<boolean> {
+  const deadline = Date.now() + timeoutMs
+  while (Date.now() < deadline) {
+    if (await isGatewayRunningForProfile(HERMES_BIN, profileDir)) return true
+    await new Promise(resolve => setTimeout(resolve, 500))
+  }
+  return false
+}
+
+async function stopGatewayForActiveProfile(): Promise<void> {
+  try {
+    await execHermesWithBin(HERMES_BIN, ['gateway', 'stop'], {
+      timeout: 30000,
+      ...activeGatewayExecOpts(),
+    })
+  } catch (err) {
+    logger.warn(err, 'hermes gateway stop before restart failed; continuing with run --replace')
+  }
+}
+
+function sleep(ms: number): Promise<void> {
+  return new Promise(resolve => setTimeout(resolve, ms))
+}
+
+function isProcessAlive(pid: number): boolean {
+  try {
+    process.kill(pid, 0)
+    return true
+  } catch (err: any) {
+    return err?.code === 'EPERM'
+  }
+}
+
+function readJsonPid(path: string): number | null {
+  if (!existsSync(path)) return null
+  try {
+    const data = JSON.parse(readFileSync(path, 'utf-8'))
+    const pid = typeof data?.pid === 'number' ? data.pid : parseInt(String(data?.pid || ''), 10)
+    return Number.isFinite(pid) && pid > 0 ? pid : null
+  } catch {
+    return null
+  }
+}
+
+function readGatewayLockPid(profileDir: string): number | null {
+  return readJsonPid(join(profileDir, 'gateway.lock'))
+}
+
+function readGatewayStatePid(profileDir: string): number | null {
+  const pid = readJsonPid(join(profileDir, 'gateway.pid'))
+  if (pid) return pid
+  const statePath = join(profileDir, 'gateway_state.json')
+  if (!existsSync(statePath)) return null
+  try {
+    const data = JSON.parse(readFileSync(statePath, 'utf-8'))
+    const state = data?.gateway_state
+    const statePid = typeof data?.pid === 'number' ? data.pid : parseInt(String(data?.pid || ''), 10)
+    return statePid && Number.isFinite(statePid) && statePid > 0 && (state === 'running' || state === 'starting')
+      ? statePid
+      : null
+  } catch {
+    return null
+  }
+}
+
+async function killWindowsPid(pid: number): Promise<void> {
+  if (!pid || process.platform !== 'win32') return
+  try {
+    await execFileAsync('taskkill', ['/PID', String(pid), '/T', '/F'], {
+      timeout: 5000,
+      windowsHide: true,
+    })
+  } catch (err) {
+    logger.warn(err, 'Failed to taskkill gateway PID %d; falling back to process.kill', pid)
+    try { process.kill(pid) } catch {}
+  }
+}
+
+function cleanupStaleGatewayLock(profileDir: string, allowMalformedDelete = false): boolean {
+  const lockPath = join(profileDir, 'gateway.lock')
+  if (!existsSync(lockPath)) return true
+  try {
+    const lockData = JSON.parse(readFileSync(lockPath, 'utf-8'))
+    const pid = Number(lockData?.pid)
+    if (Number.isFinite(pid) && pid > 0 && isProcessAlive(pid)) return false
+    unlinkSync(lockPath)
+    return true
+  } catch {
+    if (!allowMalformedDelete) return false
+    try {
+      unlinkSync(lockPath)
+      return true
+    } catch {
+      return false
+    }
+  }
+}
+
+async function waitForGatewayLockReleased(profileDir: string, timeoutMs = 15000, allowMalformedDelete = false): Promise<boolean> {
+  const deadline = Date.now() + timeoutMs
+  while (Date.now() < deadline) {
+    if (cleanupStaleGatewayLock(profileDir, allowMalformedDelete)) return true
+    await sleep(500)
+  }
+  return cleanupStaleGatewayLock(profileDir, allowMalformedDelete)
+}
+
+async function forceReleaseWindowsGatewayLock(profileDir: string): Promise<void> {
+  if (process.platform !== 'win32') return
+  const pids = new Set<number>()
+  const lockPid = readGatewayLockPid(profileDir)
+  const statePid = readGatewayStatePid(profileDir)
+  if (lockPid) pids.add(lockPid)
+  if (statePid) pids.add(statePid)
+
+  for (const pid of pids) {
+    if (isProcessAlive(pid)) {
+      logger.warn('Gateway lock is still held by PID %d; force killing Windows process tree', pid)
+      await killWindowsPid(pid)
+    }
+  }
+}
+
+async function waitForGatewayLockReleasedAfterStop(profileDir: string, timeoutMs = 15000): Promise<boolean> {
+  if (await waitForGatewayLockReleased(profileDir, timeoutMs)) return true
+  await forceReleaseWindowsGatewayLock(profileDir)
+  return waitForGatewayLockReleased(profileDir, 5000, true)
+}
+
+function activeGatewayExecOpts() {
+  return {
+    ...execOpts,
+    env: {
+      ...process.env,
+      HERMES_HOME: getActiveProfileDir(),
+    },
+  }
+}
+
+async function clearLegacyApiServerGatewayConfig(): Promise<void> {
+  try {
+    await updateConfigYaml((config) => {
+      const result = stripLegacyApiServerGatewayConfig(config)
+      return { data: result.config, result: undefined, write: result.changed }
+    })
+  } catch (err) {
+    logger.warn(err, 'Failed to clear legacy api_server gateway config before restart')
+  }
+}
+
+export interface HermesSession {
+  id: string
+  source: string
+  user_id: string | null
+  model: string
+  title: string | null
+  started_at: number
+  ended_at: number | null
+  end_reason: string | null
+  message_count: number
+  tool_call_count: number
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens: number
+  cache_write_tokens: number
+  reasoning_tokens: number
+  billing_provider: string | null
+  estimated_cost_usd: number
+  actual_cost_usd: number | null
+  cost_status: string
+  messages?: any[]
+}
+
+export interface HermesSessionFull {
+  id: string
+  source: string
+  user_id: string | null
+  model: string
+  title: string | null
+  started_at: number
+  ended_at: number | null
+  end_reason: string | null
+  message_count: number
+  tool_call_count: number
+  input_tokens: number
+  output_tokens: number
+  cache_read_tokens?: number
+  cache_write_tokens?: number
+  reasoning_tokens?: number
+  billing_provider: string | null
+  estimated_cost_usd: number
+  actual_cost_usd?: number | null
+  cost_status?: string
+  messages?: any[]
+  system_prompt?: string
+  model_config?: string
+  cost_source?: string
+  pricing_version?: string | null
+  [key: string]: any
+}
+
+function parseSessionExport(stdout: string): HermesSessionFull[] {
+  const lines = stdout.trim().split('\n').filter(Boolean)
+  const sessions: HermesSessionFull[] = []
+  for (const line of lines) {
+    try {
+      const raw: HermesSessionFull = JSON.parse(line)
+      sessions.push(raw)
+    } catch {
+      // Skip non-JSON lines such as "Session 'x' not found."
+    }
+  }
+  return sessions
+}
+
+export async function exportSessionsRaw(source?: string): Promise<HermesSessionFull[]> {
+  const args = ['sessions', 'export', '-']
+  if (source) args.push('--source', source)
+
+  try {
+    const { stdout } = await execHermesWithBin(HERMES_BIN, args, {
+      maxBuffer: 50 * 1024 * 1024, // 50MB
+      timeout: 30000,
+      ...execOpts,
+    })
+    return parseSessionExport(stdout)
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: sessions export failed')
+    throw new Error(`Failed to list sessions: ${err.message}`)
+  }
+}
+
+/**
+ * List sessions from Hermes CLI (without messages)
+ */
+export async function listSessions(source?: string, limit?: number): Promise<HermesSession[]> {
+  const raws = await exportSessionsRaw(source)
+  const sessions: HermesSession[] = []
+
+  for (const raw of raws) {
+    let title = raw.title
+    if (!title && raw.messages) {
+      const firstUser = raw.messages.find((m: any) => m.role === 'user')
+      if (firstUser?.content) {
+        const t = String(firstUser.content).slice(0, 40)
+        title = t + (String(firstUser.content).length > 40 ? '...' : '')
+      }
+    }
+    sessions.push({
+      id: raw.id,
+      source: raw.source,
+      user_id: raw.user_id,
+      model: raw.model,
+      title,
+      started_at: raw.started_at,
+      ended_at: raw.ended_at,
+      end_reason: raw.end_reason,
+      message_count: raw.message_count,
+      tool_call_count: raw.tool_call_count,
+      input_tokens: raw.input_tokens,
+      output_tokens: raw.output_tokens,
+      cache_read_tokens: raw.cache_read_tokens || 0,
+      cache_write_tokens: raw.cache_write_tokens || 0,
+      reasoning_tokens: raw.reasoning_tokens || 0,
+      billing_provider: raw.billing_provider,
+      estimated_cost_usd: raw.estimated_cost_usd,
+      actual_cost_usd: raw.actual_cost_usd ?? null,
+      cost_status: raw.cost_status || '',
+    })
+  }
+
+  // Sort by started_at descending
+  sessions.sort((a, b) => b.started_at - a.started_at)
+
+  if (limit && limit > 0) {
+    return sessions.slice(0, limit)
+  }
+  return sessions
+}
+
+/**
+ * Get a single session with messages from Hermes CLI
+ */
+export async function getSession(id: string): Promise<HermesSession | null> {
+  const args = ['sessions', 'export', '-', '--session-id', id]
+
+  try {
+    const { stdout } = await execHermesWithBin(HERMES_BIN, args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+
+    const raws = parseSessionExport(stdout)
+    if (raws.length === 0) return null
+
+    const raw: HermesSessionFull = raws[0]
+    return {
+      id: raw.id,
+      source: raw.source,
+      user_id: raw.user_id,
+      model: raw.model,
+      title: raw.title,
+      started_at: raw.started_at,
+      ended_at: raw.ended_at,
+      end_reason: raw.end_reason,
+      message_count: raw.message_count,
+      tool_call_count: raw.tool_call_count,
+      input_tokens: raw.input_tokens,
+      output_tokens: raw.output_tokens,
+      cache_read_tokens: raw.cache_read_tokens || 0,
+      cache_write_tokens: raw.cache_write_tokens || 0,
+      reasoning_tokens: raw.reasoning_tokens || 0,
+      billing_provider: raw.billing_provider,
+      estimated_cost_usd: raw.estimated_cost_usd,
+      actual_cost_usd: raw.actual_cost_usd ?? null,
+      cost_status: raw.cost_status || '',
+      messages: raw.messages,
+    }
+  } catch (err: any) {
+    if (err.code === 1 || err.status === 1) return null
+    logger.error(err, 'Hermes CLI: session export failed')
+    throw new Error(`Failed to get session: ${err.message}`)
+  }
+}
+
+/**
+ * Delete a session from Hermes CLI
+ */
+export async function deleteSession(id: string): Promise<boolean> {
+  try {
+    await execHermesWithBin(HERMES_BIN, ['sessions', 'delete', id, '--yes'], {
+      timeout: 10000,
+      ...execOpts,
+    })
+    return true
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: session delete failed')
+    return false
+  }
+}
+
+/**
+ * Delete a session from a specific Hermes profile.
+ */
+export async function deleteSessionForProfile(id: string, profile: string): Promise<boolean> {
+  try {
+    await execHermesWithBin(HERMES_BIN, ['sessions', 'delete', id, '--yes'], {
+      timeout: 10000,
+      ...execOpts,
+      env: {
+        ...process.env,
+        HERMES_HOME: getProfileDir(profile),
+      },
+    })
+    return true
+  } catch (err: any) {
+    logger.error({ err, sessionId: id, profile }, 'Hermes CLI: profile session delete failed')
+    return false
+  }
+}
+
+/**
+ * Rename a session title via Hermes CLI
+ */
+export async function renameSession(id: string, title: string): Promise<boolean> {
+  try {
+    await execHermesWithBin(HERMES_BIN, ['sessions', 'rename', id, title], {
+      timeout: 10000,
+      ...execOpts,
+    })
+    return true
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: session rename failed')
+    return false
+  }
+}
+
+export interface LogFileInfo {
+  name: string
+  size: string
+  modified: string
+}
+
+/**
+ * Get Hermes version
+ */
+export async function getVersion(): Promise<string> {
+  try {
+    const { stdout } = await execHermesWithBin(HERMES_BIN, ['--version'], { timeout: 5000, ...execOpts })
+    return stdout.trim()
+  } catch {
+    return ''
+  }
+}
+
+/**
+ * Start Hermes gateway (uses launchd/systemd)
+ */
+export async function startGateway(): Promise<string> {
+  if (isDocker) {
+    const pid = await startGatewayBackground()
+    return pid ? `Gateway started (PID: ${pid})` : 'Gateway start triggered'
+  }
+
+  const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, ['gateway', 'start'], {
+    timeout: 30000,
+    ...activeGatewayExecOpts(),
+  })
+  return stdout || stderr
+}
+
+/**
+ * Start Hermes gateway in background (for WSL where launchd/systemd is unavailable)
+ * Uses "hermes gateway run" as a detached background process
+ */
+export async function startGatewayBackground(): Promise<number | null> {
+  const child = spawnHermesWithBin(HERMES_BIN, ['gateway', 'run'], {
+    detached: true,
+    stdio: 'ignore',
+    windowsHide: true,
+    env: {
+      ...process.env,
+      HERMES_HOME: getActiveProfileDir(),
+    },
+  })
+  child.unref()
+  return child.pid ?? null
+}
+
+/**
+ * Restart Hermes gateway through Hermes CLI, falling back to detached
+ * `gateway run` when the environment does not support `gateway restart`.
+ */
+export async function restartGateway(): Promise<string> {
+  await clearLegacyApiServerGatewayConfig()
+  const profileDir = getActiveProfileDir()
+  if (isDocker || isTermux || process.platform === 'win32') {
+    await stopGatewayForActiveProfile()
+    const lockReleased = await waitForGatewayLockReleasedAfterStop(profileDir)
+    if (!lockReleased) throw new Error('Gateway stopped but runtime lock is still held by another process')
+    const result = startGatewayRunManaged(HERMES_BIN, { profileDir })
+    const ready = await waitForGatewayRunning(profileDir)
+    if (!ready) throw new Error(`Gateway run replace triggered but gateway did not report running within timeout${result.pid ? ` (PID: ${result.pid})` : ''}`)
+    return result.pid ? `Gateway run replaced (PID: ${result.pid})` : 'Gateway run replaced'
+  }
+  try {
+    const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, ['gateway', 'restart'], {
+      timeout: 30000,
+      ...activeGatewayExecOpts(),
+    })
+    const ready = await waitForGatewayRunning(profileDir)
+    if (!ready) throw new Error('Hermes gateway restart completed but gateway did not report running within timeout')
+    return stdout || stderr
+  } catch (err: any) {
+    logger.warn(err, 'hermes gateway restart failed; falling back to gateway run')
+    await stopGatewayForActiveProfile()
+    const lockReleased = await waitForGatewayLockReleasedAfterStop(profileDir)
+    if (!lockReleased) throw new Error('Gateway restart failed and runtime lock is still held by another process')
+    const result = startGatewayRunManaged(HERMES_BIN, { profileDir })
+    const ready = await waitForGatewayRunning(profileDir)
+    if (!ready) throw new Error(`Gateway run fallback triggered but gateway did not report running within timeout${result.pid ? ` (PID: ${result.pid})` : ''}`)
+    return result.pid ? `Gateway run started (PID: ${result.pid})` : 'Gateway run started'
+  }
+}
+
+/**
+ * Stop Hermes gateway
+ */
+export async function stopGateway(): Promise<string> {
+  const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, ['gateway', 'stop'], {
+    timeout: 30000,
+    ...activeGatewayExecOpts(),
+  })
+  return stdout || stderr
+}
+
+/**
+ * List available log files
+ */
+export async function listLogFiles(): Promise<LogFileInfo[]> {
+  try {
+    const { stdout } = await execHermesWithBin(HERMES_BIN, ['logs', 'list'], {
+      timeout: 10000,
+      ...execOpts,
+    })
+    const files: LogFileInfo[] = []
+    // Windows 可能使用 \r\n 换行符，统一处理
+    const normalized = stdout.replace(/\r\n/g, '\n').replace(/\r/g, '\n')
+    const lines = normalized.trim().split('\n').filter(l => l.includes('.log'))
+    for (const line of lines) {
+      const match = line.match(/^\s+(\S+)\s+([\d.]+\w+)\s+(.+)$/)
+      if (match) {
+        const rawName = match[1]
+        const name = rawName.replace(/\.log$/, '')
+        // 支持更多日志类型：agent, errors, gateway, 以及其他可能的日志文件
+        if (['agent', 'errors', 'gateway', 'error'].includes(name)) {
+          files.push({ name, size: match[2], modified: match[3].trim() })
+        }
+      }
+    }
+    return files
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: logs list failed')
+    return []
+  }
+}
+
+/**
+ * Read log lines
+ */
+export async function readLogs(
+  logName: string = 'agent',
+  lines: number = 100,
+  level?: string,
+  session?: string,
+  since?: string,
+): Promise<string> {
+  const args = ['logs', logName, '-n', String(lines)]
+  if (level) args.push('--level', level)
+  if (session) args.push('--session', session)
+  if (since) args.push('--since', since)
+
+  try {
+    const { stdout } = await execHermesWithBin(HERMES_BIN, args, {
+      maxBuffer: 10 * 1024 * 1024,
+      timeout: 15000,
+      ...execOpts,
+    })
+    return stdout
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: logs read failed')
+    throw new Error(`Failed to read logs: ${err.message}`)
+  }
+}
+
+// ─── Profile management ──────────────────────────────────────
+
+export interface HermesProfile {
+  name: string
+  active: boolean
+  model: string
+  gatewayStatus?: string
+  alias: string
+}
+
+export interface HermesProfileDetail {
+  name: string
+  path: string
+  model: string
+  provider: string
+  skills: number
+  hasEnv: boolean
+  hasSoulMd: boolean
+}
+
+function readProfileDefaultModel(name: string): string {
+  const configPath = join(getProfileDir(name), 'config.yaml')
+  if (!existsSync(configPath)) return '—'
+  try {
+    const config = YAML.load(readFileSync(configPath, 'utf-8'), { json: true }) as Record<string, any> | null
+    const model = config?.model
+    if (typeof model === 'string') return model.trim() || '—'
+    if (model && typeof model === 'object') {
+      return String(model.default || '').trim() || '—'
+    }
+  } catch (err) {
+    logger.warn(err, 'Hermes CLI: failed to read profile config model for %s', name)
+  }
+  return '—'
+}
+
+/**
+ * List all profiles
+ */
+export async function listProfiles(): Promise<HermesProfile[]> {
+  const profileNames = listProfileNamesFromDisk()
+  const activeProfileName = getActiveProfileName()
+  let runtimeInfo = new Map<string, ProfileListRuntimeInfo>()
+  try {
+    const { stdout } = await execHermesWithBin(HERMES_BIN, ['profile', 'list'], {
+      timeout: 10000,
+      ...execOpts,
+    })
+    runtimeInfo = parseProfileListRuntimeInfo(stdout, profileNames)
+  } catch (err: any) {
+    logger.warn(err, 'Hermes CLI: profile list failed; falling back to disk profile list')
+  }
+
+  return profileNames.map(name => {
+    const runtime = runtimeInfo.get(name)
+    const gatewayStatus = runtime?.gatewayStatus
+    return {
+      name,
+      active: runtime?.active ?? name === activeProfileName,
+      model: readProfileDefaultModel(name),
+      gatewayStatus: gatewayStatus && gatewayStatus !== '—' && gatewayStatus !== '-' ? gatewayStatus : undefined,
+      alias: runtime?.alias || '',
+    }
+  })
+}
+
+/**
+ * Get profile details
+ */
+export async function getProfile(name: string): Promise<HermesProfileDetail> {
+  try {
+    const { stdout } = await execHermesWithBin(HERMES_BIN, ['profile', 'show', name], {
+      timeout: 10000,
+      ...execOpts,
+    })
+
+    const result: Record<string, string> = {}
+    for (const line of stdout.trim().split('\n')) {
+      const match = line.match(/^([^\s:]+):\s+(.+)$/)
+      if (match) {
+        result[match[1].trim().toLowerCase().replace(/\s+/g, '_')] = match[2].trim()
+      }
+    }
+
+    const modelFull = result.model || ''
+    const providerMatch = modelFull.match(/\((.+)\)/)
+    const model = providerMatch ? modelFull.replace(/\s*\(.+\)/, '').trim() : modelFull
+
+    return {
+      name: result.profile || name,
+      path: result.path || '',
+      model,
+      provider: providerMatch ? providerMatch[1] : '',
+      skills: parseInt(result.skills || '0', 10),
+      hasEnv: result['.env'] === 'exists',
+      hasSoulMd: result['soul.md'] === 'exists',
+    }
+  } catch (err: any) {
+    if (err.code === 1 || err.status === 1) {
+      throw new Error(`Profile "${name}" not found`)
+    }
+    logger.error(err, 'Hermes CLI: profile show failed')
+    throw new Error(`Failed to get profile: ${err.message}`)
+  }
+}
+
+/**
+ * Create a new profile
+ */
+export async function createProfile(name: string, clone?: boolean): Promise<string> {
+  const args = ['profile', 'create', name]
+  if (clone) args.push('--clone')
+
+  try {
+    const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, args, {
+      timeout: 15000,
+      ...execOpts,
+    })
+    return stdout || stderr
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: profile create failed')
+    throw new Error(`Failed to create profile: ${err.message}`)
+  }
+}
+
+/**
+ * Delete a profile
+ */
+export async function deleteProfile(name: string): Promise<boolean> {
+  try {
+    await execHermesWithBin(HERMES_BIN, ['profile', 'delete', name, '--yes'], {
+      timeout: 10000,
+      ...execOpts,
+    })
+    return true
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: profile delete failed')
+    return false
+  }
+}
+
+/**
+ * Rename a profile
+ */
+export async function renameProfile(oldName: string, newName: string): Promise<boolean> {
+  try {
+    await execHermesWithBin(HERMES_BIN, ['profile', 'rename', oldName, newName], {
+      timeout: 10000,
+      ...execOpts,
+    })
+    return true
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: profile rename failed')
+    return false
+  }
+}
+
+/**
+ * Switch active profile
+ */
+export async function useProfile(name: string): Promise<string> {
+  try {
+    const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, ['profile', 'use', name], {
+      timeout: 10000,
+      ...execOpts,
+    })
+    return stdout || stderr
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: profile use failed')
+    throw new Error(`Failed to switch profile: ${err.message}`)
+  }
+}
+
+/**
+ * Export profile to archive
+ */
+export async function exportProfile(name: string, outputPath?: string): Promise<string> {
+  const args = ['profile', 'export', name]
+  if (outputPath) args.push('--output', outputPath)
+
+  try {
+    const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, args, {
+      timeout: 60000,
+      ...execOpts,
+    })
+    return stdout || stderr
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: profile export failed')
+    throw new Error(`Failed to export profile: ${err.message}`)
+  }
+}
+
+/**
+ * Run hermes setup --non-interactive --reset to generate default config for current profile
+ */
+export async function setupReset(): Promise<string> {
+  try {
+    const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, ['setup', '--non-interactive', '--reset'], {
+      timeout: 30000,
+      ...execOpts,
+    })
+    return stdout || stderr
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: setup reset failed')
+    throw new Error(`Failed to reset config: ${err.message}`)
+  }
+}
+
+/**
+ * Import profile from archive
+ */
+export async function importProfile(archivePath: string, name?: string): Promise<string> {
+  const args = ['profile', 'import', archivePath]
+  if (name) args.push('--name', name)
+
+  try {
+    const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, args, {
+      timeout: 60000,
+      ...execOpts,
+    })
+    return stdout || stderr
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: profile import failed')
+    throw new Error(`Failed to import profile: ${err.message}`)
+  }
+}
+
+/**
+ * Pin or unpin a skill via hermes curator
+ */
+export async function pinSkill(name: string, pinned: boolean): Promise<string> {
+  const subcmd = pinned ? 'pin' : 'unpin'
+  try {
+    const { stdout, stderr } = await execHermesWithBin(HERMES_BIN, ['curator', subcmd, name], {
+      timeout: 15000,
+      ...execOpts,
+    })
+    return stdout || stderr
+  } catch (err: any) {
+    logger.error(err, `Hermes CLI: curator ${subcmd} failed`)
+    throw new Error(`Failed to ${subcmd} skill: ${err.message}`)
+  }
+}
diff --git a/packages/server/src/services/hermes/hermes-kanban.ts b/packages/server/src/services/hermes/hermes-kanban.ts
new file mode 100644
index 0000000..170fa15
--- /dev/null
+++ b/packages/server/src/services/hermes/hermes-kanban.ts
@@ -0,0 +1,644 @@
+import type { ChildProcess } from 'child_process'
+import { logger } from '../logger'
+import { execHermes, spawnHermes } from './hermes-process'
+
+const execOpts = { windowsHide: true }
+const BOARD_SLUG_RE = /^[a-z0-9][a-z0-9_-]{0,63}$/
+const NO_WORKER_LOG_PATTERNS = [
+  /^\(no log for [^)]+?\s+—\s+task may not have spawned yet\)$/i,
+  /^no worker log(?: for [^\n]+)?$/i,
+]
+
+export function normalizeBoardSlug(board?: string | null): string {
+  if (board === undefined || board === null) return 'default'
+  const trimmed = board.trim().toLowerCase()
+  if (!trimmed) throw new Error('Invalid kanban board slug')
+  if (!BOARD_SLUG_RE.test(trimmed)) {
+    throw new Error('Invalid kanban board slug')
+  }
+  return trimmed
+}
+
+function boardArgs(board?: string | null): string[] {
+  return ['kanban', '--board', normalizeBoardSlug(board)]
+}
+
+// ─── Types ──────────────────────────────────────────────────────
+
+export type KanbanTaskStatus = 'triage' | 'todo' | 'ready' | 'running' | 'blocked' | 'done' | 'archived'
+
+export interface KanbanTask {
+  id: string
+  title: string
+  body: string | null
+  assignee: string | null
+  status: KanbanTaskStatus
+  priority: number
+  created_by: string | null
+  created_at: number
+  started_at: number | null
+  completed_at: number | null
+  workspace_kind: string
+  workspace_path: string | null
+  tenant: string | null
+  result: string | null
+  skills: string[] | null
+}
+
+export interface KanbanRun {
+  id: number
+  task_id: string
+  profile: string | null
+  status: string
+  started_at: number
+  ended_at: number | null
+  outcome: string | null
+  summary: string | null
+  error: string | null
+}
+
+export interface KanbanComment {
+  id: number
+  task_id: string
+  author: string
+  body: string
+  created_at: number
+}
+
+export interface KanbanEvent {
+  id: number
+  task_id: string
+  kind: string
+  payload: Record<string, unknown> | null
+  created_at: number
+  run_id: number | null
+}
+
+export interface KanbanTaskDetail {
+  task: KanbanTask
+  comments: KanbanComment[]
+  events: KanbanEvent[]
+  runs: KanbanRun[]
+}
+
+export interface KanbanStats {
+  by_status: Record<string, number>
+  by_assignee: Record<string, number>
+  total: number
+}
+
+export interface KanbanAssignee {
+  name: string
+  on_disk: boolean
+  counts: Record<string, number> | null
+}
+
+export interface KanbanBoard {
+  slug: string
+  name: string
+  description: string
+  icon: string
+  color: string
+  created_at: number | null
+  archived: boolean
+  db_path?: string
+  is_current?: boolean
+  counts: Record<string, number>
+  total: number
+}
+
+export interface KanbanBoardCreateOptions {
+  slug: string
+  name?: string
+  description?: string
+  icon?: string
+  color?: string
+  switchCurrent?: boolean
+}
+
+export interface KanbanCapabilities {
+  source: 'hermes-cli'
+  supports: Record<string, boolean>
+  missing: string[]
+  capabilities: KanbanCapabilityStatus[]
+}
+
+export interface KanbanTaskLog {
+  task_id: string
+  path: string | null
+  exists: boolean
+  size_bytes: number
+  content: string
+  truncated: boolean
+}
+
+export interface KanbanCapabilityStatus {
+  key: string
+  status: 'supported' | 'partial' | 'missing'
+  reason?: string
+  canonicalRoute?: string
+  canonicalCommand?: string
+  requiresBoard: boolean
+}
+
+export interface KanbanBoardOptions {
+  board?: string
+}
+
+export interface KanbanWatchOptions extends KanbanBoardOptions {
+  interval?: number
+}
+
+export interface KanbanBulkTaskUpdateOptions extends KanbanBoardOptions {
+  ids: string[]
+  status?: KanbanTaskStatus
+  assignee?: string | null
+  archive?: boolean
+  summary?: string
+  reason?: string
+}
+
+export interface KanbanBulkTaskResult {
+  id: string
+  ok: boolean
+  error?: string
+}
+
+export interface KanbanBulkTaskUpdateResult {
+  results: KanbanBulkTaskResult[]
+}
+
+// ─── CLI wrappers ───────────────────────────────────────────────
+
+export async function listBoards(opts?: { includeArchived?: boolean }): Promise<KanbanBoard[]> {
+  const args = ['kanban', 'boards', 'list', '--json']
+  if (opts?.includeArchived) args.push('--all')
+
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return JSON.parse(stdout)
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban boards list failed')
+    throw new Error(`Failed to list kanban boards: ${err.message}`)
+  }
+}
+
+async function findBoard(slug: string, includeArchived = true): Promise<KanbanBoard | null> {
+  const boards = await listBoards({ includeArchived })
+  return boards.find(board => board.slug === slug) || null
+}
+
+export async function createBoard(opts: KanbanBoardCreateOptions): Promise<KanbanBoard> {
+  const slug = normalizeBoardSlug(opts.slug)
+  const args = ['kanban', 'boards', 'create', slug]
+  if (opts.name?.trim()) args.push('--name', opts.name.trim())
+  if (opts.description?.trim()) args.push('--description', opts.description.trim())
+  if (opts.icon?.trim()) args.push('--icon', opts.icon.trim())
+  if (opts.color?.trim()) args.push('--color', opts.color.trim())
+  if (opts.switchCurrent) args.push('--switch')
+
+  try {
+    await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    const board = await findBoard(slug)
+    if (!board) throw new Error('created board was not returned by boards list')
+    return board
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban boards create failed')
+    throw new Error(`Failed to create kanban board: ${err.message}`)
+  }
+}
+
+export async function archiveBoard(slugInput: string): Promise<void> {
+  const slug = normalizeBoardSlug(slugInput)
+  if (slug === 'default') throw new Error('Cannot archive the default kanban board')
+
+  try {
+    await execHermes(['kanban', 'boards', 'rm', slug], {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban boards archive failed')
+    throw new Error(`Failed to archive kanban board: ${err.message}`)
+  }
+}
+
+export async function getCapabilities(): Promise<KanbanCapabilities> {
+  const capabilities: KanbanCapabilityStatus[] = [
+    { key: 'explicitBoard', status: 'supported', canonicalCommand: '--board', requiresBoard: true },
+    { key: 'boardsList', status: 'supported', canonicalRoute: '/boards', canonicalCommand: 'boards list', requiresBoard: false },
+    { key: 'boardCreate', status: 'supported', canonicalRoute: '/boards', canonicalCommand: 'boards create', requiresBoard: false },
+    { key: 'boardArchive', status: 'supported', canonicalRoute: '/boards/{slug}', canonicalCommand: 'boards rm', requiresBoard: false },
+    { key: 'cliCurrentSwitch', status: 'partial', reason: 'Backend keeps explicit board context and does not expose a WUI route for mutating canonical CLI current board', canonicalRoute: '/boards/{slug}/switch', canonicalCommand: 'boards switch', requiresBoard: false },
+    { key: 'taskCrudLite', status: 'supported', canonicalRoute: '/tasks', canonicalCommand: 'list/show/create/complete/block/unblock/assign', requiresBoard: true },
+    { key: 'commentsWrite', status: 'supported', canonicalRoute: '/tasks/{task_id}/comments', canonicalCommand: 'comment', requiresBoard: true },
+    { key: 'commentsRead', status: 'supported', reason: 'Comments are returned on task detail responses', canonicalRoute: '/tasks/{task_id}', canonicalCommand: 'show --json', requiresBoard: true },
+    { key: 'taskLog', status: 'supported', canonicalRoute: '/tasks/{task_id}/log', canonicalCommand: 'log', requiresBoard: true },
+    { key: 'diagnostics', status: 'supported', canonicalRoute: '/diagnostics', canonicalCommand: 'diagnostics', requiresBoard: true },
+    { key: 'reclaim', status: 'supported', canonicalRoute: '/tasks/{task_id}/reclaim', canonicalCommand: 'reclaim', requiresBoard: true },
+    { key: 'reassign', status: 'supported', canonicalRoute: '/tasks/{task_id}/reassign', canonicalCommand: 'reassign', requiresBoard: true },
+    { key: 'specify', status: 'supported', canonicalRoute: '/tasks/{task_id}/specify', canonicalCommand: 'specify', requiresBoard: true },
+    { key: 'dispatch', status: 'supported', canonicalRoute: '/dispatch', canonicalCommand: 'dispatch', requiresBoard: true },
+    { key: 'links', status: 'supported', canonicalRoute: '/links', canonicalCommand: 'link/unlink', requiresBoard: true },
+    { key: 'bulk', status: 'partial', reason: 'WUI applies supported bulk-equivalent CLI transitions per id and returns per-task outcomes; direct priority/status patch parity remains deferred', canonicalRoute: '/tasks/bulk', canonicalCommand: 'bulk-equivalent via complete/block/unblock/archive/assign', requiresBoard: true },
+    { key: 'events', status: 'partial', reason: 'WUI exposes a board-scoped WebSocket bridge backed by the canonical `kanban watch` stream; payload is currently a refresh invalidation signal, not a typed event model', canonicalRoute: '/events', canonicalCommand: 'watch', requiresBoard: true },
+    { key: 'homeSubscriptions', status: 'missing', reason: 'Deferred from current WUI parity batch', canonicalRoute: '/home-channels and subscription routes', canonicalCommand: 'notify-*', requiresBoard: true },
+  ]
+  const supports = Object.fromEntries(capabilities.map(capability => [capability.key, capability.status === 'supported'])) as Record<string, boolean>
+  const missing = capabilities
+    .filter(capability => capability.status !== 'supported')
+    .map(capability => capability.key)
+  return { source: 'hermes-cli', supports, missing, capabilities }
+}
+
+function parseJsonPayload(stdout: string): unknown[] {
+  const trimmed = stdout.trim()
+  if (!trimmed) return []
+  const parsed = JSON.parse(trimmed)
+  if (Array.isArray(parsed)) return parsed
+  return [parsed]
+}
+
+function isNoWorkerLogError(err: any): boolean {
+  const lines = [err?.stderr, err?.stdout, err?.message]
+    .filter(Boolean)
+    .flatMap(value => String(value).split(/\r?\n/).map(line => line.trim()).filter(Boolean))
+  return lines.some(line => NO_WORKER_LOG_PATTERNS.some(pattern => pattern.test(line)))
+}
+
+function pushOptional(args: string[], flag: string, value?: string | number | null): void {
+  if (value !== undefined && value !== null && String(value).trim() !== '') args.push(flag, String(value))
+}
+
+function textFromExecValue(value: unknown): string {
+  if (Buffer.isBuffer(value)) return value.toString('utf8')
+  return value === undefined || value === null ? '' : String(value)
+}
+
+async function execKanbanMutation(args: string[], logMessage: string, errorPrefix: string): Promise<string> {
+  try {
+    const { stdout, stderr } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    const stderrText = textFromExecValue(stderr).trim()
+    if (stderrText) throw new Error(stderrText)
+    return textFromExecValue(stdout)
+  } catch (err: any) {
+    logger.error(err, logMessage)
+    throw new Error(`${errorPrefix}: ${err.message}`)
+  }
+}
+
+export function buildWatchArgs(opts?: KanbanWatchOptions): string[] {
+  const args = [...boardArgs(opts?.board), 'watch']
+  pushOptional(args, '--interval', opts?.interval ?? 0.5)
+  return args
+}
+
+export function watchEvents(opts?: KanbanWatchOptions): ChildProcess {
+  return spawnHermes(buildWatchArgs(opts), {
+    stdio: ['ignore', 'pipe', 'pipe'],
+    ...execOpts,
+  })
+}
+
+export async function linkTasks(parentId: string, childId: string, opts?: KanbanBoardOptions): Promise<{ ok: boolean; output: string }> {
+  const output = await execKanbanMutation(
+    [...boardArgs(opts?.board), 'link', parentId, childId],
+    'Hermes CLI: kanban link failed',
+    'Failed to link kanban tasks',
+  )
+  return { ok: true, output }
+}
+
+export async function unlinkTasks(parentId: string, childId: string, opts?: KanbanBoardOptions): Promise<{ ok: boolean; output: string }> {
+  const output = await execKanbanMutation(
+    [...boardArgs(opts?.board), 'unlink', parentId, childId],
+    'Hermes CLI: kanban unlink failed',
+    'Failed to unlink kanban tasks',
+  )
+  return { ok: true, output }
+}
+
+export async function addComment(taskId: string, body: string, opts?: KanbanBoardOptions & { author?: string }): Promise<{ ok: boolean; output: string }> {
+  const args = [...boardArgs(opts?.board), 'comment', taskId, body]
+  pushOptional(args, '--author', opts?.author)
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return { ok: true, output: stdout }
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban comment failed')
+    throw new Error(`Failed to comment on kanban task: ${err.message}`)
+  }
+}
+
+export async function getTaskLog(taskId: string, opts?: KanbanBoardOptions & { tail?: number }): Promise<KanbanTaskLog> {
+  const args = [...boardArgs(opts?.board), 'log', taskId]
+  pushOptional(args, '--tail', opts?.tail)
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    const sizeBytes = Buffer.byteLength(stdout, 'utf8')
+    return {
+      task_id: taskId,
+      path: null,
+      exists: true,
+      size_bytes: sizeBytes,
+      content: stdout,
+      truncated: opts?.tail !== undefined && sizeBytes >= opts.tail,
+    }
+  } catch (err: any) {
+    const detail = await getTask(taskId, opts)
+    if (!detail) throw new Error('Kanban task not found')
+    if ((err.code === 1 || err.status === 1) && isNoWorkerLogError(err)) {
+      return {
+        task_id: taskId,
+        path: null,
+        exists: false,
+        size_bytes: 0,
+        content: '',
+        truncated: false,
+      }
+    }
+    logger.error(err, 'Hermes CLI: kanban log failed')
+    throw new Error(`Failed to read kanban task log: ${err.message}`)
+  }
+}
+
+export async function getDiagnostics(opts?: KanbanBoardOptions & { task?: string; severity?: string }): Promise<unknown[]> {
+  const args = [...boardArgs(opts?.board), 'diagnostics', '--json']
+  pushOptional(args, '--task', opts?.task)
+  pushOptional(args, '--severity', opts?.severity)
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return JSON.parse(stdout)
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban diagnostics failed')
+    throw new Error(`Failed to get kanban diagnostics: ${err.message}`)
+  }
+}
+
+export async function reclaimTask(taskId: string, opts?: KanbanBoardOptions & { reason?: string }): Promise<{ ok: boolean; output: string }> {
+  const args = [...boardArgs(opts?.board), 'reclaim', taskId]
+  pushOptional(args, '--reason', opts?.reason)
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return { ok: true, output: stdout }
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban reclaim failed')
+    throw new Error(`Failed to reclaim kanban task: ${err.message}`)
+  }
+}
+
+export async function reassignTask(taskId: string, profile: string, opts?: KanbanBoardOptions & { reclaim?: boolean; reason?: string }): Promise<{ ok: boolean; output: string }> {
+  const args = [...boardArgs(opts?.board), 'reassign', taskId, profile]
+  if (opts?.reclaim) args.push('--reclaim')
+  pushOptional(args, '--reason', opts?.reason)
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return { ok: true, output: stdout }
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban reassign failed')
+    throw new Error(`Failed to reassign kanban task: ${err.message}`)
+  }
+}
+
+export async function specifyTask(taskId: string, opts?: KanbanBoardOptions & { author?: string }): Promise<unknown[]> {
+  const args = [...boardArgs(opts?.board), 'specify', taskId, '--json']
+  pushOptional(args, '--author', opts?.author)
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return parseJsonPayload(stdout)
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban specify failed')
+    throw new Error(`Failed to specify kanban task: ${err.message}`)
+  }
+}
+
+export async function dispatch(opts?: KanbanBoardOptions & { dryRun?: boolean; max?: number; failureLimit?: number }): Promise<unknown> {
+  const args = [...boardArgs(opts?.board), 'dispatch', '--json']
+  if (opts?.dryRun) args.push('--dry-run')
+  pushOptional(args, '--max', opts?.max)
+  pushOptional(args, '--failure-limit', opts?.failureLimit)
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return JSON.parse(stdout)
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban dispatch failed')
+    throw new Error(`Failed to dispatch kanban tasks: ${err.message}`)
+  }
+}
+
+export async function listTasks(opts?: {
+  board?: string
+  status?: string
+  assignee?: string
+  tenant?: string
+  includeArchived?: boolean
+}): Promise<KanbanTask[]> {
+  const args = [...boardArgs(opts?.board), 'list', '--json']
+  if (opts?.includeArchived) args.push('--archived')
+  if (opts?.status) args.push('--status', opts.status)
+  if (opts?.assignee) args.push('--assignee', opts.assignee)
+  if (opts?.tenant) args.push('--tenant', opts.tenant)
+
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return JSON.parse(stdout)
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban list failed')
+    throw new Error(`Failed to list kanban tasks: ${err.message}`)
+  }
+}
+
+export async function getTask(taskId: string, opts?: KanbanBoardOptions): Promise<KanbanTaskDetail | null> {
+  try {
+    const { stdout } = await execHermes([...boardArgs(opts?.board), 'show', taskId, '--json'], {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return JSON.parse(stdout)
+  } catch (err: any) {
+    if (err.code === 1 || err.status === 1) return null
+    logger.error(err, 'Hermes CLI: kanban show failed')
+    throw new Error(`Failed to get kanban task: ${err.message}`)
+  }
+}
+
+export async function createTask(
+  title: string,
+  opts?: {
+    board?: string
+    body?: string
+    assignee?: string
+    priority?: number
+    tenant?: string
+  },
+): Promise<KanbanTask> {
+  const args = [...boardArgs(opts?.board), 'create', title, '--json']
+  if (opts?.body) args.push('--body', opts.body)
+  if (opts?.assignee) args.push('--assignee', opts.assignee)
+  if (opts?.priority !== undefined) args.push('--priority', String(opts.priority))
+  if (opts?.tenant) args.push('--tenant', opts.tenant)
+
+  try {
+    const { stdout } = await execHermes(args, {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return JSON.parse(stdout)
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban create failed')
+    throw new Error(`Failed to create kanban task: ${err.message}`)
+  }
+}
+
+export async function completeTasks(taskIds: string[], summary?: string, opts?: KanbanBoardOptions): Promise<void> {
+  const args = [...boardArgs(opts?.board), 'complete', ...taskIds]
+  if (summary) args.push('--summary', summary)
+
+  await execKanbanMutation(args, 'Hermes CLI: kanban complete failed', 'Failed to complete kanban tasks')
+}
+
+export async function blockTask(taskId: string, reason: string, opts?: KanbanBoardOptions): Promise<void> {
+  await execKanbanMutation(
+    [...boardArgs(opts?.board), 'block', taskId, reason],
+    'Hermes CLI: kanban block failed',
+    'Failed to block kanban task',
+  )
+}
+
+export async function unblockTasks(taskIds: string[], opts?: KanbanBoardOptions): Promise<void> {
+  await execKanbanMutation(
+    [...boardArgs(opts?.board), 'unblock', ...taskIds],
+    'Hermes CLI: kanban unblock failed',
+    'Failed to unblock kanban tasks',
+  )
+}
+
+export async function assignTask(taskId: string, profile: string, opts?: KanbanBoardOptions): Promise<void> {
+  await execKanbanMutation(
+    [...boardArgs(opts?.board), 'assign', taskId, profile],
+    'Hermes CLI: kanban assign failed',
+    'Failed to assign kanban task',
+  )
+}
+
+export async function archiveTasks(taskIds: string[], opts?: KanbanBoardOptions): Promise<void> {
+  await execKanbanMutation(
+    [...boardArgs(opts?.board), 'archive', ...taskIds],
+    'Hermes CLI: kanban archive failed',
+    'Failed to archive kanban tasks',
+  )
+}
+
+async function applyBulkStatus(taskId: string, opts: KanbanBulkTaskUpdateOptions): Promise<void> {
+  switch (opts.status) {
+    case undefined:
+      return
+    case 'done':
+      return completeTasks([taskId], opts.summary, opts)
+    case 'blocked':
+      return blockTask(taskId, opts.reason?.trim() || 'Bulk update', opts)
+    case 'ready':
+      return unblockTasks([taskId], opts)
+    case 'archived':
+      return archiveTasks([taskId], opts)
+    default:
+      throw new Error(`Bulk status ${opts.status} is not supported by the CLI bridge`)
+  }
+}
+
+export async function bulkUpdateTasks(opts: KanbanBulkTaskUpdateOptions): Promise<KanbanBulkTaskUpdateResult> {
+  const ids = opts.ids.map(id => id.trim()).filter(Boolean)
+  const results: KanbanBulkTaskResult[] = []
+  for (const id of ids) {
+    try {
+      if (opts.archive) await archiveTasks([id], opts)
+      else await applyBulkStatus(id, opts)
+      if (opts.assignee !== undefined) await assignTask(id, opts.assignee?.trim() || 'none', opts)
+      results.push({ id, ok: true })
+    } catch (err: any) {
+      results.push({ id, ok: false, error: err?.message || String(err) })
+    }
+  }
+  return { results }
+}
+
+export async function getStats(opts?: KanbanBoardOptions): Promise<KanbanStats> {
+  try {
+    const { stdout } = await execHermes([...boardArgs(opts?.board), 'stats', '--json'], {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    const stats = JSON.parse(stdout) as KanbanStats
+    const archivedTasks = await listTasks({ board: opts?.board, status: 'archived', includeArchived: true })
+    const existingArchived = stats.by_status?.archived || 0
+    const archivedCount = archivedTasks.length
+    stats.by_status = { ...(stats.by_status || {}), archived: archivedCount }
+    stats.total = (stats.total || 0) + Math.max(0, archivedCount - existingArchived)
+    return stats
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban stats failed')
+    throw new Error(`Failed to get kanban stats: ${err.message}`)
+  }
+}
+
+export async function getAssignees(opts?: KanbanBoardOptions): Promise<KanbanAssignee[]> {
+  try {
+    const { stdout } = await execHermes([...boardArgs(opts?.board), 'assignees', '--json'], {
+      maxBuffer: 50 * 1024 * 1024,
+      timeout: 30000,
+      ...execOpts,
+    })
+    return JSON.parse(stdout)
+  } catch (err: any) {
+    logger.error(err, 'Hermes CLI: kanban assignees failed')
+    throw new Error(`Failed to get kanban assignees: ${err.message}`)
+  }
+}
diff --git a/packages/server/src/services/hermes/hermes-path.ts b/packages/server/src/services/hermes/hermes-path.ts
new file mode 100644
index 0000000..c18a99e
--- /dev/null
+++ b/packages/server/src/services/hermes/hermes-path.ts
@@ -0,0 +1,91 @@
+/**
+ * Hermes 路径检测工具 - 跨平台兼容
+ *
+ * Hermes 数据目录在不同平台上的位置：
+ * - Windows 原生安装: %LOCALAPPDATA%\hermes when it exists
+ * - Linux/macOS/WSL2: ~/.hermes
+ * - 用户自定义: HERMES_HOME 环境变量
+ */
+
+import { existsSync } from 'fs'
+import { basename, dirname, isAbsolute, relative, resolve, join } from 'path'
+import { homedir } from 'os'
+
+/**
+ * 智能检测 Hermes 数据目录
+ *
+ * 检测优先级：
+ * 1. HERMES_HOME 环境变量（用户自定义）
+ * 2. Windows: existing %LOCALAPPDATA%\hermes or %APPDATA%\hermes
+ * 3. 默认: ~/.hermes（Linux/macOS/WSL2）
+ *
+ * @returns Hermes 数据目录的绝对路径
+ */
+export function detectHermesHome(): string {
+  // 1. 用户自定义的环境变量（最高优先级）
+  if (process.env.HERMES_HOME) {
+    return resolve(process.env.HERMES_HOME)
+  }
+
+  const defaultHome = resolve(homedir(), '.hermes')
+
+  // 2. Windows：优先使用存在的原生安装数据目录；不存在时回退到 ~/.hermes。
+  if (process.platform === 'win32') {
+    const candidates = [
+      process.env.LOCALAPPDATA,
+      process.env.APPDATA,
+    ]
+      .map(value => value?.trim())
+      .filter((value): value is string => !!value)
+      .map(value => resolve(value, 'hermes'))
+
+    for (const candidate of candidates) {
+      if (existsSync(candidate)) return candidate
+    }
+  }
+
+  // 3. Linux/macOS：~/.hermes
+  return defaultHome
+}
+
+/**
+ * Detect the Hermes root data directory.
+ *
+ * `HERMES_HOME` may intentionally point at a profile directory when launching a
+ * specific gateway (`<root>/profiles/<name>`). Web UI profile management needs
+ * the root directory so it can read `active_profile` and enumerate profiles.
+ */
+export function detectHermesRootHome(): string {
+  const home = detectHermesHome()
+  const parent = dirname(home)
+  if (basename(parent) === 'profiles') return dirname(parent)
+  return home
+}
+
+/**
+ * 获取 Hermes CLI 二进制文件路径
+ * @param customBin 自定义的 hermes 二进制路径
+ * @returns hermes 命令名称或路径
+ */
+export function getHermesBin(customBin?: string): string {
+  if (customBin?.trim()) return customBin.trim()
+  if (process.env.HERMES_BIN?.trim()) return process.env.HERMES_BIN.trim()
+  return 'hermes'
+}
+
+function comparablePath(path: string): string {
+  return process.platform === 'win32' ? path.toLowerCase() : path
+}
+
+export function isPathWithin(targetPath: string, basePath: string): boolean {
+  const base = resolve(basePath)
+  const target = resolve(targetPath)
+  const rel = relative(comparablePath(base), comparablePath(target))
+  return rel === '' || (!!rel && !rel.startsWith('..') && !isAbsolute(rel))
+}
+
+export function relativePathFromBase(targetPath: string, basePath: string): string | null {
+  if (!isPathWithin(targetPath, basePath)) return null
+  const rel = relative(resolve(basePath), resolve(targetPath))
+  return rel.replace(/\\/g, '/')
+}
diff --git a/packages/server/src/services/hermes/hermes-process.ts b/packages/server/src/services/hermes/hermes-process.ts
new file mode 100644
index 0000000..cc64968
--- /dev/null
+++ b/packages/server/src/services/hermes/hermes-process.ts
@@ -0,0 +1,80 @@
+import { execFile, spawn } from 'child_process'
+import type { ChildProcess, ExecFileOptions, SpawnOptions } from 'child_process'
+import { existsSync } from 'fs'
+import { basename, dirname, resolve } from 'path'
+
+export interface HermesInvocation {
+  command: string
+  argsPrefix: string[]
+}
+
+export interface HermesExecResult {
+  stdout: string
+  stderr: string
+}
+
+export function resolveHermesBin(customBin?: string): string {
+  return customBin?.trim() || process.env.HERMES_BIN?.trim() || 'hermes'
+}
+
+function bundledCliPythonForWindows(hermesBin: string): string | null {
+  const envPython = process.env.HERMES_AGENT_CLI_PYTHON?.trim()
+  if (envPython) return envPython
+
+  if (basename(hermesBin).toLowerCase() !== 'hermes.exe') return null
+  const python = resolve(dirname(hermesBin), '..', 'python.exe')
+  return existsSync(python) ? python : null
+}
+
+function withWindowsHide<T extends ExecFileOptions | SpawnOptions>(options?: T): T {
+  if (process.platform !== 'win32') return (options || {}) as T
+  return { windowsHide: true, ...(options || {}) } as T
+}
+
+export function resolveHermesInvocation(hermesBin = resolveHermesBin()): HermesInvocation {
+  if (process.platform === 'win32') {
+    const python = bundledCliPythonForWindows(hermesBin)
+    if (python) return { command: python, argsPrefix: ['-m', 'hermes_cli.main'] }
+  }
+
+  return { command: hermesBin, argsPrefix: [] }
+}
+
+export function execHermesWithBin(
+  hermesBin: string,
+  args: readonly string[],
+  options?: ExecFileOptions,
+): Promise<HermesExecResult> {
+  const invocation = resolveHermesInvocation(hermesBin)
+  return new Promise((resolveExec, rejectExec) => {
+    execFile(
+      invocation.command,
+      [...invocation.argsPrefix, ...args],
+      { ...withWindowsHide(options), encoding: 'utf8' },
+      (error, stdout, stderr) => {
+        if (error) {
+          rejectExec(Object.assign(error, { stdout, stderr }))
+          return
+        }
+        resolveExec({ stdout: String(stdout || ''), stderr: String(stderr || '') })
+      },
+    )
+  })
+}
+
+export function execHermes(args: readonly string[], options?: ExecFileOptions) {
+  return execHermesWithBin(resolveHermesBin(), args, options)
+}
+
+export function spawnHermesWithBin(
+  hermesBin: string,
+  args: readonly string[],
+  options?: SpawnOptions,
+): ChildProcess {
+  const invocation = resolveHermesInvocation(hermesBin)
+  return spawn(invocation.command, [...invocation.argsPrefix, ...args], withWindowsHide(options))
+}
+
+export function spawnHermes(args: readonly string[], options?: SpawnOptions): ChildProcess {
+  return spawnHermesWithBin(resolveHermesBin(), args, options)
+}
diff --git a/packages/server/src/services/hermes/hermes-profile.ts b/packages/server/src/services/hermes/hermes-profile.ts
new file mode 100644
index 0000000..5858947
--- /dev/null
+++ b/packages/server/src/services/hermes/hermes-profile.ts
@@ -0,0 +1,89 @@
+import { join } from 'path'
+import { readFileSync, existsSync, readdirSync } from 'fs'
+import { detectHermesRootHome } from './hermes-path'
+
+export function getHermesBaseDir(): string {
+  return detectHermesRootHome()
+}
+
+/**
+ * Get the active profile's home directory.
+ * default → ~/.hermes/
+ * other   → ~/.hermes/profiles/{name}/
+ */
+export function getActiveProfileDir(): string {
+  const hermesBase = getHermesBaseDir()
+  const activeFile = join(hermesBase, 'active_profile')
+  try {
+    const name = readFileSync(activeFile, 'utf-8').trim()
+    if (name && name !== 'default') {
+      const dir = join(hermesBase, 'profiles', name)
+      if (existsSync(dir)) return dir
+    }
+  } catch { }
+  return hermesBase
+}
+
+/**
+ * Get the active profile's config.yaml path.
+ */
+export function getActiveConfigPath(): string {
+  return join(getActiveProfileDir(), 'config.yaml')
+}
+
+/**
+ * Get the active profile's auth.json path.
+ */
+export function getActiveAuthPath(): string {
+  return join(getActiveProfileDir(), 'auth.json')
+}
+
+/**
+ * Get the active profile's .env path.
+ */
+export function getActiveEnvPath(): string {
+  return join(getActiveProfileDir(), '.env')
+}
+
+/**
+ * Get the active profile name.
+ */
+export function getActiveProfileName(): string {
+  const activeFile = join(getHermesBaseDir(), 'active_profile')
+  try {
+    const name = readFileSync(activeFile, 'utf-8').trim()
+    return name || 'default'
+  } catch {
+    return 'default'
+  }
+}
+
+/**
+ * Get profile directory by name.
+ * default → ~/.hermes/
+ * other   → ~/.hermes/profiles/{name}/
+ */
+export function getProfileDir(name: string): string {
+  const hermesBase = getHermesBaseDir()
+  if (!name || name === 'default') return hermesBase
+  const dir = join(hermesBase, 'profiles', name)
+  return existsSync(dir) ? dir : hermesBase
+}
+
+export function listProfileNamesFromDisk(): string[] {
+  const hermesBase = getHermesBaseDir()
+  const names = new Set<string>(['default'])
+  const profilesDir = join(hermesBase, 'profiles')
+  try {
+    for (const entry of readdirSync(profilesDir, { withFileTypes: true })) {
+      if (entry.isDirectory() && entry.name.trim()) {
+        names.add(entry.name)
+      }
+    }
+  } catch {}
+  return [...names].sort((a, b) => {
+    if (a === 'default') return -1
+    if (b === 'default') return 1
+    return a.localeCompare(b)
+  })
+}
diff --git a/packages/server/src/services/hermes/mcp-types.ts b/packages/server/src/services/hermes/mcp-types.ts
new file mode 100644
index 0000000..ed36f0a
--- /dev/null
+++ b/packages/server/src/services/hermes/mcp-types.ts
@@ -0,0 +1,67 @@
+/**
+ * Shared MCP types used by both the bridge client and the service layer.
+ */
+
+export interface McpServerEntry {
+  name: string
+  transport: string
+  connected: boolean
+  tools: number
+  tools_registered: number
+  tool_names: string[]
+  tool_names_registered: string[]
+  error?: string | null
+  command?: string
+  args?: string[]
+  url?: string
+  env?: Record<string, string>
+  headers?: Record<string, string>
+  tools_config?: { include?: string[]; exclude?: string[] }
+  prompts?: boolean
+  resources?: boolean
+  enabled?: boolean
+}
+
+export interface McpToolEntry {
+  name: string
+  description: string
+  input_schema: Record<string, unknown>
+}
+
+export interface McpActionResult {
+  ok: boolean
+  error?: string
+}
+
+export interface McpListResponse extends McpActionResult {
+  servers: McpServerEntry[]
+  total_tools: number
+}
+
+export interface McpAddResponse extends McpActionResult {
+  name?: string
+}
+
+export interface McpTestResponse extends McpActionResult {
+  tools?: string[]
+}
+
+export interface McpToolsListResponse extends McpActionResult {
+  results?: Array<{ server: string; tools: McpToolEntry[] }>
+}
+
+export interface McpReloadResponse extends McpActionResult {
+  message?: string
+}
+
+/**
+ * Union of all MCP action responses.
+ * Bridge client methods return this; controllers narrow by action.
+ */
+export type McpActionResponse =
+  | McpListResponse
+  | McpAddResponse
+  | McpTestResponse
+  | McpToolsListResponse
+  | McpReloadResponse
+  | McpActionResult
diff --git a/packages/server/src/services/hermes/mcp.ts b/packages/server/src/services/hermes/mcp.ts
new file mode 100644
index 0000000..d7e756e
--- /dev/null
+++ b/packages/server/src/services/hermes/mcp.ts
@@ -0,0 +1,67 @@
+import { AgentBridgeClient } from './agent-bridge/client'
+import type { McpActionResponse } from './mcp-types'
+
+export type { McpServerEntry, McpActionResponse } from './mcp-types'
+
+let bridgeClient: AgentBridgeClient | null = null
+
+export function getBridgeClient(): AgentBridgeClient {
+  if (!bridgeClient) {
+    bridgeClient = new AgentBridgeClient()
+  }
+  return bridgeClient
+}
+
+/**
+ * Send an MCP action to the AgentBridge using typed client methods.
+ */
+export async function bridgeMcpAction(
+  action: string,
+  payload: Record<string, unknown> = {},
+  profile?: string
+): Promise<McpActionResponse> {
+  const client = getBridgeClient()
+  let raw: McpActionResponse
+
+  switch (action) {
+    case 'mcp_list':
+      raw = await client.mcpList(profile)
+      break
+    case 'mcp_server_add': {
+      const addName = String(payload.name || '')
+      const addConfig = payload.config as Record<string, unknown> | undefined
+      if (!addName || !addConfig) throw new Error('name and config are required')
+      raw = await client.mcpAdd(addName, addConfig, profile)
+      break
+    }
+    case 'mcp_server_update': {
+      const updName = String(payload.name || '')
+      const updConfig = payload.config as Record<string, unknown> | undefined
+      if (!updName || !updConfig) throw new Error('name and config are required')
+      raw = await client.mcpUpdate(updName, updConfig, profile)
+      break
+    }
+    case 'mcp_server_remove': {
+      const rmName = String(payload.name || '')
+      if (!rmName) throw new Error('name is required')
+      raw = await client.mcpRemove(rmName, profile)
+      break
+    }
+    case 'mcp_server_test': {
+      const testName = String(payload.name || '')
+      if (!testName) throw new Error('name is required')
+      raw = await client.mcpTest(testName, profile)
+      break
+    }
+    case 'mcp_tools_list':
+      raw = await client.mcpTools(payload.server as string | undefined, profile, payload.raw as boolean | undefined)
+      break
+    case 'mcp_reload':
+      raw = await client.mcpReload(payload.server as string | undefined, profile)
+      break
+    default:
+      throw new Error(`Unknown MCP action: ${action}`)
+  }
+
+  return raw
+}
diff --git a/packages/server/src/services/hermes/model-context.ts b/packages/server/src/services/hermes/model-context.ts
new file mode 100644
index 0000000..b76a786
--- /dev/null
+++ b/packages/server/src/services/hermes/model-context.ts
@@ -0,0 +1,448 @@
+import { resolve, join } from 'path'
+import { readFileSync, existsSync, statSync } from 'fs'
+import yaml from 'js-yaml'
+import { PROVIDER_PRESETS } from '../../shared/providers'
+import { getDb } from '../../db'
+import { MODEL_CONTEXT_TABLE } from '../../db/hermes/schemas'
+import { detectHermesHome } from './hermes-path'
+
+const HERMES_BASE = detectHermesHome()
+const MODELS_DEV_CACHE = resolve(HERMES_BASE, 'models_dev_cache.json')
+const DEFAULT_CONTEXT_LENGTH = 256_000
+
+export interface ModelContextLengthOptions {
+  profile?: string
+  model?: string | null
+  provider?: string | null
+}
+
+interface ModelLimit {
+  context?: number
+  output?: number
+  input?: number
+}
+
+interface ModelEntry {
+  id?: string
+  name?: string
+  limit?: ModelLimit
+}
+
+interface ProviderEntry {
+  models?: Record<string, ModelEntry>
+}
+
+interface CustomProviderEntry {
+  name?: string
+  base_url?: string
+  model?: string
+  models?: Record<string, { context_length?: number }>
+}
+
+type ConfigProviderModels = Record<string, { context_length?: number } | string> | string[]
+
+interface ConfigProviderEntry {
+  context_length?: number
+  default_model?: string
+  model?: string
+  models?: ConfigProviderModels
+}
+
+const MODEL_CACHE_PROVIDER_ALIASES: Record<string, string[]> = {
+  gemini: ['google'],
+  moonshot: ['moonshotai'],
+  kilocode: ['kilo'],
+  'ai-gateway': ['vercel'],
+  'opencode-zen': ['opencode'],
+  'opencode-go': ['opencode'],
+  'glm-coding-plan': ['zai-coding-plan'],
+  'kimi-coding': ['kimi-for-coding'],
+  'kimi-coding-cn': ['kimi-for-coding'],
+  'xai-oauth': ['xai'],
+}
+
+// --- Config YAML helpers (js-yaml) ---
+
+function loadConfig(profileDir: string): any | null {
+  const configPath = join(profileDir, 'config.yaml')
+  if (!existsSync(configPath)) return null
+  try {
+    return yaml.load(readFileSync(configPath, 'utf-8'), { json: true }) as any
+  } catch {
+    return null
+  }
+}
+
+// --- In-memory cache: parsed models_dev_cache (1.7MB), invalidated by mtime ---
+
+let _cache: Record<string, ProviderEntry> | null = null
+let _cacheMtime = 0
+const CACHE_TTL_MS = 5 * 60 * 1000 // 5 minutes
+let _cacheLoadedAt = 0
+
+function loadModelsDevCache(): Record<string, ProviderEntry> | null {
+  if (!existsSync(MODELS_DEV_CACHE)) return null
+  try {
+    const stat = statSync(MODELS_DEV_CACHE)
+    const now = Date.now()
+    // Return cached if file hasn't changed and within TTL
+    if (_cache && stat.mtimeMs === _cacheMtime && now - _cacheLoadedAt < CACHE_TTL_MS) {
+      return _cache
+    }
+    const raw = readFileSync(MODELS_DEV_CACHE, 'utf-8')
+    _cache = JSON.parse(raw) as Record<string, ProviderEntry>
+    _cacheMtime = stat.mtimeMs
+    _cacheLoadedAt = now
+    return _cache
+  } catch {
+    return _cache // return stale cache on error
+  }
+}
+
+// --- Profile helpers ---
+
+function getProfileDir(profile?: string): string {
+  if (!profile || profile === 'default') return HERMES_BASE
+  const dir = join(HERMES_BASE, 'profiles', profile)
+  return existsSync(dir) ? dir : HERMES_BASE
+}
+
+function getDefaultModel(config: any): string | null {
+  const model = config?.model
+  if (!model || typeof model !== 'object') return null
+  return typeof model.default === 'string' ? model.default.trim() || null : null
+}
+
+function getDefaultProvider(config: any): string | null {
+  const model = config?.model
+  if (!model || typeof model !== 'object') return null
+  return typeof model.provider === 'string' ? model.provider.trim() || null : null
+}
+
+/**
+ * Read context_length from config.yaml, only as a sibling of default.
+ * e.g. model:\n  default: gpt-5.4\n  context_length: 256000
+ */
+function getConfigContextLength(config: any): number | null {
+  const model = config?.model
+  if (!model || typeof model !== 'object') return null
+  const val = model.context_length
+  if (typeof val !== 'number' || !Number.isFinite(val) || val <= 0) return null
+  return val
+}
+
+function getConfigProvider(config: any, provider: string | null): ConfigProviderEntry | null {
+  if (!provider) return null
+  const providers = config?.providers
+  if (!providers || typeof providers !== 'object') return null
+  const exact = providers[provider]
+  if (exact && typeof exact === 'object') return exact as ConfigProviderEntry
+  const lower = provider.toLowerCase()
+  const match = Object.entries(providers).find(([name]) => name.toLowerCase() === lower)
+  const value = match?.[1]
+  return value && typeof value === 'object' ? value as ConfigProviderEntry : null
+}
+
+function getPositiveNumber(value: unknown): number | null {
+  return typeof value === 'number' && Number.isFinite(value) && value > 0 ? value : null
+}
+
+function providerHasModel(provider: ConfigProviderEntry, modelName: string): boolean {
+  if (provider.default_model === modelName || provider.model === modelName) return true
+  const models = provider.models
+  if (Array.isArray(models)) return models.includes(modelName)
+  return !!models && typeof models === 'object' && Object.prototype.hasOwnProperty.call(models, modelName)
+}
+
+function lookupProviderConfigContextLength(config: any, modelName: string, provider: string | null): number | null {
+  const providerEntry = getConfigProvider(config, provider)
+  if (!providerEntry) return null
+
+  const models = providerEntry.models
+  if (models && !Array.isArray(models) && typeof models === 'object') {
+    const modelEntry = models[modelName]
+    if (modelEntry && typeof modelEntry === 'object') {
+      const modelCtx = getPositiveNumber(modelEntry.context_length)
+      if (modelCtx) return modelCtx
+    }
+  }
+
+  if (!providerHasModel(providerEntry, modelName)) return null
+  return getPositiveNumber(providerEntry.context_length)
+}
+
+function normalizeCustomProviderName(name: string): string {
+  return name.trim().toLowerCase().replace(/ /g, '-')
+}
+
+function normalizeBaseUrl(url: string): string {
+  return url.trim().toLowerCase().replace(/\/+$/, '')
+}
+
+function getModelBaseUrl(config: any): string | null {
+  const model = config?.model
+  if (!model || typeof model !== 'object') return null
+  return typeof model.base_url === 'string' ? model.base_url.trim() || null : null
+}
+
+function getCustomProviders(config: any): CustomProviderEntry[] {
+  return Array.isArray(config?.custom_providers) ? config.custom_providers as CustomProviderEntry[] : []
+}
+
+function resolveCustomProviderEntry(config: any, modelName: string, provider: string | null): CustomProviderEntry | null {
+  if (!provider || !provider.startsWith('custom')) return null
+
+  const providers = getCustomProviders(config)
+  if (provider !== 'custom') {
+    const suffix = normalizeCustomProviderName(provider.slice('custom:'.length))
+    return providers.find((cp) => normalizeCustomProviderName(String(cp?.name || '')) === suffix) || null
+  }
+
+  const modelBaseUrl = getModelBaseUrl(config)
+  if (modelBaseUrl) {
+    const normalizedBaseUrl = normalizeBaseUrl(modelBaseUrl)
+    const exactByBaseUrl = providers.find((cp) =>
+      normalizeBaseUrl(String(cp?.base_url || '')) === normalizedBaseUrl
+      && String(cp?.model || '').trim() === modelName,
+    )
+    if (exactByBaseUrl) return exactByBaseUrl
+  }
+
+  const matchesByModel = providers.filter((cp) => String(cp?.model || '').trim() === modelName)
+  return matchesByModel.length === 1 ? matchesByModel[0] : null
+}
+
+/**
+ * Lookup context_length from custom_providers in config.yaml.
+ * - "custom:xxx" → strip prefix, match by name
+ * - "custom" → match by model name
+ */
+function lookupCustomProviderContextLength(config: any, modelName: string, provider: string | null): number | null {
+  const matched = resolveCustomProviderEntry(config, modelName, provider)
+  if (!matched) return null
+
+  const models = matched.models
+  if (!models || typeof models !== 'object') return null
+
+  const modelEntry = models[modelName]
+  if (!modelEntry || typeof modelEntry !== 'object') return null
+
+  const val = modelEntry.context_length
+  if (typeof val !== 'number' || !Number.isFinite(val) || val <= 0) return null
+  return val
+}
+
+// --- Context lookup ---
+
+function getCachedContext(entry: ModelEntry | undefined): number | null {
+  const context = entry?.limit?.context
+  return typeof context === 'number' && Number.isFinite(context) && context > 0 ? context : null
+}
+
+function normalizeProviderKey(provider: string): string {
+  return provider.trim().toLowerCase()
+}
+
+function getProviderCandidates(provider: string): string[] {
+  const normalized = normalizeProviderKey(provider)
+  return [normalized, ...(MODEL_CACHE_PROVIDER_ALIASES[normalized] || [])]
+}
+
+function getProviderEntry(data: Record<string, ProviderEntry>, provider: string): ProviderEntry | null {
+  const candidates = getProviderCandidates(provider)
+
+  for (const candidate of candidates) {
+    const exact = data[candidate]
+    if (exact) return exact
+  }
+
+  const entries = Object.entries(data)
+  for (const candidate of candidates) {
+    const match = entries.find(([name]) => name.toLowerCase() === candidate)
+    if (match) return match[1]
+  }
+
+  return null
+}
+
+function findModelEntry(models: Record<string, ModelEntry>, modelName: string): ModelEntry | undefined {
+  const exact = models[modelName]
+  if (exact) return exact
+
+  const lower = modelName.toLowerCase()
+  for (const [name, entry] of Object.entries(models)) {
+    if (name.toLowerCase() === lower) return entry
+    if (entry.id?.toLowerCase() === lower) return entry
+    if (entry.name?.toLowerCase() === lower) return entry
+  }
+
+  const suffix = `/${lower}`
+  for (const [name, entry] of Object.entries(models)) {
+    if (name.toLowerCase().endsWith(suffix)) return entry
+    if (entry.id?.toLowerCase().endsWith(suffix)) return entry
+  }
+
+  return undefined
+}
+
+function lookupContextInProvider(provider: ProviderEntry | null, modelName: string): number | null {
+  const models = provider?.models || {}
+  return getCachedContext(findModelEntry(models, modelName))
+}
+
+function lookupContextGloballyByModelName(data: Record<string, ProviderEntry>, modelName: string): number | null {
+  for (const prov of Object.values(data)) {
+    const context = getCachedContext(prov.models?.[modelName])
+    if (context) return context
+  }
+
+  const lower = modelName.toLowerCase()
+  for (const prov of Object.values(data)) {
+    const models = prov.models || {}
+    for (const [name, entry] of Object.entries(models)) {
+      if (name.toLowerCase() === lower) {
+        const context = getCachedContext(entry)
+        if (context) return context
+      }
+    }
+  }
+
+  return null
+}
+
+function lookupUniqueContextGloballyByModelName(data: Record<string, ProviderEntry>, modelName: string): number | null {
+  const exactMatches: number[] = []
+  for (const prov of Object.values(data)) {
+    const context = getCachedContext(prov.models?.[modelName])
+    if (context) exactMatches.push(context)
+    if (exactMatches.length > 1) return null
+  }
+  if (exactMatches.length === 1) return exactMatches[0]
+
+  const lower = modelName.toLowerCase()
+  const ciMatches: number[] = []
+  for (const prov of Object.values(data)) {
+    const models = prov.models || {}
+    for (const [name, entry] of Object.entries(models)) {
+      if (name.toLowerCase() !== lower) continue
+      const context = getCachedContext(entry)
+      if (context) ciMatches.push(context)
+      break
+    }
+    if (ciMatches.length > 1) return null
+  }
+
+  return ciMatches[0] || null
+}
+
+function resolveCacheProviderFromBaseUrl(baseUrl: string | null): string | null {
+  if (!baseUrl) return null
+  const normalizedBaseUrl = normalizeBaseUrl(baseUrl)
+  const preset = PROVIDER_PRESETS.find((entry) => normalizeBaseUrl(entry.base_url) === normalizedBaseUrl)
+  return preset?.value || null
+}
+
+function resolveCustomCacheProvider(config: any, modelName: string, provider: string): string | null {
+  const customEntry = resolveCustomProviderEntry(config, modelName, provider)
+  const entryBaseUrl = typeof customEntry?.base_url === 'string' ? customEntry.base_url : null
+  const providerFromEntryBaseUrl = resolveCacheProviderFromBaseUrl(entryBaseUrl)
+  if (providerFromEntryBaseUrl) return providerFromEntryBaseUrl
+
+  return resolveCacheProviderFromBaseUrl(getModelBaseUrl(config))
+}
+
+function lookupContextFromCache(config: any, modelName: string, provider: string | null): number | null {
+  const data = loadModelsDevCache()
+  if (!data) return null
+
+  if (provider) {
+    if (provider === 'custom' || provider.startsWith('custom:')) {
+      const inferredProvider = resolveCustomCacheProvider(config, modelName, provider)
+
+      if (inferredProvider) {
+        const scoped = lookupContextInProvider(getProviderEntry(data, inferredProvider), modelName)
+        if (scoped) return scoped
+        return null
+      }
+
+      if (provider === 'custom') {
+        return lookupUniqueContextGloballyByModelName(data, modelName)
+      }
+
+      return null
+    }
+
+    return lookupContextInProvider(getProviderEntry(data, provider), modelName)
+  }
+
+  // Legacy configs may omit model.provider; preserve the old global exact/CI lookup semantics.
+  return lookupContextGloballyByModelName(data, modelName)
+}
+
+/**
+ * Get the context length for the current profile's default model.
+ * Resolution order:
+ *   1. model_context database override
+ *   2. provider/model-specific providers.<provider>.models.<model>.context_length
+ *   3. provider-level providers.<provider>.context_length when the model belongs to that provider
+ *   4. custom_providers models.<model>.context_length
+ *   5. top-level model.context_length fallback
+ *   6. models_dev_cache.json, scoped to model.provider when configured
+ *   7. DEFAULT_CONTEXT_LENGTH
+ */
+/**
+ * 从数据库 model_context 表查找上下文长度（最高优先级）
+ */
+function lookupContextFromDatabase(modelName: string, provider: string | null): number | null {
+  const db = getDb()
+  if (!db) return null
+
+  try {
+    // 尝试精确匹配 provider 和 model
+    const row = db
+      .prepare(`SELECT context_limit FROM ${MODEL_CONTEXT_TABLE} WHERE provider = ? AND model = ?`)
+      .get(provider || 'default', modelName) as { context_limit: number } | undefined
+
+    return row?.context_limit || null
+  } catch {
+    return null
+  }
+}
+
+export function getModelContextLength(input?: string | ModelContextLengthOptions): number {
+  const options: ModelContextLengthOptions = typeof input === 'string'
+    ? { profile: input }
+    : input || {}
+  const profile = options.profile
+  const profileDir = getProfileDir(profile)
+  const config = loadConfig(profileDir)
+  if (!config) return DEFAULT_CONTEXT_LENGTH
+
+  const model = String(options.model || '').trim() || getDefaultModel(config)
+  if (!model) return DEFAULT_CONTEXT_LENGTH
+
+  const provider = String(options.provider || '').trim() || getDefaultProvider(config)
+
+  // 0. Database model_context table (highest priority)
+  const dbCtx = lookupContextFromDatabase(model, provider)
+  if (dbCtx && dbCtx > 0) return dbCtx
+
+  // 1. Provider-specific context_length in config.yaml
+  const providerConfigCtx = lookupProviderConfigContextLength(config, model, provider)
+  if (providerConfigCtx && providerConfigCtx > 0) return providerConfigCtx
+
+  // 2. Custom provider context_length
+  const customCtx = lookupCustomProviderContextLength(config, model, provider)
+  if (customCtx && customCtx > 0) return customCtx
+
+  // 3. Global context_length fallback in config.yaml
+  const configCtx = getConfigContextLength(config)
+  if (configCtx && configCtx > 0) return configCtx
+
+  // 4. models_dev_cache.json
+  const cached = lookupContextFromCache(config, model, provider)
+  if (cached) return cached
+
+  // 5. Fallback
+  return DEFAULT_CONTEXT_LENGTH
+}
diff --git a/packages/server/src/services/hermes/ops-monitor.ts b/packages/server/src/services/hermes/ops-monitor.ts
new file mode 100644
index 0000000..23348a1
--- /dev/null
+++ b/packages/server/src/services/hermes/ops-monitor.ts
@@ -0,0 +1,635 @@
+import { execFileSync } from 'child_process'
+import { readFileSync } from 'fs'
+import { cpus, freemem, loadavg, platform, totalmem, uptime } from 'os'
+import { AgentBridgeClient } from './agent-bridge'
+import { getAgentBridgeManager } from './agent-bridge/manager'
+
+export interface ProcessUsage {
+  pid: number
+  role: 'web' | 'broker' | 'worker'
+  profile?: string
+  running: boolean
+  cpuPercent: number
+  memoryRssBytes: number
+  command?: string
+  error?: string
+}
+
+export interface OpsRuntimeSnapshot {
+  timestamp: number
+  system: {
+    platform: NodeJS.Platform
+    arch: string
+    uptimeSeconds: number
+    cpuCount: number
+    cpuPercent: number
+    loadAverage: number[]
+    totalMemoryBytes: number
+    freeMemoryBytes: number
+    usedMemoryBytes: number
+    memoryPercent: number
+  }
+  web: {
+    pid: number
+    uptimeSeconds: number
+    memory: NodeJS.MemoryUsage
+    cpuPercent: number
+  }
+  bridge: {
+    endpoint: string
+    reachable: boolean
+    error?: string
+    broker: {
+      running: boolean
+      ready: boolean
+      pid?: number
+      process?: ProcessUsage
+      restartScheduled: boolean
+      restartAttempts: number
+    }
+    workers: Array<ProcessUsage & {
+      endpoint?: string
+      lastUsedAt?: number
+      sessionCount: number
+      runningSessionCount: number
+    }>
+    totalWorkerMemoryRssBytes: number
+  }
+  sessions: {
+    active: number
+    running: number
+    byProfile: Record<string, number>
+  }
+}
+
+interface CpuTimesSample {
+  idle: number
+  total: number
+}
+
+interface WebCpuSample {
+  at: number
+  usage: NodeJS.CpuUsage
+}
+
+interface ProcessCpuSample {
+  at: number
+  cpuSeconds: number
+}
+
+interface SystemMemoryUsage {
+  totalMemoryBytes: number
+  freeMemoryBytes: number
+  usedMemoryBytes: number
+  memoryPercent: number
+}
+
+let previousSystemCpu: CpuTimesSample | null = null
+let previousWebCpu: WebCpuSample | null = null
+const previousWindowsProcessCpu = new Map<number, ProcessCpuSample>()
+
+function safeCpus(): ReturnType<typeof cpus> {
+  try {
+    return cpus()
+  } catch {
+    return []
+  }
+}
+
+function readProcStatCpuTimes(): CpuTimesSample | null {
+  try {
+    const line = readFileSync('/proc/stat', 'utf-8').split(/\r?\n/, 1)[0]
+    const parts = line.trim().split(/\s+/)
+    if (parts[0] !== 'cpu') return null
+    const values = parts.slice(1).map(value => Number(value)).filter(Number.isFinite)
+    if (values.length < 4) return null
+    const idle = (values[3] || 0) + (values[4] || 0)
+    const total = values.reduce((sum, value) => sum + value, 0)
+    return total > 0 ? { idle, total } : null
+  } catch {
+    return null
+  }
+}
+
+function procCpuCount(): number {
+  try {
+    const cpuinfo = readFileSync('/proc/cpuinfo', 'utf-8')
+    const processors = cpuinfo.match(/^processor\s*:/gim)?.length || 0
+    if (processors > 0) return processors
+    const hardwareThreads = cpuinfo.match(/^CPU part\s*:/gim)?.length || 0
+    return hardwareThreads > 0 ? hardwareThreads : 0
+  } catch {
+    return 0
+  }
+}
+
+function safeCpuCount(): number {
+  return safeCpus().length || procCpuCount() || 1
+}
+
+function safeLoadAverage(): number[] {
+  try {
+    return loadavg()
+  } catch {
+    return [0, 0, 0]
+  }
+}
+
+function safeUptime(): number {
+  try {
+    return uptime()
+  } catch {
+    return 0
+  }
+}
+
+function safeProcessUptime(): number {
+  try {
+    return process.uptime()
+  } catch {
+    return 0
+  }
+}
+
+function safeProcessMemoryUsage(): NodeJS.MemoryUsage {
+  try {
+    return process.memoryUsage()
+  } catch {
+    return {
+      rss: 0,
+      heapTotal: 0,
+      heapUsed: 0,
+      external: 0,
+      arrayBuffers: 0,
+    }
+  }
+}
+
+function readCpuTimes(): CpuTimesSample {
+  let idle = 0
+  let total = 0
+  for (const cpu of safeCpus()) {
+    idle += cpu.times.idle
+    total += Object.values(cpu.times).reduce((sum, value) => sum + value, 0)
+  }
+  if (total > 0) return { idle, total }
+  return readProcStatCpuTimes() || { idle: 0, total: 0 }
+}
+
+function sampleSystemCpuPercent(): number | null {
+  try {
+    const current = readCpuTimes()
+    const previous = previousSystemCpu
+    previousSystemCpu = current
+    if (!previous) return null
+
+    const idleDelta = current.idle - previous.idle
+    const totalDelta = current.total - previous.total
+    if (totalDelta <= 0) return null
+    return clampPercent(((totalDelta - idleDelta) / totalDelta) * 100)
+  } catch {
+    return null
+  }
+}
+
+function sampleWebCpuPercent(): number | null {
+  try {
+    const current = {
+      at: Date.now(),
+      usage: process.cpuUsage(),
+    }
+    const previous = previousWebCpu
+    previousWebCpu = current
+    if (!previous) return null
+
+    const elapsedMicros = (current.at - previous.at) * 1000
+    const used = (current.usage.user - previous.usage.user) + (current.usage.system - previous.usage.system)
+    if (elapsedMicros <= 0 || used < 0) return null
+    return clampPercent((used / elapsedMicros / safeCpuCount()) * 100)
+  } catch {
+    return null
+  }
+}
+
+function clampPercent(value: number): number {
+  return Math.max(0, Math.min(100, Math.round(value * 10) / 10))
+}
+
+function numberOrNull(value: unknown): number | null {
+  const parsed = Number(value)
+  return Number.isFinite(parsed) ? parsed : null
+}
+
+function fallbackSystemMemoryUsage(): SystemMemoryUsage {
+  let memoryTotal = 0
+  let memoryFree = 0
+  try {
+    memoryTotal = totalmem()
+    memoryFree = freemem()
+  } catch {}
+  const usedMemory = memoryTotal - memoryFree
+  return {
+    totalMemoryBytes: memoryTotal,
+    freeMemoryBytes: memoryFree,
+    usedMemoryBytes: usedMemory,
+    memoryPercent: memoryTotal > 0 ? clampPercent((usedMemory / memoryTotal) * 100) : 0,
+  }
+}
+
+function parseVmStatPageCount(line: string): number | null {
+  const match = line.match(/:\s+([\d.]+)\.?$/)
+  if (!match) return null
+  const value = Number(match[1].replace(/\./g, ''))
+  return Number.isFinite(value) ? value : null
+}
+
+export function parseMacVmStatMemory(vmStatOutput: string, totalMemoryBytes: number): SystemMemoryUsage | null {
+  const pageSize = Number(vmStatOutput.match(/page size of\s+(\d+)\s+bytes/i)?.[1])
+  if (!Number.isFinite(pageSize) || pageSize <= 0 || totalMemoryBytes <= 0) return null
+
+  const pages: Record<string, number> = {}
+  for (const line of vmStatOutput.split(/\r?\n/)) {
+    const count = parseVmStatPageCount(line.trim())
+    if (count == null) continue
+    if (line.includes('Pages active')) pages.active = count
+    else if (line.includes('Pages wired down')) pages.wired = count
+    else if (line.includes('Pages occupied by compressor')) pages.compressed = count
+  }
+
+  const usedPages = (pages.active || 0) + (pages.wired || 0) + (pages.compressed || 0)
+  if (usedPages <= 0) return null
+  const usedMemory = Math.min(totalMemoryBytes, usedPages * pageSize)
+  const freeMemory = Math.max(0, totalMemoryBytes - usedMemory)
+
+  return {
+    totalMemoryBytes,
+    freeMemoryBytes: freeMemory,
+    usedMemoryBytes: usedMemory,
+    memoryPercent: clampPercent((usedMemory / totalMemoryBytes) * 100),
+  }
+}
+
+function collectMacSystemMemoryUsage(): SystemMemoryUsage | null {
+  try {
+    const totalRaw = execFileSync('sysctl', ['-n', 'hw.memsize'], {
+      encoding: 'utf-8',
+      timeout: 3000,
+    }).trim()
+    const totalMemoryBytes = Number(totalRaw)
+    const vmStatOutput = execFileSync('vm_stat', {
+      encoding: 'utf-8',
+      timeout: 3000,
+    })
+    return parseMacVmStatMemory(vmStatOutput, totalMemoryBytes)
+  } catch {
+    return null
+  }
+}
+
+function collectSystemMemoryUsage(): SystemMemoryUsage {
+  if (platform() === 'darwin') {
+    return collectMacSystemMemoryUsage() || fallbackSystemMemoryUsage()
+  }
+  return fallbackSystemMemoryUsage()
+}
+
+function collectPosixProcessMetrics(pids: number[]): Map<number, Partial<ProcessUsage>> {
+  const metrics = collectProcfsProcessMetrics(pids)
+  if (!pids.length) return metrics
+  try {
+    const output = execFileSync('ps', ['-o', 'pid=,pcpu=,rss=,comm=', '-p', pids.join(',')], {
+      encoding: 'utf-8',
+      timeout: 3000,
+    })
+    for (const line of output.split(/\r?\n/)) {
+      const trimmed = line.trim()
+      if (!trimmed) continue
+      const [pidRaw, cpuRaw, rssRaw, ...commandParts] = trimmed.split(/\s+/)
+      const pid = Number(pidRaw)
+      if (!Number.isFinite(pid)) continue
+      const rssKb = numberOrNull(rssRaw)
+      metrics.set(pid, {
+        cpuPercent: numberOrNull(cpuRaw) ?? 0,
+        memoryRssBytes: rssKb == null ? metrics.get(pid)?.memoryRssBytes : rssKb * 1024,
+        command: commandParts.join(' ') || undefined,
+      })
+    }
+    return metrics
+  } catch {
+    return metrics
+  }
+}
+
+function collectProcfsProcessMetrics(pids: number[]): Map<number, Partial<ProcessUsage>> {
+  const metrics = new Map<number, Partial<ProcessUsage>>()
+  for (const pid of pids) {
+    try {
+      const status = readFileSync(`/proc/${pid}/status`, 'utf-8')
+      const rssKb = Number(status.match(/^VmRSS:\s+(\d+)\s+kB/im)?.[1])
+      const name = status.match(/^Name:\s+(.+)$/im)?.[1]?.trim()
+      metrics.set(pid, {
+        cpuPercent: 0,
+        memoryRssBytes: Number.isFinite(rssKb) ? rssKb * 1024 : 0,
+        command: name,
+      })
+    } catch {}
+  }
+  return metrics
+}
+
+function parseWindowsJson(output: string): any[] {
+  if (!output.trim()) return []
+  const parsed = JSON.parse(output)
+  return Array.isArray(parsed) ? parsed : [parsed]
+}
+
+function sampleWindowsProcessCpuPercent(pid: number, cpuSeconds: number): number {
+  const current = { at: Date.now(), cpuSeconds }
+  const previous = previousWindowsProcessCpu.get(pid)
+  previousWindowsProcessCpu.set(pid, current)
+  if (!previous) return 0
+
+  const elapsedSeconds = (current.at - previous.at) / 1000
+  const cpuDelta = current.cpuSeconds - previous.cpuSeconds
+  if (elapsedSeconds <= 0 || cpuDelta < 0) return 0
+  return clampPercent((cpuDelta / elapsedSeconds / safeCpuCount()) * 100)
+}
+
+function collectWindowsProcessMetrics(pids: number[]): Map<number, Partial<ProcessUsage>> {
+  if (!pids.length) return new Map()
+  const idList = pids.join(',')
+  try {
+    const script = [
+      `$ids=@(${idList});`,
+      '$all=Get-CimInstance Win32_Process | Select-Object ProcessId,ParentProcessId;',
+      '$byParent=@{};',
+      'foreach($p in $all){$parent=[int]$p.ParentProcessId;if(-not $byParent.ContainsKey($parent)){$byParent[$parent]=@()};$byParent[$parent]+=[int]$p.ProcessId};',
+      '$result=@();',
+      'foreach($root in $ids){',
+      '$seen=@{};$queue=New-Object System.Collections.Queue;$queue.Enqueue([int]$root);$tree=@();',
+      'while($queue.Count -gt 0){$current=[int]$queue.Dequeue();if($seen.ContainsKey($current)){continue};$seen[$current]=$true;$tree+=$current;if($byParent.ContainsKey($current)){foreach($child in $byParent[$current]){$queue.Enqueue([int]$child)}}};',
+      '$procs=Get-Process -Id $tree -ErrorAction SilentlyContinue;',
+      '$mem=0.0;$cpu=0.0;$names=@();',
+      'foreach($proc in $procs){$mem+=[double]$proc.WorkingSet64;if($null -ne $proc.CPU){$cpu+=[double]$proc.CPU};$names+=$proc.ProcessName};',
+      '$result+=[pscustomobject]@{pid=[int]$root;cpuSeconds=[double]$cpu;memoryRssBytes=[double]$mem;command=($names -join "+")}',
+      '};',
+      '$result',
+      '| ConvertTo-Json -Compress',
+    ].join(' ')
+    const output = execFileSync('powershell.exe', ['-NoProfile', '-Command', script], {
+      encoding: 'utf-8',
+      timeout: 5000,
+      windowsHide: true,
+    })
+    const metrics = new Map<number, Partial<ProcessUsage>>()
+    for (const item of parseWindowsJson(output)) {
+      const pid = Number(item?.pid)
+      if (!Number.isFinite(pid)) continue
+      const cpuSeconds = numberOrNull(item?.cpuSeconds) ?? 0
+      metrics.set(pid, {
+        cpuPercent: sampleWindowsProcessCpuPercent(pid, cpuSeconds),
+        memoryRssBytes: numberOrNull(item?.memoryRssBytes) ?? 0,
+        command: typeof item?.command === 'string' ? item.command : undefined,
+      })
+    }
+    return metrics
+  } catch {}
+
+  try {
+    const script = [
+      `$ids=@(${idList});`,
+      'Get-CimInstance Win32_PerfFormattedData_PerfProc_Process',
+      '| Where-Object { $ids -contains [int]$_.IDProcess }',
+      '| Select-Object @{Name="pid";Expression={[int]$_.IDProcess}},@{Name="cpuPercent";Expression={[double]$_.PercentProcessorTime}},@{Name="memoryRssBytes";Expression={[double]$_.WorkingSet}},@{Name="command";Expression={$_.Name}}',
+      '| ConvertTo-Json -Compress',
+    ].join(' ')
+    const output = execFileSync('powershell.exe', ['-NoProfile', '-Command', script], {
+      encoding: 'utf-8',
+      timeout: 5000,
+      windowsHide: true,
+    })
+    const metrics = new Map<number, Partial<ProcessUsage>>()
+    for (const item of parseWindowsJson(output)) {
+      const pid = Number(item?.pid)
+      if (!Number.isFinite(pid)) continue
+      metrics.set(pid, {
+        cpuPercent: numberOrNull(item?.cpuPercent) ?? 0,
+        memoryRssBytes: numberOrNull(item?.memoryRssBytes) ?? 0,
+        command: typeof item?.command === 'string' ? item.command : undefined,
+      })
+    }
+    return metrics
+  } catch {}
+
+  const metrics = new Map<number, Partial<ProcessUsage>>()
+  for (const pid of pids) {
+    try {
+      const output = execFileSync('tasklist.exe', ['/FI', `PID eq ${pid}`, '/FO', 'CSV', '/NH'], {
+        encoding: 'utf-8',
+        timeout: 3000,
+        windowsHide: true,
+      })
+      const line = output.split(/\r?\n/).find(item => item.includes(`"${pid}"`))
+      if (!line) continue
+      const columns = line.match(/(".*?"|[^",]+)(?=\s*,|\s*$)/g)?.map(value => value.replace(/^"|"$/g, '')) || []
+      const memoryKb = Number(columns[4]?.replace(/[^\d]/g, ''))
+      metrics.set(pid, {
+        cpuPercent: 0,
+        memoryRssBytes: Number.isFinite(memoryKb) ? memoryKb * 1024 : 0,
+        command: columns[0],
+      })
+    } catch {}
+  }
+  return metrics
+}
+
+function collectProcessMetrics(pids: number[]): Map<number, Partial<ProcessUsage>> {
+  const uniquePids = [...new Set(pids.filter(pid => Number.isFinite(pid) && pid > 0))]
+  return platform() === 'win32'
+    ? collectWindowsProcessMetrics(uniquePids)
+    : collectPosixProcessMetrics(uniquePids)
+}
+
+function processUsage(
+  pid: number | undefined,
+  role: ProcessUsage['role'],
+  metrics: Map<number, Partial<ProcessUsage>>,
+  profile?: string,
+): ProcessUsage | undefined {
+  if (!pid) return undefined
+  const metric = metrics.get(pid)
+  return {
+    pid,
+    role,
+    profile,
+    running: !!metric,
+    cpuPercent: metric?.cpuPercent ?? 0,
+    memoryRssBytes: metric?.memoryRssBytes ?? 0,
+    command: metric?.command,
+  }
+}
+
+function normalizeWorker(raw: unknown): {
+  running: boolean
+  pid?: number
+  endpoint?: string
+  lastUsedAt?: number
+} {
+  if (typeof raw === 'boolean') return { running: raw }
+  if (!raw || typeof raw !== 'object') return { running: false }
+  const record = raw as Record<string, unknown>
+  const pid = Number(record.pid)
+  const lastUsedAt = Number(record.last_used_at)
+  return {
+    running: !!record.running,
+    pid: Number.isFinite(pid) && pid > 0 ? pid : undefined,
+    endpoint: typeof record.endpoint === 'string' ? record.endpoint : undefined,
+    lastUsedAt: Number.isFinite(lastUsedAt) ? lastUsedAt : undefined,
+  }
+}
+
+export function createEmptyOpsRuntimeSnapshot(error?: string): OpsRuntimeSnapshot {
+  return {
+    timestamp: Date.now(),
+    system: {
+      platform: process.platform,
+      arch: process.arch,
+      uptimeSeconds: safeUptime(),
+      cpuCount: safeCpuCount(),
+      cpuPercent: 0,
+      loadAverage: safeLoadAverage(),
+      totalMemoryBytes: 0,
+      freeMemoryBytes: 0,
+      usedMemoryBytes: 0,
+      memoryPercent: 0,
+    },
+    web: {
+      pid: process.pid,
+      uptimeSeconds: safeProcessUptime(),
+      memory: safeProcessMemoryUsage(),
+      cpuPercent: 0,
+    },
+    bridge: {
+      endpoint: '',
+      reachable: false,
+      error,
+      broker: {
+        running: false,
+        ready: false,
+        restartScheduled: false,
+        restartAttempts: 0,
+      },
+      workers: [],
+      totalWorkerMemoryRssBytes: 0,
+    },
+    sessions: {
+      active: 0,
+      running: 0,
+      byProfile: {},
+    },
+  }
+}
+
+export async function getOpsRuntimeSnapshot(): Promise<OpsRuntimeSnapshot> {
+  const manager = getAgentBridgeManager()
+  const managerState = manager.getRuntimeState()
+  let bridgeReachable = false
+  let bridgeError: string | undefined
+  let bridgePing: Record<string, any> = {}
+
+  try {
+    const client = new AgentBridgeClient({ endpoint: managerState.endpoint, timeoutMs: 2000, connectRetryMs: 0 })
+    bridgePing = await client.ping() as Record<string, any>
+    bridgeReachable = true
+  } catch (err: any) {
+    bridgeError = err?.message || 'Agent bridge is not reachable'
+  }
+
+  const workerEntries = Object.entries((bridgePing.worker_details || {}) as Record<string, unknown>)
+    .map(([profile, value]) => [profile, normalizeWorker(value)] as const)
+  const brokerPid = Number(bridgePing.broker?.pid || managerState.pid)
+  const pids = [
+    process.pid,
+    Number.isFinite(brokerPid) ? brokerPid : undefined,
+    ...workerEntries.map(([, worker]) => worker.pid),
+  ].filter((pid): pid is number => typeof pid === 'number' && pid > 0)
+  const processMetrics = collectProcessMetrics(pids)
+
+  const sessionCountsByProfile: Record<string, number> = {}
+  if (bridgePing.sessions_by_profile && typeof bridgePing.sessions_by_profile === 'object') {
+    for (const [profileName, count] of Object.entries(bridgePing.sessions_by_profile)) {
+      const value = Number(count)
+      if (Number.isFinite(value)) sessionCountsByProfile[profileName] = value
+    }
+  }
+  const runningSessionCountsByProfile: Record<string, number> = {}
+  if (bridgePing.running_sessions_by_profile && typeof bridgePing.running_sessions_by_profile === 'object') {
+    for (const [profileName, count] of Object.entries(bridgePing.running_sessions_by_profile)) {
+      const value = Number(count)
+      if (Number.isFinite(value)) runningSessionCountsByProfile[profileName] = value
+    }
+  }
+  const runningSessions = Number(bridgePing.running_sessions || 0)
+
+  const workers = workerEntries.map(([profileName, worker]) => {
+    const usage = processUsage(worker.pid, 'worker', processMetrics, profileName)
+    return {
+      pid: worker.pid || 0,
+      role: 'worker' as const,
+      profile: profileName,
+      running: worker.running,
+      cpuPercent: usage?.cpuPercent ?? 0,
+      memoryRssBytes: usage?.memoryRssBytes ?? 0,
+      command: usage?.command,
+      endpoint: worker.endpoint,
+      lastUsedAt: worker.lastUsedAt,
+      sessionCount: sessionCountsByProfile[profileName] || 0,
+      runningSessionCount: runningSessionCountsByProfile[profileName] || 0,
+    }
+  })
+
+  const systemMemory = collectSystemMemoryUsage()
+  const totalWorkerMemory = workers.reduce((sum, worker) => sum + (worker.memoryRssBytes || 0), 0)
+
+  return {
+    timestamp: Date.now(),
+    system: {
+      platform: process.platform,
+      arch: process.arch,
+      uptimeSeconds: safeUptime(),
+      cpuCount: safeCpuCount(),
+      cpuPercent: sampleSystemCpuPercent() ?? 0,
+      loadAverage: safeLoadAverage(),
+      totalMemoryBytes: systemMemory.totalMemoryBytes,
+      freeMemoryBytes: systemMemory.freeMemoryBytes,
+      usedMemoryBytes: systemMemory.usedMemoryBytes,
+      memoryPercent: systemMemory.memoryPercent,
+    },
+    web: {
+      pid: process.pid,
+      uptimeSeconds: safeProcessUptime(),
+      memory: safeProcessMemoryUsage(),
+      cpuPercent: sampleWebCpuPercent() ?? 0,
+    },
+    bridge: {
+      endpoint: managerState.endpoint,
+      reachable: bridgeReachable,
+      error: bridgeError,
+      broker: {
+        running: managerState.running,
+        ready: managerState.ready,
+        pid: Number.isFinite(brokerPid) && brokerPid > 0 ? brokerPid : undefined,
+        process: processUsage(Number.isFinite(brokerPid) ? brokerPid : undefined, 'broker', processMetrics),
+        restartScheduled: managerState.restartScheduled,
+        restartAttempts: managerState.restartAttempts,
+      },
+      workers,
+      totalWorkerMemoryRssBytes: totalWorkerMemory,
+    },
+    sessions: {
+      active: Number(bridgePing.active_sessions || 0),
+      running: runningSessions,
+      byProfile: sessionCountsByProfile,
+    },
+  }
+}
diff --git a/packages/server/src/services/hermes/plugins.ts b/packages/server/src/services/hermes/plugins.ts
new file mode 100644
index 0000000..46710f2
--- /dev/null
+++ b/packages/server/src/services/hermes/plugins.ts
@@ -0,0 +1,270 @@
+import { execFile } from 'child_process'
+import { promisify } from 'util'
+import { getActiveProfileDir, getProfileDir } from './hermes-profile'
+import { resolveAgentBridgeCommand } from './agent-bridge/manager'
+
+const execFileAsync = promisify(execFile)
+
+export type HermesPluginSource = 'bundled' | 'user' | 'project' | 'entrypoint'
+export type HermesPluginKind = 'standalone' | 'backend' | 'exclusive' | 'platform' | 'model-provider'
+export type HermesPluginConfigStatus = 'enabled' | 'disabled' | 'not-enabled' | 'auto' | 'provider-managed'
+export type HermesPluginEffectiveStatus = 'enabled' | 'disabled' | 'inactive' | 'auto-active' | 'provider-managed'
+
+export interface HermesPluginInfo {
+  key: string
+  name: string
+  kind: HermesPluginKind | string
+  source: HermesPluginSource | string
+  configStatus: HermesPluginConfigStatus
+  effectiveStatus: HermesPluginEffectiveStatus
+  version: string
+  description: string
+  author: string
+  path: string
+  providesTools: string[]
+  providesHooks: string[]
+  requiresEnv: Array<string | Record<string, unknown>>
+}
+
+export interface HermesPluginsMetadata {
+  hermesAgentRoot: string
+  pythonExecutable: string
+  cwd: string
+  projectPluginsEnabled: boolean
+}
+
+export interface HermesPluginsResponse {
+  plugins: HermesPluginInfo[]
+  warnings: string[]
+  metadata: HermesPluginsMetadata
+}
+
+const PYTHON_BRIDGE = String.raw`
+import json
+import os
+import sys
+import traceback
+from pathlib import Path
+
+warnings = []
+agent_root = os.environ.get("HERMES_AGENT_ROOT_RESOLVED", "")
+
+# python -c normally prepends the process cwd to sys.path. Remove it before any
+# Hermes imports so an arbitrary WUI launch directory cannot shadow modules like
+# hermes_cli, hermes_constants, utils, or yaml. The process cwd is still preserved
+# separately for optional project-plugin scanning below.
+sys.path = [entry for entry in sys.path if entry not in ("", os.getcwd())]
+if agent_root:
+    sys.path.insert(0, agent_root)
+
+try:
+    from hermes_cli.plugins import (
+        PluginManager,
+        get_bundled_plugins_dir,
+        _get_disabled_plugins,
+        _get_enabled_plugins,
+    )
+    from hermes_constants import get_hermes_home
+except Exception as exc:
+    print(json.dumps({
+        "error": "Failed to import Hermes Agent plugin modules",
+        "detail": str(exc),
+        "traceback": traceback.format_exc(),
+    }))
+    sys.exit(2)
+
+
+def env_enabled(name):
+    return os.getenv(name, "").strip().lower() in ("1", "true", "yes", "on")
+
+
+def safe_scan(label, fn):
+    try:
+        return fn()
+    except Exception as exc:
+        warnings.append(f"{label}: {exc}")
+        return []
+
+
+def coerce_list(value):
+    return value if isinstance(value, list) else []
+
+
+def read_manifest_list(plugin_path, *keys):
+    try:
+        import yaml
+        plugin_dir = Path(plugin_path)
+        manifest_file = plugin_dir / "plugin.yaml"
+        if not manifest_file.exists():
+            manifest_file = plugin_dir / "plugin.yml"
+        if not manifest_file.exists():
+            return []
+        data = yaml.safe_load(manifest_file.read_text(encoding="utf-8")) or {}
+        for key in keys:
+            value = data.get(key)
+            if isinstance(value, list):
+                return value
+        return []
+    except Exception as exc:
+        warnings.append(f"manifest metadata at {plugin_path}: {exc}")
+        return []
+
+
+def manifest_list(manifest, attr, *manifest_keys):
+    value = coerce_list(getattr(manifest, attr, []))
+    if value:
+        return value
+    return read_manifest_list(getattr(manifest, "path", ""), *manifest_keys)
+
+manager = PluginManager()
+manifests = []
+
+bundled_root = get_bundled_plugins_dir()
+manifests.extend(safe_scan(
+    f"bundled plugins at {bundled_root}",
+    lambda: manager._scan_directory(
+        bundled_root,
+        source="bundled",
+        skip_names={"platforms"},
+    ),
+))
+manifests.extend(safe_scan(
+    f"bundled platform plugins at {bundled_root / 'platforms'}",
+    lambda: manager._scan_directory(bundled_root / "platforms", source="bundled"),
+))
+
+user_dir = get_hermes_home() / "plugins"
+manifests.extend(safe_scan(
+    f"user plugins at {user_dir}",
+    lambda: manager._scan_directory(user_dir, source="user"),
+))
+
+project_plugins_enabled = env_enabled("HERMES_ENABLE_PROJECT_PLUGINS")
+if project_plugins_enabled:
+    project_dir = Path.cwd() / ".hermes" / "plugins"
+    manifests.extend(safe_scan(
+        f"project plugins at {project_dir}",
+        lambda: manager._scan_directory(project_dir, source="project"),
+    ))
+
+manifests.extend(safe_scan(
+    "pip entry-point plugins",
+    lambda: manager._scan_entry_points(),
+))
+
+winners = {}
+for manifest in manifests:
+    key = manifest.key or manifest.name
+    winners[key] = manifest
+
+disabled = _get_disabled_plugins()
+enabled = _get_enabled_plugins()
+enabled_set = enabled if enabled is not None else set()
+
+plugins = []
+for key, manifest in sorted(winners.items(), key=lambda item: item[0].lower()):
+    disabled_match = key in disabled or manifest.name in disabled
+    enabled_match = key in enabled_set or manifest.name in enabled_set
+
+    if disabled_match:
+        config_status = "disabled"
+        effective_status = "disabled"
+    elif manifest.kind == "exclusive":
+        config_status = "provider-managed"
+        effective_status = "provider-managed"
+    elif manifest.kind == "model-provider":
+        config_status = "provider-managed"
+        effective_status = "provider-managed"
+    elif manifest.source == "bundled" and manifest.kind in ("backend", "platform"):
+        config_status = "auto"
+        effective_status = "auto-active"
+    elif enabled_match:
+        config_status = "enabled"
+        effective_status = "enabled"
+    else:
+        config_status = "not-enabled"
+        effective_status = "inactive"
+
+    plugins.append({
+        "key": key,
+        "name": manifest.name,
+        "kind": manifest.kind,
+        "source": manifest.source,
+        "configStatus": config_status,
+        "effectiveStatus": effective_status,
+        "version": manifest.version or "",
+        "description": manifest.description or "",
+        "author": manifest.author or "",
+        "path": manifest.path or "",
+        "providesTools": manifest_list(manifest, "provides_tools", "provides_tools", "tools"),
+        "providesHooks": manifest_list(manifest, "provides_hooks", "provides_hooks", "hooks"),
+        "requiresEnv": manifest_list(manifest, "requires_env", "requires_env"),
+    })
+
+print(json.dumps({
+    "plugins": plugins,
+    "warnings": warnings,
+    "metadata": {
+        "hermesAgentRoot": os.environ.get("HERMES_AGENT_ROOT_RESOLVED", ""),
+        "pythonExecutable": sys.executable,
+        "cwd": str(Path.cwd()),
+        "projectPluginsEnabled": project_plugins_enabled,
+    },
+}))
+`
+
+function extractError(err: any): string {
+  const stdout = typeof err?.stdout === 'string' ? err.stdout.trim() : ''
+  const stderr = typeof err?.stderr === 'string' ? err.stderr.trim() : ''
+  return [err?.message, stdout, stderr].filter(Boolean).join('\n')
+}
+
+export async function listHermesPlugins(profile?: string): Promise<HermesPluginsResponse> {
+  const command = resolveAgentBridgeCommand()
+  const agentRoot = command.agentRoot || ''
+  const hermesHome = profile ? getProfileDir(profile) : getActiveProfileDir()
+  const env: NodeJS.ProcessEnv = {
+    ...process.env,
+    HERMES_AGENT_ROOT_RESOLVED: agentRoot,
+    HERMES_HOME: hermesHome,
+  }
+  if (!agentRoot) {
+    delete env.PYTHONHOME
+    delete env.PYTHONPATH
+  }
+  const pythonArgs = [
+    ...command.argsPrefix,
+    ...(agentRoot ? ['-I'] : []),
+    '-c',
+    PYTHON_BRIDGE,
+  ]
+  const displayArgs = [
+    ...command.argsPrefix,
+    ...(agentRoot ? ['-I'] : []),
+    '-c',
+    '<plugin-discovery>',
+  ].join(' ')
+
+  const errors: string[] = []
+  try {
+    const { stdout, stderr } = await execFileAsync(command.command, pythonArgs, {
+      cwd: process.cwd(),
+      env,
+      windowsHide: true,
+      timeout: 15000,
+      maxBuffer: 10 * 1024 * 1024,
+    })
+    const parsed = JSON.parse(stdout) as HermesPluginsResponse & { error?: string; detail?: string }
+    if ((parsed as any).error) {
+      throw new Error(`${(parsed as any).error}: ${(parsed as any).detail || 'unknown error'}`)
+    }
+    if (stderr?.trim()) {
+      parsed.warnings = [...(parsed.warnings || []), stderr.trim()]
+    }
+    return parsed
+  } catch (err: any) {
+    errors.push(`${command.command} ${displayArgs}: ${extractError(err)}`)
+  }
+
+  throw new Error(`Failed to discover Hermes plugins.\n${errors.join('\n')}`)
+}
diff --git a/packages/server/src/services/hermes/profile-credentials.ts b/packages/server/src/services/hermes/profile-credentials.ts
new file mode 100644
index 0000000..bf30d3b
--- /dev/null
+++ b/packages/server/src/services/hermes/profile-credentials.ts
@@ -0,0 +1,188 @@
+/**
+ * 智能克隆 Profile 凭据管理
+ *
+ * 背景：`hermes profile create --clone` 会完整复制源 profile 的 .env + config.yaml，
+ * 包括各平台的独占凭据（Weixin / Telegram / Slack / ...）。
+ * 这导致多个 profile 同时持有同一个 bot token，hermes-agent 内部的 token 互斥机制
+ * 会让后启动的 gateway 在健康检查阶段被 kill，表现为"profile 加载错误"。
+ *
+ * 解决方案：clone 完成后，对新 profile 自动执行：
+ *   1. 从 .env 中删除所有匹配独占平台前缀的 KEY
+ *   2. 把 config.yaml 中独占平台的 `enabled: true` 改为 false
+ * 操作前会备份原文件为 `.bak.<timestamp>`。
+ */
+
+import { existsSync, readFileSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { homedir } from 'os'
+import yaml from 'js-yaml'
+import { detectHermesHome } from './hermes-path'
+
+const HERMES_BASE = detectHermesHome()
+
+/**
+ * 已知"独占型"平台的环境变量前缀正则
+ *
+ * 这些平台的凭据本质上是"一对一身份绑定"：一个 token / app_id 对应唯一一个机器人或账号。
+ * 多个 profile 共享同一凭据会触发 hermes-agent 的 token 互斥机制 → 启动失败。
+ *
+ * 不在此列表的（模型 provider API key、工具调试开关等）视为可安全共享。
+ *
+ * **来源（不要凭主观推测扩展）**：与 hermes-agent `gateway/platforms/` 中实际调用
+ * `_acquire_platform_lock` / `acquire_scoped_lock` 的 adapter 1:1 对齐。
+ * 验证方法：`grep -l _acquire_platform_lock gateway/platforms/*.py`。
+ * 当前匹配上游的 7 个：discord, feishu, signal, slack, telegram, weixin, whatsapp。
+ */
+export const EXCLUSIVE_PLATFORM_ENV_PATTERNS: RegExp[] = [
+  /^TELEGRAM_/,  // Telegram bot
+  /^DISCORD_/,   // Discord bot
+  /^SLACK_/,     // Slack app
+  /^WHATSAPP_/,  // WhatsApp Business
+  /^SIGNAL_/,    // Signal
+  /^WEIXIN_/,    // 个人微信 bot
+  /^FEISHU_/,    // 飞书
+]
+
+/**
+ * 已知"独占型"平台在 config.yaml 中 `platforms.<name>` 节点的名称集合
+ * 与 EXCLUSIVE_PLATFORM_ENV_PATTERNS 一一对应，用于禁用 `enabled` 字段。
+ */
+export const EXCLUSIVE_PLATFORMS = [
+  'telegram', 'discord', 'slack', 'whatsapp', 'signal', 'weixin', 'feishu',
+]
+
+/**
+ * config.yaml 中独占平台节点下的"敏感凭据字段"黑名单
+ *
+ * 仅在 EXCLUSIVE_PLATFORMS 节点（含其 `extra` 子节点）下作用，避免误伤模型 provider key
+ * 等其他配置。clone 时这些字段会被一并删除，防止用户后续 re-enable 平台时复用源 profile
+ * 的身份。
+ */
+export const EXCLUSIVE_PLATFORM_CREDENTIAL_KEYS = [
+  'token', 'bot_token', 'app_token',
+  'signing_secret', 'app_secret', 'client_secret',
+  'access_token', 'webhook_secret',
+  'account_id', 'phone_number_id', 'app_id',
+]
+
+/** 判断 .env 中的 KEY 是否属于独占平台凭据 */
+export function isExclusivePlatformKey(key: string): boolean {
+  return EXCLUSIVE_PLATFORM_ENV_PATTERNS.some(re => re.test(key))
+}
+
+/**
+ * 清理 .env 文件中的独占平台凭据
+ * @param envPath .env 文件绝对路径
+ * @returns 被删除的 KEY 名列表（按 .env 中出现顺序）；文件不存在或无需删除时返回 []
+ *
+ * 副作用：实际删除前会备份为 `.env.bak.<timestamp>`，便于用户恢复。
+ */
+export function stripExclusivePlatformCredentials(envPath: string): string[] {
+  if (!existsSync(envPath)) return []
+  const original = readFileSync(envPath, 'utf-8')
+  const lines = original.split('\n')
+  const removedKeys: string[] = []
+  const kept: string[] = []
+  for (const line of lines) {
+    const m = line.match(/^([A-Z_][A-Z0-9_]*)\s*=/)
+    if (m && isExclusivePlatformKey(m[1])) {
+      removedKeys.push(m[1])
+    } else {
+      kept.push(line)
+    }
+  }
+  if (removedKeys.length === 0) return []
+  writeFileSync(`${envPath}.bak.${Date.now()}`, original, 'utf-8')
+  writeFileSync(envPath, kept.join('\n'), 'utf-8')
+  return removedKeys
+}
+
+/**
+ * 禁用 config.yaml 中已知独占平台的 enabled 字段，并清理节点下的敏感凭据
+ * @param configPath config.yaml 绝对路径
+ * @returns
+ *   - disabled: 被禁用的平台名列表
+ *   - strippedConfigCredentials: 被清理的凭据字段路径（如 'weixin.extra.token'）
+ *   无任何修改时两个字段均为空数组。
+ *
+ * 副作用：实际改写前会备份为 `config.yaml.bak.<timestamp>`。
+ */
+export function disableExclusivePlatformsInConfig(configPath: string): {
+  disabled: string[]
+  strippedConfigCredentials: string[]
+} {
+  if (!existsSync(configPath)) return { disabled: [], strippedConfigCredentials: [] }
+  const original = readFileSync(configPath, 'utf-8')
+  let cfg: any
+  try {
+    cfg = yaml.load(original, { json: true })
+  } catch {
+    return { disabled: [], strippedConfigCredentials: [] }
+  }
+  if (!cfg || typeof cfg !== 'object') return { disabled: [], strippedConfigCredentials: [] }
+  const platforms = cfg.platforms
+  if (!platforms || typeof platforms !== 'object') return { disabled: [], strippedConfigCredentials: [] }
+
+  const disabled: string[] = []
+  const strippedConfigCredentials: string[] = []
+
+  for (const platName of EXCLUSIVE_PLATFORMS) {
+    const node = platforms[platName]
+    if (!node || typeof node !== 'object') continue
+
+    if (node.enabled === true) {
+      node.enabled = false
+      disabled.push(platName)
+    }
+
+    // 清理节点直挂的凭据字段
+    for (const k of EXCLUSIVE_PLATFORM_CREDENTIAL_KEYS) {
+      if (k in node) {
+        delete node[k]
+        strippedConfigCredentials.push(`${platName}.${k}`)
+      }
+    }
+    // 清理 extra 子节点中的凭据字段
+    if (node.extra && typeof node.extra === 'object') {
+      for (const k of EXCLUSIVE_PLATFORM_CREDENTIAL_KEYS) {
+        if (k in node.extra) {
+          delete node.extra[k]
+          strippedConfigCredentials.push(`${platName}.extra.${k}`)
+        }
+      }
+    }
+  }
+
+  if (disabled.length === 0 && strippedConfigCredentials.length === 0) {
+    return { disabled: [], strippedConfigCredentials: [] }
+  }
+  writeFileSync(`${configPath}.bak.${Date.now()}`, original, 'utf-8')
+  writeFileSync(configPath, yaml.dump(cfg, { lineWidth: -1 }), 'utf-8')
+  return { disabled, strippedConfigCredentials }
+}
+
+export interface SmartCloneCleanup {
+  /** 从 .env 中删除的 KEY 名列表 */
+  strippedCredentials: string[]
+  /** 在 config.yaml 中被禁用的平台名列表 */
+  disabledPlatforms: string[]
+  /** 在 config.yaml 中被清理的内嵌凭据字段路径（如 'weixin.extra.token'） */
+  strippedConfigCredentials: string[]
+}
+
+/**
+ * 一站式：清理新 profile 的独占凭据 + 禁用 config.yaml 中的独占平台
+ *
+ * @param profileName profile 名称（'default' → ~/.hermes/，其他 → ~/.hermes/profiles/<name>/）
+ */
+export function smartCloneCleanup(profileName: string): SmartCloneCleanup {
+  const profileDir = profileName === 'default'
+    ? HERMES_BASE
+    : join(HERMES_BASE, 'profiles', profileName)
+  const configResult = disableExclusivePlatformsInConfig(join(profileDir, 'config.yaml'))
+  return {
+    strippedCredentials: stripExclusivePlatformCredentials(join(profileDir, '.env')),
+    disabledPlatforms: configResult.disabled,
+    strippedConfigCredentials: configResult.strippedConfigCredentials,
+  }
+}
diff --git a/packages/server/src/services/hermes/profile-list-parser.ts b/packages/server/src/services/hermes/profile-list-parser.ts
new file mode 100644
index 0000000..5995271
--- /dev/null
+++ b/packages/server/src/services/hermes/profile-list-parser.ts
@@ -0,0 +1,81 @@
+export interface ProfileListRuntimeInfo {
+  active: boolean
+  gatewayStatus?: string
+  alias?: string
+}
+
+const GATEWAY_STATUS_TOKENS = new Set([
+  'running',
+  'stopped',
+  'starting',
+  'active',
+  'stop',
+  '—',
+  '-',
+])
+
+function normalizeProfileLine(line: string): { active: boolean; body: string } | null {
+  const trimmed = line.trim()
+  if (!trimmed || trimmed.startsWith('Profile') || trimmed.match(/^─/)) return null
+  const active = trimmed.startsWith('◆')
+  return {
+    active,
+    body: active ? trimmed.slice(1).trim() : trimmed,
+  }
+}
+
+function matchProfileLine(body: string, profileNames: string[]): { profile: string; rest: string } | null {
+  for (const profile of profileNames) {
+    if (body === profile) return { profile, rest: '' }
+    if (body.startsWith(profile) && /\s/.test(body.charAt(profile.length))) {
+      return { profile, rest: body.slice(profile.length).trim() }
+    }
+  }
+  return null
+}
+
+function extractGatewayInfo(rest: string): { gatewayStatus?: string; alias?: string } {
+  const parts = rest.split(/\s+/).filter(Boolean)
+  for (let i = 0; i < parts.length; i += 1) {
+    const token = parts[i]
+    if (GATEWAY_STATUS_TOKENS.has(token.toLowerCase())) {
+      const alias = parts[i + 1]
+      return {
+        gatewayStatus: token,
+        alias: alias && alias !== '—' && alias !== '-' ? alias : undefined,
+      }
+    }
+  }
+  return {}
+}
+
+export function parseProfileListRuntimeInfo(stdout: string, profileNames: string[]): Map<string, ProfileListRuntimeInfo> {
+  const result = new Map<string, ProfileListRuntimeInfo>()
+  const sortedProfiles = [...new Set(profileNames.map(name => name.trim()).filter(Boolean))]
+    .sort((a, b) => b.length - a.length)
+  const normalized = stdout.replace(/\r\n/g, '\n').replace(/\r/g, '\n')
+  const lines = normalized.trim().split('\n').filter(Boolean)
+
+  for (const line of lines) {
+    const parsed = normalizeProfileLine(line)
+    if (!parsed) continue
+    const matched = matchProfileLine(parsed.body, sortedProfiles)
+    if (!matched) continue
+    const gateway = extractGatewayInfo(matched.rest)
+    result.set(matched.profile, {
+      active: parsed.active,
+      ...gateway,
+    })
+  }
+
+  return result
+}
+
+export function parseGatewayStatusesFromProfileList(stdout: string, profileNames: string[]): Map<string, string> {
+  const runtimes = parseProfileListRuntimeInfo(stdout, profileNames)
+  const statuses = new Map<string, string>()
+  for (const [profile, info] of runtimes) {
+    if (info.gatewayStatus) statuses.set(profile, info.gatewayStatus)
+  }
+  return statuses
+}
diff --git a/packages/server/src/services/hermes/run-chat/abort.ts b/packages/server/src/services/hermes/run-chat/abort.ts
new file mode 100644
index 0000000..09a5be0
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/abort.ts
@@ -0,0 +1,150 @@
+/**
+ * Abort handler — cancels in-progress runs (both API server and CLI bridge).
+ */
+
+import type { Server, Socket } from 'socket.io'
+import { updateSessionStats } from '../../../db/hermes/session-store'
+import { logger } from '../../logger'
+import { flushBridgePendingToDb } from './bridge-message'
+import { flushResponseRunToDb } from './response-stream'
+import { replaceState } from './compression'
+import { calcAndUpdateUsage } from './usage'
+import type { QueuedRun, SessionState } from './types'
+
+export async function handleAbort(
+  nsp: ReturnType<Server['of']>,
+  socket: Socket,
+  sessionId: string,
+  sessionMap: Map<string, SessionState>,
+  bridge: any,
+  runQueuedItem: (socket: Socket, sessionId: string, next: QueuedRun, fallbackProfile?: string) => void,
+) {
+  const state = sessionMap.get(sessionId)
+  if (!state?.isWorking || (!state.runId && !state.abortController)) {
+    logger.info({ sessionId }, '[chat-run-socket][abort] ignored: no active run')
+    if (state) {
+      state.isWorking = false
+      state.isAborting = false
+      state.abortController = undefined
+      state.runId = undefined
+      state.events = []
+    }
+    emitToSession(nsp, socket, sessionId, 'abort.completed', {
+      event: 'abort.completed',
+      synced: false,
+      ignored: true,
+    })
+    return
+  }
+
+  const runId = state.runId
+  state.isAborting = true
+  replaceState(sessionMap, sessionId, 'abort.started', {
+    event: 'abort.started',
+    run_id: runId,
+    graceMs: 5000,
+  })
+  emitToSession(nsp, socket, sessionId, 'abort.started', {
+    event: 'abort.started',
+    run_id: runId,
+    graceMs: 5000,
+  })
+  logger.info({ sessionId, runId }, '[chat-run-socket][abort] started')
+
+  // Flush in-memory assistant text to DB before aborting the stream.
+  if (state.source === 'cli') {
+    flushBridgePendingToDb(state, sessionId)
+  } else {
+    flushResponseRunToDb(state, sessionId)
+  }
+
+  if (state.source === 'cli') {
+    try {
+      await bridge.interrupt(sessionId, 'Aborted by user', state.profile)
+    } catch (err) {
+      logger.warn(err, '[chat-run-socket][abort] failed to interrupt CLI bridge for session %s', sessionId)
+    }
+    try {
+      await bridge.goalPause?.(sessionId, 'user-interrupted', state.profile)
+      state.queue = state.queue.filter(item => !item.goalContinuation)
+    } catch (err) {
+      logger.debug(err, '[chat-run-socket][abort] goal pause-on-interrupt skipped for session %s', sessionId)
+    }
+  } else if (state.abortController) {
+    state.abortController.abort()
+  }
+
+  await markAbortCompleted(nsp, socket, sessionId, runId || 'response_stream', sessionMap, runQueuedItem)
+}
+
+export async function markAbortCompleted(
+  nsp: ReturnType<Server['of']>,
+  socket: Socket,
+  sessionId: string,
+  runId: string,
+  sessionMap: Map<string, SessionState>,
+  runQueuedItem: (socket: Socket, sessionId: string, next: QueuedRun, fallbackProfile?: string) => void,
+) {
+  const state = sessionMap.get(sessionId)
+  if (!state) return
+
+  const profile = state.profile
+  updateSessionStats(sessionId)
+  const emit = (event: string, payload: any) => {
+    nsp.to(`session:${sessionId}`).emit(event, { ...payload, session_id: sessionId })
+  }
+  await calcAndUpdateUsage(sessionId, state, emit)
+
+  state.isWorking = false
+  state.isAborting = false
+  state.profile = undefined
+  state.abortController = undefined
+  state.runId = undefined
+  state.responseRun = undefined
+  state.activeRunMarker = undefined
+
+  // Process queued messages after abort completes
+  if (state.queue.length > 0) {
+    const next = state.queue.shift()!
+    state.isWorking = true
+    state.isAborting = false
+    state.profile = next.profile || profile
+    state.source = next.source
+    logger.info('[chat-run-socket][abort] dequeuing queued run for session %s (remaining: %d)', sessionId, state.queue.length)
+    replaceState(sessionMap, sessionId, 'abort.completed', {
+      event: 'abort.completed',
+      run_id: runId,
+      synced: true,
+      queue_length: state.queue.length + 1,
+    })
+    emitToSession(nsp, socket, sessionId, 'abort.completed', {
+      event: 'abort.completed',
+      run_id: runId,
+      synced: true,
+      queue_length: state.queue.length + 1,
+    })
+    emitToSession(nsp, socket, sessionId, 'run.queued', {
+      event: 'run.queued',
+      queue_length: state.queue.length,
+    })
+    state.events = []
+    runQueuedItem(socket, sessionId, next, profile || 'default')
+    return
+  }
+
+  state.events = []
+  emitToSession(nsp, socket, sessionId, 'abort.completed', {
+    event: 'abort.completed',
+    run_id: runId,
+    synced: true,
+  })
+  logger.info({ sessionId, runId, synced: true }, '[chat-run-socket][abort] completed')
+}
+
+function emitToSession(nsp: ReturnType<Server['of']>, socket: Socket, sessionId: string, event: string, payload: any) {
+  const tagged = { ...payload, session_id: sessionId }
+  nsp.to(`session:${sessionId}`).emit(event, tagged)
+  if (!nsp.adapter.rooms.get(`session:${sessionId}`)?.size && socket.connected) {
+    socket.emit(event, tagged)
+  }
+}
diff --git a/packages/server/src/services/hermes/run-chat/bridge-delta.ts b/packages/server/src/services/hermes/run-chat/bridge-delta.ts
new file mode 100644
index 0000000..652f8f2
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/bridge-delta.ts
@@ -0,0 +1,116 @@
+export interface BridgeDeltaFilterState {
+  bridgePendingToolCallMarkup?: string
+}
+
+const TOOL_CALL_MARKER = '[Calling tool:'
+const MAX_PENDING_TOOL_MARKUP_LENGTH = 100_000
+
+/**
+ * Flush any partial-prefix that was held back waiting to see if it would
+ * become a `[Calling tool: ...]` marker. Call this when the streaming
+ * context guarantees no marker can follow (e.g. on `tool.started`,
+ * `tool.completed`, run completion, run failure, abort).
+ *
+ * Without this, deltas that legitimately end with `[`, `[C`, `[Ca`, ...,
+ * `[Calling tool` are silently dropped from the user-visible stream
+ * because the filter expected the buffered chars to either complete the
+ * marker (and be discarded) or be released by a follow-up delta — but
+ * follow-up deltas don't always come for the SAME assistant message.
+ *
+ * Returns the buffered text so callers can forward it to the client as
+ * a regular `message.delta` payload.
+ */
+export function flushPendingToolCallMarkup(state: BridgeDeltaFilterState): string {
+  const pending = state.bridgePendingToolCallMarkup || ''
+  state.bridgePendingToolCallMarkup = ''
+  return pending
+}
+
+function findToolMarkupEnd(text: string, start: number): number {
+  let depth = 0
+  let inString = false
+  let escaped = false
+
+  for (let i = start; i < text.length; i += 1) {
+    const ch = text[i]
+    if (inString) {
+      if (escaped) {
+        escaped = false
+      } else if (ch === '\\') {
+        escaped = true
+      } else if (ch === '"') {
+        inString = false
+      }
+      continue
+    }
+
+    if (ch === '"') {
+      inString = true
+      continue
+    }
+    if (ch === '[') {
+      depth += 1
+      continue
+    }
+    if (ch === ']') {
+      depth -= 1
+      if (depth === 0) return i + 1
+    }
+  }
+
+  return -1
+}
+
+function trailingMarkerPrefixLength(text: string): number {
+  const max = Math.min(text.length, TOOL_CALL_MARKER.length - 1)
+  for (let len = max; len > 0; len -= 1) {
+    if (TOOL_CALL_MARKER.startsWith(text.slice(text.length - len))) return len
+  }
+  return 0
+}
+
+export function filterBridgeToolCallMarkupDelta(
+  state: BridgeDeltaFilterState,
+  delta: string,
+): string {
+  if (!delta) return ''
+
+  const text = `${state.bridgePendingToolCallMarkup || ''}${delta}`
+  state.bridgePendingToolCallMarkup = ''
+
+  let out = ''
+  let idx = 0
+  while (idx < text.length) {
+    const markerIdx = text.indexOf(TOOL_CALL_MARKER, idx)
+    if (markerIdx < 0) {
+      const rest = text.slice(idx)
+      const pendingPrefixLength = trailingMarkerPrefixLength(rest)
+      if (pendingPrefixLength > 0) {
+        out += rest.slice(0, rest.length - pendingPrefixLength)
+        state.bridgePendingToolCallMarkup = rest.slice(rest.length - pendingPrefixLength)
+      } else {
+        out += rest
+      }
+      break
+    }
+
+    out += text.slice(idx, markerIdx)
+    const end = findToolMarkupEnd(text, markerIdx)
+    if (end < 0) {
+      state.bridgePendingToolCallMarkup = text.slice(markerIdx)
+      if (state.bridgePendingToolCallMarkup.length > MAX_PENDING_TOOL_MARKUP_LENGTH) {
+        state.bridgePendingToolCallMarkup = ''
+      }
+      break
+    }
+
+    idx = end
+    if (text[idx] === '\r' && text[idx + 1] === '\n') {
+      idx += 2
+    } else if (text[idx] === '\n') {
+      idx += 1
+    }
+  }
+
+  return out
+}
diff --git a/packages/server/src/services/hermes/run-chat/bridge-message.ts b/packages/server/src/services/hermes/run-chat/bridge-message.ts
new file mode 100644
index 0000000..7c3497d
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/bridge-message.ts
@@ -0,0 +1,203 @@
+/**
+ * Bridge message management — flush pending content to DB,
+ * track tool calls, manage assistant message lifecycle.
+ */
+
+import { addMessage } from '../../../db/hermes/session-store'
+import { logger } from '../../logger'
+import type { SessionMessage, SessionState } from './types'
+
+export function flushBridgePendingToDb(state: SessionState, sessionId: string, runMarker?: string) {
+  const content = state.bridgePendingAssistantContent || ''
+  const reasoning = state.bridgePendingReasoningContent || ''
+  if (!content.trim()) return
+  if (runMarker) {
+    const last = findOpenBridgeAssistantMessage(state, runMarker)
+    if (last) syncBridgeReasoningToMessage(last, reasoning)
+  }
+  addMessage({
+    session_id: sessionId,
+    role: 'assistant',
+    content,
+    reasoning: reasoning || null,
+    reasoning_content: reasoning || null,
+    timestamp: Math.floor(Date.now() / 1000),
+  })
+  state.bridgePendingAssistantContent = ''
+  state.bridgePendingReasoningContent = ''
+  if (runMarker) {
+    const last = findOpenBridgeAssistantMessage(state, runMarker)
+    if (last && last.finish_reason == null) last.finish_reason = 'stop'
+  }
+}
+
+export function findOpenBridgeAssistantMessage(state: SessionState, runMarker: string): SessionMessage | undefined {
+  return [...state.messages]
+    .reverse()
+    .find(m => m.runMarker === runMarker && m.role === 'assistant' && m.finish_reason == null)
+}
+
+export function ensureOpenBridgeAssistantMessage(
+  state: SessionState,
+  sessionId: string,
+  runMarker: string,
+): SessionMessage {
+  const existing = findOpenBridgeAssistantMessage(state, runMarker)
+  if (existing) return existing
+  const message: SessionMessage = {
+    id: state.messages.length + 1,
+    session_id: sessionId,
+    runMarker,
+    role: 'assistant',
+    content: '',
+    timestamp: Math.floor(Date.now() / 1000),
+  }
+  state.messages.push(message)
+  return message
+}
+
+export function syncBridgeReasoningToMessage(message: SessionMessage, reasoning?: string) {
+  if (!reasoning) return
+  message.reasoning = reasoning
+  message.reasoning_content = reasoning
+}
+
+export function recordBridgeToolStarted(
+  state: SessionState,
+  sessionId: string,
+  runMarker: string,
+  toolName: string,
+  args: Record<string, unknown> | undefined,
+  rawToolCallId: unknown,
+): { id: string; name: string; arguments: string } {
+  const id = bridgeToolCallId(state, rawToolCallId, toolName)
+  const argsString = args ? JSON.stringify(args) : '{}'
+  const reasoning = state.bridgePendingReasoningContent || ''
+  const toolCall = {
+    id,
+    type: 'function',
+    function: {
+      name: toolName,
+      arguments: argsString,
+    },
+  }
+  const timestamp = Math.floor(Date.now() / 1000)
+
+  state.bridgePendingTools = state.bridgePendingTools || []
+  state.bridgePendingTools.push({
+    id,
+    name: toolName,
+    arguments: argsString,
+    startedAt: Date.now(),
+  })
+
+  const openMessage = findOpenBridgeAssistantMessage(state, runMarker)
+  if (openMessage && !openMessage.content && !openMessage.tool_calls?.length) {
+    openMessage.tool_calls = [toolCall]
+    openMessage.finish_reason = 'tool_calls'
+    openMessage.reasoning = reasoning || openMessage.reasoning || null
+    openMessage.reasoning_content = reasoning || openMessage.reasoning_content || null
+    openMessage.timestamp = timestamp
+  } else {
+    state.messages.push({
+      id: state.messages.length + 1,
+      session_id: sessionId,
+      runMarker,
+      role: 'assistant',
+      content: '',
+      tool_calls: [toolCall],
+      finish_reason: 'tool_calls',
+      reasoning: reasoning || null,
+      reasoning_content: reasoning || null,
+      timestamp,
+    })
+  }
+  addMessage({
+    session_id: sessionId,
+    role: 'assistant',
+    content: '',
+    tool_calls: [toolCall],
+    finish_reason: 'tool_calls',
+    reasoning: reasoning || null,
+    reasoning_content: reasoning || null,
+    timestamp,
+  })
+  state.bridgePendingReasoningContent = ''
+
+  return { id, name: toolName, arguments: argsString }
+}
+
+export function recordBridgeToolCompleted(
+  state: SessionState,
+  sessionId: string,
+  runMarker: string,
+  toolName: string,
+  ev: Record<string, unknown>,
+): { id: string; output: string; duration?: number } {
+  state.bridgePendingTools = state.bridgePendingTools || []
+  const rawId = ev.tool_call_id
+  let idx = rawId
+    ? state.bridgePendingTools.findIndex(tool => tool.id === String(rawId))
+    : -1
+  if (idx < 0 && toolName) {
+    idx = state.bridgePendingTools.findIndex(tool => tool.name === toolName)
+  }
+  if (idx < 0) {
+    idx = state.bridgePendingTools.length - 1
+  }
+  const pending = idx >= 0 ? state.bridgePendingTools.splice(idx, 1)[0] : undefined
+  const id = pending?.id || bridgeToolCallId(state, rawId, toolName)
+  const output = bridgeToolOutput(ev)
+  const timestamp = Math.floor(Date.now() / 1000)
+  logger.info(
+    '[chat-run-socket][bridge] recording CLI tool result session=%s tool=%s tool_call_id=%s raw_tool_call_id=%s output_len=%d has_result=%s has_output=%s has_result_preview=%s has_preview=%s event_keys=%s',
+    sessionId,
+    toolName,
+    id,
+    String(rawId || ''),
+    output.length,
+    String(ev.result != null),
+    String(ev.output != null),
+    String(ev.result_preview != null),
+    String(ev.preview != null),
+    Object.keys(ev).join(','),
+  )
+
+  state.messages.push({
+    id: state.messages.length + 1,
+    session_id: sessionId,
+    runMarker,
+    role: 'tool',
+    content: output,
+    tool_call_id: id,
+    tool_name: toolName || pending?.name || null,
+    timestamp,
+  })
+  addMessage({
+    session_id: sessionId,
+    role: 'tool',
+    content: output,
+    tool_call_id: id,
+    tool_name: toolName || pending?.name || null,
+    timestamp,
+  })
+
+  const duration = pending?.startedAt
+    ? Math.round((Date.now() - pending.startedAt) / 10) / 100
+    : undefined
+
+  return { id, output, duration }
+}
+
+export function bridgeToolCallId(state: SessionState, rawToolCallId: unknown, toolName: string): string {
+  const raw = String(rawToolCallId || '').trim()
+  if (raw) return raw
+  state.bridgeToolCounter = (state.bridgeToolCounter || 0) + 1
+  const safeName = (toolName || 'tool').replace(/[^a-zA-Z0-9_-]/g, '_')
+  return `cli_${safeName}_${state.bridgeToolCounter}`
+}
+
+export function bridgeToolOutput(ev: Record<string, unknown>): string {
+  const value = ev.result ?? ev.output ?? ev.result_preview ?? ev.preview ?? ''
+  return typeof value === 'string' ? value : JSON.stringify(value ?? '')
+}
diff --git a/packages/server/src/services/hermes/run-chat/compression.ts b/packages/server/src/services/hermes/run-chat/compression.ts
new file mode 100644
index 0000000..29e383d
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/compression.ts
@@ -0,0 +1,568 @@
+/**
+ * Context compression — build conversation history from DB,
+ * apply snapshot-aware compression and LLM summarization.
+ */
+
+import {
+  getSessionDetail,
+  getSession,
+} from '../../../db/hermes/session-store'
+import { getCompressionSnapshot } from '../../../db/hermes/compression-snapshot'
+import { ChatContextCompressor, SUMMARY_PREFIX } from '../../../lib/context-compressor'
+import { getModelContextLength } from '../model-context'
+import { readConfigYamlForProfile } from '../../config-helpers'
+import { logger } from '../../logger'
+import { bridgeLogger } from '../../logger'
+import { calcAndUpdateUsage, estimateUsageTokensFromMessages, updateMessageContextTokenUsage } from './usage'
+import { isAssistantMessageSendable } from './message-format'
+import type { ChatMessage, CompressionConfig as CompressorConfig } from '../../../lib/context-compressor'
+import type { SessionState, BridgeCompressionResult } from './types'
+
+interface RunChatCompressionConfig {
+  enabled: boolean
+  triggerTokens: number
+  compressor: Partial<CompressorConfig>
+}
+
+export class ContextWindowTooSmallError extends Error {
+  constructor(message: string) {
+    super(message)
+    this.name = 'ContextWindowTooSmallError'
+  }
+}
+
+function isContextWindowTooSmallError(err: unknown): err is ContextWindowTooSmallError {
+  return err instanceof ContextWindowTooSmallError || (err instanceof Error && err.name === 'ContextWindowTooSmallError')
+}
+
+function isSnapshotUsable(
+  snapshot: { lastMessageIndex: number } | null,
+  history: ChatMessage[],
+): boolean {
+  return !!snapshot && snapshot.lastMessageIndex >= 0 && snapshot.lastMessageIndex < history.length
+}
+
+function buildSnapshotHistory(
+  snapshot: { summary: string; lastMessageIndex: number } | null,
+  history: ChatMessage[],
+  compressionConfig?: Partial<CompressorConfig>,
+): ChatMessage[] | null {
+  if (!snapshot) return null
+  const headCount = compressionConfig?.headMessageCount || 0
+  const tailCount = compressionConfig?.tailMessageCount || 0
+  const protectedHead = headCount > 0 ? history.slice(0, headCount) : []
+  const summaryMessage = { role: 'user', content: SUMMARY_PREFIX + '\n\n' + snapshot.summary } as ChatMessage
+
+  if (isSnapshotUsable(snapshot, history)) {
+    return [
+      ...protectedHead,
+      summaryMessage,
+      ...history.slice(snapshot.lastMessageIndex + 1),
+    ]
+  }
+
+  const tailStart = Math.max(protectedHead.length, history.length - tailCount)
+  return [
+    ...protectedHead,
+    summaryMessage,
+    ...history.slice(tailStart),
+  ]
+}
+
+export async function buildSnapshotAwareHistory(
+  sessionId: string,
+  profile: string,
+  history: ChatMessage[],
+  modelContext: { model?: string | null; provider?: string | null } = {},
+): Promise<ChatMessage[]> {
+  const snapshot = getCompressionSnapshot(sessionId)
+  if (!snapshot) return history
+  const contextLength = getModelContextLength({
+    profile,
+    model: modelContext.model,
+    provider: modelContext.provider,
+  })
+  const compressionConfig = await getRunChatCompressionConfig(profile, contextLength)
+  return buildSnapshotHistory(snapshot, history, compressionConfig.compressor) || history
+}
+
+function clampRatio(value: unknown, fallback: number, min: number, max: number): number {
+  const n = typeof value === 'number' && Number.isFinite(value) ? value : fallback
+  return Math.min(max, Math.max(min, n))
+}
+
+function clampInt(value: unknown, fallback: number, min: number, max: number): number {
+  const n = typeof value === 'number' && Number.isFinite(value) ? Math.floor(value) : fallback
+  return Math.min(max, Math.max(min, n))
+}
+
+async function getRunChatCompressionConfig(profile: string, contextLength: number): Promise<RunChatCompressionConfig> {
+  let raw: Record<string, any> = {}
+  try {
+    raw = (await readConfigYamlForProfile(profile))?.compression || {}
+  } catch (err) {
+    logger.warn(err, '[context-compress] failed to read compression config for profile %s, using defaults', profile)
+  }
+
+  const threshold = clampRatio(raw.threshold, 0.5, 0.05, 0.95)
+  const targetRatio = clampRatio(raw.target_ratio, 0.2, 0.01, 0.8)
+  const protectLastN = clampInt(raw.protect_last_n, 20, 0, 500)
+  const protectFirstN = clampInt(raw.protect_first_n, 3, 0, 100)
+
+  return {
+    enabled: raw.enabled !== false,
+    triggerTokens: Math.floor(contextLength * threshold),
+    compressor: {
+      triggerTokens: Math.floor(contextLength * threshold),
+      summaryBudget: Math.max(1_000, Math.floor(contextLength * targetRatio)),
+      headMessageCount: protectFirstN,
+      tailMessageCount: protectLastN,
+    },
+  }
+}
+
+/**
+ * Load conversation history from DB with full message structure (user/assistant/tool).
+ */
+export async function buildDbHistory(
+  sessionId: string,
+  options: { excludeLastUser?: boolean } = {},
+): Promise<ChatMessage[]> {
+  const detail = getSessionDetail(sessionId)
+  if (!detail?.messages?.length) return []
+
+  const validMessages = detail.messages.filter(m =>
+    (m.role === 'user' || m.role === 'assistant' || m.role === 'tool') && m.content !== undefined,
+  )
+
+  const sourceMessages = options.excludeLastUser
+    ? (() => {
+      const lastUserMsgIndex = [...validMessages].reverse().findIndex(m => m.role === 'user')
+      return lastUserMsgIndex >= 0
+        ? validMessages.slice(0, validMessages.length - lastUserMsgIndex - 1)
+        : validMessages
+    })()
+    : validMessages
+
+  return sourceMessages.map((m, idx, arr) => {
+    const msg: any = { role: m.role, content: m.content || '' }
+    if (m.reasoning_content) msg.reasoning_content = m.reasoning_content
+    if (m.tool_calls?.length) {
+      const cleanedToolCalls = m.tool_calls
+        .filter((tc: any) => tc.id && tc.id.length > 0)
+        .map((tc: any) => ({ id: tc.id, type: tc.type, function: tc.function }))
+      if (cleanedToolCalls.length > 0) msg.tool_calls = cleanedToolCalls
+    }
+    if (m.role === 'tool') {
+      let callId = m.tool_call_id
+      if (!callId || callId.length === 0) {
+        const prevMsg = arr[idx - 1]
+        if (prevMsg?.role === 'assistant' && prevMsg.tool_calls?.length) {
+          const tc = prevMsg.tool_calls.find((t: any) => t.function?.name === m.tool_name)
+          if (tc?.id) callId = tc.id
+        }
+      }
+      if (!callId || callId.length === 0) return null
+      msg.tool_call_id = callId
+    }
+    if (m.tool_name) msg.name = m.tool_name
+    if (m.role === 'assistant' && !isAssistantMessageSendable(msg)) {
+      logger.warn('[chat-run-socket] skipped empty assistant message while building history for session %s', sessionId)
+      return null
+    }
+    return msg
+  }).filter((m): m is ChatMessage => m !== null)
+}
+
+export function estimateSnapshotAwareHistoryUsage(
+  sessionId: string,
+  history: ChatMessage[],
+): { messageCount: number; tokenCount: number } {
+  const snapshot = getCompressionSnapshot(sessionId)
+  const messages = buildSnapshotHistory(snapshot, history) || history
+  const usage = estimateUsageTokensFromMessages(messages)
+  return {
+    messageCount: messages.length,
+    tokenCount: usage.inputTokens + usage.outputTokens,
+  }
+}
+
+export async function buildCompressedHistory(
+  sessionId: string,
+  profile: string,
+  upstream: string,
+  apiKey: string | undefined,
+  emit: (event: string, payload: any) => void,
+  sessionMap: Map<string, SessionState>,
+  modelContext: { model?: string | null; provider?: string | null } = {},
+  contextTokenEstimator?: (messages: ChatMessage[], messageTokens: number) => Promise<number | null | undefined>,
+  currentInputTokens = 0,
+): Promise<ChatMessage[]> {
+  try {
+    let history = await buildDbHistory(sessionId, { excludeLastUser: true })
+
+    const contextLength = getModelContextLength({
+      profile,
+      model: modelContext.model,
+      provider: modelContext.provider,
+    })
+    const compressionConfig = await getRunChatCompressionConfig(profile, contextLength)
+    const triggerTokens = compressionConfig.triggerTokens
+    if (!compressionConfig.enabled) {
+      logger.info('[context-compress] session=%s: compression disabled by config', sessionId)
+      return history
+    }
+    const cState = getOrCreateSession(sessionMap, sessionId)
+    const assembledTokens = await calcAndUpdateUsage(sessionId, cState, emit)
+    const currentRunInputTokens = typeof currentInputTokens === 'number' && Number.isFinite(currentInputTokens) && currentInputTokens > 0
+      ? Math.floor(currentInputTokens)
+      : 0
+    const estimateLocalContextTokens = async (messages: ChatMessage[], messageTokens: number) => {
+      const localMessageTokens = Math.max(0, Math.floor(messageTokens))
+      try {
+        const estimate = await contextTokenEstimator?.(messages, localMessageTokens)
+        if (typeof estimate === 'number' && Number.isFinite(estimate) && estimate > 0) return Math.floor(estimate)
+      } catch (err) {
+        logger.warn(err, '[context-compress] session=%s: fixed context token estimate failed; using message-only estimate', sessionId)
+      }
+      return localMessageTokens
+    }
+    const emitContextUsage = (contextTokens: number) => {
+      cState.contextTokens = contextTokens
+      emit('usage.updated', {
+        event: 'usage.updated',
+        session_id: sessionId,
+        inputTokens: cState.inputTokens ?? assembledTokens.inputTokens,
+        outputTokens: cState.outputTokens ?? assembledTokens.outputTokens,
+        contextTokens,
+      })
+    }
+    const messageOnlyTotalTokens = assembledTokens.inputTokens + assembledTokens.outputTokens
+    let totalTokens = messageOnlyTotalTokens
+
+    if (history.length === 0) {
+      totalTokens = await estimateLocalContextTokens([], Math.max(currentRunInputTokens, messageOnlyTotalTokens))
+      if (totalTokens > triggerTokens) {
+        throw new ContextWindowTooSmallError(
+          `Context window is too small: fixed prompt/tool overhead plus the current input uses ~${totalTokens} tokens, exceeding compression threshold ${triggerTokens}. Increase model context length, raise compression.threshold, shorten the input, or disable some tools.`,
+        )
+      }
+      if (totalTokens > 0) emitContextUsage(totalTokens)
+      return []
+    }
+
+    const canCompressHistory = history.length > 4
+    const snapshot = getCompressionSnapshot(sessionId)
+    const staleSnapshot = snapshot && !isSnapshotUsable(snapshot, history)
+    if (staleSnapshot) {
+      logger.warn('[context-compress] session=%s: stale snapshot index %d for %d history messages; using summary plus safe tail',
+        sessionId, snapshot.lastMessageIndex, history.length)
+      const staleHistory = buildSnapshotHistory(snapshot, history, compressionConfig.compressor) || history
+      const staleUsage = estimateUsageTokensFromMessages(staleHistory)
+      const staleMessageTokens = staleUsage.inputTokens + staleUsage.outputTokens
+      const staleRunMessageTokens = Math.max(staleMessageTokens + currentRunInputTokens, messageOnlyTotalTokens)
+      totalTokens = await estimateLocalContextTokens(staleHistory, staleRunMessageTokens)
+      emitContextUsage(totalTokens)
+      logger.info({
+        sessionId,
+        profile,
+        messages: staleHistory.length,
+        messageOnlyTokens: staleRunMessageTokens,
+        fullContextTokens: totalTokens,
+        triggerTokens,
+        decision: totalTokens > triggerTokens ? 'compress' : 'skip',
+        snapshot: 'stale',
+      }, '[context-compress] threshold check')
+    }
+
+    if (snapshot && !staleSnapshot) {
+      const newMessages = history.slice(snapshot.lastMessageIndex + 1)
+      const snapshotHistory = buildSnapshotHistory(snapshot, history, compressionConfig.compressor) || history
+      const snapshotUsage = estimateUsageTokensFromMessages(snapshotHistory)
+      const snapshotMessageTokens = snapshotUsage.inputTokens + snapshotUsage.outputTokens
+      const snapshotRunMessageTokens = Math.max(snapshotMessageTokens + currentRunInputTokens, messageOnlyTotalTokens)
+      totalTokens = await estimateLocalContextTokens(snapshotHistory, snapshotRunMessageTokens)
+      emitContextUsage(totalTokens)
+      logger.info({
+        sessionId,
+        profile,
+        messages: snapshotHistory.length,
+        messageOnlyTokens: snapshotRunMessageTokens,
+        fullContextTokens: totalTokens,
+        triggerTokens,
+        decision: totalTokens > triggerTokens ? 'compress' : 'skip',
+        snapshot: 'usable',
+      }, '[context-compress] threshold check')
+      logger.info('[context-compress] session=%s: snapshot at %d, %d new messages, assembled ~%d tokens (threshold %d)',
+        sessionId, snapshot.lastMessageIndex, newMessages.length, totalTokens, triggerTokens)
+      if (totalTokens <= triggerTokens) {
+        history = snapshotHistory
+      } else {
+        history = await compressHistory(history, newMessages, sessionId, upstream, apiKey, cState, totalTokens, emit, sessionMap, modelContext, compressionConfig.compressor, currentRunInputTokens)
+      }
+    } else if (snapshot && staleSnapshot) {
+      if (totalTokens <= triggerTokens) {
+        history = buildSnapshotHistory(snapshot, history, compressionConfig.compressor) || history
+      } else {
+        history = await compressHistory(history, null, sessionId, upstream, apiKey, cState, totalTokens, emit, sessionMap, modelContext, compressionConfig.compressor, currentRunInputTokens)
+      }
+    } else {
+      const historyUsage = estimateUsageTokensFromMessages(history)
+      const historyMessageTokens = historyUsage.inputTokens + historyUsage.outputTokens
+      const runMessageTokens = Math.max(historyMessageTokens + currentRunInputTokens, messageOnlyTotalTokens)
+      totalTokens = await estimateLocalContextTokens(history, runMessageTokens)
+      emitContextUsage(totalTokens)
+      logger.info({
+        sessionId,
+        profile,
+        messages: history.length,
+        messageOnlyTokens: runMessageTokens,
+        fullContextTokens: totalTokens,
+        triggerTokens,
+        decision: totalTokens > triggerTokens ? 'compress' : 'skip',
+        snapshot: 'none',
+      }, '[context-compress] threshold check')
+      if (!canCompressHistory && totalTokens > triggerTokens) {
+        throw new ContextWindowTooSmallError(
+          `Context window is too small: fixed prompt/tool overhead plus ${history.length} history messages uses ~${totalTokens} tokens, exceeding compression threshold ${triggerTokens}, and there is not enough history to compress. Increase model context length, raise compression.threshold, or disable some tools.`,
+        )
+      }
+      if (totalTokens <= triggerTokens) {
+        logger.info('[context-compress] session=%s: %d messages, ~%d tokens — under threshold, skip', sessionId, history.length, totalTokens)
+      } else {
+        history = await compressHistory(history, null, sessionId, upstream, apiKey, cState, totalTokens, emit, sessionMap, modelContext, compressionConfig.compressor, currentRunInputTokens)
+      }
+    }
+    return history
+  } catch (err) {
+    if (isContextWindowTooSmallError(err)) throw err
+    logger.warn(err, '[chat-run-socket] failed to build compressed history for session %s', sessionId)
+    return []
+  }
+}
+
+export async function compressHistory(
+  history: ChatMessage[],
+  newMessagesOnly: ChatMessage[] | null,
+  sessionId: string,
+  upstream: string,
+  apiKey: string | undefined,
+  cState: SessionState,
+  totalTokens: number,
+  emit: (event: string, payload: any) => void,
+  sessionMap: Map<string, SessionState>,
+  modelContext: { model?: string | null; provider?: string | null } = {},
+  compressionConfig?: Partial<CompressorConfig>,
+  currentInputTokens = 0,
+): Promise<ChatMessage[]> {
+  const msgCount = newMessagesOnly ? newMessagesOnly.length : history.length
+  const currentRunInputTokens = typeof currentInputTokens === 'number' && Number.isFinite(currentInputTokens) && currentInputTokens > 0
+    ? Math.floor(currentInputTokens)
+    : 0
+  pushState(sessionMap, sessionId, 'compression.started', {
+    event: 'compression.started', message_count: msgCount, token_count: totalTokens,
+  })
+  emit('compression.started', {
+    event: 'compression.started', message_count: msgCount, token_count: totalTokens,
+  })
+
+  try {
+    const session = getSession(sessionId)
+    const summarizerProfile = session?.profile || 'default'
+    const compressor = new ChatContextCompressor({ config: compressionConfig })
+    const result = await compressor.compress(history, upstream, apiKey, sessionId, {
+      profile: summarizerProfile,
+      model: modelContext.model || session?.model,
+      provider: modelContext.provider || session?.provider,
+      workerKey: `${summarizerProfile}:compression:${sessionId}`,
+    })
+    const afterTokens = await calcAndUpdateUsage(sessionId, cState, emit)
+    const compressedAfterTokens = afterTokens.inputTokens + afterTokens.outputTokens
+    const resultUsage = estimateUsageTokensFromMessages(result.messages)
+    const resultMessageTokens = resultUsage.inputTokens + resultUsage.outputTokens
+    const compressedRunMessageTokens = Math.max(
+      compressedAfterTokens,
+      resultMessageTokens + currentRunInputTokens,
+    )
+    const compressedMeta: any = {
+      event: 'compression.completed' as const,
+      compressed: result.meta.compressed,
+      llmCompressed: result.meta.llmCompressed,
+      totalMessages: result.meta.totalMessages,
+      resultMessages: result.messages.length,
+      beforeTokens: totalTokens,
+      afterTokens: compressedRunMessageTokens,
+      summaryTokens: result.meta.summaryTokenEstimate,
+      verbatimCount: result.meta.verbatimCount,
+      compressedStartIndex: result.meta.compressedStartIndex,
+    }
+    replaceState(sessionMap, sessionId, 'compression.completed', compressedMeta)
+    logger.info('[context-compress] AFTER  session=%s: %d messages, ~%d tokens (was %d)',
+      sessionId, result.messages.length, compressedRunMessageTokens, totalTokens)
+    const compressedContextTokens = updateMessageContextTokenUsage(sessionId, cState, emit, compressedRunMessageTokens, afterTokens)
+    if (compressedContextTokens != null) {
+      compressedMeta.contextTokens = compressedContextTokens
+    }
+    emit('compression.completed', compressedMeta)
+
+    const compressed = result.messages.map(m => {
+      const msg: any = { role: m.role, content: m.content, tool_call_id: m.tool_call_id, name: m.name }
+      if (m.reasoning_content) msg.reasoning_content = m.reasoning_content
+      if (m.tool_calls?.length) {
+        const cleanedToolCalls = m.tool_calls
+          .filter((tc: any) => tc.id && tc.id.length > 0)
+          .map((tc: any) => ({ id: tc.id, type: tc.type, function: tc.function }))
+        if (cleanedToolCalls.length > 0) msg.tool_calls = cleanedToolCalls
+      }
+      return msg
+    })
+    await calcAndUpdateUsage(sessionId, cState, emit)
+    return compressed
+  } catch (err: any) {
+    const failedMeta = {
+      event: 'compression.completed' as const,
+      compressed: false,
+      totalMessages: msgCount,
+      resultMessages: msgCount,
+      beforeTokens: totalTokens,
+      afterTokens: totalTokens,
+      contextTokens: totalTokens,
+      summaryTokens: 0,
+      verbatimCount: msgCount,
+      compressedStartIndex: -1,
+      error: err.message,
+    }
+    replaceState(sessionMap, sessionId, 'compression.completed', failedMeta)
+    logger.warn(err, '[chat-run-socket] compression failed for session %s, using assembled context', sessionId)
+    emit('compression.completed', failedMeta)
+    return history
+  }
+}
+
+export async function forceCompressBridgeHistory(
+  sessionId: string,
+  profile: string,
+  _messages: ChatMessage[],
+  beforeTokenOverride?: number | null,
+): Promise<BridgeCompressionResult> {
+  const history = await buildDbHistory(sessionId, { excludeLastUser: true })
+
+  if (history.length === 0) {
+    return {
+      messages: [],
+      beforeMessages: 0,
+      resultMessages: 0,
+      beforeTokens: 0,
+      afterTokens: 0,
+      compressed: false,
+      llmCompressed: false,
+      summaryTokens: 0,
+      verbatimCount: 0,
+      compressedStartIndex: -1,
+    }
+  }
+
+  const upstream = ''
+  const apiKey = undefined
+  const session = getSession(sessionId)
+  const contextLength = getModelContextLength({ profile, model: session?.model, provider: session?.provider })
+  const compressionConfig = await getRunChatCompressionConfig(session?.profile || profile, contextLength)
+  const beforeUsage = estimateSnapshotAwareHistoryUsage(sessionId, history)
+  const totalTokens = typeof beforeTokenOverride === 'number' && Number.isFinite(beforeTokenOverride) && beforeTokenOverride > 0
+    ? Math.floor(beforeTokenOverride)
+    : beforeUsage.tokenCount
+  bridgeLogger.info({
+    sessionId,
+    profile,
+    historyMessages: history.length,
+    snapshotAwareMessages: beforeUsage.messageCount,
+    bridgeProvidedMessages: Array.isArray(_messages) ? _messages.length : 0,
+    tokenEstimate: totalTokens,
+    snapshotAware: true,
+  }, '[chat-run-socket] bridge forced compression started')
+
+  const compressor = new ChatContextCompressor({ config: compressionConfig.compressor })
+  const summarizerProfile = session?.profile || profile || 'default'
+  const result = await compressor.compress(history, upstream, apiKey, sessionId, {
+    profile: summarizerProfile,
+    model: session?.model,
+    provider: session?.provider,
+    workerKey: `${summarizerProfile}:compression:${sessionId}`,
+  })
+  const compressedMessages = result.messages.map(m => {
+    const msg: any = { role: m.role, content: m.content }
+    if (m.reasoning_content) msg.reasoning_content = m.reasoning_content
+    if (m.tool_calls?.length) {
+      const cleanedToolCalls = m.tool_calls
+        .filter((tc: any) => tc.id && tc.id.length > 0)
+        .map((tc: any) => ({ id: tc.id, type: tc.type, function: tc.function }))
+      if (cleanedToolCalls.length > 0) msg.tool_calls = cleanedToolCalls
+    }
+    if (m.tool_call_id) msg.tool_call_id = m.tool_call_id
+    if (m.name) msg.name = m.name
+    return msg
+  })
+  const afterUsage = estimateUsageTokensFromMessages(compressedMessages)
+  const afterTokens = afterUsage.inputTokens + afterUsage.outputTokens
+  bridgeLogger.info({
+    sessionId,
+    profile,
+    beforeMessages: history.length,
+    resultMessages: result.messages.length,
+    beforeTokens: totalTokens,
+    afterTokens,
+    compressed: result.meta.compressed,
+    llmCompressed: result.meta.llmCompressed,
+    verbatimCount: result.meta.verbatimCount,
+    compressedStartIndex: result.meta.compressedStartIndex,
+    compressedHistory: result.messages.map((m) => ({
+      role: m.role,
+      content: m.content,
+      reasoning_content: m.reasoning_content,
+      tool_calls: m.tool_calls,
+      tool_call_id: m.tool_call_id,
+      name: m.name,
+    })),
+  }, '[chat-run-socket] bridge forced compression completed')
+
+  return {
+    messages: compressedMessages,
+    beforeMessages: history.length,
+    resultMessages: compressedMessages.length,
+    beforeTokens: totalTokens,
+    afterTokens,
+    compressed: result.meta.compressed,
+    llmCompressed: result.meta.llmCompressed,
+    summaryTokens: result.meta.summaryTokenEstimate,
+    verbatimCount: result.meta.verbatimCount,
+    compressedStartIndex: result.meta.compressedStartIndex,
+  }
+}
+
+// --- Shared state helpers (used by compression) ---
+
+export function getOrCreateSession(sessionMap: Map<string, SessionState>, sessionId: string): SessionState {
+  let state = sessionMap.get(sessionId)
+  if (!state) {
+    state = { messages: [], isWorking: false, events: [], queue: [] }
+    sessionMap.set(sessionId, state)
+  }
+  return state
+}
+
+export function pushState(sessionMap: Map<string, SessionState>, sessionId: string, event: string, data: any) {
+  const state = getOrCreateSession(sessionMap, sessionId)
+  state.events.push({ event, data })
+}
+
+export function replaceState(sessionMap: Map<string, SessionState>, sessionId: string, event: string, data: any) {
+  const state = sessionMap.get(sessionId)
+  if (state) {
+    const idx = state.events.findIndex(s => s.event === event)
+    if (idx >= 0) {
+      state.events[idx] = { event, data }
+      return
+    }
+  }
+  pushState(sessionMap, sessionId, event, data)
+}
diff --git a/packages/server/src/services/hermes/run-chat/content-blocks.ts b/packages/server/src/services/hermes/run-chat/content-blocks.ts
new file mode 100644
index 0000000..18fa4fd
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/content-blocks.ts
@@ -0,0 +1,97 @@
+import type { ContentBlock } from './types'
+
+type ResponseContentPart = { type: string; text?: string; image_url?: string }
+type AgentContentPart = { type: string; text?: string; image_url?: { url: string } }
+
+/**
+ * Convert ContentBlock[] to string for display/storage
+ */
+export function contentBlocksToString(input: string | ContentBlock[]): string {
+  if (typeof input === 'string') return input
+  return JSON.stringify(input)
+}
+
+/**
+ * Extract text content from ContentBlock[] for title preview
+ */
+export function extractTextForPreview(input: string | ContentBlock[]): string {
+  if (typeof input === 'string') return input
+  return input
+    .filter(block => block.type === 'text')
+    .map(block => block.text)
+    .join('\n')
+}
+
+/**
+ * Check if input is ContentBlock array
+ */
+export function isContentBlockArray(input: any): input is ContentBlock[] {
+  return Array.isArray(input) && input.length > 0 && ('type' in input[0])
+}
+
+/**
+ * Convert ContentBlock[] to multimodal format for /v1/responses API.
+ */
+export async function convertContentBlocks(blocks: ContentBlock[]): Promise<ResponseContentPart[]> {
+  const parts: ResponseContentPart[] = []
+  for (const block of blocks) {
+    if (block.type === 'text') {
+      parts.push({ type: 'input_text', text: block.text })
+    } else if (block.type === 'image') {
+      const dataUri = await imageBlockToDataUri(block)
+      if (dataUri) {
+        parts.push({ type: 'input_image', image_url: dataUri })
+      } else {
+        parts.push({ type: 'input_text', text: `[Image: ${block.path}]` })
+      }
+    } else if (block.type === 'file') {
+      parts.push({ type: 'input_text', text: `[File: ${block.name || block.path}]` })
+    }
+  }
+
+  return parts
+}
+
+/**
+ * Convert ContentBlock[] to the normalized multimodal shape Hermes agent
+ * receives after /v1/responses input normalization.
+ */
+export async function convertContentBlocksForAgent(blocks: ContentBlock[]): Promise<AgentContentPart[]> {
+  const parts: AgentContentPart[] = []
+  for (const block of blocks) {
+    if (block.type === 'text') {
+      parts.push({ type: 'text', text: block.text || '' })
+    } else if (block.type === 'image') {
+      parts.push({
+        type: 'text',
+        text: `[Attached image: ${block.name || block.path}]\nLocal image path for tools: ${block.path}`,
+      })
+      const dataUri = await imageBlockToDataUri(block)
+      if (dataUri) {
+        parts.push({ type: 'image_url', image_url: { url: dataUri } })
+      }
+    } else if (block.type === 'file') {
+      parts.push({
+        type: 'text',
+        text: `[Attached file: ${block.name || block.path}]\nLocal file path for tools: ${block.path}`,
+      })
+    }
+  }
+  return parts
+}
+
+async function imageBlockToDataUri(block: Extract<ContentBlock, { type: 'image' }>): Promise<string | null> {
+  try {
+    const fs = await import('fs/promises')
+    const path = await import('path')
+    const buf = await fs.readFile(block.path)
+    const ext = path.extname(block.path).toLowerCase().replace('.', '')
+    const mimeFromExt = ext === 'jpg' ? 'jpeg' : ext || 'png'
+    const mime = block.media_type?.startsWith('image/')
+      ? block.media_type.slice('image/'.length)
+      : mimeFromExt
+    return `data:image/${mime};base64,${buf.toString('base64')}`
+  } catch {
+    return null
+  }
+}
diff --git a/packages/server/src/services/hermes/run-chat/handle-api-run.ts b/packages/server/src/services/hermes/run-chat/handle-api-run.ts
new file mode 100644
index 0000000..5573001
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/handle-api-run.ts
@@ -0,0 +1,417 @@
+/**
+ * API Server run handler — handles runs that stream from upstream /v1/responses.
+ */
+
+import type { Server, Socket } from 'socket.io'
+import { getSystemPrompt } from '../../../lib/llm-prompt'
+import {
+  getSession,
+  createSession,
+  addMessage,
+  updateSessionStats,
+  getSessionDetailPaginated,
+} from '../../../db/hermes/session-store'
+import { updateUsage } from '../../../db/hermes/usage-store'
+import { logger } from '../../logger'
+import { contentBlocksToString, extractTextForPreview, isContentBlockArray, convertContentBlocks } from './content-blocks'
+import { convertHistoryFormat } from './message-format'
+import { readSseFrames } from './sse-utils'
+import { extractResponseText } from './response-utils'
+import { applyResponseStreamEvent, flushResponseRunToDb } from './response-stream'
+import { buildCompressedHistory, buildDbHistory, buildSnapshotAwareHistory, getOrCreateSession } from './compression'
+import { calcAndUpdateUsage, estimateUsageTokensFromMessages } from './usage'
+import { handleMessage } from './message-format'
+import { countTokens, SUMMARY_PREFIX } from '../../../lib/context-compressor'
+import { getCompressionSnapshot } from '../../../db/hermes/compression-snapshot'
+import type { ContentBlock, SessionState, ChatRunSource } from './types'
+
+export function resolveRunSource(_source?: string, _sessionId?: string): ChatRunSource {
+  return 'cli'
+}
+
+export async function loadSessionStateFromDb(sid: string, _sessionMap: Map<string, SessionState>): Promise<SessionState> {
+  try {
+    const actualDetail = getSessionDetailPaginated(sid)
+
+    const messages = actualDetail?.messages ? handleMessage(actualDetail.messages, sid) : []
+
+    let inputTokens: number
+    let outputTokens: number
+    let contextTokens: number | undefined
+    const snapshot = getCompressionSnapshot(sid)
+    if (snapshot && snapshot.lastMessageIndex >= 0 && snapshot.lastMessageIndex < messages.length) {
+      const newMessages = messages.slice(snapshot.lastMessageIndex + 1)
+      const newUsage = estimateUsageTokensFromMessages(newMessages)
+      inputTokens = countTokens(SUMMARY_PREFIX + snapshot.summary) +
+        newUsage.inputTokens
+      outputTokens = newUsage.outputTokens
+    } else {
+      const usage = estimateUsageTokensFromMessages(messages)
+      inputTokens = usage.inputTokens
+      outputTokens = usage.outputTokens
+    }
+    try {
+      const session = getSession(sid)
+      const dbHistory = await buildDbHistory(sid, { excludeLastUser: false })
+      const snapshotHistory = await buildSnapshotAwareHistory(
+        sid,
+        session?.profile || 'default',
+        dbHistory,
+        { model: session?.model, provider: session?.provider },
+      )
+      const contextUsage = estimateUsageTokensFromMessages(snapshotHistory)
+      contextTokens = contextUsage.inputTokens + contextUsage.outputTokens
+    } catch (err) {
+      logger.warn(err, '[chat-run-socket] failed to calculate snapshot-aware context tokens for session %s', sid)
+    }
+
+    logger.info('[chat-run-socket] loaded session %s from DB (%d messages)', sid, messages.length)
+    return {
+      messages,
+      messageTotal: actualDetail?.total || messages.length,
+      messageLoadedCount: actualDetail?.messages.length || messages.length,
+      messagePageLimit: actualDetail?.limit,
+      hasMoreBefore: actualDetail?.hasMore || false,
+      isWorking: false,
+      events: [],
+      inputTokens,
+      outputTokens,
+      contextTokens,
+      queue: [],
+    }
+  } catch (err) {
+    logger.warn(err, '[chat-run-socket] failed to load session %s from DB', sid)
+    return { messages: [], isWorking: false, events: [], queue: [] }
+  }
+}
+
+export async function handleApiRun(
+  nsp: ReturnType<Server['of']>,
+  socket: Socket,
+  data: { input: string | ContentBlock[]; session_id?: string; model?: string; provider?: string; instructions?: string; source?: string; queue_id?: string; peerExcludeSocketId?: string },
+  profile: string,
+  sessionMap: Map<string, SessionState>,
+  skipUserMessage = false,
+  dequeueNextQueuedRun: (socket: Socket, sessionId: string, fallbackProfile?: string) => void,
+) {
+  const { input, session_id, model, provider, instructions } = data
+
+  // Build full instructions with system prompt + workspace context
+  let fullInstructions = instructions
+    ? `${getSystemPrompt()}\n${instructions}`
+    : getSystemPrompt()
+  if (session_id) {
+    const sessionRow = getSession(session_id)
+    if (sessionRow?.workspace) {
+      const workspaceCtx = `[Current working directory: ${sessionRow.workspace}]`
+      fullInstructions = `\n${workspaceCtx}\n${fullInstructions}`
+    }
+  }
+
+  const upstream = ''
+  const apiKey = undefined
+
+  const runMarker = session_id
+    ? `resp_run_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`
+    : undefined
+
+  const now = Math.floor(Date.now() / 1000)
+  if (session_id) {
+    let state = sessionMap.get(session_id)
+    if (!state) {
+      state = getSession(session_id)
+        ? await loadSessionStateFromDb(session_id, sessionMap)
+        : { messages: [], isWorking: false, events: [], queue: [] }
+      sessionMap.set(session_id, state)
+    }
+    state.isWorking = true
+    state.events = []
+    state.profile = profile
+    state.source = 'api_server'
+    state.activeRunMarker = runMarker
+
+    let peerUserMessage: { id?: number; role: 'user'; content: string; timestamp: number } | null = null
+    if (!skipUserMessage) {
+      const inputStr = contentBlocksToString(input)
+      state.messages.push({
+        id: state.messages.length + 1,
+        session_id,
+        runMarker,
+        role: 'user',
+        content: inputStr,
+        timestamp: now,
+      })
+
+      if (!getSession(session_id)) {
+        const previewText = extractTextForPreview(input)
+        const preview = previewText.replace(/[\r\n]/g, ' ').substring(0, 100)
+        createSession({ id: session_id, profile, source: 'api_server', model, provider, title: preview })
+      }
+
+      const messageId = addMessage({
+        session_id,
+        role: 'user',
+        content: inputStr,
+        timestamp: now,
+      })
+      peerUserMessage = { id: data.queue_id ? undefined : messageId, role: 'user', content: inputStr, timestamp: now }
+    } else {
+      const inputStr = contentBlocksToString(input)
+      state.messages.push({
+        id: state.messages.length + 1,
+        session_id,
+        runMarker,
+        role: 'user',
+        content: inputStr,
+        timestamp: now,
+      })
+      if (!getSession(session_id)) {
+        const previewText = extractTextForPreview(input)
+        const preview = previewText.replace(/[\r\n]/g, ' ').substring(0, 100)
+        createSession({ id: session_id, profile, source: 'api_server', model, provider, title: preview })
+      }
+      const messageId = addMessage({
+        session_id,
+        role: 'user',
+        content: inputStr,
+        timestamp: now,
+      })
+      peerUserMessage = { id: data.queue_id ? undefined : messageId, role: 'user', content: inputStr, timestamp: now }
+    }
+
+    socket.join(`session:${session_id}`)
+    if (peerUserMessage) {
+      const target = data.peerExcludeSocketId
+        ? nsp.to(`session:${session_id}`).except(data.peerExcludeSocketId)
+        : socket.to(`session:${session_id}`)
+      target.emit('run.peer_user_message', {
+        event: 'run.peer_user_message',
+        session_id,
+        message: {
+          ...peerUserMessage,
+          id: data.queue_id || peerUserMessage.id,
+        },
+      })
+    }
+  }
+
+  const emit = (event: string, payload: any) => {
+    const tagged = session_id ? { ...payload, session_id } : payload
+    if (session_id) {
+      nsp.to(`session:${session_id}`).emit(event, tagged)
+    } else if (socket.connected) {
+      socket.emit(event, tagged)
+    }
+  }
+  try {
+    const body: Record<string, any> = { input }
+    if (model) body.model = model
+    body.instructions = fullInstructions
+    if (session_id) {
+      const sessionRow = getSession(session_id)
+      const compressed = await buildCompressedHistory(session_id, profile, upstream, apiKey, emit, sessionMap, {
+        model: sessionRow?.model || model,
+        provider: sessionRow?.provider || provider,
+      })
+      if (compressed.length > 0) {
+        body.conversation_history = compressed
+      }
+    }
+
+    const headers: Record<string, string> = { 'Content-Type': 'application/json' }
+    if (apiKey) headers['Authorization'] = `Bearer ${apiKey}`
+    if (isContentBlockArray(input)) {
+      const parts = await convertContentBlocks(input)
+      body.input = [{ role: 'user', content: parts }]
+    }
+
+    if (body.conversation_history && Array.isArray(body.conversation_history)) {
+      body.conversation_history = convertHistoryFormat(body.conversation_history)
+    }
+    body.stream = true
+    body.store = false
+
+    const abortController = new AbortController()
+    if (session_id) {
+      const state = getOrCreateSession(sessionMap, session_id)
+      state.isWorking = true
+      state.runId = undefined
+      state.abortController = abortController
+    }
+
+    const res = await fetch(`${upstream}/v1/responses`, {
+      method: 'POST',
+      headers,
+      body: JSON.stringify(body),
+      signal: abortController.signal,
+    })
+    if (!res.ok) {
+      const text = await res.text().catch(() => '')
+      const queueLen = session_id ? sessionMap.get(session_id)?.queue?.length ?? 0 : 0
+      if (session_id) await markApiCompleted(nsp, socket, session_id, sessionMap, { event: 'run.failed' })
+      emit('run.failed', { event: 'run.failed', error: `Upstream ${res.status}: ${text}`, queue_remaining: queueLen })
+      if (session_id && queueLen > 0) dequeueNextQueuedRun(socket, session_id)
+      return
+    }
+    if (!res.body) {
+      const queueLen = session_id ? sessionMap.get(session_id)?.queue?.length ?? 0 : 0
+      if (session_id) await markApiCompleted(nsp, socket, session_id, sessionMap, { event: 'run.failed' })
+      emit('run.failed', { event: 'run.failed', error: 'Upstream response stream missing', queue_remaining: queueLen })
+      if (session_id && queueLen > 0) dequeueNextQueuedRun(socket, session_id)
+      return
+    }
+
+    let responseId: string | undefined
+    for await (const frame of readSseFrames(res.body)) {
+      let parsed: any
+      try {
+        parsed = JSON.parse(frame.data)
+      } catch {
+        continue
+      }
+      const upstreamEvent = parsed.type || frame.event || parsed.event
+      logger.info('[chat-run-socket] upstream response event: %s', upstreamEvent)
+
+      if (session_id) {
+        const state = sessionMap.get(session_id)
+        if (state) {
+          const mapped = applyResponseStreamEvent(state, session_id, runMarker, upstreamEvent, parsed)
+          if (mapped) {
+            if (mapped.runId) {
+              responseId = mapped.runId
+              state.runId = responseId
+            }
+            emit(mapped.event, mapped.payload)
+          }
+        }
+      }
+
+      if (upstreamEvent === 'response.completed' || upstreamEvent === 'response.failed') {
+        if (session_id && sessionMap.get(session_id)?.activeRunMarker !== runMarker) {
+          logger.info({
+            sessionId: session_id,
+            runId: responseId,
+            event: upstreamEvent,
+          }, '[chat-run-socket] suppressing stale API terminal event')
+          return
+        }
+        if (session_id && sessionMap.get(session_id)?.isAborting) {
+          logger.info({
+            sessionId: session_id,
+            runId: responseId,
+            event: upstreamEvent,
+          }, '[chat-run-socket][abort] suppressing upstream terminal event during abort')
+          return
+        }
+        const queueLen = session_id ? sessionMap.get(session_id)?.queue?.length ?? 0 : 0
+        const nextQueuedRun = session_id && queueLen > 0
+          ? sessionMap.get(session_id)?.queue?.[0]
+          : undefined
+        if (session_id) await markApiCompleted(nsp, socket, session_id, sessionMap, {
+          event: upstreamEvent === 'response.completed' ? 'run.completed' : 'run.failed',
+          run_id: responseId,
+          keepWorking: Boolean(nextQueuedRun),
+          nextSource: nextQueuedRun?.source,
+        })
+        const finalOutput = parsed.response || parsed
+        const finalText = extractResponseText(finalOutput)
+        if (upstreamEvent === 'response.completed' && session_id) {
+          const usage = finalOutput.usage || {}
+          updateUsage(session_id, {
+            inputTokens: usage.input_tokens ?? usage.inputTokens ?? 0,
+            outputTokens: usage.output_tokens ?? usage.outputTokens ?? 0,
+            cacheReadTokens: usage.cache_read_tokens ?? usage.cacheReadTokens ?? 0,
+            cacheWriteTokens: usage.cache_write_tokens ?? usage.cacheWriteTokens ?? 0,
+            reasoningTokens: usage.reasoning_tokens ?? usage.reasoningTokens ?? 0,
+            model: finalOutput.model || '',
+            profile: sessionMap.get(session_id)?.profile,
+          })
+        }
+        const eventName = upstreamEvent === 'response.completed' ? 'run.completed' : 'run.failed'
+        emit(eventName, {
+          event: eventName,
+          run_id: responseId || finalOutput.id,
+          response_id: responseId || finalOutput.id,
+          output: finalText,
+          usage: finalOutput.usage,
+          error: finalOutput.error || parsed.error,
+          queue_remaining: queueLen,
+        })
+        if (session_id && queueLen > 0) dequeueNextQueuedRun(socket, session_id)
+        return
+      }
+    }
+    const queueLen = session_id ? sessionMap.get(session_id)?.queue?.length ?? 0 : 0
+    if (session_id && sessionMap.get(session_id)?.activeRunMarker !== runMarker) {
+      logger.info({
+        sessionId: session_id,
+        runId: responseId,
+      }, '[chat-run-socket] suppressing stale API stream end')
+      return
+    }
+    if (session_id) await markApiCompleted(nsp, socket, session_id, sessionMap, { event: 'run.failed', run_id: responseId })
+    emit('run.failed', {
+      event: 'run.failed',
+      run_id: responseId,
+      response_id: responseId,
+      error: 'Response stream ended without a terminal event',
+      queue_remaining: queueLen,
+    })
+    if (session_id && queueLen > 0) dequeueNextQueuedRun(socket, session_id)
+  } catch (err: any) {
+    const queueLen = session_id ? sessionMap.get(session_id)?.queue?.length ?? 0 : 0
+    if (session_id) {
+      const state = sessionMap.get(session_id)
+      if (state?.activeRunMarker !== runMarker || err?.name === 'AbortError') {
+        logger.info({
+          sessionId: session_id,
+          runMarker,
+          error: err?.message || String(err),
+        }, '[chat-run-socket] suppressing stale/aborted API stream error')
+        return
+      }
+      void markApiCompleted(nsp, socket, session_id, sessionMap, { event: 'run.failed' }).then(() => {
+        emit('run.failed', { event: 'run.failed', error: err.message, queue_remaining: queueLen })
+        if (queueLen > 0) dequeueNextQueuedRun(socket, session_id)
+      })
+    } else {
+      emit('run.failed', { event: 'run.failed', error: err.message })
+    }
+  }
+}
+
+async function markApiCompleted(
+  nsp: ReturnType<Server['of']>,
+  _socket: Socket,
+  sessionId: string,
+  sessionMap: Map<string, SessionState>,
+  info: { event: string; run_id?: string; keepWorking?: boolean; nextSource?: ChatRunSource },
+) {
+  const state = sessionMap.get(sessionId)
+  if (state) {
+    if (state.isAborting) {
+      logger.info({
+        sessionId,
+        runId: state.runId,
+      }, '[chat-run-socket][abort] terminal upstream event observed; abort handler will finish cleanup')
+      return
+    }
+    state.isWorking = Boolean(info.keepWorking)
+    state.abortController = undefined
+    state.runId = undefined
+    state.events = []
+    flushResponseRunToDb(state, sessionId)
+    state.responseRun = undefined
+    state.activeRunMarker = undefined
+    if (info.keepWorking) {
+      state.source = info.nextSource
+    } else {
+      state.profile = undefined
+    }
+    updateSessionStats(sessionId)
+    const emit = (event: string, payload: any) => {
+      nsp.to(`session:${sessionId}`).emit(event, { ...payload, session_id: sessionId })
+    }
+    await calcAndUpdateUsage(sessionId, state, emit)
+  }
+}
diff --git a/packages/server/src/services/hermes/run-chat/handle-bridge-run.ts b/packages/server/src/services/hermes/run-chat/handle-bridge-run.ts
new file mode 100644
index 0000000..24b04a9
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/handle-bridge-run.ts
@@ -0,0 +1,1136 @@
+/**
+ * CLI Bridge run handler — handles runs that use the agent bridge
+ * to communicate with Hermes CLI agent.
+ */
+
+import type { Server, Socket } from 'socket.io'
+import { getSystemPrompt } from '../../../lib/llm-prompt'
+import { getSession, createSession, addMessage, updateSession, updateSessionStats } from '../../../db/hermes/session-store'
+import { updateUsage } from '../../../db/hermes/usage-store'
+import { logger, bridgeLogger } from '../../logger'
+import { AgentBridgeClient, type AgentBridgeContextEstimate, type AgentBridgeMessage, type AgentBridgeOutput } from '../agent-bridge'
+import { contentBlocksToString, convertContentBlocksForAgent, extractTextForPreview, isContentBlockArray } from './content-blocks'
+import { buildCompressedHistory, buildDbHistory, buildSnapshotAwareHistory, forceCompressBridgeHistory, pushState, replaceState } from './compression'
+import {
+  calcAndUpdateUsage,
+  contextTokensWithCachedOverhead,
+  estimateUsageTokensFromMessages,
+  getCachedBridgeContextOverhead,
+  updateMessageContextTokenUsage,
+} from './usage'
+import {
+  flushBridgePendingToDb,
+  ensureOpenBridgeAssistantMessage,
+  syncBridgeReasoningToMessage,
+  recordBridgeToolStarted,
+  recordBridgeToolCompleted,
+} from './bridge-message'
+import { summarizeToolArguments } from './response-utils'
+import type { ContentBlock, QueuedRun, SessionState } from './types'
+import type { ChatMessage } from '../../../lib/context-compressor'
+import { resolveBridgeRunModelConfig, type RunModelGroup } from './model-config'
+import { filterBridgeToolCallMarkupDelta, flushPendingToolCallMarkup } from './bridge-delta'
+
+const BRIDGE_USAGE_FLUSH_DELAY_MS = 200
+
+function stringValue(value: unknown): string {
+  return typeof value === 'string' ? value.trim() : ''
+}
+
+function looksLikeAgentFailure(value: string): boolean {
+  return /\bAPI call failed after\b/i.test(value)
+    || /\bHTTP\s+(?:4\d\d|5\d\d)\b/i.test(value)
+    || /\b(?:401|403|429|500|502|503|504)\b/.test(value) && /\b(?:unauthorized|forbidden|rate limit|unavailable|failed|error)\b/i.test(value)
+}
+
+export function bridgeTerminalError(chunk: Pick<AgentBridgeOutput, 'status' | 'error' | 'result'>): string | null {
+  const result = chunk.result && typeof chunk.result === 'object' && !Array.isArray(chunk.result)
+    ? chunk.result as Record<string, unknown>
+    : null
+  const resultError = result
+    ? stringValue(result.error)
+      || stringValue(result.exception)
+      || stringValue(result.message)
+    : ''
+  const finalResponse = result ? stringValue(result.final_response) : ''
+
+  if (chunk.status === 'error') {
+    return stringValue(chunk.error) || resultError || finalResponse || 'Agent run failed'
+  }
+
+  if (result?.failed === true || result?.completed === false) {
+    return resultError || finalResponse || 'Agent reported failure'
+  }
+
+  if (resultError) return resultError
+  if (finalResponse && looksLikeAgentFailure(finalResponse)) return finalResponse
+
+  return null
+}
+
+function findOpenAssistantMessage(state: SessionState, runMarker: string) {
+  for (let i = state.messages.length - 1; i >= 0; i -= 1) {
+    const message = state.messages[i]
+    if (message.runMarker === runMarker && message.role === 'assistant' && message.finish_reason == null) return message
+  }
+  return undefined
+}
+
+function flushPendingToolMarkupToAssistant(
+  state: SessionState,
+  runMarker: string,
+  runId: string,
+  emit: (event: string, payload: any) => void,
+): string {
+  const pendingMarkup = flushPendingToolCallMarkup(state)
+  if (!pendingMarkup) return ''
+
+  state.bridgeOutput = (state.bridgeOutput || '') + pendingMarkup
+  state.bridgePendingAssistantContent = (state.bridgePendingAssistantContent || '') + pendingMarkup
+  const last = findOpenAssistantMessage(state, runMarker)
+  if (last) {
+    last.content += pendingMarkup
+  }
+  emit('message.delta', {
+    event: 'message.delta',
+    run_id: runId,
+    delta: pendingMarkup,
+    output: state.bridgeOutput,
+  })
+  return pendingMarkup
+}
+
+function processBridgeTextDelta(
+  state: SessionState,
+  sessionId: string,
+  runMarker: string,
+  runId: string,
+  rawDelta: string,
+  emit: (event: string, payload: any) => void,
+): void {
+  const delta = filterBridgeToolCallMarkupDelta(state, rawDelta)
+  if (!delta) return
+  state.bridgeOutput = (state.bridgeOutput || '') + delta
+  state.bridgePendingAssistantContent = (state.bridgePendingAssistantContent || '') + delta
+  const last = [...state.messages].reverse().find(m => m.runMarker === runMarker)
+  if (last?.role === 'assistant' && last.finish_reason == null) {
+    last.content += delta
+    syncBridgeReasoningToMessage(last, state.bridgePendingReasoningContent)
+  } else {
+    state.messages.push({
+      id: state.messages.length + 1,
+      session_id: sessionId,
+      runMarker,
+      role: 'assistant',
+      content: delta,
+      reasoning: state.bridgePendingReasoningContent || null,
+      reasoning_content: state.bridgePendingReasoningContent || null,
+      timestamp: Math.floor(Date.now() / 1000),
+    })
+  }
+  emit('message.delta', {
+    event: 'message.delta',
+    run_id: runId,
+    delta,
+    output: state.bridgeOutput,
+  })
+}
+
+function finiteToken(value: unknown): number | undefined {
+  return typeof value === 'number' && Number.isFinite(value) && value >= 0
+    ? Math.floor(value)
+    : undefined
+}
+
+function cacheBridgeContext(state: SessionState, data: Record<string, unknown> | AgentBridgeContextEstimate) {
+  const fixedContextTokens = finiteToken(data.fixed_context_tokens)
+  if (fixedContextTokens == null) return
+  state.bridgeContext = {
+    fixedContextTokens,
+    systemPromptTokens: finiteToken(data.system_prompt_tokens),
+    toolTokens: finiteToken(data.tool_tokens),
+    systemPromptChars: finiteToken(data.system_prompt_chars),
+    toolCount: finiteToken(data.tool_count),
+    toolNames: Array.isArray(data.tool_names) ? data.tool_names.map(String) : undefined,
+    profile: typeof data.profile === 'string' ? data.profile : state.bridgeContext?.profile,
+    model: typeof data.model === 'string' ? data.model : state.bridgeContext?.model,
+    provider: typeof data.provider === 'string' ? data.provider : state.bridgeContext?.provider,
+  }
+}
+
+function bridgeContextMatches(
+  state: SessionState,
+  expected: { profile: string; model?: string | null; provider?: string | null },
+): boolean {
+  const context = state.bridgeContext
+  if (!context) return false
+  if (context.profile && context.profile !== expected.profile) return false
+  if (expected.model && context.model && context.model !== expected.model) return false
+  if (expected.provider && context.provider && context.provider !== expected.provider) return false
+  return true
+}
+
+async function ensureBridgeFixedContext(args: {
+  sessionId: string
+  profile: string
+  model?: string | null
+  provider?: string | null
+  instructions: string
+  state: SessionState
+  bridge: AgentBridgeClient
+  refresh?: boolean
+}): Promise<number | undefined> {
+  const cached = bridgeContextMatches(args.state, args)
+    ? getCachedBridgeContextOverhead(args.state)
+    : undefined
+  if (!args.refresh && cached != null) return cached
+
+  try {
+    const estimate = await args.bridge.contextEstimate(
+      args.sessionId,
+      [],
+      args.instructions,
+      args.profile,
+      { model: args.model ?? undefined, provider: args.provider ?? undefined },
+    )
+    cacheBridgeContext(args.state, estimate)
+    const fixedContextTokens = getCachedBridgeContextOverhead(args.state)
+    bridgeLogger.info({
+      sessionId: args.sessionId,
+      profile: args.profile,
+      model: args.model,
+      provider: args.provider,
+      toolCount: estimate.tool_count,
+      systemPromptChars: estimate.system_prompt_chars,
+      fixedContextTokens,
+    }, '[chat-run-socket] fixed context estimate')
+    return fixedContextTokens
+  } catch (err) {
+    bridgeLogger.warn({
+      err: err instanceof Error ? { message: err.message, name: err.name } : err,
+      sessionId: args.sessionId,
+      profile: args.profile,
+      model: args.model,
+      provider: args.provider,
+      cachedFixedContextTokens: cached,
+    }, '[chat-run-socket] fixed context estimate failed')
+    return cached
+  }
+}
+
+export async function handleBridgeRun(
+  nsp: ReturnType<Server['of']>,
+  socket: Socket,
+  data: { input: string | ContentBlock[]; display_input?: string | ContentBlock[] | null; display_role?: 'user' | 'command'; storage_message?: string; session_id?: string; model?: string; provider?: string; model_groups?: RunModelGroup[]; instructions?: string; source?: string; queue_id?: string; peerExcludeSocketId?: string },
+  profile: string,
+  sessionMap: Map<string, SessionState>,
+  bridge: AgentBridgeClient,
+  skipUserMessage = false,
+  loadSessionStateFromDbFn: (sid: string, sessionMap: Map<string, SessionState>) => Promise<SessionState>,
+  dequeueNextQueuedRun: (socket: Socket, sessionId: string, fallbackProfile?: string) => void,
+) {
+  const { input, session_id, instructions } = data
+  if (!session_id) {
+    socket.emit('run.failed', { event: 'run.failed', error: 'session_id is required for cli source' })
+    return
+  }
+
+  let fullInstructions = instructions
+    ? `${getSystemPrompt()}\n${instructions}`
+    : getSystemPrompt()
+  const sessionRow = getSession(session_id)
+  const sessionModel = sessionRow?.model || ''
+  const sessionProvider = sessionRow?.provider || ''
+  const { model: resolvedModel, provider: resolvedProvider } = await resolveBridgeRunModelConfig({
+    profile,
+    sessionModel,
+    sessionProvider,
+    requestedModel: data.model,
+    requestedProvider: data.provider,
+    modelGroups: data.model_groups,
+  })
+  if (sessionRow) {
+    const updates: { model?: string; provider?: string } = {}
+    if (resolvedModel && sessionRow.model !== resolvedModel) updates.model = resolvedModel
+    if (resolvedProvider && sessionRow.provider !== resolvedProvider) updates.provider = resolvedProvider
+    if (Object.keys(updates).length > 0) updateSession(session_id, updates)
+  }
+  const runContext = [
+    `[Current Hermes profile: ${profile}]`,
+    sessionRow?.workspace ? `[Current working directory: ${sessionRow.workspace}]` : '',
+    'When calling Hermes Web UI endpoints from tools or skills, include the current Hermes profile as the X-Hermes-Profile header if the endpoint supports profile-scoped behavior.',
+  ].filter(Boolean).join('\n')
+  fullInstructions = `\n${runContext}\n${fullInstructions}`
+
+  const runMarker = `cli_run_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`
+  const now = Math.floor(Date.now() / 1000)
+  let state = sessionMap.get(session_id)
+  if (!state) {
+    state = getSession(session_id)
+      ? await loadSessionStateFromDbFn(session_id, sessionMap)
+      : { messages: [], isWorking: false, events: [], queue: [] }
+    sessionMap.set(session_id, state)
+  }
+
+  state.isWorking = true
+  state.isAborting = false
+  state.events = []
+  state.profile = profile
+  state.source = 'cli'
+  state.activeRunMarker = runMarker
+  state.runId = undefined
+  state.abortController = undefined
+  state.bridgeOutput = ''
+  state.bridgePendingAssistantContent = ''
+  state.bridgePendingReasoningContent = ''
+  state.bridgePendingToolCallMarkup = ''
+  state.bridgeToolCounter = 0
+  state.bridgePendingTools = []
+  state.responseRun = undefined
+
+  const displayInput = data.display_input === undefined ? input : data.display_input
+  const inputStr = displayInput == null ? '' : contentBlocksToString(displayInput)
+  const actualInputStr = contentBlocksToString(input)
+  const currentInputUsage = estimateUsageTokensFromMessages([{ role: 'user', content: actualInputStr }])
+  const currentInputTokens = currentInputUsage.inputTokens
+  const shouldPersistUserMessage = !skipUserMessage && displayInput !== null
+  const displayRole = data.display_role === 'command' ? 'command' : 'user'
+  let messageId: number | string | undefined
+
+  if (shouldPersistUserMessage) {
+    state.messages.push({
+      id: state.messages.length + 1,
+      session_id,
+      runMarker,
+      role: displayRole,
+      content: inputStr,
+      timestamp: now,
+    })
+
+    if (!getSession(session_id)) {
+      const previewText = extractTextForPreview(displayInput || input)
+      const preview = previewText.replace(/[\r\n]/g, ' ').substring(0, 100)
+      createSession({ id: session_id, profile, source: 'cli', model: resolvedModel, provider: resolvedProvider, title: preview })
+    }
+    messageId = addMessage({
+      session_id,
+      role: displayRole,
+      content: inputStr,
+      timestamp: now,
+    })
+  } else if (!getSession(session_id)) {
+    const previewText = displayInput === null ? extractTextForPreview(input) : extractTextForPreview(displayInput || input)
+    const preview = previewText.replace(/[\r\n]/g, ' ').substring(0, 100)
+    createSession({ id: session_id, profile, source: 'cli', model: resolvedModel, provider: resolvedProvider, title: preview })
+  }
+
+  socket.join(`session:${session_id}`)
+  if (shouldPersistUserMessage) {
+    const peerTarget = data.peerExcludeSocketId
+      ? nsp.to(`session:${session_id}`).except(data.peerExcludeSocketId)
+      : socket.to(`session:${session_id}`)
+    peerTarget.emit('run.peer_user_message', {
+      event: 'run.peer_user_message',
+      session_id,
+      message: {
+        id: data.queue_id || messageId,
+        role: displayRole,
+        content: inputStr,
+        timestamp: now,
+      },
+    })
+  }
+  const emit = (event: string, payload: any) => {
+    const tagged = { ...payload, session_id }
+    nsp.to(`session:${session_id}`).emit(event, tagged)
+    if (!nsp.adapter.rooms.get(`session:${session_id}`)?.size && socket.connected) {
+      socket.emit(event, tagged)
+    }
+  }
+
+  const history = await buildCompressedHistory(
+    session_id, profile,
+    '',
+    undefined,
+    emit,
+    sessionMap,
+    { model: resolvedModel, provider: resolvedProvider },
+    async (_messages, localMessageTokens) => {
+      const fixedContextTokens = await ensureBridgeFixedContext({
+        sessionId: session_id,
+        profile,
+        model: resolvedModel,
+        provider: resolvedProvider,
+        instructions: fullInstructions,
+        state,
+        bridge,
+        refresh: true,
+      })
+      const contextTokens = fixedContextTokens == null
+        ? localMessageTokens
+        : fixedContextTokens + localMessageTokens
+      bridgeLogger.info({
+        sessionId: session_id,
+        profile,
+        model: resolvedModel,
+        provider: resolvedProvider,
+        fixedContextTokens,
+        messageTokens: localMessageTokens,
+        contextTokens,
+      }, '[chat-run-socket] local context estimate')
+      return contextTokens
+    },
+    currentInputTokens,
+  )
+  const bridgeHistory = history
+
+  try {
+    const bridgeInput = isContentBlockArray(input)
+      ? await convertContentBlocksForAgent(input)
+      : input
+    const bridgeStorageInput = data.storage_message !== undefined
+      ? data.storage_message
+      : isContentBlockArray(input)
+        ? inputStr
+        : undefined
+    logger.info('[chat-run-socket] starting CLI bridge run for session %s', session_id)
+    bridgeLogger.info({
+      sessionId: session_id,
+      profile,
+      inputChars: inputStr.length,
+      historyMessages: history.length,
+      hasInstructions: Boolean(fullInstructions),
+      multimodalInput: isContentBlockArray(input),
+    }, '[chat-run-socket] starting CLI bridge run')
+    const started = await bridge.chat(
+      session_id,
+      bridgeInput as AgentBridgeMessage,
+      bridgeHistory,
+      fullInstructions,
+      profile,
+      {
+        ...(bridgeStorageInput !== undefined ? { storage_message: bridgeStorageInput } : {}),
+        ...(resolvedModel ? { model: resolvedModel } : {}),
+        ...(resolvedProvider ? { provider: resolvedProvider } : {}),
+      },
+    )
+    state.runId = started.run_id
+    bridgeLogger.info({
+      sessionId: session_id,
+      runId: started.run_id,
+      status: started.status,
+    }, '[chat-run-socket] CLI bridge run started')
+    pushState(sessionMap, session_id, 'run.started', {
+      event: 'run.started',
+      run_id: started.run_id,
+      queue_length: state.queue.length || 0,
+    })
+    emit('run.started', {
+      event: 'run.started',
+      run_id: started.run_id,
+      queue_length: state.queue.length || 0,
+    })
+
+    for await (const chunk of bridge.streamOutput(started.run_id)) {
+      await applyBridgeChunkAsync(
+        nsp,
+        socket,
+        state,
+        session_id,
+        runMarker,
+        chunk,
+        emit,
+        profile,
+        sessionMap,
+        bridge,
+        dequeueNextQueuedRun,
+        fullInstructions,
+        { model: resolvedModel, provider: resolvedProvider },
+        currentInputTokens,
+        shouldPersistUserMessage && displayRole === 'user',
+        data.model_groups,
+      )
+      if (chunk.done) break
+    }
+  } catch (err: any) {
+    if (state.activeRunMarker !== runMarker) return
+    if (!state.isWorking) return
+    const queueLen = state.queue?.length ?? 0
+    state.isWorking = false
+    state.isAborting = false
+    state.profile = undefined
+    state.runId = undefined
+    state.activeRunMarker = undefined
+    state.events = []
+    state.bridgePendingToolCallMarkup = undefined
+    flushBridgePendingToDb(state, session_id)
+    updateSessionStats(session_id)
+    const message = err instanceof Error ? err.message : String(err)
+    const errUsage = await calcAndUpdateUsage(session_id, state, emit)
+    const errContextTokens = await refreshFinalContextUsage({
+      sessionId: session_id,
+      profile,
+      model: resolvedModel,
+      provider: resolvedProvider,
+      instructions: fullInstructions,
+      state,
+      usage: errUsage,
+      emit,
+      bridge,
+    })
+    updateUsage(session_id, {
+      inputTokens: errUsage.inputTokens,
+      outputTokens: errUsage.outputTokens,
+      profile,
+    })
+    emit('run.failed', {
+      event: 'run.failed',
+      error: message,
+      inputTokens: errUsage.inputTokens,
+      outputTokens: errUsage.outputTokens,
+      contextTokens: errContextTokens,
+      queue_remaining: queueLen,
+    })
+    if (queueLen > 0) dequeueNextQueuedRun(socket, session_id)
+  }
+}
+
+async function refreshFinalContextUsage(args: {
+  sessionId: string
+  profile: string
+  model?: string | null
+  provider?: string | null
+  instructions: string
+  state: SessionState
+  usage: { inputTokens: number; outputTokens: number }
+  emit: (event: string, payload: any) => void
+  bridge: AgentBridgeClient
+}): Promise<number | undefined> {
+  try {
+    const dbHistory = await buildDbHistory(args.sessionId, { excludeLastUser: false })
+    const finalHistory = await buildSnapshotAwareHistory(
+      args.sessionId,
+      args.profile,
+      dbHistory,
+      { model: args.model, provider: args.provider },
+    )
+    const finalMessageUsage = estimateUsageTokensFromMessages(finalHistory)
+    const finalMessageTokens = finalMessageUsage.inputTokens + finalMessageUsage.outputTokens
+    await ensureBridgeFixedContext({
+      sessionId: args.sessionId,
+      profile: args.profile,
+      model: args.model,
+      provider: args.provider,
+      instructions: args.instructions,
+      state: args.state,
+      bridge: args.bridge,
+    })
+    const contextTokens = updateMessageContextTokenUsage(
+      args.sessionId,
+      args.state,
+      args.emit,
+      finalMessageTokens,
+      args.usage,
+    )
+    bridgeLogger.info({
+      sessionId: args.sessionId,
+      profile: args.profile,
+      model: args.model,
+      provider: args.provider,
+      messages: finalHistory.length,
+      fixedContextTokens: args.state.bridgeContext?.fixedContextTokens,
+      messageTokens: finalMessageTokens,
+      contextTokens,
+    }, '[chat-run-socket] final local context estimate')
+    return contextTokens
+  } catch (err) {
+    bridgeLogger.warn({
+      err: err instanceof Error ? { message: err.message, name: err.name } : err,
+      sessionId: args.sessionId,
+      profile: args.profile,
+    }, '[chat-run-socket] final local context estimate failed')
+    return args.state.contextTokens
+  }
+}
+
+async function estimateSnapshotAwareMessageTokens(args: {
+  sessionId: string
+  profile: string
+  model?: string | null
+  provider?: string | null
+  currentInputTokens?: number
+  currentInputIncludedInDb?: boolean
+}): Promise<{ messageTokens: number; messages: number }> {
+  const dbHistory = await buildDbHistory(args.sessionId, { excludeLastUser: false })
+  const snapshotHistory = await buildSnapshotAwareHistory(
+    args.sessionId,
+    args.profile,
+    dbHistory,
+    { model: args.model, provider: args.provider },
+  )
+  const usage = estimateUsageTokensFromMessages(snapshotHistory)
+  const extraInputTokens = args.currentInputIncludedInDb
+    ? 0
+    : finiteToken(args.currentInputTokens) ?? 0
+  return {
+    messageTokens: usage.inputTokens + usage.outputTokens + extraInputTokens,
+    messages: snapshotHistory.length,
+  }
+}
+
+async function applyBridgeChunkAsync(
+  nsp: ReturnType<Server['of']>,
+  socket: Socket,
+  state: SessionState,
+  sessionId: string,
+  runMarker: string,
+  chunk: AgentBridgeOutput,
+  emit: (event: string, payload: any) => void,
+  profile: string,
+  sessionMap: Map<string, SessionState>,
+  bridge: AgentBridgeClient,
+  dequeueNextQueuedRun: (socket: Socket, sessionId: string, fallbackProfile?: string) => void,
+  instructions: string,
+  modelContext: { model?: string | null; provider?: string | null },
+  currentInputTokens = 0,
+  currentInputIncludedInDb = true,
+  modelGroups?: RunModelGroup[],
+): Promise<void> {
+  if (state.activeRunMarker !== runMarker) {
+    bridgeLogger.info({
+      sessionId,
+      runId: chunk.run_id,
+      runMarker,
+      activeRunMarker: state.activeRunMarker,
+    }, '[chat-run-socket] ignoring stale CLI bridge chunk')
+    return
+  }
+
+  state.runId = chunk.run_id
+
+  // When the bridge emits text as ordered `stream.delta` events (interleaved
+  // with tool.started/tool.completed in the SAME events list), we process the
+  // text here in true order and must NOT also process the aggregated
+  // `chunk.delta` below (that would duplicate the text). This flag tracks it.
+  let sawStreamDeltaEvent = false
+
+  for (const ev of chunk.events || []) {
+    const evType = ev.event as string | undefined
+    if (evType === 'stream.delta') {
+      sawStreamDeltaEvent = true
+      processBridgeTextDelta(state, sessionId, runMarker, chunk.run_id, String((ev as any).delta || ''), emit)
+      continue
+    }
+    if (evType === 'bridge.context.ready') {
+      cacheBridgeContext(state, ev)
+      const usage = await calcAndUpdateUsage(sessionId, state, emit)
+      const snapshotAware = await estimateSnapshotAwareMessageTokens({
+        sessionId,
+        profile,
+        model: modelContext.model,
+        provider: modelContext.provider,
+        currentInputTokens,
+        currentInputIncludedInDb,
+      })
+      updateMessageContextTokenUsage(
+        sessionId,
+        state,
+        emit,
+        snapshotAware.messageTokens,
+        usage,
+      )
+    } else if (evType === 'tool.started') {
+      // Flush any partial tool-call-marker prefix that was held back by
+      // the markup filter. Without this, deltas ending in `[`, `[C`,
+      // `[Ca`, etc. are silently dropped because no follow-up delta will
+      // come for this assistant message — the next chunk is the tool call
+      // itself. See bridge-delta.ts for full rationale.
+      flushPendingToolMarkupToAssistant(state, runMarker, chunk.run_id, emit)
+      flushBridgePendingToDb(state, sessionId, runMarker)
+      const toolName = (ev.tool_name as string) || ''
+      const args = ev.args as Record<string, unknown> | undefined
+      const tool = recordBridgeToolStarted(state, sessionId, runMarker, toolName, args, ev.tool_call_id)
+      const payload = {
+        event: 'tool.started',
+        run_id: chunk.run_id,
+        tool_call_id: tool.id,
+        tool: toolName,
+        name: toolName,
+        arguments: tool.arguments,
+        preview: ev.preview || summarizeToolArguments(tool.arguments),
+      }
+      pushState(sessionMap, sessionId, 'tool.started', payload)
+      emit('tool.started', payload)
+    } else if (evType === 'tool.completed') {
+      const toolName = (ev.tool_name as string) || ''
+      const completed = recordBridgeToolCompleted(state, sessionId, runMarker, toolName, ev)
+      const payload = {
+        event: 'tool.completed',
+        run_id: chunk.run_id,
+        tool_call_id: completed.id,
+        tool: toolName,
+        name: toolName,
+        output: completed.output,
+        duration: completed.duration ?? ev.duration,
+        error: ev.is_error || undefined,
+      }
+      pushState(sessionMap, sessionId, 'tool.completed', payload)
+      emit('tool.completed', payload)
+    } else if (evType?.startsWith('subagent.')) {
+      const payload = {
+        event: evType,
+        run_id: chunk.run_id,
+        subagent_id: ev.subagent_id,
+        parent_id: ev.parent_id,
+        depth: ev.depth,
+        task_index: ev.task_index,
+        task_count: ev.task_count,
+        goal: ev.goal,
+        model: ev.model,
+        toolsets: ev.toolsets,
+        tool_count: ev.tool_count,
+        tool: ev.tool_name,
+        name: ev.tool_name,
+        preview: ev.text || ev.summary || ev.tool_preview || '',
+        text: ev.text || '',
+        status: ev.status,
+        summary: ev.summary,
+        duration: ev.duration_seconds,
+        duration_seconds: ev.duration_seconds,
+        input_tokens: ev.input_tokens,
+        output_tokens: ev.output_tokens,
+        reasoning_tokens: ev.reasoning_tokens,
+        api_calls: ev.api_calls,
+        cost_usd: ev.cost_usd,
+        files_read: ev.files_read,
+        files_written: ev.files_written,
+        output_tail: ev.output_tail,
+      }
+      pushState(sessionMap, sessionId, evType, payload)
+      emit(evType, payload)
+    } else if (evType === 'turn.boundary') {
+      flushBridgePendingToDb(state, sessionId, runMarker)
+    } else if (evType === 'reasoning.delta' || evType === 'thinking.delta') {
+      const text = String(ev.text || '')
+      if (text) {
+        state.bridgePendingReasoningContent = (state.bridgePendingReasoningContent || '') + text
+        const message = ensureOpenBridgeAssistantMessage(state, sessionId, runMarker)
+        message.reasoning = (message.reasoning || '') + text
+        message.reasoning_content = (message.reasoning_content || '') + text
+      }
+      emit(evType, {
+        event: evType,
+        run_id: chunk.run_id,
+        text,
+      })
+    } else if (evType === 'reasoning.available') {
+      emit('reasoning.available', {
+        event: 'reasoning.available',
+        run_id: chunk.run_id,
+      })
+    } else if (evType === 'approval.requested') {
+      const payload = {
+        event: 'approval.requested',
+        run_id: chunk.run_id,
+        approval_id: ev.approval_id,
+        command: ev.command,
+        description: ev.description,
+        choices: ev.choices,
+        allow_permanent: ev.allow_permanent,
+        timeout_ms: ev.timeout_ms,
+      }
+      replaceState(sessionMap, sessionId, 'approval.requested', payload)
+      emit('approval.requested', payload)
+    } else if (evType === 'approval.resolved') {
+      const payload = {
+        event: 'approval.resolved',
+        run_id: chunk.run_id,
+        approval_id: ev.approval_id,
+        choice: ev.choice,
+      }
+      replaceState(sessionMap, sessionId, 'approval.resolved', payload)
+      emit('approval.resolved', payload)
+    } else if (evType === 'clarify.requested') {
+      const payload = {
+        event: 'clarify.requested',
+        run_id: chunk.run_id,
+        clarify_id: ev.clarify_id,
+        question: ev.question,
+        choices: Array.isArray(ev.choices) ? ev.choices : null,
+        timeout_ms: ev.timeout_ms,
+      }
+      replaceState(sessionMap, sessionId, 'clarify.requested', payload)
+      emit('clarify.requested', payload)
+    } else if (evType === 'clarify.resolved') {
+      const payload = {
+        event: 'clarify.resolved',
+        run_id: chunk.run_id,
+        clarify_id: ev.clarify_id,
+      }
+      replaceState(sessionMap, sessionId, 'clarify.resolved', payload)
+      emit('clarify.resolved', payload)
+    } else if (evType === 'bridge.compression.requested') {
+      const bridgeHistory = await buildDbHistory(sessionId, { excludeLastUser: true })
+      const bridgeUsage = estimateUsageTokensFromMessages(bridgeHistory)
+      const messageOnlyTokens = bridgeUsage.inputTokens + bridgeUsage.outputTokens
+      const runInputTokens = typeof currentInputTokens === 'number' && Number.isFinite(currentInputTokens) && currentInputTokens > 0
+        ? Math.floor(currentInputTokens)
+        : 0
+      const runMessageTokens = messageOnlyTokens + runInputTokens
+      const tokenCount = contextTokensWithCachedOverhead(state, runMessageTokens)
+      bridgeLogger.info({
+        sessionId,
+        profile,
+        bridgeMessages: ev.message_count,
+        dbMessages: bridgeHistory.length,
+        messageOnlyTokens,
+        currentInputTokens: runInputTokens,
+        fixedContextTokens: state.bridgeContext?.fixedContextTokens,
+        contextTokens: tokenCount,
+        bridgeApproxTokens: ev.approx_tokens,
+        source: 'local',
+      }, '[chat-run-socket] bridge compression token estimate')
+      const payload = {
+        event: 'compression.started',
+        run_id: chunk.run_id,
+        request_id: ev.request_id,
+        message_count: bridgeHistory.length || ev.message_count,
+        token_count: tokenCount,
+        source: 'bridge',
+      }
+      replaceState(sessionMap, sessionId, 'compression.started', payload)
+      emit('compression.started', payload)
+      if (ev.request_id && Array.isArray(ev.messages)) {
+        try {
+          const compressed = await forceCompressBridgeHistory(
+            sessionId,
+            profile,
+            ev.messages as ChatMessage[],
+            tokenCount,
+          )
+          state.bridgeCompressionResults = state.bridgeCompressionResults || {}
+          state.bridgeCompressionResults[String(ev.request_id)] = compressed
+          await bridge.compressionRespond(String(ev.request_id), { messages: compressed.messages })
+        } catch (err: any) {
+          await bridge.compressionRespond(String(ev.request_id), {
+            error: err?.message || String(err),
+          }).catch(() => undefined)
+        }
+      }
+    } else if (evType === 'bridge.compression.completed') {
+      const compressionResult = ev.request_id
+        ? state.bridgeCompressionResults?.[String(ev.request_id)]
+        : undefined
+      const messageAfterTokens = finiteToken(compressionResult?.afterTokens)
+      const runInputTokens = typeof currentInputTokens === 'number' && Number.isFinite(currentInputTokens) && currentInputTokens > 0
+        ? Math.floor(currentInputTokens)
+        : 0
+      const messageAfterTokensWithInput = messageAfterTokens != null
+        ? messageAfterTokens + runInputTokens
+        : undefined
+      const afterContextTokens = messageAfterTokensWithInput != null
+        ? contextTokensWithCachedOverhead(state, messageAfterTokensWithInput)
+        : undefined
+      const payload = {
+        event: 'compression.completed',
+        run_id: chunk.run_id,
+        request_id: ev.request_id,
+        compressed: compressionResult?.compressed ?? ev.compressed !== false,
+        llmCompressed: compressionResult?.llmCompressed,
+        totalMessages: compressionResult?.beforeMessages ?? ev.message_count,
+        resultMessages: compressionResult?.resultMessages ?? ev.result_messages,
+        beforeTokens: compressionResult?.beforeTokens ?? ev.approx_tokens,
+        afterTokens: messageAfterTokensWithInput,
+        contextTokens: afterContextTokens,
+        summaryTokens: compressionResult?.summaryTokens,
+        verbatimCount: compressionResult?.verbatimCount,
+        compressedStartIndex: compressionResult?.compressedStartIndex,
+        source: 'bridge',
+      }
+      if (ev.request_id && state.bridgeCompressionResults) {
+        delete state.bridgeCompressionResults[String(ev.request_id)]
+      }
+      replaceState(sessionMap, sessionId, 'compression.completed', payload)
+      emit('compression.completed', payload)
+      const usage = await calcAndUpdateUsage(sessionId, state, emit)
+      if (messageAfterTokensWithInput != null) {
+        updateMessageContextTokenUsage(sessionId, state, emit, messageAfterTokensWithInput, usage)
+      }
+    } else if (evType === 'bridge.compression.failed') {
+      const payload = {
+        event: 'compression.completed',
+        run_id: chunk.run_id,
+        request_id: ev.request_id,
+        compressed: false,
+        totalMessages: ev.message_count,
+        resultMessages: ev.message_count,
+        beforeTokens: ev.approx_tokens,
+        error: ev.error,
+        source: 'bridge',
+      }
+      if (ev.request_id && state.bridgeCompressionResults) {
+        delete state.bridgeCompressionResults[String(ev.request_id)]
+      }
+      replaceState(sessionMap, sessionId, 'compression.completed', payload)
+      emit('compression.completed', payload)
+    } else if (evType === 'status') {
+      const payload = {
+        ...ev,
+        event: 'agent.event',
+        run_id: chunk.run_id,
+      }
+      replaceState(sessionMap, sessionId, 'agent.event', payload)
+      emit('agent.event', payload)
+    }
+  }
+
+  // Only process the aggregated chunk.delta when the bridge did NOT emit
+  // ordered stream.delta events for this chunk. With ordered events, the text
+  // was already handled above in true interleaved order; processing it again
+  // here would duplicate it.
+  if (chunk.delta && !sawStreamDeltaEvent) {
+    const delta = filterBridgeToolCallMarkupDelta(state, chunk.delta)
+    if (delta) {
+      state.bridgeOutput = (state.bridgeOutput || '') + delta
+      state.bridgePendingAssistantContent = (state.bridgePendingAssistantContent || '') + delta
+      const last = [...state.messages].reverse().find(m => m.runMarker === runMarker)
+      if (last?.role === 'assistant' && last.finish_reason == null) {
+        last.content += delta
+        syncBridgeReasoningToMessage(last, state.bridgePendingReasoningContent)
+      } else {
+        state.messages.push({
+          id: state.messages.length + 1,
+          session_id: sessionId,
+          runMarker,
+          role: 'assistant',
+          content: delta,
+          reasoning: state.bridgePendingReasoningContent || null,
+          reasoning_content: state.bridgePendingReasoningContent || null,
+          timestamp: Math.floor(Date.now() / 1000),
+        })
+      }
+      emit('message.delta', {
+        event: 'message.delta',
+        run_id: chunk.run_id,
+        delta,
+        output: state.bridgeOutput,
+      })
+    }
+  }
+
+  if (!chunk.done) return
+  if (!state.isWorking) return
+  if (state.isAborting) {
+    bridgeLogger.info({
+      sessionId,
+      runId: chunk.run_id,
+      status: chunk.status,
+    }, '[chat-run-socket][abort] suppressing CLI bridge terminal chunk during abort')
+    return
+  }
+
+  // If the run terminated while we still had a partial tool-call-marker
+  // prefix buffered, flush it to the user-visible stream now. Discarding
+  // it (which the line below was doing implicitly) silently drops the
+  // final characters of the assistant message.
+  flushPendingToolMarkupToAssistant(state, runMarker, chunk.run_id, emit)
+  flushBridgePendingToDb(state, sessionId)
+  state.bridgePendingToolCallMarkup = undefined
+  updateSessionStats(sessionId)
+  await delay(BRIDGE_USAGE_FLUSH_DELAY_MS)
+  const usage = await calcAndUpdateUsage(sessionId, state, emit)
+  const contextTokens = await refreshFinalContextUsage({
+    sessionId,
+    profile,
+    model: modelContext.model,
+    provider: modelContext.provider,
+    instructions,
+    state,
+    usage,
+    emit,
+    bridge,
+  })
+  updateUsage(sessionId, {
+    inputTokens: usage.inputTokens,
+    outputTokens: usage.outputTokens,
+    profile: state.profile,
+  })
+  const terminalError = bridgeTerminalError(chunk)
+  const hadQueuedRunBeforeGoalEvaluation = state.queue.length > 0
+  state.isWorking = hadQueuedRunBeforeGoalEvaluation
+  state.isAborting = false
+  state.profile = hadQueuedRunBeforeGoalEvaluation ? (state.queue[0]?.profile || profile) : undefined
+  state.source = hadQueuedRunBeforeGoalEvaluation ? state.queue[0]?.source : state.source
+  state.runId = undefined
+  state.activeRunMarker = undefined
+  state.events = []
+  const eventName = terminalError ? 'run.failed' : 'run.completed'
+  const payload = {
+    event: eventName,
+    run_id: chunk.run_id,
+    output: chunk.output || state.bridgeOutput || '',
+    result: chunk.result,
+    error: terminalError || chunk.error,
+    inputTokens: usage.inputTokens,
+    outputTokens: usage.outputTokens,
+    contextTokens,
+    queue_remaining: state.queue.length,
+  }
+  emit(eventName, payload)
+
+  if (!terminalError) {
+    await maybeEnqueueGoalContinuation({
+      nsp,
+      socket,
+      sessionId,
+      state,
+      bridge,
+      profile,
+      modelContext,
+      modelGroups,
+      instructions,
+      finalResponse: bridgeFinalResponse(chunk, state),
+    })
+  }
+
+  if (state.queue.length > 0 && !state.activeRunMarker) {
+    const nextQueuedRun = state.queue[0]
+    state.isWorking = true
+    state.profile = nextQueuedRun.profile || profile
+    state.source = nextQueuedRun.source
+    dequeueNextQueuedRun(socket, sessionId)
+  } else if (!state.activeRunMarker) {
+    state.isWorking = false
+    state.profile = undefined
+  }
+}
+
+function bridgeFinalResponse(chunk: AgentBridgeOutput, state: SessionState): string {
+  const result = chunk.result && typeof chunk.result === 'object' && !Array.isArray(chunk.result)
+    ? chunk.result as Record<string, unknown>
+    : null
+  const finalResponse = result && typeof result.final_response === 'string'
+    ? result.final_response
+    : ''
+  return finalResponse || chunk.output || state.bridgeOutput || ''
+}
+
+function hasRealQueuedRun(state: SessionState): boolean {
+  return state.queue.some(item => !item.goalContinuation)
+}
+
+async function maybeEnqueueGoalContinuation(args: {
+  nsp: ReturnType<Server['of']>
+  socket: Socket
+  sessionId: string
+  state: SessionState
+  bridge: AgentBridgeClient
+  profile: string
+  modelContext: { model?: string | null; provider?: string | null }
+  modelGroups?: RunModelGroup[]
+  instructions: string
+  finalResponse: string
+}) {
+  const finalResponse = args.finalResponse || ''
+  if (!finalResponse.trim()) return
+  if (hasRealQueuedRun(args.state)) return
+
+  let decision
+  try {
+    decision = await args.bridge.goalEvaluate(args.sessionId, finalResponse, args.profile)
+  } catch (err) {
+    logger.warn(err, '[chat-run-socket] /goal evaluation failed for session %s', args.sessionId)
+    return
+  }
+
+  if (isGoalJudgeUnavailable(decision.reason)) {
+    emitGoalStatus(
+      args.nsp,
+      args.socket,
+      args.sessionId,
+      args.state,
+      'judge_unavailable',
+      'Goal judge is not configured; automatic goal continuation was skipped. The goal remains active, but Hermes cannot mark it done automatically.',
+    )
+    return
+  }
+
+  const message = typeof decision.message === 'string' ? decision.message.trim() : ''
+  if (message) emitGoalStatus(args.nsp, args.socket, args.sessionId, args.state, decision.verdict || 'goal', message)
+
+  if (!decision.should_continue) return
+  if (hasRealQueuedRun(args.state)) return
+
+  const prompt = typeof decision.continuation_prompt === 'string'
+    ? decision.continuation_prompt.trim()
+    : ''
+  if (!prompt) return
+
+  const next: QueuedRun = {
+    queue_id: `goal_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`,
+    input: prompt,
+    displayInput: null,
+    storageMessage: prompt,
+    model: args.modelContext.model || undefined,
+    provider: args.modelContext.provider || undefined,
+    model_groups: args.modelGroups,
+    instructions: undefined,
+    profile: args.profile,
+    source: 'cli',
+    goalContinuation: true,
+  }
+  args.state.queue.push(next)
+}
+
+function isGoalJudgeUnavailable(reason?: string | null): boolean {
+  const value = String(reason || '').toLowerCase()
+  return value.includes('no auxiliary client configured') || value.includes('auxiliary client unavailable')
+}
+
+function emitGoalStatus(
+  nsp: ReturnType<Server['of']>,
+  socket: Socket,
+  sessionId: string,
+  state: SessionState,
+  action: string,
+  message: string,
+) {
+  const now = Math.floor(Date.now() / 1000)
+  const id = addMessage({
+    session_id: sessionId,
+    role: 'command',
+    content: message,
+    timestamp: now,
+  })
+  state.messages.push({
+    id: id || `goal_${now}_${state.messages.length}`,
+    session_id: sessionId,
+    role: 'command',
+    content: message,
+    timestamp: now,
+  })
+  nsp.to(`session:${sessionId}`).emit('session.command', {
+    event: 'session.command',
+    session_id: sessionId,
+    command: 'goal',
+    ok: true,
+    action,
+    message,
+    terminal: false,
+  })
+  if (!nsp.adapter.rooms.get(`session:${sessionId}`)?.size && socket.connected) {
+    socket.emit('session.command', {
+      event: 'session.command',
+      session_id: sessionId,
+      command: 'goal',
+      ok: true,
+      action,
+      message,
+      terminal: false,
+    })
+  }
+}
+
+function delay(ms: number): Promise<void> {
+  return new Promise(resolve => setTimeout(resolve, ms))
+}
diff --git a/packages/server/src/services/hermes/run-chat/index.ts b/packages/server/src/services/hermes/run-chat/index.ts
new file mode 100644
index 0000000..270d822
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/index.ts
@@ -0,0 +1,443 @@
+/**
+ * ChatRunSocket — Socket.IO namespace /chat-run.
+ *
+ * Thin orchestrator that delegates to specialized modules:
+ * - handle-api-run.ts   → upstream /v1/responses streaming
+ * - handle-bridge-run.ts → CLI bridge runs
+ * - abort.ts             → run cancellation
+ * - compression.ts       → context window management
+ */
+
+import type { Server, Socket } from 'socket.io'
+import { logger } from '../../logger'
+import { getSystemPrompt } from '../../../lib/llm-prompt'
+import { getSession } from '../../../db/hermes/session-store'
+import { getActiveProfileName, getProfileDir, listProfileNamesFromDisk } from '../hermes-profile'
+import { AgentBridgeClient } from '../agent-bridge'
+import { handleApiRun, resolveRunSource, loadSessionStateFromDb } from './handle-api-run'
+import { handleBridgeRun } from './handle-bridge-run'
+import { handleAbort } from './abort'
+import { getOrCreateSession } from './compression'
+import { handleSessionCommand, isSessionCommand, parseSessionCommand } from './session-command'
+import { contentBlocksToString } from './content-blocks'
+import type { ContentBlock, QueuedRun, SessionState } from './types'
+import { authenticateUserToken, isAuthEnabled, type AuthenticatedUser } from '../../../middleware/user-auth'
+import { userCanAccessProfile } from '../../../db/hermes/users-store'
+
+export type { ContentBlock } from './types'
+
+export class ChatRunSocket {
+  private nsp: ReturnType<Server['of']>
+  private bridge = new AgentBridgeClient()
+  /** sessionId → session state (messages, working status, events, run tracking) */
+  private sessionMap = new Map<string, SessionState>()
+
+  constructor(io: Server) {
+    this.nsp = io.of('/chat-run')
+  }
+
+  init() {
+    this.nsp.use(this.authMiddleware.bind(this))
+    this.nsp.on('connection', this.onConnection.bind(this))
+    logger.info('[chat-run-socket] Socket.IO ready at /chat-run')
+  }
+
+  // --- Auth middleware ---
+
+  private async authMiddleware(socket: Socket, next: (err?: Error) => void) {
+    const token = socket.handshake.auth?.token as string | undefined
+    if (!await isAuthEnabled()) {
+      next()
+      return
+    }
+
+    const user = await authenticateUserToken(token || '')
+    if (!user) {
+      return next(new Error('Authentication failed'))
+    }
+    const socketProfile = String(socket.handshake.query?.profile || '').trim()
+    if (socketProfile && !this.canAccessProfile(user, socketProfile)) {
+      return next(new Error('Profile access denied'))
+    }
+    socket.data.user = user
+    next()
+  }
+
+  // --- Connection handler ---
+
+  private onConnection(socket: Socket) {
+    const socketUser = socket.data.user as AuthenticatedUser | undefined
+    const socketProfile = (socket.handshake.query?.profile as string) || 'default'
+    const currentProfile = () => socketProfile || getActiveProfileName() || 'default'
+    const profileExists = (profile: string) => {
+      if (!profile || profile === 'default') return true
+      return listProfileNamesFromDisk().includes(profile)
+    }
+    const resolveRunProfile = (sessionId?: string, requested?: string) => {
+      const requestedProfile = typeof requested === 'string' ? requested.trim() : ''
+      if (requestedProfile) {
+        if (!profileExists(requestedProfile)) throw new Error(`Profile "${requestedProfile}" does not exist`)
+        if (socketUser && !this.canAccessProfile(socketUser, requestedProfile)) {
+          throw new Error(`Profile "${requestedProfile}" is not available for this user`)
+        }
+        return requestedProfile
+      }
+      if (!sessionId) {
+        const profile = currentProfile()
+        if (socketUser && !this.canAccessProfile(socketUser, profile)) {
+          throw new Error(`Profile "${profile}" is not available for this user`)
+        }
+        return profile
+      }
+      const storedProfile = getSession(sessionId)?.profile || ''
+      const profile = storedProfile && profileExists(storedProfile) ? storedProfile : currentProfile()
+      if (socketUser && !this.canAccessProfile(socketUser, profile)) {
+        throw new Error(`Profile "${profile}" is not available for this user`)
+      }
+      return profile
+    }
+
+    socket.on('run', async (data: {
+      input: string | ContentBlock[]
+      display_input?: string | ContentBlock[] | null
+      display_role?: 'user' | 'command'
+      storage_message?: string
+      session_id?: string
+      model?: string
+      instructions?: string
+      provider?: string
+      model_groups?: Array<{ provider: string; models: string[] }>
+      queue_id?: string
+      source?: string
+      profile?: string
+    }) => {
+      let runProfile: string
+      try {
+        runProfile = resolveRunProfile(data.session_id, data.profile)
+      } catch (err) {
+        socket.emit('run.failed', {
+          event: 'run.failed',
+          session_id: data.session_id,
+          error: err instanceof Error ? err.message : String(err),
+        })
+        return
+      }
+      if (data.session_id) {
+        const state = getOrCreateSession(this.sessionMap, data.session_id)
+        const source = resolveRunSource(data.source, data.session_id)
+        const command = parseSessionCommand(data.input)
+        if (command && source === 'cli') {
+          try {
+            await handleSessionCommand(data.session_id, command, {
+              nsp: this.nsp,
+              socket,
+              sessionMap: this.sessionMap,
+              bridge: this.bridge,
+              profile: runProfile,
+              model: data.model,
+              provider: data.provider,
+              model_groups: data.model_groups,
+              instructions: data.instructions,
+              queueId: data.queue_id,
+              runQueuedItem: this.runQueuedItem.bind(this),
+            })
+          } catch (err) {
+            this.emitToSession(socket, data.session_id, 'session.command', {
+              event: 'session.command',
+              command: command.rawName,
+              ok: false,
+              action: 'error',
+              message: err instanceof Error ? err.message : String(err),
+            })
+          }
+          return
+        }
+        if (state.isWorking) {
+          const queueId = data.queue_id || `queue_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`
+          state.queue.push({
+            queue_id: queueId,
+            input: data.input,
+            model: data.model,
+            provider: data.provider,
+            model_groups: data.model_groups,
+            instructions: data.instructions,
+            profile: runProfile,
+            source,
+            originSocketId: socket.id,
+          })
+          this.nsp.to(`session:${data.session_id}`).emit('run.queued', {
+            event: 'run.queued',
+            session_id: data.session_id,
+            queue_length: state.queue.length,
+            queued_messages: this.serializeQueuedMessages(state.queue),
+          })
+          logger.info('[chat-run-socket] queued run for session %s (queue: %d)', data.session_id, state.queue.length)
+          return
+        }
+        state.events = []
+        state.isWorking = true
+        state.profile = runProfile
+        state.source = source
+      }
+      try {
+        await this.handleRun(socket, data, runProfile)
+      } catch (err) {
+        if (data.session_id) {
+          const state = this.sessionMap.get(data.session_id)
+          if (state && !state.runId && !state.abortController && !state.activeRunMarker) {
+            state.isWorking = false
+            state.profile = undefined
+          }
+        }
+        socket.emit('run.failed', {
+          event: 'run.failed',
+          session_id: data.session_id,
+          error: err instanceof Error ? err.message : String(err),
+        })
+      }
+    })
+
+    socket.on('cancel_queued_run', (data: { session_id?: string; queue_id?: string }) => {
+      if (!data.session_id || !data.queue_id) return
+      const state = this.sessionMap.get(data.session_id)
+      if (!state?.queue.length) return
+      const before = state.queue.length
+      state.queue = state.queue.filter(item => item.queue_id !== data.queue_id)
+      if (state.queue.length === before) return
+      this.nsp.to(`session:${data.session_id}`).emit('run.queued', {
+        event: 'run.queued',
+        session_id: data.session_id,
+        queue_length: state.queue.length,
+        queued_messages: this.serializeQueuedMessages(state.queue),
+      })
+      logger.info('[chat-run-socket] cancelled queued run %s for session %s (queue: %d)',
+        data.queue_id, data.session_id, state.queue.length)
+    })
+
+    socket.on('resume', async (data: { session_id?: string }) => {
+      if (!data.session_id) return
+      const sid = data.session_id
+      socket.join(`session:${sid}`)
+      this.resumeSession(socket, sid)
+    })
+
+    socket.on('abort', (data: { session_id?: string }) => {
+      if (data.session_id) {
+        void handleAbort(this.nsp, socket, data.session_id, this.sessionMap, this.bridge, this.runQueuedItem.bind(this))
+      }
+    })
+
+    socket.on('approval.respond', async (data: { session_id?: string; approval_id?: string; choice?: string }) => {
+      if (!data.session_id || !data.approval_id) return
+      try {
+        const result = await this.bridge.approvalRespond(data.approval_id, data.choice || 'deny')
+        this.emitToSession(socket, data.session_id, 'approval.resolved', {
+          event: 'approval.resolved',
+          approval_id: data.approval_id,
+          choice: data.choice || 'deny',
+          resolved: Boolean(result.resolved),
+        })
+      } catch (err) {
+        this.emitToSession(socket, data.session_id, 'approval.resolved', {
+          event: 'approval.resolved',
+          approval_id: data.approval_id,
+          choice: data.choice || 'deny',
+          resolved: false,
+          error: err instanceof Error ? err.message : String(err),
+        })
+      }
+    })
+
+    socket.on('clarify.respond', async (data: { session_id?: string; clarify_id?: string; response?: string }) => {
+      if (!data.session_id || !data.clarify_id) return
+      this.clearClarifyEventState(data.session_id, data.clarify_id)
+      try {
+        const result = await this.bridge.clarifyRespond(data.clarify_id, data.response || '')
+        this.emitToSession(socket, data.session_id, 'clarify.resolved', {
+          event: 'clarify.resolved',
+          clarify_id: data.clarify_id,
+          resolved: Boolean((result as any)?.resolved),
+        })
+      } catch (err) {
+        this.emitToSession(socket, data.session_id, 'clarify.resolved', {
+          event: 'clarify.resolved',
+          clarify_id: data.clarify_id,
+          resolved: false,
+          error: err instanceof Error ? err.message : String(err),
+        })
+      }
+    })
+  }
+
+  // --- Run dispatcher ---
+
+  private async handleRun(
+    socket: Socket,
+    data: {
+      input: string | ContentBlock[]
+      display_input?: string | ContentBlock[] | null
+      display_role?: 'user' | 'command'
+      storage_message?: string
+      session_id?: string
+      model?: string
+      provider?: string
+      model_groups?: Array<{ provider: string; models: string[] }>
+      instructions?: string
+      source?: string
+      queue_id?: string
+      peerExcludeSocketId?: string
+    },
+    profile: string,
+    skipUserMessage = false,
+  ) {
+    const source = resolveRunSource(data.source, data.session_id)
+    if (data.session_id && source === 'cli' && isSessionCommand(data.input)) return
+
+    if (source === 'cli') {
+      let fullInstructions = data.instructions
+        ? `${getSystemPrompt()}\n${data.instructions}`
+        : getSystemPrompt()
+      if (data.session_id) {
+        const sessionRow = getSession(data.session_id)
+        if (sessionRow?.workspace) {
+          const workspaceCtx = `[Current working directory: ${sessionRow.workspace}]`
+          fullInstructions = `\n${workspaceCtx}\n${fullInstructions}`
+        }
+      }
+
+      await handleBridgeRun(
+        this.nsp, socket, { ...data, instructions: fullInstructions }, profile,
+        this.sessionMap, this.bridge,
+        skipUserMessage,
+        loadSessionStateFromDb,
+        this.dequeueNextQueuedRun.bind(this),
+      )
+      return
+    }
+
+    await handleApiRun(
+      this.nsp, socket, data, profile,
+      this.sessionMap,
+      skipUserMessage,
+      this.dequeueNextQueuedRun.bind(this),
+    )
+  }
+
+  // --- Resume ---
+
+  private async resumeSession(socket: Socket, sid: string) {
+    let state = this.sessionMap.get(sid)
+    if (!state) {
+      state = await loadSessionStateFromDb(sid, this.sessionMap)
+      this.sessionMap.set(sid, state)
+    }
+    socket.emit('resumed', {
+      session_id: sid,
+      messages: state.messages,
+      messageTotal: state.messageTotal,
+      messageLoadedCount: state.messageLoadedCount,
+      messagePageLimit: state.messagePageLimit,
+      hasMoreBefore: state.hasMoreBefore,
+      isWorking: state.isWorking,
+      isAborting: state.isAborting || false,
+      events: state.isWorking ? state.events : [],
+      inputTokens: state.inputTokens,
+      outputTokens: state.outputTokens,
+      contextTokens: state.contextTokens,
+      queueLength: state.queue?.length || 0,
+      queueMessages: this.serializeQueuedMessages(state.queue || []),
+    })
+
+    logger.info('[chat-run-socket] socket %s resumed session %s (working: %s, messages: %d)',
+      socket.id, sid, state.isWorking, state.messages.length)
+  }
+
+  // --- Queue ---
+
+  private dequeueNextQueuedRun(socket: Socket, sessionId: string, fallbackProfile = 'default') {
+    const state = this.sessionMap.get(sessionId)
+    if (!state?.queue.length) return false
+
+    const next = state.queue.shift()!
+    logger.info('[chat-run-socket] dequeuing queued run for session %s (remaining: %d)', sessionId, state.queue.length)
+    this.nsp.to(`session:${sessionId}`).emit('run.queued', {
+      event: 'run.queued',
+      session_id: sessionId,
+      queue_length: state.queue.length,
+      dequeued_queue_id: next.queue_id,
+      queued_messages: this.serializeQueuedMessages(state.queue),
+    })
+    this.runQueuedItem(socket, sessionId, next, fallbackProfile)
+    return true
+  }
+
+  private runQueuedItem(socket: Socket, sessionId: string, next: QueuedRun, fallbackProfile = 'default') {
+    const skipUserMessage = next.displayInput === null
+    void this.handleRun(socket, {
+      input: next.input,
+      display_input: next.displayInput,
+      display_role: next.displayRole,
+      storage_message: next.storageMessage,
+      session_id: sessionId,
+      model: next.model,
+      provider: next.provider,
+      model_groups: next.model_groups,
+      instructions: next.instructions,
+      source: next.source,
+      queue_id: next.queue_id,
+      peerExcludeSocketId: next.originSocketId,
+    }, next.profile || fallbackProfile, skipUserMessage)
+  }
+
+  // --- Helpers ---
+
+  private clearClarifyEventState(sessionId: string, clarifyId: string) {
+    const state = this.sessionMap.get(sessionId)
+    if (!state?.events.length) return
+
+    const nextEvents = state.events.filter(({ event, data }) => {
+      if (event !== 'clarify.requested' && event !== 'clarify.resolved') return true
+      return data?.clarify_id !== clarifyId
+    })
+    if (nextEvents.length !== state.events.length) {
+      state.events = nextEvents
+    }
+  }
+
+  private emitToSession(socket: Socket, sessionId: string, event: string, payload: any) {
+    const tagged = { ...payload, session_id: sessionId }
+    this.nsp.to(`session:${sessionId}`).emit(event, tagged)
+    if (!this.nsp.adapter.rooms.get(`session:${sessionId}`)?.size && socket.connected) {
+      socket.emit(event, tagged)
+    }
+  }
+
+  private serializeQueuedMessages(queue: QueuedRun[]) {
+    return queue.filter(item => item.displayInput !== null).map(item => ({
+      id: item.queue_id,
+      role: item.displayRole || (typeof item.displayInput === 'string' && item.displayInput.trim().startsWith('/') ? 'command' : 'user'),
+      content: contentBlocksToString(item.displayInput ?? item.input),
+      timestamp: Math.floor(Date.now() / 1000),
+      queued: true,
+    }))
+  }
+
+  private canAccessProfile(user: AuthenticatedUser, profile: string): boolean {
+    return user.role === 'super_admin' || userCanAccessProfile(user.id, profile)
+  }
+
+  /** Close all active upstream response streams */
+  close() {
+    for (const [sessionId, state] of this.sessionMap.entries()) {
+      if (state.abortController) {
+        try {
+          state.abortController.abort()
+        } catch (e) {
+          logger.warn(e, '[chat-run-socket] failed to abort controller for session %s', sessionId)
+        }
+      }
+    }
+    this.sessionMap.clear()
+    logger.info('[chat-run-socket] closed all connections and cleared state')
+  }
+}
diff --git a/packages/server/src/services/hermes/run-chat/message-format.ts b/packages/server/src/services/hermes/run-chat/message-format.ts
new file mode 100644
index 0000000..bff4bbd
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/message-format.ts
@@ -0,0 +1,214 @@
+import { parseAnthropicContentArray } from '../../../lib/llm-json'
+import { logger } from '../../logger'
+import type { SessionMessage } from './types'
+
+function cleanToolCalls(toolCalls: any): any[] {
+  return Array.isArray(toolCalls)
+    ? toolCalls
+        .filter((tc: any) => tc?.id && String(tc.id).length > 0)
+        .map((tc: any) => ({
+          id: tc.id,
+          type: tc.type,
+          function: tc.function,
+        }))
+    : []
+}
+
+function hasSendableContent(content: unknown): boolean {
+  if (typeof content === 'string') return content.trim().length > 0
+  if (Array.isArray(content)) {
+    return content.some((block: any) => {
+      if (!block || typeof block !== 'object') return false
+      if (block.type === 'text') return typeof block.text === 'string' && block.text.trim().length > 0
+      return Boolean(block.type && block.type !== 'thinking')
+    })
+  }
+  return false
+}
+
+function toolCallsToText(toolCalls: any[]): string {
+  return toolCalls
+    .map((tc: any) => {
+      const name = tc?.function?.name || 'unknown'
+      let args = typeof tc?.function?.arguments === 'string'
+        ? tc.function.arguments
+        : JSON.stringify(tc?.function?.arguments ?? {})
+      if (args.length > 4000) args = `${args.slice(0, 4000)}...`
+      return `[Calling tool: ${name} with arguments: ${args}]`
+    })
+    .join('\n')
+}
+
+export function isAssistantMessageSendable(message: { content?: unknown; tool_calls?: any }): boolean {
+  if (hasSendableContent(message.content)) return true
+  return cleanToolCalls(message.tool_calls).length > 0
+}
+
+/**
+ * Convert OpenAI format conversation history to Anthropic format.
+ */
+export function convertHistoryFormat(messages: any[]): any[] {
+  const result: any[] = []
+
+  for (const m of messages) {
+    const role = m.role
+    const content = m.content || ''
+    delete m.reasoning_content
+    if (role === 'tool') {
+      let pushItem = { ...m }
+      pushItem.role = 'user'
+      pushItem.content = `[Tool result: ${content}]`
+      result.push(pushItem)
+      continue
+    }
+
+    if (role === 'user') {
+      if (typeof content === 'string') {
+        result.push({ role: 'user', content: content })
+      } else if (Array.isArray(content)) {
+        const textParts = content
+          .filter((b: any) => b.type === 'text')
+          .map((b: any) => b.text)
+          .join('\n')
+        result.push({ role: 'user', content: textParts || JSON.stringify(content) })
+      }
+      continue
+    }
+    if (role === 'assistant') {
+      const toolCalls = cleanToolCalls(m.tool_calls)
+      const item = { ...m }
+      delete item.reasoning_content
+      if (toolCalls.length > 0 && !hasSendableContent(item.content)) {
+        item.content = toolCallsToText(toolCalls)
+      }
+      delete item.tool_calls
+      if (!isAssistantMessageSendable(item)) {
+        logger.warn('[chat-run-socket] skipped empty assistant message in conversation history')
+        continue
+      }
+      result.push(item)
+      continue
+    }
+  }
+  return result
+}
+
+/**
+ * Process raw DB messages into client-ready format.
+ * Parses Anthropic content blocks, reconstructs tool_call_ids, etc.
+ */
+export function handleMessage(messages: SessionMessage[], sid: string): any[] {
+  let _messages = []
+  try {
+    _messages = messages
+      .filter(m => (m.role === 'user' || m.role === 'assistant' || m.role === 'tool' || m.role === 'command') && m.content !== undefined)
+      .map((m, idx, arr) => {
+        const msg: any = {
+          id: m.id,
+          session_id: sid,
+          role: m.role,
+          content: m.content || '',
+          reasoning: m.reasoning || '',
+          timestamp: m.timestamp,
+        }
+        // Convert Anthropic format content to OpenAI format
+        if (m.role === 'assistant' && typeof m.content === 'string') {
+          let contentToParse = m.content
+          const trimmed = m.content.trim()
+          if (trimmed.startsWith('"') && trimmed.endsWith('"') && trimmed.length >= 2) {
+            contentToParse = trimmed.slice(1, -1)
+            logger.info('[chat-run-socket] resume message %s: double-serialized, removed outer quotes', m.id)
+          }
+
+          if (contentToParse.startsWith('[') && contentToParse.endsWith(']')) {
+            try {
+              const parsedContent = parseAnthropicContentArray(contentToParse)
+              const textBlocks: string[] = []
+              const toolCalls: any[] = []
+              let reasoningContent: string | null = null
+
+              for (const block of parsedContent) {
+                if (block.type === 'thinking') {
+                  reasoningContent = block.thinking || null
+                } else if (block.type === 'text') {
+                  textBlocks.push(block.text || '')
+                } else if (block.type === 'tool_use') {
+                  toolCalls.push({
+                    id: block.id,
+                    type: 'function',
+                    function: {
+                      name: block.name,
+                      arguments: typeof block.input === 'object' ? JSON.stringify(block.input) : (block.input ?? '{}'),
+                    },
+                  })
+                }
+              }
+
+              msg.content = textBlocks.join('') || ''
+              if (toolCalls.length > 0) msg.tool_calls = toolCalls
+              if (reasoningContent) msg.reasoning = reasoningContent
+            } catch (e) {
+              logger.warn(e, '[chat-run-socket] failed to parse array content for message %s, keeping original', m.id)
+              msg.content = m.content
+            }
+          }
+        } else if (Array.isArray(m.content)) {
+          const textBlocks: string[] = []
+          const toolCalls: any[] = []
+          let reasoningContent: string | null = null
+
+          for (const block of m.content) {
+            if (block.type === 'thinking') {
+              reasoningContent = block.thinking
+            } else if (block.type === 'text') {
+              textBlocks.push(block.text)
+            } else if (block.type === 'tool_use') {
+              toolCalls.push({
+                id: block.id,
+                type: 'function',
+                function: {
+                  name: block.name,
+                  arguments: JSON.stringify(block.input ?? {}),
+                },
+              })
+            }
+          }
+
+          msg.content = textBlocks.join('') || ''
+          if (toolCalls.length > 0) msg.tool_calls = toolCalls
+          if (reasoningContent) msg.reasoning = reasoningContent
+        }
+
+        if (m.tool_calls?.length) {
+          const cleanedToolCalls = cleanToolCalls(m.tool_calls)
+          if (cleanedToolCalls.length > 0) msg.tool_calls = cleanedToolCalls
+        }
+
+        if (m.role === 'assistant' && !isAssistantMessageSendable(msg)) {
+          logger.warn('[chat-run-socket] skipped empty assistant message %s while loading session %s', m.id, sid)
+          return null
+        }
+
+        // For tool messages, ensure tool_call_id exists
+        if (m.role === 'tool') {
+          let callId = m.tool_call_id
+          if (!callId || callId.length === 0) {
+            const prevMsg = arr[idx - 1]
+            if (prevMsg?.role === 'assistant' && prevMsg.tool_calls?.length) {
+              const tc = prevMsg.tool_calls.find((t: any) => t.function?.name === m.tool_name)
+              if (tc?.id) callId = tc.id
+            }
+          }
+          if (!callId || callId.length === 0) return null
+          msg.tool_call_id = callId
+        }
+
+        if (m.tool_name) msg.tool_name = m.tool_name
+        if (m.reasoning) msg.reasoning = m.reasoning
+        return msg
+      })
+      .filter(m => m !== null)
+  } catch (error) {
+  }
+  return _messages
+}
diff --git a/packages/server/src/services/hermes/run-chat/model-config.ts b/packages/server/src/services/hermes/run-chat/model-config.ts
new file mode 100644
index 0000000..9aa896c
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/model-config.ts
@@ -0,0 +1,47 @@
+import { readConfigYamlForProfile } from '../../config-helpers'
+
+export type RunModelGroup = { provider: string; models: string[] }
+
+async function resolveDefaultModelConfig(profile: string): Promise<{ model: string; provider: string }> {
+  try {
+    const config = await readConfigYamlForProfile(profile)
+    const modelConfig = config?.model
+    const model = typeof modelConfig === 'string'
+      ? modelConfig.trim()
+      : String(modelConfig?.default || '').trim()
+    const provider = typeof modelConfig === 'object'
+      ? String(modelConfig?.provider || '').trim()
+      : ''
+    return { model, provider }
+  } catch {
+    return { model: '', provider: '' }
+  }
+}
+
+function hasModelInGroups(groups: RunModelGroup[] | undefined, provider: string, model: string): boolean {
+  if (!groups?.length || !provider || !model) return false
+  const group = groups.find(item => item.provider === provider)
+  return Array.isArray(group?.models) && group.models.includes(model)
+}
+
+export async function resolveBridgeRunModelConfig(options: {
+  profile: string
+  sessionModel?: string | null
+  sessionProvider?: string | null
+  requestedModel?: string | null
+  requestedProvider?: string | null
+  modelGroups?: RunModelGroup[]
+}): Promise<{ model: string; provider: string }> {
+  const sessionModel = String(options.sessionModel || '').trim()
+  const sessionProvider = String(options.sessionProvider || '').trim()
+  const requestedModel = String(options.requestedModel || '').trim()
+  const requestedProvider = String(options.requestedProvider || '').trim()
+  const candidateModel = sessionModel || requestedModel
+  const candidateProvider = sessionProvider || requestedProvider
+  const hasGroups = Array.isArray(options.modelGroups) && options.modelGroups.length > 0
+  const candidateAvailable = hasGroups && hasModelInGroups(options.modelGroups, candidateProvider, candidateModel)
+  const shouldUseDefault = !candidateModel || !candidateProvider || (hasGroups && !candidateAvailable)
+  return shouldUseDefault
+    ? resolveDefaultModelConfig(options.profile)
+    : { model: candidateModel, provider: candidateProvider }
+}
diff --git a/packages/server/src/services/hermes/run-chat/response-stream.ts b/packages/server/src/services/hermes/run-chat/response-stream.ts
new file mode 100644
index 0000000..2ed1ad4
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/response-stream.ts
@@ -0,0 +1,210 @@
+/**
+ * Response stream event handling — maps upstream /v1/responses events
+ * to client-facing events and updates in-memory session state.
+ */
+
+import { addMessage } from '../../../db/hermes/session-store'
+import { logger } from '../../logger'
+import { summarizeToolArguments, responseFunctionCallToToolCall } from './response-utils'
+import type { SessionState, ResponseRunState } from './types'
+
+export function applyResponseStreamEvent(
+  state: SessionState,
+  sessionId: string,
+  runMarker: string | undefined,
+  eventType: string,
+  parsed: any,
+): { event: string; payload: any; runId?: string } | null {
+  const run = getResponseRunState(state, runMarker)
+  const now = () => Math.floor(Date.now() / 1000)
+
+  if (eventType === 'response.created') {
+    const response = parsed.response || parsed
+    run.responseId = response.id || run.responseId
+    return {
+      event: 'run.started',
+      runId: run.responseId,
+      payload: {
+        event: 'run.started',
+        run_id: run.responseId,
+        response_id: run.responseId,
+        status: response.status || 'in_progress',
+        queue_length: state.queue.length || 0,
+      },
+    }
+  }
+
+  if (eventType === 'response.output_text.delta') {
+    const deltaText = parsed.delta || parsed.text || ''
+    if (!deltaText) return null
+
+    const last = [...state.messages].reverse().find(m => m.runMarker === runMarker)
+    if (last?.role === 'assistant' && last.finish_reason == null && !last.tool_calls?.length) {
+      last.content += deltaText
+    } else {
+      state.messages.push({
+        id: state.messages.length + 1,
+        session_id: sessionId,
+        runMarker,
+        role: 'assistant',
+        content: deltaText,
+        timestamp: now(),
+      })
+    }
+    return {
+      event: 'message.delta',
+      payload: {
+        event: 'message.delta',
+        run_id: run.responseId,
+        response_id: run.responseId,
+        delta: deltaText,
+      },
+    }
+  }
+
+  if (eventType === 'response.output_text.done') {
+    const last = [...state.messages].reverse().find(m => m.runMarker === runMarker)
+    if (last?.role === 'assistant' && last.finish_reason == null) {
+      last.finish_reason = 'stop'
+    }
+    return null
+  }
+
+  if (eventType === 'response.output_item.added') {
+    const item = parsed.item || parsed.output_item || parsed
+    if (item.type !== 'function_call') return null
+    const callId = item.call_id || item.id
+    if (!callId) return null
+    const toolCall = responseFunctionCallToToolCall(item)
+    run.toolCalls.set(callId, { ...toolCall, startedAt: Date.now() })
+    return {
+      event: 'tool.started',
+      payload: {
+        event: 'tool.started',
+        run_id: run.responseId,
+        response_id: run.responseId,
+        tool_call_id: callId,
+        tool: toolCall.function.name,
+        name: toolCall.function.name,
+        arguments: toolCall.function.arguments,
+        preview: summarizeToolArguments(toolCall.function.arguments),
+      },
+    }
+  }
+
+  if (eventType === 'response.output_item.done') {
+    const item = parsed.item || parsed.output_item || parsed
+    if (item.type === 'function_call') {
+      const callId = item.call_id || item.id
+      if (!callId) return null
+      const toolCall = responseFunctionCallToToolCall(item)
+      const existing = run.toolCalls.get(callId)
+      run.toolCalls.set(callId, { ...toolCall, startedAt: existing?.startedAt || Date.now() })
+
+      const key = `assistant:${callId}`
+      if (!run.insertedKeys.has(key)) {
+        run.insertedKeys.add(key)
+        state.messages.push({
+          id: state.messages.length + 1,
+          session_id: sessionId,
+          runMarker,
+          role: 'assistant',
+          content: '',
+          tool_calls: [toolCall],
+          finish_reason: 'tool_calls',
+          timestamp: now(),
+        })
+      }
+      return null
+    }
+
+    if (item.type === 'function_call_output') {
+      const callId = item.call_id || item.id
+      if (!callId) return null
+      const key = `tool:${callId}`
+      const output = typeof item.output === 'string' ? item.output : JSON.stringify(item.output ?? '')
+      const toolCallEntry = run.toolCalls.get(callId)
+      const toolName = toolCallEntry?.function?.name || null
+      const startedAt = toolCallEntry?.startedAt
+      const duration = startedAt ? Math.round((Date.now() - startedAt) / 10) / 100 : undefined
+      const hasError = typeof item.output === 'string' && item.output.startsWith('Error')
+      if (!run.insertedKeys.has(key)) {
+        run.insertedKeys.add(key)
+        state.messages.push({
+          id: state.messages.length + 1,
+          session_id: sessionId,
+          runMarker,
+          role: 'tool',
+          content: output,
+          tool_call_id: callId,
+          tool_name: toolName,
+          timestamp: now(),
+        })
+      }
+      return {
+        event: 'tool.completed',
+        payload: {
+          event: 'tool.completed',
+          run_id: run.responseId,
+          response_id: run.responseId,
+          tool_call_id: callId,
+          tool: toolName,
+          name: toolName,
+          output,
+          duration,
+          error: hasError || undefined,
+        },
+      }
+    }
+  }
+
+  if (eventType === 'response.completed') {
+    const response = parsed.response || parsed
+    run.responseId = response.id || run.responseId
+    const output = Array.isArray(response.output) ? response.output : []
+    for (const item of output) {
+      if (item.type === 'function_call') {
+        applyResponseStreamEvent(state, sessionId, runMarker, 'response.output_item.added', { item })
+        applyResponseStreamEvent(state, sessionId, runMarker, 'response.output_item.done', { item })
+      } else if (item.type === 'function_call_output') {
+        applyResponseStreamEvent(state, sessionId, runMarker, 'response.output_item.done', { item })
+      }
+    }
+  }
+
+  return null
+}
+
+export function getResponseRunState(state: SessionState, runMarker?: string): ResponseRunState {
+  if (!state.responseRun || state.responseRun.runMarker !== runMarker) {
+    state.responseRun = {
+      runMarker,
+      insertedKeys: new Set<string>(),
+      toolCalls: new Map<string, any>(),
+    }
+  }
+  return state.responseRun
+}
+
+/** Flush all non-user messages for this run to DB in order. */
+export function flushResponseRunToDb(state: SessionState, sessionId: string) {
+  const run = state.responseRun
+  if (!run?.runMarker) return
+  let flushed = 0
+  for (const msg of state.messages) {
+    if (msg.runMarker !== run.runMarker) continue
+    if (msg.role === 'user') continue
+    addMessage({
+      session_id: sessionId,
+      role: msg.role,
+      content: msg.content || '',
+      tool_call_id: msg.tool_call_id ?? null,
+      tool_calls: msg.tool_calls ?? null,
+      tool_name: msg.tool_name ?? null,
+      finish_reason: msg.finish_reason ?? null,
+      timestamp: msg.timestamp,
+    })
+    flushed++
+  }
+  logger.info('[chat-run-socket] flushResponseRunToDb: flushed %d messages for session %s', flushed, sessionId)
+}
diff --git a/packages/server/src/services/hermes/run-chat/response-utils.ts b/packages/server/src/services/hermes/run-chat/response-utils.ts
new file mode 100644
index 0000000..25ddca1
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/response-utils.ts
@@ -0,0 +1,56 @@
+/**
+ * Response utility functions for processing upstream API responses.
+ */
+
+export function responseFunctionCallToToolCall(item: any): any {
+  const callId = item.call_id || item.id || ''
+  const name = item.name || item.function?.name || ''
+  let args = item.arguments ?? item.function?.arguments ?? '{}'
+  if (typeof args !== 'string') {
+    args = JSON.stringify(args ?? {})
+  }
+  return {
+    id: callId,
+    type: 'function',
+    function: {
+      name,
+      arguments: args || '{}',
+    },
+  }
+}
+
+export function summarizeToolArguments(args: string): string | undefined {
+  if (!args) return undefined
+  try {
+    const parsed = JSON.parse(args)
+    if (!parsed || typeof parsed !== 'object') return args.slice(0, 120)
+    const preferredKeys = ['cmd', 'command', 'code', 'query', 'path', 'url', 'prompt']
+    for (const key of preferredKeys) {
+      const value = parsed[key]
+      if (typeof value === 'string' && value.trim()) {
+        return value.replace(/\s+/g, ' ').slice(0, 160)
+      }
+    }
+    const first = Object.entries(parsed).find(([, value]) => typeof value === 'string' && value.trim())
+    if (first) return String(first[1]).replace(/\s+/g, ' ').slice(0, 160)
+    return JSON.stringify(parsed).slice(0, 160)
+  } catch {
+    return args.replace(/\s+/g, ' ').slice(0, 160)
+  }
+}
+
+export function extractResponseText(response: any): string {
+  const output = Array.isArray(response?.output) ? response.output : []
+  const parts: string[] = []
+  for (const item of output) {
+    if (item.type !== 'message') continue
+    const content = Array.isArray(item.content) ? item.content : []
+    for (const part of content) {
+      if (part.type === 'output_text' || part.type === 'text') {
+        parts.push(part.text || '')
+      }
+    }
+  }
+  if (parts.length > 0) return parts.join('')
+  return typeof response?.output_text === 'string' ? response.output_text : ''
+}
diff --git a/packages/server/src/services/hermes/run-chat/session-command.ts b/packages/server/src/services/hermes/run-chat/session-command.ts
new file mode 100644
index 0000000..83d3d55
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/session-command.ts
@@ -0,0 +1,688 @@
+import type { Server, Socket } from 'socket.io'
+import { addMessage, clearSessionMessages, createSession, getSession, renameSession, updateSessionStats } from '../../../db/hermes/session-store'
+import { logger } from '../../logger'
+import type { AgentBridgeClient } from '../agent-bridge'
+import { flushBridgePendingToDb } from './bridge-message'
+import { buildDbHistory, estimateSnapshotAwareHistoryUsage, forceCompressBridgeHistory, getOrCreateSession, replaceState } from './compression'
+import { handleAbort } from './abort'
+import { calcAndUpdateUsage, contextTokensWithCachedOverhead, updateMessageContextTokenUsage } from './usage'
+import { contentBlocksToString } from './content-blocks'
+import type { ContentBlock, QueuedRun, SessionState } from './types'
+
+type CommandName =
+  | 'usage'
+  | 'status'
+  | 'abort'
+  | 'queue'
+  | 'plan'
+  | 'goal'
+  | 'subgoal'
+  | 'clear'
+  | 'title'
+  | 'compress'
+  | 'steer'
+  | 'destroy'
+  | 'reload-mcp'
+
+interface ParsedSessionCommand {
+  name: CommandName
+  rawName: string
+  args: string
+}
+
+interface SessionCommandContext {
+  nsp: ReturnType<Server['of']>
+  socket: Socket
+  sessionMap: Map<string, SessionState>
+  bridge: AgentBridgeClient
+  profile: string
+  model?: string
+  provider?: string
+  model_groups?: Array<{ provider: string; models: string[] }>
+  instructions?: string
+  queueId?: string
+  runQueuedItem: (socket: Socket, sessionId: string, next: QueuedRun, fallbackProfile?: string) => void
+}
+
+const COMMAND_ALIASES: Record<string, CommandName> = {
+  usage: 'usage',
+  status: 'status',
+  abort: 'abort',
+  queue: 'queue',
+  plan: 'plan',
+  goal: 'goal',
+  subgoal: 'subgoal',
+  clear: 'clear',
+  title: 'title',
+  compress: 'compress',
+  steer: 'steer',
+  destroy: 'destroy',
+  destory: 'destroy',
+  'reload-mcp': 'reload-mcp',
+}
+
+export function parseSessionCommand(input: string | ContentBlock[]): ParsedSessionCommand | null {
+  if (typeof input !== 'string') return null
+  const trimmed = input.trim()
+  if (!trimmed.startsWith('/')) return null
+  const match = trimmed.match(/^\/([a-zA-Z][\w-]*)(?:\s+([\s\S]*))?$/)
+  if (!match) return null
+  const rawName = match[1].toLowerCase()
+  const name = COMMAND_ALIASES[rawName]
+  if (!name) return { name: 'status', rawName, args: match[2]?.trim() || '' }
+  return { name, rawName, args: match[2]?.trim() || '' }
+}
+
+export function isSessionCommand(input: string | ContentBlock[]): boolean {
+  return parseSessionCommand(input) !== null
+}
+
+export async function handleSessionCommand(
+  sessionId: string,
+  command: ParsedSessionCommand,
+  ctx: SessionCommandContext,
+): Promise<void> {
+  const state = getOrCreateSession(ctx.sessionMap, sessionId)
+  ctx.socket.join(`session:${sessionId}`)
+  ensureCommandSession(sessionId, ctx)
+  if (command.name !== 'plan') {
+    persistCommandMessage(sessionId, state, `/${command.rawName}${command.args ? ` ${command.args}` : ''}`)
+  }
+
+  const emitCommand = (payload: Record<string, unknown>) => {
+    const message = typeof payload.message === 'string' ? payload.message : ''
+    if (message) persistCommandMessage(sessionId, state, message)
+    emitToSession(ctx.nsp, ctx.socket, sessionId, 'session.command', {
+      event: 'session.command',
+      session_id: sessionId,
+      command: command.rawName,
+      ok: true,
+      ...payload,
+    })
+  }
+
+  if (!COMMAND_ALIASES[command.rawName]) {
+    emitCommand({
+      ok: false,
+      action: 'error',
+      terminal: !state.isWorking,
+      message: `Unknown bridge command: /${command.rawName}`,
+    })
+    return
+  }
+
+  switch (command.name) {
+    case 'usage': {
+      const usage = await calcAndUpdateUsage(sessionId, state, (event, payload) => {
+        emitToSession(ctx.nsp, ctx.socket, sessionId, event, payload)
+      })
+      emitCommand({
+        action: 'usage',
+        terminal: !state.isWorking,
+        message: `Usage: input ${usage.inputTokens}, output ${usage.outputTokens}, total ${usage.inputTokens + usage.outputTokens} tokens.`,
+        inputTokens: usage.inputTokens,
+        outputTokens: usage.outputTokens,
+      })
+      return
+    }
+
+    case 'status': {
+      const row = getSession(sessionId)
+      const bridgeStatus = await getBridgeSessionStatus(ctx, sessionId)
+      const bridgeRunning = bridgeStatus?.running === true
+      const isWorking = state.isWorking || bridgeRunning
+      const runId = state.runId || state.activeRunMarker || bridgeStatus?.currentRunId || null
+      emitCommand({
+        action: 'status',
+        terminal: !isWorking,
+        message: [
+          `Status: ${isWorking ? 'running' : 'idle'}`,
+          `source: ${state.source || row?.source || 'cli'}`,
+          `profile: ${state.profile || ctx.profile || row?.profile || 'default'}`,
+          `model: ${ctx.model || row?.model || '-'}`,
+          `queue: ${state.queue.length}`,
+          `run: ${runId || '-'}`,
+          bridgeStatus ? `bridge: ${bridgeRunning ? 'running' : 'idle'}` : null,
+        ].filter(Boolean).join(', '),
+        isWorking,
+        isAborting: Boolean(state.isAborting),
+        queueLength: state.queue.length,
+        source: state.source || row?.source || 'cli',
+        profile: state.profile || ctx.profile || row?.profile || 'default',
+        model: ctx.model || row?.model || null,
+        runId,
+        bridgeStatus,
+      })
+      return
+    }
+
+    case 'abort':
+      await handleAbort(ctx.nsp, ctx.socket, sessionId, ctx.sessionMap, ctx.bridge, ctx.runQueuedItem)
+      emitCommand({ action: 'abort', message: 'Abort requested.' })
+      return
+
+    case 'queue': {
+      if (!command.args) {
+        emitCommand({ ok: false, action: 'queue', terminal: !state.isWorking, message: 'Usage: /queue <message>' })
+        return
+      }
+      if (!state.isWorking) {
+        emitCommand({ ok: false, action: 'queue', message: 'Session is idle. Send the message normally instead.' })
+        return
+      }
+      const queueId = `queue_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`
+      state.queue.push({
+        queue_id: queueId,
+        input: command.args,
+        model: ctx.model,
+        provider: ctx.provider,
+        model_groups: ctx.model_groups,
+        instructions: ctx.instructions,
+        profile: ctx.profile,
+        source: 'cli',
+        originSocketId: ctx.socket.id,
+      })
+      emitToSession(ctx.nsp, ctx.socket, sessionId, 'run.queued', {
+        event: 'run.queued',
+        session_id: sessionId,
+        queue_length: state.queue.length,
+        queued_messages: serializeVisibleQueuedMessages(state.queue),
+      })
+      emitCommand({
+        action: 'queue',
+        terminal: false,
+        message: `Queued message. Queue length: ${state.queue.length}.`,
+        queueLength: state.queue.length,
+      })
+      return
+    }
+
+    case 'plan': {
+      const bridgeCommand = `plan${command.args ? ` ${command.args}` : ''}`
+      let result
+      try {
+        result = await ctx.bridge.command(sessionId, bridgeCommand, ctx.profile)
+      } catch (err) {
+        emitCommand({
+          ok: false,
+          action: 'plan',
+          terminal: !state.isWorking,
+          message: `Plan command failed: ${err instanceof Error ? err.message : String(err)}`,
+        })
+        return
+      }
+
+      if (!result.handled || !result.message) {
+        emitCommand({
+          ok: false,
+          action: 'plan',
+          terminal: !state.isWorking,
+          message: result.message || 'Plan command is not available.',
+        })
+        return
+      }
+
+      const queueId = ctx.queueId || `queue_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`
+      const displayCommand = `/${bridgeCommand}`
+      const next: QueuedRun = {
+        queue_id: queueId,
+        input: result.message,
+        displayInput: displayCommand,
+        displayRole: 'command',
+        storageMessage: displayCommand,
+        model: ctx.model,
+        provider: ctx.provider,
+        model_groups: ctx.model_groups,
+        instructions: ctx.instructions,
+        profile: ctx.profile,
+        source: 'cli',
+        originSocketId: ctx.socket.id,
+      }
+
+      if (state.isWorking) {
+        state.queue.push(next)
+        emitToSession(ctx.nsp, ctx.socket, sessionId, 'run.queued', {
+          event: 'run.queued',
+          session_id: sessionId,
+          queue_length: state.queue.length,
+          queued_messages: serializeVisibleQueuedMessages(state.queue),
+        })
+        return
+      }
+
+      emitCommand({
+        action: 'plan',
+        terminal: false,
+        started: true,
+      })
+      ctx.runQueuedItem(ctx.socket, sessionId, next, ctx.profile)
+      return
+    }
+
+    case 'goal':
+    case 'subgoal': {
+      const isGoalSet = command.name === 'goal'
+        && Boolean(command.args)
+        && !['status', 'pause', 'resume', 'clear', 'stop', 'done'].includes(command.args.toLowerCase())
+      if (state.isWorking && isGoalSet) {
+        emitCommand({
+          ok: false,
+          action: 'goal',
+          terminal: false,
+          message: 'Agent is running. Use /goal status, /goal pause, or /goal clear mid-run, or /abort before setting a new goal.',
+        })
+        return
+      }
+
+      const bridgeCommand = `${command.name}${command.args ? ` ${command.args}` : ''}`
+      let result
+      try {
+        result = await ctx.bridge.command(sessionId, bridgeCommand, ctx.profile)
+      } catch (err) {
+        emitCommand({
+          ok: false,
+          action: command.name,
+          terminal: !state.isWorking,
+          message: `Goal command failed: ${err instanceof Error ? err.message : String(err)}`,
+        })
+        return
+      }
+
+      if (result.clear_goal_continuations) {
+        const removed = removeGoalContinuationRuns(state)
+        if (removed > 0) emitQueuedState(ctx, sessionId, state)
+      }
+
+      const kickoffPrompt = typeof result.kickoff_prompt === 'string' ? result.kickoff_prompt.trim() : ''
+
+      const bridgeStatus = result.action === 'goal_status' || result.action === 'status'
+        ? await getBridgeSessionStatus(ctx, sessionId)
+        : null
+      const message = formatGoalStatusMessage(String(result.message || ''), bridgeStatus)
+
+      const resultAction = String(result.action || command.name)
+      const action = (command.name === 'goal' || command.name === 'subgoal') && resultAction === 'clear'
+        ? `${command.name}_clear`
+        : resultAction
+
+      emitCommand({
+        action,
+        terminal: !state.isWorking && !kickoffPrompt,
+        started: Boolean(kickoffPrompt),
+        message,
+        type: result.type || 'goal',
+        maxTurns: result.max_turns,
+        bridgeStatus,
+      })
+
+      if (!kickoffPrompt) return
+
+      const next: QueuedRun = {
+        queue_id: ctx.queueId || `queue_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`,
+        input: kickoffPrompt,
+        displayInput: null,
+        storageMessage: kickoffPrompt,
+        model: ctx.model,
+        provider: ctx.provider,
+        model_groups: ctx.model_groups,
+        instructions: ctx.instructions,
+        profile: ctx.profile,
+        source: 'cli',
+        originSocketId: ctx.socket.id,
+      }
+
+      if (state.isWorking) {
+        state.queue.push(next)
+        emitQueuedState(ctx, sessionId, state)
+        return
+      }
+
+      ctx.runQueuedItem(ctx.socket, sessionId, next, ctx.profile)
+      return
+    }
+
+    case 'clear': {
+      if (command.args === '--history') {
+        if (state.isWorking) {
+          emitCommand({
+            ok: false,
+            action: 'clear',
+            terminal: false,
+            message: 'Cannot clear history while the bridge run is active. Abort or destroy it first.',
+          })
+          return
+        }
+        const deleted = clearSessionMessages(sessionId)
+        state.messages = []
+        clearTransientRunState(state)
+        await calcAndUpdateUsage(sessionId, state, (event, payload) => {
+          emitToSession(ctx.nsp, ctx.socket, sessionId, event, payload)
+        })
+        emitCommand({
+          action: 'clear',
+          clearHistory: true,
+          message: `Cleared ${deleted} history messages from the database.`,
+        })
+        return
+      }
+      emitCommand({
+        action: 'clear',
+        message: 'Cleared the current display. History in the database was not deleted.',
+      })
+      return
+    }
+
+    case 'title': {
+      if (!command.args) {
+        emitCommand({ ok: false, action: 'title', terminal: !state.isWorking, message: 'Usage: /title <new title>' })
+        return
+      }
+      const title = command.args.slice(0, 120)
+      if (!getSession(sessionId)) {
+        createSession({ id: sessionId, profile: ctx.profile, source: 'cli', model: ctx.model, title })
+      }
+      const updated = renameSession(sessionId, title)
+      emitCommand({
+        ok: updated,
+        action: 'title',
+        title,
+        message: updated ? `Title updated: ${title}` : 'Session was not found in the database.',
+      })
+      return
+    }
+
+    case 'compress': {
+      if (state.isWorking) {
+        emitCommand({ ok: false, action: 'compress', terminal: false, message: 'Compression can only run while the session is idle.' })
+        return
+      }
+      clearTransientRunState(state)
+      const emit = (event: string, payload: any) => emitToSession(ctx.nsp, ctx.socket, sessionId, event, payload)
+      try {
+        const history = await buildDbHistory(sessionId, { excludeLastUser: true })
+        const usageEstimate = estimateSnapshotAwareHistoryUsage(sessionId, history)
+        const beforeContextTokens = contextTokensWithCachedOverhead(state, usageEstimate.tokenCount)
+        emit('compression.started', {
+          event: 'compression.started',
+          message_count: usageEstimate.messageCount,
+          token_count: beforeContextTokens,
+          source: 'command',
+        })
+        const result = await forceCompressBridgeHistory(
+          sessionId,
+          ctx.profile,
+          [],
+        )
+        state.bridgeCompressionResults = state.bridgeCompressionResults || {}
+        const usage = await calcAndUpdateUsage(sessionId, state, emit)
+        const afterContextTokens = contextTokensWithCachedOverhead(state, result.afterTokens)
+        emit('compression.completed', {
+          event: 'compression.completed',
+          compressed: result.compressed,
+          llmCompressed: result.llmCompressed,
+          totalMessages: result.beforeMessages,
+          resultMessages: result.resultMessages,
+          beforeTokens: beforeContextTokens,
+          afterTokens: result.afterTokens,
+          summaryTokens: result.summaryTokens,
+          verbatimCount: result.verbatimCount,
+          compressedStartIndex: result.compressedStartIndex,
+          contextTokens: afterContextTokens,
+          source: 'command',
+        })
+        updateMessageContextTokenUsage(sessionId, state, emit, result.afterTokens, usage)
+        emitCommand({
+          action: 'compress',
+          message: `Compression completed: ${result.beforeMessages} -> ${result.resultMessages} messages, ${beforeContextTokens} -> ${afterContextTokens} tokens.`,
+          beforeMessages: result.beforeMessages,
+          resultMessages: result.resultMessages,
+          beforeTokens: beforeContextTokens,
+          afterTokens: afterContextTokens,
+          messageBeforeTokens: result.beforeTokens,
+          messageAfterTokens: result.afterTokens,
+          compressed: result.compressed,
+        })
+      } catch (err) {
+        logger.warn(err, '[chat-run-socket] /compress failed for session %s', sessionId)
+        emit('compression.completed', {
+          event: 'compression.completed',
+          compressed: false,
+          totalMessages: 0,
+          resultMessages: 0,
+          beforeTokens: 0,
+          afterTokens: 0,
+          error: err instanceof Error ? err.message : String(err),
+          source: 'command',
+        })
+        emitCommand({
+          ok: false,
+          action: 'compress',
+          message: `Compression failed: ${err instanceof Error ? err.message : String(err)}`,
+        })
+      }
+      return
+    }
+
+    case 'steer': {
+      if (!command.args) {
+        emitCommand({ ok: false, action: 'steer', terminal: !state.isWorking, message: 'Usage: /steer <instruction>' })
+        return
+      }
+      if (!state.isWorking) {
+        emitCommand({ ok: false, action: 'steer', message: 'No active bridge run to steer.' })
+        return
+      }
+      await ctx.bridge.steer(sessionId, command.args)
+      emitCommand({ action: 'steer', terminal: false, message: 'Steer instruction sent.' })
+      return
+    }
+
+    case 'reload-mcp': {
+      if (state.isWorking) {
+        emitCommand({
+          ok: false,
+          action: 'reload-mcp',
+          terminal: false,
+          message: 'MCP reload can only run while the session is idle. Wait for the current run to finish or abort it first.',
+        })
+        return
+      }
+      try {
+        const server = command.args || undefined
+        const result = await ctx.bridge.mcpReload(server, ctx.profile)
+        emitCommand({
+          action: 'reload-mcp',
+          message: `MCP reloaded successfully.${server ? ` Server: ${server}` : ' All servers.'}`,
+          result,
+        })
+      } catch (err) {
+        emitCommand({
+          ok: false,
+          action: 'reload-mcp',
+          terminal: !state.isWorking,
+          message: `MCP reload failed: ${err instanceof Error ? err.message : String(err)}`,
+        })
+      }
+      return
+    }
+
+    case 'destroy': {
+      const wasWorking = state.isWorking
+      let bridgeReachable = true
+      let bridgeError: string | null = null
+      try {
+        if (wasWorking) {
+          flushBridgePendingToDb(state, sessionId)
+          await ctx.bridge.interrupt(sessionId, 'Destroyed by user', state.profile).catch((err) => {
+            logger.warn(err, '[chat-run-socket] /destroy interrupt failed for session %s', sessionId)
+          })
+        }
+        await ctx.bridge.destroy(sessionId, state.profile).catch((err) => {
+          bridgeReachable = false
+          bridgeError = err instanceof Error ? err.message : String(err)
+          logger.warn(err, '[chat-run-socket] /destroy bridge unavailable for session %s', sessionId)
+        })
+      } finally {
+        updateSessionStats(sessionId)
+        await calcAndUpdateUsage(sessionId, state, (event, payload) => {
+          emitToSession(ctx.nsp, ctx.socket, sessionId, event, payload)
+        })
+        state.isWorking = false
+        state.isAborting = false
+        state.profile = undefined
+        state.abortController = undefined
+        state.runId = undefined
+        state.responseRun = undefined
+        state.activeRunMarker = undefined
+        state.events = []
+        state.queue = []
+        state.bridgePendingAssistantContent = undefined
+        state.bridgePendingReasoningContent = undefined
+        state.bridgePendingToolCallMarkup = undefined
+        state.bridgeOutput = undefined
+        state.bridgePendingTools = undefined
+        state.bridgeCompressionResults = undefined
+        replaceState(ctx.sessionMap, sessionId, 'session.command', {
+          event: 'session.command',
+          action: 'destroy',
+        })
+      }
+      emitToSession(ctx.nsp, ctx.socket, sessionId, 'run.queued', {
+        event: 'run.queued',
+        session_id: sessionId,
+        queue_length: 0,
+      })
+      emitCommand({
+        action: 'destroy',
+        message: bridgeReachable
+          ? (wasWorking ? 'Destroyed bridge agent and stopped the active run.' : 'Destroyed bridge agent.')
+          : `Bridge agent was not reachable; cleared local session state.${bridgeError ? ` (${bridgeError})` : ''}`,
+        destroyed: true,
+        bridgeReachable,
+      })
+      return
+    }
+  }
+}
+
+function clearTransientRunState(state: SessionState) {
+  state.events = []
+  state.bridgePendingTools = undefined
+  state.bridgePendingToolCallMarkup = undefined
+  state.bridgeCompressionResults = undefined
+  state.responseRun = undefined
+  state.activeRunMarker = undefined
+  state.runId = undefined
+  state.abortController = undefined
+  state.isAborting = false
+}
+
+function removeGoalContinuationRuns(state: SessionState): number {
+  const before = state.queue.length
+  state.queue = state.queue.filter(item => !item.goalContinuation)
+  return before - state.queue.length
+}
+
+function emitQueuedState(ctx: SessionCommandContext, sessionId: string, state: SessionState) {
+  emitToSession(ctx.nsp, ctx.socket, sessionId, 'run.queued', {
+    event: 'run.queued',
+    session_id: sessionId,
+    queue_length: state.queue.length,
+    queued_messages: serializeVisibleQueuedMessages(state.queue),
+  })
+}
+
+function serializeVisibleQueuedMessages(queue: QueuedRun[]) {
+  return queue.filter(item => item.displayInput !== null).map(item => ({
+    id: item.queue_id,
+    role: item.displayRole || (typeof item.displayInput === 'string' && item.displayInput.trim().startsWith('/') ? 'command' : 'user'),
+    content: contentBlocksToString(item.displayInput ?? item.input),
+    timestamp: Math.floor(Date.now() / 1000),
+    queued: true,
+  }))
+}
+
+type BridgeSessionStatus = {
+  exists: boolean
+  running: boolean
+  currentRunId: string | null
+  messageCount: number
+}
+
+async function getBridgeSessionStatus(ctx: SessionCommandContext, sessionId: string): Promise<BridgeSessionStatus | null> {
+  try {
+    const raw = await ctx.bridge.status(sessionId, ctx.profile) as Record<string, unknown>
+    return {
+      exists: raw.exists === true,
+      running: raw.running === true,
+      currentRunId: typeof raw.current_run_id === 'string' && raw.current_run_id.trim()
+        ? raw.current_run_id
+        : null,
+      messageCount: typeof raw.message_count === 'number' && Number.isFinite(raw.message_count)
+        ? raw.message_count
+        : 0,
+    }
+  } catch (err) {
+    logger.debug({ err, sessionId }, '[chat-run-socket] bridge status lookup failed')
+    return null
+  }
+}
+
+function formatGoalStatusMessage(message: string, bridgeStatus: BridgeSessionStatus | null): string {
+  if (!bridgeStatus) return message
+  const lines = [message]
+  if (bridgeStatus.running) {
+    const progress = parseGoalTurnProgress(message)
+    lines.push(progress
+      ? `Current turn: ${Math.min(progress.used + 1, progress.max)}/${progress.max} running (completed turns: ${progress.used}/${progress.max}; count updates after the judge).`
+      : 'Current turn: running (turn count updates after the judge).')
+  }
+  lines.push(`Run: ${bridgeStatus.running ? 'running' : 'idle'}${bridgeStatus.currentRunId ? ` (${bridgeStatus.currentRunId})` : ''}`)
+  return lines.filter(Boolean).join('\n')
+}
+
+function parseGoalTurnProgress(message: string): { used: number; max: number } | null {
+  const match = message.match(/\b(\d+)\s*\/\s*(\d+)\s+turns\b/i)
+  if (!match) return null
+  const used = Number(match[1])
+  const max = Number(match[2])
+  if (!Number.isFinite(used) || !Number.isFinite(max) || max <= 0) return null
+  return { used, max }
+}
+
+function ensureCommandSession(sessionId: string, ctx: SessionCommandContext) {
+  if (getSession(sessionId)) return
+  createSession({
+    id: sessionId,
+    profile: ctx.profile,
+    source: 'cli',
+    model: ctx.model,
+    title: 'Bridge command',
+  })
+}
+
+function persistCommandMessage(sessionId: string, state: SessionState, content: string) {
+  const now = Math.floor(Date.now() / 1000)
+  const id = addMessage({
+    session_id: sessionId,
+    role: 'command',
+    content,
+    timestamp: now,
+  })
+  state.messages.push({
+    id: id || `command_${now}_${state.messages.length}`,
+    session_id: sessionId,
+    role: 'command',
+    content,
+    timestamp: now,
+  })
+  updateSessionStats(sessionId)
+}
+
+function emitToSession(nsp: ReturnType<Server['of']>, socket: Socket, sessionId: string, event: string, payload: any) {
+  const tagged = { ...payload, session_id: sessionId }
+  nsp.to(`session:${sessionId}`).emit(event, tagged)
+  if (!nsp.adapter.rooms.get(`session:${sessionId}`)?.size && socket.connected) {
+    socket.emit(event, tagged)
+  }
+}
diff --git a/packages/server/src/services/hermes/run-chat/sse-utils.ts b/packages/server/src/services/hermes/run-chat/sse-utils.ts
new file mode 100644
index 0000000..763afc9
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/sse-utils.ts
@@ -0,0 +1,47 @@
+/**
+ * SSE frame reading utilities for parsing upstream streaming responses.
+ */
+
+export async function* readSseFrames(stream: ReadableStream<Uint8Array>): AsyncGenerator<{ event?: string; data: string }> {
+  const decoder = new TextDecoder()
+  const reader = stream.getReader()
+  let buffer = ''
+
+  try {
+    while (true) {
+      const { done, value } = await reader.read()
+      if (done) break
+      buffer += decoder.decode(value, { stream: true })
+
+      let boundary = buffer.indexOf('\n\n')
+      while (boundary >= 0) {
+        const raw = buffer.slice(0, boundary)
+        buffer = buffer.slice(boundary + 2)
+        const frame = parseSseFrame(raw)
+        if (frame?.data) yield frame
+        boundary = buffer.indexOf('\n\n')
+      }
+    }
+
+    buffer += decoder.decode()
+    const frame = parseSseFrame(buffer)
+    if (frame?.data) yield frame
+  } finally {
+    reader.releaseLock()
+  }
+}
+
+export function parseSseFrame(raw: string): { event?: string; data: string } | null {
+  let event: string | undefined
+  const data: string[] = []
+  for (const line of raw.split(/\r?\n/)) {
+    if (!line || line.startsWith(':')) continue
+    if (line.startsWith('event:')) {
+      event = line.slice(6).trim()
+    } else if (line.startsWith('data:')) {
+      data.push(line.slice(5).trimStart())
+    }
+  }
+  if (data.length === 0) return null
+  return { event, data: data.join('\n') }
+}
diff --git a/packages/server/src/services/hermes/run-chat/types.ts b/packages/server/src/services/hermes/run-chat/types.ts
new file mode 100644
index 0000000..e210849
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/types.ts
@@ -0,0 +1,110 @@
+import type { ChatMessage } from '../../../lib/context-compressor'
+
+/**
+ * Content block types for Anthropic-compatible message format
+ */
+export type ContentBlock =
+  | { type: 'text'; text: string }
+  | { type: 'image'; name: string; path: string; media_type: string }
+  | { type: 'file'; name: string; path: string; media_type?: string }
+
+export interface SessionMessage {
+  id: number | string
+  session_id: string
+  role: string
+  content: string
+  runMarker?: string
+  tool_call_id?: string | null
+  tool_calls?: any[] | null
+  tool_name?: string | null
+  timestamp: number
+  token_count?: number | null
+  finish_reason?: string | null
+  reasoning?: string | null
+  reasoning_details?: string | null
+  reasoning_content?: string | null
+}
+
+export interface QueuedRun {
+  queue_id: string
+  input: string | ContentBlock[]
+  displayInput?: string | ContentBlock[] | null
+  displayRole?: 'user' | 'command'
+  storageMessage?: string
+  model?: string
+  provider?: string
+  model_groups?: Array<{ provider: string; models: string[] }>
+  instructions?: string
+  profile: string
+  source?: ChatRunSource
+  originSocketId?: string
+  goalContinuation?: boolean
+}
+
+export interface SessionState {
+  messages: SessionMessage[]
+  messageTotal?: number
+  messageLoadedCount?: number
+  messagePageLimit?: number
+  hasMoreBefore?: boolean
+  isWorking: boolean
+  events: Array<{ event: string; data: any }>
+  abortController?: AbortController
+  runId?: string
+  activeRunMarker?: string
+  profile?: string
+  inputTokens?: number
+  outputTokens?: number
+  contextTokens?: number
+  bridgeContext?: BridgeContextState
+  isAborting?: boolean
+  queue: QueuedRun[]
+  responseRun?: ResponseRunState
+  source?: ChatRunSource
+  bridgePendingAssistantContent?: string
+  bridgePendingReasoningContent?: string
+  bridgePendingToolCallMarkup?: string
+  bridgeOutput?: string
+  bridgeToolCounter?: number
+  bridgePendingTools?: Array<{
+    id: string
+    name: string
+    arguments: string
+    startedAt: number
+  }>
+  bridgeCompressionResults?: Record<string, BridgeCompressionResult>
+}
+
+export interface ResponseRunState {
+  runMarker?: string
+  responseId?: string
+  insertedKeys: Set<string>
+  toolCalls: Map<string, any>
+}
+
+export interface BridgeContextState {
+  fixedContextTokens?: number
+  systemPromptTokens?: number
+  toolTokens?: number
+  systemPromptChars?: number
+  toolCount?: number
+  toolNames?: string[]
+  profile?: string
+  model?: string
+  provider?: string
+}
+
+export type ChatRunSource = 'api_server' | 'cli'
+
+export interface BridgeCompressionResult {
+  messages: ChatMessage[]
+  beforeMessages: number
+  resultMessages: number
+  beforeTokens: number
+  afterTokens: number
+  compressed: boolean
+  llmCompressed: boolean
+  summaryTokens: number
+  verbatimCount: number
+  compressedStartIndex: number
+}
diff --git a/packages/server/src/services/hermes/run-chat/usage.ts b/packages/server/src/services/hermes/run-chat/usage.ts
new file mode 100644
index 0000000..65222d8
--- /dev/null
+++ b/packages/server/src/services/hermes/run-chat/usage.ts
@@ -0,0 +1,137 @@
+/**
+ * Usage calculation — token counting from DB messages,
+ * snapshot-aware computation, client notification.
+ */
+
+import {
+  getSessionDetail,
+} from '../../../db/hermes/session-store'
+import { getCompressionSnapshot } from '../../../db/hermes/compression-snapshot'
+import { countTokens, SUMMARY_PREFIX } from '../../../lib/context-compressor'
+import { logger } from '../../logger'
+import type { SessionState } from './types'
+
+type UsageTokenMessage = {
+  role?: string
+  content?: unknown
+  tool_calls?: unknown
+}
+
+function contentToUsageText(content: unknown): string {
+  if (typeof content === 'string') return content
+  if (!content) return ''
+  if (Array.isArray(content)) {
+    return content.map((block: any) => {
+      if (typeof block?.text === 'string') return block.text
+      if (typeof block?.type === 'string') return `[${block.type}]`
+      return String(block || '')
+    }).join('\n')
+  }
+  return String(content)
+}
+
+export function estimateUsageTokensFromMessages(messages: UsageTokenMessage[]): { inputTokens: number; outputTokens: number } {
+  const inputTokens = messages
+    .filter(m => m.role === 'user')
+    .reduce((sum, m) => sum + countTokens(contentToUsageText(m.content)), 0)
+  const outputTokens = messages
+    .filter(m => m.role === 'assistant' || m.role === 'tool')
+    .reduce((sum, m) => sum + countTokens(contentToUsageText(m.content)) + countTokens(String(m.tool_calls || '')), 0)
+  return { inputTokens, outputTokens }
+}
+
+export async function calcAndUpdateUsage(
+  sid: string,
+  state: SessionState,
+  emit: (event: string, payload: any) => void,
+): Promise<{ inputTokens: number; outputTokens: number }> {
+  try {
+    const detail = getSessionDetail(sid)
+    const msgs = detail?.messages
+      ?.filter(m => m.role === 'user' || m.role === 'assistant' || m.role === 'tool') || []
+
+    const snapshot = getCompressionSnapshot(sid)
+    let inputTokens: number
+    let outputTokens: number
+    if (snapshot && msgs.length && snapshot.lastMessageIndex >= 0 && snapshot.lastMessageIndex < msgs.length) {
+      const newMessages = msgs.slice(snapshot.lastMessageIndex + 1)
+      const newUsage = estimateUsageTokensFromMessages(newMessages)
+      inputTokens = countTokens(SUMMARY_PREFIX + snapshot.summary) +
+        newUsage.inputTokens
+      outputTokens = newUsage.outputTokens
+    } else {
+      const usage = estimateUsageTokensFromMessages(msgs)
+      inputTokens = usage.inputTokens
+      outputTokens = usage.outputTokens
+    }
+    state.inputTokens = inputTokens
+    state.outputTokens = outputTokens
+    emit('usage.updated', {
+      event: 'usage.updated',
+      session_id: sid,
+      inputTokens,
+      outputTokens,
+    })
+    return { inputTokens, outputTokens }
+  } catch (err: any) {
+    logger.warn(err, '[chat-run-socket] failed to calculate usage for session %s', sid)
+    return { inputTokens: 0, outputTokens: 0 }
+  }
+}
+
+export function updateContextTokenUsage(
+  sid: string,
+  state: SessionState,
+  emit: (event: string, payload: any) => void,
+  contextTokens: number | null | undefined,
+  usage?: { inputTokens: number; outputTokens: number },
+): number | undefined {
+  if (typeof contextTokens !== 'number' || !Number.isFinite(contextTokens) || contextTokens < 0) {
+    return state.contextTokens
+  }
+  const normalizedContextTokens = Math.floor(contextTokens)
+  state.contextTokens = normalizedContextTokens
+  emit('usage.updated', {
+    event: 'usage.updated',
+    session_id: sid,
+    inputTokens: usage?.inputTokens ?? state.inputTokens ?? 0,
+    outputTokens: usage?.outputTokens ?? state.outputTokens ?? 0,
+    contextTokens: normalizedContextTokens,
+  })
+  return normalizedContextTokens
+}
+
+export function getCachedBridgeContextOverhead(state: SessionState): number | undefined {
+  const fixedContextTokens = state.bridgeContext?.fixedContextTokens
+  if (typeof fixedContextTokens !== 'number' || !Number.isFinite(fixedContextTokens) || fixedContextTokens < 0) {
+    return undefined
+  }
+  return Math.floor(fixedContextTokens)
+}
+
+export function contextTokensWithCachedOverhead(state: SessionState, messageTokens: number): number {
+  const normalizedMessageTokens = Math.max(0, Math.floor(messageTokens))
+  const fixedContextTokens = getCachedBridgeContextOverhead(state)
+  return fixedContextTokens == null
+    ? normalizedMessageTokens
+    : fixedContextTokens + normalizedMessageTokens
+}
+
+export function updateMessageContextTokenUsage(
+  sid: string,
+  state: SessionState,
+  emit: (event: string, payload: any) => void,
+  messageTokens: number | null | undefined,
+  usage?: { inputTokens: number; outputTokens: number },
+): number | undefined {
+  if (typeof messageTokens !== 'number' || !Number.isFinite(messageTokens) || messageTokens < 0) {
+    return state.contextTokens
+  }
+  return updateContextTokenUsage(
+    sid,
+    state,
+    emit,
+    contextTokensWithCachedOverhead(state, messageTokens),
+    usage,
+  )
+}
diff --git a/packages/server/src/services/hermes/session-deleter.ts b/packages/server/src/services/hermes/session-deleter.ts
new file mode 100644
index 0000000..8d36261
--- /dev/null
+++ b/packages/server/src/services/hermes/session-deleter.ts
@@ -0,0 +1,109 @@
+/**
+ * Session Deleter — periodically drains pending session deletes.
+ *
+ * Reads from gc_pending_session_deletes table, executes deletion via
+ * Hermes CLI, tracks failures (max 3 attempts), and auto-drains on
+ * a timer + profile switch.
+ */
+import { getDb } from '../../db/index'
+import { deleteSession as hermesDeleteSession } from './hermes-cli'
+import { logger } from '../logger'
+
+const MAX_ATTEMPTS = 3
+const DRAIN_INTERVAL_MS = 300_000
+
+export class SessionDeleter {
+  private static _instance: SessionDeleter | null = null
+  private timer: ReturnType<typeof setInterval> | null = null
+  private currentProfile: string = 'default'
+
+  static getInstance(): SessionDeleter {
+    if (!SessionDeleter._instance) {
+      SessionDeleter._instance = new SessionDeleter()
+    }
+    return SessionDeleter._instance
+  }
+
+  /** Start periodic drain for the given profile */
+  start(profile: string): void {
+    this.currentProfile = profile
+    this.stop()
+    logger.info('[SessionDeleter] started, profile=%s, interval=%dms', profile, DRAIN_INTERVAL_MS)
+    // Drain immediately on start, then on interval
+    this.drain(profile).catch(() => {})
+    this.timer = setInterval(() => {
+      this.drain(profile).catch(() => {})
+    }, DRAIN_INTERVAL_MS)
+  }
+
+  /** Switch to a new profile, stop old timer and start new one */
+  switchProfile(newProfile: string): void {
+    if (newProfile !== this.currentProfile) {
+      logger.info('[SessionDeleter] switching profile %s -> %s', this.currentProfile, newProfile)
+      this.start(newProfile)
+    }
+  }
+
+  /** Stop periodic drain */
+  stop(): void {
+    if (this.timer) {
+      clearInterval(this.timer)
+      this.timer = null
+    }
+  }
+
+  /** Drain pending deletes for a specific profile (called on profile switch or manually) */
+  async drain(profile: string): Promise<{ deleted: string[]; skipped: string[]; failed: string[] }> {
+    const db = getDb()
+    if (!db) return { deleted: [], skipped: [], failed: [] }
+
+    const now = Date.now()
+    const rows = db.prepare(`
+      SELECT session_id, profile_name, status, attempt_count, last_error
+      FROM gc_pending_session_deletes
+      WHERE profile_name = ? AND status = 'pending' AND attempt_count < ? AND next_attempt_at <= ?
+      ORDER BY created_at ASC
+      LIMIT 50
+    `).all(profile, MAX_ATTEMPTS, now) as Array<{
+      session_id: string
+      profile_name: string
+      status: string
+      attempt_count: number
+      last_error: string | null
+    }>
+
+    if (rows.length === 0) return { deleted: [], skipped: [], failed: [] }
+
+    const deleted: string[] = []
+    const skipped: string[] = []
+    const failed: string[] = []
+
+    for (const row of rows) {
+      try {
+        const ok = await hermesDeleteSession(row.session_id)
+        if (ok) {
+          db.prepare('DELETE FROM gc_pending_session_deletes WHERE session_id = ?').run(row.session_id)
+          db.prepare('DELETE FROM gc_session_profiles WHERE session_id = ?').run(row.session_id)
+          deleted.push(row.session_id)
+        } else {
+          skipped.push(row.session_id)
+        }
+      } catch (err: any) {
+        const msg = err?.message || 'Unknown error'
+        db.prepare(
+          `UPDATE gc_pending_session_deletes
+           SET status = 'pending', attempt_count = attempt_count + 1, last_error = ?, updated_at = ?, next_attempt_at = ?
+           WHERE session_id = ?`,
+        ).run(msg, now, now + 60_000, row.session_id)
+        failed.push(row.session_id)
+        logger.warn('[SessionDeleter] failed to delete %s (attempt %d): %s', row.session_id, row.attempt_count + 1, msg)
+      }
+    }
+
+    if (deleted.length || failed.length) {
+      logger.info('[SessionDeleter] profile=%s: deleted=%d, failed=%d', profile, deleted.length, failed.length)
+    }
+
+    return { deleted, skipped, failed }
+  }
+}
diff --git a/packages/server/src/services/hermes/session-sync.ts b/packages/server/src/services/hermes/session-sync.ts
new file mode 100644
index 0000000..a357300
--- /dev/null
+++ b/packages/server/src/services/hermes/session-sync.ts
@@ -0,0 +1,13 @@
+/**
+ * Hermes session import is intentionally disabled.
+ *
+ * Hermes state.db remains a read-only source for Hermes-specific history APIs.
+ * The web-ui local sessions/messages tables must not be populated from Hermes
+ * on startup, because that can mix ownership and make data-loss incidents much
+ * harder to reason about.
+ */
+import { logger } from '../logger'
+
+export async function syncAllHermesSessionsOnStartup(): Promise<void> {
+  logger.info('[session-sync] Hermes session import is disabled')
+}
diff --git a/packages/server/src/services/hermes/skill-injector.ts b/packages/server/src/services/hermes/skill-injector.ts
new file mode 100644
index 0000000..bc09489
--- /dev/null
+++ b/packages/server/src/services/hermes/skill-injector.ts
@@ -0,0 +1,188 @@
+import { copyFile, mkdir, readdir, rm, stat } from 'fs/promises'
+import { existsSync, readdirSync } from 'fs'
+import { join, resolve } from 'path'
+import { detectHermesRootHome } from './hermes-path'
+import { logger } from '../logger'
+
+export interface SkillInjectionTargetResult {
+  profile?: string
+  targetDir: string
+  injected: string[]
+  updated: string[]
+  skipped: string[]
+}
+
+export interface SkillInjectionResult extends SkillInjectionTargetResult {
+  sourceDir: string
+  targets: SkillInjectionTargetResult[]
+}
+
+export class HermesSkillInjector {
+  private readonly targetDirs: string[]
+
+  constructor(
+    private readonly sourceDir = HermesSkillInjector.resolveSourceDir(),
+    targetDirOrDirs: string | string[] = HermesSkillInjector.resolveTargetDirs(),
+  ) {
+    const targetDirs = Array.isArray(targetDirOrDirs) ? targetDirOrDirs : [targetDirOrDirs]
+    this.targetDirs = [...new Set(targetDirs.map(targetDir => resolve(targetDir)))]
+  }
+
+  static resolveSourceDir(env: NodeJS.ProcessEnv = process.env, baseDir = __dirname): string {
+    const override = env.HERMES_WEB_UI_SKILLS_DIR?.trim()
+    if (override) return resolve(override)
+
+    const candidates = [
+      // Production bundle: dist/server/index.js with dist/skills copied by build.
+      resolve(baseDir, '../skills'),
+      // Development/test: packages/server/src/services/hermes -> packages/skills.
+      resolve(baseDir, '../../../../skills'),
+      // Running from repository root without bundling.
+      resolve(process.cwd(), 'packages/skills'),
+    ]
+
+    return candidates.find(candidate => existsSync(candidate)) || candidates[0]
+  }
+
+  static resolveTargetDirs(rootDir = detectHermesRootHome()): string[] {
+    const root = resolve(rootDir)
+    const targetDirs = [join(root, 'skills')]
+    const profilesDir = join(root, 'profiles')
+
+    try {
+      const entries = readdirSync(profilesDir, { withFileTypes: true })
+        .sort((a, b) => a.name.localeCompare(b.name))
+      for (const entry of entries) {
+        if (entry.isDirectory() && entry.name.trim() && !entry.name.startsWith('.')) {
+          targetDirs.push(join(profilesDir, entry.name, 'skills'))
+        }
+      }
+    } catch { /* no named profiles */ }
+
+    return [...new Set(targetDirs.map(targetDir => resolve(targetDir)))]
+  }
+
+  static resolveTargetDirForProfile(profile: string, rootDir = detectHermesRootHome()): string {
+    const name = String(profile || '').trim()
+    const root = resolve(rootDir)
+    if (!name || name === 'default') return join(root, 'skills')
+    return join(root, 'profiles', name, 'skills')
+  }
+
+  private static profileForTargetDir(targetDir: string, rootDir = detectHermesRootHome()): string {
+    const root = resolve(rootDir)
+    const target = resolve(targetDir)
+    if (target === resolve(join(root, 'skills'))) return 'default'
+
+    const profilesRoot = resolve(join(root, 'profiles'))
+    const relativeToProfiles = target.startsWith(profilesRoot)
+      ? target.slice(profilesRoot.length).replace(/^[/\\]+/, '')
+      : ''
+    const [profileName, skillsSegment] = relativeToProfiles.split(/[/\\]+/)
+    return profileName && skillsSegment === 'skills' ? profileName : 'unknown'
+  }
+
+  async injectMissingSkills(): Promise<SkillInjectionResult> {
+    const result: SkillInjectionResult = {
+      sourceDir: this.sourceDir,
+      targetDir: this.targetDirs[0] || '',
+      injected: [],
+      updated: [],
+      skipped: [],
+      targets: [],
+    }
+
+    if (!await this.isDirectory(this.sourceDir)) {
+      logger.debug('[skill-injector] no bundled skills directory at %s', this.sourceDir)
+      return result
+    }
+
+    const entries = await readdir(this.sourceDir, { withFileTypes: true })
+    const bundledSkillNames = entries
+      .filter(entry => entry.isDirectory() && !entry.name.startsWith('.'))
+      .map(entry => entry.name)
+
+    logger.info({
+      sourceDir: this.sourceDir,
+      targetDirs: this.targetDirs,
+      targetCount: this.targetDirs.length,
+      bundledSkillNames,
+    }, '[skill-injector] syncing bundled skills across profiles')
+
+    for (const targetDir of this.targetDirs) {
+      const targetResult = await this.injectIntoTarget(targetDir, entries)
+      result.targets.push(targetResult)
+      result.injected.push(...targetResult.injected)
+      result.updated.push(...targetResult.updated)
+      result.skipped.push(...targetResult.skipped)
+    }
+
+    logger.info({
+      sourceDir: this.sourceDir,
+      targetCount: result.targets.length,
+      injected: [...new Set(result.injected)],
+      updated: [...new Set(result.updated)],
+      skipped: [...new Set(result.skipped)],
+      targets: result.targets,
+    }, '[skill-injector] completed bundled skills sync')
+
+    return result
+  }
+
+  private async injectIntoTarget(targetDir: string, entries: import('fs').Dirent[]): Promise<SkillInjectionTargetResult> {
+    const profile = HermesSkillInjector.profileForTargetDir(targetDir)
+    const result: SkillInjectionTargetResult = {
+      profile,
+      targetDir,
+      injected: [],
+      updated: [],
+      skipped: [],
+    }
+
+    await mkdir(targetDir, { recursive: true })
+    for (const entry of entries) {
+      if (!entry.isDirectory() || entry.name.startsWith('.')) continue
+      const sourceSkillDir = join(this.sourceDir, entry.name)
+      const targetSkillDir = join(targetDir, entry.name)
+      const existed = existsSync(targetSkillDir)
+      if (existsSync(targetSkillDir)) {
+        await rm(targetSkillDir, { recursive: true, force: true })
+      }
+      await this.copyDir(sourceSkillDir, targetSkillDir)
+      if (existed) result.updated.push(entry.name)
+      else result.injected.push(entry.name)
+    }
+
+    if (result.injected.length > 0 || result.updated.length > 0) {
+      logger.info({
+        profile,
+        injected: result.injected,
+        updated: result.updated,
+        targetDir,
+      }, '[skill-injector] synced bundled skills')
+    }
+    return result
+  }
+
+  private async isDirectory(path: string): Promise<boolean> {
+    try {
+      return (await stat(path)).isDirectory()
+    } catch {
+      return false
+    }
+  }
+
+  private async copyDir(sourceDir: string, targetDir: string): Promise<void> {
+    await mkdir(targetDir, { recursive: true })
+    const entries = await readdir(sourceDir, { withFileTypes: true })
+    for (const entry of entries) {
+      const sourcePath = join(sourceDir, entry.name)
+      const targetPath = join(targetDir, entry.name)
+      if (entry.isDirectory()) {
+        await this.copyDir(sourcePath, targetPath)
+      } else if (entry.isFile()) {
+        await copyFile(sourcePath, targetPath)
+      }
+    }
+  }
+}
diff --git a/packages/server/src/services/hermes/tts.ts b/packages/server/src/services/hermes/tts.ts
new file mode 100644
index 0000000..14c9db5
--- /dev/null
+++ b/packages/server/src/services/hermes/tts.ts
@@ -0,0 +1,80 @@
+import { EdgeTTS } from 'node-edge-tts'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { readFile, unlink } from 'fs/promises'
+import { randomUUID } from 'crypto'
+import { logger } from '../logger'
+
+const FIXED_VOICE = 'zh-CN-XiaoxiaoNeural'
+const FIXED_RATE = '+4%'
+const FIXED_PITCH = '+12Hz'
+
+export interface TtsOptions {
+  text: string
+  lang?: string
+  voice?: string
+  rate?: string
+  pitch?: string
+}
+
+export async function edgeTts(opts: TtsOptions): Promise<Buffer> {
+  const id = randomUUID()
+  const tmpFile = join(tmpdir(), `tts-${id}.mp3`)
+
+  try {
+    const tts = new EdgeTTS({
+      voice: opts.voice || FIXED_VOICE,
+      rate: opts.rate || FIXED_RATE,
+      pitch: opts.pitch || FIXED_PITCH,
+      timeout: 15000,
+    })
+
+    await tts.ttsPromise(opts.text, tmpFile)
+    const buf = await readFile(tmpFile)
+    return buf
+  } finally {
+    unlink(tmpFile).catch(() => {})
+  }
+}
+
+export async function textToSpeech(opts: TtsOptions): Promise<{ audio: Buffer; engine: string }> {
+  const voice = opts.voice || FIXED_VOICE
+  const rate = opts.rate || FIXED_RATE
+  const pitch = opts.pitch || FIXED_PITCH
+  const audio = await edgeTts(opts)
+  logger.debug({ engine: 'edge', voice, rate, pitch }, 'TTS generated via Edge')
+  return { audio, engine: 'edge' }
+}
+
+/**
+ * Convert speed multiplier (0.5-2.0) to Edge TTS rate string.
+ * Edge TTS rate format: "+/-NN%"
+ */
+export function speedToEdgeRate(speed: number): string {
+  const percent = Math.round((speed - 1) * 100)
+  return percent >= 0 ? `+${percent}%` : `${percent}%`
+}
+
+/**
+ * Convert OpenAI TTS request to internal TtsOptions.
+ * OpenAI format: { model, input, voice, speed }
+ */
+export interface OpenaiTtsRequest {
+  model?: string
+  input: string
+  voice?: string
+  speed?: number
+  rate?: string   // Edge TTS rate format, e.g. "+20%". Takes priority over speed.
+  pitch?: string  // Edge TTS pitch format, e.g. "-8Hz"
+}
+
+export async function openaiCompatibleTts(
+  body: OpenaiTtsRequest,
+): Promise<{ audio: Buffer; engine: string }> {
+  return textToSpeech({
+    text: body.input,
+    voice: body.voice || FIXED_VOICE,
+    rate: body.rate || (body.speed ? speedToEdgeRate(body.speed) : FIXED_RATE),
+    pitch: body.pitch || FIXED_PITCH,
+  })
+}
diff --git a/packages/server/src/services/hermes/upload-paths.ts b/packages/server/src/services/hermes/upload-paths.ts
new file mode 100644
index 0000000..3136b04
--- /dev/null
+++ b/packages/server/src/services/hermes/upload-paths.ts
@@ -0,0 +1,19 @@
+import { join, resolve } from 'path'
+import { config } from '../../config'
+import { isPathWithin } from './hermes-path'
+
+function safeProfileSegment(profile: string): string {
+  const name = (profile || 'default').trim() || 'default'
+  if (name.includes('/') || name.includes('\\') || name.includes('..')) {
+    throw Object.assign(new Error('Invalid profile name'), { code: 'invalid_profile' })
+  }
+  return name
+}
+
+export function getProfileUploadDir(profile: string): string {
+  return resolve(join(config.uploadDir, safeProfileSegment(profile)))
+}
+
+export function isInProfileUploadDir(filePath: string, profile: string): boolean {
+  return isPathWithin(filePath, getProfileUploadDir(profile))
+}
diff --git a/packages/server/src/services/logger.ts b/packages/server/src/services/logger.ts
new file mode 100644
index 0000000..061158c
--- /dev/null
+++ b/packages/server/src/services/logger.ts
@@ -0,0 +1,57 @@
+import pino from 'pino'
+import { tmpdir } from 'os'
+import { join, resolve } from 'path'
+import { mkdirSync, statSync, truncateSync, openSync, readSync, closeSync, writeFileSync } from 'fs'
+import { config } from '../config'
+
+const MAX_LOG_SIZE = 3 * 1024 * 1024 // 3MB
+const CHECK_INTERVAL = 60_000 // Check every minute
+
+const logDir = process.env.VITEST
+  ? resolve(tmpdir(), 'hermes-web-ui-test-logs', String(process.pid))
+  : resolve(config.appHome, 'logs')
+mkdirSync(logDir, { recursive: true })
+
+const logFile = resolve(logDir, 'server.log')
+const bridgeLogFile = resolve(logDir, 'bridge.log')
+
+function rotateFileIfNeeded(file: string) {
+  try {
+    const stat = statSync(file)
+    if (stat.size > MAX_LOG_SIZE) {
+      const keepSize = Math.floor(MAX_LOG_SIZE / 2)
+      const fd = openSync(file, 'r')
+      const buf = Buffer.alloc(keepSize)
+      readSync(fd, buf, 0, keepSize, stat.size - keepSize)
+      closeSync(fd)
+      truncateSync(file, 0)
+      writeFileSync(file, buf)
+    }
+  } catch { }
+}
+
+function rotateIfNeeded() {
+  rotateFileIfNeeded(logFile)
+  rotateFileIfNeeded(bridgeLogFile)
+}
+
+// Rotate on startup
+rotateIfNeeded()
+
+// Periodic rotation check — prevents unbounded log growth
+setInterval(rotateIfNeeded, CHECK_INTERVAL)
+
+export const logger = pino({
+  level: process.env.LOG_LEVEL || 'info',
+}, pino.destination({
+  dest: logFile,
+  sync: true,
+}))
+
+export const bridgeLogger = pino({
+  level: process.env.BRIDGE_LOG_LEVEL || process.env.LOG_LEVEL || 'info',
+  name: 'bridge',
+}, pino.destination({
+  dest: bridgeLogFile,
+  sync: true,
+}))
diff --git a/packages/server/src/services/login-limiter.ts b/packages/server/src/services/login-limiter.ts
new file mode 100644
index 0000000..3f6d239
--- /dev/null
+++ b/packages/server/src/services/login-limiter.ts
@@ -0,0 +1,337 @@
+import { readFile, writeFile, mkdir } from 'fs/promises'
+import { writeFileSync } from 'fs'
+import { join } from 'path'
+import { config } from '../config'
+
+const APP_HOME = config.appHome
+const LOCK_FILE = join(APP_HOME, '.login-lock.json')
+
+// Per-IP settings
+const IP_MAX_FAILURES = 10
+const IP_FAILURE_WINDOW_MS = 15 * 60_000 // 15 minutes
+const IP_LOCK_DURATION_MS = 60 * 60_000 // 1 hour
+const IP_MAP_MAX_SIZE = 10000
+
+// Global safety net (against distributed attacks)
+const GLOBAL_WINDOW_MS = 60_000
+const GLOBAL_MAX_REQUESTS_PER_WINDOW = 100
+const GLOBAL_MAX_TOTAL_FAILURES = 50
+const GLOBAL_LOCK_DURATION_MS = 30 * 60_000 // 30 minutes
+
+interface IpEntry {
+  failures: number
+  lockedUntil: number
+  firstFailureAt?: number
+}
+
+interface LimiterState {
+  passwordIpMap: Record<string, IpEntry>
+  tokenIpMap: Record<string, IpEntry>
+  globalMinuteCount: number
+  globalMinuteWindow: number
+  globalTotalFailures: number
+  globalLockedUntil: number
+}
+
+let state: LimiterState = {
+  passwordIpMap: {},
+  tokenIpMap: {},
+  globalMinuteCount: 0,
+  globalMinuteWindow: 0,
+  globalTotalFailures: 0,
+  globalLockedUntil: 0,
+}
+
+let dirty = false
+let persistTimer: ReturnType<typeof setTimeout> | null = null
+
+function now(): number {
+  return Date.now()
+}
+
+function extractIp(ctx: any): string {
+  return ctx?.ip || ctx?.request?.ip || 'unknown'
+}
+
+function pruneIpMap(map: Record<string, IpEntry>): void {
+  const keys = Object.keys(map)
+  if (keys.length <= IP_MAP_MAX_SIZE) return
+  const t = now()
+  for (const key of keys) {
+    if (map[key].lockedUntil > 0 && t >= map[key].lockedUntil) {
+      delete map[key]
+    }
+  }
+  const remaining = Object.keys(map)
+  if (remaining.length <= IP_MAP_MAX_SIZE) return
+  remaining.sort((a, b) => (map[a].lockedUntil || 0) - (map[b].lockedUntil || 0))
+  for (let i = 0; i < remaining.length - IP_MAP_MAX_SIZE; i++) {
+    delete map[remaining[i]]
+  }
+}
+
+async function loadState(): Promise<void> {
+  try {
+    const raw = await readFile(LOCK_FILE, 'utf-8')
+    const parsed = JSON.parse(raw)
+    state = {
+      passwordIpMap: parsed.passwordIpMap || {},
+      tokenIpMap: parsed.tokenIpMap || {},
+      globalMinuteCount: parsed.globalMinuteCount || 0,
+      globalMinuteWindow: parsed.globalMinuteWindow || 0,
+      globalTotalFailures: parsed.globalTotalFailures || 0,
+      globalLockedUntil: parsed.globalLockedUntil || 0,
+    }
+  } catch {
+    // use defaults
+  }
+}
+
+async function persistState(): Promise<void> {
+  try {
+    await mkdir(APP_HOME, { recursive: true })
+    await writeFile(LOCK_FILE, JSON.stringify(state, null, 2) + '\n', { mode: 0o600 })
+    dirty = false
+  } catch {
+    // best effort
+  }
+}
+
+function persistStateSync(): void {
+  try {
+    writeFileSync(LOCK_FILE, JSON.stringify(state, null, 2) + '\n', { mode: 0o600 })
+    dirty = false
+  } catch {
+    // best effort
+  }
+}
+
+function schedulePersist(): void {
+  if (persistTimer) return
+  persistTimer = setTimeout(() => {
+    persistTimer = null
+    if (dirty) persistState().catch(() => {})
+  }, 2000)
+}
+
+export type CheckResult =
+  | { allowed: true }
+  | { allowed: false; status: 429 | 503 }
+
+function checkGlobalLimits(): CheckResult | null {
+  const t = now()
+  if (state.globalLockedUntil > 0 && t < state.globalLockedUntil) {
+    return { allowed: false, status: 503 }
+  }
+  if (state.globalLockedUntil > 0 && t >= state.globalLockedUntil) {
+    state.globalLockedUntil = 0
+    state.globalTotalFailures = 0
+    dirty = true
+  }
+  if (t - state.globalMinuteWindow >= GLOBAL_WINDOW_MS) {
+    state.globalMinuteWindow = t
+    state.globalMinuteCount = 0
+  }
+  if (state.globalMinuteCount >= GLOBAL_MAX_REQUESTS_PER_WINDOW) {
+    return { allowed: false, status: 429 }
+  }
+  return null
+}
+
+function checkIpLock(ip: string, map: Record<string, IpEntry>): CheckResult | null {
+  const t = now()
+  const entry = map[ip]
+  if (entry && entry.lockedUntil > 0 && t < entry.lockedUntil) {
+    return { allowed: false, status: 429 }
+  }
+  if (entry && entry.lockedUntil > 0 && t >= entry.lockedUntil) {
+    delete map[ip]
+    dirty = true
+  }
+  return null
+}
+
+function recordIpFailure(map: Record<string, IpEntry>, ip: string): IpEntry {
+  const t = now()
+  let entry = map[ip]
+  if (!entry) {
+    entry = { failures: 0, lockedUntil: 0, firstFailureAt: t }
+    map[ip] = entry
+  }
+
+  const firstFailureAt = entry.firstFailureAt || t
+  if (entry.lockedUntil <= 0 && t - firstFailureAt > IP_FAILURE_WINDOW_MS) {
+    entry.failures = 0
+    entry.firstFailureAt = t
+  } else if (!entry.firstFailureAt) {
+    entry.firstFailureAt = firstFailureAt
+  }
+
+  entry.failures++
+  return entry
+}
+
+export function checkPassword(ip: string): CheckResult {
+  const global = checkGlobalLimits()
+  if (global) return global
+
+  // Check both maps — IP locked by either password or token = blocked
+  const ipLock = checkIpLock(ip, state.passwordIpMap) || checkIpLock(ip, state.tokenIpMap)
+  if (ipLock) return ipLock
+
+  state.globalMinuteCount++
+  dirty = true
+  schedulePersist()
+  return { allowed: true }
+}
+
+export function checkToken(ip: string): CheckResult {
+  const global = checkGlobalLimits()
+  if (global) return global
+
+  // Check both maps — IP locked by either password or token = blocked
+  const ipLock = checkIpLock(ip, state.tokenIpMap) || checkIpLock(ip, state.passwordIpMap)
+  if (ipLock) return ipLock
+
+  state.globalMinuteCount++
+  dirty = true
+  schedulePersist()
+  return { allowed: true }
+}
+
+export function recordPasswordFailure(ip: string): void {
+  const entry = recordIpFailure(state.passwordIpMap, ip)
+  state.globalTotalFailures++
+  dirty = true
+
+  if (entry.failures >= IP_MAX_FAILURES) {
+    entry.lockedUntil = now() + IP_LOCK_DURATION_MS
+    persistStateSync()
+    return
+  }
+  if (state.globalTotalFailures >= GLOBAL_MAX_TOTAL_FAILURES) {
+    state.globalLockedUntil = now() + GLOBAL_LOCK_DURATION_MS
+    persistStateSync()
+    return
+  }
+  pruneIpMap(state.passwordIpMap)
+  schedulePersist()
+}
+
+export function recordTokenFailure(ip: string): void {
+  const entry = recordIpFailure(state.tokenIpMap, ip)
+  state.globalTotalFailures++
+  dirty = true
+
+  if (entry.failures >= IP_MAX_FAILURES) {
+    entry.lockedUntil = now() + IP_LOCK_DURATION_MS
+    persistStateSync()
+    return
+  }
+  if (state.globalTotalFailures >= GLOBAL_MAX_TOTAL_FAILURES) {
+    state.globalLockedUntil = now() + GLOBAL_LOCK_DURATION_MS
+    persistStateSync()
+    return
+  }
+  pruneIpMap(state.tokenIpMap)
+  schedulePersist()
+}
+
+export function recordPasswordSuccess(ip: string): void {
+  if (state.passwordIpMap[ip]) {
+    delete state.passwordIpMap[ip]
+    state.globalTotalFailures = 0
+    dirty = true
+    schedulePersist()
+  }
+}
+
+export function reset(): void {
+  state = {
+    passwordIpMap: {}, tokenIpMap: {},
+    globalMinuteCount: 0, globalMinuteWindow: 0,
+    globalTotalFailures: 0, globalLockedUntil: 0,
+  }
+  dirty = true
+  schedulePersist()
+}
+
+export interface LockedIpInfo {
+  ip: string
+  type: 'password' | 'token'
+  failures: number
+  lockedUntil: number
+}
+
+export function getLockedIps(): LockedIpInfo[] {
+  const t = now()
+  const result: LockedIpInfo[] = []
+  for (const [ip, entry] of Object.entries(state.passwordIpMap)) {
+    if (entry.lockedUntil > 0 && t < entry.lockedUntil) {
+      result.push({ ip, type: 'password', failures: entry.failures, lockedUntil: entry.lockedUntil })
+    }
+  }
+  for (const [ip, entry] of Object.entries(state.tokenIpMap)) {
+    if (entry.lockedUntil > 0 && t < entry.lockedUntil) {
+      result.push({ ip, type: 'token', failures: entry.failures, lockedUntil: entry.lockedUntil })
+    }
+  }
+  return result
+}
+
+export function unlockIp(ip: string): boolean {
+  let found = false
+  if (state.passwordIpMap[ip]) {
+    delete state.passwordIpMap[ip]
+    found = true
+  }
+  if (state.tokenIpMap[ip]) {
+    delete state.tokenIpMap[ip]
+    found = true
+  }
+  if (found) {
+    dirty = true
+    persistStateSync()
+  }
+  return found
+}
+
+export function unlockAll(): number {
+  const count = getLockedIps().length
+  state.passwordIpMap = {}
+  state.tokenIpMap = {}
+  state.globalTotalFailures = 0
+  state.globalLockedUntil = 0
+  dirty = true
+  persistStateSync()
+  return count
+}
+
+export { extractIp }
+
+export async function initLoginLimiter(): Promise<void> {
+  await loadState()
+  const t = now()
+  let changed = false
+  for (const [ip, entry] of Object.entries(state.passwordIpMap)) {
+    if (entry.lockedUntil > 0 && t >= entry.lockedUntil) {
+      delete state.passwordIpMap[ip]
+      changed = true
+    }
+  }
+  for (const [ip, entry] of Object.entries(state.tokenIpMap)) {
+    if (entry.lockedUntil > 0 && t >= entry.lockedUntil) {
+      delete state.tokenIpMap[ip]
+      changed = true
+    }
+  }
+  if (state.globalLockedUntil > 0 && t >= state.globalLockedUntil) {
+    state.globalLockedUntil = 0
+    state.globalTotalFailures = 0
+    changed = true
+  }
+  if (changed) {
+    dirty = true
+    await persistState()
+  }
+}
diff --git a/packages/server/src/services/safe-file-store.ts b/packages/server/src/services/safe-file-store.ts
new file mode 100644
index 0000000..825e808
--- /dev/null
+++ b/packages/server/src/services/safe-file-store.ts
@@ -0,0 +1,144 @@
+import { copyFile, mkdir, readFile, rename, rm, writeFile } from 'fs/promises'
+import { dirname, resolve } from 'path'
+import { randomUUID } from 'crypto'
+import YAML, { type DumpOptions } from 'js-yaml'
+
+type TextUpdater<T = void> = (current: string) => string | { content: string; result: T } | Promise<string | { content: string; result: T }>
+type YamlUpdateResult<T> = { data: Record<string, any>; result: T; write?: boolean }
+type YamlUpdater<T = void> = (current: Record<string, any>) => Record<string, any> | YamlUpdateResult<T> | Promise<Record<string, any> | YamlUpdateResult<T>>
+
+export interface SafeWriteOptions {
+  backup?: boolean
+  backupPath?: string
+}
+
+export interface SafeYamlOptions extends SafeWriteOptions {
+  dumpOptions?: DumpOptions
+}
+
+function isTextUpdateResult<T>(value: unknown): value is { content: string; result: T } {
+  return !!value && typeof value === 'object' && Object.hasOwn(value as Record<string, unknown>, 'content')
+}
+
+function isYamlUpdateResult<T>(value: unknown): value is YamlUpdateResult<T> {
+  return !!value && typeof value === 'object' && Object.hasOwn(value as Record<string, unknown>, 'data')
+}
+
+export class SafeFileStore {
+  private queues = new Map<string, Promise<unknown>>()
+
+  private normalizePath(filePath: string): string {
+    return resolve(filePath)
+  }
+
+  private async withLock<T>(filePath: string, task: () => Promise<T>): Promise<T> {
+    const key = this.normalizePath(filePath)
+    const previous = this.queues.get(key) || Promise.resolve()
+    let release!: () => void
+    const current = new Promise<void>(resolve => { release = resolve })
+    const next = previous.then(() => current, () => current)
+    this.queues.set(key, next)
+
+    await previous.catch(() => undefined)
+    try {
+      return await task()
+    } finally {
+      release()
+      if (this.queues.get(key) === next) this.queues.delete(key)
+    }
+  }
+
+  async readText(filePath: string): Promise<string> {
+    return readFile(this.normalizePath(filePath), 'utf-8')
+  }
+
+  async writeText(filePath: string, content: string, options: SafeWriteOptions = {}): Promise<void> {
+    await this.withLock(filePath, () => this.writeTextUnlocked(filePath, content, options))
+  }
+
+  async updateText<T = void>(filePath: string, updater: TextUpdater<T>, options: SafeWriteOptions = {}): Promise<T | undefined> {
+    return this.withLock(filePath, async () => {
+      let current = ''
+      try {
+        current = await this.readText(filePath)
+      } catch (err: any) {
+        if (err?.code !== 'ENOENT') throw err
+      }
+
+      const updated = await updater(current)
+      const content = isTextUpdateResult<T>(updated) ? updated.content : updated
+      await this.writeTextUnlocked(filePath, content, options)
+      return isTextUpdateResult<T>(updated) ? updated.result : undefined
+    })
+  }
+
+  async readYaml(filePath: string): Promise<Record<string, any>> {
+    try {
+      const raw = await this.readText(filePath)
+      return (YAML.load(raw, { json: true }) as Record<string, any>) || {}
+    } catch (err: any) {
+      if (err?.code === 'ENOENT') return {}
+      throw err
+    }
+  }
+
+  async writeYaml(filePath: string, data: Record<string, any>, options: SafeYamlOptions = {}): Promise<void> {
+    const yamlStr = YAML.dump(data, {
+      lineWidth: -1,
+      noRefs: true,
+      quotingType: '"',
+      ...(options.dumpOptions || {}),
+    })
+    await this.writeText(filePath, yamlStr, options)
+  }
+
+  async updateYaml<T = void>(filePath: string, updater: YamlUpdater<T>, options: SafeYamlOptions = {}): Promise<T | undefined> {
+    return this.withLock(filePath, async () => {
+      let raw = ''
+      try {
+        raw = await this.readText(filePath)
+      } catch (err: any) {
+        if (err?.code !== 'ENOENT') throw err
+      }
+      const current = raw ? ((YAML.load(raw, { json: true }) as Record<string, any>) || {}) : {}
+      const updated = await updater(current)
+      const data = isYamlUpdateResult<T>(updated) ? updated.data : updated
+      if (isYamlUpdateResult<T>(updated) && updated.write === false) {
+        return updated.result
+      }
+      const yamlStr = YAML.dump(data, {
+        lineWidth: -1,
+        noRefs: true,
+        quotingType: '"',
+        ...(options.dumpOptions || {}),
+      })
+      await this.writeTextUnlocked(filePath, yamlStr, options)
+      return isYamlUpdateResult<T>(updated) ? updated.result : undefined
+    })
+  }
+
+  private async writeTextUnlocked(filePath: string, content: string, options: SafeWriteOptions): Promise<void> {
+    const target = this.normalizePath(filePath)
+    const dir = dirname(target)
+    const temp = `${target}.tmp.${process.pid}.${Date.now()}.${randomUUID()}`
+
+    await mkdir(dir, { recursive: true })
+    if (options.backup) {
+      try {
+        await copyFile(target, options.backupPath || `${target}.bak`)
+      } catch (err: any) {
+        if (err?.code !== 'ENOENT') throw err
+      }
+    }
+
+    try {
+      await writeFile(temp, content, 'utf-8')
+      await rename(temp, target)
+    } catch (err) {
+      await rm(temp, { force: true }).catch(() => undefined)
+      throw err
+    }
+  }
+}
+
+export const safeFileStore = new SafeFileStore()
diff --git a/packages/server/src/services/shutdown.ts b/packages/server/src/services/shutdown.ts
new file mode 100644
index 0000000..38f9328
--- /dev/null
+++ b/packages/server/src/services/shutdown.ts
@@ -0,0 +1,70 @@
+import { logger } from './logger'
+import { closeDb } from '../db'
+import { stopPreviewRuntime } from '../controllers/update'
+
+export function bindShutdown(server: any, groupChatServer?: any, chatRunServer?: any, agentBridgeManager?: any): void {
+  let isShuttingDown = false
+
+  const shutdown = async (signal: string) => {
+    if (isShuttingDown) return
+    isShuttingDown = true
+
+    // Force exit after 3s no matter what
+    setTimeout(() => process.exit(0), 3000)
+
+    logger.info('Shutting down (%s)...', signal)
+    console.log(`[shutdown] Received signal: ${signal}`)
+
+    try {
+      try {
+        await stopPreviewRuntime()
+        logger.info('Preview runtime stopped')
+      } catch (err) {
+        logger.warn(err, 'Failed to stop preview runtime (non-fatal)')
+      }
+
+      if (agentBridgeManager) {
+        try {
+          await agentBridgeManager.stop()
+          logger.info('Agent bridge stopped')
+        } catch (err) {
+          logger.warn(err, 'Failed to stop agent bridge (non-fatal)')
+        }
+      }
+
+      // Close ChatRunSocket first to abort all active runs and close EventSource connections
+      if (chatRunServer) {
+        chatRunServer.close()
+        logger.info('ChatRunSocket closed')
+      }
+
+      // Disconnect Socket.IO before HTTP server to prevent hanging
+      if (groupChatServer) {
+        groupChatServer.agentClients.disconnectAll()
+        groupChatServer.getIO().close()
+        logger.info('Socket.IO closed')
+      }
+
+      const servers = Array.isArray(server) ? server : [server].filter(Boolean)
+      if (servers.length) {
+        await Promise.all(servers.map((httpServer) => (
+          new Promise<void>((resolve) => {
+            httpServer.close(() => {
+              logger.info('HTTP server closed')
+              resolve()
+            })
+          })
+        )))
+      }
+    } catch (err) {
+      logger.error(err, 'Shutdown error')
+    }
+
+    closeDb()
+    process.exit(0)
+  }
+
+  process.once('SIGUSR2', shutdown)
+  process.on('SIGINT', shutdown)
+  process.on('SIGTERM', shutdown)
+}
diff --git a/packages/server/src/shared/providers.ts b/packages/server/src/shared/providers.ts
new file mode 100644
index 0000000..0b16fc6
--- /dev/null
+++ b/packages/server/src/shared/providers.ts
@@ -0,0 +1,576 @@
+/**
+ * Provider registry — single source of truth for both frontend and backend.
+ * Synced from hermes-agent hermes_cli/models.py _PROVIDER_MODELS.
+ */
+
+export interface ProviderPreset {
+  label: string
+  value: string
+  base_url: string
+  models: string[]
+  builtin: boolean
+  api_mode?: 'chat_completions' | 'codex_responses' | 'anthropic_messages' | 'bedrock_converse' | 'codex_app_server'
+}
+
+export const PROVIDER_PRESETS: ProviderPreset[] = [
+  {
+    label: 'Codex-apikey.fun',
+    value: 'fun-codex',
+    builtin: true,
+    base_url: 'https://api.apikey.fun/v1',
+    api_mode: 'codex_responses',
+    models: [
+      'gpt-5.5',
+      'gpt-5.4',
+      'gpt-5.4-mini',
+      'gpt-5.3-codex',
+      'gpt-5.3-codex-spark',
+    ],
+  },
+  {
+    label: 'Claude-apikey.fun',
+    value: 'fun-claude',
+    builtin: true,
+    base_url: 'https://api.apikey.fun',
+    api_mode: "anthropic_messages",
+    models: [
+      'claude-opus-4-8',
+      'claude-opus-4-7',
+      'claude-opus-4-6',
+      'claude-sonnet-4-6',
+      'claude-haiku-4-5'
+    ],
+  },
+  {
+    label: 'LM Studio',
+    value: 'lmstudio',
+    builtin: true,
+    base_url: 'http://127.0.0.1:1234/v1',
+    api_mode: 'chat_completions',
+    models: [],
+  },
+  {
+    label: 'Anthropic',
+    value: 'anthropic',
+    builtin: true,
+    base_url: 'https://api.anthropic.com',
+    models: [
+      'claude-opus-4-8',
+      'claude-opus-4-7',
+      'claude-opus-4-6',
+      'claude-sonnet-4-6',
+      'claude-opus-4-5-20251101',
+      'claude-sonnet-4-5-20250929',
+      'claude-opus-4-20250514',
+      'claude-sonnet-4-20250514',
+      'claude-haiku-4-5-20251001',
+    ],
+  },
+  {
+    label: 'Google AI Studio',
+    value: 'gemini',
+    builtin: true,
+    base_url: 'https://generativelanguage.googleapis.com/v1beta/openai',
+    models: [
+      'gemini-3.1-pro-preview',
+      'gemini-3-pro-preview',
+      'gemini-3-flash-preview',
+      'gemini-3.1-flash-lite-preview',
+    ],
+  },
+  {
+    label: 'DeepSeek',
+    value: 'deepseek',
+    builtin: true,
+    base_url: 'https://api.deepseek.com',
+    models: ['deepseek-v4-pro', 'deepseek-v4-flash', 'deepseek-chat', 'deepseek-reasoner'],
+  },
+  {
+    label: 'Z.AI / GLM',
+    value: 'zai',
+    builtin: true,
+    base_url: 'https://api.z.ai/api/paas/v4',
+    models: [
+      'glm-5.1',
+      'glm-5',
+      'glm-5v-turbo',
+      'glm-5-turbo',
+      'glm-4.7',
+      'glm-4.5',
+      'glm-4.5-flash',
+    ],
+  },
+  {
+    label: 'GLM-Coding-Plan',
+    value: 'glm-coding-plan',
+    builtin: true,
+    base_url: 'https://api.z.ai/api/anthropic',
+    models: [
+      'glm-5.1',
+      'glm-4.5-air',
+      'glm-5-turbo',
+      'glm-4.7',
+      'glm-5v-turbo',
+    ],
+  },
+  {
+    label: 'Kimi for Coding',
+    value: 'kimi-coding',
+    builtin: true,
+    base_url: 'https://api.kimi.com/coding/v1',
+    models: [
+      'kimi-k2.6',
+      'kimi-k2.5',
+      'kimi-for-coding',
+      'kimi-k2-thinking',
+      'kimi-k2-thinking-turbo',
+      'kimi-k2-turbo-preview',
+      'kimi-k2-0905-preview',
+    ],
+  },
+  {
+    label: 'Kimi for Coding China',
+    value: 'kimi-coding-cn',
+    builtin: true,
+    base_url: 'https://api.kimi.cn/coding/v1',
+    models: [
+      'kimi-k2.6',
+      'kimi-k2.5',
+      'kimi-k2-thinking',
+      'kimi-k2-turbo-preview',
+      'kimi-k2-0905-preview',
+    ],
+  },
+  {
+    label: 'xAI',
+    value: 'xai',
+    builtin: true,
+    base_url: 'https://api.x.ai/v1',
+    models: [
+      'grok-4.3',
+      'grok-4.20-0309-non-reasoning',
+      'grok-4.20-0309-reasoning',
+      'grok-4.20-multi-agent-0309',
+      'grok-build-0.1',
+      'grok-imagine-image',
+      'grok-imagine-image-quality',
+      'grok-imagine-video',
+    ],
+  },
+  {
+    label: 'xAI Grok OAuth (SuperGrok Subscription)',
+    value: 'xai-oauth',
+    builtin: true,
+    base_url: 'https://api.x.ai/v1',
+    models: [
+      'grok-4.3',
+      'grok-4.20-0309-non-reasoning',
+      'grok-4.20-0309-reasoning',
+      'grok-4.20-multi-agent-0309',
+      'grok-build-0.1',
+      'grok-imagine-image',
+      'grok-imagine-image-quality',
+      'grok-imagine-video',
+    ],
+  },
+  {
+    label: 'MiniMax',
+    value: 'minimax',
+    builtin: true,
+    base_url: 'https://api.minimax.io/anthropic/v1',
+    models: ['MiniMax-M3', 'MiniMax-M2.7', 'MiniMax-M2.7-highspeed', 'MiniMax-M2.5', 'MiniMax-M2.5-highspeed', 'MiniMax-M2.1', 'MiniMax-M2.1-highspeed', 'MiniMax-M2'],
+  },
+  {
+    label: 'MiniMax (China)',
+    value: 'minimax-cn',
+    builtin: true,
+    base_url: 'https://api.minimaxi.com/anthropic/v1',
+    models: ['MiniMax-M3', 'MiniMax-M2.7', 'MiniMax-M2.7-highspeed', 'MiniMax-M2.5', 'MiniMax-M2.5-highspeed', 'MiniMax-M2.1', 'MiniMax-M2.1-highspeed', 'MiniMax-M2'],
+  },
+  {
+    label: 'Alibaba Cloud',
+    value: 'alibaba',
+    builtin: true,
+    base_url: 'https://dashscope-intl.aliyuncs.com/compatible-mode/v1',
+    models: [
+      'qwen3.7-max',
+      'qwen3.6-plus',
+      'kimi-k2.5',
+      'qwen3.5-plus',
+      'qwen3-coder-plus',
+      'qwen3-coder-next',
+      'glm-5',
+      'glm-4.7',
+      'MiniMax-M2.5',
+    ],
+  },
+  {
+    label: 'Alibaba Cloud (Coding Plan)',
+    value: 'alibaba-coding-plan',
+    builtin: true,
+    // NOTE: This is the international (intl) DashScope endpoint, matching upstream
+    // hermes-agent (auth.py:255). Mainland China DashScope accounts (sk-sp-* keys
+    // issued by dashscope.aliyun.com) must override via ALIBABA_CODING_PLAN_BASE_URL=
+    // https://coding.dashscope.aliyuncs.com/v1 (no -intl), since the -intl endpoint
+    // returns HTTP 401 for those keys.
+    base_url: 'https://coding-intl.dashscope.aliyuncs.com/v1',
+    models: [
+      'qwen3.7-max',
+      'qwen3.6-plus',
+      'qwen3.5-plus',
+      'qwen3-coder-plus',
+      'qwen3-coder-next',
+      'kimi-k2.5',
+      'glm-5',
+      'glm-4.7',
+      'MiniMax-M2.5',
+    ],
+  },
+  {
+    label: 'Hugging Face',
+    value: 'huggingface',
+    builtin: true,
+    base_url: 'https://router.huggingface.co/v1',
+    models: [
+      'moonshotai/Kimi-K2.5',
+      'Qwen/Qwen3.5-397B-A17B',
+      'Qwen/Qwen3.5-35B-A3B',
+      'deepseek-ai/DeepSeek-V3.2',
+      'MiniMaxAI/MiniMax-M2.5',
+      'zai-org/GLM-5',
+      'XiaomiMiMo/MiMo-V2-Flash',
+      'moonshotai/Kimi-K2-Thinking',
+      'moonshotai/Kimi-K2.6',
+    ],
+  },
+  {
+    label: 'NVIDIA',
+    value: 'nvidia',
+    builtin: true,
+    base_url: 'https://integrate.api.nvidia.com/v1',
+    models: [
+      'nvidia/nemotron-3-super-120b-a12b',
+      'nvidia/nemotron-3-nano-30b-a3b',
+      'nvidia/llama-3.3-nemotron-super-49b-v1.5',
+      'qwen/qwen3.5-397b-a17b',
+      'deepseek-ai/deepseek-v3.2',
+      'moonshotai/kimi-k2.6',
+      'minimaxai/minimax-m2.5',
+      'z-ai/glm5',
+      'openai/gpt-oss-120b',
+    ],
+  },
+  {
+    label: 'NovitaAI',
+    value: 'novita',
+    builtin: true,
+    base_url: 'https://api.novita.ai/openai',
+    models: [
+      'moonshotai/kimi-k2.5',
+      'minimax/minimax-m2.7',
+      'zai-org/glm-5',
+      'deepseek/deepseek-v3-0324',
+      'deepseek/deepseek-r1-0528',
+      'qwen/qwen3-235b-a22b-fp8',
+    ],
+  },
+  {
+    label: 'GMI Cloud',
+    value: 'gmi',
+    builtin: true,
+    base_url: 'https://api.gmi-serving.com/v1',
+    models: [
+      'zai-org/GLM-5.1-FP8',
+      'deepseek-ai/DeepSeek-V3.2',
+      'moonshotai/Kimi-K2.5',
+      'google/gemini-3.1-flash-lite-preview',
+      'anthropic/claude-sonnet-4.6',
+      'openai/gpt-5.4',
+    ],
+  },
+  {
+    label: 'Xiaomi Token Plan',
+    value: 'xiaomi-token-plan',
+    builtin: true,
+    base_url: 'https://token-plan-sgp.xiaomimimo.com/v1',
+    models: [
+      'mimo-v2-omni',
+      'mimo-v2-pro',
+      'mimo-v2-tts',
+      'mimo-v2.5',
+      'mimo-v2.5-pro',
+      'mimo-v2.5-tts',
+      'mimo-v2.5-tts-voiceclone',
+      'mimo-v2.5-tts-voicedesign',
+    ],
+  },
+  {
+    label: 'Xiaomi MiMo',
+    value: 'xiaomi',
+    builtin: true,
+    base_url: 'https://api.xiaomimimo.com/v1',
+    models: [
+      'mimo-v2.5-pro',
+      'mimo-v2.5',
+      'mimo-v2-pro',
+      'mimo-v2-omni',
+      'mimo-v2-flash',
+    ],
+  },
+  {
+    label: 'Kilo Code',
+    value: 'kilocode',
+    builtin: true,
+    base_url: 'https://api.kilo.ai/api/gateway',
+    models: [
+      'anthropic/claude-opus-4.6',
+      'anthropic/claude-sonnet-4.6',
+      'openai/gpt-5.4',
+      'google/gemini-3-pro-preview',
+      'google/gemini-3-flash-preview',
+    ],
+  },
+  {
+    label: 'Tencent TokenHub',
+    value: 'tencent-tokenhub',
+    builtin: true,
+    base_url: 'https://tokenhub.tencentmaas.com/v1',
+    models: ['hy3-preview'],
+  },
+  {
+    label: 'Vercel AI Gateway',
+    value: 'ai-gateway',
+    builtin: true,
+    base_url: 'https://ai-gateway.vercel.sh/v1',
+    models: [
+      'moonshotai/kimi-k2.6',
+      'alibaba/qwen3.6-plus',
+      'zai/glm-5.1',
+      'minimax/minimax-m2.7',
+      'anthropic/claude-sonnet-4.6',
+      'anthropic/claude-opus-4.7',
+      'anthropic/claude-opus-4.6',
+      'anthropic/claude-haiku-4.5',
+      'openai/gpt-5.4',
+      'openai/gpt-5.4-mini',
+      'openai/gpt-5.3-codex',
+      'google/gemini-3.1-pro-preview',
+      'google/gemini-3-flash',
+      'google/gemini-3.1-flash-lite-preview',
+      'xai/grok-4.20-reasoning',
+    ],
+  },
+  {
+    label: 'CLIProxyAPI',
+    value: 'cliproxyapi',
+    builtin: true,
+    base_url: 'http://127.0.0.1:8317/v1',
+    models: [
+      'gpt-5.5',
+      'gpt-5-codex',
+      'claude-sonnet-4-6',
+      'claude-sonnet-4-5-20250929',
+      'gemini-3.1-pro-preview',
+      'gemini-2.5-pro',
+    ],
+  },
+  {
+    label: 'OpenCode Zen',
+    value: 'opencode-zen',
+    builtin: true,
+    base_url: 'https://opencode.ai/zen/v1',
+    models: [
+      'kimi-k2.5',
+      'gpt-5.4-pro',
+      'gpt-5.4',
+      'gpt-5.3-codex',
+      'gpt-5.2',
+      'gpt-5.2-codex',
+      'gpt-5.1',
+      'gpt-5.1-codex',
+      'gpt-5.1-codex-max',
+      'gpt-5.1-codex-mini',
+      'gpt-5',
+      'gpt-5-codex',
+      'gpt-5-nano',
+      'claude-opus-4-6',
+      'claude-opus-4-5',
+      'claude-opus-4-1',
+      'claude-sonnet-4-6',
+      'claude-sonnet-4-5',
+      'claude-sonnet-4',
+      'claude-haiku-4-5',
+      'claude-3-5-haiku',
+      'gemini-3.1-pro',
+      'gemini-3-pro',
+      'gemini-3-flash',
+      'minimax-m2.7',
+      'minimax-m2.5',
+      'minimax-m2.5-free',
+      'minimax-m2.1',
+      'glm-5',
+      'glm-4.7',
+      'glm-4.6',
+      'kimi-k2-thinking',
+      'kimi-k2',
+      'qwen3-coder',
+      'big-pickle',
+    ],
+  },
+  {
+    label: 'OpenCode Go',
+    value: 'opencode-go',
+    builtin: true,
+    base_url: 'https://opencode.ai/zen/go/v1',
+    models: [
+      'glm-5.1',
+      'glm-5',
+      'kimi-k2.5',
+      'kimi-k2.6',
+      'mimo-v2.5-pro',
+      'mimo-v2.5',
+      'mimo-v2-pro',
+      'mimo-v2-omni',
+      'minimax-m2.7',
+      'minimax-m2.5',
+      'qwen3.7-max',
+      'qwen3.6-plus',
+      'qwen3.5-plus'
+    ],
+  },
+  {
+    label: 'LongCat',
+    value: 'longcat',
+    builtin: true,
+    base_url: 'https://api.longcat.chat/openai',
+    models: ['LongCat-Flash-Lite', 'LongCat-2.0-Preview'],
+  },
+  {
+    label: 'OpenAI Codex',
+    value: 'openai-codex',
+    builtin: true,
+    base_url: 'https://chatgpt.com/backend-api/codex',
+    models: ['gpt-5.5', 'gpt-5.4-mini', 'gpt-5.4', 'gpt-5.3-codex', 'gpt-5.3-codex-spark'],
+  },
+  {
+    label: 'OpenAI API',
+    value: 'openai-api',
+    builtin: true,
+    base_url: 'https://api.openai.com/v1',
+    api_mode: 'codex_responses',
+    models: [
+      'gpt-5.5',
+      'gpt-5.5-pro',
+      'gpt-5.4',
+      'gpt-5.4-mini',
+      'gpt-5.4-nano',
+      'gpt-5-mini',
+      'gpt-5.3-codex',
+      'gpt-4.1',
+      'gpt-4o',
+      'gpt-4o-mini',
+    ],
+  },
+  {
+    label: 'Arcee AI',
+    value: 'arcee',
+    builtin: true,
+    base_url: 'https://api.arcee.ai/api/v1',
+    models: ['trinity-large-thinking', 'trinity-large-preview', 'trinity-mini'],
+  },
+  {
+    label: 'Nous Portal',
+    value: 'nous',
+    builtin: true,
+    base_url: 'https://inference-api.nousresearch.com/v1',
+    // Synced from:
+    // - https://hermes-agent.nousresearch.com/docs/api/model-catalog.json
+    // - https://portal.nousresearch.com/api/nous/recommended-models
+    models: [
+      'anthropic/claude-opus-4.8',
+      'anthropic/claude-opus-4.7',
+      'anthropic/claude-opus-4.6',
+      'anthropic/claude-sonnet-4.6',
+      'moonshotai/kimi-k2.6',
+      'qwen/qwen3.7-max',
+      'anthropic/claude-haiku-4.5',
+      'openai/gpt-5.5',
+      'openai/gpt-5.5-pro',
+      'openai/gpt-5.4-mini',
+      'openai/gpt-5.4-nano',
+      'openai/gpt-5.3-codex',
+      'xiaomi/mimo-v2.5-pro',
+      'tencent/hy3-preview',
+      'google/gemini-3-pro-preview',
+      'google/gemini-3-flash-preview',
+      'google/gemini-3.1-pro-preview',
+      'google/gemini-3.1-flash-lite-preview',
+      'qwen/qwen3.6-35b-a3b',
+      'stepfun/step-3.5-flash',
+      'minimax/minimax-m2.7',
+      'z-ai/glm-5.1',
+      'x-ai/grok-4.3',
+      'nvidia/nemotron-3-super-120b-a12b',
+      'deepseek/deepseek-v4-pro',
+    ],
+  },
+  {
+    label: 'StepFun',
+    value: 'stepfun',
+    builtin: true,
+    base_url: 'https://api.stepfun.ai/step_plan/v1',
+    models: ['step-3.7-flash', 'step-3.5-flash', 'step-3.5-flash-2603'],
+  },
+  {
+    label: 'Ollama Cloud',
+    value: 'ollama-cloud',
+    builtin: true,
+    base_url: 'https://ollama.com/v1',
+    models: [],
+  },
+  {
+    label: 'OpenRouter',
+    value: 'openrouter',
+    builtin: true,
+    base_url: 'https://openrouter.ai/api/v1',
+    models: [],
+  },
+  {
+    label: 'GitHub Copilot',
+    value: 'copilot',
+    builtin: true,
+    base_url: 'https://api.githubcopilot.com',
+    models: [
+      'gpt-5.5',
+      'gpt-5.4',
+      'gpt-5.4-mini',
+      'gpt-5.4-nano',
+      'gpt-5-mini',
+      'gpt-5.3-codex',
+      'claude-opus-4.8',
+      'claude-opus-4.7',
+      'claude-opus-4.6',
+      'claude-opus-4.6-fast',
+      'claude-opus-4.5',
+      'claude-haiku-4.5',
+      'claude-sonnet-4.6',
+      'claude-sonnet-4.5',
+      'gemini-2.5-pro',
+      'gemini-3-flash',
+      'gemini-3.1-pro',
+      'gemini-3.5-flash',
+      'raptor-mini',
+    ],
+  },
+]
+
+/** Build a Record<providerKey, models[]> for backend lookup */
+export function buildProviderModelMap(): Record<string, string[]> {
+  const map: Record<string, string[]> = {}
+  for (const p of PROVIDER_PRESETS) {
+    if (p.models.length > 0) {
+      map[p.value] = p.models
+    }
+  }
+  return map
+}
diff --git a/packages/server/tsconfig.json b/packages/server/tsconfig.json
new file mode 100644
index 0000000..ddc0adb
--- /dev/null
+++ b/packages/server/tsconfig.json
@@ -0,0 +1,12 @@
+{
+  "compilerOptions": {
+    "target": "ES2024",
+    "module": "commonjs",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "noEmit": true
+  },
+  "include": ["src/**/*.ts"]
+}
diff --git a/packages/skills/apikey-image-gen/SKILL.md b/packages/skills/apikey-image-gen/SKILL.md
new file mode 100644
index 0000000..856ad8a
--- /dev/null
+++ b/packages/skills/apikey-image-gen/SKILL.md
@@ -0,0 +1,182 @@
+---
+name: apikey-image-gen
+description: "Generate or edit images through Hermes Web UI using the selected/requested profile's fun-codex provider from config.yaml."
+version: 1.0.0
+author: Ekko
+license: MIT
+platforms: [linux, macos, windows, termux]
+metadata:
+  hermes:
+    tags: [api.apikey.fun, image-generation, image-editing, media]
+prerequisites:
+  commands: [curl]
+---
+
+# APIKEY Image Generation
+
+Use this skill when the user wants to generate an image, generate an image from a reference image, or edit an existing image.
+
+Always call Hermes Web UI's media endpoint. Do not call `api.apikey.fun` directly, and do not ask the user for an API key. The server reads the selected/requested profile's `config.yaml` and uses the `custom_providers` entry named `fun-codex`:
+
+Do not use any built-in image generation tool as a fallback. If the Hermes Web UI endpoint returns `401`, `403`, connection failure, or any other error, stop and report the Hermes Web UI error to the user.
+
+```yaml
+custom_providers:
+  - name: fun-codex
+    base_url: https://api.apikey.fun/v1
+    api_key: ...
+    model: gpt-5.5
+    api_mode: codex_responses
+```
+
+Endpoint:
+
+```bash
+POST <Hermes Web UI base URL>/api/hermes/media/apikey-image-generate
+```
+
+Resolve the Hermes Web UI base URL in this order:
+
+1. `HERMES_WEB_UI_URL` environment variable, if set.
+2. `http://127.0.0.1:${PORT}`, if `PORT` is set.
+3. `http://127.0.0.1:8648` for local development.
+
+When Hermes Web UI is running from Docker Compose, the default external URL is `http://127.0.0.1:6060`.
+
+Authentication:
+
+Send the Hermes Web UI server bearer token. This token is accepted only by Hermes Web UI media generation endpoints for agent skills; it is not a general Web UI login token.
+
+Resolve the token in this order:
+
+1. `AUTH_TOKEN` environment variable, if set.
+2. `${HERMES_WEB_UI_HOME}/.token`, if `HERMES_WEB_UI_HOME` is set.
+3. `${HERMES_WEBUI_STATE_DIR}/.token`, if `HERMES_WEBUI_STATE_DIR` is set.
+4. `~/.hermes-web-ui/.token`.
+
+Profile selection:
+
+Use the current Hermes profile from the run instructions by sending `X-Hermes-Profile`.
+
+If the run instructions include `[Current Hermes profile: <name>]`, include:
+
+```bash
+-H "X-Hermes-Profile: <name>"
+```
+
+Replace `<name>` with the exact profile name from the run instructions. Never send a placeholder value such as `<name>` or `<current-hermes-profile>`.
+
+If no current profile is provided, omit the header and let the server fall back to the current Hermes active profile.
+
+## Modes
+
+### Text To Image
+
+Use when there is no input image.
+
+```json
+{
+  "mode": "text",
+  "prompt": "A high quality product image of a matte black mechanical keyboard on a clean desk",
+  "size": "1024x1024",
+  "output_path": "/absolute/path/to/output.png"
+}
+```
+
+The server calls `POST /v1/images/generations` against the `fun-codex` base URL.
+
+### Image To Image
+
+Use when the user provides a reference image and wants a new image based on it.
+
+```json
+{
+  "mode": "image",
+  "prompt": "Use this reference composition and generate a refined technology brand poster",
+  "image_path": "/absolute/path/to/reference.png",
+  "size": "1024x1024",
+  "output_path": "/absolute/path/to/output.png"
+}
+```
+
+The server calls `POST /v1/responses` against the `fun-codex` base URL.
+
+### Image Edit
+
+Use when the user wants to modify an existing image while preserving parts of it.
+
+```json
+{
+  "mode": "edit",
+  "prompt": "Change the background to blue and keep the subject unchanged",
+  "image_path": "/absolute/path/to/source.png",
+  "size": "1024x1024",
+  "output_path": "/absolute/path/to/edited.png"
+}
+```
+
+The server calls `POST /v1/images/edits` against the `fun-codex` base URL.
+
+## Request Fields
+
+- `mode`: `text`, `image`, or `edit`.
+- `prompt`: required.
+- `image_path`: local png, jpeg, or webp path. Required for `image` and `edit` unless using `image_url` or `image_base64`.
+- `image_url`: optional alternative image input.
+- `image_base64`: optional alternative image input. If it is not a data URI, include `mime_type`.
+- `n`: number of images. Defaults to `1`.
+- `size`: defaults to `1024x1024`. Common values: `1024x1024`, `1536x1024`, `1024x1536`, `2048x2048`, `3840x2160`, `2160x3840`, `auto`.
+- `quality`: defaults to `auto`.
+- `model`: optional override. Text/edit default to `gpt-image-2`; image mode defaults to the `fun-codex` model in `config.yaml`.
+- `image_model`: optional image tool model for image mode. Defaults to `gpt-image-2`.
+- `output_path`: optional absolute output file path. If omitted, the server saves to `${HERMES_WEB_UI_HOME:-~/.hermes-web-ui}/media/*.png`.
+- `timeout_ms`: defaults to `600000`.
+
+## Curl Template
+
+```bash
+TOKEN="${AUTH_TOKEN:-}"
+if [ -z "$TOKEN" ] && [ -n "${HERMES_WEB_UI_HOME:-}" ] && [ -f "$HERMES_WEB_UI_HOME/.token" ]; then
+  TOKEN="$(cat "$HERMES_WEB_UI_HOME/.token")"
+fi
+if [ -z "$TOKEN" ] && [ -n "${HERMES_WEBUI_STATE_DIR:-}" ] && [ -f "$HERMES_WEBUI_STATE_DIR/.token" ]; then
+  TOKEN="$(cat "$HERMES_WEBUI_STATE_DIR/.token")"
+fi
+if [ -z "$TOKEN" ] && [ -f "$HOME/.hermes-web-ui/.token" ]; then
+  TOKEN="$(cat "$HOME/.hermes-web-ui/.token")"
+fi
+if [ -z "$TOKEN" ]; then
+  echo "Missing Hermes Web UI token. Check AUTH_TOKEN, HERMES_WEB_UI_HOME, HERMES_WEBUI_STATE_DIR, or ~/.hermes-web-ui/.token." >&2
+  exit 1
+fi
+
+BASE_URL="${HERMES_WEB_UI_URL:-}"
+if [ -z "$BASE_URL" ]; then
+  BASE_URL="http://127.0.0.1:${PORT:-8648}"
+fi
+BASE_URL="${BASE_URL%/}"
+
+curl -sS -X POST "$BASE_URL/api/hermes/media/apikey-image-generate" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H 'Content-Type: application/json' \
+  -d '{
+    "mode": "text",
+    "prompt": "A cinematic 4K photo of a silver robot hand holding a small glowing cube",
+    "size": "3840x2160",
+    "output_path": "/absolute/path/to/output.png"
+  }'
+```
+
+Successful responses include:
+
+```json
+{
+  "ok": true,
+  "mode": "text",
+  "output_paths": ["/absolute/path/to/output.png"],
+  "provider": "fun-codex",
+  "base_url": "https://api.apikey.fun/v1"
+}
+```
+
+If the response code is `missing_fun_codex_provider`, tell the user to configure `fun-codex` in the selected/requested profile's `config.yaml`.
diff --git a/packages/skills/grok-image-to-video/SKILL.md b/packages/skills/grok-image-to-video/SKILL.md
new file mode 100644
index 0000000..5b55ed6
--- /dev/null
+++ b/packages/skills/grok-image-to-video/SKILL.md
@@ -0,0 +1,112 @@
+---
+name: grok-image-to-video
+description: "Animate a local image into a short mp4 video through Hermes Web UI using xAI Grok Imagine."
+version: 1.0.0
+author: Ekko
+license: MIT
+platforms: [linux, macos, windows]
+metadata:
+  hermes:
+    tags: [xAI, Grok, image-to-video, video-generation, media]
+prerequisites:
+  commands: [curl]
+---
+
+# Grok Image To Video
+
+Use this skill when the user wants to animate a local image into a short video with xAI Grok Imagine.
+
+Do not use any built-in image or video generation tool as a fallback. If the Hermes Web UI endpoint returns `401`, `403`, connection failure, or any other error, stop and report the Hermes Web UI error to the user.
+
+## Workflow
+
+Call the local Hermes Web UI media endpoint. Pass a local image path; the server will check for xAI credentials, read the file, convert it to a base64 data URI, call xAI, poll until completion, and optionally save the generated mp4.
+
+Endpoint:
+
+```bash
+POST <Hermes Web UI base URL>/api/hermes/media/grok-image-to-video
+```
+
+Resolve the Hermes Web UI base URL in this order:
+
+1. `HERMES_WEB_UI_URL` environment variable, if set.
+2. `http://127.0.0.1:${PORT}`, if `PORT` is set.
+3. `http://127.0.0.1:8648` for local development.
+
+When Hermes Web UI is running from the provided Docker Compose setup, the default external URL is `http://127.0.0.1:6060`.
+
+Authentication:
+
+The endpoint is protected by Hermes Web UI auth. Always send the Hermes Web UI server bearer token. This token is accepted only by Hermes Web UI media generation endpoints for agent skills; it is not a general Web UI login token.
+
+Resolve the token in this order:
+
+1. `AUTH_TOKEN` environment variable, if set.
+2. `${HERMES_WEB_UI_HOME}/.token`, if `HERMES_WEB_UI_HOME` is set.
+3. `${HERMES_WEBUI_STATE_DIR}/.token`, if `HERMES_WEBUI_STATE_DIR` is set.
+4. `~/.hermes-web-ui/.token`.
+
+Profile selection:
+
+Use the current Hermes profile from the run instructions by sending `X-Hermes-Profile`.
+
+If the run instructions include `[Current Hermes profile: <name>]`, include:
+
+```bash
+-H "X-Hermes-Profile: <name>"
+```
+
+Replace `<name>` with the exact profile name from the run instructions. Never send a placeholder value such as `<name>` or `<current-hermes-profile>`.
+
+If no current profile is provided, omit the header and let the server fall back to the current Hermes active profile.
+
+Required JSON fields:
+
+- `image_path`: local path to a png, jpeg, or webp image.
+- `prompt`: motion and style instructions for the generated video.
+
+Optional JSON fields:
+
+- `duration`: seconds, 1 to 15. Defaults to 8.
+- `output_path`: local path where the server should save the mp4. If omitted, the server saves to `${HERMES_WEB_UI_HOME:-~/.hermes-web-ui}/media/<request_id>.mp4` and creates the `media` directory if needed.
+- `timeout_ms`: maximum wait time. Defaults to 600000.
+
+Example:
+
+```bash
+TOKEN="${AUTH_TOKEN:-}"
+if [ -z "$TOKEN" ] && [ -n "${HERMES_WEB_UI_HOME:-}" ] && [ -f "$HERMES_WEB_UI_HOME/.token" ]; then
+  TOKEN="$(cat "$HERMES_WEB_UI_HOME/.token")"
+fi
+if [ -z "$TOKEN" ] && [ -n "${HERMES_WEBUI_STATE_DIR:-}" ] && [ -f "$HERMES_WEBUI_STATE_DIR/.token" ]; then
+  TOKEN="$(cat "$HERMES_WEBUI_STATE_DIR/.token")"
+fi
+if [ -z "$TOKEN" ] && [ -f "$HOME/.hermes-web-ui/.token" ]; then
+  TOKEN="$(cat "$HOME/.hermes-web-ui/.token")"
+fi
+if [ -z "$TOKEN" ]; then
+  echo "Missing Hermes Web UI token. Check AUTH_TOKEN, HERMES_WEB_UI_HOME, HERMES_WEBUI_STATE_DIR, or ~/.hermes-web-ui/.token." >&2
+  exit 1
+fi
+
+BASE_URL="${HERMES_WEB_UI_URL:-}"
+if [ -z "$BASE_URL" ]; then
+  BASE_URL="http://127.0.0.1:${PORT:-8648}"
+fi
+BASE_URL="${BASE_URL%/}"
+
+curl -sS -X POST "$BASE_URL/api/hermes/media/grok-image-to-video" \
+  -H "Authorization: Bearer $TOKEN" \
+  -H 'Content-Type: application/json' \
+  -d '{
+    "image_path": "/absolute/path/to/input.png",
+    "prompt": "Animate the subject with a slow cinematic push-in and subtle natural motion.",
+    "duration": 8,
+    "output_path": "/absolute/path/to/output.mp4"
+  }'
+```
+
+If the response has `code: "missing_xai_token"`, tell the user to set `XAI_API_KEY` or complete xAI OAuth login in Hermes Web UI before retrying.
+
+Return the generated `output_path`.
diff --git a/packages/skills/hyperframes/SKILL.md b/packages/skills/hyperframes/SKILL.md
new file mode 100644
index 0000000..a218803
--- /dev/null
+++ b/packages/skills/hyperframes/SKILL.md
@@ -0,0 +1,87 @@
+---
+name: hyperframes
+description: "Create AI videos with HyperFrames in Hermes using HTML, CSS, and JavaScript compositions, then validate and render them to MP4. Use for short video intros, cinematic trailers, product promos, subtitle animations, HUD/tech visuals, web-to-video work, and motion graphics."
+version: 1.0.0
+author: Ekko
+license: MIT
+platforms: [linux, macos, windows]
+metadata:
+  hermes:
+    tags: [hyperframes, ai-video, html-video, animation, motion-graphics, mp4]
+prerequisites:
+  commands: [node, npx]
+---
+
+# HyperFrames
+
+Use this skill when the user asks Hermes to make a video with HyperFrames, such as a 30-second vertical video, a short intro, a cinematic micro-trailer, a product promo, animated captions, HUD-style tech visuals, a website-to-video piece, or an HTML/CSS/JS motion graphics render.
+
+HyperFrames treats HTML as the video source of truth. Build video scenes as HTML compositions with CSS layout and JavaScript animation, validate the layout, then render the result to MP4.
+
+## Setup
+
+If HyperFrames is not installed or the official skill is missing, install it first:
+
+```bash
+hermes skills install official/creative/hyperframes
+```
+
+Use `npx hyperframes` for project operations. HyperFrames requires Node.js and FFmpeg. If rendering or preview fails, run:
+
+```bash
+npx hyperframes doctor
+```
+
+## Workflow
+
+1. Convert the user's request into a short production brief: duration, aspect ratio, target platform, language, style, music or voiceover needs, and final output path.
+2. For incomplete briefs, make reasonable defaults. Use 1080x1920 for vertical short video, 1920x1080 for horizontal video, 30 fps, and MP4 output.
+3. Create or reuse a HyperFrames project:
+
+```bash
+npx hyperframes init my-video --non-interactive
+```
+
+4. Write the composition in HTML/CSS/JS. Make the static hero frame layout correct before adding animation.
+5. Validate before rendering:
+
+```bash
+npx hyperframes lint
+npx hyperframes inspect --samples 15
+```
+
+6. Preview when useful:
+
+```bash
+npx hyperframes preview
+```
+
+7. Render the final video:
+
+```bash
+npx hyperframes render --output final.mp4 --quality standard
+```
+
+Use `--quality draft` for fast iteration and `--quality high` for final delivery when the user asks for a polished export.
+
+## Composition Rules
+
+- Use a root element with `data-composition-id`, `data-width`, and `data-height`.
+- Use `data-start`, `data-duration`, and `data-track-index` for timed clips.
+- Register GSAP timelines synchronously on `window.__timelines`.
+- Use CSS as the final layout state, then animate from or to that state.
+- Keep media playback under the HyperFrames runtime. Do not manually call `play()`, `pause()`, or seek media.
+- Avoid nondeterministic animation logic such as `Math.random()` or `Date.now()` unless using a seeded generator.
+- Do not use infinite repeats. Calculate finite repeat counts from the composition duration.
+- Check that text, captions, UI panels, and HUD elements stay inside the frame on every inspected timestamp.
+
+## Delivery
+
+When finished, tell the user:
+
+- the rendered MP4 path;
+- the preview URL if a preview server is running;
+- any assumptions made about duration, aspect ratio, style, narration, or music;
+- any validation issues that remain unresolved.
+
+Do not stop after writing HTML. A HyperFrames task is only complete after the composition has been checked with `lint` and `inspect`, and rendered to an MP4 unless the user explicitly asks for source files only.
diff --git a/packages/skills/markdown-viewer/SKILL.md b/packages/skills/markdown-viewer/SKILL.md
new file mode 100644
index 0000000..6a14cd8
--- /dev/null
+++ b/packages/skills/markdown-viewer/SKILL.md
@@ -0,0 +1,86 @@
+---
+name: markdown-viewer
+description: "Create rich diagrams, data visualizations, technical architecture views, and editorial content cards directly in Markdown using the Markdown Viewer Agent Skills pack. Use for Mermaid-like diagram requests, PlantUML architecture diagrams, Vega charts, JSON Canvas maps, infographics, UML, cloud/network/security/data/IoT diagrams, and polished Markdown documentation visuals."
+version: 1.0.0
+author: Ekko
+license: MIT
+platforms: [linux, macos, windows]
+metadata:
+  hermes:
+    source: markdown-viewer/skills
+    tags: [markdown-viewer, diagrams, visualization, plantuml, vega, infographic, documentation]
+prerequisites:
+  commands: [node, npx]
+---
+
+# Markdown Viewer
+
+Use this skill when the user wants a diagram, visualization, architecture view, data chart, technical documentation graphic, infographic, mind map, or editorial-quality content card directly inside Markdown.
+
+Markdown Viewer Agent Skills is an opinionated skill pack for AI coding agents. It covers diagram generation, data visualization, and technical documentation using multiple Markdown-rendered engines, including PlantUML, Vega/Vega-Lite, JSON Canvas, infographic blocks, and direct HTML/CSS embeds.
+
+## Setup
+
+If the upstream skill pack is not installed, install it first:
+
+```bash
+npx skills add markdown-viewer/skills
+```
+
+After installation, prefer reading the specific upstream skill for the requested output type before writing complex diagrams. The pack includes detailed syntax rules, examples, and common pitfalls for each renderer.
+
+## Skill Selection
+
+Choose the smallest renderer that fits the user's goal:
+
+| User goal | Use |
+| --- | --- |
+| Bar, line, scatter, heatmap, area, radar, word cloud, or data-driven chart | `vega` / `vega-lite` |
+| KPI card, roadmap, timeline, SWOT, funnel, org chart, or structured visual summary | `infographic` |
+| Free-position mind map, concept map, knowledge graph, or planning board | `canvas` |
+| System layers, microservices, app/data/infrastructure layers | `architecture` |
+| Editorial knowledge card, event card, data highlight, or polished content tile | `infocard` |
+| UML class, sequence, activity, state, component, deployment, package, or use-case diagram | `uml` |
+| AWS, Azure, GCP, Alibaba Cloud, Kubernetes, serverless, or multi-cloud diagram | `cloud` |
+| LAN/WAN, data center, enterprise network, or device topology | `network` |
+| Threat model, zero-trust, IAM, firewall, encryption, or compliance view | `security` |
+| Enterprise architecture with business/application/technology layers | `archimate` |
+| BPMN workflow, swim lanes, integration pattern, or value stream map | `bpmn` |
+| ETL/ELT, warehouse, lakehouse, ML pipeline, or analytics workflow | `data-analytics` |
+| Sensors, edge computing, smart factory/home, fleet, or digital twin view | `iot` |
+| Hierarchical brainstorm tree or study outline | `mindmap` |
+
+## Output Rules
+
+- Write the result in Markdown unless the user asks for a separate file.
+- Use the correct code fence for the chosen renderer:
+  - `vega-lite` or `vega` for data charts.
+  - `infographic` for infographic YAML blocks.
+  - `canvas` for JSON Canvas maps.
+  - `plantuml` or `puml` for UML, cloud, network, security, ArchiMate, BPMN, data analytics, IoT, and PlantUML mind maps.
+- For `architecture` and `infocard`, embed the HTML/CSS directly in Markdown when that renderer expects raw HTML instead of a code fence.
+- Keep diagrams focused. Prefer a clear, accurate first version over decorative complexity.
+- Label nodes and edges with domain language the user already used.
+- For technical diagrams, include enough structure to be useful in docs: boundaries, data flow, dependencies, trust zones, layers, or ownership where relevant.
+- For data visualizations, include explicit sample data or use the data the user supplied. Do not invent real metrics without marking them as placeholders.
+- For security or compliance diagrams, avoid implying guarantees. Show controls, boundaries, and risks factually.
+
+## Workflow
+
+1. Identify the user's artifact type: chart, diagram, architecture, process, mind map, infographic, or card.
+2. Select the renderer from the guide above.
+3. If the pack is installed locally, read the corresponding upstream `SKILL.md` for exact syntax and pitfalls.
+4. Draft the Markdown artifact with the correct code fence or raw HTML/CSS style.
+5. Check syntax before delivery: matching fences, valid JSON/YAML where required, PlantUML starts and ends correctly, and labels are readable.
+6. If the user needs a file, save it as `.md` and include only the final artifact plus concise notes.
+
+## Delivery
+
+When finished, tell the user:
+
+- which renderer or sub-skill you used;
+- where the Markdown file is, if one was created;
+- any placeholder data or assumptions;
+- any viewer requirement, such as needing a Markdown Viewer extension or compatible renderer.
+
+Do not use static screenshots when the user asked for Markdown-native visuals. The value of this skill is that the output stays editable, reviewable, and renderable from Markdown.
diff --git a/packages/skills/remotion/SKILL.md b/packages/skills/remotion/SKILL.md
new file mode 100644
index 0000000..66ab804
--- /dev/null
+++ b/packages/skills/remotion/SKILL.md
@@ -0,0 +1,98 @@
+---
+name: remotion
+description: "Create editable AI video projects with Remotion and React, then preview and render them to MP4. Use for vertical short videos, product demos, story-driven animations, HUD/tech visuals, feed ads, tutorial videos, subtitles, voiceover, sound effects, and code-based video iteration."
+version: 1.0.0
+author: Ekko
+license: MIT
+platforms: [linux, macos, windows]
+metadata:
+  hermes:
+    source: skills-sh/google-labs-code/stitch-skills/remotion
+    tags: [remotion, react-video, ai-video, mp4, animation, short-video]
+prerequisites:
+  commands: [node, npx]
+---
+
+# Remotion
+
+Use this skill when the user wants Hermes to turn a short video idea into an editable, renderable React video project with Remotion.
+
+Remotion is different from prompt-only AI video tools: it produces a code project. That means the agent can repeatedly edit subtitles, timing, characters, scenes, voiceover, sound effects, and visual rhythm, then render a new MP4.
+
+Good fits include vertical short videos, product demos, story-driven animations, HUD/tech-style videos, feed ad creatives, tutorial explainers, caption-heavy clips, and reusable video templates.
+
+## Setup
+
+If the upstream Remotion skill is not installed, install it first:
+
+```bash
+hermes skills install skills-sh/google-labs-code/stitch-skills/remotion
+```
+
+For a new Remotion project, scaffold from an empty folder:
+
+```bash
+npx create-video@latest --yes --blank --no-tailwind my-video
+```
+
+Replace `my-video` with a short project name based on the user's brief.
+
+## Workflow
+
+1. Turn the request into a concise production brief: purpose, audience, duration, aspect ratio, style, scenes, text, narration, music, sound effects, and output path.
+2. Use practical defaults when the user does not specify them: 1080x1920 for vertical short video, 1920x1080 for horizontal video, 30 fps, MP4 output, and a duration that fits the requested platform.
+3. Create or reuse a Remotion project.
+4. Build the video as React components and Remotion compositions. Keep scene data, captions, colors, timing, and copy easy to edit.
+5. Use Remotion primitives for timing and media: `Composition`, `Sequence`, `AbsoluteFill`, `Audio`, `Video`, `Img`, `useCurrentFrame`, `useVideoConfig`, `interpolate`, and `spring`.
+6. Preview in Remotion Studio while iterating:
+
+```bash
+npx remotion studio
+```
+
+7. For non-trivial layouts, render at least one still frame to catch layout, color, and timing issues:
+
+```bash
+npx remotion still <composition-id> --scale=0.25 --frame=30
+```
+
+8. Render the final MP4:
+
+```bash
+npx remotion render <composition-id> out/final.mp4
+```
+
+## Implementation Guidelines
+
+- Prefer code that is easy to revise over one-off generated visuals.
+- Keep copy, scene timing, colors, and asset references in clear constants or data arrays.
+- Make captions readable on mobile: high contrast, generous line height, and safe margins.
+- Use deterministic animation. Avoid time-based randomness that changes between renders.
+- Use Remotion's frame-based timing instead of browser timers.
+- Use separate components for scenes, captions, overlays, lower thirds, and recurring visual motifs.
+- When adding voiceover or sound effects, keep audio timing explicit and easy to adjust.
+- When using user assets, keep their original files in the project and reference them through Remotion's asset path conventions.
+
+## Checks
+
+Before delivery, run the strongest practical validation for the scope:
+
+```bash
+npm run build
+npx remotion still <composition-id> --scale=0.25 --frame=30
+npx remotion render <composition-id> out/final.mp4
+```
+
+If the project uses a different package script, follow that project instead. If rendering fails because of missing browser, FFmpeg, codec, or dependency setup, report the blocker and run the relevant Remotion or environment diagnostic before retrying.
+
+## Delivery
+
+When finished, tell the user:
+
+- the Remotion project path;
+- the rendered MP4 path;
+- the preview command or Studio URL if a preview server is running;
+- the composition ID used for rendering;
+- any assumptions about duration, aspect ratio, voiceover, music, assets, or style.
+
+Do not stop at a concept. A Remotion video task is complete when the project is editable and the requested MP4 is rendered, unless the user explicitly asks for source code only.
diff --git a/packages/website/index.html b/packages/website/index.html
new file mode 100644
index 0000000..74314d0
--- /dev/null
+++ b/packages/website/index.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" href="/favicon.ico" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Hermes Studio - Self-Hosted AI Chat Dashboard</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com" />
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet" />
+  </head>
+  <body>
+    <div id="app"></div>
+    <script type="module" src="/src/main.ts"></script>
+  </body>
+</html>
diff --git a/packages/website/public/favicon.ico b/packages/website/public/favicon.ico
new file mode 100644
index 0000000..dbc3f56
Binary files /dev/null and b/packages/website/public/favicon.ico differ
diff --git a/packages/website/public/image1.png b/packages/website/public/image1.png
new file mode 100644
index 0000000..833c62f
Binary files /dev/null and b/packages/website/public/image1.png differ
diff --git a/packages/website/public/image2.png b/packages/website/public/image2.png
new file mode 100644
index 0000000..5d55a68
Binary files /dev/null and b/packages/website/public/image2.png differ
diff --git a/packages/website/public/image3.png b/packages/website/public/image3.png
new file mode 100644
index 0000000..9d49b83
Binary files /dev/null and b/packages/website/public/image3.png differ
diff --git a/packages/website/public/image4.png b/packages/website/public/image4.png
new file mode 100644
index 0000000..3e1de6b
Binary files /dev/null and b/packages/website/public/image4.png differ
diff --git a/packages/website/public/logo.png b/packages/website/public/logo.png
new file mode 100644
index 0000000..451200c
Binary files /dev/null and b/packages/website/public/logo.png differ
diff --git a/packages/website/src/App.vue b/packages/website/src/App.vue
new file mode 100644
index 0000000..c7c4b4e
--- /dev/null
+++ b/packages/website/src/App.vue
@@ -0,0 +1,38 @@
+<script setup lang="ts">
+import { darkTheme } from 'naive-ui'
+import { NConfigProvider, NMessageProvider } from 'naive-ui'
+import { useTheme } from '@/composables/useTheme'
+import { getThemeOverrides } from '@client/styles/theme'
+import SiteHeader from '@/components/layout/SiteHeader.vue'
+import SiteFooter from '@/components/layout/SiteFooter.vue'
+
+const { isDark } = useTheme()
+</script>
+
+<template>
+  <NConfigProvider :theme="isDark ? darkTheme : undefined" :theme-overrides="getThemeOverrides(isDark)">
+    <NMessageProvider>
+      <div class="website-app">
+        <SiteHeader />
+        <main class="website-main">
+          <router-view />
+        </main>
+        <SiteFooter />
+      </div>
+    </NMessageProvider>
+  </NConfigProvider>
+</template>
+
+<style scoped lang="scss">
+.website-app {
+  min-height: 100vh;
+  display: flex;
+  flex-direction: column;
+  background: var(--bg-primary);
+  color: var(--text-primary);
+}
+
+.website-main {
+  flex: 1;
+}
+</style>
diff --git a/packages/website/src/components/docs/DocContent.vue b/packages/website/src/components/docs/DocContent.vue
new file mode 100644
index 0000000..7a2e79a
--- /dev/null
+++ b/packages/website/src/components/docs/DocContent.vue
@@ -0,0 +1,156 @@
+<script setup lang="ts">
+import { computed } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useRoute } from 'vue-router'
+
+const { t, tm, rt } = useI18n()
+const route = useRoute()
+
+const pageKey = computed(() => (route.meta.page as string) || 'gettingStarted')
+const pageTitle = computed(() => t(`docs.${pageKey.value}.title`))
+const pageIntro = computed(() => t(`docs.${pageKey.value}.intro`))
+
+interface DocSection {
+  title: string
+  content: string
+  rows?: string[][]
+}
+
+const sections = computed<DocSection[]>(() => {
+  const key = pageKey.value
+  const meta = tm(`docs.${key}`) as Record<string, any>
+  if (!meta) return []
+
+  const result: DocSection[] = []
+  const sectionKeys = Object.keys(meta).filter(
+    (k) => k !== 'title' && k !== 'intro' && typeof meta[k] === 'object' && meta[k] !== null,
+  )
+
+  for (const sk of sectionKeys) {
+    const section = meta[sk] as Record<string, any>
+    result.push({
+      title: rt(section.title || ''),
+      content: rt(section.content || ''),
+      rows: Array.isArray(section.rows) ? section.rows : undefined,
+    })
+  }
+
+  return result
+})
+</script>
+
+<template>
+  <div class="doc-content">
+    <h1 class="doc-title">{{ pageTitle }}</h1>
+    <p v-if="pageIntro" class="doc-intro">{{ pageIntro }}</p>
+
+    <div v-for="(section, i) in sections" :key="i" class="doc-section">
+      <h2 class="doc-section-title">{{ section.title }}</h2>
+      <p v-if="section.content" class="doc-section-text">{{ section.content }}</p>
+
+      <table v-if="section.rows?.length" class="doc-table">
+        <tbody>
+          <tr v-for="(row, ri) in section.rows" :key="ri">
+            <td class="doc-table-key"><code>{{ row[0] }}</code></td>
+            <td>{{ row[1] }}</td>
+          </tr>
+        </tbody>
+      </table>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.doc-content {
+  max-width: 720px;
+  width: 100%;
+  padding: 40px 32px 80px;
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 24px 16px 60px;
+  }
+}
+
+.doc-title {
+  font-size: 32px;
+  font-weight: 700;
+  margin-bottom: 16px;
+  color: var(--text-primary);
+}
+
+.doc-intro {
+  font-size: 16px;
+  line-height: 1.7;
+  color: var(--text-secondary);
+  margin-bottom: 40px;
+}
+
+.doc-section {
+  margin-bottom: 36px;
+}
+
+.doc-section-title {
+  font-size: 20px;
+  font-weight: 600;
+  margin-bottom: 12px;
+  color: var(--text-primary);
+  padding-bottom: 8px;
+  border-bottom: 1px solid var(--border-light);
+}
+
+.doc-section-text {
+  font-size: 15px;
+  line-height: 1.7;
+  color: var(--text-secondary);
+}
+
+.doc-table {
+  width: 100%;
+  border-collapse: collapse;
+  margin-top: 12px;
+
+  tr {
+    border-bottom: 1px solid var(--border-light);
+  }
+
+  td {
+    padding: 10px 12px;
+    font-size: 14px;
+    color: var(--text-secondary);
+    vertical-align: top;
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    display: block;
+
+    tr {
+      display: block;
+      padding: 10px 0;
+    }
+
+    td {
+      display: block;
+      padding: 2px 0;
+    }
+  }
+}
+
+.doc-table-key {
+  white-space: nowrap;
+  width: 1%;
+  font-weight: 500;
+
+  code {
+    background: var(--bg-secondary);
+    padding: 2px 8px;
+    border-radius: 4px;
+    font-size: 13px;
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    white-space: normal;
+    width: auto;
+    margin-bottom: 4px;
+  }
+}
+</style>
diff --git a/packages/website/src/components/docs/DocSidebar.vue b/packages/website/src/components/docs/DocSidebar.vue
new file mode 100644
index 0000000..aa64fc3
--- /dev/null
+++ b/packages/website/src/components/docs/DocSidebar.vue
@@ -0,0 +1,85 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+import { useRoute, useRouter } from 'vue-router'
+
+const { t } = useI18n()
+const route = useRoute()
+const router = useRouter()
+
+const pages = [
+  { key: 'gettingStarted', name: 'docs.getting-started' },
+  { key: 'configuration', name: 'docs.configuration' },
+  { key: 'features', name: 'docs.features' },
+  { key: 'platforms', name: 'docs.platforms' },
+  { key: 'api', name: 'docs.api' },
+]
+
+function isActive(name: string) {
+  return route.name === name
+}
+
+function navigate(name: string) {
+  router.push({ name })
+}
+</script>
+
+<template>
+  <aside class="doc-sidebar">
+    <nav class="sidebar-nav">
+      <a
+        v-for="p in pages"
+        :key="p.key"
+        class="sidebar-link"
+        :class="{ active: isActive(p.name) }"
+        @click.prevent="navigate(p.name)"
+      >
+        {{ t(`docs.sidebar.${p.key}`) }}
+      </a>
+    </nav>
+  </aside>
+</template>
+
+<style scoped lang="scss">
+.doc-sidebar {
+  width: 240px;
+  flex-shrink: 0;
+  border-right: 1px solid var(--border-color);
+  padding: 24px 0;
+  position: sticky;
+  top: 60px;
+  height: calc(100vh - 60px);
+  overflow-y: auto;
+
+  @media (max-width: $breakpoint-mobile) {
+    display: none;
+  }
+}
+
+.sidebar-nav {
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+  padding: 0 12px;
+}
+
+.sidebar-link {
+  display: block;
+  padding: 8px 12px;
+  border-radius: $radius-sm;
+  color: var(--text-secondary);
+  font-size: 14px;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: var(--text-primary);
+    background: var(--bg-secondary);
+  }
+
+  &.active {
+    color: var(--text-primary);
+    background: var(--bg-secondary);
+    font-weight: 500;
+  }
+}
+</style>
diff --git a/packages/website/src/components/landing/FeaturesGrid.vue b/packages/website/src/components/landing/FeaturesGrid.vue
new file mode 100644
index 0000000..7f0002c
--- /dev/null
+++ b/packages/website/src/components/landing/FeaturesGrid.vue
@@ -0,0 +1,110 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+import { useScrollReveal } from '@/composables/useScrollReveal'
+
+const { t } = useI18n()
+useScrollReveal()
+
+const features = [
+  { key: 'streaming', icon: 'M13 2L3 14h9l-1 8 10-12h-9l1-8z' },
+  { key: 'platforms', icon: 'M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z' },
+  { key: 'multiModel', icon: 'M12 2a10 10 0 1 0 0 20 10 10 0 0 0 0-20zm0 14l-4-4h8l-4 4z' },
+  { key: 'groupChat', icon: 'M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2M9 11a4 4 0 1 0 0-8 4 4 0 0 0 0 8zm14 10v-2a4 4 0 0 0-3-3.87M16 3.13a4 4 0 0 1 0 7.75' },
+  { key: 'kanban', icon: 'M3 3h7v7H3zM14 3h7v7h-7zM3 14h7v7H3zM14 14h7v7h-7z' },
+  { key: 'analytics', icon: 'M18 20V10M12 20V4M6 20v-6' },
+  { key: 'profiles', icon: 'M16 4h2a2 2 0 0 1 2 2v14a2 2 0 0 1-2 2H6a2 2 0 0 1-2-2V6a2 2 0 0 1 2-2h2M9 2h6a1 1 0 0 1 1 1v2a1 1 0 0 1-1 1H9a1 1 0 0 1-1-1V3a1 1 0 0 1 1-1z' },
+  { key: 'files', icon: 'M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z' },
+  { key: 'terminal', icon: 'M4 17l6-6-6-6M12 19h8' },
+  { key: 'quickInstall', icon: 'M13 2L3 14h9l-1 8 10-12h-9l1-8z' },
+  { key: 'i18n', icon: 'M12 2a10 10 0 1 0 0 20 10 10 0 0 0 0-20zm-1 17.93a8 8 0 0 1 0-15.86M12 2a15 15 0 0 1 4 10 15 15 0 0 1-4 10M2 12h20' },
+  { key: 'theme', icon: 'M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z' },
+]
+</script>
+
+<template>
+  <section class="section">
+    <h2 class="section-title reveal">{{ t('features.title') }}</h2>
+    <p class="section-desc reveal">{{ t('features.desc') }}</p>
+    <div class="features-grid">
+      <div
+        v-for="(f, i) in features"
+        :key="f.key"
+        class="feature-card reveal"
+        :class="[`reveal-delay-${(i % 4) + 1}`]"
+      >
+        <div class="feature-icon">
+          <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+            <path :d="f.icon" />
+          </svg>
+        </div>
+        <h3 class="feature-title">{{ t(`features.${f.key}.title`) }}</h3>
+        <p class="feature-desc">{{ t(`features.${f.key}.desc`) }}</p>
+      </div>
+    </div>
+  </section>
+</template>
+
+<style scoped lang="scss">
+.features-grid {
+  display: grid;
+  grid-template-columns: repeat(3, 1fr);
+  gap: 20px;
+
+  @media (max-width: 900px) {
+    grid-template-columns: repeat(2, 1fr);
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    grid-template-columns: 1fr;
+  }
+}
+
+.feature-card {
+  padding: 28px 24px;
+  background: var(--bg-card);
+  border: 1px solid var(--border-color);
+  border-radius: $radius-md;
+  transition: all $transition-normal;
+
+  &:hover {
+    border-color: var(--text-muted);
+    box-shadow: 0 4px 12px rgba(0, 0, 0, 0.06);
+    transform: translateY(-2px);
+  }
+}
+
+.feature-icon {
+  width: 40px;
+  height: 40px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  background: var(--bg-secondary);
+  border-radius: $radius-sm;
+  margin-bottom: 16px;
+  color: var(--accent-primary);
+  transition: background $transition-normal;
+
+  .feature-card:hover & {
+    background: var(--border-color);
+  }
+
+  svg {
+    width: 20px;
+    height: 20px;
+  }
+}
+
+.feature-title {
+  font-size: 16px;
+  font-weight: 600;
+  margin-bottom: 8px;
+  color: var(--text-primary);
+}
+
+.feature-desc {
+  font-size: 14px;
+  line-height: 1.6;
+  color: var(--text-secondary);
+}
+</style>
diff --git a/packages/website/src/components/landing/HeroSection.vue b/packages/website/src/components/landing/HeroSection.vue
new file mode 100644
index 0000000..7e053c2
--- /dev/null
+++ b/packages/website/src/components/landing/HeroSection.vue
@@ -0,0 +1,306 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+import { useRouter } from 'vue-router'
+import { ref, onMounted, onUnmounted } from 'vue'
+
+const { t } = useI18n()
+const router = useRouter()
+const copied = ref(false)
+const canvasRef = ref<HTMLCanvasElement>()
+
+const installCmd = 'npm install -g hermes-web-ui'
+
+async function copyCmd() {
+  try {
+    await navigator.clipboard.writeText(installCmd)
+    copied.value = true
+    setTimeout(() => { copied.value = false }, 2000)
+  } catch {}
+}
+
+// ─── Particle network animation ──────────────────────────
+
+interface Particle {
+  x: number
+  y: number
+  vx: number
+  vy: number
+  r: number
+}
+
+let animId = 0
+let particles: Particle[] = []
+
+function initCanvas() {
+  const canvas = canvasRef.value
+  if (!canvas) return
+
+  const ctx = canvas.getContext('2d')!
+  const dpr = window.devicePixelRatio || 1
+
+  function resize() {
+    const el = canvasRef.value
+    if (!el || !el.parentElement) return
+    const rect = el.parentElement.getBoundingClientRect()
+    el.width = rect.width * dpr
+    el.height = rect.height * dpr
+    el.style.width = rect.width + 'px'
+    el.style.height = rect.height + 'px'
+    ctx.setTransform(dpr, 0, 0, dpr, 0, 0)
+  }
+
+  resize()
+
+  const count = Math.min(60, Math.floor((canvas.width / dpr) / 18))
+  const w = canvas.width / dpr
+  const h = canvas.height / dpr
+
+  particles = Array.from({ length: count }, () => ({
+    x: Math.random() * w,
+    y: Math.random() * h,
+    vx: (Math.random() - 0.5) * 0.4,
+    vy: (Math.random() - 0.5) * 0.4,
+    r: Math.random() * 1.5 + 0.5,
+  }))
+
+  const maxDist = 120
+
+  function draw() {
+    const dark = document.documentElement.classList.contains('dark')
+    const dotColor = dark ? 'rgba(224,224,224,' : 'rgba(51,51,51,'
+    const lineColor = dark ? 'rgba(224,224,224,' : 'rgba(51,51,51,'
+
+    ctx.clearRect(0, 0, w, h)
+
+    // Update & draw particles
+    for (const p of particles) {
+      p.x += p.vx
+      p.y += p.vy
+      if (p.x < 0 || p.x > w) p.vx *= -1
+      if (p.y < 0 || p.y > h) p.vy *= -1
+
+      ctx.beginPath()
+      ctx.arc(p.x, p.y, p.r, 0, Math.PI * 2)
+      ctx.fillStyle = dotColor + '0.6)'
+      ctx.fill()
+    }
+
+    // Draw connections
+    for (let i = 0; i < particles.length; i++) {
+      for (let j = i + 1; j < particles.length; j++) {
+        const dx = particles[i].x - particles[j].x
+        const dy = particles[i].y - particles[j].y
+        const dist = Math.sqrt(dx * dx + dy * dy)
+        if (dist < maxDist) {
+          const alpha = (1 - dist / maxDist) * 0.15
+          ctx.beginPath()
+          ctx.moveTo(particles[i].x, particles[i].y)
+          ctx.lineTo(particles[j].x, particles[j].y)
+          ctx.strokeStyle = lineColor + alpha + ')'
+          ctx.lineWidth = 0.5
+          ctx.stroke()
+        }
+      }
+    }
+
+    animId = requestAnimationFrame(draw)
+  }
+
+  draw()
+
+  const onResize = () => {
+    cancelAnimationFrame(animId)
+    initCanvas()
+  }
+  window.addEventListener('resize', onResize)
+
+  onUnmounted(() => {
+    cancelAnimationFrame(animId)
+    window.removeEventListener('resize', onResize)
+  })
+}
+
+onMounted(() => {
+  initCanvas()
+})
+</script>
+
+<template>
+  <section class="hero">
+    <canvas ref="canvasRef" class="hero-canvas" />
+    <div class="hero-inner">
+      <h1 class="hero-title animate-fade-in-up">{{ t('hero.title') }}</h1>
+      <p class="hero-subtitle animate-fade-in-up animate-delay-1">{{ t('hero.subtitle') }}</p>
+      <div class="hero-actions animate-fade-in-up animate-delay-2">
+        <button class="btn-primary" @click="router.push({ name: 'docs.getting-started' })">
+          {{ t('hero.cta') }}
+        </button>
+        <a
+          class="btn-outline"
+          href="https://github.com/EKKOLearnAI/hermes-web-ui"
+          target="_blank"
+          rel="noopener"
+        >
+          <svg viewBox="0 0 24 24" fill="currentColor" class="btn-icon">
+            <path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23.957-.266 1.983-.399 3.003-.404 1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576 4.765-1.589 8.199-6.086 8.199-11.386 0-6.627-5.373-12-12-12z"/>
+          </svg>
+          {{ t('hero.viewGithub') }}
+        </a>
+      </div>
+      <div class="install-box animate-fade-in animate-delay-3">
+        <code>{{ installCmd }}</code>
+        <button class="copy-btn" @click="copyCmd">
+          {{ copied ? t('ui.copied') : t('ui.copy') }}
+        </button>
+      </div>
+    </div>
+  </section>
+</template>
+
+<style scoped lang="scss">
+.hero {
+  position: relative;
+  overflow: hidden;
+  padding: 120px 24px 80px;
+  text-align: center;
+  background: var(--bg-primary);
+  border-bottom: 1px solid var(--border-color);
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 80px 16px 48px;
+  }
+}
+
+.hero-canvas {
+  position: absolute;
+  inset: 0;
+  width: 100%;
+  height: 100%;
+  pointer-events: none;
+}
+
+.hero-inner {
+  position: relative;
+  z-index: 1;
+  max-width: 720px;
+  margin: 0 auto;
+}
+
+.hero-title {
+  font-size: 48px;
+  font-weight: 700;
+  line-height: 1.2;
+  margin-bottom: 20px;
+  color: var(--text-primary);
+
+  @media (max-width: $breakpoint-mobile) {
+    font-size: 32px;
+  }
+}
+
+.hero-subtitle {
+  font-size: 18px;
+  line-height: 1.6;
+  color: var(--text-secondary);
+  margin-bottom: 36px;
+
+  @media (max-width: $breakpoint-mobile) {
+    font-size: 15px;
+  }
+}
+
+.hero-actions {
+  display: flex;
+  justify-content: center;
+  gap: 12px;
+  margin-bottom: 36px;
+  flex-wrap: wrap;
+}
+
+.btn-primary {
+  padding: 12px 28px;
+  background: var(--accent-primary);
+  color: var(--text-on-accent);
+  border: none;
+  border-radius: $radius-md;
+  font-size: 15px;
+  font-weight: 600;
+  cursor: pointer;
+  transition: background $transition-fast, transform $transition-fast;
+
+  &:hover {
+    background: var(--accent-hover);
+    transform: translateY(-1px);
+  }
+}
+
+.btn-outline {
+  display: inline-flex;
+  align-items: center;
+  gap: 8px;
+  padding: 12px 28px;
+  background: transparent;
+  color: var(--text-primary);
+  border: 1px solid var(--border-color);
+  border-radius: $radius-md;
+  font-size: 15px;
+  font-weight: 500;
+  text-decoration: none;
+  transition: all $transition-fast;
+
+  &:hover {
+    border-color: var(--text-muted);
+    transform: translateY(-1px);
+  }
+}
+
+.btn-icon {
+  width: 18px;
+  height: 18px;
+}
+
+.install-box {
+  display: inline-flex;
+  align-items: center;
+  gap: 12px;
+  background: var(--bg-secondary);
+  border: 1px solid var(--border-color);
+  border-radius: $radius-md;
+  padding: 12px 20px;
+  max-width: 100%;
+  overflow-x: auto;
+  -webkit-overflow-scrolling: touch;
+
+  code {
+    font-size: 14px;
+    background: transparent;
+    padding: 0;
+    white-space: nowrap;
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 10px 14px;
+    gap: 8px;
+
+    code {
+      font-size: 12px;
+    }
+  }
+}
+
+.copy-btn {
+  padding: 4px 12px;
+  border: 1px solid var(--border-color);
+  border-radius: $radius-sm;
+  background: transparent;
+  color: var(--text-secondary);
+  font-size: 12px;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: var(--text-primary);
+    border-color: var(--text-muted);
+  }
+}
+</style>
diff --git a/packages/website/src/components/landing/InstallSection.vue b/packages/website/src/components/landing/InstallSection.vue
new file mode 100644
index 0000000..888f984
--- /dev/null
+++ b/packages/website/src/components/landing/InstallSection.vue
@@ -0,0 +1,294 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+import { computed, ref } from 'vue'
+import { useScrollReveal } from '@/composables/useScrollReveal'
+
+interface DesktopDownload {
+  title: string
+  desc: string
+  assetSuffix: string
+}
+
+const { t, tm } = useI18n()
+useScrollReveal()
+const activeTab = ref<'desktop' | 'npm' | 'docker' | 'source'>('desktop')
+
+const releaseVersion = __APP_VERSION__.replace(/^v/, '')
+const releaseTag = `v${releaseVersion}`
+const releaseBaseUrl = 'https://github.com/EKKOLearnAI/hermes-web-ui/releases'
+const releaseUrl = `${releaseBaseUrl}/tag/${releaseTag}`
+const githubDownloadUrl = `${releaseBaseUrl}/download/${releaseTag}`
+const cloudflareDownloadUrl = `https://download.ekkolearnai.com/${releaseTag}`
+const desktopDownloads = computed(() =>
+  (tm('install.desktop.downloads') as DesktopDownload[]).map((item) => {
+    const assetName = `Hermes.Studio-${releaseVersion}-${item.assetSuffix}`
+    return {
+      ...item,
+      githubHref: `${githubDownloadUrl}/${assetName}`,
+      cloudflareHref: `${cloudflareDownloadUrl}/${assetName}`,
+    }
+  }),
+)
+
+function copyText(text: string) {
+  navigator.clipboard.writeText(text).catch(() => {})
+}
+</script>
+
+<template>
+  <div class="install-panel">
+    <h2 class="panel-title reveal">{{ t('install.title') }}</h2>
+    <p class="panel-desc reveal">{{ t('install.desc') }}</p>
+
+    <div class="install-tabs reveal">
+      <button
+        v-for="tab in (['desktop', 'npm', 'docker', 'source'] as const)"
+        :key="tab"
+        class="tab-btn"
+        :class="{ active: activeTab === tab }"
+        @click="activeTab = tab"
+      >
+        {{ t(`install.${tab}.title`) }}
+      </button>
+    </div>
+
+    <div class="install-content reveal reveal-delay-1">
+      <template v-if="activeTab === 'desktop'">
+        <div class="download-list">
+          <div
+            v-for="item in desktopDownloads"
+            :key="item.githubHref"
+            class="download-row"
+          >
+            <span>
+              <strong>{{ item.title }}</strong>
+              <small>{{ item.desc }}</small>
+            </span>
+            <span class="download-actions">
+              <a
+                class="download-action"
+                :href="item.githubHref"
+                target="_blank"
+                rel="noopener"
+              >
+                {{ t('install.desktop.githubDownload') }}
+              </a>
+              <a
+                class="download-action"
+                :href="item.cloudflareHref"
+                target="_blank"
+                rel="noopener"
+              >
+                {{ t('install.desktop.cloudflareDownload') }}
+              </a>
+            </span>
+          </div>
+        </div>
+        <a
+          class="all-downloads"
+          :href="releaseUrl"
+          target="_blank"
+          rel="noopener"
+        >
+          {{ t('install.desktop.allDownloads') }}
+        </a>
+      </template>
+      <template v-else-if="activeTab === 'npm'">
+        <div class="code-block" @click="copyText(t('install.npm.cmd1'))">
+          <code>{{ t('install.npm.cmd1') }}</code>
+        </div>
+        <div class="code-block" @click="copyText(t('install.npm.cmd2'))">
+          <code>{{ t('install.npm.cmd2') }}</code>
+        </div>
+      </template>
+      <template v-else-if="activeTab === 'docker'">
+        <div class="code-block" @click="copyText(t('install.docker.cmd'))">
+          <code>{{ t('install.docker.cmd') }}</code>
+        </div>
+      </template>
+      <template v-else>
+        <div class="code-block" @click="copyText(t('install.source.cmd1'))">
+          <code>{{ t('install.source.cmd1') }}</code>
+        </div>
+        <div class="code-block" @click="copyText(t('install.source.cmd2'))">
+          <code>{{ t('install.source.cmd2') }}</code>
+        </div>
+      </template>
+      <p class="prereq">{{ activeTab === 'desktop' ? t('install.desktop.prereq') : t('install.prereq') }}</p>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.install-panel {
+  padding: 40px 32px;
+  background: var(--bg-card);
+  border: 1px solid var(--border-color);
+  border-radius: $radius-lg;
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 24px 16px;
+  }
+}
+
+.panel-title {
+  font-size: 24px;
+  font-weight: 700;
+  margin-bottom: 8px;
+  color: var(--text-primary);
+}
+
+.panel-desc {
+  color: var(--text-secondary);
+  font-size: 15px;
+  margin-bottom: 24px;
+}
+
+.install-tabs {
+  display: flex;
+  gap: 4px;
+  margin-bottom: 20px;
+  background: var(--bg-secondary);
+  border-radius: $radius-md;
+  padding: 4px;
+  overflow-x: auto;
+  -webkit-overflow-scrolling: touch;
+}
+
+.tab-btn {
+  flex: 1;
+  padding: 8px 16px;
+  border: none;
+  border-radius: $radius-sm;
+  background: transparent;
+  color: var(--text-secondary);
+  font-size: 14px;
+  font-weight: 500;
+  cursor: pointer;
+  transition: all $transition-fast;
+  white-space: nowrap;
+
+  &.active {
+    background: var(--bg-card);
+    color: var(--text-primary);
+    box-shadow: 0 1px 3px rgba(0, 0, 0, 0.08);
+  }
+}
+
+.install-content {
+  // full width within panel
+}
+
+.download-list {
+  display: grid;
+  gap: 8px;
+}
+
+.download-row {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 16px;
+  padding: 14px 0;
+  border-bottom: 1px solid var(--border-color);
+  color: var(--text-primary);
+  text-decoration: none;
+
+  @media (max-width: $breakpoint-mobile) {
+    align-items: flex-start;
+    flex-direction: column;
+    gap: 10px;
+  }
+
+  &:first-child {
+    padding-top: 0;
+  }
+
+  strong,
+  small {
+    display: block;
+  }
+
+  strong {
+    font-size: 15px;
+    font-weight: 650;
+  }
+
+  small {
+    color: var(--text-muted);
+    font-size: 12px;
+    margin-top: 3px;
+  }
+}
+
+.download-actions {
+  flex: 0 0 auto;
+  display: flex;
+  gap: 8px;
+  flex-wrap: wrap;
+  justify-content: flex-end;
+
+  @media (max-width: $breakpoint-mobile) {
+    width: 100%;
+    justify-content: stretch;
+  }
+}
+
+.download-action {
+  display: inline-flex;
+  justify-content: center;
+  border: 1px solid var(--border-color);
+  border-radius: $radius-sm;
+  padding: 7px 12px;
+  color: var(--text-secondary);
+  font-size: 13px;
+  font-weight: 600;
+  text-decoration: none;
+  transition: border-color $transition-fast;
+
+  &:hover {
+    border-color: var(--text-muted);
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    flex: 1 1 0;
+  }
+}
+
+.all-downloads {
+  display: inline-flex;
+  margin-top: 14px;
+  color: var(--text-primary);
+  font-size: 13px;
+  font-weight: 600;
+}
+
+.code-block {
+  background: var(--bg-secondary);
+  border: 1px solid var(--border-color);
+  border-radius: $radius-sm;
+  padding: 14px 18px;
+  margin-bottom: 8px;
+  cursor: pointer;
+  transition: border-color $transition-fast;
+  overflow-x: auto;
+  -webkit-overflow-scrolling: touch;
+
+  &:hover {
+    border-color: var(--text-muted);
+  }
+
+  code {
+    font-size: 14px;
+    background: transparent;
+    padding: 0;
+    white-space: nowrap;
+  }
+}
+
+.prereq {
+  color: var(--text-muted);
+  font-size: 13px;
+  margin-top: 16px;
+}
+</style>
diff --git a/packages/website/src/components/landing/PlatformsSection.vue b/packages/website/src/components/landing/PlatformsSection.vue
new file mode 100644
index 0000000..7352e97
--- /dev/null
+++ b/packages/website/src/components/landing/PlatformsSection.vue
@@ -0,0 +1,119 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+
+const { t } = useI18n()
+
+const platforms = [
+  { key: 'telegram', icon: 'M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm4.64 6.8c-.15 1.58-.8 5.42-1.13 7.19-.14.75-.42 1-.68 1.03-.58.05-1.02-.38-1.58-.75-.88-.58-1.38-.94-2.23-1.5-.99-.65-.35-1.01.22-1.59.15-.15 2.71-2.48 2.76-2.69.01-.03.01-.14-.07-.2-.08-.06-.19-.04-.27-.02-.12.02-1.96 1.25-5.54 3.67-.52.36-1 .53-1.42.52-.47-.01-1.37-.26-2.03-.48-.82-.27-1.47-.42-1.42-.88.03-.24.37-.49 1.02-.75 3.99-1.74 6.65-2.89 7.99-3.44 3.81-1.58 4.6-1.86 5.12-1.87.11 0 .37.03.54.17.14.12.18.28.2.45-.01.06.01.24 0 .38z' },
+  { key: 'discord', icon: 'M20.317 4.37a19.791 19.791 0 0 0-4.885-1.515.074.074 0 0 0-.079.037c-.21.375-.444.864-.608 1.25a18.27 18.27 0 0 0-5.487 0 12.64 12.64 0 0 0-.617-1.25.077.077 0 0 0-.079-.037A19.736 19.736 0 0 0 3.677 4.37a.07.07 0 0 0-.032.027C.533 9.046-.32 13.58.099 18.057a.082.082 0 0 0 .031.057 19.9 19.9 0 0 0 5.993 3.03.078.078 0 0 0 .084-.028c.462-.63.874-1.295 1.226-1.994a.076.076 0 0 0-.041-.106 13.107 13.107 0 0 1-1.872-.892.077.077 0 0 1-.008-.128 10.2 10.2 0 0 0 .372-.292.074.074 0 0 1 .077-.01c3.928 1.793 8.18 1.793 12.062 0a.074.074 0 0 1 .078.01c.12.098.246.198.373.292a.077.077 0 0 1-.006.127 12.299 12.299 0 0 1-1.873.892.077.077 0 0 0-.041.107c.36.698.772 1.362 1.225 1.993a.076.076 0 0 0 .084.028 19.839 19.839 0 0 0 6.002-3.03.077.077 0 0 0 .032-.054c.5-5.177-.838-9.674-3.549-13.66a.061.061 0 0 0-.031-.03z' },
+  { key: 'slack', icon: 'M5.042 15.165a2.528 2.528 0 0 1-2.52 2.523A2.528 2.528 0 0 1 0 15.165a2.527 2.527 0 0 1 2.522-2.52h2.52v2.52zm1.271 0a2.527 2.527 0 0 1 2.521-2.52 2.527 2.527 0 0 1 2.521 2.52v6.313A2.528 2.528 0 0 1 8.834 24a2.528 2.528 0 0 1-2.521-2.522v-6.313z' },
+  { key: 'whatsapp', icon: 'M17.472 14.382c-.297-.149-1.758-.867-2.03-.967-.273-.099-.471-.148-.67.15-.197.297-.767.966-.94 1.164-.173.199-.347.223-.644.075-.297-.15-1.255-.463-2.39-1.475-.883-.788-1.48-1.761-1.653-2.059-.173-.297-.018-.458.13-.606.134-.133.298-.347.446-.52.149-.174.198-.298.298-.497.099-.198.05-.371-.025-.52-.075-.149-.669-1.612-.916-2.207-.242-.579-.487-.5-.669-.51-.173-.008-.371-.01-.57-.01-.198 0-.52.074-.792.372-.272.297-1.04 1.016-1.04 2.479 0 1.462 1.065 2.875 1.213 3.074.149.198 2.096 3.2 5.077 4.487.709.306 1.262.489 1.694.625.712.227 1.36.195 1.871.118.571-.085 1.758-.719 2.006-1.413.248-.694.248-1.289.173-1.413-.074-.124-.272-.198-.57-.347z' },
+  { key: 'matrix', icon: 'M12 2a10 10 0 1 0 0 20 10 10 0 0 0 0-20zm0 3a7 7 0 0 1 7 7h-2a5 5 0 0 0-5-5V5z' },
+  { key: 'feishu', icon: 'M12 2L2 7l10 5 10-5-10-5zM2 17l10 5 10-5M2 12l10 5 10-5' },
+  { key: 'wechat', icon: 'M8.691 2.188C3.891 2.188 0 5.476 0 9.53c0 2.212 1.17 4.203 3.002 5.55a.59.59 0 0 1 .213.665l-.39 1.48c-.019.07-.048.141-.048.213 0 .163.13.295.29.295a.326.326 0 0 0 .167-.054l1.903-1.114a.864.864 0 0 1 .717-.098 10.16 10.16 0 0 0 2.837.403c.276 0 .543-.027.811-.05-.857-2.578.157-4.972 1.932-6.446 1.703-1.415 3.882-1.98 5.853-1.838-.576-3.583-4.196-6.348-8.596-6.348zM5.785 5.991c.642 0 1.162.529 1.162 1.18a1.17 1.17 0 0 1-1.162 1.178A1.17 1.17 0 0 1 4.623 7.17c0-.651.52-1.18 1.162-1.18zm5.813 0c.642 0 1.162.529 1.162 1.18a1.17 1.17 0 0 1-1.162 1.178 1.17 1.17 0 0 1-1.162-1.178c0-.651.52-1.18 1.162-1.18z' },
+  { key: 'wecom', icon: 'M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm-1 17.93c-3.95-.49-7-3.85-7-7.93 0-.62.08-1.21.21-1.79L9 15v1c0 1.1.9 2 2 2v1.93zm6.9-2.54c-.26-.81-1-1.39-1.9-1.39h-1v-3c0-.55-.45-1-1-1H8v-2h2c.55 0 1-.45 1-1V7h2c1.1 0 2-.9 2-2v-.41c2.93 1.19 5 4.06 5 7.41 0 2.08-.8 3.97-2.1 5.39z' },
+]
+</script>
+
+<template>
+  <section class="platforms-section">
+    <div class="section-inner">
+      <h2 class="section-title">{{ t('platforms.title') }}</h2>
+      <p class="section-desc">{{ t('platforms.desc') }}</p>
+      <div class="platforms-grid">
+        <div v-for="p in platforms" :key="p.key" class="platform-item">
+          <div class="platform-icon">
+            <svg viewBox="0 0 24 24" fill="currentColor">
+              <path :d="p.icon" />
+            </svg>
+          </div>
+          <span class="platform-name">{{ t(`platforms.${p.key}`) }}</span>
+        </div>
+      </div>
+    </div>
+  </section>
+</template>
+
+<style scoped lang="scss">
+.platforms-section {
+  background: var(--bg-secondary);
+  border-top: 1px solid var(--border-color);
+  border-bottom: 1px solid var(--border-color);
+}
+
+.section-inner {
+  max-width: 1120px;
+  margin: 0 auto;
+  padding: 80px 24px;
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 48px 16px;
+  }
+}
+
+.platforms-grid {
+  display: flex;
+  flex-wrap: wrap;
+  justify-content: center;
+  gap: 24px;
+
+  @media (max-width: $breakpoint-mobile) {
+    gap: 16px;
+  }
+}
+
+.platform-item {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 10px;
+  width: 120px;
+
+  @media (max-width: $breakpoint-mobile) {
+    width: 80px;
+    gap: 6px;
+  }
+}
+
+.platform-icon {
+  width: 52px;
+  height: 52px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  background: var(--bg-card);
+  border: 1px solid var(--border-color);
+  border-radius: $radius-md;
+  color: var(--text-primary);
+  transition: all $transition-fast;
+
+  &:hover {
+    border-color: var(--text-muted);
+  }
+
+  svg {
+    width: 24px;
+    height: 24px;
+  }
+
+  @media (max-width: $breakpoint-mobile) {
+    width: 44px;
+    height: 44px;
+
+    svg {
+      width: 20px;
+      height: 20px;
+    }
+  }
+}
+
+.platform-name {
+  font-size: 13px;
+  color: var(--text-secondary);
+  text-align: center;
+
+  @media (max-width: $breakpoint-mobile) {
+    font-size: 12px;
+  }
+}
+</style>
diff --git a/packages/website/src/components/landing/ScreenshotsSection.vue b/packages/website/src/components/landing/ScreenshotsSection.vue
new file mode 100644
index 0000000..c97d91a
--- /dev/null
+++ b/packages/website/src/components/landing/ScreenshotsSection.vue
@@ -0,0 +1,260 @@
+<script setup lang="ts">
+import { computed, ref, onMounted, onUnmounted } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useScrollReveal } from '@/composables/useScrollReveal'
+
+interface ScreenshotItem {
+  src: string
+  alt: string
+}
+
+const { t, tm } = useI18n()
+useScrollReveal()
+
+const images = computed(() => tm('screenshots.items') as ScreenshotItem[])
+const activeIndex = ref(0)
+let timer: ReturnType<typeof setInterval>
+
+function next() {
+  activeIndex.value = (activeIndex.value + 1) % images.value.length
+}
+
+function prev() {
+  activeIndex.value = (activeIndex.value - 1 + images.value.length) % images.value.length
+}
+
+function setActive(i: number) {
+  activeIndex.value = i
+  resetTimer()
+}
+
+function resetTimer() {
+  clearInterval(timer)
+  timer = setInterval(next, 5000)
+}
+
+onMounted(() => {
+  timer = setInterval(next, 5000)
+})
+
+onUnmounted(() => {
+  clearInterval(timer)
+})
+</script>
+
+<template>
+  <section class="screenshots-section">
+    <div class="screenshots-inner reveal">
+      <!-- Browser frame mockup -->
+      <div class="browser-frame">
+        <div class="browser-bar">
+          <div class="browser-dots">
+            <span class="dot red" />
+            <span class="dot yellow" />
+            <span class="dot green" />
+          </div>
+          <div class="browser-url">
+            <span>{{ t('screenshots.localUrl') }}</span>
+          </div>
+          <div class="browser-spacer" />
+        </div>
+        <div class="browser-viewport">
+          <transition name="slide" mode="out-in">
+            <img
+              :key="activeIndex"
+              :src="images[activeIndex].src"
+              :alt="images[activeIndex].alt"
+              class="screenshot-img"
+            />
+          </transition>
+        </div>
+      </div>
+
+      <!-- Navigation -->
+      <div class="screenshot-nav">
+        <button class="nav-arrow" :aria-label="t('screenshots.previous')" @click="prev(); resetTimer()">
+          <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="15 18 9 12 15 6" /></svg>
+        </button>
+
+        <div class="screenshot-dots">
+          <button
+            v-for="(_img, i) in images"
+            :key="i"
+            class="dot-btn"
+            :aria-label="t('screenshots.goTo', { number: i + 1 })"
+            :class="{ active: activeIndex === i }"
+            @click="setActive(i)"
+          />
+        </div>
+
+        <button class="nav-arrow" :aria-label="t('screenshots.next')" @click="next(); resetTimer()">
+          <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><polyline points="9 18 15 12 9 6" /></svg>
+        </button>
+      </div>
+    </div>
+  </section>
+</template>
+
+<style scoped lang="scss">
+.screenshots-section {
+  padding: 0 24px;
+  margin-top: 48px;
+  margin-bottom: 24px;
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 0 12px;
+    margin-top: 32px;
+    margin-bottom: 16px;
+  }
+}
+
+.screenshots-inner {
+  max-width: 920px;
+  margin: 0 auto;
+}
+
+// ─── Browser Frame ──────────────────────────
+
+.browser-frame {
+  border-radius: $radius-lg;
+  border: 1px solid var(--border-color);
+  overflow: hidden;
+  background: var(--bg-secondary);
+  box-shadow:
+    0 4px 16px rgba(0, 0, 0, 0.06),
+    0 20px 60px rgba(0, 0, 0, 0.08);
+  transition: transform 0.4s ease, box-shadow 0.4s ease;
+
+  &:hover {
+    transform: translateY(-4px);
+    box-shadow:
+      0 8px 24px rgba(0, 0, 0, 0.08),
+      0 32px 80px rgba(0, 0, 0, 0.12);
+  }
+}
+
+.browser-bar {
+  display: flex;
+  align-items: center;
+  padding: 10px 14px;
+  gap: 12px;
+  border-bottom: 1px solid var(--border-color);
+  background: var(--bg-card);
+}
+
+.browser-dots {
+  display: flex;
+  gap: 6px;
+}
+
+.dot {
+  width: 10px;
+  height: 10px;
+  border-radius: 50%;
+
+  &.red { background: #ff5f57; }
+  &.yellow { background: #febc2e; }
+  &.green { background: #28c840; }
+}
+
+.browser-url {
+  flex: 1;
+  background: var(--bg-secondary);
+  border-radius: 4px;
+  padding: 4px 12px;
+  font-size: 12px;
+  color: var(--text-muted);
+  font-family: $font-code;
+  text-align: center;
+}
+
+.browser-spacer {
+  width: 52px;
+}
+
+.browser-viewport {
+  position: relative;
+  width: 100%;
+  background: var(--bg-secondary);
+}
+
+.screenshot-img {
+  width: 100%;
+  display: block;
+}
+
+// ─── Slide Transition ───────────────────────
+
+.slide-enter-active,
+.slide-leave-active {
+  transition: all 0.4s ease;
+}
+
+.slide-enter-from {
+  opacity: 0;
+  transform: translateX(24px);
+}
+
+.slide-leave-to {
+  opacity: 0;
+  transform: translateX(-24px);
+}
+
+// ─── Navigation ─────────────────────────────
+
+.screenshot-nav {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: 16px;
+  margin-top: 16px;
+}
+
+.nav-arrow {
+  width: 36px;
+  height: 36px;
+  border-radius: 50%;
+  border: 1px solid var(--border-color);
+  background: var(--bg-card);
+  color: var(--text-secondary);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: var(--text-primary);
+    border-color: var(--text-muted);
+  }
+
+  svg {
+    width: 16px;
+    height: 16px;
+  }
+}
+
+.screenshot-dots {
+  display: flex;
+  gap: 8px;
+}
+
+.dot-btn {
+  width: 8px;
+  height: 8px;
+  border-radius: 50%;
+  border: none;
+  background: var(--border-color);
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &.active {
+    background: var(--accent-primary);
+    transform: scale(1.3);
+  }
+
+  &:hover:not(.active) {
+    background: var(--text-muted);
+  }
+}
+</style>
diff --git a/packages/website/src/components/landing/StarHistorySection.vue b/packages/website/src/components/landing/StarHistorySection.vue
new file mode 100644
index 0000000..4f745d3
--- /dev/null
+++ b/packages/website/src/components/landing/StarHistorySection.vue
@@ -0,0 +1,170 @@
+<script setup lang="ts">
+import { ref, computed, onMounted } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useScrollReveal } from '@/composables/useScrollReveal'
+import { useTheme } from '@/composables/useTheme'
+
+const { t } = useI18n()
+const { isDark } = useTheme()
+useScrollReveal()
+
+const stars = ref<number | null>(null)
+
+const chartSrc = computed(() => {
+  const base = 'https://api.star-history.com/svg?repos=EKKOLearnAI%2Fhermes-web-ui&type=Date'
+  return isDark.value ? `${base}&theme=dark` : base
+})
+
+onMounted(async () => {
+  try {
+    const res = await fetch('https://api.github.com/repos/EKKOLearnAI/hermes-web-ui')
+    const data = await res.json()
+    stars.value = data.stargazers_count
+  } catch {}
+})
+</script>
+
+<template>
+  <div class="star-panel">
+    <h2 class="panel-title reveal">{{ t('starHistory.title') }}</h2>
+    <p class="panel-desc reveal">{{ t('starHistory.desc') }}</p>
+
+    <div class="star-badges reveal reveal-delay-1">
+      <a
+        class="star-btn"
+        href="https://github.com/EKKOLearnAI/hermes-web-ui"
+        target="_blank"
+        rel="noopener"
+      >
+        <svg viewBox="0 0 24 24" fill="currentColor" class="star-icon">
+          <path d="M12 2l3.09 6.26L22 9.27l-5 4.87 1.18 6.88L12 17.77l-6.18 3.25L7 14.14 2 9.27l6.91-1.01L12 2z"/>
+        </svg>
+        <span>{{ t('starHistory.star') }}</span>
+        <span v-if="stars !== null" class="star-count">{{ stars.toLocaleString() }}</span>
+      </a>
+
+      <img
+        class="github-badge"
+        src="https://img.shields.io/github/license/EKKOLearnAI/hermes-web-ui?style=flat-square"
+        :alt="t('starHistory.licenseAlt')"
+      />
+      <img
+        class="github-badge"
+        src="https://img.shields.io/github/v/release/EKKOLearnAI/hermes-web-ui?style=flat-square"
+        :alt="t('starHistory.versionAlt')"
+      />
+    </div>
+
+    <div class="star-chart reveal reveal-delay-2">
+      <a
+        href="https://www.star-history.com/?type=date&repos=EKKOLearnAI%2Fhermes-web-ui"
+        target="_blank"
+        rel="noopener noreferrer"
+        class="chart-link"
+      >
+        <img
+          :src="chartSrc"
+          :alt="t('starHistory.chartAlt')"
+          class="chart-img"
+        />
+      </a>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.star-panel {
+  padding: 40px 32px;
+  background: var(--bg-card);
+  border: 1px solid var(--border-color);
+  border-radius: $radius-lg;
+  display: flex;
+  flex-direction: column;
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 24px 16px;
+  }
+}
+
+.panel-title {
+  font-size: 24px;
+  font-weight: 700;
+  margin-bottom: 8px;
+  color: var(--text-primary);
+}
+
+.panel-desc {
+  color: var(--text-secondary);
+  font-size: 15px;
+  margin-bottom: 24px;
+}
+
+.star-badges {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  margin-bottom: 20px;
+  flex-wrap: wrap;
+}
+
+.star-btn {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  padding: 6px 14px;
+  background: var(--bg-secondary);
+  border: 1px solid var(--border-color);
+  border-radius: $radius-md;
+  text-decoration: none;
+  color: var(--text-primary);
+  font-size: 13px;
+  font-weight: 500;
+  transition: all $transition-fast;
+
+  &:hover {
+    border-color: var(--text-muted);
+  }
+}
+
+.star-icon {
+  width: 16px;
+  height: 16px;
+  fill: var(--text-muted);
+}
+
+.star-count {
+  padding: 1px 8px;
+  background: var(--bg-secondary);
+  border-left: 1px solid var(--border-color);
+  border-radius: 0 $radius-sm $radius-sm 0;
+  margin-left: 2px;
+  font-weight: 600;
+  font-variant-numeric: tabular-nums;
+}
+
+.github-badge {
+  height: 22px;
+  border-radius: 2px;
+}
+
+.star-chart {
+  flex: 1;
+  display: flex;
+  align-items: center;
+}
+
+.chart-link {
+  display: block;
+  width: 100%;
+}
+
+.chart-img {
+  width: 100%;
+  border-radius: $radius-sm;
+  transition: opacity $transition-fast;
+
+  &:hover {
+    opacity: 0.85;
+  }
+}
+</style>
diff --git a/packages/website/src/components/layout/SiteFooter.vue b/packages/website/src/components/layout/SiteFooter.vue
new file mode 100644
index 0000000..0b674ca
--- /dev/null
+++ b/packages/website/src/components/layout/SiteFooter.vue
@@ -0,0 +1,110 @@
+<script setup lang="ts">
+import { useI18n } from 'vue-i18n'
+
+const { t } = useI18n()
+</script>
+
+<template>
+  <footer class="site-footer">
+    <div class="footer-inner">
+      <div class="footer-left">
+        <div class="footer-brand">
+          <img src="/logo.png" :alt="t('brand.logoAlt')" class="footer-logo" />
+          <span>{{ t('brand.name') }}</span>
+        </div>
+        <p class="footer-desc">{{ t('footer.description') }}</p>
+      </div>
+      <div class="footer-right">
+        <p class="footer-meta">{{ t('footer.madeWith') }}</p>
+        <p class="footer-meta">{{ t('footer.license') }}</p>
+        <a
+          class="footer-github"
+          href="https://github.com/EKKOLearnAI/hermes-web-ui"
+          target="_blank"
+          rel="noopener"
+        >
+          <svg viewBox="0 0 24 24" fill="currentColor">
+            <path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23.957-.266 1.983-.399 3.003-.404 1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576 4.765-1.589 8.199-6.086 8.199-11.386 0-6.627-5.373-12-12-12z"/>
+          </svg>
+        </a>
+      </div>
+    </div>
+  </footer>
+</template>
+
+<style scoped lang="scss">
+.site-footer {
+  border-top: 1px solid var(--border-color);
+  background: var(--bg-secondary);
+}
+
+.footer-inner {
+  max-width: 1120px;
+  margin: 0 auto;
+  padding: 40px 24px;
+  display: flex;
+  justify-content: space-between;
+  align-items: flex-start;
+  gap: 40px;
+
+  @media (max-width: $breakpoint-mobile) {
+    flex-direction: column;
+    gap: 24px;
+  }
+}
+
+.footer-left {
+  display: flex;
+  flex-direction: column;
+  gap: 8px;
+}
+
+.footer-brand {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  font-weight: 600;
+  color: var(--text-primary);
+}
+
+.footer-logo {
+  width: 24px;
+  height: 24px;
+  border-radius: $radius-sm;
+}
+
+.footer-desc {
+  color: var(--text-muted);
+  font-size: 13px;
+}
+
+.footer-right {
+  display: flex;
+  flex-direction: column;
+  align-items: flex-end;
+  gap: 6px;
+
+  @media (max-width: $breakpoint-mobile) {
+    align-items: flex-start;
+  }
+}
+
+.footer-meta {
+  color: var(--text-muted);
+  font-size: 13px;
+}
+
+.footer-github {
+  color: var(--text-muted);
+  transition: color $transition-fast;
+
+  &:hover {
+    color: var(--text-primary);
+  }
+
+  svg {
+    width: 20px;
+    height: 20px;
+  }
+}
+</style>
diff --git a/packages/website/src/components/layout/SiteHeader.vue b/packages/website/src/components/layout/SiteHeader.vue
new file mode 100644
index 0000000..aa84cd9
--- /dev/null
+++ b/packages/website/src/components/layout/SiteHeader.vue
@@ -0,0 +1,306 @@
+<script setup lang="ts">
+import { ref } from 'vue'
+import { useI18n } from 'vue-i18n'
+import { useRouter } from 'vue-router'
+import { useTheme } from '@/composables/useTheme'
+
+const { t, locale } = useI18n()
+const router = useRouter()
+const { isDark, toggleTheme } = useTheme()
+const mobileMenuOpen = ref(false)
+
+function switchLocale() {
+  const next = locale.value === 'en' ? 'zh' : 'en'
+  locale.value = next
+  localStorage.setItem('hermes_website_locale', next)
+}
+
+function navigateTo(name: string) {
+  router.push({ name })
+  mobileMenuOpen.value = false
+}
+
+function goHome() {
+  router.push({ name: 'landing' })
+  mobileMenuOpen.value = false
+}
+</script>
+
+<template>
+  <header class="site-header">
+    <div class="header-inner">
+      <div class="header-left" @click="goHome">
+        <img src="/logo.png" :alt="t('brand.logoAlt')" class="logo-icon" />
+        <span class="logo-text">{{ t('brand.name') }}</span>
+      </div>
+
+      <nav class="header-nav">
+        <a class="nav-link" @click.prevent="navigateTo('landing')">{{ t('nav.home') }}</a>
+        <a class="nav-link" @click.prevent="navigateTo('docs.getting-started')">{{ t('nav.docs') }}</a>
+        <a
+          class="nav-link"
+          href="https://github.com/EKKOLearnAI/hermes-web-ui"
+          target="_blank"
+          rel="noopener"
+        >
+          {{ t('nav.github') }}
+          <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" class="external-icon">
+            <path d="M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6" />
+            <polyline points="15 3 21 3 21 9" />
+            <line x1="10" y1="14" x2="21" y2="3" />
+          </svg>
+        </a>
+        <button class="icon-btn" @click="switchLocale" :title="locale === 'en' ? t('ui.switchToChinese') : t('ui.switchToEnglish')">
+          {{ locale === 'en' ? '中' : 'EN' }}
+        </button>
+        <button class="icon-btn" @click="toggleTheme" :title="isDark ? t('ui.lightTheme') : t('ui.darkTheme')">
+          <svg v-if="isDark" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+            <circle cx="12" cy="12" r="5" />
+            <line x1="12" y1="1" x2="12" y2="3" />
+            <line x1="12" y1="21" x2="12" y2="23" />
+            <line x1="4.22" y1="4.22" x2="5.64" y2="5.64" />
+            <line x1="18.36" y1="18.36" x2="19.78" y2="19.78" />
+            <line x1="1" y1="12" x2="3" y2="12" />
+            <line x1="21" y1="12" x2="23" y2="12" />
+            <line x1="4.22" y1="19.78" x2="5.64" y2="18.36" />
+            <line x1="18.36" y1="5.64" x2="19.78" y2="4.22" />
+          </svg>
+          <svg v-else viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+            <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z" />
+          </svg>
+        </button>
+      </nav>
+
+      <button class="mobile-toggle" @click="mobileMenuOpen = !mobileMenuOpen" :title="t('ui.menu')">
+        <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+          <line x1="3" y1="6" x2="21" y2="6" />
+          <line x1="3" y1="12" x2="21" y2="12" />
+          <line x1="3" y1="18" x2="21" y2="18" />
+        </svg>
+      </button>
+    </div>
+
+    <div v-if="mobileMenuOpen" class="mobile-menu" @click="mobileMenuOpen = false">
+      <div class="mobile-menu-inner" @click.stop>
+        <a class="mobile-link" @click.prevent="navigateTo('landing')">{{ t('nav.home') }}</a>
+        <a class="mobile-link" @click.prevent="navigateTo('docs.getting-started')">{{ t('nav.docs') }}</a>
+        <a class="mobile-link" href="https://github.com/EKKOLearnAI/hermes-web-ui" target="_blank" rel="noopener">{{ t('nav.github') }}</a>
+        <div class="mobile-actions">
+          <button class="mobile-action-btn" @click="switchLocale">
+            <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" class="action-icon">
+              <circle cx="12" cy="12" r="10" />
+              <line x1="2" y1="12" x2="22" y2="12" />
+              <path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z" />
+            </svg>
+            {{ locale === 'en' ? t('ui.switchToChinese') : t('ui.switchToEnglish') }}
+          </button>
+          <button class="mobile-action-btn" @click="toggleTheme">
+            <svg v-if="isDark" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" class="action-icon">
+              <circle cx="12" cy="12" r="5" />
+              <line x1="12" y1="1" x2="12" y2="3" />
+              <line x1="12" y1="21" x2="12" y2="23" />
+              <line x1="4.22" y1="4.22" x2="5.64" y2="5.64" />
+              <line x1="18.36" y1="18.36" x2="19.78" y2="19.78" />
+              <line x1="1" y1="12" x2="3" y2="12" />
+              <line x1="21" y1="12" x2="23" y2="12" />
+              <line x1="4.22" y1="19.78" x2="5.64" y2="18.36" />
+              <line x1="18.36" y1="5.64" x2="19.78" y2="4.22" />
+            </svg>
+            <svg v-else viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" class="action-icon">
+              <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z" />
+            </svg>
+            {{ isDark ? t('ui.lightMode') : t('ui.darkMode') }}
+          </button>
+        </div>
+      </div>
+    </div>
+  </header>
+</template>
+
+<style scoped lang="scss">
+.site-header {
+  position: sticky;
+  top: 0;
+  z-index: 100;
+  background: var(--bg-card);
+  border-bottom: 1px solid var(--border-color);
+  backdrop-filter: blur(8px);
+}
+
+.header-inner {
+  max-width: 1120px;
+  margin: 0 auto;
+  padding: 0 24px;
+  height: 60px;
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+}
+
+.header-left {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  cursor: pointer;
+  font-weight: 600;
+  font-size: 16px;
+  color: var(--text-primary);
+
+  &:hover {
+    opacity: 0.8;
+  }
+}
+
+.logo-icon {
+  width: 28px;
+  height: 28px;
+  border-radius: $radius-sm;
+}
+
+.logo-text {
+  white-space: nowrap;
+}
+
+.header-nav {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+
+.nav-link {
+  padding: 6px 14px;
+  border-radius: $radius-sm;
+  color: var(--text-secondary);
+  font-size: 14px;
+  cursor: pointer;
+  transition: all $transition-fast;
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+
+  &:hover {
+    color: var(--text-primary);
+    background: var(--bg-secondary);
+  }
+}
+
+.external-icon {
+  width: 12px;
+  height: 12px;
+}
+
+.icon-btn {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  width: 36px;
+  height: 36px;
+  border: 1px solid var(--border-color);
+  border-radius: $radius-sm;
+  background: transparent;
+  color: var(--text-secondary);
+  cursor: pointer;
+  font-size: 12px;
+  font-weight: 500;
+  transition: all $transition-fast;
+
+  &:hover {
+    color: var(--text-primary);
+    border-color: var(--text-muted);
+    background: var(--bg-secondary);
+  }
+
+  svg {
+    width: 16px;
+    height: 16px;
+  }
+}
+
+.mobile-toggle {
+  display: none;
+  align-items: center;
+  justify-content: center;
+  width: 40px;
+  height: 40px;
+  border: none;
+  background: transparent;
+  color: var(--text-primary);
+  cursor: pointer;
+
+  svg {
+    width: 20px;
+    height: 20px;
+  }
+}
+
+.mobile-menu {
+  position: fixed;
+  inset: 0;
+  top: 60px;
+  background: rgba(0, 0, 0, 0.3);
+  z-index: 99;
+}
+
+.mobile-menu-inner {
+  background: var(--bg-card);
+  padding: 16px 24px;
+  display: flex;
+  flex-direction: column;
+  gap: 4px;
+  border-bottom: 1px solid var(--border-color);
+}
+
+.mobile-link {
+  padding: 12px 0;
+  color: var(--text-secondary);
+  font-size: 16px;
+  cursor: pointer;
+  border-bottom: 1px solid var(--border-light);
+
+  &:hover {
+    color: var(--text-primary);
+  }
+}
+
+.mobile-actions {
+  display: flex;
+  gap: 8px;
+  padding-top: 12px;
+}
+
+.mobile-action-btn {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  padding: 8px 14px;
+  border: 1px solid var(--border-color);
+  border-radius: $radius-sm;
+  background: transparent;
+  color: var(--text-secondary);
+  font-size: 14px;
+  font-weight: 500;
+  cursor: pointer;
+  transition: all $transition-fast;
+
+  &:active {
+    background: var(--bg-secondary);
+    color: var(--text-primary);
+  }
+}
+
+.action-icon {
+  width: 16px;
+  height: 16px;
+  flex-shrink: 0;
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .header-nav {
+    display: none;
+  }
+
+  .mobile-toggle {
+    display: flex;
+  }
+}
+</style>
diff --git a/packages/website/src/composables/useScrollReveal.ts b/packages/website/src/composables/useScrollReveal.ts
new file mode 100644
index 0000000..0fc5a3a
--- /dev/null
+++ b/packages/website/src/composables/useScrollReveal.ts
@@ -0,0 +1,27 @@
+import { onMounted, onUnmounted } from 'vue'
+
+export function useScrollReveal() {
+  let observer: IntersectionObserver | null = null
+
+  onMounted(() => {
+    observer = new IntersectionObserver(
+      (entries) => {
+        for (const entry of entries) {
+          if (entry.isIntersecting) {
+            entry.target.classList.add('revealed')
+            observer!.unobserve(entry.target)
+          }
+        }
+      },
+      { threshold: 0.1, rootMargin: '0px 0px -40px 0px' },
+    )
+
+    document.querySelectorAll('.reveal').forEach((el) => {
+      observer!.observe(el)
+    })
+  })
+
+  onUnmounted(() => {
+    observer?.disconnect()
+  })
+}
diff --git a/packages/website/src/composables/useTheme.ts b/packages/website/src/composables/useTheme.ts
new file mode 100644
index 0000000..42291d2
--- /dev/null
+++ b/packages/website/src/composables/useTheme.ts
@@ -0,0 +1,54 @@
+import { ref, watch } from 'vue'
+
+export type ThemeMode = 'light' | 'dark' | 'system'
+
+const STORAGE_KEY = 'hermes_website_theme'
+
+const mode = ref<ThemeMode>(
+  (localStorage.getItem(STORAGE_KEY) as ThemeMode) || 'system',
+)
+
+const isDark = ref(false)
+
+function applyTheme(dark: boolean) {
+  isDark.value = dark
+  document.documentElement.classList.toggle('dark', dark)
+}
+
+function resolveDark(m: ThemeMode): boolean {
+  if (m === 'system') {
+    return window.matchMedia('(prefers-color-scheme: dark)').matches
+  }
+  return m === 'dark'
+}
+
+applyTheme(resolveDark(mode.value))
+
+const mediaQuery = window.matchMedia('(prefers-color-scheme: dark)')
+mediaQuery.addEventListener('change', () => {
+  if (mode.value === 'system') {
+    applyTheme(resolveDark('system'))
+  }
+})
+
+watch(mode, (newMode) => {
+  localStorage.setItem(STORAGE_KEY, newMode)
+  applyTheme(resolveDark(newMode))
+})
+
+export function useTheme() {
+  function setMode(m: ThemeMode) {
+    mode.value = m
+  }
+
+  function toggleTheme() {
+    mode.value = isDark.value ? 'light' : 'dark'
+  }
+
+  return {
+    mode,
+    isDark,
+    setMode,
+    toggleTheme,
+  }
+}
diff --git a/packages/website/src/env.d.ts b/packages/website/src/env.d.ts
new file mode 100644
index 0000000..54eaa07
--- /dev/null
+++ b/packages/website/src/env.d.ts
@@ -0,0 +1,3 @@
+/// <reference types="vite/client" />
+
+declare const __APP_VERSION__: string
diff --git a/packages/website/src/i18n/en.ts b/packages/website/src/i18n/en.ts
new file mode 100644
index 0000000..cfacedb
--- /dev/null
+++ b/packages/website/src/i18n/en.ts
@@ -0,0 +1,357 @@
+export default {
+  brand: {
+    name: 'Hermes Web UI',
+    logoAlt: 'Hermes',
+  },
+  ui: {
+    copy: 'Copy',
+    copied: 'Copied!',
+    darkTheme: 'Dark',
+    lightTheme: 'Light',
+    darkMode: 'Dark Mode',
+    lightMode: 'Light Mode',
+    menu: 'Menu',
+    switchToChinese: 'Chinese',
+    switchToEnglish: 'English',
+  },
+  nav: {
+    home: 'Home',
+    docs: 'Documentation',
+    github: 'GitHub',
+  },
+  hero: {
+    title: 'Self-Hosted AI Chat Dashboard',
+    subtitle: 'Open-source AI agent dashboard — streaming chat, multi-model routing, Kanban boards, usage analytics, web terminal, all in one self-hosted interface.',
+    cta: 'Get Started',
+    viewGithub: 'View on GitHub',
+    install: 'npm install -g hermes-web-ui',
+  },
+  features: {
+    title: 'Everything You Need',
+    desc: 'A complete AI agent management dashboard with rich features out of the box.',
+    streaming: {
+      title: 'Streaming Chat',
+      desc: 'Real-time Socket.IO-powered AI conversations with multi-session management, Markdown rendering, and code syntax highlighting.',
+    },
+    platforms: {
+      title: '8 Platforms',
+      desc: 'Unified management for Telegram, Discord, Slack, WhatsApp, Matrix, Feishu, WeChat, and WeCom channels.',
+    },
+    multiModel: {
+      title: 'Multi-Model',
+      desc: 'Support for Claude, GPT, Gemini, DeepSeek, and any OpenAI-compatible provider with auto-discovery.',
+    },
+    groupChat: {
+      title: 'Group Chat',
+      desc: 'Multi-agent chat rooms with mention routing, context compression, and real-time collaboration.',
+    },
+    kanban: {
+      title: 'Kanban Board',
+      desc: 'Visual task management with 7 status columns, assignee tracking, and filtering for AI-driven workflows.',
+    },
+    analytics: {
+      title: 'Usage Analytics',
+      desc: 'Token usage breakdown, cost tracking, cache hit rates, model distribution, and 30-day trends.',
+    },
+    profiles: {
+      title: 'Multi-Profile',
+      desc: 'Account-authorized Hermes profiles with isolated config, models, uploads, jobs, usage, memory, skills, plugins, and providers.',
+    },
+    files: {
+      title: 'File Browser',
+      desc: 'Manage files across local, Docker, SSH, and Singularity backends with profile-scoped upload plus path-based download, preview, and edit.',
+    },
+    terminal: {
+      title: 'Web Terminal',
+      desc: 'Full PTY terminal in the browser with multi-session support via WebSocket and xterm.js.',
+    },
+    quickInstall: {
+      title: 'One Command',
+      desc: 'Install and start with a single command. Initializes Web UI data, starts the bridge, and opens the browser.',
+    },
+    i18n: {
+      title: '8 Languages',
+      desc: 'Built-in support for English, Chinese, German, Spanish, French, Japanese, Korean, and Portuguese.',
+    },
+    theme: {
+      title: 'Dark / Light',
+      desc: 'Pure Ink monochrome design with smooth theme switching. Responsive layout for mobile and desktop.',
+    },
+  },
+  platforms: {
+    title: 'Unified Platform Management',
+    desc: 'Configure credentials and behavior for 8 messaging platforms from a single settings page.',
+    telegram: 'Telegram',
+    discord: 'Discord',
+    slack: 'Slack',
+    whatsapp: 'WhatsApp',
+    matrix: 'Matrix',
+    feishu: 'Feishu',
+    wechat: 'WeChat',
+    wecom: 'WeCom',
+  },
+  screenshots: {
+    localUrl: 'http://localhost:8648',
+    previous: 'Previous screenshot',
+    next: 'Next screenshot',
+    goTo: 'View screenshot {number}',
+    items: [
+      { src: '/image1.png', alt: 'AI chat with image generation' },
+      { src: '/image2.png', alt: 'Chat and file browser' },
+      { src: '/image3.png', alt: 'Multi-panel workspace' },
+      { src: '/image4.png', alt: 'Kanban board' },
+    ],
+  },
+  install: {
+    title: 'Quick Start',
+    desc: 'Download the desktop app or run Hermes Web UI yourself.',
+    desktop: {
+      title: 'Desktop',
+      download: 'Download',
+      githubDownload: 'GitHub Download',
+      cloudflareDownload: 'Cloudflare Download',
+      allDownloads: 'View all release assets',
+      prereq: 'Desktop builds bundle the Web UI runtime.',
+      downloads: [
+        {
+          title: 'macOS Apple Silicon',
+          desc: 'Apple Silicon DMG',
+          assetSuffix: 'arm64.dmg',
+        },
+        {
+          title: 'macOS Intel',
+          desc: 'x64 DMG',
+          assetSuffix: 'x64.dmg',
+        },
+        {
+          title: 'Windows',
+          desc: 'x64 installer',
+          assetSuffix: 'x64.exe',
+        },
+        {
+          title: 'Linux x64 AppImage',
+          desc: 'x64 AppImage',
+          assetSuffix: 'x86_64.AppImage',
+        },
+        {
+          title: 'Linux x64 Debian',
+          desc: 'amd64 .deb package',
+          assetSuffix: 'amd64.deb',
+        },
+        {
+          title: 'Linux arm64',
+          desc: 'arm64 AppImage',
+          assetSuffix: 'arm64.AppImage',
+        },
+      ],
+    },
+    npm: {
+      title: 'npm',
+      cmd1: 'npm install -g hermes-web-ui',
+      cmd2: 'hermes-web-ui start',
+    },
+    docker: {
+      title: 'Docker',
+      cmd: 'docker compose up -d',
+    },
+    source: {
+      title: 'From Source',
+      cmd1: 'git clone https://github.com/EKKOLearnAI/hermes-web-ui.git',
+      cmd2: 'cd hermes-web-ui && npm install && npm run dev',
+    },
+    prereq: 'Requires Node.js >= 23',
+  },
+  starHistory: {
+    title: 'Growing Community',
+    desc: 'Star us on GitHub and join the community.',
+    star: 'Star',
+    licenseAlt: 'License',
+    versionAlt: 'Version',
+    chartAlt: 'Star History',
+  },
+  footer: {
+    description: 'Self-hosted AI chat dashboard for Hermes Agent.',
+    license: 'BSL-1.1 License',
+    madeWith: 'Built with Vue 3, Naive UI, and TypeScript.',
+  },
+  docs: {
+    placeholder: 'Select a section from the sidebar to get started.',
+    sidebar: {
+      gettingStarted: 'Getting Started',
+      configuration: 'Configuration',
+      features: 'Features',
+      platforms: 'Platform Guides',
+      api: 'API Reference',
+    },
+    gettingStarted: {
+      title: 'Getting Started',
+      intro: 'Hermes Web UI is a self-hosted web dashboard for managing AI conversations, platform channels, scheduled jobs, and more. It wraps the Hermes Agent CLI and provides a beautiful web interface.',
+      install: {
+        title: 'Installation',
+        content: 'Install globally via npm. Node.js 23 or higher is required.',
+      },
+      firstRun: {
+        title: 'First Run',
+        content: 'On first start, Hermes Web UI will automatically generate an auth token, initialize local data, start the Hermes agent bridge, and open the dashboard in your browser.',
+      },
+      login: {
+        title: 'Login',
+        content: 'The auto-generated token is stored in ~/.hermes-web-ui/.token. Username/password login is available with bootstrap credentials admin / 123456 on first use, and the app prompts users to change default credentials after login.',
+      },
+    },
+    configuration: {
+      title: 'Configuration',
+      intro: 'Hermes Web UI can be configured via environment variables.',
+      envVars: {
+        title: 'Environment Variables',
+        rows: [
+          ['PORT', 'Server listen port (default: 8648)'],
+          ['BIND_HOST', 'Server bind host (default: 0.0.0.0). Set :: explicitly to enable IPv6 listening.'],
+          ['HERMES_WEB_UI_HOME', 'Web UI data home for auth token, credentials, logs, DB, and default uploads'],
+          ['HERMES_WEBUI_STATE_DIR', 'Compatibility alias for HERMES_WEB_UI_HOME'],
+          ['UPLOAD_DIR', 'Custom upload root. Uploaded files are stored below profile-scoped subdirectories.'],
+          ['CORS_ORIGINS', 'CORS origin config (default: *)'],
+          ['AUTH_TOKEN', 'Custom bearer token; overrides the auto-generated token'],
+          ['AUTH_JWT_SECRET', 'JWT signing secret override for username/password sessions'],
+          ['PROFILE', 'Startup/default Hermes profile'],
+          ['LOG_LEVEL', 'Server log level'],
+          ['BRIDGE_LOG_LEVEL', 'Bridge log level'],
+          ['MAX_DOWNLOAD_SIZE', 'Maximum file download size'],
+          ['MAX_EDIT_SIZE', 'Maximum editable file size'],
+          ['WORKSPACE_BASE', 'Base directory for workspace browsing'],
+          ['HERMES_HOME', 'Hermes data home'],
+          ['HERMES_BIN', 'Custom Hermes CLI binary path'],
+          ['HERMES_AGENT_ROOT', 'Hermes Agent source checkout containing run_agent.py'],
+          ['HERMES_AGENT_BRIDGE_PYTHON', 'Python interpreter used to launch the agent bridge'],
+          ['HERMES_AGENT_BRIDGE_UV', 'uv executable used to launch the agent bridge when available'],
+          ['UV', 'Fallback uv executable path'],
+          ['PYTHON', 'Fallback Python executable for the agent bridge'],
+          ['HERMES_AGENT_BRIDGE_ENDPOINT', 'Agent bridge broker endpoint. Windows defaults to tcp://127.0.0.1:18765; macOS/Linux defaults to ipc:///tmp/hermes-agent-bridge.sock'],
+          ['HERMES_AGENT_BRIDGE_TIMEOUT_MS', 'Timeout for Node requests to the bridge broker'],
+          ['HERMES_AGENT_BRIDGE_CONNECT_RETRY_MS', 'Short retry window for connecting to the bridge socket'],
+          ['HERMES_AGENT_BRIDGE_STARTUP_TIMEOUT_MS', 'Timeout while waiting for the Python bridge to become ready'],
+          ['HERMES_AGENT_BRIDGE_AUTO_RESTART', 'Auto-restart the bridge broker after unexpected exit; set 0/false/no/off to disable'],
+          ['HERMES_AGENT_BRIDGE_RESTART_DELAY_MS', 'Base delay for bridge auto-restart backoff'],
+          ['HERMES_AGENT_BRIDGE_PLATFORM', 'Platform identity passed to Hermes Agent'],
+          ['HERMES_AGENT_BRIDGE_WORKER_TRANSPORT', 'Profile worker endpoint transport. Set tcp for loopback TCP, or ipc/unix for Unix domain sockets; defaults to Windows TCP and macOS/Linux IPC'],
+          ['HERMES_AGENT_BRIDGE_WORKER_PORT_BASE', 'Base port for TCP worker endpoints (default: 18780). Version Preview uses an isolated 19650 port range'],
+          ['HERMES_BRIDGE_PROVIDER', 'Provider override for bridge runs'],
+          ['HERMES_BRIDGE_TOOLSETS', 'Toolset override for bridge runs'],
+          ['HERMES_BRIDGE_MAX_TURNS', 'Maximum turn override for bridge runs'],
+          ['HERMES_BRIDGE_SUPPRESS_PLATFORM_HINT', 'Controls bridge platform hint suppression passed to Hermes Agent'],
+          ['HERMES_OPENROUTER_APP_REFERER', 'OpenRouter attribution referer sent by bridge runs'],
+          ['HERMES_OPENROUTER_APP_TITLE', 'OpenRouter attribution title sent by bridge runs'],
+          ['HERMES_OPENROUTER_APP_CATEGORIES', 'OpenRouter attribution categories sent by bridge runs'],
+          ['HERMES_WEB_UI_MANAGED_GATEWAY', 'Force managed legacy gateway process handling'],
+          ['HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN', 'Controls whether Web UI shutdown also stops managed gateway processes'],
+          ['GATEWAY_HOST', 'Default gateway host written into profile config for legacy gateway compatibility'],
+          ['HERMES_WEB_UI_PREVIEW_REPO', 'GitHub repository used by Version Preview'],
+          ['HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_TRANSPORT', 'Version Preview broker endpoint transport. Set tcp to use loopback TCP for Preview on macOS/Linux; when unset, Preview follows HERMES_AGENT_BRIDGE_WORKER_TRANSPORT=tcp'],
+          ['HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_ENDPOINT', 'Directly overrides the Version Preview broker endpoint for deployments that need a fully custom Preview bridge address'],
+          ['HERMES_WEB_UI_BACKEND_PORT', 'Backend port used by the Vite dev proxy'],
+          ['HERMES_WEB_UI_FRONTEND_PORT', 'Frontend Vite dev server port'],
+        ],
+      },
+      gateway: {
+        title: 'Agent Bridge Runtime',
+        content: 'Chat runs are handled through the Hermes agent bridge, which runs alongside the Web UI server and talks directly to the Hermes Agent runtime. HERMES_AGENT_BRIDGE_ENDPOINT controls the Node-to-broker address, while HERMES_AGENT_BRIDGE_WORKER_TRANSPORT controls the broker-to-profile-worker transport. Switching the frontend Hermes Profile changes later request context only; it does not restart the bridge or clear other running tasks.',
+      },
+      profiles: {
+        title: 'Profiles',
+        content: 'Profiles provide isolated configurations for different use cases. Super administrators can manage every profile, while regular administrators only see and use profiles assigned to their account. Create, clone, import, export, or switch Hermes profiles from the Profiles page.',
+      },
+    },
+    features: {
+      title: 'Features',
+      intro: 'Explore the core features of Hermes Web UI.',
+      chat: {
+        title: 'AI Chat',
+        content: 'Real-time chat streaming over Socket.IO /chat-run. Supports multi-session management, Markdown rendering with syntax highlighting, tool call inspection, profile-scoped upload, path-based download, and Ctrl+K search across the Web UI local session database.',
+      },
+      kanban: {
+        title: 'Kanban Board',
+        content: 'A visual task management board with 7 status columns: triage, todo, ready, running, blocked, done, and archived. Supports assignee management, filtering, and detailed task editing via a side drawer.',
+      },
+      groupChat: {
+        title: 'Group Chat',
+        content: 'Multi-agent chat rooms where multiple AI agents collaborate. Features mention routing to trigger specific agents, automatic context compression when history exceeds limits, typing indicators, and SQLite-based message persistence.',
+      },
+      jobs: {
+        title: 'Scheduled Jobs',
+        content: 'Create and manage cron-based scheduled jobs that run AI tasks automatically. Configure schedule, prompt, and model for each job.',
+      },
+      skills: {
+        title: 'Skills',
+        content: 'Browse and manage installed AI skills. Skills extend the agent\'s capabilities with specialized knowledge and tool integrations.',
+      },
+      memory: {
+        title: 'Memory',
+        content: 'Manage agent memory and user notes. The agent uses memory to maintain context across conversations and personalize responses.',
+      },
+      terminal: {
+        title: 'Terminal',
+        content: 'Full pseudo-terminal in the browser powered by node-pty and xterm.js. Supports multiple terminal sessions, real-time keyboard input, and window resizing via WebSocket.',
+      },
+      files: {
+        title: 'File Browser',
+        content: 'Browse and manage files on remote backends including local, Docker, SSH, and Singularity. Uploads are stored under the selected/requested profile, while downloads resolve real paths so agent-generated artifacts outside the upload directory still work.',
+      },
+      analytics: {
+        title: 'Usage Analytics',
+        content: 'Track token usage (input/output), estimated costs, cache hit rates, session counts, and model distribution. View 30-day daily trends with interactive charts.',
+      },
+    },
+    platforms: {
+      title: 'Platform Guides',
+      intro: 'Configure messaging platform integrations from the Channels settings page.',
+      telegram: {
+        title: 'Telegram',
+        content: 'Create a Telegram Bot via BotFather, then enter the bot token. Configure mention requirements, free-response chats, and reaction handling.',
+      },
+      discord: {
+        title: 'Discord',
+        content: 'Create a Discord Bot in the Developer Portal. Supports auto-thread creation, allowed/ignored channels, reaction handling, and free-response channels.',
+      },
+      slack: {
+        title: 'Slack',
+        content: 'Create a Slack App with bot token scope. Configure mention requirements, bot allowlisting, and free-response channels.',
+      },
+      whatsapp: {
+        title: 'WhatsApp',
+        content: 'Enable WhatsApp integration and configure mention patterns and free-response chats.',
+      },
+      matrix: {
+        title: 'Matrix',
+        content: 'Provide access token and homeserver URL. Supports auto-thread, DM mention threads, and free-response rooms.',
+      },
+      feishu: {
+        title: 'Feishu (Lark)',
+        content: 'Register a Feishu app and configure App ID and Secret.',
+      },
+      wechat: {
+        title: 'WeChat',
+        content: 'Scan the QR code from the settings page to log in. Credentials are auto-saved for subsequent sessions.',
+      },
+      wecom: {
+        title: 'WeCom',
+        content: 'Configure Bot ID and Secret from the WeCom admin console.',
+      },
+    },
+    api: {
+      title: 'API Reference',
+      intro: 'Hermes Web UI provides a local BFF API for the dashboard and Socket.IO endpoints for streaming chat.',
+      local: {
+        title: 'Local BFF Endpoints',
+        content: 'The Koa server handles session management, profile CRUD, account- and profile-scoped management, config read/write, log access, skill listing, memory operations, and static assets.',
+      },
+      proxy: {
+        title: 'Chat Streaming',
+        content: 'Chat runs use the /chat-run Socket.IO namespace and the Hermes agent bridge. Legacy gateway proxy routes are kept only for compatibility where applicable.',
+      },
+      auth: {
+        title: 'Authentication',
+        content: 'API endpoints require authenticated access. The token is auto-generated on first run and stored in ~/.hermes-web-ui/.token. Username/password login uses account records; super administrators manage users and profile bindings, while regular administrators manage their own account details.',
+      },
+    },
+  },
+}
diff --git a/packages/website/src/i18n/index.ts b/packages/website/src/i18n/index.ts
new file mode 100644
index 0000000..29ba3dc
--- /dev/null
+++ b/packages/website/src/i18n/index.ts
@@ -0,0 +1,13 @@
+import { createI18n } from 'vue-i18n'
+import en from './en'
+import zh from './zh'
+
+const detected = navigator.language.startsWith('zh') ? 'zh' : 'en'
+const saved = localStorage.getItem('hermes_website_locale')
+
+export const i18n = createI18n({
+  legacy: false,
+  locale: saved || detected,
+  fallbackLocale: 'en',
+  messages: { en, zh },
+})
diff --git a/packages/website/src/i18n/zh.ts b/packages/website/src/i18n/zh.ts
new file mode 100644
index 0000000..b632bc8
--- /dev/null
+++ b/packages/website/src/i18n/zh.ts
@@ -0,0 +1,357 @@
+export default {
+  brand: {
+    name: 'Hermes Web UI',
+    logoAlt: 'Hermes',
+  },
+  ui: {
+    copy: '复制',
+    copied: '已复制',
+    darkTheme: '深色',
+    lightTheme: '浅色',
+    darkMode: '深色模式',
+    lightMode: '浅色模式',
+    menu: '菜单',
+    switchToChinese: '中文',
+    switchToEnglish: 'English',
+  },
+  nav: {
+    home: '首页',
+    docs: '文档',
+    github: 'GitHub',
+  },
+  hero: {
+    title: '自托管 AI 聊天仪表板',
+    subtitle: '开源 AI Agent 仪表板 — 流式对话、多模型调度、看板管理、用量分析、Web 终端，一个界面掌控一切。',
+    cta: '快速开始',
+    viewGithub: '查看 GitHub',
+    install: 'npm install -g hermes-web-ui',
+  },
+  features: {
+    title: '功能齐全',
+    desc: '开箱即用的完整 AI Agent 管理仪表板。',
+    streaming: {
+      title: '流式聊天',
+      desc: '基于 Socket.IO 的实时 AI 对话，支持多会话管理、Markdown 渲染和代码语法高亮。',
+    },
+    platforms: {
+      title: '8 大平台',
+      desc: '统一管理 Telegram、Discord、Slack、WhatsApp、Matrix、飞书、微信、企业微信。',
+    },
+    multiModel: {
+      title: '多模型支持',
+      desc: '支持 Claude、GPT、Gemini、DeepSeek 及任何 OpenAI 兼容模型，自动发现。',
+    },
+    groupChat: {
+      title: '群聊协作',
+      desc: '多 Agent 聊天室，支持提及路由、上下文压缩和实时协作。',
+    },
+    kanban: {
+      title: '看板管理',
+      desc: '可视化任务看板，7 个状态列，支持任务分配和筛选。',
+    },
+    analytics: {
+      title: '用量分析',
+      desc: 'Token 用量、费用追踪、缓存命中率、模型分布和 30 天趋势。',
+    },
+    profiles: {
+      title: '多配置',
+      desc: '按账号授权的 Hermes Profile，隔离配置、模型、上传、任务、用量、记忆、技能、插件和 Provider。',
+    },
+    files: {
+      title: '文件管理',
+      desc: '跨本地、Docker、SSH 和 Singularity 管理文件，支持按 Profile 上传、按路径下载、预览和编辑。',
+    },
+    terminal: {
+      title: 'Web 终端',
+      desc: '浏览器内完整 PTY 终端，基于 WebSocket 和 xterm.js 的多会话支持。',
+    },
+    quickInstall: {
+      title: '一键安装',
+      desc: '一条命令安装启动。初始化 Web UI 数据、启动 bridge 并打开浏览器。',
+    },
+    i18n: {
+      title: '8 种语言',
+      desc: '内置英语、中文、德语、西班牙语、法语、日语、韩语和葡萄牙语。',
+    },
+    theme: {
+      title: '暗色 / 亮色',
+      desc: '水墨单色设计，平滑主题切换，响应式布局适配移动端和桌面端。',
+    },
+  },
+  platforms: {
+    title: '统一平台管理',
+    desc: '在一个页面配置 8 大消息平台的凭证和行为。',
+    telegram: 'Telegram',
+    discord: 'Discord',
+    slack: 'Slack',
+    whatsapp: 'WhatsApp',
+    matrix: 'Matrix',
+    feishu: '飞书',
+    wechat: '微信',
+    wecom: '企业微信',
+  },
+  screenshots: {
+    localUrl: 'http://localhost:8648',
+    previous: '上一张截图',
+    next: '下一张截图',
+    goTo: '查看第 {number} 张截图',
+    items: [
+      { src: '/image1.png', alt: '带图片生成的 AI 聊天界面' },
+      { src: '/image2.png', alt: '聊天和文件浏览器界面' },
+      { src: '/image3.png', alt: '多面板工作区界面' },
+      { src: '/image4.png', alt: '看板管理界面' },
+    ],
+  },
+  install: {
+    title: '快速开始',
+    desc: '下载桌面应用，或自行运行 Hermes Web UI。',
+    desktop: {
+      title: '桌面版',
+      download: '下载',
+      githubDownload: 'GitHub 下载',
+      cloudflareDownload: 'Cloudflare 下载',
+      allDownloads: '查看全部发布文件',
+      prereq: '桌面版已内置 Web UI 运行时。',
+      downloads: [
+        {
+          title: 'macOS Apple Silicon',
+          desc: 'Apple Silicon DMG',
+          assetSuffix: 'arm64.dmg',
+        },
+        {
+          title: 'macOS Intel',
+          desc: 'x64 DMG',
+          assetSuffix: 'x64.dmg',
+        },
+        {
+          title: 'Windows',
+          desc: 'x64 安装包',
+          assetSuffix: 'x64.exe',
+        },
+        {
+          title: 'Linux x64 AppImage',
+          desc: 'x64 AppImage',
+          assetSuffix: 'x86_64.AppImage',
+        },
+        {
+          title: 'Linux x64 Debian',
+          desc: 'amd64 .deb 安装包',
+          assetSuffix: 'amd64.deb',
+        },
+        {
+          title: 'Linux arm64',
+          desc: 'arm64 AppImage',
+          assetSuffix: 'arm64.AppImage',
+        },
+      ],
+    },
+    npm: {
+      title: 'npm',
+      cmd1: 'npm install -g hermes-web-ui',
+      cmd2: 'hermes-web-ui start',
+    },
+    docker: {
+      title: 'Docker',
+      cmd: 'docker compose up -d',
+    },
+    source: {
+      title: '源码安装',
+      cmd1: 'git clone https://github.com/EKKOLearnAI/hermes-web-ui.git',
+      cmd2: 'cd hermes-web-ui && npm install && npm run dev',
+    },
+    prereq: '需要 Node.js >= 23',
+  },
+  starHistory: {
+    title: '社区成长',
+    desc: '在 GitHub 上给我们加星，加入社区。',
+    star: '加星',
+    licenseAlt: '许可证',
+    versionAlt: '版本',
+    chartAlt: 'Star 历史',
+  },
+  footer: {
+    description: 'Hermes Agent 的自托管 AI 聊天仪表板。',
+    license: 'BSL-1.1 开源协议',
+    madeWith: '使用 Vue 3、Naive UI 和 TypeScript 构建。',
+  },
+  docs: {
+    placeholder: '从侧边栏选择一个章节开始阅读。',
+    sidebar: {
+      gettingStarted: '快速开始',
+      configuration: '配置说明',
+      features: '功能详解',
+      platforms: '平台接入',
+      api: 'API 参考',
+    },
+    gettingStarted: {
+      title: '快速开始',
+      intro: 'Hermes Web UI 是一个自托管的 Web 仪表板，用于管理 AI 对话、平台通道、定时任务等。它封装了 Hermes Agent CLI 并提供美观的 Web 界面。',
+      install: {
+        title: '安装',
+        content: '通过 npm 全局安装。需要 Node.js 23 或更高版本。',
+      },
+      firstRun: {
+        title: '首次运行',
+        content: '首次启动时，Hermes Web UI 会自动生成认证令牌、初始化本地数据、启动 Hermes agent bridge 并在浏览器中打开仪表板。',
+      },
+      login: {
+        title: '登录',
+        content: '自动生成的令牌存储在 ~/.hermes-web-ui/.token。首次使用可通过默认登录名 admin / 默认密码 123456 登录；登录后系统会提示尽快修改默认账户和密码。',
+      },
+    },
+    configuration: {
+      title: '配置说明',
+      intro: 'Hermes Web UI 可通过环境变量进行配置。',
+      envVars: {
+        title: '环境变量',
+        rows: [
+          ['PORT', '服务器监听端口（默认：8648）'],
+          ['BIND_HOST', '服务器绑定地址（默认：0.0.0.0）。如需 IPv6，请显式设置为 ::。'],
+          ['HERMES_WEB_UI_HOME', 'Web UI 数据目录，用于认证 token、登录凭据、日志、数据库和默认上传目录'],
+          ['HERMES_WEBUI_STATE_DIR', 'HERMES_WEB_UI_HOME 的兼容别名'],
+          ['UPLOAD_DIR', '自定义上传根目录。文件会保存在按 Profile 隔离的子目录下'],
+          ['CORS_ORIGINS', 'CORS 来源配置（默认：*）'],
+          ['AUTH_TOKEN', '自定义 bearer token，会覆盖自动生成的 token'],
+          ['AUTH_JWT_SECRET', '用户名/密码会话的 JWT 签名密钥覆盖'],
+          ['PROFILE', '启动/默认 Hermes profile'],
+          ['LOG_LEVEL', 'Server 日志级别'],
+          ['BRIDGE_LOG_LEVEL', 'Bridge 日志级别'],
+          ['MAX_DOWNLOAD_SIZE', '最大文件下载大小'],
+          ['MAX_EDIT_SIZE', '最大可编辑文件大小'],
+          ['WORKSPACE_BASE', 'Workspace 浏览根目录'],
+          ['HERMES_HOME', 'Hermes 数据目录'],
+          ['HERMES_BIN', '自定义 Hermes CLI 二进制路径'],
+          ['HERMES_AGENT_ROOT', '包含 run_agent.py 的 Hermes Agent 源码目录'],
+          ['HERMES_AGENT_BRIDGE_PYTHON', '用于启动 agent bridge 的 Python 解释器'],
+          ['HERMES_AGENT_BRIDGE_UV', '可用时用于启动 agent bridge 的 uv 可执行文件'],
+          ['UV', 'uv 可执行文件 fallback'],
+          ['PYTHON', 'agent bridge 的 Python 可执行文件 fallback'],
+          ['HERMES_AGENT_BRIDGE_ENDPOINT', 'Agent bridge broker endpoint。Windows 默认 tcp://127.0.0.1:18765；macOS/Linux 默认 ipc:///tmp/hermes-agent-bridge.sock'],
+          ['HERMES_AGENT_BRIDGE_TIMEOUT_MS', 'Node 请求 bridge broker 的响应超时'],
+          ['HERMES_AGENT_BRIDGE_CONNECT_RETRY_MS', '连接 bridge socket 失败时的短重试窗口'],
+          ['HERMES_AGENT_BRIDGE_STARTUP_TIMEOUT_MS', '等待 Python bridge ready 的超时'],
+          ['HERMES_AGENT_BRIDGE_AUTO_RESTART', 'bridge broker 意外退出后是否自动重启；设为 0/false/no/off 可关闭'],
+          ['HERMES_AGENT_BRIDGE_RESTART_DELAY_MS', 'bridge 自动重启退避的基础延迟'],
+          ['HERMES_AGENT_BRIDGE_PLATFORM', '传给 Hermes Agent 的 platform 标识'],
+          ['HERMES_AGENT_BRIDGE_WORKER_TRANSPORT', 'profile worker endpoint transport。设为 tcp 使用 loopback TCP；设为 ipc/unix 使用 Unix domain socket；默认 Windows TCP、macOS/Linux IPC'],
+          ['HERMES_AGENT_BRIDGE_WORKER_PORT_BASE', 'TCP worker endpoint 起始端口（默认：18780）。Version Preview 会使用独立端口段 19650'],
+          ['HERMES_BRIDGE_PROVIDER', 'bridge 运行时的 provider 覆盖'],
+          ['HERMES_BRIDGE_TOOLSETS', 'bridge 运行时的 toolset 覆盖'],
+          ['HERMES_BRIDGE_MAX_TURNS', 'bridge 运行时的最大轮数覆盖'],
+          ['HERMES_BRIDGE_SUPPRESS_PLATFORM_HINT', '控制传给 Hermes Agent 的 bridge platform hint suppression'],
+          ['HERMES_OPENROUTER_APP_REFERER', 'bridge 运行发送给 OpenRouter 的 attribution referer'],
+          ['HERMES_OPENROUTER_APP_TITLE', 'bridge 运行发送给 OpenRouter 的 attribution title'],
+          ['HERMES_OPENROUTER_APP_CATEGORIES', 'bridge 运行发送给 OpenRouter 的 attribution categories'],
+          ['HERMES_WEB_UI_MANAGED_GATEWAY', '强制启用旧 gateway 进程托管'],
+          ['HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN', 'Web UI 关闭时是否同时停止托管的 gateway 进程'],
+          ['GATEWAY_HOST', '旧 gateway 兼容配置中写入 profile 的默认 gateway host'],
+          ['HERMES_WEB_UI_PREVIEW_REPO', 'Version Preview 使用的 GitHub 仓库'],
+          ['HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_TRANSPORT', 'Version Preview 的 broker endpoint transport。设为 tcp 可让预览环境在 macOS/Linux 上也使用 loopback TCP；未设置时会跟随 HERMES_AGENT_BRIDGE_WORKER_TRANSPORT=tcp'],
+          ['HERMES_WEB_UI_PREVIEW_AGENT_BRIDGE_ENDPOINT', '直接覆盖 Version Preview 的 broker endpoint；用于需要完全自定义预览 bridge 地址的部署'],
+          ['HERMES_WEB_UI_BACKEND_PORT', 'Vite dev proxy 使用的后端端口'],
+          ['HERMES_WEB_UI_FRONTEND_PORT', '前端 Vite dev server 端口'],
+        ],
+      },
+      gateway: {
+        title: 'Agent Bridge 运行时',
+        content: '聊天运行通过 Hermes agent bridge 处理。它随 Web UI 服务一起运行，并直接连接 Hermes Agent runtime。HERMES_AGENT_BRIDGE_ENDPOINT 控制 Node 与 bridge broker 的连接地址；HERMES_AGENT_BRIDGE_WORKER_TRANSPORT 控制 broker 与各 Profile worker 的连接方式。前端切换 Hermes Profile 只影响后续请求上下文，不会重启 bridge 或清理其他正在运行的任务。',
+      },
+      profiles: {
+        title: '配置文件',
+        content: 'Profile 为不同场景提供隔离配置。超级管理员可以管理全部 Profile；普通管理员只能查看和使用分配给自己的 Profile。可在 Profile 页面创建、克隆、导入、导出或切换 Hermes Profile。',
+      },
+    },
+    features: {
+      title: '功能详解',
+      intro: '探索 Hermes Web UI 的核心功能。',
+      chat: {
+        title: 'AI 聊天',
+        content: '通过 Socket.IO /chat-run 实时流式聊天。支持多会话管理、Markdown 渲染与语法高亮、工具调用检查、按 Profile 上传、按路径下载，以及 Ctrl+K 搜索 Web UI 本地会话库。',
+      },
+      kanban: {
+        title: '看板管理',
+        content: '可视化任务看板，包含 7 个状态列：分流、待办、就绪、运行中、阻塞、完成和已归档。支持任务分配、筛选和通过侧边抽屉进行详细编辑。',
+      },
+      groupChat: {
+        title: '群聊协作',
+        content: '多 Agent 聊天室，多个 AI Agent 协同工作。支持提及路由触发特定 Agent、历史记录超限时自动压缩上下文、输入状态指示和基于 SQLite 的消息持久化。',
+      },
+      jobs: {
+        title: '定时任务',
+        content: '创建和管理基于 cron 的定时任务，自动运行 AI 任务。可配置计划、提示词和模型。',
+      },
+      skills: {
+        title: '技能',
+        content: '浏览和管理已安装的 AI 技能。技能通过专业知识和工具集成扩展 Agent 能力。',
+      },
+      memory: {
+        title: '记忆',
+        content: '管理 Agent 记忆和用户笔记。Agent 使用记忆在对话间保持上下文并提供个性化回复。',
+      },
+      terminal: {
+        title: '终端',
+        content: '基于 node-pty 和 xterm.js 的浏览器内完整伪终端。支持多个终端会话、实时键盘输入和通过 WebSocket 的窗口大小调整。',
+      },
+      files: {
+        title: '文件管理',
+        content: '浏览和管理本地、Docker、SSH 和 Singularity 等远程后端上的文件。上传保存到当前选择/请求的 Profile；下载按真实路径解析，因此上传目录外的 Agent 产物也可以下载。',
+      },
+      analytics: {
+        title: '用量分析',
+        content: '追踪 Token 用量（输入/输出）、预估费用、缓存命中率、会话数和模型分布。查看 30 天日趋势交互图表。',
+      },
+    },
+    platforms: {
+      title: '平台接入',
+      intro: '从通道设置页面配置消息平台集成。',
+      telegram: {
+        title: 'Telegram',
+        content: '通过 BotFather 创建 Telegram Bot，输入 Bot Token。可配置提及要求、自由回复聊天和反应处理。',
+      },
+      discord: {
+        title: 'Discord',
+        content: '在开发者门户创建 Discord Bot。支持自动创建线程、允许/忽略频道、反应处理和自由回复频道。',
+      },
+      slack: {
+        title: 'Slack',
+        content: '创建带有 bot token 权限的 Slack App。配置提及要求、Bot 白名单和自由回复频道。',
+      },
+      whatsapp: {
+        title: 'WhatsApp',
+        content: '启用 WhatsApp 集成，配置提及模式和自由回复聊天。',
+      },
+      matrix: {
+        title: 'Matrix',
+        content: '提供访问令牌和服务器 URL。支持自动线程、私聊提及线程和自由回复房间。',
+      },
+      feishu: {
+        title: '飞书',
+        content: '注册飞书应用并配置 App ID 和 Secret。',
+      },
+      wechat: {
+        title: '微信',
+        content: '从设置页面扫描二维码登录。凭据会自动保存供后续使用。',
+      },
+      wecom: {
+        title: '企业微信',
+        content: '从企业微信管理后台配置 Bot ID 和 Secret。',
+      },
+    },
+    api: {
+      title: 'API 参考',
+      intro: 'Hermes Web UI 提供本地 BFF API，并通过 Socket.IO 端点进行聊天流式通信。',
+      local: {
+        title: '本地 BFF 端点',
+        content: 'Koa 服务器处理会话管理、Profile CRUD、分账户分 Profile 管理、配置读写、日志访问、技能列表、记忆操作和静态资源。',
+      },
+      proxy: {
+        title: '聊天流式通信',
+        content: '聊天运行使用 /chat-run Socket.IO 命名空间和 Hermes agent bridge。旧 gateway proxy 路由仅在兼容场景下保留。',
+      },
+      auth: {
+        title: '认证',
+        content: 'API 端点需要经过认证访问。令牌在首次运行时自动生成并存储在 ~/.hermes-web-ui/.token。用户名/密码登录使用账户记录；超级管理员管理用户和 Profile 绑定，普通管理员管理自己的账户信息。',
+      },
+    },
+  },
+}
diff --git a/packages/website/src/main.ts b/packages/website/src/main.ts
new file mode 100644
index 0000000..99b473f
--- /dev/null
+++ b/packages/website/src/main.ts
@@ -0,0 +1,18 @@
+import { createApp } from 'vue'
+import router from './router'
+import { i18n } from './i18n'
+import App from './App.vue'
+// Import CSS custom properties (theme variables) from client
+import '@client/styles/variables.scss'
+import './styles/global.scss'
+
+const savedTheme = localStorage.getItem('hermes_website_theme') || 'system'
+const prefersDark = window.matchMedia('(prefers-color-scheme: dark)').matches
+if (savedTheme === 'dark' || (savedTheme === 'system' && prefersDark)) {
+  document.documentElement.classList.add('dark')
+}
+
+const app = createApp(App)
+app.use(i18n)
+app.use(router)
+app.mount('#app')
diff --git a/packages/website/src/router/index.ts b/packages/website/src/router/index.ts
new file mode 100644
index 0000000..4148bf3
--- /dev/null
+++ b/packages/website/src/router/index.ts
@@ -0,0 +1,61 @@
+import { createRouter, createWebHashHistory } from 'vue-router'
+
+const EmptyView = { render: () => null }
+
+const router = createRouter({
+  history: createWebHashHistory(),
+  routes: [
+    {
+      path: '/',
+      name: 'landing',
+      component: () => import('@/views/LandingView.vue'),
+    },
+    {
+      path: '/docs',
+      name: 'docs',
+      component: () => import('@/views/DocsView.vue'),
+      redirect: { name: 'docs.getting-started' },
+      children: [
+        {
+          path: 'getting-started',
+          name: 'docs.getting-started',
+          component: EmptyView,
+          meta: { page: 'gettingStarted' },
+        },
+        {
+          path: 'configuration',
+          name: 'docs.configuration',
+          component: EmptyView,
+          meta: { page: 'configuration' },
+        },
+        {
+          path: 'features',
+          name: 'docs.features',
+          component: EmptyView,
+          meta: { page: 'features' },
+        },
+        {
+          path: 'platforms',
+          name: 'docs.platforms',
+          component: EmptyView,
+          meta: { page: 'platforms' },
+        },
+        {
+          path: 'api',
+          name: 'docs.api',
+          component: EmptyView,
+          meta: { page: 'api' },
+        },
+      ],
+    },
+    {
+      path: '/:pathMatch(.*)*',
+      redirect: '/',
+    },
+  ],
+  scrollBehavior() {
+    return { top: 0 }
+  },
+})
+
+export default router
diff --git a/packages/website/src/styles/_variables.scss b/packages/website/src/styles/_variables.scss
new file mode 100644
index 0000000..b776c0a
--- /dev/null
+++ b/packages/website/src/styles/_variables.scss
@@ -0,0 +1,14 @@
+// Website SCSS variables — pure constants (no CSS custom properties)
+// CSS custom properties are defined in global.scss (imported from client)
+
+$font-ui: 'Inter', system-ui, -apple-system, sans-serif;
+$font-code: 'JetBrains Mono', 'Fira Code', 'Consolas', monospace;
+
+$breakpoint-mobile: 768px;
+
+$radius-sm: 6px;
+$radius-md: 10px;
+$radius-lg: 14px;
+
+$transition-fast: 0.15s ease;
+$transition-normal: 0.25s ease;
diff --git a/packages/website/src/styles/global.scss b/packages/website/src/styles/global.scss
new file mode 100644
index 0000000..5c8ce9d
--- /dev/null
+++ b/packages/website/src/styles/global.scss
@@ -0,0 +1,132 @@
+*,
+*::before,
+*::after {
+  box-sizing: border-box;
+  margin: 0;
+  padding: 0;
+}
+
+html {
+  font-size: 14px;
+  line-height: 1.6;
+  scroll-behavior: smooth;
+}
+
+body {
+  font-family: $font-ui;
+  background: var(--bg-primary);
+  color: var(--text-primary);
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+a {
+  color: var(--accent-primary);
+  text-decoration: none;
+
+  &:hover {
+    color: var(--accent-hover);
+  }
+}
+
+code {
+  font-family: $font-code;
+  background: var(--code-bg);
+  padding: 2px 6px;
+  border-radius: $radius-sm;
+  font-size: 0.9em;
+}
+
+pre {
+  code {
+    display: block;
+    padding: 16px;
+    border-radius: $radius-md;
+    overflow-x: auto;
+  }
+}
+
+.section {
+  max-width: 1120px;
+  margin: 0 auto;
+  padding: 80px 24px;
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 48px 16px;
+  }
+}
+
+.section-title {
+  font-size: 32px;
+  font-weight: 700;
+  text-align: center;
+  margin-bottom: 16px;
+  color: var(--text-primary);
+
+  @media (max-width: $breakpoint-mobile) {
+    font-size: 24px;
+  }
+}
+
+.section-desc {
+  text-align: center;
+  color: var(--text-secondary);
+  font-size: 16px;
+  max-width: 640px;
+  margin: 0 auto 48px;
+}
+
+// ─── Scroll reveal animations ────────────────────────────
+
+.reveal {
+  opacity: 0;
+  transform: translateY(24px);
+  transition: opacity 0.6s ease, transform 0.6s ease;
+
+  &.revealed {
+    opacity: 1;
+    transform: translateY(0);
+  }
+}
+
+.reveal-delay-1 { transition-delay: 0.08s; }
+.reveal-delay-2 { transition-delay: 0.16s; }
+.reveal-delay-3 { transition-delay: 0.24s; }
+.reveal-delay-4 { transition-delay: 0.32s; }
+
+// ─── Keyframes ────────────────────────────────────────────
+
+@keyframes fade-in-up {
+  from {
+    opacity: 0;
+    transform: translateY(32px);
+  }
+  to {
+    opacity: 1;
+    transform: translateY(0);
+  }
+}
+
+@keyframes fade-in {
+  from { opacity: 0; }
+  to { opacity: 1; }
+}
+
+@keyframes pulse-border {
+  0%, 100% { border-color: var(--border-color); }
+  50% { border-color: var(--text-muted); }
+}
+
+.animate-fade-in-up {
+  animation: fade-in-up 0.7s ease both;
+}
+
+.animate-fade-in {
+  animation: fade-in 0.5s ease both;
+}
+
+.animate-delay-1 { animation-delay: 0.1s; }
+.animate-delay-2 { animation-delay: 0.2s; }
+.animate-delay-3 { animation-delay: 0.3s; }
+.animate-delay-4 { animation-delay: 0.4s; }
+.animate-delay-5 { animation-delay: 0.5s; }
diff --git a/packages/website/src/views/DocsView.vue b/packages/website/src/views/DocsView.vue
new file mode 100644
index 0000000..da504ac
--- /dev/null
+++ b/packages/website/src/views/DocsView.vue
@@ -0,0 +1,112 @@
+<script setup lang="ts">
+import { useRoute, useRouter } from 'vue-router'
+import { useI18n } from 'vue-i18n'
+import DocSidebar from '@/components/docs/DocSidebar.vue'
+import DocContent from '@/components/docs/DocContent.vue'
+
+const route = useRoute()
+const router = useRouter()
+const { t } = useI18n()
+
+const pages = [
+  { key: 'gettingStarted', name: 'docs.getting-started' },
+  { key: 'configuration', name: 'docs.configuration' },
+  { key: 'features', name: 'docs.features' },
+  { key: 'platforms', name: 'docs.platforms' },
+  { key: 'api', name: 'docs.api' },
+]
+
+function navigate(name: string) {
+  router.push({ name })
+}
+</script>
+
+<template>
+  <div class="docs-layout">
+    <DocSidebar v-if="route.meta.page" />
+    <div class="docs-main">
+      <nav v-if="route.meta.page" class="mobile-doc-tabs">
+        <button
+          v-for="p in pages"
+          :key="p.key"
+          class="mobile-tab"
+          :class="{ active: route.name === p.name }"
+          @click="navigate(p.name)"
+        >
+          {{ t(`docs.sidebar.${p.key}`) }}
+        </button>
+      </nav>
+      <router-view />
+      <DocContent v-if="route.meta.page" />
+      <div v-else class="docs-placeholder">
+        <p>{{ t('docs.placeholder') }}</p>
+      </div>
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.docs-layout {
+  display: flex;
+  max-width: 1120px;
+  margin: 0 auto;
+  min-height: calc(100vh - 60px - 200px);
+}
+
+.docs-main {
+  flex: 1;
+  min-width: 0;
+}
+
+.docs-placeholder {
+  padding: 60px 32px;
+  color: var(--text-muted);
+  font-size: 16px;
+  text-align: center;
+}
+
+// ─── Mobile doc tabs ────────────────────────────
+
+.mobile-doc-tabs {
+  display: none;
+  overflow-x: auto;
+  -webkit-overflow-scrolling: touch;
+  gap: 4px;
+  padding: 12px 16px;
+  border-bottom: 1px solid var(--border-color);
+  background: var(--bg-card);
+  position: sticky;
+  top: 60px;
+  z-index: 10;
+
+  &::-webkit-scrollbar {
+    display: none;
+  }
+}
+
+.mobile-tab {
+  flex-shrink: 0;
+  padding: 6px 14px;
+  border: 1px solid var(--border-color);
+  border-radius: $radius-sm;
+  background: transparent;
+  color: var(--text-secondary);
+  font-size: 13px;
+  font-weight: 500;
+  cursor: pointer;
+  transition: all $transition-fast;
+  white-space: nowrap;
+
+  &.active {
+    background: var(--bg-secondary);
+    color: var(--text-primary);
+    border-color: var(--text-muted);
+  }
+}
+
+@media (max-width: $breakpoint-mobile) {
+  .mobile-doc-tabs {
+    display: flex;
+  }
+}
+</style>
diff --git a/packages/website/src/views/LandingView.vue b/packages/website/src/views/LandingView.vue
new file mode 100644
index 0000000..b424778
--- /dev/null
+++ b/packages/website/src/views/LandingView.vue
@@ -0,0 +1,52 @@
+<script setup lang="ts">
+import HeroSection from '@/components/landing/HeroSection.vue'
+import ScreenshotsSection from '@/components/landing/ScreenshotsSection.vue'
+import FeaturesGrid from '@/components/landing/FeaturesGrid.vue'
+import InstallSection from '@/components/landing/InstallSection.vue'
+import StarHistorySection from '@/components/landing/StarHistorySection.vue'
+</script>
+
+<template>
+  <div class="landing">
+    <HeroSection />
+    <section class="download-section">
+      <InstallSection />
+    </section>
+    <ScreenshotsSection />
+    <FeaturesGrid />
+    <div class="cta-row">
+      <StarHistorySection class="cta-col" />
+    </div>
+  </div>
+</template>
+
+<style scoped lang="scss">
+.download-section {
+  max-width: 1120px;
+  margin: 0 auto;
+  padding: 56px 24px 16px;
+
+  @media (max-width: $breakpoint-mobile) {
+    padding: 32px 16px 8px;
+  }
+}
+
+.cta-row {
+  max-width: 1120px;
+  margin: 0 auto;
+  padding: 80px 24px;
+  display: flex;
+  gap: 40px;
+
+  @media (max-width: $breakpoint-mobile) {
+    flex-direction: column;
+    padding: 48px 16px;
+    gap: 0;
+  }
+}
+
+.cta-col {
+  flex: 1;
+  min-width: 0;
+}
+</style>
diff --git a/playwright.config.ts b/playwright.config.ts
new file mode 100644
index 0000000..7afd801
--- /dev/null
+++ b/playwright.config.ts
@@ -0,0 +1,33 @@
+/// <reference types="node" />
+import { defineConfig, devices } from '@playwright/test'
+
+const PORT = Number(process.env.PLAYWRIGHT_PORT || 4173)
+const BASE_URL = `http://127.0.0.1:${PORT}`
+
+export default defineConfig({
+  testDir: './tests/e2e',
+  fullyParallel: true,
+  forbidOnly: !!process.env.CI,
+  retries: process.env.CI ? 2 : 0,
+  workers: process.env.CI ? 1 : undefined,
+  reporter: process.env.CI ? [['dot'], ['html', { open: 'never' }]] : [['list']],
+  use: {
+    baseURL: BASE_URL,
+    locale: 'en-US',
+    trace: 'retain-on-failure',
+    screenshot: 'only-on-failure',
+    video: 'retain-on-failure',
+  },
+  webServer: {
+    command: `npx vite --host 127.0.0.1 --port ${PORT}`,
+    url: BASE_URL,
+    reuseExistingServer: !process.env.CI,
+    timeout: 120_000,
+  },
+  projects: [
+    {
+      name: 'chromium',
+      use: { ...devices['Desktop Chrome'] },
+    },
+  ],
+})
diff --git a/scripts/build-server.mjs b/scripts/build-server.mjs
new file mode 100644
index 0000000..4aa08de
--- /dev/null
+++ b/scripts/build-server.mjs
@@ -0,0 +1,45 @@
+import * as esbuild from 'esbuild'
+import { resolve, dirname } from 'path'
+import { fileURLToPath } from 'url'
+import { chmodSync, cpSync, mkdirSync, readFileSync, rmSync } from 'fs'
+
+const rootDir = resolve(dirname(fileURLToPath(import.meta.url)), '..')
+const pkg = JSON.parse(readFileSync(resolve(rootDir, 'package.json'), 'utf-8'))
+const version = pkg.version
+const serverOutDir = resolve(rootDir, 'dist/server')
+
+rmSync(serverOutDir, { recursive: true, force: true })
+mkdirSync(serverOutDir, { recursive: true })
+
+await esbuild.build({
+  entryPoints: [resolve(rootDir, 'packages/server/src/index.ts')],
+  bundle: true,
+  platform: 'node',
+  target: 'node23',
+  format: 'cjs',
+  outfile: resolve(serverOutDir, 'index.js'),
+  external: ['node-pty', 'node:sqlite', 'socket.io'],
+  define: {
+    __APP_VERSION__: JSON.stringify(version),
+  },
+  sourcemap: true,
+  minify: true,
+  treeShaking: true,
+  logLevel: 'info',
+})
+
+const bridgeOutDir = resolve(serverOutDir, 'agent-bridge')
+mkdirSync(bridgeOutDir, { recursive: true })
+cpSync(
+  resolve(rootDir, 'packages/server/src/services/hermes/agent-bridge/hermes_bridge.py'),
+  resolve(bridgeOutDir, 'hermes_bridge.py'),
+)
+chmodSync(resolve(bridgeOutDir, 'hermes_bridge.py'), 0o755)
+
+const skillsOutDir = resolve(rootDir, 'dist/skills')
+rmSync(skillsOutDir, { recursive: true, force: true })
+cpSync(
+  resolve(rootDir, 'packages/skills'),
+  skillsOutDir,
+  { recursive: true },
+)
diff --git a/scripts/generate-openapi.mjs b/scripts/generate-openapi.mjs
new file mode 100644
index 0000000..1f28545
--- /dev/null
+++ b/scripts/generate-openapi.mjs
@@ -0,0 +1,609 @@
+#!/usr/bin/env node
+/**
+ * Auto-generate OpenAPI specification from existing Koa routes and controllers
+ *
+ * This script scans both route files and controller files to generate comprehensive
+ * OpenAPI documentation without requiring code changes or decorators.
+ */
+
+import { readFileSync, writeFileSync, readdirSync } from 'fs'
+import { resolve, join } from 'path'
+import { fileURLToPath } from 'url'
+
+const __dirname = fileURLToPath(new URL('.', import.meta.url))
+const rootDir = resolve(__dirname, '..')
+const routesDir = join(rootDir, 'packages/server/src/routes')
+const controllersDir = join(rootDir, 'packages/server/src/controllers')
+
+// OpenAPI template
+const openapi = {
+  openapi: '3.0.3',
+  info: {
+    title: 'Hermes Web UI API',
+    description: 'BFF server API for Hermes Web UI — chat sessions, scheduled jobs, platform channels, model management, skills, memory, logs, file browser, group chat, and terminal.',
+    version: '0.5.9',
+  },
+  servers: [
+    { url: 'http://localhost:8648', description: 'Local development' },
+  ],
+  tags: [],
+  paths: {},
+  components: {
+    securitySchemes: {
+      BearerAuth: {
+        type: 'http',
+        scheme: 'bearer',
+        bearerFormat: 'API Token',
+      },
+    },
+    schemas: {},
+    responses: {},
+  },
+}
+
+// Tag mappings based on route directories
+const tagMappings = {
+  'routes/hermes/sessions.ts': { name: 'Sessions', description: 'Chat session management' },
+  'routes/hermes/profiles.ts': { name: 'Profiles', description: 'Hermes profile management' },
+  'routes/hermes/gateways.ts': { name: 'Gateways', description: 'Gateway process management' },
+  'routes/hermes/models.ts': { name: 'Models', description: 'Model configuration' },
+  'routes/hermes/providers.ts': { name: 'Providers', description: 'Model provider management' },
+  'routes/hermes/skills.ts': { name: 'Skills', description: 'Skill browsing and management' },
+  'routes/hermes/memory.ts': { name: 'Memory', description: 'Agent memory files' },
+  'routes/hermes/logs.ts': { name: 'Logs', description: 'Log file access' },
+  'routes/hermes/jobs.ts': { name: 'Jobs', description: 'Scheduled job management' },
+  'routes/hermes/cron-history.ts': { name: 'Jobs', description: 'Cron job history' },
+  'routes/hermes/weixin.ts': { name: 'Weixin', description: 'WeChat QR code login' },
+  'routes/hermes/codex-auth.ts': { name: 'Codex Auth', description: 'OpenAI Codex OAuth' },
+  'routes/hermes/nous-auth.ts': { name: 'Nous Auth', description: 'Nous Research OAuth' },
+  'routes/hermes/copilot-auth.ts': { name: 'Copilot Auth', description: 'GitHub Copilot OAuth' },
+  'routes/hermes/group-chat.ts': { name: 'Group Chat', description: 'Group chat management' },
+  'routes/hermes/chat-run.ts': { name: 'Chat', description: 'Chat run and streaming' },
+  'routes/hermes/config.ts': { name: 'Config', description: 'Configuration management' },
+  'routes/hermes/files.ts': { name: 'Files', description: 'Hermes file browser' },
+  'routes/hermes/download.ts': { name: 'Download', description: 'File download' },
+  'routes/hermes/terminal.ts': { name: 'Terminal', description: 'WebSocket terminal' },
+  'routes/hermes/proxy.ts': { name: 'Proxy', description: 'Gateway proxy' },
+  'routes/health.ts': { name: 'Health', description: 'Health check' },
+  'routes/update.ts': { name: 'Update', description: 'Self-update management' },
+  'routes/upload.ts': { name: 'Upload', description: 'File upload' },
+  'routes/webhook.ts': { name: 'Webhook', description: 'Incoming webhooks' },
+  'routes/auth.ts': { name: 'Auth', description: 'Authentication management' },
+}
+
+// Extract route definitions from route files
+function scanRoutes() {
+  const paths = {}
+
+  // Scan hermes routes
+  const hermesRoutesDir = join(routesDir, 'hermes')
+  const hermesRouteFiles = readdirSync(hermesRoutesDir).filter(f => f.endsWith('.ts'))
+
+  for (const file of hermesRouteFiles) {
+    const routePath = join('hermes', file)
+    const tagInfo = tagMappings[`routes/${routePath}`]
+    if (tagInfo) {
+      scanRouteFile(join(hermesRoutesDir, file), tagInfo, paths)
+    }
+  }
+
+  // Scan top-level routes
+  for (const [routeFile, tagInfo] of Object.entries(tagMappings)) {
+    if (!routeFile.startsWith('routes/hermes/')) {
+      const filePath = join(routesDir, routeFile.replace('routes/', ''))
+      try {
+        scanRouteFile(filePath, tagInfo, paths)
+      } catch (e) {
+        // File might not exist, skip
+      }
+    }
+  }
+
+  return paths
+}
+
+function scanRouteFile(filePath, tagInfo, paths) {
+  const content = readFileSync(filePath, 'utf-8')
+
+  // Pattern 1: controller functions - sessionRoutes.get('/path', ctrl.method)
+  const ctrlRouteRegex = /\w+Routes?\.(get|post|put|delete|patch)\(['"]([^'"]+)['"],\s*ctrl\.(\w+)/g
+
+  let match
+  while ((match = ctrlRouteRegex.exec(content)) !== null) {
+    const [, method, path, controllerMethod] = match
+    addEndpoint(paths, method, path, controllerMethod, tagInfo, content, match.index)
+  }
+
+  // Pattern 2: inline functions - groupChatRoutes.post('/path', async (ctx) => {...})
+  const inlineRouteRegex = /\w+Routes?\.(get|post|put|delete|patch)\(['"]([^'"]+)['"],\s*async\s*\(ctx\)/g
+
+  while ((match = inlineRouteRegex.exec(content)) !== null) {
+    const [, method, path] = match
+    const controllerMethod = generateOperationIdFromPath(path, method)
+    addEndpoint(paths, method, path, controllerMethod, tagInfo, content, match.index)
+  }
+}
+
+function addEndpoint(paths, method, path, controllerMethod, tagInfo, content, matchIndex) {
+  // Clean path parameters
+  const openapiPath = path
+    .replace(/:([^/]+)/g, '{$1}')
+    .replace(/\*\*([^/]*)/g, '{$1}')
+
+  if (!paths[openapiPath]) {
+    paths[openapiPath] = {}
+  }
+
+  // Generate operation ID
+  const operationId = `${controllerMethod}`
+
+  // Generate description from JSDoc comments above the route
+  const precedingContent = content.substring(Math.max(0, matchIndex - 500), matchIndex)
+  const description = extractJsDocDescription(precedingContent) || `${method.toUpperCase()} ${path}`
+
+  paths[openapiPath][method] = {
+    tags: [tagInfo.name],
+    summary: generateSummary(path, method, controllerMethod),
+    description,
+    operationId,
+    security: [{ BearerAuth: [] }],
+    responses: generateResponses(path, method),
+  }
+}
+
+function generateOperationIdFromPath(path, method) {
+  const parts = path.split('/').filter(Boolean)
+  const lastPart = parts[parts.length - 1]
+
+  if (lastPart && !lastPart.includes(':') && !lastPart.includes('*')) {
+    const actionMap = {
+      get: 'get',
+      post: 'create',
+      put: 'update',
+      patch: 'patch',
+      delete: 'delete',
+    }
+    return `${actionMap[method]}${lastPart.charAt(0).toUpperCase() + lastPart.slice(1)}`
+  }
+
+  const parentPart = parts[parts.length - 2]
+  if (parentPart) {
+    return `${method}${parentPart.charAt(0).toUpperCase() + parentPart.slice(1)}`
+  }
+
+  return method
+}
+
+function extractJsDocDescription(content) {
+  const jsDocRegex = /\/\*\*[\s\S]*?\*\//
+  const match = content.match(jsDocRegex)
+  if (match) {
+    const jsDoc = match[0]
+    // Extract description text
+    const description = jsDoc
+      .replace(/\/\*\*|\*\//g, '')
+      .split('\n')
+      .map(line => line.replace(/^\s*\*\s?/, '').trim())
+      .filter(line => line && !line.startsWith('@'))
+      .join('\n')
+    return description || null
+  }
+  return null
+}
+
+function generateSummary(path, method, controllerMethod) {
+  const parts = path.split('/').filter(Boolean)
+  const resource = parts[parts.length - 1] || 'root'
+
+  // Use controller method name to generate better summary
+  const methodMap = {
+    list: 'List',
+    get: 'Get',
+    create: 'Create',
+    update: 'Update',
+    remove: 'Delete',
+    delete: 'Delete',
+    rename: 'Rename',
+    pause: 'Pause',
+    resume: 'Resume',
+    run: 'Run',
+    search: 'Search',
+    add: 'Add',
+  }
+
+  const action = methodMap[controllerMethod] || {
+    get: 'Get',
+    post: 'Create',
+    put: 'Update',
+    patch: 'Update',
+    delete: 'Delete',
+  }[method]
+
+  if (resource.includes('{')) {
+    const paramName = resource.match(/\{([^}]+)\}/)?.[1] || 'id'
+    const parentResource = parts[parts.length - 2] || 'resource'
+    return `${action} ${parentResource} by ${paramName}`
+  }
+
+  return `${action} ${resource}`
+}
+
+function generateResponses(path, method) {
+  const responses = {
+    '200': {
+      description: 'Success',
+    },
+    '401': {
+      $ref: '#/components/responses/Unauthorized',
+    },
+  }
+
+  if (method === 'get' && path.includes('/')) {
+    responses['404'] = { description: 'Not found' }
+  }
+
+  if (method === 'post' || method === 'put' || method === 'patch') {
+    responses['400'] = { $ref: '#/components/responses/BadRequest' }
+  }
+
+  return responses
+}
+
+// Add standard responses
+openapi.components.responses = {
+  Unauthorized: {
+    description: 'Unauthorized - Invalid or missing authentication token',
+    content: {
+      'application/json': {
+        schema: {
+          type: 'object',
+          properties: {
+            error: { type: 'string', example: 'Unauthorized' },
+          },
+        },
+      },
+    },
+  },
+  BadRequest: {
+    description: 'Bad Request - Invalid parameters',
+    content: {
+      'application/json': {
+        schema: {
+          type: 'object',
+          properties: {
+            error: { type: 'string', example: 'Invalid request' },
+          },
+        },
+      },
+    },
+  },
+  NotFound: {
+    description: 'Resource not found',
+    content: {
+      'application/json': {
+        schema: {
+          type: 'object',
+          properties: {
+            error: { type: 'string', example: 'Not found' },
+          },
+        },
+      },
+    },
+  },
+}
+
+// Add proxy endpoints that forward to upstream Hermes API
+openapi.paths['/api/hermes/{*any}'] = {
+  'get': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes API',
+    description: 'Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.',
+    operationId: 'proxyHermes',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+  'post': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes API',
+    description: 'Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.',
+    operationId: 'proxyHermesPost',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+  'put': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes API',
+    description: 'Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.',
+    operationId: 'proxyHermesPut',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+  'delete': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes API',
+    description: 'Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.',
+    operationId: 'proxyHermesDelete',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+}
+
+openapi.paths['/v1/{*any}'] = {
+  'get': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes v1 API',
+    description: 'Forwards /v1/* requests to upstream Hermes gateway. Supports all upstream v1 endpoints.',
+    operationId: 'proxyV1',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+  'post': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes v1 API',
+    description: 'Forwards /v1/* requests to upstream Hermes gateway. Supports all upstream v1 endpoints.',
+    operationId: 'proxyV1Post',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+}
+
+// Add Proxy tag
+if (!openapi.tags.find(t => t.name === 'Proxy')) {
+  openapi.tags.push({ name: 'Proxy', description: 'Gateway proxy to upstream Hermes API' })
+}
+
+// Add WebSocket terminal endpoint
+openapi.paths['/api/hermes/terminal'] = {
+  'get': {
+    tags: ['Terminal'],
+    summary: 'WebSocket terminal connection',
+    description: 'Establish a WebSocket connection for interactive terminal access. Uses the `ws` or `wss` protocol with `?token=` for authentication.',
+    operationId: 'terminalWebSocket',
+    responses: {
+      '101': { description: 'Switching Protocols - WebSocket connection established' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+    },
+  },
+}
+
+// Add Chat streaming endpoint
+openapi.paths['/api/hermes/v1/runs/{runId}/events'] = {
+  'get': {
+    tags: ['Chat'],
+    summary: 'Server-Sent Events for chat streaming',
+    description: 'Stream chat events using Server-Sent Events (SSE). Authentication via `?token=` query parameter.',
+    operationId: 'chatStreamEvents',
+    parameters: [
+      {
+        name: 'runId',
+        in: 'path',
+        required: true,
+        description: 'Chat run ID',
+        schema: { type: 'string' },
+      },
+      {
+        name: 'token',
+        in: 'query',
+        required: true,
+        description: 'Authentication token',
+        schema: { type: 'string' },
+      },
+    ],
+    responses: {
+      '200': {
+        description: 'SSE stream established',
+        content: {
+          'text/event-stream': {
+            schema: {
+              type: 'object',
+              properties: {
+                event: { type: 'string', enum: ['run.created', 'run.queued', 'run.started', 'run.streaming', 'run.completed', 'run.failed'] },
+                data: { type: 'object' },
+              },
+            },
+          },
+        },
+      },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '404': { description: 'Run not found' },
+    },
+  },
+}
+
+// Add Terminal tag
+if (!openapi.tags.find(t => t.name === 'Terminal')) {
+  openapi.tags.push({ name: 'Terminal', description: 'WebSocket terminal access' })
+}
+
+// Run scanner
+console.log('Scanning routes...')
+openapi.paths = scanRoutes()
+
+// Collect all tags
+const tagSet = new Set()
+Object.values(openapi.paths).forEach(pathItem => {
+  Object.values(pathItem).forEach(operation => {
+    operation.tags?.forEach(tag => tagSet.add(tag))
+  })
+})
+
+openapi.tags = Array.from(tagSet).map(tag => {
+  const tagInfo = Object.values(tagMappings).find(t => t.name === tag)
+  return {
+    name: tag,
+    description: tagInfo?.description || '',
+  }
+})
+
+// Sort paths
+const sortedPaths = {}
+Object.keys(openapi.paths).sort().forEach(key => {
+  sortedPaths[key] = openapi.paths[key]
+})
+openapi.paths = sortedPaths
+
+// Add special endpoints after sorting
+// Add proxy endpoints that forward to upstream Hermes API
+openapi.paths['/api/hermes/{*any}'] = {
+  'get': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes API',
+    description: 'Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.',
+    operationId: 'proxyHermes',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+  'post': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes API',
+    description: 'Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.',
+    operationId: 'proxyHermesPost',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+  'put': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes API',
+    description: 'Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.',
+    operationId: 'proxyHermesPut',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+  'delete': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes API',
+    description: 'Forwards unmatched /api/hermes/* requests to upstream Hermes gateway. Supports all upstream endpoints.',
+    operationId: 'proxyHermesDelete',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+}
+
+openapi.paths['/v1/{*any}'] = {
+  'get': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes v1 API',
+    description: 'Forwards /v1/* requests to upstream Hermes gateway. Supports all upstream v1 endpoints.',
+    operationId: 'proxyV1',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+  'post': {
+    tags: ['Proxy'],
+    summary: 'Proxy to upstream Hermes v1 API',
+    description: 'Forwards /v1/* requests to upstream Hermes gateway. Supports all upstream v1 endpoints.',
+    operationId: 'proxyV1Post',
+    responses: {
+      '200': { description: 'Proxied response from upstream' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '502': { description: 'Proxy failure' },
+    },
+  },
+}
+
+// Add WebSocket terminal endpoint
+openapi.paths['/api/hermes/terminal'] = {
+  'get': {
+    tags: ['Terminal'],
+    summary: 'WebSocket terminal connection',
+    description: 'Establish a WebSocket connection for interactive terminal access. Uses the `ws` or `wss` protocol with `?token=` for authentication.',
+    operationId: 'terminalWebSocket',
+    responses: {
+      '101': { description: 'Switching Protocols - WebSocket connection established' },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+    },
+  },
+}
+
+// Add Chat streaming endpoint
+openapi.paths['/api/hermes/v1/runs/{runId}/events'] = {
+  'get': {
+    tags: ['Chat'],
+    summary: 'Server-Sent Events for chat streaming',
+    description: 'Stream chat events using Server-Sent Events (SSE). Authentication via `?token=` query parameter.',
+    operationId: 'chatStreamEvents',
+    parameters: [
+      {
+        name: 'runId',
+        in: 'path',
+        required: true,
+        description: 'Chat run ID',
+        schema: { type: 'string' },
+      },
+      {
+        name: 'token',
+        in: 'query',
+        required: true,
+        description: 'Authentication token',
+        schema: { type: 'string' },
+      },
+    ],
+    responses: {
+      '200': {
+        description: 'SSE stream established',
+        content: {
+          'text/event-stream': {
+            schema: {
+              type: 'object',
+              properties: {
+                event: { type: 'string', enum: ['run.created', 'run.queued', 'run.started', 'run.streaming', 'run.completed', 'run.failed'] },
+                data: { type: 'object' },
+              },
+            },
+          },
+        },
+      },
+      '401': { $ref: '#/components/responses/Unauthorized' },
+      '404': { description: 'Run not found' },
+    },
+  },
+}
+
+// Add Proxy and Terminal tags
+if (!openapi.tags.find(t => t.name === 'Proxy')) {
+  openapi.tags.push({ name: 'Proxy', description: 'Gateway proxy to upstream Hermes API' })
+}
+if (!openapi.tags.find(t => t.name === 'Terminal')) {
+  openapi.tags.push({ name: 'Terminal', description: 'WebSocket terminal access' })
+}
+
+// Write output
+const outputPath = join(rootDir, 'docs/openapi.json')
+writeFileSync(outputPath, JSON.stringify(openapi, null, 2))
+
+console.log(`✓ Generated OpenAPI spec: ${outputPath}`)
+console.log(`  ${Object.keys(openapi.paths).length} endpoints`)
+console.log(`  ${openapi.tags.length} tags`)
diff --git a/scripts/harness-check.mjs b/scripts/harness-check.mjs
new file mode 100644
index 0000000..c26db24
--- /dev/null
+++ b/scripts/harness-check.mjs
@@ -0,0 +1,236 @@
+#!/usr/bin/env node
+import { readFile } from 'node:fs/promises'
+import { existsSync } from 'node:fs'
+import path from 'node:path'
+
+const root = process.cwd()
+const failures = []
+
+function fail(message) {
+  failures.push(message)
+}
+
+async function readText(relativePath) {
+  return readFile(path.join(root, relativePath), 'utf8')
+}
+
+function requireFile(relativePath) {
+  if (!existsSync(path.join(root, relativePath))) {
+    fail(`Missing required harness file: ${relativePath}`)
+  }
+}
+
+function requireDir(relativePath) {
+  if (!existsSync(path.join(root, relativePath))) {
+    fail(`Missing required project directory: ${relativePath}`)
+  }
+}
+
+for (const file of [
+  'AGENTS.md',
+  'ARCHITECTURE.md',
+  'DEVELOPMENT.md',
+  'docs/harness/README.md',
+  'docs/harness/validation.md',
+  'docs/harness/worktree-runbook.md',
+  'docs/harness/pr-review.md',
+]) {
+  requireFile(file)
+}
+
+for (const dir of [
+  'packages/client/src',
+  'packages/server/src',
+  'packages/desktop',
+  'packages/desktop/build/icons',
+  'tests/client',
+  'tests/server',
+  'tests/e2e',
+  '.github/workflows',
+]) {
+  requireDir(dir)
+}
+
+for (const icon of [
+  'packages/desktop/build/icon.png',
+  'packages/desktop/build/icon.icns',
+  'packages/desktop/build/icon.ico',
+  'packages/desktop/build/icons/16x16.png',
+  'packages/desktop/build/icons/32x32.png',
+  'packages/desktop/build/icons/48x48.png',
+  'packages/desktop/build/icons/64x64.png',
+  'packages/desktop/build/icons/128x128.png',
+  'packages/desktop/build/icons/256x256.png',
+  'packages/desktop/build/icons/512x512.png',
+]) {
+  requireFile(icon)
+}
+
+const agents = await readText('AGENTS.md')
+const agentLines = agents.trimEnd().split(/\r?\n/)
+if (agentLines.length > 120) {
+  fail(`AGENTS.md should stay short; found ${agentLines.length} lines, expected <= 120`)
+}
+
+for (const requiredLink of [
+  'DEVELOPMENT.md',
+  'ARCHITECTURE.md',
+  'docs/harness/README.md',
+  'docs/harness/validation.md',
+  'docs/harness/worktree-runbook.md',
+  'docs/harness/pr-review.md',
+]) {
+  if (!agents.includes(requiredLink)) {
+    fail(`AGENTS.md must link to ${requiredLink}`)
+  }
+}
+
+const packageJson = JSON.parse(await readText('package.json'))
+for (const scriptName of [
+  'harness:check',
+  'test',
+  'test:coverage',
+  'test:e2e',
+  'build',
+]) {
+  if (!packageJson.scripts?.[scriptName]) {
+    fail(`package.json is missing script: ${scriptName}`)
+  }
+}
+
+const architecture = await readText('ARCHITECTURE.md')
+for (const phrase of [
+  'packages/client/src',
+  'packages/server/src',
+  'packages/desktop',
+  'HERMES_WEB_UI_HOME',
+  'fail_on_unmatched_files: true',
+]) {
+  if (!architecture.includes(phrase)) {
+    fail(`ARCHITECTURE.md should document: ${phrase}`)
+  }
+}
+
+const buildWorkflow = await readText('.github/workflows/build.yml')
+if (!buildWorkflow.includes('npm run harness:check')) {
+  fail('Build workflow must run npm run harness:check')
+}
+
+const desktopReleaseWorkflow = await readText('.github/workflows/desktop-release.yml')
+const desktopRuntimeWorkflow = await readText('.github/workflows/desktop-runtime.yml')
+const electronBuilderConfig = await readText('packages/desktop/electron-builder.yml')
+const desktopPackageJson = await readText('packages/desktop/package.json')
+const desktopInstallHermes = await readText('packages/desktop/scripts/install-hermes.mjs')
+const desktopWebuiServer = await readText('packages/desktop/src/main/webui-server.ts')
+const desktopRuntimeManager = await readText('packages/desktop/src/main/runtime-manager.ts')
+const desktopPaths = await readText('packages/desktop/src/main/paths.ts')
+const desktopRuntimeAssetName = await readText('packages/desktop/scripts/runtime-asset-name.mjs')
+if (!desktopReleaseWorkflow.includes('files: ${{ matrix.artifact_files }}')) {
+  fail('desktop-release.yml must upload matrix-specific artifact_files')
+}
+
+if (!electronBuilderConfig.includes('icon: build/icons')) {
+  fail('electron-builder.yml must configure the Linux icon set')
+}
+
+for (const target of ['target_os: darwin', 'target_os: win32', 'target_os: linux']) {
+  if (!desktopReleaseWorkflow.includes(target)) {
+    fail(`desktop-release.yml is missing matrix target ${target}`)
+  }
+}
+
+for (const expectedGlob of ['*.dmg', '*.exe', '*.AppImage']) {
+  if (!desktopReleaseWorkflow.includes(expectedGlob)) {
+    fail(`desktop-release.yml is missing expected artifact glob ${expectedGlob}`)
+  }
+}
+
+if (!desktopReleaseWorkflow.includes('fail_on_unmatched_files: true')) {
+  fail('desktop-release.yml must keep fail_on_unmatched_files: true')
+}
+
+for (const phrase of [
+  'resources/python/${os}-${arch}',
+  'resources/node/${os}-${arch}',
+  'resources/git/${os}-${arch}',
+]) {
+  if (electronBuilderConfig.includes(phrase)) {
+    fail(`electron-builder.yml must not bundle desktop runtime resource: ${phrase}`)
+  }
+}
+
+for (const phrase of [
+  '"fetch:node"',
+  '"fetch:git"',
+  '"prepare:runtime"',
+  '"package:runtime"',
+  '"runtime:asset-name"',
+]) {
+  if (!desktopPackageJson.includes(phrase)) {
+    fail(`packages/desktop/package.json must support runtime package publishing: ${phrase}`)
+  }
+}
+
+for (const phrase of [
+  'steps.check.outputs.missing',
+  'npm --prefix packages/desktop run prepare:runtime',
+  'npm --prefix packages/desktop run package:runtime',
+]) {
+  if (!desktopRuntimeWorkflow.includes(phrase)) {
+    fail(`desktop-runtime.yml must build and publish missing runtime package assets: ${phrase}`)
+  }
+}
+
+if (!desktopRuntimeAssetName.includes('hermes-runtime-hermes-agent-')) {
+  fail('runtime asset naming must include hermes-agent version')
+}
+
+for (const phrase of [
+  'websockets',
+  'agent-browser@^0.26.0',
+  'AGENT_BROWSER_HOME',
+  'AGENT_BROWSER_EXECUTABLE_PATH',
+  'PLAYWRIGHT_BROWSERS_PATH',
+  'ms-playwright',
+  'removeBrokenDashboardAuthPlugin',
+]) {
+  if (!desktopInstallHermes.includes(phrase)) {
+    fail(`install-hermes.mjs must bundle Hermes browser runtime support: ${phrase}`)
+  }
+}
+
+for (const phrase of [
+  'bundledNodeBin',
+  'HERMES_AGENT_NODE',
+  'HERMES_AGENT_GIT',
+  'PLAYWRIGHT_BROWSERS_PATH',
+  'ms-playwright',
+]) {
+  if (!desktopWebuiServer.includes(phrase)) {
+    fail(`desktop webui server must expose bundled browser runtime: ${phrase}`)
+  }
+}
+
+for (const phrase of [
+  'HERMES_DESKTOP_RUNTIME_URL',
+  'HERMES_DESKTOP_RUNTIME_BASE_URL',
+  'runtime-manifest.json',
+]) {
+  if (!desktopRuntimeManager.includes(phrase)) {
+    fail(`desktop runtime manager must support downloadable runtime packages: ${phrase}`)
+  }
+}
+
+if (!desktopPaths.includes('HERMES_DESKTOP_RUNTIME_DIR')) {
+  fail('desktop paths must allow HERMES_DESKTOP_RUNTIME_DIR override')
+}
+
+if (failures.length > 0) {
+  console.error('Harness check failed:')
+  for (const failure of failures) {
+    console.error(`- ${failure}`)
+  }
+  process.exit(1)
+}
+
+console.log('Harness check passed')
diff --git a/tests/client/api.test.ts b/tests/client/api.test.ts
new file mode 100644
index 0000000..caa6d40
--- /dev/null
+++ b/tests/client/api.test.ts
@@ -0,0 +1,248 @@
+// @vitest-environment jsdom
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+const mockFetch = vi.fn()
+vi.stubGlobal('fetch', mockFetch)
+
+// vi.mock is hoisted, so mockReplace must be inside the factory
+vi.mock('@/router', () => ({
+  default: {
+    currentRoute: { value: { name: 'hermes.chat' } },
+    replace: vi.fn(),
+  },
+}))
+
+import { getApiKey, setApiKey, clearApiKey, hasApiKey, getStoredUserRole, isStoredSuperAdmin, request } from '../../packages/client/src/api/client'
+import { getDownloadUrl } from '../../packages/client/src/api/hermes/download'
+import { uploadFiles } from '../../packages/client/src/api/hermes/files'
+import { batchDeleteSessions, importHermesSession } from '../../packages/client/src/api/hermes/sessions'
+import router from '@/router'
+
+function fakeJwt(payload: Record<string, unknown>) {
+  const header = btoa(JSON.stringify({ alg: 'HS256', typ: 'JWT' })).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')
+  const body = btoa(JSON.stringify(payload)).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '')
+  return `${header}.${body}.signature`
+}
+
+describe('API Client', () => {
+  beforeEach(() => {
+    localStorage.clear()
+    vi.clearAllMocks()
+  })
+
+  describe('token management', () => {
+    it('hasApiKey returns false when no token', () => {
+      expect(hasApiKey()).toBe(false)
+    })
+
+    it('hasApiKey returns true after setApiKey', () => {
+      setApiKey('test-token')
+      expect(hasApiKey()).toBe(true)
+    })
+
+    it('getApiKey returns the stored token', () => {
+      setApiKey('my-token')
+      expect(getApiKey()).toBe('my-token')
+    })
+
+    it('clearApiKey removes the token', () => {
+      setApiKey('my-token')
+      clearApiKey()
+      expect(hasApiKey()).toBe(false)
+      expect(getApiKey()).toBe('')
+    })
+
+    it('reads the role from the stored JWT payload', () => {
+      setApiKey(fakeJwt({ sub: '1', role: 'super_admin' }))
+
+      expect(getStoredUserRole()).toBe('super_admin')
+      expect(isStoredSuperAdmin()).toBe(true)
+
+      setApiKey(fakeJwt({ sub: '2', role: 'admin' }))
+      expect(getStoredUserRole()).toBe('admin')
+      expect(isStoredSuperAdmin()).toBe(false)
+    })
+  })
+
+  describe('request', () => {
+    it('adds Authorization header when token exists', async () => {
+      setApiKey('secret-key')
+      mockFetch.mockResolvedValue({ ok: true, status: 200, json: () => ({ data: 1 }) })
+
+      await request('/api/hermes/sessions')
+
+      expect(mockFetch).toHaveBeenCalledOnce()
+      const [, options] = mockFetch.mock.calls[0]
+      expect(options.headers.Authorization).toBe('Bearer secret-key')
+    })
+
+    it('adds the active profile header, including default', async () => {
+      localStorage.setItem('hermes_active_profile_name', 'default')
+      mockFetch.mockResolvedValue({ ok: true, status: 200, json: () => ({ data: 1 }) })
+
+      await request('/api/hermes/sessions/session-1')
+
+      const [, options] = mockFetch.mock.calls[0]
+      expect(options.headers['X-Hermes-Profile']).toBe('default')
+    })
+
+    it('does not add the active profile header to profile-wide session collection requests', async () => {
+      localStorage.setItem('hermes_active_profile_name', 'research')
+      mockFetch.mockResolvedValue({ ok: true, status: 200, json: () => ({ data: 1 }) })
+
+      await request('/api/hermes/sessions')
+
+      const [, options] = mockFetch.mock.calls[0]
+      expect(options.headers['X-Hermes-Profile']).toBeUndefined()
+    })
+
+    it('does not add Authorization header when no token', async () => {
+      mockFetch.mockResolvedValue({ ok: true, status: 200, json: () => ({ data: 1 }) })
+
+      await request('/api/hermes/sessions')
+
+      const [, options] = mockFetch.mock.calls[0]
+      expect(options.headers.Authorization).toBeUndefined()
+    })
+
+    it('clears token and redirects on 401 for local BFF endpoints', async () => {
+      setApiKey('secret-key')
+      mockFetch.mockResolvedValue({ ok: false, status: 401 })
+
+      await expect(request('/api/hermes/sessions')).rejects.toThrow('Unauthorized')
+      expect(hasApiKey()).toBe(false)
+      expect(router.replace).toHaveBeenCalledWith({ name: 'login' })
+    })
+
+    it('emits a global auth notice on local 403 responses', async () => {
+      const listener = vi.fn()
+      window.addEventListener('hermes-auth-notice', listener)
+      mockFetch.mockResolvedValue({ ok: false, status: 403, text: () => Promise.resolve('Forbidden') })
+
+      await expect(request('/api/hermes/profiles')).rejects.toThrow('API Error 403')
+
+      expect(listener).toHaveBeenCalledOnce()
+      expect(listener.mock.calls[0][0].detail).toEqual({ kind: 'forbidden' })
+      window.removeEventListener('hermes-auth-notice', listener)
+    })
+
+    it('clears token and redirects when the JWT user no longer exists', async () => {
+      setApiKey('stale-jwt')
+      mockFetch.mockResolvedValue({
+        ok: false,
+        status: 403,
+        text: () => Promise.resolve('{"error":"User is disabled or does not exist"}'),
+      })
+
+      await expect(request('/api/hermes/profiles')).rejects.toThrow('API Error 403')
+
+      expect(hasApiKey()).toBe(false)
+      expect(router.replace).toHaveBeenCalledWith({ name: 'login' })
+    })
+
+    it('does NOT clear token on 401 for proxied v1 endpoints', async () => {
+      setApiKey('secret-key')
+      mockFetch.mockResolvedValue({ ok: false, status: 401, text: () => Promise.resolve('') })
+
+      await expect(request('/api/hermes/v1/runs')).rejects.toThrow('API Error 401')
+      expect(hasApiKey()).toBe(true)
+    })
+
+    it('throws error on non-401 failure', async () => {
+      mockFetch.mockResolvedValue({
+        ok: false,
+        status: 500,
+        text: () => Promise.resolve('Internal Server Error'),
+      })
+
+      await expect(request('/api/hermes/sessions')).rejects.toThrow('API Error 500: Internal Server Error')
+    })
+
+    it('returns parsed JSON on success', async () => {
+      const data = { sessions: [{ id: '1' }] }
+      mockFetch.mockResolvedValue({ ok: true, status: 200, json: () => Promise.resolve(data) })
+
+      const result = await request('/api/hermes/sessions')
+      expect(result).toEqual(data)
+    })
+  })
+
+  describe('download URLs', () => {
+    it('adds the active profile selector to direct download URLs', () => {
+      setApiKey('secret-key')
+      localStorage.setItem('hermes_active_profile_name', 'research')
+
+      const url = new URL(getDownloadUrl('/tmp/report.txt', 'report.txt'), 'http://localhost')
+
+      expect(url.pathname).toBe('/api/hermes/download')
+      expect(url.searchParams.get('path')).toBe('/tmp/report.txt')
+      expect(url.searchParams.get('name')).toBe('report.txt')
+      expect(url.searchParams.get('profile')).toBe('research')
+      expect(url.searchParams.get('token')).toBe('secret-key')
+    })
+  })
+
+  describe('file upload', () => {
+    it('adds auth and active profile headers to multipart uploads', async () => {
+      setApiKey('secret-key')
+      localStorage.setItem('hermes_active_profile_name', 'research')
+      mockFetch.mockResolvedValue({
+        ok: true,
+        status: 200,
+        json: () => Promise.resolve({ files: [] }),
+      })
+
+      await uploadFiles('notes', [new File(['hello'], 'hello.txt', { type: 'text/plain' })])
+
+      expect(mockFetch).toHaveBeenCalledOnce()
+      const [url, options] = mockFetch.mock.calls[0]
+      expect(url).toBe('/api/hermes/files/upload?path=notes')
+      expect(options.method).toBe('POST')
+      expect(options.headers.Authorization).toBe('Bearer secret-key')
+      expect(options.headers['X-Hermes-Profile']).toBe('research')
+      expect(options.body).toBeInstanceOf(FormData)
+    })
+  })
+
+  describe('sessions API', () => {
+    it('sends profile-qualified targets for batch deletes', async () => {
+      localStorage.setItem('hermes_active_profile_name', 'research')
+      mockFetch.mockResolvedValue({
+        ok: true,
+        status: 200,
+        json: () => Promise.resolve({ deleted: 2, failed: 0, errors: [] }),
+      })
+
+      await batchDeleteSessions([
+        { id: 'session-default', profile: 'default' },
+        { id: 'session-travel', profile: 'travel' },
+      ])
+
+      const [url, options] = mockFetch.mock.calls[0]
+      expect(url).toBe('/api/hermes/sessions/batch-delete')
+      expect(options.method).toBe('POST')
+      expect(options.headers['X-Hermes-Profile']).toBeUndefined()
+      expect(JSON.parse(options.body)).toEqual({
+        ids: ['session-default', 'session-travel'],
+        sessions: [
+          { id: 'session-default', profile: 'default' },
+          { id: 'session-travel', profile: 'travel' },
+        ],
+      })
+    })
+
+    it('sends the profile selector when importing a Hermes session', async () => {
+      mockFetch.mockResolvedValue({
+        ok: true,
+        status: 200,
+        json: () => Promise.resolve({ ok: true, imported: true }),
+      })
+
+      await importHermesSession('cli-1', 'travel')
+
+      const [url, options] = mockFetch.mock.calls[0]
+      expect(url).toBe('/api/hermes/sessions/hermes/cli-1/import?profile=travel')
+      expect(options.method).toBe('POST')
+    })
+  })
+})
diff --git a/tests/client/app-store.test.ts b/tests/client/app-store.test.ts
new file mode 100644
index 0000000..e5ec11b
--- /dev/null
+++ b/tests/client/app-store.test.ts
@@ -0,0 +1,492 @@
+// @vitest-environment jsdom
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { createPinia, setActivePinia } from 'pinia'
+
+const mockSystemApi = vi.hoisted(() => ({
+  checkHealth: vi.fn(),
+  fetchAvailableModels: vi.fn(),
+  addCustomModel: vi.fn(),
+  removeCustomModel: vi.fn(),
+  updateDefaultModel: vi.fn(),
+  updateModelAlias: vi.fn(),
+  updateModelVisibility: vi.fn(),
+  triggerUpdate: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/system', () => mockSystemApi)
+vi.mock('@/api/client', () => ({ hasApiKey: () => true }))
+
+import { useAppStore } from '@/stores/hermes/app'
+
+describe('App Store', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+    vi.clearAllMocks()
+    mockSystemApi.addCustomModel.mockResolvedValue({ success: true, custom_models: {} })
+    mockSystemApi.removeCustomModel.mockResolvedValue({ success: true, custom_models: {} })
+    window.localStorage.clear()
+  })
+
+  afterEach(() => {
+    vi.useRealTimers()
+  })
+
+  it('persists desktop sidebar collapsed state to localStorage', () => {
+    const store = useAppStore()
+
+    expect(store.sidebarCollapsed).toBe(false)
+
+    store.toggleSidebarCollapsed()
+    expect(store.sidebarCollapsed).toBe(true)
+    expect(window.localStorage.getItem('hermes_sidebar_collapsed')).toBe('1')
+
+    store.toggleSidebarCollapsed()
+    expect(store.sidebarCollapsed).toBe(false)
+    expect(window.localStorage.getItem('hermes_sidebar_collapsed')).toBe('0')
+  })
+
+  it('loads model visibility and falls back when the configured default is hidden', async () => {
+    mockSystemApi.fetchAvailableModels.mockResolvedValue({
+      default: 'deepseek-chat',
+      default_provider: 'deepseek',
+      groups: [
+        {
+          provider: 'deepseek',
+          label: 'DeepSeek',
+          base_url: 'https://api.deepseek.com/v1',
+          api_key: 'sk-test',
+          models: ['deepseek-reasoner'],
+        },
+      ],
+      allProviders: [],
+      model_visibility: {
+        deepseek: { mode: 'include', models: ['deepseek-reasoner'] },
+      },
+    })
+    const store = useAppStore()
+
+    await store.loadModels()
+
+    expect(store.modelVisibility).toEqual({
+      deepseek: { mode: 'include', models: ['deepseek-reasoner'] },
+    })
+    expect(store.selectedModel).toBe('deepseek-reasoner')
+    expect(store.selectedProvider).toBe('deepseek')
+    expect(store.customModels).toEqual({})
+    expect(store.isModelVisible('deepseek', 'deepseek-reasoner')).toBe(true)
+    expect(store.isModelVisible('deepseek', 'deepseek-chat')).toBe(false)
+  })
+
+  it('loads aliases while falling back from a hidden default without rehydrating it as custom', async () => {
+    mockSystemApi.fetchAvailableModels.mockResolvedValue({
+      default: 'deepseek-chat',
+      default_provider: 'deepseek',
+      groups: [
+        {
+          provider: 'deepseek',
+          label: 'DeepSeek',
+          base_url: 'https://api.deepseek.com/v1',
+          api_key: 'sk-test',
+          models: ['deepseek-reasoner'],
+          available_models: ['deepseek-chat', 'deepseek-reasoner'],
+        },
+      ],
+      allProviders: [
+        {
+          provider: 'deepseek',
+          label: 'DeepSeek',
+          base_url: 'https://api.deepseek.com/v1',
+          api_key: 'sk-test',
+          models: ['deepseek-chat', 'deepseek-reasoner'],
+        },
+      ],
+      model_aliases: {
+        deepseek: { 'deepseek-reasoner': 'Reasoner Alias' },
+      },
+      model_visibility: {
+        deepseek: { mode: 'include', models: ['deepseek-reasoner'] },
+      },
+    })
+    const store = useAppStore()
+
+    await store.loadModels()
+
+    expect(store.modelAliases).toEqual({
+      deepseek: { 'deepseek-reasoner': 'Reasoner Alias' },
+    })
+    expect(store.modelVisibility).toEqual({
+      deepseek: { mode: 'include', models: ['deepseek-reasoner'] },
+    })
+    expect(store.selectedModel).toBe('deepseek-reasoner')
+    expect(store.selectedProvider).toBe('deepseek')
+    expect(store.displayModelName('deepseek-reasoner', 'deepseek')).toBe('Reasoner Alias')
+    expect(store.customModels).toEqual({})
+  })
+
+  it('persists model visibility without changing the canonical selected model id', async () => {
+    mockSystemApi.fetchAvailableModels.mockResolvedValue({
+      default: 'deepseek-reasoner',
+      default_provider: 'deepseek',
+      groups: [
+        {
+          provider: 'deepseek',
+          label: 'DeepSeek',
+          base_url: 'https://api.deepseek.com/v1',
+          api_key: 'sk-test',
+          models: ['deepseek-reasoner'],
+        },
+      ],
+      allProviders: [],
+      model_visibility: {
+        deepseek: { mode: 'include', models: ['deepseek-reasoner'] },
+      },
+    })
+    mockSystemApi.updateModelVisibility.mockResolvedValue({
+      success: true,
+      model_visibility: {
+        deepseek: { mode: 'include', models: ['deepseek-reasoner'] },
+      },
+    })
+    const store = useAppStore()
+
+    await store.setModelVisibility('deepseek', { mode: 'include', models: ['deepseek-reasoner'] })
+
+    expect(mockSystemApi.updateModelVisibility).toHaveBeenCalledWith({
+      provider: 'deepseek',
+      mode: 'include',
+      models: ['deepseek-reasoner'],
+    })
+    expect(store.selectedModel).toBe('deepseek-reasoner')
+    expect(store.selectedProvider).toBe('deepseek')
+    expect(mockSystemApi.updateDefaultModel).not.toHaveBeenCalled()
+  })
+
+  it('marks the client stale when the served Web UI version changes', async () => {
+    mockSystemApi.checkHealth.mockResolvedValue({
+      status: 'ok',
+      webui_version: '0.5.17',
+      webui_latest: '0.5.17',
+      webui_update_available: false,
+    })
+    const store = useAppStore()
+
+    await store.checkConnection()
+
+    expect(store.connected).toBe(true)
+    expect(store.serverVersion).toBe('0.5.17')
+    expect(store.clientOutdated).toBe(true)
+    expect(store.updateAvailable).toBe(false)
+  })
+
+  it('does not mark the client stale when the served Web UI version matches this bundle', async () => {
+    mockSystemApi.checkHealth.mockResolvedValue({
+      status: 'ok',
+      webui_version: 'test',
+      webui_latest: 'test',
+      webui_update_available: false,
+    })
+    const store = useAppStore()
+
+    await store.checkConnection()
+
+    expect(store.serverVersion).toBe('test')
+    expect(store.clientOutdated).toBe(false)
+  })
+
+  it('clears the updating state and reports failure when self-update request fails', async () => {
+    const consoleError = vi.spyOn(console, 'error').mockImplementation(() => {})
+    mockSystemApi.triggerUpdate.mockRejectedValue(new Error('install failed'))
+    const store = useAppStore()
+
+    const ok = await store.doUpdate()
+
+    expect(ok).toBe(false)
+    expect(store.updating).toBe(false)
+    expect(consoleError).toHaveBeenCalledWith('Failed to update Hermes Web UI:', expect.any(Error))
+    consoleError.mockRestore()
+  })
+
+  it('loads model aliases and resolves display names without changing canonical IDs', async () => {
+    mockSystemApi.fetchAvailableModels.mockResolvedValue({
+      default: 'deepseek-v4-flash',
+      default_provider: 'deepseek',
+      groups: [{
+        provider: 'deepseek',
+        label: 'DeepSeek',
+        base_url: 'https://api.deepseek.com/v1',
+        models: ['deepseek-v4-flash'],
+        api_key: '',
+      }],
+      allProviders: [],
+      model_aliases: {
+        deepseek: { 'deepseek-v4-flash': 'Flash Alias' },
+      },
+    })
+    const store = useAppStore()
+
+    await store.loadModels()
+
+    expect(store.selectedModel).toBe('deepseek-v4-flash')
+    expect(store.getModelAlias('deepseek-v4-flash', 'deepseek')).toBe('Flash Alias')
+    expect(store.displayModelName('deepseek-v4-flash', 'deepseek')).toBe('Flash Alias')
+    expect(store.displayModelName('unknown', 'deepseek')).toBe('unknown')
+  })
+
+  it('selects the browser active profile default instead of the aggregate response default', async () => {
+    window.localStorage.setItem('hermes_active_profile_name', 'tester')
+    mockSystemApi.fetchAvailableModels.mockResolvedValue({
+      default: 'glm-5-turbo',
+      default_provider: 'custom:glm-coding-plan',
+      groups: [{
+        provider: 'custom:glm-coding-plan',
+        label: 'glm-coding-plan',
+        base_url: 'https://api.z.ai/api/anthropic',
+        models: ['glm-5-turbo', 'glm-5.1'],
+        api_key: '',
+      }],
+      allProviders: [],
+      profiles: [
+        {
+          profile: 'default',
+          default: 'glm-5-turbo',
+          default_provider: 'custom:glm-coding-plan',
+          groups: [{
+            provider: 'custom:glm-coding-plan',
+            label: 'glm-coding-plan',
+            base_url: 'https://api.z.ai/api/anthropic',
+            models: ['glm-5-turbo', 'glm-5.1'],
+            api_key: '',
+          }],
+        },
+        {
+          profile: 'tester',
+          default: 'claude-opus-4-6',
+          default_provider: 'custom:subrouter',
+          groups: [{
+            provider: 'custom:subrouter',
+            label: 'subrouter',
+            base_url: 'https://subrouter.ai/v1',
+            models: ['claude-opus-4-6', 'gpt-5.5'],
+            api_key: '',
+          }],
+        },
+      ],
+    })
+    const store = useAppStore()
+
+    await store.loadModels()
+
+    expect(store.selectedModel).toBe('claude-opus-4-6')
+    expect(store.selectedProvider).toBe('custom:subrouter')
+  })
+
+  it('does not refetch available models within the cache window after an empty response', async () => {
+    mockSystemApi.fetchAvailableModels.mockResolvedValue({
+      default: '',
+      default_provider: '',
+      groups: [],
+      allProviders: [],
+    })
+    const store = useAppStore()
+
+    await store.loadModels()
+    await store.loadModels()
+
+    expect(mockSystemApi.fetchAvailableModels).toHaveBeenCalledTimes(1)
+  })
+
+  it('waits only up to the run timeout for the first available models request', async () => {
+    vi.useFakeTimers()
+    mockSystemApi.fetchAvailableModels.mockReturnValue(new Promise(() => {}))
+    const store = useAppStore()
+    let resolved = false
+
+    const waitPromise = store.waitForModelsForRun(15000).then(() => {
+      resolved = true
+    })
+
+    expect(mockSystemApi.fetchAvailableModels).toHaveBeenCalledTimes(1)
+    await vi.advanceTimersByTimeAsync(14999)
+    expect(resolved).toBe(false)
+    await vi.advanceTimersByTimeAsync(1)
+    await waitPromise
+    expect(resolved).toBe(true)
+    expect(store.modelGroups).toEqual([])
+  })
+
+  it('keeps aliases scoped to their provider when model IDs overlap', async () => {
+    mockSystemApi.fetchAvailableModels.mockResolvedValue({
+      default: 'shared-model',
+      default_provider: 'provider-a',
+      groups: [
+        {
+          provider: 'provider-a',
+          label: 'Provider A',
+          base_url: 'https://a.example/v1',
+          models: ['shared-model'],
+          api_key: '',
+        },
+        {
+          provider: 'provider-b',
+          label: 'Provider B',
+          base_url: 'https://b.example/v1',
+          models: ['shared-model'],
+          api_key: '',
+        },
+      ],
+      allProviders: [],
+      model_aliases: {
+        'provider-a': { 'shared-model': 'A Alias' },
+      },
+    })
+    const store = useAppStore()
+
+    await store.loadModels()
+
+    expect(store.displayModelName('shared-model', 'provider-a')).toBe('A Alias')
+    expect(store.displayModelName('shared-model', 'provider-b')).toBe('shared-model')
+    expect(store.displayModelName('shared-model')).toBe('A Alias')
+  })
+
+  it('rehydrates an active unlisted default model as removable after loading models', async () => {
+    mockSystemApi.fetchAvailableModels.mockResolvedValue({
+      default: 'manually-supported-id',
+      default_provider: 'deepseek',
+      groups: [{
+        provider: 'deepseek',
+        label: 'DeepSeek',
+        base_url: 'https://api.deepseek.com/v1',
+        models: ['deepseek-v4-flash'],
+        api_key: '',
+      }],
+      allProviders: [],
+      model_aliases: {},
+    })
+    const store = useAppStore()
+
+    await store.loadModels()
+
+    expect(store.selectedModel).toBe('manually-supported-id')
+    expect(store.customModels).toEqual({ deepseek: ['manually-supported-id'] })
+  })
+
+  it('loads persisted custom models from the server response', async () => {
+    mockSystemApi.fetchAvailableModels.mockResolvedValue({
+      default: 'gemma-4-26b-a4b-it',
+      default_provider: 'google-ai-studio',
+      groups: [{
+        provider: 'google-ai-studio',
+        label: 'Google AI Studio',
+        base_url: 'https://generativelanguage.googleapis.com/v1beta',
+        models: ['gemma-4-26b-a4b-it'],
+        api_key: '',
+      }],
+      allProviders: [],
+      custom_models: {
+        'google-ai-studio': ['gemma-4-26b-a4b-it'],
+      },
+    })
+    const store = useAppStore()
+
+    await store.loadModels()
+
+    expect(store.selectedModel).toBe('gemma-4-26b-a4b-it')
+    expect(store.customModels).toEqual({
+      'google-ai-studio': ['gemma-4-26b-a4b-it'],
+    })
+  })
+
+  it('saves and clears model aliases via the Web UI-only alias API', async () => {
+    mockSystemApi.updateModelAlias.mockResolvedValue(undefined)
+    const store = useAppStore()
+
+    await store.setModelAlias('deepseek-v4-flash', 'deepseek', '  Flash Alias  ')
+
+    expect(mockSystemApi.updateModelAlias).toHaveBeenCalledWith({
+      provider: 'deepseek',
+      model: 'deepseek-v4-flash',
+      alias: 'Flash Alias',
+    })
+    expect(store.modelAliases).toEqual({ deepseek: { 'deepseek-v4-flash': 'Flash Alias' } })
+
+    await store.setModelAlias('deepseek-v4-flash', 'deepseek', '')
+    expect(store.modelAliases).toEqual({})
+  })
+
+  it('removes an unlisted custom model and falls back to a listed model when active', async () => {
+    mockSystemApi.updateDefaultModel.mockResolvedValue(undefined)
+    const store = useAppStore()
+    store.modelGroups = [{
+      provider: 'deepseek',
+      label: 'DeepSeek',
+      base_url: 'https://api.deepseek.com/v1',
+      models: ['deepseek-v4-flash'],
+      api_key: '',
+    }]
+    mockSystemApi.addCustomModel.mockResolvedValue({
+      success: true,
+      custom_models: { deepseek: ['test'] },
+    })
+    mockSystemApi.removeCustomModel.mockResolvedValue({
+      success: true,
+      custom_models: {},
+    })
+
+    await store.switchModel('test', 'deepseek')
+    expect(store.selectedModel).toBe('test')
+    expect(store.customModels).toEqual({ deepseek: ['test'] })
+    expect(mockSystemApi.addCustomModel).toHaveBeenCalledWith({
+      provider: 'deepseek',
+      model: 'test',
+    })
+
+    await store.removeCustomModel('test', 'deepseek')
+    expect(store.customModels).toEqual({})
+    expect(mockSystemApi.removeCustomModel).toHaveBeenCalledWith({
+      provider: 'deepseek',
+      model: 'test',
+    })
+    expect(store.selectedModel).toBe('deepseek-v4-flash')
+    expect(mockSystemApi.updateDefaultModel).toHaveBeenLastCalledWith({
+      default: 'deepseek-v4-flash',
+      provider: 'deepseek',
+    })
+  })
+
+  it('removes deleted custom models from loaded model groups immediately', async () => {
+    mockSystemApi.removeCustomModel.mockResolvedValue({
+      success: true,
+      custom_models: {},
+    })
+    const store = useAppStore()
+    store.customModels = { deepseek: ['manual-model'] }
+    store.modelGroups = [{
+      provider: 'deepseek',
+      label: 'DeepSeek',
+      base_url: 'https://api.deepseek.com/v1',
+      models: ['deepseek-v4-flash', 'manual-model'],
+      available_models: ['deepseek-v4-flash', 'manual-model'],
+      api_key: '',
+    }]
+    store.profileModelGroups = [{
+      profile: 'default',
+      default: 'deepseek-v4-flash',
+      default_provider: 'deepseek',
+      groups: [{
+        provider: 'deepseek',
+        label: 'DeepSeek',
+        base_url: 'https://api.deepseek.com/v1',
+        models: ['deepseek-v4-flash', 'manual-model'],
+        available_models: ['deepseek-v4-flash', 'manual-model'],
+        api_key: '',
+      }],
+    }]
+
+    await store.removeCustomModel('manual-model', 'deepseek')
+
+    expect(store.modelGroups[0].models).toEqual(['deepseek-v4-flash'])
+    expect(store.modelGroups[0].available_models).toEqual(['deepseek-v4-flash'])
+    expect(store.profileModelGroups[0].groups[0].models).toEqual(['deepseek-v4-flash'])
+    expect(store.profileModelGroups[0].groups[0].available_models).toEqual(['deepseek-v4-flash'])
+  })
+})
diff --git a/tests/client/chat-input-draft.test.ts b/tests/client/chat-input-draft.test.ts
new file mode 100644
index 0000000..7b8ebba
--- /dev/null
+++ b/tests/client/chat-input-draft.test.ts
@@ -0,0 +1,85 @@
+// @vitest-environment jsdom
+import { describe, expect, it, vi, beforeEach } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { createTestingPinia } from '@pinia/testing'
+import { nextTick } from 'vue'
+import { useChatStore } from '@/stores/hermes/chat'
+import ChatInput from '@/components/hermes/chat/ChatInput.vue'
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({ t: (key: string) => key }),
+}))
+
+vi.mock('naive-ui', () => ({
+  NButton: { template: '<button type="button" v-bind="$attrs"><slot /><slot name="icon" /></button>' },
+  NTooltip: { template: '<div><slot name="trigger" /><slot /></div>' },
+  NSwitch: { template: '<button type="button"></button>' },
+  NModal: { template: '<div><slot /><slot name="footer" /></div>' },
+  NInputNumber: { template: '<input />' },
+  useMessage: () => ({ error: vi.fn(), success: vi.fn() }),
+}))
+
+vi.mock('@/api/hermes/sessions', () => ({
+  fetchContextLength: vi.fn().mockResolvedValue(256000),
+}))
+
+vi.mock('@/api/hermes/model-context', () => ({
+  setModelContext: vi.fn().mockResolvedValue(undefined),
+}))
+
+vi.mock('@/composables/useToolTraceVisibility', () => ({
+  useToolTraceVisibility: () => ({ toolTraceVisible: { value: true }, toggleToolTraceVisible: vi.fn() }),
+}))
+
+function mountForSession(sessionId: string) {
+  const pinia = createTestingPinia({ stubActions: false, createSpy: vi.fn })
+  const chatStore = useChatStore()
+  chatStore.sessions = [
+    { id: sessionId, title: sessionId, source: 'cli', messages: [], createdAt: Date.now(), updatedAt: Date.now() },
+  ]
+  chatStore.activeSessionId = sessionId
+  chatStore.activeSession = chatStore.sessions[0]
+  return mount(ChatInput, { global: { plugins: [pinia] } })
+}
+
+describe('ChatInput draft persistence', () => {
+  beforeEach(() => {
+    localStorage.clear()
+  })
+
+  it('restores unsent text for the active session after the chat view is remounted', async () => {
+    const wrapper = mountForSession('session-a')
+    const textarea = wrapper.get('textarea')
+
+    await textarea.setValue('draft before tab switch')
+    await nextTick()
+    wrapper.unmount()
+
+    const remounted = mountForSession('session-a')
+    await nextTick()
+
+    expect((remounted.get('textarea').element as HTMLTextAreaElement).value).toBe('draft before tab switch')
+  })
+
+  it('stores drafts under one localStorage key mapped by session id', async () => {
+    const wrapperA = mountForSession('session-a')
+    await wrapperA.get('textarea').setValue('draft for session a')
+    await nextTick()
+    wrapperA.unmount()
+
+    const wrapperB = mountForSession('session-b')
+    await wrapperB.get('textarea').setValue('draft for session b')
+    await nextTick()
+    wrapperB.unmount()
+
+    expect(localStorage.getItem('hermes_chat_input_draft_v1')).toBeNull()
+    expect(JSON.parse(localStorage.getItem('hermes_chat_input_drafts_v1') || '{}')).toEqual({
+      'session-a': 'draft for session a',
+      'session-b': 'draft for session b',
+    })
+
+    const remountedA = mountForSession('session-a')
+    await nextTick()
+    expect((remountedA.get('textarea').element as HTMLTextAreaElement).value).toBe('draft for session a')
+  })
+})
diff --git a/tests/client/chat-run-reconnect.test.ts b/tests/client/chat-run-reconnect.test.ts
new file mode 100644
index 0000000..37bccc1
--- /dev/null
+++ b/tests/client/chat-run-reconnect.test.ts
@@ -0,0 +1,192 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const socketState = vi.hoisted(() => ({
+  sockets: [] as any[],
+}))
+
+vi.mock('socket.io-client', () => {
+  function createSocket() {
+    const listeners = new Map<string, Set<(...args: any[]) => void>>()
+
+    const addListener = (event: string, handler: (...args: any[]) => void) => {
+      if (!listeners.has(event)) listeners.set(event, new Set())
+      listeners.get(event)!.add(handler)
+    }
+
+    const removeListener = (event: string, handler: (...args: any[]) => void) => {
+      const eventListeners = listeners.get(event)
+      if (!eventListeners) return
+      for (const candidate of [...eventListeners]) {
+        if (candidate === handler || (candidate as any).__original === handler) {
+          eventListeners.delete(candidate)
+        }
+      }
+    }
+
+    const socket: any = {
+      connected: true,
+      on: vi.fn((event: string, handler: (...args: any[]) => void) => {
+        addListener(event, handler)
+        return socket
+      }),
+      once: vi.fn((event: string, handler: (...args: any[]) => void) => {
+        const wrapped = (...args: any[]) => {
+          removeListener(event, wrapped)
+          handler(...args)
+        }
+        ;(wrapped as any).__original = handler
+        addListener(event, wrapped)
+        return socket
+      }),
+      off: vi.fn((event: string, handler: (...args: any[]) => void) => {
+        removeListener(event, handler)
+        return socket
+      }),
+      removeListener: vi.fn((event: string, handler: (...args: any[]) => void) => {
+        removeListener(event, handler)
+        return socket
+      }),
+      removeAllListeners: vi.fn(() => {
+        listeners.clear()
+        return socket
+      }),
+      emit: vi.fn(),
+      disconnect: vi.fn(() => {
+        socket.connected = false
+      }),
+      __listenerCount: (event: string) => listeners.get(event)?.size || 0,
+      __trigger: (event: string, ...args: any[]) => {
+        if (event === 'connect') socket.connected = true
+        if (event === 'disconnect') socket.connected = false
+        for (const handler of [...(listeners.get(event) || [])]) handler(...args)
+      },
+    }
+
+    return socket
+  }
+
+  return {
+    io: vi.fn(() => {
+      const socket = createSocket()
+      socketState.sockets.push(socket)
+      return socket
+    }),
+  }
+})
+
+vi.mock('../../packages/client/src/api/client', () => ({
+  getApiKey: () => 'test-token',
+  getBaseUrlValue: () => '',
+}))
+
+describe('chat-run socket reconnect handling', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    socketState.sockets = []
+  })
+
+  it('keeps transient mobile disconnects alive and resumes after reconnect', async () => {
+    const { startRunViaSocket } = await import('../../packages/client/src/api/hermes/chat')
+    const onEvent = vi.fn()
+    const onDone = vi.fn()
+    const onError = vi.fn()
+    const onReconnectResume = vi.fn()
+
+    startRunViaSocket(
+      { session_id: 'session-1', input: 'hello', profile: 'default', source: 'cli' },
+      onEvent,
+      onDone,
+      onError,
+      undefined,
+      { onReconnectResume },
+    )
+
+    const socket = socketState.sockets[0]
+    expect(socket.emit).toHaveBeenCalledWith('run', expect.objectContaining({ session_id: 'session-1' }))
+
+    socket.__trigger('disconnect', 'ping timeout')
+    expect(onError).not.toHaveBeenCalled()
+
+    socket.__trigger('connect_error', new Error('temporary reconnect failure'))
+    expect(onError).not.toHaveBeenCalled()
+
+    socket.__trigger('connect')
+    expect(socket.emit).toHaveBeenCalledWith('resume', { session_id: 'session-1', profile: 'default' })
+
+    const resumed = { session_id: 'session-1', messages: [], isWorking: true, events: [] }
+    socket.__trigger('resumed', resumed)
+    expect(onReconnectResume).toHaveBeenCalledWith(resumed)
+
+    socket.__trigger('message.delta', { event: 'message.delta', session_id: 'session-1', delta: 'after reconnect' })
+    expect(onEvent).toHaveBeenCalledWith({ event: 'message.delta', session_id: 'session-1', delta: 'after reconnect' })
+    expect(onDone).not.toHaveBeenCalled()
+  })
+
+  it('keeps fatal disconnects fatal and removes per-run listeners', async () => {
+    const { startRunViaSocket } = await import('../../packages/client/src/api/hermes/chat')
+    const onError = vi.fn()
+
+    startRunViaSocket(
+      { session_id: 'session-1', input: 'hello', profile: 'default', source: 'cli' },
+      vi.fn(),
+      vi.fn(),
+      onError,
+    )
+
+    const socket = socketState.sockets[0]
+    socket.__trigger('disconnect', 'io server disconnect')
+
+    expect(onError).toHaveBeenCalledOnce()
+    expect(onError.mock.calls[0][0].message).toBe('Socket disconnected: io server disconnect')
+    expect(socket.__listenerCount('connect')).toBe(0)
+    expect(socket.__listenerCount('disconnect')).toBe(0)
+    expect(socket.__listenerCount('connect_error')).toBe(0)
+  })
+
+  it('does not attach extra reconnect listeners when the session already has handlers', async () => {
+    const { startRunViaSocket } = await import('../../packages/client/src/api/hermes/chat')
+    const body = { session_id: 'session-1', input: 'hello', profile: 'default', source: 'cli' as const }
+
+    startRunViaSocket(body, vi.fn(), vi.fn(), vi.fn())
+    const socket = socketState.sockets[0]
+    expect(socket.__listenerCount('connect')).toBe(1)
+    expect(socket.__listenerCount('disconnect')).toBe(1)
+
+    startRunViaSocket(body, vi.fn(), vi.fn(), vi.fn())
+    expect(socket.__listenerCount('connect')).toBe(1)
+    expect(socket.__listenerCount('disconnect')).toBe(1)
+    expect(socket.emit).toHaveBeenCalledWith('run', body)
+  })
+
+  it('fans session.command events to run-local and global handlers', async () => {
+    const { onSessionCommand, startRunViaSocket } = await import('../../packages/client/src/api/hermes/chat')
+    const onEvent = vi.fn()
+    const onGlobalCommand = vi.fn()
+    const offGlobalCommand = onSessionCommand(onGlobalCommand)
+
+    startRunViaSocket(
+      { session_id: 'session-1', input: '/goal status', profile: 'default', source: 'cli' },
+      onEvent,
+      vi.fn(),
+      vi.fn(),
+    )
+
+    const socket = socketState.sockets[0]
+    const event = {
+      event: 'session.command',
+      session_id: 'session-1',
+      command: 'goal',
+      action: 'status',
+      message: 'Goal (active, 0/20 turns): write site',
+    }
+
+    socket.__trigger('session.command', event)
+
+    expect(onEvent).toHaveBeenCalledWith(event)
+    expect(onGlobalCommand).toHaveBeenCalledWith(event)
+
+    offGlobalCommand()
+    socket.__trigger('session.command', { ...event, message: 'next status' })
+    expect(onGlobalCommand).toHaveBeenCalledTimes(1)
+  })
+})
diff --git a/tests/client/chat-store-compression-state.test.ts b/tests/client/chat-store-compression-state.test.ts
new file mode 100644
index 0000000..fc15ee7
--- /dev/null
+++ b/tests/client/chat-store-compression-state.test.ts
@@ -0,0 +1,96 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { createPinia, setActivePinia } from 'pinia'
+
+const chatApi = vi.hoisted(() => ({
+  resumeSession: vi.fn(),
+  registerSessionHandlers: vi.fn(),
+  unregisterSessionHandlers: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/chat', () => ({
+  startRunViaSocket: vi.fn(),
+  resumeSession: chatApi.resumeSession,
+  registerSessionHandlers: chatApi.registerSessionHandlers,
+  unregisterSessionHandlers: chatApi.unregisterSessionHandlers,
+  getChatRunSocket: vi.fn(() => ({ emit: vi.fn() })),
+  respondToolApproval: vi.fn(),
+  respondClarify: vi.fn(),
+  onPeerUserMessage: vi.fn(() => vi.fn()),
+  onSessionCommand: vi.fn(() => vi.fn()),
+}))
+
+vi.mock('@/api/client', () => ({
+  getActiveProfileName: () => 'default',
+}))
+
+vi.mock('@/api/hermes/sessions', () => ({
+  deleteSession: vi.fn(),
+  fetchSession: vi.fn(),
+  fetchSessions: vi.fn(),
+  setSessionModel: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/download', () => ({
+  getDownloadUrl: (_path: string, name: string) => `/download/${name}`,
+}))
+
+vi.mock('@/utils/completion-sound', () => ({
+  primeCompletionSound: vi.fn(),
+  playCompletionSound: vi.fn(),
+}))
+
+import { useChatStore, type Session } from '@/stores/hermes/chat'
+
+function makeSession(id: string): Session {
+  return {
+    id,
+    title: id,
+    messages: [],
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+  }
+}
+
+describe('chat store compression state', () => {
+  beforeEach(() => {
+    vi.resetAllMocks()
+    setActivePinia(createPinia())
+    chatApi.resumeSession.mockImplementation((sessionId: string, onResumed: (data: any) => void) => {
+      onResumed({
+        session_id: sessionId,
+        messages: [],
+        isWorking: sessionId === 'session-1',
+        events: [],
+      })
+      return {} as any
+    })
+  })
+
+  it('does not show a background session compression indicator in the active session', async () => {
+    const store = useChatStore()
+    store.sessions = [makeSession('session-1'), makeSession('session-2')]
+
+    await store.switchSession('session-1')
+    const handlers = chatApi.registerSessionHandlers.mock.calls.find(call => call[0] === 'session-1')?.[1]
+    expect(handlers).toBeTruthy()
+
+    await store.switchSession('session-2')
+    handlers.onCompressionStarted({
+      event: 'compression.started',
+      session_id: 'session-1',
+      message_count: 6,
+      token_count: 1234,
+    })
+
+    expect(store.activeSessionId).toBe('session-2')
+    expect(store.compressionState).toBeNull()
+
+    await store.switchSession('session-1')
+    expect(store.compressionState).toEqual(expect.objectContaining({
+      compressing: true,
+      messageCount: 6,
+      beforeTokens: 1234,
+    }))
+  })
+})
diff --git a/tests/client/chat-store-session-command.test.ts b/tests/client/chat-store-session-command.test.ts
new file mode 100644
index 0000000..bbb529d
--- /dev/null
+++ b/tests/client/chat-store-session-command.test.ts
@@ -0,0 +1,132 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { createPinia, setActivePinia } from 'pinia'
+
+const chatApi = vi.hoisted(() => ({
+  registerSessionHandlers: vi.fn(),
+  unregisterSessionHandlers: vi.fn(),
+  getChatRunSocket: vi.fn(() => ({ emit: vi.fn() })),
+  sessionCommandHandlers: [] as Array<(event: any) => void>,
+  peerUserMessageHandlers: [] as Array<(event: any) => void>,
+}))
+
+vi.mock('@/api/hermes/chat', () => ({
+  startRunViaSocket: vi.fn(),
+  resumeSession: vi.fn(),
+  registerSessionHandlers: chatApi.registerSessionHandlers,
+  unregisterSessionHandlers: chatApi.unregisterSessionHandlers,
+  getChatRunSocket: chatApi.getChatRunSocket,
+  respondToolApproval: vi.fn(),
+  respondClarify: vi.fn(),
+  onPeerUserMessage: vi.fn((handler: (event: any) => void) => {
+    chatApi.peerUserMessageHandlers.push(handler)
+    return vi.fn()
+  }),
+  onSessionCommand: vi.fn((handler: (event: any) => void) => {
+    chatApi.sessionCommandHandlers.push(handler)
+    return vi.fn()
+  }),
+}))
+
+vi.mock('@/api/client', () => ({
+  getActiveProfileName: () => 'default',
+}))
+
+vi.mock('@/api/hermes/sessions', () => ({
+  deleteSession: vi.fn(),
+  fetchSession: vi.fn(),
+  fetchSessions: vi.fn(),
+  setSessionModel: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/download', () => ({
+  getDownloadUrl: (_path: string, name: string) => `/download/${name}`,
+}))
+
+vi.mock('@/utils/completion-sound', () => ({
+  primeCompletionSound: vi.fn(),
+  playCompletionSound: vi.fn(),
+}))
+
+import { useChatStore, type Session } from '@/stores/hermes/chat'
+
+function makeSession(): Session {
+  return {
+    id: 'session-1',
+    title: 'session',
+    messages: [],
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+  }
+}
+
+describe('chat store session.command fanout', () => {
+  beforeEach(() => {
+    vi.resetAllMocks()
+    chatApi.sessionCommandHandlers = []
+    chatApi.peerUserMessageHandlers = []
+    setActivePinia(createPinia())
+  })
+
+  it('attaches to a goal resume run started from another window', () => {
+    const store = useChatStore()
+    const session = makeSession()
+    store.sessions = [session]
+    store.activeSessionId = 'session-1'
+    store.activeSession = session
+
+    expect(chatApi.sessionCommandHandlers).toHaveLength(1)
+
+    chatApi.sessionCommandHandlers[0]({
+      event: 'session.command',
+      session_id: 'session-1',
+      command: 'goal',
+      action: 'resume',
+      message: 'Goal resumed',
+      started: true,
+      terminal: false,
+    })
+
+    expect(store.isStreaming).toBe(true)
+    expect(chatApi.registerSessionHandlers).toHaveBeenCalledWith('session-1', expect.objectContaining({
+      onRunStarted: expect.any(Function),
+      onSessionCommand: expect.any(Function),
+    }))
+    expect(store.messages).toEqual([
+      expect.objectContaining({
+        role: 'command',
+        content: 'Goal resumed',
+        commandAction: 'resume',
+      }),
+    ])
+  })
+
+  it('does not clear the transcript for goal done commands', () => {
+    const store = useChatStore()
+    const session = makeSession()
+    session.messages = [
+      { id: 'user-1', role: 'user', content: 'keep me', timestamp: 1 },
+    ]
+    store.sessions = [session]
+    store.activeSessionId = 'session-1'
+    store.activeSession = session
+
+    chatApi.sessionCommandHandlers[0]({
+      event: 'session.command',
+      session_id: 'session-1',
+      command: 'goal',
+      action: 'clear',
+      message: 'Goal cleared.',
+      terminal: true,
+    })
+
+    expect(store.messages).toEqual([
+      expect.objectContaining({ id: 'user-1', content: 'keep me' }),
+      expect.objectContaining({
+        role: 'command',
+        content: 'Goal cleared.',
+        commandAction: 'clear',
+      }),
+    ])
+  })
+})
diff --git a/tests/client/chat-store-thinking.test.ts b/tests/client/chat-store-thinking.test.ts
new file mode 100644
index 0000000..f0d03de
--- /dev/null
+++ b/tests/client/chat-store-thinking.test.ts
@@ -0,0 +1,90 @@
+// @vitest-environment jsdom
+import { describe, it, expect, beforeEach } from 'vitest'
+import { setActivePinia, createPinia } from 'pinia'
+import { useChatStore } from '@/stores/hermes/chat'
+
+describe('chat store thinkingObservation', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+  })
+
+  it('starts empty', () => {
+    const store = useChatStore()
+    expect(store.getThinkingObservation('any-id')).toBeUndefined()
+  })
+
+  it('records startedAt when delta first introduces an opening tag', () => {
+    const store = useChatStore()
+    store.noteThinkingDelta('msg-1', '', '<think>hi')
+    const ob = store.getThinkingObservation('msg-1')
+    expect(ob).toBeDefined()
+    expect(typeof ob!.startedAt).toBe('number')
+    expect(ob!.endedAt).toBeUndefined()
+  })
+
+  it('records endedAt when delta first introduces closing tag', () => {
+    const store = useChatStore()
+    store.noteThinkingDelta('msg-1', '', '<think>hi')
+    store.noteThinkingDelta('msg-1', '<think>hi', '<think>hi</think>done')
+    const ob = store.getThinkingObservation('msg-1')
+    expect(ob!.startedAt).toBeDefined()
+    expect(typeof ob!.endedAt).toBe('number')
+  })
+
+  it('is idempotent for subsequent openings/closings', () => {
+    const store = useChatStore()
+    store.noteThinkingDelta('m', '', '<think>a</think>')
+    const first = store.getThinkingObservation('m')!
+    const firstStarted = first.startedAt
+    const firstEnded = first.endedAt
+    store.noteThinkingDelta(
+      'm',
+      '<think>a</think>',
+      '<think>a</think><think>b</think>',
+    )
+    const second = store.getThinkingObservation('m')!
+    expect(second.startedAt).toBe(firstStarted)
+    expect(second.endedAt).toBe(firstEnded)
+  })
+
+  it('is ignored when delta is inside a code block', () => {
+    const store = useChatStore()
+    store.noteThinkingDelta('m', '', '```\n<think>fake</think>\n```')
+    expect(store.getThinkingObservation('m')).toBeUndefined()
+  })
+
+  it('clears observations on clearThinkingObservationFor', () => {
+    const store = useChatStore()
+    store.noteThinkingDelta('m', '', '<think>hi</think>')
+    expect(store.getThinkingObservation('m')).toBeDefined()
+    store.clearThinkingObservationFor('any-session')
+    expect(store.getThinkingObservation('m')).toBeUndefined()
+  })
+
+  it('noteReasoningStart records startedAt only once', () => {
+    const store = useChatStore()
+    store.noteReasoningStart('r1')
+    const t1 = store.getThinkingObservation('r1')!.startedAt
+    expect(typeof t1).toBe('number')
+    store.noteReasoningStart('r1')
+    expect(store.getThinkingObservation('r1')!.startedAt).toBe(t1)
+  })
+
+  it('noteReasoningEnd requires prior start', () => {
+    const store = useChatStore()
+    store.noteReasoningEnd('r2')
+    expect(store.getThinkingObservation('r2')).toBeUndefined()
+    store.noteReasoningStart('r2')
+    store.noteReasoningEnd('r2')
+    expect(store.getThinkingObservation('r2')!.endedAt).toBeDefined()
+  })
+
+  it('noteReasoningEnd is idempotent', () => {
+    const store = useChatStore()
+    store.noteReasoningStart('r3')
+    store.noteReasoningEnd('r3')
+    const end1 = store.getThinkingObservation('r3')!.endedAt
+    store.noteReasoningEnd('r3')
+    expect(store.getThinkingObservation('r3')!.endedAt).toBe(end1)
+  })
+})
diff --git a/tests/client/completion-sound.test.ts b/tests/client/completion-sound.test.ts
new file mode 100644
index 0000000..c82aeff
--- /dev/null
+++ b/tests/client/completion-sound.test.ts
@@ -0,0 +1,81 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { __resetCompletionSoundForTests, playCompletionSound, primeCompletionSound } from '@/utils/completion-sound'
+
+function installMockAudioContext(initialState: AudioContextState = 'running') {
+  const oscillator = {
+    type: 'sine' as OscillatorType,
+    frequency: {
+      setValueAtTime: vi.fn(),
+      exponentialRampToValueAtTime: vi.fn(),
+    },
+    connect: vi.fn(),
+    start: vi.fn(),
+    stop: vi.fn(),
+  }
+
+  const gain = {
+    gain: {
+      setValueAtTime: vi.fn(),
+      exponentialRampToValueAtTime: vi.fn(),
+    },
+    connect: vi.fn(),
+  }
+
+  const context = {
+    state: initialState,
+    currentTime: 10,
+    destination: {},
+    resume: vi.fn(async () => {
+      context.state = 'running'
+    }),
+    createOscillator: vi.fn(() => oscillator),
+    createGain: vi.fn(() => gain),
+  }
+
+  const AudioContextMock = vi.fn(() => context)
+  Object.defineProperty(window, 'AudioContext', {
+    configurable: true,
+    writable: true,
+    value: AudioContextMock,
+  })
+
+  return { AudioContextMock, context, oscillator, gain }
+}
+
+describe('completion sound', () => {
+  beforeEach(() => {
+    __resetCompletionSoundForTests()
+    vi.restoreAllMocks()
+    Object.defineProperty(window, 'AudioContext', {
+      configurable: true,
+      writable: true,
+      value: undefined,
+    })
+  })
+
+  it('returns false when Web Audio is unavailable', async () => {
+    await expect(playCompletionSound()).resolves.toBe(false)
+  })
+
+  it('primes a suspended audio context from user interaction', () => {
+    const { context } = installMockAudioContext('suspended')
+
+    primeCompletionSound()
+
+    expect(context.resume).toHaveBeenCalledTimes(1)
+  })
+
+  it('plays a short tone through Web Audio', async () => {
+    const { context, oscillator, gain } = installMockAudioContext('running')
+
+    await expect(playCompletionSound()).resolves.toBe(true)
+
+    expect(context.createOscillator).toHaveBeenCalledTimes(1)
+    expect(context.createGain).toHaveBeenCalledTimes(1)
+    expect(oscillator.connect).toHaveBeenCalledWith(gain)
+    expect(gain.connect).toHaveBeenCalledWith(context.destination)
+    expect(oscillator.start).toHaveBeenCalledWith(10)
+    expect(oscillator.stop).toHaveBeenCalledWith(10.16)
+  })
+})
diff --git a/tests/client/conversation-monitor-pane.test.ts b/tests/client/conversation-monitor-pane.test.ts
new file mode 100644
index 0000000..813b9c8
--- /dev/null
+++ b/tests/client/conversation-monitor-pane.test.ts
@@ -0,0 +1,177 @@
+// @vitest-environment jsdom
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { createPinia, setActivePinia } from 'pinia'
+
+const mockConversationsApi = vi.hoisted(() => ({
+  fetchConversationSummaries: vi.fn(),
+  fetchConversationDetail: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/conversations', () => mockConversationsApi)
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string, params?: Record<string, unknown>) => {
+      if (key === 'chat.linkedSessions' && params?.count != null) return `${params.count} linked`
+      return key
+    },
+  }),
+}))
+
+import ConversationMonitorPane from '@/components/hermes/chat/ConversationMonitorPane.vue'
+
+async function flushPromises() {
+  await Promise.resolve()
+  await Promise.resolve()
+  await Promise.resolve()
+  await Promise.resolve()
+}
+
+function deferred<T>() {
+  let resolve!: (value: T) => void
+  const promise = new Promise<T>(res => {
+    resolve = res
+  })
+  return { promise, resolve }
+}
+
+describe('ConversationMonitorPane', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    setActivePinia(createPinia())
+    vi.useFakeTimers()
+    mockConversationsApi.fetchConversationSummaries.mockResolvedValue([
+      {
+        id: 'conv-1',
+        title: 'First conversation',
+        source: 'cli',
+        model: 'openai/gpt-5.4',
+        started_at: 10,
+        ended_at: 20,
+        last_active: 20,
+        message_count: 2,
+        tool_call_count: 0,
+        input_tokens: 3,
+        output_tokens: 5,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openai',
+        estimated_cost_usd: 0,
+        actual_cost_usd: 0,
+        cost_status: 'estimated',
+        preview: 'preview',
+        is_active: true,
+        thread_session_count: 1,
+      },
+      {
+        id: 'conv-2',
+        title: 'Second conversation',
+        source: 'discord',
+        model: 'openai/gpt-5.4',
+        started_at: 30,
+        ended_at: 40,
+        last_active: 40,
+        message_count: 2,
+        tool_call_count: 0,
+        input_tokens: 3,
+        output_tokens: 5,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openai',
+        estimated_cost_usd: 0,
+        actual_cost_usd: 0,
+        cost_status: 'estimated',
+        preview: 'preview-2',
+        is_active: false,
+        thread_session_count: 2,
+      },
+    ])
+    mockConversationsApi.fetchConversationDetail.mockResolvedValue({
+      session_id: 'conv-1',
+      visible_count: 2,
+      thread_session_count: 1,
+      messages: [
+        { id: 1, session_id: 'conv-1', role: 'user', content: 'hello', timestamp: 11 },
+        { id: 2, session_id: 'conv-1', role: 'assistant', content: 'world', timestamp: 12 },
+      ],
+    })
+  })
+
+  afterEach(() => {
+    vi.useRealTimers()
+  })
+
+  it('loads conversations and the first transcript using the humanOnly preference', async () => {
+    const wrapper = mount(ConversationMonitorPane, {
+      props: { humanOnly: true },
+    })
+
+    await flushPromises()
+
+    expect(mockConversationsApi.fetchConversationSummaries).toHaveBeenCalledWith({ humanOnly: true })
+    expect(mockConversationsApi.fetchConversationDetail).toHaveBeenCalledWith('conv-1', { humanOnly: true })
+    expect(wrapper.text()).toContain('First conversation')
+    expect(wrapper.text()).toContain('hello')
+    expect(wrapper.text()).toContain('world')
+  })
+
+  it('ignores stale detail responses when selection changes quickly', async () => {
+    const first = deferred<any>()
+    const second = deferred<any>()
+    mockConversationsApi.fetchConversationDetail
+      .mockReturnValueOnce(first.promise)
+      .mockReturnValueOnce(second.promise)
+
+    const wrapper = mount(ConversationMonitorPane, {
+      props: { humanOnly: true },
+    })
+
+    await flushPromises()
+    expect(mockConversationsApi.fetchConversationDetail).toHaveBeenCalledWith('conv-1', { humanOnly: true })
+
+    const sessionButtons = wrapper.findAll('.conversation-monitor__session')
+    expect(sessionButtons).toHaveLength(2)
+    await sessionButtons[1].trigger('click')
+
+    expect(mockConversationsApi.fetchConversationDetail).toHaveBeenLastCalledWith('conv-2', { humanOnly: true })
+
+    second.resolve({
+      session_id: 'conv-2',
+      visible_count: 1,
+      thread_session_count: 2,
+      messages: [
+        { id: 21, session_id: 'conv-2', role: 'assistant', content: 'newer detail wins', timestamp: 41 },
+      ],
+    })
+    await flushPromises()
+
+    first.resolve({
+      session_id: 'conv-1',
+      visible_count: 1,
+      thread_session_count: 1,
+      messages: [
+        { id: 11, session_id: 'conv-1', role: 'assistant', content: 'stale detail loses', timestamp: 12 },
+      ],
+    })
+    await flushPromises()
+
+    const renderedMessages = wrapper.findAll('.conversation-monitor__message-content').map(node => node.text())
+    expect(renderedMessages).toEqual(['newer detail wins'])
+  })
+
+  it('clears the polling interval on unmount', async () => {
+    const clearIntervalSpy = vi.spyOn(globalThis, 'clearInterval')
+
+    const wrapper = mount(ConversationMonitorPane, {
+      props: { humanOnly: true },
+    })
+
+    await flushPromises()
+    wrapper.unmount()
+
+    expect(clearIntervalSpy).toHaveBeenCalledTimes(1)
+  })
+})
diff --git a/tests/client/conversations-api.test.ts b/tests/client/conversations-api.test.ts
new file mode 100644
index 0000000..4030db7
--- /dev/null
+++ b/tests/client/conversations-api.test.ts
@@ -0,0 +1,39 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const mockRequest = vi.hoisted(() => vi.fn())
+
+vi.mock('@/api/client', () => ({
+  request: mockRequest,
+}))
+
+import { fetchConversationDetail, fetchConversationSummaries } from '@/api/hermes/conversations'
+
+describe('conversations api', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('builds summaries URLs with optional params', async () => {
+    mockRequest.mockResolvedValue({ sessions: [] })
+
+    await fetchConversationSummaries()
+    await fetchConversationSummaries({ humanOnly: false, source: 'cli', limit: 25 })
+
+    expect(mockRequest).toHaveBeenNthCalledWith(1, '/api/hermes/sessions/conversations')
+    expect(mockRequest).toHaveBeenNthCalledWith(2, '/api/hermes/sessions/conversations?humanOnly=false&source=cli&limit=25')
+  })
+
+  it('encodes detail URLs and forwards optional params', async () => {
+    mockRequest.mockResolvedValue({ session_id: 'conv', messages: [], visible_count: 0, thread_session_count: 1 })
+
+    await fetchConversationDetail('folder/with spaces', { humanOnly: false, source: 'discord' })
+
+    expect(mockRequest).toHaveBeenCalledWith('/api/hermes/sessions/conversations/folder%2Fwith%20spaces/messages?humanOnly=false&source=discord')
+  })
+
+  it('propagates conversation detail errors so the monitor can render an error state', async () => {
+    mockRequest.mockRejectedValue(new Error('boom'))
+
+    await expect(fetchConversationDetail('conv-1', { humanOnly: true })).rejects.toThrow('boom')
+  })
+})
diff --git a/tests/client/copilot-login-modal.test.ts b/tests/client/copilot-login-modal.test.ts
new file mode 100644
index 0000000..c7ecf35
--- /dev/null
+++ b/tests/client/copilot-login-modal.test.ts
@@ -0,0 +1,133 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount, flushPromises } from '@vue/test-utils'
+
+const mockApi = vi.hoisted(() => ({
+  startCopilotLogin: vi.fn(),
+  pollCopilotLogin: vi.fn(),
+}))
+
+const mockMessage = vi.hoisted(() => ({
+  success: vi.fn(),
+  warning: vi.fn(),
+  error: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/copilot-auth', () => mockApi)
+vi.mock('@/utils/clipboard', () => ({ copyToClipboard: vi.fn(async () => true) }))
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({ t: (k: string) => k }),
+}))
+vi.mock('naive-ui', () => ({
+  NModal: { template: '<div><slot /><slot name="footer" /></div>' },
+  NButton: { template: '<button @click="$emit(\'click\')"><slot /></button>' },
+  NSpin: { template: '<span class="spin" />' },
+  useMessage: () => mockMessage,
+}))
+
+import CopilotLoginModal from '@/components/hermes/models/CopilotLoginModal.vue'
+
+function mountModal() {
+  return mount(CopilotLoginModal)
+}
+
+describe('CopilotLoginModal device-flow state machine', () => {
+  beforeEach(() => {
+    vi.useFakeTimers()
+    mockApi.startCopilotLogin.mockReset()
+    mockApi.pollCopilotLogin.mockReset()
+    mockMessage.success.mockReset()
+    mockMessage.warning.mockReset()
+    mockMessage.error.mockReset()
+  })
+
+  it('启动后进入 waiting 并显示 user_code', async () => {
+    mockApi.startCopilotLogin.mockResolvedValue({
+      session_id: 'sess-1',
+      user_code: 'ABCD-1234',
+      verification_url: 'https://github.com/login/device',
+      expires_in: 900,
+      interval: 5,
+    })
+    mockApi.pollCopilotLogin.mockResolvedValue({ status: 'pending', error: null })
+
+    const wrapper = mountModal()
+    await flushPromises()
+
+    expect(wrapper.text()).toContain('ABCD-1234')
+    expect(mockApi.startCopilotLogin).toHaveBeenCalledTimes(1)
+  })
+
+  it('approved 时 emit success 且消息为 copilotApproved', async () => {
+    mockApi.startCopilotLogin.mockResolvedValue({
+      session_id: 'sess-2',
+      user_code: 'WXYZ-9999',
+      verification_url: 'https://github.com/login/device',
+      expires_in: 900,
+      interval: 5,
+    })
+    mockApi.pollCopilotLogin.mockResolvedValue({ status: 'approved', error: null })
+
+    const wrapper = mountModal()
+    await flushPromises()
+
+    // 推动一次 poll timer
+    await vi.advanceTimersByTimeAsync(3000)
+    await flushPromises()
+
+    expect(mockMessage.success).toHaveBeenCalledWith('models.copilotApproved')
+
+    // approved 后 1s 自动关闭
+    await vi.advanceTimersByTimeAsync(1500)
+    await flushPromises()
+    expect(wrapper.emitted('success')).toBeTruthy()
+  })
+
+  it('expired 时进入 expired 状态并显示重试按钮', async () => {
+    mockApi.startCopilotLogin.mockResolvedValue({
+      session_id: 'sess-3',
+      user_code: 'EXPI-RED!',
+      verification_url: 'https://github.com/login/device',
+      expires_in: 900,
+      interval: 5,
+    })
+    mockApi.pollCopilotLogin.mockResolvedValue({ status: 'expired', error: null })
+
+    const wrapper = mountModal()
+    await flushPromises()
+    await vi.advanceTimersByTimeAsync(3000)
+    await flushPromises()
+
+    expect(wrapper.text()).toContain('models.copilotExpired')
+    expect(wrapper.emitted('success')).toBeFalsy()
+  })
+
+  it('startCopilotLogin 抛错时显示 error 且不 emit success', async () => {
+    mockApi.startCopilotLogin.mockRejectedValue(new Error('boom'))
+
+    const wrapper = mountModal()
+    await flushPromises()
+
+    expect(mockMessage.error).toHaveBeenCalled()
+    expect(wrapper.emitted('success')).toBeFalsy()
+  })
+
+  it('denied 时进入 error 状态', async () => {
+    mockApi.startCopilotLogin.mockResolvedValue({
+      session_id: 'sess-4',
+      user_code: 'NOPE',
+      verification_url: 'https://github.com/login/device',
+      expires_in: 900,
+      interval: 5,
+    })
+    mockApi.pollCopilotLogin.mockResolvedValue({ status: 'denied', error: null })
+
+    const wrapper = mountModal()
+    await flushPromises()
+    await vi.advanceTimersByTimeAsync(3000)
+    await flushPromises()
+
+    expect(wrapper.text()).toContain('models.copilotDenied')
+    expect(wrapper.emitted('success')).toBeFalsy()
+  })
+})
diff --git a/tests/client/default-credential-prompt.test.ts b/tests/client/default-credential-prompt.test.ts
new file mode 100644
index 0000000..8108394
--- /dev/null
+++ b/tests/client/default-credential-prompt.test.ts
@@ -0,0 +1,96 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { nextTick } from 'vue'
+import { flushPromises, mount } from '@vue/test-utils'
+
+const mockPush = vi.hoisted(() => vi.fn())
+const mockFetchCurrentUser = vi.hoisted(() => vi.fn())
+const mockGetApiKey = vi.hoisted(() => vi.fn())
+const routeState = vi.hoisted(() => ({ fullPath: '/hermes/chat', name: 'hermes.chat' as any }))
+
+vi.mock('vue-router', () => ({
+  useRoute: () => routeState,
+  useRouter: () => ({ push: mockPush }),
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('@/api/auth', () => ({
+  fetchCurrentUser: mockFetchCurrentUser,
+}))
+
+vi.mock('@/api/client', () => ({
+  getApiKey: mockGetApiKey,
+}))
+
+vi.mock('naive-ui', async () => {
+  const { defineComponent, h } = await import('vue')
+  return {
+    NModal: defineComponent({
+      props: { show: Boolean, title: String },
+      setup(props, { slots }) {
+        return () => props.show
+          ? h('div', { class: 'modal' }, [
+            h('h2', props.title),
+            slots.default?.(),
+            h('div', { class: 'modal-actions' }, slots.action?.()),
+          ])
+          : null
+      },
+    }),
+    NButton: defineComponent({
+      emits: ['click'],
+      setup(_props, { emit, slots }) {
+        return () => h('button', { onClick: () => emit('click') }, slots.default?.())
+      },
+    }),
+  }
+})
+
+import DefaultCredentialPrompt from '@/components/auth/DefaultCredentialPrompt.vue'
+
+describe('DefaultCredentialPrompt', () => {
+  beforeEach(() => {
+    sessionStorage.clear()
+    vi.clearAllMocks()
+    routeState.fullPath = '/hermes/chat'
+    routeState.name = 'hermes.chat'
+    mockGetApiKey.mockReturnValue('jwt-token')
+  })
+
+  it('prompts after login when the current user still has default credentials', async () => {
+    mockFetchCurrentUser.mockResolvedValue({
+      id: 1,
+      username: 'admin',
+      role: 'super_admin',
+      status: 'active',
+      created_at: 1,
+      updated_at: 1,
+      last_login_at: 1,
+      requiresCredentialChange: true,
+    })
+
+    const wrapper = mount(DefaultCredentialPrompt)
+    await flushPromises()
+    await nextTick()
+
+    expect(mockFetchCurrentUser).toHaveBeenCalledOnce()
+    expect(wrapper.text()).toContain('login.defaultCredentialMessage')
+    await wrapper.findAll('button')[1].trigger('click')
+    expect(mockPush).toHaveBeenCalledWith({ name: 'hermes.settings', query: { tab: 'account' } })
+  })
+
+  it('does not prompt on the login route', async () => {
+    routeState.fullPath = '/'
+    routeState.name = 'login'
+
+    mount(DefaultCredentialPrompt)
+    await Promise.resolve()
+
+    expect(mockFetchCurrentUser).not.toHaveBeenCalled()
+  })
+})
diff --git a/tests/client/file-path.test.ts b/tests/client/file-path.test.ts
new file mode 100644
index 0000000..b9545ff
--- /dev/null
+++ b/tests/client/file-path.test.ts
@@ -0,0 +1,23 @@
+import { describe, expect, it } from 'vitest'
+import { getClipboardPathForEntry } from '@/utils/file-path'
+
+const baseEntry = {
+  name: 'app.log',
+  path: 'logs/app.log',
+  isDir: false,
+  size: 12,
+  modTime: '2026-05-20T00:00:00.000Z',
+}
+
+describe('file path clipboard helpers', () => {
+  it('prefers absolute path metadata when available', () => {
+    expect(getClipboardPathForEntry({
+      ...baseEntry,
+      absolutePath: '/home/agent/.hermes/logs/app.log',
+    })).toBe('/home/agent/.hermes/logs/app.log')
+  })
+
+  it('falls back to the relative operation path for older API responses', () => {
+    expect(getClipboardPathForEntry(baseEntry)).toBe('logs/app.log')
+  })
+})
diff --git a/tests/client/group-chat-mention-options.test.ts b/tests/client/group-chat-mention-options.test.ts
new file mode 100644
index 0000000..8126aa5
--- /dev/null
+++ b/tests/client/group-chat-mention-options.test.ts
@@ -0,0 +1,34 @@
+import { describe, expect, it } from 'vitest'
+import { buildMentionOptions } from '@/components/hermes/group-chat/mention-options'
+
+describe('group chat mention options', () => {
+  const agents = [
+    { name: 'Alice', profile: 'alice-profile' },
+    { name: 'Bob', profile: 'bob-profile' },
+    { name: 'all', profile: 'literal-all-agent' },
+  ]
+
+  it('offers @all before agent mentions when the mention query is empty', () => {
+    expect(buildMentionOptions(agents, '').map(option => option.key)).toEqual([
+      'special:all',
+      'agent:Alice',
+      'agent:Bob',
+    ])
+  })
+
+  it('keeps @all reserved when filtering by all and hides a literal all agent', () => {
+    expect(buildMentionOptions(agents, 'all')).toEqual([
+      {
+        key: 'special:all',
+        type: 'all',
+        name: 'all',
+        label: '@all',
+        description: 'All agents',
+      },
+    ])
+  })
+
+  it('filters normal agent mentions without showing @all for unrelated queries', () => {
+    expect(buildMentionOptions(agents, 'bo').map(option => option.key)).toEqual(['agent:Bob'])
+  })
+})
diff --git a/tests/client/group-chat-store-streaming.test.ts b/tests/client/group-chat-store-streaming.test.ts
new file mode 100644
index 0000000..2c3d213
--- /dev/null
+++ b/tests/client/group-chat-store-streaming.test.ts
@@ -0,0 +1,224 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { createPinia, setActivePinia } from 'pinia'
+import type { ChatMessage, RoomInfo } from '@/api/hermes/group-chat'
+
+const groupChatApiMock = vi.hoisted(() => {
+  const handlers = new Map<string, Function[]>()
+  const socket: any = {
+    connected: true,
+    id: 'socket-1',
+    on: vi.fn((event: string, cb: Function) => {
+      const existing = handlers.get(event) || []
+      existing.push(cb)
+      handlers.set(event, existing)
+      return socket
+    }),
+    emit: vi.fn((event: string, _data?: unknown, ack?: Function) => {
+      if (event === 'join' && ack) ack({ members: [], agents: [], typingUsers: [], contextStatuses: [] })
+      return socket
+    }),
+    disconnect: vi.fn(),
+  }
+  return {
+    handlers,
+    socket,
+    connectGroupChat: vi.fn(() => socket),
+    disconnectGroupChat: vi.fn(),
+    getSocket: vi.fn(() => socket),
+    getStoredUserId: vi.fn(() => 'user-1'),
+    getStoredUserName: vi.fn(() => 'tester'),
+    createRoom: vi.fn(),
+    listRooms: vi.fn(),
+    getRoomDetail: vi.fn(),
+    joinRoomByCode: vi.fn(),
+    addAgent: vi.fn(),
+    listAgents: vi.fn(),
+    removeAgent: vi.fn(),
+    cloneRoom: vi.fn(),
+    deleteRoom: vi.fn(),
+    clearRoomContext: vi.fn(),
+  }
+})
+
+vi.mock('@/api/hermes/group-chat', () => groupChatApiMock)
+vi.mock('@/api/client', () => ({ getApiKey: vi.fn(() => 'test-token') }))
+vi.mock('@/api/hermes/download', () => ({ getDownloadUrl: vi.fn((path: string) => `/download?path=${path}`) }))
+
+function emitSocket(event: string, payload: unknown) {
+  for (const cb of groupChatApiMock.handlers.get(event) || []) cb(payload)
+}
+
+const room: RoomInfo = {
+  id: 'room-1',
+  name: 'Test Room',
+  inviteCode: 'ROOM1',
+}
+
+function assistantMessage(overrides: Partial<ChatMessage>): ChatMessage {
+  return {
+    id: 'msg-1',
+    roomId: 'room-1',
+    senderId: 'agent-1',
+    senderName: 'bot',
+    content: '',
+    timestamp: 1,
+    role: 'assistant',
+    ...overrides,
+  }
+}
+
+async function createJoinedStore(initialMessages: ChatMessage[] = []) {
+  groupChatApiMock.getRoomDetail.mockResolvedValue({
+    room,
+    messages: initialMessages,
+    agents: [],
+    members: [],
+  })
+  const { useGroupChatStore } = await import('@/stores/hermes/group-chat')
+  const store = useGroupChatStore()
+  store.connect()
+  await store.joinRoom('room-1')
+  groupChatApiMock.getRoomDetail.mockClear()
+  return store
+}
+
+describe('group chat store streaming merge', () => {
+  beforeEach(() => {
+    vi.useRealTimers()
+    setActivePinia(createPinia())
+    groupChatApiMock.handlers.clear()
+    for (const key of Object.keys(groupChatApiMock)) {
+      const value = (groupChatApiMock as any)[key]
+      if (value?.mockReset && key !== 'socket') value.mockReset()
+    }
+    groupChatApiMock.connectGroupChat.mockReturnValue(groupChatApiMock.socket)
+    groupChatApiMock.getSocket.mockReturnValue(groupChatApiMock.socket)
+    groupChatApiMock.getStoredUserId.mockReturnValue('user-1')
+    groupChatApiMock.getStoredUserName.mockReturnValue('tester')
+    groupChatApiMock.socket.on.mockClear()
+    groupChatApiMock.socket.emit.mockClear()
+    groupChatApiMock.socket.disconnect.mockClear()
+  })
+
+  it('preserves streamed reasoning when the final message supplies content only', async () => {
+    const store = await createJoinedStore()
+
+    emitSocket('message_stream_start', assistantMessage({ id: 'msg-1' }))
+    emitSocket('message_reasoning_delta', { roomId: 'room-1', id: 'msg-1', delta: 'thinking...' })
+    emitSocket('message', assistantMessage({ id: 'msg-1', content: '收到', reasoning: null, reasoning_content: null }))
+
+    expect(store.messages).toHaveLength(1)
+    expect(store.messages[0]).toMatchObject({
+      id: 'msg-1',
+      content: '收到',
+      reasoning: 'thinking...',
+      reasoning_content: 'thinking...',
+      isStreaming: false,
+    })
+  })
+
+  it('preserves streamed content when the final message payload is blank', async () => {
+    const store = await createJoinedStore()
+
+    emitSocket('message_stream_start', assistantMessage({ id: 'msg-1' }))
+    emitSocket('message_stream_delta', { roomId: 'room-1', id: 'msg-1', delta: 'final' })
+    emitSocket('message_stream_delta', { roomId: 'room-1', id: 'msg-1', delta: ' answer' })
+    emitSocket('message', assistantMessage({ id: 'msg-1', content: '', reasoning: 'thinking...' }))
+
+    expect(store.messages).toHaveLength(1)
+    expect(store.messages[0]).toMatchObject({
+      id: 'msg-1',
+      content: 'final answer',
+      reasoning: 'thinking...',
+      isStreaming: false,
+    })
+  })
+
+  it('ignores late content deltas for a completed message', async () => {
+    const store = await createJoinedStore()
+
+    emitSocket('message', assistantMessage({ id: 'msg-1', content: 'final answer', reasoning: 'thinking...' }))
+    emitSocket('message_stream_delta', { roomId: 'room-1', id: 'msg-1', delta: ' stale' })
+
+    expect(store.messages).toHaveLength(1)
+    expect(store.messages[0]).toMatchObject({
+      id: 'msg-1',
+      content: 'final answer',
+      reasoning: 'thinking...',
+      isStreaming: false,
+    })
+  })
+
+  it('ignores late reasoning deltas for a completed message', async () => {
+    const store = await createJoinedStore()
+
+    emitSocket('message', assistantMessage({ id: 'msg-1', content: 'final answer', reasoning: 'thinking...' }))
+    emitSocket('message_reasoning_delta', { roomId: 'room-1', id: 'msg-1', delta: ' stale' })
+
+    expect(store.messages).toHaveLength(1)
+    expect(store.messages[0]).toMatchObject({
+      id: 'msg-1',
+      content: 'final answer',
+      reasoning: 'thinking...',
+      isStreaming: false,
+    })
+  })
+
+  it('ignores a late empty stream start for a completed message', async () => {
+    const store = await createJoinedStore()
+
+    emitSocket('message', assistantMessage({ id: 'msg-1', content: 'final answer', reasoning: 'thinking...' }))
+    emitSocket('message_stream_start', assistantMessage({ id: 'msg-1', content: '', timestamp: 2 }))
+
+    expect(store.messages).toHaveLength(1)
+    expect(store.messages[0]).toMatchObject({
+      id: 'msg-1',
+      content: 'final answer',
+      reasoning: 'thinking...',
+      isStreaming: false,
+    })
+  })
+
+  it('ignores a late stream start for a completed empty tool-call message', async () => {
+    const store = await createJoinedStore()
+    const toolCalls = [{ id: 'tool-1', type: 'function', function: { name: 'lookup', arguments: '{}' } }]
+
+    emitSocket('message', assistantMessage({ id: 'msg-1', content: '', tool_calls: toolCalls }))
+    emitSocket('message_stream_start', assistantMessage({ id: 'msg-1', content: '', timestamp: 2 }))
+    emitSocket('message_stream_delta', { roomId: 'room-1', id: 'msg-1', delta: ' stale' })
+
+    expect(store.messages).toHaveLength(1)
+    expect(store.messages[0]).toMatchObject({
+      id: 'msg-1',
+      content: '',
+      tool_calls: toolCalls,
+      isStreaming: false,
+    })
+  })
+
+  it('refetches room detail when a stream ends with reasoning but no final content', async () => {
+    vi.useFakeTimers()
+    const store = await createJoinedStore()
+    groupChatApiMock.getRoomDetail.mockResolvedValue({
+      room,
+      agents: [],
+      members: [],
+      messages: [assistantMessage({ id: 'msg-1', content: 'final from db', reasoning: 'thinking...' })],
+    })
+
+    emitSocket('message_stream_start', assistantMessage({ id: 'msg-1' }))
+    emitSocket('message_reasoning_delta', { roomId: 'room-1', id: 'msg-1', delta: 'thinking...' })
+    emitSocket('message_stream_end', { roomId: 'room-1', id: 'msg-1' })
+
+    await vi.runAllTimersAsync()
+
+    expect(groupChatApiMock.getRoomDetail).toHaveBeenCalledWith('room-1')
+    expect(store.messages[0]).toMatchObject({
+      id: 'msg-1',
+      content: 'final from db',
+      reasoning: 'thinking...',
+      isStreaming: false,
+    })
+  })
+})
diff --git a/tests/client/highlight-helper.test.ts b/tests/client/highlight-helper.test.ts
new file mode 100644
index 0000000..13bc2aa
--- /dev/null
+++ b/tests/client/highlight-helper.test.ts
@@ -0,0 +1,81 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const highlightJsMock = vi.hoisted(() => ({
+  getLanguage: vi.fn((lang?: string) => ['shell', 'xml', 'yaml', 'bash', 'json'].includes(lang || '')),
+  highlight: vi.fn((content: string, { language }: { language: string }) => ({
+    value: `<span class="mock-${language}">${content}</span>`,
+  })),
+  registerLanguage: vi.fn(),
+}))
+
+vi.mock('highlight.js', () => ({
+  default: highlightJsMock,
+}))
+
+import { normalizeHighlightLanguage, renderHighlightedCodeBlock } from '@/components/hermes/chat/highlight'
+
+describe('highlight helper', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    highlightJsMock.getLanguage.mockImplementation((lang?: string) => ['shell', 'xml', 'yaml', 'bash', 'json'].includes(lang || ''))
+    highlightJsMock.highlight.mockImplementation((content: string, { language }: { language: string }) => ({
+      value: `<span class="mock-${language}">${content}</span>`,
+    }))
+  })
+
+  it.each([
+    ['vue', 'xml'],
+    ['yml', 'yaml'],
+    ['sh', 'bash'],
+    ['zsh', 'bash'],
+    ['shellscript', 'bash'],
+    ['shell', 'shell'],
+  ])('normalizes %s to %s', (input, expected) => {
+    expect(normalizeHighlightLanguage(input)).toBe(expected)
+  })
+
+  it('uses a delegated copy attribute instead of inline javascript', () => {
+    const html = renderHighlightedCodeBlock('x', 'json', 'Copy')
+
+    expect(html).toContain('data-copy-code="true"')
+    expect(html).not.toContain('onclick=')
+  })
+
+  it('preserves shell-session highlighting instead of remapping shell fences to bash', () => {
+    const html = renderHighlightedCodeBlock('$ ls\nfoo.txt\n', 'shell', 'Copy')
+
+    expect(highlightJsMock.highlight).toHaveBeenCalledWith('$ ls\nfoo.txt\n', {
+      language: 'shell',
+      ignoreIllegals: true,
+    })
+    expect(html).toContain('class="code-lang">shell</span>')
+  })
+
+  it('skips highlighting for large known-language blocks when a render limit is set', () => {
+    const html = renderHighlightedCodeBlock('x'.repeat(5000), 'vue', 'Copy', {
+      maxHighlightLength: 2000,
+    })
+
+    expect(highlightJsMock.highlight).not.toHaveBeenCalled()
+    expect(html).toContain('class="code-lang">vue</span>')
+  })
+
+  it('falls back to escaped plaintext for unsupported fence labels', () => {
+    const html = renderHighlightedCodeBlock('<tag>', 'unknown', 'Copy')
+
+    expect(highlightJsMock.highlight).not.toHaveBeenCalled()
+    expect(html).toContain('&lt;tag&gt;')
+    expect(html).toContain('class="code-lang">unknown</span>')
+  })
+
+  it('falls back to escaped plaintext when direct highlighting throws', () => {
+    highlightJsMock.highlight.mockImplementationOnce(() => {
+      throw new Error('boom')
+    })
+
+    const html = renderHighlightedCodeBlock('<tag>', 'vue', 'Copy')
+
+    expect(html).toContain('&lt;tag&gt;')
+    expect(html).toContain('class="code-lang">vue</span>')
+  })
+})
diff --git a/tests/client/highlight-safety.test.ts b/tests/client/highlight-safety.test.ts
new file mode 100644
index 0000000..b8669ab
--- /dev/null
+++ b/tests/client/highlight-safety.test.ts
@@ -0,0 +1,39 @@
+import { describe, expect, it } from 'vitest'
+
+import { renderHighlightedCodeBlock } from '@/components/hermes/chat/highlight'
+
+describe('highlight safety', () => {
+  it('escapes large unknown code content', () => {
+    const html = renderHighlightedCodeBlock('<img src=x onerror=alert(1)>'.repeat(100), 'unknown', 'Copy')
+
+    expect(html).toContain('&lt;img')
+    expect(html).not.toContain('<img')
+  })
+
+  it('does not emit executable HTML for known-language code', () => {
+    const html = renderHighlightedCodeBlock('<script>alert(1)</script>', 'xml', 'Copy')
+
+    expect(html).not.toContain('<script>')
+    expect(html).toContain('&lt;')
+  })
+
+  it('escapes the language label', () => {
+    const html = renderHighlightedCodeBlock('x'.repeat(5000), '<script>alert(1)</script>', 'Copy')
+
+    expect(html).toContain('&lt;script&gt;alert(1)&lt;/script&gt;')
+    expect(html).not.toContain('<script>')
+  })
+
+  it('sanitizes the language class', () => {
+    const html = renderHighlightedCodeBlock('x'.repeat(5000), 'foo bar"><img', 'Copy')
+
+    expect(html).toContain('language-foo-bar---img')
+  })
+
+  it('escapes the copy label', () => {
+    const html = renderHighlightedCodeBlock('x', 'json', 'Copy <now>')
+
+    expect(html).toContain('Copy &lt;now&gt;')
+    expect(html).not.toContain('Copy <now>')
+  })
+})
diff --git a/tests/client/i18n-coverage.test.ts b/tests/client/i18n-coverage.test.ts
new file mode 100644
index 0000000..59f9d1a
--- /dev/null
+++ b/tests/client/i18n-coverage.test.ts
@@ -0,0 +1,165 @@
+import { describe, expect, it, beforeAll } from 'vitest'
+import { readdirSync, readFileSync } from 'fs'
+import { join, relative } from 'path'
+
+import { changelog } from '@/data/changelog'
+import { messages, supportedLocales } from '@/i18n/messages'
+import en from '@/i18n/locales/en'
+import { createI18n } from 'vue-i18n'
+
+const SOURCE_ROOT = join(process.cwd(), 'packages/client/src')
+
+const allMessages: Record<string, Record<string, unknown>> = { en }
+
+function walkFiles(dir: string, files: string[] = []): string[] {
+  for (const entry of readdirSync(dir, { withFileTypes: true })) {
+    const path = join(dir, entry.name)
+    if (entry.isDirectory()) {
+      walkFiles(path, files)
+    } else if (/\.(ts|vue)$/.test(entry.name) && !path.replace(/\\/g, '/').includes('/i18n/locales/')) {
+      files.push(path)
+    }
+  }
+  return files
+}
+
+function collectLiteralTranslationKeys(): string[] {
+  const keys = new Set<string>()
+  const translationCall = /(?:\b|\$)t\(\s*['"]([^'"]+)['"]/g
+
+  for (const file of walkFiles(SOURCE_ROOT)) {
+    const source = readFileSync(file, 'utf8')
+    for (const match of source.matchAll(translationCall)) {
+      keys.add(match[1])
+    }
+  }
+
+  for (const entry of changelog) {
+    for (const change of entry.changes) {
+      keys.add(change)
+    }
+  }
+
+  return [...keys].sort()
+}
+
+function getPath(messages: Record<string, unknown>, key: string): unknown {
+  let current: unknown = messages
+  for (const part of key.split('.')) {
+    if (!current || typeof current !== 'object' || !(part in current)) return undefined
+    current = (current as Record<string, unknown>)[part]
+  }
+  return current
+}
+
+function hasPath(messages: Record<string, unknown>, key: string): boolean {
+  return typeof getPath(messages, key) !== 'undefined'
+}
+
+const SKILLS_USAGE_LOCALIZED_KEYS = [
+  'sidebar.skillsUsage',
+  'skillsUsage.title',
+  'skillsUsage.subtitle',
+  'skillsUsage.refresh',
+  'skillsUsage.periodSelector',
+  'skillsUsage.periodLabel',
+  'skillsUsage.summary',
+  'skillsUsage.totalActions',
+  'skillsUsage.loads',
+  'skillsUsage.edits',
+  'skillsUsage.distinctSkills',
+  'skillsUsage.topSkills',
+  'skillsUsage.dailyTrend',
+  'skillsUsage.periodSummary',
+  'skillsUsage.skill',
+  'skillsUsage.share',
+  'skillsUsage.lastUsed',
+  'skillsUsage.noData',
+  'skillsUsage.loadFailed',
+  'skillsUsage.otherSkills',
+]
+
+const SKILLS_USAGE_COMPACT_LABEL_LIMITS: Record<string, number> = {
+  'skillsUsage.totalActions': 12,
+  'skillsUsage.loads': 10,
+  'skillsUsage.edits': 10,
+  'skillsUsage.distinctSkills': 12,
+  'skillsUsage.topSkills': 16,
+  'skillsUsage.dailyTrend': 16,
+  'skillsUsage.skill': 10,
+  'skillsUsage.share': 10,
+  'skillsUsage.lastUsed': 12,
+  'skillsUsage.otherSkills': 16,
+}
+
+function labelLength(value: unknown): number {
+  return typeof value === 'string' ? Array.from(value.replace(/\{[^}]+\}/g, '')).length : Infinity
+}
+
+describe('i18n locale coverage', () => {
+  const ALLOWED_MISSING_KEYS = new Set([
+    'changelog.new_0_5_4_7',
+    'chat.sessionNotFound',
+  ])
+
+  beforeAll(() => {
+    for (const l of supportedLocales) {
+      if (l !== 'en' && messages[l]) {
+        allMessages[l] = messages[l]
+      }
+    }
+  })
+
+  it('defines every statically referenced translation key in the English source locale', () => {
+    const missing = collectLiteralTranslationKeys()
+      .filter((key) => !hasPath(en, key))
+      .filter((key) => !ALLOWED_MISSING_KEYS.has(key))
+
+    expect(missing).toEqual([])
+  })
+
+  it('defines every statically referenced translation key in effective runtime messages', () => {
+    const requiredKeys = collectLiteralTranslationKeys()
+    const missing = Object.entries(allMessages).flatMap(([locale, localeMessages]) =>
+      requiredKeys
+        .filter((key) => !hasPath(localeMessages, key))
+        .filter((key) => !ALLOWED_MISSING_KEYS.has(key))
+        .map((key) => `${locale}: ${key}`),
+    )
+
+    expect(missing).toEqual([])
+  })
+
+  it('localizes Skills Usage page copy in every non-English locale instead of falling back to English', () => {
+    const englishMessages = messages.en
+    const untranslated = Object.entries(messages).flatMap(([locale, localeMessages]) => {
+      if (locale === 'en') return []
+
+      return SKILLS_USAGE_LOCALIZED_KEYS.flatMap((key) => {
+        const localeValue = getPath(localeMessages, key)
+        if (typeof localeValue === 'undefined') return [`${locale}: ${key} missing`]
+        return localeValue === getPath(englishMessages, key) ? [`${locale}: ${key}`] : []
+      })
+    })
+
+    expect(untranslated).toEqual([])
+  })
+
+
+  it('keeps Skills Usage summary and table labels compact across locales', () => {
+    const oversized = Object.entries(messages).flatMap(([locale, localeMessages]) =>
+      Object.entries(SKILLS_USAGE_COMPACT_LABEL_LIMITS).flatMap(([key, maxLength]) => {
+        const localeValue = getPath(localeMessages, key)
+        return labelLength(localeValue) > maxLength
+          ? [`${locale}: ${key} (${labelLength(localeValue)} > ${maxLength})`]
+          : []
+      }),
+    )
+
+    expect(oversized).toEqual([])
+  })
+
+  it('keeps the coverage scanner rooted in client source files', () => {
+    expect(relative(process.cwd(), SOURCE_ROOT)).toBe(join('packages', 'client', 'src'))
+  })
+})
diff --git a/tests/client/job-form-modal.test.ts b/tests/client/job-form-modal.test.ts
new file mode 100644
index 0000000..c0a21f0
--- /dev/null
+++ b/tests/client/job-form-modal.test.ts
@@ -0,0 +1,135 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { defineComponent } from 'vue'
+import { flushPromises, mount } from '@vue/test-utils'
+
+const mockMessage = vi.hoisted(() => ({
+  warning: vi.fn(),
+  success: vi.fn(),
+  error: vi.fn(),
+}))
+
+const mockSettingsStore = vi.hoisted(() => ({
+  platforms: {} as Record<string, any>,
+  fetchSettings: vi.fn(async () => {
+    mockSettingsStore.platforms = {
+      telegram: { token: 'telegram-token' },
+      discord: { token: 'discord-token' },
+      slack: { token: 'slack-token' },
+      whatsapp: { enabled: true },
+      matrix: { token: 'matrix-token' },
+      weixin: { token: 'weixin-token' },
+      wecom: { extra: { bot_id: 'wecom-bot' } },
+      feishu: { extra: { app_id: 'feishu-app' } },
+      dingtalk: { extra: { client_id: 'dingtalk-client' } },
+      qqbot: { extra: { app_id: 'qq-app', client_secret: 'qq-secret' } },
+    }
+  }),
+}))
+
+const mockJobsStore = vi.hoisted(() => ({
+  createJob: vi.fn(),
+  updateJob: vi.fn(),
+}))
+
+vi.mock('@/stores/hermes/settings', () => ({
+  useSettingsStore: () => mockSettingsStore,
+}))
+
+vi.mock('@/stores/hermes/jobs', () => ({
+  useJobsStore: () => mockJobsStore,
+}))
+
+vi.mock('@/api/hermes/jobs', async () => {
+  const actual = await vi.importActual<any>('@/api/hermes/jobs')
+  return {
+    ...actual,
+    getJob: vi.fn(),
+  }
+})
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('naive-ui', () => ({
+  NModal: defineComponent({
+    template: '<div class="n-modal-stub"><slot /><slot name="footer" /></div>',
+  }),
+  NForm: defineComponent({ template: '<form><slot /></form>' }),
+  NFormItem: defineComponent({ template: '<div><slot /></div>' }),
+  NInput: defineComponent({
+    props: { value: { type: String, required: false } },
+    emits: ['update:value'],
+    template: '<input class="n-input-stub" :value="value" @input="$emit(\'update:value\', $event.target.value)" />',
+  }),
+  NInputNumber: defineComponent({
+    props: { value: { required: false } },
+    emits: ['update:value'],
+    template: '<input class="n-input-number-stub" :value="value" type="number" @input="$emit(\'update:value\', Number($event.target.value))" />',
+  }),
+  NSelect: defineComponent({
+    props: { value: { required: false }, options: { type: Array, default: () => [] } },
+    emits: ['update:value'],
+    template: '<select class="n-select-stub"><option v-for="option in options" :key="option.value" :value="option.value" :disabled="option.disabled">{{ option.label }}</option></select>',
+  }),
+  NButton: defineComponent({
+    emits: ['click'],
+    template: '<button class="n-button-stub" @click.prevent="$emit(\'click\')"><slot /></button>',
+  }),
+  useMessage: () => mockMessage,
+}))
+
+import JobFormModal from '@/components/hermes/jobs/JobFormModal.vue'
+
+describe('JobFormModal deliver targets', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mockSettingsStore.platforms = {}
+  })
+
+  it('loads platform settings when the store has not been hydrated', async () => {
+    mount(JobFormModal, {
+      props: { jobId: null },
+    })
+
+    await flushPromises()
+
+    expect(mockSettingsStore.fetchSettings).toHaveBeenCalledOnce()
+  })
+
+  it('shows every supported platform channel in deliver target options', async () => {
+    mockSettingsStore.platforms = {
+      telegram: { token: 'telegram-token' },
+      whatsapp: { enabled: false },
+      qqbot: { extra: { app_id: 'qq-app', client_secret: 'qq-secret' } },
+    }
+    const wrapper = mount(JobFormModal, {
+      props: { jobId: null },
+    })
+
+    await flushPromises()
+
+    expect(mockSettingsStore.fetchSettings).not.toHaveBeenCalled()
+    const labels = wrapper.findAll('.n-select-stub')[1].text()
+    expect(labels).toContain('Telegram')
+    expect(labels).toContain('Discord')
+    expect(labels).toContain('Slack')
+    expect(labels).toContain('WhatsApp')
+    expect(labels).toContain('Matrix')
+    expect(labels).toContain('WeChat')
+    expect(labels).toContain('WeCom')
+    expect(labels).toContain('Feishu')
+    expect(labels).toContain('DingTalk')
+    expect(labels).toContain('QQBot')
+
+    const options = wrapper.findAll('.n-select-stub')[1].findAll('option')
+    const optionByValue = Object.fromEntries(options.map(option => [option.attributes('value'), option]))
+    expect(optionByValue.telegram.attributes('disabled')).toBeUndefined()
+    expect(optionByValue.qqbot.attributes('disabled')).toBeUndefined()
+    expect(optionByValue.discord.attributes('disabled')).toBe('')
+    expect(optionByValue.whatsapp.attributes('disabled')).toBe('')
+  })
+})
diff --git a/tests/client/jobs.test.ts b/tests/client/jobs.test.ts
new file mode 100644
index 0000000..a72f3ab
--- /dev/null
+++ b/tests/client/jobs.test.ts
@@ -0,0 +1,138 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const mockFetch = vi.fn()
+vi.stubGlobal('fetch', mockFetch)
+
+vi.mock('@/router', () => ({
+  default: {
+    currentRoute: { value: { name: 'hermes.jobs' } },
+    replace: vi.fn(),
+  },
+}))
+
+import {
+  buildJobUpdateRequest,
+  scheduleToDisplayText,
+  scheduleToEditableInput,
+  updateJob,
+} from '../../packages/client/src/api/hermes/jobs'
+import { listCronRuns } from '../../packages/client/src/api/hermes/cron-history'
+import type { Job } from '../../packages/client/src/api/hermes/jobs'
+
+function makeJob(overrides: Partial<Job> = {}): Job {
+  return {
+    job_id: 'job-1',
+    id: 'job-1',
+    name: 'artifact cleanup',
+    prompt: 'short prompt',
+    skills: [],
+    skill: null,
+    model: null,
+    provider: null,
+    base_url: null,
+    script: null,
+    schedule: { kind: 'interval', minutes: 7200, display: 'every 7200m' },
+    schedule_display: 'every 7200m',
+    repeat: { times: null, completed: 0 },
+    enabled: true,
+    state: 'scheduled',
+    paused_at: null,
+    paused_reason: null,
+    created_at: '2026-04-30T00:00:00Z',
+    next_run_at: null,
+    last_run_at: null,
+    last_status: null,
+    last_error: null,
+    deliver: 'origin',
+    origin: null,
+    last_delivery_error: null,
+    ...overrides,
+  }
+}
+
+describe('Hermes jobs edit payloads', () => {
+  beforeEach(() => {
+    localStorage.clear()
+    vi.clearAllMocks()
+  })
+
+  it('uses display text for interval schedules without manufacturing expr', () => {
+    const schedule = { kind: 'interval' as const, minutes: 7200, display: 'every 7200m' }
+
+    expect(scheduleToEditableInput(schedule, '')).toBe('every 7200m')
+    expect(scheduleToDisplayText(schedule, '—')).toBe('every 7200m')
+  })
+
+  it('keeps cron expr as the editable schedule string', () => {
+    const schedule = { kind: 'cron' as const, expr: '0 9 * * 1', display: '0 9 * * 1' }
+
+    expect(scheduleToEditableInput(schedule, '')).toBe('0 9 * * 1')
+    expect(scheduleToDisplayText(schedule, '—')).toBe('0 9 * * 1')
+  })
+
+  it('omits unchanged long prompts from name-only updates', () => {
+    const prompt = 'x'.repeat(9484)
+    const original = makeJob({ prompt })
+
+    const payload = buildJobUpdateRequest(original, {
+      name: 'artifact cleanup renamed',
+      schedule: 'every 7200m',
+      prompt,
+      deliver: 'origin',
+      repeat_times: null,
+    })
+
+    expect(payload).toEqual({ name: 'artifact cleanup renamed' })
+    expect(payload).not.toHaveProperty('prompt')
+    expect(payload).not.toHaveProperty('schedule')
+  })
+
+  it('sends changed interval schedules as raw strings', () => {
+    const original = makeJob()
+
+    const payload = buildJobUpdateRequest(original, {
+      name: original.name,
+      schedule: 'every 14400m',
+      prompt: original.prompt,
+      deliver: 'origin',
+      repeat_times: null,
+    })
+
+    expect(payload).toEqual({ schedule: 'every 14400m' })
+  })
+
+  it('does not send a PATCH body with structured schedule objects', async () => {
+    const returnedJob = makeJob({ name: 'artifact cleanup renamed' })
+    mockFetch.mockResolvedValue({
+      ok: true,
+      status: 200,
+      json: () => Promise.resolve({ job: returnedJob }),
+    })
+
+    await updateJob('job-1', { name: 'artifact cleanup renamed', schedule: 'every 14400m' })
+
+    expect(mockFetch).toHaveBeenCalledOnce()
+    const [, options] = mockFetch.mock.calls[0]
+    expect(JSON.parse(options.body as string)).toEqual({
+      name: 'artifact cleanup renamed',
+      schedule: 'every 14400m',
+    })
+  })
+
+  it('sends active profile header when loading job run history', async () => {
+    localStorage.setItem('hermes_active_profile_name', 'research')
+    mockFetch.mockResolvedValue({
+      ok: true,
+      status: 200,
+      json: () => Promise.resolve({ runs: [] }),
+    })
+
+    await listCronRuns('job-1')
+
+    expect(mockFetch).toHaveBeenCalledOnce()
+    const [url, options] = mockFetch.mock.calls[0]
+    expect(url).toBe('/api/cron-history?jobId=job-1')
+    expect(options.headers['X-Hermes-Profile']).toBe('research')
+  })
+})
diff --git a/tests/client/kanban-api.test.ts b/tests/client/kanban-api.test.ts
new file mode 100644
index 0000000..9677654
--- /dev/null
+++ b/tests/client/kanban-api.test.ts
@@ -0,0 +1,173 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const mockRequest = vi.hoisted(() => vi.fn())
+const mockGetApiKey = vi.hoisted(() => vi.fn(() => ''))
+const mockGetBaseUrlValue = vi.hoisted(() => vi.fn(() => ''))
+
+vi.mock('../../packages/client/src/api/client', () => ({
+  request: mockRequest,
+  getApiKey: mockGetApiKey,
+  getBaseUrlValue: mockGetBaseUrlValue,
+}))
+
+import {
+  listBoards,
+  createBoard,
+  archiveBoard,
+  getCapabilities,
+  listTasks,
+  getTask,
+  createTask,
+  completeTasks,
+  blockTask,
+  unblockTasks,
+  assignTask,
+  addComment,
+  linkTasks,
+  unlinkTasks,
+  bulkUpdateTasks,
+  getTaskLog,
+  getDiagnostics,
+  reclaimTask,
+  reassignTask,
+  specifyTask,
+  dispatch,
+  getStats,
+  getAssignees,
+  buildKanbanEventsWebSocketUrl,
+} from '../../packages/client/src/api/hermes/kanban'
+
+describe('Kanban API', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    localStorage.clear()
+    mockGetApiKey.mockReturnValue('')
+    mockGetBaseUrlValue.mockReturnValue('')
+  })
+
+  it('builds board-scoped kanban event websocket URLs with auth token', () => {
+    mockGetBaseUrlValue.mockReturnValue('https://wui.example.test')
+    mockGetApiKey.mockReturnValue('token value')
+    localStorage.setItem('hermes_active_profile_name', 'research')
+
+    expect(buildKanbanEventsWebSocketUrl({ board: 'project-a' })).toBe('wss://wui.example.test/api/hermes/kanban/events?board=project-a&token=token+value&profile=research')
+    expect(buildKanbanEventsWebSocketUrl()).toBe('wss://wui.example.test/api/hermes/kanban/events?board=default&token=token+value&profile=research')
+  })
+
+  it('serializes board, list filters, and archived inclusion into query params', async () => {
+    mockRequest.mockResolvedValue({ tasks: [{ id: 'task-1' }] })
+
+    const result = await listTasks({ board: 'default', status: 'blocked', assignee: 'alice', tenant: 'ops', includeArchived: true })
+
+    expect(mockRequest).toHaveBeenCalledWith('/api/hermes/kanban?board=default&status=blocked&assignee=alice&tenant=ops&includeArchived=true')
+    expect(result).toEqual([{ id: 'task-1' }])
+  })
+
+  it('keeps default board explicit when no board is supplied', async () => {
+    mockRequest
+      .mockResolvedValueOnce({ tasks: [] })
+      .mockResolvedValueOnce({ stats: { total: 0, by_status: {}, by_assignee: {} } })
+      .mockResolvedValueOnce({ assignees: [] })
+      .mockResolvedValueOnce({ task: { id: 'task-1' }, comments: [], events: [], runs: [] })
+
+    await listTasks()
+    await getStats()
+    await getAssignees()
+    await getTask('task-1')
+
+    expect(mockRequest.mock.calls.map(call => call[0])).toEqual([
+      '/api/hermes/kanban?board=default',
+      '/api/hermes/kanban/stats?board=default',
+      '/api/hermes/kanban/assignees?board=default',
+      '/api/hermes/kanban/task-1?board=default',
+    ])
+  })
+
+  it('posts create and action payloads with explicit board in the URL', async () => {
+    mockRequest
+      .mockResolvedValueOnce({ task: { id: 'task-1' } })
+      .mockResolvedValueOnce({ ok: true })
+      .mockResolvedValueOnce({ ok: true })
+      .mockResolvedValueOnce({ ok: true })
+      .mockResolvedValueOnce({ ok: true })
+
+    expect(await createTask({ title: 'Ship', assignee: 'alice', priority: 3 }, { board: 'project-a' })).toEqual({ id: 'task-1' })
+    await completeTasks(['task-1'], 'done', { board: 'project-a' })
+    await blockTask('task-1', 'waiting', { board: 'project-a' })
+    await unblockTasks(['task-1'], { board: 'project-a' })
+    await assignTask('task-1', 'bob', { board: 'project-a' })
+
+    expect(mockRequest.mock.calls).toEqual([
+      ['/api/hermes/kanban?board=project-a', { method: 'POST', body: JSON.stringify({ title: 'Ship', assignee: 'alice', priority: 3 }) }],
+      ['/api/hermes/kanban/complete?board=project-a', { method: 'POST', body: JSON.stringify({ task_ids: ['task-1'], summary: 'done' }) }],
+      ['/api/hermes/kanban/task-1/block?board=project-a', { method: 'POST', body: JSON.stringify({ reason: 'waiting' }) }],
+      ['/api/hermes/kanban/unblock?board=project-a', { method: 'POST', body: JSON.stringify({ task_ids: ['task-1'] }) }],
+      ['/api/hermes/kanban/task-1/assign?board=project-a', { method: 'POST', body: JSON.stringify({ profile: 'bob' }) }],
+    ])
+  })
+
+  it('lists and manages boards through explicit board endpoints', async () => {
+    mockRequest
+      .mockResolvedValueOnce({ boards: [{ slug: 'default' }] })
+      .mockResolvedValueOnce({ board: { slug: 'project-a' } })
+      .mockResolvedValueOnce({ ok: true })
+      .mockResolvedValueOnce({ capabilities: { source: 'hermes-cli', supports: { boardsList: true }, missing: [] } })
+      .mockResolvedValueOnce({ stats: { total: 3, by_status: {}, by_assignee: {} } })
+      .mockResolvedValueOnce({ assignees: [{ name: 'alice', on_disk: true, counts: { todo: 1 } }] })
+
+    await expect(listBoards({ includeArchived: true })).resolves.toEqual([{ slug: 'default' }])
+    await expect(createBoard({ slug: 'project-a', name: 'Project A' })).resolves.toEqual({ slug: 'project-a' })
+    await expect(archiveBoard('project-a')).resolves.toEqual({ ok: true })
+    await expect(getCapabilities()).resolves.toEqual({ source: 'hermes-cli', supports: { boardsList: true }, missing: [] })
+    await expect(getStats({ board: 'project-a' })).resolves.toEqual({ total: 3, by_status: {}, by_assignee: {} })
+    await expect(getAssignees({ board: 'project-a' })).resolves.toEqual([{ name: 'alice', on_disk: true, counts: { todo: 1 } }])
+
+    expect(mockRequest.mock.calls).toEqual([
+      ['/api/hermes/kanban/boards?includeArchived=true'],
+      ['/api/hermes/kanban/boards', { method: 'POST', body: JSON.stringify({ slug: 'project-a', name: 'Project A' }) }],
+      ['/api/hermes/kanban/boards/project-a', { method: 'DELETE' }],
+      ['/api/hermes/kanban/capabilities'],
+      ['/api/hermes/kanban/stats?board=project-a'],
+      ['/api/hermes/kanban/assignees?board=project-a'],
+    ])
+  })
+
+  it('calls parity-gap APIs with explicit board query params', async () => {
+    mockRequest
+      .mockResolvedValueOnce({ ok: true, output: 'commented' })
+      .mockResolvedValueOnce({ ok: true, output: 'linked' })
+      .mockResolvedValueOnce({ ok: true, output: 'unlinked' })
+      .mockResolvedValueOnce({ results: [{ id: 'task-1', ok: true }] })
+      .mockResolvedValueOnce({ task_id: 'task-1', path: null, exists: true, size_bytes: 10, content: 'worker log', truncated: false })
+      .mockResolvedValueOnce({ diagnostics: [{ task_id: 'task-1' }] })
+      .mockResolvedValueOnce({ ok: true, output: 'reclaimed' })
+      .mockResolvedValueOnce({ ok: true, output: 'reassigned' })
+      .mockResolvedValueOnce({ results: [{ task_id: 'task-1' }] })
+      .mockResolvedValueOnce({ result: { spawned: 1 } })
+
+    await addComment('task-1', { body: 'needs review', author: 'han' }, { board: 'default' })
+    await linkTasks({ parent_id: 'task-1', child_id: 'task-2' }, { board: 'project-a' })
+    await unlinkTasks({ parent_id: 'task-1', child_id: 'task-2' }, { board: 'project-a' })
+    await expect(bulkUpdateTasks({ ids: ['task-1'], status: 'done', assignee: null, summary: 'closed' }, { board: 'project-a' })).resolves.toEqual({ results: [{ id: 'task-1', ok: true }] })
+    await expect(getTaskLog('task-1', { board: 'default', tail: 4000 })).resolves.toEqual({ task_id: 'task-1', path: null, exists: true, size_bytes: 10, content: 'worker log', truncated: false })
+    await expect(getDiagnostics({ board: 'default', task: 'task-1', severity: 'warning' })).resolves.toEqual([{ task_id: 'task-1' }])
+    await reclaimTask('task-1', { board: 'project-a', reason: 'stale' })
+    await reassignTask('task-1', 'bob', { board: 'project-a', reclaim: true, reason: 'handoff' })
+    await expect(specifyTask('task-1', { board: 'default', author: 'han' })).resolves.toEqual([{ task_id: 'task-1' }])
+    await expect(dispatch({ board: 'default', dryRun: true, max: 2, failureLimit: 3 })).resolves.toEqual({ spawned: 1 })
+
+    expect(mockRequest.mock.calls).toEqual([
+      ['/api/hermes/kanban/task-1/comments?board=default', { method: 'POST', body: JSON.stringify({ body: 'needs review', author: 'han' }) }],
+      ['/api/hermes/kanban/links?board=project-a', { method: 'POST', body: JSON.stringify({ parent_id: 'task-1', child_id: 'task-2' }) }],
+      ['/api/hermes/kanban/links?board=project-a&parent_id=task-1&child_id=task-2', { method: 'DELETE' }],
+      ['/api/hermes/kanban/tasks/bulk?board=project-a', { method: 'POST', body: JSON.stringify({ ids: ['task-1'], status: 'done', assignee: null, summary: 'closed' }) }],
+      ['/api/hermes/kanban/task-1/log?board=default&tail=4000'],
+      ['/api/hermes/kanban/diagnostics?board=default&task=task-1&severity=warning'],
+      ['/api/hermes/kanban/task-1/reclaim?board=project-a', { method: 'POST', body: JSON.stringify({ reason: 'stale' }) }],
+      ['/api/hermes/kanban/task-1/reassign?board=project-a', { method: 'POST', body: JSON.stringify({ profile: 'bob', reclaim: true, reason: 'handoff' }) }],
+      ['/api/hermes/kanban/task-1/specify?board=default', { method: 'POST', body: JSON.stringify({ author: 'han' }) }],
+      ['/api/hermes/kanban/dispatch?board=default', { method: 'POST', body: JSON.stringify({ dryRun: true, max: 2, failureLimit: 3 }) }],
+    ])
+  })
+})
diff --git a/tests/client/kanban-create-form.test.ts b/tests/client/kanban-create-form.test.ts
new file mode 100644
index 0000000..afaa371
--- /dev/null
+++ b/tests/client/kanban-create-form.test.ts
@@ -0,0 +1,97 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { defineComponent } from 'vue'
+import { mount, flushPromises } from '@vue/test-utils'
+
+const mockCreateTask = vi.hoisted(() => vi.fn())
+const mockMessage = vi.hoisted(() => ({
+  warning: vi.fn(),
+  success: vi.fn(),
+  error: vi.fn(),
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('@/stores/hermes/kanban', () => ({
+  useKanbanStore: () => ({
+    assignees: [{ name: 'alice', counts: { todo: 1 } }],
+    createTask: mockCreateTask,
+  }),
+}))
+
+vi.mock('naive-ui', () => ({
+  NModal: defineComponent({
+    emits: ['close'],
+    template: '<div class="n-modal-stub"><slot /><slot name="action" /></div>',
+  }),
+  NForm: defineComponent({ template: '<form><slot /></form>' }),
+  NFormItem: defineComponent({ template: '<div><slot /></div>' }),
+  NInput: defineComponent({
+    props: { value: { type: String, required: false } },
+    emits: ['update:value'],
+    template: '<input class="n-input-stub" :value="value" @input="$emit(\'update:value\', $event.target.value)" />',
+  }),
+  NSelect: defineComponent({
+    props: { value: { required: false }, options: { type: Array, default: () => [] } },
+    emits: ['update:value'],
+    template: '<select class="n-select-stub" @change="$emit(\'update:value\', $event.target.value === \'\' ? null : (/^\\d+$/.test($event.target.value) ? Number($event.target.value) : $event.target.value))"><option value=""></option><option v-for="option in options" :key="option.value" :value="option.value">{{ option.label }}</option></select>',
+  }),
+  NButton: defineComponent({
+    emits: ['click'],
+    template: '<button class="n-button-stub" @click.prevent="$emit(\'click\')"><slot /></button>',
+  }),
+  useMessage: () => mockMessage,
+}))
+
+import KanbanCreateForm from '@/components/hermes/kanban/KanbanCreateForm.vue'
+
+describe('KanbanCreateForm', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('validates required title before submit', async () => {
+    const wrapper = mount(KanbanCreateForm)
+
+    await wrapper.findAll('.n-button-stub')[1].trigger('click')
+
+    expect(mockMessage.warning).toHaveBeenCalledWith('kanban.form.titleRequired')
+    expect(mockCreateTask).not.toHaveBeenCalled()
+  })
+
+  it('submits trimmed values and emits created/close', async () => {
+    mockCreateTask.mockResolvedValue({ id: 'task-1' })
+    const wrapper = mount(KanbanCreateForm)
+
+    const inputs = wrapper.findAll('.n-input-stub')
+    await inputs[0].setValue('  Ship kanban  ')
+    await inputs[1].setValue('  write tests  ')
+    const selects = wrapper.findAll('.n-select-stub')
+    await selects[0].setValue('alice')
+    await selects[1].setValue('3')
+    await wrapper.findAll('.n-button-stub')[1].trigger('click')
+    await flushPromises()
+
+    expect(mockCreateTask).toHaveBeenCalledWith({
+      title: 'Ship kanban',
+      body: 'write tests',
+      assignee: 'alice',
+      priority: 3,
+    })
+    expect(mockMessage.success).toHaveBeenCalledWith('kanban.message.taskCreated')
+    expect(wrapper.emitted('created')).toBeTruthy()
+    expect(wrapper.emitted('close')).toBeTruthy()
+  })
+
+  it('uses compact profile names for assignee options', () => {
+    const wrapper = mount(KanbanCreateForm)
+
+    expect(wrapper.text()).toContain('alice')
+    expect(wrapper.text()).not.toContain('default')
+    expect(wrapper.text()).not.toContain('alice · kanban.stats.tasks')
+  })
+})
diff --git a/tests/client/kanban-store.test.ts b/tests/client/kanban-store.test.ts
new file mode 100644
index 0000000..5a0a880
--- /dev/null
+++ b/tests/client/kanban-store.test.ts
@@ -0,0 +1,361 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { createPinia, setActivePinia } from 'pinia'
+
+const mockKanbanApi = vi.hoisted(() => ({
+  listBoards: vi.fn(),
+  createBoard: vi.fn(),
+  archiveBoard: vi.fn(),
+  getCapabilities: vi.fn(),
+  listTasks: vi.fn(),
+  getStats: vi.fn(),
+  getAssignees: vi.fn(),
+  createTask: vi.fn(),
+  completeTasks: vi.fn(),
+  blockTask: vi.fn(),
+  unblockTasks: vi.fn(),
+  assignTask: vi.fn(),
+  addComment: vi.fn(),
+  linkTasks: vi.fn(),
+  unlinkTasks: vi.fn(),
+  bulkUpdateTasks: vi.fn(),
+  getTaskLog: vi.fn(),
+  getDiagnostics: vi.fn(),
+  reclaimTask: vi.fn(),
+  reassignTask: vi.fn(),
+  specifyTask: vi.fn(),
+  dispatch: vi.fn(),
+  openKanbanEventStream: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/kanban', () => mockKanbanApi)
+
+import { KANBAN_SELECTED_BOARD_STORAGE_KEY, normalizeBoardSlug, useKanbanStore } from '@/stores/hermes/kanban'
+
+describe('Kanban store', () => {
+  it('normalizes board slugs with canonical underscore, uppercase, and length rules', () => {
+    const sixtyFour = 'a'.repeat(64)
+
+    expect(normalizeBoardSlug(' Team_Alpha ')).toBe('team_alpha')
+    expect(normalizeBoardSlug(sixtyFour)).toBe(sixtyFour)
+    expect(normalizeBoardSlug('default')).toBe('default')
+    expect(normalizeBoardSlug('bad/slug')).toBe('default')
+    expect(normalizeBoardSlug('bad.slug')).toBe('default')
+    expect(normalizeBoardSlug('bad slug')).toBe('default')
+  })
+
+  beforeEach(() => {
+    window.localStorage.clear()
+    setActivePinia(createPinia())
+    vi.clearAllMocks()
+    mockKanbanApi.listBoards.mockResolvedValue([
+      { slug: 'default', name: 'Default', archived: false, counts: {}, total: 0 },
+      { slug: 'project-a', name: 'Project A', archived: false, counts: { todo: 1 }, total: 1 },
+    ])
+    mockKanbanApi.getCapabilities.mockResolvedValue({ source: 'hermes-cli', supports: { boardsList: true }, missing: [] })
+    mockKanbanApi.openKanbanEventStream.mockReturnValue({ close: vi.fn(), onmessage: null, onclose: null, onerror: null })
+  })
+
+  it('persists selected board, including default, and falls back to default for missing boards', async () => {
+    const store = useKanbanStore()
+    await store.fetchBoards()
+
+    expect(store.setSelectedBoard('project-a')).toBe('project-a')
+    expect(window.localStorage.getItem(KANBAN_SELECTED_BOARD_STORAGE_KEY)).toBe('project-a')
+
+    expect(store.setSelectedBoard('default')).toBe('default')
+    expect(window.localStorage.getItem(KANBAN_SELECTED_BOARD_STORAGE_KEY)).toBe('default')
+
+    const recovered = store.recoverSelectedBoard('missing-board')
+    expect(recovered).toEqual({ board: 'default', recovered: true })
+    expect(store.selectedBoard).toBe('default')
+    expect(store.boardWarning).toContain('missing-board')
+  })
+
+  it('fetchTasks uses active filters and selected board while updating loading', async () => {
+    mockKanbanApi.listTasks.mockImplementation(
+      () => new Promise(resolve => setTimeout(() => resolve([{ id: 'task-1', status: 'todo' }]), 0))
+    )
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('project-a')
+    store.setFilter('status', 'blocked')
+    store.setFilter('assignee', 'alice')
+    const promise = store.fetchTasks()
+
+    expect(store.loading).toBe(true)
+    await promise
+
+    expect(mockKanbanApi.listTasks).toHaveBeenCalledWith({ board: 'project-a', status: 'blocked', assignee: 'alice', includeArchived: true })
+    expect(store.tasks).toEqual([{ id: 'task-1', status: 'todo' }])
+    expect(store.loading).toBe(false)
+  })
+
+  it('create and status actions pass selected board, update local task state, and refresh board counts', async () => {
+    mockKanbanApi.createTask.mockResolvedValue({ id: 'task-2', status: 'todo', assignee: null })
+    mockKanbanApi.completeTasks.mockResolvedValue({ ok: true })
+    mockKanbanApi.blockTask.mockResolvedValue({ ok: true })
+    mockKanbanApi.unblockTasks.mockResolvedValue({ ok: true })
+    mockKanbanApi.assignTask.mockResolvedValue({ ok: true })
+    mockKanbanApi.getStats.mockResolvedValue({ total: 2, by_status: { done: 1 }, by_assignee: {} })
+    mockKanbanApi.getAssignees.mockResolvedValue([{ name: 'bob', on_disk: true, counts: { ready: 1 } }])
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('project-a')
+    store.tasks = [{ id: 'task-1', status: 'running', assignee: null }] as any
+
+    await store.createTask({ title: 'Ship' })
+    await store.completeTasks(['task-1'], 'done')
+    await store.blockTask('task-2', 'waiting')
+    await store.unblockTasks(['task-2'])
+    await store.assignTask('task-2', 'bob')
+
+    expect(mockKanbanApi.createTask).toHaveBeenCalledWith({ title: 'Ship' }, { board: 'project-a' })
+    expect(mockKanbanApi.completeTasks).toHaveBeenCalledWith(['task-1'], 'done', { board: 'project-a' })
+    expect(mockKanbanApi.blockTask).toHaveBeenCalledWith('task-2', 'waiting', { board: 'project-a' })
+    expect(mockKanbanApi.unblockTasks).toHaveBeenCalledWith(['task-2'], { board: 'project-a' })
+    expect(mockKanbanApi.assignTask).toHaveBeenCalledWith('task-2', 'bob', { board: 'project-a' })
+    expect(mockKanbanApi.listBoards).toHaveBeenCalledTimes(4)
+    expect(mockKanbanApi.getAssignees).toHaveBeenCalledWith({ board: 'project-a' })
+    expect(store.tasks[0]).toMatchObject({ id: 'task-2', status: 'ready', assignee: 'bob' })
+    expect(store.tasks[1]).toMatchObject({ id: 'task-1', status: 'done' })
+  })
+
+  it('uses capability metadata before calling parity APIs', async () => {
+    mockKanbanApi.getCapabilities.mockResolvedValue({
+      source: 'hermes-cli',
+      supports: { commentsWrite: true, dispatch: false },
+      missing: ['dispatch'],
+    })
+    mockKanbanApi.addComment.mockResolvedValue({ ok: true })
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('project-a')
+    await store.fetchCapabilities()
+
+    expect(store.isCapabilitySupported('commentsWrite')).toBe(true)
+    expect(store.isCapabilitySupported('dispatch')).toBe(false)
+    await store.addComment('task-1', 'needs review', 'han')
+    await expect(store.dispatch({ dryRun: true })).rejects.toThrow('dispatch')
+
+    expect(mockKanbanApi.addComment).toHaveBeenCalledWith('task-1', { body: 'needs review', author: 'han' }, { board: 'project-a' })
+    expect(mockKanbanApi.dispatch).not.toHaveBeenCalled()
+  })
+
+  it('passes selected board to link and partial bulk parity actions', async () => {
+    mockKanbanApi.getCapabilities.mockResolvedValue({
+      source: 'hermes-cli',
+      supports: { links: true, bulk: false },
+      missing: ['bulk'],
+      capabilities: [
+        { key: 'links', status: 'supported', requiresBoard: true },
+        { key: 'bulk', status: 'partial', requiresBoard: true },
+      ],
+    })
+    mockKanbanApi.linkTasks.mockResolvedValue({ ok: true })
+    mockKanbanApi.unlinkTasks.mockResolvedValue({ ok: true })
+    mockKanbanApi.bulkUpdateTasks.mockResolvedValue({ results: [{ id: 'task-1', ok: true }] })
+    mockKanbanApi.listTasks.mockResolvedValue([])
+    mockKanbanApi.getStats.mockResolvedValue({ total: 0, by_status: {}, by_assignee: {} })
+    mockKanbanApi.getAssignees.mockResolvedValue([])
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('project-a')
+    await store.fetchCapabilities()
+
+    await store.linkTasks('task-1', 'task-2')
+    await store.unlinkTasks('task-1', 'task-2')
+    await expect(store.bulkUpdateTasks({ ids: ['task-1'], status: 'done', assignee: null, summary: 'closed' })).resolves.toEqual({ results: [{ id: 'task-1', ok: true }] })
+
+    expect(mockKanbanApi.linkTasks).toHaveBeenCalledWith({ parent_id: 'task-1', child_id: 'task-2' }, { board: 'project-a' })
+    expect(mockKanbanApi.unlinkTasks).toHaveBeenCalledWith({ parent_id: 'task-1', child_id: 'task-2' }, { board: 'project-a' })
+    expect(mockKanbanApi.bulkUpdateTasks).toHaveBeenCalledWith({ ids: ['task-1'], status: 'done', assignee: null, summary: 'closed' }, { board: 'project-a' })
+    expect(mockKanbanApi.listTasks).toHaveBeenCalledWith({ board: 'project-a', status: undefined, assignee: undefined, includeArchived: true })
+  })
+
+  it('opens board-scoped event streams, refreshes on events, and reconnects on board switch', async () => {
+    vi.useFakeTimers()
+    const socketA = { close: vi.fn(), onmessage: null as ((event: { data: string }) => void) | null, onclose: null, onerror: null }
+    const socketB = { close: vi.fn(), onmessage: null as ((event: { data: string }) => void) | null, onclose: null, onerror: null }
+    mockKanbanApi.openKanbanEventStream
+      .mockReturnValueOnce(socketA)
+      .mockReturnValueOnce(socketB)
+    mockKanbanApi.getCapabilities.mockResolvedValue({
+      source: 'hermes-cli',
+      supports: {},
+      missing: [],
+      capabilities: [{ key: 'events', status: 'partial', requiresBoard: true }],
+    })
+    mockKanbanApi.listTasks.mockResolvedValue([])
+    mockKanbanApi.getStats.mockResolvedValue({ total: 0, by_status: {}, by_assignee: {} })
+    mockKanbanApi.getAssignees.mockResolvedValue([])
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('project-a')
+    await store.fetchCapabilities()
+
+    expect(store.startEventStream()).toBe(true)
+    expect(mockKanbanApi.openKanbanEventStream).toHaveBeenCalledWith({ board: 'project-a' })
+
+    socketA.onmessage?.({ data: JSON.stringify({ type: 'event', line: 'changed' }) })
+    await vi.advanceTimersByTimeAsync(100)
+    expect(mockKanbanApi.listTasks).toHaveBeenCalledWith({ board: 'project-a', status: undefined, assignee: undefined, includeArchived: true })
+    expect(mockKanbanApi.getStats).toHaveBeenCalledWith({ board: 'project-a' })
+    expect(mockKanbanApi.getAssignees).toHaveBeenCalledWith({ board: 'project-a' })
+
+    store.setSelectedBoard('default')
+    expect(socketA.close).toHaveBeenCalled()
+    expect(mockKanbanApi.openKanbanEventStream).toHaveBeenLastCalledWith({ board: 'default' })
+    store.stopEventStream()
+    expect(socketB.close).toHaveBeenCalled()
+    vi.useRealTimers()
+  })
+
+  it('passes selected board to parity actions and refreshes affected board state', async () => {
+    mockKanbanApi.getCapabilities.mockResolvedValue({
+      source: 'hermes-cli',
+      supports: { taskLog: true, diagnostics: true, reclaim: true, reassign: true, specify: true, dispatch: true },
+      missing: [],
+    })
+    mockKanbanApi.getTaskLog.mockResolvedValue({ task_id: 'task-1', path: null, exists: true, size_bytes: 10, content: 'worker log', truncated: false })
+    mockKanbanApi.getDiagnostics.mockResolvedValue([{ task_id: 'task-1' }])
+    mockKanbanApi.reclaimTask.mockResolvedValue({ ok: true })
+    mockKanbanApi.reassignTask.mockResolvedValue({ ok: true })
+    mockKanbanApi.specifyTask.mockResolvedValue([{ task_id: 'task-1' }])
+    mockKanbanApi.dispatch.mockResolvedValue({ spawned: 1 })
+    mockKanbanApi.getStats.mockResolvedValue({ total: 1, by_status: {}, by_assignee: {} })
+    mockKanbanApi.getAssignees.mockResolvedValue([{ name: 'bob', on_disk: true, counts: {} }])
+    mockKanbanApi.listTasks.mockResolvedValue([{ id: 'task-1', assignee: 'bob' }])
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('project-a')
+    store.tasks = [{ id: 'task-1', status: 'running', assignee: 'alice' }] as any
+    await store.fetchCapabilities()
+
+    await expect(store.getTaskLog('task-1', 4000)).resolves.toEqual({ task_id: 'task-1', path: null, exists: true, size_bytes: 10, content: 'worker log', truncated: false })
+    await expect(store.getDiagnostics({ task: 'task-1', severity: 'warning' })).resolves.toEqual([{ task_id: 'task-1' }])
+    await store.reclaimTask('task-1', 'stale')
+    await store.reassignTask('task-1', 'bob', { reclaim: true, reason: 'handoff' })
+    await expect(store.specifyTask('task-1', 'han')).resolves.toEqual([{ task_id: 'task-1' }])
+    await expect(store.dispatch({ dryRun: true, max: 2, failureLimit: 3 })).resolves.toEqual({ spawned: 1 })
+
+    expect(mockKanbanApi.getTaskLog).toHaveBeenCalledWith('task-1', { board: 'project-a', tail: 4000 })
+    expect(mockKanbanApi.getDiagnostics).toHaveBeenCalledWith({ board: 'project-a', task: 'task-1', severity: 'warning' })
+    expect(mockKanbanApi.reclaimTask).toHaveBeenCalledWith('task-1', { board: 'project-a', reason: 'stale' })
+    expect(mockKanbanApi.reassignTask).toHaveBeenCalledWith('task-1', 'bob', { board: 'project-a', reclaim: true, reason: 'handoff' })
+    expect(mockKanbanApi.specifyTask).toHaveBeenCalledWith('task-1', { board: 'project-a', author: 'han' })
+    expect(mockKanbanApi.dispatch).toHaveBeenCalledWith({ board: 'project-a', dryRun: true, max: 2, failureLimit: 3 })
+    expect(store.tasks[0]).toMatchObject({ id: 'task-1', assignee: 'bob' })
+  })
+
+  it('creates and archives boards without relying on CLI current board', async () => {
+    mockKanbanApi.listBoards.mockResolvedValue([
+      { slug: 'default', name: 'Default', archived: false, counts: {}, total: 0 },
+      { slug: 'new-board', name: 'New Board', archived: false, counts: {}, total: 0 },
+    ])
+    mockKanbanApi.createBoard.mockResolvedValue({ slug: 'new-board', name: 'New Board', archived: false, counts: {}, total: 0 })
+    mockKanbanApi.archiveBoard.mockResolvedValue({ ok: true })
+    mockKanbanApi.listTasks.mockResolvedValue([])
+    mockKanbanApi.getStats.mockResolvedValue({ total: 0, by_status: {}, by_assignee: {} })
+    mockKanbanApi.getAssignees.mockResolvedValue([])
+
+    const store = useKanbanStore()
+    await store.createBoard({ slug: 'new-board', name: 'New Board' })
+    expect(mockKanbanApi.createBoard).toHaveBeenCalledWith({ slug: 'new-board', name: 'New Board' })
+    expect(store.selectedBoard).toBe('new-board')
+
+    await store.archiveSelectedBoard()
+    expect(mockKanbanApi.archiveBoard).toHaveBeenCalledWith('new-board')
+    expect(store.selectedBoard).toBe('default')
+  })
+
+  it('refreshAll loads boards, tasks, stats, and assignees for the same board', async () => {
+    mockKanbanApi.listTasks.mockResolvedValue([{ id: 'task-1' }])
+    mockKanbanApi.getStats.mockResolvedValue({ total: 1, by_status: {}, by_assignee: {} })
+    mockKanbanApi.getAssignees.mockResolvedValue([{ name: 'alice', on_disk: true, counts: { todo: 1 } }])
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('project-a')
+    await store.refreshAll()
+
+    expect(mockKanbanApi.listTasks).toHaveBeenCalledWith({ board: 'project-a', status: undefined, assignee: undefined, includeArchived: true })
+    expect(mockKanbanApi.getStats).toHaveBeenCalledWith({ board: 'project-a' })
+    expect(mockKanbanApi.getAssignees).toHaveBeenCalledWith({ board: 'project-a' })
+    expect(mockKanbanApi.listBoards).toHaveBeenCalledWith({ includeArchived: false })
+    expect(store.tasks).toEqual([{ id: 'task-1' }])
+    expect(store.stats).toEqual({ total: 1, by_status: {}, by_assignee: {} })
+    expect(store.assignees).toEqual([{ name: 'alice', on_disk: true, counts: { todo: 1 } }])
+  })
+
+  it('ignores stale board-list responses after a newer request', async () => {
+    let resolveSlowBoards: (value: unknown) => void = () => {}
+    mockKanbanApi.listBoards
+      .mockImplementationOnce(() => new Promise(resolve => { resolveSlowBoards = resolve }))
+      .mockResolvedValueOnce([
+        { slug: 'default', name: 'Default', archived: false, counts: {}, total: 0 },
+        { slug: 'project-a', name: 'Project A', archived: false, counts: { todo: 2 }, total: 2 },
+      ])
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('project-a')
+    const slowFetch = store.fetchBoards()
+    await store.fetchBoards()
+    resolveSlowBoards([{ slug: 'default', name: 'Default', archived: false, counts: {}, total: 0 }])
+    await slowFetch
+
+    expect(store.selectedBoard).toBe('project-a')
+    expect(store.activeBoards).toEqual(expect.arrayContaining([
+      expect.objectContaining({ slug: 'project-a', total: 2 }),
+    ]))
+  })
+
+  it('ignores stale same-board fetch responses after a newer request', async () => {
+    let resolveSlow: (value: unknown) => void = () => {}
+    mockKanbanApi.listTasks
+      .mockImplementationOnce(() => new Promise(resolve => { resolveSlow = resolve }))
+      .mockResolvedValueOnce([{ id: 'new-filter-task' }])
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('project-a')
+    const slowFetch = store.fetchTasks()
+    await store.fetchTasks()
+    resolveSlow([{ id: 'old-filter-task' }])
+    await slowFetch
+
+    expect(store.tasks).toEqual([{ id: 'new-filter-task' }])
+  })
+
+  it('does not leave loading stuck when a silent fetch supersedes a visible fetch', async () => {
+    let resolveVisible: (value: unknown) => void = () => {}
+    mockKanbanApi.listTasks
+      .mockImplementationOnce(() => new Promise(resolve => { resolveVisible = resolve }))
+      .mockResolvedValueOnce([{ id: 'silent-task' }])
+
+    const store = useKanbanStore()
+    const visibleFetch = store.fetchTasks()
+    expect(store.loading).toBe(true)
+    await store.fetchTasks(true)
+    resolveVisible([{ id: 'visible-task' }])
+    await visibleFetch
+
+    expect(store.tasks).toEqual([{ id: 'silent-task' }])
+    expect(store.loading).toBe(false)
+  })
+
+  it('ignores stale fetch responses after a board switch', async () => {
+    let resolveSlow: (value: unknown) => void = () => {}
+    mockKanbanApi.listTasks
+      .mockImplementationOnce(() => new Promise(resolve => { resolveSlow = resolve }))
+      .mockResolvedValueOnce([{ id: 'new-board-task' }])
+
+    const store = useKanbanStore()
+    store.setSelectedBoard('default')
+    const slowFetch = store.fetchTasks()
+    store.setSelectedBoard('project-a')
+    await store.fetchTasks()
+    resolveSlow([{ id: 'old-board-task' }])
+    await slowFetch
+
+    expect(store.tasks).toEqual([{ id: 'new-board-task' }])
+  })
+})
diff --git a/tests/client/kanban-task-card.test.ts b/tests/client/kanban-task-card.test.ts
new file mode 100644
index 0000000..95c516f
--- /dev/null
+++ b/tests/client/kanban-task-card.test.ts
@@ -0,0 +1,80 @@
+// @vitest-environment jsdom
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import { defineComponent } from 'vue'
+import { mount } from '@vue/test-utils'
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string, params?: Record<string, number>) => {
+      if (key === 'kanban.card.timeAgo.justNow') return '刚刚'
+      if (key === 'kanban.card.timeAgo.minutes') return `${params?.count}分钟前`
+      if (key === 'kanban.card.timeAgo.hours') return `${params?.count}小时前`
+      if (key === 'kanban.card.timeAgo.days') return `${params?.count}天前`
+      if (key === 'kanban.card.priority.high') return '高'
+      if (key === 'kanban.card.priority.medium') return '中'
+      if (key === 'kanban.card.priority.low') return '低'
+      if (key === 'kanban.card.assigneeTooltip') return '负责人'
+      return key
+    },
+  }),
+}))
+
+vi.mock('naive-ui', () => ({
+  NTooltip: defineComponent({
+    name: 'NTooltip',
+    template: '<div class="n-tooltip-stub"><slot name="trigger" /><div class="tooltip-content"><slot /></div></div>',
+  }),
+}))
+
+vi.mock('@/components/hermes/profiles/ProfileAvatar.vue', () => ({
+  default: defineComponent({
+    name: 'ProfileAvatar',
+    props: { name: { type: String, required: true }, avatar: { type: Object, required: false }, size: { type: Number, required: false } },
+    template: '<span class="assignee-profile-avatar-stub" :data-name="name" :data-avatar-type="avatar?.type || null" :data-avatar-seed="avatar?.seed || null"></span>',
+  }),
+}))
+
+import KanbanTaskCard from '@/components/hermes/kanban/KanbanTaskCard.vue'
+
+describe('KanbanTaskCard i18n', () => {
+  afterEach(() => {
+    vi.useRealTimers()
+  })
+
+  it('renders localized priority, tooltip, and relative time', () => {
+    vi.useFakeTimers()
+    vi.setSystemTime(new Date('2026-05-08T03:00:00Z'))
+
+    const wrapper = mount(KanbanTaskCard, {
+      props: {
+        assigneeAvatar: { type: 'generated', seed: 'alice-seed' },
+        task: {
+          id: 'task-1',
+          title: 'Ship kanban i18n',
+          body: 'Body preview content',
+          assignee: 'alice',
+          status: 'todo',
+          priority: 3,
+          created_by: null,
+          created_at: Math.floor(new Date('2026-05-08T02:58:00Z').getTime() / 1000),
+          started_at: null,
+          completed_at: null,
+          workspace_kind: 'local',
+          workspace_path: null,
+          tenant: null,
+          result: null,
+          skills: null,
+        },
+      },
+    })
+
+    expect(wrapper.text()).toContain('高')
+    expect(wrapper.text()).toContain('2分钟前')
+    expect(wrapper.text()).toContain('负责人')
+    expect(wrapper.classes()).toContain('status-todo')
+    const avatar = wrapper.find('.assignee-profile-avatar-stub')
+    expect(avatar.attributes('data-name')).toBe('alice')
+    expect(avatar.attributes('data-avatar-type')).toBe('generated')
+    expect(avatar.attributes('data-avatar-seed')).toBe('alice-seed')
+  })
+})
diff --git a/tests/client/kanban-task-drawer.test.ts b/tests/client/kanban-task-drawer.test.ts
new file mode 100644
index 0000000..8b2af31
--- /dev/null
+++ b/tests/client/kanban-task-drawer.test.ts
@@ -0,0 +1,343 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { defineComponent } from 'vue'
+import { mount, flushPromises } from '@vue/test-utils'
+
+const mockGetTask = vi.hoisted(() => vi.fn())
+const mockRequest = vi.hoisted(() => vi.fn())
+const mockCompleteTasks = vi.hoisted(() => vi.fn())
+const mockBlockTask = vi.hoisted(() => vi.fn())
+const mockUnblockTasks = vi.hoisted(() => vi.fn())
+const mockAssignTask = vi.hoisted(() => vi.fn())
+const mockRouterPush = vi.hoisted(() => vi.fn())
+const mockUseMessage = vi.hoisted(() => vi.fn(() => ({
+  success: vi.fn(),
+  error: vi.fn(),
+})))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('vue-router', () => ({
+  useRouter: () => ({
+    push: mockRouterPush,
+  }),
+}))
+
+vi.mock('@/api/client', () => ({
+  request: mockRequest,
+}))
+
+vi.mock('@/api/hermes/kanban', () => ({
+  getTask: mockGetTask,
+}))
+
+vi.mock('@/stores/hermes/kanban', () => ({
+  useKanbanStore: () => ({
+    selectedBoard: 'project-a',
+    assignees: [{ name: 'alice', counts: { todo: 1 } }, { name: 'bob', counts: { ready: 1 } }],
+    completeTasks: mockCompleteTasks,
+    blockTask: mockBlockTask,
+    unblockTasks: mockUnblockTasks,
+    assignTask: mockAssignTask,
+  }),
+}))
+
+vi.mock('@/components/hermes/chat/HistoryMessageList.vue', () => ({
+  default: defineComponent({
+    name: 'HistoryMessageList',
+    props: { session: { type: Object, required: false } },
+    template: '<div class="history-message-list-stub">{{ session ? session.id : "none" }}</div>',
+  }),
+}))
+
+vi.mock('naive-ui', () => ({
+  NDrawer: defineComponent({
+    name: 'NDrawer',
+    props: { show: { type: Boolean, required: false } },
+    emits: ['update:show'],
+    template: '<div class="n-drawer-stub"><slot /></div>',
+  }),
+  NDrawerContent: defineComponent({
+    name: 'NDrawerContent',
+    props: { title: { type: String, required: false }, closable: { type: Boolean, required: false } },
+    template: '<div class="n-drawer-content-stub"><slot /></div>',
+  }),
+  NButton: defineComponent({
+    name: 'NButton',
+    emits: ['click'],
+    template: '<button class="n-button-stub" @click="$emit(\'click\')"><slot /></button>',
+  }),
+  NSelect: defineComponent({
+    name: 'NSelect',
+    props: { value: { required: false }, options: { type: Array, default: () => [] } },
+    emits: ['update:value'],
+    template: '<select class="n-select-stub" @change="$emit(\'update:value\', $event.target.value || null)"><option value=""></option><option v-for="option in options" :key="option.value" :value="option.value">{{ option.label }}</option></select>',
+  }),
+  NInput: defineComponent({
+    name: 'NInput',
+    props: { value: { required: false }, size: { type: String, required: false }, placeholder: { type: String, required: false } },
+    emits: ['update:value'],
+    template: '<input class="n-input-stub" :value="value" @input="$emit(\'update:value\', $event.target.value)" />',
+  }),
+  NSpin: defineComponent({
+    name: 'NSpin',
+    template: '<div class="n-spin-stub"><slot /></div>',
+  }),
+  NModal: defineComponent({
+    name: 'NModal',
+    props: { show: { type: Boolean, required: false }, title: { type: String, required: false } },
+    emits: ['close'],
+    template: '<div v-if="show" class="n-modal-stub" :data-title="title"><slot /></div>',
+  }),
+  useMessage: mockUseMessage,
+}))
+
+import KanbanTaskDrawer from '@/components/hermes/kanban/KanbanTaskDrawer.vue'
+
+describe('KanbanTaskDrawer', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mockRequest.mockResolvedValue({ results: [] })
+    mockCompleteTasks.mockResolvedValue(undefined)
+    mockBlockTask.mockResolvedValue(undefined)
+    mockUnblockTasks.mockResolvedValue(undefined)
+    mockAssignTask.mockResolvedValue(undefined)
+    mockGetTask.mockResolvedValue({
+      task: {
+        id: 'task-1',
+        title: 'Ship kanban',
+        body: 'Implement feature',
+        assignee: 'alice',
+        status: 'done',
+        priority: 2,
+        created_at: 100,
+        started_at: 110,
+        completed_at: 120,
+        tenant: null,
+        result: 'Done summary',
+      },
+      latest_summary: 'Done summary',
+      comments: [],
+      events: [],
+      runs: [{ id: 1, profile: 'alice', status: 'done', started_at: 110, ended_at: 120 }],
+      session: {
+        id: 'session-1',
+        title: 'Hermes session',
+        source: 'codex',
+        model: 'gpt-5.5',
+        started_at: 110,
+        ended_at: 120,
+        messages: [
+          { id: 'm1', role: 'user', content: 'hello', timestamp: 111 },
+          { id: 'm2', role: 'assistant', content: 'world', timestamp: 112 },
+          { id: 'm3', role: 'tool', content: 'ignore', timestamp: 113 },
+        ],
+      },
+    })
+  })
+
+  it('renders completed-result messages through HistoryMessageList', async () => {
+    const wrapper = mount(KanbanTaskDrawer, {
+      props: { taskId: 'task-1' },
+    })
+
+    await flushPromises()
+
+    await wrapper.find('.result-summary').trigger('click')
+    await flushPromises()
+
+    const modal = wrapper.find('.n-modal-stub')
+    expect(modal.exists()).toBe(true)
+    expect(modal.attributes('data-title')).toBe('Ship kanban')
+
+    const history = wrapper.find('.history-message-list-stub')
+    expect(history.exists()).toBe(true)
+    expect(history.text()).toBe('session-1')
+
+    const sessionProp = wrapper.getComponent({ name: 'HistoryMessageList' }).props('session') as any
+    expect(sessionProp.messages).toEqual([
+      { id: 'm1', role: 'user', content: 'hello', timestamp: 111 },
+      { id: 'm2', role: 'assistant', content: 'world', timestamp: 112 },
+    ])
+  })
+
+  it('uses the latest run profile when searching related sessions', async () => {
+    mockGetTask.mockResolvedValueOnce({
+      task: {
+        id: 'task-2',
+        title: 'Retry task',
+        body: null,
+        assignee: 'bob',
+        status: 'running',
+        priority: 2,
+        created_at: 100,
+        started_at: 110,
+        completed_at: null,
+        tenant: null,
+        result: null,
+      },
+      latest_summary: null,
+      comments: [],
+      events: [],
+      runs: [
+        { id: 1, profile: 'stale', status: 'failed', started_at: 110, ended_at: 120 },
+        { id: 2, profile: 'fresh', status: 'running', started_at: 130, ended_at: null },
+      ],
+    })
+    mockRequest.mockResolvedValueOnce({
+      results: [{ id: 'session-2', title: 'Found session', source: 'codex', model: 'gpt-5.5', started_at: 130 }],
+    })
+
+    const wrapper = mount(KanbanTaskDrawer, { props: { taskId: 'task-2' } })
+    await flushPromises()
+
+    const sessionsTitle = wrapper.findAll('.section-title').find(node => node.text() === 'kanban.detail.sessions')
+    await sessionsTitle?.trigger('click')
+    await flushPromises()
+
+    expect(mockRequest).toHaveBeenCalledWith('/api/hermes/kanban/search-sessions?task_id=task-2&profile=fresh&board=project-a')
+    await wrapper.find('.session-item').trigger('click')
+    expect(mockRouterPush).toHaveBeenCalledWith({ name: 'hermes.chat', query: { session: 'session-2' } })
+  })
+
+  it('does not expose mutation actions for archived tasks', async () => {
+    mockGetTask.mockResolvedValueOnce({
+      task: {
+        id: 'task-archived',
+        title: 'Archived task',
+        body: null,
+        assignee: 'alice',
+        status: 'archived',
+        priority: 1,
+        created_at: 100,
+        started_at: 110,
+        completed_at: 120,
+        tenant: null,
+        result: 'Archived summary',
+      },
+      latest_summary: 'Archived summary',
+      comments: [],
+      events: [],
+      runs: [],
+    })
+
+    const wrapper = mount(KanbanTaskDrawer, { props: { taskId: 'task-archived' } })
+    await flushPromises()
+
+    expect(wrapper.text()).not.toContain('kanban.action.complete')
+    expect(wrapper.text()).not.toContain('kanban.action.block')
+    expect(wrapper.text()).not.toContain('kanban.action.assign')
+  })
+
+  it('executes complete, block, unblock, and assign actions', async () => {
+    mockGetTask.mockResolvedValueOnce({
+      task: {
+        id: 'task-0',
+        title: 'Todo task',
+        body: null,
+        assignee: null,
+        status: 'todo',
+        priority: 1,
+        created_at: 100,
+        started_at: null,
+        completed_at: null,
+        tenant: null,
+        result: null,
+      },
+      latest_summary: null,
+      comments: [],
+      events: [],
+      runs: [],
+    })
+    const wrapper = mount(KanbanTaskDrawer, {
+      props: { taskId: 'task-0' },
+    })
+    await flushPromises()
+
+    const buttons = wrapper.findAll('.n-button-stub')
+    await buttons.find(node => node.text() === 'kanban.action.complete')?.trigger('click')
+    await wrapper.find('.n-input-stub').setValue('done summary')
+    await wrapper.findAll('.n-button-stub').find(node => node.text() === 'common.ok')?.trigger('click')
+    await flushPromises()
+    expect(mockCompleteTasks).toHaveBeenCalledWith(['task-0'], 'done summary')
+
+    mockGetTask.mockResolvedValueOnce({
+      task: {
+        id: 'task-3',
+        title: 'Blocked task',
+        body: null,
+        assignee: 'alice',
+        status: 'blocked',
+        priority: 1,
+        created_at: 100,
+        started_at: null,
+        completed_at: null,
+        tenant: null,
+        result: null,
+      },
+      latest_summary: null,
+      comments: [],
+      events: [],
+      runs: [],
+    })
+    await wrapper.setProps({ taskId: 'task-3' })
+    await flushPromises()
+    await wrapper.findAll('.n-button-stub').find(node => node.text() === 'kanban.action.unblock')?.trigger('click')
+    expect(mockUnblockTasks).toHaveBeenCalledWith(['task-3'])
+
+    mockGetTask.mockResolvedValueOnce({
+      task: {
+        id: 'task-4',
+        title: 'Todo task',
+        body: null,
+        assignee: null,
+        status: 'todo',
+        priority: 1,
+        created_at: 100,
+        started_at: null,
+        completed_at: null,
+        tenant: null,
+        result: null,
+      },
+      latest_summary: null,
+      comments: [],
+      events: [],
+      runs: [],
+    })
+    mockGetTask.mockResolvedValueOnce({
+      task: {
+        id: 'task-4',
+        title: 'Todo task',
+        body: null,
+        assignee: 'bob',
+        status: 'todo',
+        priority: 1,
+        created_at: 100,
+        started_at: null,
+        completed_at: null,
+        tenant: null,
+        result: null,
+      },
+      latest_summary: null,
+      comments: [],
+      events: [],
+      runs: [],
+    })
+    await wrapper.setProps({ taskId: 'task-4' })
+    await flushPromises()
+    await wrapper.findAll('.n-button-stub').find(node => node.text() === 'kanban.action.block')?.trigger('click')
+    await wrapper.find('.n-input-stub').setValue('waiting dependency')
+    await wrapper.findAll('.n-button-stub').find(node => node.text() === 'common.ok')?.trigger('click')
+    expect(mockBlockTask).toHaveBeenCalledWith('task-4', 'waiting dependency')
+
+    const select = wrapper.find('.n-select-stub')
+    await select.setValue('bob')
+    await wrapper.findAll('.n-button-stub').find(node => node.text() === 'kanban.action.assign')?.trigger('click')
+    await flushPromises()
+    expect(mockAssignTask).toHaveBeenCalledWith('task-4', 'bob')
+  })
+})
diff --git a/tests/client/kanban-view.test.ts b/tests/client/kanban-view.test.ts
new file mode 100644
index 0000000..8891542
--- /dev/null
+++ b/tests/client/kanban-view.test.ts
@@ -0,0 +1,307 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { defineComponent } from 'vue'
+import { mount, flushPromises } from '@vue/test-utils'
+
+const routeState = vi.hoisted(() => ({
+  query: { board: 'project-a' } as Record<string, string>,
+}))
+
+const routerReplace = vi.hoisted(() => vi.fn())
+
+const storeState = vi.hoisted(() => ({
+  tasks: [] as Array<{ id: string; title: string; status: string; created_at: number; assignee?: string | null }>,
+  stats: { by_status: { todo: 1, done: 0 }, by_assignee: {}, total: 1 } as Record<string, any>,
+  assignees: [] as Array<{ name: string; counts: Record<string, number> | null }>,
+  activeBoards: [] as Array<{ slug: string; name: string; icon?: string; total?: number }>,
+  loading: false,
+  boardsLoading: false,
+  selectedBoard: 'default',
+  boardWarning: null as string | null,
+  capabilities: null as Record<string, any> | null,
+  filterStatus: null as string | null,
+  filterAssignee: null as string | null,
+}))
+
+const mockFetchBoards = vi.hoisted(() => vi.fn())
+const mockFetchCapabilities = vi.hoisted(() => vi.fn())
+const mockRefreshAll = vi.hoisted(() => vi.fn())
+const mockFetchTasks = vi.hoisted(() => vi.fn())
+const mockFetchStats = vi.hoisted(() => vi.fn())
+const mockSetFilter = vi.hoisted(() => vi.fn())
+const mockRecoverSelectedBoard = vi.hoisted(() => vi.fn())
+const mockCreateBoard = vi.hoisted(() => vi.fn())
+const mockArchiveSelectedBoard = vi.hoisted(() => vi.fn())
+const mockStartEventStream = vi.hoisted(() => vi.fn())
+const mockStopEventStream = vi.hoisted(() => vi.fn())
+const mockFetchProfiles = vi.hoisted(() => vi.fn())
+const profilesState = vi.hoisted(() => ({
+  profiles: [] as Array<{ name: string; avatar?: Record<string, any> | null }>,
+}))
+
+vi.mock('vue-router', () => ({
+  useRoute: () => routeState,
+  useRouter: () => ({ replace: routerReplace }),
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('@/stores/hermes/kanban', () => ({
+  DEFAULT_KANBAN_BOARD: 'default',
+  useKanbanStore: () => ({
+    ...storeState,
+    fetchBoards: mockFetchBoards,
+    fetchCapabilities: mockFetchCapabilities,
+    refreshAll: mockRefreshAll,
+    fetchTasks: mockFetchTasks,
+    fetchStats: mockFetchStats,
+    setFilter: mockSetFilter,
+    recoverSelectedBoard: mockRecoverSelectedBoard,
+    createBoard: mockCreateBoard,
+    archiveSelectedBoard: mockArchiveSelectedBoard,
+    startEventStream: mockStartEventStream,
+    stopEventStream: mockStopEventStream,
+  }),
+}))
+
+vi.mock('@/stores/hermes/profiles', () => ({
+  useProfilesStore: () => ({
+    profiles: profilesState.profiles,
+    fetchProfiles: mockFetchProfiles,
+  }),
+}))
+
+vi.mock('@/components/hermes/kanban/KanbanTaskCard.vue', () => ({
+  default: defineComponent({
+    name: 'KanbanTaskCard',
+    props: { task: { type: Object, required: true }, assigneeAvatar: { type: Object, required: false } },
+    template: '<div class="kanban-task-card-stub" :data-avatar-seed="assigneeAvatar?.seed || null">{{ task.title }}</div>',
+  }),
+}))
+
+vi.mock('@/components/hermes/kanban/KanbanTaskDrawer.vue', () => ({
+  default: defineComponent({
+    name: 'KanbanTaskDrawer',
+    emits: ['updated', 'close'],
+    template: '<button class="drawer-updated" @click="$emit(\'updated\')">drawer</button>',
+  }),
+}))
+
+vi.mock('@/components/hermes/kanban/KanbanCreateForm.vue', () => ({
+  default: defineComponent({
+    name: 'KanbanCreateForm',
+    emits: ['created', 'close'],
+    template: '<button class="form-created" @click="$emit(\'created\')">form</button>',
+  }),
+}))
+
+vi.mock('naive-ui', () => ({
+  useMessage: () => ({ warning: vi.fn(), error: vi.fn(), success: vi.fn() }),
+  NButton: defineComponent({
+    name: 'NButton',
+    emits: ['click'],
+    template: '<button class="n-button-stub" @click="$emit(\'click\')"><slot /><slot name="icon" /></button>',
+  }),
+  NSelect: defineComponent({
+    name: 'NSelect',
+    props: { value: null, options: { type: Array, default: () => [] }, loading: Boolean },
+    emits: ['update:value'],
+    template: '<button class="n-select-stub" @click="$emit(\'update:value\', options[1]?.value || value)"><span v-for="option in options" :key="option.value">{{ option.label }}</span>{{ value }}</button>',
+  }),
+  NInput: defineComponent({
+    name: 'NInput',
+    props: { value: { type: String, default: '' }, placeholder: { type: String, required: false } },
+    emits: ['update:value'],
+    template: '<input class="n-input-stub" :placeholder="placeholder" :value="value" @input="$emit(\'update:value\', $event.target.value)" />',
+  }),
+  NModal: defineComponent({
+    name: 'NModal',
+    props: { show: Boolean },
+    emits: ['update:show', 'close'],
+    template: '<div v-if="show" class="n-modal-stub"><slot /><slot name="action" /></div>',
+  }),
+  NSpin: defineComponent({
+    name: 'NSpin',
+    template: '<div class="n-spin-stub"><slot /></div>',
+  }),
+  NCollapse: defineComponent({
+    name: 'NCollapse',
+    props: { expandedNames: { type: Array, required: false }, defaultExpandedNames: { type: Array, required: false } },
+    emits: ['update:expandedNames'],
+    template: '<div class="n-collapse-stub" :data-expanded="JSON.stringify(expandedNames ?? null)" :data-default-expanded="JSON.stringify(defaultExpandedNames ?? null)"><slot /></div>',
+  }),
+  NCollapseItem: defineComponent({
+    name: 'NCollapseItem',
+    props: { title: { type: String, required: false }, name: { type: String, required: false } },
+    template: '<section class="n-collapse-item-stub" :data-name="name"><slot /></section>',
+  }),
+}))
+
+import KanbanView from '@/views/hermes/KanbanView.vue'
+
+describe('KanbanView', () => {
+  beforeEach(() => {
+    vi.useFakeTimers()
+    vi.clearAllMocks()
+    routeState.query = { board: 'project-a' }
+    routerReplace.mockResolvedValue(undefined)
+    storeState.tasks = [
+      { id: 'task-1', title: 'Task one', status: 'todo', created_at: 10 },
+      { id: 'task-2', title: 'Task two', status: 'done', created_at: 20 },
+    ]
+    storeState.stats = {
+      by_status: { triage: 0, todo: 1, ready: 0, running: 0, blocked: 0, done: 1, archived: 0 },
+      by_assignee: {},
+      total: 2,
+    }
+    storeState.assignees = []
+    storeState.activeBoards = [
+      { slug: 'default', name: 'Default', total: 0 },
+      { slug: 'project-a', name: 'Project A', total: 2 },
+    ]
+    storeState.loading = false
+    storeState.boardsLoading = false
+    storeState.selectedBoard = 'default'
+    storeState.boardWarning = null
+    storeState.capabilities = null
+    storeState.filterStatus = null
+    storeState.filterAssignee = null
+    profilesState.profiles = []
+    mockFetchBoards.mockResolvedValue(undefined)
+    mockFetchCapabilities.mockResolvedValue(undefined)
+    mockRefreshAll.mockResolvedValue(undefined)
+    mockFetchTasks.mockResolvedValue(undefined)
+    mockFetchStats.mockResolvedValue(undefined)
+    mockFetchProfiles.mockResolvedValue(undefined)
+    mockCreateBoard.mockResolvedValue({ slug: 'new-board' })
+    mockArchiveSelectedBoard.mockResolvedValue(undefined)
+    mockRecoverSelectedBoard.mockImplementation((candidate: string) => {
+      storeState.selectedBoard = candidate || 'default'
+      return { board: storeState.selectedBoard, recovered: false }
+    })
+    mockSetFilter.mockImplementation((key: 'status' | 'assignee', value: string | null) => {
+      if (key === 'status') storeState.filterStatus = value
+      else storeState.filterAssignee = value
+    })
+    Object.defineProperty(document, 'visibilityState', {
+      configurable: true,
+      get: () => 'visible',
+    })
+  })
+
+  it('initializes board from route query and refreshes stats alongside tasks', async () => {
+    const wrapper = mount(KanbanView)
+    await flushPromises()
+
+    expect(mockFetchBoards).toHaveBeenCalledOnce()
+    expect(mockFetchCapabilities).toHaveBeenCalledOnce()
+    expect(mockFetchProfiles).toHaveBeenCalledOnce()
+    expect(mockRecoverSelectedBoard).toHaveBeenCalledWith('project-a')
+    expect(mockRefreshAll).toHaveBeenCalledOnce()
+    expect(routerReplace).not.toHaveBeenCalled()
+    expect(wrapper.find('.n-collapse-stub').attributes('data-expanded')).toBe('["triage","todo","ready","running","blocked","done","archived"]')
+
+    await wrapper.find('.drawer-updated').trigger('click')
+    expect(mockFetchTasks).toHaveBeenCalledTimes(1)
+    expect(mockFetchStats).toHaveBeenCalledTimes(1)
+
+    await vi.advanceTimersByTimeAsync(15000)
+    await flushPromises()
+
+    expect(mockFetchBoards).toHaveBeenCalledTimes(2)
+    expect(mockFetchTasks).toHaveBeenCalledTimes(2)
+    expect(mockFetchStats).toHaveBeenCalledTimes(2)
+  })
+
+  it('renders board count labels and compact assignee profile labels', async () => {
+    storeState.assignees = [{ name: 'alice', counts: { todo: 2, done: 1 } }]
+    const wrapper = mount(KanbanView)
+    await flushPromises()
+
+    expect(wrapper.text()).toContain('kanban.title: Default · kanban.stats.tasks: 0')
+    expect(wrapper.text()).toContain('kanban.title: Project A · kanban.stats.tasks: 2')
+    const assigneeSelect = wrapper.findAll('.n-select-stub')[2]
+    expect(assigneeSelect.text()).toContain('alice')
+    expect(assigneeSelect.text()).not.toContain('default')
+    expect(wrapper.text()).not.toContain('kanban.detail.assignee: alice')
+    expect(wrapper.text()).not.toContain('alice · kanban.stats.tasks')
+  })
+
+  it('passes matching profile avatars to task cards', async () => {
+    storeState.tasks = [{ id: 'task-1', title: 'Task one', status: 'todo', created_at: 10, assignee: 'alice' }]
+    profilesState.profiles = [{ name: 'alice', avatar: { type: 'generated', seed: 'alice-seed' } }]
+
+    const wrapper = mount(KanbanView)
+    await flushPromises()
+
+    expect(wrapper.find('.kanban-task-card-stub').attributes('data-avatar-seed')).toBe('alice-seed')
+  })
+
+  it('filters the visible board columns from stats chips', async () => {
+    storeState.filterStatus = 'done'
+
+    const wrapper = mount(KanbanView)
+    await flushPromises()
+
+    const columns = wrapper.findAll('.n-collapse-item-stub')
+    expect(wrapper.find('.n-collapse-stub').attributes('data-expanded')).toBe('["done"]')
+    expect(columns).toHaveLength(1)
+    expect(columns[0].attributes('data-name')).toBe('done')
+    expect(wrapper.text()).toContain('Task two')
+    expect(wrapper.text()).not.toContain('Task one')
+
+    await wrapper.find('.stat-chip.todo').trigger('click')
+    await flushPromises()
+
+    expect(mockSetFilter).toHaveBeenCalledWith('status', 'todo')
+    expect(mockFetchTasks).toHaveBeenCalledTimes(1)
+
+    await wrapper.find('.stat-chip.total').trigger('click')
+    await flushPromises()
+
+    expect(mockSetFilter).toHaveBeenCalledWith('status', null)
+    expect(mockFetchTasks).toHaveBeenCalledTimes(2)
+  })
+
+  it('creates and archives boards from the board toolbar', async () => {
+    storeState.selectedBoard = 'project-a'
+    const wrapper = mount(KanbanView)
+    await flushPromises()
+
+    await wrapper.findAll('.n-button-stub')[0].trigger('click')
+    await flushPromises()
+    const inputs = wrapper.findAll('.n-input-stub')
+    await inputs[0].setValue('new-board')
+    await inputs[1].setValue('New Board')
+    await wrapper.findAll('.n-button-stub').at(-1)!.trigger('click')
+    await flushPromises()
+
+    expect(mockCreateBoard).toHaveBeenCalledWith({ slug: 'new-board', name: 'New Board' })
+    expect(routerReplace).toHaveBeenCalledWith({ query: { board: 'new-board' } })
+
+    vi.spyOn(window, 'confirm').mockReturnValueOnce(true)
+    await wrapper.findAll('.n-button-stub')[1].trigger('click')
+    await flushPromises()
+
+    expect(mockArchiveSelectedBoard).toHaveBeenCalled()
+    expect(routerReplace).toHaveBeenCalledWith({ query: { board: 'default' } })
+  })
+
+  it('makes default board explicit when route query is absent', async () => {
+    routeState.query = {}
+    mockRecoverSelectedBoard.mockImplementation(() => {
+      storeState.selectedBoard = 'default'
+      return { board: 'default', recovered: false }
+    })
+
+    mount(KanbanView)
+    await flushPromises()
+
+    expect(routerReplace).toHaveBeenCalledWith({ query: { board: 'default' } })
+    expect(mockRefreshAll).toHaveBeenCalledOnce()
+  })
+})
diff --git a/tests/client/login-view.test.ts b/tests/client/login-view.test.ts
new file mode 100644
index 0000000..fab2e98
--- /dev/null
+++ b/tests/client/login-view.test.ts
@@ -0,0 +1,97 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+
+const mockReplace = vi.hoisted(() => vi.fn())
+const mockFetchAuthStatus = vi.hoisted(() => vi.fn())
+const mockLoginWithPassword = vi.hoisted(() => vi.fn())
+const mockSetApiKey = vi.hoisted(() => vi.fn())
+const mockHasApiKey = vi.hoisted(() => vi.fn())
+
+vi.mock('vue-router', () => ({
+  useRouter: () => ({
+    replace: mockReplace,
+  }),
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('@/api/client', () => ({
+  setApiKey: mockSetApiKey,
+  hasApiKey: mockHasApiKey,
+}))
+
+vi.mock('@/api/auth', () => ({
+  fetchAuthStatus: mockFetchAuthStatus,
+  loginWithPassword: mockLoginWithPassword,
+}))
+
+import LoginView from '@/views/LoginView.vue'
+
+describe('LoginView password login', () => {
+  beforeEach(() => {
+    delete (window as any).__LOGIN_TOKEN__
+    vi.clearAllMocks()
+    mockHasApiKey.mockReturnValue(false)
+    mockFetchAuthStatus.mockResolvedValue({ hasPasswordLogin: true, username: 'admin' })
+  })
+
+  it('logs in with username and password', async () => {
+    mockLoginWithPassword.mockResolvedValue('jwt-token')
+    const wrapper = mount(LoginView)
+
+    const inputs = wrapper.findAll('input.login-input')
+    await inputs[0].setValue('admin')
+    await inputs[1].setValue('123456')
+    await wrapper.find('form.login-form').trigger('submit')
+
+    expect(mockLoginWithPassword).toHaveBeenCalledWith('admin', '123456')
+    expect(mockSetApiKey).toHaveBeenCalledWith('jwt-token')
+    expect(mockReplace).toHaveBeenCalledWith('/hermes/chat')
+  })
+
+  it('shows the default login hint', () => {
+    const wrapper = mount(LoginView)
+
+    expect(wrapper.text()).toContain('login.defaultCredentialsHint')
+  })
+
+  it('shows an error when password login fails', async () => {
+    mockLoginWithPassword.mockRejectedValue(new Error('Invalid username or password'))
+    const wrapper = mount(LoginView)
+
+    const inputs = wrapper.findAll('input.login-input')
+    await inputs[0].setValue('admin')
+    await inputs[1].setValue('bad-password')
+    await wrapper.find('form.login-form').trigger('submit')
+
+    expect(wrapper.find('.login-error').text()).toBe('Invalid username or password')
+    expect(mockSetApiKey).not.toHaveBeenCalled()
+    expect(mockReplace).not.toHaveBeenCalled()
+  })
+
+  it('shows the reset command hint when the login IP is locked', async () => {
+    const err: any = new Error('Too many login attempts')
+    err.status = 429
+    mockLoginWithPassword.mockRejectedValue(err)
+    const wrapper = mount(LoginView)
+
+    const inputs = wrapper.findAll('input.login-input')
+    await inputs[0].setValue('admin')
+    await inputs[1].setValue('123456')
+    await wrapper.find('form.login-form').trigger('submit')
+
+    expect(wrapper.find('.login-error').text()).toBe('login.tooManyAttempts')
+    expect(wrapper.find('.login-lock-hint').text()).toContain('login.lockResetHint')
+    expect(wrapper.find('.login-lock-hint').text()).toContain('login.defaultLoginResetHint')
+    const commands = wrapper.findAll('.login-lock-hint code').map(command => command.text())
+    expect(commands).toEqual([
+      'hermes-web-ui clear-login-locks --restart',
+      'hermes-web-ui reset-default-login',
+    ])
+  })
+})
diff --git a/tests/client/markdown-rendering-mermaid-import-timeout.test.ts b/tests/client/markdown-rendering-mermaid-import-timeout.test.ts
new file mode 100644
index 0000000..23a4347
--- /dev/null
+++ b/tests/client/markdown-rendering-mermaid-import-timeout.test.ts
@@ -0,0 +1,67 @@
+// @vitest-environment jsdom
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { nextTick } from 'vue'
+
+vi.mock('mermaid', () => new Promise(() => {}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('naive-ui', () => ({
+  NDrawer: {
+    props: ['show'],
+    template: '<div v-if="show"><slot /></div>',
+  },
+  NDrawerContent: {
+    template: '<section><slot /></section>',
+  },
+  NSpin: {
+    template: '<div><slot /></div>',
+  },
+  useMessage: () => ({
+    error: vi.fn(),
+    success: vi.fn(),
+    warning: vi.fn(),
+    info: vi.fn(),
+  }),
+}))
+
+import MarkdownRenderer from '@/components/hermes/chat/MarkdownRenderer.vue'
+
+async function flushMermaidRender(): Promise<void> {
+  for (let i = 0; i < 16; i += 1) {
+    await nextTick()
+    await Promise.resolve()
+  }
+}
+
+describe('MarkdownRenderer Mermaid import timeout', () => {
+  afterEach(() => {
+    vi.useRealTimers()
+  })
+
+  it('falls back to copyable code when the mermaid dynamic import never settles', async () => {
+    vi.useFakeTimers()
+
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```mermaid\nflowchart TD\nA --> B\n```',
+      },
+    })
+
+    await nextTick()
+    await Promise.resolve()
+    await vi.advanceTimersByTimeAsync(5_001)
+    await flushMermaidRender()
+
+    expect(wrapper.find('.mermaid-loading').exists()).toBe(false)
+    expect(wrapper.find('[data-testid="mermaid-svg"]').exists()).toBe(false)
+    expect(wrapper.find('.hljs-code-block').exists()).toBe(true)
+    expect(wrapper.find('.code-lang').text()).toBe('mermaid')
+    expect(wrapper.find('code.hljs').text()).toContain('flowchart TD')
+  })
+})
diff --git a/tests/client/markdown-rendering.test.ts b/tests/client/markdown-rendering.test.ts
new file mode 100644
index 0000000..28264ee
--- /dev/null
+++ b/tests/client/markdown-rendering.test.ts
@@ -0,0 +1,712 @@
+// @vitest-environment jsdom
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { nextTick } from 'vue'
+
+const mermaidMock = vi.hoisted(() => ({
+  initialize: vi.fn(),
+  render: vi.fn(async (id: string, source: string) => ({
+    svg: `<svg id="${id}" data-testid="mermaid-svg"><text>${source}</text></svg>`,
+  })),
+}))
+
+const downloadApiMock = vi.hoisted(() => ({
+  downloadFile: vi.fn(() => Promise.resolve()),
+  fetchFileText: vi.fn(() => Promise.resolve('preview content')),
+  getDownloadUrl: vi.fn((path: string) => `http://test.local/api/hermes/download?path=${encodeURIComponent(path)}`),
+}))
+
+vi.mock('mermaid', () => ({
+  default: mermaidMock,
+}))
+
+async function flushMermaidRender(): Promise<void> {
+  for (let i = 0; i < 16; i += 1) {
+    await nextTick()
+    await Promise.resolve()
+  }
+}
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('naive-ui', () => ({
+  NDrawer: {
+    props: ['show', 'width'],
+    template: '<div v-if="show" class="n-drawer-stub" :data-width="width"><slot /></div>',
+  },
+  NDrawerContent: {
+    props: {
+      title: { type: String, default: '' },
+      closable: { type: Boolean, default: false },
+      bodyContentStyle: { type: [Object, String], default: undefined },
+    },
+    template: '<section class="n-drawer-content-stub" :data-body-padding="bodyContentStyle && bodyContentStyle.padding"><header class="n-drawer-header-stub">{{ title }}<button v-if="closable" class="n-drawer-close-stub" @click="$emit(\'close\')">x</button></header><slot /></section>',
+  },
+  NSpin: {
+    props: ['show'],
+    template: '<div class="n-spin-stub"><slot /></div>',
+  },
+  useMessage: () => ({
+    error: vi.fn(),
+    success: vi.fn(),
+    warning: vi.fn(),
+    info: vi.fn(),
+  }),
+}))
+
+vi.mock('@/api/hermes/download', () => ({
+  downloadFile: downloadApiMock.downloadFile,
+  fetchFileText: downloadApiMock.fetchFileText,
+  getDownloadUrl: downloadApiMock.getDownloadUrl,
+}))
+
+import MarkdownRenderer from '@/components/hermes/chat/MarkdownRenderer.vue'
+
+describe('MarkdownRenderer', () => {
+  afterEach(() => {
+    vi.useRealTimers()
+  })
+
+  beforeEach(() => {
+    mermaidMock.initialize.mockClear()
+    mermaidMock.render.mockClear()
+    downloadApiMock.downloadFile.mockClear()
+    downloadApiMock.fetchFileText.mockClear()
+    downloadApiMock.getDownloadUrl.mockClear()
+    mermaidMock.render.mockImplementation(async (id: string, source: string) => ({
+      svg: `<svg id="${id}" data-testid="mermaid-svg"><text>${source}</text></svg>`,
+    }))
+    downloadApiMock.downloadFile.mockResolvedValue(undefined)
+    downloadApiMock.fetchFileText.mockResolvedValue('preview content')
+    downloadApiMock.getDownloadUrl.mockImplementation((path: string) => `http://test.local/api/hermes/download?path=${encodeURIComponent(path)}`)
+
+    Object.defineProperty(window, 'isSecureContext', {
+      configurable: true,
+      value: true,
+    })
+    Object.defineProperty(navigator, 'clipboard', {
+      configurable: true,
+      value: {
+        writeText: vi.fn().mockResolvedValue(undefined),
+      },
+    })
+  })
+
+  it('highlights vue fenced blocks instead of rendering them as plain text', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```vue\n<template><div>Hello</div></template>\n```',
+      },
+    })
+
+    expect(wrapper.find('.code-lang').text()).toBe('vue')
+    expect(wrapper.find('code.hljs').html()).toContain('hljs-tag')
+  })
+
+  it('keeps shell-session fences on the shell grammar', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```shell\n$ ls\nfoo.txt\n```',
+      },
+    })
+
+    expect(wrapper.find('.code-lang').text()).toBe('shell')
+    expect(wrapper.find('code.hljs').html()).toContain('hljs-meta')
+  })
+
+  it('still highlights long supported code fences', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: `\`\`\`json\n${JSON.stringify({ content: 'x'.repeat(2500), ok: true })}\n\`\`\``,
+      },
+    })
+
+    expect(wrapper.find('.code-lang').text()).toBe('json')
+    expect(wrapper.find('code.hljs').html()).toMatch(/hljs-(attr|string|punctuation)/)
+  })
+
+  it('falls back to plain escaped text when a fence language is unsupported', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```foobar\n{"answer":42,"ok":true}\n```',
+      },
+    })
+
+    expect(wrapper.find('.code-lang').text()).toBe('foobar')
+    expect(wrapper.find('code.hljs').findAll('span')).toHaveLength(0)
+    expect(wrapper.find('code.hljs').text()).toContain('{"answer":42,"ok":true}')
+  })
+
+  it('keeps unlabeled code fences as plain text instead of guessing a grammar', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```\nINFO Starting server\nConnected to 127.0.0.1\nDone\n```',
+      },
+    })
+
+    expect(wrapper.find('.code-lang').text()).toBe('text')
+    expect(wrapper.find('code.hljs').findAll('span')).toHaveLength(0)
+    expect(wrapper.find('code.hljs').text()).toContain('INFO Starting server')
+  })
+
+  it('renders outer markdown draft fences as markdown while preserving nested fenced examples', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: [
+          '下面是可直接手动编辑的 PR draft。',
+          '',
+          '```md',
+          '标题: fix(chat): 保留附件在同一聊天后续轮次的上下文',
+          '',
+          '## Summary',
+          '',
+          '附件上传后，首轮 `startRun()` 的 `input` 已包含上传文件引用:',
+          '',
+          '```md',
+          '[File: screenshot.png](/uploaded/path)',
+          '```',
+          '',
+          '但本地保存的用户消息只保留 UI 可见文本。',
+          '',
+          '## Fix',
+          '- Preserve context.',
+          '```',
+        ].join('\n'),
+      },
+    })
+
+    expect(wrapper.findAll('.hljs-code-block')).toHaveLength(1)
+    expect(wrapper.find('.code-lang').text()).toBe('md')
+    expect(wrapper.find('code.hljs').text()).toContain('[File: screenshot.png](/uploaded/path)')
+    expect(wrapper.find('.markdown-body').findAll('h2')).toHaveLength(2)
+    expect(wrapper.find('.markdown-body').find('h2').text()).toBe('Summary')
+    expect(wrapper.find('.markdown-body').text()).toContain('但本地保存的用户消息只保留 UI 可见文本。')
+    expect(wrapper.find('.markdown-body').text()).toContain('Preserve context.')
+  })
+
+  it('keeps markdown examples with their own nested fences intact after unwrapping a draft fence', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: [
+          '```md',
+          '## Regression Coverage',
+          '',
+          '```md',
+          '下面是一个 PR draft。',
+          '',
+          '```md',
+          '[File: Screenshot.png](/tmp/example.png)',
+          '```',
+          '',
+          '## Fix',
+          '',
+          '- 后续 heading 不应被截断。',
+          '```',
+          '',
+          '## Local Verification',
+          '',
+          '- localhost renders after the example.',
+          '```',
+        ].join('\n'),
+      },
+    })
+
+    const headings = wrapper.find('.markdown-body').findAll('h2').map(heading => heading.text())
+    expect(headings).toEqual(['Regression Coverage', 'Local Verification'])
+    expect(wrapper.findAll('.hljs-code-block')).toHaveLength(1)
+
+    const codeText = wrapper.find('code.hljs').text()
+    expect(codeText).toContain('下面是一个 PR draft。')
+    expect(codeText).toContain('```md\n[File: Screenshot.png](/tmp/example.png)\n```')
+    expect(codeText).toContain('## Fix')
+    expect(codeText).toContain('- 后续 heading 不应被截断。')
+    expect(wrapper.find('.markdown-body').text()).toContain('localhost renders after the example.')
+  })
+
+  it('keeps markdown examples with unlabeled nested fences intact', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: [
+          '```md',
+          '## Unlabeled Fence Example',
+          '',
+          '```md',
+          '```',
+          'plain nested block',
+          '```',
+          '```',
+          '',
+          'Done outside.',
+          '```',
+        ].join('\n'),
+      },
+    })
+
+    expect(wrapper.find('.markdown-body').find('h2').text()).toBe('Unlabeled Fence Example')
+    expect(wrapper.findAll('.hljs-code-block')).toHaveLength(1)
+    expect(wrapper.find('code.hljs').text()).toContain('```\nplain nested block\n```')
+    expect(wrapper.find('.markdown-body').text()).toContain('Done outside.')
+  })
+
+  it('renders local mov links as inline video players', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '[录屏2026-05-08 15.19.46.mov](/Users/ekko/Desktop/录屏2026-05-08%2015.19.46.mov)',
+      },
+    })
+
+    const video = wrapper.find('video.markdown-video')
+    expect(video.exists()).toBe(true)
+    expect(video.attributes('src')).toContain('/api/hermes/download?path=')
+    const src = new URL(video.attributes('src'))
+    expect(decodeURIComponent(src.searchParams.get('path') || '')).toBe('/Users/ekko/Desktop/录屏2026-05-08 15.19.46.mov')
+    expect(wrapper.find('.markdown-video-footer .att-name').text()).toBe('录屏2026-05-08 15.19.46.mov')
+  })
+
+  it('renders MSYS-style Windows image paths through the download endpoint', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '![桌面截图](/c/Users/Administrator/Desktop/screenshot.png)',
+      },
+    })
+
+    const img = wrapper.find('img')
+    expect(img.exists()).toBe(true)
+    expect(img.attributes('src')).toContain('/api/hermes/download?path=')
+    const src = new URL(img.attributes('src'))
+    expect(decodeURIComponent(src.searchParams.get('path') || '')).toBe('/c/Users/Administrator/Desktop/screenshot.png')
+    expect(img.attributes('alt')).toBe('桌面截图')
+  })
+
+  it('downloads local text files when the file card download icon is clicked', async () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '[notes.txt](/tmp/notes.txt)',
+      },
+    })
+
+    expect(wrapper.find('.markdown-file-card').exists()).toBe(true)
+    expect(wrapper.find('.att-download-btn .att-download-icon').exists()).toBe(true)
+
+    await wrapper.find('.att-download-btn').trigger('click')
+    await Promise.resolve()
+
+    expect(downloadApiMock.downloadFile).toHaveBeenCalledTimes(1)
+    expect(downloadApiMock.downloadFile).toHaveBeenCalledWith('/tmp/notes.txt', 'notes.txt')
+    expect(downloadApiMock.fetchFileText).not.toHaveBeenCalled()
+    expect(wrapper.find('.n-drawer-stub').exists()).toBe(false)
+  })
+
+  it('opens text previews in a responsive drawer with a close control', async () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '[notes.txt](/tmp/notes.txt)',
+      },
+    })
+
+    await wrapper.find('.markdown-file-card').trigger('click')
+    await Promise.resolve()
+    await nextTick()
+
+    const drawer = wrapper.find('.n-drawer-stub')
+    expect(drawer.exists()).toBe(true)
+    expect(drawer.attributes('data-width')).toBe('min(800px, 100vw)')
+    expect(drawer.find('.n-drawer-content-stub').attributes('data-body-padding')).toBe('0')
+    expect(drawer.text()).toContain('download.contentDisplay')
+    expect(downloadApiMock.fetchFileText).toHaveBeenCalledWith('/tmp/notes.txt', 'notes.txt')
+
+    await drawer.find('.n-drawer-close-stub').trigger('click')
+    await nextTick()
+
+    expect(wrapper.find('.n-drawer-stub').exists()).toBe(false)
+  })
+
+  it('renders markdown file previews as markdown content', async () => {
+    downloadApiMock.fetchFileText.mockResolvedValue('# Preview Title\n\n**bold text**')
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '[notes.md](/tmp/notes.md)',
+      },
+    })
+
+    await wrapper.find('.markdown-file-card').trigger('click')
+    await Promise.resolve()
+    await nextTick()
+
+    const drawer = wrapper.find('.n-drawer-stub')
+    expect(drawer.exists()).toBe(true)
+    expect(drawer.find('.text-preview-markdown').exists()).toBe(true)
+    expect(drawer.find('.text-preview-body').exists()).toBe(false)
+    expect(drawer.find('.text-preview-markdown h1').text()).toBe('Preview Title')
+    expect(drawer.find('.text-preview-markdown strong').text()).toBe('bold text')
+  })
+
+  it('keeps tilde-fenced markdown examples with nested tilde fences intact', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: [
+          '```md',
+          '## Tilde Example',
+          '',
+          '~~~md',
+          '~~~yaml',
+          'ok: true',
+          '~~~',
+          '~~~',
+          '',
+          'Done outside.',
+          '```',
+        ].join('\n'),
+      },
+    })
+
+    expect(wrapper.find('.markdown-body').find('h2').text()).toBe('Tilde Example')
+    expect(wrapper.findAll('.hljs-code-block')).toHaveLength(1)
+    expect(wrapper.find('code.hljs').text()).toContain('~~~yaml\nok: true\n~~~')
+    expect(wrapper.find('.markdown-body').text()).toContain('Done outside.')
+  })
+
+  it('keeps already-valid longer markdown example fences valid', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: [
+          '```md',
+          '## Longer Fence Example',
+          '',
+          '````md',
+          '```ts',
+          'const answer = 42',
+          '```',
+          '````',
+          '',
+          'Done outside.',
+          '```',
+        ].join('\n'),
+      },
+    })
+
+    expect(wrapper.find('.markdown-body').find('h2').text()).toBe('Longer Fence Example')
+    expect(wrapper.findAll('.hljs-code-block')).toHaveLength(1)
+    expect(wrapper.find('code.hljs').text()).toContain('```ts\nconst answer = 42\n```')
+    expect(wrapper.find('.markdown-body').text()).toContain('Done outside.')
+  })
+
+  it('renders mermaid fences as diagrams instead of raw highlighted code', async () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: [
+          '```mermaid',
+          'flowchart TD',
+          'A[User] --> B[Web UI<br/>command]',
+          '```',
+          '',
+          '具体 behavior:',
+          '- Markdown below still renders.',
+        ].join('\n'),
+      },
+    })
+
+    await flushMermaidRender()
+
+    expect(mermaidMock.initialize).toHaveBeenCalledWith(expect.objectContaining({
+      startOnLoad: false,
+      securityLevel: 'strict',
+    }))
+    expect(mermaidMock.render).toHaveBeenCalledWith(
+      expect.stringMatching(/^hermes-mermaid-/),
+      expect.stringContaining('flowchart TD'),
+    )
+    expect(wrapper.find('[data-testid="mermaid-svg"]').exists()).toBe(true)
+    expect(wrapper.findAll('.hljs-code-block')).toHaveLength(0)
+    expect(wrapper.find('.markdown-body').find('ul').exists()).toBe(true)
+  })
+
+  it('renders mermaid inside repaired outer markdown draft fences', async () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: [
+          '```md',
+          '## Command flow',
+          '',
+          '```Mermaid title',
+          'flowchart LR',
+          'A --> B',
+          '```',
+          '',
+          'Done outside.',
+          '```',
+        ].join('\n'),
+      },
+    })
+
+    await flushMermaidRender()
+
+    expect(wrapper.find('.markdown-body').find('h2').text()).toBe('Command flow')
+    expect(mermaidMock.render).toHaveBeenCalledWith(
+      expect.stringMatching(/^hermes-mermaid-/),
+      expect.stringContaining('flowchart LR'),
+    )
+    expect(wrapper.find('[data-testid="mermaid-svg"]').exists()).toBe(true)
+    expect(wrapper.find('.markdown-body').text()).toContain('Done outside.')
+  })
+
+  it('falls back to a copyable code block when mermaid rendering fails', async () => {
+    mermaidMock.render.mockImplementationOnce((id: string) => {
+      const errorContainer = document.createElement('div')
+      errorContainer.id = `d${id}`
+      errorContainer.textContent = 'Syntax error in text\nmermaid version 11.14.0'
+      document.body.appendChild(errorContainer)
+      return Promise.reject(new Error('bad diagram'))
+    })
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```mermaid\nnot valid mermaid\n```',
+      },
+    })
+
+    await flushMermaidRender()
+
+    expect(wrapper.find('[data-testid="mermaid-svg"]').exists()).toBe(false)
+    expect(wrapper.find('.hljs-code-block').exists()).toBe(true)
+    expect(wrapper.find('.code-lang').text()).toBe('mermaid')
+    expect(wrapper.find('code.hljs').text()).toContain('not valid mermaid')
+    expect(wrapper.find('[data-copy-code="true"]').exists()).toBe(true)
+    expect(document.body.textContent).not.toContain('Syntax error in text')
+  })
+
+  it('falls back to copyable code blocks when mermaid initialization fails', async () => {
+    mermaidMock.initialize.mockImplementationOnce(() => {
+      throw new Error('init failed')
+    })
+
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```mermaid\nflowchart TD\nA --> B\n```',
+      },
+    })
+
+    await flushMermaidRender()
+
+    expect(mermaidMock.render).not.toHaveBeenCalled()
+    expect(wrapper.find('.hljs-code-block').exists()).toBe(true)
+    expect(wrapper.find('.code-lang').text()).toBe('mermaid')
+    expect(wrapper.find('code.hljs').text()).toContain('flowchart TD')
+  })
+
+  it('falls back without initializing mermaid when every pending diagram is oversized', async () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: `\`\`\`mermaid\n${'A'.repeat(20_001)}\n\`\`\``,
+      },
+    })
+
+    await flushMermaidRender()
+
+    expect(mermaidMock.initialize).not.toHaveBeenCalled()
+    expect(mermaidMock.render).not.toHaveBeenCalled()
+    expect(wrapper.find('.hljs-code-block').exists()).toBe(true)
+    expect(wrapper.find('.code-lang').text()).toBe('mermaid')
+  })
+
+  it('falls back without initializing mermaid when every pending diagram is empty', async () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```mermaid\n```',
+      },
+    })
+
+    await flushMermaidRender()
+
+    expect(mermaidMock.initialize).not.toHaveBeenCalled()
+    expect(mermaidMock.render).not.toHaveBeenCalled()
+    expect(wrapper.find('.hljs-code-block').exists()).toBe(true)
+    expect(wrapper.find('.code-lang').text()).toBe('mermaid')
+  })
+
+  it('falls back to copyable code when mermaid rendering never settles', async () => {
+    vi.useFakeTimers()
+    mermaidMock.render.mockImplementationOnce(() => new Promise(() => {}))
+
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```mermaid\nflowchart TD\nA --> B\n```',
+      },
+    })
+
+    await nextTick()
+    await Promise.resolve()
+    await vi.advanceTimersByTimeAsync(5_001)
+    await flushMermaidRender()
+
+    expect(wrapper.find('.mermaid-loading').exists()).toBe(false)
+    expect(wrapper.find('[data-testid="mermaid-svg"]').exists()).toBe(false)
+    expect(wrapper.find('.hljs-code-block').exists()).toBe(true)
+    expect(wrapper.find('.code-lang').text()).toBe('mermaid')
+    expect(wrapper.find('code.hljs').text()).toContain('flowchart TD')
+  })
+
+  it('does not load or render mermaid when the message has no mermaid block', async () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```ts\nconst answer = 42\n```',
+      },
+    })
+
+    await flushMermaidRender()
+
+    expect(mermaidMock.initialize).not.toHaveBeenCalled()
+    expect(mermaidMock.render).not.toHaveBeenCalled()
+    expect(wrapper.find('.code-lang').text()).toBe('ts')
+  })
+
+  it('does not let stale async mermaid renders mutate newer message content', async () => {
+    let resolveRender: ((value: { svg: string }) => void) | undefined
+    mermaidMock.render.mockImplementationOnce((id: string) => new Promise(resolve => {
+      resolveRender = resolve
+    }))
+
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```mermaid\nflowchart TD\nA --> B\n```',
+      },
+    })
+
+    await nextTick()
+    await wrapper.setProps({ content: 'No diagram now.' })
+    resolveRender?.({ svg: '<svg data-testid="stale-mermaid-svg"></svg>' })
+    await flushMermaidRender()
+
+    expect(wrapper.find('[data-testid="stale-mermaid-svg"]').exists()).toBe(false)
+    expect(wrapper.find('.markdown-body').text()).toContain('No diagram now.')
+  })
+
+  it('renders inline latex math with katex', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: 'Pythagoras: $x^2 + y^2 = z^2$.',
+      },
+    })
+
+    const body = wrapper.find('.markdown-body')
+    expect(body.find('.katex').exists()).toBe(true)
+    expect(body.html()).toContain('x')
+    expect(body.html()).toContain('z')
+    expect(body.text()).not.toContain('$x^2 + y^2 = z^2$')
+  })
+
+  it('renders display latex math with katex', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '$$\n\\int_0^1 x^2 dx = \\frac{1}{3}\n$$',
+      },
+    })
+
+    const body = wrapper.find('.markdown-body')
+    expect(body.find('.katex-display').exists()).toBe(true)
+    expect(body.find('.katex').exists()).toBe(true)
+    expect(body.text()).not.toContain('$$')
+  })
+
+  it('renders explicit latex fenced blocks with katex', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```latex\n\\[\\text{Итог} = \\operatorname{Округление}\\!\\left(0.5\\,O_1 + 0.5\\,O_2\\right)\\]\n```',
+      },
+    })
+
+    const body = wrapper.find('.markdown-body')
+    expect(body.find('.katex-display').exists()).toBe(true)
+    expect(body.find('.katex').exists()).toBe(true)
+    expect(body.text()).not.toContain('```latex')
+    expect(body.text()).toContain('Округление')
+  })
+
+  it('does not render latex inside ordinary fenced code blocks', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```ts\nconst formula = "$x^2 + y^2 = z^2$"\n```',
+      },
+    })
+
+    expect(wrapper.find('.markdown-body').find('.katex').exists()).toBe(false)
+    expect(wrapper.find('code.hljs').text()).toContain('$x^2 + y^2 = z^2$')
+  })
+
+  it('does not treat currency-like dollar text as latex math', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: 'Price is $5 and $6 today.',
+      },
+    })
+
+    const body = wrapper.find('.markdown-body')
+    expect(body.find('.katex').exists()).toBe(false)
+    expect(body.text()).toContain('Price is $5 and $6 today.')
+  })
+
+  it('does not render escaped dollar-delimited text as latex math', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: 'Escaped: \\$x^2$',
+      },
+    })
+
+    const body = wrapper.find('.markdown-body')
+    expect(body.find('.katex').exists()).toBe(false)
+    expect(body.text()).toContain('Escaped: $x^2$')
+  })
+
+  it('keeps rendering when latex syntax is invalid', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: 'Before $\\notacommand{ after',
+      },
+    })
+
+    expect(wrapper.find('.markdown-body').text()).toContain('Before')
+  })
+
+  it('copies code through the delegated click handler', async () => {
+    const writeText = vi.mocked(navigator.clipboard.writeText)
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```ts\nconst answer = 42\n```',
+      },
+    })
+
+    const expected = wrapper.find('code.hljs').element.textContent ?? ''
+    await wrapper.find('[data-copy-code="true"]').trigger('click')
+
+    expect(writeText).toHaveBeenCalledWith(expected)
+  })
+
+  it('falls back to legacy clipboard copy when the Clipboard API is unavailable', async () => {
+    Object.defineProperty(window, 'isSecureContext', {
+      configurable: true,
+      value: false,
+    })
+    Object.defineProperty(navigator, 'clipboard', {
+      configurable: true,
+      value: undefined,
+    })
+    const execCommand = vi.fn(() => true)
+    Object.defineProperty(document, 'execCommand', {
+      configurable: true,
+      value: execCommand,
+    })
+
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '```ts\nconst answer = 42\n```',
+      },
+    })
+
+    await wrapper.find('[data-copy-code="true"]').trigger('click')
+
+    expect(execCommand).toHaveBeenCalledWith('copy')
+  })
+})
diff --git a/tests/client/markdown-special-mentions.test.ts b/tests/client/markdown-special-mentions.test.ts
new file mode 100644
index 0000000..f4bec91
--- /dev/null
+++ b/tests/client/markdown-special-mentions.test.ts
@@ -0,0 +1,70 @@
+// @vitest-environment jsdom
+import { describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('naive-ui', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('naive-ui')>()
+  return {
+    ...actual,
+    useMessage: () => ({
+      error: vi.fn(),
+      success: vi.fn(),
+      warning: vi.fn(),
+      info: vi.fn(),
+    }),
+  }
+})
+
+vi.mock('@/api/hermes/download', () => ({
+  downloadFile: vi.fn(),
+  getDownloadUrl: vi.fn((path: string) => `/download?path=${encodeURIComponent(path)}`),
+}))
+
+vi.mock('@/components/hermes/chat/mermaidRenderer', () => ({
+  renderMermaidDiagram: vi.fn(),
+}))
+
+import MarkdownRenderer from '@/components/hermes/chat/MarkdownRenderer.vue'
+
+describe('MarkdownRenderer special mentions', () => {
+  it('highlights @all as a mention when provided by group chat', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '@all, please compare options',
+        mentionNames: ['all', 'Alice'],
+      },
+    })
+
+    expect(wrapper.find('.mention-highlight').text()).toBe('@all')
+  })
+
+  it('highlights @all at the end of rendered paragraphs and after opening punctuation', () => {
+    for (const content of ['@all', 'please compare @all', '(@all)']) {
+      const wrapper = mount(MarkdownRenderer, {
+        props: {
+          content,
+          mentionNames: ['all', 'Alice'],
+        },
+      })
+
+      expect(wrapper.find('.mention-highlight').text()).toBe('@all')
+    }
+  })
+
+  it('does not highlight @alligator as @all', () => {
+    const wrapper = mount(MarkdownRenderer, {
+      props: {
+        content: '@alligator should stay plain',
+        mentionNames: ['all'],
+      },
+    })
+
+    expect(wrapper.find('.mention-highlight').exists()).toBe(false)
+  })
+})
diff --git a/tests/client/message-item-highlight.test.ts b/tests/client/message-item-highlight.test.ts
new file mode 100644
index 0000000..d48d4c4
--- /dev/null
+++ b/tests/client/message-item-highlight.test.ts
@@ -0,0 +1,222 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { createPinia, setActivePinia } from 'pinia'
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('naive-ui', () => ({
+  useMessage: () => ({
+    error: vi.fn(),
+    success: vi.fn(),
+    warning: vi.fn(),
+    info: vi.fn(),
+  }),
+}))
+
+import MessageItem from '@/components/hermes/chat/MessageItem.vue'
+import type { Message } from '@/stores/hermes/chat'
+
+describe('MessageItem tool details', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+    Object.defineProperty(window, 'isSecureContext', {
+      configurable: true,
+      value: true,
+    })
+    Object.defineProperty(navigator, 'clipboard', {
+      configurable: true,
+      value: {
+        writeText: vi.fn().mockResolvedValue(undefined),
+      },
+    })
+    Object.defineProperty(window, 'speechSynthesis', {
+      configurable: true,
+      value: {
+        addEventListener: vi.fn(),
+        removeEventListener: vi.fn(),
+        getVoices: vi.fn(() => []),
+        speak: vi.fn(),
+        cancel: vi.fn(),
+        pause: vi.fn(),
+        resume: vi.fn(),
+      },
+    })
+  })
+
+  it('renders highlighted code blocks for tool arguments and tool results', async () => {
+    const wrapper = mount(MessageItem, {
+      props: {
+        message: {
+          id: 'tool-1',
+          role: 'tool',
+          content: '',
+          timestamp: Date.now(),
+          toolName: 'web_search',
+          toolArgs: '{"query":"syntax highlighting"}',
+          toolResult: '{"results":[{"title":"Done"}]}',
+          toolStatus: 'done',
+        } satisfies Message,
+      },
+    })
+
+    await wrapper.find('.tool-line').trigger('click')
+
+    const blocks = wrapper.findAll('.tool-details .hljs-code-block')
+    expect(blocks).toHaveLength(2)
+    expect(blocks[0].find('.code-lang').text()).toBe('json')
+    expect(blocks[1].find('.code-lang').text()).toBe('json')
+  })
+
+  it('copies tool detail code through the delegated click handler', async () => {
+    const writeText = vi.mocked(navigator.clipboard.writeText)
+    const wrapper = mount(MessageItem, {
+      props: {
+        message: {
+          id: 'tool-copy',
+          role: 'tool',
+          content: '',
+          timestamp: Date.now(),
+          toolName: 'web_search',
+          toolArgs: '{"query":"syntax highlighting"}',
+          toolStatus: 'done',
+        } satisfies Message,
+      },
+    })
+
+    await wrapper.find('.tool-line').trigger('click')
+
+    const expected = wrapper.find('.tool-details code.hljs').text()
+    await wrapper.find('.tool-details [data-copy-code="true"]').trigger('click')
+
+    expect(writeText).toHaveBeenCalledWith(expected)
+  })
+
+  it('truncates large tool arguments for display but copies the full formatted payload', async () => {
+    const writeText = vi.mocked(navigator.clipboard.writeText)
+    const message = {
+      content: 'x'.repeat(4000),
+      ok: true,
+    }
+    const wrapper = mount(MessageItem, {
+      props: {
+        message: {
+          id: 'tool-args-large',
+          role: 'tool',
+          content: '',
+          timestamp: Date.now(),
+          toolName: 'write_file',
+          toolArgs: JSON.stringify(message),
+          toolStatus: 'done',
+        } satisfies Message,
+      },
+    })
+
+    await wrapper.find('.tool-line').trigger('click')
+
+    const expected = JSON.stringify(message, null, 2)
+    const code = wrapper.find('.tool-details code.hljs')
+    const displayed = JSON.parse(code.text())
+    expect(wrapper.find('.tool-details .code-lang').text()).toBe('json')
+    expect(wrapper.html()).toContain('chat.truncated')
+    expect(displayed.content).toContain('chat.truncated')
+    expect(code.findAll('span').length).toBeGreaterThan(0)
+
+    await wrapper.find('.tool-details [data-copy-code="true"]').trigger('click')
+    expect(writeText).toHaveBeenCalledWith(expected)
+  })
+
+  it('copies the full large JSON tool result even when the display is truncated', async () => {
+    const writeText = vi.mocked(navigator.clipboard.writeText)
+    const fullResult = {
+      content: 'x'.repeat(4000),
+      ok: true,
+    }
+    const wrapper = mount(MessageItem, {
+      props: {
+        message: {
+          id: 'tool-2',
+          role: 'tool',
+          content: '',
+          timestamp: Date.now(),
+          toolName: 'read_file',
+          toolResult: JSON.stringify(fullResult),
+          toolStatus: 'done',
+        } satisfies Message,
+      },
+    })
+
+    await wrapper.find('.tool-line').trigger('click')
+
+    const code = wrapper.find('.tool-details code.hljs')
+    const displayed = JSON.parse(code.text())
+    expect(wrapper.find('.tool-details .code-lang').text()).toBe('json')
+    expect(wrapper.html()).toContain('chat.truncated')
+    expect(displayed.content).toContain('chat.truncated')
+    expect(code.findAll('span').length).toBeGreaterThan(0)
+
+    await wrapper.find('.tool-details [data-copy-code="true"]').trigger('click')
+    expect(writeText).toHaveBeenCalledWith(JSON.stringify(fullResult, null, 2))
+  })
+
+  it('truncates large JSON arrays at item boundaries so display remains parseable JSON', async () => {
+    const fullResult = Array.from({ length: 100 }, (_, index) => ({
+      index,
+      value: `item-${index}-${'x'.repeat(80)}`,
+    }))
+    const wrapper = mount(MessageItem, {
+      props: {
+        message: {
+          id: 'tool-array',
+          role: 'tool',
+          content: '',
+          timestamp: Date.now(),
+          toolName: 'browser_snapshot',
+          toolResult: JSON.stringify(fullResult),
+          toolStatus: 'done',
+        } satisfies Message,
+      },
+    })
+
+    await wrapper.find('.tool-line').trigger('click')
+
+    const code = wrapper.find('.tool-details code.hljs')
+    const displayed = JSON.parse(code.text())
+    expect(Array.isArray(displayed)).toBe(true)
+    expect(displayed.at(-1)).toContain('chat.truncated')
+    expect(code.text().length).toBeLessThanOrEqual(1000)
+  })
+
+  it('copies the full large raw tool result even when the display is truncated', async () => {
+    const writeText = vi.mocked(navigator.clipboard.writeText)
+    const fullResult = 'line\n'.repeat(1200)
+    const wrapper = mount(MessageItem, {
+      props: {
+        message: {
+          id: 'tool-raw',
+          role: 'tool',
+          content: '',
+          timestamp: Date.now(),
+          toolName: 'read_file',
+          toolResult: fullResult,
+          toolStatus: 'done',
+        } satisfies Message,
+      },
+    })
+
+    await wrapper.find('.tool-line').trigger('click')
+
+    const displayedResult = fullResult.slice(0, 1000) + '\nchat.truncated'
+    const code = wrapper.find('.tool-details code.hljs')
+    expect(wrapper.find('.tool-details .code-lang').text()).toBe('text')
+    expect(code.text()).toBe(displayedResult)
+    expect(code.findAll('span')).toHaveLength(0)
+
+    await wrapper.find('.tool-details [data-copy-code="true"]').trigger('click')
+    expect(writeText).toHaveBeenCalledWith(fullResult)
+  })
+})
diff --git a/tests/client/message-list-scroll-position.test.ts b/tests/client/message-list-scroll-position.test.ts
new file mode 100644
index 0000000..4f6d6c1
--- /dev/null
+++ b/tests/client/message-list-scroll-position.test.ts
@@ -0,0 +1,131 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { createPinia, setActivePinia } from 'pinia'
+import { defineComponent, nextTick } from 'vue'
+
+const mockScrollToBottom = vi.hoisted(() => vi.fn())
+const mockScrollToMessage = vi.hoisted(() => vi.fn())
+const mockScrollToAnchor = vi.hoisted(() => vi.fn())
+const mockCaptureViewportPosition = vi.hoisted(() => vi.fn())
+const mockRestoreViewportPosition = vi.hoisted(() => vi.fn())
+const mockCaptureScrollPosition = vi.hoisted(() => vi.fn())
+const mockRestoreScrollPosition = vi.hoisted(() => vi.fn())
+const mockIsNearBottom = vi.hoisted(() => vi.fn(() => true))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('@/composables/useTheme', () => ({
+  useTheme: () => ({ isDark: false }),
+}))
+
+vi.mock('@/components/hermes/chat/VirtualMessageList.vue', () => ({
+  default: defineComponent({
+    name: 'VirtualMessageList',
+    props: {
+      messages: { type: Array, default: () => [] },
+    },
+    emits: ['top-reach'],
+    setup(_props, { expose }) {
+      expose({
+        isNearBottom: mockIsNearBottom,
+        scrollToBottom: mockScrollToBottom,
+        scrollToMessage: mockScrollToMessage,
+        scrollToAnchor: mockScrollToAnchor,
+        captureScrollPosition: mockCaptureScrollPosition,
+        restoreScrollPosition: mockRestoreScrollPosition,
+        captureViewportPosition: mockCaptureViewportPosition,
+        restoreViewportPosition: mockRestoreViewportPosition,
+      })
+    },
+    template: `
+      <div class="virtual-message-list-stub">
+        <slot name="item" v-for="message in messages" :key="message.id" :message="message" />
+      </div>
+    `,
+  }),
+}))
+
+vi.mock('@/components/hermes/chat/MessageItem.vue', () => ({
+  default: defineComponent({
+    name: 'MessageItem',
+    props: { message: { type: Object, required: true } },
+    template: '<div class="stub-message" :data-id="message.id">{{ message.content }}</div>',
+  }),
+}))
+
+import MessageList from '@/components/hermes/chat/MessageList.vue'
+import { useChatStore, type Message, type Session } from '@/stores/hermes/chat'
+
+function makeMessage(id: string): Message {
+  return { id, role: 'user', content: id, timestamp: Date.now() }
+}
+
+function makeSession(id: string): Session {
+  return {
+    id,
+    title: id,
+    messages: [makeMessage(`${id}-message`)],
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+  }
+}
+
+async function flushSessionScroll() {
+  await nextTick()
+  await nextTick()
+}
+
+describe('MessageList session scroll position', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+    vi.clearAllMocks()
+    mockIsNearBottom.mockReturnValue(true)
+  })
+
+  it('restores a previous session scroll position instead of forcing the bottom', async () => {
+    const chatStore = useChatStore()
+    chatStore.activeSessionId = 'scroll-session-a'
+    chatStore.activeSession = makeSession('scroll-session-a')
+
+    mount(MessageList, {
+      global: {
+        stubs: { Transition: false },
+      },
+    })
+    await flushSessionScroll()
+    vi.clearAllMocks()
+
+    const sessionASnapshot = {
+      scrollTop: 320,
+      scrollHeight: 1200,
+      clientHeight: 500,
+      wasNearBottom: false,
+    }
+    mockCaptureViewportPosition.mockReturnValue(sessionASnapshot)
+
+    chatStore.activeSessionId = 'scroll-session-b'
+    chatStore.activeSession = makeSession('scroll-session-b')
+    await flushSessionScroll()
+    expect(mockCaptureViewportPosition).toHaveBeenCalled()
+
+    vi.clearAllMocks()
+    mockCaptureViewportPosition.mockReturnValue({
+      scrollTop: 40,
+      scrollHeight: 1000,
+      clientHeight: 500,
+      wasNearBottom: false,
+    })
+
+    chatStore.activeSessionId = 'scroll-session-a'
+    chatStore.activeSession = makeSession('scroll-session-a')
+    await flushSessionScroll()
+
+    expect(mockRestoreViewportPosition).toHaveBeenCalledWith(sessionASnapshot)
+    expect(mockScrollToBottom).not.toHaveBeenCalled()
+  })
+})
diff --git a/tests/client/models-store.test.ts b/tests/client/models-store.test.ts
new file mode 100644
index 0000000..782f470
--- /dev/null
+++ b/tests/client/models-store.test.ts
@@ -0,0 +1,95 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { createPinia, setActivePinia } from 'pinia'
+
+const mockSystemApi = vi.hoisted(() => ({
+  fetchAvailableModels: vi.fn(),
+  fetchAvailableModelsForProfile: vi.fn(),
+  updateDefaultModel: vi.fn(),
+  addCustomProvider: vi.fn(),
+  removeCustomProvider: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/system', () => mockSystemApi)
+vi.mock('@/api/client', () => ({ hasApiKey: () => true }))
+
+import { useAppStore } from '@/stores/hermes/app'
+import { useModelsStore } from '@/stores/hermes/models'
+
+describe('Models Store', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+    vi.clearAllMocks()
+    window.localStorage.clear()
+  })
+
+  it('keeps the sidebar model picker in sync after provider model visibility changes', async () => {
+    const visibleGroups = [
+      {
+        provider: 'deepseek',
+        label: 'DeepSeek',
+        base_url: 'https://api.deepseek.com/v1',
+        api_key: 'sk-test',
+        models: ['deepseek-v4-flash', 'deepseek-v4-pro'],
+        available_models: ['deepseek-v4-flash', 'deepseek-v4-pro'],
+        model_meta: {
+          'deepseek-v4-pro': { preview: true },
+        },
+      },
+    ]
+    const availableModelsResponse = {
+      default: 'deepseek-v4-flash',
+      default_provider: 'deepseek',
+      groups: visibleGroups,
+      allProviders: visibleGroups,
+      model_visibility: {
+        deepseek: { mode: 'include', models: ['deepseek-v4-flash', 'deepseek-v4-pro'] },
+      },
+      profiles: [
+        {
+          profile: 'default',
+          default: 'deepseek-v4-flash',
+          default_provider: 'deepseek',
+          groups: visibleGroups,
+        },
+      ],
+    }
+    mockSystemApi.fetchAvailableModelsForProfile.mockResolvedValue(availableModelsResponse)
+    mockSystemApi.fetchAvailableModels.mockResolvedValue(availableModelsResponse)
+    mockSystemApi.addCustomProvider.mockResolvedValue(undefined)
+
+    const appStore = useAppStore()
+    appStore.modelGroups = [
+      {
+        provider: 'deepseek',
+        label: 'DeepSeek',
+        base_url: 'https://api.deepseek.com/v1',
+        api_key: 'sk-test',
+        models: ['deepseek-v4-flash'],
+        available_models: ['deepseek-v4-flash', 'deepseek-v4-pro'],
+      },
+    ]
+
+    const modelsStore = useModelsStore()
+    await modelsStore.addProvider({
+      name: 'deepseek',
+      base_url: 'https://api.deepseek.com/v1',
+      api_key: 'sk-test',
+      model: 'deepseek-v4-flash',
+    })
+
+    expect(mockSystemApi.fetchAvailableModelsForProfile).toHaveBeenCalledWith('default')
+    expect(mockSystemApi.fetchAvailableModels).toHaveBeenCalled()
+    expect(modelsStore.providers[0].models).toEqual(['deepseek-v4-flash', 'deepseek-v4-pro'])
+    expect(appStore.modelGroups[0].models).toEqual(['deepseek-v4-flash', 'deepseek-v4-pro'])
+    expect(appStore.modelGroups[0].available_models).toEqual(['deepseek-v4-flash', 'deepseek-v4-pro'])
+    expect(appStore.modelGroups[0].model_meta).toEqual({
+      'deepseek-v4-pro': { preview: true },
+    })
+    expect(appStore.modelVisibility).toEqual({
+      deepseek: { mode: 'include', models: ['deepseek-v4-flash', 'deepseek-v4-pro'] },
+    })
+    expect(appStore.selectedModel).toBe('deepseek-v4-flash')
+    expect(appStore.selectedProvider).toBe('deepseek')
+  })
+})
diff --git a/tests/client/profiles-store.test.ts b/tests/client/profiles-store.test.ts
new file mode 100644
index 0000000..962ce35
--- /dev/null
+++ b/tests/client/profiles-store.test.ts
@@ -0,0 +1,228 @@
+// @vitest-environment jsdom
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+import { setActivePinia, createPinia } from 'pinia'
+
+const mockProfilesApi = vi.hoisted(() => ({
+  fetchProfiles: vi.fn(),
+  fetchProfileDetail: vi.fn(),
+  createProfile: vi.fn(),
+  deleteProfile: vi.fn(),
+  renameProfile: vi.fn(),
+  switchProfile: vi.fn(),
+  exportProfile: vi.fn(),
+  importProfile: vi.fn(),
+  updateProfileAvatar: vi.fn(),
+  deleteProfileAvatar: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/profiles', () => mockProfilesApi)
+
+import { useProfilesStore } from '@/stores/hermes/profiles'
+
+describe('Profiles Store', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+    vi.clearAllMocks()
+  })
+
+  it('fetchProfiles loads profiles and sets active', async () => {
+    const profiles = [
+      { name: 'default', active: true, model: 'gpt-4', alias: '' },
+      { name: 'dev', active: false, model: 'gpt-4', alias: '' },
+    ]
+    mockProfilesApi.fetchProfiles.mockResolvedValue(profiles)
+
+    const store = useProfilesStore()
+    await store.fetchProfiles()
+
+    expect(store.profiles).toEqual(profiles)
+    expect(store.activeProfile?.name).toBe('default')
+    expect(store.loading).toBe(false)
+  })
+
+  it('fetchProfiles sets loading state', async () => {
+    mockProfilesApi.fetchProfiles.mockImplementation(
+      () => new Promise(resolve => setTimeout(() => resolve([]), 10))
+    )
+
+    const store = useProfilesStore()
+    const fetchPromise = store.fetchProfiles()
+
+    expect(store.loading).toBe(true)
+    await fetchPromise
+    expect(store.loading).toBe(false)
+  })
+
+  it('createProfile calls API and refreshes list', async () => {
+    mockProfilesApi.createProfile.mockResolvedValue({ success: true })
+    mockProfilesApi.fetchProfiles.mockResolvedValue([
+      { name: 'default', active: true, model: 'gpt-4', alias: '' },
+      { name: 'new-profile', active: false, model: 'gpt-4', alias: '' },
+    ])
+
+    const store = useProfilesStore()
+    const result = await store.createProfile('new-profile', false)
+
+    expect(result.success).toBe(true)
+    expect(mockProfilesApi.createProfile).toHaveBeenCalledWith('new-profile', false)
+    expect(store.profiles).toHaveLength(2)
+  })
+
+  it('deleteProfile clears detail cache', async () => {
+    mockProfilesApi.deleteProfile.mockResolvedValue(true)
+    mockProfilesApi.fetchProfiles.mockResolvedValue([
+      { name: 'default', active: true, model: 'gpt-4', alias: '' },
+    ])
+
+    const store = useProfilesStore()
+    store.detailMap['test'] = { name: 'test', path: '/tmp/test', model: '', provider: '', skills: 0, hasEnv: false, hasSoulMd: false }
+
+    await store.deleteProfile('test')
+
+    expect(store.detailMap['test']).toBeUndefined()
+    expect(mockProfilesApi.deleteProfile).toHaveBeenCalledWith('test')
+  })
+
+  it('fetchProfileDetail uses cache', async () => {
+    const detail = { name: 'cached', path: '/tmp/cached', model: 'gpt-4', provider: 'openai', skills: 5, hasEnv: true, hasSoulMd: false }
+    const store = useProfilesStore()
+    store.detailMap['cached'] = detail
+
+    const result = await store.fetchProfileDetail('cached')
+
+    expect(result).toEqual(detail)
+    expect(mockProfilesApi.fetchProfileDetail).not.toHaveBeenCalled()
+  })
+
+  it('updateAvatar updates profile, detail cache, and active profile', async () => {
+    const savedAvatar = { type: 'image', dataUrl: 'data:image/png;base64,YQ==' }
+    mockProfilesApi.updateProfileAvatar.mockResolvedValue(savedAvatar)
+
+    const store = useProfilesStore()
+    store.profiles = [
+      { name: 'default', active: true, model: 'gpt-4', alias: '' },
+      { name: 'dev', active: false, model: 'gpt-4', alias: '' },
+    ]
+    store.activeProfile = store.profiles[0]
+    store.detailMap.default = { name: 'default', path: '/tmp/default', model: '', provider: '', skills: 0, hasEnv: false, hasSoulMd: false }
+
+    const result = await store.updateAvatar('default', { type: 'image', dataUrl: savedAvatar.dataUrl })
+
+    expect(result).toEqual(savedAvatar)
+    expect(mockProfilesApi.updateProfileAvatar).toHaveBeenCalledWith('default', { type: 'image', dataUrl: savedAvatar.dataUrl })
+    expect(store.profiles[0].avatar).toEqual(savedAvatar)
+    expect(store.activeProfile?.avatar).toEqual(savedAvatar)
+    expect(store.detailMap.default.avatar).toEqual(savedAvatar)
+  })
+
+  it('deleteAvatar clears avatar state', async () => {
+    mockProfilesApi.deleteProfileAvatar.mockResolvedValue(undefined)
+
+    const store = useProfilesStore()
+    store.profiles = [
+      { name: 'default', active: true, model: 'gpt-4', alias: '', avatar: { type: 'generated', seed: 'old' } },
+    ]
+    store.activeProfile = store.profiles[0]
+    store.detailMap.default = {
+      name: 'default',
+      path: '/tmp/default',
+      model: '',
+      provider: '',
+      skills: 0,
+      hasEnv: false,
+      hasSoulMd: false,
+      avatar: { type: 'generated', seed: 'old' },
+    }
+
+    await store.deleteAvatar('default')
+
+    expect(mockProfilesApi.deleteProfileAvatar).toHaveBeenCalledWith('default')
+    expect(store.profiles[0].avatar).toBeNull()
+    expect(store.activeProfile?.avatar).toBeNull()
+    expect(store.detailMap.default.avatar).toBeNull()
+  })
+
+  it('switchProfile sets switching state', async () => {
+    mockProfilesApi.switchProfile.mockResolvedValue(true)
+    mockProfilesApi.fetchProfiles.mockResolvedValue([])
+
+    const store = useProfilesStore()
+    const switchPromise = store.switchProfile('dev')
+
+    expect(store.switching).toBe(true)
+    await switchPromise
+    expect(store.switching).toBe(false)
+  })
+
+  it('switchProfile updates activeProfileName immediately', async () => {
+    mockProfilesApi.switchProfile.mockResolvedValue(true)
+    mockProfilesApi.fetchProfiles.mockResolvedValue([
+      { name: 'default', active: false, model: 'gpt-4', alias: '' },
+      { name: 'dev', active: true, model: 'gpt-4', alias: '' },
+    ])
+
+    const store = useProfilesStore()
+    await store.switchProfile('dev')
+
+    // activeProfileName should be updated immediately
+    expect(store.activeProfileName).toBe('dev')
+    // localStorage should also be updated
+    expect(localStorage.getItem('hermes_active_profile_name')).toBe('dev')
+  })
+
+  it('switchProfile does not update state when API fails', async () => {
+    const initialName = 'default'
+    localStorage.setItem('hermes_active_profile_name', initialName)
+
+    mockProfilesApi.switchProfile.mockResolvedValue(false)  // API failed
+
+    const store = useProfilesStore()
+    store.activeProfileName = initialName
+    const result = await store.switchProfile('dev')
+
+    // Should return false
+    expect(result).toBe(false)
+    // activeProfileName should NOT change
+    expect(store.activeProfileName).toBe(initialName)
+    // localStorage should NOT change
+    expect(localStorage.getItem('hermes_active_profile_name')).toBe(initialName)
+  })
+
+  it('switchProfile keeps activeProfileName even if fetchProfiles fails', async () => {
+    const initialName = 'default'
+    localStorage.setItem('hermes_active_profile_name', initialName)
+
+    mockProfilesApi.switchProfile.mockResolvedValue(true)
+    mockProfilesApi.fetchProfiles.mockRejectedValue(new Error('Network error'))
+
+    const store = useProfilesStore()
+    store.activeProfileName = initialName
+    const result = await store.switchProfile('dev')
+
+    // Should return true (API succeeded)
+    expect(result).toBe(true)
+    // activeProfileName should be updated even though fetchProfiles failed
+    expect(store.activeProfileName).toBe('dev')
+    // localStorage should be updated
+    expect(localStorage.getItem('hermes_active_profile_name')).toBe('dev')
+  })
+
+  it('switchProfile keeps the local selected profile independent of backend active flags', async () => {
+    const initialName = 'default'
+    localStorage.setItem('hermes_active_profile_name', initialName)
+
+    mockProfilesApi.switchProfile.mockResolvedValue(true)
+    mockProfilesApi.fetchProfiles.mockResolvedValue([
+      { name: 'default', active: true, model: 'gpt-4', alias: '' },
+      { name: 'dev', active: false, model: 'gpt-4', alias: '' },
+    ])
+
+    const store = useProfilesStore()
+    store.activeProfileName = initialName
+    const result = await store.switchProfile('dev')
+
+    expect(result).toBe(true)
+    expect(store.activeProfileName).toBe('dev')
+    expect(localStorage.getItem('hermes_active_profile_name')).toBe('dev')
+  })
+})
diff --git a/tests/client/provider-base-url.test.ts b/tests/client/provider-base-url.test.ts
new file mode 100644
index 0000000..95dbd25
--- /dev/null
+++ b/tests/client/provider-base-url.test.ts
@@ -0,0 +1,16 @@
+import { describe, expect, it } from 'vitest'
+import { normalizeCustomProviderBaseUrl } from '@/utils/providerBaseUrl'
+
+describe('normalizeCustomProviderBaseUrl', () => {
+  it('normalizes api.apikey.fun custom provider URLs to the OpenAI-compatible v1 endpoint', () => {
+    expect(normalizeCustomProviderBaseUrl('https://api.apikey.fun')).toBe('https://api.apikey.fun/v1')
+    expect(normalizeCustomProviderBaseUrl('https://api.apikey.fun/')).toBe('https://api.apikey.fun/v1')
+    expect(normalizeCustomProviderBaseUrl('https://api.apikey.fun/anything')).toBe('https://api.apikey.fun/v1')
+    expect(normalizeCustomProviderBaseUrl('  https://api.apikey.fun/v2/chat  ')).toBe('https://api.apikey.fun/v1')
+  })
+
+  it('leaves unrelated provider URLs unchanged apart from trimming', () => {
+    expect(normalizeCustomProviderBaseUrl(' https://api.example.com/v1 ')).toBe('https://api.example.com/v1')
+    expect(normalizeCustomProviderBaseUrl('https://not-api.apikey.fun/v1')).toBe('https://not-api.apikey.fun/v1')
+  })
+})
diff --git a/tests/client/route-link-item.test.ts b/tests/client/route-link-item.test.ts
new file mode 100644
index 0000000..d5816fd
--- /dev/null
+++ b/tests/client/route-link-item.test.ts
@@ -0,0 +1,34 @@
+// @vitest-environment jsdom
+import { describe, expect, it } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { defineComponent } from 'vue'
+import RouteLinkItem from '@/components/common/RouteLinkItem.vue'
+
+describe('RouteLinkItem', () => {
+  it('renders a real anchor with href from RouterLink custom slot', () => {
+    const wrapper = mount(RouteLinkItem, {
+      props: {
+        to: { name: 'hermes.session', params: { id: 's1' } },
+        active: true,
+      },
+      slots: {
+        default: 'Session S1',
+      },
+      global: {
+        components: {
+          RouterLink: defineComponent({
+            props: ['to', 'custom'],
+            template: '<slot href="/session/s1" :navigate="() => {}" :is-active="true" :is-exact-active="true" />',
+          }),
+        },
+      },
+    })
+
+    const link = wrapper.get('a')
+    expect(link.attributes('href')).toBe('/session/s1')
+    expect(link.classes()).toContain('route-link-item')
+    expect(link.classes()).toContain('active')
+    expect(link.attributes('aria-current')).toBe('page')
+    expect(link.text()).toContain('Session S1')
+  })
+})
diff --git a/tests/client/session-browser-prefs.test.ts b/tests/client/session-browser-prefs.test.ts
new file mode 100644
index 0000000..a3ecfda
--- /dev/null
+++ b/tests/client/session-browser-prefs.test.ts
@@ -0,0 +1,67 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it } from 'vitest'
+import { createPinia, setActivePinia } from 'pinia'
+import { nextTick } from 'vue'
+import { useProfilesStore } from '@/stores/hermes/profiles'
+import { useSessionBrowserPrefsStore } from '@/stores/hermes/session-browser-prefs'
+
+describe('session browser prefs store', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+    window.localStorage.clear()
+  })
+
+  it('persists pins per profile and prunes missing sessions', () => {
+    const profilesStore = useProfilesStore()
+    profilesStore.activeProfileName = 'default'
+
+    const store = useSessionBrowserPrefsStore()
+    expect(store.pinnedIds).toEqual([])
+
+    store.togglePinned('session-1')
+    store.togglePinned('session-2')
+    expect(store.pinnedIds).toEqual(['session-1', 'session-2'])
+    expect(JSON.parse(window.localStorage.getItem('hermes_session_pins_v1_default') || '[]')).toEqual(['session-1', 'session-2'])
+
+    expect(store.pruneMissingSessions(['session-2'])).toBe(true)
+    expect(store.pinnedIds).toEqual(['session-2'])
+    expect(JSON.parse(window.localStorage.getItem('hermes_session_pins_v1_default') || '[]')).toEqual(['session-2'])
+  })
+
+  it('does not erase saved pins when the current session list is transiently empty', () => {
+    const profilesStore = useProfilesStore()
+    profilesStore.activeProfileName = 'default'
+    const store = useSessionBrowserPrefsStore()
+
+    store.togglePinned('session-1')
+    expect(store.pruneMissingSessions([])).toBe(false)
+    expect(store.pinnedIds).toEqual(['session-1'])
+    expect(JSON.parse(window.localStorage.getItem('hermes_session_pins_v1_default') || '[]')).toEqual(['session-1'])
+  })
+
+  it('reloads pin and human-only preferences automatically when the active profile changes', async () => {
+    const profilesStore = useProfilesStore()
+    profilesStore.activeProfileName = 'default'
+    const store = useSessionBrowserPrefsStore()
+
+    expect(store.humanOnly).toBe(true)
+    store.togglePinned('default-session')
+    store.setHumanOnly(false)
+
+    window.localStorage.setItem('hermes_session_pins_v1_work', JSON.stringify(['work-session']))
+    window.localStorage.setItem('hermes_human_only_v1_work', JSON.stringify(true))
+
+    profilesStore.activeProfileName = 'work'
+    await nextTick()
+
+    expect(store.profileName).toBe('work')
+    expect(store.pinnedIds).toEqual(['work-session'])
+    expect(store.humanOnly).toBe(true)
+
+    profilesStore.activeProfileName = 'default'
+    await nextTick()
+
+    expect(store.pinnedIds).toEqual(['default-session'])
+    expect(store.humanOnly).toBe(false)
+  })
+})
diff --git a/tests/client/session-list-item.test.ts b/tests/client/session-list-item.test.ts
new file mode 100644
index 0000000..b144041
--- /dev/null
+++ b/tests/client/session-list-item.test.ts
@@ -0,0 +1,138 @@
+// @vitest-environment jsdom
+import { describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { defineComponent } from 'vue'
+import SessionListItem from '@/components/hermes/chat/SessionListItem.vue'
+
+vi.mock('@/stores/hermes/app', () => ({
+  useAppStore: () => ({
+    profileModelGroups: [],
+    displayModelName: (model: string) => model,
+  }),
+}))
+
+vi.mock('@/stores/hermes/profiles', () => ({
+  useProfilesStore: () => ({ profiles: [] }),
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({ t: (key: string) => key }),
+}))
+
+vi.mock('@/shared/session-display', () => ({
+  formatTimestampMs: () => 'now',
+}))
+
+vi.mock('naive-ui', () => ({
+  NPopconfirm: defineComponent({
+    name: 'NPopconfirm',
+    emits: ['positive-click'],
+    template: '<span><slot name="trigger" /><slot /></span>',
+  }),
+  NCheckbox: defineComponent({
+    name: 'NCheckbox',
+    props: ['checked'],
+    emits: ['click'],
+    template: '<input type="checkbox" :checked="checked" @click="$emit(\'click\')" />',
+  }),
+  NTooltip: defineComponent({
+    name: 'NTooltip',
+    template: '<span><slot name="trigger" /><slot /></span>',
+  }),
+}))
+
+const session = {
+  id: 's1',
+  title: 'Session One',
+  model: 'gpt-test',
+  provider: 'openai',
+  createdAt: Date.now(),
+  profile: 'kira',
+}
+
+describe('SessionListItem', () => {
+  it('renders normal mode as a link to the session route', () => {
+    const wrapper = mount(SessionListItem, {
+      props: {
+        session,
+        active: false,
+        pinned: false,
+        canDelete: true,
+        to: '/session/s1',
+      },
+      global: {
+        stubs: {
+          ProfileAvatar: true,
+        },
+      },
+    })
+
+    const link = wrapper.get('a.session-item')
+    expect(link.attributes('href')).toBe('/session/s1')
+    expect(wrapper.find('button.session-item').exists()).toBe(false)
+  })
+
+  it('renders selectable mode as a button and does not expose row href', () => {
+    const wrapper = mount(SessionListItem, {
+      props: {
+        session,
+        active: false,
+        pinned: false,
+        canDelete: true,
+        selectable: true,
+        selected: false,
+        to: '/session/s1',
+      },
+      global: {
+        stubs: {
+          ProfileAvatar: true,
+        },
+      },
+    })
+
+    expect(wrapper.find('button.session-item').exists()).toBe(true)
+    expect(wrapper.find('a.session-item').exists()).toBe(false)
+  })
+
+  it('does not select the row when clicking nested action controls', async () => {
+    const wrapper = mount(SessionListItem, {
+      props: {
+        session,
+        active: false,
+        pinned: false,
+        canDelete: true,
+        to: '/session/s1',
+      },
+      global: {
+        stubs: {
+          ProfileAvatar: true,
+        },
+      },
+    })
+
+    await wrapper.get('button.session-item-delete').trigger('click')
+    expect(wrapper.emitted('select')).toBeUndefined()
+  })
+
+  it('does not hijack modified clicks on normal links', async () => {
+    const wrapper = mount(SessionListItem, {
+      props: {
+        session,
+        active: false,
+        pinned: false,
+        canDelete: true,
+        to: '/session/s1',
+      },
+      global: {
+        stubs: {
+          ProfileAvatar: true,
+        },
+      },
+    })
+
+    const link = wrapper.get('a.session-item')
+    link.element.addEventListener('click', event => event.preventDefault())
+    await link.trigger('click', { ctrlKey: true })
+    expect(wrapper.emitted('select')).toBeUndefined()
+  })
+})
diff --git a/tests/client/session-search.test.ts b/tests/client/session-search.test.ts
new file mode 100644
index 0000000..7a1fdac
--- /dev/null
+++ b/tests/client/session-search.test.ts
@@ -0,0 +1,211 @@
+// @vitest-environment jsdom
+import { nextTick, defineComponent, h } from 'vue'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+
+const apiMocks = vi.hoisted(() => ({
+  fetchSessionsMock: vi.fn(),
+  searchSessionsMock: vi.fn(),
+  routerPushMock: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/sessions', () => ({
+  fetchSessions: apiMocks.fetchSessionsMock,
+  searchSessions: apiMocks.searchSessionsMock,
+}))
+
+const chatStoreMock = vi.hoisted(() => ({
+  sessions: [] as Array<Record<string, any>>,
+  loadSessions: vi.fn(),
+  switchSession: vi.fn(),
+  newChat: vi.fn(),
+}))
+
+vi.mock('@/stores/hermes/chat', () => ({
+  useChatStore: () => chatStoreMock,
+}))
+
+const routerCurrentRoute = { value: { name: 'hermes.logs' } }
+
+vi.mock('vue-router', () => ({
+  useRouter: () => ({
+    currentRoute: routerCurrentRoute,
+    push: apiMocks.routerPushMock,
+  }),
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('naive-ui', async () => {
+  const actual = await vi.importActual<any>('naive-ui')
+  return {
+    ...actual,
+    useMessage: () => ({
+      error: vi.fn(),
+    }),
+    NModal: {
+      props: ['show'],
+      emits: ['update:show'],
+      template: '<div v-if="show" class="n-modal-stub"><slot /></div>',
+    },
+    NInput: {
+      props: ['value', 'size'],
+      emits: ['update:value', 'keydown'],
+      template: '<input class="n-input-stub" :value="value" @input="$emit(\'update:value\', $event.target.value)" @keydown="$emit(\'keydown\', $event)" />',
+    },
+    NSpin: {
+      template: '<div class="n-spin-stub"><slot /></div>',
+    },
+    NButton: {
+      template: '<button class="n-button-stub"><slot /></button>',
+    },
+  }
+})
+
+import SessionSearchModal from '@/components/hermes/chat/SessionSearchModal.vue'
+import { useSessionSearch } from '@/composables/useSessionSearch'
+import { useKeyboard } from '@/composables/useKeyboard'
+
+function flushPromises() {
+  return Promise.resolve().then(() => Promise.resolve())
+}
+
+describe('session search modal', () => {
+  beforeEach(() => {
+    vi.useFakeTimers()
+    vi.clearAllMocks()
+    chatStoreMock.sessions = []
+    chatStoreMock.loadSessions.mockResolvedValue(undefined)
+    chatStoreMock.switchSession.mockResolvedValue(undefined)
+    apiMocks.fetchSessionsMock.mockResolvedValue([
+      {
+        id: 'recent-1',
+        source: 'cli',
+        model: 'openai/gpt-5.4',
+        title: 'Recent Docker fix',
+        preview: 'recent preview',
+        started_at: 1710000000,
+        ended_at: 1710000001,
+        last_active: 1710000002,
+        message_count: 2,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 2,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openrouter',
+        estimated_cost_usd: 0,
+        actual_cost_usd: 0,
+        cost_status: 'estimated',
+      },
+    ])
+    apiMocks.searchSessionsMock.mockResolvedValue([
+      {
+        id: 'match-1',
+        source: 'telegram',
+        model: 'openai/gpt-5.4',
+        title: 'Debugging session',
+        preview: 'search preview',
+        started_at: 1710001000,
+        ended_at: null,
+        last_active: 1710001005,
+        message_count: 4,
+        tool_call_count: 1,
+        input_tokens: 3,
+        output_tokens: 4,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openrouter',
+        estimated_cost_usd: 0,
+        actual_cost_usd: 0,
+        cost_status: 'estimated',
+        matched_message_id: 17,
+        snippet: 'docker compose up',
+        rank: 0.1,
+      },
+    ])
+    routerCurrentRoute.value = { name: 'hermes.logs' }
+  })
+
+  afterEach(() => {
+    vi.useRealTimers()
+  })
+
+  it('opens from Cmd/Ctrl+K and loads recent sessions', async () => {
+    const { openSessionSearch, sessionSearchOpen } = useSessionSearch()
+    const wrapper = mount(SessionSearchModal, {
+      global: {
+        stubs: {
+          NModal: false,
+          NInput: false,
+          NSpin: false,
+          NButton: false,
+        },
+      },
+    })
+
+    openSessionSearch()
+    await flushPromises()
+    await nextTick()
+
+    expect(sessionSearchOpen.value).toBe(true)
+    expect(apiMocks.fetchSessionsMock).toHaveBeenCalledWith(undefined, 8)
+    expect(wrapper.text()).toContain('Recent Docker fix')
+  })
+
+  it('searches by content and opens the matched session', async () => {
+    const { openSessionSearch } = useSessionSearch()
+    const wrapper = mount(SessionSearchModal)
+
+    openSessionSearch()
+    await flushPromises()
+    await nextTick()
+
+    const input = wrapper.find('input.n-input-stub')
+    await input.setValue('docker')
+    await vi.advanceTimersByTimeAsync(200)
+    await flushPromises()
+    await nextTick()
+
+    expect(apiMocks.searchSessionsMock).toHaveBeenCalledWith('docker', undefined, 10)
+    expect(wrapper.text()).toContain('Debugging session')
+
+    await wrapper.find('button.result-item').trigger('click')
+    await flushPromises()
+
+    expect(chatStoreMock.loadSessions).toHaveBeenCalled()
+    expect(chatStoreMock.switchSession).toHaveBeenCalledWith('match-1', '17')
+    expect(apiMocks.routerPushMock).toHaveBeenCalledWith({ name: 'hermes.chat' })
+  })
+})
+
+describe('keyboard shortcut', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    const { closeSessionSearch } = useSessionSearch()
+    closeSessionSearch()
+    chatStoreMock.newChat.mockReset()
+  })
+
+  it('opens session search on Cmd/Ctrl+K', async () => {
+    const Dummy = defineComponent({
+      setup() {
+        useKeyboard()
+        return () => h('div')
+      },
+    })
+
+    mount(Dummy)
+
+    window.dispatchEvent(new KeyboardEvent('keydown', { key: 'k', metaKey: true }))
+    await nextTick()
+
+    expect(useSessionSearch().sessionSearchOpen.value).toBe(true)
+  })
+})
diff --git a/tests/client/session-settings.test.ts b/tests/client/session-settings.test.ts
new file mode 100644
index 0000000..865af17
--- /dev/null
+++ b/tests/client/session-settings.test.ts
@@ -0,0 +1,90 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+
+const mockSettingsStore = vi.hoisted(() => ({
+  sessionReset: { mode: 'both', idle_minutes: 60, at_hour: 0 },
+  approvals: { mode: 'manual' },
+  saveSection: vi.fn(),
+}))
+
+const mockPrefsStore = vi.hoisted(() => ({
+  humanOnly: true,
+  setHumanOnly: vi.fn((value: boolean) => {
+    mockPrefsStore.humanOnly = value
+  }),
+}))
+
+vi.mock('@/stores/hermes/settings', () => ({
+  useSettingsStore: () => mockSettingsStore,
+}))
+
+vi.mock('@/stores/hermes/session-browser-prefs', () => ({
+  useSessionBrowserPrefsStore: () => mockPrefsStore,
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('naive-ui', async () => {
+  const actual = await vi.importActual<any>('naive-ui')
+  return {
+    ...actual,
+    useMessage: () => ({
+      success: vi.fn(),
+      error: vi.fn(),
+    }),
+  }
+})
+
+import SessionSettings from '@/components/hermes/settings/SessionSettings.vue'
+
+describe('SessionSettings', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mockPrefsStore.humanOnly = true
+  })
+
+  it('surfaces the human-only preference in the Session tab', async () => {
+    let emittedValue: boolean | undefined
+    const wrapper = mount(SessionSettings, {
+      global: {
+        stubs: {
+          SettingRow: {
+            props: ['label', 'hint'],
+            template: '<div class="setting-row"><div class="setting-row-label">{{ label }}</div><slot /></div>',
+          },
+          NSelect: true,
+          NInputNumber: true,
+          NSwitch: {
+            props: ['value'],
+            emits: ['update:value'],
+            template: '<div class="n-switch" @click="$emit(\'update:value\', !value)"></div>',
+            setup(props: any, { emit }: any) {
+              return {
+                onClick: () => {
+                  emittedValue = !props.value
+                  emit('update:value', emittedValue)
+                },
+              }
+            },
+          },
+        },
+      },
+    })
+
+    expect(wrapper.text()).toContain('settings.session.liveMonitorHumanOnly')
+
+    const toggles = wrapper.findAll('.n-switch')
+    expect(toggles.length).toBe(2)
+    const humanOnlyToggle = toggles[1]
+
+    await humanOnlyToggle.trigger('click')
+    await Promise.resolve()
+
+    expect(mockPrefsStore.setHumanOnly).toHaveBeenCalledWith(false)
+  })
+})
diff --git a/tests/client/sidebar-search.test.ts b/tests/client/sidebar-search.test.ts
new file mode 100644
index 0000000..fb471e6
--- /dev/null
+++ b/tests/client/sidebar-search.test.ts
@@ -0,0 +1,185 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+
+const openSessionSearchMock = vi.hoisted(() => vi.fn())
+const mockAppStore = vi.hoisted(() => ({
+  sidebarOpen: true,
+  sidebarCollapsed: false,
+  connected: true,
+  serverVersion: 'test',
+  latestVersion: '',
+  updateAvailable: false,
+  clientOutdated: false,
+  updating: false,
+  toggleSidebar: vi.fn(),
+  toggleSidebarCollapsed: vi.fn(),
+  closeSidebar: vi.fn(),
+  doUpdate: vi.fn(),
+  reloadClient: vi.fn(),
+}))
+
+vi.mock('@/composables/useSessionSearch', () => ({
+  useSessionSearch: () => ({
+    openSessionSearch: openSessionSearchMock,
+  }),
+}))
+
+vi.mock('@/stores/hermes/app', () => ({
+  useAppStore: () => mockAppStore,
+}))
+
+vi.mock('vue-router', async (importOriginal) => {
+  const actual = await importOriginal<any>()
+  return {
+    ...actual,
+    useRoute: () => ({ name: 'hermes.chat' }),
+    useRouter: () => ({ push: vi.fn(), hasRoute: () => true }),
+  }
+})
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+  createI18n: () => ({
+    global: { locale: { value: 'en' }, setLocaleMessage: vi.fn() },
+  }),
+}))
+
+vi.mock('@/composables/useTheme', () => ({
+  useTheme: () => ({ isDark: false }),
+}))
+
+vi.mock('/logo.png', () => ({
+  default: 'logo.png',
+}))
+
+vi.mock('@/components/layout/ProfileSelector.vue', () => ({
+  default: { name: 'ProfileSelector', template: '<div />' },
+}))
+
+vi.mock('@/components/layout/ModelSelector.vue', () => ({
+  default: { name: 'ModelSelector', template: '<div />' },
+}))
+
+vi.mock('@/components/layout/LanguageSwitch.vue', () => ({
+  default: { name: 'LanguageSwitch', template: '<div />' },
+}))
+
+vi.mock('@/components/layout/ThemeSwitch.vue', () => ({
+  default: { name: 'ThemeSwitch', template: '<div />' },
+}))
+
+vi.mock('@/components/common/RouteLinkItem.vue', () => ({
+  default: {
+    name: 'RouteLinkItem',
+    props: ['to', 'active'],
+    template: '<a class="route-link-item" :class="{ active }" href="#"><slot /></a>',
+  },
+}))
+
+vi.mock('naive-ui', async () => {
+  const actual = await vi.importActual<any>('naive-ui')
+  return {
+    ...actual,
+    useMessage: () => ({
+      success: vi.fn(),
+      error: vi.fn(),
+    }),
+    NButton: {
+      template: '<button v-bind="$attrs"><slot /></button>',
+    },
+    NSelect: {
+      template: '<div />',
+    },
+  }
+})
+
+import AppSidebar from '@/components/layout/AppSidebar.vue'
+
+describe('AppSidebar search entry', () => {
+  beforeEach(() => {
+    openSessionSearchMock.mockClear()
+    mockAppStore.serverVersion = 'test'
+    mockAppStore.latestVersion = ''
+    mockAppStore.updateAvailable = false
+    mockAppStore.clientOutdated = false
+    mockAppStore.updating = false
+    mockAppStore.sidebarCollapsed = false
+    mockAppStore.reloadClient.mockClear()
+  })
+
+  it('opens the session search modal from the sidebar button', async () => {
+    const wrapper = mount(AppSidebar, {
+      global: {
+        stubs: {
+          ProfileSelector: true,
+          ModelSelector: true,
+          LanguageSwitch: true,
+          ThemeSwitch: true,
+          NButton: true,
+        },
+      },
+    })
+
+    const buttons = wrapper.findAll('button')
+    const searchButton = buttons.find(node => node.text().includes('sidebar.search'))
+    expect(searchButton).toBeTruthy()
+
+    await searchButton!.trigger('click')
+    expect(openSessionSearchMock).toHaveBeenCalledTimes(1)
+  })
+
+  it('offers a client reload when the server version differs from the loaded bundle', async () => {
+    mockAppStore.clientOutdated = true
+    mockAppStore.serverVersion = '0.5.17'
+    const wrapper = mount(AppSidebar, {
+      global: {
+        stubs: {
+          ProfileSelector: true,
+          ModelSelector: true,
+          LanguageSwitch: true,
+          ThemeSwitch: true,
+        },
+      },
+    })
+
+    const reloadButton = wrapper.findAll('button')
+      .find(node => node.text().includes('sidebar.reloadClientVersion'))
+    expect(reloadButton).toBeTruthy()
+
+    await reloadButton!.trigger('click')
+    expect(mockAppStore.reloadClient).toHaveBeenCalledTimes(1)
+  })
+
+  it('uses short group labels and keeps group folding active when collapsed', async () => {
+    mockAppStore.sidebarCollapsed = true
+    const wrapper = mount(AppSidebar, {
+      global: {
+        stubs: {
+          ProfileSelector: true,
+          ModelSelector: true,
+          LanguageSwitch: true,
+          ThemeSwitch: true,
+          NButton: true,
+        },
+      },
+    })
+
+    expect(wrapper.classes()).toContain('collapsed')
+    expect(wrapper.findAll('.nav-group-label span').map(node => node.text())).toEqual([
+      'sidebar.groupConversationShort',
+      'sidebar.groupAgentShort',
+      'sidebar.groupMonitoringShort',
+      'sidebar.groupToolsShort',
+      'sidebar.groupSystemShort',
+    ])
+
+    const agentGroup = wrapper.findAll('.nav-group')[1]
+    expect(agentGroup.find('.nav-group-items').attributes('style')).toBeUndefined()
+
+    await agentGroup.find('.nav-group-label').trigger('click')
+    expect(agentGroup.find('.nav-group-items').attributes('style')).toContain('display: none')
+  })
+})
diff --git a/tests/client/skill-list.test.ts b/tests/client/skill-list.test.ts
new file mode 100644
index 0000000..72dfc30
--- /dev/null
+++ b/tests/client/skill-list.test.ts
@@ -0,0 +1,51 @@
+// @vitest-environment jsdom
+import { describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { defineComponent } from 'vue'
+import SkillList from '@/components/hermes/skills/SkillList.vue'
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({ t: (key: string) => key }),
+}))
+
+vi.mock('@/api/hermes/skills', () => ({
+  toggleSkill: vi.fn(),
+}))
+
+vi.mock('naive-ui', () => ({
+  NSwitch: defineComponent({
+    name: 'NSwitch',
+    props: ['value', 'loading'],
+    emits: ['update:value', 'click'],
+    template: '<button type="button" @click="$emit(\'click\')"></button>',
+  }),
+  useMessage: () => ({ error: vi.fn() }),
+}))
+
+describe('SkillList', () => {
+  it('supports filtering skills from external sources', () => {
+    const wrapper = mount(SkillList, {
+      props: {
+        categories: [
+          {
+            name: 'tools',
+            description: '',
+            skills: [
+              { name: 'local-skill', description: 'Local skill', enabled: true, source: 'local' },
+              { name: 'external-skill', description: 'External skill', enabled: true, source: 'external' },
+            ],
+          },
+        ],
+        archived: [],
+        selectedSkill: null,
+        searchQuery: '',
+        sourceFilter: 'external',
+      },
+    })
+
+    expect(wrapper.text()).toContain('external-skill')
+    expect(wrapper.text()).not.toContain('local-skill')
+    expect(wrapper.get('.source-dot').classes()).toContain('dot-external')
+    expect(wrapper.get('.source-dot').attributes('title')).toBe('skills.source.external')
+  })
+})
diff --git a/tests/client/skills-usage-view.test.ts b/tests/client/skills-usage-view.test.ts
new file mode 100644
index 0000000..bdbbeaf
--- /dev/null
+++ b/tests/client/skills-usage-view.test.ts
@@ -0,0 +1,231 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount, flushPromises } from '@vue/test-utils'
+
+const fetchSkillUsageStatsMock = vi.hoisted(() => vi.fn())
+const mockProfilesStore = vi.hoisted(() => ({
+  activeProfileName: 'default',
+  profiles: [{ name: 'default' }],
+  fetchProfiles: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/skills', () => ({
+  fetchSkillUsageStats: fetchSkillUsageStatsMock,
+}))
+
+vi.mock('@/stores/hermes/profiles', () => ({
+  useProfilesStore: () => mockProfilesStore,
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string, params?: Record<string, unknown>) => {
+      if (key === 'skillsUsage.periodLabel') return `${params?.days}d`
+      if (key === 'skillsUsage.periodSummary') return `Last ${params?.days} days`
+      return key
+    },
+  }),
+}))
+
+vi.mock('naive-ui', async () => {
+  const actual = await vi.importActual<any>('naive-ui')
+  return {
+    ...actual,
+    NButton: {
+      props: ['loading', 'type', 'size', 'quaternary', 'secondary'],
+      inheritAttrs: false,
+      template: '<button :data-type="type" :aria-pressed="$attrs[\'aria-pressed\']" @click="$emit(\'click\')"><slot /></button>',
+    },
+  }
+})
+
+import SkillsUsageView from '@/views/hermes/SkillsUsageView.vue'
+
+const sevenDayStats = {
+  period_days: 7,
+  summary: {
+    total_skill_loads: 3,
+    total_skill_edits: 1,
+    total_skill_actions: 4,
+    distinct_skills_used: 2,
+  },
+  by_day: [
+    {
+      date: '2026-05-10',
+      view_count: 1,
+      manage_count: 0,
+      total_count: 1,
+      skills: [
+        { skill: 'github-pr-workflow', view_count: 1, manage_count: 0, total_count: 1 },
+      ],
+    },
+    {
+      date: '2026-05-11',
+      view_count: 2,
+      manage_count: 1,
+      total_count: 3,
+      skills: [
+        { skill: 'hermes-agent', view_count: 2, manage_count: 1, total_count: 3 },
+      ],
+    },
+  ],
+  top_skills: [
+    { skill: 'hermes-agent', view_count: 2, manage_count: 1, total_count: 3, percentage: 75, last_used_at: 1_700_000_000 },
+    { skill: 'github-pr-workflow', view_count: 1, manage_count: 0, total_count: 1, percentage: 25, last_used_at: null },
+  ],
+}
+
+describe('SkillsUsageView', () => {
+  beforeEach(() => {
+    fetchSkillUsageStatsMock.mockReset()
+    fetchSkillUsageStatsMock.mockResolvedValue(sevenDayStats)
+    mockProfilesStore.activeProfileName = 'default'
+    mockProfilesStore.profiles = [{ name: 'default' }]
+    mockProfilesStore.fetchProfiles.mockReset()
+  })
+
+  it('loads rolling 7 day skill usage and renders statistics beside a skill-colored visual trend', async () => {
+    const wrapper = mount(SkillsUsageView)
+    await flushPromises()
+
+    expect(fetchSkillUsageStatsMock).toHaveBeenCalledWith(7)
+    expect(wrapper.text()).toContain('skillsUsage.title')
+    expect(wrapper.find('[data-testid="skills-usage-chart"]').exists()).toBe(true)
+    expect(wrapper.findAll('.skill-bar-col')).toHaveLength(2)
+    expect(wrapper.findAll('.skill-bar-segment[data-skill="hermes-agent"]')).toHaveLength(1)
+    expect(wrapper.findAll('.skill-bar-segment[data-skill="github-pr-workflow"]')).toHaveLength(1)
+    expect(wrapper.find('[data-testid="skills-usage-legend"]').exists()).toBe(false)
+    expect(wrapper.find('[data-testid="skills-usage-stats"]').text()).toContain('4')
+    expect(wrapper.text()).toContain('hermes-agent')
+    expect(wrapper.text()).toContain('github-pr-workflow')
+    expect(wrapper.text()).toContain('75.0%')
+  })
+
+  it('reloads the selected period when the period button changes', async () => {
+    const wrapper = mount(SkillsUsageView)
+    await flushPromises()
+    fetchSkillUsageStatsMock.mockClear()
+
+    const thirtyDayButton = wrapper.findAll('button').find(button => button.text() === '30d')
+    expect(thirtyDayButton).toBeTruthy()
+
+    await thirtyDayButton!.trigger('click')
+    await flushPromises()
+
+    expect(fetchSkillUsageStatsMock).toHaveBeenCalledWith(30)
+    expect(thirtyDayButton!.attributes('aria-pressed')).toBe('true')
+  })
+
+  it('flips the chart tooltip away from the hovered side of the bars', async () => {
+    const wrapper = mount(SkillsUsageView)
+    await flushPromises()
+
+    const bars = wrapper.findAll('.skill-bar-col')
+    expect(bars).toHaveLength(2)
+
+    await bars[1].trigger('mouseenter')
+    expect(wrapper.find('.floating-tooltip.align-left').exists()).toBe(true)
+    expect(wrapper.find('.floating-tooltip').text()).toContain('2026-05-11')
+
+    await bars[0].trigger('mouseenter')
+    expect(wrapper.find('.floating-tooltip.align-right').exists()).toBe(true)
+    expect(wrapper.find('.floating-tooltip').text()).toContain('2026-05-10')
+  })
+
+  it('keeps stale data visible while refreshing an already loaded period', async () => {
+    const wrapper = mount(SkillsUsageView)
+    await flushPromises()
+
+    let resolveRefresh!: (value: unknown) => void
+    fetchSkillUsageStatsMock.mockReturnValueOnce(new Promise(resolve => {
+      resolveRefresh = resolve
+    }))
+
+    const refreshButton = wrapper.findAll('button').find(button => button.text() === 'skillsUsage.refresh')
+    expect(refreshButton).toBeTruthy()
+
+    await refreshButton!.trigger('click')
+
+    expect(fetchSkillUsageStatsMock).toHaveBeenCalledTimes(2)
+    expect(wrapper.find('[data-testid="skills-usage-chart"]').exists()).toBe(true)
+    expect(wrapper.find('.usage-panel.is-refreshing').exists()).toBe(true)
+
+    resolveRefresh({
+      period_days: 7,
+      summary: { total_skill_loads: 1, total_skill_edits: 0, total_skill_actions: 1, distinct_skills_used: 1 },
+      by_day: [
+        {
+          date: '2026-05-12',
+          view_count: 1,
+          manage_count: 0,
+          total_count: 1,
+          skills: [{ skill: 'test-driven-development', view_count: 1, manage_count: 0, total_count: 1 }],
+        },
+      ],
+      top_skills: [
+        { skill: 'test-driven-development', view_count: 1, manage_count: 0, total_count: 1, percentage: 100, last_used_at: null },
+      ],
+    })
+    await flushPromises()
+
+    expect(wrapper.text()).toContain('test-driven-development')
+  })
+
+  it('does not let an older refresh overwrite newer stats for the same period', async () => {
+    const wrapper = mount(SkillsUsageView)
+    await flushPromises()
+
+    let resolveOlder!: (value: unknown) => void
+    let resolveNewer!: (value: unknown) => void
+    fetchSkillUsageStatsMock
+      .mockReturnValueOnce(new Promise(resolve => { resolveOlder = resolve }))
+      .mockReturnValueOnce(new Promise(resolve => { resolveNewer = resolve }))
+
+    const refreshButton = wrapper.findAll('button').find(button => button.text() === 'skillsUsage.refresh')
+    expect(refreshButton).toBeTruthy()
+
+    await refreshButton!.trigger('click')
+    await refreshButton!.trigger('click')
+
+    resolveNewer({
+      period_days: 7,
+      summary: { total_skill_loads: 2, total_skill_edits: 0, total_skill_actions: 2, distinct_skills_used: 1 },
+      by_day: [
+        {
+          date: '2026-05-13',
+          view_count: 2,
+          manage_count: 0,
+          total_count: 2,
+          skills: [{ skill: 'newer-skill', view_count: 2, manage_count: 0, total_count: 2 }],
+        },
+      ],
+      top_skills: [
+        { skill: 'newer-skill', view_count: 2, manage_count: 0, total_count: 2, percentage: 100, last_used_at: null },
+      ],
+    })
+    await flushPromises()
+
+    expect(wrapper.text()).toContain('newer-skill')
+
+    resolveOlder({
+      period_days: 7,
+      summary: { total_skill_loads: 1, total_skill_edits: 0, total_skill_actions: 1, distinct_skills_used: 1 },
+      by_day: [
+        {
+          date: '2026-05-12',
+          view_count: 1,
+          manage_count: 0,
+          total_count: 1,
+          skills: [{ skill: 'older-skill', view_count: 1, manage_count: 0, total_count: 1 }],
+        },
+      ],
+      top_skills: [
+        { skill: 'older-skill', view_count: 1, manage_count: 0, total_count: 1, percentage: 100, last_used_at: null },
+      ],
+    })
+    await flushPromises()
+
+    expect(wrapper.text()).toContain('newer-skill')
+    expect(wrapper.text()).not.toContain('older-skill')
+  })
+})
diff --git a/tests/client/thinking-parser.test.ts b/tests/client/thinking-parser.test.ts
new file mode 100644
index 0000000..e25ab16
--- /dev/null
+++ b/tests/client/thinking-parser.test.ts
@@ -0,0 +1,185 @@
+import { describe, it, expect } from 'vitest'
+import { parseThinking, countThinkingChars, detectThinkingBoundary } from '@/utils/thinking-parser'
+
+describe('parseThinking', () => {
+  it('splits a single closed <think> block from body', () => {
+    const r = parseThinking('<think>inner</think>body', { streaming: false })
+    expect(r.segments).toEqual(['inner'])
+    expect(r.body).toBe('body')
+    expect(r.pending).toBeNull()
+    expect(r.hasThinking).toBe(true)
+  })
+
+  it('collects multiple closed blocks in order', () => {
+    const r = parseThinking('<think>a</think>mid<thinking>b</thinking>end', { streaming: false })
+    expect(r.segments).toEqual(['a', 'b'])
+    expect(r.body).toBe('midend')
+  })
+
+  it('supports <thinking> and <reasoning> variants', () => {
+    const r = parseThinking('<reasoning>r</reasoning>body', { streaming: false })
+    expect(r.segments).toEqual(['r'])
+    expect(r.body).toBe('body')
+  })
+
+  it('is case-insensitive on tag names', () => {
+    const r = parseThinking('<Think>x</Think><REASONING>y</REASONING>z', { streaming: false })
+    expect(r.segments).toEqual(['x', 'y'])
+    expect(r.body).toBe('z')
+  })
+
+  it('returns hasThinking=false and body unchanged for plain text', () => {
+    const r = parseThinking('hello world', { streaming: false })
+    expect(r.hasThinking).toBe(false)
+    expect(r.body).toBe('hello world')
+    expect(r.segments).toEqual([])
+  })
+
+  it('returns hasThinking=false for empty content', () => {
+    const r = parseThinking('', { streaming: false })
+    expect(r.hasThinking).toBe(false)
+    expect(r.body).toBe('')
+  })
+
+  it('treats trailing unclosed tag as pending when streaming', () => {
+    const r = parseThinking('body<think>in-progress', { streaming: true })
+    expect(r.pending).toBe('in-progress')
+    expect(r.body).toBe('body')
+    expect(r.segments).toEqual([])
+    expect(r.hasThinking).toBe(true)
+  })
+
+  it('degrades trailing unclosed tag to body when NOT streaming (terminal state)', () => {
+    const r = parseThinking('body<think>orphan', { streaming: false })
+    expect(r.pending).toBeNull()
+    expect(r.body).toBe('body<think>orphan')
+    expect(r.segments).toEqual([])
+    expect(r.hasThinking).toBe(false)
+  })
+
+  it('combines closed segments with trailing pending (streaming)', () => {
+    const r = parseThinking('<think>done</think>mid<thinking>now', { streaming: true })
+    expect(r.segments).toEqual(['done'])
+    expect(r.pending).toBe('now')
+    expect(r.body).toBe('mid')
+  })
+
+  it('does NOT recognize <think> inside fenced code block', () => {
+    const src = 'before\n```\n<think>fake</think>\n```\nafter'
+    const r = parseThinking(src, { streaming: false })
+    expect(r.hasThinking).toBe(false)
+    expect(r.body).toBe(src)
+  })
+
+  it('does NOT recognize <think> inside tilde-fenced code block', () => {
+    const src = '~~~\n<think>fake</think>\n~~~'
+    const r = parseThinking(src, { streaming: false })
+    expect(r.hasThinking).toBe(false)
+    expect(r.body).toBe(src)
+  })
+
+  it('does NOT recognize <think> inside inline code', () => {
+    const src = 'the tag `<think>x</think>` is a literal'
+    const r = parseThinking(src, { streaming: false })
+    expect(r.hasThinking).toBe(false)
+    expect(r.body).toBe(src)
+  })
+
+  it('parses real <think> outside code blocks even when code blocks contain fake ones', () => {
+    const src = '<think>real</think>text\n```\n<think>fake</think>\n```'
+    const r = parseThinking(src, { streaming: false })
+    expect(r.segments).toEqual(['real'])
+    expect(r.body).toBe('text\n```\n<think>fake</think>\n```')
+  })
+
+  it('does not leak code-protection placeholders for inline mentions of markdown fences', () => {
+    const src = [
+      'Previous fix kept the outer ` ```md ` block as code.',
+      '',
+      '````md',
+      '下面是可直接手动编辑的 PR draft。',
+      '```md',
+      '标题',
+      '```',
+      '````',
+    ].join('\n')
+    const r = parseThinking(src, { streaming: false })
+    expect(r.hasThinking).toBe(false)
+    expect(r.body).toBe(src)
+    expect(r.body).not.toContain('THKCODE')
+    expect(r.body).not.toContain('\u0000')
+  })
+
+  it('same-name nesting: inner tag absorbed into first segment (documented limitation)', () => {
+    const r = parseThinking('<think>a<think>b</think>c</think>', { streaming: false })
+    expect(r.segments).toEqual(['a<think>b'])
+    expect(r.body).toBe('c</think>')
+  })
+
+  it('handles chunk boundary: partial opening tag not yet identified', () => {
+    const mid = parseThinking('<thin', { streaming: true })
+    expect(mid.hasThinking).toBe(false)
+    expect(mid.body).toBe('<thin')
+
+    const after = parseThinking('<think>hi</think>done', { streaming: true })
+    expect(after.segments).toEqual(['hi'])
+    expect(after.body).toBe('done')
+  })
+})
+
+describe('countThinkingChars', () => {
+  it('counts all segments + pending as Unicode chars', () => {
+    const n = countThinkingChars({
+      segments: ['abc', '你好'],
+      pending: '🎉!',
+      body: '',
+      hasThinking: true,
+    })
+    expect(n).toBe(7)
+  })
+
+  it('returns 0 when no thinking', () => {
+    expect(countThinkingChars({ segments: [], pending: null, body: 'x', hasThinking: false })).toBe(0)
+  })
+})
+
+describe('detectThinkingBoundary', () => {
+  it('detects first appearance of opening tag', () => {
+    const r = detectThinkingBoundary('', '<think>x')
+    expect(r.startedAtBoundary).toBe(true)
+    expect(r.endedAtBoundary).toBe(false)
+  })
+
+  it('detects first appearance of closing tag', () => {
+    const r = detectThinkingBoundary('<think>hi', '<think>hi</think>')
+    expect(r.startedAtBoundary).toBe(false)
+    expect(r.endedAtBoundary).toBe(true)
+  })
+
+  it('detects both when both emerge in one delta', () => {
+    const r = detectThinkingBoundary('', '<think>x</think>')
+    expect(r.startedAtBoundary).toBe(true)
+    expect(r.endedAtBoundary).toBe(true)
+  })
+
+  it('reports no boundary when neither crossed', () => {
+    const r = detectThinkingBoundary('abc', 'abcdef')
+    expect(r.startedAtBoundary).toBe(false)
+    expect(r.endedAtBoundary).toBe(false)
+  })
+
+  it('ignores fake tags inside code blocks', () => {
+    const r = detectThinkingBoundary('', '```\n<think>fake</think>\n```')
+    expect(r.startedAtBoundary).toBe(false)
+    expect(r.endedAtBoundary).toBe(false)
+  })
+
+  it('is idempotent for repeated open/close after initial', () => {
+    const r = detectThinkingBoundary(
+      '<think>a</think><think>b',
+      '<think>a</think><think>b</think>',
+    )
+    expect(r.startedAtBoundary).toBe(false)
+    expect(r.endedAtBoundary).toBe(false)
+  })
+})
diff --git a/tests/client/tool-trace-visibility.test.ts b/tests/client/tool-trace-visibility.test.ts
new file mode 100644
index 0000000..c076d16
--- /dev/null
+++ b/tests/client/tool-trace-visibility.test.ts
@@ -0,0 +1,132 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+import { createPinia, setActivePinia } from 'pinia'
+import { defineComponent } from 'vue'
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('@/composables/useTheme', () => ({
+  useTheme: () => ({ isDark: false }),
+}))
+
+import MessageList from '@/components/hermes/chat/MessageList.vue'
+import HistoryMessageList from '@/components/hermes/chat/HistoryMessageList.vue'
+import { useChatStore, type Message, type Session } from '@/stores/hermes/chat'
+import { useToolTraceVisibility } from '@/composables/useToolTraceVisibility'
+
+const MessageItemStub = defineComponent({
+  name: 'MessageItem',
+  props: {
+    message: { type: Object, required: true },
+    highlight: { type: Boolean, default: false },
+  },
+  template: '<div class="stub-message" :data-role="message.role" :data-id="message.id">{{ message.toolName || message.content }}</div>',
+})
+
+function makeSession(messages: Message[]): Session {
+  return {
+    id: 'session-1',
+    title: 'Tool trace visibility',
+    messages,
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+  }
+}
+
+const sampleMessages: Message[] = [
+  { id: 'user-1', role: 'user', content: 'inspect repo', timestamp: 1 },
+  { id: 'tool-named', role: 'tool', content: '', timestamp: 2, toolName: 'read_file', toolResult: 'ok', toolStatus: 'done' },
+  { id: 'tool-internal', role: 'tool', content: '', timestamp: 3, toolResult: 'internal', toolStatus: 'done' },
+  { id: 'assistant-1', role: 'assistant', content: 'done', timestamp: 4 },
+]
+
+describe('tool trace visibility', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+    localStorage.removeItem('hermes_show_tool_calls')
+    useToolTraceVisibility().setToolTraceVisible(true)
+  })
+
+  function mountLiveList() {
+    const chatStore = useChatStore()
+    chatStore.activeSessionId = 'session-1'
+    chatStore.activeSession = makeSession(sampleMessages)
+    chatStore.abortState = { aborting: true, synced: false }
+
+    return mount(MessageList, {
+      global: {
+        stubs: {
+          MessageItem: MessageItemStub,
+          Transition: false,
+        },
+      },
+    })
+  }
+
+  it('shows named transcript and live tool traces by default while keeping unnamed internal tools hidden', () => {
+    const wrapper = mountLiveList()
+
+    expect(wrapper.findAll('.stub-message').map(node => node.attributes('data-id'))).toEqual([
+      'user-1',
+      'tool-named',
+      'assistant-1',
+    ])
+    expect(wrapper.findAll('.tool-call-name').map(node => node.text())).toContain('read_file')
+  })
+
+  it('applies the same default-visible rule to history sessions', () => {
+    const wrapper = mount(HistoryMessageList, {
+      props: { session: makeSession(sampleMessages) },
+      global: {
+        stubs: { MessageItem: MessageItemStub },
+      },
+    })
+
+    expect(wrapper.findAll('.stub-message').map(node => node.attributes('data-id'))).toEqual([
+      'user-1',
+      'tool-named',
+      'assistant-1',
+    ])
+  })
+
+  it('does not fall back to the live chat session while history session data is loading', () => {
+    const chatStore = useChatStore()
+    chatStore.activeSessionId = 'session-1'
+    chatStore.activeSession = makeSession(sampleMessages)
+
+    const wrapper = mount(HistoryMessageList, {
+      global: {
+        stubs: { MessageItem: MessageItemStub },
+      },
+    })
+
+    expect(wrapper.findAll('.stub-message')).toHaveLength(0)
+  })
+
+  it('hides named transcript traces when the toggle is off while keeping live tool stream visible', () => {
+    useToolTraceVisibility().setToolTraceVisible(false)
+
+    const liveWrapper = mountLiveList()
+    expect(liveWrapper.findAll('.stub-message').map(node => node.attributes('data-id'))).toEqual([
+      'user-1',
+      'assistant-1',
+    ])
+    expect(liveWrapper.findAll('.tool-call-name').map(node => node.text())).toContain('read_file')
+
+    const historyWrapper = mount(HistoryMessageList, {
+      props: { session: makeSession(sampleMessages) },
+      global: {
+        stubs: { MessageItem: MessageItemStub },
+      },
+    })
+    expect(historyWrapper.findAll('.stub-message').map(node => node.attributes('data-id'))).toEqual([
+      'user-1',
+      'assistant-1',
+    ])
+  })
+})
diff --git a/tests/client/usage-components-cache-visuals.test.ts b/tests/client/usage-components-cache-visuals.test.ts
new file mode 100644
index 0000000..ea58b4c
--- /dev/null
+++ b/tests/client/usage-components-cache-visuals.test.ts
@@ -0,0 +1,73 @@
+// @vitest-environment jsdom
+import { describe, expect, it, vi } from 'vitest'
+import { mount } from '@vue/test-utils'
+
+const mockUsageStore = vi.hoisted(() => ({
+  dailyUsage: [
+    {
+      date: '2026-05-12',
+      input_tokens: 100,
+      output_tokens: 50,
+      cache_read_tokens: 75,
+      cache_write_tokens: 10,
+      sessions: 2,
+      errors: 0,
+      cost: 0.02,
+      visualTokens: 225,
+      inputPercent: 44.444,
+      outputPercent: 22.222,
+      cachePercent: 33.333,
+    },
+  ],
+  modelUsage: [
+    {
+      model: 'gpt-5',
+      inputTokens: 100,
+      outputTokens: 50,
+      cacheTokens: 75,
+      cacheWriteTokens: 10,
+      totalTokens: 150,
+      visualTokens: 225,
+      sessions: 2,
+      color: '#4fd1c5',
+      inputPercent: 44.444,
+      outputPercent: 22.222,
+      cachePercent: 33.333,
+    },
+  ],
+}))
+
+vi.mock('@/stores/hermes/usage', () => ({
+  useUsageStore: () => mockUsageStore,
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+import DailyTrend from '@/components/hermes/usage/DailyTrend.vue'
+import ModelBreakdown from '@/components/hermes/usage/ModelBreakdown.vue'
+
+describe('usage cache visualizations', () => {
+  it('renders cache-read as a visible segment in the daily usage bars', () => {
+    const wrapper = mount(DailyTrend)
+
+    const cacheSegment = wrapper.find('.bar-segment.cache')
+    expect(cacheSegment.exists()).toBe(true)
+    expect(cacheSegment.attributes('style')).toContain('height: 33.333%')
+    expect(wrapper.text()).toContain('usage.cacheRead')
+  })
+
+  it('renders model breakdown as input/output/cache stacked segments', () => {
+    const wrapper = mount(ModelBreakdown)
+
+    expect(wrapper.find('.model-swatch').attributes('style')).toContain('background: rgb(79, 209, 197)')
+    expect(wrapper.find('.model-bar-segment.input').exists()).toBe(true)
+    expect(wrapper.find('.model-bar-segment.output').exists()).toBe(true)
+    const cacheSegment = wrapper.find('.model-bar-segment.cache')
+    expect(cacheSegment.exists()).toBe(true)
+    expect(cacheSegment.attributes('style')).toContain('width: 33.333%')
+  })
+})
diff --git a/tests/client/usage-store.test.ts b/tests/client/usage-store.test.ts
new file mode 100644
index 0000000..c82e830
--- /dev/null
+++ b/tests/client/usage-store.test.ts
@@ -0,0 +1,169 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { createPinia, setActivePinia } from 'pinia'
+
+const usageApiMock = vi.hoisted(() => ({
+  fetchUsageStats: vi.fn(),
+}))
+
+vi.mock('@/api/hermes/sessions', () => ({
+  fetchUsageStats: usageApiMock.fetchUsageStats,
+}))
+
+function emptyStats(totalSessions = 0, periodDays = 30) {
+  return {
+    total_input_tokens: totalSessions,
+    total_output_tokens: 0,
+    total_cache_read_tokens: 0,
+    total_cache_write_tokens: 0,
+    total_reasoning_tokens: 0,
+    total_cost: 0,
+    total_sessions: totalSessions,
+    period_days: periodDays,
+    model_usage: [],
+    daily_usage: [],
+  }
+}
+
+describe('usage store analytics adapter', () => {
+  beforeEach(() => {
+    setActivePinia(createPinia())
+    usageApiMock.fetchUsageStats.mockReset()
+  })
+
+  it('loads 30-day usage stats and derives chart metrics from the native-style payload', async () => {
+    usageApiMock.fetchUsageStats.mockResolvedValue({
+      total_input_tokens: 100,
+      total_output_tokens: 50,
+      total_cache_read_tokens: 25,
+      total_cache_write_tokens: 5,
+      total_reasoning_tokens: 10,
+      total_cost: 0.0123,
+      total_sessions: 2,
+      period_days: 30,
+      model_usage: [
+        { model: 'gpt-5', input_tokens: 80, output_tokens: 40, cache_read_tokens: 20, cache_write_tokens: 3, reasoning_tokens: 7, sessions: 1 },
+        { model: '', input_tokens: 20, output_tokens: 10, cache_read_tokens: 5, cache_write_tokens: 2, reasoning_tokens: 3, sessions: 1 },
+      ],
+      daily_usage: [
+        { date: '2026-04-29', input_tokens: 80, output_tokens: 20, cache_read_tokens: 40, cache_write_tokens: 4, sessions: 1, errors: 0, cost: 0.01 },
+        { date: '2026-04-30', input_tokens: 30, output_tokens: 20, cache_read_tokens: 5, cache_write_tokens: 1, sessions: 1, errors: 0, cost: 0.0023 },
+      ],
+    })
+
+    const { useUsageStore } = await import('@/stores/hermes/usage')
+    const store = useUsageStore()
+    await store.loadSessions()
+
+    expect(usageApiMock.fetchUsageStats).toHaveBeenCalledWith(30)
+    expect(store.totalTokens).toBe(150)
+    expect(store.cacheHitRate).toBeCloseTo(25 / 125 * 100)
+    expect(store.hasData).toBe(true)
+    expect(store.modelUsage).toHaveLength(2)
+    expect(store.modelUsage[0]).toMatchObject({
+      model: 'gpt-5',
+      totalTokens: 120,
+      inputTokens: 80,
+      outputTokens: 40,
+      cacheTokens: 20,
+      cacheWriteTokens: 3,
+      visualTokens: 140,
+      sessions: 1,
+    })
+    expect(store.modelUsage[0].color).toMatch(/^#[0-9a-f]{6}$/i)
+    expect(store.modelUsage[0].inputPercent).toBeCloseTo(80 / 140 * 100)
+    expect(store.modelUsage[0].outputPercent).toBeCloseTo(40 / 140 * 100)
+    expect(store.modelUsage[0].cachePercent).toBeCloseTo(20 / 140 * 100)
+    expect(store.modelUsage[1]).toMatchObject({
+      model: 'unknown',
+      totalTokens: 30,
+      inputTokens: 20,
+      outputTokens: 10,
+      cacheTokens: 5,
+      cacheWriteTokens: 2,
+      visualTokens: 35,
+      sessions: 1,
+    })
+    expect(store.modelUsage[1].color).toBe(store.getModelColor('unknown'))
+    expect(store.modelLegend.map(m => m.model)).toEqual(['gpt-5', 'unknown'])
+    expect(store.dailyUsage).toHaveLength(2)
+    expect(store.dailyUsage[0]).toMatchObject({
+      date: '2026-04-29',
+      input_tokens: 80,
+      output_tokens: 20,
+      cache_read_tokens: 40,
+      cache_write_tokens: 4,
+      visualTokens: 140,
+      sessions: 1,
+      cost: 0.01,
+    })
+    expect(store.dailyUsage[0].inputPercent).toBeCloseTo(80 / 140 * 100)
+    expect(store.dailyUsage[0].outputPercent).toBeCloseTo(20 / 140 * 100)
+    expect(store.dailyUsage[0].cachePercent).toBeCloseTo(40 / 140 * 100)
+  })
+
+  it('allows callers to request a different period', async () => {
+    usageApiMock.fetchUsageStats.mockResolvedValue(emptyStats())
+
+    const { useUsageStore } = await import('@/stores/hermes/usage')
+    const store = useUsageStore()
+    await store.loadSessions(7)
+
+    expect(usageApiMock.fetchUsageStats).toHaveBeenCalledWith(7)
+    expect(store.hasData).toBe(false)
+  })
+
+  it('keeps loading true when an older overlapping request resolves first', async () => {
+    let resolve30: (value: ReturnType<typeof emptyStats>) => void = () => {}
+    let resolve7: (value: ReturnType<typeof emptyStats>) => void = () => {}
+    usageApiMock.fetchUsageStats.mockImplementation((days: number) => new Promise(resolve => {
+      if (days === 30) resolve30 = resolve
+      if (days === 7) resolve7 = resolve
+    }))
+
+    const { useUsageStore } = await import('@/stores/hermes/usage')
+    const store = useUsageStore()
+    const firstLoad = store.loadSessions(30)
+    const secondLoad = store.loadSessions(7)
+
+    expect(store.isLoading).toBe(true)
+    resolve30(emptyStats(30, 30))
+    await firstLoad
+
+    expect(store.isLoading).toBe(true)
+    expect(store.stats).toBeNull()
+
+    resolve7(emptyStats(7, 7))
+    await secondLoad
+
+    expect(store.isLoading).toBe(false)
+    expect(store.stats?.period_days).toBe(7)
+    expect(store.totalSessions).toBe(7)
+  })
+
+  it('ignores stale overlapping responses that resolve after the selected period', async () => {
+    let resolve30: (value: ReturnType<typeof emptyStats>) => void = () => {}
+    let resolve7: (value: ReturnType<typeof emptyStats>) => void = () => {}
+    usageApiMock.fetchUsageStats.mockImplementation((days: number) => new Promise(resolve => {
+      if (days === 30) resolve30 = resolve
+      if (days === 7) resolve7 = resolve
+    }))
+
+    const { useUsageStore } = await import('@/stores/hermes/usage')
+    const store = useUsageStore()
+    const firstLoad = store.loadSessions(30)
+    const secondLoad = store.loadSessions(7)
+
+    resolve7(emptyStats(7, 7))
+    await secondLoad
+
+    expect(store.isLoading).toBe(false)
+    expect(store.stats?.period_days).toBe(7)
+
+    resolve30(emptyStats(30, 30))
+    await firstLoad
+
+    expect(store.stats?.period_days).toBe(7)
+    expect(store.totalSessions).toBe(7)
+  })
+})
diff --git a/tests/client/usage-view-period.test.ts b/tests/client/usage-view-period.test.ts
new file mode 100644
index 0000000..bf4936c
--- /dev/null
+++ b/tests/client/usage-view-period.test.ts
@@ -0,0 +1,94 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { defineComponent } from 'vue'
+import { flushPromises, mount } from '@vue/test-utils'
+
+const mockUsageStore = vi.hoisted(() => ({
+  isLoading: false,
+  hasData: true,
+  loadSessions: vi.fn(),
+}))
+
+const mockProfilesStore = vi.hoisted(() => ({
+  activeProfileName: 'default',
+  profiles: [{ name: 'default' }],
+  fetchProfiles: vi.fn(),
+}))
+
+vi.mock('@/stores/hermes/usage', () => ({
+  useUsageStore: () => mockUsageStore,
+}))
+
+vi.mock('@/stores/hermes/profiles', () => ({
+  useProfilesStore: () => mockProfilesStore,
+}))
+
+vi.mock('vue-i18n', () => ({
+  useI18n: () => ({
+    t: (key: string) => key,
+  }),
+}))
+
+vi.mock('naive-ui', () => ({
+  NButton: defineComponent({
+    name: 'NButton',
+    props: {
+      loading: Boolean,
+      type: String,
+      secondary: Boolean,
+      quaternary: Boolean,
+      size: String,
+      ariaPressed: [Boolean, String],
+    },
+    emits: ['click'],
+    template: '<button class="n-button-stub" :data-type="type" :aria-pressed="ariaPressed" @click="$emit(\'click\')"><slot /></button>',
+  }),
+}))
+
+vi.mock('@/components/hermes/usage/StatCards.vue', () => ({
+  default: defineComponent({ name: 'StatCards', template: '<section class="stat-cards-stub" />' }),
+}))
+
+vi.mock('@/components/hermes/usage/ModelBreakdown.vue', () => ({
+  default: defineComponent({ name: 'ModelBreakdown', template: '<section class="model-breakdown-stub" />' }),
+}))
+
+vi.mock('@/components/hermes/usage/DailyTrend.vue', () => ({
+  default: defineComponent({ name: 'DailyTrend', template: '<section class="daily-trend-stub" />' }),
+}))
+
+import UsageView from '@/views/hermes/UsageView.vue'
+
+describe('UsageView period selector', () => {
+  beforeEach(() => {
+    mockUsageStore.isLoading = false
+    mockUsageStore.hasData = true
+    mockUsageStore.loadSessions.mockReset()
+    mockProfilesStore.activeProfileName = 'default'
+    mockProfilesStore.profiles = [{ name: 'default' }]
+    mockProfilesStore.fetchProfiles.mockReset()
+  })
+
+  it('loads the default 30-day period on mount', async () => {
+    mount(UsageView)
+    await flushPromises()
+
+    expect(mockUsageStore.loadSessions).toHaveBeenCalledWith(30)
+  })
+
+  it('lets users switch usage statistics between common dashboard periods', async () => {
+    const wrapper = mount(UsageView)
+
+    const periodButtons = wrapper.findAll('.period-option')
+    expect(periodButtons.map(button => button.text())).toEqual(['7d', '30d', '90d', '365d'])
+    expect(wrapper.find('.period-selector').attributes('role')).toBe('group')
+
+    await periodButtons[0].trigger('click')
+    expect(mockUsageStore.loadSessions).toHaveBeenLastCalledWith(7)
+    expect(periodButtons[0].attributes('data-type')).toBe('primary')
+    expect(periodButtons[0].attributes('aria-pressed')).toBe('true')
+
+    await wrapper.find('.refresh-button').trigger('click')
+    expect(mockUsageStore.loadSessions).toHaveBeenLastCalledWith(7)
+  })
+})
diff --git a/tests/client/use-persistent-record.test.ts b/tests/client/use-persistent-record.test.ts
new file mode 100644
index 0000000..6267b3b
--- /dev/null
+++ b/tests/client/use-persistent-record.test.ts
@@ -0,0 +1,28 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it } from 'vitest'
+import { usePersistentRecord } from '@/composables/usePersistentRecord'
+
+describe('usePersistentRecord', () => {
+  beforeEach(() => localStorage.clear())
+
+  it('loads saved record and persists updates', () => {
+    localStorage.setItem('hermes.sidebar.collapsedGroups', JSON.stringify({ agent: true }))
+    const state = usePersistentRecord('hermes.sidebar.collapsedGroups')
+
+    expect(state.record.agent).toBe(true)
+    state.record.system = true
+    state.persist()
+
+    expect(JSON.parse(localStorage.getItem('hermes.sidebar.collapsedGroups') || '{}')).toEqual({
+      agent: true,
+      system: true,
+    })
+  })
+
+  it('ignores invalid stored values', () => {
+    localStorage.setItem('hermes.sidebar.collapsedGroups', 'not-json')
+    const state = usePersistentRecord('hermes.sidebar.collapsedGroups')
+
+    expect({ ...state.record }).toEqual({})
+  })
+})
diff --git a/tests/client/use-speech-webspeech.test.ts b/tests/client/use-speech-webspeech.test.ts
new file mode 100644
index 0000000..0298112
--- /dev/null
+++ b/tests/client/use-speech-webspeech.test.ts
@@ -0,0 +1,113 @@
+// @vitest-environment jsdom
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { defineComponent } from 'vue'
+import { mount } from '@vue/test-utils'
+
+import { useSpeech } from '@/composables/useSpeech'
+
+class MockSpeechSynthesisUtterance {
+  text: string
+  rate = 1
+  pitch = 1
+  volume = 1
+  voice: SpeechSynthesisVoice | null = null
+  lang = ''
+  onboundary: ((event: SpeechSynthesisEvent) => void) | null = null
+  onend: (() => void) | null = null
+  onerror: (() => void) | null = null
+
+  constructor(text: string) {
+    this.text = text
+  }
+}
+
+describe('useSpeech WebSpeech playback', () => {
+  beforeEach(() => {
+    const voice = {
+      name: 'Google US English',
+      lang: 'en-US',
+      default: false,
+      localService: false,
+      voiceURI: 'Google US English',
+    } satisfies SpeechSynthesisVoice
+
+    const synth = {
+      speaking: false,
+      pending: false,
+      paused: false,
+      addEventListener: vi.fn(),
+      removeEventListener: vi.fn(),
+      getVoices: vi.fn(() => [voice]),
+      speak: vi.fn(function (this: SpeechSynthesis) {
+        this.speaking = true
+        this.paused = false
+      }),
+      cancel: vi.fn(function (this: SpeechSynthesis) {
+        this.speaking = false
+        this.pending = false
+        this.paused = false
+      }),
+      pause: vi.fn(function (this: SpeechSynthesis) {
+        this.speaking = false
+        this.paused = true
+      }),
+      resume: vi.fn(function (this: SpeechSynthesis) {
+        this.speaking = true
+        this.paused = false
+      }),
+    } as unknown as SpeechSynthesis
+
+    Object.defineProperty(window, 'speechSynthesis', {
+      configurable: true,
+      value: synth,
+    })
+    Object.defineProperty(window, 'SpeechSynthesisUtterance', {
+      configurable: true,
+      value: MockSpeechSynthesisUtterance,
+    })
+    Object.defineProperty(globalThis, 'SpeechSynthesisUtterance', {
+      configurable: true,
+      value: MockSpeechSynthesisUtterance,
+    })
+  })
+
+  it('pauses and resumes the current browser voice instead of restarting it', () => {
+    const wrapper = mount(defineComponent({
+      setup() {
+        return {
+          speech: useSpeech(),
+        }
+      },
+      template: '<div />',
+    }))
+    const speech = wrapper.vm.speech
+    const synth = vi.mocked(window.speechSynthesis)
+
+    speech.toggleBrowser('message-1', 'Hello world', {
+      voiceName: 'Google US English',
+    })
+
+    expect(synth.speak).toHaveBeenCalledTimes(1)
+    expect(speech.isPlaying.value).toBe(true)
+    expect(speech.isPaused.value).toBe(false)
+
+    speech.toggleBrowser('message-1', 'Hello world', {
+      voiceName: 'Google US English',
+    })
+
+    expect(synth.pause).toHaveBeenCalledTimes(1)
+    expect(synth.speak).toHaveBeenCalledTimes(1)
+    expect(speech.isPlaying.value).toBe(true)
+    expect(speech.isPaused.value).toBe(true)
+
+    speech.toggleBrowser('message-1', 'Hello world', {
+      voiceName: 'Google US English',
+    })
+
+    expect(synth.resume).toHaveBeenCalledTimes(1)
+    expect(synth.speak).toHaveBeenCalledTimes(1)
+    expect(speech.isPaused.value).toBe(false)
+
+    wrapper.unmount()
+  })
+})
diff --git a/tests/desktop/cli-shim.test.ts b/tests/desktop/cli-shim.test.ts
new file mode 100644
index 0000000..f3d0aee
--- /dev/null
+++ b/tests/desktop/cli-shim.test.ts
@@ -0,0 +1,64 @@
+import { mkdtempSync, readFileSync, rmSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { afterEach, describe, expect, it } from 'vitest'
+import {
+  createShimContent,
+  installHermesStudioCliShim,
+  pathContainsDir,
+  shimPathForPlatform,
+} from '../../packages/desktop/src/main/cli-shim'
+
+let tempDirs: string[] = []
+
+afterEach(() => {
+  for (const dir of tempDirs) {
+    rmSync(dir, { recursive: true, force: true })
+  }
+  tempDirs = []
+})
+
+function tempHome(): string {
+  const dir = mkdtempSync(join(tmpdir(), 'hermes-studio-shim-'))
+  tempDirs.push(dir)
+  return dir
+}
+
+describe('Hermes Studio CLI shim', () => {
+  it('quotes Unix app paths and forwards args through --hermes-cli', () => {
+    const content = createShimContent("/Applications/Hermes Studio's.app/Contents/MacOS/Hermes Studio", 'darwin')
+
+    expect(content).toContain("--hermes-cli")
+    expect(content).toContain("APP='/Applications/Hermes Studio'\\''s.app/Contents/MacOS/Hermes Studio'")
+    expect(content).toContain('unset ELECTRON_RUN_AS_NODE')
+    expect(content).toContain('exec "$APP" -- --hermes-cli "$@"')
+  })
+
+  it('clears Electron Node mode in Windows shims before launching the app', () => {
+    const content = createShimContent('C:\\Users\\Example\\AppData\\Local\\Programs\\Hermes Studio\\Hermes Studio.exe', 'win32')
+
+    expect(content).toContain('set ELECTRON_RUN_AS_NODE=')
+    expect(content).toContain('"%APP%" -- --hermes-cli %*')
+  })
+
+  it('detects user bin paths with platform-specific separators', () => {
+    expect(pathContainsDir('/usr/bin:/Users/example/bin', '/Users/example/bin', 'darwin')).toBe(true)
+    expect(pathContainsDir('C:\\Windows;C:\\Users\\Example\\bin', 'C:\\Users\\Example\\bin', 'win32')).toBe(true)
+  })
+
+  it('installs a managed Unix shim and adds ~/bin to a shell profile', async () => {
+    const homeDir = tempHome()
+    const result = await installHermesStudioCliShim({
+      homeDir,
+      platform: 'darwin',
+      executablePath: '/Applications/Hermes Studio.app/Contents/MacOS/Hermes Studio',
+      env: { PATH: '/usr/bin', SHELL: '/bin/zsh' },
+    })
+
+    expect(result.status).toBe('installed')
+    expect(result.pathUpdated).toBe(true)
+    expect(result.shimPath).toBe(shimPathForPlatform(join(homeDir, 'bin'), 'darwin'))
+    expect(readFileSync(result.shimPath, 'utf-8')).toContain('exec "$APP" -- --hermes-cli "$@"')
+    expect(readFileSync(join(homeDir, '.zprofile'), 'utf-8')).toContain('export PATH="$HOME/bin:$PATH"')
+  })
+})
diff --git a/tests/e2e/auth.spec.ts b/tests/e2e/auth.spec.ts
new file mode 100644
index 0000000..e36b283
--- /dev/null
+++ b/tests/e2e/auth.spec.ts
@@ -0,0 +1,45 @@
+import { expect, test } from '@playwright/test'
+import { mockHermesApi, TEST_ACCESS_KEY } from './fixtures'
+
+test('redirects protected routes to the login screen without a token', async ({ page }) => {
+  const api = await mockHermesApi(page)
+
+  await page.goto('/#/hermes/jobs')
+
+  await expect(page).toHaveURL(/#\/$/)
+  await expect(page.getByRole('heading', { name: 'Hermes Web UI' })).toBeVisible()
+  await expect(page.getByPlaceholder('Username')).toBeVisible()
+  await expect(page.getByPlaceholder('Password')).toBeVisible()
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('rejects invalid credentials without persisting a token', async ({ page }) => {
+  const api = await mockHermesApi(page, { tokenValidationStatus: 401 })
+
+  await page.goto('/')
+  await page.getByPlaceholder('Username').fill('playwright')
+  await page.getByPlaceholder('Password').fill('bad-password')
+  await page.getByRole('button', { name: 'Login' }).click()
+
+  await expect(page.getByText('Invalid username or password')).toBeVisible()
+  await expect(page).toHaveURL(/#\/$/)
+  await expect(page.evaluate(() => window.localStorage.getItem('hermes_api_key'))).resolves.toBeNull()
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('logs in with password through the BFF before entering the app', async ({ page }) => {
+  const api = await mockHermesApi(page)
+
+  await page.goto('/')
+  await page.getByPlaceholder('Username').fill('playwright')
+  await page.getByPlaceholder('Password').fill('correct-password')
+  await page.getByRole('button', { name: 'Login' }).click()
+
+  await expect(page).toHaveURL(/#\/hermes\/chat$/)
+  await expect(page.evaluate(() => window.localStorage.getItem('hermes_api_key'))).resolves.toBe(TEST_ACCESS_KEY)
+
+  const loginRequest = api.requests.find((request) => request.pathname === '/api/auth/login')
+  expect(loginRequest?.method).toBe('POST')
+  expect(loginRequest?.postData).toBe(JSON.stringify({ username: 'playwright', password: 'correct-password' }))
+  expect(api.unexpectedRequests).toEqual([])
+})
diff --git a/tests/e2e/authenticated-shell.spec.ts b/tests/e2e/authenticated-shell.spec.ts
new file mode 100644
index 0000000..cb4c7dd
--- /dev/null
+++ b/tests/e2e/authenticated-shell.spec.ts
@@ -0,0 +1,32 @@
+import { expect, test } from '@playwright/test'
+import { authenticate, mockHermesApi, TEST_ACCESS_KEY } from './fixtures'
+
+test('renders authenticated shell and navigates between key product routes', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+
+  await page.goto('/#/hermes/jobs')
+
+  await expect(page.getByRole('heading', { name: 'Scheduled Jobs' })).toBeVisible()
+  await expect(page.getByText('Nightly Smoke')).toBeVisible()
+
+  const jobsRequest = api.requests.find((request) => request.pathname === '/api/hermes/jobs')
+  expect(jobsRequest?.headers.authorization).toBe(`Bearer ${TEST_ACCESS_KEY}`)
+  expect(jobsRequest?.headers['x-hermes-profile']).toBe('research')
+  const cronHistoryRequest = api.requests.find((request) => request.pathname === '/api/cron-history')
+  expect(cronHistoryRequest?.headers['x-hermes-profile']).toBe('research')
+
+  const modelsLink = page.locator('aside.sidebar').getByRole('link', { name: /^Models$/ })
+  await expect(modelsLink).toHaveAttribute('href', '#/hermes/models')
+  await modelsLink.click()
+  await expect(page).toHaveURL(/#\/hermes\/models$/)
+  await expect(page.getByRole('heading', { name: 'Models' })).toBeVisible()
+  await expect(page.getByText('test-model').first()).toBeVisible()
+
+  const settingsLink = page.locator('aside.sidebar').getByRole('link', { name: /^Settings$/ })
+  await expect(settingsLink).toHaveAttribute('href', '#/hermes/settings')
+  await settingsLink.click()
+  await expect(page).toHaveURL(/#\/hermes\/settings$/)
+  await expect(page.getByRole('heading', { name: 'Settings' })).toBeVisible()
+  expect(api.unexpectedRequests).toEqual([])
+})
diff --git a/tests/e2e/chat-session-multitab.spec.ts b/tests/e2e/chat-session-multitab.spec.ts
new file mode 100644
index 0000000..2a1d19d
--- /dev/null
+++ b/tests/e2e/chat-session-multitab.spec.ts
@@ -0,0 +1,169 @@
+import { expect, test, type Page } from '@playwright/test'
+import { authenticate, mockChatSocket, mockHermesApi, TEST_ACCESS_KEY } from './fixtures'
+
+const inputPlaceholder = 'Type a message... (Enter to send, Shift+Enter for new line)'
+
+type SessionSeed = {
+  id: string
+  title: string
+  lastActive: number
+}
+
+function sessionSummary({ id, title, lastActive }: SessionSeed) {
+  return {
+    id,
+    profile: 'research',
+    source: 'cli',
+    model: 'test-model',
+    provider: 'test-provider',
+    title,
+    preview: title,
+    started_at: lastActive - 10,
+    ended_at: null,
+    last_active: lastActive,
+    message_count: 1,
+    tool_call_count: 0,
+    input_tokens: 0,
+    output_tokens: 0,
+    cache_read_tokens: 0,
+    cache_write_tokens: 0,
+    reasoning_tokens: 0,
+    billing_provider: null,
+    estimated_cost_usd: 0,
+    actual_cost_usd: null,
+    cost_status: 'estimated',
+  }
+}
+
+function resumePayload(sessionId: string, content: string) {
+  return {
+    session_id: sessionId,
+    messages: [
+      {
+        id: 1,
+        session_id: sessionId,
+        role: 'user',
+        content,
+        timestamp: Date.now() / 1000,
+        tool_call_id: null,
+        tool_calls: null,
+        tool_name: null,
+        token_count: null,
+        finish_reason: null,
+        reasoning: null,
+      },
+    ],
+    isWorking: false,
+    events: [],
+  }
+}
+
+const sessions = [
+  sessionSummary({ id: 'session-a', title: 'Alpha chat', lastActive: 100 }),
+  sessionSummary({ id: 'session-b', title: 'Beta chat', lastActive: 200 }),
+]
+
+const resumes = {
+  'session-a': resumePayload('session-a', 'Alpha route content'),
+  'session-b': resumePayload('session-b', 'Beta route content'),
+}
+
+async function setupChatPage(page: Page) {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  await page.addInitScript((payload) => {
+    ;(window as any).__PW_CHAT_SOCKET_RESUMES__ = payload
+    window.localStorage.setItem('hermes_active_session_research', 'session-b')
+  }, resumes)
+  const api = await mockHermesApi(page, { sessions })
+  await mockChatSocket(page)
+  return api
+}
+
+async function sendChatMessage(page: Page, message: string) {
+  const input = page.getByPlaceholder(inputPlaceholder)
+  await expect(input).toBeVisible()
+  await input.fill(message)
+  await page.getByRole('button', { name: 'Send' }).click()
+}
+
+async function waitForRun(page: Page, index = 0) {
+  const handle = await page.waitForFunction((runIndex) => {
+    const state = (window as any).__PW_CHAT_SOCKET__
+    const runs = state?.emitted?.filter((item: any) => item.event === 'run') || []
+    const run = runs[runIndex]
+    return run ? run.payload : null
+  }, index)
+  return handle.jsonValue() as Promise<any>
+}
+
+test('route session id wins over shared active-session localStorage', async ({ page }) => {
+  const api = await setupChatPage(page)
+
+  await page.goto('/#/hermes/session/session-a')
+
+  await expect(page.getByText('Alpha route content')).toBeVisible()
+  await expect(page.getByText('Beta route content')).toHaveCount(0)
+  await expect(page).toHaveURL(/#\/hermes\/session\/session-a$/)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('two tabs can show different sessions and keep them after reload', async ({ context }) => {
+  const pageA = await context.newPage()
+  const pageB = await context.newPage()
+  const apiA = await setupChatPage(pageA)
+  const apiB = await setupChatPage(pageB)
+
+  await pageA.goto('/#/hermes/session/session-a')
+  await pageB.goto('/#/hermes/session/session-b')
+
+  await expect(pageA.getByText('Alpha route content')).toBeVisible()
+  await expect(pageB.getByText('Beta route content')).toBeVisible()
+
+  await pageA.reload()
+  await pageB.reload()
+
+  await expect(pageA.getByText('Alpha route content')).toBeVisible()
+  await expect(pageB.getByText('Beta route content')).toBeVisible()
+  await expect(pageA).toHaveURL(/#\/hermes\/session\/session-a$/)
+  await expect(pageB).toHaveURL(/#\/hermes\/session\/session-b$/)
+  expect(apiA.unexpectedRequests).toEqual([])
+  expect(apiB.unexpectedRequests).toEqual([])
+})
+
+test('parallel tabs send runs and render progress only for their own session', async ({ context }) => {
+  const pageA = await context.newPage()
+  const pageB = await context.newPage()
+  const apiA = await setupChatPage(pageA)
+  const apiB = await setupChatPage(pageB)
+
+  await pageA.goto('/#/hermes/session/session-a')
+  await pageB.goto('/#/hermes/session/session-b')
+  await expect(pageA.getByText('Alpha route content')).toBeVisible()
+  await expect(pageB.getByText('Beta route content')).toBeVisible()
+
+  await sendChatMessage(pageA, 'Question for Alpha')
+  await sendChatMessage(pageB, 'Question for Beta')
+
+  const runA = await waitForRun(pageA)
+  const runB = await waitForRun(pageB)
+  expect(runA.session_id).toBe('session-a')
+  expect(runB.session_id).toBe('session-b')
+
+  await pageA.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-a' })
+    socket.__trigger('message.delta', { event: 'message.delta', session_id: sid, run_id: 'run-a', delta: 'Alpha progress' })
+  }, runA.session_id)
+  await pageB.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-b' })
+    socket.__trigger('message.delta', { event: 'message.delta', session_id: sid, run_id: 'run-b', delta: 'Beta progress' })
+  }, runB.session_id)
+
+  await expect(pageA.getByText('Alpha progress')).toBeVisible()
+  await expect(pageA.getByText('Beta progress')).toHaveCount(0)
+  await expect(pageB.getByText('Beta progress')).toBeVisible()
+  await expect(pageB.getByText('Alpha progress')).toHaveCount(0)
+  expect(apiA.unexpectedRequests).toEqual([])
+  expect(apiB.unexpectedRequests).toEqual([])
+})
diff --git a/tests/e2e/chat-streaming.spec.ts b/tests/e2e/chat-streaming.spec.ts
new file mode 100644
index 0000000..2da8483
--- /dev/null
+++ b/tests/e2e/chat-streaming.spec.ts
@@ -0,0 +1,858 @@
+import { expect, test, type Page } from '@playwright/test'
+import { authenticate, mockChatSocket, mockHermesApi, TEST_ACCESS_KEY } from './fixtures'
+
+const inputPlaceholder = 'Type a message... (Enter to send, Shift+Enter for new line)'
+
+async function sendChatMessage(page: Page, message: string) {
+  const input = page.getByPlaceholder(inputPlaceholder)
+  await expect(input).toBeVisible()
+  await input.fill(message)
+  await page.getByRole('button', { name: 'Send' }).click()
+}
+
+async function waitForRun(page: Page, index = 0) {
+  const handle = await page.waitForFunction((runIndex) => {
+    const state = (window as any).__PW_CHAT_SOCKET__
+    const runs = state?.emitted?.filter((item: any) => item.event === 'run') || []
+    const run = runs[runIndex]
+    return run
+      ? {
+          socket: {
+            url: state.latest.url,
+            options: state.latest.options,
+          },
+          run: run.payload,
+          runCount: runs.length,
+          socketCount: state.sockets.length,
+        }
+      : null
+  }, index)
+  return handle.jsonValue() as Promise<any>
+}
+
+test('sends a chat run and renders streamed Socket.IO response events', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await sendChatMessage(page, 'Summarize the queue')
+
+  await expect(page.locator('p').filter({ hasText: /^Summarize the queue$/ })).toBeVisible()
+
+  const { socket, run } = await waitForRun(page)
+
+  expect(socket.url).toBe('/chat-run')
+  expect(socket.options.auth).toEqual({ token: TEST_ACCESS_KEY })
+  expect(socket.options.query).toEqual({ profile: 'research' })
+  expect(run).toMatchObject({
+    input: 'Summarize the queue',
+    queue_id: expect.any(String),
+    session_id: expect.any(String),
+    source: 'cli',
+  })
+  expect(run.model).toBe('test-model')
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-1' })
+    socket.__trigger('message.delta', { event: 'message.delta', session_id: sid, run_id: 'run-1', delta: 'Streaming ' })
+    socket.__trigger('message.delta', { event: 'message.delta', session_id: sid, run_id: 'run-1', delta: 'answer from Hermes' })
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-1',
+      output: 'Streaming answer from Hermes',
+      inputTokens: 11,
+      outputTokens: 7,
+    })
+  }, run.session_id)
+
+  await expect(page.getByText('Streaming answer from Hermes')).toBeVisible()
+  await expect(page.getByRole('button', { name: 'Stop' })).toHaveCount(0)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('uses the newly selected profile for the next chat-run socket after profile switch reload', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'default')
+  const api = await mockHermesApi(page, { initialProfileName: 'default' })
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+  await expect(page.getByTestId('profile-selector-select').filter({ hasText: 'default' })).toBeVisible()
+
+  await sendChatMessage(page, 'Warm up default socket')
+  const defaultRun = await waitForRun(page)
+  expect(defaultRun.socket.options.query).toEqual({ profile: 'default' })
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-default' })
+    socket.__trigger('message.delta', { event: 'message.delta', session_id: sid, run_id: 'run-default', delta: 'Default profile reply' })
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-default',
+      output: 'Default profile reply',
+    })
+  }, defaultRun.run.session_id)
+  await expect(page.getByRole('button', { name: 'Stop' })).toHaveCount(0)
+
+  await page.getByTestId('profile-selector-select').click()
+  await expect(page.getByRole('dialog').filter({ hasText: 'research' })).toBeVisible()
+  const reloadPromise = page.waitForEvent('framenavigated', frame => frame === page.mainFrame())
+  await page.locator('.profile-runtime-item').filter({ hasText: /^research/ }).getByRole('button', { name: 'Switch Frontend Profile' }).click()
+  await reloadPromise
+  await page.waitForLoadState('domcontentloaded')
+  await expect(page.getByTestId('profile-selector-select').filter({ hasText: 'research' })).toBeVisible()
+
+  await sendChatMessage(page, 'Use the active research profile')
+  const { socket, run } = await waitForRun(page)
+
+  expect(socket.url).toBe('/chat-run')
+  expect(socket.options.auth).toEqual({ token: TEST_ACCESS_KEY })
+  expect(socket.options.query).toEqual({ profile: 'research' })
+  expect(run.input).toBe('Use the active research profile')
+  expect(await page.evaluate(() => window.localStorage.getItem('hermes_active_profile_name'))).toBe('research')
+
+  expect(api.requests.some((request) => request.pathname === '/api/hermes/profiles/active')).toBe(false)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('keeps queued runs on one socket and does not duplicate streamed handlers', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await sendChatMessage(page, 'First queued contract')
+  const first = await waitForRun(page)
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-1', queue_length: 1 })
+    socket.__trigger('message.delta', { event: 'message.delta', session_id: sid, run_id: 'run-1', delta: 'First answer' })
+  }, first.run.session_id)
+  await expect(page.getByRole('button', { name: 'Stop' })).toBeVisible()
+
+  await sendChatMessage(page, 'Second queued contract')
+  const second = await waitForRun(page, 1)
+
+  expect(second.socketCount).toBe(1)
+  expect(second.runCount).toBe(2)
+  expect(second.run.session_id).toBe(first.run.session_id)
+  expect(second.run.input).toBe('Second queued contract')
+  await expect(page.locator('p').filter({ hasText: /^Second queued contract$/ })).toHaveCount(0)
+
+  await page.evaluate(({ sid, queueId }) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.peer_user_message', {
+      event: 'run.peer_user_message',
+      session_id: sid,
+      message: {
+        id: queueId,
+        role: 'user',
+        content: 'Second queued contract',
+        timestamp: Date.now() / 1000,
+      },
+    })
+  }, { sid: first.run.session_id, queueId: second.run.queue_id })
+  await expect(page.locator('p').filter({ hasText: /^Second queued contract$/ })).toHaveCount(0)
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-1',
+      output: 'First answer',
+      queue_remaining: 1,
+    })
+  }, first.run.session_id)
+
+  await expect(page.locator('p').filter({ hasText: /^Second queued contract$/ })).toHaveCount(0)
+
+  await page.evaluate(({ sid, queueId }) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.queued', {
+      event: 'run.queued',
+      session_id: sid,
+      queue_length: 0,
+      dequeued_queue_id: queueId,
+      queued_messages: [],
+    })
+    socket.__trigger('run.peer_user_message', {
+      event: 'run.peer_user_message',
+      session_id: sid,
+      message: {
+        id: queueId,
+        role: 'user',
+        content: 'Second queued contract',
+        timestamp: Date.now() / 1000,
+      },
+    })
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-2', queue_length: 0 })
+    socket.__trigger('message.delta', { event: 'message.delta', session_id: sid, run_id: 'run-2', delta: 'Second answer' })
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-2',
+      output: 'Second answer',
+      queue_remaining: 0,
+    })
+  }, { sid: first.run.session_id, queueId: second.run.queue_id })
+
+  await expect(page.locator('p').filter({ hasText: /^First answer$/ })).toHaveCount(1)
+  await expect(page.locator('p').filter({ hasText: /^Second queued contract$/ })).toHaveCount(1)
+  await expect(page.locator('p').filter({ hasText: /^Second answer$/ })).toHaveCount(1)
+  await expect(page.getByRole('button', { name: 'Stop' })).toHaveCount(0)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('clears previous compression status when a new run starts', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await sendChatMessage(page, 'Trigger compression before answering')
+  const first = await waitForRun(page)
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-1' })
+    socket.__trigger('compression.completed', {
+      event: 'compression.completed',
+      session_id: sid,
+      totalMessages: 12,
+      beforeTokens: 24000,
+      afterTokens: 6000,
+      compressed: true,
+    })
+  }, first.run.session_id)
+
+  await expect(page.getByText(/Compressed 12 msgs/)).toBeVisible()
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-1',
+      output: 'First answer',
+    })
+  }, first.run.session_id)
+
+  await sendChatMessage(page, 'Start another turn')
+  const second = await waitForRun(page, 1)
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-2' })
+  }, second.run.session_id)
+
+  await expect(page.getByText(/Compressed 12 msgs/)).toHaveCount(0)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('surfaces an empty completed run as an error instead of leaving chat stalled', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await sendChatMessage(page, 'Call a broken provider')
+  const { run } = await waitForRun(page)
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-empty' })
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-empty',
+      output: '',
+      inputTokens: 0,
+      outputTokens: 0,
+    })
+  }, run.session_id)
+
+  await expect(page.getByText(/Agent returned no output/)).toBeVisible()
+  await expect(page.getByRole('button', { name: 'Send' })).toBeVisible()
+  await expect(page.getByRole('button', { name: 'Stop' })).toHaveCount(0)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('renders tool trace and sends explicit approval decisions over the chat-run socket', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await sendChatMessage(page, 'Use write_file with approval')
+  const { run } = await waitForRun(page)
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-approval' })
+    socket.__trigger('tool.started', {
+      event: 'tool.started',
+      session_id: sid,
+      run_id: 'run-approval',
+      tool_call_id: 'tool-call-1',
+      tool: 'write_file',
+      preview: 'Writing approved file',
+      arguments: JSON.stringify({ path: '/tmp/approved.txt', content: 'hello' }),
+    })
+    socket.__trigger('approval.requested', {
+      event: 'approval.requested',
+      session_id: sid,
+      run_id: 'run-approval',
+      approval_id: 'approval-1',
+      command: 'write_file /tmp/approved.txt',
+      description: 'Allow write_file to create /tmp/approved.txt',
+      choices: ['once', 'deny'],
+      allow_permanent: false,
+    })
+  }, run.session_id)
+
+  await expect(page.getByText('write_file', { exact: true })).toBeVisible()
+  await expect(page.getByText('Writing approved file')).toBeVisible()
+  await expect(page.locator('.message.tool .tool-line')).toHaveCount(0)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'write_file' })).toBeVisible()
+  await expect(page.getByText('Allow write_file to create /tmp/approved.txt')).toBeVisible()
+  await expect(page.getByText('write_file /tmp/approved.txt')).toBeVisible()
+  await expect(page.getByRole('button', { name: 'Allow once' })).toBeVisible()
+  await expect(page.getByRole('button', { name: 'Allow session' })).toHaveCount(0)
+  await expect(page.getByRole('button', { name: 'Deny' })).toBeVisible()
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('approval.resolved', {
+      event: 'approval.resolved',
+      session_id: sid,
+      run_id: 'run-approval',
+      approval_id: 'approval-other',
+      choice: 'deny',
+      resolved: true,
+    })
+  }, run.session_id)
+  await expect(page.getByText('Allow write_file to create /tmp/approved.txt')).toBeVisible()
+  await expect(page.getByRole('button', { name: 'Allow once' })).toBeVisible()
+
+  await page.getByRole('button', { name: 'Allow once' }).click()
+
+  await expect(page.getByText('Allow write_file to create /tmp/approved.txt')).toHaveCount(0)
+  await expect(page.getByRole('button', { name: 'Allow once' })).toHaveCount(0)
+  await expect.poll(async () => page.evaluate(() => {
+    const emitted = (window as any).__PW_CHAT_SOCKET__.emitted
+    return emitted.filter((item: any) => item.event === 'approval.respond')
+  })).toEqual([
+    {
+      event: 'approval.respond',
+      payload: {
+        session_id: run.session_id,
+        approval_id: 'approval-1',
+        choice: 'once',
+      },
+    },
+  ])
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('approval.resolved', {
+      event: 'approval.resolved',
+      session_id: sid,
+      run_id: 'run-approval',
+      approval_id: 'approval-1',
+      choice: 'once',
+      resolved: true,
+    })
+    socket.__trigger('tool.completed', {
+      event: 'tool.completed',
+      session_id: sid,
+      run_id: 'run-approval',
+      tool_call_id: 'tool-call-1',
+      tool: 'write_file',
+      output: JSON.stringify({ ok: true, path: '/tmp/approved.txt' }),
+      duration: 42,
+    })
+    socket.__trigger('message.delta', {
+      event: 'message.delta',
+      session_id: sid,
+      run_id: 'run-approval',
+      delta: 'Delta-only approved tool result.',
+    })
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-approval',
+      output: 'Completion fallback should stay hidden.',
+    })
+  }, run.session_id)
+
+  const persistedToolTrace = page.locator('.message.tool .tool-line').filter({ hasText: 'write_file' })
+  await expect(persistedToolTrace).toHaveCount(1)
+  await persistedToolTrace.click()
+  const toolDetails = page.locator('.message.tool .tool-details')
+  await expect(toolDetails).toContainText('/tmp/approved.txt')
+  await expect(toolDetails).toContainText('ok')
+  await expect(page.getByText('Delta-only approved tool result.')).toBeVisible()
+  await expect(page.getByText('Completion fallback should stay hidden.')).toHaveCount(0)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'write_file' })).toHaveCount(0)
+  await expect(page.getByRole('button', { name: 'Stop' })).toHaveCount(0)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('keeps prior tool trace visible while hiding only the active run tool trace', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await sendChatMessage(page, 'First tool trace')
+  const first = await waitForRun(page)
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-history-1' })
+    socket.__trigger('tool.started', {
+      event: 'tool.started',
+      session_id: sid,
+      run_id: 'run-history-1',
+      tool_call_id: 'tool-history-1',
+      tool: 'read_file',
+      preview: 'Read historical file',
+      arguments: JSON.stringify({ path: '/tmp/history.txt' }),
+    })
+    socket.__trigger('tool.completed', {
+      event: 'tool.completed',
+      session_id: sid,
+      run_id: 'run-history-1',
+      tool_call_id: 'tool-history-1',
+      tool: 'read_file',
+      output: JSON.stringify({ ok: true, path: '/tmp/history.txt' }),
+      duration: 12,
+    })
+    socket.__trigger('message.delta', {
+      event: 'message.delta',
+      session_id: sid,
+      run_id: 'run-history-1',
+      delta: 'First tool answer.',
+    })
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-history-1',
+      output: 'First fallback should stay hidden.',
+    })
+  }, first.run.session_id)
+
+  const transcriptTools = page.locator('.message.tool .tool-line')
+  await expect(transcriptTools.filter({ hasText: 'read_file' })).toHaveCount(1)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'read_file' })).toHaveCount(0)
+
+  await sendChatMessage(page, 'Second tool trace')
+  const second = await waitForRun(page, 1)
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-history-2' })
+    socket.__trigger('tool.started', {
+      event: 'tool.started',
+      session_id: sid,
+      run_id: 'run-history-2',
+      tool_call_id: 'tool-history-2',
+      tool: 'write_file',
+      preview: 'Write current file',
+      arguments: JSON.stringify({ path: '/tmp/current.txt', content: 'now' }),
+    })
+  }, second.run.session_id)
+
+  await expect(transcriptTools.filter({ hasText: 'read_file' })).toHaveCount(1)
+  await expect(transcriptTools.filter({ hasText: 'write_file' })).toHaveCount(0)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'read_file' })).toHaveCount(0)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'write_file' })).toHaveCount(1)
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('tool.completed', {
+      event: 'tool.completed',
+      session_id: sid,
+      run_id: 'run-history-2',
+      tool_call_id: 'tool-history-2',
+      tool: 'write_file',
+      output: JSON.stringify({ ok: true, path: '/tmp/current.txt' }),
+      duration: 15,
+    })
+    socket.__trigger('message.delta', {
+      event: 'message.delta',
+      session_id: sid,
+      run_id: 'run-history-2',
+      delta: 'Second tool answer.',
+    })
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-history-2',
+      output: 'Second fallback should stay hidden.',
+    })
+  }, second.run.session_id)
+
+  await expect(transcriptTools).toHaveCount(2)
+  await expect(transcriptTools.filter({ hasText: 'read_file' })).toHaveCount(1)
+  await expect(transcriptTools.filter({ hasText: 'write_file' })).toHaveCount(1)
+  await expect(page.getByText('First fallback should stay hidden.')).toHaveCount(0)
+  await expect(page.getByText('Second fallback should stay hidden.')).toHaveCount(0)
+  await expect(page.getByRole('button', { name: 'Stop' })).toHaveCount(0)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('keeps completed same-run tool traces hidden until the run finishes', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await sendChatMessage(page, 'Run multiple tools')
+  const { run } = await waitForRun(page)
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-multi-tool' })
+    socket.__trigger('tool.started', {
+      event: 'tool.started',
+      session_id: sid,
+      run_id: 'run-multi-tool',
+      tool_call_id: 'tool-multi-1',
+      tool: 'read_file',
+      preview: 'Read config',
+      arguments: JSON.stringify({ path: '/tmp/config.json' }),
+    })
+    socket.__trigger('tool.started', {
+      event: 'tool.started',
+      session_id: sid,
+      run_id: 'run-multi-tool',
+      tool_call_id: 'tool-multi-2',
+      tool: 'shell_exec',
+      preview: 'Run command',
+      arguments: JSON.stringify({ command: 'false' }),
+    })
+  }, run.session_id)
+
+  const transcriptTools = page.locator('.message.tool .tool-line')
+  await expect(transcriptTools).toHaveCount(0)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'read_file' })).toHaveCount(1)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'shell_exec' })).toHaveCount(1)
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('tool.completed', {
+      event: 'tool.completed',
+      session_id: sid,
+      run_id: 'run-multi-tool',
+      tool_call_id: 'tool-multi-1',
+      tool: 'read_file',
+      output: JSON.stringify({ ok: true, path: '/tmp/config.json' }),
+      duration: 11,
+    })
+    socket.__trigger('tool.completed', {
+      event: 'tool.completed',
+      session_id: sid,
+      run_id: 'run-multi-tool',
+      tool_call_id: 'tool-multi-2',
+      tool: 'shell_exec',
+      output: 'exit status 1',
+      error: true,
+      duration: 13,
+    })
+  }, run.session_id)
+
+  await expect(transcriptTools).toHaveCount(0)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'read_file' })).toHaveCount(1)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'shell_exec' })).toHaveCount(1)
+
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('message.delta', {
+      event: 'message.delta',
+      session_id: sid,
+      run_id: 'run-multi-tool',
+      delta: 'Multiple tools finished.',
+    })
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-multi-tool',
+      output: 'Multi-tool fallback should stay hidden.',
+    })
+  }, run.session_id)
+
+  await expect(transcriptTools).toHaveCount(2)
+  await expect(transcriptTools.filter({ hasText: 'read_file' })).toHaveCount(1)
+  await expect(transcriptTools.filter({ hasText: 'shell_exec' })).toHaveCount(1)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'read_file' })).toHaveCount(0)
+  await expect(page.locator('.tool-calls-panel .tool-call-name').filter({ hasText: 'shell_exec' })).toHaveCount(0)
+  await expect(page.locator('.message.tool .tool-error-badge')).toHaveCount(1)
+  await transcriptTools.filter({ hasText: 'shell_exec' }).click()
+  await expect(page.locator('.message.tool .tool-details')).toContainText('exit status 1')
+  await expect(page.getByText('Multi-tool fallback should stay hidden.')).toHaveCount(0)
+  await expect(page.getByRole('button', { name: 'Stop' })).toHaveCount(0)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('keeps unnamed tool trace messages out of the transcript after completion', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await sendChatMessage(page, 'Run internal unnamed tool')
+  const { run } = await waitForRun(page)
+  await page.evaluate((sid) => {
+    const socket = (window as any).__PW_CHAT_SOCKET__.latest
+    socket.__trigger('run.started', { event: 'run.started', session_id: sid, run_id: 'run-unnamed-tool' })
+    socket.__trigger('tool.started', {
+      event: 'tool.started',
+      session_id: sid,
+      run_id: 'run-unnamed-tool',
+      tool_call_id: 'tool-unnamed-1',
+      preview: 'Internal unnamed work',
+      arguments: JSON.stringify({ internal: true }),
+    })
+    socket.__trigger('tool.completed', {
+      event: 'tool.completed',
+      session_id: sid,
+      run_id: 'run-unnamed-tool',
+      tool_call_id: 'tool-unnamed-1',
+      output: JSON.stringify({ internal: true, ok: true }),
+      duration: 9,
+    })
+    socket.__trigger('message.delta', {
+      event: 'message.delta',
+      session_id: sid,
+      run_id: 'run-unnamed-tool',
+      delta: 'Unnamed internal tool finished.',
+    })
+    socket.__trigger('run.completed', {
+      event: 'run.completed',
+      session_id: sid,
+      run_id: 'run-unnamed-tool',
+      output: 'Unnamed fallback should stay hidden.',
+    })
+  }, run.session_id)
+
+  await expect(page.locator('.message.tool .tool-line')).toHaveCount(0)
+  await expect(page.getByText('Unnamed internal tool finished.')).toBeVisible()
+  await expect(page.getByText('Unnamed fallback should stay hidden.')).toHaveCount(0)
+  await expect(page.getByRole('button', { name: 'Stop' })).toHaveCount(0)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('keeps unnamed resumed tool traces hidden after session reload', async ({ page }) => {
+  const sessionId = 'session-history-unnamed-tool'
+  const sessionSummary = {
+    id: sessionId,
+    source: 'api_server',
+    model: 'test-model',
+    title: 'Unnamed tool history',
+    preview: 'History answer visible.',
+    started_at: 1,
+    ended_at: 4,
+    last_active: 4,
+    message_count: 4,
+    tool_call_count: 1,
+    input_tokens: 0,
+    output_tokens: 0,
+    cache_read_tokens: 0,
+    cache_write_tokens: 0,
+    reasoning_tokens: 0,
+    billing_provider: 'test-provider',
+    estimated_cost_usd: 0,
+    actual_cost_usd: null,
+    cost_status: 'none',
+    workspace: null,
+  }
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  await page.addInitScript((sid) => {
+    ;(window as any).__PW_CHAT_SOCKET_RESUMES__ = {
+      [sid]: {
+        session_id: sid,
+        isWorking: false,
+        events: [],
+        messages: [
+          {
+            id: 1,
+            session_id: sid,
+            role: 'user',
+            content: 'Resume unnamed internal tool',
+            tool_call_id: null,
+            tool_calls: null,
+            tool_name: null,
+            timestamp: 1,
+            token_count: null,
+            finish_reason: null,
+            reasoning: null,
+          },
+          {
+            id: 2,
+            session_id: sid,
+            role: 'assistant',
+            content: '',
+            tool_call_id: null,
+            tool_calls: [{ id: 'tool-resume-unnamed-1', type: 'function', function: { arguments: JSON.stringify({ internal: true }) } }],
+            tool_name: null,
+            timestamp: 2,
+            token_count: null,
+            finish_reason: 'tool_calls',
+            reasoning: null,
+          },
+          {
+            id: 3,
+            session_id: sid,
+            role: 'tool',
+            content: JSON.stringify({ internal: true, ok: true }),
+            tool_call_id: 'tool-resume-unnamed-1',
+            tool_calls: null,
+            tool_name: null,
+            timestamp: 3,
+            token_count: null,
+            finish_reason: null,
+            reasoning: null,
+          },
+          {
+            id: 4,
+            session_id: sid,
+            role: 'assistant',
+            content: 'History answer visible.',
+            tool_call_id: null,
+            tool_calls: null,
+            tool_name: null,
+            timestamp: 4,
+            token_count: null,
+            finish_reason: 'stop',
+            reasoning: null,
+          },
+        ],
+      },
+    }
+  }, sessionId)
+  const api = await mockHermesApi(page, { sessions: [sessionSummary] })
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await expect(page.getByText('History answer visible.')).toBeVisible()
+  await expect(page.locator('.message.tool .tool-line')).toHaveCount(0)
+  await expect(page.locator('.message.tool')).toHaveCount(0)
+  const resumeRequest = await page.waitForFunction((sid) => {
+    const state = (window as any).__PW_CHAT_SOCKET__
+    return state?.emitted?.some((item: any) => item.event === 'resume' && item.payload?.session_id === sid)
+  }, sessionId)
+  expect(await resumeRequest.jsonValue()).toBe(true)
+  expect(api.unexpectedRequests).toEqual([])
+})
+
+test('restores named resumed tool traces from assistant tool calls after session reload', async ({ page }) => {
+  const sessionId = 'session-history-named-tool'
+  const sessionSummary = {
+    id: sessionId,
+    source: 'api_server',
+    model: 'test-model',
+    title: 'Named tool history',
+    preview: 'Named history answer visible.',
+    started_at: 1,
+    ended_at: 4,
+    last_active: 4,
+    message_count: 4,
+    tool_call_count: 1,
+    input_tokens: 0,
+    output_tokens: 0,
+    cache_read_tokens: 0,
+    cache_write_tokens: 0,
+    reasoning_tokens: 0,
+    billing_provider: 'test-provider',
+    estimated_cost_usd: 0,
+    actual_cost_usd: null,
+    cost_status: 'none',
+    workspace: null,
+  }
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  await page.addInitScript((sid) => {
+    ;(window as any).__PW_CHAT_SOCKET_RESUMES__ = {
+      [sid]: {
+        session_id: sid,
+        isWorking: false,
+        events: [],
+        messages: [
+          {
+            id: 1,
+            session_id: sid,
+            role: 'user',
+            content: 'Resume named tool',
+            tool_call_id: null,
+            tool_calls: null,
+            tool_name: null,
+            timestamp: 1,
+            token_count: null,
+            finish_reason: null,
+            reasoning: null,
+          },
+          {
+            id: 2,
+            session_id: sid,
+            role: 'assistant',
+            content: '',
+            tool_call_id: null,
+            tool_calls: [{ id: 'tool-resume-named-1', type: 'function', function: { name: 'read_file', arguments: JSON.stringify({ path: '/tmp/history.txt' }) } }],
+            tool_name: null,
+            timestamp: 2,
+            token_count: null,
+            finish_reason: 'tool_calls',
+            reasoning: null,
+          },
+          {
+            id: 3,
+            session_id: sid,
+            role: 'tool',
+            content: JSON.stringify({ ok: true, path: '/tmp/history.txt' }),
+            tool_call_id: 'tool-resume-named-1',
+            tool_calls: null,
+            tool_name: null,
+            timestamp: 3,
+            token_count: null,
+            finish_reason: null,
+            reasoning: null,
+          },
+          {
+            id: 4,
+            session_id: sid,
+            role: 'assistant',
+            content: 'Named history answer visible.',
+            tool_call_id: null,
+            tool_calls: null,
+            tool_name: null,
+            timestamp: 4,
+            token_count: null,
+            finish_reason: 'stop',
+            reasoning: null,
+          },
+        ],
+      },
+    }
+  }, sessionId)
+  const api = await mockHermesApi(page, { sessions: [sessionSummary] })
+  await mockChatSocket(page)
+
+  await page.goto('/#/hermes/chat')
+
+  await expect(page.getByText('Named history answer visible.')).toBeVisible()
+  const restoredTrace = page.locator('.message.tool .tool-line').filter({ hasText: 'read_file' })
+  await expect(restoredTrace).toHaveCount(1)
+  await restoredTrace.click()
+  await expect(page.locator('.message.tool .tool-details')).toContainText('/tmp/history.txt')
+  expect(api.unexpectedRequests).toEqual([])
+})
diff --git a/tests/e2e/fixtures.ts b/tests/e2e/fixtures.ts
new file mode 100644
index 0000000..d6ce6f1
--- /dev/null
+++ b/tests/e2e/fixtures.ts
@@ -0,0 +1,415 @@
+import type { Page, Request, Route } from '@playwright/test'
+
+export const TEST_ACCESS_KEY = 'playwright-access-key'
+
+export interface MockedRequest {
+  method: string
+  pathname: string
+  search: string
+  headers: Record<string, string>
+  postData: string | null
+}
+
+interface MockHermesApiOptions {
+  tokenValidationStatus?: number
+  initialProfileName?: 'default' | 'research'
+  sessions?: unknown[]
+}
+
+const sampleModelGroup = {
+  provider: 'test-provider',
+  label: 'Test Provider',
+  base_url: 'https://example.invalid/v1',
+  models: ['test-model'],
+  available_models: ['test-model'],
+  api_key: '',
+  builtin: true,
+}
+
+const sampleJob = {
+  job_id: 'job-smoke',
+  id: 'job-smoke',
+  name: 'Nightly Smoke',
+  prompt: 'Run the smoke check',
+  prompt_preview: 'Run the smoke check',
+  skills: [],
+  skill: null,
+  model: 'test-model',
+  provider: 'test-provider',
+  base_url: null,
+  script: null,
+  schedule: '0 9 * * *',
+  schedule_display: '0 9 * * *',
+  repeat: { times: null, completed: 0 },
+  enabled: true,
+  state: 'scheduled',
+  paused_at: null,
+  paused_reason: null,
+  created_at: '2026-01-01T00:00:00.000Z',
+  next_run_at: '2026-01-02T09:00:00.000Z',
+  last_run_at: null,
+  last_status: null,
+  last_error: null,
+  deliver: 'origin',
+  origin: null,
+  last_delivery_error: null,
+}
+
+function jsonResponse(body: unknown, status = 200) {
+  return {
+    status,
+    contentType: 'application/json',
+    body: JSON.stringify(body),
+  }
+}
+
+function recordRequest(request: Request): MockedRequest {
+  const url = new URL(request.url())
+  return {
+    method: request.method(),
+    pathname: url.pathname,
+    search: url.search,
+    headers: request.headers(),
+    postData: request.postData(),
+  }
+}
+
+export async function mockHermesApi(page: Page, options: MockHermesApiOptions = {}) {
+  const requests: MockedRequest[] = []
+  const unexpectedRequests: MockedRequest[] = []
+  const tokenValidationStatus = options.tokenValidationStatus ?? 200
+  let activeProfileName = options.initialProfileName ?? 'research'
+
+  await page.route('**/*', async (route: Route) => {
+    const request = route.request()
+    const url = new URL(request.url())
+    const { pathname } = url
+
+    if (!(pathname === '/health' || pathname.startsWith('/api/') || pathname.startsWith('/v1/'))) {
+      await route.continue()
+      return
+    }
+
+    requests.push(recordRequest(request))
+
+    if (pathname === '/health') {
+      await route.fulfill(jsonResponse({ status: 'ok', webui_version: '0.5.23', node_version: '23.0.0' }))
+      return
+    }
+
+    if (pathname === '/api/auth/status') {
+      await route.fulfill(jsonResponse({ hasPasswordLogin: true, username: 'playwright' }))
+      return
+    }
+
+    if (pathname === '/api/auth/login') {
+      if (request.method() !== 'POST') {
+        await route.fulfill(jsonResponse({ error: 'Method not allowed' }, 405))
+        return
+      }
+      if (tokenValidationStatus !== 200) {
+        await route.fulfill(jsonResponse({ error: 'Invalid username or password' }, tokenValidationStatus))
+        return
+      }
+      await route.fulfill(jsonResponse({ token: TEST_ACCESS_KEY }))
+      return
+    }
+
+    if (pathname === '/api/auth/me') {
+      await route.fulfill(jsonResponse({
+        user: {
+          id: 1,
+          username: 'playwright',
+          role: 'super_admin',
+          status: 'active',
+          created_at: 0,
+          updated_at: 0,
+          last_login_at: 0,
+        },
+      }))
+      return
+    }
+
+    if (pathname === '/api/hermes/sessions') {
+      await route.fulfill(jsonResponse({ sessions: options.sessions ?? [] }, tokenValidationStatus))
+      return
+    }
+
+    if (pathname === '/api/hermes/sessions/hermes') {
+      await route.fulfill(jsonResponse({ sessions: [] }))
+      return
+    }
+
+    if (pathname === '/api/hermes/sessions/context-length') {
+      await route.fulfill(jsonResponse({ context_length: 256000 }))
+      return
+    }
+
+    if (pathname === '/api/hermes/files/list') {
+      await route.fulfill(jsonResponse({ entries: [], path: '' }))
+      return
+    }
+
+    if (pathname === '/api/hermes/auth/copilot/check-token') {
+      await route.fulfill(jsonResponse({ has_token: false, source: null, enabled: false }))
+      return
+    }
+
+    if (pathname === '/api/auth/locked-ips') {
+      await route.fulfill(jsonResponse({ locks: [] }))
+      return
+    }
+
+    if (pathname === '/api/hermes/available-models') {
+      await route.fulfill(jsonResponse({
+        default: 'test-model',
+        default_provider: 'test-provider',
+        groups: [sampleModelGroup],
+        allProviders: [sampleModelGroup],
+        model_aliases: {},
+        model_visibility: {},
+      }))
+      return
+    }
+
+    if (pathname === '/api/hermes/provider-models') {
+      await route.fulfill(jsonResponse({ models: ['proxy-model-a', 'proxy-model-b'] }))
+      return
+    }
+
+    if (pathname === '/api/hermes/profiles') {
+      await route.fulfill(jsonResponse({
+        profiles: [
+          { name: 'default', active: activeProfileName === 'default', model: 'test-model', gateway: 'test', alias: 'Default' },
+          { name: 'research', active: activeProfileName === 'research', model: 'test-model', gateway: 'test', alias: 'Research' },
+        ],
+      }))
+      return
+    }
+
+    if (pathname === '/api/hermes/profiles/runtime-statuses') {
+      await route.fulfill(jsonResponse({
+        profiles: [
+          {
+            profile: 'default',
+            bridge: { running: activeProfileName === 'default', profile: 'default', reachable: true },
+            gateway: { running: true, profile: 'default' },
+          },
+          {
+            profile: 'research',
+            bridge: { running: activeProfileName === 'research', profile: 'research', reachable: true },
+            gateway: { running: true, profile: 'research' },
+          },
+        ],
+      }))
+      return
+    }
+
+    if (pathname === '/api/hermes/profiles/active') {
+      if (request.method() !== 'PUT') {
+        await route.fulfill(jsonResponse({ error: 'Method not allowed' }, 405))
+        return
+      }
+
+      let body: { name?: unknown }
+      try {
+        body = JSON.parse(request.postData() || '{}')
+      } catch {
+        await route.fulfill(jsonResponse({ error: 'Invalid JSON body' }, 400))
+        return
+      }
+
+      if (body.name !== 'default' && body.name !== 'research') {
+        await route.fulfill(jsonResponse({ error: 'Unknown profile' }, 400))
+        return
+      }
+
+      activeProfileName = body.name
+      await route.fulfill(jsonResponse({ success: true, active: activeProfileName }))
+      return
+    }
+
+    if (pathname === '/api/hermes/config') {
+      await route.fulfill(jsonResponse({
+        display: { streaming: true, show_reasoning: true, show_cost: true },
+        agent: {},
+        memory: {},
+        session_reset: {},
+        privacy: {},
+        approvals: {},
+      }))
+      return
+    }
+
+    if (pathname === '/api/hermes/jobs') {
+      await route.fulfill(jsonResponse({ jobs: [sampleJob] }))
+      return
+    }
+
+    if (pathname === '/api/cron-history') {
+      await route.fulfill(jsonResponse({ runs: [] }))
+      return
+    }
+
+    unexpectedRequests.push(recordRequest(request))
+    await route.fulfill(jsonResponse({ error: `Unexpected mocked route: ${request.method()} ${pathname}` }, 404))
+  })
+
+  return { requests, unexpectedRequests }
+}
+
+export async function authenticate(page: Page, accessKey = TEST_ACCESS_KEY, profileName?: string) {
+  await page.addInitScript((state: { storedToken: string; storedProfileName?: string }) => {
+    const { storedToken, storedProfileName } = state
+    window.localStorage.setItem('hermes_api_key', storedToken)
+    if (storedProfileName && !window.localStorage.getItem('hermes_active_profile_name')) {
+      window.localStorage.setItem('hermes_active_profile_name', storedProfileName)
+    }
+  }, { storedToken: accessKey, storedProfileName: profileName })
+}
+
+export async function mockChatSocket(page: Page) {
+  await page.route('**/node_modules/.vite/deps/socket__io-client.js*', async (route) => {
+    await route.fulfill({
+      status: 200,
+      contentType: 'application/javascript',
+      body: `
+const state = window.__PW_CHAT_SOCKET__ || (window.__PW_CHAT_SOCKET__ = { sockets: [], emitted: [] })
+function makeSocket(url, options) {
+  const listeners = new Map()
+  const onceListeners = new Map()
+  const socket = {
+    connected: true,
+    url,
+    options,
+    on(event, handler) {
+      const handlers = listeners.get(event) || []
+      handlers.push(handler)
+      listeners.set(event, handlers)
+      return this
+    },
+    once(event, handler) {
+      const handlers = onceListeners.get(event) || []
+      handlers.push(handler)
+      onceListeners.set(event, handlers)
+      return this
+    },
+    emit(event, payload) {
+      state.emitted.push({ event, payload })
+      if (event === 'resume') {
+        const sessionId = payload && payload.session_id
+        const resumes = window.__PW_CHAT_SOCKET_RESUMES__ || {}
+        const response = sessionId ? resumes[sessionId] : null
+        if (response) {
+          setTimeout(() => this.__trigger('resumed', response), 0)
+        }
+      }
+      return this
+    },
+    removeAllListeners() {
+      listeners.clear()
+      onceListeners.clear()
+      return this
+    },
+    disconnect() {
+      this.connected = false
+      return this
+    },
+    __trigger(event, payload) {
+      for (const handler of listeners.get(event) || []) handler(payload)
+      const handlers = onceListeners.get(event) || []
+      onceListeners.delete(event)
+      for (const handler of handlers) handler(payload)
+    },
+  }
+  state.sockets.push(socket)
+  state.latest = socket
+  return socket
+}
+export function io(url, options) {
+  return makeSocket(url, options)
+}
+export default { io }
+`,
+    })
+  })
+}
+
+export async function mockTerminalWebSocket(page: Page) {
+  await page.addInitScript(() => {
+    const state = (window as any).__PW_TERMINAL_WS__ = {
+      sockets: [] as any[],
+      sent: [] as any[],
+      createdCount: 0,
+      latest: null as any,
+    }
+    const RealEvent = window.Event
+    const RealMessageEvent = window.MessageEvent
+
+    class MockTerminalWebSocket extends EventTarget {
+      static CONNECTING = 0
+      static OPEN = 1
+      static CLOSING = 2
+      static CLOSED = 3
+
+      readonly CONNECTING = 0
+      readonly OPEN = 1
+      readonly CLOSING = 2
+      readonly CLOSED = 3
+      binaryType: BinaryType = 'blob'
+      bufferedAmount = 0
+      extensions = ''
+      protocol = ''
+      readyState = MockTerminalWebSocket.CONNECTING
+      onopen: ((event: Event) => void) | null = null
+      onmessage: ((event: MessageEvent) => void) | null = null
+      onerror: ((event: Event) => void) | null = null
+      onclose: ((event: CloseEvent) => void) | null = null
+
+      constructor(readonly url: string | URL) {
+        super()
+        state.sockets.push(this)
+        state.latest = this
+        setTimeout(() => {
+          this.readyState = MockTerminalWebSocket.OPEN
+          const openEvent = new RealEvent('open')
+          this.onopen?.(openEvent)
+          this.dispatchEvent(openEvent)
+          this.__createSession('term-1', 'zsh', 101)
+        }, 0)
+      }
+
+      send(data: string | ArrayBufferLike | Blob | ArrayBufferView) {
+        const normalized = typeof data === 'string' ? data : String(data)
+        state.sent.push({ socket: this.url.toString(), data: normalized })
+        if (normalized.charCodeAt(0) !== 0x7B) return
+        try {
+          const message = JSON.parse(normalized)
+          if (message.type === 'create') {
+            this.__createSession(`term-${state.createdCount + 1}`, 'bash', 200 + state.createdCount)
+          }
+          if (message.type === 'switch') {
+            this.__emitMessage(JSON.stringify({ type: 'switched', id: message.sessionId }))
+          }
+        } catch {}
+      }
+
+      close() {
+        this.readyState = MockTerminalWebSocket.CLOSED
+      }
+
+      __createSession(id: string, shell: string, pid: number) {
+        state.createdCount += 1
+        this.__emitMessage(JSON.stringify({ type: 'created', id, shell, pid }))
+      }
+
+      __emitMessage(data: string) {
+        const event = new RealMessageEvent('message', { data })
+        this.onmessage?.(event)
+        this.dispatchEvent(event)
+      }
+    }
+
+    ;(window as any).WebSocket = MockTerminalWebSocket
+  })
+}
diff --git a/tests/e2e/group-chat-room-deeplink.spec.ts b/tests/e2e/group-chat-room-deeplink.spec.ts
new file mode 100644
index 0000000..2e4f68d
--- /dev/null
+++ b/tests/e2e/group-chat-room-deeplink.spec.ts
@@ -0,0 +1,153 @@
+import { expect, test, type Page, type Route } from '@playwright/test'
+import { authenticate } from './fixtures'
+
+const rooms = [
+  { id: 'room-alpha', name: 'Alpha Room', inviteCode: 'ALPHA1', triggerTokens: 100000, maxHistoryTokens: 32000, tailMessageCount: 10, totalTokens: 123 },
+  { id: 'room-beta', name: 'Beta Room', inviteCode: 'BETA22', triggerTokens: 100000, maxHistoryTokens: 32000, tailMessageCount: 10, totalTokens: 456 },
+]
+
+const messagesByRoom: Record<string, unknown[]> = {
+  'room-alpha': [
+    { id: 'alpha-msg', roomId: 'room-alpha', senderId: 'user-1', senderName: 'Alice', content: 'Alpha room message', timestamp: 1_790_000_000, role: 'user' },
+  ],
+  'room-beta': [
+    { id: 'beta-msg', roomId: 'room-beta', senderId: 'user-1', senderName: 'Bob', content: 'Beta room message', timestamp: 1_790_000_100, role: 'user' },
+  ],
+}
+
+async function mockGroupChatApi(page: Page) {
+  await page.route('**/*', async (route: Route) => {
+    const request = route.request()
+    const url = new URL(request.url())
+    const { pathname } = url
+
+    if (!(pathname === '/health' || pathname.startsWith('/api/'))) {
+      await route.continue()
+      return
+    }
+
+    const json = (body: unknown, status = 200) => route.fulfill({ status, contentType: 'application/json', body: JSON.stringify(body) })
+
+    if (pathname === '/health') return json({ status: 'ok' })
+    if (pathname === '/api/auth/status') return json({ hasPasswordLogin: false, username: null })
+    if (pathname === '/api/hermes/profiles') return json({ profiles: [{ name: 'default', active: true, model: 'test-model', gateway: 'test' }] })
+    if (pathname === '/api/hermes/group-chat/rooms') return json({ rooms })
+
+    const detailMatch = pathname.match(/^\/api\/hermes\/group-chat\/rooms\/([^/]+)$/)
+    if (detailMatch) {
+      const roomId = decodeURIComponent(detailMatch[1])
+      const room = rooms.find(r => r.id === roomId)
+      return room
+        ? json({ room, messages: messagesByRoom[roomId] || [], agents: [], members: [{ id: 'member-1', userId: 'user-1', name: 'User One', description: '', joinedAt: 1_790_000_000 }] })
+        : json({ error: 'Room not found' }, 404)
+    }
+
+    return json({ error: `Unexpected mocked route: ${request.method()} ${pathname}` }, 404)
+  })
+}
+
+async function mockGroupChatSocket(page: Page) {
+  await page.route('**/node_modules/.vite/deps/socket__io-client.js*', async (route) => {
+    await route.fulfill({
+      status: 200,
+      contentType: 'application/javascript',
+      body: `
+const state = window.__PW_GROUP_SOCKET__ || (window.__PW_GROUP_SOCKET__ = { sockets: [], emitted: [] })
+const roomMessages = ${JSON.stringify(messagesByRoom)}
+function makeSocket(url, options) {
+  const listeners = new Map()
+  const socket = {
+    connected: true,
+    url,
+    options,
+    on(event, handler) {
+      const handlers = listeners.get(event) || []
+      handlers.push(handler)
+      listeners.set(event, handlers)
+      return this
+    },
+    emit(event, payload, ack) {
+      state.emitted.push({ event, payload })
+      if (event === 'join' && typeof ack === 'function') {
+        const roomId = payload && payload.roomId
+        setTimeout(() => ack({ roomId, roomName: roomId, members: [], messages: roomMessages[roomId] || [], agents: [], rooms: [], typingUsers: [], contextStatuses: [] }), 0)
+      }
+      if (event === 'message' && typeof ack === 'function') {
+        setTimeout(() => ack({ id: payload && payload.id }), 0)
+      }
+      return this
+    },
+    removeAllListeners() {
+      listeners.clear()
+      return this
+    },
+    disconnect() {
+      this.connected = false
+      return this
+    },
+    __trigger(event, payload) {
+      for (const handler of listeners.get(event) || []) handler(payload)
+    },
+  }
+  state.sockets.push(socket)
+  state.latest = socket
+  return socket
+}
+export function io(url, options) {
+  return makeSocket(url, options)
+}
+export default { io }
+`,
+    })
+  })
+}
+
+async function setup(page: Page, path: string) {
+  await authenticate(page)
+  await mockGroupChatSocket(page)
+  await mockGroupChatApi(page)
+  await page.goto(path)
+}
+
+test.describe('group chat room deep links', () => {
+  test('route room id opens selected room', async ({ page }) => {
+    await setup(page, '/#/hermes/group-chat/room/room-beta')
+
+    await expect(page.locator('.room-title-text', { hasText: 'Beta Room' })).toBeVisible()
+    await expect(page.getByText('Beta room message')).toBeVisible()
+    await expect(page).toHaveURL(/#\/hermes\/group-chat\/room\/room-beta$/)
+  })
+
+  test('clicking another room updates URL and reload preserves it', async ({ page }) => {
+    await setup(page, '/#/hermes/group-chat/room/room-alpha')
+    await expect(page.getByText('Alpha room message')).toBeVisible()
+
+    await page.getByText('Beta Room').click()
+    await expect(page).toHaveURL(/#\/hermes\/group-chat\/room\/room-beta$/)
+    await expect(page.getByText('Beta room message')).toBeVisible()
+
+    await page.reload()
+    await expect(page).toHaveURL(/#\/hermes\/group-chat\/room\/room-beta$/)
+    await expect(page.getByText('Beta room message')).toBeVisible()
+  })
+
+  test('two tabs can show different rooms', async ({ context }) => {
+    const first = await context.newPage()
+    const second = await context.newPage()
+
+    await setup(first, '/#/hermes/group-chat/room/room-alpha')
+    await setup(second, '/#/hermes/group-chat/room/room-beta')
+
+    await expect(first.getByText('Alpha room message')).toBeVisible()
+    await expect(first.getByText('Beta room message')).toHaveCount(0)
+    await expect(second.getByText('Beta room message')).toBeVisible()
+    await expect(second.getByText('Alpha room message')).toHaveCount(0)
+  })
+
+  test('unknown route room id falls back to base group chat route', async ({ page }) => {
+    await setup(page, '/#/hermes/group-chat/room/missing-room')
+
+    await expect(page).toHaveURL(/#\/hermes\/group-chat$/)
+    await expect(page.getByText('Alpha Room')).toBeVisible()
+  })
+})
diff --git a/tests/e2e/history-session-deeplink.spec.ts b/tests/e2e/history-session-deeplink.spec.ts
new file mode 100644
index 0000000..ab2257e
--- /dev/null
+++ b/tests/e2e/history-session-deeplink.spec.ts
@@ -0,0 +1,153 @@
+import { expect, test, type Page, type Route } from '@playwright/test'
+import { authenticate } from './fixtures'
+
+const historySessions = [
+  {
+    id: 'hist-alpha',
+    profile: 'default',
+    source: 'cli',
+    model: 'test-model',
+    provider: 'test-provider',
+    title: 'Alpha History Session',
+    preview: 'Alpha preview',
+    started_at: 1_790_000_000,
+    ended_at: null,
+    last_active: 1_790_000_100,
+    message_count: 2,
+    tool_call_count: 0,
+    input_tokens: 10,
+    output_tokens: 20,
+    cache_read_tokens: 0,
+    cache_write_tokens: 0,
+    reasoning_tokens: 0,
+    billing_provider: null,
+    estimated_cost_usd: 0,
+    actual_cost_usd: null,
+    cost_status: '',
+    workspace: null,
+  },
+  {
+    id: 'hist-beta',
+    profile: 'default',
+    source: 'cli',
+    model: 'test-model',
+    provider: 'test-provider',
+    title: 'Beta History Session',
+    preview: 'Beta preview',
+    started_at: 1_790_000_200,
+    ended_at: null,
+    last_active: 1_790_000_300,
+    message_count: 2,
+    tool_call_count: 0,
+    input_tokens: 30,
+    output_tokens: 40,
+    cache_read_tokens: 0,
+    cache_write_tokens: 0,
+    reasoning_tokens: 0,
+    billing_provider: null,
+    estimated_cost_usd: 0,
+    actual_cost_usd: null,
+    cost_status: '',
+    workspace: null,
+  },
+]
+
+function detailFor(id: string) {
+  const session = historySessions.find(s => s.id === id)
+  if (!session) return null
+  return {
+    ...session,
+    messages: [
+      {
+        id: 1,
+        session_id: id,
+        role: 'user',
+        content: `Question for ${session.title}`,
+        tool_call_id: null,
+        tool_calls: null,
+        tool_name: null,
+        timestamp: session.started_at,
+        token_count: null,
+        finish_reason: null,
+        reasoning: null,
+      },
+      {
+        id: 2,
+        session_id: id,
+        role: 'assistant',
+        content: `Answer from ${session.title}`,
+        tool_call_id: null,
+        tool_calls: null,
+        tool_name: null,
+        timestamp: session.started_at + 1,
+        token_count: null,
+        finish_reason: null,
+        reasoning: null,
+      },
+    ],
+  }
+}
+
+async function mockHistoryApi(page: Page) {
+  await page.route('**/*', async (route: Route) => {
+    const request = route.request()
+    const url = new URL(request.url())
+    const { pathname } = url
+
+    if (!(pathname === '/health' || pathname.startsWith('/api/'))) {
+      await route.continue()
+      return
+    }
+
+    const json = (body: unknown, status = 200) => route.fulfill({ status, contentType: 'application/json', body: JSON.stringify(body) })
+
+    if (pathname === '/health') return json({ status: 'ok' })
+    if (pathname === '/api/auth/status') return json({ hasPasswordLogin: false, username: null })
+    if (pathname === '/api/hermes/available-models') return json({ default: 'test-model', default_provider: 'test-provider', groups: [], allProviders: [], model_aliases: {}, model_visibility: {} })
+    if (pathname === '/api/hermes/profiles') return json({ profiles: [{ name: 'default', active: true, model: 'test-model', gateway: 'test' }] })
+    if (pathname === '/api/hermes/sessions/hermes') return json({ sessions: historySessions })
+
+    const detailMatch = pathname.match(/^\/api\/hermes\/sessions\/hermes\/([^/]+)$/)
+    if (detailMatch) {
+      const detail = detailFor(decodeURIComponent(detailMatch[1]))
+      return detail ? json({ session: detail }) : json({ error: 'Session not found' }, 404)
+    }
+
+    return json({ error: `Unexpected mocked route: ${request.method()} ${pathname}` }, 404)
+  })
+}
+
+test.describe('history session deep links', () => {
+  test.beforeEach(async ({ page }) => {
+    await authenticate(page)
+    await mockHistoryApi(page)
+  })
+
+  test('route session id opens selected history session', async ({ page }) => {
+    await page.goto('/#/hermes/history/session/hist-beta')
+
+    await expect(page.getByText('Beta History Session').first()).toBeVisible()
+    await expect(page.getByText('Answer from Beta History Session')).toBeVisible()
+    await expect(page).toHaveURL(/#\/hermes\/history\/session\/hist-beta$/)
+  })
+
+  test('clicking another history session updates URL and reload preserves it', async ({ page }) => {
+    await page.goto('/#/hermes/history/session/hist-alpha')
+    await expect(page.getByText('Answer from Alpha History Session')).toBeVisible()
+
+    await page.getByText('Beta History Session').first().click()
+    await expect(page).toHaveURL(/#\/hermes\/history\/session\/hist-beta\?profile=default$/)
+    await expect(page.getByText('Answer from Beta History Session')).toBeVisible()
+
+    await page.reload()
+    await expect(page).toHaveURL(/#\/hermes\/history\/session\/hist-beta\?profile=default$/)
+    await expect(page.getByText('Answer from Beta History Session')).toBeVisible()
+  })
+
+  test('unknown route session id falls back to base history route', async ({ page }) => {
+    await page.goto('/#/hermes/history/session/missing-session')
+
+    await expect(page).toHaveURL(/#\/hermes\/history$/)
+    await expect(page.getByText('Alpha History Session').first()).toBeVisible()
+  })
+})
diff --git a/tests/e2e/native-navigation.spec.ts b/tests/e2e/native-navigation.spec.ts
new file mode 100644
index 0000000..7ab571a
--- /dev/null
+++ b/tests/e2e/native-navigation.spec.ts
@@ -0,0 +1,37 @@
+import { expect, test } from '@playwright/test'
+import { authenticate, mockHermesApi, TEST_ACCESS_KEY } from './fixtures'
+
+const sampleSession = {
+  id: 'session-native-1',
+  title: 'Native Link Session',
+  source: 'cli',
+  model: 'test-model',
+  provider: 'test-provider',
+  profile: 'research',
+  started_at: 1_700_000_000,
+  ended_at: null,
+  last_active: 1_700_000_100,
+  message_count: 2,
+}
+
+test('sidebar navigation exposes native links', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  await mockHermesApi(page)
+  await page.goto('/#/hermes/chat')
+
+  const models = page.locator('aside.sidebar').getByRole('link', { name: /^Models$/ })
+  await expect(models).toHaveAttribute('href', '#/hermes/models')
+
+  const history = page.locator('aside.sidebar').getByRole('link', { name: /^History$/ })
+  await expect(history).toHaveAttribute('href', '#/hermes/history')
+})
+
+test('session rows expose native session links', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  await mockHermesApi(page, { sessions: [sampleSession] })
+  await page.goto('/#/hermes/chat')
+
+  const sessionLink = page.locator('.session-items a.session-item').first()
+  await expect(sessionLink).toHaveAttribute('href', '#/hermes/session/session-native-1')
+  await expect(sessionLink).toContainText('Native Link Session')
+})
diff --git a/tests/e2e/provider-models.spec.ts b/tests/e2e/provider-models.spec.ts
new file mode 100644
index 0000000..a249615
--- /dev/null
+++ b/tests/e2e/provider-models.spec.ts
@@ -0,0 +1,37 @@
+import { expect, test } from '@playwright/test'
+import { authenticate, mockHermesApi, TEST_ACCESS_KEY } from './fixtures'
+
+test('fetches custom provider models through the backend proxy', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY)
+  const api = await mockHermesApi(page)
+
+  const thirdPartyRequests: string[] = []
+  page.on('request', (request) => {
+    const url = request.url()
+    if (url.startsWith('https://provider.example.test')) {
+      thirdPartyRequests.push(url)
+    }
+  })
+
+  await page.goto('/#/hermes/models')
+
+  await page.getByRole('button', { name: 'Add Provider' }).click()
+  await page.getByRole('button', { name: 'Custom' }).click()
+  await page.getByPlaceholder('e.g. https://api.example.com/v1').fill('https://provider.example.test/v1')
+  await page.getByPlaceholder('sk-...').fill('test-provider-key')
+  await page.getByRole('button', { name: 'Fetch' }).click()
+
+  await expect(page.getByText('Found 2 models')).toBeVisible()
+  await expect(page.getByText('proxy-model-a')).toBeVisible()
+
+  const proxyRequest = api.requests.find((request) => request.pathname === '/api/hermes/provider-models')
+  expect(proxyRequest).toBeTruthy()
+  expect(proxyRequest?.method).toBe('POST')
+  expect(proxyRequest?.headers.authorization).toBe(`Bearer ${TEST_ACCESS_KEY}`)
+  expect(JSON.parse(proxyRequest?.postData || '{}')).toMatchObject({
+    base_url: 'https://provider.example.test/v1',
+    api_key: 'test-provider-key',
+  })
+  expect(thirdPartyRequests).toEqual([])
+  expect(api.unexpectedRequests).toEqual([])
+})
diff --git a/tests/e2e/terminal.spec.ts b/tests/e2e/terminal.spec.ts
new file mode 100644
index 0000000..2ad21c4
--- /dev/null
+++ b/tests/e2e/terminal.spec.ts
@@ -0,0 +1,60 @@
+import { expect, test } from '@playwright/test'
+import { authenticate, mockHermesApi, mockTerminalWebSocket, TEST_ACCESS_KEY } from './fixtures'
+
+test('opens terminal websocket session and forwards user input', async ({ page }) => {
+  await authenticate(page, TEST_ACCESS_KEY, 'research')
+  const api = await mockHermesApi(page)
+  await mockTerminalWebSocket(page)
+
+  await page.goto('/#/hermes/terminal')
+
+  await expect(page.getByText('Sessions')).toBeVisible()
+  await expect(page.locator('.session-item-title', { hasText: 'zsh #1' })).toBeVisible()
+
+  const terminalState = await page.waitForFunction(() => {
+    const state = (window as any).__PW_TERMINAL_WS__
+    return state?.sockets?.length
+      ? {
+          url: state.latest.url,
+          sent: state.sent,
+        }
+      : null
+  })
+  const initialState = await terminalState.jsonValue() as any
+  const terminalUrl = new URL(initialState.url)
+  expect(terminalUrl.pathname).toBe('/api/hermes/terminal')
+  expect(terminalUrl.searchParams.get('token')).toBe(TEST_ACCESS_KEY)
+
+  await page.locator('.terminal-header .header-actions button').last().click()
+  await expect(page.locator('.session-item-title', { hasText: 'bash #2' })).toBeVisible()
+
+  await page.locator('.terminal-xterm').click()
+  await page.keyboard.type('pwd')
+  await page.keyboard.press('Enter')
+
+  await expect.poll(async () => page.evaluate(() => {
+    const state = (window as any).__PW_TERMINAL_WS__
+    return state.sent
+      .map((item: any) => item.data)
+      .filter((data: string) => !data.startsWith('{'))
+      .join('')
+  })).toContain('pwd')
+
+  await expect.poll(async () => page.evaluate(() => {
+    const state = (window as any).__PW_TERMINAL_WS__
+    return state.sent
+      .map((item: any) => item.data)
+      .filter((data: string) => data.startsWith('{'))
+      .map((data: string) => JSON.parse(data))
+      .some((message: any) => message.type === 'resize' && message.cols > 0 && message.rows > 0)
+  })).toBe(true)
+
+  const finalState = await page.evaluate(() => (window as any).__PW_TERMINAL_WS__)
+  const controlMessages = finalState.sent
+    .map((item: any) => item.data)
+    .filter((data: string) => data.startsWith('{'))
+    .map((data: string) => JSON.parse(data))
+
+  expect(controlMessages.some((message: any) => message.type === 'create')).toBe(true)
+  expect(api.unexpectedRequests).toEqual([])
+})
diff --git a/tests/server/agent-bridge-client-clarify.test.ts b/tests/server/agent-bridge-client-clarify.test.ts
new file mode 100644
index 0000000..648c2cc
--- /dev/null
+++ b/tests/server/agent-bridge-client-clarify.test.ts
@@ -0,0 +1,20 @@
+import { describe, expect, it, vi } from 'vitest'
+
+describe('AgentBridgeClient clarify responses', () => {
+  it('sends clarify_respond requests to the bridge', async () => {
+    const { AgentBridgeClient } = await import('../../packages/server/src/services/hermes/agent-bridge/client')
+    const client = new AgentBridgeClient({ endpoint: 'tcp://127.0.0.1:1', connectRetryMs: 0, timeoutMs: 1 })
+    const request = vi.spyOn(client, 'request').mockResolvedValue({ ok: true, resolved: true })
+
+    await expect(client.clarifyRespond('clarify-1', 'Use the first option')).resolves.toEqual({
+      ok: true,
+      resolved: true,
+    })
+
+    expect(request).toHaveBeenCalledWith({
+      action: 'clarify_respond',
+      clarify_id: 'clarify-1',
+      response: 'Use the first option',
+    })
+  })
+})
diff --git a/tests/server/agent-bridge-manager.test.ts b/tests/server/agent-bridge-manager.test.ts
new file mode 100644
index 0000000..1e2a00b
--- /dev/null
+++ b/tests/server/agent-bridge-manager.test.ts
@@ -0,0 +1,194 @@
+import { chmodSync, existsSync, mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'fs'
+import { createServer, type Server } from 'net'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+function uvToolHermesPythonPath(): string | undefined {
+  if (process.platform !== 'win32') return undefined
+  const candidate = join(process.env.APPDATA || '', 'uv', 'tools', 'hermes-agent', 'Scripts', 'python.exe')
+  return existsSync(candidate) ? candidate : undefined
+}
+
+describe('agent bridge manager command resolution', () => {
+  const originalEnv = { ...process.env }
+  let tempDir = ''
+
+  beforeEach(() => {
+    vi.resetModules()
+    tempDir = mkdtempSync(join(tmpdir(), 'hermes-agent-bridge-manager-'))
+    process.env = { ...originalEnv }
+    delete process.env.HERMES_AGENT_ROOT
+    delete process.env.HERMES_AGENT_BRIDGE_PYTHON
+    delete process.env.HERMES_AGENT_BRIDGE_UV
+    delete process.env.UV
+  })
+
+  afterEach(() => {
+    process.env = { ...originalEnv }
+    if (tempDir) rmSync(tempDir, { recursive: true, force: true })
+  })
+
+  it('uses the installed hermes command Python when no source root exists', async () => {
+    if (uvToolHermesPythonPath()) return
+
+    const binDir = join(tempDir, 'bin')
+    const homeDir = join(tempDir, 'home')
+    const fakePython = join(binDir, 'python')
+    const fakeHermes = join(binDir, 'hermes')
+    mkdirSync(binDir, { recursive: true })
+    mkdirSync(homeDir, { recursive: true })
+    writeFileSync(fakePython, '#!/bin/sh\n')
+    chmodSync(fakePython, 0o755)
+    writeFileSync(fakeHermes, `#!${fakePython}\n`)
+    chmodSync(fakeHermes, 0o755)
+    process.env.HERMES_HOME = homeDir
+    process.env.HERMES_BIN = fakeHermes
+
+    const { resolveAgentBridgeCommand } = await import('../../packages/server/src/services/hermes/agent-bridge/manager')
+    const command = resolveAgentBridgeCommand()
+
+    expect(command).toEqual({
+      command: fakePython,
+      argsPrefix: [],
+      agentRoot: undefined,
+      hermesHome: homeDir,
+    })
+  })
+
+  it('discovers hermes-agent from a global lib install next to the hermes command', async () => {
+    const installDir = join(tempDir, 'usr', 'local')
+    const binDir = join(installDir, 'bin')
+    const agentRoot = join(installDir, 'lib', 'hermes-agent')
+    const fakePython = join(binDir, 'python')
+    const fakeHermes = join(binDir, 'hermes')
+    const homeDir = join(tempDir, 'home')
+    mkdirSync(binDir, { recursive: true })
+    mkdirSync(agentRoot, { recursive: true })
+    mkdirSync(homeDir, { recursive: true })
+    writeFileSync(join(agentRoot, 'run_agent.py'), '')
+    writeFileSync(fakePython, '#!/bin/sh\n')
+    chmodSync(fakePython, 0o755)
+    writeFileSync(fakeHermes, `#!${fakePython}\n`)
+    chmodSync(fakeHermes, 0o755)
+    process.env.HERMES_HOME = homeDir
+    process.env.HERMES_BIN = fakeHermes
+
+    const { resolveAgentBridgeCommand } = await import('../../packages/server/src/services/hermes/agent-bridge/manager')
+    const command = resolveAgentBridgeCommand()
+
+    expect(command.agentRoot).toBe(agentRoot)
+  })
+
+  it('falls back to system Python instead of uv when no source root exists', async () => {
+    if (uvToolHermesPythonPath()) return
+
+    const homeDir = join(tempDir, 'home')
+    const fakePython = join(tempDir, 'python3')
+    mkdirSync(homeDir, { recursive: true })
+    writeFileSync(fakePython, '#!/bin/sh\n')
+    chmodSync(fakePython, 0o755)
+    process.env.HERMES_HOME = homeDir
+    process.env.HERMES_BIN = join(tempDir, 'missing-hermes')
+    process.env.PYTHON = fakePython
+
+    const { resolveAgentBridgeCommand } = await import('../../packages/server/src/services/hermes/agent-bridge/manager')
+    const command = resolveAgentBridgeCommand()
+
+    expect(command).toEqual({
+      command: fakePython,
+      argsPrefix: [],
+      agentRoot: undefined,
+      hermesHome: homeDir,
+    })
+  })
+
+  it('injects Web UI OpenRouter attribution into the bridge process env by default', async () => {
+    const { buildAgentBridgeProcessEnv } = await import('../../packages/server/src/services/hermes/agent-bridge/manager')
+    const env = buildAgentBridgeProcessEnv('ipc:///tmp/test.sock', '/tmp/hermes-home', '/tmp/hermes-agent')
+
+    expect(env.HERMES_OPENROUTER_APP_REFERER).toBe('https://hermes-studio.ai')
+    expect(env.HERMES_OPENROUTER_APP_TITLE).toBe('Hermes Web UI')
+    expect(env.HERMES_OPENROUTER_APP_CATEGORIES).toBe('cli-agent,personal-agent')
+  })
+
+  it('keeps explicit OpenRouter attribution env values when starting the bridge', async () => {
+    process.env.HERMES_OPENROUTER_APP_REFERER = 'https://example.invalid/app'
+    process.env.HERMES_OPENROUTER_APP_TITLE = 'Custom App'
+    process.env.HERMES_OPENROUTER_APP_CATEGORIES = 'custom-category'
+
+    const { buildAgentBridgeProcessEnv } = await import('../../packages/server/src/services/hermes/agent-bridge/manager')
+    const env = buildAgentBridgeProcessEnv('ipc:///tmp/test.sock', '/tmp/hermes-home', undefined)
+
+    expect(env.HERMES_OPENROUTER_APP_REFERER).toBe('https://example.invalid/app')
+    expect(env.HERMES_OPENROUTER_APP_TITLE).toBe('Custom App')
+    expect(env.HERMES_OPENROUTER_APP_CATEGORIES).toBe('custom-category')
+  })
+
+  it('uses an isolated default bridge endpoint while running under Vitest', async () => {
+    const { DEFAULT_AGENT_BRIDGE_ENDPOINT } = await import('../../packages/server/src/services/hermes/agent-bridge/client')
+
+    if (process.platform === 'win32') {
+      expect(DEFAULT_AGENT_BRIDGE_ENDPOINT).toMatch(/^tcp:\/\/127\.0\.0\.1:\d+$/)
+      expect(DEFAULT_AGENT_BRIDGE_ENDPOINT).not.toBe('tcp://127.0.0.1:18765')
+    } else {
+      expect(DEFAULT_AGENT_BRIDGE_ENDPOINT).toContain(`hermes-agent-bridge-test-${process.pid}`)
+      expect(DEFAULT_AGENT_BRIDGE_ENDPOINT).not.toBe('ipc:///tmp/hermes-agent-bridge.sock')
+    }
+  })
+
+  it('prefers uv tool install Python when available on Windows', async () => {
+    const uvPython = uvToolHermesPythonPath()
+    if (!uvPython) return
+
+    const homeDir = join(tempDir, 'home')
+    mkdirSync(homeDir, { recursive: true })
+    process.env.HERMES_HOME = homeDir
+
+    const { resolveAgentBridgeCommand } = await import('../../packages/server/src/services/hermes/agent-bridge/manager')
+    const command = resolveAgentBridgeCommand()
+
+    expect(command.command).toBe(uvPython)
+  })
+
+  it('honors the bridge connect retry environment override', async () => {
+    process.env.HERMES_AGENT_BRIDGE_CONNECT_RETRY_MS = '120000'
+
+    const { AgentBridgeClient } = await import('../../packages/server/src/services/hermes/agent-bridge/client')
+    const client = new AgentBridgeClient({ endpoint: 'tcp://127.0.0.1:1' })
+
+    expect(client.connectRetryMs).toBe(120000)
+  })
+
+  it('waits briefly for a restarting bridge socket before failing', async () => {
+    const endpoint = process.platform === 'win32'
+      ? `tcp://127.0.0.1:${32000 + (process.pid % 10000)}`
+      : `ipc://${join(tempDir, 'late-bridge.sock')}`
+    let server: Server | undefined
+
+    const ready = new Promise<void>((resolve) => {
+      setTimeout(() => {
+        server = createServer((socket) => {
+          socket.once('data', () => {
+            socket.end(`${JSON.stringify({ ok: true, pong: true })}\n`)
+          })
+        })
+        if (endpoint.startsWith('ipc://')) {
+          server.listen(endpoint.slice('ipc://'.length), resolve)
+        } else {
+          const url = new URL(endpoint)
+          server.listen(Number(url.port), url.hostname, resolve)
+        }
+      }, 150)
+    })
+
+    try {
+      const { AgentBridgeClient } = await import('../../packages/server/src/services/hermes/agent-bridge/client')
+      const client = new AgentBridgeClient({ endpoint, connectRetryMs: 1000, timeoutMs: 1000 })
+      await expect(client.ping()).resolves.toMatchObject({ ok: true, pong: true })
+      await ready
+    } finally {
+      await new Promise<void>((resolve) => server?.close(() => resolve()) ?? resolve())
+    }
+  })
+})
diff --git a/tests/server/agent-bridge-mcp-tools-filter.test.ts b/tests/server/agent-bridge-mcp-tools-filter.test.ts
new file mode 100644
index 0000000..e0378f5
--- /dev/null
+++ b/tests/server/agent-bridge-mcp-tools-filter.test.ts
@@ -0,0 +1,108 @@
+import { execFileSync } from 'child_process'
+import { describe, expect, it } from 'vitest'
+
+function runPython(script: string): any {
+  try {
+    const output = execFileSync('python3', ['-c', script], {
+      cwd: process.cwd(),
+      encoding: 'utf-8',
+      stdio: 'pipe',
+    })
+    return JSON.parse(output)
+  } catch (error) {
+    const err = error as { stdout?: string; stderr?: string; message?: string }
+    throw new Error([
+      err.message || 'Python bridge MCP filter script failed',
+      err.stdout ? `stdout:\n${err.stdout}` : '',
+      err.stderr ? `stderr:\n${err.stderr}` : '',
+    ].filter(Boolean).join('\n\n'))
+  }
+}
+
+describe('agent bridge MCP tools filtering', () => {
+  it('treats an empty include list as an active filter and keeps raw listing unfiltered', () => {
+    const result = runPython(String.raw`
+import importlib.util
+import json
+import sys
+import threading
+from pathlib import Path
+
+path = Path("packages/server/src/services/hermes/agent-bridge/hermes_bridge.py")
+spec = importlib.util.spec_from_file_location("hermes_bridge", path)
+bridge = importlib.util.module_from_spec(spec)
+sys.modules[spec.name] = bridge
+spec.loader.exec_module(bridge)
+
+class Tool:
+    def __init__(self, name):
+        self.name = name
+        self.description = f"{name} description"
+        self.inputSchema = {"type": "object"}
+
+class Task:
+    _task = None
+    _error = None
+
+    def __init__(self):
+        self._tools = [Tool("read_file"), Tool("write_file"), Tool("delete_file")]
+        self._registered_tool_names = ["read_file", "write_file", "delete_file"]
+        self._config = {"command": "mcp-server"}
+
+server = bridge.BridgeServer("tcp://127.0.0.1:0")
+servers = {"fs": Task()}
+lock = threading.RLock()
+
+def names(response):
+    return [tool["name"] for tool in response["results"][0]["tools"]]
+
+server._read_mcp_config = lambda profile: {
+    "mcp_servers": {
+        "fs": {
+            "command": "mcp-server",
+            "tools": {"include": []},
+        },
+    },
+}
+include_empty = server._mcp_tools_list({"server": "fs"}, "default", servers, lock)
+include_empty_list = server._mcp_list("default", servers, lock)
+include_empty_raw = server._mcp_tools_list({"server": "fs", "raw": True}, "default", servers, lock)
+
+server._read_mcp_config = lambda profile: {
+    "mcp_servers": {
+        "fs": {
+            "command": "mcp-server",
+            "tools": {"include": ["read_file"]},
+        },
+    },
+}
+include_one = server._mcp_tools_list({"server": "fs"}, "default", servers, lock)
+
+server._read_mcp_config = lambda profile: {
+    "mcp_servers": {
+        "fs": {
+            "command": "mcp-server",
+            "tools": {"exclude": ["delete_file"]},
+        },
+    },
+}
+exclude_one = server._mcp_tools_list({"server": "fs"}, "default", servers, lock)
+
+print(json.dumps({
+    "include_empty": names(include_empty),
+    "include_empty_details": include_empty_list["servers"][0]["tool_details"],
+    "include_empty_raw": names(include_empty_raw),
+    "include_one": names(include_one),
+    "exclude_one": names(exclude_one),
+}))
+`)
+
+    expect(result).toEqual({
+      include_empty: [],
+      include_empty_details: [],
+      include_empty_raw: ['read_file', 'write_file', 'delete_file'],
+      include_one: ['read_file'],
+      exclude_one: ['read_file', 'write_file'],
+    })
+  })
+})
diff --git a/tests/server/agent-bridge-profile-env.test.ts b/tests/server/agent-bridge-profile-env.test.ts
new file mode 100644
index 0000000..e3fe464
--- /dev/null
+++ b/tests/server/agent-bridge-profile-env.test.ts
@@ -0,0 +1,572 @@
+import { execFile } from 'child_process'
+import { mkdir, mkdtemp, realpath, rm, writeFile } from 'fs/promises'
+import { tmpdir } from 'os'
+import { join, resolve } from 'path'
+import { promisify } from 'util'
+import { afterEach, beforeEach, describe, expect, it } from 'vitest'
+
+const execFileAsync = promisify(execFile)
+
+let tempDir = ''
+
+beforeEach(async () => {
+  tempDir = await mkdtemp(join(tmpdir(), 'hermes-bridge-profile-env-'))
+})
+
+afterEach(async () => {
+  if (tempDir) await rm(tempDir, { recursive: true, force: true })
+  tempDir = ''
+})
+
+async function runBridgeProbe(script: string): Promise<any> {
+  const bridgePath = resolve('packages/server/src/services/hermes/agent-bridge/hermes_bridge.py')
+  const { stdout } = await execFileAsync('python3', ['-c', script], {
+    cwd: resolve('.'),
+    env: {
+      ...process.env,
+      BRIDGE_PATH: bridgePath,
+      TEST_HERMES_HOME: tempDir,
+    },
+    maxBuffer: 1024 * 1024,
+  })
+  return JSON.parse(stdout)
+}
+
+describe('agent bridge JSON encoding', () => {
+  it('replaces lone surrogate characters before bridge socket writes', async () => {
+    const result = await runBridgeProbe(String.raw`
+import importlib.util
+import json
+import os
+import sys
+
+spec = importlib.util.spec_from_file_location("hermes_bridge", os.environ["BRIDGE_PATH"])
+bridge = importlib.util.module_from_spec(spec)
+sys.modules["hermes_bridge"] = bridge
+spec.loader.exec_module(bridge)
+
+class FakeSocket:
+    def __init__(self):
+        self.sent = []
+        self.closed = False
+        self._read = False
+
+    def sendall(self, payload):
+        self.sent.append(payload)
+
+    def recv(self, size):
+        if self._read:
+            return b""
+        self._read = True
+        return b'{"ok":true}\n'
+
+    def close(self):
+        self.closed = True
+
+class FakeConn:
+    def __init__(self):
+        self.sent = b""
+
+    def sendall(self, payload):
+        self.sent += payload
+
+fake_socket = FakeSocket()
+bridge._connect_bridge_socket = lambda endpoint, timeout: fake_socket
+bridge._send_bridge_request("tcp://127.0.0.1:1", {
+    "message": "request-\ud800",
+    "items": ["nested-\udfff"],
+}, 1)
+
+fake_conn = FakeConn()
+bridge._write_json_response(fake_conn, {
+    "ok": True,
+    "message": "response-\udc00",
+    "nested": {"key-\ud800": "value-\udfff"},
+})
+
+print(json.dumps({
+    "request": json.loads(fake_socket.sent[0].decode("utf-8")),
+    "response": json.loads(fake_conn.sent.decode("utf-8")),
+    "closed": fake_socket.closed,
+}))
+`)
+
+    expect(result).toEqual({
+      request: {
+        message: 'request-\uFFFD',
+        items: ['nested-\uFFFD'],
+      },
+      response: {
+        ok: true,
+        message: 'response-\uFFFD',
+        nested: { 'key-\uFFFD': 'value-\uFFFD' },
+      },
+      closed: true,
+    })
+  })
+})
+
+describe('agent bridge Windows desktop subprocess defaults', () => {
+  it('adds CREATE_NO_WINDOW to sync and async nested subprocesses without replacing existing flags', async () => {
+    const result = await runBridgeProbe(String.raw`
+import importlib.util
+import json
+import os
+import sys
+
+spec = importlib.util.spec_from_file_location("hermes_bridge", os.environ["BRIDGE_PATH"])
+bridge = importlib.util.module_from_spec(spec)
+sys.modules["hermes_bridge"] = bridge
+spec.loader.exec_module(bridge)
+
+original_os_name = bridge.os.name
+original_popen = bridge.subprocess.Popen
+original_async_exec = bridge.asyncio.create_subprocess_exec
+original_async_shell = bridge.asyncio.create_subprocess_shell
+original_create_no_window = getattr(bridge.subprocess, "CREATE_NO_WINDOW", None)
+original_startupinfo = getattr(bridge.subprocess, "STARTUPINFO", None)
+original_startf = getattr(bridge.subprocess, "STARTF_USESHOWWINDOW", None)
+original_sw_hide = getattr(bridge.subprocess, "SW_HIDE", None)
+original_installed = getattr(bridge.subprocess, "_hermes_hidden_defaults_installed", None)
+
+class FakePopen:
+    calls = []
+
+    def __init__(self, *args, **kwargs):
+        FakePopen.calls.append({"args": args, "kwargs": kwargs})
+
+async_calls = []
+
+async def fake_create_subprocess_exec(*args, **kwargs):
+    async_calls.append({"kind": "exec", "args": args, "kwargs": kwargs})
+    return {"kind": "exec"}
+
+async def fake_create_subprocess_shell(*args, **kwargs):
+    async_calls.append({"kind": "shell", "args": args, "kwargs": kwargs})
+    return {"kind": "shell"}
+
+class FakeStartupInfo:
+    def __init__(self):
+        self.dwFlags = 0
+        self.wShowWindow = None
+
+try:
+    bridge.os.name = "nt"
+    bridge.os.environ["HERMES_DESKTOP"] = "true"
+    bridge.subprocess.Popen = FakePopen
+    bridge.asyncio.create_subprocess_exec = fake_create_subprocess_exec
+    bridge.asyncio.create_subprocess_shell = fake_create_subprocess_shell
+    bridge.subprocess.CREATE_NO_WINDOW = 0x08000000
+    bridge.subprocess.STARTUPINFO = FakeStartupInfo
+    bridge.subprocess.STARTF_USESHOWWINDOW = 0x00000001
+    bridge.subprocess.SW_HIDE = 0
+    if hasattr(bridge.subprocess, "_hermes_hidden_defaults_installed"):
+        delattr(bridge.subprocess, "_hermes_hidden_defaults_installed")
+
+    bridge._install_windows_hidden_subprocess_defaults()
+    bridge.subprocess.Popen(["git", "status"], creationflags=0x00000200)
+    flags = FakePopen.calls[0]["kwargs"]["creationflags"]
+    startupinfo = FakePopen.calls[0]["kwargs"]["startupinfo"]
+    bridge.asyncio.run(bridge.asyncio.create_subprocess_exec("git", "status", creationflags=0x00000400))
+    bridge.asyncio.run(bridge.asyncio.create_subprocess_shell("git status"))
+    async_exec_flags = async_calls[0]["kwargs"]["creationflags"]
+    async_exec_startupinfo = async_calls[0]["kwargs"]["startupinfo"]
+    async_shell_flags = async_calls[1]["kwargs"]["creationflags"]
+    async_shell_startupinfo = async_calls[1]["kwargs"]["startupinfo"]
+finally:
+    bridge.os.name = original_os_name
+    bridge.subprocess.Popen = original_popen
+    bridge.asyncio.create_subprocess_exec = original_async_exec
+    bridge.asyncio.create_subprocess_shell = original_async_shell
+    if original_create_no_window is None:
+        try:
+            delattr(bridge.subprocess, "CREATE_NO_WINDOW")
+        except AttributeError:
+            pass
+    else:
+        bridge.subprocess.CREATE_NO_WINDOW = original_create_no_window
+    for name, original in [
+        ("STARTUPINFO", original_startupinfo),
+        ("STARTF_USESHOWWINDOW", original_startf),
+        ("SW_HIDE", original_sw_hide),
+    ]:
+        if original is None:
+            try:
+                delattr(bridge.subprocess, name)
+            except AttributeError:
+                pass
+        else:
+            setattr(bridge.subprocess, name, original)
+    if original_installed is None:
+        try:
+            delattr(bridge.subprocess, "_hermes_hidden_defaults_installed")
+        except AttributeError:
+            pass
+    else:
+        bridge.subprocess._hermes_hidden_defaults_installed = original_installed
+
+print(json.dumps({
+    "flags": flags,
+    "has_create_no_window": bool(flags & 0x08000000),
+    "kept_existing_flag": bool(flags & 0x00000200),
+    "startupinfo_hidden": bool(startupinfo.dwFlags & 0x00000001) and startupinfo.wShowWindow == 0,
+    "async_exec_flags": async_exec_flags,
+    "async_exec_has_create_no_window": bool(async_exec_flags & 0x08000000),
+    "async_exec_kept_existing_flag": bool(async_exec_flags & 0x00000400),
+    "async_exec_startupinfo_hidden": bool(async_exec_startupinfo.dwFlags & 0x00000001) and async_exec_startupinfo.wShowWindow == 0,
+    "async_shell_flags": async_shell_flags,
+    "async_shell_has_create_no_window": bool(async_shell_flags & 0x08000000),
+    "async_shell_startupinfo_hidden": bool(async_shell_startupinfo.dwFlags & 0x00000001) and async_shell_startupinfo.wShowWindow == 0,
+}))
+`)
+
+    expect(result).toEqual({
+      flags: 0x08000200,
+      has_create_no_window: true,
+      kept_existing_flag: true,
+      startupinfo_hidden: true,
+      async_exec_flags: 0x08000400,
+      async_exec_has_create_no_window: true,
+      async_exec_kept_existing_flag: true,
+      async_exec_startupinfo_hidden: true,
+      async_shell_flags: 0x08000000,
+      async_shell_has_create_no_window: true,
+      async_shell_startupinfo_hidden: true,
+    })
+  })
+})
+
+describe('agent bridge profile environment', () => {
+  it('runs agent calls with the requested profile HERMES_HOME and restores the bridge home', async () => {
+    const profileHome = join(tempDir, 'profiles', 'work')
+    await mkdir(profileHome, { recursive: true })
+    await writeFile(join(tempDir, 'config.yaml'), 'model:\n  default: default-model\n', 'utf-8')
+    await writeFile(join(tempDir, '.env'), 'OPENAI_API_KEY=default-openai\nBASE_ONLY_TOKEN=base-token\n', 'utf-8')
+    await writeFile(join(profileHome, 'config.yaml'), 'model:\n  default: work-model\n', 'utf-8')
+    await writeFile(join(profileHome, '.env'), 'GLM_API_KEY=work-glm\n', 'utf-8')
+    const expectedProfileHome = await realpath(profileHome)
+
+    const result = await runBridgeProbe(`
+import importlib.util
+import json
+import os
+import sys
+
+spec = importlib.util.spec_from_file_location("hermes_bridge", os.environ["BRIDGE_PATH"])
+bridge = importlib.util.module_from_spec(spec)
+sys.modules["hermes_bridge"] = bridge
+spec.loader.exec_module(bridge)
+
+root = os.environ["TEST_HERMES_HOME"]
+profile_home = os.path.join(root, "profiles", "work")
+os.environ["HERMES_HOME"] = root
+os.environ["HERMES_AGENT_BRIDGE_BASE_HOME"] = root
+os.environ["OPENAI_API_KEY"] = "shell-openai"
+os.environ["GLM_API_KEY"] = "shell-glm"
+
+class FakeAgent:
+    def __init__(self):
+        self.seen_home = None
+        self.seen_openai = None
+        self.seen_glm = None
+        self.seen_base_only = None
+
+    def run_conversation(self, message, **kwargs):
+        self.seen_home = os.environ.get("HERMES_HOME")
+        self.seen_openai = os.environ.get("OPENAI_API_KEY")
+        self.seen_glm = os.environ.get("GLM_API_KEY")
+        self.seen_base_only = os.environ.get("BASE_ONLY_TOKEN")
+        return {"messages": [{"role": "assistant", "content": "ok"}]}
+
+agent = FakeAgent()
+with bridge._profile_env("work"):
+    result = agent.run_conversation("hello")
+
+print(json.dumps({
+    "seen_home": agent.seen_home,
+    "seen_openai": agent.seen_openai,
+    "seen_glm": agent.seen_glm,
+    "seen_base_only": agent.seen_base_only,
+    "restored_home": os.environ.get("HERMES_HOME"),
+    "restored_openai": os.environ.get("OPENAI_API_KEY"),
+    "restored_glm": os.environ.get("GLM_API_KEY"),
+    "restored_base_only": os.environ.get("BASE_ONLY_TOKEN"),
+    "status": "complete" if result.get("messages") else "error",
+}))
+`)
+
+    expect(result).toEqual({
+      seen_home: expectedProfileHome,
+      seen_openai: null,
+      seen_glm: 'work-glm',
+      seen_base_only: null,
+      restored_home: tempDir,
+      restored_openai: 'shell-openai',
+      restored_glm: 'shell-glm',
+      restored_base_only: null,
+      status: 'complete',
+    })
+  })
+
+  it('normalizes a profile-scoped bridge home back to the Hermes root for profile lookup', async () => {
+    const agentRoot = join(tempDir, 'hermes-agent')
+    const profileHome = join(tempDir, 'profiles', 'work')
+    await mkdir(agentRoot, { recursive: true })
+    await mkdir(profileHome, { recursive: true })
+    await writeFile(join(agentRoot, 'run_agent.py'), '', 'utf-8')
+    await writeFile(join(profileHome, 'config.yaml'), 'model:\n  default: work-model\n', 'utf-8')
+    const expectedRoot = await realpath(tempDir)
+    const expectedProfileHome = await realpath(profileHome)
+
+    const result = await runBridgeProbe(`
+import importlib.util
+import json
+import os
+import sys
+
+spec = importlib.util.spec_from_file_location("hermes_bridge", os.environ["BRIDGE_PATH"])
+bridge = importlib.util.module_from_spec(spec)
+sys.modules["hermes_bridge"] = bridge
+spec.loader.exec_module(bridge)
+
+root = os.environ["TEST_HERMES_HOME"]
+agent_root = os.path.join(root, "hermes-agent")
+profile_home = os.path.join(root, "profiles", "work")
+bridge._set_path_env(agent_root, profile_home)
+
+print(json.dumps({
+    "home": os.environ.get("HERMES_HOME"),
+    "base": os.environ.get("HERMES_AGENT_BRIDGE_BASE_HOME"),
+    "profile_home": str(bridge._profile_home("work")),
+}))
+`)
+
+    expect(result).toEqual({
+      home: expectedProfileHome,
+      base: expectedRoot,
+      profile_home: expectedProfileHome,
+    })
+  })
+
+  it('falls back to package imports when no Hermes Agent source root exists', async () => {
+    const packageDir = join(tempDir, 'site-packages')
+    const hermesHome = join(tempDir, 'home')
+    await mkdir(packageDir, { recursive: true })
+    await mkdir(hermesHome, { recursive: true })
+    await writeFile(join(packageDir, 'run_agent.py'), 'class AIAgent: pass\n', 'utf-8')
+    const expectedHermesHome = await realpath(hermesHome)
+
+    const result = await runBridgeProbe(`
+import importlib.util
+import json
+import os
+import sys
+
+spec = importlib.util.spec_from_file_location("hermes_bridge", os.environ["BRIDGE_PATH"])
+bridge = importlib.util.module_from_spec(spec)
+sys.modules["hermes_bridge"] = bridge
+spec.loader.exec_module(bridge)
+
+package_dir = os.path.join(os.environ["TEST_HERMES_HOME"], "site-packages")
+hermes_home = os.path.join(os.environ["TEST_HERMES_HOME"], "home")
+sys.path.insert(0, package_dir)
+bridge._candidate_agent_roots = lambda raw=None: []
+os.environ.pop("HERMES_AGENT_ROOT", None)
+
+bridge._set_path_env(None, hermes_home)
+bridge._ensure_agent_imports()
+from run_agent import AIAgent
+
+print(json.dumps({
+    "agent_root": os.environ.get("HERMES_AGENT_ROOT"),
+    "home": os.environ.get("HERMES_HOME"),
+    "base": os.environ.get("HERMES_AGENT_BRIDGE_BASE_HOME"),
+    "agent_class": AIAgent.__name__,
+}))
+`)
+
+    expect(result).toEqual({
+      agent_root: null,
+      home: expectedHermesHome,
+      base: expectedHermesHome,
+      agent_class: 'AIAgent',
+    })
+  })
+
+  it('keeps inherited profile env keys for default profile compatibility', async () => {
+    await mkdir(join(tempDir, 'profiles', 'work'), { recursive: true })
+    await writeFile(join(tempDir, '.env'), 'OPENAI_API_KEY=default-openai\n', 'utf-8')
+    await writeFile(join(tempDir, 'profiles', 'work', '.env'), 'GLM_API_KEY=work-glm\n', 'utf-8')
+    await writeFile(join(tempDir, 'config.yaml'), 'model:\n  default: default-model\n', 'utf-8')
+
+    const result = await runBridgeProbe(`
+import importlib.util
+import json
+import os
+import sys
+
+spec = importlib.util.spec_from_file_location("hermes_bridge", os.environ["BRIDGE_PATH"])
+bridge = importlib.util.module_from_spec(spec)
+sys.modules["hermes_bridge"] = bridge
+spec.loader.exec_module(bridge)
+
+root = os.environ["TEST_HERMES_HOME"]
+os.environ["HERMES_HOME"] = root
+os.environ["HERMES_AGENT_BRIDGE_BASE_HOME"] = root
+os.environ["OPENAI_API_KEY"] = "shell-openai"
+os.environ["GLM_API_KEY"] = "shell-glm"
+
+with bridge._profile_env("default"):
+    inside = {
+        "openai": os.environ.get("OPENAI_API_KEY"),
+        "glm": os.environ.get("GLM_API_KEY"),
+    }
+
+print(json.dumps({
+    "inside": inside,
+    "restored_openai": os.environ.get("OPENAI_API_KEY"),
+    "restored_glm": os.environ.get("GLM_API_KEY"),
+}))
+`)
+
+    expect(result).toEqual({
+      inside: {
+        openai: 'default-openai',
+        glm: 'shell-glm',
+      },
+      restored_openai: 'shell-openai',
+      restored_glm: 'shell-glm',
+    })
+  })
+
+  it('discovers MCP tools in the active profile before creating an agent', async () => {
+    const profileHome = join(tempDir, 'profiles', 'work')
+    await mkdir(profileHome, { recursive: true })
+    await writeFile(join(profileHome, 'config.yaml'), 'model:\n  default: work-model\n', 'utf-8')
+    const expectedProfileHome = await realpath(profileHome)
+
+    const result = await runBridgeProbe(`
+import importlib.util
+import json
+import os
+import sys
+import types
+
+spec = importlib.util.spec_from_file_location("hermes_bridge", os.environ["BRIDGE_PATH"])
+bridge = importlib.util.module_from_spec(spec)
+sys.modules["hermes_bridge"] = bridge
+spec.loader.exec_module(bridge)
+
+root = os.environ["TEST_HERMES_HOME"]
+os.environ["HERMES_HOME"] = root
+os.environ["HERMES_AGENT_BRIDGE_BASE_HOME"] = root
+
+events = []
+
+tools_pkg = types.ModuleType("tools")
+tools_pkg.__path__ = []
+sys.modules["tools"] = tools_pkg
+
+mcp_tool = types.ModuleType("tools.mcp_tool")
+def discover_mcp_tools():
+    events.append({"event": "discover", "home": os.environ.get("HERMES_HOME")})
+    return ["mcp_anysearch_search"]
+mcp_tool.discover_mcp_tools = discover_mcp_tools
+sys.modules["tools.mcp_tool"] = mcp_tool
+
+run_agent = types.ModuleType("run_agent")
+class FakeAgent:
+    def __init__(self, **kwargs):
+        events.append({
+            "event": "agent",
+            "home": os.environ.get("HERMES_HOME"),
+            "enabled_toolsets": kwargs.get("enabled_toolsets"),
+        })
+        self.tools = []
+run_agent.AIAgent = FakeAgent
+sys.modules["run_agent"] = run_agent
+
+class FakeDbHolder:
+    error = None
+    def get_for_profile(self, profile):
+        return None
+
+bridge._ensure_agent_imports = lambda: None
+bridge._load_cfg = lambda: {"model": {"default": "work-model"}, "agent": {}}
+bridge._resolve_runtime = lambda model, provider=None: {"provider": "fake"}
+bridge._load_enabled_toolsets = lambda: ["mcp-anysearch"]
+bridge._load_reasoning_config = lambda: None
+bridge._load_service_tier = lambda: None
+
+pool = bridge.AgentPool()
+pool._db = FakeDbHolder()
+session = pool.get_or_create("session-1", profile="work")
+
+print(json.dumps({
+    "events": events,
+    "mcp_tool_count": session.config.get("mcp_tool_count"),
+    "restored_home": os.environ.get("HERMES_HOME"),
+}))
+`)
+
+    expect(result).toEqual({
+      events: [
+        { event: 'discover', home: expectedProfileHome },
+        { event: 'agent', home: expectedProfileHome, enabled_toolsets: ['mcp-anysearch'] },
+      ],
+      mcp_tool_count: 1,
+      restored_home: tempDir,
+    })
+  })
+
+  it('handles Windows netstat output decode failures without crashing', async () => {
+    const result = await runBridgeProbe(`
+import importlib.util
+import json
+import os
+import sys
+
+spec = importlib.util.spec_from_file_location("hermes_bridge", os.environ["BRIDGE_PATH"])
+bridge = importlib.util.module_from_spec(spec)
+sys.modules["hermes_bridge"] = bridge
+spec.loader.exec_module(bridge)
+
+class EmptyStdoutResult:
+    stdout = None
+
+def fake_run_empty(*args, **kwargs):
+    return EmptyStdoutResult()
+
+class NetstatResult:
+    stdout = "  TCP    127.0.0.1:18765    0.0.0.0:0    LISTENING    4321\\r\\n"
+
+def fake_run_listener(*args, **kwargs):
+    return NetstatResult()
+
+original_name = bridge.os.name
+original_pid = bridge.os.getpid
+original_run = bridge.subprocess.run
+try:
+    bridge.os.name = "nt"
+    bridge.os.getpid = lambda: 1234
+    bridge.subprocess.run = fake_run_empty
+    empty = bridge._windows_listening_pids_on_port(18765)
+    bridge.subprocess.run = fake_run_listener
+    listener = bridge._windows_listening_pids_on_port(18765)
+finally:
+    bridge.os.name = original_name
+    bridge.os.getpid = original_pid
+    bridge.subprocess.run = original_run
+
+print(json.dumps({
+    "empty": empty,
+    "listener": listener,
+}))
+`)
+
+    expect(result).toEqual({
+      empty: [],
+      listener: [4321],
+    })
+  })
+})
diff --git a/tests/server/agent-bridge-python-concurrency.test.ts b/tests/server/agent-bridge-python-concurrency.test.ts
new file mode 100644
index 0000000..e1b90ea
--- /dev/null
+++ b/tests/server/agent-bridge-python-concurrency.test.ts
@@ -0,0 +1,765 @@
+import { execFileSync } from 'child_process'
+import { describe, it } from 'vitest'
+
+function runPython(script: string): void {
+  try {
+    execFileSync('python3', ['-c', script], {
+      cwd: process.cwd(),
+      encoding: 'utf-8',
+      stdio: 'pipe',
+    })
+  } catch (error) {
+    const err = error as { stdout?: string; stderr?: string; message?: string }
+    throw new Error([
+      err.message || 'Python bridge concurrency script failed',
+      err.stdout ? `stdout:\n${err.stdout}` : '',
+      err.stderr ? `stderr:\n${err.stderr}` : '',
+    ].filter(Boolean).join('\n\n'))
+  }
+}
+
+const harness = String.raw`
+import contextvars
+import importlib.util
+import json
+import os
+import sys
+import threading
+import time
+import types
+from pathlib import Path
+
+os.environ["HERMES_AGENT_BRIDGE_WORKER_PROFILE"] = "default"
+
+tools_pkg = types.ModuleType("tools")
+tools_pkg.__path__ = []
+sys.modules["tools"] = tools_pkg
+
+terminal_tool = types.ModuleType("tools.terminal_tool")
+terminal_tool._callback_tls = threading.local()
+
+def set_approval_callback(callback):
+    terminal_tool._callback_tls.callback = callback
+
+def _get_approval_callback():
+    return getattr(terminal_tool._callback_tls, "callback", None)
+
+terminal_tool.set_approval_callback = set_approval_callback
+terminal_tool._get_approval_callback = _get_approval_callback
+sys.modules["tools.terminal_tool"] = terminal_tool
+
+approval = types.ModuleType("tools.approval")
+approval._session_key = contextvars.ContextVar("approval_session_key", default="")
+approval._notify = {}
+approval._resolved_gateway = []
+
+def set_current_session_key(session_key):
+    return approval._session_key.set(session_key or "")
+
+def reset_current_session_key(token):
+    approval._session_key.reset(token)
+
+def get_current_session_key(default=""):
+    return approval._session_key.get() or default
+
+def register_gateway_notify(session_key, callback):
+    approval._notify[session_key] = callback
+
+def unregister_gateway_notify(session_key):
+    approval._notify.pop(session_key, None)
+
+def resolve_gateway_approval(session_key, choice):
+    approval._resolved_gateway.append((session_key, choice))
+    return 1
+
+approval.set_current_session_key = set_current_session_key
+approval.reset_current_session_key = reset_current_session_key
+approval.get_current_session_key = get_current_session_key
+approval.register_gateway_notify = register_gateway_notify
+approval.unregister_gateway_notify = unregister_gateway_notify
+approval.resolve_gateway_approval = resolve_gateway_approval
+sys.modules["tools.approval"] = approval
+
+path = Path("packages/server/src/services/hermes/agent-bridge/hermes_bridge.py")
+spec = importlib.util.spec_from_file_location("hermes_bridge", path)
+bridge = importlib.util.module_from_spec(spec)
+sys.modules[spec.name] = bridge
+spec.loader.exec_module(bridge)
+
+class FakeDb:
+    def __init__(self):
+        self.lock = threading.Lock()
+        self.messages = {}
+        self.sessions = set()
+
+    def create_session(self, session_id, **kwargs):
+        with self.lock:
+            self.sessions.add(session_id)
+            self.messages.setdefault(session_id, [])
+
+    def get_messages(self, session_id):
+        with self.lock:
+            return list(self.messages.get(session_id, []))
+
+    def append_message(self, session_id, role, content=None, **kwargs):
+        with self.lock:
+            self.messages.setdefault(session_id, []).append({
+                "role": role,
+                "content": content,
+                **kwargs,
+            })
+
+class FakeDbHolder:
+    error = None
+
+    def __init__(self, db):
+        self.db = db
+
+    def get_for_profile(self, profile):
+        return self.db
+
+def make_pool():
+    pool = bridge.AgentPool()
+    fake_db = FakeDb()
+    pool._db = FakeDbHolder(fake_db)
+    return pool, fake_db
+
+def start_manual_run(pool, session_id, agent, message=None):
+    session = bridge.AgentSession(session_id=session_id, agent=agent)
+    run_id = f"run-{session_id}"
+    record = bridge.RunRecord(run_id=run_id, session_id=session_id)
+    session.running = True
+    session.current_run_id = run_id
+    with pool._lock:
+        pool._sessions[session_id] = session
+        pool._runs[run_id] = record
+    thread = threading.Thread(
+        target=pool._run_chat,
+        args=(session, record, message or f"message:{session_id}", None, None, [], "default", False, "api_server"),
+        daemon=True,
+    )
+    thread.start()
+    return session, record, thread
+
+def wait_for(condition, timeout=20):
+    deadline = time.time() + timeout
+    while time.time() < deadline:
+        if condition():
+            return True
+        time.sleep(0.01)
+    return False
+`
+
+describe('agent bridge Python session concurrency', () => {
+  it('routes terminal/gateway approvals and stream callbacks per concurrent session', () => {
+    runPython(String.raw`
+${harness}
+
+barrier = threading.Barrier(2)
+os.environ["HERMES_EXEC_ASK"] = "preexisting-exec-ask"
+
+class FakeAgent:
+    def __init__(self, session_id):
+        self.session_id = session_id
+
+    def run_conversation(self, message, **kwargs):
+        barrier.wait(timeout=20)
+        notify = approval._notify.get(self.session_id)
+        if notify is None:
+            raise RuntimeError(f"missing gateway notify for {self.session_id}")
+        notify({
+            "command": f"gateway:{self.session_id}",
+            "description": f"gateway-desc:{self.session_id}",
+        })
+        kwargs["stream_callback"](f"delta:{self.session_id}")
+        callback = _get_approval_callback()
+        if callback is None:
+            raise RuntimeError(f"missing approval callback for {self.session_id}")
+        assert get_current_session_key("") == self.session_id
+        choice = callback(f"cmd:{self.session_id}", f"desc:{self.session_id}", allow_permanent=False)
+        return {
+            "messages": [{"role": "assistant", "content": f"done:{self.session_id}:{choice}"}],
+            "choice": choice,
+            "completed": True,
+        }
+
+pool, fake_db = make_pool()
+records = {}
+threads = []
+
+for sid in ("session-a", "session-b"):
+    _session, record, thread = start_manual_run(pool, sid, FakeAgent(sid))
+    records[sid] = record
+    threads.append(thread)
+
+terminal_approval_ids = {}
+gateway_approval_ids = {}
+def approvals_ready():
+    with pool._lock:
+        for sid, record in records.items():
+            for event in record.events:
+                if event.get("event") != "approval.requested":
+                    continue
+                command = event.get("command")
+                if command == f"cmd:{sid}":
+                    terminal_approval_ids[sid] = event["approval_id"]
+                if command == f"gateway:{sid}":
+                    gateway_approval_ids[sid] = event["approval_id"]
+    return (
+        set(terminal_approval_ids) == {"session-a", "session-b"} and
+        set(gateway_approval_ids) == {"session-a", "session-b"}
+    )
+
+if not wait_for(approvals_ready):
+    diagnostics = {
+        sid: {
+            "status": record.status,
+            "error": record.error,
+            "events": record.events,
+            "result": record.result,
+        }
+        for sid, record in records.items()
+    }
+    raise AssertionError({
+        "terminal_approval_ids": terminal_approval_ids,
+        "gateway_approval_ids": gateway_approval_ids,
+        "records": diagnostics,
+    })
+
+assert os.environ.get("HERMES_EXEC_ASK") == "1"
+assert pool._exec_ask_depth == 2
+
+pool.respond_approval(gateway_approval_ids["session-b"], "always")
+pool.respond_approval(gateway_approval_ids["session-a"], "session")
+pool.respond_approval(terminal_approval_ids["session-b"], "deny")
+pool.respond_approval(terminal_approval_ids["session-a"], "once")
+
+for thread in threads:
+    thread.join(timeout=20)
+    assert not thread.is_alive()
+
+assert records["session-a"].status == "complete"
+assert records["session-b"].status == "complete"
+assert records["session-a"].result["choice"] == "once"
+assert records["session-b"].result["choice"] == "deny"
+assert records["session-a"].deltas == ["delta:session-a"]
+assert records["session-b"].deltas == ["delta:session-b"]
+assert fake_db.get_messages("session-a")[0]["content"] == "message:session-a"
+assert fake_db.get_messages("session-b")[0]["content"] == "message:session-b"
+assert os.environ.get("HERMES_EXEC_ASK") == "preexisting-exec-ask"
+assert pool._exec_ask_depth == 0
+assert pool._approval_handlers == {}
+assert approval._notify == {}
+assert sorted(approval._resolved_gateway) == [
+    ("session-a", "session"),
+    ("session-b", "always"),
+]
+
+terminal_commands = {}
+gateway_commands = {}
+timeouts = {}
+for sid, record in records.items():
+    for event in record.events:
+        if event.get("event") != "approval.requested":
+            continue
+        command = event.get("command")
+        if command == f"cmd:{sid}":
+            terminal_commands[sid] = command
+            timeouts[sid] = event.get("timeout_ms")
+        if command == f"gateway:{sid}":
+            gateway_commands[sid] = command
+
+assert terminal_commands == {
+    "session-a": "cmd:session-a",
+    "session-b": "cmd:session-b",
+}
+assert gateway_commands == {
+    "session-a": "gateway:session-a",
+    "session-b": "gateway:session-b",
+}
+assert timeouts == {
+    "session-a": 120000,
+    "session-b": 120000,
+}
+
+same_session = bridge.AgentSession(session_id="same-session", agent=FakeAgent("same-session"))
+same_session.running = True
+pool.get_or_create = lambda *args, **kwargs: same_session
+try:
+    pool.start_chat("same-session", "second")
+    raise AssertionError("same-session concurrent run was accepted")
+except RuntimeError as exc:
+    assert "already running" in str(exc)
+
+class FakeWorker:
+    def __init__(self, destroyed, profile="default", key="default"):
+        self.running = True
+        self.destroyed = destroyed
+        self.profile = profile
+        self.key = key
+        self.requests = []
+        self.stopped = False
+
+    def request(self, req):
+        self.requests.append(req)
+        return {"ok": True, "destroyed": self.destroyed}
+
+    def stop(self):
+        self.running = False
+        self.stopped = True
+
+broker = bridge.BridgeBroker("ipc:///tmp/unused.sock")
+profile_worker = FakeWorker(2)
+broker._workers["default"] = profile_worker
+broker._run_profile["run-session-a"] = "default"
+broker._run_worker_key["run-session-a"] = "default"
+broker._running_run_profile["run-session-a"] = "default"
+broker._running_run_worker_key["run-session-a"] = "default"
+broker._session_profile["session-a"] = "default"
+broker._session_worker_key["session-a"] = "default"
+broker._approval_profile["approval-a"] = "default"
+broker._approval_worker_key["approval-a"] = "default"
+broker._compression_profile["compression-a"] = "default"
+broker._compression_worker_key["compression-a"] = "default"
+
+destroy_profile_result = broker.handle({"action": "destroy_profile", "profile": "default"})
+assert destroy_profile_result == {"profile": "default", "destroyed": 2}
+assert profile_worker.stopped
+assert "default" not in broker._workers
+assert broker._run_profile == {}
+assert broker._run_worker_key == {}
+assert broker._running_run_profile == {}
+assert broker._running_run_worker_key == {}
+assert broker._session_profile == {}
+assert broker._session_worker_key == {}
+assert broker._approval_profile == {}
+assert broker._approval_worker_key == {}
+assert broker._compression_profile == {}
+assert broker._compression_worker_key == {}
+
+worker_a = FakeWorker(1, "default", "a")
+worker_b = FakeWorker(3, "work", "b")
+broker._workers["a"] = worker_a
+broker._workers["b"] = worker_b
+broker._run_profile["run-a"] = "default"
+broker._run_worker_key["run-a"] = "a"
+broker._running_run_profile["run-a"] = "default"
+broker._running_run_worker_key["run-a"] = "a"
+broker._session_profile["session-b"] = "work"
+broker._session_worker_key["session-b"] = "b"
+
+destroy_all_result = broker.handle({"action": "destroy_all"})
+assert destroy_all_result == {"destroyed": 4}
+assert worker_a.stopped
+assert worker_b.stopped
+assert broker._workers == {}
+assert broker._run_profile == {}
+assert broker._run_worker_key == {}
+assert broker._running_run_profile == {}
+assert broker._running_run_worker_key == {}
+assert broker._session_profile == {}
+assert broker._session_worker_key == {}
+`)
+  })
+
+  it('builds broker ping metrics without calling profile workers', () => {
+    runPython(String.raw`
+${harness}
+
+class PingWorker:
+    running = True
+    pid = 12345
+    endpoint = "ipc:///tmp/worker.sock"
+    last_used_at = 12.5
+
+    def request(self, req):
+        raise AssertionError("broker ping must not forward to worker")
+
+broker = bridge.BridgeBroker("ipc:///tmp/broker.sock")
+broker._workers["default"] = PingWorker()
+broker._session_profile["session-a"] = "default"
+broker._running_run_profile["run-a"] = "default"
+
+resp = broker.handle({"action": "ping"})
+assert resp["workers"] == {"default": True}
+assert resp["worker_details"]["default"]["pid"] == 12345
+assert resp["active_sessions"] == 1
+assert resp["running_sessions"] == 1
+assert resp["sessions_by_profile"] == {"default": 1}
+assert resp["running_sessions_by_profile"] == {"default": 1}
+`)
+  })
+
+  it('routes worker-keyed broker requests without stopping the worker on session destroy', () => {
+    runPython(String.raw`
+${harness}
+
+class RoutedWorker:
+    running = True
+    pid = 12345
+    endpoint = "ipc:///tmp/worker.sock"
+    last_used_at = 12.5
+
+    def __init__(self, profile, key):
+        self.profile = profile
+        self.key = key
+        self.requests = []
+        self.stopped = False
+
+    def request(self, req, timeout=None):
+        self.requests.append(req)
+        action = req.get("action")
+        if action == "chat":
+            return {"ok": True, "run_id": "run-compress", "session_id": req["session_id"], "status": "running"}
+        if action == "get_output":
+            return {"ok": True, "run_id": req["run_id"], "session_id": "compress-temp", "status": "complete", "done": True}
+        if action == "destroy":
+            return {"ok": True, "session_id": req["session_id"], "destroyed": True}
+        raise AssertionError(f"unexpected action: {action}")
+
+    def stop(self):
+        self.stopped = True
+
+broker = bridge.BridgeBroker("ipc:///tmp/unused.sock")
+worker = RoutedWorker("default", "default:compression:session-a")
+broker._workers[worker.key] = worker
+
+chat_resp = broker.handle({
+    "action": "chat",
+    "session_id": "compress-temp",
+    "profile": "default",
+    "worker_key": worker.key,
+    "message": "summarize",
+})
+assert chat_resp["run_id"] == "run-compress"
+assert worker.requests[-1]["profile"] == "default"
+assert "worker_key" not in worker.requests[-1]
+
+broker.handle({"action": "get_output", "run_id": "run-compress"})
+assert worker.requests[-1]["action"] == "get_output"
+
+destroy_resp = broker.handle({
+    "action": "destroy",
+    "session_id": "compress-temp",
+    "profile": "default",
+    "worker_key": worker.key,
+})
+assert destroy_resp["destroyed"] is True
+assert worker.requests[-1]["action"] == "destroy"
+assert not worker.stopped
+assert worker.key in broker._workers
+assert "compress-temp" not in broker._session_profile
+assert "compress-temp" not in broker._session_worker_key
+`)
+  })
+
+  it('namespaces profile worker endpoints by broker endpoint', () => {
+    runPython(String.raw`
+${harness}
+
+prod_endpoint = bridge._worker_endpoint("default", "ipc:///tmp/hermes-agent-bridge.sock")
+preview_endpoint = bridge._worker_endpoint("default", "ipc:///tmp/hermes-web-ui-preview/agent-bridge.sock")
+assert prod_endpoint != preview_endpoint
+assert prod_endpoint == bridge._worker_endpoint("default", "ipc:///tmp/hermes-agent-bridge.sock")
+
+prod_broker = bridge.BridgeBroker("ipc:///tmp/hermes-agent-bridge.sock")
+preview_broker = bridge.BridgeBroker("ipc:///tmp/hermes-web-ui-preview/agent-bridge.sock")
+prod_worker = prod_broker._worker_for_profile("default")
+preview_worker = preview_broker._worker_for_profile("default")
+assert prod_worker.endpoint != preview_worker.endpoint
+`)
+  })
+
+  it('allows worker transport to be selected with environment variables', () => {
+    runPython(String.raw`
+${harness}
+
+os.environ.pop("HERMES_AGENT_BRIDGE_WORKER_TRANSPORT", None)
+os.environ.pop("HERMES_AGENT_BRIDGE_WORKER_PORT_BASE", None)
+
+default_endpoint = bridge._worker_endpoint("default", "ipc:///tmp/hermes-agent-bridge.sock")
+if os.name == "nt":
+    assert default_endpoint.startswith("tcp://127.0.0.1:")
+else:
+    assert default_endpoint.startswith("ipc://")
+
+os.environ["HERMES_AGENT_BRIDGE_WORKER_TRANSPORT"] = "tcp"
+os.environ["HERMES_AGENT_BRIDGE_WORKER_PORT_BASE"] = "19650"
+tcp_endpoint = bridge._worker_endpoint("default", "ipc:///tmp/hermes-agent-bridge.sock")
+assert tcp_endpoint.startswith("tcp://127.0.0.1:")
+assert int(tcp_endpoint.rsplit(":", 1)[1]) >= 19650
+assert int(tcp_endpoint.rsplit(":", 1)[1]) < 20650
+
+os.environ["HERMES_AGENT_BRIDGE_WORKER_TRANSPORT"] = "ipc"
+ipc_endpoint = bridge._worker_endpoint("default", "ipc:///tmp/hermes-agent-bridge.sock")
+assert ipc_endpoint.startswith("ipc://")
+
+os.environ.pop("HERMES_AGENT_BRIDGE_WORKER_TRANSPORT", None)
+os.environ.pop("HERMES_AGENT_BRIDGE_WORKER_PORT_BASE", None)
+`)
+  })
+
+  it('restores approval env and clears handlers when a run fails', () => {
+    runPython(String.raw`
+${harness}
+
+os.environ.pop("HERMES_EXEC_ASK", None)
+
+class FailingAgent:
+    def run_conversation(self, message, **kwargs):
+        assert os.environ.get("HERMES_EXEC_ASK") == "1"
+        assert _get_approval_callback() is not None
+        raise RuntimeError("boom")
+
+pool, fake_db = make_pool()
+session, record, thread = start_manual_run(pool, "error-session", FailingAgent())
+thread.join(timeout=20)
+assert not thread.is_alive()
+
+assert record.status == "error"
+assert "boom" in (record.error or "")
+assert session.running is False
+assert session.current_run_id is None
+assert "HERMES_EXEC_ASK" not in os.environ
+assert pool._exec_ask_depth == 0
+assert pool._exec_ask_previous is None
+assert pool._approval_handlers == {}
+assert approval._notify == {}
+assert fake_db.get_messages("error-session")[0]["content"] == "message:error-session"
+`)
+  })
+
+  it('fails closed when approval dispatch loses run thread context', () => {
+    runPython(String.raw`
+${harness}
+
+pool, _fake_db = make_pool()
+calls = []
+
+def handler(command, description, *, allow_permanent=True):
+    calls.append((command, description, allow_permanent))
+    return "once"
+
+with pool._lock:
+    pool._approval_handlers["session-a"] = handler
+
+assert pool._approval_dispatcher("cmd", "desc") == "deny"
+assert calls == []
+
+pool._run_context.session_id = "missing-session"
+assert pool._approval_dispatcher("cmd", "desc") == "deny"
+assert calls == []
+
+pool._run_context.session_id = "session-a"
+assert pool._approval_dispatcher("cmd", "desc", allow_permanent=False) == "once"
+assert calls == [("cmd", "desc", False)]
+`)
+  })
+
+  it('cleans broker workers and wires worker parent watchdog state', () => {
+    runPython(String.raw`
+${harness}
+
+class FakeWorker:
+    def __init__(self):
+        self.running = True
+        self.stopped = False
+
+    def stop(self):
+        self.running = False
+        self.stopped = True
+
+broker = bridge.BridgeBroker("ipc:///tmp/unused.sock")
+worker = FakeWorker()
+broker._workers["default"] = worker
+broker._run_profile["run-a"] = "default"
+broker._running_run_profile["run-a"] = "default"
+broker._session_profile["session-a"] = "default"
+broker._approval_profile["approval-a"] = "default"
+broker._compression_profile["compression-a"] = "default"
+
+broker.stop()
+assert broker._stop.is_set()
+assert worker.stopped
+assert broker._workers == {}
+assert broker._run_profile == {}
+assert broker._running_run_profile == {}
+assert broker._session_profile == {}
+assert broker._approval_profile == {}
+assert broker._compression_profile == {}
+
+created = {}
+
+class FakeProcess:
+    stdout = None
+    stderr = None
+
+    def poll(self):
+        return None
+
+def fake_popen(args, **kwargs):
+    created["args"] = args
+    created["env"] = kwargs["env"]
+    created["encoding"] = kwargs.get("encoding")
+    created["errors"] = kwargs.get("errors")
+    return FakeProcess()
+
+original_popen = bridge.subprocess.Popen
+original_getpid = bridge.os.getpid
+try:
+    bridge.subprocess.Popen = fake_popen
+    bridge.os.getpid = lambda: 4242
+    proc_worker = bridge.WorkerProcess("default:compression:session-a", "default", "ipc:///tmp/worker.sock", "/agent", "/home")
+    proc_worker._pipe_stderr = lambda: None
+    proc_worker._wait_ready = lambda: None
+    proc_worker.start()
+finally:
+    bridge.subprocess.Popen = original_popen
+    bridge.os.getpid = original_getpid
+
+assert created["env"]["HERMES_AGENT_BRIDGE_BROKER_PID"] == "4242"
+assert created["env"]["HERMES_AGENT_BRIDGE_WORKER_PROFILE"] == "default"
+assert created["encoding"] == "utf-8"
+assert created["errors"] == "replace"
+
+stop_event = threading.Event()
+seen_pids = []
+original_process_exists = bridge._process_exists
+try:
+    bridge._process_exists = lambda pid: seen_pids.append(pid) and False
+    bridge._start_parent_process_watchdog(12345, stop_event, "test", interval=0.01)
+    assert wait_for(stop_event.is_set, timeout=2)
+finally:
+    bridge._process_exists = original_process_exists
+
+assert seen_pids == [12345]
+`)
+  })
+
+  it('handles broker ping while another broker request is blocked', () => {
+    runPython(String.raw`
+${harness}
+
+class BlockingBroker(bridge.BridgeBroker):
+    def handle(self, req):
+        if req.get("action") == "block":
+            time.sleep(0.4)
+            return {"blocked": True}
+        return super().handle(req)
+
+class MemoryConn:
+    def __init__(self, req):
+        self.request = (json.dumps(req) + "\n").encode("utf-8")
+        self.response = b""
+        self.closed = False
+
+    def recv(self, size):
+        if not self.request:
+            return b""
+        chunk = self.request[:size]
+        self.request = self.request[size:]
+        return chunk
+
+    def sendall(self, payload):
+        self.response += payload
+
+    def close(self):
+        self.closed = True
+
+broker = BlockingBroker("ipc:///tmp/unused.sock")
+blocking_conn = MemoryConn({"action": "block"})
+thread = threading.Thread(target=broker._handle_connection, args=(blocking_conn,))
+thread.start()
+time.sleep(0.05)
+
+ping_conn = MemoryConn({"action": "ping"})
+broker._handle_connection(ping_conn)
+ping_resp = json.loads(ping_conn.response.decode("utf-8"))
+assert ping_resp["ok"] is True, ping_resp
+assert ping_resp["pong"] is True, ping_resp
+assert ping_conn.closed is True, ping_conn.closed
+
+thread.join(timeout=2)
+assert not thread.is_alive(), blocking_conn.response
+blocked_resp = json.loads(blocking_conn.response.decode("utf-8"))
+assert blocked_resp["ok"] is True, blocked_resp
+assert blocked_resp["blocked"] is True, blocked_resp
+`)
+  })
+
+  it('extends profile worker request timeout from wait requests', () => {
+    runPython(String.raw`
+${harness}
+
+broker = bridge.BridgeBroker("ipc:///tmp/unused.sock")
+assert broker._worker_request_timeout({"action": "chat"}) == bridge.WorkerProcess.REQUEST_TIMEOUT_SECONDS
+assert broker._worker_request_timeout({"action": "chat", "timeout": 60}) == bridge.WorkerProcess.REQUEST_TIMEOUT_SECONDS
+assert broker._worker_request_timeout({"action": "chat", "timeout": 300}) == 310
+
+captured = {}
+worker = bridge.WorkerProcess("default", "default", "ipc:///tmp/worker.sock", None, None)
+worker.start = lambda: None
+original_send = bridge._send_bridge_request
+try:
+    def fake_send(endpoint, req, timeout):
+        captured["endpoint"] = endpoint
+        captured["req"] = req
+        captured["timeout"] = timeout
+        return {"ok": True}
+    bridge._send_bridge_request = fake_send
+    response = worker.request({"action": "chat"}, 310)
+finally:
+    bridge._send_bridge_request = original_send
+
+assert response["ok"] is True, response
+assert captured["endpoint"] == "ipc:///tmp/worker.sock", captured
+assert captured["req"] == {"action": "chat"}, captured
+assert captured["timeout"] == 310, captured
+`)
+  })
+
+  it('awaits MCP server shutdown without holding the MCP registry lock', () => {
+    runPython(String.raw`
+${harness}
+
+import asyncio
+
+lock = threading.Lock()
+servers = {}
+events = []
+
+class FakeMcpTask:
+    async def shutdown(self):
+        events.append("shutdown-started")
+        acquired = lock.acquire(blocking=False)
+        events.append(("lock-free-during-shutdown", acquired))
+        if acquired:
+            lock.release()
+        await asyncio.sleep(0)
+        events.append("shutdown-finished")
+
+task = FakeMcpTask()
+servers["github"] = task
+
+def run_on_mcp_loop(factory, timeout=30):
+    events.append(("timeout", timeout))
+    asyncio.run(factory())
+
+result = bridge.BridgeServer._shutdown_mcp_server(
+    "github",
+    servers,
+    lock,
+    run_on_mcp_loop,
+)
+
+assert result is True, result
+assert "github" not in servers, servers
+assert events == [
+    ("timeout", 15),
+    "shutdown-started",
+    ("lock-free-during-shutdown", True),
+    "shutdown-finished",
+], events
+`)
+  })
+})
diff --git a/tests/server/auth.test.ts b/tests/server/auth.test.ts
new file mode 100644
index 0000000..e87749d
--- /dev/null
+++ b/tests/server/auth.test.ts
@@ -0,0 +1,215 @@
+import { afterAll, beforeEach, describe, expect, it, vi } from 'vitest'
+import { join } from 'path'
+
+type FsMocks = {
+  readFile: ReturnType<typeof vi.fn>
+  writeFile: ReturnType<typeof vi.fn>
+  mkdir: ReturnType<typeof vi.fn>
+}
+
+async function loadAuth(overrides: Partial<FsMocks> & { home?: string } = {}) {
+  const readFile = overrides.readFile ?? vi.fn()
+  const writeFile = overrides.writeFile ?? vi.fn()
+  const mkdir = overrides.mkdir ?? vi.fn()
+  const home = overrides.home ?? '/tmp/hermes-home'
+
+  vi.resetModules()
+  vi.doMock('fs/promises', () => ({ readFile, writeFile, mkdir }))
+  vi.doMock('os', () => ({ homedir: () => home }))
+
+  const mod = await import('../../packages/server/src/services/auth')
+  return {
+    ...mod,
+    mocks: { readFile, writeFile, mkdir },
+    appHome: join(home, '.hermes-web-ui'),
+    tokenFile: join(home, '.hermes-web-ui', '.token'),
+  }
+}
+
+function createMockCtx(path: string, headers: Record<string, string> = {}, query: Record<string, string> = {}) {
+  return {
+    path,
+    headers,
+    query,
+    status: 200,
+    body: null,
+    set: vi.fn(),
+  }
+}
+
+describe('Auth Service', () => {
+  const originalEnv = process.env
+
+  beforeEach(() => {
+    process.env = { ...originalEnv }
+    vi.clearAllMocks()
+  })
+
+  afterAll(() => {
+    process.env = originalEnv
+  })
+
+  describe('getToken', () => {
+    it('ignores legacy AUTH_DISABLED=1 and still creates an auth token', async () => {
+      process.env.AUTH_DISABLED = '1'
+      const readFile = vi.fn().mockRejectedValue(new Error('ENOENT'))
+      const writeFile = vi.fn()
+      const mkdir = vi.fn()
+      const { getToken } = await loadAuth({ readFile, writeFile, mkdir })
+
+      const token = await getToken()
+
+      expect(token).toMatch(/^[a-f0-9]{64}$/)
+      expect(writeFile).toHaveBeenCalled()
+    })
+
+    it('returns AUTH_TOKEN env var if set', async () => {
+      process.env.AUTH_TOKEN = 'my-custom-token'
+      const { getToken, mocks } = await loadAuth()
+
+      const token = await getToken()
+
+      expect(token).toBe('my-custom-token')
+      expect(mocks.readFile).not.toHaveBeenCalled()
+    })
+
+    it('reads token from file if it exists', async () => {
+      const readFile = vi.fn().mockResolvedValue('file-token\n')
+      const { getToken, tokenFile } = await loadAuth({ readFile })
+
+      const token = await getToken()
+
+      expect(token).toBe('file-token')
+      expect(readFile).toHaveBeenCalledWith(tokenFile, 'utf-8')
+    })
+
+    it('generates and saves a token if the token file is missing', async () => {
+      const readFile = vi.fn().mockRejectedValue(new Error('ENOENT'))
+      const writeFile = vi.fn()
+      const mkdir = vi.fn()
+      const { getToken, appHome, tokenFile } = await loadAuth({ readFile, writeFile, mkdir })
+
+      const token = await getToken()
+
+      const expectedWriteOptions = process.platform === 'win32' ? {} : { mode: 0o600 }
+
+      expect(token).toMatch(/^[a-f0-9]{64}$/)
+      expect(mkdir).toHaveBeenCalledWith(appHome, { recursive: true })
+      expect(writeFile).toHaveBeenCalledWith(
+        tokenFile,
+        expect.stringMatching(/^[a-f0-9]{64}\n$/),
+        expectedWriteOptions,
+      )
+    })
+  })
+
+  describe('requireAuth', () => {
+    it('skips /health', async () => {
+      const { requireAuth } = await loadAuth()
+      const middleware = requireAuth('secret')
+      const ctx = createMockCtx('/health')
+      const next = vi.fn(async () => {})
+
+      await middleware(ctx, next)
+
+      expect(next).toHaveBeenCalledOnce()
+      expect(ctx.status).toBe(200)
+    })
+
+    it('skips /webhook because it is treated as a public non-API path', async () => {
+      const { requireAuth } = await loadAuth()
+      const middleware = requireAuth('secret')
+      const ctx = createMockCtx('/webhook')
+      const next = vi.fn(async () => {})
+
+      await middleware(ctx, next)
+
+      expect(next).toHaveBeenCalledOnce()
+      expect(ctx.status).toBe(200)
+    })
+
+    it('skips non-API paths', async () => {
+      const { requireAuth } = await loadAuth()
+      const middleware = requireAuth('secret')
+      const ctx = createMockCtx('/index.html')
+      const next = vi.fn(async () => {})
+
+      await middleware(ctx, next)
+
+      expect(next).toHaveBeenCalledOnce()
+      expect(ctx.status).toBe(200)
+    })
+
+    it('requires auth for /upload', async () => {
+      const { requireAuth } = await loadAuth()
+      const middleware = requireAuth('secret')
+      const ctx = createMockCtx('/upload')
+      const next = vi.fn(async () => {})
+
+      await middleware(ctx, next)
+
+      expect(ctx.status).toBe(401)
+      expect(ctx.body).toEqual({ error: 'Unauthorized' })
+      expect(next).not.toHaveBeenCalled()
+    })
+
+    it('rejects request without auth header for protected API routes', async () => {
+      const { requireAuth } = await loadAuth()
+      const middleware = requireAuth('secret')
+      const ctx = createMockCtx('/api/hermes/sessions')
+      const next = vi.fn(async () => {})
+
+      await middleware(ctx, next)
+
+      expect(ctx.status).toBe(401)
+      expect(next).not.toHaveBeenCalled()
+    })
+
+    it('rejects request with the wrong bearer token', async () => {
+      const { requireAuth } = await loadAuth()
+      const middleware = requireAuth('secret')
+      const ctx = createMockCtx('/api/hermes/sessions', { authorization: 'Bearer wrong' })
+      const next = vi.fn(async () => {})
+
+      await middleware(ctx, next)
+
+      expect(ctx.status).toBe(401)
+      expect(next).not.toHaveBeenCalled()
+    })
+
+    it('allows request with the correct bearer token', async () => {
+      const { requireAuth } = await loadAuth()
+      const middleware = requireAuth('secret')
+      const ctx = createMockCtx('/api/hermes/sessions', { authorization: 'Bearer secret' })
+      const next = vi.fn(async () => {})
+
+      await middleware(ctx, next)
+
+      expect(next).toHaveBeenCalledOnce()
+    })
+
+    it('allows request with the correct query token', async () => {
+      const { requireAuth } = await loadAuth()
+      const middleware = requireAuth('secret')
+      const ctx = createMockCtx('/api/hermes/sessions', {}, { token: 'secret' })
+      const next = vi.fn(async () => {})
+
+      await middleware(ctx, next)
+
+      expect(next).toHaveBeenCalledOnce()
+    })
+
+    it('returns 401 JSON on auth failure', async () => {
+      const { requireAuth } = await loadAuth()
+      const middleware = requireAuth('secret')
+      const ctx = createMockCtx('/api/hermes/sessions', { authorization: 'Bearer wrong' })
+      const next = vi.fn(async () => {})
+
+      await middleware(ctx, next)
+
+      expect(ctx.status).toBe(401)
+      expect(ctx.set).toHaveBeenCalledWith('Content-Type', 'application/json')
+      expect(ctx.body).toEqual({ error: 'Unauthorized' })
+    })
+  })
+})
diff --git a/tests/server/bridge-mcp-action.test.ts b/tests/server/bridge-mcp-action.test.ts
new file mode 100644
index 0000000..4eb9b30
--- /dev/null
+++ b/tests/server/bridge-mcp-action.test.ts
@@ -0,0 +1,56 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+// ── Mocks ──────────────────────────────────────────────────
+const mcpToolsMock = vi.fn()
+
+vi.mock('../../packages/server/src/services/hermes/agent-bridge/client', () => ({
+  AgentBridgeClient: vi.fn().mockImplementation(() => ({
+    mcpTools: mcpToolsMock,
+  })),
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+}))
+
+// ── Tests ──────────────────────────────────────────────────
+describe('bridgeMcpAction - mcp_tools_list', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('passes server and profile to client.mcpTools', async () => {
+    mcpToolsMock.mockResolvedValue({ ok: true, results: [] })
+    const { bridgeMcpAction } = await import('../../packages/server/src/services/hermes/mcp')
+    await bridgeMcpAction('mcp_tools_list', { server: 'github' }, 'test-profile')
+    expect(mcpToolsMock).toHaveBeenCalledWith('github', 'test-profile', undefined)
+  })
+
+  it('passes raw=true to client.mcpTools', async () => {
+    mcpToolsMock.mockResolvedValue({ ok: true, results: [] })
+    const { bridgeMcpAction } = await import('../../packages/server/src/services/hermes/mcp')
+    await bridgeMcpAction('mcp_tools_list', { server: 'github', raw: true }, 'test-profile')
+    expect(mcpToolsMock).toHaveBeenCalledWith('github', 'test-profile', true)
+  })
+
+  it('passes raw=false to client.mcpTools', async () => {
+    mcpToolsMock.mockResolvedValue({ ok: true, results: [] })
+    const { bridgeMcpAction } = await import('../../packages/server/src/services/hermes/mcp')
+    await bridgeMcpAction('mcp_tools_list', { server: 'github', raw: false }, 'test-profile')
+    expect(mcpToolsMock).toHaveBeenCalledWith('github', 'test-profile', false)
+  })
+
+  it('passes undefined server when not provided', async () => {
+    mcpToolsMock.mockResolvedValue({ ok: true, results: [] })
+    const { bridgeMcpAction } = await import('../../packages/server/src/services/hermes/mcp')
+    await bridgeMcpAction('mcp_tools_list', {}, 'test-profile')
+    expect(mcpToolsMock).toHaveBeenCalledWith(undefined, 'test-profile', undefined)
+  })
+
+  it('passes undefined profile when not provided', async () => {
+    mcpToolsMock.mockResolvedValue({ ok: true, results: [] })
+    const { bridgeMcpAction } = await import('../../packages/server/src/services/hermes/mcp')
+    await bridgeMcpAction('mcp_tools_list', { server: 'github' })
+    expect(mcpToolsMock).toHaveBeenCalledWith('github', undefined, undefined)
+  })
+})
diff --git a/tests/server/chat-run-message-flush.test.ts b/tests/server/chat-run-message-flush.test.ts
new file mode 100644
index 0000000..bee06c3
--- /dev/null
+++ b/tests/server/chat-run-message-flush.test.ts
@@ -0,0 +1,315 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+// Mock DB module before importing
+const addMessageMock = vi.fn()
+vi.mock('../../packages/server/src/db/hermes/session-store', () => ({
+  addMessage: addMessageMock,
+  getSession: vi.fn(),
+  getSessionDetail: vi.fn(),
+  getSessionDetailPaginated: vi.fn(),
+  createSession: vi.fn(),
+  updateSessionStats: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: { info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() },
+}))
+
+vi.mock('../../packages/server/src/lib/context-compressor', () => ({
+  ChatContextCompressor: class {},
+  countTokens: vi.fn(() => 1),
+  SUMMARY_PREFIX: '[Summary] ',
+}))
+
+vi.mock('../../packages/server/src/db/hermes/compression-snapshot', () => ({
+  getCompressionSnapshot: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/lib/llm-json', () => ({
+  parseLLMJSON: vi.fn(),
+  parseToolArguments: vi.fn(),
+  parseAnthropicContentArray: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/lib/llm-prompt', () => ({
+  getSystemPrompt: vi.fn(() => ''),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/usage-store', () => ({
+  updateUsage: vi.fn(),
+}))
+
+// --- Types mirroring run-chat response flushing ---
+
+interface SessionMessage {
+  id: number | string
+  session_id: string
+  role: string
+  content: string
+  runMarker?: string
+  tool_call_id?: string | null
+  tool_calls?: any[] | null
+  tool_name?: string | null
+  timestamp: number
+  finish_reason?: string | null
+}
+
+interface ResponseRunState {
+  runMarker?: string
+  responseId?: string
+  insertedKeys: Set<string>
+  toolCalls: Map<string, any>
+}
+
+interface SessionState {
+  messages: SessionMessage[]
+  isWorking: boolean
+  events: Array<{ event: string; data: any }>
+  queue: any[]
+  responseRun?: ResponseRunState
+}
+
+function createSessionState(): SessionState {
+  return { messages: [], isWorking: false, events: [], queue: [] }
+}
+
+function createRun(runMarker: string): ResponseRunState {
+  return { runMarker, insertedKeys: new Set<string>(), toolCalls: new Map<string, any>() }
+}
+
+// --- Simulated event handlers (mirroring actual implementation) ---
+
+function applyDelta(state: SessionState, sessionId: string, runMarker: string, deltaText: string) {
+  const last = [...state.messages].reverse().find(m => m.runMarker === runMarker)
+  if (last?.role === 'assistant' && last.finish_reason == null && !last.tool_calls?.length) {
+    last.content += deltaText
+  } else {
+    state.messages.push({
+      id: state.messages.length + 1,
+      session_id: sessionId,
+      runMarker,
+      role: 'assistant',
+      content: deltaText,
+      timestamp: Date.now(),
+    })
+  }
+}
+
+function applyTextDone(state: SessionState, runMarker: string) {
+  const last = [...state.messages].reverse().find(m => m.runMarker === runMarker)
+  if (last?.role === 'assistant' && last.finish_reason == null) {
+    last.finish_reason = 'stop'
+  }
+}
+
+function applyToolCall(state: SessionState, sessionId: string, runMarker: string, callId: string, name: string, args: string) {
+  const run = state.responseRun!
+  const key = `assistant:${callId}`
+  if (!run.insertedKeys.has(key)) {
+    run.insertedKeys.add(key)
+    const toolCall = { id: callId, type: 'function', function: { name, arguments: args } }
+    run.toolCalls.set(callId, toolCall)
+    state.messages.push({
+      id: state.messages.length + 1,
+      session_id: sessionId,
+      runMarker,
+      role: 'assistant',
+      content: '',
+      tool_calls: [toolCall],
+      finish_reason: 'tool_calls',
+      timestamp: Date.now(),
+    })
+  }
+}
+
+function applyToolOutput(state: SessionState, sessionId: string, runMarker: string, callId: string, output: string) {
+  const run = state.responseRun!
+  const key = `tool:${callId}`
+  if (!run.insertedKeys.has(key)) {
+    run.insertedKeys.add(key)
+    const toolName = run.toolCalls.get(callId)?.function?.name || null
+    state.messages.push({
+      id: state.messages.length + 1,
+      session_id: sessionId,
+      runMarker,
+      role: 'tool',
+      content: output,
+      tool_call_id: callId,
+      tool_name: toolName,
+      timestamp: Date.now(),
+    })
+  }
+}
+
+/** Mirrors flushResponseRunToDb — writes all non-user messages for this run to DB. */
+function flushResponseRunToDb(state: SessionState, sessionId: string) {
+  const run = state.responseRun
+  if (!run?.runMarker) return
+  for (const msg of state.messages) {
+    if (msg.runMarker !== run.runMarker) continue
+    if (msg.role === 'user') continue
+    addMessageMock({
+      session_id: sessionId,
+      role: msg.role,
+      content: msg.content || '',
+      tool_call_id: msg.tool_call_id ?? null,
+      tool_calls: msg.tool_calls ?? null,
+      tool_name: msg.tool_name ?? null,
+      finish_reason: msg.finish_reason ?? null,
+      timestamp: msg.timestamp,
+    })
+  }
+}
+
+const SID = 'test-session'
+const MARKER = 'resp_run_abc123'
+
+describe('chat-run message flush', () => {
+  beforeEach(() => {
+    addMessageMock.mockClear()
+  })
+
+  it('flushes simple text response to DB on normal completion', () => {
+    const state = createSessionState()
+    state.responseRun = createRun(MARKER)
+
+    state.messages.push({ id: 1, session_id: SID, runMarker: MARKER, role: 'user', content: 'hello', timestamp: 100 })
+    applyDelta(state, SID, MARKER, 'Hello! ')
+    applyDelta(state, SID, MARKER, 'How can I help?')
+    applyTextDone(state, MARKER)
+
+    flushResponseRunToDb(state, SID)
+
+    expect(addMessageMock).toHaveBeenCalledTimes(1)
+    expect(addMessageMock).toHaveBeenCalledWith(expect.objectContaining({
+      session_id: SID,
+      role: 'assistant',
+      content: 'Hello! How can I help?',
+      finish_reason: 'stop',
+    }))
+  })
+
+  it('flushes tool calls with correct interleaved order', () => {
+    const state = createSessionState()
+    state.responseRun = createRun(MARKER)
+
+    state.messages.push({ id: 1, session_id: SID, runMarker: MARKER, role: 'user', content: 'search baidu', timestamp: 100 })
+    applyDelta(state, SID, MARKER, 'Let me search.')
+    applyTextDone(state, MARKER)
+    applyToolCall(state, SID, MARKER, 'call_1', 'terminal', '{"cmd":"opencli web read baidu"}')
+    applyToolOutput(state, SID, MARKER, 'call_1', '{"output": "百度热搜..."}')
+    applyDelta(state, SID, MARKER, 'Here are the results:')
+    applyTextDone(state, MARKER)
+
+    flushResponseRunToDb(state, SID)
+
+    expect(addMessageMock).toHaveBeenCalledTimes(4)
+    const calls = addMessageMock.mock.calls.map(c => ({ role: c[0].role, hasToolCalls: !!c[0].tool_calls?.length }))
+    expect(calls).toEqual([
+      { role: 'assistant', hasToolCalls: false },
+      { role: 'assistant', hasToolCalls: true },
+      { role: 'tool', hasToolCalls: false },
+      { role: 'assistant', hasToolCalls: false },
+    ])
+  })
+
+  it('flushes partial messages on abort (no output_text.done)', () => {
+    const state = createSessionState()
+    state.responseRun = createRun(MARKER)
+
+    state.messages.push({ id: 1, session_id: SID, runMarker: MARKER, role: 'user', content: 'hello', timestamp: 100 })
+    applyDelta(state, SID, MARKER, 'Let me ')
+    applyDelta(state, SID, MARKER, 'search...')
+
+    flushResponseRunToDb(state, SID)
+
+    expect(addMessageMock).toHaveBeenCalledTimes(1)
+    expect(addMessageMock).toHaveBeenCalledWith(expect.objectContaining({
+      role: 'assistant',
+      content: 'Let me search...',
+    }))
+  })
+
+  it('does not write user messages (already written by handleRun)', () => {
+    const state = createSessionState()
+    state.responseRun = createRun(MARKER)
+
+    state.messages.push({ id: 1, session_id: SID, runMarker: MARKER, role: 'user', content: 'user msg', timestamp: 100 })
+    state.messages.push({ id: 2, session_id: SID, runMarker: MARKER, role: 'assistant', content: 'reply', timestamp: 101, finish_reason: 'stop' })
+
+    flushResponseRunToDb(state, SID)
+
+    expect(addMessageMock).toHaveBeenCalledTimes(1)
+    expect(addMessageMock).not.toHaveBeenCalledWith(expect.objectContaining({ role: 'user' }))
+  })
+
+  it('does not merge separate assistant messages around tool calls', () => {
+    const state = createSessionState()
+    state.responseRun = createRun(MARKER)
+
+    applyDelta(state, SID, MARKER, 'Text before tool.')
+    applyTextDone(state, MARKER)
+    applyToolCall(state, SID, MARKER, 'call_1', 'search', '{"q":"test"}')
+    applyToolOutput(state, SID, MARKER, 'call_1', 'search results')
+    applyDelta(state, SID, MARKER, 'Text after tool.')
+    applyTextDone(state, MARKER)
+
+    flushResponseRunToDb(state, SID)
+
+    const assistantTextCalls = addMessageMock.mock.calls
+      .filter(c => c[0].role === 'assistant' && !c[0].tool_calls?.length)
+
+    expect(assistantTextCalls).toHaveLength(2)
+    expect(assistantTextCalls[0][0].content).toBe('Text before tool.')
+    expect(assistantTextCalls[1][0].content).toBe('Text after tool.')
+  })
+
+  it('handles text → tool → text without output_text.done between them', () => {
+    // Scenario: only one output_text.done at the very end, not between blocks
+    const state = createSessionState()
+    state.responseRun = createRun(MARKER)
+
+    // First text block via deltas, NO output_text.done yet
+    applyDelta(state, SID, MARKER, '没卡，刚搜完。')
+    applyToolCall(state, SID, MARKER, 'call_1', 'browser', '{"url":"..."}')
+    applyToolOutput(state, SID, MARKER, 'call_1', '')
+    // Second text block via deltas
+    applyDelta(state, SID, MARKER, '搜到了！详情如下：')
+    // Now output_text.done fires — only marks finish_reason, does NOT overwrite
+    applyTextDone(state, MARKER)
+
+    flushResponseRunToDb(state, SID)
+
+    const assistantTextCalls = addMessageMock.mock.calls
+      .filter(c => c[0].role === 'assistant' && !c[0].tool_calls?.length)
+
+    // Must have 2 separate text messages, NOT merged
+    expect(assistantTextCalls).toHaveLength(2)
+    expect(assistantTextCalls[0][0].content).toBe('没卡，刚搜完。')
+    expect(assistantTextCalls[1][0].content).toBe('搜到了！详情如下：')
+  })
+
+  it('multiple tool calls with text between them stay separated', () => {
+    const state = createSessionState()
+    state.responseRun = createRun(MARKER)
+
+    applyDelta(state, SID, MARKER, 'Text A.')
+    applyTextDone(state, MARKER)
+    applyToolCall(state, SID, MARKER, 'call_1', 'search', '{}')
+    applyToolOutput(state, SID, MARKER, 'call_1', 'result1')
+    applyDelta(state, SID, MARKER, 'Text B.')
+    applyTextDone(state, MARKER)
+    applyToolCall(state, SID, MARKER, 'call_2', 'search', '{}')
+    applyToolOutput(state, SID, MARKER, 'call_2', 'result2')
+    applyDelta(state, SID, MARKER, 'Text C.')
+    applyTextDone(state, MARKER)
+
+    flushResponseRunToDb(state, SID)
+
+    const textCalls = addMessageMock.mock.calls
+      .filter(c => c[0].role === 'assistant' && !c[0].tool_calls?.length)
+      .map(c => c[0].content)
+
+    expect(textCalls).toEqual(['Text A.', 'Text B.', 'Text C.'])
+  })
+})
diff --git a/tests/server/cli-port-detection.test.ts b/tests/server/cli-port-detection.test.ts
new file mode 100644
index 0000000..f6c9a50
--- /dev/null
+++ b/tests/server/cli-port-detection.test.ts
@@ -0,0 +1,180 @@
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import { existsSync, mkdtempSync, rmSync, writeFileSync } from 'fs'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { scryptSync, timingSafeEqual } from 'crypto'
+import { DatabaseSync } from 'node:sqlite'
+
+type ChildProcessMocks = {
+  execFileSync: ReturnType<typeof vi.fn>
+  execSync: ReturnType<typeof vi.fn>
+  spawn: ReturnType<typeof vi.fn>
+}
+
+async function loadCli(overrides: Partial<ChildProcessMocks> = {}) {
+  const execFileSync = overrides.execFileSync ?? vi.fn()
+  const execSync = overrides.execSync ?? vi.fn()
+  const spawn = overrides.spawn ?? vi.fn()
+
+  vi.resetModules()
+  vi.doMock('child_process', () => ({ execFileSync, execSync, spawn }))
+
+  const mod = await import('../../bin/hermes-web-ui.mjs')
+  return {
+    ...mod,
+    mocks: { execFileSync, execSync, spawn },
+  }
+}
+
+function verifyPassword(password: string, passwordHash: string): boolean {
+  const [scheme, salt, expectedHex] = passwordHash.split(':')
+  if (scheme !== 'scrypt' || !salt || !expectedHex) return false
+  const expected = Buffer.from(expectedHex, 'hex')
+  const actual = scryptSync(password, salt, expected.length)
+  return actual.length === expected.length && timingSafeEqual(actual, expected)
+}
+
+describe('CLI port detection', () => {
+  const originalPlatform = Object.getOwnPropertyDescriptor(process, 'platform')
+  const originalEnv = { ...process.env }
+
+  afterEach(() => {
+    process.env = { ...originalEnv }
+    vi.doUnmock('child_process')
+    if (originalPlatform) {
+      Object.defineProperty(process, 'platform', originalPlatform)
+    }
+  })
+
+  it('falls back to lsof without executing ss when ss is unavailable', async () => {
+    Object.defineProperty(process, 'platform', { value: 'darwin' })
+
+    const execFileSync = vi.fn((command: string, args: string[]) => {
+      if (command === 'sh' && args.at(-1) === 'ss') {
+        throw new Error('not found')
+      }
+      if (command === 'sh' && args.at(-1) === 'lsof') {
+        return ''
+      }
+      if (command === 'lsof') {
+        return '1234\n1234\n'
+      }
+      throw new Error(`unexpected command: ${command}`)
+    })
+    const { getListeningPids, mocks } = await loadCli({ execFileSync })
+
+    expect(getListeningPids(8648)).toEqual([1234])
+    expect(mocks.execFileSync).not.toHaveBeenCalledWith(
+      'ss',
+      expect.any(Array),
+      expect.any(Object),
+    )
+    expect(mocks.execFileSync).toHaveBeenCalledWith(
+      'lsof',
+      ['-tiTCP:8648', '-sTCP:LISTEN'],
+      expect.objectContaining({ encoding: 'utf-8' }),
+    )
+  })
+
+  it('uses ss first when available', async () => {
+    Object.defineProperty(process, 'platform', { value: 'linux' })
+
+    const execFileSync = vi.fn((command: string, args: string[]) => {
+      if (command === 'sh' && args.at(-1) === 'ss') {
+        return ''
+      }
+      if (command === 'ss') {
+        return 'LISTEN 0 511 0.0.0.0:8648 0.0.0.0:* users:(("node",pid=4321,fd=20))\n'
+      }
+      throw new Error(`unexpected command: ${command}`)
+    })
+    const { getListeningPids } = await loadCli({ execFileSync })
+
+    expect(getListeningPids(8648)).toEqual([4321])
+  })
+
+  it('parses Linux netstat listener output as a final fallback', async () => {
+    const { parseUnixNetstatListeningPids } = await loadCli()
+
+    expect(parseUnixNetstatListeningPids(
+      [
+        'tcp        0      0 0.0.0.0:8648            0.0.0.0:*               LISTEN      2468/node',
+        'tcp        0      0 0.0.0.0:5173            0.0.0.0:*               LISTEN      1357/node',
+      ].join('\n'),
+      8648,
+    )).toEqual([2468])
+  })
+
+  it('clears the login lock file from the configured Web UI home', async () => {
+    const home = mkdtempSync(join(tmpdir(), 'hermes-web-ui-cli-locks-'))
+    process.env.HERMES_WEB_UI_HOME = home
+    const lockFile = join(home, '.login-lock.json')
+    writeFileSync(lockFile, '{"passwordIpMap":{}}\n')
+
+    try {
+      const { clearLoginLocks } = await loadCli()
+      const result = clearLoginLocks({ silent: true, checkRunning: false })
+
+      expect(result).toEqual({ path: lockFile, removed: true, serverRunning: false })
+      expect(existsSync(lockFile)).toBe(false)
+
+      const second = clearLoginLocks({ silent: true, checkRunning: false })
+      expect(second).toEqual({ path: lockFile, removed: false, serverRunning: false })
+    } finally {
+      rmSync(home, { recursive: true, force: true })
+    }
+  })
+
+  it('cleans a stale server PID file during stop', async () => {
+    const home = mkdtempSync(join(tmpdir(), 'hermes-web-ui-cli-stale-pid-'))
+    process.env.HERMES_WEB_UI_HOME = home
+    const pidFile = join(home, 'server.pid')
+    writeFileSync(pidFile, '999999999\n')
+
+    try {
+      const { stopDaemon } = await loadCli()
+      stopDaemon()
+
+      expect(existsSync(pidFile)).toBe(false)
+    } finally {
+      rmSync(home, { recursive: true, force: true })
+    }
+  })
+
+  it('resets an existing admin user to the default password', async () => {
+    const home = mkdtempSync(join(tmpdir(), 'hermes-web-ui-cli-default-login-'))
+    process.env.HERMES_WEB_UI_HOME = home
+    const dbPath = join(home, 'hermes-web-ui.db')
+
+    try {
+      const { resetDefaultLogin } = await loadCli()
+      const created = await resetDefaultLogin({ silent: true })
+      expect(created.action).toBe('created')
+
+      const db = new DatabaseSync(dbPath)
+      try {
+        const initial = db.prepare('SELECT id, username, password_hash FROM users WHERE username = ?').get('admin') as any
+        expect(verifyPassword('123456', initial.password_hash)).toBe(true)
+        db.prepare('UPDATE users SET password_hash = ? WHERE username = ?').run('scrypt:bad:bad', 'admin')
+      } finally {
+        db.close()
+      }
+
+      const updated = await resetDefaultLogin({ silent: true })
+      expect(updated.action).toBe('updated')
+
+      const verifyDb = new DatabaseSync(dbPath)
+      try {
+        const rows = verifyDb.prepare('SELECT id, username, password_hash, role, status FROM users WHERE username = ?').all('admin') as any[]
+        expect(rows).toHaveLength(1)
+        expect(verifyPassword('123456', rows[0].password_hash)).toBe(true)
+        expect(rows[0].role).toBe('super_admin')
+        expect(rows[0].status).toBe('active')
+      } finally {
+        verifyDb.close()
+      }
+    } finally {
+      rmSync(home, { recursive: true, force: true })
+    }
+  })
+})
diff --git a/tests/server/codex-credential-pool-auth.test.ts b/tests/server/codex-credential-pool-auth.test.ts
new file mode 100644
index 0000000..dfd4e1f
--- /dev/null
+++ b/tests/server/codex-credential-pool-auth.test.ts
@@ -0,0 +1,162 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { existsSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+
+let hermesHome = ''
+
+function writeHermesFile(path: string, content: string) {
+  mkdirSync(hermesHome, { recursive: true })
+  writeFileSync(join(hermesHome, path), content)
+}
+
+function writeConfigYaml(content: string) {
+  writeHermesFile('config.yaml', content)
+}
+
+function writeEnv(content = '') {
+  writeHermesFile('.env', content)
+}
+
+function writeAuthJson(auth: Record<string, unknown>, path = 'auth.json') {
+  writeHermesFile(path, JSON.stringify(auth, null, 2))
+}
+
+function readAuthJson(path = 'auth.json') {
+  return JSON.parse(readFileSync(join(hermesHome, path), 'utf-8'))
+}
+
+function makeCtx(profile?: string): any {
+  return {
+    params: {},
+    query: {},
+    request: { body: {} },
+    state: profile ? { profile: { name: profile } } : {},
+    get: () => '',
+    body: undefined,
+    status: 200,
+  }
+}
+
+async function loadModelsController() {
+  vi.resetModules()
+  vi.doMock('../../packages/server/src/services/app-config', () => ({
+    readAppConfig: vi.fn().mockResolvedValue({}),
+  }))
+  vi.doMock('../../packages/server/src/services/hermes/copilot-models', () => ({
+    getCopilotModelsDetailed: vi.fn().mockResolvedValue([]),
+    resolveCopilotOAuthToken: vi.fn().mockResolvedValue(''),
+  }))
+  return import('../../packages/server/src/controllers/hermes/models')
+}
+
+async function loadCodexAuthController() {
+  vi.resetModules()
+  vi.doMock('../../packages/server/src/services/logger', () => ({
+    logger: { info: vi.fn(), error: vi.fn(), warn: vi.fn() },
+  }))
+  return import('../../packages/server/src/controllers/hermes/codex-auth')
+}
+
+describe('OpenAI Codex credential pool auth compatibility', () => {
+  beforeEach(() => {
+    hermesHome = mkdtempSync(join(tmpdir(), 'hwui-codex-pool-'))
+    process.env.HERMES_HOME = hermesHome
+    process.env.CODEX_HOME = join(hermesHome, 'codex-home')
+    writeConfigYaml('model:\n  default: gpt-5.5\n  provider: openai-codex\n')
+    writeEnv('')
+  })
+
+  afterEach(() => {
+    vi.doUnmock('../../packages/server/src/services/app-config')
+    vi.doUnmock('../../packages/server/src/services/hermes/copilot-models')
+    vi.doUnmock('../../packages/server/src/services/logger')
+    delete process.env.HERMES_HOME
+    delete process.env.CODEX_HOME
+    if (hermesHome) rmSync(hermesHome, { recursive: true, force: true })
+    hermesHome = ''
+  })
+
+  it('lists OpenAI Codex models when auth.json only has credential_pool entries', async () => {
+    writeAuthJson({
+      version: 1,
+      providers: {},
+      active_provider: 'openai-codex',
+      credential_pool: {
+        'openai-codex': [
+          { id: 'main', auth_type: 'oauth', access_token: 'access-token-from-pool', refresh_token: 'refresh-token-from-pool' },
+        ],
+      },
+    })
+
+    const { getAvailable } = await loadModelsController()
+    const ctx = makeCtx()
+
+    await getAvailable(ctx)
+
+    expect(ctx.body.default).toBe('gpt-5.5')
+    expect(ctx.body.default_provider).toBe('openai-codex')
+    expect(ctx.body.groups).toEqual(
+      expect.arrayContaining([
+        expect.objectContaining({
+          provider: 'openai-codex',
+          label: 'OpenAI Codex',
+          models: expect.arrayContaining(['gpt-5.5', 'gpt-5.4-mini']),
+        }),
+      ]),
+    )
+  })
+
+  it('reports Codex authenticated from credential_pool without requiring legacy providers tokens', async () => {
+    writeAuthJson({
+      version: 1,
+      providers: {},
+      active_provider: 'openai-codex',
+      credential_pool: {
+        'openai-codex': [
+          { id: 'main', auth_type: 'oauth', access_token: 'non-jwt-access-token', refresh_token: 'refresh-token-from-pool', last_refresh: '2026-05-10T00:00:00.000Z' },
+        ],
+      },
+    })
+
+    const { status } = await loadCodexAuthController()
+    const ctx = makeCtx()
+
+    await status(ctx)
+
+    expect(ctx.body).toEqual({ authenticated: true, last_refresh: '2026-05-10T00:00:00.000Z' })
+  })
+
+  it('reports Codex status from the request-scoped profile', async () => {
+    mkdirSync(join(hermesHome, 'profiles', 'research'), { recursive: true })
+    writeAuthJson({ version: 1, providers: {}, credential_pool: {} })
+    writeAuthJson({
+      version: 1,
+      providers: {},
+      credential_pool: {
+        'openai-codex': [
+          { access_token: 'research-token', refresh_token: 'research-refresh', last_refresh: '2026-06-02T00:00:00.000Z' },
+        ],
+      },
+    }, 'profiles/research/auth.json')
+
+    const { status } = await loadCodexAuthController()
+    const ctx = makeCtx('research')
+
+    await status(ctx)
+
+    expect(ctx.body).toEqual({ authenticated: true, last_refresh: '2026-06-02T00:00:00.000Z' })
+  })
+
+  it('persists Codex OAuth credentials in the request-scoped profile only', async () => {
+    mkdirSync(join(hermesHome, 'profiles', 'research'), { recursive: true })
+
+    const { saveCodexOAuthTokensForProfile } = await loadCodexAuthController()
+    saveCodexOAuthTokensForProfile('research', 'research-access-token', 'research-refresh-token')
+
+    expect(existsSync(join(hermesHome, 'auth.json'))).toBe(false)
+    const auth = readAuthJson('profiles/research/auth.json')
+    expect(auth.providers['openai-codex'].tokens.access_token).toBe('research-access-token')
+    expect(auth.credential_pool['openai-codex'][0].access_token).toBe('research-access-token')
+  })
+})
diff --git a/tests/server/coding-agents-launch.test.ts b/tests/server/coding-agents-launch.test.ts
new file mode 100644
index 0000000..127b54b
--- /dev/null
+++ b/tests/server/coding-agents-launch.test.ts
@@ -0,0 +1,680 @@
+import { mkdtempSync, readFileSync, rmSync } from 'fs'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import { claudeProxyMessages, claudeProxyModels, registerClaudeCodeProxyTarget } from '../../packages/server/src/services/claude-code-proxy'
+import { codexProxyModels, codexProxyResponses, registerCodexProxyTarget } from '../../packages/server/src/services/codex-proxy'
+import { prepareCodingAgentLaunch } from '../../packages/server/src/services/coding-agents'
+
+const homes: string[] = []
+
+function makeHome() {
+  const home = mkdtempSync(join(tmpdir(), 'hermes-coding-agent-launch-'))
+  homes.push(home)
+  process.env.HERMES_WEB_UI_HOME = home
+  return home
+}
+
+afterEach(() => {
+  delete process.env.HERMES_WEB_UI_HOME
+  vi.unstubAllGlobals()
+  for (const home of homes.splice(0)) rmSync(home, { recursive: true, force: true })
+})
+
+function makeProxyContext(routeKey: string, token: string, body: any): any {
+  return {
+    params: { key: routeKey },
+    request: { body },
+    responseHeaders: {} as Record<string, string>,
+    get(name: string) {
+      if (name.toLowerCase() === 'authorization') return `Bearer ${token}`
+      return ''
+    },
+    set(name: string, value: string) {
+      this.responseHeaders[name] = value
+    },
+  }
+}
+
+describe('coding agent launch preparation', () => {
+  it('launches Claude Code with the global config when requested', async () => {
+    const home = makeHome()
+
+    const result = await prepareCodingAgentLaunch('claude-code', {
+      mode: 'global',
+      profile: 'default',
+    })
+
+    expect(result).toMatchObject({
+      agentId: 'claude-code',
+      mode: 'global',
+      profile: 'default',
+      provider: 'global',
+      model: '',
+      rootDir: join(home, 'coding-agent', 'workspace', 'default', 'global'),
+      workspaceDir: join(home, 'coding-agent', 'workspace', 'default', 'global'),
+      command: 'claude',
+      args: [],
+      env: {},
+      shellCommand: `cd ${join(home, 'coding-agent', 'workspace', 'default', 'global')} && claude`,
+      files: [],
+    })
+  })
+
+  it('launches Codex with the global config when requested', async () => {
+    const home = makeHome()
+
+    const result = await prepareCodingAgentLaunch('codex', {
+      mode: 'global',
+      profile: 'default',
+    })
+
+    expect(result).toMatchObject({
+      agentId: 'codex',
+      mode: 'global',
+      profile: 'default',
+      provider: 'global',
+      model: '',
+      rootDir: join(home, 'coding-agent', 'workspace', 'default', 'global'),
+      workspaceDir: join(home, 'coding-agent', 'workspace', 'default', 'global'),
+      command: 'codex',
+      args: [],
+      env: {},
+      shellCommand: `cd ${join(home, 'coding-agent', 'workspace', 'default', 'global')} && codex`,
+      files: [],
+    })
+  })
+
+  it('launches Claude Code with scoped settings instead of a CLI --model override', async () => {
+    const home = makeHome()
+
+    const result = await prepareCodingAgentLaunch('claude-code', {
+      profile: 'default',
+      provider: 'openrouter',
+      model: 'cognitivecomputations/dolphin-mistral-24b-venice-edition:free',
+      baseUrl: 'https://openrouter.ai/api/v1',
+      apiKey: 'sk-test',
+    })
+
+    expect(result.rootDir).toBe(join(home, 'coding-agent', 'model', 'default', 'openrouter', 'claude-code'))
+    expect(result.workspaceDir).toBe(join(home, 'coding-agent', 'workspace', 'default', 'openrouter'))
+    expect(result.args).toEqual([
+      '--settings',
+      join(result.rootDir, 'settings.json'),
+      '--mcp-config',
+      join(result.rootDir, 'mcp.json'),
+    ])
+    expect(result.shellCommand).toContain(`cd ${join(home, 'coding-agent', 'workspace', 'default', 'openrouter')} && claude`)
+    expect(result.shellCommand).not.toContain('--model')
+
+    const settings = JSON.parse(readFileSync(join(result.rootDir, 'settings.json'), 'utf-8'))
+    expect(settings.model).toBe('cognitivecomputations/dolphin-mistral-24b-venice-edition:free')
+    expect(settings.env.ANTHROPIC_API_KEY).toMatch(/^hwui_/)
+    expect(settings.env.ANTHROPIC_BASE_URL).toMatch(/^http:\/\/127\.0\.0\.1:\d+\/api\/claude-code-proxy\/.+$/)
+    expect(settings.env).toMatchObject({
+      ANTHROPIC_MODEL: 'cognitivecomputations/dolphin-mistral-24b-venice-edition:free',
+      ANTHROPIC_CUSTOM_MODEL_OPTION: 'cognitivecomputations/dolphin-mistral-24b-venice-edition:free',
+      ANTHROPIC_CUSTOM_MODEL_OPTION_NAME: 'Dolphin Mistral 24b Venice Edition:Free',
+      ANTHROPIC_DEFAULT_HAIKU_MODEL: 'cognitivecomputations/dolphin-mistral-24b-venice-edition:free',
+      ANTHROPIC_DEFAULT_HAIKU_MODEL_NAME: 'Dolphin Mistral 24b Venice Edition:Free',
+      ANTHROPIC_DEFAULT_SONNET_MODEL: 'cognitivecomputations/dolphin-mistral-24b-venice-edition:free',
+      ANTHROPIC_DEFAULT_SONNET_MODEL_NAME: 'Dolphin Mistral 24b Venice Edition:Free',
+      ANTHROPIC_DEFAULT_OPUS_MODEL: 'cognitivecomputations/dolphin-mistral-24b-venice-edition:free',
+      ANTHROPIC_DEFAULT_OPUS_MODEL_NAME: 'Dolphin Mistral 24b Venice Edition:Free',
+    })
+    expect(settings.env.ANTHROPIC_DEFAULT_SONNET_MODEL).not.toBe('claude-sonnet-4-6')
+  })
+
+  it('keeps Claude Code protocol overrides behind the local proxy', async () => {
+    const home = makeHome()
+
+    const result = await prepareCodingAgentLaunch('claude-code', {
+      profile: 'default',
+      provider: 'openrouter',
+      model: 'anthropic/claude-sonnet-4.6',
+      baseUrl: 'https://openrouter.ai/api/v1',
+      apiKey: 'sk-test',
+      apiMode: 'anthropic_messages',
+    })
+
+    const settings = JSON.parse(readFileSync(join(result.rootDir, 'settings.json'), 'utf-8'))
+    expect(settings.env.ANTHROPIC_API_KEY).toMatch(/^hwui_/)
+    expect(settings.env.ANTHROPIC_BASE_URL).toMatch(/^http:\/\/127\.0\.0\.1:\d+\/api\/claude-code-proxy\/.+$/)
+  })
+
+  it('keeps Codex model selection on the CLI while isolating CODEX_HOME', async () => {
+    const home = makeHome()
+
+    const result = await prepareCodingAgentLaunch('codex', {
+      profile: 'default',
+      provider: 'openrouter',
+      model: 'openai/gpt-oss-20b:free',
+      baseUrl: 'https://openrouter.ai/api/v1',
+      apiKey: 'sk-test',
+    })
+
+    expect(result.rootDir).toBe(join(home, 'coding-agent', 'model', 'default', 'openrouter', 'codex'))
+    expect(result.workspaceDir).toBe(join(home, 'coding-agent', 'workspace', 'default', 'openrouter'))
+    expect(result.args).toEqual(['--model', 'openai/gpt-oss-20b:free'])
+    expect(result.env).toEqual({ CODEX_HOME: result.rootDir })
+
+    const config = readFileSync(join(result.rootDir, 'config.toml'), 'utf-8')
+    expect(config).toContain('requires_openai_auth = false')
+    expect(config).toContain(`model_catalog_json = "${join(result.rootDir, 'codex-model-catalog.json')}"`)
+
+    const catalog = JSON.parse(readFileSync(join(result.rootDir, 'codex-model-catalog.json'), 'utf-8'))
+    expect(catalog.models.some((entry: any) => entry.slug === 'openai/gpt-oss-20b:free')).toBe(true)
+    expect(catalog.models[0]).toHaveProperty('base_instructions')
+    expect(catalog.models[0]).toHaveProperty('model_messages')
+  })
+
+  it('points Codex Chat Completions providers at the local Responses proxy', async () => {
+    const home = makeHome()
+
+    const result = await prepareCodingAgentLaunch('codex', {
+      profile: 'default',
+      provider: 'deepseek',
+      model: 'deepseek-v4-pro',
+      baseUrl: 'https://api.deepseek.com',
+      apiKey: 'sk-upstream',
+      apiMode: 'chat_completions',
+    })
+
+    const config = readFileSync(join(result.rootDir, 'config.toml'), 'utf-8')
+    expect(config).toContain(`base_url = "http://127.0.0.1:8648/api/codex-proxy/`)
+    expect(config).toContain('wire_api = "responses"')
+    expect(config).toContain('requires_openai_auth = false')
+    expect(config).toMatch(/experimental_bearer_token = "hwui_[^"]+"/)
+    expect(result.rootDir).toBe(join(home, 'coding-agent', 'model', 'default', 'deepseek', 'codex'))
+
+    const catalog = JSON.parse(readFileSync(join(result.rootDir, 'codex-model-catalog.json'), 'utf-8'))
+    const deepseekModel = catalog.models.find((entry: any) => entry.slug === 'deepseek-v4-pro')
+    expect(deepseekModel).toMatchObject({
+      display_name: 'Deepseek V4 Pro',
+    })
+    expect(deepseekModel.context_window).toBeGreaterThan(0)
+    expect(deepseekModel.max_context_window).toBe(deepseekModel.context_window)
+    expect(deepseekModel.model_messages.instructions_template).toContain('{{ base_instructions }}')
+  })
+
+  it('points Codex Anthropic Messages providers at the local Responses proxy', async () => {
+    const home = makeHome()
+
+    const result = await prepareCodingAgentLaunch('codex', {
+      profile: 'default',
+      provider: 'anthropic-compatible',
+      model: 'claude-sonnet-4-6',
+      baseUrl: 'https://api.example.com',
+      apiKey: 'sk-upstream',
+      apiMode: 'anthropic_messages',
+    })
+
+    const config = readFileSync(join(result.rootDir, 'config.toml'), 'utf-8')
+    expect(config).toContain(`base_url = "http://127.0.0.1:8648/api/codex-proxy/`)
+    expect(config).toContain('wire_api = "responses"')
+    expect(config).toContain('requires_openai_auth = false')
+    expect(config).toMatch(/experimental_bearer_token = "hwui_[^"]+"/)
+    expect(result.rootDir).toBe(join(home, 'coding-agent', 'model', 'default', 'anthropic-compatible', 'codex'))
+  })
+
+  it('adapts Codex Responses requests to OpenAI Chat Completions', async () => {
+    makeHome()
+    const launch = await prepareCodingAgentLaunch('codex', {
+      profile: 'default',
+      provider: 'deepseek',
+      model: 'deepseek-v4-pro',
+      baseUrl: 'https://api.deepseek.com',
+      apiKey: 'sk-upstream',
+      apiMode: 'chat_completions',
+    })
+    const config = readFileSync(join(launch.rootDir, 'config.toml'), 'utf-8')
+    const routeKey = config.match(/\/api\/codex-proxy\/([^/]+)\/v1/)?.[1] || ''
+    const token = config.match(/experimental_bearer_token = "([^"]+)"/)?.[1] || ''
+    const fetchMock = vi.fn(async () => new Response(JSON.stringify({
+      id: 'chatcmpl_test',
+      choices: [{
+        finish_reason: 'stop',
+        message: { role: 'assistant', content: 'ok' },
+      }],
+      usage: { prompt_tokens: 3, completion_tokens: 1, total_tokens: 4 },
+    }), { status: 200, headers: { 'Content-Type': 'application/json' } }))
+    vi.stubGlobal('fetch', fetchMock)
+
+    const ctx = makeProxyContext(routeKey, token, {
+      max_output_tokens: 16,
+      input: [
+        { role: 'user', content: [{ type: 'input_text', text: 'hello' }] },
+        { role: 'developer', content: [{ type: 'input_text', text: 'be terse' }] },
+      ],
+    })
+
+    await codexProxyResponses(ctx)
+
+    expect(fetchMock).toHaveBeenCalledWith('https://api.deepseek.com/v1/chat/completions', expect.objectContaining({
+      method: 'POST',
+      headers: expect.objectContaining({ Authorization: 'Bearer sk-upstream' }),
+    }))
+    const requestBody = JSON.parse(fetchMock.mock.calls[0][1].body)
+    expect(requestBody).toMatchObject({
+      model: 'deepseek-v4-pro',
+      max_tokens: 16,
+      messages: [
+        { role: 'user', content: 'hello' },
+        { role: 'system', content: 'be terse' },
+      ],
+    })
+    expect(ctx.body.output[0].content[0].text).toBe('ok')
+    expect(ctx.body.usage).toMatchObject({ input_tokens: 3, output_tokens: 1, total_tokens: 4 })
+  })
+
+  it('adapts Codex Responses requests to Anthropic Messages', async () => {
+    makeHome()
+    const launch = await prepareCodingAgentLaunch('codex', {
+      profile: 'default',
+      provider: 'anthropic-compatible',
+      model: 'claude-sonnet-4-6',
+      baseUrl: 'https://api.example.com',
+      apiKey: 'sk-upstream',
+      apiMode: 'anthropic_messages',
+    })
+    const config = readFileSync(join(launch.rootDir, 'config.toml'), 'utf-8')
+    const routeKey = config.match(/\/api\/codex-proxy\/([^/]+)\/v1/)?.[1] || ''
+    const token = config.match(/experimental_bearer_token = "([^"]+)"/)?.[1] || ''
+    const fetchMock = vi.fn(async () => new Response(JSON.stringify({
+      id: 'msg_test',
+      type: 'message',
+      role: 'assistant',
+      model: 'claude-sonnet-4-6',
+      content: [
+        { type: 'text', text: 'ok' },
+        { type: 'tool_use', id: 'toolu_1', name: 'search', input: { query: 'repo' } },
+      ],
+      stop_reason: 'tool_use',
+      usage: { input_tokens: 5, output_tokens: 2 },
+    }), { status: 200, headers: { 'Content-Type': 'application/json' } }))
+    vi.stubGlobal('fetch', fetchMock)
+
+    const ctx = makeProxyContext(routeKey, token, {
+      instructions: 'be terse',
+      max_output_tokens: 64,
+      input: [
+        { role: 'user', content: [{ type: 'input_text', text: 'hello' }] },
+        { type: 'function_call_output', call_id: 'call_0', output: 'done' },
+      ],
+      tools: [{
+        type: 'function',
+        name: 'search',
+        description: 'Search files',
+        parameters: { type: 'object', properties: { query: { type: 'string' } } },
+      }],
+    })
+
+    await codexProxyResponses(ctx)
+
+    expect(fetchMock).toHaveBeenCalledWith('https://api.example.com/v1/messages', expect.objectContaining({
+      method: 'POST',
+      headers: expect.objectContaining({
+        Authorization: 'Bearer sk-upstream',
+        'x-api-key': 'sk-upstream',
+        'anthropic-version': '2023-06-01',
+      }),
+    }))
+    const requestBody = JSON.parse(fetchMock.mock.calls[0][1].body)
+    expect(requestBody).toMatchObject({
+      model: 'claude-sonnet-4-6',
+      system: 'be terse',
+      max_tokens: 64,
+      messages: [
+        { role: 'user', content: [{ type: 'text', text: 'hello' }] },
+        { role: 'user', content: [{ type: 'tool_result', tool_use_id: 'call_0', content: 'done' }] },
+      ],
+      tools: [{
+        name: 'search',
+        description: 'Search files',
+        input_schema: { type: 'object', properties: { query: { type: 'string' } } },
+      }],
+    })
+    expect(ctx.body.output[0].content[0].text).toBe('ok')
+    expect(ctx.body.output[1]).toMatchObject({
+      type: 'function_call',
+      call_id: 'toolu_1',
+      name: 'search',
+      arguments: '{"query":"repo"}',
+    })
+    expect(ctx.body.usage).toMatchObject({ input_tokens: 5, output_tokens: 2, total_tokens: 7 })
+  })
+
+  it('streams Codex proxy text as complete Responses message events', async () => {
+    makeHome()
+    const launch = await prepareCodingAgentLaunch('codex', {
+      profile: 'default',
+      provider: 'deepseek',
+      model: 'deepseek-v4-pro',
+      baseUrl: 'https://api.deepseek.com',
+      apiKey: 'sk-upstream',
+      apiMode: 'chat_completions',
+    })
+    const config = readFileSync(join(launch.rootDir, 'config.toml'), 'utf-8')
+    const routeKey = config.match(/\/api\/codex-proxy\/([^/]+)\/v1/)?.[1] || ''
+    const token = config.match(/experimental_bearer_token = "([^"]+)"/)?.[1] || ''
+    const encoder = new TextEncoder()
+    const fetchMock = vi.fn(async () => new Response(new ReadableStream({
+      start(controller) {
+        controller.enqueue(encoder.encode('data: {"choices":[{"delta":{"content":"p"}}]}\n\n'))
+        controller.enqueue(encoder.encode('data: {"choices":[{"delta":{"content":"ong"}}]}\n\n'))
+        controller.enqueue(encoder.encode('data: [DONE]\n\n'))
+        controller.close()
+      },
+    }), { status: 200, headers: { 'Content-Type': 'text/event-stream' } }))
+    vi.stubGlobal('fetch', fetchMock)
+
+    const ctx = makeProxyContext(routeKey, token, {
+      stream: true,
+      input: [{ role: 'user', content: [{ type: 'input_text', text: 'ping' }] }],
+    })
+
+    await codexProxyResponses(ctx)
+
+    const chunks: string[] = []
+    for await (const chunk of ctx.body) chunks.push(String(chunk))
+    const sse = chunks.join('')
+    expect(sse).toContain('event: response.output_item.added')
+    expect(sse).toContain('event: response.content_part.added')
+    expect(sse).toContain('"delta":"p"')
+    expect(sse).toContain('"delta":"ong"')
+    expect(sse).toContain('event: response.output_text.done')
+    expect(sse).toContain('"text":"pong"')
+    expect(sse).toContain('event: response.output_item.done')
+    expect(sse).toContain('"output":[{"type":"message"')
+  })
+
+  it('streams Codex proxy Anthropic text as Responses message events', async () => {
+    makeHome()
+    const launch = await prepareCodingAgentLaunch('codex', {
+      profile: 'default',
+      provider: 'anthropic-compatible',
+      model: 'claude-sonnet-4-6',
+      baseUrl: 'https://api.example.com',
+      apiKey: 'sk-upstream',
+      apiMode: 'anthropic_messages',
+    })
+    const config = readFileSync(join(launch.rootDir, 'config.toml'), 'utf-8')
+    const routeKey = config.match(/\/api\/codex-proxy\/([^/]+)\/v1/)?.[1] || ''
+    const token = config.match(/experimental_bearer_token = "([^"]+)"/)?.[1] || ''
+    const encoder = new TextEncoder()
+    const fetchMock = vi.fn(async () => new Response(new ReadableStream({
+      start(controller) {
+        controller.enqueue(encoder.encode('event: message_start\ndata: {"type":"message_start","message":{"id":"msg_test","usage":{"input_tokens":3,"output_tokens":0}}}\n\n'))
+        controller.enqueue(encoder.encode('event: content_block_start\ndata: {"type":"content_block_start","index":0,"content_block":{"type":"text","text":""}}\n\n'))
+        controller.enqueue(encoder.encode('event: content_block_delta\ndata: {"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":"he"}}\n\n'))
+        controller.enqueue(encoder.encode('event: content_block_delta\ndata: {"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":"llo"}}\n\n'))
+        controller.enqueue(encoder.encode('event: message_stop\ndata: {"type":"message_stop"}\n\n'))
+        controller.close()
+      },
+    }), { status: 200, headers: { 'Content-Type': 'text/event-stream' } }))
+    vi.stubGlobal('fetch', fetchMock)
+
+    const ctx = makeProxyContext(routeKey, token, {
+      stream: true,
+      input: [{ role: 'user', content: [{ type: 'input_text', text: 'ping' }] }],
+    })
+
+    await codexProxyResponses(ctx)
+
+    const chunks: string[] = []
+    for await (const chunk of ctx.body) chunks.push(String(chunk))
+    const sse = chunks.join('')
+    expect(fetchMock).toHaveBeenCalledWith('https://api.example.com/v1/messages', expect.objectContaining({
+      method: 'POST',
+      headers: expect.objectContaining({ 'anthropic-version': '2023-06-01' }),
+    }))
+    expect(sse).toContain('event: response.output_item.added')
+    expect(sse).toContain('"delta":"he"')
+    expect(sse).toContain('"delta":"llo"')
+    expect(sse).toContain('event: response.output_text.done')
+    expect(sse).toContain('"text":"hello"')
+    expect(sse).toContain('event: response.completed')
+  })
+
+  it('exposes Codex proxy models with route-token authentication', async () => {
+    makeHome()
+    const launch = await prepareCodingAgentLaunch('codex', {
+      profile: 'default',
+      provider: 'deepseek',
+      model: 'deepseek-v4-pro',
+      baseUrl: 'https://api.deepseek.com',
+      apiKey: 'sk-upstream',
+      apiMode: 'chat_completions',
+    })
+    const config = readFileSync(join(launch.rootDir, 'config.toml'), 'utf-8')
+    const routeKey = config.match(/\/api\/codex-proxy\/([^/]+)\/v1/)?.[1] || ''
+    const token = config.match(/experimental_bearer_token = "([^"]+)"/)?.[1] || ''
+    const ctx = makeProxyContext(routeKey, token, {})
+
+    await codexProxyModels(ctx)
+
+    expect(ctx.body).toMatchObject({
+      object: 'list',
+      data: [{ id: 'deepseek-v4-pro', object: 'model', owned_by: 'deepseek' }],
+    })
+  })
+
+  it('adapts Claude Code streaming requests to the Responses API for codex_responses providers', async () => {
+    const target = registerClaudeCodeProxyTarget({
+      provider: 'fun-codex',
+      model: 'gpt-5.5',
+      baseUrl: 'https://api.apikey.fun/v1',
+      apiKey: 'sk-upstream',
+      apiMode: 'codex_responses',
+    })
+    const encoder = new TextEncoder()
+    const fetchMock = vi.fn(async () => new Response(new ReadableStream({
+      start(controller) {
+        controller.enqueue(encoder.encode('data: {"type":"response.output_text.delta","delta":"hi"}\n\n'))
+        controller.enqueue(encoder.encode('data: {"type":"response.completed","response":{"status":"completed","usage":{"output_tokens":1}}}\n\n'))
+        controller.close()
+      },
+    }), { status: 200 }))
+    vi.stubGlobal('fetch', fetchMock)
+
+    const ctx = makeProxyContext(target.routeKey, target.token, {
+      stream: true,
+      max_tokens: 32,
+      messages: [{ role: 'user', content: 'hello' }],
+    })
+
+    await claudeProxyMessages(ctx)
+
+    expect(fetchMock).toHaveBeenCalledWith('https://api.apikey.fun/v1/responses', expect.objectContaining({
+      method: 'POST',
+      headers: expect.objectContaining({ Authorization: 'Bearer sk-upstream' }),
+    }))
+    const requestBody = JSON.parse(fetchMock.mock.calls[0][1].body)
+    expect(requestBody).toMatchObject({
+      model: 'gpt-5.5',
+      stream: true,
+      store: false,
+      max_output_tokens: 32,
+      input: [{ role: 'user', content: 'hello' }],
+    })
+
+    const chunks: string[] = []
+    for await (const chunk of ctx.body) chunks.push(String(chunk))
+    const sse = chunks.join('')
+    expect(ctx.responseHeaders['Content-Type']).toContain('text/event-stream')
+    expect(sse).toContain('event: message_start')
+    expect(sse).toContain('"type":"text_delta","text":"hi"')
+    expect(sse).toContain('event: message_stop')
+  })
+
+  it('round-trips reasoning_content for DeepSeek-style OpenAI Chat tool calls', async () => {
+    const target = registerClaudeCodeProxyTarget({
+      provider: 'deepseek',
+      model: 'deepseek-reasoner',
+      baseUrl: 'https://api.deepseek.com/v1',
+      apiKey: 'sk-upstream',
+      apiMode: 'chat_completions',
+    })
+    const fetchMock = vi.fn(async () => new Response(JSON.stringify({
+      id: 'chatcmpl_test',
+      choices: [{
+        finish_reason: 'tool_calls',
+        message: {
+          role: 'assistant',
+          reasoning_content: 'Need to inspect the repository first.',
+          content: null,
+          tool_calls: [{
+            id: 'call_2',
+            type: 'function',
+            function: { name: 'search', arguments: '{"query":"proxy"}' },
+          }],
+        },
+      }],
+      usage: { prompt_tokens: 12, completion_tokens: 8 },
+    }), { status: 200, headers: { 'Content-Type': 'application/json' } }))
+    vi.stubGlobal('fetch', fetchMock)
+
+    const ctx = makeProxyContext(target.routeKey, target.token, {
+      max_tokens: 32,
+      messages: [
+        { role: 'user', content: 'check it' },
+        {
+          role: 'assistant',
+          content: [
+            { type: 'thinking', thinking: 'Need the current repo files.' },
+            { type: 'tool_use', id: 'call_1', name: 'search', input: { query: 'reasoning_content' } },
+          ],
+        },
+        {
+          role: 'user',
+          content: [
+            { type: 'tool_result', tool_use_id: 'call_1', content: 'found one file' },
+          ],
+        },
+      ],
+    })
+
+    await claudeProxyMessages(ctx)
+
+    const requestBody = JSON.parse(fetchMock.mock.calls[0][1].body)
+    expect(requestBody.messages[1]).toMatchObject({
+      role: 'assistant',
+      reasoning_content: 'Need the current repo files.',
+      tool_calls: [{
+        id: 'call_1',
+        type: 'function',
+        function: { name: 'search', arguments: '{"query":"reasoning_content"}' },
+      }],
+    })
+    expect(ctx.body.content[0]).toEqual({
+      type: 'thinking',
+      thinking: 'Need to inspect the repository first.',
+    })
+    expect(ctx.body.content[1]).toMatchObject({
+      type: 'tool_use',
+      id: 'call_2',
+      name: 'search',
+      input: { query: 'proxy' },
+    })
+  })
+
+  it('passes Anthropic Messages providers through the local proxy without exposing upstream credentials', async () => {
+    const target = registerClaudeCodeProxyTarget({
+      provider: 'fun-claude',
+      model: 'claude-sonnet-4-6',
+      baseUrl: 'https://api.apikey.fun',
+      apiKey: 'sk-upstream',
+      apiMode: 'anthropic_messages',
+    })
+    const fetchMock = vi.fn(async () => new Response(JSON.stringify({
+      id: 'msg_test',
+      type: 'message',
+      role: 'assistant',
+      model: 'claude-sonnet-4-6',
+      content: [{ type: 'text', text: 'hi' }],
+      stop_reason: 'end_turn',
+      usage: { input_tokens: 1, output_tokens: 1 },
+    }), { status: 200, headers: { 'Content-Type': 'application/json' } }))
+    vi.stubGlobal('fetch', fetchMock)
+
+    const ctx = makeProxyContext(target.routeKey, target.token, {
+      model: 'ignored-client-model',
+      max_tokens: 32,
+      messages: [{ role: 'user', content: 'hello' }],
+    })
+
+    await claudeProxyMessages(ctx)
+
+    expect(fetchMock).toHaveBeenCalledWith('https://api.apikey.fun/v1/messages', expect.objectContaining({
+      method: 'POST',
+      headers: expect.objectContaining({
+        Authorization: 'Bearer sk-upstream',
+        'x-api-key': 'sk-upstream',
+      }),
+    }))
+    const requestBody = JSON.parse(fetchMock.mock.calls[0][1].body)
+    expect(requestBody.model).toBe('claude-sonnet-4-6')
+    expect(ctx.body.content[0].text).toBe('hi')
+  })
+
+  it('keeps Claude proxy routes separate for the same model with different protocols', () => {
+    const chat = registerClaudeCodeProxyTarget({
+      provider: 'same-provider',
+      model: 'same-model',
+      baseUrl: 'https://api.example.com/v1',
+      apiKey: 'sk-chat',
+      apiMode: 'chat_completions',
+    })
+    const anthropic = registerClaudeCodeProxyTarget({
+      provider: 'same-provider',
+      model: 'same-model',
+      baseUrl: 'https://api.example.com/v1',
+      apiKey: 'sk-anthropic',
+      apiMode: 'anthropic_messages',
+    })
+
+    expect(chat.routeKey).not.toBe(anthropic.routeKey)
+    expect(chat.token).not.toBe(anthropic.token)
+  })
+
+  it('keeps Codex proxy routes separate for the same model with different upstream URLs', () => {
+    const first = registerCodexProxyTarget({
+      profile: 'default',
+      provider: 'same-provider',
+      model: 'same-model',
+      baseUrl: 'https://api-one.example.com/v1',
+      apiKey: 'sk-one',
+      apiMode: 'chat_completions',
+    })
+    const second = registerCodexProxyTarget({
+      profile: 'default',
+      provider: 'same-provider',
+      model: 'same-model',
+      baseUrl: 'https://api-two.example.com/v1',
+      apiKey: 'sk-two',
+      apiMode: 'chat_completions',
+    })
+
+    expect(first.routeKey).not.toBe(second.routeKey)
+    expect(first.token).not.toBe(second.token)
+  })
+
+  it('exposes Claude-visible alias models from the local proxy models endpoint', async () => {
+    const target = registerClaudeCodeProxyTarget({
+      provider: 'openrouter',
+      model: 'cognitivecomputations/dolphin-mistral-24b-venice-edition:free',
+      baseUrl: 'https://openrouter.ai/api/v1',
+      apiKey: 'sk-upstream',
+      apiMode: 'codex_responses',
+    })
+    const ctx = makeProxyContext(target.routeKey, target.token, {})
+
+    await claudeProxyModels(ctx)
+
+    const ids = ctx.body.data.map((model: any) => model.id)
+    expect(ids).toContain('claude-haiku-4-5')
+    expect(ids).toContain('claude-sonnet-4-6')
+    expect(ids).toContain('claude-opus-4-7')
+    expect(ids).toContain('cognitivecomputations/dolphin-mistral-24b-venice-edition:free')
+  })
+})
diff --git a/tests/server/config-controller-file-lock.test.ts b/tests/server/config-controller-file-lock.test.ts
new file mode 100644
index 0000000..cb60498
--- /dev/null
+++ b/tests/server/config-controller-file-lock.test.ts
@@ -0,0 +1,208 @@
+import { mkdir, mkdtemp, readFile, rm, writeFile } from 'fs/promises'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import YAML from 'js-yaml'
+
+const { mockRestartGateway, mockDestroyProfile } = vi.hoisted(() => ({
+  mockRestartGateway: vi.fn().mockResolvedValue({ running: true, profile: 'default' }),
+  mockDestroyProfile: vi.fn().mockResolvedValue({ destroyed: true }),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/gateway-autostart', () => {
+  return {
+    restartGatewayForProfile: mockRestartGateway,
+  }
+})
+
+vi.mock('../../packages/server/src/services/hermes/agent-bridge', () => ({
+  AgentBridgeClient: class {
+    destroyProfile = mockDestroyProfile
+  },
+}))
+
+const originalHermesHome = process.env.HERMES_HOME
+const tempHomes: string[] = []
+let hermesHome = ''
+
+async function loadController() {
+  vi.resetModules()
+  process.env.HERMES_HOME = hermesHome
+  return import('../../packages/server/src/controllers/hermes/config')
+}
+
+function makeCtx(body: unknown, profile?: string): any {
+  return {
+    request: { body },
+    query: {},
+    state: profile ? { profile: { name: profile } } : {},
+    status: 200,
+    body: undefined,
+  }
+}
+
+beforeEach(async () => {
+  vi.clearAllMocks()
+  hermesHome = await mkdtemp(join(tmpdir(), 'hermes-config-controller-'))
+  tempHomes.push(hermesHome)
+  await mkdir(hermesHome, { recursive: true })
+})
+
+afterEach(async () => {
+  vi.resetModules()
+  if (originalHermesHome === undefined) delete process.env.HERMES_HOME
+  else process.env.HERMES_HOME = originalHermesHome
+  await Promise.all(tempHomes.splice(0).map(dir => rm(dir, { recursive: true, force: true })))
+  hermesHome = ''
+})
+
+describe('config controller locked file updates', () => {
+  it('deep merges a config section and restarts the gateway through hermes-cli', async () => {
+    await writeFile(join(hermesHome, 'config.yaml'), [
+      'telegram:',
+      '  enabled: false',
+      '  extra:',
+      '    mode: old',
+      'model:',
+      '  default: glm-5.1',
+      '',
+    ].join('\n'), 'utf-8')
+    const { updateConfig } = await loadController()
+    const ctx = makeCtx({ section: 'telegram', values: { enabled: true, extra: { token_mode: 'env' } } })
+
+    await updateConfig(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    expect(mockRestartGateway).toHaveBeenCalledWith('default')
+    expect(mockDestroyProfile).not.toHaveBeenCalled()
+    const config = YAML.load(await readFile(join(hermesHome, 'config.yaml'), 'utf-8')) as any
+    expect(config.telegram.enabled).toBe(true)
+    expect(config.telegram.extra).toEqual({ mode: 'old', token_mode: 'env' })
+    expect(config.model.default).toBe('glm-5.1')
+  })
+
+  it('clears credential env values and removes matching config fields without losing unrelated env keys', async () => {
+    await writeFile(join(hermesHome, 'config.yaml'), [
+      'platforms:',
+      '  weixin:',
+      '    token: old-token',
+      '    extra:',
+      '      account_id: old-account',
+      '      base_url: https://old.example',
+      'model:',
+      '  default: glm-5.1',
+      '',
+    ].join('\n'), 'utf-8')
+    await writeFile(join(hermesHome, '.env'), [
+      'OPENROUTER_API_KEY=keep',
+      'WEIXIN_TOKEN=old-token',
+      'WEIXIN_ACCOUNT_ID=old-account',
+      '',
+    ].join('\n'), 'utf-8')
+    const { updateCredentials } = await loadController()
+    const ctx = makeCtx({ platform: 'weixin', values: { token: '', extra: { account_id: '', base_url: 'https://new.example' } } })
+
+    await updateCredentials(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const env = await readFile(join(hermesHome, '.env'), 'utf-8')
+    expect(env).toContain('OPENROUTER_API_KEY=keep')
+    expect(env).not.toContain('WEIXIN_TOKEN=')
+    expect(env).not.toContain('WEIXIN_ACCOUNT_ID=')
+    expect(env).toContain('WEIXIN_BASE_URL=https://new.example')
+    const config = YAML.load(await readFile(join(hermesHome, 'config.yaml'), 'utf-8')) as any
+    expect(config.platforms.weixin.token).toBeUndefined()
+    expect(config.platforms.weixin.extra.account_id).toBeUndefined()
+    expect(config.platforms.weixin.extra.base_url).toBe('https://old.example')
+    expect(config.model.default).toBe('glm-5.1')
+  })
+
+  it('writes QQBot credentials to env and overlays them into platform config reads', async () => {
+    await writeFile(join(hermesHome, 'config.yaml'), [
+      'platforms:',
+      '  qqbot:',
+      '    extra:',
+      '      markdown_support: true',
+      '',
+    ].join('\n'), 'utf-8')
+    await writeFile(join(hermesHome, '.env'), 'OPENROUTER_API_KEY=keep\n', 'utf-8')
+    const { updateCredentials, getConfig } = await loadController()
+
+    await updateCredentials(makeCtx({
+      platform: 'qqbot',
+      values: {
+        extra: { app_id: 'qq-app', client_secret: 'qq-secret' },
+        allowed_users: 'user-1,user-2',
+        allow_all_users: false,
+      },
+    }))
+
+    const env = await readFile(join(hermesHome, '.env'), 'utf-8')
+    expect(env).toContain('OPENROUTER_API_KEY=keep')
+    expect(env).toContain('QQ_APP_ID=qq-app')
+    expect(env).toContain('QQ_CLIENT_SECRET=qq-secret')
+    expect(env).toContain('QQ_ALLOWED_USERS=user-1,user-2')
+    expect(env).toContain('QQ_ALLOW_ALL_USERS=false')
+
+    const ctx = makeCtx({})
+    await getConfig(ctx)
+    expect(ctx.body.platforms.qqbot.extra.app_id).toBe('qq-app')
+    expect(ctx.body.platforms.qqbot.extra.client_secret).toBe('qq-secret')
+    expect(ctx.body.platforms.qqbot.extra.markdown_support).toBe(true)
+    expect(ctx.body.platforms.qqbot.allowed_users).toBe('user-1,user-2')
+    expect(ctx.body.platforms.qqbot.allow_all_users).toBe(false)
+  })
+
+  it('reads and writes channel settings in the request-scoped profile only', async () => {
+    const researchDir = join(hermesHome, 'profiles', 'research')
+    await mkdir(researchDir, { recursive: true })
+    await writeFile(join(hermesHome, 'config.yaml'), [
+      'telegram:',
+      '  require_mention: false',
+      'model:',
+      '  default: keep-default-model',
+      '',
+    ].join('\n'), 'utf-8')
+    await writeFile(join(hermesHome, '.env'), [
+      'TELEGRAM_BOT_TOKEN=keep-default-token',
+      '',
+    ].join('\n'), 'utf-8')
+    await writeFile(join(researchDir, 'config.yaml'), [
+      'telegram:',
+      '  require_mention: false',
+      'model:',
+      '  default: research-model',
+      '',
+    ].join('\n'), 'utf-8')
+    await writeFile(join(researchDir, '.env'), [
+      'TELEGRAM_BOT_TOKEN=old-research-token',
+      '',
+    ].join('\n'), 'utf-8')
+
+    const { updateConfig, updateCredentials, getConfig } = await loadController()
+
+    await updateConfig(makeCtx({
+      section: 'telegram',
+      values: { require_mention: true, free_response_chats: 'chat-1' },
+    }, 'research'))
+    await updateCredentials(makeCtx({
+      platform: 'telegram',
+      values: { token: 'new-research-token' },
+    }, 'research'))
+
+    expect(mockRestartGateway).toHaveBeenCalledWith('research')
+    expect(mockDestroyProfile).not.toHaveBeenCalled()
+    const defaultConfig = YAML.load(await readFile(join(hermesHome, 'config.yaml'), 'utf-8')) as any
+    const researchConfig = YAML.load(await readFile(join(researchDir, 'config.yaml'), 'utf-8')) as any
+    expect(defaultConfig.telegram.require_mention).toBe(false)
+    expect(researchConfig.telegram.require_mention).toBe(true)
+    expect(researchConfig.telegram.free_response_chats).toBe('chat-1')
+    expect(await readFile(join(hermesHome, '.env'), 'utf-8')).toContain('TELEGRAM_BOT_TOKEN=keep-default-token')
+    expect(await readFile(join(researchDir, '.env'), 'utf-8')).toContain('TELEGRAM_BOT_TOKEN=new-research-token')
+
+    const ctx = makeCtx({}, 'research')
+    await getConfig(ctx)
+    expect(ctx.body.platforms.telegram.token).toBe('new-research-token')
+    expect(ctx.body.telegram.require_mention).toBe(true)
+  })
+})
diff --git a/tests/server/config-helpers-file-lock.test.ts b/tests/server/config-helpers-file-lock.test.ts
new file mode 100644
index 0000000..6e59b74
--- /dev/null
+++ b/tests/server/config-helpers-file-lock.test.ts
@@ -0,0 +1,146 @@
+import { mkdir, mkdtemp, readFile, rm, writeFile } from 'fs/promises'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import YAML from 'js-yaml'
+
+const originalHermesHome = process.env.HERMES_HOME
+const tempHomes: string[] = []
+let hermesHome = ''
+
+async function loadHelpers() {
+  vi.resetModules()
+  process.env.HERMES_HOME = hermesHome
+  return import('../../packages/server/src/services/config-helpers')
+}
+
+beforeEach(async () => {
+  hermesHome = await mkdtemp(join(tmpdir(), 'hermes-config-helpers-'))
+  tempHomes.push(hermesHome)
+  await mkdir(hermesHome, { recursive: true })
+})
+
+afterEach(async () => {
+  vi.resetModules()
+  if (originalHermesHome === undefined) delete process.env.HERMES_HOME
+  else process.env.HERMES_HOME = originalHermesHome
+  await Promise.all(tempHomes.splice(0).map(dir => rm(dir, { recursive: true, force: true })))
+  hermesHome = ''
+})
+
+describe('config-helpers locked file updates', () => {
+  it('merges concurrent config.yaml updates by re-reading under the file lock', async () => {
+    await writeFile(join(hermesHome, 'config.yaml'), 'model:\n  default: old\n', 'utf-8')
+    const { updateConfigYaml } = await loadHelpers()
+
+    await Promise.all([
+      updateConfigYaml(async (cfg) => {
+        await new Promise(resolve => setTimeout(resolve, 25))
+        cfg.model.default = 'glm-5.1'
+        return cfg
+      }),
+      updateConfigYaml((cfg) => {
+        cfg.platforms = cfg.platforms || {}
+        cfg.platforms.api_server = { extra: { port: 8648 } }
+        return cfg
+      }),
+    ])
+
+    const config = YAML.load(await readFile(join(hermesHome, 'config.yaml'), 'utf-8')) as any
+    expect(config.model.default).toBe('glm-5.1')
+    expect(config.platforms.api_server.extra.port).toBe(8648)
+    await expect(readFile(join(hermesHome, 'config.yaml.bak'), 'utf-8')).resolves.toContain('model:')
+  })
+
+  it('serializes concurrent .env updates without losing keys', async () => {
+    await writeFile(join(hermesHome, '.env'), 'OPENROUTER_API_KEY=keep\n', 'utf-8')
+    const { saveEnvValue } = await loadHelpers()
+
+    await Promise.all([
+      saveEnvValue('DEEPSEEK_API_KEY', 'deepseek'),
+      saveEnvValue('MOONSHOT_API_KEY', 'moonshot'),
+    ])
+
+    const env = await readFile(join(hermesHome, '.env'), 'utf-8')
+    expect(env).toContain('OPENROUTER_API_KEY=keep')
+    expect(env).toContain('DEEPSEEK_API_KEY=deepseek')
+    expect(env).toContain('MOONSHOT_API_KEY=moonshot')
+  })
+
+  it('rejects invalid .env keys instead of writing keyless lines', async () => {
+    const envPath = join(hermesHome, '.env')
+    await writeFile(envPath, 'OPENROUTER_API_KEY=keep\n', 'utf-8')
+    const { saveEnvValue } = await loadHelpers()
+
+    await expect(saveEnvValue('', 'leaked-value')).rejects.toThrow('Invalid .env key')
+    await expect(saveEnvValue('=BROKEN', 'leaked-value')).rejects.toThrow('Invalid .env key')
+
+    const env = await readFile(envPath, 'utf-8')
+    expect(env).toBe('OPENROUTER_API_KEY=keep\n')
+    expect(env).not.toContain('=leaked-value')
+  })
+
+  it('skips writing config.yaml when an updater returns write false', async () => {
+    const configPath = join(hermesHome, 'config.yaml')
+    await writeFile(configPath, 'model:\n  default: old\n', 'utf-8')
+    const before = await readFile(configPath, 'utf-8')
+    const { updateConfigYaml } = await loadHelpers()
+
+    const result = await updateConfigYaml((cfg) => ({ data: cfg, result: 'unchanged', write: false }))
+
+    expect(result).toBe('unchanged')
+    await expect(readFile(configPath, 'utf-8')).resolves.toBe(before)
+    await expect(readFile(`${configPath}.bak`, 'utf-8')).rejects.toMatchObject({ code: 'ENOENT' })
+  })
+
+  it('strips api_server config before gateway restart', async () => {
+    const { stripLegacyApiServerGatewayConfig } = await loadHelpers()
+    const result = stripLegacyApiServerGatewayConfig({
+      model: { default: 'glm-5.1' },
+      platforms: {
+        api_server: {
+          enabled: true,
+          key: '',
+          cors_origins: '*',
+          extra: {
+            port: 8642,
+            host: '127.0.0.1',
+          },
+        },
+        feishu: {
+          enabled: true,
+        },
+      },
+    })
+
+    expect(result.changed).toBe(true)
+    expect(result.config).toEqual({
+      model: { default: 'glm-5.1' },
+      platforms: {
+        feishu: {
+          enabled: true,
+        },
+      },
+    })
+  })
+
+  it('removes custom api_server fields as well', async () => {
+    const { stripLegacyApiServerGatewayConfig } = await loadHelpers()
+    const result = stripLegacyApiServerGatewayConfig({
+      platforms: {
+        api_server: {
+          key: 'custom-key',
+          cors_origins: 'https://example.com',
+          extra: {
+            port: 8642,
+            host: '127.0.0.1',
+            mode: 'custom',
+          },
+        },
+      },
+    })
+
+    expect(result.changed).toBe(true)
+    expect(result.config).toEqual({})
+  })
+})
diff --git a/tests/server/config-mutating-controllers.test.ts b/tests/server/config-mutating-controllers.test.ts
new file mode 100644
index 0000000..1fe53f8
--- /dev/null
+++ b/tests/server/config-mutating-controllers.test.ts
@@ -0,0 +1,122 @@
+import { mkdir, mkdtemp, readFile, rm, writeFile } from 'fs/promises'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import YAML from 'js-yaml'
+
+vi.mock('../../packages/server/src/services/hermes/hermes-cli', () => ({
+  pinSkill: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/sessions-db', () => ({
+  getSkillUsageStatsFromDb: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/db', () => ({
+  getDb: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/schemas', () => ({
+  MODEL_CONTEXT_TABLE: 'model_context',
+}))
+
+const originalHermesHome = process.env.HERMES_HOME
+const tempHomes: string[] = []
+let hermesHome = ''
+
+async function loadModelsController() {
+  vi.resetModules()
+  process.env.HERMES_HOME = hermesHome
+  return import('../../packages/server/src/controllers/hermes/models')
+}
+
+async function loadSkillsController() {
+  vi.resetModules()
+  process.env.HERMES_HOME = hermesHome
+  return import('../../packages/server/src/controllers/hermes/skills')
+}
+
+function makeCtx(body: unknown): any {
+  return {
+    request: { body },
+    status: 200,
+    body: undefined,
+    query: {},
+    params: {},
+    state: {},
+    get: vi.fn(() => ''),
+  }
+}
+
+beforeEach(async () => {
+  hermesHome = await mkdtemp(join(tmpdir(), 'hermes-config-controller-'))
+  tempHomes.push(hermesHome)
+  await mkdir(hermesHome, { recursive: true })
+})
+
+afterEach(async () => {
+  vi.resetModules()
+  if (originalHermesHome === undefined) delete process.env.HERMES_HOME
+  else process.env.HERMES_HOME = originalHermesHome
+  await Promise.all(tempHomes.splice(0).map(dir => rm(dir, { recursive: true, force: true })))
+  hermesHome = ''
+})
+
+describe('config mutating controllers', () => {
+  it('setConfigModel updates only the model section and preserves existing config', async () => {
+    await writeFile(join(hermesHome, 'config.yaml'), [
+      'terminal:',
+      '  backend: local',
+      'model:',
+      '  default: old',
+      '  provider: old-provider',
+      '',
+    ].join('\n'), 'utf-8')
+    const { setConfigModel } = await loadModelsController()
+    const ctx = makeCtx({ default: 'glm-5.1', provider: 'custom:glm' })
+
+    await setConfigModel(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const config = YAML.load(await readFile(join(hermesHome, 'config.yaml'), 'utf-8')) as any
+    expect(config.model).toEqual({ default: 'glm-5.1', provider: 'custom:glm' })
+    expect(config.terminal.backend).toBe('local')
+  })
+
+  it('setConfigModel uses the requested profile header when auth has not populated state.profile', async () => {
+    const researchDir = join(hermesHome, 'profiles', 'research')
+    await mkdir(researchDir, { recursive: true })
+    await writeFile(join(hermesHome, 'config.yaml'), 'model:\n  default: root-model\n', 'utf-8')
+    await writeFile(join(researchDir, 'config.yaml'), 'model:\n  default: old-research\n', 'utf-8')
+    const { setConfigModel } = await loadModelsController()
+    const ctx = makeCtx({ default: 'research-model', provider: 'deepseek' })
+    ctx.get = vi.fn((name: string) => name.toLowerCase() === 'x-hermes-profile' ? 'research' : '')
+
+    await setConfigModel(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const rootConfig = YAML.load(await readFile(join(hermesHome, 'config.yaml'), 'utf-8')) as any
+    const researchConfig = YAML.load(await readFile(join(researchDir, 'config.yaml'), 'utf-8')) as any
+    expect(rootConfig.model.default).toBe('root-model')
+    expect(researchConfig.model).toEqual({ default: 'research-model', provider: 'deepseek' })
+  })
+
+  it('skill toggle preserves unrelated config while adding and removing disabled skills', async () => {
+    await writeFile(join(hermesHome, 'config.yaml'), [
+      'model:',
+      '  default: glm-5.1',
+      'skills:',
+      '  disabled:',
+      '    - old-skill',
+      '',
+    ].join('\n'), 'utf-8')
+    const { toggle } = await loadSkillsController()
+
+    await toggle(makeCtx({ name: 'new-skill', enabled: false }))
+    await toggle(makeCtx({ name: 'old-skill', enabled: true }))
+
+    const config = YAML.load(await readFile(join(hermesHome, 'config.yaml'), 'utf-8')) as any
+    expect(config.model.default).toBe('glm-5.1')
+    expect(config.skills.disabled).toEqual(['new-skill'])
+  })
+})
diff --git a/tests/server/config.test.ts b/tests/server/config.test.ts
new file mode 100644
index 0000000..49f3771
--- /dev/null
+++ b/tests/server/config.test.ts
@@ -0,0 +1,35 @@
+import { describe, expect, it } from 'vitest'
+import { homedir } from 'os'
+import { join, resolve } from 'path'
+import { getListenHost, getWebUiHome, shouldCreateWebUiDataDir } from '../../packages/server/src/config'
+
+describe('server config', () => {
+  it('defaults to an IPv4 bind host', () => {
+    expect(getListenHost({})).toBe('0.0.0.0')
+  })
+
+  it('uses BIND_HOST when provided', () => {
+    expect(getListenHost({ BIND_HOST: ' :: ' })).toBe('::')
+  })
+
+  it('ignores blank BIND_HOST values', () => {
+    expect(getListenHost({ BIND_HOST: ' ' })).toBe('0.0.0.0')
+  })
+
+  it('defaults web-ui home to ~/.hermes-web-ui', () => {
+    expect(getWebUiHome({})).toBe(join(homedir(), '.hermes-web-ui'))
+  })
+
+  it('uses HERMES_WEB_UI_HOME when provided', () => {
+    expect(getWebUiHome({ HERMES_WEB_UI_HOME: ' ./tmp/hermes-ui ' })).toBe(resolve('./tmp/hermes-ui'))
+  })
+
+  it('uses HERMES_WEBUI_STATE_DIR as a compatibility alias', () => {
+    expect(getWebUiHome({ HERMES_WEBUI_STATE_DIR: ' ./tmp/hermes-state ' })).toBe(resolve('./tmp/hermes-state'))
+  })
+
+  it('only creates the development data directory outside production', () => {
+    expect(shouldCreateWebUiDataDir({ NODE_ENV: 'development' })).toBe(true)
+    expect(shouldCreateWebUiDataDir({ NODE_ENV: 'production' })).toBe(false)
+  })
+})
diff --git a/tests/server/context-compressor.test.ts b/tests/server/context-compressor.test.ts
new file mode 100644
index 0000000..ba7bfba
--- /dev/null
+++ b/tests/server/context-compressor.test.ts
@@ -0,0 +1,502 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+const getCompressionSnapshotMock = vi.fn()
+const saveCompressionSnapshotMock = vi.fn()
+const deleteCompressionSnapshotMock = vi.fn()
+const bridgeRequestMock = vi.fn()
+const bridgeDestroyMock = vi.fn()
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn(),
+  },
+}))
+
+vi.mock('../../packages/server/src/db/hermes/compression-snapshot', () => ({
+  getCompressionSnapshot: getCompressionSnapshotMock,
+  saveCompressionSnapshot: saveCompressionSnapshotMock,
+  deleteCompressionSnapshot: deleteCompressionSnapshotMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/agent-bridge', () => ({
+  AgentBridgeClient: class {
+    request = bridgeRequestMock
+    destroy = bridgeDestroyMock
+  },
+}))
+
+describe('ChatContextCompressor', () => {
+  let originalFetch: typeof global.fetch
+
+  beforeEach(() => {
+    originalFetch = global.fetch
+    getCompressionSnapshotMock.mockReset()
+    saveCompressionSnapshotMock.mockReset()
+    deleteCompressionSnapshotMock.mockReset()
+    bridgeRequestMock.mockReset()
+    bridgeDestroyMock.mockReset()
+    bridgeRequestMock.mockRejectedValue(new Error('summarizer failed'))
+    bridgeDestroyMock.mockResolvedValue(undefined)
+  })
+
+  afterEach(() => {
+    global.fetch = originalFetch
+  })
+
+  it('keeps full history when full summarization fails', async () => {
+    const { ChatContextCompressor } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({ config: { tailMessageCount: 3 } })
+    const messages = Array.from({ length: 8 }, (_, i) => ({
+      role: i % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${i}`,
+    }))
+
+    getCompressionSnapshotMock.mockReturnValue(null)
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(result.messages).toHaveLength(messages.length)
+    expect(result.messages.map(m => m.content)).toEqual(messages.map(m => m.content))
+    expect(result.meta.compressed).toBe(false)
+    expect(result.meta.llmCompressed).toBe(false)
+    expect(saveCompressionSnapshotMock).not.toHaveBeenCalled()
+  })
+
+  it('keeps all new messages when incremental summarization fails', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({ config: { tailMessageCount: 3 } })
+    const messages = Array.from({ length: 8 }, (_, i) => ({
+      role: i % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${i}`,
+    }))
+
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'previous summary',
+      lastMessageIndex: 1,
+      messageCountAtTime: 2,
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(result.messages).toHaveLength(7)
+    expect(result.messages[0]).toEqual({
+      role: 'user',
+      content: `${SUMMARY_PREFIX}\n\nprevious summary`,
+    })
+    expect(result.messages.slice(1).map(m => m.content)).toEqual(messages.slice(2).map(m => m.content))
+    expect(result.meta.compressed).toBe(true)
+    expect(result.meta.llmCompressed).toBe(false)
+    expect(result.meta.compressedStartIndex).toBe(1)
+    expect(result.meta.verbatimCount).toBe(6)
+    expect(saveCompressionSnapshotMock).not.toHaveBeenCalled()
+  })
+
+  it('does not call the summarizer when snapshot has only tail messages after it', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({ config: { tailMessageCount: 10 } })
+    const messages = Array.from({ length: 6 }, (_, i) => ({
+      role: i % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${i}`,
+    }))
+    const fetchMock = vi.fn()
+
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'previous summary',
+      lastMessageIndex: 3,
+      messageCountAtTime: 4,
+    })
+    global.fetch = fetchMock as any
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(fetchMock).not.toHaveBeenCalled()
+    expect(result.messages).toHaveLength(3)
+    expect(result.messages[0].content).toBe(`${SUMMARY_PREFIX}\n\nprevious summary`)
+    expect(result.messages.slice(1).map(m => m.content)).toEqual(['message 4', 'message 5'])
+    expect(result.meta.llmCompressed).toBe(false)
+    expect(result.meta.compressedStartIndex).toBe(3)
+    expect(saveCompressionSnapshotMock).not.toHaveBeenCalled()
+  })
+
+  it('keeps configured first and last messages during full compression', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { headMessageCount: 2, tailMessageCount: 3, summaryBudget: 1000 },
+    })
+    const messages = Array.from({ length: 10 }, (_, i) => ({
+      role: i % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${i}`,
+    }))
+
+    getCompressionSnapshotMock.mockReturnValue(null)
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: 'compressed summary' },
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(result.messages.map(m => m.content)).toEqual([
+      'message 0',
+      'message 1',
+      `${SUMMARY_PREFIX}\n\ncompressed summary`,
+      'message 7',
+      'message 8',
+      'message 9',
+    ])
+    expect(result.meta.compressed).toBe(true)
+    expect(result.meta.llmCompressed).toBe(true)
+    expect(result.meta.verbatimCount).toBe(5)
+    expect(saveCompressionSnapshotMock).toHaveBeenCalledWith('s1', 'compressed summary', 6, 10)
+  })
+
+  it('routes summarization through the provided worker key and destroys only the temporary agent session', async () => {
+    const { ChatContextCompressor } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { headMessageCount: 0, tailMessageCount: 1, summaryBudget: 1000 },
+    })
+    const messages = [
+      { role: 'user', content: 'old context' },
+      { role: 'assistant', content: 'old response' },
+      { role: 'user', content: 'tail' },
+    ]
+    getCompressionSnapshotMock.mockReturnValue(null)
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: 'compressed summary' },
+    })
+
+    await compressor.compress(messages, 'http://upstream', undefined, 's1', {
+      profile: 'default',
+      workerKey: 'default:compression:s1',
+    })
+
+    expect(bridgeRequestMock).toHaveBeenCalledWith(expect.objectContaining({
+      action: 'chat',
+      profile: 'default',
+      worker_key: 'default:compression:s1',
+      message: 'Generate the context checkpoint summary now.',
+      wait: true,
+    }), expect.any(Object))
+    const request = bridgeRequestMock.mock.calls[0][0]
+    expect(request.conversation_history[0]).toEqual(expect.objectContaining({
+      role: 'user',
+      content: expect.stringContaining('TURNS TO SUMMARIZE:'),
+    }))
+    const compressSessionId = bridgeRequestMock.mock.calls[0][0].session_id
+    expect(String(compressSessionId)).toMatch(/^compress_/)
+    expect(bridgeDestroyMock).toHaveBeenCalledWith(
+      compressSessionId,
+      'default',
+      'default:compression:s1',
+    )
+  })
+
+  it('does not pre-prune tool results before sending them to the summarizer', async () => {
+    const { ChatContextCompressor } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { headMessageCount: 0, tailMessageCount: 1, summaryBudget: 1000 },
+    })
+    const longToolOutput = `${'x'.repeat(180)}KEEP_MARKER${'y'.repeat(180)}`
+    const messages = [
+      {
+        role: 'assistant',
+        content: 'calling terminal',
+        tool_calls: [{ id: 'call_1', type: 'function', function: { name: 'terminal', arguments: '{}' } }],
+      },
+      { role: 'tool', name: 'terminal', tool_call_id: 'call_1', content: longToolOutput },
+      { role: 'user', content: 'tail' },
+    ]
+
+    getCompressionSnapshotMock.mockReturnValue(null)
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: 'compressed summary' },
+    })
+
+    await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    const request = bridgeRequestMock.mock.calls[0][0]
+    const serializedHistory = JSON.stringify(request.conversation_history)
+    expect(serializedHistory).toContain('KEEP_MARKER')
+    expect(serializedHistory).not.toContain('[terminal] ')
+  })
+
+  it('keeps protected head tool results verbatim after successful full compression', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { headMessageCount: 2, tailMessageCount: 1, summaryBudget: 1000 },
+    })
+    const longToolOutput = `${'head-tool-output '.repeat(30)}KEEP_HEAD_TOOL`
+    const messages = [
+      {
+        role: 'assistant',
+        content: 'calling terminal',
+        tool_calls: [{ id: 'call_1', type: 'function', function: { name: 'terminal', arguments: '{}' } }],
+      },
+      { role: 'tool', name: 'terminal', tool_call_id: 'call_1', content: longToolOutput },
+      { role: 'user', content: 'middle' },
+      { role: 'assistant', content: 'tail' },
+    ]
+
+    getCompressionSnapshotMock.mockReturnValue(null)
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: 'compressed summary' },
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(result.messages.map(m => m.content)).toEqual([
+      'calling terminal',
+      longToolOutput,
+      `${SUMMARY_PREFIX}\n\ncompressed summary`,
+      'tail',
+    ])
+  })
+
+  it('uses the previous summary plus a safe tail when an existing snapshot index is stale', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { headMessageCount: 2, tailMessageCount: 3, summaryBudget: 1000 },
+    })
+    const messages = Array.from({ length: 8 }, (_, i) => ({
+      role: i % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${i}`,
+    }))
+
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'stale previous summary',
+      lastMessageIndex: 20,
+      messageCountAtTime: 21,
+    })
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: 'rebuilt summary' },
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(deleteCompressionSnapshotMock).not.toHaveBeenCalled()
+    expect(bridgeRequestMock).not.toHaveBeenCalled()
+    expect(result.messages.map(m => m.content)).toEqual([
+      'message 0',
+      'message 1',
+      `${SUMMARY_PREFIX}\n\nstale previous summary`,
+      'message 5',
+      'message 6',
+      'message 7',
+    ])
+    expect(saveCompressionSnapshotMock).not.toHaveBeenCalled()
+  })
+
+  it('folds a stale snapshot safe tail into a new summary when it still exceeds budget', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { triggerTokens: 800, headMessageCount: 2, tailMessageCount: 3, summaryBudget: 1000 },
+    })
+    const largeTail = 'tail-token '.repeat(200)
+    const messages = [
+      { role: 'user', content: 'message 0' },
+      { role: 'assistant', content: 'message 1' },
+      { role: 'user', content: 'message 2' },
+      { role: 'assistant', content: 'message 3' },
+      { role: 'user', content: 'message 4' },
+      { role: 'assistant', content: largeTail },
+      { role: 'user', content: largeTail },
+      { role: 'assistant', content: largeTail },
+    ]
+
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'stale previous summary',
+      lastMessageIndex: 20,
+      messageCountAtTime: 21,
+    })
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: 'updated stale summary' },
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(deleteCompressionSnapshotMock).not.toHaveBeenCalled()
+    expect(bridgeRequestMock).toHaveBeenCalledTimes(1)
+    expect(result.messages.map(m => m.content)).toEqual([
+      'message 0',
+      'message 1',
+      `${SUMMARY_PREFIX}\n\nupdated stale summary`,
+    ])
+    expect(saveCompressionSnapshotMock).toHaveBeenCalledWith('s1', 'updated stale summary', 7, 8)
+  })
+
+  it('compresses the full history when protected windows cover all messages', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { headMessageCount: 3, tailMessageCount: 20, summaryBudget: 1000 },
+    })
+    const messages = Array.from({ length: 20 }, (_, i) => ({
+      role: i % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${i}`,
+    }))
+
+    getCompressionSnapshotMock.mockReturnValue(null)
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: 'compressed all messages' },
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(bridgeRequestMock).toHaveBeenCalledTimes(1)
+    expect(result.messages.map(m => m.content)).toEqual([
+      `${SUMMARY_PREFIX}\n\ncompressed all messages`,
+    ])
+    expect(result.meta.compressed).toBe(true)
+    expect(result.meta.llmCompressed).toBe(true)
+    expect(result.meta.verbatimCount).toBe(0)
+    expect(result.meta.compressedStartIndex).toBe(19)
+    expect(saveCompressionSnapshotMock).toHaveBeenCalledWith('s1', 'compressed all messages', 19, 20)
+  })
+
+  it('drops protected messages when compressed output still exceeds the trigger budget', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { triggerTokens: 200, headMessageCount: 2, tailMessageCount: 2, summaryBudget: 100 },
+    })
+    const largeText = 'tail-token '.repeat(500)
+    const messages = [
+      { role: 'user', content: 'head 0' },
+      { role: 'assistant', content: 'head 1' },
+      { role: 'user', content: 'middle 2' },
+      { role: 'assistant', content: 'middle 3' },
+      { role: 'user', content: largeText },
+      { role: 'assistant', content: largeText },
+    ]
+
+    getCompressionSnapshotMock.mockReturnValue(null)
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: 'short summary' },
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(result.messages.map(m => m.content)).toEqual([
+      `${SUMMARY_PREFIX}\n\nshort summary`,
+    ])
+    expect(result.meta.compressed).toBe(true)
+    expect(result.meta.llmCompressed).toBe(true)
+    expect(result.meta.verbatimCount).toBe(0)
+  })
+
+  it('truncates the summary when the summary alone exceeds the trigger budget', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX, countTokens } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { triggerTokens: 120, headMessageCount: 2, tailMessageCount: 2, summaryBudget: 100 },
+    })
+    const messages = Array.from({ length: 6 }, (_, i) => ({
+      role: i % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${i}`,
+    }))
+    const longSummary = 'summary-token '.repeat(500)
+
+    getCompressionSnapshotMock.mockReturnValue(null)
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: longSummary },
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(result.messages).toHaveLength(1)
+    expect(String(result.messages[0].content)).toContain('[Summary truncated to fit context budget]')
+    expect(String(result.messages[0].content).startsWith(SUMMARY_PREFIX)).toBe(true)
+    expect(countTokens(String(result.messages[0].content))).toBeLessThanOrEqual(140)
+    expect(result.meta.verbatimCount).toBe(0)
+  })
+
+  it('keeps configured first messages when incremental compression reuses an existing snapshot', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { headMessageCount: 2, tailMessageCount: 10 },
+    })
+    const messages = Array.from({ length: 6 }, (_, i) => ({
+      role: i % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${i}`,
+    }))
+
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'previous summary',
+      lastMessageIndex: 3,
+      messageCountAtTime: 4,
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(bridgeRequestMock).not.toHaveBeenCalled()
+    expect(result.messages.map(m => m.content)).toEqual([
+      'message 0',
+      'message 1',
+      `${SUMMARY_PREFIX}\n\nprevious summary`,
+      'message 4',
+      'message 5',
+    ])
+    expect(result.meta.verbatimCount).toBe(4)
+    expect(saveCompressionSnapshotMock).not.toHaveBeenCalled()
+  })
+
+  it('folds all new messages into the summary when incremental tail protection would exceed budget', async () => {
+    const { ChatContextCompressor, SUMMARY_PREFIX } = await import('../../packages/server/src/lib/context-compressor')
+    const compressor = new ChatContextCompressor({
+      config: { triggerTokens: 1000, headMessageCount: 3, tailMessageCount: 20, summaryBudget: 100 },
+    })
+    const largeText = 'new-token '.repeat(80)
+    const messages = [
+      { role: 'user', content: 'head 0' },
+      { role: 'assistant', content: 'head 1' },
+      { role: 'user', content: 'head 2' },
+      ...Array.from({ length: 20 }, (_, i) => ({
+        role: i % 2 === 0 ? 'user' : 'assistant',
+        content: `${largeText}${i}`,
+      })),
+    ]
+
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'previous summary',
+      lastMessageIndex: 2,
+      messageCountAtTime: 3,
+    })
+    bridgeRequestMock.mockResolvedValue({
+      status: 'completed',
+      result: { final_response: 'updated summary' },
+    })
+
+    const result = await compressor.compress(messages, 'http://upstream', undefined, 's1')
+
+    expect(bridgeRequestMock).toHaveBeenCalledTimes(1)
+    const request = bridgeRequestMock.mock.calls[0][0]
+    expect(request.message).toBe('Generate the context checkpoint summary now.')
+    expect(request.conversation_history.slice(0, 3)).toEqual([
+      { role: 'user', content: '[Previous summary]\nprevious summary' },
+      { role: 'assistant', content: 'Understood, I will update the summary.' },
+      expect.objectContaining({
+        role: 'user',
+        content: expect.stringContaining('NEW TURNS TO INCORPORATE:'),
+      }),
+    ])
+    expect(result.messages.map(m => m.content)).toEqual([
+      'head 0',
+      'head 1',
+      'head 2',
+      `${SUMMARY_PREFIX}\n\nupdated summary`,
+    ])
+    expect(result.meta.compressed).toBe(true)
+    expect(result.meta.llmCompressed).toBe(true)
+    expect(result.meta.verbatimCount).toBe(3)
+    expect(result.meta.compressedStartIndex).toBe(22)
+    expect(saveCompressionSnapshotMock).toHaveBeenCalledWith('s1', 'updated summary', 22, 23)
+  })
+})
diff --git a/tests/server/context-engine.test.ts b/tests/server/context-engine.test.ts
new file mode 100644
index 0000000..56b6bf5
--- /dev/null
+++ b/tests/server/context-engine.test.ts
@@ -0,0 +1,587 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { SummaryCache } from '../../packages/server/src/services/hermes/context-engine/summary-cache'
+import {
+    buildAgentInstructions,
+    buildSummarizationSystemPrompt,
+    buildFullSummaryPrompt,
+    buildIncrementalUpdatePrompt,
+} from '../../packages/server/src/services/hermes/context-engine/prompt'
+import { ContextEngine } from '../../packages/server/src/services/hermes/context-engine/compressor'
+import type { StoredMessage, MessageFetcher, GatewayCaller } from '../../packages/server/src/services/hermes/context-engine/types'
+
+// ─── Helpers ─────────────────────────────────────────────────
+
+function makeMessage(overrides: Partial<StoredMessage> = {}): StoredMessage {
+    return {
+        id: 'msg-1',
+        roomId: 'room-1',
+        senderId: 'user-1',
+        senderName: 'Alice',
+        content: 'Hello world',
+        timestamp: 1000,
+        ...overrides,
+    }
+}
+
+function makeMessages(count: number, roomId = 'room-1', startTimestamp = 1000): StoredMessage[] {
+    return Array.from({ length: count }, (_, i) => makeMessage({
+        id: `msg-${i}`,
+        roomId,
+        senderId: i % 3 === 0 ? 'agent-socket' : `user-${i}`,
+        senderName: i % 3 === 0 ? 'Claude' : `User${i}`,
+        content: `Message ${i} with some content`,
+        timestamp: startTimestamp + i * 1000,
+    }))
+}
+
+// ─── SummaryCache ─────────────────────────────────────────────
+
+describe('SummaryCache', () => {
+    it('stores and retrieves entries', () => {
+        const cache = new SummaryCache(60_000)
+        cache.set('room-1', {
+            summary: 'Summary text',
+            lastMessageId: 'msg-10',
+            lastMessageTimestamp: 5000,
+            createdAt: Date.now(),
+        })
+        const entry = cache.get('room-1')
+        expect(entry).toBeDefined()
+        expect(entry!.summary).toBe('Summary text')
+    })
+
+    it('returns undefined for expired entries', () => {
+        const cache = new SummaryCache(100) // 100ms TTL
+        cache.set('room-1', {
+            summary: 'Old summary',
+            lastMessageId: 'msg-5',
+            lastMessageTimestamp: 5000,
+            createdAt: Date.now() - 200, // created 200ms ago
+        })
+        expect(cache.get('room-1')).toBeUndefined()
+    })
+
+    it('invalidates entries for a room', () => {
+        const cache = new SummaryCache(60_000)
+        cache.set('room-1', { summary: 'A', lastMessageId: 'msg-1', lastMessageTimestamp: 1000, createdAt: Date.now() })
+        cache.set('room-2', { summary: 'C', lastMessageId: 'msg-3', lastMessageTimestamp: 3000, createdAt: Date.now() })
+
+        cache.invalidate('room-1')
+        expect(cache.get('room-1')).toBeUndefined()
+        expect(cache.get('room-2')).toBeDefined()
+    })
+
+    it('enforces max entry limit', () => {
+        const cache = new SummaryCache(60_000)
+        // Fill cache beyond limit (internal MAX_ENTRIES = 200)
+        for (let i = 0; i < 210; i++) {
+            cache.set(`room-${i}`, {
+                summary: `Summary ${i}`,
+                lastMessageId: `msg-${i}`,
+                lastMessageTimestamp: i * 1000,
+                createdAt: Date.now() - (210 - i), // earlier entries have older createdAt
+            })
+        }
+        // Cache should not exceed 200 entries
+        expect(cache.size).toBeLessThanOrEqual(200)
+    })
+})
+
+// ─── Prompts ──────────────────────────────────────────────────
+
+describe('prompts', () => {
+    it('builds agent instructions with all fields', () => {
+        const result = buildAgentInstructions({
+            agentName: 'Claude',
+            roomName: 'general',
+            agentDescription: 'AI coding assistant',
+            memberNames: ['Alice', 'Bob', 'Claude'],
+            members: [
+                { userId: 'u1', name: 'Alice', description: 'dev' },
+                { userId: 'u2', name: 'Bob', description: 'designer' },
+                { userId: 'u3', name: 'Claude', description: '' },
+            ],
+        })
+        expect(result).toContain('"Claude"')
+        expect(result).toContain('general')
+        expect(result).toContain('AI coding assistant')
+        expect(result).toContain('Alice')
+        expect(result).toContain('Bob')
+        expect(result).toContain('- Claude')
+        expect(result).not.toContain('@Claude')
+    })
+
+    it('builds agent instructions with empty member list', () => {
+        const result = buildAgentInstructions({
+            agentName: 'GPT',
+            roomName: 'dev',
+            agentDescription: 'Helper',
+            memberNames: [],
+            members: [],
+        })
+        expect(result).toContain('"GPT"')
+        expect(result).toContain('未知')
+    })
+
+    it('builds agent instructions using memberNames when members is empty', () => {
+        const result = buildAgentInstructions({
+            agentName: 'GPT',
+            roomName: 'dev',
+            agentDescription: 'Helper',
+            memberNames: ['Alice', 'Bob'],
+            members: [],
+        })
+        expect(result).toContain('Alice')
+        expect(result).toContain('Bob')
+    })
+
+    it('builds summarization system prompt', () => {
+        const result = buildSummarizationSystemPrompt()
+        expect(result).toContain('摘要')
+    })
+
+    it('builds full summary prompt', () => {
+        const result = buildFullSummaryPrompt()
+        expect(result).toContain('摘要')
+    })
+
+    it('builds incremental update prompt', () => {
+        const result = buildIncrementalUpdatePrompt()
+        expect(result).toContain('更新')
+    })
+})
+
+// ─── ContextEngine.buildContext ────────────────────────────────
+
+describe('ContextEngine.buildContext', () => {
+    let mockSummarize = vi.fn().mockResolvedValue({ summary: 'Summary of conversation.', sessionId: 'comp-1' })
+    const mockGatewayCaller: GatewayCaller = {
+        summarize: mockSummarize,
+    }
+
+    let mockFetcher: MessageFetcher
+    let engine: ContextEngine
+
+    beforeEach(() => {
+        vi.clearAllMocks()
+        mockFetcher = {
+            getMessages: vi.fn().mockReturnValue([]),
+            getContextSnapshot: vi.fn().mockReturnValue(null),
+            saveContextSnapshot: vi.fn(),
+            deleteContextSnapshot: vi.fn(),
+        }
+        engine = new ContextEngine({
+            config: { maxHistoryTokens: 4000, tailMessageCount: 10, triggerTokens: 100_000, charsPerToken: 4, summarizationTimeoutMs: 30_000 },
+            messageFetcher: mockFetcher,
+            gatewayCaller: { summarize: mockSummarize },
+        })
+    })
+
+    it('returns all messages as history when under threshold', async () => {
+        const messages = makeMessages(10) // 10 messages, under trigger threshold
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        const result = await engine.buildContext({
+            roomId: 'room-1',
+            agentId: 'agent-1',
+            agentName: 'Claude',
+            agentDescription: 'Helper',
+            agentSocketId: 'agent-socket',
+            roomName: 'general',
+            memberNames: ['Alice'],
+            members: [{ userId: 'u1', name: 'Alice', description: '' }],
+            upstream: 'http://localhost:8642',
+            apiKey: null,
+            currentMessage: messages[messages.length - 1],
+        })
+
+        expect(result.meta.totalMessages).toBe(10)
+        expect(result.meta.compressed).toBe(false)
+        expect(result.conversationHistory).toHaveLength(10)
+        expect(result.instructions).toContain('Claude')
+        // No LLM call for short conversations
+        expect(mockSummarize).not.toHaveBeenCalled()
+    })
+
+    it('records full context token estimates without compressing when under threshold', async () => {
+        const messages = makeMessages(3)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+        const contextTokenEstimator = vi.fn().mockResolvedValue(19_379)
+        const onProgress = vi.fn()
+
+        const result = await engine.buildContext({
+            roomId: 'room-1',
+            agentId: 'agent-1',
+            agentName: 'Claude',
+            agentDescription: 'Helper',
+            agentSocketId: 'agent-socket',
+            roomName: 'general',
+            memberNames: ['Alice'],
+            members: [{ userId: 'u1', name: 'Alice', description: '' }],
+            upstream: 'http://localhost:8642',
+            apiKey: null,
+            currentMessage: messages[messages.length - 1],
+            contextTokenEstimator,
+            onProgress,
+        })
+
+        expect(result.meta.compressed).toBe(false)
+        expect(result.meta.contextTokenEstimate).toBe(19_379)
+        expect(result.meta.messageTokenEstimate).toBeGreaterThan(0)
+        expect(contextTokenEstimator).toHaveBeenCalledWith(
+            expect.arrayContaining([{ role: 'assistant', content: expect.stringContaining('[Claude]') }]),
+            expect.stringContaining('"Claude"'),
+        )
+        expect(mockSummarize).not.toHaveBeenCalled()
+        expect(onProgress).not.toHaveBeenCalled()
+    })
+
+    it('uses full context token estimates to trigger group compression', async () => {
+        const messages = makeMessages(20)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+        const onProgress = vi.fn()
+
+        const result = await engine.buildContext({
+            roomId: 'room-1',
+            agentId: 'agent-1',
+            agentName: 'Claude',
+            agentDescription: 'Helper',
+            agentSocketId: 'agent-socket',
+            roomName: 'general',
+            memberNames: [],
+            members: [],
+            upstream: 'http://localhost:8642',
+            apiKey: null,
+            currentMessage: messages[messages.length - 1],
+            contextTokenEstimator: vi.fn().mockResolvedValue(120_000),
+            onProgress,
+        })
+
+        expect(result.meta.compressed).toBe(true)
+        expect(result.meta.contextTokenEstimate).toBe(120_000)
+        expect(mockSummarize).toHaveBeenCalledTimes(1)
+        expect(mockFetcher.saveContextSnapshot).toHaveBeenCalledTimes(1)
+        expect(onProgress).toHaveBeenCalledWith({
+            status: 'compressing',
+            path: 'full',
+            messageCount: 20,
+            tokenCount: 120_000,
+        })
+    })
+
+    it('throws when group prompt and tools exceed threshold with too little history to compress', async () => {
+        const messages = makeMessages(4)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        await expect(engine.buildContext({
+            roomId: 'room-1',
+            agentId: 'agent-1',
+            agentName: 'Claude',
+            agentDescription: 'Helper',
+            agentSocketId: 'agent-socket',
+            roomName: 'general',
+            memberNames: [],
+            members: [],
+            upstream: 'http://localhost:8642',
+            apiKey: null,
+            currentMessage: messages[messages.length - 1],
+            contextTokenEstimator: vi.fn().mockResolvedValue(120_000),
+        })).rejects.toThrow('Context window is too small')
+
+        expect(mockSummarize).not.toHaveBeenCalled()
+        expect(mockFetcher.saveContextSnapshot).not.toHaveBeenCalled()
+    })
+
+    it('throws on snapshot path when overhead plus new messages exceed threshold without compressible history', async () => {
+        const messages = makeMessages(12)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+        mockFetcher.getContextSnapshot = vi.fn().mockReturnValue({
+            roomId: 'room-1',
+            summary: 'Existing summary',
+            lastMessageId: 'msg-9',
+            lastMessageTimestamp: messages[9].timestamp,
+            updatedAt: Date.now(),
+        })
+
+        await expect(engine.buildContext({
+            roomId: 'room-1',
+            agentId: 'agent-1',
+            agentName: 'Claude',
+            agentDescription: 'Helper',
+            agentSocketId: 'agent-socket',
+            roomName: 'general',
+            memberNames: [],
+            members: [],
+            upstream: 'http://localhost:8642',
+            apiKey: null,
+            currentMessage: messages[messages.length - 1],
+            contextTokenEstimator: vi.fn().mockResolvedValue(120_000),
+        })).rejects.toThrow('Context window is too small')
+
+        expect(mockSummarize).not.toHaveBeenCalled()
+        expect(mockFetcher.saveContextSnapshot).not.toHaveBeenCalled()
+    })
+
+    it('splits into head/tail and compresses middle when over threshold', async () => {
+        const messages = makeMessages(20)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        const result = await engine.buildContext({
+            roomId: 'room-1',
+            agentId: 'agent-1',
+            agentName: 'Claude',
+            agentDescription: 'Helper',
+            agentSocketId: 'agent-socket',
+            roomName: 'general',
+            memberNames: [],
+            members: [],
+            upstream: 'http://localhost:8642',
+            apiKey: null,
+            currentMessage: messages[messages.length - 1],
+            compression: { triggerTokens: 10 }, // Force compression with tiny threshold
+        })
+
+        expect(result.meta.totalMessages).toBe(20)
+        expect(result.meta.compressed).toBe(true)
+        expect(mockSummarize).toHaveBeenCalledTimes(1)
+    })
+
+    it('uses cache hit when available and no new messages', async () => {
+        const messages = makeMessages(20)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        // First call — creates snapshot (with forced compression)
+        await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: '', agentSocketId: 'agent-socket', roomName: 'general',
+            memberNames: [], members: [], upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: messages[messages.length - 1],
+            compression: { triggerTokens: 10 },
+        })
+
+        // Verify snapshot was saved
+        expect(mockFetcher.saveContextSnapshot).toHaveBeenCalledTimes(1)
+
+        // Simulate that the snapshot now exists in storage
+        const savedSnapshot = mockFetcher.saveContextSnapshot.mock.calls[0]
+        mockFetcher.getContextSnapshot = vi.fn().mockReturnValue({
+            roomId: 'room-1',
+            summary: savedSnapshot[1],
+            lastMessageId: savedSnapshot[2],
+            lastMessageTimestamp: savedSnapshot[3],
+            updatedAt: Date.now(),
+        })
+
+        // Second call — cache hit (snapshot exists, same messages)
+        const result2 = await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: '', agentSocketId: 'agent-socket', roomName: 'general',
+            memberNames: [], members: [], upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: messages[messages.length - 1],
+        })
+
+        expect(result2.meta.hadSnapshot).toBe(true)
+        // Only one LLM call (from the first buildContext)
+        expect(mockSummarize).toHaveBeenCalledTimes(1)
+    })
+
+    it('does incremental update when cache hit with new messages', async () => {
+        const messages = makeMessages(20)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        // First call — full compression (with forced compression)
+        await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: '', agentSocketId: 'agent-socket', roomName: 'general',
+            memberNames: [], members: [], upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: messages[messages.length - 1],
+            compression: { triggerTokens: 10 },
+        })
+
+        // Simulate that the snapshot now exists in storage
+        const savedSnapshot = mockFetcher.saveContextSnapshot.mock.calls[0]
+        mockFetcher.getContextSnapshot = vi.fn().mockReturnValue({
+            roomId: 'room-1',
+            summary: savedSnapshot[1],
+            lastMessageId: savedSnapshot[2],
+            lastMessageTimestamp: savedSnapshot[3],
+            updatedAt: Date.now(),
+        })
+
+        expect(mockSummarize).toHaveBeenCalledTimes(1)
+        // First call: no previousSummary
+        // GatewayCaller.summarize signature: upstream, apiKey, systemPrompt, messages, roomId, profile, previousSummary
+        const firstCallArgs = mockSummarize.mock.calls[0]
+        expect(firstCallArgs[4]).toBe('room-1') // roomId
+        expect(firstCallArgs[5]).toBe('default') // profile
+        expect(firstCallArgs[6]).toBeUndefined() // previousSummary not passed
+
+        // Insert a new message
+        const middleInsert = makeMessage({
+            id: 'msg-new', roomId: 'room-1', senderId: 'user-99',
+            senderName: 'NewUser', content: 'New middle message', timestamp: 12000,
+        })
+        const updatedMessages = [...messages.slice(0, 9), middleInsert, ...messages.slice(9)]
+        mockFetcher.getMessages = vi.fn().mockReturnValue(updatedMessages)
+
+        const onProgress = vi.fn()
+        // Second call — incremental update
+        await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: '', agentSocketId: 'agent-socket', roomName: 'general',
+            memberNames: [], members: [], upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: updatedMessages[updatedMessages.length - 1],
+            compression: { triggerTokens: 10 },
+            onProgress,
+        })
+
+        expect(mockSummarize).toHaveBeenCalledTimes(2)
+        // Second call: has previousSummary
+        const secondCallArgs = mockSummarize.mock.calls[1]
+        expect(secondCallArgs[6]).toBe('Summary of conversation.')
+        expect(onProgress).toHaveBeenCalledWith(expect.objectContaining({
+            status: 'compressing',
+            path: 'snapshot',
+        }))
+    })
+
+    it('falls back to no-summary on LLM failure', async () => {
+        mockSummarize.mockRejectedValue(new Error('LLM timeout'))
+
+        const messages = makeMessages(20)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        const result = await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: '', agentSocketId: 'agent-socket', roomName: 'general',
+            memberNames: [], members: [], upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: messages[messages.length - 1],
+            compression: { triggerTokens: 10 },
+        })
+
+        // Should not throw, and should still return history
+        expect(result.conversationHistory.length).toBeGreaterThan(0)
+        // No summary pair in the output
+        expect(result.conversationHistory[0]?.content).not.toContain('Previous conversation summary')
+    })
+
+    it('trims tail when over token budget', async () => {
+        const engine = new ContextEngine({
+            config: {
+                maxHistoryTokens: 200, // small budget
+                tailMessageCount: 10,
+                triggerTokens: 10, // force compression
+                charsPerToken: 4,
+                summarizationTimeoutMs: 30_000,
+            },
+            messageFetcher: mockFetcher,
+            gatewayCaller: { summarize: mockSummarize },
+        })
+
+        const messages = makeMessages(20)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        const result = await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: '', agentSocketId: 'agent-socket', roomName: 'general',
+            memberNames: [], members: [], upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: messages[messages.length - 1],
+        })
+
+        // History should be trimmed to fit within 200 tokens
+        // Use same estimation logic as compressor: CJK * 1.5 + other / charsPerToken
+        const totalChars = result.conversationHistory.reduce((sum, m) => sum + m.content.length, 0)
+        const cjk = (result.conversationHistory.map(m => m.content).join('').match(/[⺀-鿿가-힯　-〿＀-￯]/g) || []).length
+        const other = totalChars - cjk
+        const estimatedTokens = Math.ceil(cjk * 1.5 + other / 4)
+        expect(estimatedTokens).toBeLessThanOrEqual(200)
+    })
+
+    it('maps agent messages to assistant role', async () => {
+        const messages = [
+            makeMessage({ senderId: 'user-1', senderName: 'Alice', content: 'Hello', timestamp: 1000 }),
+            makeMessage({ senderId: 'agent-socket', senderName: 'Claude', content: 'Hi there', timestamp: 2000 }),
+        ]
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        const result = await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: '', agentSocketId: 'agent-socket', roomName: 'general',
+            memberNames: [], members: [], upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: messages[messages.length - 1],
+        })
+
+        // First message from user → 'user' role with name prefix
+        expect(result.conversationHistory[0].role).toBe('user')
+        expect(result.conversationHistory[0].content).toContain('[Alice]')
+
+        // Second message from agent → 'assistant' role with sender prefix for group-chat context.
+        expect(result.conversationHistory[1].role).toBe('assistant')
+        expect(result.conversationHistory[1].content).toBe('[Claude]: Hi there')
+    })
+
+    it('maps other messages to user role with name prefix', async () => {
+        const messages = [
+            makeMessage({ senderId: 'user-2', senderName: 'Bob', content: 'Hey', timestamp: 1000 }),
+        ]
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        const result = await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: '', agentSocketId: 'agent-socket', roomName: 'general',
+            memberNames: [], members: [], upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: messages[messages.length - 1],
+        })
+
+        expect(result.conversationHistory[0].role).toBe('user')
+        expect(result.conversationHistory[0].content).toBe('[Bob]: Hey')
+    })
+
+    it('generates instructions with agent identity', async () => {
+        const messages = makeMessages(1)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        const result = await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: 'Code helper', agentSocketId: 'agent-socket', roomName: 'dev',
+            memberNames: ['Alice', 'Bob'],
+            members: [
+                { userId: 'u1', name: 'Alice', description: 'dev' },
+                { userId: 'u2', name: 'Bob', description: 'designer' },
+            ],
+            upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: messages[0],
+        })
+
+        expect(result.instructions).toContain('"Claude"')
+        expect(result.instructions).toContain('Code helper')
+        expect(result.instructions).toContain('dev')
+        expect(result.instructions).toContain('Alice')
+    })
+
+    it('invalidates room cache', async () => {
+        // Create a snapshot via the fetcher mock
+        mockFetcher.getContextSnapshot = vi.fn().mockReturnValue({
+            roomId: 'room-1',
+            summary: 'Test',
+            lastMessageId: 'msg-10',
+            lastMessageTimestamp: 1000,
+            updatedAt: Date.now(),
+        })
+
+        const messages = makeMessages(5)
+        mockFetcher.getMessages = vi.fn().mockReturnValue(messages)
+
+        // Build context to create snapshot
+        await engine.buildContext({
+            roomId: 'room-1', agentId: 'agent-1', agentName: 'Claude',
+            agentDescription: '', agentSocketId: 'agent-socket', roomName: 'general',
+            memberNames: [], members: [], upstream: 'http://localhost:8642', apiKey: null,
+            currentMessage: messages[messages.length - 1],
+        })
+
+        // Invalidate
+        engine.invalidateRoom('room-1')
+        expect(mockFetcher.deleteContextSnapshot).toHaveBeenCalledWith('room-1')
+    })
+})
diff --git a/tests/server/conversations-db.test.ts b/tests/server/conversations-db.test.ts
new file mode 100644
index 0000000..be85f76
--- /dev/null
+++ b/tests/server/conversations-db.test.ts
@@ -0,0 +1,431 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdtempSync, rmSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+
+const profileDirState = vi.hoisted(() => ({ value: '' }))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileDir: () => profileDirState.value,
+}))
+
+function ensureSqliteAvailable() {
+  const [major, minor] = process.versions.node.split('.').map(Number)
+  if (major < 22 || (major === 22 && minor < 5)) {
+    throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`)
+  }
+}
+
+function createSchema(db: any) {
+  db.exec(`
+    CREATE TABLE sessions (
+      id TEXT PRIMARY KEY,
+      source TEXT NOT NULL,
+      user_id TEXT,
+      model TEXT,
+      model_config TEXT,
+      system_prompt TEXT,
+      parent_session_id TEXT,
+      started_at REAL NOT NULL,
+      ended_at REAL,
+      end_reason TEXT,
+      message_count INTEGER DEFAULT 0,
+      tool_call_count INTEGER DEFAULT 0,
+      input_tokens INTEGER DEFAULT 0,
+      output_tokens INTEGER DEFAULT 0,
+      cache_read_tokens INTEGER DEFAULT 0,
+      cache_write_tokens INTEGER DEFAULT 0,
+      reasoning_tokens INTEGER DEFAULT 0,
+      billing_provider TEXT,
+      billing_base_url TEXT,
+      billing_mode TEXT,
+      estimated_cost_usd REAL,
+      actual_cost_usd REAL,
+      cost_status TEXT,
+      cost_source TEXT,
+      pricing_version TEXT,
+      title TEXT,
+      api_call_count INTEGER DEFAULT 0,
+      FOREIGN KEY (parent_session_id) REFERENCES sessions(id)
+    );
+
+    CREATE TABLE messages (
+      id INTEGER PRIMARY KEY,
+      session_id TEXT NOT NULL REFERENCES sessions(id),
+      role TEXT NOT NULL,
+      content TEXT,
+      tool_call_id TEXT,
+      tool_calls TEXT,
+      tool_name TEXT,
+      timestamp REAL NOT NULL,
+      token_count INTEGER,
+      finish_reason TEXT,
+      reasoning TEXT,
+      reasoning_details TEXT,
+      codex_reasoning_items TEXT,
+      reasoning_content TEXT
+    );
+  `)
+}
+
+function insertSession(db: any, session: Record<string, unknown>) {
+  db.prepare(`
+    INSERT INTO sessions (
+      id, source, user_id, model, model_config, system_prompt, parent_session_id,
+      started_at, ended_at, end_reason, message_count, tool_call_count,
+      input_tokens, output_tokens, cache_read_tokens, cache_write_tokens,
+      reasoning_tokens, billing_provider, billing_base_url, billing_mode,
+      estimated_cost_usd, actual_cost_usd, cost_status, cost_source,
+      pricing_version, title, api_call_count
+    ) VALUES (
+      @id, @source, @user_id, @model, @model_config, @system_prompt, @parent_session_id,
+      @started_at, @ended_at, @end_reason, @message_count, @tool_call_count,
+      @input_tokens, @output_tokens, @cache_read_tokens, @cache_write_tokens,
+      @reasoning_tokens, @billing_provider, @billing_base_url, @billing_mode,
+      @estimated_cost_usd, @actual_cost_usd, @cost_status, @cost_source,
+      @pricing_version, @title, @api_call_count
+    )
+  `).run({
+    user_id: null,
+    model_config: null,
+    system_prompt: null,
+    billing_base_url: null,
+    billing_mode: null,
+    cost_source: null,
+    pricing_version: null,
+    api_call_count: 0,
+    ...session,
+  })
+}
+
+function insertMessage(db: any, message: Record<string, unknown>) {
+  db.prepare(`
+    INSERT INTO messages (
+      id, session_id, role, content, tool_call_id, tool_calls, tool_name,
+      timestamp, token_count, finish_reason, reasoning, reasoning_details,
+      codex_reasoning_items, reasoning_content
+    ) VALUES (
+      @id, @session_id, @role, @content, @tool_call_id, @tool_calls, @tool_name,
+      @timestamp, @token_count, @finish_reason, @reasoning, @reasoning_details,
+      @codex_reasoning_items, @reasoning_content
+    )
+  `).run({
+    tool_call_id: null,
+    tool_calls: null,
+    tool_name: null,
+    token_count: null,
+    finish_reason: null,
+    reasoning: null,
+    reasoning_details: null,
+    codex_reasoning_items: null,
+    reasoning_content: null,
+    ...message,
+  })
+}
+
+describe('conversation DB service', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    vi.useFakeTimers()
+    vi.setSystemTime(new Date('2026-04-20T00:00:00Z'))
+    profileDirState.value = mkdtempSync(join(tmpdir(), 'hwui-conversations-db-'))
+  })
+
+  afterEach(() => {
+    vi.useRealTimers()
+    if (profileDirState.value) rmSync(profileDirState.value, { recursive: true, force: true })
+  })
+
+  it('aggregates a compression continuation without using full CLI export', async () => {
+    ensureSqliteAvailable()
+    const { DatabaseSync } = await import('node:sqlite')
+    const db = new DatabaseSync(join(profileDirState.value, 'state.db'))
+    createSchema(db)
+
+    insertSession(db, {
+      id: 'root',
+      parent_session_id: null,
+      source: 'cli',
+      model: 'openai/gpt-5.4',
+      title: null,
+      started_at: 100,
+      ended_at: 110,
+      end_reason: 'compression',
+      message_count: 2,
+      tool_call_count: 0,
+      input_tokens: 5,
+      output_tokens: 8,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: 'openai',
+      estimated_cost_usd: 0.1,
+      actual_cost_usd: 0.1,
+      cost_status: 'estimated',
+    })
+    insertSession(db, {
+      id: 'root-cont',
+      parent_session_id: 'root',
+      source: 'cli',
+      model: 'openai/gpt-5.4',
+      title: 'Continuation',
+      started_at: 110,
+      ended_at: 111,
+      end_reason: null,
+      message_count: 2,
+      tool_call_count: 0,
+      input_tokens: 3,
+      output_tokens: 4,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: 'openai',
+      estimated_cost_usd: 0.2,
+      actual_cost_usd: 0.2,
+      cost_status: 'final',
+    })
+
+    insertMessage(db, { id: 1, session_id: 'root', role: 'user', content: 'Start here', timestamp: 101 })
+    insertMessage(db, { id: 2, session_id: 'root', role: 'assistant', content: 'Assistant reply', timestamp: 102 })
+    insertMessage(db, { id: 3, session_id: 'root-cont', role: 'user', content: 'Continue with more detail', timestamp: 110 })
+    insertMessage(db, { id: 4, session_id: 'root-cont', role: 'assistant', content: 'Continued answer', timestamp: 111 })
+    db.close()
+
+    const mod = await import('../../packages/server/src/db/hermes/conversations-db')
+    const summaries = await mod.listConversationSummariesFromDb({ humanOnly: true })
+    expect(summaries).toHaveLength(1)
+    expect(summaries[0]).toEqual(expect.objectContaining({
+      id: 'root-cont',
+      title: 'Continuation',
+      started_at: 100,
+      thread_session_count: 2,
+      ended_at: 111,
+      cost_status: 'mixed',
+      actual_cost_usd: 0.30000000000000004,
+    }))
+
+    const detailFromTip = await mod.getConversationDetailFromDb('root-cont', { humanOnly: true })
+    expect(detailFromTip?.session_id).toBe('root-cont')
+    expect(detailFromTip?.thread_session_count).toBe(2)
+    expect(detailFromTip?.messages.map((message: any) => message.content)).toEqual([
+      'Start here',
+      'Assistant reply',
+      'Continue with more detail',
+      'Continued answer',
+    ])
+
+    const detailFromRoot = await mod.getConversationDetailFromDb('root', { humanOnly: true })
+    expect(detailFromRoot?.messages.map((message: any) => message.content)).toEqual(
+      detailFromTip?.messages.map((message: any) => message.content),
+    )
+  })
+
+  it('treats branched children as their own visible conversations', async () => {
+    ensureSqliteAvailable()
+    const { DatabaseSync } = await import('node:sqlite')
+    const db = new DatabaseSync(join(profileDirState.value, 'state.db'))
+    createSchema(db)
+
+    insertSession(db, {
+      id: 'root',
+      parent_session_id: null,
+      source: 'cli',
+      model: 'openai/gpt-5.4',
+      title: 'Root',
+      started_at: 100,
+      ended_at: 200,
+      end_reason: 'branched',
+      message_count: 1,
+      tool_call_count: 0,
+      input_tokens: 0,
+      output_tokens: 0,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: 'openai',
+      estimated_cost_usd: 0,
+      actual_cost_usd: 0,
+      cost_status: 'estimated',
+    })
+    insertSession(db, {
+      id: 'branch-child',
+      parent_session_id: 'root',
+      source: 'cli',
+      model: 'openai/gpt-5.4',
+      title: 'Branch child',
+      started_at: 201,
+      ended_at: 210,
+      end_reason: null,
+      message_count: 2,
+      tool_call_count: 0,
+      input_tokens: 0,
+      output_tokens: 0,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: 'openai',
+      estimated_cost_usd: 0,
+      actual_cost_usd: 0,
+      cost_status: 'estimated',
+    })
+
+    insertMessage(db, { id: 1, session_id: 'root', role: 'user', content: 'Root prompt', timestamp: 101 })
+    insertMessage(db, { id: 2, session_id: 'branch-child', role: 'user', content: 'Branch prompt', timestamp: 202 })
+    insertMessage(db, { id: 3, session_id: 'branch-child', role: 'assistant', content: 'Branch answer', timestamp: 203 })
+    db.close()
+
+    const mod = await import('../../packages/server/src/db/hermes/conversations-db')
+    const summaries = await mod.listConversationSummariesFromDb({ humanOnly: true })
+    expect(summaries.map((summary: any) => summary.id)).toEqual(['branch-child', 'root'])
+
+    const detail = await mod.getConversationDetailFromDb('branch-child', { humanOnly: true })
+    expect(detail?.messages.map((message: any) => message.content)).toEqual(['Branch prompt', 'Branch answer'])
+  })
+
+  it('keeps non-compression child sessions visible instead of hiding them under their parent', async () => {
+    ensureSqliteAvailable()
+    const { DatabaseSync } = await import('node:sqlite')
+    const db = new DatabaseSync(join(profileDirState.value, 'state.db'))
+    createSchema(db)
+
+    insertSession(db, {
+      id: 'parent',
+      parent_session_id: null,
+      source: 'cli',
+      model: 'openai/gpt-5.4',
+      title: 'Parent',
+      started_at: 100,
+      ended_at: 150,
+      end_reason: null,
+      message_count: 1,
+      tool_call_count: 0,
+      input_tokens: 0,
+      output_tokens: 0,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: 'openai',
+      estimated_cost_usd: 0,
+      actual_cost_usd: 0,
+      cost_status: 'estimated',
+    })
+    insertSession(db, {
+      id: 'review-child',
+      parent_session_id: 'parent',
+      source: 'cli',
+      model: 'openai/gpt-5.4',
+      title: 'Independent review',
+      started_at: 300,
+      ended_at: 320,
+      end_reason: null,
+      message_count: 2,
+      tool_call_count: 0,
+      input_tokens: 0,
+      output_tokens: 0,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: 'openai',
+      estimated_cost_usd: 0,
+      actual_cost_usd: 0,
+      cost_status: 'estimated',
+    })
+
+    insertMessage(db, { id: 1, session_id: 'parent', role: 'user', content: 'Parent prompt', timestamp: 101 })
+    insertMessage(db, { id: 2, session_id: 'review-child', role: 'user', content: 'Review prompt', timestamp: 301 })
+    insertMessage(db, { id: 3, session_id: 'review-child', role: 'assistant', content: 'Review answer', timestamp: 302 })
+    db.close()
+
+    const mod = await import('../../packages/server/src/db/hermes/conversations-db')
+    const summaries = await mod.listConversationSummariesFromDb({ humanOnly: true })
+    expect(summaries.map((summary: any) => summary.id)).toEqual(['review-child', 'parent'])
+
+    const detail = await mod.getConversationDetailFromDb('review-child', { humanOnly: true })
+    expect(detail?.thread_session_count).toBe(1)
+    expect(detail?.messages.map((message: any) => message.content)).toEqual(['Review prompt', 'Review answer'])
+  })
+
+  it('excludes synthetic-only roots from human-only summaries and details', async () => {
+    ensureSqliteAvailable()
+    const { DatabaseSync } = await import('node:sqlite')
+    const db = new DatabaseSync(join(profileDirState.value, 'state.db'))
+    createSchema(db)
+
+    insertSession(db, {
+      id: 'synthetic-root',
+      parent_session_id: null,
+      source: 'cli',
+      model: 'openai/gpt-5.4',
+      title: null,
+      started_at: 100,
+      ended_at: 101,
+      end_reason: null,
+      message_count: 1,
+      tool_call_count: 0,
+      input_tokens: 0,
+      output_tokens: 0,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: 'openai',
+      estimated_cost_usd: 0,
+      actual_cost_usd: 0,
+      cost_status: 'estimated',
+    })
+    insertMessage(db, {
+      id: 1,
+      session_id: 'synthetic-root',
+      role: 'user',
+      content: "You've reached the maximum number of tool-calling iterations allowed.",
+      timestamp: 100,
+    })
+    db.close()
+
+    const mod = await import('../../packages/server/src/db/hermes/conversations-db')
+    const summaries = await mod.listConversationSummariesFromDb({ humanOnly: true })
+    const detail = await mod.getConversationDetailFromDb('synthetic-root', { humanOnly: true })
+
+    expect(summaries).toEqual([])
+    expect(detail).toBeNull()
+  })
+
+  it('returns an empty detail payload for non-human-only sessions with no visible messages', async () => {
+    ensureSqliteAvailable()
+    const { DatabaseSync } = await import('node:sqlite')
+    const db = new DatabaseSync(join(profileDirState.value, 'state.db'))
+    createSchema(db)
+
+    insertSession(db, {
+      id: 'assistant-empty',
+      parent_session_id: null,
+      source: 'cli',
+      model: 'openai/gpt-5.4',
+      title: 'Empty detail',
+      started_at: 200,
+      ended_at: null,
+      end_reason: null,
+      message_count: 0,
+      tool_call_count: 0,
+      input_tokens: 0,
+      output_tokens: 0,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: 'openai',
+      estimated_cost_usd: 0,
+      actual_cost_usd: 0,
+      cost_status: 'estimated',
+    })
+    db.close()
+
+    const mod = await import('../../packages/server/src/db/hermes/conversations-db')
+    const detail = await mod.getConversationDetailFromDb('assistant-empty', { humanOnly: false })
+
+    expect(detail).toEqual({
+      session_id: 'assistant-empty',
+      messages: [],
+      visible_count: 0,
+      thread_session_count: 1,
+    })
+  })
+})
diff --git a/tests/server/conversations-service.test.ts b/tests/server/conversations-service.test.ts
new file mode 100644
index 0000000..dfd4176
--- /dev/null
+++ b/tests/server/conversations-service.test.ts
@@ -0,0 +1,263 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const exportSessionsRawMock = vi.fn()
+
+vi.mock('../../packages/server/src/services/hermes/hermes-cli', () => ({
+  exportSessionsRaw: exportSessionsRawMock,
+}))
+
+describe('conversations service', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    vi.useFakeTimers()
+    vi.setSystemTime(new Date('2026-04-20T00:00:00Z'))
+    exportSessionsRawMock.mockReset()
+  })
+
+  it('aggregates a single compression continuation even when the child preview differs', async () => {
+    exportSessionsRawMock.mockResolvedValue([
+      {
+        id: 'root',
+        parent_session_id: null,
+        source: 'cli',
+        model: 'openai/gpt-5.4',
+        title: null,
+        started_at: 100,
+        ended_at: 110,
+        end_reason: 'compression',
+        message_count: 2,
+        tool_call_count: 0,
+        input_tokens: 5,
+        output_tokens: 8,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openai',
+        estimated_cost_usd: 0.1,
+        actual_cost_usd: 0.1,
+        cost_status: 'estimated',
+        messages: [
+          { id: 1, session_id: 'root', role: 'user', content: 'Start here', timestamp: 101 },
+          { id: 2, session_id: 'root', role: 'assistant', content: 'Assistant reply', timestamp: 102 },
+        ],
+      },
+      {
+        id: 'root-cont',
+        parent_session_id: 'root',
+        source: 'cli',
+        model: 'openai/gpt-5.4',
+        title: 'Continuation',
+        started_at: 110,
+        ended_at: 111,
+        end_reason: null,
+        message_count: 2,
+        tool_call_count: 0,
+        input_tokens: 3,
+        output_tokens: 4,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openai',
+        estimated_cost_usd: 0.2,
+        actual_cost_usd: 0.2,
+        cost_status: 'final',
+        messages: [
+          { id: 3, session_id: 'root-cont', role: 'user', content: 'Continue with more detail', timestamp: 110 },
+          { id: 4, session_id: 'root-cont', role: 'assistant', content: 'Continued answer', timestamp: 111 },
+        ],
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/services/hermes/conversations')
+    const summaries = await mod.listConversationSummaries({ humanOnly: true })
+
+    expect(summaries).toHaveLength(1)
+    expect(summaries[0]).toEqual(
+      expect.objectContaining({
+        id: 'root',
+        thread_session_count: 2,
+        ended_at: 111,
+        cost_status: 'mixed',
+        actual_cost_usd: 0.30000000000000004,
+      }),
+    )
+
+    const detail = await mod.getConversationDetail('root', { humanOnly: true })
+    expect(detail?.thread_session_count).toBe(2)
+    expect(detail?.messages.map((message: any) => message.content)).toEqual([
+      'Start here',
+      'Assistant reply',
+      'Continue with more detail',
+      'Continued answer',
+    ])
+  })
+
+  it('treats branched children as their own visible conversations', async () => {
+    exportSessionsRawMock.mockResolvedValue([
+      {
+        id: 'root',
+        parent_session_id: null,
+        source: 'cli',
+        model: 'openai/gpt-5.4',
+        title: 'Root',
+        started_at: 100,
+        ended_at: 200,
+        end_reason: 'branched',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openai',
+        estimated_cost_usd: 0,
+        actual_cost_usd: 0,
+        cost_status: 'estimated',
+        messages: [{ id: 1, session_id: 'root', role: 'user', content: 'Root prompt', timestamp: 101 }],
+      },
+      {
+        id: 'branch-child',
+        parent_session_id: 'root',
+        source: 'cli',
+        model: 'openai/gpt-5.4',
+        title: 'Branch child',
+        started_at: 201,
+        ended_at: 210,
+        end_reason: null,
+        message_count: 2,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openai',
+        estimated_cost_usd: 0,
+        actual_cost_usd: 0,
+        cost_status: 'estimated',
+        messages: [
+          { id: 2, session_id: 'branch-child', role: 'user', content: 'Branch prompt', timestamp: 202 },
+          { id: 3, session_id: 'branch-child', role: 'assistant', content: 'Branch answer', timestamp: 203 },
+        ],
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/services/hermes/conversations')
+    const summaries = await mod.listConversationSummaries({ humanOnly: true })
+
+    expect(summaries.map((summary: any) => summary.id)).toEqual(['branch-child', 'root'])
+
+    const detail = await mod.getConversationDetail('branch-child', { humanOnly: true })
+    expect(detail?.messages.map((message: any) => message.content)).toEqual(['Branch prompt', 'Branch answer'])
+  })
+
+  it('excludes human-only conversations with no visible human messages', async () => {
+    exportSessionsRawMock.mockResolvedValue([
+      {
+        id: 'synthetic-root',
+        parent_session_id: null,
+        source: 'cli',
+        model: 'openai/gpt-5.4',
+        title: null,
+        started_at: 100,
+        ended_at: 101,
+        end_reason: null,
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openai',
+        estimated_cost_usd: 0,
+        actual_cost_usd: 0,
+        cost_status: 'estimated',
+        messages: [
+          {
+            id: 1,
+            session_id: 'synthetic-root',
+            role: 'user',
+            content: "You've reached the maximum number of tool-calling iterations allowed.",
+            timestamp: 100,
+          },
+        ],
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/services/hermes/conversations')
+    const summaries = await mod.listConversationSummaries({ humanOnly: true })
+    const detail = await mod.getConversationDetail('synthetic-root', { humanOnly: true })
+
+    expect(summaries).toEqual([])
+    expect(detail).toBeNull()
+  })
+
+  it('caches raw exports briefly and normalizes structured message content', async () => {
+    exportSessionsRawMock.mockResolvedValue([
+      {
+        id: 'recent-open',
+        parent_session_id: null,
+        source: 'cli',
+        model: 'openai/gpt-5.4',
+        title: 'Recent open',
+        started_at: 1776643190,
+        ended_at: null,
+        end_reason: null,
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openai',
+        estimated_cost_usd: 0,
+        actual_cost_usd: 0,
+        cost_status: 'estimated',
+        messages: [
+          {
+            id: 11,
+            session_id: 'recent-open',
+            role: 'assistant',
+            content: [{ text: 'hello' }, { text: 'world' }],
+            timestamp: 1776643198,
+          },
+        ],
+      },
+      {
+        id: 'stale-open',
+        parent_session_id: null,
+        source: 'cli',
+        model: 'openai/gpt-5.4',
+        title: 'Stale open',
+        started_at: 1776642000,
+        ended_at: null,
+        end_reason: null,
+        message_count: 0,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openai',
+        estimated_cost_usd: 0,
+        actual_cost_usd: 0,
+        cost_status: 'estimated',
+        messages: [],
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/services/hermes/conversations')
+    const firstSummaries = await mod.listConversationSummaries({ humanOnly: false })
+    const detail = await mod.getConversationDetail('recent-open', { humanOnly: false })
+    const secondSummaries = await mod.listConversationSummaries({ humanOnly: false })
+
+    expect(exportSessionsRawMock).toHaveBeenCalledTimes(1)
+    expect(firstSummaries.find((summary: any) => summary.id === 'recent-open')?.is_active).toBe(true)
+    expect(secondSummaries.find((summary: any) => summary.id === 'stale-open')?.is_active).toBe(false)
+    expect(detail?.messages[0].content).toBe('hello\nworld')
+  })
+})
diff --git a/tests/server/copilot-auth-controller.test.ts b/tests/server/copilot-auth-controller.test.ts
new file mode 100644
index 0000000..0dd2ac7
--- /dev/null
+++ b/tests/server/copilot-auth-controller.test.ts
@@ -0,0 +1,185 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+vi.mock('os', async () => {
+  const actual = await vi.importActual<typeof import('os')>('os')
+  return { ...actual, homedir: () => '/fake/home' }
+})
+
+const { mockReadFile, mockWriteFile, mockMkdir, mockSaveEnvValue, mockReadConfigYaml, mockWriteConfigYaml, mockUpdateConfigYaml, mockResolveWithSource, mockInvalidate, mockReadAppConfig, mockWriteAppConfig } = vi.hoisted(() => ({
+  mockReadFile: vi.fn(),
+  mockWriteFile: vi.fn().mockResolvedValue(undefined),
+  mockMkdir: vi.fn().mockResolvedValue(undefined),
+  mockSaveEnvValue: vi.fn().mockResolvedValue(undefined),
+  mockReadConfigYaml: vi.fn(),
+  mockWriteConfigYaml: vi.fn().mockResolvedValue(undefined),
+  mockUpdateConfigYaml: vi.fn(),
+  mockResolveWithSource: vi.fn(),
+  mockInvalidate: vi.fn(),
+  mockReadAppConfig: vi.fn(),
+  mockWriteAppConfig: vi.fn().mockResolvedValue({ copilotEnabled: true }),
+}))
+
+vi.mock('fs/promises', () => ({
+  readFile: mockReadFile,
+  writeFile: mockWriteFile,
+  mkdir: mockMkdir,
+}))
+
+vi.mock('../../packages/server/src/services/config-helpers', () => ({
+  saveEnvValue: mockSaveEnvValue,
+  readConfigYaml: mockReadConfigYaml,
+  writeConfigYaml: mockWriteConfigYaml,
+  updateConfigYaml: mockUpdateConfigYaml,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/copilot-models', () => ({
+  resolveCopilotOAuthTokenWithSource: mockResolveWithSource,
+  invalidateAllCaches: mockInvalidate,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveEnvPath: () => '/fake/home/.hermes/.env',
+}))
+
+vi.mock('../../packages/server/src/services/app-config', () => ({
+  readAppConfig: mockReadAppConfig,
+  writeAppConfig: mockWriteAppConfig,
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: { info: vi.fn(), error: vi.fn(), warn: vi.fn() },
+}))
+
+import * as ctrl from '../../packages/server/src/controllers/hermes/copilot-auth'
+
+function makeCtx(): any {
+  return { params: {}, request: { body: {} }, body: undefined, status: 200 }
+}
+
+beforeEach(() => {
+  vi.clearAllMocks()
+  mockReadFile.mockResolvedValue('')
+  mockReadConfigYaml.mockResolvedValue({})
+  mockUpdateConfigYaml.mockImplementation(async (updater: any) => {
+    const cfg = await mockReadConfigYaml()
+    const updated = await updater(cfg)
+    if (updated && typeof updated === 'object' && Object.hasOwn(updated, 'data')) {
+      if (updated.write === false) return updated.result
+      await mockWriteConfigYaml(updated.data)
+      return updated.result
+    }
+    await mockWriteConfigYaml(updated)
+    return undefined
+  })
+})
+
+afterEach(() => {
+  delete process.env.COPILOT_GITHUB_TOKEN
+})
+
+describe('copilot-auth controller — checkToken', () => {
+  it('reports has_token=false / source=null / enabled=false when nothing resolves', async () => {
+    mockResolveWithSource.mockResolvedValue({ token: '', source: null })
+    mockReadAppConfig.mockResolvedValue({})
+    const ctx = makeCtx()
+    await ctrl.checkToken(ctx)
+    expect(ctx.body).toEqual({ has_token: false, source: null, enabled: false })
+    expect(mockInvalidate).toHaveBeenCalled()
+  })
+
+  it('reports source and enabled flag', async () => {
+    mockResolveWithSource.mockResolvedValue({ token: 'gho_xxx', source: 'env' })
+    mockReadAppConfig.mockResolvedValue({ copilotEnabled: true })
+    const ctx = makeCtx()
+    await ctrl.checkToken(ctx)
+    expect(ctx.body).toEqual({ has_token: true, source: 'env', enabled: true })
+  })
+})
+
+describe('copilot-auth controller — enable', () => {
+  it('persists copilotEnabled=true and invalidates cache', async () => {
+    const ctx = makeCtx()
+    await ctrl.enable(ctx)
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({ copilotEnabled: true })
+    expect(mockInvalidate).toHaveBeenCalled()
+    expect(ctx.body).toEqual({ ok: true })
+  })
+})
+
+describe('copilot-auth controller — disable', () => {
+  it('clears ~/.hermes/.env when token source is env', async () => {
+    mockResolveWithSource.mockResolvedValue({ token: 'gho_xxx', source: 'env' })
+    process.env.COPILOT_GITHUB_TOKEN = 'gho_xxx'
+    const ctx = makeCtx()
+    await ctrl.disable(ctx)
+    expect(mockSaveEnvValue).toHaveBeenCalledWith('COPILOT_GITHUB_TOKEN', '')
+    expect(process.env.COPILOT_GITHUB_TOKEN).toBeUndefined()
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({ copilotEnabled: false })
+    expect(ctx.body).toEqual({ ok: true, cleared_env: true, cleared_default: false })
+  })
+
+  it('does NOT touch .env when token source is gh-cli (preserves gh CLI session)', async () => {
+    mockResolveWithSource.mockResolvedValue({ token: 'gho_xxx', source: 'gh-cli' })
+    const ctx = makeCtx()
+    await ctrl.disable(ctx)
+    expect(mockSaveEnvValue).not.toHaveBeenCalled()
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({ copilotEnabled: false })
+    expect(ctx.body).toEqual({ ok: true, cleared_env: false, cleared_default: false })
+  })
+
+  it('does NOT touch .env when token source is apps-json (preserves VS Code Copilot)', async () => {
+    mockResolveWithSource.mockResolvedValue({ token: 'gho_xxx', source: 'apps-json' })
+    const ctx = makeCtx()
+    await ctrl.disable(ctx)
+    expect(mockSaveEnvValue).not.toHaveBeenCalled()
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({ copilotEnabled: false })
+    expect(ctx.body).toEqual({ ok: true, cleared_env: false, cleared_default: false })
+  })
+
+  it('still flips enabled=false even when no token is resolvable', async () => {
+    mockResolveWithSource.mockResolvedValue({ token: '', source: null })
+    const ctx = makeCtx()
+    await ctrl.disable(ctx)
+    expect(mockSaveEnvValue).not.toHaveBeenCalled()
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({ copilotEnabled: false })
+  })
+
+  it('clears default model when it belongs to copilot', async () => {
+    mockResolveWithSource.mockResolvedValue({ token: '', source: null })
+    mockReadConfigYaml.mockResolvedValue({ model: { default: 'gpt-4o', provider: 'copilot' } })
+    const ctx = makeCtx()
+    await ctrl.disable(ctx)
+    expect(mockWriteConfigYaml).toHaveBeenCalledWith(expect.objectContaining({ model: {} }))
+    expect(ctx.body).toEqual(expect.objectContaining({ cleared_default: true }))
+  })
+
+  it('does NOT touch default model when it belongs to a different provider', async () => {
+    mockResolveWithSource.mockResolvedValue({ token: '', source: null })
+    mockReadConfigYaml.mockResolvedValue({ model: { default: 'glm-4', provider: 'zhipu' } })
+    const ctx = makeCtx()
+    await ctrl.disable(ctx)
+    expect(mockWriteConfigYaml).not.toHaveBeenCalled()
+    expect(ctx.body).toEqual(expect.objectContaining({ cleared_default: false }))
+  })
+
+  it('returns 500 and does NOT flip enabled flag when writeConfigYaml fails', async () => {
+    mockResolveWithSource.mockResolvedValue({ token: 'gho_xxx', source: 'env' })
+    mockReadConfigYaml.mockResolvedValue({ model: { default: 'gpt-4o', provider: 'copilot' } })
+    mockWriteConfigYaml.mockRejectedValueOnce(new Error('disk full'))
+    const ctx = makeCtx()
+    await ctrl.disable(ctx)
+    expect(ctx.status).toBe(500)
+    expect(mockSaveEnvValue).not.toHaveBeenCalled()
+    expect(mockWriteAppConfig).not.toHaveBeenCalled()
+  })
+
+  it('does not write process.env on persistToken / disable cleanup is defensive only', async () => {
+    // disable 不依赖 process.env 被写入；只清理之前可能由外部 export 的覆盖。
+    mockResolveWithSource.mockResolvedValue({ token: '', source: null })
+    process.env.COPILOT_GITHUB_TOKEN = 'leftover-from-shell'
+    const ctx = makeCtx()
+    await ctrl.disable(ctx)
+    // source=null → 不动 .env，也不清 process.env（因为不是 web-ui 自己的状态）
+    expect(process.env.COPILOT_GITHUB_TOKEN).toBe('leftover-from-shell')
+  })
+})
diff --git a/tests/server/copilot-device-flow.test.ts b/tests/server/copilot-device-flow.test.ts
new file mode 100644
index 0000000..b162718
--- /dev/null
+++ b/tests/server/copilot-device-flow.test.ts
@@ -0,0 +1,139 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import {
+  startDeviceFlow,
+  pollDeviceFlow,
+  COPILOT_OAUTH_CLIENT_ID,
+  COPILOT_OAUTH_SCOPE,
+} from '../../packages/server/src/services/hermes/copilot-device-flow'
+
+function mockJsonResponse(data: any, ok = true, status = 200): any {
+  return {
+    ok,
+    status,
+    json: async () => data,
+    text: async () => JSON.stringify(data),
+  }
+}
+
+describe('startDeviceFlow', () => {
+  beforeEach(() => vi.restoreAllMocks())
+
+  it('POSTs client_id + scope and returns parsed device code', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({
+      device_code: 'DC-1',
+      user_code: 'USER-1234',
+      verification_uri: 'https://github.com/login/device',
+      expires_in: 900,
+      interval: 5,
+    }))
+    const data = await startDeviceFlow(fetchSpy as any)
+    expect(data.device_code).toBe('DC-1')
+    expect(data.user_code).toBe('USER-1234')
+    expect(data.verification_uri).toBe('https://github.com/login/device')
+    expect(data.expires_in).toBe(900)
+    expect(data.interval).toBe(5)
+
+    const [url, init] = fetchSpy.mock.calls[0]
+    expect(url).toBe('https://github.com/login/device/code')
+    expect(init.method).toBe('POST')
+    const body = String(init.body)
+    expect(body).toContain(`client_id=${encodeURIComponent(COPILOT_OAUTH_CLIENT_ID)}`)
+    expect(body).toContain(`scope=${encodeURIComponent(COPILOT_OAUTH_SCOPE)}`)
+  })
+
+  it('throws on non-2xx status', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue({
+      ok: false, status: 503, text: async () => 'unavailable',
+    })
+    await expect(startDeviceFlow(fetchSpy as any)).rejects.toThrow(/503/)
+  })
+
+  it('throws when required fields are missing', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({ device_code: '' }))
+    await expect(startDeviceFlow(fetchSpy as any)).rejects.toThrow(/missing required/)
+  })
+
+  it('falls back to defaults when expires_in / interval are absent', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({
+      device_code: 'DC-2',
+      user_code: 'AAAA',
+      verification_uri: 'https://github.com/login/device',
+    }))
+    const data = await startDeviceFlow(fetchSpy as any)
+    expect(data.expires_in).toBe(900)
+    expect(data.interval).toBe(5)
+  })
+})
+
+describe('pollDeviceFlow', () => {
+  beforeEach(() => vi.restoreAllMocks())
+
+  it('returns success when access_token is present', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({
+      access_token: 'gho_abc',
+      token_type: 'bearer',
+      scope: 'read:user',
+    }))
+    const r = await pollDeviceFlow('DC-1', fetchSpy as any)
+    expect(r.kind).toBe('success')
+    if (r.kind === 'success') {
+      expect(r.access_token).toBe('gho_abc')
+      expect(r.token_type).toBe('bearer')
+    }
+  })
+
+  it('maps authorization_pending → pending', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({ error: 'authorization_pending' }))
+    const r = await pollDeviceFlow('DC-1', fetchSpy as any)
+    expect(r.kind).toBe('pending')
+  })
+
+  it('maps slow_down → slow_down', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({ error: 'slow_down' }))
+    const r = await pollDeviceFlow('DC-1', fetchSpy as any)
+    expect(r.kind).toBe('slow_down')
+  })
+
+  it('maps access_denied → denied', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({ error: 'access_denied' }))
+    const r = await pollDeviceFlow('DC-1', fetchSpy as any)
+    expect(r.kind).toBe('denied')
+  })
+
+  it('maps expired_token → expired', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({ error: 'expired_token' }))
+    const r = await pollDeviceFlow('DC-1', fetchSpy as any)
+    expect(r.kind).toBe('expired')
+  })
+
+  it('maps unknown server errors → error', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({
+      error: 'unsupported_grant_type',
+      error_description: 'bad grant',
+    }))
+    const r = await pollDeviceFlow('DC-1', fetchSpy as any)
+    expect(r.kind).toBe('error')
+    if (r.kind === 'error') {
+      expect(r.error).toBe('unsupported_grant_type')
+      expect(r.description).toBe('bad grant')
+    }
+  })
+
+  it('returns error on network failure', async () => {
+    const fetchSpy = vi.fn().mockRejectedValue(new Error('boom'))
+    const r = await pollDeviceFlow('DC-1', fetchSpy as any)
+    expect(r.kind).toBe('error')
+    if (r.kind === 'error') expect(r.error).toBe('network')
+  })
+
+  it('POSTs grant_type, client_id, device_code', async () => {
+    const fetchSpy = vi.fn().mockResolvedValue(mockJsonResponse({ access_token: 'gho_x' }))
+    await pollDeviceFlow('DEVICE-CODE-XYZ', fetchSpy as any)
+    const [url, init] = fetchSpy.mock.calls[0]
+    expect(url).toBe('https://github.com/login/oauth/access_token')
+    const body = String(init.body)
+    expect(body).toContain(`client_id=${encodeURIComponent(COPILOT_OAUTH_CLIENT_ID)}`)
+    expect(body).toContain('device_code=DEVICE-CODE-XYZ')
+    expect(body).toContain('grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Adevice_code')
+  })
+})
diff --git a/tests/server/copilot-models.test.ts b/tests/server/copilot-models.test.ts
new file mode 100644
index 0000000..66dd9da
--- /dev/null
+++ b/tests/server/copilot-models.test.ts
@@ -0,0 +1,364 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest'
+
+// Mock os.homedir before imports so file path resolution is stable.
+vi.mock('os', async () => {
+  const actual = await vi.importActual<typeof import('os')>('os')
+  return { ...actual, homedir: () => '/fake/home' }
+})
+
+const { mockReadFile, mockExecFile } = vi.hoisted(() => ({
+  mockReadFile: vi.fn(),
+  mockExecFile: vi.fn(),
+}))
+
+vi.mock('fs/promises', () => ({ readFile: mockReadFile }))
+vi.mock('child_process', () => ({ execFile: mockExecFile }))
+
+import {
+  resolveCopilotOAuthToken,
+  getCopilotModels,
+  getCopilotModelsDetailed,
+  COPILOT_FALLBACK_MODELS,
+  __resetCopilotModelsCacheForTest,
+} from '../../packages/server/src/services/hermes/copilot-models'
+
+const ORIGINAL_ENV = { ...process.env }
+const ORIGINAL_FETCH = global.fetch
+
+function clearTokenEnv() {
+  delete process.env.COPILOT_GITHUB_TOKEN
+  delete process.env.GH_TOKEN
+  delete process.env.GITHUB_TOKEN
+}
+
+beforeEach(() => {
+  __resetCopilotModelsCacheForTest()
+  vi.clearAllMocks()
+  clearTokenEnv()
+  // Default: apps.json read fails (ENOENT)
+  mockReadFile.mockRejectedValue(new Error('ENOENT'))
+  // Default: gh CLI fails
+  mockExecFile.mockImplementation((_cmd: any, _args: any, _opts: any, cb: any) => {
+    cb(new Error('gh not installed'), { stdout: '', stderr: '' })
+  })
+})
+
+afterEach(() => {
+  process.env = { ...ORIGINAL_ENV }
+  global.fetch = ORIGINAL_FETCH
+})
+
+describe('resolveCopilotOAuthToken', () => {
+  it('优先级：COPILOT_GITHUB_TOKEN > GH_TOKEN > GITHUB_TOKEN', async () => {
+    process.env.COPILOT_GITHUB_TOKEN = 'gho_copilot'
+    process.env.GH_TOKEN = 'gho_gh'
+    process.env.GITHUB_TOKEN = 'gho_github'
+    expect(await resolveCopilotOAuthToken('')).toBe('gho_copilot')
+
+    delete process.env.COPILOT_GITHUB_TOKEN
+    expect(await resolveCopilotOAuthToken('')).toBe('gho_gh')
+
+    delete process.env.GH_TOKEN
+    expect(await resolveCopilotOAuthToken('')).toBe('gho_github')
+  })
+
+  it('跳过 classic PAT (ghp_)，回退到下一来源', async () => {
+    process.env.GH_TOKEN = 'ghp_classic_pat'
+    process.env.GITHUB_TOKEN = 'gho_oauth_token'
+    expect(await resolveCopilotOAuthToken('')).toBe('gho_oauth_token')
+  })
+
+  it('从 .env 读取并去掉两端引号', async () => {
+    expect(await resolveCopilotOAuthToken('GH_TOKEN="gho_quoted"\n')).toBe('gho_quoted')
+    expect(await resolveCopilotOAuthToken("GH_TOKEN='gho_single'\n")).toBe('gho_single')
+    expect(await resolveCopilotOAuthToken('GH_TOKEN=gho_plain\n')).toBe('gho_plain')
+  })
+
+  it('忽略 .env 中以 # 开头的注释行', async () => {
+    expect(await resolveCopilotOAuthToken('GH_TOKEN=# comment\n')).toBe('')
+  })
+
+  it('回退到 ~/.config/github-copilot/apps.json 的 oauth_token', async () => {
+    mockReadFile.mockImplementation(async (p: string) => {
+      if (p.includes('apps.json')) {
+        return JSON.stringify({
+          'github.com:abc': { oauth_token: 'gho_from_apps_json', user: 'me' },
+        })
+      }
+      throw new Error('ENOENT')
+    })
+    expect(await resolveCopilotOAuthToken('')).toBe('gho_from_apps_json')
+  })
+
+  it('apps.json 中的 ghp_ token 也应跳过', async () => {
+    mockReadFile.mockImplementation(async (p: string) => {
+      if (p.includes('apps.json')) {
+        return JSON.stringify({ 'github.com:a': { oauth_token: 'ghp_pat_in_apps' } })
+      }
+      throw new Error('ENOENT')
+    })
+    expect(await resolveCopilotOAuthToken('')).toBe('')
+  })
+
+  it('最后回退到 `gh auth token`', async () => {
+    mockExecFile.mockImplementation((_cmd: any, _args: any, _opts: any, cb: any) => {
+      cb(null, { stdout: 'gho_from_gh_cli\n', stderr: '' })
+    })
+    expect(await resolveCopilotOAuthToken('')).toBe('gho_from_gh_cli')
+  })
+
+  it('所有来源都失败时返回空字符串', async () => {
+    expect(await resolveCopilotOAuthToken('')).toBe('')
+  })
+})
+
+describe('getCopilotModels', () => {
+  function mockFetchSequence(responses: Array<Partial<Response> | Error>) {
+    let i = 0
+    global.fetch = vi.fn(async () => {
+      const r = responses[i++]
+      if (r instanceof Error) throw r
+      return r as Response
+    }) as any
+  }
+
+  it('fallback 列表包含当前 Copilot 官方模型', () => {
+    const ids = COPILOT_FALLBACK_MODELS.map(m => m.id)
+    expect(ids).toEqual(expect.arrayContaining([
+      'gpt-5.5',
+      'gpt-5.4',
+      'gpt-5.4-nano',
+      'claude-opus-4.8',
+      'gemini-3.5-flash',
+      'raptor-mini',
+    ]))
+    expect(ids).not.toContain('grok-code-fast-1')
+  })
+
+  it('成功路径：返回 chat type 且 supports /chat/completions 的模型 id', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    mockFetchSequence([
+      { ok: true, json: async () => ({ token: 'tok_copilot' }) } as any,
+      {
+        ok: true,
+        json: async () => ({
+          data: [
+            { id: 'gpt-5.4', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+            { id: 'claude-opus-4.7', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions', '/v1/messages'] },
+            { id: 'embedding-1', capabilities: { type: 'embeddings' }, supported_endpoints: ['/embeddings'] },
+            { id: 'completion-only', capabilities: { type: 'chat' }, supported_endpoints: ['/completions'] },
+            { id: 'no-endpoints', capabilities: { type: 'chat' } },
+          ],
+        }),
+      } as any,
+    ])
+    const ids = await getCopilotModels('')
+    expect(ids).toContain('gpt-5.4')
+    expect(ids).toContain('claude-opus-4.7')
+    expect(ids).toContain('no-endpoints') // endpoints 缺省时允许
+    expect(ids).not.toContain('embedding-1')
+    expect(ids).not.toContain('completion-only')
+  })
+
+  it('不再强制 model_picker_enabled —— picker_enabled=false 的模型也返回', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    mockFetchSequence([
+      { ok: true, json: async () => ({ token: 'tok' }) } as any,
+      {
+        ok: true,
+        json: async () => ({
+          data: [
+            { id: 'a', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'], model_picker_enabled: false },
+            { id: 'b', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'], model_picker_enabled: true },
+          ],
+        }),
+      } as any,
+    ])
+    const ids = await getCopilotModels('')
+    expect(ids).toEqual(expect.arrayContaining(['a', 'b']))
+  })
+
+  it('无 token 时返回 fallback 列表', async () => {
+    const ids = await getCopilotModels('')
+    expect(ids).toEqual(COPILOT_FALLBACK_MODELS.map(m => m.id))
+  })
+
+  it('token exchange 失败返回 fallback', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    mockFetchSequence([{ ok: false, status: 401 } as any])
+    const ids = await getCopilotModels('')
+    expect(ids).toEqual(COPILOT_FALLBACK_MODELS.map(m => m.id))
+  })
+
+  it('models endpoint 失败返回 fallback', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    mockFetchSequence([
+      { ok: true, json: async () => ({ token: 'tok' }) } as any,
+      { ok: false, status: 503 } as any,
+    ])
+    const ids = await getCopilotModels('')
+    expect(ids).toEqual(COPILOT_FALLBACK_MODELS.map(m => m.id))
+  })
+
+  it('网络错误（如超时）返回 fallback', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    mockFetchSequence([new Error('AbortError: timeout')])
+    const ids = await getCopilotModels('')
+    expect(ids).toEqual(COPILOT_FALLBACK_MODELS.map(m => m.id))
+  })
+
+  it('正缓存命中：第二次调用不再发请求', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    const fetchMock = vi.fn()
+      .mockResolvedValueOnce({ ok: true, json: async () => ({ token: 'tok' }) })
+      .mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ data: [{ id: 'm1', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] }] }),
+      })
+    global.fetch = fetchMock as any
+    const a = await getCopilotModels('')
+    const b = await getCopilotModels('')
+    expect(a).toEqual(['m1'])
+    expect(b).toEqual(['m1'])
+    expect(fetchMock).toHaveBeenCalledTimes(2)
+  })
+
+  it('负缓存：失败后短期内不再重试', async () => {
+    const fetchMock = vi.fn()
+    global.fetch = fetchMock as any
+    const a = await getCopilotModels('')
+    const b = await getCopilotModels('')
+    expect(a).toEqual(COPILOT_FALLBACK_MODELS.map(m => m.id))
+    expect(b).toEqual(COPILOT_FALLBACK_MODELS.map(m => m.id))
+    // 无 token 时根本不会调 fetch
+    expect(fetchMock).not.toHaveBeenCalled()
+  })
+
+  it('并发请求合并：同时调用 N 次只发一组请求', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    const fetchMock = vi.fn()
+      .mockResolvedValueOnce({ ok: true, json: async () => ({ token: 'tok' }) })
+      .mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ data: [{ id: 'x', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] }] }),
+      })
+    global.fetch = fetchMock as any
+    const [a, b, c] = await Promise.all([
+      getCopilotModels(''),
+      getCopilotModels(''),
+      getCopilotModels(''),
+    ])
+    expect(a).toEqual(['x'])
+    expect(b).toEqual(['x'])
+    expect(c).toEqual(['x'])
+    expect(fetchMock).toHaveBeenCalledTimes(2)
+  })
+})
+
+describe('getCopilotModels noise filter & detailed meta', () => {
+  function mockFetchSequence(responses: Array<Partial<Response> | Error>) {
+    let i = 0
+    global.fetch = vi.fn(async () => {
+      const r = responses[i++]
+      if (r instanceof Error) throw r
+      return r as Response
+    }) as any
+  }
+
+  it('过滤掉噪音 ID（accounts/、text-embedding、rerank 前缀）', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    mockFetchSequence([
+      { ok: true, json: async () => ({ token: 'tok' }) } as any,
+      {
+        ok: true,
+        json: async () => ({
+          data: [
+            { id: 'gpt-5.4', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+            { id: 'accounts/msft/routers/abc', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+            { id: 'text-embedding-3-small', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+            { id: 'rerank-v1', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+          ],
+        }),
+      } as any,
+    ])
+    const ids = await getCopilotModels('')
+    expect(ids).toEqual(['gpt-5.4'])
+  })
+
+  it('detailed 返回 preview 字段', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    mockFetchSequence([
+      { ok: true, json: async () => ({ token: 'tok' }) } as any,
+      {
+        ok: true,
+        json: async () => ({
+          data: [
+            { id: 'gemini-3-pro-preview', preview: true, capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+            { id: 'gpt-4o', preview: false, capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+          ],
+        }),
+      } as any,
+    ])
+    const detailed = await getCopilotModelsDetailed('')
+    expect(detailed).toEqual([
+      { id: 'gemini-3-pro-preview', preview: true, disabled: false },
+      { id: 'gpt-4o', preview: false, disabled: false },
+    ])
+  })
+
+  it('detailed 返回 disabled 字段（policy.state === "disabled"）', async () => {
+    process.env.GH_TOKEN = 'gho_token'
+    mockFetchSequence([
+      { ok: true, json: async () => ({ token: 'tok' }) } as any,
+      {
+        ok: true,
+        json: async () => ({
+          data: [
+            { id: 'gpt-3.5-turbo', policy: { state: 'disabled' }, capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+            { id: 'gpt-4o', policy: { state: 'enabled' }, capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+            { id: 'claude-sonnet-4', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] },
+          ],
+        }),
+      } as any,
+    ])
+    const detailed = await getCopilotModelsDetailed('')
+    const map = new Map(detailed.map((m) => [m.id, m]))
+    expect(map.get('gpt-3.5-turbo')?.disabled).toBe(true)
+    expect(map.get('gpt-4o')?.disabled).toBe(false)
+    expect(map.get('claude-sonnet-4')?.disabled).toBe(false)
+  })
+
+  it('缓存按 oauth token 隔离：切换账号会重新拉取', async () => {
+    const fetchMock = vi.fn()
+      // 账号 A：token exchange + models
+      .mockResolvedValueOnce({ ok: true, json: async () => ({ token: 'tokA' }) })
+      .mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ data: [{ id: 'model-a', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] }] }),
+      })
+      // 账号 B：另一组 token exchange + models
+      .mockResolvedValueOnce({ ok: true, json: async () => ({ token: 'tokB' }) })
+      .mockResolvedValueOnce({
+        ok: true,
+        json: async () => ({ data: [{ id: 'model-b', capabilities: { type: 'chat' }, supported_endpoints: ['/chat/completions'] }] }),
+      })
+    global.fetch = fetchMock as any
+
+    process.env.GH_TOKEN = 'gho_account_A'
+    const a = await getCopilotModels('')
+    expect(a).toEqual(['model-a'])
+
+    // 切换到账号 B，不 reset cache
+    process.env.GH_TOKEN = 'gho_account_B'
+    const b = await getCopilotModels('')
+    expect(b).toEqual(['model-b'])
+
+    // 再切回 A：应该命中 A 的缓存（不再发请求）
+    process.env.GH_TOKEN = 'gho_account_A'
+    const a2 = await getCopilotModels('')
+    expect(a2).toEqual(['model-a'])
+
+    // 总共 4 次请求（A.exchange、A.models、B.exchange、B.models），切回 A 时命中缓存
+    expect(fetchMock).toHaveBeenCalledTimes(4)
+  })
+})
diff --git a/tests/server/cron-history-controller.test.ts b/tests/server/cron-history-controller.test.ts
new file mode 100644
index 0000000..584e351
--- /dev/null
+++ b/tests/server/cron-history-controller.test.ts
@@ -0,0 +1,223 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+
+const profileDirState = vi.hoisted(() => ({
+  value: '',
+  dirs: {} as Record<string, string>,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileName: () => 'default',
+  getProfileDir: (profile: string) => profileDirState.dirs[profile] || profileDirState.value,
+}))
+
+function createCtx(overrides: Record<string, any> = {}) {
+  return {
+    query: {},
+    params: {},
+    status: 200,
+    body: null,
+    ...overrides,
+  } as any
+}
+
+function writeJobs(jobs: unknown[], profileDir = profileDirState.value) {
+  const cronDir = join(profileDir, 'cron')
+  mkdirSync(cronDir, { recursive: true })
+  writeFileSync(join(cronDir, 'jobs.json'), JSON.stringify({ jobs }))
+}
+
+describe('Hermes cron history controller', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    profileDirState.value = mkdtempSync(join(tmpdir(), 'hwui-cron-history-'))
+    profileDirState.dirs = { default: profileDirState.value }
+  })
+
+  afterEach(() => {
+    if (profileDirState.value) rmSync(profileDirState.value, { recursive: true, force: true })
+    for (const dir of Object.values(profileDirState.dirs)) {
+      if (dir !== profileDirState.value) rmSync(dir, { recursive: true, force: true })
+    }
+  })
+
+  it('reads run history from the request profile directory', async () => {
+    const researchDir = mkdtempSync(join(tmpdir(), 'hwui-cron-history-research-'))
+    profileDirState.dirs.research = researchDir
+    writeJobs([
+      {
+        id: 'default-job',
+        name: 'Default job',
+        last_run_at: '2026-05-05T01:00:00+00:00',
+      },
+    ])
+    writeJobs([
+      {
+        id: 'research-job',
+        name: 'Research job',
+        last_run_at: '2026-05-05T02:00:00+00:00',
+      },
+    ], researchDir)
+
+    const { listRuns } = await import('../../packages/server/src/controllers/hermes/cron-history')
+
+    const ctx = createCtx({ state: { profile: { name: 'research' } } })
+    await listRuns(ctx)
+
+    expect(ctx.body.runs).toEqual([
+      expect.objectContaining({
+        jobId: 'research-job',
+        runTime: '2026-05-05 02:00:00',
+      }),
+    ])
+  })
+
+  it('surfaces scheduler metadata when a job ran without an output artifact', async () => {
+    writeJobs([
+      {
+        id: 'silent-job',
+        name: 'Silent watchdog',
+        last_run_at: '2026-05-05T13:01:32.580693+00:00',
+        last_status: 'ok',
+        run_count: 47,
+        script: 'monitor_github_issues.py',
+        no_agent: true,
+      },
+    ])
+
+    const { listRuns, readRun } = await import('../../packages/server/src/controllers/hermes/cron-history')
+
+    const listCtx = createCtx({ query: { jobId: 'silent-job' } })
+    await listRuns(listCtx)
+
+    expect(listCtx.body).toEqual({
+      runs: [
+        expect.objectContaining({
+          jobId: 'silent-job',
+          fileName: '__scheduler_metadata__.md',
+          runTime: '2026-05-05 13:01:32',
+          size: 0,
+          hasOutput: false,
+          synthetic: true,
+          runCount: 47,
+          status: 'ok',
+        }),
+      ],
+    })
+
+    const readCtx = createCtx({ params: { jobId: 'silent-job', fileName: '__scheduler_metadata__.md' } })
+    await readRun(readCtx)
+
+    expect(readCtx.body).toMatchObject({
+      jobId: 'silent-job',
+      fileName: '__scheduler_metadata__.md',
+      runTime: '2026-05-05 13:01:32',
+    })
+    expect(readCtx.body.content).toContain('Hermes recorded this cron job as having run')
+    expect(readCtx.body.content).toContain('Recorded runs:')
+    expect(readCtx.body.content).toContain('47')
+    expect(readCtx.body.content).toContain('script-only/no-agent')
+  })
+
+  it('keeps real output files as history entries and parses ISO-style Hermes filenames', async () => {
+    writeJobs([
+      {
+        id: 'output-job',
+        name: 'Output job',
+        last_run_at: '2026-05-05T05:00:00.429347+00:00',
+        run_count: 1,
+      },
+    ])
+    const outputDir = join(profileDirState.value, 'cron', 'output', 'output-job')
+    mkdirSync(outputDir, { recursive: true })
+    writeFileSync(join(outputDir, '2026-05-05T05-00-00.429347+00-00.md'), '# ok\n')
+
+    const { listRuns } = await import('../../packages/server/src/controllers/hermes/cron-history')
+
+    const ctx = createCtx({ query: { jobId: 'output-job' } })
+    await listRuns(ctx)
+
+    expect(ctx.body).toEqual({
+      runs: [
+        expect.objectContaining({
+          jobId: 'output-job',
+          fileName: '2026-05-05T05-00-00.429347+00-00.md',
+          runTime: '2026-05-05 05:00:00',
+          hasOutput: true,
+        }),
+      ],
+    })
+  })
+
+  it('adds scheduler metadata when the latest recorded run is newer than the newest output file', async () => {
+    writeJobs([
+      {
+        id: 'mixed-job',
+        name: 'Mixed job',
+        last_run_at: '2026-05-05T06:00:00+00:00',
+        run_count: 2,
+      },
+    ])
+    const outputDir = join(profileDirState.value, 'cron', 'output', 'mixed-job')
+    mkdirSync(outputDir, { recursive: true })
+    writeFileSync(join(outputDir, '2026-05-05T05-00-00.000000+00-00.md'), '# older output\n')
+
+    const { listRuns } = await import('../../packages/server/src/controllers/hermes/cron-history')
+
+    const ctx = createCtx({ query: { jobId: 'mixed-job' } })
+    await listRuns(ctx)
+
+    expect(ctx.body.runs).toHaveLength(2)
+    expect(ctx.body.runs[0]).toMatchObject({
+      jobId: 'mixed-job',
+      fileName: '__scheduler_metadata__.md',
+      runTime: '2026-05-05 06:00:00',
+      hasOutput: false,
+    })
+    expect(ctx.body.runs[1]).toMatchObject({
+      fileName: '2026-05-05T05-00-00.000000+00-00.md',
+      hasOutput: true,
+    })
+  })
+
+  it('skips malformed scheduler metadata instead of failing the request', async () => {
+    writeJobs([
+      null,
+      {
+        id: 'bad-job',
+        name: 'Bad job',
+        last_run_at: 123,
+        last_status: { nested: true },
+      },
+    ])
+
+    const { listRuns } = await import('../../packages/server/src/controllers/hermes/cron-history')
+
+    const ctx = createCtx({ query: { jobId: 'bad-job' } })
+    await listRuns(ctx)
+
+    expect(ctx.body).toEqual({ runs: [] })
+  })
+
+  it('renders metadata with many backticks without throwing', async () => {
+    const name = Array.from({ length: 2000 }, () => '`x').join('')
+    writeJobs([
+      {
+        id: 'ticks-job',
+        name,
+        last_run_at: '2026-05-05T07:00:00+00:00',
+      },
+    ])
+
+    const { readRun } = await import('../../packages/server/src/controllers/hermes/cron-history')
+
+    const ctx = createCtx({ params: { jobId: 'ticks-job', fileName: '__scheduler_metadata__.md' } })
+    await readRun(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(ctx.body.content).toContain('Scheduler run recorded')
+    expect(ctx.body.content).toContain('`x')
+  })
+})
diff --git a/tests/server/db-index.test.ts b/tests/server/db-index.test.ts
new file mode 100644
index 0000000..a0a032f
--- /dev/null
+++ b/tests/server/db-index.test.ts
@@ -0,0 +1,116 @@
+import { describe, it, expect, vi } from 'vitest'
+
+// Force JSON fallback by mocking isSqliteAvailable
+vi.mock('../../packages/server/src/db/index', async (importOriginal) => {
+  const actual = await importOriginal() as any
+  return {
+    ...actual,
+    isSqliteAvailable: () => false,
+    getDb: () => null,
+  }
+})
+
+import {
+  jsonGet,
+  jsonSet,
+  jsonGetAll,
+  jsonDelete,
+} from '../../packages/server/src/db/index'
+
+describe('JSON fallback store', () => {
+  it('jsonSet and jsonGet round-trip', () => {
+    expect(typeof jsonSet).toBe('function')
+    expect(typeof jsonGet).toBe('function')
+    expect(typeof jsonGetAll).toBe('function')
+    expect(typeof jsonDelete).toBe('function')
+  })
+})
+
+// Test ensureTable with a real in-memory SQLite (Node 22+)
+describe('SQLite ensureTable', () => {
+  it('creates table with correct columns and handles migration', () => {
+    // This test requires Node 22.5+ for node:sqlite
+    const nodeVersion = process.versions.node.split('.').map(Number)
+    const isAvailable = nodeVersion[0] > 22 || (nodeVersion[0] === 22 && nodeVersion[1] >= 5)
+
+    if (!isAvailable) {
+      console.log('Skipping SQLite test — Node < 22.5')
+      return
+    }
+
+    const { DatabaseSync } = require('node:sqlite')
+    const db = new DatabaseSync(':memory:')
+
+    // Simulate ensureTable logic
+    function ensureTable(tableName: string, schema: Record<string, string>): void {
+      const colDefs = Object.entries(schema)
+        .map(([col, def]) => `"${col}" ${def}`)
+        .join(', ')
+      db.exec(`CREATE TABLE IF NOT EXISTS "${tableName}" (${colDefs})`)
+
+      const rows = db.prepare(`PRAGMA table_info("${tableName}")`).all() as Array<{ name: string }>
+      const existingCols = new Set(rows.map(r => r.name))
+      const expectedCols = new Set(Object.keys(schema))
+
+      for (const col of expectedCols) {
+        if (!existingCols.has(col)) {
+          db.exec(`ALTER TABLE "${tableName}" ADD COLUMN "${col}" ${schema[col]}`)
+        }
+      }
+      for (const col of existingCols) {
+        if (!expectedCols.has(col)) {
+          db.exec(`ALTER TABLE "${tableName}" DROP COLUMN "${col}"`)
+        }
+      }
+    }
+
+    // Initial schema
+    const schema: Record<string, string> = {
+      session_id: 'TEXT PRIMARY KEY',
+      input_tokens: 'INTEGER NOT NULL DEFAULT 0',
+      output_tokens: 'INTEGER NOT NULL DEFAULT 0',
+      updated_at: 'INTEGER NOT NULL',
+    }
+    ensureTable('session_usage', schema)
+
+    // Verify columns
+    const cols = db.prepare(`PRAGMA table_info("session_usage")`).all() as Array<{ name: string }>
+    const colNames = cols.map(c => c.name)
+    expect(colNames).toContain('session_id')
+    expect(colNames).toContain('input_tokens')
+    expect(colNames).toContain('output_tokens')
+    expect(colNames).toContain('updated_at')
+
+    // Add a column
+    schema['cost_usd'] = 'REAL DEFAULT 0'
+    ensureTable('session_usage', schema)
+    const cols2 = db.prepare(`PRAGMA table_info("session_usage")`).all() as Array<{ name: string }>
+    const colNames2 = cols2.map(c => c.name)
+    expect(colNames2).toContain('cost_usd')
+
+    // Remove a column
+    delete schema['cost_usd']
+    ensureTable('session_usage', schema)
+    const cols3 = db.prepare(`PRAGMA table_info("session_usage")`).all() as Array<{ name: string }>
+    const colNames3 = cols3.map(c => c.name)
+    expect(colNames3).not.toContain('cost_usd')
+
+    // Verify INSERT works
+    db.prepare(
+      `INSERT INTO session_usage (session_id, input_tokens, output_tokens, updated_at)
+       VALUES (?, ?, ?, ?)`,
+    ).run('test-session', 100, 50, Date.now())
+
+    const row = db.prepare('SELECT * FROM session_usage WHERE session_id = ?').get('test-session') as any
+    expect(row.session_id).toBe('test-session')
+    expect(row.input_tokens).toBe(100)
+    expect(row.output_tokens).toBe(50)
+
+    // Verify DELETE works
+    db.prepare('DELETE FROM session_usage WHERE session_id = ?').run('test-session')
+    const deleted = db.prepare('SELECT * FROM session_usage WHERE session_id = ?').get('test-session')
+    expect(deleted).toBeUndefined()
+
+    db.close()
+  })
+})
diff --git a/tests/server/file-provider-paths.test.ts b/tests/server/file-provider-paths.test.ts
new file mode 100644
index 0000000..ef8d418
--- /dev/null
+++ b/tests/server/file-provider-paths.test.ts
@@ -0,0 +1,38 @@
+import { describe, expect, it } from 'vitest'
+import { normalizePlatformPath } from '../../packages/server/src/services/hermes/file-provider'
+import { isPathWithin, relativePathFromBase } from '../../packages/server/src/services/hermes/hermes-path'
+
+describe('file provider platform path normalization', () => {
+  it('converts MSYS drive paths to Windows absolute paths on Windows', () => {
+    expect(normalizePlatformPath('/c/Users/Administrator/Desktop/screenshot.png', 'win32'))
+      .toBe('C:\\Users\\Administrator\\Desktop\\screenshot.png')
+    expect(normalizePlatformPath('/d/tmp/report.txt', 'win32'))
+      .toBe('D:\\tmp\\report.txt')
+  })
+
+  it('leaves MSYS-style paths unchanged on non-Windows platforms', () => {
+    expect(normalizePlatformPath('/c/Users/Administrator/Desktop/screenshot.png', 'darwin'))
+      .toBe('/c/Users/Administrator/Desktop/screenshot.png')
+    expect(normalizePlatformPath('/c/Users/Administrator/Desktop/screenshot.png', 'linux'))
+      .toBe('/c/Users/Administrator/Desktop/screenshot.png')
+  })
+
+  it('leaves normal Windows paths unchanged', () => {
+    expect(normalizePlatformPath('C:\\Users\\Administrator\\Desktop\\screenshot.png', 'win32'))
+      .toBe('C:\\Users\\Administrator\\Desktop\\screenshot.png')
+  })
+})
+
+describe('Hermes path containment helpers', () => {
+  it('does not treat sibling paths with the same prefix as inside the base', () => {
+    expect(isPathWithin('/tmp/hermes-profile2/state.db', '/tmp/hermes-profile')).toBe(false)
+    expect(isPathWithin('/tmp/hermes-profile/state.db', '/tmp/hermes-profile')).toBe(true)
+  })
+
+  it('returns normalized relative paths only for children', () => {
+    expect(relativePathFromBase('/tmp/hermes-profile/logs/run.txt', '/tmp/hermes-profile'))
+      .toBe('logs/run.txt')
+    expect(relativePathFromBase('/tmp/hermes-profile2/logs/run.txt', '/tmp/hermes-profile'))
+      .toBeNull()
+  })
+})
diff --git a/tests/server/files-routes.test.ts b/tests/server/files-routes.test.ts
new file mode 100644
index 0000000..da65c47
--- /dev/null
+++ b/tests/server/files-routes.test.ts
@@ -0,0 +1,85 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const provider = {
+  listDir: vi.fn(),
+  stat: vi.fn(),
+}
+const createFileProviderMock = vi.fn(async () => provider)
+const resolveHermesPathMock = vi.fn((relativePath: string) => {
+  const normalized = relativePath.replace(/^\/+/, '')
+  return normalized ? `/home/agent/.hermes/${normalized}` : '/home/agent/.hermes'
+})
+
+vi.mock('../../packages/server/src/services/hermes/file-provider', () => ({
+  createFileProvider: createFileProviderMock,
+  resolveHermesPath: resolveHermesPathMock,
+  isSensitivePath: vi.fn(() => false),
+  MAX_EDIT_SIZE: 10 * 1024 * 1024,
+}))
+
+describe('file routes path metadata', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    createFileProviderMock.mockClear()
+    resolveHermesPathMock.mockClear()
+    provider.listDir.mockReset()
+    provider.stat.mockReset()
+  })
+
+  it('returns absolute paths for listed entries while preserving relative operation paths', async () => {
+    provider.listDir.mockResolvedValue([
+      { name: 'app.log', path: 'logs/app.log', isDir: false, size: 12, modTime: '2026-05-20T00:00:00.000Z' },
+    ])
+
+    const { fileRoutes } = await import('../../packages/server/src/routes/hermes/files')
+    const layer = fileRoutes.stack.find((entry: any) => entry.path === '/api/hermes/files/list')
+    const ctx: any = { query: { path: 'logs' }, state: { profile: { name: 'research' } }, body: null }
+
+    await layer.stack[0](ctx)
+
+    expect(createFileProviderMock).toHaveBeenCalledWith('research')
+    expect(resolveHermesPathMock).toHaveBeenCalledWith('logs', 'research')
+    expect(provider.listDir).toHaveBeenCalledWith('/home/agent/.hermes/logs')
+    expect(ctx.body).toEqual({
+      path: 'logs',
+      absolutePath: '/home/agent/.hermes/logs',
+      entries: [
+        {
+          name: 'app.log',
+          path: 'logs/app.log',
+          absolutePath: '/home/agent/.hermes/logs/app.log',
+          isDir: false,
+          size: 12,
+          modTime: '2026-05-20T00:00:00.000Z',
+        },
+      ],
+    })
+  })
+
+  it('returns an absolute path in stat responses', async () => {
+    provider.stat.mockResolvedValue({
+      name: 'app.log',
+      path: 'logs/app.log',
+      isDir: false,
+      size: 12,
+      modTime: '2026-05-20T00:00:00.000Z',
+    })
+
+    const { fileRoutes } = await import('../../packages/server/src/routes/hermes/files')
+    const layer = fileRoutes.stack.find((entry: any) => entry.path === '/api/hermes/files/stat')
+    const ctx: any = { query: { path: 'logs/app.log' }, state: { profile: { name: 'research' } }, body: null }
+
+    await layer.stack[0](ctx)
+
+    expect(createFileProviderMock).toHaveBeenCalledWith('research')
+    expect(resolveHermesPathMock).toHaveBeenCalledWith('logs/app.log', 'research')
+    expect(ctx.body).toEqual({
+      name: 'app.log',
+      path: 'logs/app.log',
+      absolutePath: '/home/agent/.hermes/logs/app.log',
+      isDir: false,
+      size: 12,
+      modTime: '2026-05-20T00:00:00.000Z',
+    })
+  })
+})
diff --git a/tests/server/gateway-autostart.test.ts b/tests/server/gateway-autostart.test.ts
new file mode 100644
index 0000000..fce8860
--- /dev/null
+++ b/tests/server/gateway-autostart.test.ts
@@ -0,0 +1,86 @@
+import { describe, expect, it } from 'vitest'
+import { mkdtempSync, rmSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+import {
+  gatewayStatusLooksRuntimeLocked,
+  gatewayStatusLooksRunning,
+  gatewayStateLooksRunningForProfile,
+  parseGatewayStatusesFromProfileListOutput,
+  shouldUseManagedGatewayRun,
+  shouldUseManagedGatewayRunForAutostart,
+} from '../../packages/server/src/services/hermes/gateway-autostart'
+
+describe('gateway autostart status parsing', () => {
+  it('treats runtime lock conflicts as an already-running gateway', () => {
+    expect(gatewayStatusLooksRuntimeLocked(
+      'Gateway runtime lock is already held by another instance. Exiting.',
+    )).toBe(true)
+  })
+
+  it('does not treat not-running status as running', () => {
+    expect(gatewayStatusLooksRunning('Gateway is not running')).toBe(false)
+  })
+
+  it('parses gateway status from hermes profile list output', () => {
+    const output = `
+ Profile          Model                        Gateway      Alias        Distribution
+ ───────────────    ───────────────────────────    ───────────    ───────────    ────────────────────
+ ◆default         glm-5-turbo                  running      —            —
+  akri            glm-5-turbo                  running      akri         —
+  tester          gpt-5.5                      stopped      tester       —
+`
+    const statuses = parseGatewayStatusesFromProfileListOutput(output, ['default', 'akri', 'tester'])
+    expect(statuses.get('default')).toBe('running')
+    expect(statuses.get('akri')).toBe('running')
+    expect(statuses.get('tester')).toBe('stopped')
+  })
+
+  it('parses gateway status when profile or model fills the table column', () => {
+    const output = `
+ Profile          Model                        Gateway      Alias        Distribution
+ ───────────────    ───────────────────────────    ───────────    ───────────    ────────────────────
+  daily_assistant deepseek-v4-flash            running      —            —
+  long_model      provider/model-name-that-fills-column stopped      —            —
+`
+    const statuses = parseGatewayStatusesFromProfileListOutput(output, ['daily_assistant', 'long_model'])
+    expect(statuses.get('daily_assistant')).toBe('running')
+    expect(statuses.get('long_model')).toBe('stopped')
+  })
+
+  it('uses profile-list gateway status text for running checks', () => {
+    expect(gatewayStatusLooksRunning('running')).toBe(true)
+    expect(gatewayStatusLooksRunning('stopped')).toBe(false)
+    expect(gatewayStatusLooksRunning('not running')).toBe(false)
+  })
+
+  it('allows managed gateway mode to be forced by environment', () => {
+    const previous = process.env.HERMES_WEB_UI_MANAGED_GATEWAY
+    process.env.HERMES_WEB_UI_MANAGED_GATEWAY = '1'
+    try {
+      expect(shouldUseManagedGatewayRun()).toBe(true)
+      expect(shouldUseManagedGatewayRunForAutostart()).toBe(true)
+    } finally {
+      if (previous === undefined) delete process.env.HERMES_WEB_UI_MANAGED_GATEWAY
+      else process.env.HERMES_WEB_UI_MANAGED_GATEWAY = previous
+    }
+  })
+
+  it('uses managed gateway autostart on Windows', () => {
+    expect(shouldUseManagedGatewayRunForAutostart('win32')).toBe(true)
+  })
+
+  it('detects managed gateway state files with a live pid', () => {
+    const dir = mkdtempSync(join(tmpdir(), 'hermes-gateway-state-'))
+    try {
+      writeFileSync(
+        join(dir, 'gateway_state.json'),
+        JSON.stringify({ pid: process.pid, gateway_state: 'running' }),
+        'utf-8',
+      )
+      expect(gatewayStateLooksRunningForProfile(dir)).toBe(true)
+    } finally {
+      rmSync(dir, { recursive: true, force: true })
+    }
+  })
+})
diff --git a/tests/server/gateway-manager-diagnostics.test.ts b/tests/server/gateway-manager-diagnostics.test.ts
new file mode 100644
index 0000000..1d895e6
--- /dev/null
+++ b/tests/server/gateway-manager-diagnostics.test.ts
@@ -0,0 +1,57 @@
+import { afterEach, describe, expect, it, vi } from 'vitest'
+
+const readFileSyncMock = vi.fn()
+const existsSyncMock = vi.fn()
+
+vi.mock('fs', async importOriginal => {
+  const actual = await importOriginal<typeof import('fs')>()
+  return {
+    ...actual,
+    existsSync: existsSyncMock,
+    readFileSync: readFileSyncMock,
+  }
+})
+
+vi.mock('../../packages/server/src/services/hermes/hermes-path', () => ({
+  detectHermesHome: () => 'C:/Users/test/.hermes',
+  getHermesBin: () => 'hermes'
+}))
+
+describe('GatewayManager diagnostics', () => {
+  afterEach(() => {
+    vi.resetModules()
+    vi.clearAllMocks()
+  })
+
+  it('includes read-only diagnostics when a profile is stopped', async () => {
+    const yamlText = [
+      'platforms:',
+      '  api_server:',
+      '    extra:',
+      '      host: 127.0.0.1',
+      '      port: 8643',
+    ].join('\n')
+
+    existsSyncMock.mockImplementation((input: unknown) => {
+      const text = String(input)
+      return text.endsWith('config.yaml')
+    })
+    readFileSyncMock.mockImplementation((input: unknown) => {
+      const text = String(input)
+      if (text.endsWith('config.yaml')) {
+        return yamlText
+      }
+      return ''
+    })
+
+    const { GatewayManager } = await import('../../packages/server/src/services/hermes/gateway-manager')
+    const manager = new GatewayManager('default')
+    const status = await manager.detectStatus('default')
+
+    expect(status.running).toBe(false)
+    expect(status.diagnostics?.config_exists).toBe(true)
+    expect(status.diagnostics?.pid_file_exists).toBe(false)
+    expect(status.diagnostics?.reason).toBe('missing pid file')
+    expect(status.diagnostics?.health_url).toContain('/health')
+  })
+})
diff --git a/tests/server/gateway-manager.test.ts b/tests/server/gateway-manager.test.ts
new file mode 100644
index 0000000..e08b580
--- /dev/null
+++ b/tests/server/gateway-manager.test.ts
@@ -0,0 +1,189 @@
+import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from 'fs'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, describe, expect, it, vi } from 'vitest'
+
+const originalHermesHome = process.env.HERMES_HOME
+const originalEnv = { ...process.env }
+const tempHomes: string[] = []
+
+function createHermesHome(): string {
+  const home = mkdtempSync(join(tmpdir(), 'hermes-web-ui-gateway-'))
+  tempHomes.push(home)
+  return home
+}
+
+async function createManager(home: string): Promise<any> {
+  process.env.HERMES_HOME = home
+  vi.resetModules()
+  const { GatewayManager } = await import('../../packages/server/src/services/hermes/gateway-manager')
+  return new GatewayManager('default') as any
+}
+
+afterEach(() => {
+  vi.restoreAllMocks()
+  vi.resetModules()
+  process.env = { ...originalEnv }
+  if (originalHermesHome === undefined) {
+    delete process.env.HERMES_HOME
+  } else {
+    process.env.HERMES_HOME = originalHermesHome
+  }
+
+  for (const home of tempHomes.splice(0)) {
+    rmSync(home, { recursive: true, force: true })
+  }
+})
+
+describe('GatewayManager Windows process recovery', () => {
+  it('treats EPERM from process.kill(pid, 0) as an alive process', async () => {
+    const manager = await createManager(createHermesHome())
+    ;(vi.spyOn(process, 'kill') as any).mockImplementation(() => {
+      const error = new Error('permission denied') as NodeJS.ErrnoException
+      error.code = 'EPERM'
+      throw error
+    })
+
+    expect(manager.isProcessAlive(12345)).toBe(true)
+  })
+
+  it('returns false for missing processes', async () => {
+    const manager = await createManager(createHermesHome())
+    ;(vi.spyOn(process, 'kill') as any).mockImplementation(() => {
+      const error = new Error('missing process') as NodeJS.ErrnoException
+      error.code = 'ESRCH'
+      throw error
+    })
+
+    expect(manager.isProcessAlive(12345)).toBe(false)
+  })
+
+  it('prefers gateway.pid when PID metadata exists', async () => {
+    const home = createHermesHome()
+    writeFileSync(join(home, 'gateway.pid'), JSON.stringify({ pid: 11111 }))
+    writeFileSync(join(home, 'gateway_state.json'), JSON.stringify({ pid: 22222, gateway_state: 'running' }))
+
+    const manager = await createManager(home)
+
+    expect(manager.readPidFile('default')).toBe(11111)
+  })
+
+  it('falls back to gateway_state.json when gateway.pid is missing', async () => {
+    const home = createHermesHome()
+    writeFileSync(join(home, 'gateway_state.json'), JSON.stringify({ pid: '22222', gateway_state: 'running' }))
+
+    const manager = await createManager(home)
+
+    expect(manager.readPidFile('default')).toBe(22222)
+  })
+
+  it('does not use gateway_state.json for stopped gateways', async () => {
+    const home = createHermesHome()
+    writeFileSync(join(home, 'gateway_state.json'), JSON.stringify({ pid: 22222, gateway_state: 'stopped' }))
+
+    const manager = await createManager(home)
+
+    expect(manager.readPidFile('default')).toBeNull()
+  })
+
+  it('uses profile-scoped gateway_state.json fallback', async () => {
+    const home = createHermesHome()
+    const profileHome = join(home, 'profiles', 'work')
+    mkdirSync(profileHome, { recursive: true })
+    writeFileSync(join(profileHome, 'gateway_state.json'), JSON.stringify({ pid: 33333, gateway_state: 'starting' }))
+
+    const manager = await createManager(home)
+
+    expect(manager.readPidFile('work')).toBe(33333)
+  })
+})
+
+describe('GatewayManager gateway process env', () => {
+  it('keeps full inherited env for the default profile for compatibility', async () => {
+    const home = createHermesHome()
+    process.env.WEIXIN_TOKEN = 'from-parent'
+    process.env.CUSTOM_GATEWAY_SETTING = 'keep-me'
+    process.env.HERMES_HOME = home
+    vi.resetModules()
+    const { buildGatewayProcessEnv } = await import('../../packages/server/src/services/hermes/gateway-manager')
+
+    const env = buildGatewayProcessEnv('default', home)
+
+    expect(env.WEIXIN_TOKEN).toBe('from-parent')
+    expect(env.CUSTOM_GATEWAY_SETTING).toBe('keep-me')
+    expect(env.HERMES_HOME).toBe(home)
+  })
+
+  it('removes parent env keys defined by any profile env for non-default profile gateways', async () => {
+    const home = createHermesHome()
+    const workHome = join(home, 'profiles', 'work')
+    mkdirSync(workHome, { recursive: true })
+    writeFileSync(join(home, '.env'), [
+      'WEIXIN_TOKEN=default-weixin',
+      'WECOM_SECRET=default-wecom',
+      'FUTURE_PLATFORM_TOKEN=default-future',
+      'export EXPORTED_SECRET=default-export',
+      'PATH=/default/path',
+      'HTTP_PROXY=http://default-proxy.local:8080',
+      'COMMENTED_OUT_SECRET=not-commented',
+      '# COMMENTED_OUT_SECRET=commented',
+    ].join('\n'))
+    writeFileSync(join(workHome, '.env'), [
+      'WORK_ONLY_TOKEN=work-profile',
+      'PARENT_OVERRIDE_ME=work-profile',
+    ].join('\n'))
+
+    process.env.PATH = '/opt/hermes/.venv/bin:/usr/bin'
+    process.env.HOME = '/home/agent'
+    process.env.HTTP_PROXY = 'http://proxy.local:8080'
+    process.env.HERMES_BIN = '/opt/hermes/.venv/bin/hermes'
+    process.env.HERMES_ALLOW_ROOT_GATEWAY = '1'
+    process.env.HERMES_HOME = home
+    process.env.WEIXIN_TOKEN = 'from-parent'
+    process.env.WECOM_SECRET = 'from-parent'
+    process.env.FUTURE_PLATFORM_TOKEN = 'from-parent'
+    process.env.EXPORTED_SECRET = 'from-parent'
+    process.env.WORK_ONLY_TOKEN = 'from-parent'
+    process.env.PARENT_OVERRIDE_ME = 'from-parent'
+    process.env.UNKNOWN_SERVICE_TOKEN = 'keep-me'
+    process.env.COMMENTED_OUT_SECRET = 'from-parent'
+    process.env.CUSTOM_GATEWAY_SETTING = 'from-parent'
+    vi.resetModules()
+    const { buildGatewayProcessEnv } = await import('../../packages/server/src/services/hermes/gateway-manager')
+
+    const env = buildGatewayProcessEnv('work', join(home, 'profiles', 'work'))
+
+    expect(env.HERMES_HOME).toBe(join(home, 'profiles', 'work'))
+    expect(env.PATH).toBe('/opt/hermes/.venv/bin:/usr/bin')
+    expect(env.HOME).toBe('/home/agent')
+    expect(env.HTTP_PROXY).toBe('http://proxy.local:8080')
+    expect(env.HERMES_BIN).toBe('/opt/hermes/.venv/bin/hermes')
+    expect(env.HERMES_ALLOW_ROOT_GATEWAY).toBe('1')
+    expect(env.WEIXIN_TOKEN).toBeUndefined()
+    expect(env.WECOM_SECRET).toBeUndefined()
+    expect(env.FUTURE_PLATFORM_TOKEN).toBeUndefined()
+    expect(env.EXPORTED_SECRET).toBeUndefined()
+    expect(env.WORK_ONLY_TOKEN).toBeUndefined()
+    expect(env.PARENT_OVERRIDE_ME).toBeUndefined()
+    expect(env.COMMENTED_OUT_SECRET).toBeUndefined()
+    expect(env.UNKNOWN_SERVICE_TOKEN).toBe('keep-me')
+    expect(env.CUSTOM_GATEWAY_SETTING).toBe('from-parent')
+  })
+})
+
+describe('GatewayManager gateway port allocation', () => {
+  it('skips the Web UI listen port when assigning gateway ports', async () => {
+    const home = createHermesHome()
+    mkdirSync(join(home, 'profiles', 'work'), { recursive: true })
+    process.env.HERMES_HOME = home
+    process.env.PORT = '8648'
+    vi.resetModules()
+    const { GatewayManager } = await import('../../packages/server/src/services/hermes/gateway-manager')
+    const manager = new GatewayManager('default') as any
+    manager.allocatedPorts = new Set([8642, 8643, 8644, 8645, 8646, 8647])
+
+    const endpoint = await manager.resolvePort('work')
+
+    expect(endpoint.port).toBe(8649)
+  })
+})
diff --git a/tests/server/group-chat-context-cache.test.ts b/tests/server/group-chat-context-cache.test.ts
new file mode 100644
index 0000000..49bc931
--- /dev/null
+++ b/tests/server/group-chat-context-cache.test.ts
@@ -0,0 +1,41 @@
+import { describe, expect, it } from 'vitest'
+import { countTokens } from '../../packages/server/src/lib/context-compressor'
+import {
+  estimateGroupHistoryMessageTokens,
+  groupBridgeReasoningDeltaFromEvent,
+  groupContextTokensWithFixedOverhead,
+} from '../../packages/server/src/services/hermes/group-chat/agent-clients'
+
+describe('group chat fixed context cache helpers', () => {
+  it('adds cached fixed context to group chat message tokens', () => {
+    const history = [
+      { role: 'user', content: '[Alice]: hello' },
+      { role: 'assistant', content: '[Bot]: hi there' },
+    ]
+
+    const messageTokens = estimateGroupHistoryMessageTokens(history)
+
+    expect(messageTokens).toBe(countTokens('[Alice]: hello') + countTokens('[Bot]: hi there'))
+    expect(groupContextTokensWithFixedOverhead(20_000, history)).toBe(20_000 + messageTokens)
+  })
+
+  it('signals fallback when fixed context is unavailable', () => {
+    expect(groupContextTokensWithFixedOverhead(undefined, [{ content: 'hello' }])).toBeUndefined()
+    expect(groupContextTokensWithFixedOverhead(null, [{ content: 'hello' }])).toBeUndefined()
+  })
+
+  it('keeps spinner thinking events out of persisted group-chat reasoning', () => {
+    expect(groupBridgeReasoningDeltaFromEvent({
+      event: 'thinking.delta',
+      text: '(◕‿◕✿) pondering...',
+    })).toBeNull()
+    expect(groupBridgeReasoningDeltaFromEvent({
+      event: 'reasoning.delta',
+      text: 'real reasoning',
+    })).toBe('real reasoning')
+    expect(groupBridgeReasoningDeltaFromEvent({
+      event: 'reasoning.delta',
+      text: '',
+    })).toBeNull()
+  })
+})
diff --git a/tests/server/group-chat-member-sync.test.ts b/tests/server/group-chat-member-sync.test.ts
new file mode 100644
index 0000000..72035d2
--- /dev/null
+++ b/tests/server/group-chat-member-sync.test.ts
@@ -0,0 +1,319 @@
+import { describe, expect, it, vi, beforeEach } from 'vitest'
+
+const { socketHandlers, mockSocket, mockIo } = vi.hoisted(() => {
+  const socketHandlers = new Map<string, (...args: any[]) => void>()
+  const mockSocket: any = {
+    id: 'socket-1',
+    connected: true,
+    io: { on: vi.fn() },
+    on: vi.fn((event: string, handler: (...args: any[]) => void) => {
+      socketHandlers.set(event, handler)
+      if (event === 'connect') queueMicrotask(() => handler())
+      return mockSocket
+    }),
+    emit: vi.fn(),
+    disconnect: vi.fn(),
+  }
+  const mockIo = vi.fn(() => mockSocket)
+  return { socketHandlers, mockSocket, mockIo }
+})
+
+vi.mock('socket.io-client', () => ({
+  io: mockIo,
+}))
+
+vi.mock('../../packages/server/src/services/auth', () => ({
+  getToken: vi.fn(async () => 'test-token'),
+}))
+
+import { AgentClients } from '../../packages/server/src/services/hermes/group-chat/agent-clients'
+import { GroupChatServer } from '../../packages/server/src/services/hermes/group-chat'
+import { groupChatRoutes, setGroupChatServer } from '../../packages/server/src/routes/hermes/group-chat'
+
+function routeHandler(path: string, method: string) {
+  const layer = (groupChatRoutes as any).stack.find((item: any) => item.path === path && item.methods.includes(method))
+  if (!layer) throw new Error(`Route not found: ${method} ${path}`)
+  return layer.stack[0]
+}
+
+describe('Group Chat member/agent identity sync', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    socketHandlers.clear()
+  })
+
+  it('uses the persisted group-chat agent id as the runtime agent id and socket user id', async () => {
+    const clients = new AgentClients()
+
+    const client = await clients.createAgent({
+      agentId: 'agent-stable-1',
+      profile: 'default',
+      name: 'Worker',
+      description: '',
+      invited: 0,
+    } as any)
+
+    expect(client.agentId).toBe('agent-stable-1')
+    expect(mockIo).toHaveBeenCalledWith(
+      'http://127.0.0.1:8648/group-chat',
+      expect.objectContaining({
+        auth: expect.objectContaining({
+          token: 'test-token',
+          userId: 'agent-stable-1',
+          name: 'Worker',
+          source: 'agent',
+          agentSocketSecret: expect.any(String),
+        }),
+      }),
+    )
+  })
+
+  it('passes the same persisted agent id into the runtime client when adding an agent', async () => {
+    const addRoomAgent = vi.fn((roomId: string, agentId: string, profile: string, name: string, description: string, invited: number) => ({
+      id: 'row-1', roomId, agentId, profile, name, description, invited,
+    }))
+    const chatServer = {
+      getStorage: () => ({
+        getRoomAgents: vi.fn(() => []),
+        addRoomAgent,
+      }),
+      agentClients: {
+        createAgent: vi.fn(async () => ({ agentId: 'runtime-agent' })),
+        addAgentToRoom: vi.fn(async () => undefined),
+      },
+    }
+    setGroupChatServer(chatServer as any)
+
+    const handler = routeHandler('/api/hermes/group-chat/rooms/:roomId/agents', 'POST')
+    const ctx: any = {
+      params: { roomId: 'room-1' },
+      request: { body: { profile: 'default', name: 'Worker' } },
+      status: 200,
+      body: undefined,
+    }
+    await handler(ctx, async () => {})
+
+    const persisted = ctx.body.agent
+    expect(persisted.agentId).toBeTruthy()
+    expect(chatServer.agentClients.createAgent).toHaveBeenCalledWith(expect.objectContaining({
+      agentId: persisted.agentId,
+      profile: 'default',
+      name: 'Worker',
+    }))
+  })
+
+  it('does not persist an agent when the runtime client cannot connect', async () => {
+    const addRoomAgent = vi.fn()
+    const chatServer = {
+      getStorage: () => ({
+        getRoomAgents: vi.fn(() => []),
+        addRoomAgent,
+      }),
+      agentClients: {
+        createAgent: vi.fn(async () => {
+          throw new Error('Connection timeout')
+        }),
+        addAgentToRoom: vi.fn(),
+        removeAgentFromRoom: vi.fn(),
+      },
+    }
+    setGroupChatServer(chatServer as any)
+
+    const handler = routeHandler('/api/hermes/group-chat/rooms/:roomId/agents', 'POST')
+    const ctx: any = {
+      params: { roomId: 'room-1' },
+      request: { body: { profile: 'default', name: 'Worker' } },
+      status: 200,
+      body: undefined,
+    }
+    await handler(ctx, async () => {})
+
+    expect(ctx.status).toBe(502)
+    expect(ctx.body).toMatchObject({
+      code: 'PROFILE_AGENT_CONNECT_FAILED',
+      profile: 'default',
+      reason: 'Connection timeout',
+    })
+    expect(addRoomAgent).not.toHaveBeenCalled()
+  })
+
+  it('does not persist an agent and disconnects runtime state when room join fails', async () => {
+    const addRoomAgent = vi.fn()
+    const runtimeClient = { agentId: 'agent-stable-1' }
+    const chatServer = {
+      getStorage: () => ({
+        getRoomAgents: vi.fn(() => []),
+        addRoomAgent,
+      }),
+      agentClients: {
+        createAgent: vi.fn(async () => runtimeClient),
+        addAgentToRoom: vi.fn(async () => {
+          throw new Error('join failed')
+        }),
+        removeAgentFromRoom: vi.fn(),
+      },
+    }
+    setGroupChatServer(chatServer as any)
+
+    const handler = routeHandler('/api/hermes/group-chat/rooms/:roomId/agents', 'POST')
+    const ctx: any = {
+      params: { roomId: 'room-1' },
+      request: { body: { profile: 'default', name: 'Worker' } },
+      status: 200,
+      body: undefined,
+    }
+    await handler(ctx, async () => {})
+
+    expect(ctx.status).toBe(502)
+    expect(ctx.body).toMatchObject({
+      code: 'PROFILE_AGENT_CONNECT_FAILED',
+      profile: 'default',
+      reason: 'join failed',
+    })
+    expect(addRoomAgent).not.toHaveBeenCalled()
+    expect(chatServer.agentClients.removeAgentFromRoom).toHaveBeenCalledWith('room-1', 'agent-stable-1')
+  })
+
+  it('rolls back AgentClients room state when joining a room fails', async () => {
+    const clients = new AgentClients()
+    const runtimeClient = {
+      agentId: 'agent-stable-1',
+      name: 'Worker',
+      joinRoom: vi.fn(async () => {
+        throw new Error('join failed')
+      }),
+      disconnect: vi.fn(),
+    }
+
+    await expect(clients.addAgentToRoom('room-1', runtimeClient as any)).rejects.toThrow('join failed')
+
+    expect(runtimeClient.disconnect).toHaveBeenCalled()
+    expect(clients.getAgents('room-1')).toEqual([])
+  })
+
+  it('removes the runtime agent by persisted agentId and returns synchronized room state', async () => {
+    const agentsBefore = [{ id: 'row-1', roomId: 'room-1', agentId: 'agent-stable-1', profile: 'default', name: 'Worker', description: '', invited: 0 }]
+    const storage = {
+      getRoomAgent: vi.fn(() => agentsBefore[0]),
+      getRoomAgents: vi.fn(() => []),
+      removeRoomMembersForAgent: vi.fn(),
+      removeRoomAgent: vi.fn(),
+      getRoomMembers: vi.fn(() => [{ id: 'member-1', userId: 'human-1', name: 'Han', description: '', joinedAt: 1 }]),
+    }
+    const chatServer = {
+      getStorage: () => storage,
+      agentClients: { removeAgentFromRoom: vi.fn() },
+    }
+    setGroupChatServer(chatServer as any)
+
+    const handler = routeHandler('/api/hermes/group-chat/rooms/:roomId/agents/:agentId', 'DELETE')
+    const ctx: any = {
+      params: { roomId: 'room-1', agentId: 'row-1' },
+      status: 200,
+      body: undefined,
+    }
+    await handler(ctx, async () => {})
+
+    expect(chatServer.agentClients.removeAgentFromRoom).toHaveBeenCalledWith('room-1', 'agent-stable-1')
+    expect(storage.removeRoomMembersForAgent).toHaveBeenCalledWith('room-1', agentsBefore[0])
+    expect(storage.removeRoomAgent).toHaveBeenCalledWith('room-1', 'row-1')
+    expect(ctx.body).toEqual({
+      success: true,
+      agents: [],
+      members: [{ id: 'member-1', userId: 'human-1', name: 'Han', description: '', joinedAt: 1 }],
+    })
+  })
+
+  it('filters room list to rooms containing one of the regular admin profiles', async () => {
+    const allRooms = [
+      { id: 'room-default', name: 'Default', inviteCode: null },
+      { id: 'room-private', name: 'Private', inviteCode: null },
+    ]
+    const visibleRooms = [allRooms[0]]
+    const storage = {
+      getAllRooms: vi.fn(() => allRooms),
+      getRoomsForProfiles: vi.fn(() => visibleRooms),
+    }
+    setGroupChatServer({ getStorage: () => storage } as any)
+
+    const handler = routeHandler('/api/hermes/group-chat/rooms', 'GET')
+    const ctx: any = {
+      state: { user: { id: 2, username: 'ops', role: 'admin', profiles: ['default', 'research'] } },
+      status: 200,
+      body: undefined,
+    }
+    await handler(ctx, async () => {})
+
+    expect(storage.getRoomsForProfiles).toHaveBeenCalledWith(['default', 'research'])
+    expect(storage.getAllRooms).not.toHaveBeenCalled()
+    expect(ctx.body).toEqual({ rooms: visibleRooms })
+  })
+
+  it('keeps room list unrestricted for super admins', async () => {
+    const rooms = [{ id: 'room-1', name: 'All', inviteCode: null }]
+    const storage = {
+      getAllRooms: vi.fn(() => rooms),
+      getRoomsForProfiles: vi.fn(() => []),
+    }
+    setGroupChatServer({ getStorage: () => storage } as any)
+
+    const handler = routeHandler('/api/hermes/group-chat/rooms', 'GET')
+    const ctx: any = {
+      state: { user: { id: 1, username: 'admin', role: 'super_admin' } },
+      status: 200,
+      body: undefined,
+    }
+    await handler(ctx, async () => {})
+
+    expect(storage.getAllRooms).toHaveBeenCalledOnce()
+    expect(storage.getRoomsForProfiles).not.toHaveBeenCalled()
+    expect(ctx.body).toEqual({ rooms })
+  })
+
+  it('routes @mentions from users and bounded agent replies', () => {
+    const server = Object.create(GroupChatServer.prototype) as any
+    const emit = vi.fn()
+    server.rooms = new Map([
+      ['room-1', {
+        hasOnlineMember: vi.fn(() => true),
+        getOnlineMemberBySocketId: vi.fn((socketId: string) => socketId === 'agent-socket'
+          ? { userId: 'agent-1', name: '丫鬟', source: 'agent' }
+          : { userId: 'human-1', name: 'Human', source: 'human' }),
+      }],
+    ])
+    server.socketUserMap = new Map([
+      ['human-socket', 'human-1'],
+      ['agent-socket', 'agent-1'],
+    ])
+    server.userInfoMap = new Map([
+      ['human-1', { name: 'Human', description: '' }],
+      ['agent-1', { name: '丫鬟', description: '' }],
+    ])
+    server.agentClients = { processMentions: vi.fn(async () => undefined) }
+    server.storage = {
+      saveMessageAndRefreshRoom: vi.fn((msg: any) => ({ message: msg, totalTokens: 123 })),
+    }
+    server.nsp = { to: vi.fn(() => ({ emit })) }
+
+    server.handleMessage({ id: 'human-socket' }, { roomId: 'room-1', content: '@all hi', role: 'user' }, vi.fn())
+    expect(server.agentClients.processMentions).toHaveBeenCalledTimes(1)
+    expect(server.agentClients.processMentions).toHaveBeenLastCalledWith('room-1', expect.objectContaining({
+      content: '@all hi',
+      senderId: 'human-1',
+      mentionDepth: 0,
+    }))
+
+    server.agentClients.processMentions.mockClear()
+    server.handleMessage({ id: 'agent-socket' }, { roomId: 'room-1', content: '@all agent says hi', role: 'assistant', mentionDepth: 1 }, vi.fn())
+    expect(server.agentClients.processMentions).toHaveBeenCalledTimes(1)
+    expect(server.agentClients.processMentions).toHaveBeenLastCalledWith('room-1', expect.objectContaining({
+      content: '@all agent says hi',
+      senderId: 'agent-1',
+      mentionDepth: 1,
+    }))
+
+    server.agentClients.processMentions.mockClear()
+    server.handleMessage({ id: 'agent-socket' }, { roomId: 'room-1', content: '@all too deep', role: 'assistant', mentionDepth: 4 }, vi.fn())
+    expect(server.agentClients.processMentions).not.toHaveBeenCalled()
+  })
+})
diff --git a/tests/server/group-chat-mention-routing.test.ts b/tests/server/group-chat-mention-routing.test.ts
new file mode 100644
index 0000000..81c9bc8
--- /dev/null
+++ b/tests/server/group-chat-mention-routing.test.ts
@@ -0,0 +1,80 @@
+import { describe, expect, it } from 'vitest'
+import {
+  isAllAgentsMentioned,
+  isAgentMentioned,
+  isReservedMentionName,
+  resolveMentionTargets,
+  stripMentionRoutingTokens,
+} from '../../packages/server/src/services/hermes/group-chat/mention-routing'
+
+type TestAgent = { name: string; id?: string; agentId?: string; profile?: string }
+
+const agents: TestAgent[] = [
+  { name: 'Alice', id: 'socket-alice', agentId: 'agent-alice' },
+  { name: 'Bob', id: 'socket-bob', agentId: 'agent-bob' },
+  { name: 'Regex.Bot', id: 'socket-regex', agentId: 'agent-regex' },
+]
+
+describe('group chat mention routing', () => {
+  it('reserves @all so it cannot be confused with a literal agent name', () => {
+    expect(isReservedMentionName('all')).toBe(true)
+    expect(isReservedMentionName(' ALL ')).toBe(true)
+    expect(isReservedMentionName('Alice')).toBe(false)
+  })
+
+  it('recognizes @all as a standalone mention with safe boundaries', () => {
+    expect(isAllAgentsMentioned('@all please compare notes')).toBe(true)
+    expect(isAllAgentsMentioned('please compare notes @ALL')).toBe(true)
+    expect(isAllAgentsMentioned('@all, compare notes')).toBe(true)
+    expect(isAllAgentsMentioned('email user@all.example')).toBe(false)
+    expect(isAllAgentsMentioned('@alligator should not notify everyone')).toBe(false)
+    expect(isAllAgentsMentioned('prefix@all should not notify everyone')).toBe(false)
+  })
+
+  it('keeps exact agent mentions boundary-aware and regex-safe', () => {
+    expect(isAgentMentioned('@Regex.Bot please review', 'Regex.Bot')).toBe(true)
+    expect(isAgentMentioned('@RegexxBot should not match', 'Regex.Bot')).toBe(false)
+    expect(isAgentMentioned('@Alice, please review', 'Alice')).toBe(true)
+    expect(isAgentMentioned('mailto@Alice.example', 'Alice')).toBe(false)
+  })
+
+  it('routes @all to every room agent except the sender identity', () => {
+    expect(resolveMentionTargets(agents, '@all summarize the options', 'socket-alice').map(a => a.name)).toEqual(['Bob', 'Regex.Bot'])
+  })
+
+  it('keeps same-name human senders routable because sender exclusion uses identity, not display name', () => {
+    const sameNameAgents: TestAgent[] = [
+      { name: 'test', id: 'socket-agent-test', agentId: 'agent-test' },
+      { name: 'tt', id: 'socket-agent-tt', agentId: 'agent-tt' },
+    ]
+
+    expect(resolveMentionTargets(sameNameAgents, '@all can you talk to me?', 'human-test-user').map(a => a.name)).toEqual(['test', 'tt'])
+    expect(resolveMentionTargets(sameNameAgents, '@test why no response?', 'human-test-user').map(a => a.name)).toEqual(['test'])
+  })
+
+  it('still excludes an agent from routing to itself when the sender identity matches that agent', () => {
+    const sameNameAgents: TestAgent[] = [
+      { name: 'test', id: 'socket-agent-test', agentId: 'agent-test' },
+      { name: 'tt', id: 'socket-agent-tt', agentId: 'agent-tt' },
+    ]
+
+    expect(resolveMentionTargets(sameNameAgents, '@all compare plans', 'socket-agent-test').map(a => a.name)).toEqual(['tt'])
+    expect(resolveMentionTargets(sameNameAgents, '@all compare plans', 'agent-test').map(a => a.name)).toEqual(['tt'])
+    expect(resolveMentionTargets(sameNameAgents, '@test check yourself', 'socket-agent-test').map(a => a.name)).toEqual([])
+  })
+
+  it('routes explicit mentions without treating partial @all text as broadcast', () => {
+    expect(resolveMentionTargets(agents, '@Bob and @Regex.Bot compare plans', 'socket-alice').map(a => a.name)).toEqual(['Bob', 'Regex.Bot'])
+    expect(resolveMentionTargets(agents, '@alligator and @Bob compare plans', 'socket-alice').map(a => a.name)).toEqual(['Bob'])
+  })
+
+  it('dedupes mixed @all and explicit mentions', () => {
+    expect(resolveMentionTargets(agents, '@all @Bob compare plans', 'socket-alice').map(a => a.name)).toEqual(['Bob', 'Regex.Bot'])
+  })
+
+  it('strips the broadcast token and this agent mention before routing to the model', () => {
+    expect(stripMentionRoutingTokens('@all @Bob please review', 'Bob')).toBe('please review')
+    expect(stripMentionRoutingTokens('@ALL, @Regex.Bot: please review', 'Regex.Bot')).toBe('please review')
+    expect(stripMentionRoutingTokens('@all please review', 'all')).toBe('please review')
+  })
+})
diff --git a/tests/server/health-controller.test.ts b/tests/server/health-controller.test.ts
new file mode 100644
index 0000000..0c3a6f9
--- /dev/null
+++ b/tests/server/health-controller.test.ts
@@ -0,0 +1,103 @@
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import { readFileSync } from 'fs'
+import { resolve } from 'path'
+
+function readRootPackage() {
+  return JSON.parse(readFileSync(resolve(process.cwd(), 'package.json'), 'utf-8')) as {
+    name: string
+    version: string
+  }
+}
+
+async function loadHealthControllerWithoutInjectedVersion() {
+  vi.resetModules()
+  delete (globalThis as any).__APP_VERSION__
+
+  vi.doMock('../../packages/server/src/services/hermes/hermes-cli', () => ({
+    getVersion: vi.fn().mockResolvedValue('Hermes Agent v0.11.0\n'),
+  }))
+
+  return import('../../packages/server/src/controllers/health')
+}
+
+async function loadHealthControllerWithInjectedVersion(version: string) {
+  vi.resetModules()
+  ;(globalThis as any).__APP_VERSION__ = version
+
+  vi.doMock('../../packages/server/src/services/hermes/hermes-cli', () => ({
+    getVersion: vi.fn().mockResolvedValue('Hermes Agent v0.11.0\n'),
+  }))
+
+  return import('../../packages/server/src/controllers/health')
+}
+
+function createMockCtx() {
+  return {
+    body: null as any,
+  }
+}
+
+describe('health controller version metadata', () => {
+  afterEach(() => {
+    vi.restoreAllMocks()
+    vi.resetModules()
+    ;(globalThis as any).__APP_VERSION__ = 'test'
+  })
+
+  it('reads the root package version in ts-node/dev mode instead of falling back to 0.0.0', async () => {
+    const pkg = readRootPackage()
+    vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ ok: true }))
+
+    const { healthCheck } = await loadHealthControllerWithoutInjectedVersion()
+    const ctx = createMockCtx()
+
+    await healthCheck(ctx)
+
+    expect(ctx.body.webui_version).toBe(pkg.version)
+    expect(ctx.body.webui_version).not.toBe('0.0.0')
+  })
+
+  it('uses the injected build version when available', async () => {
+    vi.stubGlobal('fetch', vi.fn().mockResolvedValue({ ok: true }))
+
+    const { healthCheck } = await loadHealthControllerWithInjectedVersion('9.9.9-test')
+    const ctx = createMockCtx()
+
+    await healthCheck(ctx)
+
+    expect(ctx.body.webui_version).toBe('9.9.9-test')
+  })
+
+  it('checks npm latest using the root package name', async () => {
+    vi.spyOn(console, 'log').mockImplementation(() => {})
+    const pkg = readRootPackage()
+    const fetchMock = vi.fn().mockResolvedValue({
+      ok: true,
+      json: vi.fn().mockResolvedValue({ version: '99.99.99' }),
+    })
+    vi.stubGlobal('fetch', fetchMock)
+
+    const { checkLatestVersion, healthCheck } = await loadHealthControllerWithoutInjectedVersion()
+
+    await checkLatestVersion()
+
+    expect(fetchMock).toHaveBeenCalledWith(
+      `https://registry.npmjs.org/${pkg.name}/latest`,
+      expect.objectContaining({ signal: expect.any(AbortSignal) }),
+    )
+
+    const ctx = createMockCtx()
+    await healthCheck(ctx)
+
+    expect(ctx.body.webui_latest).toBe('99.99.99')
+    expect(ctx.body.webui_update_available).toBe(true)
+  })
+
+  it('does not throw when latest-version lookup fails', async () => {
+    vi.stubGlobal('fetch', vi.fn().mockRejectedValue(new Error('network down')))
+
+    const { checkLatestVersion } = await loadHealthControllerWithoutInjectedVersion()
+
+    await expect(checkLatestVersion()).resolves.toBeUndefined()
+  })
+})
diff --git a/tests/server/hermes-kanban-service.test.ts b/tests/server/hermes-kanban-service.test.ts
new file mode 100644
index 0000000..fbccdd4
--- /dev/null
+++ b/tests/server/hermes-kanban-service.test.ts
@@ -0,0 +1,269 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const mockExecFileAsync = vi.hoisted(() => vi.fn())
+const mockSpawnHermes = vi.hoisted(() => vi.fn())
+const mockLoggerError = vi.hoisted(() => vi.fn())
+
+vi.mock('../../packages/server/src/services/hermes/hermes-process', () => ({
+  execHermes: (args: string[], options: unknown) => mockExecFileAsync('hermes', args, options),
+  spawnHermes: mockSpawnHermes,
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: {
+    error: mockLoggerError,
+  },
+}))
+
+import * as service from '../../packages/server/src/services/hermes/hermes-kanban'
+
+describe('hermes kanban service', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('lists boards without mutating or depending on CLI current', async () => {
+    mockExecFileAsync.mockResolvedValueOnce({ stdout: JSON.stringify([{ slug: 'default' }]) })
+
+    await expect(service.listBoards({ includeArchived: true })).resolves.toEqual([{ slug: 'default' }])
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', 'boards', 'list', '--json', '--all'])
+  })
+
+  it('creates and archives boards through canonical CLI board commands', async () => {
+    mockExecFileAsync
+      .mockResolvedValueOnce({ stdout: '' })
+      .mockResolvedValueOnce({ stdout: JSON.stringify([{ slug: 'project-a', name: 'Project A' }]) })
+      .mockResolvedValueOnce({ stdout: '' })
+
+    await expect(service.createBoard({ slug: 'project-a', name: 'Project A', description: 'desc', icon: '📌', color: '#8b5cf6', switchCurrent: true })).resolves.toEqual({ slug: 'project-a', name: 'Project A' })
+    await expect(service.archiveBoard('project-a')).resolves.toBeUndefined()
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', 'boards', 'create', 'project-a', '--name', 'Project A', '--description', 'desc', '--icon', '📌', '--color', '#8b5cf6', '--switch'])
+    expect(mockExecFileAsync.mock.calls[1][1]).toEqual(['kanban', 'boards', 'list', '--json', '--all'])
+    expect(mockExecFileAsync.mock.calls[2][1]).toEqual(['kanban', 'boards', 'rm', 'project-a'])
+  })
+
+  it('exposes capability metadata for WUI/canonical parity gaps', async () => {
+    await expect(service.getCapabilities()).resolves.toMatchObject({
+      source: 'hermes-cli',
+      supports: { boardsList: true, boardCreate: true, commentsWrite: true, dispatch: true, links: true },
+      missing: expect.arrayContaining(['cliCurrentSwitch', 'bulk', 'homeSubscriptions']),
+      capabilities: expect.arrayContaining([
+        expect.objectContaining({ key: 'commentsWrite', status: 'supported', canonicalCommand: 'comment', requiresBoard: true }),
+        expect.objectContaining({ key: 'links', status: 'supported', canonicalRoute: '/links', canonicalCommand: 'link/unlink', requiresBoard: true }),
+        expect.objectContaining({ key: 'bulk', status: 'partial', canonicalRoute: '/tasks/bulk', requiresBoard: true }),
+        expect.objectContaining({ key: 'events', status: 'partial', canonicalRoute: '/events', canonicalCommand: 'watch', requiresBoard: true }),
+      ]),
+    })
+  })
+
+  it('builds board-scoped watch args for the kanban event bridge', () => {
+    expect(service.buildWatchArgs({ board: 'Project_A', interval: 0.25 })).toEqual(['kanban', '--board', 'project_a', 'watch', '--interval', '0.25'])
+    expect(service.buildWatchArgs()).toEqual(['kanban', '--board', 'default', 'watch', '--interval', '0.5'])
+  })
+
+  it('builds link/unlink and bulk-equivalent task commands with explicit board', async () => {
+    mockExecFileAsync
+      .mockResolvedValueOnce({ stdout: 'linked\n' })
+      .mockResolvedValueOnce({ stdout: 'unlinked\n' })
+      .mockResolvedValueOnce({ stdout: '' })
+      .mockResolvedValueOnce({ stdout: '' })
+      .mockRejectedValueOnce(new Error('cannot complete task-2'))
+
+    await expect(service.linkTasks('task-1', 'task-2', { board: 'project-a' })).resolves.toEqual({ ok: true, output: 'linked\n' })
+    await expect(service.unlinkTasks('task-1', 'task-2', { board: 'project-a' })).resolves.toEqual({ ok: true, output: 'unlinked\n' })
+    await expect(service.bulkUpdateTasks({ board: 'project-a', ids: ['task-1', 'task-2'], status: 'done', assignee: 'alice', summary: 'closed' })).resolves.toEqual({
+      results: [
+        { id: 'task-1', ok: true },
+        { id: 'task-2', ok: false, error: 'Failed to complete kanban tasks: cannot complete task-2' },
+      ],
+    })
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', '--board', 'project-a', 'link', 'task-1', 'task-2'])
+    expect(mockExecFileAsync.mock.calls[1][1]).toEqual(['kanban', '--board', 'project-a', 'unlink', 'task-1', 'task-2'])
+    expect(mockExecFileAsync.mock.calls[2][1]).toEqual(['kanban', '--board', 'project-a', 'complete', 'task-1', '--summary', 'closed'])
+    expect(mockExecFileAsync.mock.calls[3][1]).toEqual(['kanban', '--board', 'project-a', 'assign', 'task-1', 'alice'])
+    expect(mockExecFileAsync.mock.calls[4][1]).toEqual(['kanban', '--board', 'project-a', 'complete', 'task-2', '--summary', 'closed'])
+  })
+
+  it('treats zero-exit stderr from mutation CLI calls as failures', async () => {
+    mockExecFileAsync
+      .mockResolvedValueOnce({ stdout: '', stderr: 'kanban: unknown task(s): missing-a, missing-b\n' })
+      .mockResolvedValueOnce({ stdout: '', stderr: 'No such link: missing-a -> missing-b\n' })
+      .mockResolvedValueOnce({ stdout: '', stderr: 'kanban: unknown task(s): task-1\n' })
+      .mockResolvedValueOnce({ stdout: '', stderr: 'kanban: unknown task(s): task-2\n' })
+
+    await expect(service.linkTasks('missing-a', 'missing-b', { board: 'project-a' })).rejects.toThrow('Failed to link kanban tasks: kanban: unknown task(s): missing-a, missing-b')
+    await expect(service.unlinkTasks('missing-a', 'missing-b', { board: 'project-a' })).rejects.toThrow('Failed to unlink kanban tasks: No such link: missing-a -> missing-b')
+    await expect(service.bulkUpdateTasks({ board: 'project-a', ids: ['task-1', 'task-2'], status: 'done' })).resolves.toEqual({
+      results: [
+        { id: 'task-1', ok: false, error: 'Failed to complete kanban tasks: kanban: unknown task(s): task-1' },
+        { id: 'task-2', ok: false, error: 'Failed to complete kanban tasks: kanban: unknown task(s): task-2' },
+      ],
+    })
+  })
+
+  it('returns per-task bulk errors for unsupported direct status patches before shelling out', async () => {
+    await expect(service.bulkUpdateTasks({ board: 'project-a', ids: ['task-1'], status: 'running' })).resolves.toEqual({
+      results: [{ id: 'task-1', ok: false, error: 'Bulk status running is not supported by the CLI bridge' }],
+    })
+    expect(mockExecFileAsync).not.toHaveBeenCalled()
+  })
+
+  it('builds comment/log/diagnostics commands with explicit board', async () => {
+    mockExecFileAsync
+      .mockResolvedValueOnce({ stdout: 'comment added\n' })
+      .mockResolvedValueOnce({ stdout: 'worker log\n' })
+      .mockResolvedValueOnce({ stdout: JSON.stringify([{ task_id: 'task-1', severity: 'warning' }]) })
+
+    await expect(service.addComment('task-1', '--not-an-option', { board: 'default', author: 'han' })).resolves.toEqual({ ok: true, output: 'comment added\n' })
+    await expect(service.getTaskLog('task-1', { board: 'default', tail: 4000 })).resolves.toEqual({ task_id: 'task-1', path: null, exists: true, size_bytes: 11, content: 'worker log\n', truncated: false })
+    await expect(service.getDiagnostics({ board: 'default', task: 'task-1', severity: 'warning' })).resolves.toEqual([{ task_id: 'task-1', severity: 'warning' }])
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', '--board', 'default', 'comment', 'task-1', '--not-an-option', '--author', 'han'])
+    expect(mockExecFileAsync.mock.calls[1][1]).toEqual(['kanban', '--board', 'default', 'log', 'task-1', '--tail', '4000'])
+    expect(mockExecFileAsync.mock.calls[2][1]).toEqual(['kanban', '--board', 'default', 'diagnostics', '--json', '--task', 'task-1', '--severity', 'warning'])
+  })
+
+  it('maps no-log task logs to canonical empty-log shape', async () => {
+    mockExecFileAsync
+      .mockRejectedValueOnce({ code: 1, stderr: '(no log for task-1 — task may not have spawned yet)' })
+      .mockResolvedValueOnce({ stdout: JSON.stringify({ task: { id: 'task-1' }, runs: [], comments: [], events: [] }) })
+
+    await expect(service.getTaskLog('task-1', { board: 'default' })).resolves.toEqual({
+      task_id: 'task-1',
+      path: null,
+      exists: false,
+      size_bytes: 0,
+      content: '',
+      truncated: false,
+    })
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', '--board', 'default', 'log', 'task-1'])
+    expect(mockExecFileAsync.mock.calls[1][1]).toEqual(['kanban', '--board', 'default', 'show', 'task-1', '--json'])
+  })
+
+  it('builds recovery and dispatch commands with explicit board', async () => {
+    mockExecFileAsync
+      .mockResolvedValueOnce({ stdout: 'reclaimed\n' })
+      .mockResolvedValueOnce({ stdout: 'reassigned\n' })
+      .mockResolvedValueOnce({ stdout: '{"task_id":"task-1","created":true}\n' })
+      .mockResolvedValueOnce({ stdout: JSON.stringify({ spawned: 1 }) })
+
+    await expect(service.reclaimTask('task-1', { board: 'project-a', reason: 'stale lock' })).resolves.toEqual({ ok: true, output: 'reclaimed\n' })
+    await expect(service.reassignTask('task-1', 'bob', { board: 'project-a', reclaim: true, reason: 'handoff' })).resolves.toEqual({ ok: true, output: 'reassigned\n' })
+    await expect(service.specifyTask('task-1', { board: 'project-a', author: 'han' })).resolves.toEqual([{ task_id: 'task-1', created: true }])
+    await expect(service.dispatch({ board: 'project-a', dryRun: true, max: 2, failureLimit: 3 })).resolves.toEqual({ spawned: 1 })
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', '--board', 'project-a', 'reclaim', 'task-1', '--reason', 'stale lock'])
+    expect(mockExecFileAsync.mock.calls[1][1]).toEqual(['kanban', '--board', 'project-a', 'reassign', 'task-1', 'bob', '--reclaim', '--reason', 'handoff'])
+    expect(mockExecFileAsync.mock.calls[2][1]).toEqual(['kanban', '--board', 'project-a', 'specify', 'task-1', '--json', '--author', 'han'])
+    expect(mockExecFileAsync.mock.calls[3][1]).toEqual(['kanban', '--board', 'project-a', 'dispatch', '--json', '--dry-run', '--max', '2', '--failure-limit', '3'])
+  })
+
+  it('builds list/create/stats CLI calls with global --board before the action', async () => {
+    mockExecFileAsync
+      .mockResolvedValueOnce({ stdout: JSON.stringify([{ id: 'task-1' }]) })
+      .mockResolvedValueOnce({ stdout: JSON.stringify({ id: 'task-2' }) })
+      .mockResolvedValueOnce({ stdout: JSON.stringify({ total: 1, by_status: {}, by_assignee: {} }) })
+      .mockResolvedValueOnce({ stdout: JSON.stringify([{ id: 'archived-1', status: 'archived' }, { id: 'archived-2', status: 'archived' }]) })
+
+    await expect(service.listTasks({ board: 'project-a', status: 'todo', assignee: 'alice', tenant: 'ops', includeArchived: true })).resolves.toEqual([{ id: 'task-1' }])
+    await expect(service.createTask('Ship', { board: 'project-a', body: 'write', assignee: 'alice', priority: 3, tenant: 'ops' })).resolves.toEqual({ id: 'task-2' })
+    await expect(service.getStats({ board: 'project-a' })).resolves.toEqual({ total: 3, by_status: { archived: 2 }, by_assignee: {} })
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', '--board', 'project-a', 'list', '--json', '--archived', '--status', 'todo', '--assignee', 'alice', '--tenant', 'ops'])
+    expect(mockExecFileAsync.mock.calls[1][1]).toEqual(['kanban', '--board', 'project-a', 'create', 'Ship', '--json', '--body', 'write', '--assignee', 'alice', '--priority', '3', '--tenant', 'ops'])
+    expect(mockExecFileAsync.mock.calls[2][1]).toEqual(['kanban', '--board', 'project-a', 'stats', '--json'])
+    expect(mockExecFileAsync.mock.calls[3][1]).toEqual(['kanban', '--board', 'project-a', 'list', '--json', '--archived', '--status', 'archived'])
+  })
+
+  it('normalizes omitted board to default instead of falling through to CLI current', async () => {
+    mockExecFileAsync
+      .mockResolvedValueOnce({ stdout: JSON.stringify([]) })
+      .mockResolvedValueOnce({ stdout: JSON.stringify({ total: 0, by_status: {}, by_assignee: {} }) })
+      .mockResolvedValueOnce({ stdout: JSON.stringify([]) })
+
+    await service.listTasks()
+    await service.getStats()
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', '--board', 'default', 'list', '--json'])
+    expect(mockExecFileAsync.mock.calls[1][1]).toEqual(['kanban', '--board', 'default', 'stats', '--json'])
+    expect(mockExecFileAsync.mock.calls[2][1]).toEqual(['kanban', '--board', 'default', 'list', '--json', '--archived', '--status', 'archived'])
+  })
+
+  it('builds action CLI calls and maps not-found show to null', async () => {
+    mockExecFileAsync
+      .mockRejectedValueOnce({ code: 1 })
+      .mockResolvedValueOnce({})
+      .mockResolvedValueOnce({})
+      .mockResolvedValueOnce({})
+      .mockResolvedValueOnce({})
+      .mockResolvedValueOnce({ stdout: JSON.stringify([{ name: 'alice' }]) })
+
+    await expect(service.getTask('missing', { board: 'default' })).resolves.toBeNull()
+    await service.completeTasks(['task-1'], 'done', { board: 'default' })
+    await service.blockTask('task-1', 'wait', { board: 'default' })
+    await service.unblockTasks(['task-1'], { board: 'default' })
+    await service.assignTask('task-1', 'alice', { board: 'default' })
+    await expect(service.getAssignees({ board: 'default' })).resolves.toEqual([{ name: 'alice' }])
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', '--board', 'default', 'show', 'missing', '--json'])
+    expect(mockExecFileAsync.mock.calls[1][1]).toEqual(['kanban', '--board', 'default', 'complete', 'task-1', '--summary', 'done'])
+    expect(mockExecFileAsync.mock.calls[2][1]).toEqual(['kanban', '--board', 'default', 'block', 'task-1', 'wait'])
+    expect(mockExecFileAsync.mock.calls[3][1]).toEqual(['kanban', '--board', 'default', 'unblock', 'task-1'])
+    expect(mockExecFileAsync.mock.calls[4][1]).toEqual(['kanban', '--board', 'default', 'assign', 'task-1', 'alice'])
+    expect(mockExecFileAsync.mock.calls[5][1]).toEqual(['kanban', '--board', 'default', 'assignees', '--json'])
+  })
+
+  it('rejects invalid board slugs before shelling out', async () => {
+    await expect(service.listTasks({ board: 'bad;slug' })).rejects.toThrow('Invalid kanban board slug')
+    expect(mockExecFileAsync).not.toHaveBeenCalled()
+  })
+
+  it('normalizes board slugs using canonical upstream-compatible rules', async () => {
+    const sixtyFourChars = 'a'.repeat(64)
+    mockExecFileAsync
+      .mockResolvedValueOnce({ stdout: JSON.stringify([]) })
+      .mockResolvedValueOnce({ stdout: JSON.stringify([]) })
+      .mockResolvedValueOnce({ stdout: JSON.stringify([]) })
+
+    await service.listTasks({ board: 'Team_Alpha' })
+    await service.listTasks({ board: sixtyFourChars })
+    await service.listTasks({ board: 'default' })
+
+    expect(mockExecFileAsync.mock.calls[0][1]).toEqual(['kanban', '--board', 'team_alpha', 'list', '--json'])
+    expect(mockExecFileAsync.mock.calls[1][1]).toEqual(['kanban', '--board', sixtyFourChars, 'list', '--json'])
+    expect(mockExecFileAsync.mock.calls[2][1]).toEqual(['kanban', '--board', 'default', 'list', '--json'])
+    await expect(service.listTasks({ board: 'bad/slug' })).rejects.toThrow('Invalid kanban board slug')
+    await expect(service.listTasks({ board: 'bad.slug' })).rejects.toThrow('Invalid kanban board slug')
+    await expect(service.listTasks({ board: '..' })).rejects.toThrow('Invalid kanban board slug')
+    await expect(service.listTasks({ board: 'bad slug' })).rejects.toThrow('Invalid kanban board slug')
+    await expect(service.listTasks({ board: ' ' })).rejects.toThrow('Invalid kanban board slug')
+  })
+
+  it('does not hide non-no-log failures from the kanban log command', async () => {
+    mockExecFileAsync
+      .mockRejectedValueOnce({ code: 1, stderr: 'permission denied', message: 'permission denied' })
+      .mockResolvedValueOnce({ stdout: JSON.stringify({ task: { id: 'task-1' }, runs: [], comments: [], events: [] }) })
+
+    await expect(service.getTaskLog('task-1', { board: 'default' })).rejects.toThrow('Failed to read kanban task log: permission denied')
+    expect(mockLoggerError).toHaveBeenCalled()
+  })
+
+  it('does not treat misleading no-log fragments as canonical no-log messages', async () => {
+    mockExecFileAsync
+      .mockRejectedValueOnce({ code: 1, stderr: 'permission denied: no log for diagnostic file', message: 'permission denied' })
+      .mockResolvedValueOnce({ stdout: JSON.stringify({ task: { id: 'task-1' }, runs: [], comments: [], events: [] }) })
+
+    await expect(service.getTaskLog('task-1', { board: 'default' })).rejects.toThrow('Failed to read kanban task log: permission denied')
+  })
+
+  it('wraps CLI failures with service-specific errors', async () => {
+    mockExecFileAsync.mockRejectedValue(new Error('boom'))
+
+    await expect(service.listTasks()).rejects.toThrow('Failed to list kanban tasks: boom')
+    expect(mockLoggerError).toHaveBeenCalled()
+  })
+})
diff --git a/tests/server/hermes-path.test.ts b/tests/server/hermes-path.test.ts
new file mode 100644
index 0000000..7d5a4d1
--- /dev/null
+++ b/tests/server/hermes-path.test.ts
@@ -0,0 +1,61 @@
+import { mkdirSync, mkdtempSync, rmSync } from 'fs'
+import { homedir, tmpdir } from 'os'
+import { join, resolve } from 'path'
+import { afterEach, beforeEach, describe, expect, it } from 'vitest'
+import { detectHermesHome } from '../../packages/server/src/services/hermes/hermes-path'
+
+describe('Hermes path detection', () => {
+  const originalEnv = { ...process.env }
+  const originalPlatform = process.platform
+  let tempDir = ''
+
+  beforeEach(() => {
+    tempDir = mkdtempSync(join(tmpdir(), 'hermes-path-'))
+    process.env = { ...originalEnv }
+    delete process.env.HERMES_HOME
+    delete process.env.LOCALAPPDATA
+    delete process.env.APPDATA
+  })
+
+  afterEach(() => {
+    Object.defineProperty(process, 'platform', { value: originalPlatform })
+    process.env = { ...originalEnv }
+    if (tempDir) rmSync(tempDir, { recursive: true, force: true })
+    tempDir = ''
+  })
+
+  it('keeps explicit HERMES_HOME even when the path does not exist', () => {
+    process.env.HERMES_HOME = join(tempDir, 'custom-home')
+
+    expect(detectHermesHome()).toBe(resolve(tempDir, 'custom-home'))
+  })
+
+  it('falls back to ~/.hermes on Windows when LOCALAPPDATA hermes is missing', () => {
+    Object.defineProperty(process, 'platform', { value: 'win32' })
+    process.env.LOCALAPPDATA = join(tempDir, 'Local')
+
+    expect(detectHermesHome()).toBe(resolve(homedir(), '.hermes'))
+  })
+
+  it('uses existing Windows LOCALAPPDATA hermes before APPDATA', () => {
+    Object.defineProperty(process, 'platform', { value: 'win32' })
+    const localHermes = join(tempDir, 'Local', 'hermes')
+    const roamingHermes = join(tempDir, 'Roaming', 'hermes')
+    mkdirSync(localHermes, { recursive: true })
+    mkdirSync(roamingHermes, { recursive: true })
+    process.env.LOCALAPPDATA = join(tempDir, 'Local')
+    process.env.APPDATA = join(tempDir, 'Roaming')
+
+    expect(detectHermesHome()).toBe(resolve(localHermes))
+  })
+
+  it('falls back to existing Windows APPDATA hermes when LOCALAPPDATA hermes is missing', () => {
+    Object.defineProperty(process, 'platform', { value: 'win32' })
+    const roamingHermes = join(tempDir, 'Roaming', 'hermes')
+    mkdirSync(roamingHermes, { recursive: true })
+    process.env.LOCALAPPDATA = join(tempDir, 'Local')
+    process.env.APPDATA = join(tempDir, 'Roaming')
+
+    expect(detectHermesHome()).toBe(resolve(roamingHermes))
+  })
+})
diff --git a/tests/server/hermes-plugins-env.test.ts b/tests/server/hermes-plugins-env.test.ts
new file mode 100644
index 0000000..e82a206
--- /dev/null
+++ b/tests/server/hermes-plugins-env.test.ts
@@ -0,0 +1,98 @@
+import { chmodSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'fs'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+describe('Hermes plugin discovery environment', () => {
+  const originalEnv = { ...process.env }
+  let tempDir = ''
+
+  beforeEach(() => {
+    vi.resetModules()
+    tempDir = mkdtempSync(join(tmpdir(), 'hermes-plugins-env-'))
+    process.env = { ...originalEnv }
+  })
+
+  afterEach(() => {
+    process.env = { ...originalEnv }
+    if (tempDir) rmSync(tempDir, { recursive: true, force: true })
+  })
+
+  it('uses the same venv python and agent root resolved from the hermes binary as the bridge', async () => {
+    const agentRoot = join(tempDir, 'agent')
+    const venvBin = join(agentRoot, '.venv', 'bin')
+    const hermesCliDir = join(agentRoot, 'hermes_cli')
+    const captureFile = join(tempDir, 'capture.txt')
+    const fakePython = join(venvBin, 'python')
+    const fakeHermes = join(venvBin, 'hermes')
+
+    mkdirSync(venvBin, { recursive: true })
+    mkdirSync(hermesCliDir, { recursive: true })
+    writeFileSync(join(agentRoot, 'run_agent.py'), '')
+    writeFileSync(join(hermesCliDir, 'plugins.py'), '')
+    writeFileSync(fakePython, [
+      '#!/bin/sh',
+      'printf "%s\\n%s\\n%s\\n%s\\n" "$0" "$1" "$2" "$HERMES_AGENT_ROOT_RESOLVED" > "$CAPTURE_FILE"',
+      'printf "%s\\n" \'{"plugins":[],"warnings":[],"metadata":{"hermesAgentRoot":"","pythonExecutable":"","cwd":"","projectPluginsEnabled":false}}\'',
+      '',
+    ].join('\n'))
+    chmodSync(fakePython, 0o755)
+    writeFileSync(fakeHermes, `#!${fakePython}\n`)
+    chmodSync(fakeHermes, 0o755)
+
+    delete process.env.HERMES_AGENT_ROOT
+    delete process.env.HERMES_AGENT_BRIDGE_PYTHON
+    delete process.env.HERMES_AGENT_BRIDGE_UV
+    delete process.env.HERMES_PYTHON
+    process.env.HERMES_HOME = join(tempDir, 'home')
+    process.env.HERMES_BIN = fakeHermes
+    process.env.CAPTURE_FILE = captureFile
+
+    const { listHermesPlugins } = await import('../../packages/server/src/services/hermes/plugins')
+    await expect(listHermesPlugins()).resolves.toMatchObject({ plugins: [] })
+
+    const [command, firstArg, secondArg, resolvedRoot] = readFileSync(captureFile, 'utf8').trim().split('\n')
+    expect(command).toBe(fakePython)
+    expect(firstArg).toBe('-I')
+    expect(secondArg).toBe('-c')
+    expect(resolvedRoot).toBe(agentRoot)
+  })
+
+  it('uses package Python without isolated mode when no source root is resolved', async () => {
+    const binDir = join(tempDir, 'bin')
+    const captureFile = join(tempDir, 'capture-package.txt')
+    const fakePython = join(binDir, 'python')
+    const fakeHermes = join(binDir, 'hermes')
+
+    mkdirSync(binDir, { recursive: true })
+    writeFileSync(fakePython, [
+      '#!/bin/sh',
+      'printf "%s\\n%s\\n%s\\n%s\\n" "$0" "$1" "${PYTHONPATH-unset}" "${PYTHONHOME-unset}" > "$CAPTURE_FILE"',
+      'printf "%s\\n" \'{"plugins":[],"warnings":[],"metadata":{"hermesAgentRoot":"","pythonExecutable":"","cwd":"","projectPluginsEnabled":false}}\'',
+      '',
+    ].join('\n'))
+    chmodSync(fakePython, 0o755)
+    writeFileSync(fakeHermes, `#!${fakePython}\n`)
+    chmodSync(fakeHermes, 0o755)
+
+    delete process.env.HERMES_AGENT_ROOT
+    delete process.env.HERMES_AGENT_BRIDGE_PYTHON
+    delete process.env.HERMES_AGENT_BRIDGE_UV
+    delete process.env.UV
+    delete process.env.HERMES_PYTHON
+    process.env.HERMES_HOME = join(tempDir, 'home')
+    process.env.HERMES_BIN = fakeHermes
+    process.env.CAPTURE_FILE = captureFile
+    process.env.PYTHONPATH = join(tempDir, 'shadow-path')
+    process.env.PYTHONHOME = join(tempDir, 'shadow-home')
+
+    const { listHermesPlugins } = await import('../../packages/server/src/services/hermes/plugins')
+    await expect(listHermesPlugins()).resolves.toMatchObject({ plugins: [] })
+
+    const [command, firstArg, pythonPath, pythonHome] = readFileSync(captureFile, 'utf8').trim().split('\n')
+    expect(command).toBe(fakePython)
+    expect(firstArg).toBe('-c')
+    expect(pythonPath).toBe('unset')
+    expect(pythonHome).toBe('unset')
+  })
+})
diff --git a/tests/server/hermes-process.test.ts b/tests/server/hermes-process.test.ts
new file mode 100644
index 0000000..c8706ec
--- /dev/null
+++ b/tests/server/hermes-process.test.ts
@@ -0,0 +1,102 @@
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'fs'
+import { tmpdir } from 'os'
+import { join } from 'path'
+
+const execFileCalls = vi.hoisted(() => [] as Array<{ command: string; args: string[]; options: any }>)
+const spawnCalls = vi.hoisted(() => [] as Array<{ command: string; args: string[]; options: any }>)
+
+vi.mock('child_process', () => ({
+  execFile: vi.fn((command: string, args: string[], options: any, callback: (error: Error | null, stdout: string, stderr: string) => void) => {
+    execFileCalls.push({ command, args, options })
+    callback(null, 'ok\n', '')
+  }),
+  spawn: vi.fn((command: string, args: string[], options: any) => {
+    spawnCalls.push({ command, args, options })
+    return {} as any
+  }),
+}))
+
+const originalPlatform = Object.getOwnPropertyDescriptor(process, 'platform')
+
+function setPlatform(platform: NodeJS.Platform): void {
+  Object.defineProperty(process, 'platform', { value: platform })
+}
+
+afterEach(() => {
+  execFileCalls.length = 0
+  spawnCalls.length = 0
+  delete process.env.HERMES_AGENT_BRIDGE_PYTHON
+  delete process.env.HERMES_AGENT_CLI_PYTHON
+  if (originalPlatform) Object.defineProperty(process, 'platform', originalPlatform)
+  vi.resetModules()
+})
+
+describe('Hermes process invocation', () => {
+  it('bypasses the uv hermes.exe trampoline on Windows packaged installs', async () => {
+    setPlatform('win32')
+    process.env.HERMES_AGENT_CLI_PYTHON = 'C:\\Users\\me\\AppData\\Local\\Programs\\Hermes Studio\\resources\\python\\python.exe'
+    const { execHermesWithBin } = await import('../../packages/server/src/services/hermes/hermes-process')
+
+    const result = await execHermesWithBin(
+      'C:\\Users\\me\\AppData\\Local\\Programs\\Hermes Studio\\resources\\python\\Scripts\\hermes.exe',
+      ['kanban', '--board', 'default', 'create', 'demo', '--json'],
+      { windowsHide: true },
+    )
+
+    expect(result.stdout).toBe('ok\n')
+    expect(execFileCalls[0]).toMatchObject({
+      command: process.env.HERMES_AGENT_CLI_PYTHON,
+      args: ['-m', 'hermes_cli.main', 'kanban', '--board', 'default', 'create', 'demo', '--json'],
+      options: expect.objectContaining({ windowsHide: true }),
+    })
+  })
+
+  it('discovers sibling python.exe for a Windows hermes.exe launcher', async () => {
+    setPlatform('win32')
+    const root = mkdtempSync(join(tmpdir(), 'hermes-process-'))
+    try {
+      const scripts = join(root, 'Scripts')
+      mkdirSync(scripts)
+      writeFileSync(join(root, 'python.exe'), '')
+      writeFileSync(join(scripts, 'hermes.exe'), '')
+      const { execHermesWithBin } = await import('../../packages/server/src/services/hermes/hermes-process')
+
+      await execHermesWithBin(join(scripts, 'hermes.exe'), ['--version'])
+
+      expect(execFileCalls[0]).toMatchObject({
+        command: join(root, 'python.exe'),
+        args: ['-m', 'hermes_cli.main', '--version'],
+        options: expect.objectContaining({ windowsHide: true }),
+      })
+    } finally {
+      rmSync(root, { recursive: true, force: true })
+    }
+  })
+
+  it('keeps normal Hermes command execution unchanged on non-Windows platforms', async () => {
+    setPlatform('darwin')
+    const { execHermesWithBin } = await import('../../packages/server/src/services/hermes/hermes-process')
+
+    await execHermesWithBin('/opt/hermes/bin/hermes', ['--version'], { windowsHide: true })
+
+    expect(execFileCalls[0]).toMatchObject({
+      command: '/opt/hermes/bin/hermes',
+      args: ['--version'],
+    })
+  })
+
+  it('defaults spawned Windows Hermes processes to hidden windows', async () => {
+    setPlatform('win32')
+    process.env.HERMES_AGENT_CLI_PYTHON = 'C:\\Hermes Studio\\resources\\python\\python.exe'
+    const { spawnHermesWithBin } = await import('../../packages/server/src/services/hermes/hermes-process')
+
+    spawnHermesWithBin('C:\\Hermes Studio\\resources\\python\\Scripts\\hermes.exe', ['gateway', 'run'])
+
+    expect(spawnCalls[0]).toMatchObject({
+      command: process.env.HERMES_AGENT_CLI_PYTHON,
+      args: ['-m', 'hermes_cli.main', 'gateway', 'run'],
+      options: expect.objectContaining({ windowsHide: true }),
+    })
+  })
+})
diff --git a/tests/server/hermes-schemas.test.ts b/tests/server/hermes-schemas.test.ts
new file mode 100644
index 0000000..3179a2c
--- /dev/null
+++ b/tests/server/hermes-schemas.test.ts
@@ -0,0 +1,109 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+describe('Hermes schema initialization', () => {
+  let db: any = null
+
+  beforeEach(async () => {
+    vi.resetModules()
+    const { DatabaseSync } = await import('node:sqlite')
+    db = new DatabaseSync(':memory:')
+    vi.doMock('../../packages/server/src/db/index', () => ({
+      getDb: () => db,
+      getStoragePath: () => ':memory:',
+    }))
+  })
+
+  afterEach(() => {
+    db?.close()
+    db = null
+    vi.doUnmock('../../packages/server/src/db/index')
+    vi.resetModules()
+  })
+
+  it('initializes all tables with correct schemas', async () => {
+    const { initAllHermesTables, USAGE_TABLE, SESSIONS_TABLE, MESSAGES_TABLE, GC_ROOMS_TABLE, USERS_TABLE, USER_PROFILES_TABLE } =
+      await import('../../packages/server/src/db/hermes/schemas')
+
+    expect(() => initAllHermesTables()).not.toThrow()
+
+    // Verify core tables exist
+    const tables = db.prepare(`SELECT name FROM sqlite_master WHERE type='table'`).all() as Array<{ name: string }>
+    expect(tables.map(t => t.name)).toContain(USAGE_TABLE)
+    expect(tables.map(t => t.name)).toContain(SESSIONS_TABLE)
+    expect(tables.map(t => t.name)).toContain(MESSAGES_TABLE)
+    expect(tables.map(t => t.name)).toContain(GC_ROOMS_TABLE)
+    expect(tables.map(t => t.name)).toContain(USERS_TABLE)
+    expect(tables.map(t => t.name)).toContain(USER_PROFILES_TABLE)
+
+    // Verify USAGE_TABLE structure
+    const usageCols = db.prepare(`PRAGMA table_info("${USAGE_TABLE}")`).all() as Array<{ name: string }>
+    expect(usageCols.some(c => c.name === 'id')).toBe(true)
+    expect(usageCols.some(c => c.name === 'session_id')).toBe(true)
+    expect(usageCols.some(c => c.name === 'input_tokens')).toBe(true)
+    expect(usageCols.some(c => c.name === 'output_tokens')).toBe(true)
+
+    const userCols = db.prepare(`PRAGMA table_info("${USERS_TABLE}")`).all() as Array<{ name: string }>
+    expect(userCols.some(c => c.name === 'id')).toBe(true)
+    expect(userCols.some(c => c.name === 'username')).toBe(true)
+    expect(userCols.some(c => c.name === 'password_hash')).toBe(true)
+    expect(userCols.some(c => c.name === 'role')).toBe(true)
+
+    const profileCols = db.prepare(`PRAGMA table_info("${USER_PROFILES_TABLE}")`).all() as Array<{ name: string }>
+    expect(profileCols.some(c => c.name === 'user_id')).toBe(true)
+    expect(profileCols.some(c => c.name === 'profile_name')).toBe(true)
+    expect(profileCols.some(c => c.name === 'is_default')).toBe(true)
+  })
+
+  it('preserves existing data when adding safe schema columns', async () => {
+    const { initAllHermesTables, USAGE_TABLE, USAGE_SCHEMA } =
+      await import('../../packages/server/src/db/hermes/schemas')
+
+    // Create table with minimal schema
+    db.exec(`CREATE TABLE "${USAGE_TABLE}" (id INTEGER PRIMARY KEY AUTOINCREMENT, session_id TEXT NOT NULL, created_at INTEGER NOT NULL)`)
+
+    // Insert test data
+    db.prepare(`INSERT INTO "${USAGE_TABLE}" (session_id, created_at) VALUES (?, ?)`).run('test-session', Date.now())
+
+    // Run initialization (should add safe missing columns)
+    expect(() => initAllHermesTables()).not.toThrow()
+
+    // Verify data is preserved
+    const row = db.prepare(`SELECT * FROM "${USAGE_TABLE}" WHERE session_id = ?`).get('test-session')
+    expect(row).toBeTruthy()
+    expect(row.session_id).toBe('test-session')
+
+    // Verify safe new columns were added
+    const cols = db.prepare(`PRAGMA table_info("${USAGE_TABLE}")`).all() as Array<{ name: string }>
+    expect(cols.some(c => c.name === 'input_tokens')).toBe(true)
+    expect(cols.some(c => c.name === 'output_tokens')).toBe(true)
+  })
+
+  it('handles single-column primary key tables correctly', async () => {
+    const { initAllHermesTables, GC_ROOM_AGENTS_TABLE } =
+      await import('../../packages/server/src/db/hermes/schemas')
+
+    expect(() => initAllHermesTables()).not.toThrow()
+
+    // Verify table has primary key and required columns
+    const tableInfo = db.prepare(`SELECT sql FROM sqlite_master WHERE type='table' AND name=?`).get(GC_ROOM_AGENTS_TABLE) as { sql: string }
+    expect(tableInfo.sql).toContain('PRIMARY KEY')
+    expect(tableInfo.sql).toContain('id')
+    expect(tableInfo.sql).toContain('roomId')
+    expect(tableInfo.sql).toContain('agentId')
+
+    // Verify we can insert multiple entries with unique id
+    db.prepare(`INSERT INTO "${GC_ROOM_AGENTS_TABLE}" (id, roomId, agentId, profile, name, description, invited) VALUES (?, ?, ?, ?, ?, ?, ?)`)
+      .run('agent-1', 'room-1', 'agent-1', 'default', 'Agent 1', '', 0)
+    db.prepare(`INSERT INTO "${GC_ROOM_AGENTS_TABLE}" (id, roomId, agentId, profile, name, description, invited) VALUES (?, ?, ?, ?, ?, ?, ?)`)
+      .run('agent-2', 'room-1', 'agent-2', 'default', 'Agent 2', '', 0)
+
+    const count = db.prepare(`SELECT COUNT(*) as count FROM "${GC_ROOM_AGENTS_TABLE}"`).get() as { count: number }
+    expect(count.count).toBe(2)
+
+    // Verify duplicate primary key is rejected
+    expect(() => {
+      db.prepare(`INSERT INTO "${GC_ROOM_AGENTS_TABLE}" (id, roomId, agentId, profile, name, description, invited) VALUES (?, ?, ?, ?, ?, ?, ?)`)
+        .run('agent-1', 'room-1', 'agent-1', 'default', 'Agent 1 Duplicate', '', 0)
+    }).toThrow()
+  })
+})
diff --git a/tests/server/jobs-controller.test.ts b/tests/server/jobs-controller.test.ts
new file mode 100644
index 0000000..06666d7
--- /dev/null
+++ b/tests/server/jobs-controller.test.ts
@@ -0,0 +1,127 @@
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'fs'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+const testState = vi.hoisted(() => ({
+  profileDir: '',
+  execFile: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileName: () => 'default',
+  getProfileDir: () => testState.profileDir || '/fake/home/.hermes',
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-path', () => ({
+  getHermesBin: () => '/fake/bin/hermes',
+}))
+
+vi.mock('child_process', () => ({
+  execFile: testState.execFile,
+}))
+
+const mockFetch = vi.fn()
+vi.stubGlobal('fetch', mockFetch)
+
+import { update } from '../../packages/server/src/controllers/hermes/jobs'
+
+function createMockCtx(overrides: Record<string, any> = {}) {
+  const ctx: any = {
+    req: { method: 'PATCH' },
+    request: { body: { name: 'renamed' } },
+    params: { id: 'abc123abc123' },
+    query: {},
+    search: '',
+    headers: {},
+    status: 200,
+    set: vi.fn(),
+    body: null,
+    ...overrides,
+  }
+  ctx.get = (name: string) => {
+    const match = Object.entries(ctx.headers).find(([key]) => key.toLowerCase() === name.toLowerCase())
+    const value = match?.[1]
+    return Array.isArray(value) ? value[0] : value || ''
+  }
+  return ctx
+}
+
+describe('Hermes jobs controller', () => {
+  let tempDir = ''
+
+  beforeEach(() => {
+    vi.clearAllMocks()
+    tempDir = mkdtempSync(join(tmpdir(), 'hermes-web-ui-jobs-test-'))
+    testState.profileDir = tempDir
+    testState.execFile.mockImplementation((_bin, _args, _opts, cb) => {
+      cb(null, { stdout: '', stderr: '' })
+    })
+  })
+
+  afterEach(() => {
+    if (tempDir) rmSync(tempDir, { recursive: true, force: true })
+    tempDir = ''
+    testState.profileDir = ''
+  })
+
+  it('returns 404 before editing when the local cron job does not exist', async () => {
+    mockFetch.mockResolvedValue({
+      ok: false,
+      status: 400,
+      statusText: 'Bad Request',
+      headers: new Headers({ 'content-type': 'application/json' }),
+      json: () => Promise.resolve({ error: 'Prompt must be ≤ 5000 characters' }),
+    })
+
+    const ctx = createMockCtx()
+    await update(ctx)
+
+    expect(ctx.status).toBe(404)
+    expect(ctx.body).toEqual({ error: { message: 'Job not found' } })
+    expect(mockFetch).not.toHaveBeenCalled()
+  })
+
+  it('does not call the removed gateway proxy path for missing jobs', async () => {
+    mockFetch.mockRejectedValue(new Error('ECONNREFUSED'))
+
+    const ctx = createMockCtx()
+    await update(ctx)
+
+    expect(ctx.status).toBe(404)
+    expect(ctx.body).toEqual({ error: { message: 'Job not found' } })
+    expect(mockFetch).not.toHaveBeenCalled()
+  })
+
+  it('clears repeat by passing repeat 0 to Hermes CLI', async () => {
+    const cronDir = join(tempDir, 'cron')
+    mkdirSync(cronDir, { recursive: true })
+    writeFileSync(join(cronDir, 'jobs.json'), JSON.stringify({
+      jobs: [{
+        job_id: 'abc123abc123',
+        id: 'abc123abc123',
+        name: 'daily',
+        schedule: { kind: 'cron', expr: '0 9 * * *', display: '0 9 * * *' },
+        schedule_display: '0 9 * * *',
+        prompt: 'run daily',
+        repeat: { times: 3, completed: 1 },
+      }],
+    }))
+
+    const ctx = createMockCtx({
+      request: { body: { repeat: null } },
+    })
+    await update(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(testState.execFile).toHaveBeenCalledWith(
+      '/fake/bin/hermes',
+      ['cron', 'edit', 'abc123abc123', '--repeat', '0'],
+      expect.objectContaining({
+        env: expect.objectContaining({ HERMES_HOME: tempDir }),
+        windowsHide: true,
+      }),
+      expect.any(Function),
+    )
+  })
+})
diff --git a/tests/server/kanban-controller.test.ts b/tests/server/kanban-controller.test.ts
new file mode 100644
index 0000000..cb8ee81
--- /dev/null
+++ b/tests/server/kanban-controller.test.ts
@@ -0,0 +1,539 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const mockReadFile = vi.hoisted(() => vi.fn())
+const mockListBoards = vi.hoisted(() => vi.fn())
+const mockCreateBoard = vi.hoisted(() => vi.fn())
+const mockArchiveBoard = vi.hoisted(() => vi.fn())
+const mockGetCapabilities = vi.hoisted(() => vi.fn())
+const mockListTasks = vi.hoisted(() => vi.fn())
+const mockGetTask = vi.hoisted(() => vi.fn())
+const mockCreateTask = vi.hoisted(() => vi.fn())
+const mockCompleteTasks = vi.hoisted(() => vi.fn())
+const mockBlockTask = vi.hoisted(() => vi.fn())
+const mockUnblockTasks = vi.hoisted(() => vi.fn())
+const mockAssignTask = vi.hoisted(() => vi.fn())
+const mockAddComment = vi.hoisted(() => vi.fn())
+const mockLinkTasks = vi.hoisted(() => vi.fn())
+const mockUnlinkTasks = vi.hoisted(() => vi.fn())
+const mockBulkUpdateTasks = vi.hoisted(() => vi.fn())
+const mockGetTaskLog = vi.hoisted(() => vi.fn())
+const mockGetDiagnostics = vi.hoisted(() => vi.fn())
+const mockReclaimTask = vi.hoisted(() => vi.fn())
+const mockReassignTask = vi.hoisted(() => vi.fn())
+const mockSpecifyTask = vi.hoisted(() => vi.fn())
+const mockDispatch = vi.hoisted(() => vi.fn())
+const mockGetStats = vi.hoisted(() => vi.fn())
+const mockGetAssignees = vi.hoisted(() => vi.fn())
+const mockSearchSessions = vi.hoisted(() => vi.fn())
+const mockGetSessionDetail = vi.hoisted(() => vi.fn())
+const mockGetExactSessionDetail = vi.hoisted(() => vi.fn())
+const mockFindLatestExactSessionId = vi.hoisted(() => vi.fn())
+const mockListUserProfiles = vi.hoisted(() => vi.fn())
+
+vi.mock('fs/promises', () => ({
+  readFile: mockReadFile,
+}))
+
+vi.mock('os', () => ({
+  homedir: () => '/Users/tester',
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-kanban', () => ({
+  normalizeBoardSlug: (board?: string | null) => {
+    const value = board?.trim().toLowerCase() || 'default'
+    if (!/^[a-z0-9][a-z0-9_-]{0,63}$/.test(value)) throw new Error('Invalid kanban board slug')
+    return value
+  },
+  listBoards: mockListBoards,
+  createBoard: mockCreateBoard,
+  archiveBoard: mockArchiveBoard,
+  getCapabilities: mockGetCapabilities,
+  listTasks: mockListTasks,
+  getTask: mockGetTask,
+  createTask: mockCreateTask,
+  completeTasks: mockCompleteTasks,
+  blockTask: mockBlockTask,
+  unblockTasks: mockUnblockTasks,
+  assignTask: mockAssignTask,
+  addComment: mockAddComment,
+  linkTasks: mockLinkTasks,
+  unlinkTasks: mockUnlinkTasks,
+  bulkUpdateTasks: mockBulkUpdateTasks,
+  getTaskLog: mockGetTaskLog,
+  getDiagnostics: mockGetDiagnostics,
+  reclaimTask: mockReclaimTask,
+  reassignTask: mockReassignTask,
+  specifyTask: mockSpecifyTask,
+  dispatch: mockDispatch,
+  getStats: mockGetStats,
+  getAssignees: mockGetAssignees,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/sessions-db', () => ({
+  searchSessionSummariesWithProfile: mockSearchSessions,
+  getSessionDetailFromDbWithProfile: mockGetSessionDetail,
+  getExactSessionDetailFromDbWithProfile: mockGetExactSessionDetail,
+  findLatestExactSessionIdWithProfile: mockFindLatestExactSessionId,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/users-store', () => ({
+  listUserProfiles: mockListUserProfiles,
+}))
+
+import * as ctrl from '../../packages/server/src/controllers/hermes/kanban'
+
+function ctx(overrides: Record<string, any> = {}) {
+  return {
+    query: {},
+    params: {},
+    request: { body: {} },
+    status: 200,
+    body: null,
+    ...overrides,
+  } as any
+}
+
+describe('kanban controller', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mockListUserProfiles.mockReturnValue([{ profile_name: 'research' }])
+  })
+
+  it('lists boards and tasks with explicit/default board context', async () => {
+    mockListBoards.mockResolvedValue([{ slug: 'default' }])
+    mockListTasks.mockResolvedValue([{ id: 'task-1' }])
+
+    const boardsCtx = ctx({ query: { includeArchived: 'true' } })
+    await ctrl.listBoards(boardsCtx)
+    expect(mockListBoards).toHaveBeenCalledWith({ includeArchived: true })
+    expect(boardsCtx.body).toEqual({ boards: [{ slug: 'default' }] })
+
+    const c = ctx({ query: { board: 'project-a', status: 'todo', assignee: 'alice', tenant: 'ops', includeArchived: 'true' } })
+    await ctrl.list(c)
+    expect(mockListTasks).toHaveBeenCalledWith({ board: 'project-a', status: 'todo', assignee: 'alice', tenant: 'ops', includeArchived: true })
+    expect(c.body).toEqual({ tasks: [{ id: 'task-1' }] })
+
+    mockCreateBoard.mockResolvedValue({ slug: 'project-b' })
+    const createBoardCtx = ctx({ request: { body: { slug: 'project-b', name: 'Project B', switchCurrent: false } } })
+    await ctrl.createBoard(createBoardCtx)
+    expect(mockCreateBoard).toHaveBeenCalledWith({ slug: 'project-b', name: 'Project B', description: undefined, icon: undefined, color: undefined, switchCurrent: false })
+    expect(createBoardCtx.body).toEqual({ board: { slug: 'project-b' } })
+
+    mockArchiveBoard.mockResolvedValue(undefined)
+    const archiveCtx = ctx({ params: { slug: 'project-b' } })
+    await ctrl.archiveBoard(archiveCtx)
+    expect(mockArchiveBoard).toHaveBeenCalledWith('project-b')
+    expect(archiveCtx.body).toEqual({ ok: true })
+
+    mockGetCapabilities.mockResolvedValue({ source: 'hermes-cli', supports: {}, missing: [] })
+    const capabilitiesCtx = ctx()
+    await ctrl.capabilities(capabilitiesCtx)
+    expect(capabilitiesCtx.body).toEqual({ capabilities: { source: 'hermes-cli', supports: {}, missing: [] } })
+
+    const defaultCtx = ctx({ query: { status: 'ready' } })
+    await ctrl.list(defaultCtx)
+    expect(mockListTasks).toHaveBeenLastCalledWith({ board: 'default', status: 'ready', assignee: undefined, tenant: undefined, includeArchived: false })
+  })
+
+  it('filters kanban tasks, stats, and assignees to the user-bound profiles', async () => {
+    const tasks = [
+      { id: 'task-1', assignee: 'research', status: 'todo' },
+      { id: 'task-2', assignee: 'travel', status: 'done' },
+      { id: 'task-3', assignee: null, status: 'blocked' },
+    ]
+    mockListTasks.mockResolvedValue(tasks)
+    mockGetAssignees.mockResolvedValue([
+      { name: 'research', on_disk: true, counts: { todo: 1 } },
+      { name: 'travel', on_disk: true, counts: { done: 1 } },
+      { name: 'default', on_disk: true, counts: { blocked: 1 } },
+    ])
+
+    const state = { user: { id: 7, role: 'admin' }, profile: { name: 'research' } }
+    const listCtx = ctx({ state, query: { board: 'default', includeArchived: 'true' } })
+    await ctrl.list(listCtx)
+    expect(listCtx.body).toEqual({ tasks: [tasks[0]] })
+
+    const statsCtx = ctx({ state, query: { board: 'default' } })
+    await ctrl.stats(statsCtx)
+    expect(statsCtx.body).toEqual({ stats: { by_status: { todo: 1 }, by_assignee: { research: 1 }, total: 1 } })
+
+    const assigneesCtx = ctx({ state, query: { board: 'default' } })
+    await ctrl.assignees(assigneesCtx)
+    expect(assigneesCtx.body).toEqual({ assignees: [{ name: 'research', on_disk: true, counts: { todo: 1 } }] })
+  })
+
+  it('loads kanban data for every profile bound to the user instead of only the active header profile', async () => {
+    mockListUserProfiles.mockReturnValue([{ profile_name: 'research' }, { profile_name: 'travel' }])
+    const tasks = [
+      { id: 'task-1', assignee: 'research', status: 'todo' },
+      { id: 'task-2', assignee: 'travel', status: 'done' },
+      { id: 'task-3', assignee: 'default', status: 'blocked' },
+    ]
+    mockListTasks.mockResolvedValue(tasks)
+    mockGetAssignees.mockResolvedValue([
+      { name: 'research', on_disk: true, counts: { todo: 1 } },
+    ])
+
+    const state = { user: { id: 7, role: 'admin' }, profile: { name: 'research' } }
+    const listCtx = ctx({ state, query: { board: 'default', includeArchived: 'true' } })
+    await ctrl.list(listCtx)
+    expect(listCtx.body).toEqual({ tasks: [tasks[0], tasks[1]] })
+
+    const statsCtx = ctx({ state, query: { board: 'default' } })
+    await ctrl.stats(statsCtx)
+    expect(statsCtx.body).toEqual({
+      stats: {
+        by_status: { todo: 1, done: 1 },
+        by_assignee: { research: 1, travel: 1 },
+        total: 2,
+      },
+    })
+
+    const assigneesCtx = ctx({ state, query: { board: 'default' } })
+    await ctrl.assignees(assigneesCtx)
+    expect(assigneesCtx.body).toEqual({
+      assignees: [
+        { name: 'research', on_disk: true, counts: { todo: 1 } },
+        { name: 'travel', on_disk: true, counts: null },
+      ],
+    })
+  })
+
+  it('defaults created kanban tasks to the requested profile and rejects unauthorized assignees', async () => {
+    mockCreateTask.mockResolvedValue({ id: 'task-1', assignee: 'research' })
+    const state = { user: { id: 7, role: 'admin' }, profile: { name: 'research' } }
+
+    const createCtx = ctx({ state, query: { board: 'default' }, request: { body: { title: 'Ship it' } } })
+    await ctrl.create(createCtx)
+    expect(mockCreateTask).toHaveBeenCalledWith('Ship it', { board: 'default', body: undefined, assignee: 'research', priority: undefined, tenant: undefined })
+    expect(createCtx.body).toEqual({ task: { id: 'task-1', assignee: 'research' } })
+
+    const assignCtx = ctx({ state, query: { board: 'default' }, params: { id: 'task-1' }, request: { body: { profile: 'travel' } } })
+    await ctrl.assign(assignCtx)
+    expect(assignCtx.status).toBe(403)
+    expect(mockAssignTask).not.toHaveBeenCalled()
+  })
+
+  it('proxies comment/log/diagnostics with explicit board context', async () => {
+    const taskLog = { task_id: 'task-1', path: null, exists: true, size_bytes: 10, content: 'worker log', truncated: false }
+    mockAddComment.mockResolvedValue({ ok: true, output: 'commented' })
+    mockGetTaskLog.mockResolvedValue(taskLog)
+    mockGetDiagnostics.mockResolvedValue([{ task_id: 'task-1' }])
+
+    const commentCtx = ctx({ query: { board: 'project-a' }, params: { id: 'task-1' }, request: { body: { body: 'needs review', author: 'han' } } })
+    await ctrl.addComment(commentCtx)
+    expect(mockAddComment).toHaveBeenCalledWith('task-1', 'needs review', { board: 'project-a', author: 'han' })
+    expect(commentCtx.body).toEqual({ ok: true, output: 'commented' })
+
+    const logCtx = ctx({ query: { board: 'default', tail: '4000' }, params: { id: 'task-1' } })
+    await ctrl.taskLog(logCtx)
+    expect(mockGetTaskLog).toHaveBeenCalledWith('task-1', { board: 'default', tail: 4000 })
+    expect(logCtx.body).toEqual(taskLog)
+
+    const diagnosticsCtx = ctx({ query: { board: 'default', task: 'task-1', severity: 'warning' } })
+    await ctrl.diagnostics(diagnosticsCtx)
+    expect(mockGetDiagnostics).toHaveBeenCalledWith({ board: 'default', task: 'task-1', severity: 'warning' })
+    expect(diagnosticsCtx.body).toEqual({ diagnostics: [{ task_id: 'task-1' }] })
+  })
+
+  it('proxies links and bulk actions with explicit board context', async () => {
+    mockLinkTasks.mockResolvedValue({ ok: true, output: 'linked' })
+    mockUnlinkTasks.mockResolvedValue({ ok: true, output: 'unlinked' })
+    mockBulkUpdateTasks.mockResolvedValue({ results: [{ id: 'task-1', ok: true }] })
+
+    const linkCtx = ctx({ query: { board: 'project-a' }, request: { body: { parent_id: 'task-1', child_id: 'task-2' } } })
+    await ctrl.linkTasks(linkCtx)
+    expect(mockLinkTasks).toHaveBeenCalledWith('task-1', 'task-2', { board: 'project-a' })
+    expect(linkCtx.body).toEqual({ ok: true, output: 'linked' })
+
+    const unlinkCtx = ctx({ query: { board: 'project-a', parent_id: 'task-1', child_id: 'task-2' } })
+    await ctrl.unlinkTasks(unlinkCtx)
+    expect(mockUnlinkTasks).toHaveBeenCalledWith('task-1', 'task-2', { board: 'project-a' })
+    expect(unlinkCtx.body).toEqual({ ok: true, output: 'unlinked' })
+
+    const bulkCtx = ctx({ query: { board: 'project-a' }, request: { body: { ids: ['task-1'], status: 'done', assignee: null, summary: 'closed' } } })
+    await ctrl.bulkUpdateTasks(bulkCtx)
+    expect(mockBulkUpdateTasks).toHaveBeenCalledWith({ board: 'project-a', ids: ['task-1'], status: 'done', assignee: null, archive: undefined, summary: 'closed', reason: undefined })
+    expect(bulkCtx.body).toEqual({ results: [{ id: 'task-1', ok: true }] })
+  })
+
+  it('validates canonical parity endpoint inputs before shelling out', async () => {
+    const invalidTailCtx = ctx({ query: { board: 'default', tail: '0' }, params: { id: 'task-1' } })
+    await ctrl.taskLog(invalidTailCtx)
+    expect(invalidTailCtx.status).toBe(400)
+    expect(mockGetTaskLog).not.toHaveBeenCalled()
+
+    const oversizedTailCtx = ctx({ query: { board: 'default', tail: '1000001' }, params: { id: 'task-1' } })
+    await ctrl.taskLog(oversizedTailCtx)
+    expect(oversizedTailCtx.status).toBe(400)
+    expect(mockGetTaskLog).not.toHaveBeenCalled()
+
+    const invalidSeverityCtx = ctx({ query: { board: 'default', severity: 'info' } })
+    await ctrl.diagnostics(invalidSeverityCtx)
+    expect(invalidSeverityCtx.status).toBe(400)
+    expect(mockGetDiagnostics).not.toHaveBeenCalled()
+
+    const emptyBoardCtx = ctx({ query: { board: ' ' } })
+    await ctrl.list(emptyBoardCtx)
+    expect(emptyBoardCtx.status).toBe(400)
+    expect(mockListTasks).not.toHaveBeenCalled()
+
+    const invalidDispatchCtx = ctx({ query: { board: 'default' }, request: { body: { dryRun: 'yes', max: -1, failureLimit: 0 } } })
+    await ctrl.dispatch(invalidDispatchCtx)
+    expect(invalidDispatchCtx.status).toBe(400)
+    expect(mockDispatch).not.toHaveBeenCalled()
+
+    const oversizedDispatchCtx = ctx({ query: { board: 'default' }, request: { body: { dryRun: false, max: 999999999 } } })
+    await ctrl.dispatch(oversizedDispatchCtx)
+    expect(oversizedDispatchCtx.status).toBe(400)
+    expect(mockDispatch).not.toHaveBeenCalled()
+  })
+
+  it('rejects malformed parity action bodies before shelling out', async () => {
+    const cases: Array<{ name: string; invoke: (c: any) => Promise<void>; context: any; mock: ReturnType<typeof vi.fn> }> = [
+      { name: 'comment body object', invoke: ctrl.addComment, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: { body: {}, author: 'han' } } }), mock: mockAddComment },
+      { name: 'comment request body array', invoke: ctrl.addComment, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: [] } }), mock: mockAddComment },
+      { name: 'comment author object', invoke: ctrl.addComment, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: { body: 'ok', author: {} } } }), mock: mockAddComment },
+      { name: 'link missing child', invoke: ctrl.linkTasks, context: ctx({ query: { board: 'default' }, request: { body: { parent_id: 'task-1' } } }), mock: mockLinkTasks },
+      { name: 'unlink missing parent', invoke: ctrl.unlinkTasks, context: ctx({ query: { board: 'default', child_id: 'task-2' } }), mock: mockUnlinkTasks },
+      { name: 'bulk empty ids', invoke: ctrl.bulkUpdateTasks, context: ctx({ query: { board: 'default' }, request: { body: { ids: [], status: 'done' } } }), mock: mockBulkUpdateTasks },
+      { name: 'bulk invalid status', invoke: ctrl.bulkUpdateTasks, context: ctx({ query: { board: 'default' }, request: { body: { ids: ['task-1'], status: 'invalid' } } }), mock: mockBulkUpdateTasks },
+      { name: 'bulk archive with status', invoke: ctrl.bulkUpdateTasks, context: ctx({ query: { board: 'default' }, request: { body: { ids: ['task-1'], archive: true, status: 'done' } } }), mock: mockBulkUpdateTasks },
+      { name: 'bulk no action', invoke: ctrl.bulkUpdateTasks, context: ctx({ query: { board: 'default' }, request: { body: { ids: ['task-1'] } } }), mock: mockBulkUpdateTasks },
+      { name: 'reclaim request body string', invoke: ctrl.reclaim, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: 'bad' } }), mock: mockReclaimTask },
+      { name: 'reclaim reason array', invoke: ctrl.reclaim, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: { reason: [] } } }), mock: mockReclaimTask },
+      { name: 'reassign reclaim string', invoke: ctrl.reassign, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: { profile: 'bob', reclaim: 'false' } } }), mock: mockReassignTask },
+      { name: 'reassign reclaim number', invoke: ctrl.reassign, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: { profile: 'bob', reclaim: 1 } } }), mock: mockReassignTask },
+      { name: 'reassign profile number', invoke: ctrl.reassign, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: { profile: 123 } } }), mock: mockReassignTask },
+      { name: 'specify request body number', invoke: ctrl.specify, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: 123 } }), mock: mockSpecifyTask },
+      { name: 'specify author object', invoke: ctrl.specify, context: ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: { author: {} } } }), mock: mockSpecifyTask },
+      { name: 'dispatch request body array', invoke: ctrl.dispatch, context: ctx({ query: { board: 'default' }, request: { body: [] } }), mock: mockDispatch },
+    ]
+
+    for (const testCase of cases) {
+      vi.clearAllMocks()
+      await testCase.invoke(testCase.context)
+      expect(testCase.context.status, testCase.name).toBe(400)
+      expect(testCase.mock, testCase.name).not.toHaveBeenCalled()
+    }
+  })
+
+  it('proxies recovery and dispatch actions with explicit board context', async () => {
+    mockReclaimTask.mockResolvedValue({ ok: true, output: 'reclaimed' })
+    mockReassignTask.mockResolvedValue({ ok: true, output: 'reassigned' })
+    mockSpecifyTask.mockResolvedValue([{ task_id: 'task-1' }])
+    mockDispatch.mockResolvedValue({ spawned: 1 })
+
+    const reclaimCtx = ctx({ query: { board: 'project-a' }, params: { id: 'task-1' }, request: { body: { reason: 'stale' } } })
+    await ctrl.reclaim(reclaimCtx)
+    expect(mockReclaimTask).toHaveBeenCalledWith('task-1', { board: 'project-a', reason: 'stale' })
+
+    const reassignCtx = ctx({ query: { board: 'project-a' }, params: { id: 'task-1' }, request: { body: { profile: 'bob', reclaim: true, reason: 'handoff' } } })
+    await ctrl.reassign(reassignCtx)
+    expect(mockReassignTask).toHaveBeenCalledWith('task-1', 'bob', { board: 'project-a', reclaim: true, reason: 'handoff' })
+
+    const specifyCtx = ctx({ query: { board: 'default' }, params: { id: 'task-1' }, request: { body: { author: 'han' } } })
+    await ctrl.specify(specifyCtx)
+    expect(mockSpecifyTask).toHaveBeenCalledWith('task-1', { board: 'default', author: 'han' })
+    expect(specifyCtx.body).toEqual({ results: [{ task_id: 'task-1' }] })
+
+    const dispatchCtx = ctx({ query: { board: 'default' }, request: { body: { dryRun: true, max: 2, failureLimit: 3 } } })
+    await ctrl.dispatch(dispatchCtx)
+    expect(mockDispatch).toHaveBeenCalledWith({ board: 'default', dryRun: true, max: 2, failureLimit: 3 })
+    expect(dispatchCtx.body).toEqual({ result: { spawned: 1 } })
+  })
+
+  it('enriches completed task details using the latest run profile', async () => {
+    mockGetTask.mockResolvedValue({
+      task: { id: 'task-1', status: 'done' },
+      runs: [{ profile: 'stale' }, { profile: 'fresh' }],
+      comments: [],
+      events: [],
+    })
+    mockFindLatestExactSessionId.mockResolvedValue('session-1')
+    mockGetExactSessionDetail.mockResolvedValue({
+      title: 'Session one',
+      source: 'codex',
+      model: 'gpt-5.5',
+      started_at: 1,
+      ended_at: 2,
+      messages: [],
+    })
+
+    const c = ctx({ params: { id: 'task-1' }, query: { board: 'project-a' } })
+    await ctrl.get(c)
+
+    expect(mockFindLatestExactSessionId).toHaveBeenCalledWith('task-1', 'fresh')
+    expect(mockGetExactSessionDetail).toHaveBeenCalledWith('session-1', 'fresh')
+    expect(c.body.session).toMatchObject({ id: 'session-1', title: 'Session one' })
+  })
+
+  it('enriches archived task details using the latest run profile', async () => {
+    mockGetTask.mockResolvedValue({
+      task: { id: 'task-archived', status: 'archived' },
+      runs: [{ profile: 'reviewer' }],
+      comments: [],
+      events: [],
+    })
+    mockFindLatestExactSessionId.mockResolvedValue('session-archived')
+    mockGetExactSessionDetail.mockResolvedValue({
+      title: 'Archived session',
+      source: 'codex',
+      model: 'gpt-5.5',
+      started_at: 1,
+      ended_at: 2,
+      messages: [],
+    })
+
+    const c = ctx({ params: { id: 'task-archived' }, query: { board: 'project-a' } })
+    await ctrl.get(c)
+
+    expect(mockFindLatestExactSessionId).toHaveBeenCalledWith('task-archived', 'reviewer')
+    expect(mockGetExactSessionDetail).toHaveBeenCalledWith('session-archived', 'reviewer')
+    expect(c.body.session).toMatchObject({ id: 'session-archived', title: 'Archived session' })
+  })
+
+  it('prefers exact kanban-task session matches over later sessions that merely reference the task id', async () => {
+    mockGetTask.mockResolvedValue({
+      task: { id: 't_348bfaaf', status: 'done' },
+      runs: [{ profile: 'default' }],
+      comments: [],
+      events: [],
+    })
+    mockFindLatestExactSessionId.mockResolvedValue('session_20260508_110903_58e664')
+    mockGetExactSessionDetail.mockResolvedValue({
+      title: 'work kanban task t_348bfaaf',
+      source: 'codex',
+      model: 'gpt-5.5',
+      started_at: 1,
+      ended_at: 2,
+      messages: [{ id: 'm1', role: 'user', content: 'work kanban task t_348bfaaf', timestamp: 1 }],
+    })
+
+    const c = ctx({ params: { id: 't_348bfaaf' }, query: { board: 'project-a' } })
+    await ctrl.get(c)
+
+    expect(c.body.session).toMatchObject({
+      id: 'session_20260508_110903_58e664',
+      title: 'work kanban task t_348bfaaf',
+    })
+    expect(c.body.session.messages[0].content).toBe('work kanban task t_348bfaaf')
+  })
+
+  it('validates create/search/readArtifact requests', async () => {
+    const createCtx = ctx({ request: { body: {} } })
+    await ctrl.create(createCtx)
+    expect(createCtx.status).toBe(400)
+    expect(mockCreateTask).not.toHaveBeenCalled()
+
+    const invalidCompleteCtx = ctx({ request: { body: { task_ids: ['task-1', 123] } } })
+    await ctrl.complete(invalidCompleteCtx)
+    expect(invalidCompleteCtx.status).toBe(400)
+    expect(mockCompleteTasks).not.toHaveBeenCalled()
+
+    const invalidBlockCtx = ctx({ params: { id: 'task-1' }, request: { body: { reason: [] } } })
+    await ctrl.block(invalidBlockCtx)
+    expect(invalidBlockCtx.status).toBe(400)
+    expect(mockBlockTask).not.toHaveBeenCalled()
+
+    const invalidUnblockCtx = ctx({ request: { body: [] } })
+    await ctrl.unblock(invalidUnblockCtx)
+    expect(invalidUnblockCtx.status).toBe(400)
+    expect(mockUnblockTasks).not.toHaveBeenCalled()
+
+    const invalidAssignCtx = ctx({ params: { id: 'task-1' }, request: { body: { profile: 123 } } })
+    await ctrl.assign(invalidAssignCtx)
+    expect(invalidAssignCtx.status).toBe(400)
+    expect(mockAssignTask).not.toHaveBeenCalled()
+
+    const searchCtx = ctx({ query: { task_id: 'task-1' } })
+    await ctrl.searchSessions(searchCtx)
+    expect(searchCtx.status).toBe(400)
+
+    const fileCtx = ctx({ query: { path: '/tmp/outside.txt' } })
+    await ctrl.readArtifact(fileCtx)
+    expect(fileCtx.status).toBe(403)
+  })
+
+  it('reads workspace artifacts and proxies action routes', async () => {
+    mockReadFile.mockResolvedValue('artifact-content')
+    mockCreateTask.mockResolvedValue({ id: 'task-2' })
+    mockCompleteTasks.mockResolvedValue(undefined)
+    mockBlockTask.mockResolvedValue(undefined)
+    mockUnblockTasks.mockResolvedValue(undefined)
+    mockAssignTask.mockResolvedValue(undefined)
+    mockGetStats.mockResolvedValue({ total: 1, by_status: {}, by_assignee: {} })
+    mockGetAssignees.mockResolvedValue([{ name: 'alice' }])
+    mockSearchSessions.mockResolvedValue([{ id: 'session-2' }])
+    mockFindLatestExactSessionId.mockResolvedValue('session-2')
+    mockGetExactSessionDetail.mockResolvedValue({
+      id: 'session-2',
+      source: 'codex',
+      title: 'Matched session',
+      preview: 'task-id matched',
+      model: 'gpt-5.5',
+      started_at: 100,
+      ended_at: 101,
+      last_active: 101,
+      message_count: 2,
+      tool_call_count: 0,
+      input_tokens: 1,
+      output_tokens: 1,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: null,
+      estimated_cost_usd: 0,
+      actual_cost_usd: null,
+      cost_status: '',
+      messages: [],
+      thread_session_count: 1,
+    })
+
+    const fileCtx = ctx({ query: { path: '/Users/tester/.hermes/kanban/workspaces/task/out.txt' } })
+    await ctrl.readArtifact(fileCtx)
+    expect(fileCtx.body).toEqual({
+      content: 'artifact-content',
+      path: '/Users/tester/.hermes/kanban/workspaces/task/out.txt',
+    })
+
+    const createCtx = ctx({ query: { board: 'project-a' }, request: { body: { title: 'Ship', body: 'x' } } })
+    await ctrl.create(createCtx)
+    expect(mockCreateTask).toHaveBeenCalledWith('Ship', { board: 'project-a', body: 'x', assignee: undefined, priority: undefined, tenant: undefined })
+    expect(createCtx.body).toEqual({ task: { id: 'task-2' } })
+
+    const completeCtx = ctx({ query: { board: 'project-a' }, request: { body: { task_ids: ['task-1'], summary: 'done' } } })
+    await ctrl.complete(completeCtx)
+    expect(mockCompleteTasks).toHaveBeenCalledWith(['task-1'], 'done', { board: 'project-a' })
+
+    const blockCtx = ctx({ query: { board: 'project-a' }, params: { id: 'task-1' }, request: { body: { reason: 'wait' } } })
+    await ctrl.block(blockCtx)
+    expect(mockBlockTask).toHaveBeenCalledWith('task-1', 'wait', { board: 'project-a' })
+
+    const unblockCtx = ctx({ query: { board: 'project-a' }, request: { body: { task_ids: ['task-1'] } } })
+    await ctrl.unblock(unblockCtx)
+    expect(mockUnblockTasks).toHaveBeenCalledWith(['task-1'], { board: 'project-a' })
+
+    const assignCtx = ctx({ query: { board: 'project-a' }, params: { id: 'task-1' }, request: { body: { profile: 'alice' } } })
+    await ctrl.assign(assignCtx)
+    expect(mockAssignTask).toHaveBeenCalledWith('task-1', 'alice', { board: 'project-a' })
+
+    const statsCtx = ctx({ query: { board: 'project-a' } })
+    await ctrl.stats(statsCtx)
+    expect(mockGetStats).toHaveBeenCalledWith({ board: 'project-a' })
+    expect(statsCtx.body).toEqual({ stats: { total: 1, by_status: {}, by_assignee: {} } })
+
+    const assigneesCtx = ctx({ query: { board: 'project-a' } })
+    await ctrl.assignees(assigneesCtx)
+    expect(mockGetAssignees).toHaveBeenCalledWith({ board: 'project-a' })
+    expect(assigneesCtx.body).toEqual({ assignees: [{ name: 'alice' }] })
+
+    const searchCtx = ctx({ query: { task_id: 'task-1', profile: 'alice', q: 'custom' } })
+    await ctrl.searchSessions(searchCtx)
+    expect(mockSearchSessions).toHaveBeenCalledWith('custom', 'alice', undefined, 10)
+
+    const exactSearchCtx = ctx({ query: { task_id: 'task-1', profile: 'alice' } })
+    await ctrl.searchSessions(exactSearchCtx)
+    expect(exactSearchCtx.body.results[0]).toMatchObject({ id: 'session-2', title: 'Matched session' })
+  })
+})
diff --git a/tests/server/kanban-routes.test.ts b/tests/server/kanban-routes.test.ts
new file mode 100644
index 0000000..8aeadf2
--- /dev/null
+++ b/tests/server/kanban-routes.test.ts
@@ -0,0 +1,79 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const handlers = {
+  listBoards: vi.fn(async (ctx: any) => { ctx.body = { boards: [] } }),
+  createBoard: vi.fn(async (ctx: any) => { ctx.body = { board: {} } }),
+  archiveBoard: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  capabilities: vi.fn(async (ctx: any) => { ctx.body = { capabilities: {} } }),
+  stats: vi.fn(async (ctx: any) => { ctx.body = { stats: {} } }),
+  assignees: vi.fn(async (ctx: any) => { ctx.body = { assignees: [] } }),
+  readArtifact: vi.fn(async (ctx: any) => { ctx.body = { content: 'x' } }),
+  searchSessions: vi.fn(async (ctx: any) => { ctx.body = { results: [] } }),
+  linkTasks: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  unlinkTasks: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  bulkUpdateTasks: vi.fn(async (ctx: any) => { ctx.body = { results: [] } }),
+  list: vi.fn(async (ctx: any) => { ctx.body = { tasks: [] } }),
+  get: vi.fn(async (ctx: any) => { ctx.body = { task: {} } }),
+  create: vi.fn(async (ctx: any) => { ctx.body = { task: {} } }),
+  complete: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  unblock: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  block: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  assign: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  addComment: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  taskLog: vi.fn(async (ctx: any) => { ctx.body = { log: '' } }),
+  diagnostics: vi.fn(async (ctx: any) => { ctx.body = { diagnostics: [] } }),
+  reclaim: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  reassign: vi.fn(async (ctx: any) => { ctx.body = { ok: true } }),
+  specify: vi.fn(async (ctx: any) => { ctx.body = { results: [] } }),
+  dispatch: vi.fn(async (ctx: any) => { ctx.body = { result: {} } }),
+}
+
+vi.mock('../../packages/server/src/controllers/hermes/kanban', () => handlers)
+
+describe('kanban routes', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    Object.values(handlers).forEach(fn => fn.mockClear())
+  })
+
+  it('registers all kanban routes', async () => {
+    const { kanbanRoutes } = await import('../../packages/server/src/routes/hermes/kanban')
+    const paths = kanbanRoutes.stack.map((entry: any) => entry.path)
+
+    expect(paths).toEqual(expect.arrayContaining([
+      '/api/hermes/kanban/boards',
+      '/api/hermes/kanban/boards/:slug',
+      '/api/hermes/kanban/capabilities',
+      '/api/hermes/kanban/stats',
+      '/api/hermes/kanban/assignees',
+      '/api/hermes/kanban/diagnostics',
+      '/api/hermes/kanban/dispatch',
+      '/api/hermes/kanban/artifact',
+      '/api/hermes/kanban/search-sessions',
+      '/api/hermes/kanban/links',
+      '/api/hermes/kanban/tasks/bulk',
+      '/api/hermes/kanban',
+      '/api/hermes/kanban/:id',
+      '/api/hermes/kanban/complete',
+      '/api/hermes/kanban/unblock',
+      '/api/hermes/kanban/:id/block',
+      '/api/hermes/kanban/:id/assign',
+      '/api/hermes/kanban/:id/comments',
+      '/api/hermes/kanban/:id/log',
+      '/api/hermes/kanban/:id/reclaim',
+      '/api/hermes/kanban/:id/reassign',
+      '/api/hermes/kanban/:id/specify',
+    ]))
+  })
+
+  it('delegates search-sessions to the controller', async () => {
+    const { kanbanRoutes } = await import('../../packages/server/src/routes/hermes/kanban')
+    const layer = kanbanRoutes.stack.find((entry: any) => entry.path === '/api/hermes/kanban/search-sessions')
+    const ctx: any = { query: { task_id: 'task-1', profile: 'alice' }, body: null, params: {} }
+
+    await layer.stack[0](ctx)
+
+    expect(handlers.searchSessions).toHaveBeenCalledWith(ctx)
+    expect(ctx.body).toEqual({ results: [] })
+  })
+})
diff --git a/tests/server/login-limiter.test.ts b/tests/server/login-limiter.test.ts
new file mode 100644
index 0000000..ef589ba
--- /dev/null
+++ b/tests/server/login-limiter.test.ts
@@ -0,0 +1,66 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+async function loadLimiter() {
+  vi.resetModules()
+  vi.doMock('fs/promises', () => ({
+    readFile: vi.fn().mockRejectedValue(new Error('ENOENT')),
+    writeFile: vi.fn(),
+    mkdir: vi.fn(),
+  }))
+  vi.doMock('fs', () => ({ writeFileSync: vi.fn() }))
+  vi.doMock('../../packages/server/src/config', () => ({
+    config: { appHome: '/tmp/hermes-web-ui-test' },
+  }))
+  return import('../../packages/server/src/services/login-limiter')
+}
+
+describe('login limiter', () => {
+  beforeEach(() => {
+    vi.useFakeTimers()
+    vi.setSystemTime(new Date('2026-05-24T00:00:00Z'))
+  })
+
+  afterEach(() => {
+    vi.useRealTimers()
+    vi.doUnmock('fs/promises')
+    vi.doUnmock('fs')
+    vi.doUnmock('../../packages/server/src/config')
+    vi.resetModules()
+  })
+
+  it('locks password login on the tenth failed attempt from the same IP', async () => {
+    const limiter = await loadLimiter()
+    const ip = '192.0.2.10'
+
+    for (let i = 0; i < 9; i++) {
+      expect(limiter.checkPassword(ip)).toEqual({ allowed: true })
+      limiter.recordPasswordFailure(ip)
+    }
+
+    expect(limiter.checkPassword(ip)).toEqual({ allowed: true })
+    limiter.recordPasswordFailure(ip)
+
+    expect(limiter.checkPassword(ip)).toEqual({ allowed: false, status: 429 })
+    expect(limiter.getLockedIps()).toEqual([
+      expect.objectContaining({ ip, type: 'password', failures: 10 }),
+    ])
+  })
+
+  it('locks token auth on the tenth failed attempt from the same IP', async () => {
+    const limiter = await loadLimiter()
+    const ip = '192.0.2.20'
+
+    for (let i = 0; i < 9; i++) {
+      expect(limiter.checkToken(ip)).toEqual({ allowed: true })
+      limiter.recordTokenFailure(ip)
+    }
+
+    expect(limiter.checkToken(ip)).toEqual({ allowed: true })
+    limiter.recordTokenFailure(ip)
+
+    expect(limiter.checkToken(ip)).toEqual({ allowed: false, status: 429 })
+    expect(limiter.getLockedIps()).toEqual([
+      expect.objectContaining({ ip, type: 'token', failures: 10 }),
+    ])
+  })
+})
diff --git a/tests/server/mcp-controller.test.ts b/tests/server/mcp-controller.test.ts
new file mode 100644
index 0000000..58d7c57
--- /dev/null
+++ b/tests/server/mcp-controller.test.ts
@@ -0,0 +1,341 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+// ── Mocks ──────────────────────────────────────────────────
+const mcpListMock = vi.fn()
+const mcpAddMock = vi.fn()
+const mcpUpdateMock = vi.fn()
+const mcpRemoveMock = vi.fn()
+const mcpTestMock = vi.fn()
+const mcpToolsMock = vi.fn()
+const mcpReloadMock = vi.fn()
+
+vi.mock('../../packages/server/src/services/hermes/agent-bridge/client', () => ({
+  AgentBridgeClient: vi.fn().mockImplementation(() => ({
+    mcpList: mcpListMock,
+    mcpAdd: mcpAddMock,
+    mcpUpdate: mcpUpdateMock,
+    mcpRemove: mcpRemoveMock,
+    mcpTest: mcpTestMock,
+    mcpTools: mcpToolsMock,
+    mcpReload: mcpReloadMock,
+  })),
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: { warn: vi.fn(), error: vi.fn(), info: vi.fn() },
+}))
+
+// ── Helpers ────────────────────────────────────────────────
+function createCtx(overrides: Record<string, any> = {}) {
+  const ctx: any = {
+    state: { profile: { name: 'test-profile' } },
+    request: { body: {} },
+    params: {},
+    query: {},
+    status: 200,
+    body: null,
+    ...overrides,
+  }
+  return ctx
+}
+
+const SAMPLE_SERVERS_RESPONSE = {
+  ok: true,
+  servers: [
+    {
+      name: 'github',
+      transport: 'stdio',
+      connected: true,
+      tools: 26,
+      tools_registered: 3,
+      tool_names: ['create_repository', 'search_repositories'],
+      tool_names_registered: ['mcp_github_create_repository', 'mcp_github_search_repositories'],
+      error: null,
+      raw_config: {
+        command: 'npx',
+        args: ['-y', '@modelcontextprotocol/server-github'],
+        tools: { include: ['create_repository', 'search_repositories'] },
+        prompts: null,
+        resources: null,
+        enabled: true,
+      },
+      tool_details: [
+        { name: 'create_repository', description: 'Create a repo' },
+        { name: 'search_repositories', description: 'Search repos' },
+      ],
+    },
+  ],
+  total_tools: 3,
+}
+
+const SAMPLE_TOOLS_RESPONSE = {
+  ok: true,
+  results: [
+    {
+      server: 'github',
+      tools: [
+        { name: 'create_repository', description: 'Create a repo', input_schema: {} },
+        { name: 'search_repositories', description: 'Search repos', input_schema: {} },
+      ],
+    },
+  ],
+}
+
+// ── Tests ──────────────────────────────────────────────────
+describe('MCP Controller', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  describe('listServers', () => {
+    it('returns servers list from bridge', async () => {
+      mcpListMock.mockResolvedValue(SAMPLE_SERVERS_RESPONSE)
+      const { listServers } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx()
+      await listServers(ctx)
+      expect(ctx.body).toEqual(SAMPLE_SERVERS_RESPONSE)
+      expect(mcpListMock).toHaveBeenCalledWith('test-profile')
+    })
+
+    it('returns 503 on bridge error', async () => {
+      mcpListMock.mockRejectedValue(new Error('bridge down'))
+      const { listServers } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx()
+      await listServers(ctx)
+      expect(ctx.status).toBe(503)
+      expect(ctx.body).toEqual({ error: 'bridge down' })
+    })
+  })
+
+  describe('addServer', () => {
+    it('sends name and config to bridge', async () => {
+      mcpAddMock.mockResolvedValue({ ok: true, name: 'my-server' })
+      const { addServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ request: { body: { name: 'my-server', config: { command: 'node', args: ['srv.js'] } } } })
+      await addServer(ctx)
+      expect(mcpAddMock).toHaveBeenCalledWith('my-server', { command: 'node', args: ['srv.js'] }, 'test-profile')
+      expect(ctx.body).toEqual({ ok: true, name: 'my-server' })
+    })
+
+    it('returns 400 when name is missing', async () => {
+      const { addServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ request: { body: { config: { command: 'x' } } } })
+      await addServer(ctx)
+      expect(ctx.status).toBe(400)
+      expect(mcpAddMock).not.toHaveBeenCalled()
+    })
+
+    it('returns 400 when config is missing', async () => {
+      const { addServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ request: { body: { name: 'x' } } })
+      await addServer(ctx)
+      expect(ctx.status).toBe(400)
+    })
+  })
+
+  describe('updateServer', () => {
+    it('sends name from params and config to bridge', async () => {
+      mcpUpdateMock.mockResolvedValue({ ok: true })
+      const { updateServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({
+        params: { name: 'github' },
+        request: { body: { config: { tools: { include: ['a', 'b'] } } } },
+      })
+      await updateServer(ctx)
+      expect(mcpUpdateMock).toHaveBeenCalledWith('github', { tools: { include: ['a', 'b'] } }, 'test-profile')
+    })
+
+    it('returns 400 when config is missing', async () => {
+      const { updateServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ params: { name: 'github' }, request: { body: {} } })
+      await updateServer(ctx)
+      expect(ctx.status).toBe(400)
+    })
+
+    it('sends tools.include config for include mode', async () => {
+      mcpUpdateMock.mockResolvedValue({ ok: true })
+      const { updateServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({
+        params: { name: 'github' },
+        request: { body: { config: { command: 'npx', args: ['-y', 'server'], tools: { include: ['read_file', 'write_file'] } } } },
+      })
+      await updateServer(ctx)
+      expect(mcpUpdateMock).toHaveBeenCalledWith('github', {
+        command: 'npx',
+        args: ['-y', 'server'],
+        tools: { include: ['read_file', 'write_file'] },
+      }, 'test-profile')
+      expect(ctx.body).toEqual({ ok: true })
+    })
+
+    it('sends tools.exclude config for exclude mode', async () => {
+      mcpUpdateMock.mockResolvedValue({ ok: true })
+      const { updateServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({
+        params: { name: 'github' },
+        request: { body: { config: { command: 'npx', args: ['-y', 'server'], tools: { exclude: ['delete_file'] } } } },
+      })
+      await updateServer(ctx)
+      expect(mcpUpdateMock).toHaveBeenCalledWith('github', {
+        command: 'npx',
+        args: ['-y', 'server'],
+        tools: { exclude: ['delete_file'] },
+      }, 'test-profile')
+      expect(ctx.body).toEqual({ ok: true })
+    })
+
+    it('sends config without tools field for all mode', async () => {
+      mcpUpdateMock.mockResolvedValue({ ok: true })
+      const { updateServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({
+        params: { name: 'github' },
+        request: { body: { config: { command: 'npx', args: ['-y', 'server'] } } },
+      })
+      await updateServer(ctx)
+      expect(mcpUpdateMock).toHaveBeenCalledWith('github', {
+        command: 'npx',
+        args: ['-y', 'server'],
+      }, 'test-profile')
+      expect(ctx.body).toEqual({ ok: true })
+    })
+  })
+
+  describe('removeServer', () => {
+    it('sends name to bridge', async () => {
+      mcpRemoveMock.mockResolvedValue({ ok: true })
+      const { removeServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ params: { name: 'github' } })
+      await removeServer(ctx)
+      expect(mcpRemoveMock).toHaveBeenCalledWith('github', 'test-profile')
+    })
+  })
+
+  describe('testServer', () => {
+    it('returns tool list from bridge', async () => {
+      mcpTestMock.mockResolvedValue({ ok: true, tools: ['create_repository', 'search_repositories'] })
+      const { testServer } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ params: { name: 'github' } })
+      await testServer(ctx)
+      expect(mcpTestMock).toHaveBeenCalledWith('github', 'test-profile')
+      expect(ctx.body).toEqual({ ok: true, tools: ['create_repository', 'search_repositories'] })
+    })
+  })
+
+  describe('listTools', () => {
+    it('returns tools without server filter', async () => {
+      mcpToolsMock.mockResolvedValue(SAMPLE_TOOLS_RESPONSE)
+      const { listTools } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ query: {} })
+      await listTools(ctx)
+      expect(mcpToolsMock).toHaveBeenCalledWith(undefined, 'test-profile', undefined)
+      expect(ctx.body).toEqual(SAMPLE_TOOLS_RESPONSE)
+    })
+
+    it('passes server filter to bridge', async () => {
+      mcpToolsMock.mockResolvedValue(SAMPLE_TOOLS_RESPONSE)
+      const { listTools } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ query: { server: 'github' } })
+      await listTools(ctx)
+      expect(mcpToolsMock).toHaveBeenCalledWith('github', 'test-profile', undefined)
+    })
+
+    it('passes raw=true to get unfiltered tools', async () => {
+      mcpToolsMock.mockResolvedValue(SAMPLE_TOOLS_RESPONSE)
+      const { listTools } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ query: { server: 'github', raw: '1' } })
+      await listTools(ctx)
+      expect(mcpToolsMock).toHaveBeenCalledWith('github', 'test-profile', true)
+    })
+
+    it('returns 503 on bridge error', async () => {
+      mcpToolsMock.mockRejectedValue(new Error('timeout'))
+      const { listTools } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx()
+      await listTools(ctx)
+      expect(ctx.status).toBe(503)
+    })
+  })
+
+  describe('reloadMcp', () => {
+    it('reloads all servers when no filter', async () => {
+      mcpReloadMock.mockResolvedValue({ ok: true, message: 'MCP servers reloaded' })
+      const { reloadMcp } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ query: {} })
+      await reloadMcp(ctx)
+      expect(mcpReloadMock).toHaveBeenCalledWith(undefined, 'test-profile')
+    })
+
+    it('reloads specific server', async () => {
+      mcpReloadMock.mockResolvedValue({ ok: true, message: 'MCP servers reloaded' })
+      const { reloadMcp } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ query: { server: 'github' } })
+      await reloadMcp(ctx)
+      expect(mcpReloadMock).toHaveBeenCalledWith('github', 'test-profile')
+    })
+
+    it('returns 503 on bridge error', async () => {
+      mcpReloadMock.mockRejectedValue(new Error('reload failed'))
+      const { reloadMcp } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx()
+      await reloadMcp(ctx)
+      expect(ctx.status).toBe(503)
+    })
+  })
+
+  describe('profile handling', () => {
+    it('passes undefined profile when ctx.state.profile is missing', async () => {
+      mcpListMock.mockResolvedValue({ ok: true, servers: [], total_tools: 0 })
+      const { listServers } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ state: {} })
+      await listServers(ctx)
+      expect(mcpListMock).toHaveBeenCalledWith(undefined)
+    })
+
+    it('passes undefined profile when profile.name is empty', async () => {
+      mcpListMock.mockResolvedValue({ ok: true, servers: [], total_tools: 0 })
+      const { listServers } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx({ state: { profile: { name: '' } } })
+      await listServers(ctx)
+      expect(mcpListMock).toHaveBeenCalledWith(undefined)
+    })
+  })
+
+  describe('response structure', () => {
+    it('mcp_list response has all required fields', async () => {
+      mcpListMock.mockResolvedValue(SAMPLE_SERVERS_RESPONSE)
+      const { listServers } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx()
+      await listServers(ctx)
+      const body = ctx.body as any
+      expect(body.ok).toBe(true)
+      expect(body.servers).toBeDefined()
+      expect(body.total_tools).toBeDefined()
+      const server = body.servers[0]
+      expect(server).toHaveProperty('name')
+      expect(server).toHaveProperty('transport')
+      expect(server).toHaveProperty('connected')
+      expect(server).toHaveProperty('tools')
+      expect(server).toHaveProperty('tools_registered')
+      expect(server).toHaveProperty('tool_names')
+      expect(server).toHaveProperty('tool_names_registered')
+      expect(server).toHaveProperty('raw_config')
+      expect(server).toHaveProperty('tool_details')
+      expect(server.raw_config).toHaveProperty('command')
+      expect(server.raw_config).toHaveProperty('enabled')
+    })
+
+    it('mcp_tools_list response has tools with name/description/schema', async () => {
+      mcpToolsMock.mockResolvedValue(SAMPLE_TOOLS_RESPONSE)
+      const { listTools } = await import('../../packages/server/src/controllers/hermes/mcp')
+      const ctx = createCtx()
+      await listTools(ctx)
+      const body = ctx.body as any
+      expect(body.ok).toBe(true)
+      expect(body.results).toHaveLength(1)
+      const tool = body.results[0].tools[0]
+      expect(tool).toHaveProperty('name')
+      expect(tool).toHaveProperty('description')
+      expect(tool).toHaveProperty('input_schema')
+    })
+  })
+})
diff --git a/tests/server/media-controller.test.ts b/tests/server/media-controller.test.ts
new file mode 100644
index 0000000..fbd81e0
--- /dev/null
+++ b/tests/server/media-controller.test.ts
@@ -0,0 +1,25 @@
+import { join } from 'path'
+import { afterEach, describe, expect, it, vi } from 'vitest'
+
+const originalWebUiHome = process.env.HERMES_WEB_UI_HOME
+const originalWebuiStateDir = process.env.HERMES_WEBUI_STATE_DIR
+
+afterEach(() => {
+  vi.resetModules()
+  if (originalWebUiHome === undefined) delete process.env.HERMES_WEB_UI_HOME
+  else process.env.HERMES_WEB_UI_HOME = originalWebUiHome
+  if (originalWebuiStateDir === undefined) delete process.env.HERMES_WEBUI_STATE_DIR
+  else process.env.HERMES_WEBUI_STATE_DIR = originalWebuiStateDir
+})
+
+describe('media controller', () => {
+  it('uses Hermes Web UI media directory as the default generated video output path', async () => {
+    process.env.HERMES_WEB_UI_HOME = '/tmp/hermes-web-ui-test-home'
+    const { defaultImageOutputPath, defaultMediaOutputPath } = await import('../../packages/server/src/controllers/hermes/media')
+
+    expect(defaultMediaOutputPath('req_123')).toBe(join('/tmp/hermes-web-ui-test-home', 'media', 'req_123.mp4'))
+    expect(defaultMediaOutputPath('bad/request:id')).toBe(join('/tmp/hermes-web-ui-test-home', 'media', 'bad_request_id.mp4'))
+    expect(defaultImageOutputPath('img_123')).toBe(join('/tmp/hermes-web-ui-test-home', 'media', 'img_123.png'))
+    expect(defaultImageOutputPath('bad/request:id', 1)).toBe(join('/tmp/hermes-web-ui-test-home', 'media', 'bad_request_id-2.png'))
+  })
+})
diff --git a/tests/server/message-content-normalization.test.ts b/tests/server/message-content-normalization.test.ts
new file mode 100644
index 0000000..ba09851
--- /dev/null
+++ b/tests/server/message-content-normalization.test.ts
@@ -0,0 +1,62 @@
+import { describe, expect, it } from 'vitest'
+
+import {
+  normalizeMessageContentForStorage,
+  normalizeMessageContentForStorageRole,
+} from '../../packages/server/src/db/hermes/message-content'
+
+describe('message content normalization', () => {
+  it('summarizes multimodal envelopes without persisting base64 images', () => {
+    const content = {
+      _multimodal: true,
+      content: [
+        { type: 'text', text: 'Image loaded into context.' },
+        { type: 'image_url', image_url: { url: 'data:image/png;base64,AAAA' } },
+      ],
+    }
+
+    const normalized = normalizeMessageContentForStorage(JSON.stringify(content))
+
+    expect(normalized).toBe('Image loaded into context.\n[screenshot]')
+    expect(normalized).not.toContain('data:image/')
+    expect(normalized).not.toContain('AAAA')
+  })
+
+  it('summarizes OpenAI-style content part arrays', () => {
+    const normalized = normalizeMessageContentForStorage([
+      { type: 'text', text: 'Question: what is shown?' },
+      { type: 'input_image', image_url: 'data:image/jpeg;base64,BBBB' },
+    ])
+
+    expect(normalized).toBe('Question: what is shown?\n[screenshot]')
+  })
+
+  it('redacts nested data images in non-envelope JSON without dropping other fields', () => {
+    const normalized = normalizeMessageContentForStorage(JSON.stringify({
+      output: {
+        url: 'data:image/png;base64,CCCC',
+        status: 'ok',
+      },
+    }))
+
+    expect(JSON.parse(normalized)).toEqual({
+      output: {
+        url: '[screenshot]',
+        status: 'ok',
+      },
+    })
+  })
+
+  it('does not parse or rewrite unrelated JSON strings', () => {
+    const content = '{\n  "type": "event",\n  "payload": "ok"\n}'
+
+    expect(normalizeMessageContentForStorage(content)).toBe(content)
+  })
+
+  it('keeps user-authored image data untouched and only cleans non-user messages', () => {
+    const content = '{"content":[{"type":"image_url","image_url":{"url":"data:image/png;base64,DDDD"}}]}'
+
+    expect(normalizeMessageContentForStorageRole('user', content)).toBe(content)
+    expect(normalizeMessageContentForStorageRole('tool', content)).not.toContain('data:image/')
+  })
+})
diff --git a/tests/server/model-alias-controller.test.ts b/tests/server/model-alias-controller.test.ts
new file mode 100644
index 0000000..4fad9a0
--- /dev/null
+++ b/tests/server/model-alias-controller.test.ts
@@ -0,0 +1,130 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const { mockReadAppConfig, mockWriteAppConfig } = vi.hoisted(() => ({
+  mockReadAppConfig: vi.fn(),
+  mockWriteAppConfig: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/app-config', () => ({
+  readAppConfig: mockReadAppConfig,
+  writeAppConfig: mockWriteAppConfig,
+}))
+
+vi.mock('../../packages/server/src/services/config-helpers', () => ({
+  readConfigYaml: vi.fn(),
+  writeConfigYaml: vi.fn(),
+  fetchProviderModels: vi.fn(),
+  buildModelGroups: vi.fn(() => ({ default: '', default_provider: '', groups: [] })),
+  PROVIDER_ENV_MAP: {},
+}))
+
+vi.mock('../../packages/server/src/shared/providers', () => ({
+  buildProviderModelMap: vi.fn(() => ({})),
+  PROVIDER_PRESETS: [],
+}))
+
+vi.mock('../../packages/server/src/services/hermes/copilot-models', () => ({
+  getCopilotModelsDetailed: vi.fn(),
+  resolveCopilotOAuthToken: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/db', () => ({
+  getDb: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/schemas', () => ({
+  MODEL_CONTEXT_TABLE: 'model_context',
+}))
+
+import { setModelAlias } from '../../packages/server/src/controllers/hermes/models'
+
+describe('model alias controller', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mockWriteAppConfig.mockResolvedValue({})
+  })
+
+  function createCtx(body: unknown) {
+    return {
+      request: { body },
+      status: 200,
+      body: undefined as unknown,
+    }
+  }
+
+  it('saves a trimmed alias in Web UI app config', async () => {
+    mockReadAppConfig.mockResolvedValue({
+      modelAliases: {
+        deepseek: { old: 'Old Alias' },
+      },
+    })
+    const ctx = createCtx({ provider: 'deepseek', model: 'deepseek-v4-flash', alias: '  Flash Alias  ' })
+
+    await setModelAlias(ctx)
+
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({
+      modelAliases: {
+        deepseek: {
+          old: 'Old Alias',
+          'deepseek-v4-flash': 'Flash Alias',
+        },
+      },
+    })
+    expect(ctx.body).toEqual({
+      success: true,
+      model_aliases: {
+        deepseek: {
+          old: 'Old Alias',
+          'deepseek-v4-flash': 'Flash Alias',
+        },
+      },
+    })
+  })
+
+  it('deletes an alias when alias is blank and removes empty provider entries', async () => {
+    mockReadAppConfig.mockResolvedValue({
+      modelAliases: {
+        deepseek: { 'deepseek-v4-flash': 'Flash Alias' },
+      },
+    })
+    const ctx = createCtx({ provider: 'deepseek', model: 'deepseek-v4-flash', alias: '   ' })
+
+    await setModelAlias(ctx)
+
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({ modelAliases: {} })
+    expect(ctx.body).toEqual({ success: true, model_aliases: {} })
+  })
+
+  it('rejects missing provider or model', async () => {
+    const ctx = createCtx({ provider: 'deepseek', alias: 'Alias' })
+
+    await setModelAlias(ctx)
+
+    expect(ctx.status).toBe(400)
+    expect(ctx.body).toEqual({ error: 'Invalid provider, model, or alias' })
+    expect(mockWriteAppConfig).not.toHaveBeenCalled()
+  })
+
+  it('stores inherited Object.prototype names as own alias keys', async () => {
+    mockReadAppConfig.mockResolvedValue({})
+    const ctx = createCtx({ provider: 'toString', model: 'valueOf', alias: 'Safe Alias' })
+
+    await setModelAlias(ctx)
+
+    const written = mockWriteAppConfig.mock.calls[0][0]
+    expect(written.modelAliases.toString.valueOf).toBe('Safe Alias')
+    expect(Object.prototype.hasOwnProperty.call(written.modelAliases, 'toString')).toBe(true)
+    expect(Object.prototype.hasOwnProperty.call(written.modelAliases.toString, 'valueOf')).toBe(true)
+  })
+
+  it('rejects reserved object keys to avoid prototype pollution', async () => {
+    const ctx = createCtx({ provider: '__proto__', model: 'deepseek-v4-flash', alias: 'Alias' })
+
+    await setModelAlias(ctx)
+
+    expect(ctx.status).toBe(400)
+    expect(ctx.body).toEqual({ error: 'Invalid provider or model' })
+    expect(mockWriteAppConfig).not.toHaveBeenCalled()
+    expect(({} as Record<string, unknown>).deepseek).toBeUndefined()
+  })
+})
diff --git a/tests/server/model-context.test.ts b/tests/server/model-context.test.ts
new file mode 100644
index 0000000..155d06e
--- /dev/null
+++ b/tests/server/model-context.test.ts
@@ -0,0 +1,362 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+
+let homeDir = ''
+const originalHermesHome = process.env.HERMES_HOME
+const originalLocalAppData = process.env.LOCALAPPDATA
+const originalAppData = process.env.APPDATA
+
+function hermesPath(...parts: string[]) {
+  return join(homeDir, '.hermes', ...parts)
+}
+
+function writeConfig(content: string) {
+  mkdirSync(hermesPath(), { recursive: true })
+  writeFileSync(hermesPath('config.yaml'), content)
+}
+
+function writeModelsCache(data: Record<string, unknown>) {
+  mkdirSync(hermesPath(), { recursive: true })
+  writeFileSync(hermesPath('models_dev_cache.json'), JSON.stringify(data))
+}
+
+async function loadModelContext() {
+  process.env.HERMES_HOME = hermesPath()
+  delete process.env.LOCALAPPDATA
+  delete process.env.APPDATA
+  vi.resetModules()
+  vi.doMock('os', async () => ({
+    ...(await vi.importActual<typeof import('os')>('os')),
+    homedir: () => homeDir,
+  }))
+  // Mock getDb to return null to avoid "database is locked" errors in parallel tests
+  vi.doMock('../../packages/server/src/db/index', async () => {
+    const actual = await vi.importActual<typeof import('../../packages/server/src/db/index')>('../../packages/server/src/db/index')
+    return {
+      ...actual,
+      getDb: () => null,
+    }
+  })
+  return import('../../packages/server/src/services/hermes/model-context')
+}
+
+describe('getModelContextLength', () => {
+  beforeEach(() => {
+    homeDir = mkdtempSync(join(tmpdir(), 'hwui-model-context-'))
+  })
+
+  afterEach(() => {
+    vi.doUnmock('os')
+    if (originalHermesHome === undefined) delete process.env.HERMES_HOME
+    else process.env.HERMES_HOME = originalHermesHome
+    if (originalLocalAppData === undefined) delete process.env.LOCALAPPDATA
+    else process.env.LOCALAPPDATA = originalLocalAppData
+    if (originalAppData === undefined) delete process.env.APPDATA
+    else process.env.APPDATA = originalAppData
+    if (homeDir) rmSync(homeDir, { recursive: true, force: true })
+    homeDir = ''
+  })
+
+  it('does not borrow a same-named model context from another provider when the configured provider is uncached', async () => {
+    writeConfig(`model:\n  default: gpt-5.5\n  provider: openai-codex\n`)
+    writeModelsCache({
+      openai: {
+        models: {
+          'gpt-5.5': { limit: { context: 1_050_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(256_000)
+  })
+
+  it('does not scan other providers when the configured provider exists without that model', async () => {
+    writeConfig(`model:\n  default: gpt-5.5\n  provider: openai-codex\n`)
+    writeModelsCache({
+      'openai-codex': {
+        models: {
+          'gpt-5.4': { limit: { context: 256_000 } },
+        },
+      },
+      openai: {
+        models: {
+          'gpt-5.5': { limit: { context: 1_050_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(256_000)
+  })
+
+  it('uses the configured provider cache entry when the provider matches', async () => {
+    writeConfig(`model:\n  default: gpt-5.5\n  provider: openai\n`)
+    writeModelsCache({
+      openai: {
+        models: {
+          'gpt-5.5': { limit: { context: 1_050_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(1_050_000)
+  })
+
+  it('prefers requested provider model context_length over top-level default context_length', async () => {
+    writeConfig(`model:\n  default: gpt-5.5\n  provider: openai-codex\n  context_length: 272000\n\nproviders:\n  qwen:\n    name: Qwen\n    default_model: qwen3.6-plus\n    models:\n      qwen3.6-plus:\n        context_length: 1048576\n`)
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength({ provider: 'qwen', model: 'qwen3.6-plus' })).toBe(1_048_576)
+  })
+
+  it('uses provider-level context_length when the requested model belongs to that provider', async () => {
+    writeConfig(`model:\n  default: gpt-5.5\n  provider: openai-codex\n  context_length: 272000\n\nproviders:\n  qwen:\n    name: Qwen\n    default_model: qwen3.6-plus\n    models:\n      - qwen3.6-plus\n    context_length: 1048576\n`)
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength({ provider: 'qwen', model: 'qwen3.6-plus' })).toBe(1_048_576)
+  })
+
+  it('keeps legacy model-name cache lookup when no provider is configured', async () => {
+    writeConfig(`model:\n  default: gpt-5.5\n`)
+    writeModelsCache({
+      openai: {
+        models: {
+          'gpt-5.5': { limit: { context: 1_050_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(1_050_000)
+  })
+
+  it('keeps providerless legacy lookup on global exact matches before prefixed suffix matches', async () => {
+    writeConfig(`model:\n  default: gpt-5\n`)
+    writeModelsCache({
+      vercel: {
+        models: {
+          'openai/gpt-5': { limit: { context: 1_000_000 } },
+        },
+      },
+      openai: {
+        models: {
+          'gpt-5': { limit: { context: 400_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(400_000)
+  })
+
+  it('maps WUI provider keys to model-cache provider keys before looking up limits', async () => {
+    writeConfig(`model:\n  default: gemini-3.1-pro-preview\n  provider: gemini\n`)
+    writeModelsCache({
+      google: {
+        models: {
+          'gemini-3.1-pro-preview': { limit: { context: 1_000_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(1_000_000)
+  })
+
+  it('uses gateway provider aliases with prefixed model names inside the aliased provider only', async () => {
+    writeConfig(`model:\n  default: openai/gpt-5\n  provider: ai-gateway\n`)
+    writeModelsCache({
+      vercel: {
+        models: {
+          'openai/gpt-5': { limit: { context: 1_000_000 } },
+        },
+      },
+      openai: {
+        models: {
+          'gpt-5': { limit: { context: 400_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(1_000_000)
+  })
+
+  it('resolves provider: custom through model.base_url before falling back to the default context length', async () => {
+    writeConfig(`model:\n  default: deepseek-v4-pro\n  provider: custom\n  base_url: https://api.deepseek.com\n`)
+    writeModelsCache({
+      deepseek: {
+        models: {
+          'deepseek-v4-pro': { limit: { context: 1_000_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(1_000_000)
+  })
+
+  it('resolves custom:name providers when the matched custom provider base_url points at a builtin provider', async () => {
+    writeConfig(`model:\n  default: deepseek-v4-pro\n  provider: custom:deepseek\n\ncustom_providers:\n  - name: deepseek\n    base_url: https://api.deepseek.com\n    model: deepseek-v4-pro\n`)
+    writeModelsCache({
+      deepseek: {
+        models: {
+          'deepseek-v4-pro': { limit: { context: 1_000_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(1_000_000)
+  })
+
+  it('prefers the builtin provider inferred from a matched custom provider base_url over an arbitrary custom provider name', async () => {
+    writeConfig(`model:\n  default: shared-model\n  provider: custom:corp-proxy\n\ncustom_providers:\n  - name: corp-proxy\n    base_url: https://api.deepseek.com\n    model: shared-model\n`)
+    writeModelsCache({
+      deepseek: {
+        models: {
+          'shared-model': { limit: { context: 1_000_000 } },
+        },
+      },
+      openai: {
+        models: {
+          'shared-model': { limit: { context: 400_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(1_000_000)
+  })
+
+  it('does not trust a stale custom:name provider hint without a matching custom provider entry', async () => {
+    writeConfig(`model:\n  default: deepseek-v4-pro\n  provider: custom:deepseek\n`)
+    writeModelsCache({
+      deepseek: {
+        models: {
+          'deepseek-v4-pro': { limit: { context: 1_000_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(256_000)
+  })
+
+  it('does not trust custom:name alone when the matched custom provider entry points at an unknown proxy url', async () => {
+    writeConfig(`model:\n  default: deepseek-v4-pro\n  provider: custom:deepseek\n\ncustom_providers:\n  - name: deepseek\n    base_url: https://proxy.example.com/v1\n    model: deepseek-v4-pro\n`)
+    writeModelsCache({
+      deepseek: {
+        models: {
+          'deepseek-v4-pro': { limit: { context: 1_000_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(256_000)
+  })
+
+  it('does not fall through to a unique global match after a resolved custom:name provider misses in its scoped cache provider', async () => {
+    writeConfig(`model:\n  default: gpt-5.5\n  provider: custom:deepseek\n\ncustom_providers:\n  - name: deepseek\n    base_url: https://api.deepseek.com\n    model: gpt-5.5\n`)
+    writeModelsCache({
+      openai: {
+        models: {
+          'gpt-5.5': { limit: { context: 400_000 } },
+        },
+      },
+      deepseek: {
+        models: {
+          'deepseek-v4-pro': { limit: { context: 1_000_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(256_000)
+  })
+
+  it('allows a unique global model-name fallback for unresolved custom providers', async () => {
+    writeConfig(`model:\n  default: deepseek-v4-pro\n  provider: custom\n  base_url: https://proxy.example.com/v1\n`)
+    writeModelsCache({
+      deepseek: {
+        models: {
+          'deepseek-v4-pro': { limit: { context: 1_000_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(1_000_000)
+  })
+
+  it('still allows the unique global fallback when provider: custom matches a custom provider entry that cannot be mapped to a builtin cache provider', async () => {
+    writeConfig(`model:\n  default: deepseek-v4-pro\n  provider: custom\n\ncustom_providers:\n  - name: corp-proxy\n    base_url: https://proxy.example.com/v1\n    model: deepseek-v4-pro\n`)
+    writeModelsCache({
+      deepseek: {
+        models: {
+          'deepseek-v4-pro': { limit: { context: 1_000_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(1_000_000)
+  })
+
+  it('keeps the unresolved custom-provider fallback strict to exact or case-insensitive model-name matches', async () => {
+    writeConfig(`model:\n  default: gpt-5\n  provider: custom\n  base_url: https://proxy.example.com/v1\n`)
+    writeModelsCache({
+      vercel: {
+        models: {
+          'openai/gpt-5': { limit: { context: 1_000_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(256_000)
+  })
+
+  it('does not guess across multiple cache providers when a custom provider remains unresolved', async () => {
+    writeConfig(`model:\n  default: shared-model\n  provider: custom\n  base_url: https://proxy.example.com/v1\n`)
+    writeModelsCache({
+      deepseek: {
+        models: {
+          'shared-model': { limit: { context: 1_000_000 } },
+        },
+      },
+      openai: {
+        models: {
+          'shared-model': { limit: { context: 400_000 } },
+        },
+      },
+    })
+
+    const { getModelContextLength } = await loadModelContext()
+
+    expect(getModelContextLength()).toBe(256_000)
+  })
+})
diff --git a/tests/server/model-visibility-controller.test.ts b/tests/server/model-visibility-controller.test.ts
new file mode 100644
index 0000000..1090834
--- /dev/null
+++ b/tests/server/model-visibility-controller.test.ts
@@ -0,0 +1,519 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const { mockReadFile, mockReadConfigYaml, mockReadConfigYamlForProfile, mockFetchProviderModels, mockBuildModelGroups, mockReadAppConfig, mockWriteAppConfig, mockExistsSync, mockReadFileSync, mockListProfileNamesFromDisk, mockListUserProfiles } = vi.hoisted(() => ({
+  mockReadFile: vi.fn(),
+  mockReadConfigYaml: vi.fn(),
+  mockReadConfigYamlForProfile: vi.fn(),
+  mockFetchProviderModels: vi.fn(),
+  mockBuildModelGroups: vi.fn(() => ({ default: '', groups: [] })),
+  mockReadAppConfig: vi.fn(),
+  mockWriteAppConfig: vi.fn(),
+  mockExistsSync: vi.fn(() => false),
+  mockReadFileSync: vi.fn(),
+  mockListProfileNamesFromDisk: vi.fn(() => ['default']),
+  mockListUserProfiles: vi.fn(() => []),
+}))
+
+vi.mock('fs/promises', () => ({
+  readFile: mockReadFile,
+}))
+
+vi.mock('fs', () => ({
+  existsSync: mockExistsSync,
+  readFileSync: mockReadFileSync,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveEnvPath: () => '/fake/home/.hermes/.env',
+  getActiveAuthPath: () => '/fake/home/.hermes/auth.json',
+  getActiveProfileName: () => 'default',
+  getProfileDir: () => '/fake/home/.hermes',
+  listProfileNamesFromDisk: mockListProfileNamesFromDisk,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/users-store', () => ({
+  listUserProfiles: mockListUserProfiles,
+}))
+
+vi.mock('../../packages/server/src/services/config-helpers', () => ({
+  readConfigYaml: mockReadConfigYaml,
+  readConfigYamlForProfile: mockReadConfigYamlForProfile,
+  writeConfigYaml: vi.fn(),
+  fetchProviderModels: mockFetchProviderModels,
+  buildModelGroups: mockBuildModelGroups,
+  PROVIDER_ENV_MAP: {
+    'fun-codex': { api_key_env: '', base_url_env: '' },
+    deepseek: { api_key_env: 'DEEPSEEK_API_KEY', base_url_env: 'DEEPSEEK_BASE_URL' },
+    lmstudio: { api_key_env: 'LM_API_KEY', base_url_env: 'LM_BASE_URL' },
+    'xai-oauth': { api_key_env: '', base_url_env: '' },
+    openrouter: {},
+  },
+}))
+
+vi.mock('../../packages/server/src/shared/providers', () => ({
+  buildProviderModelMap: () => ({
+    deepseek: ['deepseek-chat', 'deepseek-reasoner'],
+    'xai-oauth': ['grok-4.3', 'grok-4.20-0309-reasoning'],
+    openrouter: ['openrouter/auto'],
+  }),
+  PROVIDER_PRESETS: [
+    {
+      value: 'fun-codex',
+      label: 'Codex-apikey.fun',
+      base_url: 'https://api.apikey.fun/v1',
+      models: ['gpt-5.5'],
+      builtin: true,
+    },
+    {
+      value: 'deepseek',
+      label: 'DeepSeek',
+      base_url: 'https://api.deepseek.com/v1',
+      models: ['deepseek-chat', 'deepseek-reasoner'],
+      builtin: true,
+    },
+    {
+      value: 'openrouter',
+      label: 'OpenRouter',
+      base_url: 'https://openrouter.ai/api/v1',
+      models: ['openrouter/auto'],
+      builtin: true,
+    },
+    {
+      value: 'lmstudio',
+      label: 'LM Studio',
+      base_url: 'http://127.0.0.1:1234/v1',
+      models: [],
+      builtin: true,
+    },
+    {
+      value: 'xai-oauth',
+      label: 'xAI Grok OAuth (SuperGrok Subscription)',
+      base_url: 'https://api.x.ai/v1',
+      models: ['grok-4.3', 'grok-4.20-0309-reasoning'],
+      builtin: true,
+    },
+  ],
+}))
+
+vi.mock('../../packages/server/src/services/hermes/copilot-models', () => ({
+  getCopilotModelsDetailed: vi.fn(async () => []),
+  resolveCopilotOAuthToken: vi.fn(async () => ''),
+}))
+
+vi.mock('../../packages/server/src/services/app-config', () => ({
+  readAppConfig: mockReadAppConfig,
+  writeAppConfig: mockWriteAppConfig,
+}))
+
+vi.mock('../../packages/server/src/db', () => ({
+  getDb: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/schemas', () => ({
+  MODEL_CONTEXT_TABLE: 'model_context',
+}))
+
+import * as ctrl from '../../packages/server/src/controllers/hermes/models'
+
+function makeCtx(body: Record<string, unknown> = {}): any {
+  return { params: {}, query: {}, request: { body }, body: undefined, status: 200 }
+}
+
+beforeEach(() => {
+  vi.clearAllMocks()
+  mockReadFile.mockResolvedValue('DEEPSEEK_API_KEY=sk-test\n')
+  mockFetchProviderModels.mockResolvedValue([])
+  mockReadConfigYaml.mockResolvedValue({ model: { default: 'deepseek-chat', provider: 'deepseek' } })
+  mockReadConfigYamlForProfile.mockResolvedValue({ model: { default: 'deepseek-chat', provider: 'deepseek' } })
+  mockBuildModelGroups.mockReturnValue({ default: '', groups: [] })
+  mockReadAppConfig.mockResolvedValue({})
+  mockWriteAppConfig.mockImplementation(async patch => patch)
+  mockExistsSync.mockReturnValue(false)
+  mockReadFileSync.mockReturnValue('{}')
+  mockListProfileNamesFromDisk.mockReturnValue(['default'])
+  mockListUserProfiles.mockReturnValue([])
+})
+
+describe('models controller — model visibility', () => {
+  it('filters available models per provider without changing canonical IDs', async () => {
+    mockReadAppConfig.mockResolvedValue({
+      modelVisibility: {
+        deepseek: { mode: 'include', models: ['deepseek-reasoner'] },
+      },
+    })
+
+    const ctx = makeCtx()
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(ctx.body.groups).toHaveLength(1)
+    expect(ctx.body.groups[0]).toMatchObject({
+      provider: 'deepseek',
+      models: ['deepseek-reasoner'],
+      available_models: ['deepseek-chat', 'deepseek-reasoner'],
+    })
+    expect(ctx.body.default).toBe('deepseek-reasoner')
+    expect(ctx.body.default_provider).toBe('deepseek')
+    expect(ctx.body.model_visibility).toEqual({
+      deepseek: { mode: 'include', models: ['deepseek-reasoner'] },
+    })
+  })
+
+  it('merges Web UI custom models into available provider groups', async () => {
+    mockReadAppConfig.mockResolvedValue({
+      customModels: {
+        deepseek: ['gemma-4-26b-a4b-it', 'deepseek-chat'],
+      },
+    })
+
+    const ctx = makeCtx()
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(ctx.body.groups[0]).toMatchObject({
+      provider: 'deepseek',
+      models: ['deepseek-chat', 'deepseek-reasoner', 'gemma-4-26b-a4b-it'],
+      available_models: ['deepseek-chat', 'deepseek-reasoner', 'gemma-4-26b-a4b-it'],
+    })
+    expect(ctx.body.custom_models).toEqual({
+      deepseek: ['gemma-4-26b-a4b-it', 'deepseek-chat'],
+    })
+  })
+
+  it('limits the default available-models response to profiles bound to regular admins', async () => {
+    mockListProfileNamesFromDisk.mockReturnValue(['default', 'research', 'private'])
+    mockListUserProfiles.mockReturnValue([
+      { user_id: 7, profile_name: 'research', is_default: 1, created_at: 1 },
+    ])
+    mockReadConfigYamlForProfile.mockImplementation(async (profile: string) => ({
+      model: {
+        default: `${profile}-model`,
+        provider: 'deepseek',
+      },
+    }))
+
+    const ctx = makeCtx()
+    ctx.state = { user: { id: 7, username: 'ops', role: 'admin' } }
+    ctx.get = vi.fn((name: string) => name.toLowerCase() === 'x-hermes-profile' ? 'private' : '')
+    await ctrl.getAvailable(ctx)
+
+    expect(mockReadConfigYamlForProfile).toHaveBeenCalledTimes(1)
+    expect(mockReadConfigYamlForProfile).toHaveBeenCalledWith('research')
+    expect(ctx.body.profiles.map((profile: any) => profile.profile)).toEqual(['research'])
+    expect(ctx.body.groups).toEqual(expect.arrayContaining([
+      expect.objectContaining({ provider: 'deepseek' }),
+    ]))
+  })
+
+  it('uses the requested profile for aggregate response defaults', async () => {
+    mockListProfileNamesFromDisk.mockReturnValue(['default', 'tester'])
+    mockReadConfigYamlForProfile.mockImplementation(async (profile: string) => ({
+      model: {
+        default: profile === 'tester' ? 'deepseek-reasoner' : 'deepseek-chat',
+        provider: 'deepseek',
+      },
+    }))
+
+    const ctx = makeCtx()
+    ctx.state = { user: { id: 1, username: 'admin', role: 'super_admin' } }
+    ctx.get = vi.fn((name: string) => name.toLowerCase() === 'x-hermes-profile' ? 'tester' : '')
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.body.default).toBe('deepseek-reasoner')
+    expect(ctx.body.default_provider).toBe('deepseek')
+    expect(ctx.body.profiles.map((profile: any) => profile.profile)).toEqual(['default', 'tester'])
+  })
+
+  it('uses explicit query profile for single-profile model fetches', async () => {
+    mockListProfileNamesFromDisk.mockReturnValue(['default', 'research'])
+
+    const ctx = makeCtx()
+    ctx.query = { profile: 'research' }
+    ctx.state = { profile: { name: 'default' }, user: { id: 1, username: 'admin', role: 'super_admin' } }
+    await ctrl.getAvailable(ctx)
+
+    expect(mockReadConfigYamlForProfile).toHaveBeenCalledTimes(1)
+    expect(mockReadConfigYamlForProfile).toHaveBeenCalledWith('research')
+    expect(ctx.body.profiles.map((profile: any) => profile.profile)).toEqual(['research'])
+  })
+  it('accepts OAuth providers stored in credential_pool entries', async () => {
+    mockExistsSync.mockReturnValue(true)
+    mockReadFileSync.mockReturnValue(JSON.stringify({
+      credential_pool: {
+        openrouter: [{ label: 'primary', access_token: 'oauth-token' }],
+      },
+    }))
+
+    const ctx = makeCtx()
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(ctx.body.groups).toEqual(expect.arrayContaining([
+      expect.objectContaining({
+        provider: 'openrouter',
+        label: 'OpenRouter',
+        models: ['openrouter/auto'],
+        available_models: ['openrouter/auto'],
+      }),
+    ]))
+  })
+
+  it('shows xAI Grok OAuth when SuperGrok credentials exist in auth.json', async () => {
+    mockExistsSync.mockReturnValue(true)
+    mockReadFileSync.mockReturnValue(JSON.stringify({
+      providers: {
+        'xai-oauth': {
+          tokens: { access_token: 'xai-token' },
+        },
+      },
+    }))
+
+    const ctx = makeCtx()
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(ctx.body.groups).toEqual(expect.arrayContaining([
+      expect.objectContaining({
+        provider: 'xai-oauth',
+        label: 'xAI Grok OAuth (SuperGrok Subscription)',
+        base_url: 'https://api.x.ai/v1',
+        models: ['grok-4.3', 'grok-4.20-0309-reasoning'],
+      }),
+    ]))
+  })
+
+  it('marks allProviders with base URL env support for editable preset URLs', async () => {
+    const ctx = makeCtx()
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.body.allProviders).toEqual(expect.arrayContaining([
+      expect.objectContaining({
+        provider: 'deepseek',
+        builtin: true,
+        base_url_env: 'DEEPSEEK_BASE_URL',
+      }),
+      expect.not.objectContaining({
+        provider: 'xai-oauth',
+        base_url_env: expect.any(String),
+      }),
+    ]))
+  })
+
+  it('marks custom-prefixed providers as builtin when their provider key matches a preset', async () => {
+    mockReadConfigYamlForProfile.mockResolvedValue({
+      model: { default: 'gpt-5.5', provider: 'custom:fun-codex' },
+      custom_providers: [
+        {
+          name: 'fun-codex',
+          base_url: 'https://proxy.example.com/v1',
+          model: 'gpt-5.5',
+          api_key: 'sk-test',
+        },
+      ],
+    })
+
+    const ctx = makeCtx()
+    ctx.query = { profile: 'default' }
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.body.groups).toEqual(expect.arrayContaining([
+      expect.objectContaining({
+        provider: 'custom:fun-codex',
+        builtin: true,
+      }),
+    ]))
+  })
+
+  it('returns LM Studio configured default model when env credentials exist and catalog is empty', async () => {
+    mockReadFile.mockResolvedValue('LM_API_KEY=local\nLM_BASE_URL=http://127.0.0.1:1234/v1\n')
+    mockReadConfigYaml.mockResolvedValue({ model: { default: 'eee', provider: 'lmstudio' } })
+    mockReadConfigYamlForProfile.mockResolvedValue({ model: { default: 'eee', provider: 'lmstudio' } })
+
+    const ctx = makeCtx()
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(ctx.body.groups).toEqual(expect.arrayContaining([
+      expect.objectContaining({
+        provider: 'lmstudio',
+        label: 'LM Studio',
+        base_url: 'http://127.0.0.1:1234/v1',
+        models: ['eee'],
+        available_models: ['eee'],
+      }),
+    ]))
+    expect(ctx.body.default).toBe('eee')
+    expect(ctx.body.default_provider).toBe('lmstudio')
+  })
+
+
+
+  it('fails open for stale include rules so a provider can be recovered in the UI', async () => {
+    mockReadAppConfig.mockResolvedValue({
+      modelVisibility: {
+        deepseek: { mode: 'include', models: ['missing-model'] },
+      },
+    })
+
+    const ctx = makeCtx()
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.body.groups[0]).toMatchObject({
+      provider: 'deepseek',
+      models: ['deepseek-chat', 'deepseek-reasoner'],
+      available_models: ['deepseek-chat', 'deepseek-reasoner'],
+    })
+  })
+
+  it('applies visibility to the config fallback path when no credentialed providers are active', async () => {
+    mockReadFile.mockResolvedValue('')
+    mockReadConfigYaml.mockResolvedValue({
+      model: { default: 'custom-a' },
+      custom_providers: [
+        { name: 'local', model: 'custom-a' },
+        { name: 'local', model: 'custom-b' },
+      ],
+    })
+    mockReadAppConfig.mockResolvedValue({
+      modelVisibility: {
+        Custom: { mode: 'include', models: ['custom-b'] },
+      },
+    })
+    mockBuildModelGroups.mockReturnValue({
+      default: 'custom-a',
+      groups: [
+        {
+          provider: 'Custom',
+          models: [
+            { id: 'custom-a', label: 'local: custom-a' },
+            { id: 'custom-b', label: 'local: custom-b' },
+          ],
+        },
+      ],
+    })
+
+    const ctx = makeCtx()
+    await ctrl.getAvailable(ctx)
+
+    expect(ctx.body.groups).toEqual([
+      expect.objectContaining({
+        provider: 'Custom',
+        models: ['custom-b'],
+        available_models: ['custom-a', 'custom-b'],
+      }),
+    ])
+    expect(ctx.body.default).toBe('custom-b')
+    expect(ctx.body.default_provider).toBe('Custom')
+  })
+
+  it('saves include visibility in web-ui app config only', async () => {
+    mockReadAppConfig.mockResolvedValue({ copilotEnabled: true })
+    mockWriteAppConfig.mockResolvedValue({
+      copilotEnabled: true,
+      modelVisibility: { deepseek: { mode: 'include', models: ['deepseek-chat'] } },
+    })
+
+    const ctx = makeCtx({ provider: 'deepseek', mode: 'include', models: ['deepseek-chat', 'deepseek-chat', ''] })
+    await ctrl.setModelVisibility(ctx)
+
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({
+      modelVisibility: { deepseek: { mode: 'include', models: ['deepseek-chat'] } },
+    })
+    expect(ctx.body).toEqual({
+      success: true,
+      model_visibility: { deepseek: { mode: 'include', models: ['deepseek-chat'] } },
+    })
+  })
+
+  it('resets a provider to all models by deleting its web-ui visibility rule', async () => {
+    mockReadAppConfig.mockResolvedValue({
+      modelVisibility: {
+        deepseek: { mode: 'include', models: ['deepseek-chat'] },
+        openrouter: { mode: 'include', models: ['x'] },
+      },
+    })
+    mockWriteAppConfig.mockResolvedValue({
+      modelVisibility: {
+        openrouter: { mode: 'include', models: ['x'] },
+      },
+    })
+
+    const ctx = makeCtx({ provider: 'deepseek', mode: 'all', models: [] })
+    await ctrl.setModelVisibility(ctx)
+
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({
+      modelVisibility: {
+        openrouter: { mode: 'include', models: ['x'] },
+      },
+    })
+    expect(ctx.body.model_visibility).toEqual({
+      openrouter: { mode: 'include', models: ['x'] },
+    })
+  })
+
+  it('adds and removes custom models in web-ui app config only', async () => {
+    mockReadAppConfig.mockResolvedValueOnce({
+      customModels: { deepseek: ['existing'] },
+    })
+    mockWriteAppConfig.mockResolvedValueOnce({
+      customModels: { deepseek: ['existing', 'manual-model'] },
+    })
+
+    const addCtx = makeCtx({ provider: 'deepseek', model: 'manual-model' })
+    await ctrl.addCustomModel(addCtx)
+
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({
+      customModels: { deepseek: ['existing', 'manual-model'] },
+    })
+    expect(addCtx.body).toEqual({
+      success: true,
+      custom_models: { deepseek: ['existing', 'manual-model'] },
+    })
+
+    mockReadAppConfig.mockResolvedValueOnce({
+      customModels: { deepseek: ['existing', 'manual-model'] },
+    })
+    mockWriteAppConfig.mockResolvedValueOnce({
+      customModels: { deepseek: ['existing'] },
+    })
+
+    const removeCtx = makeCtx({ provider: 'deepseek', model: 'manual-model' })
+    await ctrl.removeCustomModel(removeCtx)
+
+    expect(mockWriteAppConfig).toHaveBeenLastCalledWith({
+      customModels: { deepseek: ['existing'] },
+    })
+    expect(removeCtx.body).toEqual({
+      success: true,
+      custom_models: { deepseek: ['existing'] },
+    })
+  })
+
+  it('removes custom models from query params when DELETE body is missing', async () => {
+    mockReadAppConfig.mockResolvedValueOnce({
+      customModels: { deepseek: ['manual-model'] },
+    })
+    mockWriteAppConfig.mockResolvedValueOnce({
+      customModels: {},
+    })
+
+    const ctx = makeCtx()
+    ctx.request.body = undefined
+    ctx.query = { provider: 'deepseek', model: 'manual-model' }
+
+    await ctrl.removeCustomModel(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(mockWriteAppConfig).toHaveBeenCalledWith({ customModels: {} })
+    expect(ctx.body).toEqual({ success: true, custom_models: {} })
+  })
+
+  it('rejects empty include lists', async () => {
+    const ctx = makeCtx({ provider: 'deepseek', mode: 'include', models: [] })
+    await ctrl.setModelVisibility(ctx)
+
+    expect(ctx.status).toBe(400)
+    expect(ctx.body).toEqual({ error: 'Select at least one model' })
+    expect(mockWriteAppConfig).not.toHaveBeenCalled()
+  })
+})
diff --git a/tests/server/nous-auth-controller.test.ts b/tests/server/nous-auth-controller.test.ts
new file mode 100644
index 0000000..2dc9a5a
--- /dev/null
+++ b/tests/server/nous-auth-controller.test.ts
@@ -0,0 +1,82 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { existsSync, mkdirSync, mkdtempSync, readFileSync, rmSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+
+let hermesHome = ''
+
+function readAuthJson(path = 'auth.json') {
+  return JSON.parse(readFileSync(join(hermesHome, path), 'utf-8'))
+}
+
+function makeCtx(profile: string): any {
+  return {
+    params: {},
+    query: {},
+    request: { body: {} },
+    state: { profile: { name: profile } },
+    get: () => '',
+    body: undefined,
+    status: 200,
+  }
+}
+
+async function loadNousAuthController() {
+  vi.resetModules()
+  vi.doMock('../../packages/server/src/services/logger', () => ({
+    logger: { info: vi.fn(), error: vi.fn(), warn: vi.fn() },
+  }))
+  return import('../../packages/server/src/controllers/hermes/nous-auth')
+}
+
+describe('Nous auth controller', () => {
+  beforeEach(() => {
+    hermesHome = mkdtempSync(join(tmpdir(), 'hwui-nous-auth-'))
+    process.env.HERMES_HOME = hermesHome
+  })
+
+  afterEach(() => {
+    vi.doUnmock('../../packages/server/src/services/logger')
+    delete process.env.HERMES_HOME
+    if (hermesHome) rmSync(hermesHome, { recursive: true, force: true })
+    hermesHome = ''
+  })
+
+  it('persists OAuth credentials in the request-scoped profile only', async () => {
+    mkdirSync(join(hermesHome, 'profiles', 'research'), { recursive: true })
+
+    const { saveNousOAuthTokensForProfile } = await loadNousAuthController()
+    saveNousOAuthTokensForProfile(
+      'research',
+      {
+        access_token: 'research-access-token',
+        refresh_token: 'research-refresh-token',
+        expires_in: 3600,
+        inference_base_url: 'https://inference-api.nousresearch.com/v1',
+      },
+      'research-agent-key',
+      '2026-06-02T01:00:00.000Z',
+    )
+
+    expect(existsSync(join(hermesHome, 'auth.json'))).toBe(false)
+    const auth = readAuthJson('profiles/research/auth.json')
+    expect(auth.providers.nous.access_token).toBe('research-access-token')
+    expect(auth.providers.nous.agent_key).toBe('research-agent-key')
+    expect(auth.credential_pool.nous[0].refresh_token).toBe('research-refresh-token')
+  })
+
+  it('checks Nous auth status against the request-scoped profile', async () => {
+    mkdirSync(join(hermesHome, 'profiles', 'research'), { recursive: true })
+
+    const { saveNousOAuthTokensForProfile, status } = await loadNousAuthController()
+    saveNousOAuthTokensForProfile('research', {
+      access_token: 'research-access-token',
+      refresh_token: 'research-refresh-token',
+    })
+
+    const ctx = makeCtx('research')
+    await status(ctx)
+
+    expect(ctx.body).toEqual({ authenticated: true })
+  })
+})
diff --git a/tests/server/performance-monitor-controller.test.ts b/tests/server/performance-monitor-controller.test.ts
new file mode 100644
index 0000000..40278bc
--- /dev/null
+++ b/tests/server/performance-monitor-controller.test.ts
@@ -0,0 +1,58 @@
+import { afterEach, describe, expect, it, vi } from 'vitest'
+
+const getOpsRuntimeSnapshot = vi.fn()
+
+vi.mock('../../packages/server/src/services/hermes/ops-monitor', () => ({
+  createEmptyOpsRuntimeSnapshot: (error?: string) => ({ timestamp: 0, error }),
+  getOpsRuntimeSnapshot,
+}))
+
+describe('performance monitor controller', () => {
+  afterEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('returns the runtime snapshot from the performance service', async () => {
+    const snapshot = {
+      timestamp: 1,
+      bridge: { workers: [] },
+      sessions: { active: 0 },
+    }
+    getOpsRuntimeSnapshot.mockResolvedValue(snapshot)
+    const ctx: any = {}
+
+    const { runtime } = await import('../../packages/server/src/controllers/hermes/performance-monitor')
+    await runtime(ctx)
+
+    expect(ctx.body).toBe(snapshot)
+  })
+
+  it('returns a zero snapshot when metrics collection fails', async () => {
+    getOpsRuntimeSnapshot.mockRejectedValue(new Error('boom'))
+    const ctx: any = {}
+
+    const { runtime } = await import('../../packages/server/src/controllers/hermes/performance-monitor')
+    await runtime(ctx)
+
+    expect(ctx.status).toBeUndefined()
+    expect(ctx.body).toEqual({ timestamp: 0, error: 'boom' })
+  })
+
+  it('requires super admin on the runtime route', async () => {
+    const { performanceMonitorRoutes } = await import('../../packages/server/src/routes/hermes/performance-monitor')
+    const layer = performanceMonitorRoutes.stack.find((entry: any) => entry.path === '/api/hermes/performance/runtime')
+    expect(layer).toBeTruthy()
+
+    const deniedCtx: any = { state: { user: { role: 'admin' } }, status: 200, body: null }
+    const deniedNext = vi.fn(async () => {})
+    await layer.stack[0](deniedCtx, deniedNext)
+
+    expect(deniedCtx.status).toBe(403)
+    expect(deniedNext).not.toHaveBeenCalled()
+
+    const allowedCtx: any = { state: { user: { role: 'super_admin' } }, status: 200, body: null }
+    const allowedNext = vi.fn(async () => {})
+    await layer.stack[0](allowedCtx, allowedNext)
+    expect(allowedNext).toHaveBeenCalledOnce()
+  })
+})
diff --git a/tests/server/plugins-routes.test.ts b/tests/server/plugins-routes.test.ts
new file mode 100644
index 0000000..0fc0479
--- /dev/null
+++ b/tests/server/plugins-routes.test.ts
@@ -0,0 +1,34 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const listMock = vi.fn(async (ctx: any) => {
+  ctx.body = { plugins: [], warnings: [], metadata: {} }
+})
+
+vi.mock('../../packages/server/src/controllers/hermes/plugins', () => ({
+  list: listMock,
+}))
+
+describe('plugin routes', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    listMock.mockClear()
+  })
+
+  it('registers the plugins inventory route', async () => {
+    const { pluginRoutes } = await import('../../packages/server/src/routes/hermes/plugins')
+    const paths = pluginRoutes.stack.map((entry: any) => entry.path)
+
+    expect(paths).toEqual(expect.arrayContaining(['/api/hermes/plugins']))
+  })
+
+  it('delegates plugin listing to the controller', async () => {
+    const { pluginRoutes } = await import('../../packages/server/src/routes/hermes/plugins')
+    const layer = pluginRoutes.stack.find((entry: any) => entry.path === '/api/hermes/plugins')
+    const ctx: any = { body: null, params: {}, query: {} }
+
+    await layer.stack[0](ctx)
+
+    expect(listMock).toHaveBeenCalledWith(ctx)
+    expect(ctx.body).toEqual({ plugins: [], warnings: [], metadata: {} })
+  })
+})
diff --git a/tests/server/profile-credentials.test.ts b/tests/server/profile-credentials.test.ts
new file mode 100644
index 0000000..d3af24a
--- /dev/null
+++ b/tests/server/profile-credentials.test.ts
@@ -0,0 +1,205 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest'
+import { mkdtempSync, writeFileSync, readFileSync, readdirSync, existsSync, rmSync } from 'fs'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import {
+  isExclusivePlatformKey,
+  stripExclusivePlatformCredentials,
+  disableExclusivePlatformsInConfig,
+  EXCLUSIVE_PLATFORMS,
+  EXCLUSIVE_PLATFORM_ENV_PATTERNS,
+} from '../../packages/server/src/services/hermes/profile-credentials'
+
+let tmpDir: string
+
+beforeEach(() => {
+  tmpDir = mkdtempSync(join(tmpdir(), 'profile-cred-test-'))
+})
+
+afterEach(() => {
+  rmSync(tmpDir, { recursive: true, force: true })
+})
+
+describe('isExclusivePlatformKey', () => {
+  it('matches all known exclusive platform prefixes (aligned with hermes-agent gateway/platforms)', () => {
+    const samples = [
+      'TELEGRAM_BOT_TOKEN',
+      'DISCORD_BOT_TOKEN',
+      'SLACK_APP_TOKEN',
+      'WHATSAPP_PHONE_NUMBER_ID',
+      'SIGNAL_PHONE_NUMBER',
+      'WEIXIN_TOKEN', 'WEIXIN_ACCOUNT_ID',
+      'FEISHU_APP_ID',
+    ]
+    for (const k of samples) {
+      expect(isExclusivePlatformKey(k)).toBe(true)
+    }
+  })
+
+  it('does not match removed aliases or non-lock platforms', () => {
+    // 这些前缀在 hermes-agent gateway/platforms/ 中没有 _acquire_platform_lock 调用
+    const nonLock = [
+      'WECHAT_APP_ID',         // wechat 不是上游 platform key（实际是 weixin）
+      'LARK_APP_SECRET',       // lark 不是上游 platform key（实际是 feishu）
+      'LINE_CHANNEL_SECRET',   // line 在 hermes-agent 中没有 adapter
+      'MATTERMOST_TOKEN', 'MATRIX_TOKEN', 'DINGTALK_TOKEN',
+      'WECOM_TOKEN', 'QQBOT_TOKEN', 'BLUEBUBBLES_TOKEN',
+    ]
+    for (const k of nonLock) {
+      expect(isExclusivePlatformKey(k)).toBe(false)
+    }
+  })
+
+  it('does not match model provider keys or generic config', () => {
+    const safe = [
+      'OPENAI_API_KEY',
+      'ANTHROPIC_API_KEY',
+      'GEMINI_API_KEY',
+      'DEEPSEEK_API_KEY',
+      'MINIMAX_API_KEY',
+      'DASHSCOPE_API_KEY',
+      'BROWSER_HEADLESS',
+      'TERMINAL_DEFAULT_SHELL',
+      'HERMES_MAX_ITERATIONS',
+      'PORT',
+      'NODE_ENV',
+    ]
+    for (const k of safe) {
+      expect(isExclusivePlatformKey(k)).toBe(false)
+    }
+  })
+})
+
+describe('stripExclusivePlatformCredentials', () => {
+  it('returns empty when file does not exist', () => {
+    expect(stripExclusivePlatformCredentials(join(tmpDir, 'nope.env'))).toEqual([])
+  })
+
+  it('returns empty and does not write when no exclusive keys present', () => {
+    const p = join(tmpDir, '.env')
+    const content = 'OPENAI_API_KEY=sk-xxx\nPORT=8642\n'
+    writeFileSync(p, content)
+    expect(stripExclusivePlatformCredentials(p)).toEqual([])
+    expect(readFileSync(p, 'utf-8')).toBe(content)
+    // 无备份文件
+    expect(readdirSync(tmpDir).filter(f => f.startsWith('.env.bak'))).toHaveLength(0)
+  })
+
+  it('strips exclusive credentials, keeps safe ones, and creates a backup', () => {
+    const p = join(tmpDir, '.env')
+    writeFileSync(p, [
+      '# comment',
+      'OPENAI_API_KEY=sk-xxx',
+      'WEIXIN_TOKEN=secret-token',
+      'WEIXIN_ACCOUNT_ID=acct-1',
+      'TELEGRAM_BOT_TOKEN=tg-token',
+      'PORT=8642',
+      '',
+    ].join('\n'))
+
+    const removed = stripExclusivePlatformCredentials(p)
+    expect(removed).toEqual(['WEIXIN_TOKEN', 'WEIXIN_ACCOUNT_ID', 'TELEGRAM_BOT_TOKEN'])
+
+    const after = readFileSync(p, 'utf-8')
+    expect(after).toContain('OPENAI_API_KEY=sk-xxx')
+    expect(after).toContain('PORT=8642')
+    expect(after).toContain('# comment')
+    expect(after).not.toContain('WEIXIN_')
+    expect(after).not.toContain('TELEGRAM_')
+
+    // 备份文件存在且与原始内容一致
+    const backups = readdirSync(tmpDir).filter(f => f.startsWith('.env.bak'))
+    expect(backups).toHaveLength(1)
+    const backupContent = readFileSync(join(tmpDir, backups[0]), 'utf-8')
+    expect(backupContent).toContain('WEIXIN_TOKEN=secret-token')
+  })
+})
+
+describe('disableExclusivePlatformsInConfig', () => {
+  it('returns empty when file does not exist', () => {
+    expect(disableExclusivePlatformsInConfig(join(tmpDir, 'nope.yaml')))
+      .toEqual({ disabled: [], strippedConfigCredentials: [] })
+  })
+
+  it('returns empty when no exclusive platforms enabled and no embedded credentials', () => {
+    const p = join(tmpDir, 'config.yaml')
+    writeFileSync(p, 'platforms:\n  cli:\n    enabled: true\n')
+    expect(disableExclusivePlatformsInConfig(p))
+      .toEqual({ disabled: [], strippedConfigCredentials: [] })
+    expect(readdirSync(tmpDir).filter(f => f.startsWith('config.yaml.bak'))).toHaveLength(0)
+  })
+
+  it('disables enabled exclusive platforms, strips embedded credentials, and backs up', () => {
+    const p = join(tmpDir, 'config.yaml')
+    writeFileSync(p, [
+      'platforms:',
+      '  cli:',
+      '    enabled: true',
+      '  weixin:',
+      '    enabled: true',
+      '    token: secret',
+      '    extra:',
+      '      account_id: acct-1',
+      '      app_id: app-1',
+      '  telegram:',
+      '    enabled: true',
+      '    bot_token: tg-token',
+      '  discord:',
+      '    enabled: false',
+      '',
+    ].join('\n'))
+
+    const result = disableExclusivePlatformsInConfig(p)
+    expect(result.disabled.sort()).toEqual(['telegram', 'weixin'])
+    // 节点直挂 + extra 子节点的凭据都应该被清掉
+    expect(result.strippedConfigCredentials.sort()).toEqual([
+      'telegram.bot_token',
+      'weixin.extra.account_id',
+      'weixin.extra.app_id',
+      'weixin.token',
+    ])
+
+    const after = readFileSync(p, 'utf-8')
+    expect(after).toMatch(/weixin:[\s\S]*?enabled:\s*false/)
+    expect(after).toMatch(/telegram:[\s\S]*?enabled:\s*false/)
+    expect(after).toMatch(/cli:[\s\S]*?enabled:\s*true/)
+    // 凭据已被清除
+    expect(after).not.toContain('secret')
+    expect(after).not.toContain('tg-token')
+    expect(after).not.toContain('acct-1')
+
+    const backups = readdirSync(tmpDir).filter(f => f.startsWith('config.yaml.bak'))
+    expect(backups).toHaveLength(1)
+  })
+
+  it('strips embedded credentials even when platform is already disabled', () => {
+    const p = join(tmpDir, 'config.yaml')
+    writeFileSync(p, [
+      'platforms:',
+      '  weixin:',
+      '    enabled: false',
+      '    token: leftover-secret',
+      '',
+    ].join('\n'))
+
+    const result = disableExclusivePlatformsInConfig(p)
+    expect(result.disabled).toEqual([])
+    expect(result.strippedConfigCredentials).toEqual(['weixin.token'])
+
+    const after = readFileSync(p, 'utf-8')
+    expect(after).not.toContain('leftover-secret')
+  })
+
+  it('returns empty on malformed yaml without throwing', () => {
+    const p = join(tmpDir, 'config.yaml')
+    writeFileSync(p, 'platforms: [unclosed')
+    expect(disableExclusivePlatformsInConfig(p))
+      .toEqual({ disabled: [], strippedConfigCredentials: [] })
+  })
+})
+
+describe('EXCLUSIVE_PLATFORMS list', () => {
+  it('stays in sync with the env pattern list (same length)', () => {
+    expect(EXCLUSIVE_PLATFORMS.length).toBe(EXCLUSIVE_PLATFORM_ENV_PATTERNS.length)
+  })
+})
diff --git a/tests/server/profiles-routes.test.ts b/tests/server/profiles-routes.test.ts
new file mode 100644
index 0000000..a629af8
--- /dev/null
+++ b/tests/server/profiles-routes.test.ts
@@ -0,0 +1,263 @@
+import { existsSync, readFileSync } from 'fs'
+import { mkdir, mkdtemp, rm, writeFile } from 'fs/promises'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest'
+
+const agentBridgeMocks = vi.hoisted(() => ({
+  destroyAll: vi.fn(),
+  destroyProfile: vi.fn(),
+}))
+
+const skillInjectorMocks = vi.hoisted(() => ({
+  injectMissingSkills: vi.fn(),
+  resolveTargetDirForProfile: vi.fn(),
+}))
+
+const sessionDeleterMocks = vi.hoisted(() => ({
+  switchProfile: vi.fn(),
+}))
+
+// Mock hermes-cli
+vi.mock('../../packages/server/src/services/hermes/hermes-cli', () => ({
+  listProfiles: vi.fn(),
+  getProfile: vi.fn(),
+  createProfile: vi.fn(),
+  deleteProfile: vi.fn(),
+  renameProfile: vi.fn(),
+  useProfile: vi.fn(),
+  stopGateway: vi.fn(),
+  startGateway: vi.fn(),
+  startGatewayBackground: vi.fn(),
+  setupReset: vi.fn(),
+  exportProfile: vi.fn(),
+  importProfile: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/agent-bridge', () => ({
+  AgentBridgeClient: vi.fn(() => ({
+    destroyAll: agentBridgeMocks.destroyAll,
+    destroyProfile: agentBridgeMocks.destroyProfile,
+  })),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/skill-injector', () => {
+  const HermesSkillInjector = vi.fn(() => ({
+    injectMissingSkills: skillInjectorMocks.injectMissingSkills,
+  })) as any
+  HermesSkillInjector.resolveTargetDirForProfile = skillInjectorMocks.resolveTargetDirForProfile
+  return { HermesSkillInjector }
+})
+
+vi.mock('../../packages/server/src/services/hermes/session-deleter', () => ({
+  SessionDeleter: {
+    getInstance: vi.fn(() => sessionDeleterMocks),
+  },
+}))
+
+import * as hermesCli from '../../packages/server/src/services/hermes/hermes-cli'
+
+describe('Profile Routes', () => {
+  const originalHermesHome = process.env.HERMES_HOME
+  const originalWebUiHome = process.env.HERMES_WEB_UI_HOME
+  const tempHomes: string[] = []
+
+  beforeEach(() => {
+    vi.clearAllMocks()
+    agentBridgeMocks.destroyProfile.mockResolvedValue({ destroyed: 0 })
+    skillInjectorMocks.injectMissingSkills.mockResolvedValue({ targets: [] })
+    skillInjectorMocks.resolveTargetDirForProfile.mockImplementation((name: string) => join('/tmp/hermes-skills', name))
+  })
+
+  afterEach(async () => {
+    if (originalHermesHome === undefined) delete process.env.HERMES_HOME
+    else process.env.HERMES_HOME = originalHermesHome
+    if (originalWebUiHome === undefined) delete process.env.HERMES_WEB_UI_HOME
+    else process.env.HERMES_WEB_UI_HOME = originalWebUiHome
+    await Promise.all(tempHomes.splice(0).map(dir => rm(dir, { recursive: true, force: true })))
+  })
+
+  describe('hermes-cli wrapper', () => {
+    it('listProfiles returns array', async () => {
+      const mockProfiles = [{ name: 'default', active: true }]
+      vi.mocked(hermesCli.listProfiles).mockResolvedValue(mockProfiles as any)
+
+      const result = await hermesCli.listProfiles()
+      expect(result).toEqual(mockProfiles)
+    })
+
+    it('getProfile returns profile detail', async () => {
+      const mockDetail = { name: 'default', path: '/tmp/default' }
+      vi.mocked(hermesCli.getProfile).mockResolvedValue(mockDetail as any)
+
+      const result = await hermesCli.getProfile('default')
+      expect(result).toEqual(mockDetail)
+      expect(hermesCli.getProfile).toHaveBeenCalledWith('default')
+    })
+
+    it('createProfile calls CLI with name and clone flag', async () => {
+      vi.mocked(hermesCli.createProfile).mockResolvedValue('Profile created')
+
+      await hermesCli.createProfile('test', true)
+
+      expect(hermesCli.createProfile).toHaveBeenCalledWith('test', true)
+    })
+
+    it('deleteProfile calls CLI with name', async () => {
+      vi.mocked(hermesCli.deleteProfile).mockResolvedValue(true)
+
+      await hermesCli.deleteProfile('test')
+
+      expect(hermesCli.deleteProfile).toHaveBeenCalledWith('test')
+    })
+
+    it('renameProfile calls CLI with old and new name', async () => {
+      vi.mocked(hermesCli.renameProfile).mockResolvedValue(true)
+
+      await hermesCli.renameProfile('old', 'new')
+
+      expect(hermesCli.renameProfile).toHaveBeenCalledWith('old', 'new')
+    })
+  })
+
+  describe('profile deletion fallback', () => {
+    it('removes a reserved profile directory when Hermes CLI refuses to delete it', async () => {
+      const hermesHome = await mkdtemp(join(tmpdir(), 'hermes-profile-delete-'))
+      tempHomes.push(hermesHome)
+      process.env.HERMES_HOME = hermesHome
+      const badProfileDir = join(hermesHome, 'profiles', 'hermes')
+      await mkdir(badProfileDir, { recursive: true })
+      await writeFile(join(badProfileDir, 'config.yaml'), 'model:\n  default: bad\n', 'utf-8')
+      await writeFile(join(hermesHome, 'active_profile'), 'hermes\n', 'utf-8')
+      vi.mocked(hermesCli.deleteProfile).mockResolvedValue(false)
+      const { remove } = await import('../../packages/server/src/controllers/hermes/profiles')
+      const ctx: any = { params: { name: 'hermes' }, status: 200, body: undefined }
+
+      await remove(ctx)
+
+      expect(ctx.status).toBe(200)
+      expect(ctx.body).toEqual({ success: true, fallback: 'removed_reserved_profile_from_disk' })
+      expect(existsSync(badProfileDir)).toBe(false)
+      expect(readFileSync(join(hermesHome, 'active_profile'), 'utf-8')).toBe('default\n')
+    })
+
+    it('does not bypass Hermes CLI failures for normal profile names', async () => {
+      const hermesHome = await mkdtemp(join(tmpdir(), 'hermes-profile-delete-'))
+      tempHomes.push(hermesHome)
+      process.env.HERMES_HOME = hermesHome
+      const profileDir = join(hermesHome, 'profiles', 'work')
+      await mkdir(profileDir, { recursive: true })
+      vi.mocked(hermesCli.deleteProfile).mockResolvedValue(false)
+      const { remove } = await import('../../packages/server/src/controllers/hermes/profiles')
+      const ctx: any = { params: { name: 'work' }, status: 200, body: undefined }
+
+      await remove(ctx)
+
+      expect(ctx.status).toBe(500)
+      expect(ctx.body).toEqual({ error: 'Failed to delete profile' })
+      expect(existsSync(profileDir)).toBe(true)
+    })
+  })
+
+  describe('Hermes CLI active profile switch', () => {
+    it('only destroys bridge sessions for the target profile', async () => {
+      const hermesHome = await mkdtemp(join(tmpdir(), 'hermes-profile-switch-'))
+      tempHomes.push(hermesHome)
+      process.env.HERMES_HOME = hermesHome
+      const profileDir = join(hermesHome, 'profiles', 'work')
+      await mkdir(profileDir, { recursive: true })
+      await writeFile(join(profileDir, 'config.yaml'), 'model:\n  default: gpt-test\n', 'utf-8')
+      await writeFile(join(hermesHome, 'active_profile'), 'work\n', 'utf-8')
+      vi.mocked(hermesCli.useProfile).mockResolvedValue('Switched to work')
+      vi.mocked(hermesCli.getProfile).mockResolvedValue({
+        name: 'work',
+        path: profileDir,
+        model: 'gpt-test',
+        provider: 'test',
+        skills: 0,
+        hasEnv: false,
+        hasSoulMd: false,
+      } as any)
+      agentBridgeMocks.destroyProfile.mockResolvedValue({ destroyed: 2 })
+      const { switchProfile } = await import('../../packages/server/src/controllers/hermes/profiles')
+      const ctx: any = {
+        request: { body: { name: 'work' } },
+        status: 200,
+        body: undefined,
+      }
+
+      await switchProfile(ctx)
+
+      expect(ctx.status).toBe(200)
+      expect(ctx.body).toMatchObject({ success: true, active: 'work' })
+      expect(agentBridgeMocks.destroyProfile).toHaveBeenCalledWith('work')
+      expect(agentBridgeMocks.destroyAll).not.toHaveBeenCalled()
+      expect(sessionDeleterMocks.switchProfile).toHaveBeenCalledWith('work')
+    })
+  })
+
+  describe('profile avatars', () => {
+    it('stores generated avatar metadata under the Web UI home', async () => {
+      const webUiHome = await mkdtemp(join(tmpdir(), 'hermes-web-ui-avatar-'))
+      tempHomes.push(webUiHome)
+      process.env.HERMES_WEB_UI_HOME = webUiHome
+      const { updateAvatar } = await import('../../packages/server/src/controllers/hermes/profiles')
+      const ctx: any = {
+        params: { name: 'work' },
+        request: { body: { type: 'generated', seed: 'custom-seed' } },
+        status: 200,
+        body: undefined,
+      }
+
+      await updateAvatar(ctx)
+
+      const metaPath = join(webUiHome, 'profile-metadata', Buffer.from('work', 'utf-8').toString('base64url'), 'avatar.json')
+      expect(ctx.status).toBe(200)
+      expect(ctx.body.avatar).toMatchObject({ type: 'generated', seed: 'custom-seed' })
+      expect(JSON.parse(readFileSync(metaPath, 'utf-8'))).toMatchObject({
+        type: 'generated',
+        seed: 'custom-seed',
+      })
+    })
+
+    it('stores uploaded image avatars and returns a data URL', async () => {
+      const webUiHome = await mkdtemp(join(tmpdir(), 'hermes-web-ui-avatar-'))
+      tempHomes.push(webUiHome)
+      process.env.HERMES_WEB_UI_HOME = webUiHome
+      const dataUrl = `data:image/png;base64,${Buffer.from('avatar-png').toString('base64')}`
+      const { updateAvatar } = await import('../../packages/server/src/controllers/hermes/profiles')
+      const ctx: any = {
+        params: { name: 'work' },
+        request: { body: { type: 'image', dataUrl } },
+        status: 200,
+        body: undefined,
+      }
+
+      await updateAvatar(ctx)
+
+      const dir = join(webUiHome, 'profile-metadata', Buffer.from('work', 'utf-8').toString('base64url'))
+      const meta = JSON.parse(readFileSync(join(dir, 'avatar.json'), 'utf-8'))
+      expect(ctx.status).toBe(200)
+      expect(ctx.body.avatar).toMatchObject({ type: 'image', dataUrl })
+      expect(meta).toMatchObject({ type: 'image', file: 'avatar.bin', mime: 'image/png' })
+      expect(readFileSync(join(dir, 'avatar.bin')).toString()).toBe('avatar-png')
+    })
+
+    it('deletes profile avatar metadata', async () => {
+      const webUiHome = await mkdtemp(join(tmpdir(), 'hermes-web-ui-avatar-'))
+      tempHomes.push(webUiHome)
+      process.env.HERMES_WEB_UI_HOME = webUiHome
+      const metadataDir = join(webUiHome, 'profile-metadata', Buffer.from('work', 'utf-8').toString('base64url'))
+      await mkdir(metadataDir, { recursive: true })
+      await writeFile(join(metadataDir, 'avatar.json'), '{"type":"generated"}\n', 'utf-8')
+      const { deleteAvatar } = await import('../../packages/server/src/controllers/hermes/profiles')
+      const ctx: any = { params: { name: 'work' }, status: 200, body: undefined }
+
+      await deleteAvatar(ctx)
+
+      expect(ctx.status).toBe(200)
+      expect(ctx.body).toEqual({ success: true })
+      expect(existsSync(metadataDir)).toBe(false)
+    })
+  })
+})
diff --git a/tests/server/provider-create-controller.test.ts b/tests/server/provider-create-controller.test.ts
new file mode 100644
index 0000000..c52e447
--- /dev/null
+++ b/tests/server/provider-create-controller.test.ts
@@ -0,0 +1,102 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+import YAML from 'js-yaml'
+
+vi.mock('../../packages/server/src/services/hermes/hermes-cli', () => ({
+  restartGateway: vi.fn().mockResolvedValue(undefined),
+}))
+
+let hermesHome = ''
+
+async function loadProvidersController() {
+  vi.resetModules()
+  process.env.HERMES_HOME = hermesHome
+  return import('../../packages/server/src/controllers/hermes/providers')
+}
+
+function makeCtx(body: Record<string, any>, profile = 'default') {
+  return {
+    request: { body },
+    state: { profile: { name: profile } },
+    status: 200,
+    body: undefined as unknown,
+  }
+}
+
+function readYaml(filePath: string) {
+  return YAML.load(readFileSync(filePath, 'utf-8')) as any
+}
+
+describe('providers controller create', () => {
+  beforeEach(() => {
+    hermesHome = mkdtempSync(join(tmpdir(), 'hwui-provider-create-'))
+    mkdirSync(hermesHome, { recursive: true })
+    writeFileSync(join(hermesHome, 'config.yaml'), 'model: {}\n')
+    writeFileSync(join(hermesHome, '.env'), '')
+  })
+
+  afterEach(() => {
+    delete process.env.HERMES_HOME
+    vi.doUnmock('../../packages/server/src/controllers/hermes/providers')
+    vi.clearAllMocks()
+    if (hermesHome) rmSync(hermesHome, { recursive: true, force: true })
+    hermesHome = ''
+  })
+
+  it('does not persist a built-in provider base URL when it matches the preset default', async () => {
+    const { create } = await loadProvidersController()
+    const ctx = makeCtx({
+      name: 'DeepSeek',
+      base_url: 'https://api.deepseek.com',
+      api_key: 'deepseek-key',
+      model: 'deepseek-chat',
+      providerKey: 'deepseek',
+    })
+
+    await create(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const envAfter = readFileSync(join(hermesHome, '.env'), 'utf-8')
+    expect(envAfter).toContain('DEEPSEEK_API_KEY=deepseek-key')
+    expect(envAfter).not.toContain('DEEPSEEK_BASE_URL')
+  })
+
+  it('persists a built-in provider base URL when it differs from the preset default', async () => {
+    const { create } = await loadProvidersController()
+    const ctx = makeCtx({
+      name: 'DeepSeek',
+      base_url: 'https://deepseek-proxy.invalid/v1',
+      api_key: 'deepseek-key',
+      model: 'deepseek-chat',
+      providerKey: 'deepseek',
+    })
+
+    await create(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const envAfter = readFileSync(join(hermesHome, '.env'), 'utf-8')
+    expect(envAfter).toContain('DEEPSEEK_API_KEY=deepseek-key')
+    expect(envAfter).toContain('DEEPSEEK_BASE_URL=https://deepseek-proxy.invalid/v1')
+  })
+
+  it('creates xAI OAuth as a direct config provider without an API key or custom provider entry', async () => {
+    const { create } = await loadProvidersController()
+    const ctx = makeCtx({
+      name: 'xAI Grok OAuth',
+      base_url: 'https://api.x.ai/v1',
+      api_key: '',
+      model: 'grok-4.3',
+      providerKey: 'xai-oauth',
+    })
+
+    await create(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const configAfter = readYaml(join(hermesHome, 'config.yaml'))
+    expect(configAfter.model).toEqual({ default: 'grok-4.3', provider: 'xai-oauth' })
+    expect(configAfter.custom_providers).toBeUndefined()
+    expect(readFileSync(join(hermesHome, '.env'), 'utf-8')).toBe('')
+  })
+})
diff --git a/tests/server/provider-delete-controller.test.ts b/tests/server/provider-delete-controller.test.ts
new file mode 100644
index 0000000..fd24696
--- /dev/null
+++ b/tests/server/provider-delete-controller.test.ts
@@ -0,0 +1,261 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { existsSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+
+vi.mock('../../packages/server/src/services/hermes/hermes-cli', () => ({
+  restartGateway: vi.fn().mockResolvedValue(undefined),
+}))
+
+let hermesHome = ''
+
+async function loadProvidersController() {
+  vi.resetModules()
+  process.env.HERMES_HOME = hermesHome
+  return import('../../packages/server/src/controllers/hermes/providers')
+}
+
+function makeCtx(poolKey: string, overrides: Record<string, any> = {}) {
+  return {
+    params: { poolKey: encodeURIComponent(poolKey) },
+    request: { body: {} },
+    status: 200,
+    body: undefined as unknown,
+    ...overrides,
+  }
+}
+
+function readAuth(profileDir = hermesHome) {
+  return JSON.parse(readFileSync(join(profileDir, 'auth.json'), 'utf-8'))
+}
+
+describe('providers controller delete', () => {
+  beforeEach(() => {
+    hermesHome = mkdtempSync(join(tmpdir(), 'hwui-provider-delete-'))
+    mkdirSync(hermesHome, { recursive: true })
+    writeFileSync(join(hermesHome, 'config.yaml'), 'model:\n  provider: openai-codex\n  default: gpt-5.5\n')
+  })
+
+  afterEach(() => {
+    delete process.env.HERMES_HOME
+    vi.doUnmock('../../packages/server/src/controllers/hermes/providers')
+    vi.clearAllMocks()
+    if (hermesHome) rmSync(hermesHome, { recursive: true, force: true })
+    hermesHome = ''
+  })
+
+  it('removes built-in API-key provider credentials from env and auth pool', async () => {
+    writeFileSync(join(hermesHome, '.env'), [
+      ['DEEPSEEK_API_KEY', 'deepseek-placeholder'].join('='),
+      ['DEEPSEEK_BASE_URL', 'https://deepseek-proxy.invalid/v1'].join('='),
+      ['OPENROUTER_API_KEY', 'openrouter-placeholder'].join('='),
+      ['OPENROUTER_BASE_URL', 'https://openrouter-proxy.invalid/v1'].join('='),
+      '',
+    ].join('\n'))
+    writeFileSync(join(hermesHome, 'auth.json'), JSON.stringify({
+      providers: {
+        deepseek: { access_token: 'legacy-token' },
+        openrouter: { access_token: 'keep-token' },
+      },
+      credential_pool: {
+        deepseek: [{ label: 'DEEPSEEK_API_KEY', source: 'env:DEEPSEEK_API_KEY' }],
+        openrouter: [{ label: 'OPENROUTER_API_KEY', source: 'env:OPENROUTER_API_KEY' }],
+      },
+    }, null, 2))
+
+    const { remove } = await loadProvidersController()
+    const ctx = makeCtx('deepseek')
+
+    await remove(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const envAfter = readFileSync(join(hermesHome, '.env'), 'utf-8')
+    expect(envAfter).not.toContain('DEEPSEEK_API_KEY')
+    expect(envAfter).not.toContain('DEEPSEEK_BASE_URL')
+    expect(envAfter).toContain(['OPENROUTER_API_KEY', 'openrouter-placeholder'].join('='))
+    expect(envAfter).toContain(['OPENROUTER_BASE_URL', 'https://openrouter-proxy.invalid/v1'].join('='))
+
+    const authAfter = readAuth()
+    expect(authAfter.providers).not.toHaveProperty('deepseek')
+    expect(authAfter.credential_pool).not.toHaveProperty('deepseek')
+    expect(authAfter.providers.openrouter).toEqual({ access_token: 'keep-token' })
+    expect(authAfter.credential_pool.openrouter).toEqual([
+      { label: 'OPENROUTER_API_KEY', source: 'env:OPENROUTER_API_KEY' },
+    ])
+  })
+
+  it('does not remove unrelated base URL env for a provider without a base URL env mapping', async () => {
+    writeFileSync(join(hermesHome, '.env'), [
+      ['XAI_BASE_URL', 'https://xai-proxy.invalid/v1'].join('='),
+      ['DEEPSEEK_BASE_URL', 'https://deepseek-proxy.invalid/v1'].join('='),
+      '',
+    ].join('\n'))
+
+    const { remove } = await loadProvidersController()
+    const ctx = makeCtx('xai-oauth')
+
+    await remove(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const envAfter = readFileSync(join(hermesHome, '.env'), 'utf-8')
+    expect(envAfter).toContain(['XAI_BASE_URL', 'https://xai-proxy.invalid/v1'].join('='))
+    expect(envAfter).toContain(['DEEPSEEK_BASE_URL', 'https://deepseek-proxy.invalid/v1'].join('='))
+  })
+
+  it('removes custom provider config and any matching stored auth entry', async () => {
+    writeFileSync(join(hermesHome, 'config.yaml'), [
+      'model:',
+      '  provider: openai-codex',
+      '  default: gpt-5.5',
+      'custom_providers:',
+      '  - name: deepseek-proxy',
+      '    base_url: https://example.invalid/v1',
+      '    api_key: placeholder',
+      '    model: deepseek-chat',
+      '  - name: keep-provider',
+      '    base_url: https://keep.invalid/v1',
+      '    api_key: placeholder',
+      '    model: keep-model',
+      '',
+    ].join('\n'))
+    writeFileSync(join(hermesHome, 'auth.json'), JSON.stringify({
+      credential_pool: {
+        'custom:deepseek-proxy': [{ label: 'custom' }],
+        'custom:keep-provider': [{ label: 'keep' }],
+      },
+    }, null, 2))
+
+    const { remove } = await loadProvidersController()
+    const ctx = makeCtx('custom:deepseek-proxy')
+
+    await remove(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const configAfter = readFileSync(join(hermesHome, 'config.yaml'), 'utf-8')
+    expect(configAfter).not.toContain('deepseek-proxy')
+    expect(configAfter).toContain('keep-provider')
+
+    const authAfter = readAuth()
+    expect(authAfter.credential_pool).not.toHaveProperty('custom:deepseek-proxy')
+    expect(authAfter.credential_pool['custom:keep-provider']).toEqual([{ label: 'keep' }])
+  })
+
+  it('keeps OAuth-style provider deletion clearing stored auth entries', async () => {
+    writeFileSync(join(hermesHome, 'auth.json'), JSON.stringify({
+      providers: {
+        'openai-codex': { account_id: 'remove-me' },
+        copilot: { account_id: 'keep-me' },
+      },
+      credential_pool: {
+        'openai-codex': [{ label: 'remove-me' }],
+        copilot: [{ label: 'keep-me' }],
+      },
+    }, null, 2))
+
+    const { remove } = await loadProvidersController()
+    const ctx = makeCtx('openai-codex')
+
+    await remove(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const authAfter = readAuth()
+    expect(authAfter.providers).not.toHaveProperty('openai-codex')
+    expect(authAfter.credential_pool).not.toHaveProperty('openai-codex')
+    expect(authAfter.providers.copilot).toEqual({ account_id: 'keep-me' })
+    expect(authAfter.credential_pool.copilot).toEqual([{ label: 'keep-me' }])
+  })
+
+  it('does not create auth.json when deleting a provider without stored auth credentials', async () => {
+    writeFileSync(join(hermesHome, '.env'), [['DEEPSEEK_API_KEY', 'deepseek-placeholder'].join('='), ''].join('\n'))
+
+    const { remove } = await loadProvidersController()
+    const ctx = makeCtx('deepseek')
+
+    await remove(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    expect(existsSync(join(hermesHome, 'auth.json'))).toBe(false)
+  })
+
+  it('deletes provider state from the request-scoped profile only', async () => {
+    const researchDir = join(hermesHome, 'profiles', 'research')
+    mkdirSync(researchDir, { recursive: true })
+    writeFileSync(join(hermesHome, 'config.yaml'), [
+      'model:',
+      '  provider: deepseek',
+      '  default: keep-default-model',
+      '',
+    ].join('\n'))
+    writeFileSync(join(hermesHome, '.env'), [
+      ['DEEPSEEK_API_KEY', 'keep-default-key'].join('='),
+      ['OPENROUTER_API_KEY', 'keep-default-openrouter'].join('='),
+      '',
+    ].join('\n'))
+    writeFileSync(join(hermesHome, 'auth.json'), JSON.stringify({
+      providers: {
+        deepseek: { access_token: 'keep-default-token' },
+      },
+      credential_pool: {
+        deepseek: [{ label: 'keep-default' }],
+      },
+    }, null, 2))
+    writeFileSync(join(researchDir, 'config.yaml'), [
+      'model:',
+      '  provider: deepseek',
+      '  default: research-model',
+      'custom_providers:',
+      '  - name: keep-provider',
+      '    base_url: https://keep.invalid/v1',
+      '    api_key: placeholder',
+      '    model: keep-model',
+      '',
+    ].join('\n'))
+    writeFileSync(join(researchDir, '.env'), [
+      ['DEEPSEEK_API_KEY', 'remove-research-key'].join('='),
+      ['OPENROUTER_API_KEY', 'keep-research-openrouter'].join('='),
+      '',
+    ].join('\n'))
+    writeFileSync(join(researchDir, 'auth.json'), JSON.stringify({
+      providers: {
+        deepseek: { access_token: 'remove-research-token' },
+        openrouter: { access_token: 'keep-research-token' },
+      },
+      credential_pool: {
+        deepseek: [{ label: 'remove-research' }],
+        openrouter: [{ label: 'keep-research' }],
+      },
+    }, null, 2))
+
+    const { remove } = await loadProvidersController()
+    const ctx = makeCtx('deepseek', { state: { profile: { name: 'research' } } })
+
+    await remove(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+
+    const defaultEnvAfter = readFileSync(join(hermesHome, '.env'), 'utf-8')
+    expect(defaultEnvAfter).toContain(['DEEPSEEK_API_KEY', 'keep-default-key'].join('='))
+    expect(defaultEnvAfter).toContain(['OPENROUTER_API_KEY', 'keep-default-openrouter'].join('='))
+    expect(readFileSync(join(hermesHome, 'config.yaml'), 'utf-8')).toContain('keep-default-model')
+    expect(readAuth()).toEqual({
+      providers: {
+        deepseek: { access_token: 'keep-default-token' },
+      },
+      credential_pool: {
+        deepseek: [{ label: 'keep-default' }],
+      },
+    })
+
+    const researchEnvAfter = readFileSync(join(researchDir, '.env'), 'utf-8')
+    expect(researchEnvAfter).not.toContain('DEEPSEEK_API_KEY')
+    expect(researchEnvAfter).toContain(['OPENROUTER_API_KEY', 'keep-research-openrouter'].join('='))
+    const researchConfigAfter = readFileSync(join(researchDir, 'config.yaml'), 'utf-8')
+    expect(researchConfigAfter).toContain('keep-provider')
+    expect(researchConfigAfter).toContain('keep-model')
+    const researchAuthAfter = readAuth(researchDir)
+    expect(researchAuthAfter.providers).not.toHaveProperty('deepseek')
+    expect(researchAuthAfter.credential_pool).not.toHaveProperty('deepseek')
+    expect(researchAuthAfter.providers.openrouter).toEqual({ access_token: 'keep-research-token' })
+    expect(researchAuthAfter.credential_pool.openrouter).toEqual([{ label: 'keep-research' }])
+  })
+})
diff --git a/tests/server/provider-update-controller.test.ts b/tests/server/provider-update-controller.test.ts
new file mode 100644
index 0000000..957da80
--- /dev/null
+++ b/tests/server/provider-update-controller.test.ts
@@ -0,0 +1,103 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+import YAML from 'js-yaml'
+
+vi.mock('../../packages/server/src/services/hermes/hermes-cli', () => ({
+  restartGateway: vi.fn().mockResolvedValue(undefined),
+}))
+
+let hermesHome = ''
+
+async function loadProvidersController() {
+  vi.resetModules()
+  process.env.HERMES_HOME = hermesHome
+  return import('../../packages/server/src/controllers/hermes/providers')
+}
+
+function makeCtx(poolKey: string, body: Record<string, any>, profile = 'research') {
+  return {
+    params: { poolKey: encodeURIComponent(poolKey) },
+    request: { body },
+    state: { profile: { name: profile } },
+    status: 200,
+    body: undefined as unknown,
+  }
+}
+
+function readYaml(filePath: string) {
+  return YAML.load(readFileSync(filePath, 'utf-8')) as any
+}
+
+describe('providers controller update', () => {
+  beforeEach(() => {
+    hermesHome = mkdtempSync(join(tmpdir(), 'hwui-provider-update-'))
+    mkdirSync(join(hermesHome, 'profiles', 'research'), { recursive: true })
+    writeFileSync(join(hermesHome, 'config.yaml'), 'model:\n  provider: deepseek\n  default: keep-default-model\n')
+    writeFileSync(join(hermesHome, '.env'), [
+      'DEEPSEEK_API_KEY=keep-default-key',
+      '',
+    ].join('\n'))
+    writeFileSync(join(hermesHome, 'profiles', 'research', 'config.yaml'), [
+      'model:',
+      '  provider: custom:research-proxy',
+      '  default: research-model',
+      'custom_providers:',
+      '  - name: research-proxy',
+      '    base_url: https://research.invalid/v1',
+      '    api_key: old-research-custom-key',
+      '    model: research-model',
+      '',
+    ].join('\n'))
+    writeFileSync(join(hermesHome, 'profiles', 'research', '.env'), [
+      'DEEPSEEK_API_KEY=old-research-key',
+      '',
+    ].join('\n'))
+  })
+
+  afterEach(() => {
+    delete process.env.HERMES_HOME
+    vi.doUnmock('../../packages/server/src/controllers/hermes/providers')
+    vi.clearAllMocks()
+    if (hermesHome) rmSync(hermesHome, { recursive: true, force: true })
+    hermesHome = ''
+  })
+
+  it('updates built-in provider API keys in the request-scoped profile env only', async () => {
+    const { update } = await loadProvidersController()
+    const ctx = makeCtx('deepseek', { api_key: 'new-research-key' })
+
+    await update(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    expect(readFileSync(join(hermesHome, '.env'), 'utf-8')).toContain('DEEPSEEK_API_KEY=keep-default-key')
+    expect(readFileSync(join(hermesHome, 'profiles', 'research', '.env'), 'utf-8')).toContain('DEEPSEEK_API_KEY=new-research-key')
+  })
+
+  it('updates custom provider API keys in the request-scoped profile config only', async () => {
+    const defaultConfigPath = join(hermesHome, 'config.yaml')
+    writeFileSync(defaultConfigPath, [
+      'model:',
+      '  provider: custom:research-proxy',
+      '  default: default-model',
+      'custom_providers:',
+      '  - name: research-proxy',
+      '    base_url: https://default.invalid/v1',
+      '    api_key: keep-default-custom-key',
+      '    model: default-model',
+      '',
+    ].join('\n'))
+
+    const { update } = await loadProvidersController()
+    const ctx = makeCtx('custom:research-proxy', { api_key: 'new-research-custom-key' })
+
+    await update(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    const defaultConfig = readYaml(defaultConfigPath)
+    const researchConfig = readYaml(join(hermesHome, 'profiles', 'research', 'config.yaml'))
+    expect(defaultConfig.custom_providers[0].api_key).toBe('keep-default-custom-key')
+    expect(researchConfig.custom_providers[0].api_key).toBe('new-research-custom-key')
+  })
+})
diff --git a/tests/server/proxy-handler.test.ts b/tests/server/proxy-handler.test.ts
new file mode 100644
index 0000000..2ac6125
--- /dev/null
+++ b/tests/server/proxy-handler.test.ts
@@ -0,0 +1,436 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+// Mock updateUsage so we can assert calls without real DB
+const { mockUpdateUsage } = vi.hoisted(() => ({
+  mockUpdateUsage: vi.fn(),
+}))
+vi.mock('../../packages/server/src/db/hermes/usage-store', () => ({
+  updateUsage: mockUpdateUsage,
+}))
+
+const mockFetch = vi.fn()
+vi.stubGlobal('fetch', mockFetch)
+
+import { proxy, setGatewayManagerForTest, setRunSession } from '../../packages/server/src/routes/hermes/proxy-handler'
+
+function createMockCtx(overrides: Record<string, any> = {}) {
+  const ctx: any = {
+    path: '/api/hermes/jobs',
+    method: 'GET',
+    headers: { host: 'localhost:8648', 'content-type': 'application/json' },
+    query: {},
+    search: '',
+    req: { method: 'GET' },
+    res: {
+      write: vi.fn(),
+      end: vi.fn(),
+      headersSent: false,
+      writableEnded: false,
+    },
+    request: { rawBody: undefined },
+    status: 200,
+    set: vi.fn(),
+    body: null,
+    ...overrides,
+  }
+  ctx.get = (name: string) => {
+    const match = Object.entries(ctx.headers).find(([key]) => key.toLowerCase() === name.toLowerCase())
+    const value = match?.[1]
+    return Array.isArray(value) ? value[0] : value || ''
+  }
+  return ctx
+}
+
+/**
+ * Helper: create a ReadableStream from string chunks.
+ * Each chunk is a Uint8Array segment delivered sequentially.
+ */
+function createSSEBody(events: string[]): ReadableStream<Uint8Array> {
+  const encoder = new TextEncoder()
+  let idx = 0
+  return new ReadableStream({
+    pull(controller) {
+      if (idx < events.length) {
+        controller.enqueue(encoder.encode(events[idx]))
+        idx++
+      } else {
+        controller.close()
+      }
+    },
+  })
+}
+
+describe('Proxy Handler', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    setGatewayManagerForTest({
+      getUpstream: () => 'http://127.0.0.1:8642',
+      getApiKey: () => null,
+    })
+  })
+
+  it('rewrites /api/hermes/v1/* to /v1/*', async () => {
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'application/json' }),
+      body: null,
+      json: () => Promise.resolve({ ok: true }),
+    })
+
+    const ctx = createMockCtx({ path: '/api/hermes/v1/runs', search: '' })
+    await proxy(ctx)
+
+    expect(mockFetch).toHaveBeenCalledOnce()
+    const url = mockFetch.mock.calls[0][0]
+    expect(url).toContain('/v1/runs')
+    expect(url).not.toContain('/api/hermes')
+  })
+
+  it('rewrites /api/hermes/* to /api/*', async () => {
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'application/json' }),
+      body: null,
+      json: () => Promise.resolve({ ok: true }),
+    })
+
+    const ctx = createMockCtx({ path: '/api/hermes/jobs', search: '' })
+    await proxy(ctx)
+
+    const url = mockFetch.mock.calls[0][0]
+    expect(url).toContain('/api/jobs')
+    expect(url).not.toContain('/api/hermes')
+  })
+
+  it('strips authorization header', async () => {
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'application/json' }),
+      body: null,
+      json: () => Promise.resolve({}),
+    })
+
+    const ctx = createMockCtx({
+      headers: { host: 'localhost:8648', authorization: 'Bearer web-ui-token' },
+    })
+    await proxy(ctx)
+
+    const [, options] = mockFetch.mock.calls[0]
+    expect(options.headers.authorization).toBeUndefined()
+  })
+
+  it('replaces host header with upstream host', async () => {
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'application/json' }),
+      body: null,
+      json: () => Promise.resolve({}),
+    })
+
+    const ctx = createMockCtx()
+    await proxy(ctx)
+
+    const [, options] = mockFetch.mock.calls[0]
+    expect(options.headers.host).toBe('127.0.0.1:8642')
+  })
+
+  it('forwards query string while stripping the web-ui token parameter', async () => {
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'text/event-stream' }),
+      body: null,
+      json: () => Promise.resolve({}),
+    })
+
+    const ctx = createMockCtx({ search: '?include_disabled=true&token=web-ui-token&profile=work' })
+    await proxy(ctx)
+
+    const url = mockFetch.mock.calls[0][0]
+    expect(url).toContain('?include_disabled=true')
+    expect(url).toContain('profile=work')
+    expect(url).not.toContain('token=')
+  })
+
+  it('returns 502 on connection failure', async () => {
+    mockFetch.mockImplementation((url: string) => {
+      if (typeof url === 'string' && url.includes('/health')) {
+        return Promise.resolve({ ok: true })
+      }
+      return Promise.reject(new Error('ECONNREFUSED'))
+    })
+
+    const ctx = createMockCtx()
+    await proxy(ctx)
+
+    expect(ctx.status).toBe(502)
+    expect(ctx.body).toEqual({ error: { message: 'Proxy error: ECONNREFUSED' } })
+  })
+
+  it('passes through non-200 status codes', async () => {
+    mockFetch.mockResolvedValue({
+      status: 404,
+      headers: new Headers({ 'content-type': 'application/json' }),
+      body: null,
+      json: () => Promise.resolve({ error: 'Not found' }),
+    })
+
+    const ctx = createMockCtx()
+    await proxy(ctx)
+
+    expect(ctx.status).toBe(404)
+  })
+})
+
+describe('POST /v1/runs — session_id capture', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('captures run_id → session_id mapping from POST /v1/runs', async () => {
+    const runId = 'run-abc-123'
+    const sessionId = 'session-xyz'
+    const responseBody = JSON.stringify({ run_id: runId, status: 'queued' })
+
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'application/json' }),
+      text: () => Promise.resolve(responseBody),
+      body: null,
+    })
+
+    const ctx = createMockCtx({
+      path: '/api/hermes/v1/runs',
+      req: { method: 'POST' },
+      request: {
+        body: { session_id: sessionId, input: 'hello', model: 'gpt-4' },
+      },
+    })
+
+    await proxy(ctx)
+
+    // Verify the response was forwarded to client
+    expect(ctx.res.write).toHaveBeenCalledWith(responseBody)
+    expect(ctx.res.end).toHaveBeenCalled()
+  })
+
+  it('falls through to normal stream when POST body has no session_id', async () => {
+    const responseBody = JSON.stringify({ run_id: 'r1', status: 'queued' })
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'application/json' }),
+      text: () => Promise.resolve(responseBody),
+      body: null,
+    })
+
+    const ctx = createMockCtx({
+      path: '/api/hermes/v1/runs',
+      req: { method: 'POST' },
+      request: { body: { input: 'hello' } }, // no session_id
+    })
+
+    await proxy(ctx)
+
+    // Should still forward the response
+    expect(ctx.res.end).toHaveBeenCalled()
+  })
+
+  it('serializes parsed JSON body when rawBody is not available', async () => {
+    const responseBody = JSON.stringify({ run_id: 'r1', status: 'queued' })
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'application/json' }),
+      body: {
+        getReader: () => {
+          const encoder = new TextEncoder()
+          let done = false
+          return {
+            read: () => {
+              if (done) return Promise.resolve({ done: true, value: undefined })
+              done = true
+              return Promise.resolve({ done: false, value: encoder.encode(responseBody) })
+            },
+          }
+        },
+      },
+    })
+
+    const ctx = createMockCtx({
+      path: '/api/hermes/v1/runs',
+      req: { method: 'POST' },
+      request: { body: { session_id: 's1', input: 'test' } },
+    })
+
+    await proxy(ctx)
+
+    // Verify fetch was called with stringified body
+    const [, options] = mockFetch.mock.calls[0]
+    expect(typeof options.body).toBe('string')
+    const parsed = JSON.parse(options.body)
+    expect(parsed.session_id).toBe('s1')
+    expect(parsed.input).toBe('test')
+  })
+})
+
+describe('SSE stream interception — run.completed', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('intercepts run.completed and calls updateUsage', async () => {
+    const runId = 'run-test-1'
+    const sessionId = 'session-test-1'
+
+    // Pre-populate the run → session mapping
+    setRunSession(runId, sessionId)
+
+    const sseData = [
+      `data: ${JSON.stringify({ event: 'run.started', run_id: runId })}\n\n`,
+      `data: ${JSON.stringify({ event: 'message.delta', run_id: runId, delta: 'Hello' })}\n\n`,
+      `data: ${JSON.stringify({ event: 'run.completed', run_id: runId, usage: { input_tokens: 13949, output_tokens: 45, total_tokens: 13994 } })}\n\n`,
+    ]
+
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'text/event-stream' }),
+      body: createSSEBody(sseData),
+    })
+
+    const ctx = createMockCtx({
+      path: `/api/hermes/v1/runs/${runId}/events`,
+      search: `?token=test&profile=default`,
+    })
+
+    await proxy(ctx)
+
+    // Verify updateUsage was called with correct values
+    expect(mockUpdateUsage).toHaveBeenCalledWith(sessionId, {
+      inputTokens: 13949,
+      outputTokens: 45,
+      cacheReadTokens: undefined,
+      cacheWriteTokens: undefined,
+      reasoningTokens: undefined,
+      model: '',
+      profile: 'default',
+    })
+    // Verify SSE data was forwarded to client
+    expect(ctx.res.write).toHaveBeenCalled()
+    expect(ctx.res.end).toHaveBeenCalled()
+  })
+
+  it('does not call updateUsage when no mapping exists', async () => {
+    const sseData = [
+      `data: ${JSON.stringify({ event: 'run.completed', run_id: 'unknown-run', usage: { input_tokens: 100, output_tokens: 50, total_tokens: 150 } })}\n\n`,
+    ]
+
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'text/event-stream' }),
+      body: createSSEBody(sseData),
+    })
+
+    const ctx = createMockCtx({
+      path: '/api/hermes/v1/runs/unknown-run/events',
+      search: '',
+    })
+
+    await proxy(ctx)
+
+    expect(mockUpdateUsage).not.toHaveBeenCalled()
+  })
+
+  it('does not call updateUsage for non-run.completed events', async () => {
+    const runId = 'run-no-complete'
+    setRunSession(runId, 'session-x')
+
+    const sseData = [
+      `data: ${JSON.stringify({ event: 'run.started', run_id: runId })}\n\n`,
+      `data: ${JSON.stringify({ event: 'message.delta', run_id: runId, delta: 'Hi' })}\n\n`,
+      `data: ${JSON.stringify({ event: 'run.failed', run_id: runId, error: 'timeout' })}\n\n`,
+    ]
+
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'text/event-stream' }),
+      body: createSSEBody(sseData),
+    })
+
+    const ctx = createMockCtx({
+      path: `/api/hermes/v1/runs/${runId}/events`,
+      search: '',
+    })
+
+    await proxy(ctx)
+
+    expect(mockUpdateUsage).not.toHaveBeenCalled()
+  })
+
+  it('handles SSE with multiple events in a single chunk', async () => {
+    const runId = 'run-multi'
+    setRunSession(runId, 'session-multi')
+
+    // All events in one chunk
+    const singleChunk = [
+      `data: ${JSON.stringify({ event: 'message.delta', run_id: runId, delta: 'A' })}\n\n`,
+      `data: ${JSON.stringify({ event: 'message.delta', run_id: runId, delta: 'B' })}\n\n`,
+      `data: ${JSON.stringify({ event: 'run.completed', run_id: runId, usage: { input_tokens: 500, output_tokens: 100, total_tokens: 600 } })}\n\n`,
+    ].join('')
+
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'text/event-stream' }),
+      body: createSSEBody([singleChunk]),
+    })
+
+    const ctx = createMockCtx({
+      path: `/api/hermes/v1/runs/${runId}/events`,
+      search: '',
+    })
+
+    await proxy(ctx)
+
+    expect(mockUpdateUsage).toHaveBeenCalledWith('session-multi', {
+      inputTokens: 500,
+      outputTokens: 100,
+      cacheReadTokens: undefined,
+      cacheWriteTokens: undefined,
+      reasoningTokens: undefined,
+      model: '',
+      profile: 'default',
+    })
+  })
+
+  it('handles SSE split across multiple chunks', async () => {
+    const runId = 'run-split'
+    setRunSession(runId, 'session-split')
+
+    const completedJson = JSON.stringify({ event: 'run.completed', run_id: runId, usage: { input_tokens: 200, output_tokens: 50, total_tokens: 250 } })
+    const sseEvent = `data: ${completedJson}\n\n`
+
+    // Split the event across two chunks
+    const chunk1 = sseEvent.slice(0, 30)
+    const chunk2 = sseEvent.slice(30)
+
+    mockFetch.mockResolvedValue({
+      status: 200,
+      headers: new Headers({ 'content-type': 'text/event-stream' }),
+      body: createSSEBody([chunk1, chunk2]),
+    })
+
+    const ctx = createMockCtx({
+      path: `/api/hermes/v1/runs/${runId}/events`,
+      search: '',
+    })
+
+    await proxy(ctx)
+
+    expect(mockUpdateUsage).toHaveBeenCalledWith('session-split', {
+      inputTokens: 200,
+      outputTokens: 50,
+      cacheReadTokens: undefined,
+      cacheWriteTokens: undefined,
+      reasoningTokens: undefined,
+      model: '',
+      profile: 'default',
+    })
+  })
+})
diff --git a/tests/server/run-chat-abort-goal.test.ts b/tests/server/run-chat-abort-goal.test.ts
new file mode 100644
index 0000000..f53bfc8
--- /dev/null
+++ b/tests/server/run-chat-abort-goal.test.ts
@@ -0,0 +1,88 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const updateSessionStatsMock = vi.fn()
+const flushBridgePendingToDbMock = vi.fn()
+const flushResponseRunToDbMock = vi.fn()
+const replaceStateMock = vi.fn()
+const calcAndUpdateUsageMock = vi.fn()
+
+vi.mock('../../packages/server/src/db/hermes/session-store', () => ({
+  updateSessionStats: updateSessionStatsMock,
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: { info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() },
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/bridge-message', () => ({
+  flushBridgePendingToDb: flushBridgePendingToDbMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/response-stream', () => ({
+  flushResponseRunToDb: flushResponseRunToDbMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/compression', () => ({
+  replaceState: replaceStateMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/usage', () => ({
+  calcAndUpdateUsage: calcAndUpdateUsageMock,
+}))
+
+function makeHarness() {
+  const emit = vi.fn()
+  const nsp = {
+    adapter: { rooms: new Map([['session:session-1', new Set(['socket-1'])]]) },
+    to: vi.fn(() => ({ emit })),
+  }
+  const socket = {
+    connected: true,
+    emit: vi.fn(),
+  }
+  return { emit, nsp, socket }
+}
+
+describe('run chat abort goal handling', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 0, outputTokens: 0 })
+  })
+
+  it('pauses an active goal and clears hidden goal continuations when aborting a CLI run', async () => {
+    const { handleAbort } = await import('../../packages/server/src/services/hermes/run-chat/abort')
+    const { emit, nsp, socket } = makeHarness()
+    const state = {
+      messages: [],
+      isWorking: true,
+      isAborting: false,
+      events: [],
+      queue: [
+        { queue_id: 'goal-1', input: 'continue goal', profile: 'default', goalContinuation: true },
+        { queue_id: 'user-1', input: 'normal follow-up', profile: 'default', source: 'cli' },
+      ],
+      runId: 'run-1',
+      profile: 'default',
+      source: 'cli',
+    } as any
+    const sessionMap = new Map([['session-1', state]])
+    const bridge = {
+      interrupt: vi.fn().mockResolvedValue({ ok: true }),
+      goalPause: vi.fn().mockResolvedValue({ handled: true, status: 'paused', reason: 'user-interrupted' }),
+    }
+    const runQueuedItem = vi.fn()
+
+    await handleAbort(nsp as any, socket as any, 'session-1', sessionMap, bridge, runQueuedItem)
+
+    expect(bridge.interrupt).toHaveBeenCalledWith('session-1', 'Aborted by user', 'default')
+    expect(bridge.goalPause).toHaveBeenCalledWith('session-1', 'user-interrupted', 'default')
+    expect(runQueuedItem).toHaveBeenCalledWith(socket, 'session-1', expect.objectContaining({
+      queue_id: 'user-1',
+    }), 'default')
+    expect(state.queue).toEqual([])
+    expect(emit).toHaveBeenCalledWith('abort.completed', expect.objectContaining({
+      session_id: 'session-1',
+      synced: true,
+    }))
+  })
+})
diff --git a/tests/server/run-chat-bridge-delta.test.ts b/tests/server/run-chat-bridge-delta.test.ts
new file mode 100644
index 0000000..286238a
--- /dev/null
+++ b/tests/server/run-chat-bridge-delta.test.ts
@@ -0,0 +1,48 @@
+import { describe, expect, it } from 'vitest'
+
+import { filterBridgeToolCallMarkupDelta, flushPendingToolCallMarkup } from '../../packages/server/src/services/hermes/run-chat/bridge-delta'
+
+describe('run-chat bridge delta filtering', () => {
+  it('keeps ordinary assistant text', () => {
+    const state = {}
+
+    expect(filterBridgeToolCallMarkupDelta(state, 'hello')).toBe('hello')
+    expect(filterBridgeToolCallMarkupDelta(state, ' world')).toBe(' world')
+  })
+
+  it('removes complete textual tool-call markup from bridge deltas', () => {
+    const state = {}
+    const delta = 'Before\n[Calling tool: terminal with arguments: {"cmd":"pwd"}]\nAfter'
+
+    expect(filterBridgeToolCallMarkupDelta(state, delta)).toBe('Before\nAfter')
+  })
+
+  it('removes tool-call markup split across multiple chunks', () => {
+    const state = {}
+
+    expect(filterBridgeToolCallMarkupDelta(state, '[Calling tool: terminal with arguments: {"cmd"')).toBe('')
+    expect(filterBridgeToolCallMarkupDelta(state, ':"pwd"}]\nDone')).toBe('Done')
+  })
+
+  it('keeps json arrays and brackets inside tool arguments from leaking', () => {
+    const state = {}
+    const delta = '[Calling tool: terminal with arguments: {"cmd":"printf \\"[x]\\"","items":["a","b"]}]\nDone'
+
+    expect(filterBridgeToolCallMarkupDelta(state, delta)).toBe('Done')
+  })
+
+  it('holds a partial marker suffix until the next chunk', () => {
+    const state = {}
+
+    expect(filterBridgeToolCallMarkupDelta(state, 'Text [Call')).toBe('Text ')
+    expect(filterBridgeToolCallMarkupDelta(state, 'ing tool: terminal with arguments: {}]\nDone')).toBe('Done')
+  })
+
+  it('flushes an orphan partial marker suffix when no text chunk follows', () => {
+    const state = {}
+
+    expect(filterBridgeToolCallMarkupDelta(state, 'Text [Call')).toBe('Text ')
+    expect(flushPendingToolCallMarkup(state)).toBe('[Call')
+    expect(flushPendingToolCallMarkup(state)).toBe('')
+  })
+})
diff --git a/tests/server/run-chat-bridge-final-context.test.ts b/tests/server/run-chat-bridge-final-context.test.ts
new file mode 100644
index 0000000..8ce0155
--- /dev/null
+++ b/tests/server/run-chat-bridge-final-context.test.ts
@@ -0,0 +1,681 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const getSystemPromptMock = vi.fn()
+const getSessionMock = vi.fn()
+const createSessionMock = vi.fn()
+const addMessageMock = vi.fn()
+const updateSessionMock = vi.fn()
+const updateSessionStatsMock = vi.fn()
+const updateUsageMock = vi.fn()
+const buildCompressedHistoryMock = vi.fn()
+const buildDbHistoryMock = vi.fn()
+const buildSnapshotAwareHistoryMock = vi.fn(async (_sessionId: string, _profile: string, history: any[]) => history)
+const pushStateMock = vi.fn()
+const replaceStateMock = vi.fn()
+const forceCompressBridgeHistoryMock = vi.fn()
+const calcAndUpdateUsageMock = vi.fn()
+const estimateUsageTokensFromMessagesMock = vi.fn()
+const updateContextTokenUsageMock = vi.fn((sid: string, state: any, emit: any, contextTokens: number, usage?: { inputTokens: number; outputTokens: number }) => {
+  state.contextTokens = contextTokens
+  emit('usage.updated', {
+    event: 'usage.updated',
+    session_id: sid,
+    inputTokens: usage?.inputTokens ?? state.inputTokens ?? 0,
+    outputTokens: usage?.outputTokens ?? state.outputTokens ?? 0,
+    contextTokens,
+  })
+  return contextTokens
+})
+const getCachedBridgeContextOverheadMock = vi.fn(() => undefined)
+const contextTokensWithCachedOverheadMock = vi.fn((_state: any, messageTokens: number) => messageTokens)
+const updateMessageContextTokenUsageMock = vi.fn((sid: string, state: any, emit: any, messageTokens: number, usage?: { inputTokens: number; outputTokens: number }) => updateContextTokenUsageMock(sid, state, emit, messageTokens, usage))
+const flushBridgePendingToDbMock = vi.fn()
+const ensureOpenBridgeAssistantMessageMock = vi.fn()
+const syncBridgeReasoningToMessageMock = vi.fn()
+const recordBridgeToolStartedMock = vi.fn()
+const recordBridgeToolCompletedMock = vi.fn()
+const resolveBridgeRunModelConfigMock = vi.fn()
+
+vi.mock('../../packages/server/src/lib/llm-prompt', () => ({
+  getSystemPrompt: getSystemPromptMock,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/session-store', () => ({
+  getSession: getSessionMock,
+  createSession: createSessionMock,
+  addMessage: addMessageMock,
+  updateSession: updateSessionMock,
+  updateSessionStats: updateSessionStatsMock,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/usage-store', () => ({
+  updateUsage: updateUsageMock,
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: { info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() },
+  bridgeLogger: { info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() },
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/compression', () => ({
+  buildCompressedHistory: buildCompressedHistoryMock,
+  buildDbHistory: buildDbHistoryMock,
+  buildSnapshotAwareHistory: buildSnapshotAwareHistoryMock,
+  pushState: pushStateMock,
+  replaceState: replaceStateMock,
+  forceCompressBridgeHistory: forceCompressBridgeHistoryMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/usage', () => ({
+  calcAndUpdateUsage: calcAndUpdateUsageMock,
+  estimateUsageTokensFromMessages: estimateUsageTokensFromMessagesMock,
+  getCachedBridgeContextOverhead: getCachedBridgeContextOverheadMock,
+  contextTokensWithCachedOverhead: contextTokensWithCachedOverheadMock,
+  updateContextTokenUsage: updateContextTokenUsageMock,
+  updateMessageContextTokenUsage: updateMessageContextTokenUsageMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/bridge-message', () => ({
+  flushBridgePendingToDb: flushBridgePendingToDbMock,
+  ensureOpenBridgeAssistantMessage: ensureOpenBridgeAssistantMessageMock,
+  syncBridgeReasoningToMessage: syncBridgeReasoningToMessageMock,
+  recordBridgeToolStarted: recordBridgeToolStartedMock,
+  recordBridgeToolCompleted: recordBridgeToolCompletedMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/model-config', () => ({
+  resolveBridgeRunModelConfig: resolveBridgeRunModelConfigMock,
+}))
+
+function makeSocket() {
+  return {
+    connected: true,
+    emit: vi.fn(),
+    join: vi.fn(),
+    to: vi.fn(() => ({ emit: vi.fn() })),
+  } as any
+}
+
+function makeNamespace(emit: ReturnType<typeof vi.fn>) {
+  const room = new Set(['socket-1'])
+  return {
+    adapter: { rooms: new Map([['session:session-1', room]]) },
+    to: vi.fn(() => ({ emit })),
+  } as any
+}
+
+function makeState() {
+  return {
+    messages: [],
+    isWorking: false,
+    events: [],
+    queue: [],
+  } as any
+}
+
+describe('bridge run final context usage', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    getSystemPromptMock.mockReturnValue('system prompt')
+    getSessionMock.mockReturnValue({ id: 'session-1', profile: 'default', model: '', provider: '' })
+    resolveBridgeRunModelConfigMock.mockResolvedValue({ model: 'gpt-test', provider: 'openai' })
+    buildCompressedHistoryMock.mockResolvedValue([{ role: 'user', content: 'previous' }])
+    buildDbHistoryMock.mockResolvedValue([
+      { role: 'user', content: 'hello' },
+      { role: 'assistant', content: 'done' },
+    ])
+    buildSnapshotAwareHistoryMock.mockImplementation(async (_sessionId: string, _profile: string, history: any[]) => history)
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 11, outputTokens: 7 })
+    estimateUsageTokensFromMessagesMock.mockReturnValue({ inputTokens: 11, outputTokens: 7 })
+    getCachedBridgeContextOverheadMock.mockImplementation((state: any) => {
+      const fixed = state?.bridgeContext?.fixedContextTokens
+      return typeof fixed === 'number' ? fixed : undefined
+    })
+    contextTokensWithCachedOverheadMock.mockImplementation((state: any, messageTokens: number) => {
+      const fixed = state?.bridgeContext?.fixedContextTokens
+      return typeof fixed === 'number' ? fixed + messageTokens : messageTokens
+    })
+    updateMessageContextTokenUsageMock.mockImplementation((sid: string, state: any, emit: any, messageTokens: number, usage?: { inputTokens: number; outputTokens: number }) => {
+      const contextTokens = contextTokensWithCachedOverheadMock(state, messageTokens)
+      return updateContextTokenUsageMock(sid, state, emit, contextTokens, usage)
+    })
+  })
+
+  it('refreshes full context tokens when a bridge run completes', async () => {
+    const emit = vi.fn()
+    const nsp = makeNamespace(emit)
+    const socket = makeSocket()
+    const state = makeState()
+    const sessionMap = new Map([['session-1', state]])
+    const bridge = {
+      chat: vi.fn().mockResolvedValue({ run_id: 'run-1', status: 'started' }),
+      contextEstimate: vi.fn().mockResolvedValue({
+        token_count: 12345,
+        fixed_context_tokens: 12327,
+        message_count: 2,
+        tool_count: 4,
+        system_prompt_chars: 13,
+      }),
+      streamOutput: vi.fn(async function* () {
+        yield { run_id: 'run-1', done: true, status: 'completed', output: 'done' }
+      }),
+    } as any
+
+    const { handleBridgeRun } = await import('../../packages/server/src/services/hermes/run-chat/handle-bridge-run')
+    await handleBridgeRun(
+      nsp,
+      socket,
+      { input: 'hello', session_id: 'session-1' },
+      'default',
+      sessionMap,
+      bridge,
+      false,
+      vi.fn(),
+      vi.fn(),
+    )
+
+    expect(bridge.contextEstimate).toHaveBeenCalledWith(
+      'session-1',
+      [],
+      expect.stringContaining('[Current Hermes profile: default]'),
+      'default',
+      { model: 'gpt-test', provider: 'openai' },
+    )
+    expect(bridge.contextEstimate.mock.calls[0][2]).toContain('system prompt')
+    expect(bridge.contextEstimate.mock.calls[0][2]).toContain('X-Hermes-Profile')
+    expect(state.contextTokens).toBe(12345)
+    expect(emit).toHaveBeenCalledWith('usage.updated', expect.objectContaining({
+      inputTokens: 11,
+      outputTokens: 7,
+      contextTokens: 12345,
+    }))
+    expect(emit).toHaveBeenCalledWith('run.completed', expect.objectContaining({
+      inputTokens: 11,
+      outputTokens: 7,
+      contextTokens: 12345,
+    }))
+  })
+
+  it('evaluates active goals after a successful bridge run and queues continuation prompts', async () => {
+    const emit = vi.fn()
+    const nsp = makeNamespace(emit)
+    const socket = makeSocket()
+    const state = makeState()
+    const sessionMap = new Map([['session-1', state]])
+    const dequeueNextQueuedRun = vi.fn()
+    addMessageMock.mockReturnValue(42)
+    const bridge = {
+      chat: vi.fn().mockResolvedValue({ run_id: 'run-1', status: 'started' }),
+      contextEstimate: vi.fn().mockResolvedValue({
+        token_count: 12345,
+        message_count: 2,
+        tool_count: 4,
+        system_prompt_chars: 13,
+      }),
+      goalEvaluate: vi.fn().mockResolvedValue({
+        handled: true,
+        should_continue: true,
+        continuation_prompt: '[Continuing toward your standing goal]\nGoal: fix tests',
+        message: '↻ Continuing toward goal (1/20): tests still fail',
+        verdict: 'continue',
+      }),
+      streamOutput: vi.fn(async function* () {
+        yield {
+          run_id: 'run-1',
+          done: true,
+          status: 'completed',
+          output: 'not finished',
+          result: { final_response: 'not finished' },
+        }
+      }),
+    } as any
+
+    const { handleBridgeRun } = await import('../../packages/server/src/services/hermes/run-chat/handle-bridge-run')
+    await handleBridgeRun(
+      nsp,
+      socket,
+      {
+        input: 'hello',
+        session_id: 'session-1',
+        model_groups: [{ provider: 'openai', models: ['gpt-test'] }],
+      },
+      'default',
+      sessionMap,
+      bridge,
+      false,
+      vi.fn(),
+      dequeueNextQueuedRun,
+    )
+
+    expect(bridge.goalEvaluate).toHaveBeenCalledWith('session-1', 'not finished', 'default')
+    expect(addMessageMock).toHaveBeenCalledWith(expect.objectContaining({
+      session_id: 'session-1',
+      role: 'command',
+      content: '↻ Continuing toward goal (1/20): tests still fail',
+    }))
+    expect(emit).toHaveBeenCalledWith('session.command', expect.objectContaining({
+      command: 'goal',
+      action: 'continue',
+      message: '↻ Continuing toward goal (1/20): tests still fail',
+    }))
+    expect(state.queue).toEqual([expect.objectContaining({
+      input: '[Continuing toward your standing goal]\nGoal: fix tests',
+      displayInput: null,
+      storageMessage: '[Continuing toward your standing goal]\nGoal: fix tests',
+      model: 'gpt-test',
+      provider: 'openai',
+      model_groups: [{ provider: 'openai', models: ['gpt-test'] }],
+      goalContinuation: true,
+    })])
+    expect(dequeueNextQueuedRun).toHaveBeenCalledWith(socket, 'session-1')
+  })
+
+  it('skips hidden goal continuation runs without pausing when the judge is unavailable', async () => {
+    const emit = vi.fn()
+    const nsp = makeNamespace(emit)
+    const socket = makeSocket()
+    const state = makeState()
+    const sessionMap = new Map([['session-1', state]])
+    const dequeueNextQueuedRun = vi.fn()
+    addMessageMock.mockReturnValue(43)
+    const bridge = {
+      chat: vi.fn().mockResolvedValue({ run_id: 'run-1', status: 'started' }),
+      command: vi.fn(),
+      contextEstimate: vi.fn().mockResolvedValue({
+        token_count: 12345,
+        message_count: 2,
+        tool_count: 4,
+        system_prompt_chars: 13,
+      }),
+      goalEvaluate: vi.fn().mockResolvedValue({
+        handled: true,
+        should_continue: true,
+        continuation_prompt: '[Continuing toward your standing goal]\nGoal: fix tests',
+        message: '↻ Continuing toward goal (1/20): no auxiliary client configured',
+        verdict: 'continue',
+        reason: 'no auxiliary client configured',
+      }),
+      streamOutput: vi.fn(async function* () {
+        yield {
+          run_id: 'run-1',
+          done: true,
+          status: 'completed',
+          output: 'done',
+          result: { final_response: 'done' },
+        }
+      }),
+    } as any
+
+    const { handleBridgeRun } = await import('../../packages/server/src/services/hermes/run-chat/handle-bridge-run')
+    await handleBridgeRun(
+      nsp,
+      socket,
+      { input: 'hello', session_id: 'session-1' },
+      'default',
+      sessionMap,
+      bridge,
+      false,
+      vi.fn(),
+      dequeueNextQueuedRun,
+    )
+
+    expect(bridge.command).not.toHaveBeenCalled()
+    expect(state.queue).toEqual([])
+    expect(dequeueNextQueuedRun).not.toHaveBeenCalled()
+    expect(emit).toHaveBeenCalledWith('session.command', expect.objectContaining({
+      command: 'goal',
+      action: 'judge_unavailable',
+      message: 'Goal judge is not configured; automatic goal continuation was skipped. The goal remains active, but Hermes cannot mark it done automatically.',
+    }))
+  })
+
+  it('uses cached fixed context instead of bridge estimate when available', async () => {
+    const emit = vi.fn()
+    const nsp = makeNamespace(emit)
+    const socket = makeSocket()
+    const state = makeState()
+    const sessionMap = new Map([['session-1', state]])
+    const bridge = {
+      chat: vi.fn().mockResolvedValue({ run_id: 'run-1', status: 'started' }),
+      contextEstimate: vi.fn(),
+      streamOutput: vi.fn(async function* () {
+        yield {
+          run_id: 'run-1',
+          done: false,
+          status: 'running',
+          events: [{
+            event: 'bridge.context.ready',
+            fixed_context_tokens: 20_000,
+            system_prompt_tokens: 3_000,
+            tool_tokens: 17_000,
+          }],
+        }
+        yield { run_id: 'run-1', done: true, status: 'completed', output: 'done' }
+      }),
+    } as any
+
+    const { handleBridgeRun } = await import('../../packages/server/src/services/hermes/run-chat/handle-bridge-run')
+    await handleBridgeRun(
+      nsp,
+      socket,
+      { input: 'hello', session_id: 'session-1' },
+      'default',
+      sessionMap,
+      bridge,
+      false,
+      vi.fn(),
+      vi.fn(),
+    )
+
+    expect(bridge.contextEstimate).not.toHaveBeenCalled()
+    expect(updateMessageContextTokenUsageMock).toHaveBeenCalledWith(
+      'session-1',
+      state,
+      expect.any(Function),
+      18,
+      { inputTokens: 11, outputTokens: 7 },
+    )
+    expect(state.contextTokens).toBe(20_018)
+    expect(emit).toHaveBeenCalledWith('run.completed', expect.objectContaining({
+      contextTokens: 20_018,
+    }))
+  })
+
+  it('keeps bridge context ready updates on the snapshot-aware token baseline', async () => {
+    const emit = vi.fn()
+    const nsp = makeNamespace(emit)
+    const socket = makeSocket()
+    const state = makeState()
+    const sessionMap = new Map([['session-1', state]])
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 28_000, outputTokens: 0 })
+    buildDbHistoryMock.mockResolvedValue([
+      { role: 'user', content: 'very large old context' },
+      { role: 'assistant', content: 'large old response' },
+      { role: 'user', content: 'hello' },
+    ])
+    buildSnapshotAwareHistoryMock.mockResolvedValue([
+      { role: 'user', content: '[Previous context summary]\n\nsmall summary' },
+      { role: 'user', content: 'hello' },
+    ])
+    estimateUsageTokensFromMessagesMock.mockImplementation((messages: any[]) => {
+      if (messages?.[0]?.content?.includes('small summary')) {
+        return { inputTokens: 9_000, outputTokens: 0 }
+      }
+      return { inputTokens: 28_000, outputTokens: 0 }
+    })
+    const bridge = {
+      chat: vi.fn().mockResolvedValue({ run_id: 'run-1', status: 'started' }),
+      contextEstimate: vi.fn(),
+      streamOutput: vi.fn(async function* () {
+        yield {
+          run_id: 'run-1',
+          done: false,
+          status: 'running',
+          events: [{
+            event: 'bridge.context.ready',
+            fixed_context_tokens: 10_000,
+            system_prompt_tokens: 2_000,
+            tool_tokens: 8_000,
+          }],
+        }
+        yield { run_id: 'run-1', done: true, status: 'completed', output: 'done' }
+      }),
+    } as any
+
+    const { handleBridgeRun } = await import('../../packages/server/src/services/hermes/run-chat/handle-bridge-run')
+    await handleBridgeRun(
+      nsp,
+      socket,
+      { input: 'hello', session_id: 'session-1' },
+      'default',
+      sessionMap,
+      bridge,
+      false,
+      vi.fn(),
+      vi.fn(),
+    )
+
+    expect(updateMessageContextTokenUsageMock).toHaveBeenCalledWith(
+      'session-1',
+      state,
+      expect.any(Function),
+      9_000,
+      { inputTokens: 28_000, outputTokens: 0 },
+    )
+    expect(updateMessageContextTokenUsageMock).not.toHaveBeenCalledWith(
+      'session-1',
+      state,
+      expect.any(Function),
+      28_000,
+      { inputTokens: 28_000, outputTokens: 0 },
+    )
+    expect(state.contextTokens).toBe(19_000)
+    expect(emit).toHaveBeenCalledWith('run.completed', expect.objectContaining({
+      contextTokens: 19_000,
+    }))
+  })
+
+  it('persists pending tool marker text before a bridge run completes', async () => {
+    const emit = vi.fn()
+    const nsp = makeNamespace(emit)
+    const socket = makeSocket()
+    const state = makeState()
+    const persistedContent: string[] = []
+    flushBridgePendingToDbMock.mockImplementation((targetState: any) => {
+      persistedContent.push(targetState.bridgePendingAssistantContent || '')
+      targetState.bridgePendingAssistantContent = ''
+    })
+    ensureOpenBridgeAssistantMessageMock.mockImplementation((targetState: any, sessionId: string, runMarker: string) => {
+      let message = [...targetState.messages].reverse().find((m: any) => m.runMarker === runMarker && m.role === 'assistant' && m.finish_reason == null)
+      if (!message) {
+        message = {
+          id: targetState.messages.length + 1,
+          session_id: sessionId,
+          runMarker,
+          role: 'assistant',
+          content: '',
+          timestamp: Math.floor(Date.now() / 1000),
+        }
+        targetState.messages.push(message)
+      }
+      return message
+    })
+    const sessionMap = new Map([['session-1', state]])
+    const bridge = {
+      chat: vi.fn().mockResolvedValue({ run_id: 'run-1', status: 'started' }),
+      contextEstimate: vi.fn().mockResolvedValue({
+        token_count: 12345,
+        message_count: 2,
+        tool_count: 4,
+        system_prompt_chars: 13,
+      }),
+      streamOutput: vi.fn(async function* () {
+        yield { run_id: 'run-1', done: false, status: 'running', delta: 'Text [Call', events: [] }
+        yield { run_id: 'run-1', done: true, status: 'completed', output: '', events: [] }
+      }),
+    } as any
+
+    const { handleBridgeRun } = await import('../../packages/server/src/services/hermes/run-chat/handle-bridge-run')
+    await handleBridgeRun(
+      nsp,
+      socket,
+      { input: 'hello', session_id: 'session-1' },
+      'default',
+      sessionMap,
+      bridge,
+      false,
+      vi.fn(),
+      vi.fn(),
+    )
+
+    expect(persistedContent).toContain('Text [Call')
+    expect(emit).toHaveBeenCalledWith('message.delta', expect.objectContaining({
+      delta: 'Text ',
+      output: 'Text ',
+    }))
+    expect(emit).toHaveBeenCalledWith('message.delta', expect.objectContaining({
+      delta: '[Call',
+      output: 'Text [Call',
+    }))
+    expect(emit).toHaveBeenCalledWith('run.completed', expect.objectContaining({
+      output: 'Text [Call',
+    }))
+  })
+
+  it('persists the visible plan command instead of the expanded skill prompt', async () => {
+    const emit = vi.fn()
+    const nsp = makeNamespace(emit)
+    const socket = makeSocket()
+    const state = makeState()
+    const sessionMap = new Map([['session-1', state]])
+    const bridge = {
+      chat: vi.fn().mockResolvedValue({ run_id: 'run-1', status: 'started' }),
+      contextEstimate: vi.fn().mockResolvedValue({
+        token_count: 12345,
+        message_count: 2,
+        tool_count: 4,
+        system_prompt_chars: 13,
+      }),
+      streamOutput: vi.fn(async function* () {
+        yield { run_id: 'run-1', done: true, status: 'completed', output: 'planned' }
+      }),
+    } as any
+
+    const { handleBridgeRun } = await import('../../packages/server/src/services/hermes/run-chat/handle-bridge-run')
+    await handleBridgeRun(
+      nsp,
+      socket,
+      {
+        input: '[IMPORTANT: expanded plan skill prompt]',
+        display_input: '/plan build the feature',
+        display_role: 'command',
+        storage_message: '/plan build the feature',
+        session_id: 'session-1',
+      },
+      'default',
+      sessionMap,
+      bridge,
+      false,
+      vi.fn(),
+      vi.fn(),
+    )
+
+    expect(state.messages.find((message: any) => message.role === 'command')).toEqual(expect.objectContaining({
+      role: 'command',
+      content: '/plan build the feature',
+    }))
+    expect(addMessageMock).toHaveBeenCalledWith(expect.objectContaining({
+      role: 'command',
+      content: '/plan build the feature',
+    }))
+    expect(addMessageMock).not.toHaveBeenCalledWith(expect.objectContaining({
+      role: 'user',
+      content: '[IMPORTANT: expanded plan skill prompt]',
+    }))
+    expect(bridge.chat).toHaveBeenCalledWith(
+      'session-1',
+      '[IMPORTANT: expanded plan skill prompt]',
+      expect.any(Array),
+      expect.any(String),
+      'default',
+      expect.objectContaining({ storage_message: '/plan build the feature' }),
+    )
+  })
+
+  it('refreshes full context tokens when a bridge run fails', async () => {
+    const emit = vi.fn()
+    const nsp = makeNamespace(emit)
+    const socket = makeSocket()
+    const state = makeState()
+    const sessionMap = new Map([['session-1', state]])
+    const bridge = {
+      chat: vi.fn().mockRejectedValue(new Error('bridge timeout')),
+      contextEstimate: vi.fn().mockResolvedValue({
+        token_count: 54321,
+        fixed_context_tokens: 54303,
+        message_count: 1,
+        tool_count: 4,
+        system_prompt_chars: 13,
+      }),
+      streamOutput: vi.fn(),
+    } as any
+
+    const { handleBridgeRun } = await import('../../packages/server/src/services/hermes/run-chat/handle-bridge-run')
+    await handleBridgeRun(
+      nsp,
+      socket,
+      { input: 'hello', session_id: 'session-1' },
+      'default',
+      sessionMap,
+      bridge,
+      false,
+      vi.fn(),
+      vi.fn(),
+    )
+
+    expect(state.contextTokens).toBe(54321)
+    expect(emit).toHaveBeenCalledWith('usage.updated', expect.objectContaining({
+      inputTokens: 11,
+      outputTokens: 7,
+      contextTokens: 54321,
+    }))
+    expect(emit).toHaveBeenCalledWith('run.failed', expect.objectContaining({
+      error: 'bridge timeout',
+      inputTokens: 11,
+      outputTokens: 7,
+      contextTokens: 54321,
+    }))
+  })
+
+  it('emits bridge lifecycle status events so retries are visible', async () => {
+    const emit = vi.fn()
+    const nsp = makeNamespace(emit)
+    const socket = makeSocket()
+    const state = makeState()
+    const sessionMap = new Map([['session-1', state]])
+    const bridge = {
+      chat: vi.fn().mockResolvedValue({ run_id: 'run-1', status: 'started' }),
+      contextEstimate: vi.fn().mockResolvedValue({
+        token_count: 12345,
+        message_count: 2,
+        tool_count: 4,
+        system_prompt_chars: 13,
+      }),
+      streamOutput: vi.fn(async function* () {
+        yield {
+          run_id: 'run-1',
+          done: false,
+          status: 'running',
+          events: [
+            { event: 'status', kind: 'lifecycle', text: 'Retrying in 3.0s (attempt 1/3)...' },
+          ],
+        }
+        yield { run_id: 'run-1', done: true, status: 'completed', output: 'done' }
+      }),
+    } as any
+
+    const { handleBridgeRun } = await import('../../packages/server/src/services/hermes/run-chat/handle-bridge-run')
+    await handleBridgeRun(
+      nsp,
+      socket,
+      { input: 'hello', session_id: 'session-1' },
+      'default',
+      sessionMap,
+      bridge,
+      false,
+      vi.fn(),
+      vi.fn(),
+    )
+
+    expect(replaceStateMock).toHaveBeenCalledWith(sessionMap, 'session-1', 'agent.event', expect.objectContaining({
+      event: 'agent.event',
+      kind: 'lifecycle',
+      text: 'Retrying in 3.0s (attempt 1/3)...',
+    }))
+    expect(emit).toHaveBeenCalledWith('agent.event', expect.objectContaining({
+      event: 'agent.event',
+      kind: 'lifecycle',
+      text: 'Retrying in 3.0s (attempt 1/3)...',
+    }))
+  })
+})
diff --git a/tests/server/run-chat-bridge-terminal-error.test.ts b/tests/server/run-chat-bridge-terminal-error.test.ts
new file mode 100644
index 0000000..465c74c
--- /dev/null
+++ b/tests/server/run-chat-bridge-terminal-error.test.ts
@@ -0,0 +1,71 @@
+import { describe, expect, it } from 'vitest'
+
+import { bridgeTerminalError } from '../../packages/server/src/services/hermes/run-chat/handle-bridge-run'
+
+describe('bridge terminal error detection', () => {
+  it('uses bridge status errors directly', () => {
+    expect(bridgeTerminalError({
+      status: 'error',
+      error: 'bridge crashed',
+      result: null,
+    } as any)).toBe('bridge crashed')
+  })
+
+  it('surfaces agent result failure flags as run failures', () => {
+    expect(bridgeTerminalError({
+      status: 'complete',
+      error: undefined,
+      result: {
+        failed: true,
+        completed: false,
+        error: 'API call failed after 3 retries. HTTP 503: no available channel',
+        final_response: 'API call failed after 3 retries. HTTP 503: no available channel',
+      },
+    } as any)).toBe('API call failed after 3 retries. HTTP 503: no available channel')
+  })
+
+  it('falls back to final_response for failed results without an error field', () => {
+    expect(bridgeTerminalError({
+      status: 'complete',
+      result: {
+        completed: false,
+        final_response: 'API call failed after 3 retries: timeout',
+      },
+    } as any)).toBe('API call failed after 3 retries: timeout')
+  })
+
+  it('surfaces HTTP auth/provider errors even when failure flags are missing', () => {
+    expect(bridgeTerminalError({
+      status: 'complete',
+      result: {
+        final_response: 'API call failed after 3 retries. HTTP 403: forbidden',
+      },
+    } as any)).toBe('API call failed after 3 retries. HTTP 403: forbidden')
+
+    expect(bridgeTerminalError({
+      status: 'complete',
+      result: {
+        error: 'HTTP 401: unauthorized',
+      },
+    } as any)).toBe('HTTP 401: unauthorized')
+  })
+
+  it('surfaces generic provider result errors even without failed flags', () => {
+    expect(bridgeTerminalError({
+      status: 'complete',
+      result: {
+        error: '分组 subrouter 下模型 test 无可用渠道（distributor）',
+      },
+    } as any)).toBe('分组 subrouter 下模型 test 无可用渠道（distributor）')
+  })
+
+  it('does not flag successful complete results', () => {
+    expect(bridgeTerminalError({
+      status: 'complete',
+      result: {
+        completed: true,
+        final_response: 'done',
+      },
+    } as any)).toBeNull()
+  })
+})
diff --git a/tests/server/run-chat-clarify-respond.test.ts b/tests/server/run-chat-clarify-respond.test.ts
new file mode 100644
index 0000000..aec83fb
--- /dev/null
+++ b/tests/server/run-chat-clarify-respond.test.ts
@@ -0,0 +1,162 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const bridgeMock = vi.hoisted(() => ({
+  clarifyRespond: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/agent-bridge', () => ({
+  AgentBridgeClient: vi.fn(() => bridgeMock),
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+  },
+}))
+
+vi.mock('../../packages/server/src/db/hermes/session-store', () => ({
+  getSession: vi.fn(() => null),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileName: vi.fn(() => 'default'),
+  getProfileDir: vi.fn(() => '/tmp/hermes-default'),
+  listProfileNamesFromDisk: vi.fn(() => ['default']),
+}))
+
+vi.mock('../../packages/server/src/middleware/user-auth', () => ({
+  authenticateUserToken: vi.fn(),
+  isAuthEnabled: vi.fn(async () => false),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/users-store', () => ({
+  userCanAccessProfile: vi.fn(() => true),
+}))
+
+function createSocketHarness() {
+  const handlers = new Map<string, Function>()
+  const namespaceEmit = vi.fn()
+  const namespace = {
+    adapter: { rooms: new Map([['session:session-1', new Set(['socket-1'])]]) },
+    to: vi.fn(() => ({ emit: namespaceEmit })),
+    use: vi.fn(),
+    on: vi.fn(),
+  }
+  const io = {
+    of: vi.fn(() => namespace),
+  }
+  const socket = {
+    id: 'socket-1',
+    connected: true,
+    data: {},
+    handshake: { auth: {}, query: { profile: 'default' } },
+    on: vi.fn((event: string, handler: Function) => {
+      handlers.set(event, handler)
+    }),
+    join: vi.fn(),
+    emit: vi.fn(),
+  }
+  return { handlers, io, namespace, namespaceEmit, socket }
+}
+
+describe('ChatRunSocket clarify responses', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    bridgeMock.clarifyRespond.mockReset()
+  })
+
+  it('forwards clarify.respond events to the bridge and emits clarify.resolved', async () => {
+    bridgeMock.clarifyRespond.mockResolvedValue({ ok: true, resolved: true })
+    const { ChatRunSocket } = await import('../../packages/server/src/services/hermes/run-chat')
+    const { handlers, io, namespace, namespaceEmit, socket } = createSocketHarness()
+    const server = new ChatRunSocket(io as any)
+
+    ;(server as any).onConnection(socket)
+    await handlers.get('clarify.respond')?.({
+      session_id: 'session-1',
+      clarify_id: 'clarify-1',
+      response: 'Use option A',
+    })
+
+    expect(bridgeMock.clarifyRespond).toHaveBeenCalledWith('clarify-1', 'Use option A')
+    expect(namespace.to).toHaveBeenCalledWith('session:session-1')
+    expect(namespaceEmit).toHaveBeenCalledWith('clarify.resolved', {
+      event: 'clarify.resolved',
+      session_id: 'session-1',
+      clarify_id: 'clarify-1',
+      resolved: true,
+    })
+  })
+
+  it('does not replay answered clarify prompts when the session resumes', async () => {
+    bridgeMock.clarifyRespond.mockResolvedValue({ ok: true, resolved: true })
+    const { ChatRunSocket } = await import('../../packages/server/src/services/hermes/run-chat')
+    const { handlers, io, socket } = createSocketHarness()
+    const server = new ChatRunSocket(io as any)
+    const toolEvent = {
+      event: 'tool.started',
+      data: { event: 'tool.started', tool_call_id: 'tool-1' },
+    }
+    ;(server as any).sessionMap.set('session-1', {
+      messages: [],
+      isWorking: true,
+      events: [
+        {
+          event: 'clarify.requested',
+          data: {
+            event: 'clarify.requested',
+            clarify_id: 'clarify-1',
+            question: 'Pick one',
+          },
+        },
+        toolEvent,
+      ],
+      queue: [],
+    })
+
+    ;(server as any).onConnection(socket)
+    await handlers.get('clarify.respond')?.({
+      session_id: 'session-1',
+      clarify_id: 'clarify-1',
+      response: 'Use option A',
+    })
+    await handlers.get('resume')?.({ session_id: 'session-1' })
+
+    expect((server as any).sessionMap.get('session-1').events).toEqual([toolEvent])
+    expect(socket.emit).toHaveBeenCalledWith('resumed', expect.objectContaining({
+      session_id: 'session-1',
+      isWorking: true,
+      events: [toolEvent],
+    }))
+  })
+
+  it('emits an unresolved clarify result when the bridge rejects the response', async () => {
+    bridgeMock.clarifyRespond.mockRejectedValue(new Error('unknown clarify request'))
+    const { ChatRunSocket } = await import('../../packages/server/src/services/hermes/run-chat')
+    const { handlers, namespaceEmit, socket } = createSocketHarness()
+    const namespace = {
+      adapter: { rooms: new Map([['session:session-1', new Set(['socket-1'])]]) },
+      to: vi.fn(() => ({ emit: namespaceEmit })),
+      use: vi.fn(),
+      on: vi.fn(),
+    }
+    const server = new ChatRunSocket({ of: vi.fn(() => namespace) } as any)
+
+    ;(server as any).onConnection(socket)
+    await handlers.get('clarify.respond')?.({
+      session_id: 'session-1',
+      clarify_id: 'clarify-1',
+      response: 'Use option B',
+    })
+
+    expect(namespaceEmit).toHaveBeenCalledWith('clarify.resolved', {
+      event: 'clarify.resolved',
+      session_id: 'session-1',
+      clarify_id: 'clarify-1',
+      resolved: false,
+      error: 'unknown clarify request',
+    })
+  })
+})
diff --git a/tests/server/run-chat-compression.test.ts b/tests/server/run-chat-compression.test.ts
new file mode 100644
index 0000000..d613001
--- /dev/null
+++ b/tests/server/run-chat-compression.test.ts
@@ -0,0 +1,613 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const getSessionDetailMock = vi.fn()
+const getSessionMock = vi.fn()
+const getCompressionSnapshotMock = vi.fn()
+const getModelContextLengthMock = vi.fn()
+const calcAndUpdateUsageMock = vi.fn()
+const estimateUsageTokensFromMessagesMock = vi.fn()
+const updateMessageContextTokenUsageMock = vi.fn((sid: string, state: any, emit: any, messageTokens: number, usage?: { inputTokens: number; outputTokens: number }) => {
+  state.contextTokens = messageTokens
+  emit('usage.updated', {
+    event: 'usage.updated',
+    session_id: sid,
+    inputTokens: usage?.inputTokens ?? state.inputTokens ?? 0,
+    outputTokens: usage?.outputTokens ?? state.outputTokens ?? 0,
+    contextTokens: messageTokens,
+  })
+  return messageTokens
+})
+const compressorCompressMock = vi.fn()
+const readConfigYamlForProfileMock = vi.fn()
+const compressorConstructorMock = vi.fn()
+
+vi.mock('../../packages/server/src/db/hermes/session-store', () => ({
+  getSessionDetail: getSessionDetailMock,
+  getSession: getSessionMock,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/compression-snapshot', () => ({
+  getCompressionSnapshot: getCompressionSnapshotMock,
+}))
+
+vi.mock('../../packages/server/src/lib/context-compressor', () => ({
+  SUMMARY_PREFIX: '[Previous context summary]',
+  ChatContextCompressor: class {
+    constructor(opts?: any) {
+      compressorConstructorMock(opts)
+    }
+    compress = compressorCompressMock
+  },
+}))
+
+vi.mock('../../packages/server/src/services/hermes/model-context', () => ({
+  getModelContextLength: getModelContextLengthMock,
+}))
+
+vi.mock('../../packages/server/src/services/config-helpers', () => ({
+  readConfigYamlForProfile: readConfigYamlForProfileMock,
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn(),
+  },
+  bridgeLogger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn(),
+  },
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/usage', () => ({
+  calcAndUpdateUsage: calcAndUpdateUsageMock,
+  estimateUsageTokensFromMessages: estimateUsageTokensFromMessagesMock,
+  updateMessageContextTokenUsage: updateMessageContextTokenUsageMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/message-format', () => ({
+  isAssistantMessageSendable: vi.fn(() => true),
+}))
+
+describe('run chat compression trigger', () => {
+  beforeEach(() => {
+    getSessionDetailMock.mockReset()
+    getSessionMock.mockReset()
+    getCompressionSnapshotMock.mockReset()
+    getModelContextLengthMock.mockReset()
+    calcAndUpdateUsageMock.mockReset()
+    estimateUsageTokensFromMessagesMock.mockReset()
+    updateMessageContextTokenUsageMock.mockClear()
+    compressorCompressMock.mockReset()
+    compressorConstructorMock.mockReset()
+    readConfigYamlForProfileMock.mockReset()
+
+    getSessionMock.mockReturnValue({ id: 'session-1', profile: 'default' })
+    getModelContextLengthMock.mockReturnValue(256_000)
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 1_000, outputTokens: 0 })
+    estimateUsageTokensFromMessagesMock.mockReturnValue({ inputTokens: 0, outputTokens: 0 })
+    getCompressionSnapshotMock.mockReturnValue(null)
+    readConfigYamlForProfileMock.mockResolvedValue({})
+  })
+
+  it('does not compress long low-token history just because it has more than 150 messages', async () => {
+    const messages = Array.from({ length: 152 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 151 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `m${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    const history = await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      vi.fn(),
+      new Map(),
+    )
+
+    expect(history).toHaveLength(151)
+    expect(history[0]).toEqual({ role: 'user', content: 'm0' })
+    expect(history.at(-1)).toEqual({ role: 'user', content: 'm150' })
+    expect(compressorCompressMock).not.toHaveBeenCalled()
+  })
+
+  it('uses configured threshold before triggering compression', async () => {
+    const messages = Array.from({ length: 10 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 9 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    readConfigYamlForProfileMock.mockResolvedValue({
+      compression: { threshold: 0.25, target_ratio: 0.1, protect_last_n: 7, protect_first_n: 2 },
+    })
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 70_000, outputTokens: 0 })
+    compressorCompressMock.mockResolvedValue({
+      messages: [{ role: 'user', content: 'compressed' }],
+      meta: {
+        compressed: true,
+        llmCompressed: true,
+        totalMessages: 9,
+        summaryTokenEstimate: 1,
+        verbatimCount: 0,
+        compressedStartIndex: 0,
+      },
+    })
+
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    const history = await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      vi.fn(),
+      new Map(),
+    )
+
+    expect(history).toEqual([{ role: 'user', content: 'compressed' }])
+    expect(compressorCompressMock).toHaveBeenCalledWith(
+      expect.any(Array),
+      'http://upstream',
+      undefined,
+      'session-1',
+      expect.objectContaining({ profile: 'default' }),
+    )
+  })
+
+  it('uses local context estimates for compression threshold decisions', async () => {
+    const messages = Array.from({ length: 10 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 9 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 1_000, outputTokens: 0 })
+    compressorCompressMock.mockResolvedValue({
+      messages: [{ role: 'user', content: 'compressed by local context estimate' }],
+      meta: {
+        compressed: true,
+        llmCompressed: true,
+        totalMessages: 9,
+        summaryTokenEstimate: 1,
+        verbatimCount: 0,
+        compressedStartIndex: 0,
+      },
+    })
+
+    const emit = vi.fn()
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    const history = await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      emit,
+      new Map(),
+      {},
+      vi.fn(async () => 160_000),
+    )
+
+    expect(history).toEqual([{ role: 'user', content: 'compressed by local context estimate' }])
+    expect(compressorCompressMock).toHaveBeenCalledTimes(1)
+    expect(updateMessageContextTokenUsageMock).toHaveBeenCalledWith(
+      'session-1',
+      expect.any(Object),
+      emit,
+      1_000,
+      { inputTokens: 1_000, outputTokens: 0 },
+    )
+  })
+
+  it('emits local context token usage when the local estimate is under threshold', async () => {
+    const messages = Array.from({ length: 10 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 9 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 1_000, outputTokens: 900 })
+    const emit = vi.fn()
+    const contextTokenEstimator = vi.fn(async () => 19_379)
+
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    const history = await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      emit,
+      new Map(),
+      {},
+      contextTokenEstimator,
+    )
+
+    expect(history).toHaveLength(9)
+    expect(contextTokenEstimator).toHaveBeenCalledWith(
+      expect.arrayContaining([{ role: 'user', content: 'message 0' }]),
+      1_900,
+    )
+    expect(emit).toHaveBeenCalledWith('usage.updated', expect.objectContaining({
+      event: 'usage.updated',
+      session_id: 'session-1',
+      inputTokens: 1_000,
+      outputTokens: 900,
+      contextTokens: 19_379,
+    }))
+    expect(compressorCompressMock).not.toHaveBeenCalled()
+  })
+
+  it('includes current input tokens when estimating snapshot-aware context', async () => {
+    const messages = Array.from({ length: 10 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 9 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'previous summary',
+      lastMessageIndex: 4,
+      messageCountAtTime: 5,
+    })
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 10, outputTokens: 0 })
+    estimateUsageTokensFromMessagesMock.mockReturnValue({ inputTokens: 1_000, outputTokens: 0 })
+    const emit = vi.fn()
+    const contextTokenEstimator = vi.fn(async (_messages, messageTokens: number) => 20_000 + messageTokens)
+
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      emit,
+      new Map(),
+      {},
+      contextTokenEstimator,
+      700,
+    )
+
+    expect(contextTokenEstimator).toHaveBeenCalledWith(expect.any(Array), 1_700)
+    expect(emit).toHaveBeenCalledWith('usage.updated', expect.objectContaining({
+      contextTokens: 21_700,
+    }))
+    expect(compressorCompressMock).not.toHaveBeenCalled()
+  })
+
+  it('keeps current input tokens in the compression completed context total', async () => {
+    const messages = Array.from({ length: 10 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 9 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 100, outputTokens: 0 })
+    estimateUsageTokensFromMessagesMock.mockImplementation((items: any[]) => {
+      if (items?.[0]?.content === 'compressed result') return { inputTokens: 1_000, outputTokens: 0 }
+      return { inputTokens: 100, outputTokens: 0 }
+    })
+    compressorCompressMock.mockResolvedValue({
+      messages: [{ role: 'user', content: 'compressed result' }],
+      meta: {
+        compressed: true,
+        llmCompressed: true,
+        totalMessages: 9,
+        summaryTokenEstimate: 1,
+        verbatimCount: 0,
+        compressedStartIndex: 0,
+      },
+    })
+    const emit = vi.fn()
+
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      emit,
+      new Map(),
+      {},
+      vi.fn(async () => 160_000),
+      700,
+    )
+
+    expect(updateMessageContextTokenUsageMock).toHaveBeenCalledWith(
+      'session-1',
+      expect.any(Object),
+      emit,
+      1_700,
+      { inputTokens: 100, outputTokens: 0 },
+    )
+    expect(emit).toHaveBeenCalledWith('compression.completed', expect.objectContaining({
+      afterTokens: 1_700,
+      contextTokens: 1_700,
+    }))
+  })
+
+  it('throws when fixed prompt and tool schemas exceed threshold before any history exists', async () => {
+    getSessionDetailMock.mockReturnValue({ messages: [] })
+    const emit = vi.fn()
+
+    const { buildCompressedHistory, ContextWindowTooSmallError } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+
+    await expect(buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      emit,
+      new Map(),
+      {},
+      vi.fn(async () => 160_000),
+    )).rejects.toBeInstanceOf(ContextWindowTooSmallError)
+
+    expect(emit).not.toHaveBeenCalledWith('usage.updated', expect.anything())
+    expect(compressorCompressMock).not.toHaveBeenCalled()
+  })
+
+  it('throws instead of compressing when full context is over threshold but history is too short', async () => {
+    const messages = Array.from({ length: 5 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 4 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 1_000, outputTokens: 0 })
+
+    const { buildCompressedHistory, ContextWindowTooSmallError } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+
+    await expect(buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      vi.fn(),
+      new Map(),
+      {},
+      vi.fn(async () => 160_000),
+    )).rejects.toBeInstanceOf(ContextWindowTooSmallError)
+
+    expect(compressorCompressMock).not.toHaveBeenCalled()
+  })
+
+  it('merges partial compression config with defaults', async () => {
+    const messages = Array.from({ length: 10 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 9 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    readConfigYamlForProfileMock.mockResolvedValue({
+      compression: { protect_last_n: 5 },
+    })
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 160_000, outputTokens: 0 })
+    compressorCompressMock.mockResolvedValue({
+      messages: [{ role: 'user', content: 'compressed' }],
+      meta: {
+        compressed: true,
+        llmCompressed: true,
+        totalMessages: 9,
+        summaryTokenEstimate: 1,
+        verbatimCount: 0,
+        compressedStartIndex: 0,
+      },
+    })
+
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      vi.fn(),
+      new Map(),
+    )
+
+    expect(compressorConstructorMock).toHaveBeenCalledWith({
+      config: {
+        triggerTokens: 128_000,
+        summaryBudget: 51_200,
+        headMessageCount: 3,
+        tailMessageCount: 5,
+      },
+    })
+    expect(compressorCompressMock).toHaveBeenCalledTimes(1)
+  })
+
+  it('uses stale snapshot summary plus safe tail instead of full history when under threshold', async () => {
+    const messages = Array.from({ length: 10 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 9 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'old summary',
+      lastMessageIndex: 99,
+      messageCountAtTime: 100,
+    })
+    readConfigYamlForProfileMock.mockResolvedValue({
+      compression: { protect_first_n: 2, protect_last_n: 3 },
+    })
+    estimateUsageTokensFromMessagesMock.mockReturnValue({ inputTokens: 1_000, outputTokens: 0 })
+
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    const history = await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      vi.fn(),
+      new Map(),
+    )
+
+    expect(history.map(m => m.content)).toEqual([
+      'message 0',
+      'message 1',
+      '[Previous context summary]\n\nold summary',
+      'message 6',
+      'message 7',
+      'message 8',
+    ])
+    expect(compressorCompressMock).not.toHaveBeenCalled()
+  })
+
+  it('compresses stale snapshot safe tail instead of full history when stale assembly exceeds threshold', async () => {
+    const messages = Array.from({ length: 10 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 9 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'old summary',
+      lastMessageIndex: 99,
+      messageCountAtTime: 100,
+    })
+    readConfigYamlForProfileMock.mockResolvedValue({
+      compression: { protect_first_n: 2, protect_last_n: 3 },
+    })
+    estimateUsageTokensFromMessagesMock.mockReturnValue({ inputTokens: 160_000, outputTokens: 0 })
+    compressorCompressMock.mockResolvedValue({
+      messages: [{ role: 'user', content: 'updated stale compressed' }],
+      meta: {
+        compressed: true,
+        llmCompressed: true,
+        totalMessages: 9,
+        summaryTokenEstimate: 1,
+        verbatimCount: 0,
+        compressedStartIndex: 8,
+      },
+    })
+
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    const history = await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      vi.fn(),
+      new Map(),
+    )
+
+    expect(history).toEqual([{ role: 'user', content: 'updated stale compressed' }])
+    expect(compressorCompressMock).toHaveBeenCalledWith(
+      expect.arrayContaining([{ role: 'user', content: 'message 0' }]),
+      'http://upstream',
+      undefined,
+      'session-1',
+      expect.objectContaining({ profile: 'default' }),
+    )
+  })
+
+  it('does not compress when compression is disabled', async () => {
+    const messages = Array.from({ length: 10 }, (_, index) => ({
+      id: index + 1,
+      session_id: 'session-1',
+      role: index === 9 ? 'user' : index % 2 === 0 ? 'user' : 'assistant',
+      content: `message ${index}`,
+      timestamp: index + 1,
+      tool_call_id: null,
+      tool_calls: null,
+      tool_name: null,
+      finish_reason: null,
+      reasoning_content: null,
+    }))
+    getSessionDetailMock.mockReturnValue({ messages })
+    readConfigYamlForProfileMock.mockResolvedValue({
+      compression: { enabled: false, threshold: 0.01 },
+    })
+    calcAndUpdateUsageMock.mockResolvedValue({ inputTokens: 180_000, outputTokens: 0 })
+
+    const { buildCompressedHistory } = await import('../../packages/server/src/services/hermes/run-chat/compression')
+    const history = await buildCompressedHistory(
+      'session-1',
+      'default',
+      'http://upstream',
+      undefined,
+      vi.fn(),
+      new Map(),
+    )
+
+    expect(history).toHaveLength(9)
+    expect(compressorCompressMock).not.toHaveBeenCalled()
+    expect(calcAndUpdateUsageMock).not.toHaveBeenCalled()
+  })
+})
diff --git a/tests/server/run-chat-content-blocks.test.ts b/tests/server/run-chat-content-blocks.test.ts
new file mode 100644
index 0000000..8503030
--- /dev/null
+++ b/tests/server/run-chat-content-blocks.test.ts
@@ -0,0 +1,52 @@
+import { mkdtemp, rm, writeFile } from 'fs/promises'
+import { join } from 'path'
+import { tmpdir } from 'os'
+import { afterEach, beforeEach, describe, expect, it } from 'vitest'
+import { convertContentBlocks, convertContentBlocksForAgent } from '../../packages/server/src/services/hermes/run-chat/content-blocks'
+
+let tempDir = ''
+
+describe('run chat content blocks', () => {
+  beforeEach(async () => {
+    tempDir = await mkdtemp(join(tmpdir(), 'hermes-content-blocks-'))
+  })
+
+  afterEach(async () => {
+    if (tempDir) await rm(tempDir, { recursive: true, force: true })
+  })
+
+  it('keeps API image conversion as base64 input_image only', async () => {
+    const imagePath = join(tempDir, 'image.png')
+    await writeFile(imagePath, Buffer.from([1, 2, 3]))
+
+    const parts = await convertContentBlocks([
+      { type: 'text', text: 'animate this' },
+      { type: 'image', name: 'image.png', path: imagePath, media_type: 'image/png' },
+    ])
+
+    expect(parts).toHaveLength(2)
+    expect(parts[0]).toEqual({ type: 'input_text', text: 'animate this' })
+    expect(parts[1].type).toBe('input_image')
+    expect(parts[1].image_url).toMatch(/^data:image\/png;base64,/)
+    expect(JSON.stringify(parts)).not.toContain('Local image path for tools')
+  })
+
+  it('adds local file path text for bridge agents while preserving the image data', async () => {
+    const imagePath = join(tempDir, 'image.png')
+    await writeFile(imagePath, Buffer.from([1, 2, 3]))
+
+    const parts = await convertContentBlocksForAgent([
+      { type: 'text', text: 'animate this' },
+      { type: 'image', name: 'image.png', path: imagePath, media_type: 'image/png' },
+    ])
+
+    expect(parts).toHaveLength(3)
+    expect(parts[0]).toEqual({ type: 'text', text: 'animate this' })
+    expect(parts[1]).toEqual({
+      type: 'text',
+      text: `[Attached image: image.png]\nLocal image path for tools: ${imagePath}`,
+    })
+    expect(parts[2].type).toBe('image_url')
+    expect(parts[2].image_url?.url).toMatch(/^data:image\/png;base64,/)
+  })
+})
diff --git a/tests/server/run-chat-load-state.test.ts b/tests/server/run-chat-load-state.test.ts
new file mode 100644
index 0000000..0254783
--- /dev/null
+++ b/tests/server/run-chat-load-state.test.ts
@@ -0,0 +1,129 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const getSessionMock = vi.fn()
+const getSessionDetailPaginatedMock = vi.fn()
+const getCompressionSnapshotMock = vi.fn()
+const estimateUsageTokensFromMessagesMock = vi.fn()
+const buildDbHistoryMock = vi.fn()
+const buildSnapshotAwareHistoryMock = vi.fn()
+
+vi.mock('../../packages/server/src/db/hermes/session-store', () => ({
+  getSession: getSessionMock,
+  createSession: vi.fn(),
+  addMessage: vi.fn(),
+  updateSessionStats: vi.fn(),
+  getSessionDetailPaginated: getSessionDetailPaginatedMock,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/usage-store', () => ({
+  updateUsage: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/compression-snapshot', () => ({
+  getCompressionSnapshot: getCompressionSnapshotMock,
+}))
+
+vi.mock('../../packages/server/src/lib/context-compressor', () => ({
+  SUMMARY_PREFIX: '[Previous context summary]',
+  countTokens: vi.fn(() => 0),
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: { info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() },
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/compression', () => ({
+  buildCompressedHistory: vi.fn(),
+  buildDbHistory: buildDbHistoryMock,
+  buildSnapshotAwareHistory: buildSnapshotAwareHistoryMock,
+  getOrCreateSession: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/usage', () => ({
+  calcAndUpdateUsage: vi.fn(),
+  estimateUsageTokensFromMessages: estimateUsageTokensFromMessagesMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/message-format', () => ({
+  convertHistoryFormat: vi.fn((messages: any[]) => messages),
+  handleMessage: vi.fn((messages: any[]) => messages),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/content-blocks', () => ({
+  contentBlocksToString: vi.fn((value: any) => String(value || '')),
+  extractTextForPreview: vi.fn((value: any) => String(value || '')),
+  isContentBlockArray: vi.fn(() => false),
+  convertContentBlocks: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/lib/llm-prompt', () => ({
+  getSystemPrompt: vi.fn(() => 'system prompt'),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/sse-utils', () => ({
+  readSseFrames: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/response-utils', () => ({
+  extractResponseText: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/response-stream', () => ({
+  applyResponseStreamEvent: vi.fn(),
+  flushResponseRunToDb: vi.fn(),
+}))
+
+describe('loadSessionStateFromDb', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    getSessionMock.mockReturnValue({
+      id: 'session-1',
+      profile: 'default',
+      model: 'gpt-test',
+      provider: 'openai',
+    })
+    getSessionDetailPaginatedMock.mockReturnValue({
+      messages: [
+        { role: 'user', content: 'old large context' },
+        { role: 'assistant', content: 'old large answer' },
+        { role: 'user', content: 'new tail' },
+      ],
+    })
+    getCompressionSnapshotMock.mockReturnValue({
+      summary: 'small summary',
+      lastMessageIndex: 0,
+      messageCountAtTime: 1,
+    })
+    buildDbHistoryMock.mockResolvedValue([
+      { role: 'user', content: 'old large context' },
+      { role: 'assistant', content: 'old large answer' },
+      { role: 'user', content: 'new tail' },
+    ])
+    buildSnapshotAwareHistoryMock.mockResolvedValue([
+      { role: 'user', content: '[Previous context summary]\n\nsmall summary' },
+      { role: 'user', content: 'new tail' },
+    ])
+    estimateUsageTokensFromMessagesMock.mockImplementation((messages: any[]) => {
+      if (messages?.[0]?.content?.includes('small summary')) {
+        return { inputTokens: 9_000, outputTokens: 0 }
+      }
+      return { inputTokens: 28_000, outputTokens: 0 }
+    })
+  })
+
+  it('hydrates contextTokens from the same snapshot-aware history used for bridge runs', async () => {
+    const { loadSessionStateFromDb } = await import('../../packages/server/src/services/hermes/run-chat/handle-api-run')
+
+    const state = await loadSessionStateFromDb('session-1', new Map())
+
+    expect(buildSnapshotAwareHistoryMock).toHaveBeenCalledWith(
+      'session-1',
+      'default',
+      expect.any(Array),
+      { model: 'gpt-test', provider: 'openai' },
+    )
+    expect(state.inputTokens).toBe(28_000)
+    expect(state.outputTokens).toBe(0)
+    expect(state.contextTokens).toBe(9_000)
+  })
+})
diff --git a/tests/server/run-chat-message-format.test.ts b/tests/server/run-chat-message-format.test.ts
new file mode 100644
index 0000000..d26f8cc
--- /dev/null
+++ b/tests/server/run-chat-message-format.test.ts
@@ -0,0 +1,70 @@
+import { describe, expect, it, vi } from 'vitest'
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+  },
+}))
+
+import {
+  convertHistoryFormat,
+  handleMessage,
+  isAssistantMessageSendable,
+} from '../../packages/server/src/services/hermes/run-chat/message-format'
+import type { SessionMessage } from '../../packages/server/src/services/hermes/run-chat/types'
+
+describe('run-chat message formatting', () => {
+  it('drops empty assistant history messages without tool calls', () => {
+    const formatted = convertHistoryFormat([
+      { role: 'user', content: 'run a command' },
+      { role: 'assistant', content: '' },
+      { role: 'user', content: 'next turn' },
+    ])
+
+    expect(formatted).toEqual([
+      { role: 'user', content: 'run a command' },
+      { role: 'user', content: 'next turn' },
+    ])
+  })
+
+  it('converts empty assistant tool-call history messages to non-empty text', () => {
+    const toolCalls = [{
+      id: 'call_1',
+      type: 'function',
+      function: { name: 'terminal', arguments: '{}' },
+    }]
+    const formatted = convertHistoryFormat([
+      { role: 'assistant', content: '', tool_calls: toolCalls },
+    ])
+
+    expect(formatted).toEqual([
+      { role: 'assistant', content: '[Calling tool: terminal with arguments: {}]' },
+    ])
+  })
+
+  it('drops stale empty assistant messages loaded from the session database', () => {
+    const messages: SessionMessage[] = [
+      { id: 1, session_id: 's1', role: 'user', content: 'first', timestamp: 1 },
+      { id: 2, session_id: 's1', role: 'assistant', content: '', timestamp: 2 },
+      { id: 3, session_id: 's1', role: 'assistant', content: 'done', timestamp: 3 },
+    ]
+
+    expect(handleMessage(messages, 's1').map(m => ({ role: m.role, content: m.content }))).toEqual([
+      { role: 'user', content: 'first' },
+      { role: 'assistant', content: 'done' },
+    ])
+  })
+
+  it('treats assistant tool-call messages as sendable even with empty text', () => {
+    expect(isAssistantMessageSendable({
+      content: '',
+      tool_calls: [{
+        id: 'call_1',
+        type: 'function',
+        function: { name: 'terminal', arguments: '{}' },
+      }],
+    })).toBe(true)
+    expect(isAssistantMessageSendable({ content: '' })).toBe(false)
+  })
+})
diff --git a/tests/server/run-chat-model-config.test.ts b/tests/server/run-chat-model-config.test.ts
new file mode 100644
index 0000000..70cd847
--- /dev/null
+++ b/tests/server/run-chat-model-config.test.ts
@@ -0,0 +1,76 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const readConfigYamlForProfileMock = vi.fn()
+
+vi.mock('../../packages/server/src/services/config-helpers', () => ({
+  readConfigYamlForProfile: readConfigYamlForProfileMock,
+}))
+
+describe('run chat model config', () => {
+  beforeEach(() => {
+    readConfigYamlForProfileMock.mockReset()
+    readConfigYamlForProfileMock.mockResolvedValue({
+      model: { default: 'default-model', provider: 'default-provider' },
+    })
+  })
+
+  it('uses the requested model for a new bridge session before falling back to profile default', async () => {
+    const { resolveBridgeRunModelConfig } = await import('../../packages/server/src/services/hermes/run-chat/model-config')
+
+    const result = await resolveBridgeRunModelConfig({
+      profile: 'default',
+      requestedModel: 'gpt-5.2',
+      requestedProvider: 'openai',
+      modelGroups: [{ provider: 'openai', models: ['gpt-5.2'] }],
+    })
+
+    expect(result).toEqual({ model: 'gpt-5.2', provider: 'openai' })
+    expect(readConfigYamlForProfileMock).not.toHaveBeenCalled()
+  })
+
+  it('keeps an existing session model ahead of a requested model', async () => {
+    const { resolveBridgeRunModelConfig } = await import('../../packages/server/src/services/hermes/run-chat/model-config')
+
+    const result = await resolveBridgeRunModelConfig({
+      profile: 'default',
+      sessionModel: 'claude-sonnet-4.5',
+      sessionProvider: 'anthropic',
+      requestedModel: 'gpt-5.2',
+      requestedProvider: 'openai',
+      modelGroups: [
+        { provider: 'anthropic', models: ['claude-sonnet-4.5'] },
+        { provider: 'openai', models: ['gpt-5.2'] },
+      ],
+    })
+
+    expect(result).toEqual({ model: 'claude-sonnet-4.5', provider: 'anthropic' })
+    expect(readConfigYamlForProfileMock).not.toHaveBeenCalled()
+  })
+
+  it('keeps an explicit model when no model group list is available', async () => {
+    const { resolveBridgeRunModelConfig } = await import('../../packages/server/src/services/hermes/run-chat/model-config')
+
+    const result = await resolveBridgeRunModelConfig({
+      profile: 'default',
+      requestedModel: 'gpt-5.5',
+      requestedProvider: 'custom',
+    })
+
+    expect(result).toEqual({ model: 'gpt-5.5', provider: 'custom' })
+    expect(readConfigYamlForProfileMock).not.toHaveBeenCalled()
+  })
+
+  it('falls back to the profile default when the candidate model is unavailable', async () => {
+    const { resolveBridgeRunModelConfig } = await import('../../packages/server/src/services/hermes/run-chat/model-config')
+
+    const result = await resolveBridgeRunModelConfig({
+      profile: 'default',
+      requestedModel: 'missing-model',
+      requestedProvider: 'openai',
+      modelGroups: [{ provider: 'openai', models: ['gpt-5.2'] }],
+    })
+
+    expect(result).toEqual({ model: 'default-model', provider: 'default-provider' })
+    expect(readConfigYamlForProfileMock).toHaveBeenCalledWith('default')
+  })
+})
diff --git a/tests/server/run-chat-queued-item.test.ts b/tests/server/run-chat-queued-item.test.ts
new file mode 100644
index 0000000..ef0b5ac
--- /dev/null
+++ b/tests/server/run-chat-queued-item.test.ts
@@ -0,0 +1,128 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const handleBridgeRunMock = vi.hoisted(() => vi.fn(async () => {}))
+const handleApiRunMock = vi.hoisted(() => vi.fn(async () => {}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/handle-bridge-run', () => ({
+  handleBridgeRun: handleBridgeRunMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/handle-api-run', () => ({
+  handleApiRun: handleApiRunMock,
+  loadSessionStateFromDb: vi.fn(),
+  resolveRunSource: vi.fn((source?: string) => source || 'cli'),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/session-command', () => ({
+  handleSessionCommand: vi.fn(),
+  isSessionCommand: vi.fn(() => false),
+  parseSessionCommand: vi.fn(() => null),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/agent-bridge', () => ({
+  AgentBridgeClient: vi.fn(() => ({})),
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: { info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() },
+}))
+
+vi.mock('../../packages/server/src/lib/llm-prompt', () => ({
+  getSystemPrompt: vi.fn(() => 'system prompt'),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/session-store', () => ({
+  getSession: vi.fn(() => ({ id: 'session-1', profile: 'default', source: 'cli' })),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileName: vi.fn(() => 'default'),
+  getProfileDir: vi.fn(() => '/tmp/hermes-default'),
+  listProfileNamesFromDisk: vi.fn(() => ['default']),
+}))
+
+vi.mock('../../packages/server/src/middleware/user-auth', () => ({
+  authenticateUserToken: vi.fn(),
+  isAuthEnabled: vi.fn(async () => false),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/users-store', () => ({
+  userCanAccessProfile: vi.fn(() => true),
+}))
+
+function makeServerHarness() {
+  const namespace = {
+    adapter: { rooms: new Map() },
+    to: vi.fn(() => ({ emit: vi.fn() })),
+    use: vi.fn(),
+    on: vi.fn(),
+  }
+  const io = { of: vi.fn(() => namespace) }
+  const socket = {
+    id: 'socket-1',
+    connected: true,
+    handshake: { auth: {}, query: { profile: 'default' } },
+    data: {},
+    emit: vi.fn(),
+    join: vi.fn(),
+    to: vi.fn(() => ({ emit: vi.fn() })),
+    on: vi.fn(),
+  }
+  return { io, namespace, socket }
+}
+
+describe('ChatRunSocket queued bridge runs', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('persists normal queued bridge messages when they are dequeued', async () => {
+    const { ChatRunSocket } = await import('../../packages/server/src/services/hermes/run-chat')
+    const { io, socket } = makeServerHarness()
+    const server = new ChatRunSocket(io as any)
+
+    ;(server as any).runQueuedItem(socket, 'session-1', {
+      queue_id: 'queue-normal',
+      input: 'queued follow-up',
+      source: 'cli',
+      profile: 'default',
+    }, 'default')
+
+    await vi.waitFor(() => expect(handleBridgeRunMock).toHaveBeenCalled())
+    const call = handleBridgeRunMock.mock.calls.at(-1)!
+    expect(call[2]).toEqual(expect.objectContaining({
+      input: 'queued follow-up',
+      display_input: undefined,
+      storage_message: undefined,
+      queue_id: 'queue-normal',
+    }))
+    expect(call[6]).toBe(false)
+  })
+
+  it('persists the visible plan command when dequeuing expanded plan command runs', async () => {
+    const { ChatRunSocket } = await import('../../packages/server/src/services/hermes/run-chat')
+    const { io, socket } = makeServerHarness()
+    const server = new ChatRunSocket(io as any)
+
+    ;(server as any).runQueuedItem(socket, 'session-1', {
+      queue_id: 'queue-plan',
+      input: '[IMPORTANT: expanded plan skill prompt]',
+      displayInput: '/plan build the feature',
+      displayRole: 'command',
+      storageMessage: '/plan build the feature',
+      source: 'cli',
+      profile: 'default',
+    }, 'default')
+
+    await vi.waitFor(() => expect(handleBridgeRunMock).toHaveBeenCalled())
+    const call = handleBridgeRunMock.mock.calls.at(-1)!
+    expect(call[2]).toEqual(expect.objectContaining({
+      input: '[IMPORTANT: expanded plan skill prompt]',
+      display_input: '/plan build the feature',
+      display_role: 'command',
+      storage_message: '/plan build the feature',
+      queue_id: 'queue-plan',
+    }))
+    expect(call[6]).toBe(false)
+  })
+})
diff --git a/tests/server/run-chat-usage.test.ts b/tests/server/run-chat-usage.test.ts
new file mode 100644
index 0000000..fd91540
--- /dev/null
+++ b/tests/server/run-chat-usage.test.ts
@@ -0,0 +1,91 @@
+import { describe, expect, it, vi } from 'vitest'
+import { countTokens } from '../../packages/server/src/lib/context-compressor'
+import {
+  contextTokensWithCachedOverhead,
+  estimateUsageTokensFromMessages,
+  updateMessageContextTokenUsage,
+} from '../../packages/server/src/services/hermes/run-chat/usage'
+
+describe('run-chat usage token estimates', () => {
+  it('counts message content instead of serialized message payloads', () => {
+    const messages = [
+      { role: 'user', content: 'hello from user' },
+      { role: 'assistant', content: 'hello from assistant' },
+    ]
+
+    const usage = estimateUsageTokensFromMessages(messages)
+
+    expect(usage.inputTokens).toBe(countTokens('hello from user'))
+    expect(usage.outputTokens).toBe(countTokens('hello from assistant'))
+    expect(usage.inputTokens + usage.outputTokens).toBeLessThan(countTokens(JSON.stringify(messages)))
+  })
+
+  it('keeps assistant tool call tokens on the output side', () => {
+    const messages = [
+      {
+        role: 'assistant',
+        content: 'calling tool',
+        tool_calls: [{ id: 'call_1', type: 'function', function: { name: 'lookup', arguments: '{"q":"x"}' } }],
+      },
+    ]
+
+    const usage = estimateUsageTokensFromMessages(messages)
+
+    expect(usage.inputTokens).toBe(0)
+    expect(usage.outputTokens).toBe(countTokens('calling tool') + countTokens(String(messages[0].tool_calls || '')))
+  })
+
+  it('adds cached bridge fixed context when updating full context usage', () => {
+    const emit = vi.fn()
+    const state = {
+      messages: [],
+      isWorking: false,
+      events: [],
+      queue: [],
+      bridgeContext: { fixedContextTokens: 20_000 },
+    } as any
+
+    const contextTokens = updateMessageContextTokenUsage(
+      'session-1',
+      state,
+      emit,
+      1_569,
+      { inputTokens: 1_200, outputTokens: 369 },
+    )
+
+    expect(contextTokens).toBe(21_569)
+    expect(state.contextTokens).toBe(21_569)
+    expect(emit).toHaveBeenCalledWith('usage.updated', expect.objectContaining({
+      session_id: 'session-1',
+      inputTokens: 1_200,
+      outputTokens: 369,
+      contextTokens: 21_569,
+    }))
+  })
+
+  it('falls back to message tokens when bridge fixed context is missing', () => {
+    const emit = vi.fn()
+    const state = {
+      messages: [],
+      isWorking: false,
+      events: [],
+      queue: [],
+    } as any
+
+    expect(contextTokensWithCachedOverhead(state, 1_569)).toBe(1_569)
+
+    const contextTokens = updateMessageContextTokenUsage(
+      'session-1',
+      state,
+      emit,
+      1_569,
+      { inputTokens: 1_200, outputTokens: 369 },
+    )
+
+    expect(contextTokens).toBe(1_569)
+    expect(state.contextTokens).toBe(1_569)
+    expect(emit).toHaveBeenCalledWith('usage.updated', expect.objectContaining({
+      contextTokens: 1_569,
+    }))
+  })
+})
diff --git a/tests/server/safe-file-store.test.ts b/tests/server/safe-file-store.test.ts
new file mode 100644
index 0000000..718c80c
--- /dev/null
+++ b/tests/server/safe-file-store.test.ts
@@ -0,0 +1,54 @@
+import { mkdtemp, readFile, rm, writeFile } from 'fs/promises'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, describe, expect, it } from 'vitest'
+import YAML from 'js-yaml'
+import { SafeFileStore } from '../../packages/server/src/services/safe-file-store'
+
+const tempDirs: string[] = []
+
+async function tempFile(name: string): Promise<string> {
+  const dir = await mkdtemp(join(tmpdir(), 'hermes-safe-file-store-'))
+  tempDirs.push(dir)
+  return join(dir, name)
+}
+
+afterEach(async () => {
+  await Promise.all(tempDirs.splice(0).map(dir => rm(dir, { recursive: true, force: true })))
+})
+
+describe('SafeFileStore', () => {
+  it('serializes concurrent YAML read-modify-write updates for the same file', async () => {
+    const store = new SafeFileStore()
+    const file = await tempFile('config.yaml')
+    await writeFile(file, 'model:\n  default: old\n', 'utf-8')
+
+    await Promise.all([
+      store.updateYaml(file, async (cfg) => {
+        await new Promise(resolve => setTimeout(resolve, 25))
+        cfg.model.default = 'glm-5.1'
+        return cfg
+      }),
+      store.updateYaml(file, (cfg) => {
+        cfg.platforms = cfg.platforms || {}
+        cfg.platforms.api_server = { extra: { port: 8648 } }
+        return cfg
+      }),
+    ])
+
+    const result = YAML.load(await readFile(file, 'utf-8')) as any
+    expect(result.model.default).toBe('glm-5.1')
+    expect(result.platforms.api_server.extra.port).toBe(8648)
+  })
+
+  it('backs up the previous content and writes through a temporary file', async () => {
+    const store = new SafeFileStore()
+    const file = await tempFile('config.yaml')
+    await writeFile(file, 'model:\n  default: old\n', 'utf-8')
+
+    await store.writeText(file, 'model:\n  default: new\n', { backup: true })
+
+    await expect(readFile(`${file}.bak`, 'utf-8')).resolves.toContain('default: old')
+    await expect(readFile(file, 'utf-8')).resolves.toContain('default: new')
+  })
+})
diff --git a/tests/server/schema-sync.test.ts b/tests/server/schema-sync.test.ts
new file mode 100644
index 0000000..2b40d4b
--- /dev/null
+++ b/tests/server/schema-sync.test.ts
@@ -0,0 +1,409 @@
+import { beforeAll, beforeEach, describe, expect, it, vi, afterEach } from 'vitest'
+import { DatabaseSync } from 'node:sqlite'
+import { unlinkSync, existsSync, mkdirSync, copyFileSync, writeFileSync, readFileSync } from 'fs'
+import { resolve } from 'path'
+
+// Test database path
+const TEST_DB_DIR = resolve(process.cwd(), 'packages/server/data/test')
+const TEST_DB_PATH = resolve(TEST_DB_DIR, 'test-hermes.db')
+
+// Global test database instance
+let testDbInstance: DatabaseSync | null = null
+
+// Mock getDb to return our test database
+vi.mock('../../packages/server/src/db/index', () => ({
+  getDb: () => testDbInstance,
+  getStoragePath: () => TEST_DB_PATH,
+}))
+
+// Helper to get the actual database instance
+function getTestDb(): DatabaseSync {
+  if (!testDbInstance) {
+    throw new Error('Test database not initialized. Call beforeAll() first.')
+  }
+  return testDbInstance
+}
+
+// Helper to check if table exists
+function tableExists(db: DatabaseSync, tableName: string): boolean {
+  const result = db.prepare(
+    `SELECT name FROM sqlite_master WHERE type='table' AND name=?`
+  ).get(tableName)
+  return !!result
+}
+
+// Helper to get table columns
+function getTableColumns(db: DatabaseSync, tableName: string): Map<string, string> {
+  const columns = db.prepare(`PRAGMA table_info("${tableName}")`).all() as Array<{
+    name: string
+    type: string
+    pk: number
+  }>
+  const columnMap = new Map<string, string>()
+  for (const col of columns) {
+    columnMap.set(col.name, col.type)
+  }
+  return columnMap
+}
+
+// Helper to get table primary key from SQL
+function getTablePrimaryKey(db: DatabaseSync, tableName: string): string | null {
+  const tableInfo = db.prepare(
+    `SELECT sql FROM sqlite_master WHERE type='table' AND name=?`
+  ).get(tableName) as { sql: string } | undefined
+
+  const sql = tableInfo?.sql || ''
+
+  // First, check for composite primary key: PRIMARY KEY (col1, col2)
+  const pkMatch = sql.match(/PRIMARY KEY\s*\(([^)]+)\)/i)
+  if (pkMatch) {
+    return pkMatch[1].replace(/\s+/g, '')
+  }
+
+  // Then, check for inline primary key: col TEXT PRIMARY KEY
+  const inlinePkMatch = sql.match(/"(\w+)"\s+\w+\s+PRIMARY KEY/i)
+  if (inlinePkMatch) {
+    return inlinePkMatch[1]
+  }
+
+  return null
+}
+
+describe('Database Schema Synchronization', () => {
+  beforeAll(() => {
+    // Create test directory
+    if (!existsSync(TEST_DB_DIR)) {
+      mkdirSync(TEST_DB_DIR, { recursive: true })
+    }
+  })
+
+  beforeEach(() => {
+    // Clean up any existing test database
+    try { unlinkSync(TEST_DB_PATH) } catch {}
+    try { unlinkSync(TEST_DB_PATH + '-wal') } catch {}
+    try { unlinkSync(TEST_DB_PATH + '-shm') } catch {}
+
+    // Create new test database
+    testDbInstance = new DatabaseSync(TEST_DB_PATH)
+    testDbInstance.exec('PRAGMA journal_mode=WAL')
+    testDbInstance.exec('PRAGMA synchronous=NORMAL')
+
+    // Reset modules to ensure fresh imports
+    vi.resetModules()
+  })
+
+  afterEach(() => {
+    // Close test database
+    if (testDbInstance) {
+      testDbInstance.close()
+      testDbInstance = null
+    }
+
+    // Clean up test database and backup files
+    try { unlinkSync(TEST_DB_PATH) } catch {}
+    try { unlinkSync(TEST_DB_PATH + '-wal') } catch {}
+    try { unlinkSync(TEST_DB_PATH + '-shm') } catch {}
+  })
+
+  describe('Normal initialization - fresh database creation', () => {
+    it('creates all tables with correct schemas when database does not exist', async () => {
+      const { initAllHermesTables, USAGE_TABLE, USAGE_SCHEMA, SESSIONS_TABLE, SESSIONS_SCHEMA } =
+        await import('../../packages/server/src/db/hermes/schemas')
+
+      initAllHermesTables()
+
+      const db = getTestDb()
+
+      // Verify USAGE_TABLE was created
+      expect(tableExists(db, USAGE_TABLE)).toBe(true)
+
+      // Verify USAGE_TABLE has correct columns
+      const usageCols = getTableColumns(db, USAGE_TABLE)
+      expect(usageCols.size).toBe(Object.keys(USAGE_SCHEMA).length)
+      expect(usageCols.has('id')).toBe(true)
+      expect(usageCols.has('session_id')).toBe(true)
+      expect(usageCols.has('input_tokens')).toBe(true)
+
+      // Verify SESSIONS_TABLE was created
+      expect(tableExists(db, SESSIONS_TABLE)).toBe(true)
+
+      // Verify SESSIONS_TABLE has correct columns
+      const sessionsCols = getTableColumns(db, SESSIONS_TABLE)
+      expect(sessionsCols.size).toBe(Object.keys(SESSIONS_SCHEMA).length)
+      expect(sessionsCols.has('id')).toBe(true)
+      expect(sessionsCols.has('profile')).toBe(true)
+      expect(sessionsCols.has('source')).toBe(true)
+    })
+  })
+
+  describe('Safe additive schema changes', () => {
+    it('adds missing safe columns to existing table without rebuilding', async () => {
+      const { syncTable, USAGE_TABLE, USAGE_SCHEMA } = await import('../../packages/server/src/db/hermes/schemas')
+
+      // Create initial table without some columns
+      const db = getTestDb()
+      db.exec(`CREATE TABLE "${USAGE_TABLE}" (id INTEGER PRIMARY KEY AUTOINCREMENT, session_id TEXT NOT NULL, created_at INTEGER NOT NULL)`)
+
+      // Insert test data
+      db.prepare(`INSERT INTO "${USAGE_TABLE}" (session_id, created_at) VALUES (?, ?)`).run('test-1', Date.now())
+
+      // Sync with full schema
+      syncTable(USAGE_TABLE, USAGE_SCHEMA, { primaryKey: 'id' })
+
+      // Verify safe missing columns now exist
+      const cols = getTableColumns(db, USAGE_TABLE)
+      expect(cols.has('input_tokens')).toBe(true)
+      expect(cols.has('output_tokens')).toBe(true)
+      expect(cols.has('cache_read_tokens')).toBe(true)
+      expect(cols.has('cache_write_tokens')).toBe(true)
+
+      // Verify data integrity (should be preserved)
+      const row = db.prepare(`SELECT * FROM "${USAGE_TABLE}" WHERE session_id = ?`).get('test-1')
+      expect(row).toBeTruthy()
+      expect(row.session_id).toBe('test-1')
+    })
+
+    it('adds created_at to legacy session_usage tables missing the column', async () => {
+      const { syncTable, USAGE_TABLE, USAGE_SCHEMA } = await import('../../packages/server/src/db/hermes/schemas')
+
+      const db = getTestDb()
+      db.exec(`CREATE TABLE "${USAGE_TABLE}" (id INTEGER PRIMARY KEY AUTOINCREMENT, session_id TEXT NOT NULL)`)
+      db.prepare(`INSERT INTO "${USAGE_TABLE}" (session_id) VALUES (?)`).run('legacy-session')
+
+      syncTable(USAGE_TABLE, USAGE_SCHEMA, { primaryKey: 'id' })
+
+      const cols = getTableColumns(db, USAGE_TABLE)
+      expect(cols.has('created_at')).toBe(true)
+
+      const row = db.prepare(`SELECT session_id, created_at FROM "${USAGE_TABLE}" WHERE session_id = ?`).get('legacy-session')
+      expect(row).toMatchObject({ session_id: 'legacy-session', created_at: 0 })
+    })
+  })
+
+  describe('Schema sync with single-column primary keys', () => {
+    it('creates table with single-column primary key', async () => {
+      const { syncTable, GC_ROOM_AGENTS_TABLE, GC_ROOM_AGENTS_SCHEMA } =
+        await import('../../packages/server/src/db/hermes/schemas')
+
+      syncTable(GC_ROOM_AGENTS_TABLE, GC_ROOM_AGENTS_SCHEMA, {
+        primaryKey: 'id',
+      })
+
+      const db = getTestDb()
+
+      // Verify table exists
+      expect(tableExists(db, GC_ROOM_AGENTS_TABLE)).toBe(true)
+
+      // Verify single-column primary key
+      const pk = getTablePrimaryKey(db, GC_ROOM_AGENTS_TABLE)
+      expect(pk).toBe('id')
+
+      // Verify all columns exist
+      const cols = getTableColumns(db, GC_ROOM_AGENTS_TABLE)
+      expect(cols.has('id')).toBe(true)
+      expect(cols.has('roomId')).toBe(true)
+      expect(cols.has('agentId')).toBe(true)
+      expect(cols.has('profile')).toBe(true)
+      expect(cols.has('name')).toBe(true)
+
+      // Verify primary key constraint works (unique id required)
+      db.prepare(`INSERT INTO "${GC_ROOM_AGENTS_TABLE}" (id, roomId, agentId, profile, name, description, invited) VALUES (?, ?, ?, ?, ?, ?, ?)`)
+        .run('agent-1', 'room-1', 'agent-1', 'default', 'Agent 1', '', 0)
+
+      db.prepare(`INSERT INTO "${GC_ROOM_AGENTS_TABLE}" (id, roomId, agentId, profile, name, description, invited) VALUES (?, ?, ?, ?, ?, ?, ?)`)
+        .run('agent-2', 'room-1', 'agent-2', 'default', 'Agent 2', '', 0)
+
+      // Verify both rows exist
+      const rows = db.prepare(`SELECT COUNT(*) as count FROM "${GC_ROOM_AGENTS_TABLE}"`).get() as { count: number }
+      expect(rows.count).toBe(2)
+
+      // Verify duplicate primary key is rejected
+      expect(() => {
+        db.prepare(`INSERT INTO "${GC_ROOM_AGENTS_TABLE}" (id, roomId, agentId, profile, name, description, invited) VALUES (?, ?, ?, ?, ?, ?, ?)`)
+          .run('agent-1', 'room-1', 'agent-1', 'default', 'Agent 1 Duplicate', '', 0)
+      }).toThrow()
+    })
+  })
+
+  describe('Destructive schema changes are not applied automatically', () => {
+    it('does not rebuild table when primary key differs', async () => {
+      const { syncTable, GC_ROOM_MEMBERS_TABLE, GC_ROOM_MEMBERS_SCHEMA } =
+        await import('../../packages/server/src/db/hermes/schemas')
+
+      const db = getTestDb()
+
+      // Create table with roomId as primary key and all necessary columns
+      db.exec(`CREATE TABLE "${GC_ROOM_MEMBERS_TABLE}" (roomId TEXT PRIMARY KEY, userId TEXT, userName TEXT, description TEXT DEFAULT '', joinedAt INTEGER NOT NULL, updatedAt INTEGER NOT NULL)`)
+
+      // Insert test data
+      db.prepare(`INSERT INTO "${GC_ROOM_MEMBERS_TABLE}" (roomId, userId, userName, description, joinedAt, updatedAt) VALUES (?, ?, ?, ?, ?, ?)`)
+        .run('room-1', 'user-1', 'User 1', '', Date.now(), Date.now())
+
+      // Sync with id-based primary key schema
+      syncTable(GC_ROOM_MEMBERS_TABLE, GC_ROOM_MEMBERS_SCHEMA, {
+        primaryKey: 'id',
+      })
+
+      // Verify existing primary key was left untouched
+      const tableCols = db.prepare(`PRAGMA table_info("${GC_ROOM_MEMBERS_TABLE}")`).all() as Array<{ name: string; pk: number }>
+      expect(tableCols.find(c => c.name === 'roomId')?.pk).toBe(1)
+
+      // Verify data was preserved
+      const row = db.prepare(`SELECT * FROM "${GC_ROOM_MEMBERS_TABLE}" WHERE roomId = ? AND userId = ?`).get('room-1', 'user-1')
+      expect(row).toBeTruthy()
+      expect(row.roomId).toBe('room-1')
+      expect(row.userId).toBe('user-1')
+    })
+
+    it('does not rebuild table when column types differ', async () => {
+      const { syncTable, USAGE_TABLE, USAGE_SCHEMA } = await import('../../packages/server/src/db/hermes/schemas')
+
+      const db = getTestDb()
+
+      // Create table with wrong column type (INTEGER instead of TEXT for session_id)
+      db.exec(`CREATE TABLE "${USAGE_TABLE}" (id INTEGER PRIMARY KEY AUTOINCREMENT, session_id INTEGER NOT NULL, created_at INTEGER NOT NULL)`)
+
+      // Insert test data
+      db.prepare(`INSERT INTO "${USAGE_TABLE}" (session_id, created_at) VALUES (?, ?)`).run(12345, Date.now())
+
+      // Sync with correct schema
+      syncTable(USAGE_TABLE, USAGE_SCHEMA, { primaryKey: 'id' })
+
+      // Verify column type was left untouched
+      const cols = getTableColumns(db, USAGE_TABLE)
+      expect(cols.get('session_id')).toBe('INTEGER')
+
+      // Verify data was preserved
+      const rows = db.prepare(`SELECT COUNT(*) as count FROM "${USAGE_TABLE}"`).get() as { count: number }
+      expect(rows.count).toBe(1)
+    })
+  })
+
+  describe('Index synchronization', () => {
+    it('creates specified indexes on table', async () => {
+      const { syncTable, MESSAGES_TABLE, MESSAGES_SCHEMA } =
+        await import('../../packages/server/src/db/hermes/schemas')
+
+      syncTable(MESSAGES_TABLE, MESSAGES_SCHEMA, {
+        indexes: {
+          idx_messages_session_id: 'CREATE INDEX IF NOT EXISTS idx_messages_session_id ON messages(session_id)',
+        },
+      })
+
+      const db = getTestDb()
+
+      // Verify index was created
+      const indexes = db.prepare(`SELECT name FROM sqlite_master WHERE type='index' AND name=?`).get('idx_messages_session_id')
+      expect(indexes).toBeTruthy()
+    })
+
+    it('does not alter indexes on existing tables', async () => {
+      const { syncTable, MESSAGES_TABLE, MESSAGES_SCHEMA } =
+        await import('../../packages/server/src/db/hermes/schemas')
+
+      const db = getTestDb()
+
+      // Create table and an extra index
+      db.exec(`CREATE TABLE "${MESSAGES_TABLE}" (id INTEGER PRIMARY KEY AUTOINCREMENT, session_id TEXT NOT NULL, content TEXT)`)
+      db.exec(`CREATE INDEX idx_extra ON "${MESSAGES_TABLE}"(content)`)
+
+      // Sync without the extra index
+      syncTable(MESSAGES_TABLE, MESSAGES_SCHEMA, {
+        indexes: {
+          idx_messages_session_id: 'CREATE INDEX IF NOT EXISTS idx_messages_session_id ON messages(session_id)',
+        },
+      })
+
+      // Verify extra index remains
+      const extraIndex = db.prepare(`SELECT name FROM sqlite_master WHERE type='index' AND name=?`).get('idx_extra')
+      expect(extraIndex).toBeTruthy()
+
+      // Verify expected index was not added to an existing table
+      const correctIndex = db.prepare(`SELECT name FROM sqlite_master WHERE type='index' AND name=?`).get('idx_messages_session_id')
+      expect(correctIndex).toBeFalsy()
+    })
+  })
+
+  describe('Data preservation during schema sync', () => {
+    it('preserves data when adding safe columns', async () => {
+      const { syncTable, USAGE_TABLE, USAGE_SCHEMA } = await import('../../packages/server/src/db/hermes/schemas')
+
+      const db = getTestDb()
+
+      // Create minimal table
+      db.exec(`CREATE TABLE "${USAGE_TABLE}" (id INTEGER PRIMARY KEY AUTOINCREMENT, session_id TEXT NOT NULL, created_at INTEGER NOT NULL)`)
+
+      // Insert test data (only columns that exist)
+      const sessionId = 'test-session-123'
+      db.prepare(`INSERT INTO "${USAGE_TABLE}" (session_id, created_at) VALUES (?, ?)`).run(sessionId, Date.now())
+
+      // Sync with full schema (should add safe columns only)
+      syncTable(USAGE_TABLE, USAGE_SCHEMA, { primaryKey: 'id' })
+
+      // Verify data is still there
+      const row = db.prepare(`SELECT * FROM "${USAGE_TABLE}" WHERE session_id = ?`).get(sessionId)
+      expect(row).toBeTruthy()
+      expect(row.session_id).toBe(sessionId)
+
+      const cols = getTableColumns(db, USAGE_TABLE)
+      expect(cols.has('input_tokens')).toBe(true)
+    })
+
+    it('preserves data and existing table definition when primary key is missing', async () => {
+      const { syncTable, GC_ROOM_AGENTS_TABLE, GC_ROOM_AGENTS_SCHEMA } =
+        await import('../../packages/server/src/db/hermes/schemas')
+
+      const db = getTestDb()
+
+      // Create table without id primary key but with all columns
+      db.exec(`CREATE TABLE "${GC_ROOM_AGENTS_TABLE}" (id TEXT NOT NULL, roomId TEXT NOT NULL, agentId TEXT NOT NULL, profile TEXT NOT NULL, name TEXT NOT NULL, description TEXT DEFAULT '', invited INTEGER DEFAULT 0)`)
+
+      // Insert test data (only columns that exist)
+      db.prepare(`INSERT INTO "${GC_ROOM_AGENTS_TABLE}" (id, roomId, agentId, profile, name, description, invited) VALUES (?, ?, ?, ?, ?, ?, ?)`)
+        .run('agent-1', 'room-1', 'agent-1', 'default', 'Test Agent', '', 0)
+
+      // Sync with id primary key expectation; should not rebuild existing table
+      syncTable(GC_ROOM_AGENTS_TABLE, GC_ROOM_AGENTS_SCHEMA, {
+        primaryKey: 'id',
+      })
+
+      expect(getTablePrimaryKey(db, GC_ROOM_AGENTS_TABLE)).toBe(null)
+
+      // Verify data was preserved
+      const row = db.prepare(`SELECT * FROM "${GC_ROOM_AGENTS_TABLE}" WHERE id = ?`)
+        .get('agent-1')
+      expect(row).toBeTruthy()
+      expect(row.id).toBe('agent-1')
+      expect(row.roomId).toBe('room-1')
+      expect(row.agentId).toBe('agent-1')
+      expect(row.name).toBe('Test Agent')
+    })
+  })
+
+  describe('Column preservation', () => {
+    it('keeps extra columns on existing table', async () => {
+      const { syncTable, USAGE_TABLE, USAGE_SCHEMA } = await import('../../packages/server/src/db/hermes/schemas')
+
+      // Create table with extra columns
+      const db = getTestDb()
+      db.exec(`CREATE TABLE "${USAGE_TABLE}" (id INTEGER PRIMARY KEY AUTOINCREMENT, session_id TEXT NOT NULL, created_at INTEGER NOT NULL, extra_col TEXT, another_extra INTEGER)`)
+
+      // Insert test data (only for columns that exist)
+      db.prepare(`INSERT INTO "${USAGE_TABLE}" (session_id, created_at, extra_col, another_extra) VALUES (?, ?, ?, ?)`)
+        .run('test-1', Date.now(), 'value', 123)
+
+      // Sync with schema (should keep extra columns)
+      syncTable(USAGE_TABLE, USAGE_SCHEMA, { primaryKey: 'id' })
+
+      // Verify extra columns are preserved
+      const cols = getTableColumns(db, USAGE_TABLE)
+      expect(cols.has('extra_col')).toBe(true)
+      expect(cols.has('another_extra')).toBe(true)
+
+      // Verify data is still there
+      const row = db.prepare(`SELECT * FROM "${USAGE_TABLE}" WHERE session_id = ?`).get('test-1')
+      expect(row).toBeTruthy()
+      expect(row.session_id).toBe('test-1')
+    })
+  })
+})
diff --git a/tests/server/session-command-plan.test.ts b/tests/server/session-command-plan.test.ts
new file mode 100644
index 0000000..c69ed0b
--- /dev/null
+++ b/tests/server/session-command-plan.test.ts
@@ -0,0 +1,333 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const addMessageMock = vi.fn()
+const createSessionMock = vi.fn()
+const getSessionMock = vi.fn()
+const updateSessionStatsMock = vi.fn()
+
+vi.mock('../../packages/server/src/db/hermes/session-store', () => ({
+  addMessage: addMessageMock,
+  clearSessionMessages: vi.fn(),
+  createSession: createSessionMock,
+  getSession: getSessionMock,
+  renameSession: vi.fn(),
+  updateSessionStats: updateSessionStatsMock,
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: { info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() },
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/compression', () => ({
+  buildDbHistory: vi.fn(),
+  estimateSnapshotAwareHistoryUsage: vi.fn(),
+  forceCompressBridgeHistory: vi.fn(),
+  getOrCreateSession: vi.fn((_map: Map<string, any>, sessionId: string) => _map.get(sessionId)),
+  replaceState: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/usage', () => ({
+  calcAndUpdateUsage: vi.fn(),
+  contextTokensWithCachedOverhead: vi.fn(),
+  updateMessageContextTokenUsage: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/abort', () => ({
+  handleAbort: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/run-chat/bridge-message', () => ({
+  flushBridgePendingToDb: vi.fn(),
+}))
+
+function makeContext(state: any, commandResult: Record<string, unknown> = {
+  handled: true,
+  message: '[IMPORTANT: expanded plan skill prompt]',
+}) {
+  const namespaceEmit = vi.fn()
+  const nsp = {
+    to: vi.fn(() => ({ emit: namespaceEmit })),
+    adapter: { rooms: new Map([['session:session-1', new Set(['socket-1'])]]) },
+  }
+  const socket = {
+    id: 'socket-1',
+    connected: true,
+    join: vi.fn(),
+    emit: vi.fn(),
+  }
+  const sessionMap = new Map([['session-1', state]])
+  const runQueuedItem = vi.fn()
+  const bridge = {
+    command: vi.fn(async () => commandResult),
+    mcpReload: vi.fn(async () => ({ ok: true, message: 'MCP servers reloaded' })),
+    status: vi.fn(async () => ({
+      exists: true,
+      running: false,
+      current_run_id: null,
+      message_count: 0,
+    })),
+  }
+  return { bridge, namespaceEmit, nsp, runQueuedItem, sessionMap, socket }
+}
+
+describe('plan session command', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    getSessionMock.mockReturnValue({ id: 'session-1', profile: 'default', source: 'cli' })
+  })
+
+  it('queues running plan commands once without visible command echo', async () => {
+    const state = { messages: [], isWorking: true, events: [], queue: [] }
+    const { bridge, namespaceEmit, nsp, runQueuedItem, sessionMap, socket } = makeContext(state)
+    const { handleSessionCommand, parseSessionCommand } = await import('../../packages/server/src/services/hermes/run-chat/session-command')
+    const command = parseSessionCommand('/plan build the feature')!
+
+    await handleSessionCommand('session-1', command, {
+      nsp: nsp as any,
+      socket: socket as any,
+      sessionMap,
+      bridge: bridge as any,
+      profile: 'default',
+      queueId: 'client-queue-id',
+      runQueuedItem,
+    })
+
+    expect(addMessageMock).not.toHaveBeenCalled()
+    expect(runQueuedItem).not.toHaveBeenCalled()
+    expect(state.queue).toEqual([expect.objectContaining({
+      queue_id: 'client-queue-id',
+      input: '[IMPORTANT: expanded plan skill prompt]',
+      displayInput: '/plan build the feature',
+      displayRole: 'command',
+      storageMessage: '/plan build the feature',
+    })])
+    expect(namespaceEmit).toHaveBeenCalledWith('run.queued', expect.objectContaining({
+      queue_length: 1,
+      queued_messages: [expect.objectContaining({
+        id: 'client-queue-id',
+        role: 'command',
+        content: '/plan build the feature',
+        queued: true,
+      })],
+    }))
+    expect(namespaceEmit).not.toHaveBeenCalledWith('session.command', expect.anything())
+  })
+
+  it('starts an idle goal command as a hidden kickoff run', async () => {
+    const state = { messages: [], isWorking: false, events: [], queue: [] }
+    const { bridge, namespaceEmit, runQueuedItem, sessionMap, socket, nsp } = makeContext(state, {
+      handled: true,
+      type: 'goal',
+      action: 'set',
+      message: 'Goal set.',
+      kickoff_prompt: 'fix the tests',
+      max_turns: 20,
+    })
+    const { handleSessionCommand, parseSessionCommand } = await import('../../packages/server/src/services/hermes/run-chat/session-command')
+    const command = parseSessionCommand('/goal fix the tests')!
+
+    await handleSessionCommand('session-1', command, {
+      nsp: nsp as any,
+      socket: socket as any,
+      sessionMap,
+      bridge: bridge as any,
+      profile: 'default',
+      queueId: 'goal-queue-id',
+      runQueuedItem,
+    })
+
+    expect(bridge.command).toHaveBeenCalledWith('session-1', 'goal fix the tests', 'default')
+    expect(namespaceEmit).toHaveBeenCalledWith('session.command', expect.objectContaining({
+      action: 'set',
+      message: 'Goal set.',
+      terminal: false,
+      started: true,
+    }))
+    expect(runQueuedItem).toHaveBeenCalledWith(socket, 'session-1', expect.objectContaining({
+      queue_id: 'goal-queue-id',
+      input: 'fix the tests',
+      displayInput: null,
+      storageMessage: 'fix the tests',
+      source: 'cli',
+    }), 'default')
+  })
+
+  it('clears queued goal continuations when pausing a goal', async () => {
+    const state = {
+      messages: [],
+      isWorking: true,
+      events: [],
+      queue: [
+        { queue_id: 'goal-1', input: 'continue', displayInput: null, storageMessage: 'continue', profile: 'default', goalContinuation: true },
+        { queue_id: 'user-1', input: 'user message', profile: 'default' },
+      ],
+    }
+    const { bridge, namespaceEmit, runQueuedItem, sessionMap, socket, nsp } = makeContext(state, {
+      handled: true,
+      type: 'goal',
+      action: 'pause',
+      message: 'Goal paused.',
+      clear_goal_continuations: true,
+    })
+    const { handleSessionCommand, parseSessionCommand } = await import('../../packages/server/src/services/hermes/run-chat/session-command')
+    const command = parseSessionCommand('/goal pause')!
+
+    await handleSessionCommand('session-1', command, {
+      nsp: nsp as any,
+      socket: socket as any,
+      sessionMap,
+      bridge: bridge as any,
+      profile: 'default',
+      runQueuedItem,
+    })
+
+    expect(runQueuedItem).not.toHaveBeenCalled()
+    expect(state.queue).toEqual([expect.objectContaining({ queue_id: 'user-1' })])
+    expect(namespaceEmit).toHaveBeenCalledWith('run.queued', expect.objectContaining({
+      queue_length: 1,
+      queued_messages: [expect.objectContaining({ id: 'user-1', content: 'user message' })],
+    }))
+  })
+
+  it('emits a goal-specific clear action for goal done', async () => {
+    const state = {
+      messages: [],
+      isWorking: false,
+      events: [],
+      queue: [
+        { queue_id: 'goal-1', input: 'continue', displayInput: null, storageMessage: 'continue', profile: 'default', goalContinuation: true },
+      ],
+    }
+    const { bridge, namespaceEmit, runQueuedItem, sessionMap, socket, nsp } = makeContext(state, {
+      handled: true,
+      type: 'goal',
+      action: 'clear',
+      message: 'Goal cleared.',
+      clear_goal_continuations: true,
+    })
+    const { handleSessionCommand, parseSessionCommand } = await import('../../packages/server/src/services/hermes/run-chat/session-command')
+    const command = parseSessionCommand('/goal done')!
+
+    await handleSessionCommand('session-1', command, {
+      nsp: nsp as any,
+      socket: socket as any,
+      sessionMap,
+      bridge: bridge as any,
+      profile: 'default',
+      runQueuedItem,
+    })
+
+    expect(bridge.command).toHaveBeenCalledWith('session-1', 'goal done', 'default')
+    expect(runQueuedItem).not.toHaveBeenCalled()
+    expect(state.queue).toEqual([])
+    expect(namespaceEmit).toHaveBeenCalledWith('session.command', expect.objectContaining({
+      command: 'goal',
+      action: 'goal_clear',
+      message: 'Goal cleared.',
+      terminal: true,
+      started: false,
+    }))
+  })
+
+  it('starts a resumed goal as a hidden continuation run', async () => {
+    const state = { messages: [], isWorking: false, events: [], queue: [] }
+    const { bridge, namespaceEmit, runQueuedItem, sessionMap, socket, nsp } = makeContext(state, {
+      handled: true,
+      type: 'goal',
+      action: 'resume',
+      message: 'Goal resumed.',
+      kickoff_prompt: '[Continuing toward your standing goal]\nGoal: fix the tests',
+      max_turns: 20,
+    })
+    const { handleSessionCommand, parseSessionCommand } = await import('../../packages/server/src/services/hermes/run-chat/session-command')
+    const command = parseSessionCommand('/goal resume')!
+
+    await handleSessionCommand('session-1', command, {
+      nsp: nsp as any,
+      socket: socket as any,
+      sessionMap,
+      bridge: bridge as any,
+      profile: 'default',
+      queueId: 'resume-queue-id',
+      runQueuedItem,
+    })
+
+    expect(bridge.command).toHaveBeenCalledWith('session-1', 'goal resume', 'default')
+    expect(namespaceEmit).toHaveBeenCalledWith('session.command', expect.objectContaining({
+      action: 'resume',
+      message: 'Goal resumed.',
+      terminal: false,
+      started: true,
+    }))
+    expect(runQueuedItem).toHaveBeenCalledWith(socket, 'session-1', expect.objectContaining({
+      queue_id: 'resume-queue-id',
+      input: '[Continuing toward your standing goal]\nGoal: fix the tests',
+      displayInput: null,
+      storageMessage: '[Continuing toward your standing goal]\nGoal: fix the tests',
+      source: 'cli',
+    }), 'default')
+  })
+
+  it('includes bridge run state in goal status output', async () => {
+    const state = { messages: [], isWorking: false, events: [], queue: [] }
+    const { bridge, namespaceEmit, runQueuedItem, sessionMap, socket, nsp } = makeContext(state, {
+      handled: true,
+      type: 'goal',
+      action: 'goal_status',
+      message: 'Goal (active, 0/20 turns): build docs',
+    })
+    bridge.status.mockResolvedValueOnce({
+      exists: true,
+      running: true,
+      current_run_id: 'run-123',
+      message_count: 4,
+    })
+    const { handleSessionCommand, parseSessionCommand } = await import('../../packages/server/src/services/hermes/run-chat/session-command')
+    const command = parseSessionCommand('/goal status')!
+
+    await handleSessionCommand('session-1', command, {
+      nsp: nsp as any,
+      socket: socket as any,
+      sessionMap,
+      bridge: bridge as any,
+      profile: 'default',
+      runQueuedItem,
+    })
+
+    expect(runQueuedItem).not.toHaveBeenCalled()
+    expect(namespaceEmit).toHaveBeenCalledWith('session.command', expect.objectContaining({
+      action: 'goal_status',
+      message: 'Goal (active, 0/20 turns): build docs\nCurrent turn: 1/20 running (completed turns: 0/20; count updates after the judge).\nRun: running (run-123)',
+      bridgeStatus: expect.objectContaining({
+        running: true,
+        currentRunId: 'run-123',
+      }),
+    }))
+  })
+
+  it('rejects MCP reload while the session is running', async () => {
+    const state = { messages: [], isWorking: true, events: [], queue: [] }
+    const { bridge, namespaceEmit, runQueuedItem, sessionMap, socket, nsp } = makeContext(state)
+    const { handleSessionCommand, parseSessionCommand } = await import('../../packages/server/src/services/hermes/run-chat/session-command')
+    const command = parseSessionCommand('/reload-mcp github')!
+
+    await handleSessionCommand('session-1', command, {
+      nsp: nsp as any,
+      socket: socket as any,
+      sessionMap,
+      bridge: bridge as any,
+      profile: 'default',
+      runQueuedItem,
+    })
+
+    expect(bridge.mcpReload).not.toHaveBeenCalled()
+    expect(runQueuedItem).not.toHaveBeenCalled()
+    expect(namespaceEmit).toHaveBeenCalledWith('session.command', expect.objectContaining({
+      command: 'reload-mcp',
+      ok: false,
+      action: 'reload-mcp',
+      terminal: false,
+      message: 'MCP reload can only run while the session is idle. Wait for the current run to finish or abort it first.',
+    }))
+  })
+})
diff --git a/tests/server/session-detail-db.test.ts b/tests/server/session-detail-db.test.ts
new file mode 100644
index 0000000..18e56fc
--- /dev/null
+++ b/tests/server/session-detail-db.test.ts
@@ -0,0 +1,221 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdtempSync, rmSync } from 'fs'
+import { join } from 'path'
+import { tmpdir } from 'os'
+
+const profileDirState = vi.hoisted(() => ({ value: '' }))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileDir: () => profileDirState.value,
+}))
+
+function ensureSqliteAvailable() {
+  const [major, minor] = process.versions.node.split('.').map(Number)
+  if (major < 22 || (major === 22 && minor < 5)) {
+    throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`)
+  }
+}
+
+function createSchema(db: any) {
+  db.exec(`
+    CREATE TABLE sessions (
+      id TEXT PRIMARY KEY,
+      source TEXT NOT NULL,
+      user_id TEXT,
+      model TEXT,
+      model_config TEXT,
+      system_prompt TEXT,
+      parent_session_id TEXT,
+      started_at REAL NOT NULL,
+      ended_at REAL,
+      end_reason TEXT,
+      message_count INTEGER DEFAULT 0,
+      tool_call_count INTEGER DEFAULT 0,
+      input_tokens INTEGER DEFAULT 0,
+      output_tokens INTEGER DEFAULT 0,
+      cache_read_tokens INTEGER DEFAULT 0,
+      cache_write_tokens INTEGER DEFAULT 0,
+      reasoning_tokens INTEGER DEFAULT 0,
+      billing_provider TEXT,
+      billing_base_url TEXT,
+      billing_mode TEXT,
+      estimated_cost_usd REAL,
+      actual_cost_usd REAL,
+      cost_status TEXT,
+      cost_source TEXT,
+      pricing_version TEXT,
+      title TEXT,
+      api_call_count INTEGER DEFAULT 0,
+      FOREIGN KEY (parent_session_id) REFERENCES sessions(id)
+    );
+
+    CREATE TABLE messages (
+      id INTEGER PRIMARY KEY,
+      session_id TEXT NOT NULL REFERENCES sessions(id),
+      role TEXT NOT NULL,
+      content TEXT,
+      tool_call_id TEXT,
+      tool_calls TEXT,
+      tool_name TEXT,
+      timestamp REAL NOT NULL,
+      token_count INTEGER,
+      finish_reason TEXT,
+      reasoning TEXT,
+      reasoning_details TEXT,
+      codex_reasoning_items TEXT,
+      reasoning_content TEXT
+    );
+  `)
+}
+
+function insertSession(db: any, session: Record<string, unknown>) {
+  db.prepare(`
+    INSERT INTO sessions (
+      id, source, user_id, model, model_config, system_prompt, parent_session_id,
+      started_at, ended_at, end_reason, message_count, tool_call_count,
+      input_tokens, output_tokens, cache_read_tokens, cache_write_tokens,
+      reasoning_tokens, billing_provider, billing_base_url, billing_mode,
+      estimated_cost_usd, actual_cost_usd, cost_status, cost_source,
+      pricing_version, title, api_call_count
+    ) VALUES (
+      @id, @source, @user_id, @model, @model_config, @system_prompt, @parent_session_id,
+      @started_at, @ended_at, @end_reason, @message_count, @tool_call_count,
+      @input_tokens, @output_tokens, @cache_read_tokens, @cache_write_tokens,
+      @reasoning_tokens, @billing_provider, @billing_base_url, @billing_mode,
+      @estimated_cost_usd, @actual_cost_usd, @cost_status, @cost_source,
+      @pricing_version, @title, @api_call_count
+    )
+  `).run({
+    user_id: null,
+    model_config: null,
+    system_prompt: null,
+    parent_session_id: null,
+    ended_at: null,
+    end_reason: null,
+    message_count: 0,
+    tool_call_count: 0,
+    input_tokens: 0,
+    output_tokens: 0,
+    cache_read_tokens: 0,
+    cache_write_tokens: 0,
+    reasoning_tokens: 0,
+    billing_provider: null,
+    billing_base_url: null,
+    billing_mode: null,
+    estimated_cost_usd: 0,
+    actual_cost_usd: null,
+    cost_status: '',
+    cost_source: null,
+    pricing_version: null,
+    title: null,
+    api_call_count: 0,
+    ...session,
+  })
+}
+
+function insertMessage(db: any, message: Record<string, unknown>) {
+  db.prepare(`
+    INSERT INTO messages (
+      id, session_id, role, content, tool_call_id, tool_calls, tool_name,
+      timestamp, token_count, finish_reason, reasoning, reasoning_details,
+      codex_reasoning_items, reasoning_content
+    ) VALUES (
+      @id, @session_id, @role, @content, @tool_call_id, @tool_calls, @tool_name,
+      @timestamp, @token_count, @finish_reason, @reasoning, @reasoning_details,
+      @codex_reasoning_items, @reasoning_content
+    )
+  `).run({
+    tool_call_id: null,
+    tool_calls: null,
+    tool_name: null,
+    token_count: null,
+    finish_reason: null,
+    reasoning: null,
+    reasoning_details: null,
+    codex_reasoning_items: null,
+    reasoning_content: null,
+    ...message,
+  })
+}
+
+describe('session DB detail', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    profileDirState.value = mkdtempSync(join(tmpdir(), 'hwui-session-detail-db-'))
+  })
+
+  afterEach(() => {
+    if (profileDirState.value) rmSync(profileDirState.value, { recursive: true, force: true })
+  })
+
+  it('reconstructs compressed continuation messages for session detail', async () => {
+    ensureSqliteAvailable()
+    const { DatabaseSync } = await import('node:sqlite')
+    const db = new DatabaseSync(join(profileDirState.value, 'state.db'))
+    createSchema(db)
+
+    insertSession(db, {
+      id: 'root',
+      source: 'cli',
+      model: 'gpt-5.5',
+      title: 'Root title',
+      started_at: 100,
+      ended_at: 110,
+      end_reason: 'compression',
+      message_count: 2,
+      tool_call_count: 1,
+      input_tokens: 10,
+      output_tokens: 20,
+      actual_cost_usd: 0.1,
+      cost_status: 'estimated',
+    })
+    insertSession(db, {
+      id: 'root-cont',
+      parent_session_id: 'root',
+      source: 'cli',
+      model: 'gpt-5.5',
+      started_at: 110,
+      ended_at: 120,
+      end_reason: null,
+      message_count: 2,
+      tool_call_count: 0,
+      input_tokens: 3,
+      output_tokens: 4,
+      actual_cost_usd: 0.2,
+      cost_status: 'final',
+    })
+
+    insertMessage(db, { id: 1, session_id: 'root', role: 'user', content: 'before compression', timestamp: 101 })
+    insertMessage(db, {
+      id: 2,
+      session_id: 'root',
+      role: 'assistant',
+      content: '',
+      tool_calls: JSON.stringify([{ id: 'call-1', type: 'function', function: { name: 'terminal', arguments: '{"command":"pwd"}' } }]),
+      finish_reason: 'tool_calls',
+      reasoning_content: 'thinking before tool',
+      timestamp: 102,
+    })
+    insertMessage(db, { id: 3, session_id: 'root-cont', role: 'tool', content: '{"output":"/tmp"}', tool_call_id: 'call-1', timestamp: 111 })
+    insertMessage(db, { id: 4, session_id: 'root-cont', role: 'assistant', content: 'after compression', timestamp: 112 })
+    db.close()
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const detail = await mod.getSessionDetailFromDb('root')
+
+    expect(detail?.id).toBe('root')
+    expect(detail?.message_count).toBe(4)
+    expect(detail?.tool_call_count).toBe(1)
+    expect(detail?.ended_at).toBe(120)
+    expect(detail?.cost_status).toBe('mixed')
+    expect(detail?.actual_cost_usd).toBeCloseTo(0.3)
+    expect(detail?.messages.map((message: any) => `${message.session_id}:${message.role}:${message.content}`)).toEqual([
+      'root:user:before compression',
+      'root:assistant:',
+      'root-cont:tool:{"output":"/tmp"}',
+      'root-cont:assistant:after compression',
+    ])
+    expect(detail?.messages[1].tool_calls?.[0]?.function?.name).toBe('terminal')
+    expect(detail?.messages[1].reasoning).toBe('thinking before tool')
+  })
+})
diff --git a/tests/server/session-sync.test.ts b/tests/server/session-sync.test.ts
new file mode 100644
index 0000000..39dbec7
--- /dev/null
+++ b/tests/server/session-sync.test.ts
@@ -0,0 +1,60 @@
+/**
+ * Tests for the disabled Hermes session import path.
+ */
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+describe('session-sync', () => {
+  let db: any = null
+
+  beforeEach(async () => {
+    vi.resetModules()
+    const { DatabaseSync } = await import('node:sqlite')
+    db = new DatabaseSync(':memory:')
+    vi.doMock('../../packages/server/src/db/index', () => ({
+      getDb: () => db,
+      getStoragePath: () => ':memory:',
+    }))
+    vi.doMock('../../packages/server/src/db/hermes/sessions-db', () => ({
+      listSessionSummaries: vi.fn().mockResolvedValue([]),
+      getSessionDetailFromDbWithProfile: vi.fn(),
+    }))
+  })
+
+  afterEach(() => {
+    db?.close()
+    db = null
+    vi.doUnmock('../../packages/server/src/db/index')
+    vi.doUnmock('../../packages/server/src/db/hermes/sessions-db')
+    vi.resetModules()
+  })
+
+  async function initTestDb() {
+    const { initAllStores } = await import('../../packages/server/src/db/hermes/init')
+    initAllStores()
+  }
+
+  it('does not import Hermes sessions when local DB is not empty', async () => {
+    await initTestDb()
+    const { syncAllHermesSessionsOnStartup } = await import('../../packages/server/src/services/hermes/session-sync')
+
+    db.prepare(`
+      INSERT INTO sessions (id, profile, source, model, title, started_at, last_active)
+      VALUES ('test-session-1', 'default', 'api_server', 'gpt-4', 'Test Session', ?, ?)
+    `).run(Date.now(), Date.now())
+
+    await syncAllHermesSessionsOnStartup()
+
+    const countAfter = db.prepare('SELECT COUNT(*) as count FROM sessions').get() as { count: number }
+    expect(countAfter.count).toBe(1)
+  })
+
+  it('does not import Hermes sessions when local DB is empty', async () => {
+    await initTestDb()
+    const { syncAllHermesSessionsOnStartup } = await import('../../packages/server/src/services/hermes/session-sync')
+
+    await expect(syncAllHermesSessionsOnStartup()).resolves.toBeUndefined()
+
+    const countAfter = db.prepare('SELECT COUNT(*) as count FROM sessions').get() as { count: number }
+    expect(countAfter.count).toBe(0)
+  })
+})
diff --git a/tests/server/sessions-controller.test.ts b/tests/server/sessions-controller.test.ts
new file mode 100644
index 0000000..db11350
--- /dev/null
+++ b/tests/server/sessions-controller.test.ts
@@ -0,0 +1,859 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const listConversationSummariesFromDbMock = vi.fn()
+const getConversationDetailFromDbMock = vi.fn()
+const listConversationSummariesMock = vi.fn()
+const getConversationDetailMock = vi.fn()
+const listSessionSummariesMock = vi.fn()
+const getSessionDetailFromDbMock = vi.fn()
+const getSessionDetailFromDbWithProfileMock = vi.fn()
+const getExactSessionDetailFromDbWithProfileMock = vi.fn()
+const getUsageStatsFromDbMock = vi.fn()
+const getSessionMock = vi.fn()
+const deleteHermesSessionForProfileMock = vi.fn()
+const localListSessionsMock = vi.fn()
+const localGetSessionDetailMock = vi.fn()
+const localSearchSessionsMock = vi.fn()
+const localDeleteSessionMock = vi.fn()
+const localRenameSessionMock = vi.fn()
+const localCreateSessionMock = vi.fn()
+const localUpdateSessionMock = vi.fn()
+const localAddMessagesMock = vi.fn()
+const localUpdateSessionStatsMock = vi.fn()
+const getGroupChatServerMock = vi.fn()
+const getLocalUsageStatsMock = vi.fn()
+const getActiveProfileNameMock = vi.fn()
+const loggerWarnMock = vi.fn()
+const getCompressionSnapshotMock = vi.fn()
+const listUserProfilesMock = vi.fn()
+const readConfigYamlForProfileMock = vi.fn()
+
+vi.mock('../../packages/server/src/db/hermes/conversations-db', () => ({
+  listConversationSummariesFromDb: listConversationSummariesFromDbMock,
+  getConversationDetailFromDb: getConversationDetailFromDbMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/conversations', () => ({
+  listConversationSummaries: listConversationSummariesMock,
+  getConversationDetail: getConversationDetailMock,
+}))
+
+vi.mock('../../packages/server/src/services/logger', () => ({
+  logger: {
+    warn: loggerWarnMock,
+    error: vi.fn(),
+  },
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-cli', () => ({
+  listSessions: vi.fn(),
+  getSession: getSessionMock,
+  deleteSession: vi.fn(),
+  deleteSessionForProfile: deleteHermesSessionForProfileMock,
+  renameSession: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/db/hermes/sessions-db', () => ({
+  listSessionSummaries: listSessionSummariesMock,
+  searchSessionSummaries: vi.fn(),
+  getSessionDetailFromDb: getSessionDetailFromDbMock,
+  getSessionDetailFromDbWithProfile: getSessionDetailFromDbWithProfileMock,
+  getExactSessionDetailFromDbWithProfile: getExactSessionDetailFromDbWithProfileMock,
+  getUsageStatsFromDb: getUsageStatsFromDbMock,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/session-store', () => ({
+  listSessions: localListSessionsMock,
+  searchSessions: localSearchSessionsMock,
+  getSessionDetail: localGetSessionDetailMock,
+  deleteSession: localDeleteSessionMock,
+  renameSession: localRenameSessionMock,
+  createSession: localCreateSessionMock,
+  addMessages: localAddMessagesMock,
+  getSession: getSessionMock,
+  updateSession: localUpdateSessionMock,
+  updateSessionStats: localUpdateSessionStatsMock,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/users-store', () => ({
+  listUserProfiles: listUserProfilesMock,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/usage-store', () => ({
+  deleteUsage: vi.fn(),
+  getUsage: vi.fn(),
+  getUsageBatch: vi.fn(),
+  getLocalUsageStats: getLocalUsageStatsMock,
+}))
+
+vi.mock('../../packages/server/src/routes/hermes/group-chat', () => ({
+  getGroupChatServer: getGroupChatServerMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/model-context', () => ({
+  getModelContextLength: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileName: getActiveProfileNameMock,
+  listProfileNamesFromDisk: () => ['default', 'travel'],
+}))
+
+vi.mock('../../packages/server/src/services/config-helpers', () => ({
+  readConfigYamlForProfile: readConfigYamlForProfileMock,
+}))
+
+vi.mock('../../packages/server/src/db/hermes/compression-snapshot', () => ({
+  getCompressionSnapshot: getCompressionSnapshotMock,
+}))
+
+vi.mock('../../packages/server/src/lib/context-compressor/export-compressor', () => ({
+  ExportCompressor: class {
+    async compress(messages: any[]) {
+      return {
+        messages,
+        meta: { totalMessages: messages.length, compressed: true, llmCompressed: true, summaryTokenEstimate: 100, verbatimCount: 0, compressedStartIndex: -1 },
+      }
+    }
+  },
+}))
+
+describe('session conversations controller', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    listConversationSummariesFromDbMock.mockReset()
+    getConversationDetailFromDbMock.mockReset()
+    listConversationSummariesMock.mockReset()
+    getConversationDetailMock.mockReset()
+    listSessionSummariesMock.mockReset()
+    getSessionDetailFromDbMock.mockReset()
+    getSessionDetailFromDbWithProfileMock.mockReset()
+    getExactSessionDetailFromDbWithProfileMock.mockReset()
+    getUsageStatsFromDbMock.mockReset()
+    getSessionMock.mockReset()
+    deleteHermesSessionForProfileMock.mockReset()
+    localListSessionsMock.mockReset()
+    localGetSessionDetailMock.mockReset()
+    localSearchSessionsMock.mockReset()
+    localDeleteSessionMock.mockReset()
+    localRenameSessionMock.mockReset()
+    localCreateSessionMock.mockReset()
+    localUpdateSessionMock.mockReset()
+    localAddMessagesMock.mockReset()
+    localUpdateSessionStatsMock.mockReset()
+    getGroupChatServerMock.mockReset()
+    getGroupChatServerMock.mockReturnValue(null)
+    getLocalUsageStatsMock.mockReset()
+    getActiveProfileNameMock.mockReset()
+    getActiveProfileNameMock.mockReturnValue('default')
+    loggerWarnMock.mockReset()
+    getCompressionSnapshotMock.mockReset()
+    listUserProfilesMock.mockReset()
+    listUserProfilesMock.mockReturnValue([])
+    readConfigYamlForProfileMock.mockReset()
+    readConfigYamlForProfileMock.mockResolvedValue({ model: { default: 'gpt-default', provider: 'openai' } })
+  })
+
+  it('lists conversations from the local session store', async () => {
+    localListSessionsMock.mockReturnValue([{
+      id: 'local-conversation',
+      source: 'cli',
+      model: 'gpt-5',
+      title: 'Local',
+      started_at: 1,
+      ended_at: null,
+      last_active: Math.floor(Date.now() / 1000),
+      message_count: 2,
+      tool_call_count: 0,
+      input_tokens: 1,
+      output_tokens: 2,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: null,
+      estimated_cost_usd: 0,
+      actual_cost_usd: null,
+      cost_status: '',
+      preview: 'preview',
+      workspace: null,
+    }])
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { query: { humanOnly: 'true', limit: '5' }, body: null }
+    await mod.listConversations(ctx)
+
+    expect(localListSessionsMock).toHaveBeenCalledWith(undefined, undefined, 5)
+    expect(listConversationSummariesMock).not.toHaveBeenCalled()
+    expect(ctx.body.sessions[0]).toMatchObject({ id: 'local-conversation', source: 'cli', title: 'Local' })
+  })
+
+  it('lists all account-accessible single-chat sessions when only the active profile header is present', async () => {
+    listUserProfilesMock.mockReturnValue([{ profile_name: 'default' }, { profile_name: 'travel' }])
+    localListSessionsMock.mockReturnValue([
+      {
+        id: 'default-session',
+        profile: 'default',
+        source: 'cli',
+        model: 'gpt-5',
+        title: 'Default',
+        started_at: 1,
+        ended_at: null,
+        last_active: 3,
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: null,
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: '',
+      },
+      {
+        id: 'travel-session',
+        profile: 'travel',
+        source: 'cli',
+        model: 'gpt-5',
+        title: 'Travel',
+        started_at: 2,
+        ended_at: null,
+        last_active: 4,
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: null,
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: '',
+      },
+      {
+        id: 'secret-session',
+        profile: 'secret',
+        source: 'cli',
+        model: 'gpt-5',
+        title: 'Secret',
+        started_at: 3,
+        ended_at: null,
+        last_active: 5,
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: null,
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: '',
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = {
+      query: {},
+      state: {
+        user: { id: 1, role: 'admin' },
+        profile: { name: 'travel' },
+      },
+      body: null,
+    }
+    await mod.list(ctx)
+
+    expect(localListSessionsMock).toHaveBeenCalledWith(undefined, undefined, 2000)
+    expect(ctx.body.sessions.map((session: any) => session.id)).toEqual(['default-session', 'travel-session'])
+  })
+
+  it('filters the single-chat session list when profile is explicitly provided', async () => {
+    localListSessionsMock.mockReturnValue([])
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = {
+      query: { profile: 'travel' },
+      state: { profile: { name: 'default' } },
+      body: null,
+    }
+    await mod.list(ctx)
+
+    expect(localListSessionsMock).toHaveBeenCalledWith('travel', undefined, 2000)
+  })
+
+  it('marks Hermes history sessions that already exist in the Web UI store', async () => {
+    localListSessionsMock.mockReturnValue([{ id: 'cli-1', profile: 'travel' }])
+    listSessionSummariesMock.mockResolvedValue([
+      {
+        id: 'cli-1',
+        source: 'cli',
+        model: 'gpt-5',
+        title: 'Imported',
+        started_at: 1,
+        ended_at: null,
+        last_active: 2,
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: null,
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: '',
+      },
+      {
+        id: 'cli-2',
+        source: 'cli',
+        model: 'gpt-5',
+        title: 'History only',
+        started_at: 1,
+        ended_at: null,
+        last_active: 2,
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 0,
+        output_tokens: 0,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: null,
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: '',
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { query: { profile: 'travel' }, state: {}, body: null }
+
+    await mod.listHermesSessions(ctx)
+
+    expect(localListSessionsMock).toHaveBeenCalledWith('travel', undefined, 2000)
+    expect(listSessionSummariesMock).toHaveBeenCalledWith(undefined, 2000, 'travel')
+    expect(ctx.body.sessions).toEqual([
+      expect.objectContaining({ id: 'cli-1', profile: 'travel', webui_imported: true }),
+      expect.objectContaining({ id: 'cli-2', profile: 'travel', webui_imported: false }),
+    ])
+  })
+
+  it('searches all account-accessible single-chat sessions unless profile is explicit', async () => {
+    localSearchSessionsMock.mockReturnValue([])
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = {
+      query: { q: 'docker', limit: '10' },
+      state: { profile: { name: 'travel' } },
+      body: null,
+    }
+    await mod.search(ctx)
+
+    expect(localSearchSessionsMock).toHaveBeenCalledWith(undefined, 'docker', 10)
+  })
+
+  it('propagates local session store errors for conversation summaries', async () => {
+    localListSessionsMock.mockImplementation(() => {
+      throw new Error('db unavailable')
+    })
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { query: { humanOnly: 'false' }, body: null }
+    await expect(mod.listConversations(ctx)).rejects.toThrow('db unavailable')
+  })
+
+  it('gets conversation messages from the local session store', async () => {
+    localGetSessionDetailMock.mockReturnValue({
+      id: 'root',
+      messages: [
+        { id: 1, session_id: 'root', role: 'user', content: 'hello', timestamp: 1 },
+        { id: 2, session_id: 'root', role: 'command', content: '/usage', timestamp: 2 },
+      ],
+    })
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { params: { id: 'root' }, query: { humanOnly: 'true' }, body: null }
+    await mod.getConversationMessages(ctx)
+
+    expect(localGetSessionDetailMock).toHaveBeenCalledWith('root')
+    expect(getConversationDetailMock).not.toHaveBeenCalled()
+    expect(ctx.body).toEqual({
+      session_id: 'root',
+      messages: [{ id: 1, session_id: 'root', role: 'user', content: 'hello', timestamp: 1 }],
+      visible_count: 1,
+      thread_session_count: 1,
+    })
+  })
+
+  it('returns 404 when local conversation detail is missing', async () => {
+    localGetSessionDetailMock.mockReturnValue(null)
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { params: { id: 'root' }, query: { humanOnly: 'false' }, body: null }
+    await mod.getConversationMessages(ctx)
+
+    expect(ctx.status).toBe(404)
+    expect(ctx.body).toEqual({ error: 'Conversation not found' })
+  })
+
+  it('prefers local session detail for Hermes history detail when available', async () => {
+    localGetSessionDetailMock.mockReturnValue({
+      id: 'cli-1',
+      source: 'cli',
+      title: 'Local complete',
+      messages: [
+        { id: 1, session_id: 'cli-1', role: 'user', content: 'local full message', timestamp: 1 },
+      ],
+    })
+    getSessionDetailFromDbMock.mockResolvedValue({
+      id: 'cli-1',
+      source: 'cli',
+      title: 'Hermes incomplete',
+      messages: [],
+    })
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { params: { id: 'cli-1' }, body: null }
+    await mod.getHermesSession(ctx)
+
+    expect(localGetSessionDetailMock).toHaveBeenCalledWith('cli-1')
+    expect(getSessionDetailFromDbMock).not.toHaveBeenCalled()
+    expect(getSessionMock).not.toHaveBeenCalled()
+    expect(ctx.body.session).toMatchObject({
+      id: 'cli-1',
+      title: 'Local complete',
+      messages: [{ content: 'local full message' }],
+    })
+  })
+
+  it('falls back to Hermes state.db when local history detail is missing', async () => {
+    localGetSessionDetailMock.mockReturnValue(null)
+    getSessionDetailFromDbMock.mockResolvedValue({
+      id: 'hermes-1',
+      source: 'cli',
+      title: 'Hermes detail',
+      messages: [
+        { id: 1, session_id: 'hermes-1', role: 'user', content: 'from hermes', timestamp: 1 },
+      ],
+    })
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { params: { id: 'hermes-1' }, body: null }
+    await mod.getHermesSession(ctx)
+
+    expect(localGetSessionDetailMock).toHaveBeenCalledWith('hermes-1')
+    expect(getSessionDetailFromDbMock).toHaveBeenCalledWith('hermes-1')
+    expect(getSessionMock).not.toHaveBeenCalled()
+    expect(ctx.body.session).toMatchObject({
+      id: 'hermes-1',
+      title: 'Hermes detail',
+      messages: [{ content: 'from hermes' }],
+    })
+  })
+
+  it('reads Hermes history detail from the requested profile database', async () => {
+    localGetSessionDetailMock.mockReturnValue(null)
+    getSessionDetailFromDbWithProfileMock.mockResolvedValue({
+      id: 'travel-session',
+      source: 'cli',
+      title: 'Travel detail',
+      messages: [
+        { id: 1, session_id: 'travel-session', role: 'user', content: 'from travel', timestamp: 1 },
+      ],
+    })
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { params: { id: 'travel-session' }, query: { profile: 'travel' }, body: null }
+    await mod.getHermesSession(ctx)
+
+    expect(localGetSessionDetailMock).toHaveBeenCalledWith('travel-session')
+    expect(getSessionDetailFromDbWithProfileMock).toHaveBeenCalledWith('travel-session', 'travel')
+    expect(getSessionDetailFromDbMock).not.toHaveBeenCalled()
+    expect(getSessionMock).not.toHaveBeenCalled()
+    expect(ctx.body.session).toMatchObject({
+      id: 'travel-session',
+      profile: 'travel',
+      title: 'Travel detail',
+      messages: [{ content: 'from travel' }],
+    })
+  })
+
+  it('does not return api_server sessions from the Hermes history detail endpoint', async () => {
+    localGetSessionDetailMock.mockReturnValue({
+      id: 'api-1',
+      source: 'api_server',
+      title: 'API Server',
+      messages: [{ id: 1, session_id: 'api-1', role: 'user', content: 'local api', timestamp: 1 }],
+    })
+    getSessionDetailFromDbMock.mockResolvedValue(null)
+    getSessionMock.mockResolvedValue(null)
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { params: { id: 'api-1' }, body: null }
+    await mod.getHermesSession(ctx)
+
+    expect(localGetSessionDetailMock).toHaveBeenCalledWith('api-1')
+    expect(getSessionDetailFromDbMock).toHaveBeenCalledWith('api-1')
+    expect(ctx.status).toBe(404)
+    expect(ctx.body).toEqual({ error: 'Session not found' })
+  })
+
+  it('returns native state.db usage analytics for the requested period', async () => {
+    const today = new Date().toISOString().slice(0, 10)
+    getLocalUsageStatsMock.mockReturnValue({
+      input_tokens: 10,
+      output_tokens: 5,
+      cache_read_tokens: 2,
+      cache_write_tokens: 1,
+      reasoning_tokens: 3,
+      sessions: 1,
+      by_model: [
+        { model: 'local-model', input_tokens: 10, output_tokens: 5, cache_read_tokens: 2, cache_write_tokens: 1, reasoning_tokens: 3, sessions: 1 },
+      ],
+      by_day: [
+        { date: today, input_tokens: 10, output_tokens: 5, cache_read_tokens: 2, cache_write_tokens: 1, sessions: 1, errors: 0, cost: 0 },
+      ],
+    })
+    getUsageStatsFromDbMock.mockResolvedValue({
+      input_tokens: 20,
+      output_tokens: 10,
+      cache_read_tokens: 4,
+      cache_write_tokens: 2,
+      reasoning_tokens: 6,
+      sessions: 2,
+      cost: 0.02,
+      total_api_calls: 7,
+      by_model: [
+        { model: 'hermes-model', input_tokens: 20, output_tokens: 10, cache_read_tokens: 4, cache_write_tokens: 2, reasoning_tokens: 6, sessions: 2 },
+      ],
+      by_day: [
+        { date: today, input_tokens: 20, output_tokens: 10, cache_read_tokens: 4, cache_write_tokens: 2, sessions: 2, errors: 0, cost: 0.02 },
+      ],
+    })
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { query: { days: '2' }, body: null }
+    await mod.usageStats(ctx)
+
+    expect(getLocalUsageStatsMock).not.toHaveBeenCalled()
+    expect(getUsageStatsFromDbMock).toHaveBeenCalledWith(2)
+    expect(ctx.body).toMatchObject({
+      total_input_tokens: 20,
+      total_output_tokens: 10,
+      total_cache_read_tokens: 4,
+      total_cache_write_tokens: 2,
+      total_reasoning_tokens: 6,
+      total_sessions: 2,
+      total_cost: 0.02,
+      total_api_calls: 7,
+      period_days: 2,
+    })
+    expect(ctx.body.model_usage).toEqual([
+      { model: 'hermes-model', input_tokens: 20, output_tokens: 10, cache_read_tokens: 4, cache_write_tokens: 2, reasoning_tokens: 6, sessions: 2 },
+    ])
+    expect(ctx.body.daily_usage.find((row: any) => row.date === today)).toMatchObject({
+      input_tokens: 20,
+      output_tokens: 10,
+      cache_read_tokens: 4,
+      cache_write_tokens: 2,
+      sessions: 2,
+      cost: 0.02,
+    })
+  })
+
+  it('loads usage analytics from the request-scoped profile state database', async () => {
+    getUsageStatsFromDbMock.mockResolvedValue({
+      input_tokens: 12,
+      output_tokens: 6,
+      cache_read_tokens: 3,
+      cache_write_tokens: 1,
+      reasoning_tokens: 2,
+      sessions: 1,
+      cost: 0.01,
+      total_api_calls: 4,
+      by_model: [
+        { model: 'research-model', input_tokens: 12, output_tokens: 6, cache_read_tokens: 3, cache_write_tokens: 1, reasoning_tokens: 2, sessions: 1 },
+      ],
+      by_day: [],
+    })
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { query: { days: '2' }, state: { profile: { name: 'research' } }, body: null }
+    await mod.usageStats(ctx)
+
+    expect(getUsageStatsFromDbMock).toHaveBeenCalledWith(2, undefined, 'research')
+    expect(ctx.body).toMatchObject({
+      total_input_tokens: 12,
+      total_output_tokens: 6,
+      total_sessions: 1,
+      total_cost: 0.01,
+      total_api_calls: 4,
+    })
+    expect(ctx.body.model_usage).toEqual([
+      { model: 'research-model', input_tokens: 12, output_tokens: 6, cache_read_tokens: 3, cache_write_tokens: 1, reasoning_tokens: 2, sessions: 1 },
+    ])
+  })
+
+  it('keeps blank model usage as returned by state.db analytics', async () => {
+    getLocalUsageStatsMock.mockReturnValue({
+      input_tokens: 3,
+      output_tokens: 1,
+      cache_read_tokens: 2,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      sessions: 1,
+      by_model: [
+        { model: '', input_tokens: 3, output_tokens: 1, cache_read_tokens: 2, cache_write_tokens: 0, reasoning_tokens: 0, sessions: 1 },
+      ],
+      by_day: [],
+    })
+    getUsageStatsFromDbMock.mockResolvedValue({
+      input_tokens: 2,
+      output_tokens: 1,
+      cache_read_tokens: 1,
+      cache_write_tokens: 1,
+      reasoning_tokens: 0,
+      sessions: 1,
+      cost: 0,
+      total_api_calls: 0,
+      by_model: [
+        { model: ' ', input_tokens: 2, output_tokens: 1, cache_read_tokens: 1, cache_write_tokens: 1, reasoning_tokens: 0, sessions: 1 },
+      ],
+      by_day: [],
+    })
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { query: { days: '2' }, body: null }
+    await mod.usageStats(ctx)
+
+    expect(ctx.body.model_usage).toEqual([
+      { model: ' ', input_tokens: 2, output_tokens: 1, cache_read_tokens: 1, cache_write_tokens: 1, reasoning_tokens: 0, sessions: 1 },
+    ])
+  })
+
+  it('sets a session model and provider in the local session store', async () => {
+    getSessionMock.mockReturnValue({ id: 'session-1' })
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = {
+      params: { id: 'session-1' },
+      request: { body: { model: 'grok-4', provider: 'xai' } },
+      body: null,
+    }
+    await mod.setModel(ctx)
+
+    expect(localCreateSessionMock).not.toHaveBeenCalled()
+    expect(localUpdateSessionMock).toHaveBeenCalledWith('session-1', { model: 'grok-4', provider: 'xai' })
+    expect(ctx.body).toEqual({ ok: true })
+  })
+
+  it('deletes a current-profile Hermes history session even when no local Web UI session exists', async () => {
+    getActiveProfileNameMock.mockReturnValue('travel')
+    getSessionMock.mockReturnValue(null)
+    getExactSessionDetailFromDbWithProfileMock.mockResolvedValue({ id: 'history-only', messages: [] })
+    deleteHermesSessionForProfileMock.mockResolvedValue(true)
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { params: { id: 'history-only' }, body: null }
+    await mod.remove(ctx)
+
+    expect(getExactSessionDetailFromDbWithProfileMock).toHaveBeenCalledWith('history-only', 'travel')
+    expect(deleteHermesSessionForProfileMock).toHaveBeenCalledWith('history-only', 'travel')
+    expect(localDeleteSessionMock).not.toHaveBeenCalled()
+    expect(ctx.body).toEqual({
+      ok: true,
+      deleted: false,
+      hermes: { attempted: true, deleted: true, profile: 'travel', error: undefined },
+    })
+  })
+
+  it('batch deletes sessions from their requested profiles', async () => {
+    listUserProfilesMock.mockReturnValue([{ profile_name: 'default' }, { profile_name: 'travel' }])
+    getSessionMock.mockImplementation((id: string) => ({
+      id,
+      profile: id === 'travel-session' ? 'travel' : 'default',
+    }))
+    getExactSessionDetailFromDbWithProfileMock.mockResolvedValue({ id: 'matched', messages: [] })
+    deleteHermesSessionForProfileMock.mockResolvedValue(true)
+    localDeleteSessionMock.mockReturnValue(true)
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = {
+      request: {
+        body: {
+          sessions: [
+            { id: 'default-session', profile: 'default' },
+            { id: 'travel-session', profile: 'travel' },
+          ],
+        },
+      },
+      state: {
+        user: { id: 1, role: 'admin' },
+      },
+      body: null,
+    }
+    await mod.batchRemove(ctx)
+
+    expect(getExactSessionDetailFromDbWithProfileMock).toHaveBeenCalledWith('default-session', 'default')
+    expect(getExactSessionDetailFromDbWithProfileMock).toHaveBeenCalledWith('travel-session', 'travel')
+    expect(deleteHermesSessionForProfileMock).toHaveBeenCalledWith('default-session', 'default')
+    expect(deleteHermesSessionForProfileMock).toHaveBeenCalledWith('travel-session', 'travel')
+    expect(localDeleteSessionMock).toHaveBeenCalledWith('default-session')
+    expect(localDeleteSessionMock).toHaveBeenCalledWith('travel-session')
+    expect(ctx.body).toMatchObject({ ok: true, deleted: 2, failed: 0, hermesDeleted: 2 })
+  })
+
+  it('imports a Hermes session into the local Web UI store', async () => {
+    const hermesDetail = {
+      id: 'cli-1',
+      source: 'cli',
+      user_id: null,
+      model: 'gpt-5',
+      title: 'CLI run',
+      started_at: 100,
+      ended_at: 200,
+      end_reason: null,
+      message_count: 2,
+      tool_call_count: 0,
+      input_tokens: 10,
+      output_tokens: 20,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      billing_provider: null,
+      estimated_cost_usd: 0,
+      actual_cost_usd: null,
+      cost_status: '',
+      preview: 'hello',
+      last_active: 200,
+      thread_session_count: 1,
+      messages: [
+        { id: 1, session_id: 'cli-1', role: 'user', content: 'hello', tool_call_id: null, tool_calls: null, tool_name: null, timestamp: 100, token_count: null, finish_reason: null, reasoning: null },
+        { id: 2, session_id: 'cli-1', role: 'assistant', content: 'hi', tool_call_id: null, tool_calls: null, tool_name: null, timestamp: 101, token_count: null, finish_reason: null, reasoning: null, reasoning_details: { text: 'ok' } },
+        { id: 3, session_id: 'cli-1', role: 'assistant', content: '', tool_call_id: null, tool_calls: [{ id: 'call-1', function: { name: 'read_file', arguments: { path: 'README.md' } } }], tool_name: null, timestamp: 102, token_count: null, finish_reason: 'tool_calls', reasoning: null },
+        { id: 4, session_id: 'cli-1', role: 'tool', content: { ok: true }, tool_call_id: 'call-1', tool_calls: null, tool_name: 'read_file', timestamp: 103, token_count: null, finish_reason: null, reasoning: null },
+        { id: 5, session_id: 'cli-1', role: 'tool', content: 'orphan', tool_call_id: null, tool_calls: null, tool_name: 'bad_tool', timestamp: 104, token_count: null, finish_reason: null, reasoning: null },
+        { id: 6, session_id: 'cli-1', role: 'system', content: 'drop me', tool_call_id: null, tool_calls: null, tool_name: null, timestamp: 105, token_count: null, finish_reason: null, reasoning: null },
+      ],
+    }
+    localGetSessionDetailMock.mockReturnValueOnce(null).mockReturnValueOnce({ ...hermesDetail, profile: 'travel' })
+    getSessionDetailFromDbWithProfileMock.mockResolvedValue(hermesDetail)
+
+    const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+    const ctx: any = { params: { id: 'cli-1' }, query: { profile: 'travel' }, state: {}, body: null }
+
+    await mod.importHermesSession(ctx)
+
+    expect(getSessionDetailFromDbWithProfileMock).toHaveBeenCalledWith('cli-1', 'travel')
+    expect(localCreateSessionMock).toHaveBeenCalledWith(expect.objectContaining({
+      id: 'cli-1',
+      profile: 'travel',
+      source: 'cli',
+      model: 'gpt-default',
+      provider: 'openai',
+      title: 'CLI run',
+    }))
+    expect(localUpdateSessionMock).toHaveBeenCalledWith('cli-1', expect.objectContaining({
+      source: 'cli',
+      model: 'gpt-default',
+      provider: 'openai',
+    }))
+    expect(localAddMessagesMock).toHaveBeenCalledWith([
+      expect.objectContaining({ session_id: 'cli-1', role: 'user', content: 'hello', tool_calls: null }),
+      expect.objectContaining({ session_id: 'cli-1', role: 'assistant', content: 'hi', reasoning_details: '{"text":"ok"}' }),
+      expect.objectContaining({
+        session_id: 'cli-1',
+        role: 'assistant',
+        content: '',
+        tool_calls: [{ id: 'call-1', type: 'function', function: { name: 'read_file', arguments: '{"path":"README.md"}' } }],
+      }),
+      expect.objectContaining({ session_id: 'cli-1', role: 'tool', content: '{"ok":true}', tool_call_id: 'call-1', tool_name: 'read_file' }),
+    ])
+    expect(localUpdateSessionStatsMock).toHaveBeenCalledWith('cli-1')
+    expect(localUpdateSessionMock.mock.calls.at(-1)?.[1]).toEqual(expect.objectContaining({
+      last_active: expect.any(Number),
+    }))
+    expect(localUpdateSessionMock.mock.calls.at(-1)?.[1].last_active).toBeGreaterThan(200)
+    expect(ctx.body).toMatchObject({ ok: true, imported: true })
+  })
+
+  describe('exportSession', () => {
+    it('returns session as JSON download with correct headers (full mode)', async () => {
+      const sessionData = { id: 'abc-123', title: 'Test Session', messages: [{ id: 1, role: 'user', content: 'hello' }] }
+      localGetSessionDetailMock.mockReturnValue(sessionData)
+
+      const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+      const setMock = vi.fn()
+      const ctx: any = { params: { id: 'abc-123' }, query: {}, set: setMock, body: null }
+
+      await mod.exportSession(ctx)
+
+      expect(localGetSessionDetailMock).toHaveBeenCalledWith('abc-123')
+      expect(setMock).toHaveBeenCalledWith('Content-Disposition', expect.stringContaining('abc-123'))
+      expect(setMock).toHaveBeenCalledWith('Content-Type', 'application/json')
+      expect(ctx.status).toBeUndefined()
+      expect(JSON.parse(ctx.body)).toMatchObject({ id: 'abc-123', title: 'Test Session' })
+    })
+
+    it('returns full TXT export', async () => {
+      const sessionData = {
+        id: 'txt-123',
+        title: 'Text Export',
+        messages: [
+          { id: 1, role: 'user', content: 'hello', timestamp: 1700000000 },
+          { id: 2, role: 'assistant', content: 'hi', timestamp: 1700000001 },
+        ],
+      }
+      localGetSessionDetailMock.mockReturnValue(sessionData)
+
+      const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+      const setMock = vi.fn()
+      const ctx: any = { params: { id: 'txt-123' }, query: { mode: 'full', ext: 'txt' }, set: setMock, body: null }
+
+      await mod.exportSession(ctx)
+
+      expect(setMock).toHaveBeenCalledWith('Content-Type', 'text/plain; charset=utf-8')
+      expect(ctx.body).toContain('# Text Export')
+      expect(ctx.body).toContain('[user]')
+      expect(ctx.body).toContain('hello')
+      expect(ctx.body).toContain('[assistant]')
+      expect(ctx.body).toContain('hi')
+    })
+
+    it('returns 404 when session not found', async () => {
+      localGetSessionDetailMock.mockReturnValue(null)
+      getSessionMock.mockResolvedValue(null)
+
+      const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+      const ctx: any = { params: { id: 'not-found' }, query: {}, set: vi.fn(), body: null }
+
+      await mod.exportSession(ctx)
+
+      expect(ctx.status).toBe(404)
+      expect(ctx.body).toEqual({ error: 'Session not found' })
+    })
+
+    it('falls back to CLI when DB query fails', async () => {
+      const sessionData = { id: 'cli-123', title: 'CLI Session', messages: [] }
+      localGetSessionDetailMock.mockReturnValue(sessionData)
+
+      const mod = await import('../../packages/server/src/controllers/hermes/sessions')
+      const setMock = vi.fn()
+      const ctx: any = { params: { id: 'cli-123' }, query: {}, set: setMock, body: null }
+
+      await mod.exportSession(ctx)
+
+      expect(localGetSessionDetailMock).toHaveBeenCalledWith('cli-123')
+      expect(JSON.parse(ctx.body)).toMatchObject({ id: 'cli-123' })
+    })
+  })
+})
diff --git a/tests/server/sessions-db-lineage.test.ts b/tests/server/sessions-db-lineage.test.ts
new file mode 100644
index 0000000..99d1759
--- /dev/null
+++ b/tests/server/sessions-db-lineage.test.ts
@@ -0,0 +1,293 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdtempSync, rmSync } from 'fs'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { DatabaseSync } from 'node:sqlite'
+
+const profileDir = vi.hoisted(() => ({ value: '' }))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileDir: () => profileDir.value,
+}))
+
+function createStateDb(path: string) {
+  const db = new DatabaseSync(path)
+  db.exec(`
+    CREATE TABLE sessions (
+      id TEXT PRIMARY KEY,
+      source TEXT NOT NULL,
+      user_id TEXT,
+      model TEXT,
+      title TEXT,
+      started_at REAL,
+      ended_at REAL,
+      end_reason TEXT,
+      message_count INTEGER,
+      tool_call_count INTEGER,
+      input_tokens INTEGER,
+      output_tokens INTEGER,
+      cache_read_tokens INTEGER,
+      cache_write_tokens INTEGER,
+      reasoning_tokens INTEGER,
+      billing_provider TEXT,
+      estimated_cost_usd REAL,
+      actual_cost_usd REAL,
+      cost_status TEXT,
+      parent_session_id TEXT
+    );
+
+    CREATE TABLE messages (
+      id INTEGER PRIMARY KEY,
+      session_id TEXT NOT NULL,
+      role TEXT NOT NULL,
+      content TEXT,
+      tool_call_id TEXT,
+      tool_calls TEXT,
+      tool_name TEXT,
+      timestamp REAL,
+      token_count INTEGER,
+      finish_reason TEXT,
+      reasoning TEXT,
+      reasoning_details TEXT,
+      codex_reasoning_items TEXT,
+      reasoning_content TEXT
+    );
+  `)
+  return db
+}
+
+function insertSession(
+  db: DatabaseSync,
+  row: {
+    id: string
+    source?: string
+    parent_session_id?: string | null
+    title?: string
+    started_at: number
+    ended_at?: number | null
+    end_reason?: string | null
+    message_count?: number
+    model?: string
+  },
+) {
+  db.prepare(`
+    INSERT INTO sessions (
+      id, source, user_id, model, title, started_at, ended_at, end_reason,
+      message_count, tool_call_count, input_tokens, output_tokens,
+      cache_read_tokens, cache_write_tokens, reasoning_tokens, billing_provider,
+      estimated_cost_usd, actual_cost_usd, cost_status, parent_session_id
+    ) VALUES (?, ?, '', ?, ?, ?, ?, ?, ?, 0, 0, 0, 0, 0, 0, '', 0, NULL, '', ?)
+  `).run(
+    row.id,
+    row.source || 'api_server',
+    row.model || 'gpt-5.5',
+    row.title || '',
+    row.started_at,
+    row.ended_at ?? null,
+    row.end_reason ?? null,
+    row.message_count ?? 1,
+    row.parent_session_id ?? null,
+  )
+}
+
+function insertMessage(
+  db: DatabaseSync,
+  row: {
+    id: number
+    session_id: string
+    role?: string
+    content: string
+    timestamp: number
+  },
+) {
+  db.prepare(`
+    INSERT INTO messages (
+      id, session_id, role, content, tool_call_id, tool_calls, tool_name,
+      timestamp, token_count, finish_reason, reasoning, reasoning_details,
+      codex_reasoning_items, reasoning_content
+    ) VALUES (?, ?, ?, ?, NULL, NULL, NULL, ?, NULL, NULL, NULL, NULL, NULL, NULL)
+  `).run(row.id, row.session_id, row.role || 'user', row.content, row.timestamp)
+}
+
+function seedCompressionChain(db: DatabaseSync) {
+  insertSession(db, {
+    id: 'root',
+    source: 'api_server',
+    title: 'Mermaid fix',
+    started_at: 100,
+    ended_at: 200,
+    end_reason: 'compression',
+    message_count: 2,
+  })
+  insertSession(db, {
+    id: 'middle',
+    source: 'cli',
+    parent_session_id: 'root',
+    title: 'Mermaid fix #2',
+    started_at: 201,
+    ended_at: 300,
+    end_reason: 'compression',
+    message_count: 3,
+  })
+  insertSession(db, {
+    id: 'tip',
+    source: 'cli',
+    parent_session_id: 'middle',
+    title: 'Mermaid fix #3',
+    started_at: 301,
+    ended_at: null,
+    end_reason: null,
+    message_count: 4,
+  })
+
+  insertMessage(db, { id: 1, session_id: 'root', content: 'root turn', timestamp: 101 })
+  insertMessage(db, { id: 2, session_id: 'middle', content: 'middle turn', timestamp: 202 })
+  insertMessage(db, { id: 3, session_id: 'tip', content: 'tip lineageunique turn', timestamp: 302 })
+}
+
+describe('session DB compression lineage', () => {
+  let tempDir = ''
+  let db: DatabaseSync | null = null
+
+  beforeEach(() => {
+    vi.resetModules()
+    tempDir = mkdtempSync(join(tmpdir(), 'wui-session-lineage-'))
+    profileDir.value = tempDir
+    db = createStateDb(join(tempDir, 'state.db'))
+  })
+
+  afterEach(() => {
+    db?.close()
+    db = null
+    if (tempDir) rmSync(tempDir, { recursive: true, force: true })
+  })
+
+  it('projects compressed root summaries to the latest continuation tip', async () => {
+    seedCompressionChain(db!)
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.listSessionSummaries(undefined, 20)
+
+    expect(rows).toHaveLength(1)
+    expect(rows[0]).toMatchObject({
+      id: 'tip',
+      title: 'Mermaid fix #3',
+      message_count: 4,
+      end_reason: null,
+      preview: 'tip lineageunique turn',
+      started_at: 100,
+    })
+  })
+
+  it.skip('returns the projected logical session when search matches continuation content (requires FTS5)', async () => {
+    seedCompressionChain(db!)
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('lineageunique', undefined, 20)
+
+    expect(rows).toHaveLength(1)
+    expect(rows[0]).toMatchObject({
+      id: 'tip',
+      title: 'Mermaid fix #3',
+      matched_message_id: 3,
+    })
+    expect(rows[0].snippet).toContain('lineageunique')
+  })
+
+  it('hydrates the full compression chain when detail is requested by projected tip id', async () => {
+    seedCompressionChain(db!)
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const detail = await mod.getSessionDetailFromDb('tip')
+
+    expect(detail).toMatchObject({
+      id: 'tip',
+      title: 'Mermaid fix #3',
+      message_count: 9,
+      thread_session_count: 3,
+    })
+    expect(detail?.messages.map(message => message.session_id)).toEqual(['root', 'middle', 'tip'])
+  })
+
+  it.skip('follows only the latest compression continuation child when a parent has multiple children (test logic needs fix)', async () => {
+    insertSession(db!, {
+      id: 'root',
+      started_at: 100,
+      ended_at: 200,
+      end_reason: 'compression',
+      message_count: 1,
+    })
+    insertSession(db!, {
+      id: 'older-child',
+      parent_session_id: 'root',
+      title: 'Older branch',
+      started_at: 201,
+      ended_at: null,
+      end_reason: null,
+      message_count: 1,
+    })
+    insertSession(db!, {
+      id: 'latest-child',
+      parent_session_id: 'root',
+      title: 'Latest branch',
+      started_at: 205,
+      ended_at: null,
+      end_reason: null,
+      message_count: 1,
+    })
+    insertMessage(db!, { id: 11, session_id: 'root', content: 'root', timestamp: 101 })
+    insertMessage(db!, { id: 12, session_id: 'older-child', content: 'older should not merge', timestamp: 202 })
+    insertMessage(db!, { id: 13, session_id: 'latest-child', content: 'latest should merge', timestamp: 206 })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const detail = await mod.getSessionDetailFromDb('root')
+
+    expect(detail).toMatchObject({
+      id: 'root',
+      title: 'Latest branch',
+      message_count: 2,
+      thread_session_count: 2,
+    })
+    expect(detail?.messages.map(message => message.session_id)).toEqual(['root', 'latest-child'])
+
+    const olderDetail = await mod.getSessionDetailFromDb('older-child')
+    expect(olderDetail).toMatchObject({
+      id: 'older-child',
+      title: 'Older branch',
+      message_count: 2,
+      thread_session_count: 2,
+    })
+    expect(olderDetail?.messages.map(message => message.session_id)).toEqual(['root', 'older-child'])
+  })
+
+  it('applies source filters before search candidate limiting', async () => {
+    for (let index = 0; index < 105; index += 1) {
+      insertSession(db!, {
+        id: `cli-${index}`,
+        source: 'cli',
+        title: `needle cli ${index}`,
+        started_at: 1000 + index,
+        ended_at: null,
+        end_reason: null,
+      })
+    }
+    insertSession(db!, {
+      id: 'telegram-match',
+      source: 'telegram',
+      title: 'needle telegram target',
+      started_at: 10,
+      ended_at: null,
+      end_reason: null,
+    })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('needle', 'telegram', 1)
+
+    expect(rows).toHaveLength(1)
+    expect(rows[0]).toMatchObject({
+      id: 'telegram-match',
+      source: 'telegram',
+      title: 'needle telegram target',
+    })
+  })
+})
diff --git a/tests/server/sessions-db.test.ts b/tests/server/sessions-db.test.ts
new file mode 100644
index 0000000..fc0eeb3
--- /dev/null
+++ b/tests/server/sessions-db.test.ts
@@ -0,0 +1,754 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const allMock = vi.fn()
+const indexAllMock = vi.fn()
+const titleAllMock = vi.fn()
+const contentAllMock = vi.fn()
+const likeAllMock = vi.fn()
+const prepareMock = vi.fn((sql: string) => {
+  if (sql.includes('messages_fts MATCH')) return ({ all: contentAllMock })
+  if (sql.includes('JOIN messages m') && sql.includes('LIKE')) return ({ all: likeAllMock })
+  if (sql.includes('base.title') && sql.includes('LIKE')) return ({ all: titleAllMock })
+  // loadAllSessions: full table scan — contains parent_session_id but NOT base/CTE/WHERE
+  if (sql.includes('parent_session_id AS parent_session_id') && !sql.includes('base') && !sql.includes('parent_session_id IS NULL')) return ({ all: indexAllMock })
+  return ({ all: allMock })
+})
+const closeMock = vi.fn()
+const databaseSyncMock = vi.fn(() => ({ prepare: prepareMock, close: closeMock }))
+const getActiveProfileDirMock = vi.fn(() => '/tmp/hermes-profile')
+
+vi.doMock('node:sqlite', () => ({
+  DatabaseSync: databaseSyncMock,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileDir: getActiveProfileDirMock,
+}))
+
+describe('session DB summaries', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    allMock.mockReset()
+    indexAllMock.mockReset()
+    indexAllMock.mockReturnValue([])
+    titleAllMock.mockReset()
+    contentAllMock.mockReset()
+    likeAllMock.mockReset()
+    prepareMock.mockClear()
+    closeMock.mockClear()
+    databaseSyncMock.mockClear()
+    getActiveProfileDirMock.mockReset()
+    getActiveProfileDirMock.mockReturnValue('/tmp/hermes-profile')
+  })
+
+  it('queries sqlite for lightweight session summaries', async () => {
+    allMock.mockReturnValue([
+      {
+        id: 's1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'Named session',
+        started_at: 1710000000,
+        ended_at: null,
+        end_reason: '',
+        message_count: 3,
+        tool_call_count: 1,
+        input_tokens: 10,
+        output_tokens: 20,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openrouter',
+        estimated_cost_usd: 0.01,
+        actual_cost_usd: null,
+        cost_status: 'estimated',
+        preview: 'hello world',
+        last_active: 1710000005,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.listSessionSummaries(undefined, 50)
+
+    expect(databaseSyncMock).toHaveBeenCalledWith('/tmp/hermes-profile/state.db', { open: true, readOnly: true })
+    expect(prepareMock).toHaveBeenCalledWith(expect.stringContaining("s.source != 'tool'"))
+    expect(allMock).toHaveBeenCalledWith(200)
+    expect(closeMock).toHaveBeenCalled()
+    expect(rows).toEqual([
+      {
+        id: 's1',
+        source: 'cli',
+        user_id: null,
+        model: 'openai/gpt-5.4',
+        title: 'Named session',
+        started_at: 1710000000,
+        ended_at: null,
+        end_reason: null,
+        message_count: 3,
+        tool_call_count: 1,
+        input_tokens: 10,
+        output_tokens: 20,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: 'openrouter',
+        estimated_cost_usd: 0.01,
+        actual_cost_usd: null,
+        cost_status: 'estimated',
+        preview: 'hello world',
+        last_active: 1710000005,
+      },
+    ])
+  })
+
+  it('adds source filter and falls back last_active to started_at', async () => {
+    allMock.mockReturnValue([
+      {
+        id: 's2',
+        source: 'telegram',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: '',
+        started_at: 1710000100,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 4,
+        output_tokens: 5,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'preview text',
+        last_active: null,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.listSessionSummaries('telegram', 2)
+
+    expect(prepareMock).toHaveBeenCalledWith(expect.stringContaining("s.source != 'tool'"))
+    expect(allMock).toHaveBeenCalledWith('telegram', 8)
+    expect(rows[0].last_active).toBe(1710000100)
+    expect(rows[0].source).toBe('telegram')
+    expect(rows[0].title).toBe('preview text')
+  })
+
+  it('searches session titles and content with deduped results', async () => {
+    titleAllMock.mockReturnValue([
+      {
+        id: 'title-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'Docker debugging',
+        started_at: 1710001000,
+        ended_at: null,
+        end_reason: '',
+        message_count: 2,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 2,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'title preview',
+        last_active: 1710001005,
+        matched_message_id: null,
+        snippet: 'Docker debugging',
+        rank: 0,
+      },
+    ])
+    contentAllMock.mockReturnValue([
+      {
+        id: 'title-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'Docker debugging',
+        started_at: 1710001000,
+        ended_at: null,
+        end_reason: '',
+        message_count: 2,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 2,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'title preview',
+        last_active: 1710001005,
+        matched_message_id: 42,
+        snippet: '>>>docker<<< compose up',
+        rank: 0.25,
+      },
+      {
+        id: 'content-2',
+        source: 'telegram',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: '',
+        started_at: 1710002000,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 3,
+        output_tokens: 4,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'content preview',
+        last_active: 1710002001,
+        matched_message_id: 7,
+        snippet: '>>>docker<<< swarm',
+        rank: 0.1,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('docker', undefined, 10)
+
+    expect(prepareMock).toHaveBeenCalledWith(expect.stringContaining('messages_fts MATCH'))
+    expect(rows).toHaveLength(2)
+    expect(rows[0].id).toBe('title-1')
+    expect(rows[0].matched_message_id).toBeNull()
+    expect(rows[0].snippet).toBe('Docker debugging')
+    expect(rows[1].id).toBe('content-2')
+    expect(rows[1].matched_message_id).toBe(7)
+    expect(rows[1].snippet).toContain('docker')
+  })
+
+  it('falls back to literal content search for punctuation-only queries instead of unsafe FTS', async () => {
+    titleAllMock.mockReturnValue([])
+    contentAllMock.mockImplementation(() => {
+      throw new Error('fts5: syntax error near "."')
+    })
+    likeAllMock.mockReturnValue([
+      {
+        id: 'dot-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: '',
+        started_at: 1710004000,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 1,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'punctuation preview',
+        last_active: 1710004001,
+        matched_message_id: 21,
+        snippet: 'value.with.dot',
+        rank: 0,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('.', undefined, 10)
+
+    expect(contentAllMock).not.toHaveBeenCalled()
+    expect(likeAllMock).toHaveBeenCalled()
+    expect(rows).toHaveLength(1)
+    expect(rows[0].id).toBe('dot-1')
+  })
+
+  it('keeps safe dotted queries on the FTS path', async () => {
+    titleAllMock.mockReturnValue([])
+    contentAllMock.mockReturnValue([
+      {
+        id: 'node-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'Node.js notes',
+        started_at: 1710004500,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 1,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'dotted preview',
+        last_active: 1710004501,
+        matched_message_id: 22,
+        snippet: '>>>node.js<<< runtime',
+        rank: 0.2,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('node.js', undefined, 10)
+
+    expect(contentAllMock).toHaveBeenCalled()
+    expect(likeAllMock).not.toHaveBeenCalled()
+    expect(rows).toHaveLength(1)
+    expect(rows[0].id).toBe('node-1')
+  })
+
+  it('keeps explicit wildcard dotted queries on the FTS path with valid syntax', async () => {
+    titleAllMock.mockReturnValue([
+      {
+        id: 'node-wildcard-title-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'Node.js wildcard notes',
+        started_at: 1710004590,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 1,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'wildcard title preview',
+        last_active: 1710004595,
+        matched_message_id: null,
+        snippet: 'Node.js wildcard notes',
+        rank: 0,
+      },
+    ])
+    contentAllMock.mockReturnValue([
+      {
+        id: 'node-wildcard-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'Node.js wildcard notes',
+        started_at: 1710004600,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 1,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'wildcard dotted preview',
+        last_active: 1710004601,
+        matched_message_id: 24,
+        snippet: '>>>node.js<<< runtime',
+        rank: 0.15,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('node.js*', undefined, 10)
+
+    expect(titleAllMock).toHaveBeenCalledWith('%node.js%', 200)
+    expect(contentAllMock).toHaveBeenCalledWith('"node.js"*', 200)
+    expect(likeAllMock).not.toHaveBeenCalled()
+    expect(rows).toHaveLength(2)
+    expect(rows[0].id).toBe('node-wildcard-title-1')
+    expect(rows[1].id).toBe('node-wildcard-1')
+  })
+
+  it('keeps quoted wildcard dotted queries on the FTS path with valid syntax', async () => {
+    titleAllMock.mockReturnValue([
+      {
+        id: 'node-quoted-title-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'Quoted Node.js wildcard notes',
+        started_at: 1710004640,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 1,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'quoted title preview',
+        last_active: 1710004645,
+        matched_message_id: null,
+        snippet: 'Quoted Node.js wildcard notes',
+        rank: 0,
+      },
+    ])
+    contentAllMock.mockReturnValue([
+      {
+        id: 'node-quoted-wildcard-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'Quoted Node.js wildcard notes',
+        started_at: 1710004650,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 1,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'quoted wildcard dotted preview',
+        last_active: 1710004651,
+        matched_message_id: 25,
+        snippet: '>>>node.js<<< runtime',
+        rank: 0.12,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('"node.js"*', undefined, 10)
+
+    expect(titleAllMock).toHaveBeenCalledWith('%node.js%', 200)
+    expect(contentAllMock).toHaveBeenCalledWith('"node.js"*', 200)
+    expect(likeAllMock).not.toHaveBeenCalled()
+    expect(rows).toHaveLength(2)
+    expect(rows[0].id).toBe('node-quoted-title-1')
+    expect(rows[1].id).toBe('node-quoted-wildcard-1')
+  })
+
+  it('keeps non-ASCII dotted queries on the safe quoted FTS path', async () => {
+    titleAllMock.mockReturnValue([])
+    contentAllMock.mockReturnValue([
+      {
+        id: 'unicode-dot-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'naïve.js note',
+        started_at: 1710004700,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 1,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'unicode dotted preview',
+        last_active: 1710004701,
+        matched_message_id: 23,
+        snippet: 'naïve.js runtime',
+        rank: 0,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('naïve.js', undefined, 10)
+
+    expect(contentAllMock).toHaveBeenCalledWith('"naïve.js"', 200)
+    expect(likeAllMock).not.toHaveBeenCalled()
+    expect(rows).toHaveLength(1)
+    expect(rows[0].id).toBe('unicode-dot-1')
+  })
+
+  it('escapes LIKE wildcards for literal special-character searches', async () => {
+    titleAllMock.mockReturnValue([])
+    likeAllMock.mockReturnValue([
+      {
+        id: 'percent-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: '100% reproducible',
+        started_at: 1710005000,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 1,
+        output_tokens: 1,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'literal percent preview',
+        last_active: 1710005001,
+        matched_message_id: 31,
+        snippet: '100% reproducible',
+        rank: 0,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('100%', undefined, 10)
+
+    expect(titleAllMock).toHaveBeenCalledWith('%100\\%%', 200)
+    expect(rows).toHaveLength(1)
+    expect(rows[0].id).toBe('percent-1')
+  })
+
+  it('uses literal search for CJK queries even when FTS returns no rows', async () => {
+    titleAllMock.mockReturnValue([])
+    contentAllMock.mockReturnValue([])
+    likeAllMock.mockReturnValue([
+      {
+        id: 'cjk-literal-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: '',
+        started_at: 1710002980,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 2,
+        output_tokens: 3,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: '中文内容预览',
+        last_active: 1710002985,
+        matched_message_id: 10,
+        snippet: '这里也有记忆断裂',
+        rank: 0,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('记忆断裂', undefined, 10)
+
+    expect(contentAllMock).not.toHaveBeenCalled()
+    expect(likeAllMock).toHaveBeenCalledWith('记忆断裂', '%记忆断裂%', 200)
+    expect(rows).toHaveLength(1)
+    expect(rows[0].id).toBe('cjk-literal-1')
+  })
+
+  it('falls back to LIKE search for CJK queries while preserving title matches', async () => {
+    titleAllMock.mockReturnValue([
+      {
+        id: 'cjk-title-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: '记忆断裂标题',
+        started_at: 1710002990,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 2,
+        output_tokens: 2,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'title preview',
+        last_active: 1710002995,
+        matched_message_id: null,
+        snippet: '记忆断裂标题',
+        rank: 0,
+      },
+    ])
+    contentAllMock.mockImplementation(() => {
+      throw new Error('fts5 tokenizer miss')
+    })
+    likeAllMock.mockReturnValue([
+      {
+        id: 'cjk-1',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: '',
+        started_at: 1710003000,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 3,
+        output_tokens: 4,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: '中文预览',
+        last_active: 1710003002,
+        matched_message_id: 11,
+        snippet: '这是一段记忆断裂的内容',
+        rank: 0,
+      },
+    ])
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const rows = await mod.searchSessionSummaries('记忆断裂', undefined, 10)
+
+    expect(likeAllMock).toHaveBeenCalledWith('记忆断裂', '%记忆断裂%', 200)
+    expect(rows).toHaveLength(2)
+    expect(rows[0].id).toBe('cjk-1')
+    expect(rows[1].id).toBe('cjk-title-1')
+    expect(rows[0].snippet).toContain('记忆断裂')
+  })
+
+  it('falls back to title results when FTS content query fails', async () => {
+    titleAllMock.mockReturnValue([])
+    contentAllMock.mockImplementation(() => {
+      throw new Error('database malformed')
+    })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+
+    const rows = await mod.searchSessionSummaries('docker', undefined, 10)
+    expect(rows).toEqual([])
+    expect(likeAllMock).not.toHaveBeenCalled()
+  })
+
+  it('falls back to title results for numeric queries when FTS fails', async () => {
+    titleAllMock.mockReturnValue([])
+    contentAllMock.mockImplementation(() => {
+      throw new Error('no such table: messages_fts')
+    })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+
+    const rows = await mod.searchSessionSummaries('123', undefined, 10)
+    expect(rows).toEqual([])
+    expect(likeAllMock).not.toHaveBeenCalled()
+  })
+
+  it('falls back to title results for numeric queries with source filter when FTS fails', async () => {
+    titleAllMock.mockReturnValue([])
+    contentAllMock.mockImplementation(() => {
+      throw new Error('no such table: messages_fts')
+    })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+
+    const rows = await mod.searchSessionSummaries('123', 'telegram', 10)
+    expect(rows).toEqual([])
+  })
+
+  it('returns title matches for numeric queries even when content search fails', async () => {
+    titleAllMock.mockReturnValue([
+      {
+        id: 'title-123',
+        source: 'cli',
+        user_id: '',
+        model: 'openai/gpt-5.4',
+        title: 'Issue 123',
+        started_at: 1710002900,
+        ended_at: null,
+        end_reason: '',
+        message_count: 1,
+        tool_call_count: 0,
+        input_tokens: 2,
+        output_tokens: 3,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        billing_provider: '',
+        estimated_cost_usd: 0,
+        actual_cost_usd: null,
+        cost_status: '',
+        preview: 'title numeric preview',
+        last_active: 1710002910,
+        matched_message_id: null,
+        snippet: 'Issue 123',
+        rank: 0,
+      },
+    ])
+    contentAllMock.mockImplementation(() => {
+      throw new Error('no such table: messages_fts')
+    })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+
+    const rows = await mod.searchSessionSummaries('123', undefined, 10)
+    expect(rows).toHaveLength(1)
+    expect(rows[0].id).toBe('title-123')
+    expect(rows[0].title).toBe('Issue 123')
+  })
+
+  it('falls back to title results for non-numeric queries when FTS fails', async () => {
+    titleAllMock.mockReturnValue([])
+    contentAllMock.mockImplementation(() => {
+      throw new Error('no such table: messages_fts')
+    })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+
+    const rows = await mod.searchSessionSummaries('docker', undefined, 10)
+    expect(rows).toEqual([])
+  })
+
+  it('falls back to title results for any query when FTS has unrelated database failure', async () => {
+    titleAllMock.mockReturnValue([])
+    contentAllMock.mockImplementation(() => {
+      throw new Error('database malformed')
+    })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+
+    const rows = await mod.searchSessionSummaries('123', undefined, 10)
+    expect(rows).toEqual([])
+    expect(likeAllMock).not.toHaveBeenCalled()
+  })
+})
diff --git a/tests/server/sessions-routes.test.ts b/tests/server/sessions-routes.test.ts
new file mode 100644
index 0000000..f5ac961
--- /dev/null
+++ b/tests/server/sessions-routes.test.ts
@@ -0,0 +1,151 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const listConversationsMock = vi.fn(async (ctx: any) => { ctx.body = { sessions: [{ id: 'conversation-1' }] } })
+const getConversationMessagesMock = vi.fn(async (ctx: any) => { ctx.body = { session_id: ctx.params.id, messages: [] } })
+const getConversationMessagesPaginatedMock = vi.fn(async (ctx: any) => { ctx.body = { session_id: ctx.params.id, messages: [], pagination: {} } })
+const listMock = vi.fn(async (ctx: any) => { ctx.body = { sessions: [{ id: 's1' }] } })
+const listHermesSessionsMock = vi.fn(async (ctx: any) => { ctx.body = { sessions: [{ id: 'hermes-1' }] } })
+const getHermesSessionMock = vi.fn(async (ctx: any) => { ctx.body = { session: { id: ctx.params.id } } })
+const importHermesSessionMock = vi.fn(async (ctx: any) => { ctx.body = { session_id: ctx.params.id } })
+const searchMock = vi.fn(async (ctx: any) => { ctx.body = { results: [{ id: 'search-1' }] } })
+const getMock = vi.fn(async (ctx: any) => { ctx.body = { session: { id: ctx.params.id } } })
+const removeMock = vi.fn(async (ctx: any) => { ctx.body = { ok: true } })
+const renameMock = vi.fn(async (ctx: any) => { ctx.body = { ok: true } })
+const setWorkspaceMock = vi.fn(async (ctx: any) => { ctx.body = { ok: true } })
+const setModelMock = vi.fn(async (ctx: any) => { ctx.body = { ok: true } })
+const listWorkspaceFoldersMock = vi.fn(async (ctx: any) => { ctx.body = { folders: [] } })
+const usageBatchMock = vi.fn(async (ctx: any) => { ctx.body = {} })
+const usageSingleMock = vi.fn(async (ctx: any) => { ctx.body = { input_tokens: 0, output_tokens: 0 } })
+const usageStatsMock = vi.fn(async (ctx: any) => { ctx.body = { total_input_tokens: 0, total_output_tokens: 0 } })
+const contextLengthMock = vi.fn(async (ctx: any) => { ctx.body = { context_length: 256000 } })
+const batchRemoveMock = vi.fn(async (ctx: any) => { ctx.body = { deleted: 1, failed: 0, errors: [] } })
+const exportSessionMock = vi.fn(async (ctx: any) => { ctx.body = JSON.stringify({ id: ctx.params.id }) })
+
+vi.mock('../../packages/server/src/controllers/hermes/sessions', () => ({
+  listConversations: listConversationsMock,
+  getConversationMessages: getConversationMessagesMock,
+  getConversationMessagesPaginated: getConversationMessagesPaginatedMock,
+  list: listMock,
+  listHermesSessions: listHermesSessionsMock,
+  getHermesSession: getHermesSessionMock,
+  importHermesSession: importHermesSessionMock,
+  search: searchMock,
+  get: getMock,
+  remove: removeMock,
+  batchRemove: batchRemoveMock,
+  rename: renameMock,
+  setWorkspace: setWorkspaceMock,
+  setModel: setModelMock,
+  listWorkspaceFolders: listWorkspaceFoldersMock,
+  usageBatch: usageBatchMock,
+  usageSingle: usageSingleMock,
+  usageStats: usageStatsMock,
+  contextLength: contextLengthMock,
+  exportSession: exportSessionMock,
+}))
+
+describe('session routes', () => {
+  beforeEach(() => {
+    vi.resetModules()
+    listConversationsMock.mockClear()
+    getConversationMessagesMock.mockClear()
+    getConversationMessagesPaginatedMock.mockClear()
+    listMock.mockClear()
+    listHermesSessionsMock.mockClear()
+    getHermesSessionMock.mockClear()
+    importHermesSessionMock.mockClear()
+    searchMock.mockClear()
+    getMock.mockClear()
+    removeMock.mockClear()
+    renameMock.mockClear()
+    setModelMock.mockClear()
+  })
+
+  it('registers conversations, session list, and search routes', async () => {
+    const { sessionRoutes } = await import('../../packages/server/src/routes/hermes/sessions')
+    const paths = sessionRoutes.stack.map((entry: any) => entry.path)
+
+    expect(paths).toEqual(expect.arrayContaining([
+      '/api/hermes/sessions/conversations',
+      '/api/hermes/sessions/conversations/:id/messages',
+      '/api/hermes/sessions/conversations/:id/messages/paginated',
+      '/api/hermes/sessions',
+      '/api/hermes/sessions/hermes',
+      '/api/hermes/sessions/hermes/:id',
+      '/api/hermes/sessions/hermes/:id/import',
+      '/api/hermes/search/sessions',
+      '/api/hermes/sessions/search',
+      '/api/hermes/sessions/usage',
+      '/api/hermes/usage/stats',
+      '/api/hermes/sessions/context-length',
+      '/api/hermes/sessions/:id',
+      '/api/hermes/sessions/:id/export',
+      '/api/hermes/sessions/:id/usage',
+      '/api/hermes/sessions/:id/rename',
+      '/api/hermes/sessions/:id/model',
+    ]))
+  })
+
+  it('delegates session search to the controller', async () => {
+    const { sessionRoutes } = await import('../../packages/server/src/routes/hermes/sessions')
+    const layer = sessionRoutes.stack.find((entry: any) => entry.path === '/api/hermes/search/sessions')
+    const handler = layer.stack[0]
+    const ctx: any = { query: { q: 'docker', limit: '8' }, body: null, params: {} }
+
+    await handler(ctx)
+
+    expect(searchMock).toHaveBeenCalledWith(ctx)
+    expect(ctx.body).toEqual({ results: [{ id: 'search-1' }] })
+  })
+
+  it('keeps the legacy search path wired to the same controller', async () => {
+    const { sessionRoutes } = await import('../../packages/server/src/routes/hermes/sessions')
+    const layer = sessionRoutes.stack.find((entry: any) => entry.path === '/api/hermes/sessions/search')
+    const handler = layer.stack[0]
+    const ctx: any = { query: { q: 'docker' }, body: null, params: {} }
+
+    await handler(ctx)
+
+    expect(searchMock).toHaveBeenCalledWith(ctx)
+    expect(ctx.body).toEqual({ results: [{ id: 'search-1' }] })
+  })
+
+  it('delegates conversations list and detail routes', async () => {
+    const { sessionRoutes } = await import('../../packages/server/src/routes/hermes/sessions')
+    const listLayer = sessionRoutes.stack.find((entry: any) => entry.path === '/api/hermes/sessions/conversations')
+    const detailLayer = sessionRoutes.stack.find((entry: any) => entry.path === '/api/hermes/sessions/conversations/:id/messages')
+
+    const listCtx: any = { query: {}, body: null, params: {} }
+    await listLayer.stack[0](listCtx)
+    expect(listConversationsMock).toHaveBeenCalledWith(listCtx)
+    expect(listCtx.body).toEqual({ sessions: [{ id: 'conversation-1' }] })
+
+    const detailCtx: any = { params: { id: 'child-session' }, query: {}, body: null }
+    await detailLayer.stack[0](detailCtx)
+    expect(getConversationMessagesMock).toHaveBeenCalledWith(detailCtx)
+    expect(detailCtx.body).toEqual({ session_id: 'child-session', messages: [] })
+  })
+
+  it('delegates Hermes session import to the controller', async () => {
+    const { sessionRoutes } = await import('../../packages/server/src/routes/hermes/sessions')
+    const layer = sessionRoutes.stack.find((entry: any) => entry.path === '/api/hermes/sessions/hermes/:id/import')
+    const handler = layer.stack[0]
+    const ctx: any = { params: { id: 'hermes-abc' }, query: {}, request: { body: { profile: 'default' } }, body: null }
+
+    await handler(ctx)
+
+    expect(importHermesSessionMock).toHaveBeenCalledWith(ctx)
+    expect(ctx.body).toEqual({ session_id: 'hermes-abc' })
+  })
+
+  it('delegates session export to the controller', async () => {
+    const { sessionRoutes } = await import('../../packages/server/src/routes/hermes/sessions')
+    const layer = sessionRoutes.stack.find((entry: any) => entry.path === '/api/hermes/sessions/:id/export')
+    const handler = layer.stack[0]
+    const ctx: any = { params: { id: 'session-abc' }, query: {}, body: null, set: vi.fn() }
+
+    await handler(ctx)
+
+    expect(exportSessionMock).toHaveBeenCalledWith(ctx)
+  })
+})
diff --git a/tests/server/skill-injector.test.ts b/tests/server/skill-injector.test.ts
new file mode 100644
index 0000000..fdef5e5
--- /dev/null
+++ b/tests/server/skill-injector.test.ts
@@ -0,0 +1,101 @@
+import { mkdir, mkdtemp, readFile, rm, writeFile } from 'fs/promises'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, describe, expect, it, vi } from 'vitest'
+
+const tempDirs: string[] = []
+const originalHermesHome = process.env.HERMES_HOME
+const originalSkillsDir = process.env.HERMES_WEB_UI_SKILLS_DIR
+
+async function tempDir(prefix: string): Promise<string> {
+  const dir = await mkdtemp(join(tmpdir(), prefix))
+  tempDirs.push(dir)
+  return dir
+}
+
+afterEach(async () => {
+  vi.resetModules()
+  if (originalHermesHome === undefined) delete process.env.HERMES_HOME
+  else process.env.HERMES_HOME = originalHermesHome
+  if (originalSkillsDir === undefined) delete process.env.HERMES_WEB_UI_SKILLS_DIR
+  else process.env.HERMES_WEB_UI_SKILLS_DIR = originalSkillsDir
+  await Promise.all(tempDirs.splice(0).map(dir => rm(dir, { recursive: true, force: true })))
+})
+
+describe('HermesSkillInjector', () => {
+  it('resolves source directories for override, production bundle, and development layouts', async () => {
+    const root = await tempDir('hermes-skill-injector-paths-')
+    const override = join(root, 'override-skills')
+    const distSkills = join(root, 'dist', 'skills')
+    const devSkills = join(root, 'packages', 'skills')
+    await mkdir(override, { recursive: true })
+    await mkdir(distSkills, { recursive: true })
+    await mkdir(devSkills, { recursive: true })
+
+    const { HermesSkillInjector } = await import('../../packages/server/src/services/hermes/skill-injector')
+
+    expect(HermesSkillInjector.resolveSourceDir({ HERMES_WEB_UI_SKILLS_DIR: override } as any, join(root, 'dist', 'server'))).toBe(override)
+    expect(HermesSkillInjector.resolveSourceDir({} as any, join(root, 'dist', 'server'))).toBe(distSkills)
+    expect(HermesSkillInjector.resolveSourceDir({} as any, join(root, 'packages', 'server', 'src', 'services', 'hermes'))).toBe(devSkills)
+  })
+
+  it('syncs bundled skills and replaces existing bundled copies', async () => {
+    const source = await tempDir('hermes-skill-source-')
+    const hermesHome = await tempDir('hermes-skill-home-')
+    process.env.HERMES_HOME = hermesHome
+
+    await mkdir(join(source, 'new-skill'), { recursive: true })
+    await writeFile(join(source, 'new-skill', 'SKILL.md'), '# New Skill\n', 'utf-8')
+    await mkdir(join(source, 'existing-skill'), { recursive: true })
+    await writeFile(join(source, 'existing-skill', 'SKILL.md'), '# Bundled Existing\n', 'utf-8')
+
+    await mkdir(join(hermesHome, 'skills', 'existing-skill'), { recursive: true })
+    await writeFile(join(hermesHome, 'skills', 'existing-skill', 'SKILL.md'), '# User Existing\n', 'utf-8')
+
+    const { HermesSkillInjector } = await import('../../packages/server/src/services/hermes/skill-injector')
+    const result = await new HermesSkillInjector(source).injectMissingSkills()
+
+    expect(result.injected).toEqual(['new-skill'])
+    expect(result.updated).toEqual(['existing-skill'])
+    expect(result.skipped).toEqual([])
+    await expect(readFile(join(hermesHome, 'skills', 'new-skill', 'SKILL.md'), 'utf-8')).resolves.toBe('# New Skill\n')
+    await expect(readFile(join(hermesHome, 'skills', 'existing-skill', 'SKILL.md'), 'utf-8')).resolves.toBe('# Bundled Existing\n')
+  })
+
+  it('syncs bundled skills into default and named profiles only touching bundled names', async () => {
+    const source = await tempDir('hermes-skill-source-')
+    const hermesHome = await tempDir('hermes-skill-home-')
+    process.env.HERMES_HOME = hermesHome
+
+    await mkdir(join(source, 'webui-skill'), { recursive: true })
+    await writeFile(join(source, 'webui-skill', 'SKILL.md'), '# WebUI Skill\n', 'utf-8')
+
+    await mkdir(join(hermesHome, 'skills', 'webui-skill'), { recursive: true })
+    await writeFile(join(hermesHome, 'skills', 'webui-skill', 'SKILL.md'), '# Old WebUI Skill\n', 'utf-8')
+    await mkdir(join(hermesHome, 'skills', 'local-skill'), { recursive: true })
+    await writeFile(join(hermesHome, 'skills', 'local-skill', 'SKILL.md'), '# Local Skill\n', 'utf-8')
+
+    await mkdir(join(hermesHome, 'profiles', 'alpha', 'skills'), { recursive: true })
+    await mkdir(join(hermesHome, 'profiles', 'beta', 'skills', 'webui-skill'), { recursive: true })
+    await writeFile(join(hermesHome, 'profiles', 'beta', 'skills', 'webui-skill', 'SKILL.md'), '# Old Profile Skill\n', 'utf-8')
+    await mkdir(join(hermesHome, 'profiles', 'beta', 'skills', 'profile-local'), { recursive: true })
+    await writeFile(join(hermesHome, 'profiles', 'beta', 'skills', 'profile-local', 'SKILL.md'), '# Profile Local\n', 'utf-8')
+
+    const { HermesSkillInjector } = await import('../../packages/server/src/services/hermes/skill-injector')
+    const result = await new HermesSkillInjector(source).injectMissingSkills()
+
+    expect(result.targets.map(target => target.targetDir)).toEqual([
+      join(hermesHome, 'skills'),
+      join(hermesHome, 'profiles', 'alpha', 'skills'),
+      join(hermesHome, 'profiles', 'beta', 'skills'),
+    ])
+    expect(result.injected).toEqual(['webui-skill'])
+    expect(result.updated).toEqual(['webui-skill', 'webui-skill'])
+
+    await expect(readFile(join(hermesHome, 'skills', 'webui-skill', 'SKILL.md'), 'utf-8')).resolves.toBe('# WebUI Skill\n')
+    await expect(readFile(join(hermesHome, 'profiles', 'alpha', 'skills', 'webui-skill', 'SKILL.md'), 'utf-8')).resolves.toBe('# WebUI Skill\n')
+    await expect(readFile(join(hermesHome, 'profiles', 'beta', 'skills', 'webui-skill', 'SKILL.md'), 'utf-8')).resolves.toBe('# WebUI Skill\n')
+    await expect(readFile(join(hermesHome, 'skills', 'local-skill', 'SKILL.md'), 'utf-8')).resolves.toBe('# Local Skill\n')
+    await expect(readFile(join(hermesHome, 'profiles', 'beta', 'skills', 'profile-local', 'SKILL.md'), 'utf-8')).resolves.toBe('# Profile Local\n')
+  })
+})
diff --git a/tests/server/skill-usage-stats-db.test.ts b/tests/server/skill-usage-stats-db.test.ts
new file mode 100644
index 0000000..35d026a
--- /dev/null
+++ b/tests/server/skill-usage-stats-db.test.ts
@@ -0,0 +1,211 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdtempSync, rmSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { DatabaseSync } from 'node:sqlite'
+
+const profileMock = vi.hoisted(() => ({
+  getActiveProfileDir: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileDir: profileMock.getActiveProfileDir,
+  getProfileDir: vi.fn(),
+}))
+
+function createStateDb(): string {
+  const dir = mkdtempSync(join(tmpdir(), 'hermes-skill-usage-'))
+  const db = new DatabaseSync(join(dir, 'state.db'))
+  db.exec(`
+    CREATE TABLE sessions (
+      id TEXT PRIMARY KEY,
+      source TEXT,
+      started_at INTEGER
+    );
+    CREATE INDEX idx_sessions_started ON sessions(started_at);
+    CREATE TABLE messages (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      session_id TEXT,
+      role TEXT,
+      content TEXT,
+      tool_call_id TEXT,
+      tool_calls TEXT,
+      tool_name TEXT,
+      timestamp INTEGER
+    );
+    CREATE INDEX idx_messages_session ON messages(session_id, timestamp);
+  `)
+  db.close()
+  return dir
+}
+
+function insertSession(dir: string, row: { id: string; source?: string; started_at: number }) {
+  const db = new DatabaseSync(join(dir, 'state.db'))
+  db.prepare('INSERT INTO sessions (id, source, started_at) VALUES (?, ?, ?)')
+    .run(row.id, row.source ?? 'cli', row.started_at)
+  db.close()
+}
+
+function insertToolResult(dir: string, row: {
+  sessionId: string
+  timestamp: number
+  toolName?: string | null
+  toolCallId?: string | null
+  content: string
+}) {
+  const db = new DatabaseSync(join(dir, 'state.db'))
+  db.prepare('INSERT INTO messages (session_id, role, content, tool_call_id, tool_name, timestamp) VALUES (?, ?, ?, ?, ?, ?)')
+    .run(row.sessionId, 'tool', row.content, row.toolCallId ?? null, row.toolName ?? null, row.timestamp)
+  db.close()
+}
+
+function insertAssistantToolCalls(dir: string, sessionId: string, timestamp: number, toolCalls: unknown) {
+  const db = new DatabaseSync(join(dir, 'state.db'))
+  db.prepare('INSERT INTO messages (session_id, role, tool_calls, timestamp) VALUES (?, ?, ?, ?)')
+    .run(sessionId, 'assistant', JSON.stringify(toolCalls), timestamp)
+  db.close()
+}
+
+describe('Hermes skill usage analytics DB aggregation', () => {
+  let profileDir: string | null = null
+
+  beforeEach(() => {
+    vi.resetModules()
+    profileMock.getActiveProfileDir.mockReset()
+  })
+
+  afterEach(() => {
+    if (profileDir) rmSync(profileDir, { recursive: true, force: true })
+    profileDir = null
+  })
+
+  it('counts completed skill loads and edits from compact tool result rows across CLI and API-server sessions inside the requested period', async () => {
+    const now = 1_700_000_000
+    profileDir = createStateDb()
+    profileMock.getActiveProfileDir.mockReturnValue(profileDir)
+
+    insertSession(profileDir, { id: 'recent-cli', source: 'cli', started_at: now - 60 })
+    insertToolResult(profileDir, {
+      sessionId: 'recent-cli',
+      timestamp: now - 50,
+      content: '[skill_view] name=hermes-agent (64,764 chars)',
+    })
+    insertToolResult(profileDir, {
+      sessionId: 'recent-cli',
+      timestamp: now - 45,
+      toolName: 'skill_view',
+      content: '[skill_view] name=hermes-agent (64,764 chars)',
+    })
+    insertToolResult(profileDir, {
+      sessionId: 'recent-cli',
+      timestamp: now - 40,
+      toolName: 'skill_manage',
+      content: JSON.stringify({ success: true, message: "Patched SKILL.md in skill 'hermes-agent' (1 replacement)." }),
+    })
+    insertToolResult(profileDir, {
+      sessionId: 'recent-cli',
+      timestamp: now - 35,
+      content: '[skill_view] name=github-pr-workflow (22,106 chars)',
+    })
+    insertAssistantToolCalls(profileDir, 'recent-cli', now - 30, [
+      { function: { name: 'skill_view', arguments: JSON.stringify({ name: 'planned-but-not-counted' }) } },
+    ])
+    insertToolResult(profileDir, {
+      sessionId: 'recent-cli',
+      timestamp: now - 25,
+      toolName: 'terminal',
+      content: 'noop',
+    })
+
+    insertSession(profileDir, { id: 'web-api-session', source: 'api_server', started_at: now - 30 })
+    insertAssistantToolCalls(profileDir, 'web-api-session', now - 22, [
+      {
+        id: 'call_api_skill_view',
+        call_id: 'call_api_skill_view',
+        type: 'function',
+        function: { name: 'skill_view', arguments: JSON.stringify({ name: 'api-server-skill' }) },
+      },
+    ])
+    insertToolResult(profileDir, {
+      sessionId: 'web-api-session',
+      timestamp: now - 20,
+      toolCallId: 'call_api_skill_view',
+      content: JSON.stringify({ success: true, name: 'api-server-skill', description: 'API-server JSON tool result' }),
+    })
+
+    insertSession(profileDir, { id: 'old-cli', source: 'cli', started_at: now - 10 * 86400 })
+    insertToolResult(profileDir, {
+      sessionId: 'old-cli',
+      timestamp: now - 10 * 86400,
+      content: '[skill_view] name=old-skill (1 chars)',
+    })
+
+    insertSession(profileDir, { id: 'long-running-cli', source: 'cli', started_at: now - 10 * 86400 })
+    insertToolResult(profileDir, {
+      sessionId: 'long-running-cli',
+      timestamp: now - 40,
+      content: '[skill_view] name=late-session-skill (1 chars)',
+    })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const result = await mod.getSkillUsageStatsFromDb(7, now)
+
+    expect(result).toEqual({
+      period_days: 7,
+      summary: {
+        total_skill_loads: 5,
+        total_skill_edits: 1,
+        total_skill_actions: 6,
+        distinct_skills_used: 4,
+      },
+      by_day: [
+        {
+          date: '2023-11-14',
+          view_count: 5,
+          manage_count: 1,
+          total_count: 6,
+          skills: [
+            { skill: 'hermes-agent', view_count: 2, manage_count: 1, total_count: 3 },
+            { skill: 'api-server-skill', view_count: 1, manage_count: 0, total_count: 1 },
+            { skill: 'github-pr-workflow', view_count: 1, manage_count: 0, total_count: 1 },
+            { skill: 'late-session-skill', view_count: 1, manage_count: 0, total_count: 1 },
+          ],
+        },
+      ],
+      top_skills: [
+        {
+          skill: 'hermes-agent',
+          view_count: 2,
+          manage_count: 1,
+          total_count: 3,
+          percentage: 50,
+          last_used_at: now - 40,
+        },
+        {
+          skill: 'api-server-skill',
+          view_count: 1,
+          manage_count: 0,
+          total_count: 1,
+          percentage: 1 / 6 * 100,
+          last_used_at: now - 20,
+        },
+        {
+          skill: 'github-pr-workflow',
+          view_count: 1,
+          manage_count: 0,
+          total_count: 1,
+          percentage: 1 / 6 * 100,
+          last_used_at: now - 35,
+        },
+        {
+          skill: 'late-session-skill',
+          view_count: 1,
+          manage_count: 0,
+          total_count: 1,
+          percentage: 1 / 6 * 100,
+          last_used_at: now - 40,
+        },
+      ],
+    })
+  })
+})
diff --git a/tests/server/skills-controller.test.ts b/tests/server/skills-controller.test.ts
new file mode 100644
index 0000000..0307c23
--- /dev/null
+++ b/tests/server/skills-controller.test.ts
@@ -0,0 +1,146 @@
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdtemp, mkdir, readFile, rm, writeFile } from 'fs/promises'
+import { tmpdir } from 'os'
+import { join } from 'path'
+
+const mockGetSkillUsageStatsFromDb = vi.hoisted(() => vi.fn())
+const mockGetActiveProfileName = vi.hoisted(() => vi.fn())
+const mockGetProfileDir = vi.hoisted(() => vi.fn())
+const mockUpdateConfigYamlForProfile = vi.hoisted(() => vi.fn())
+const mockReadConfigYamlForProfile = vi.hoisted(() => vi.fn())
+const mockSafeReadFile = vi.hoisted(() => vi.fn())
+const mockExtractDescription = vi.hoisted(() => vi.fn())
+const mockListFilesRecursive = vi.hoisted(() => vi.fn())
+
+vi.mock('../../packages/server/src/db/hermes/sessions-db', () => ({
+  getSkillUsageStatsFromDb: mockGetSkillUsageStatsFromDb,
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileName: mockGetActiveProfileName,
+  getProfileDir: mockGetProfileDir,
+}))
+
+vi.mock('../../packages/server/src/services/config-helpers', () => ({
+  readConfigYamlForProfile: mockReadConfigYamlForProfile,
+  updateConfigYamlForProfile: mockUpdateConfigYamlForProfile,
+  safeReadFile: mockSafeReadFile,
+  extractDescription: mockExtractDescription,
+  listFilesRecursive: mockListFilesRecursive,
+}))
+
+async function loadController() {
+  vi.resetModules()
+  return import('../../packages/server/src/controllers/hermes/skills')
+}
+
+describe('skills controller', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mockGetActiveProfileName.mockReturnValue('default')
+    mockGetProfileDir.mockImplementation((profile: string) => `/tmp/hermes-${profile}`)
+    mockReadConfigYamlForProfile.mockResolvedValue({})
+    mockSafeReadFile.mockImplementation(async (path: string) => {
+      try {
+        return await readFile(path, 'utf-8')
+      } catch {
+        return null
+      }
+    })
+    mockExtractDescription.mockImplementation((content: string) => {
+      return content.split('\n').find(line => line.trim() && !line.startsWith('#'))?.trim() || ''
+    })
+    mockListFilesRecursive.mockResolvedValue([])
+    mockUpdateConfigYamlForProfile.mockImplementation(async (_profile: string, updater: (config: Record<string, any>) => Record<string, any>) => updater({}))
+    mockGetSkillUsageStatsFromDb.mockResolvedValue({
+      period_days: 7,
+      summary: {
+        total_skill_loads: 0,
+        total_skill_edits: 0,
+        total_skill_actions: 0,
+        distinct_skills_used: 0,
+      },
+      by_day: [],
+      top_skills: [],
+    })
+  })
+
+  it('loads skill usage from the request-scoped profile state database', async () => {
+    const { usageStats } = await loadController()
+    const ctx: any = { query: { days: '30' }, state: { profile: { name: 'research' } }, body: null }
+
+    await usageStats(ctx)
+
+    expect(mockGetSkillUsageStatsFromDb).toHaveBeenCalledWith(30, undefined, 'research')
+    expect(ctx.body.period_days).toBe(7)
+  })
+
+  it('falls back to active profile when no request profile is set', async () => {
+    mockGetActiveProfileName.mockReturnValue('travel')
+    const { usageStats } = await loadController()
+    const ctx: any = { query: {}, state: {}, body: null }
+
+    await usageStats(ctx)
+
+    expect(mockGetSkillUsageStatsFromDb).toHaveBeenCalledWith(7, undefined, 'travel')
+  })
+
+  it('toggles skills in the request-scoped profile config', async () => {
+    let updatedConfig: Record<string, any> | undefined
+    mockUpdateConfigYamlForProfile.mockImplementation(async (_profile: string, updater: (config: Record<string, any>) => Record<string, any>) => {
+      updatedConfig = await updater({ skills: { disabled: ['old-skill'] }, model: { default: 'glm-5.1' } })
+      return undefined
+    })
+    const { toggle } = await loadController()
+    const ctx: any = {
+      request: { body: { name: 'new-skill', enabled: false } },
+      state: { profile: { name: 'research' } },
+      body: null,
+    }
+
+    await toggle(ctx)
+
+    expect(mockUpdateConfigYamlForProfile).toHaveBeenCalledWith('research', expect.any(Function))
+    expect(updatedConfig).toEqual({
+      skills: { disabled: ['old-skill', 'new-skill'] },
+      model: { default: 'glm-5.1' },
+    })
+    expect(ctx.body).toEqual({ success: true })
+  })
+
+  it('lists configured external skill directories with external source while keeping local skills first', async () => {
+    const root = await mkdtemp(join(tmpdir(), 'hermes-web-ui-external-skills-'))
+    const profileDir = join(root, 'profile')
+    const localSkillDir = join(profileDir, 'skills', 'tools', 'dupe-skill')
+    const externalDir = join(root, 'external-skills')
+    const externalSkillDir = join(externalDir, 'tools', 'external-skill')
+    const externalDupeDir = join(externalDir, 'tools', 'dupe-skill')
+
+    await mkdir(localSkillDir, { recursive: true })
+    await mkdir(externalSkillDir, { recursive: true })
+    await mkdir(externalDupeDir, { recursive: true })
+    await writeFile(join(localSkillDir, 'SKILL.md'), '# Local Dupe\nlocal copy\n', 'utf-8')
+    await writeFile(join(externalSkillDir, 'SKILL.md'), '# External Skill\nexternal copy\n', 'utf-8')
+    await writeFile(join(externalDupeDir, 'SKILL.md'), '# External Dupe\nexternal duplicate\n', 'utf-8')
+
+    mockGetProfileDir.mockReturnValue(profileDir)
+    mockReadConfigYamlForProfile.mockResolvedValue({
+      skills: { external_dirs: [externalDir] },
+    })
+
+    try {
+      const { list } = await loadController()
+      const ctx: any = { state: { profile: { name: 'research' } }, body: null }
+
+      await list(ctx)
+
+      const tools = ctx.body.categories.find((category: any) => category.name === 'tools')
+      expect(tools.skills).toEqual([
+        expect.objectContaining({ name: 'dupe-skill', source: 'local', description: 'local copy' }),
+        expect.objectContaining({ name: 'external-skill', source: 'external', description: 'external copy' }),
+      ])
+    } finally {
+      await rm(root, { recursive: true, force: true })
+    }
+  })
+})
diff --git a/tests/server/terminal-cwd.test.ts b/tests/server/terminal-cwd.test.ts
new file mode 100644
index 0000000..fd9d02c
--- /dev/null
+++ b/tests/server/terminal-cwd.test.ts
@@ -0,0 +1,41 @@
+import { mkdtempSync, mkdirSync, rmSync } from 'fs'
+import { tmpdir } from 'os'
+import { join } from 'path'
+import { afterEach, describe, expect, it } from 'vitest'
+import { resolveTerminalCwd } from '../../packages/server/src/routes/hermes/terminal'
+
+const tmpRoots: string[] = []
+
+function makeTmpRoot() {
+  const root = mkdtempSync(join(tmpdir(), 'wui-terminal-cwd-'))
+  tmpRoots.push(root)
+  return root
+}
+
+afterEach(() => {
+  for (const root of tmpRoots.splice(0)) rmSync(root, { recursive: true, force: true })
+})
+
+describe('terminal cwd resolution', () => {
+  it('defaults terminal sessions to the active Hermes profile directory', () => {
+    const profileDir = makeTmpRoot()
+    expect(resolveTerminalCwd({}, profileDir)).toBe(profileDir)
+  })
+
+  it('resolves relative configured cwd from the Hermes profile directory', () => {
+    const profileDir = makeTmpRoot()
+    mkdirSync(join(profileDir, 'workspace'))
+    expect(resolveTerminalCwd({ cwd: 'workspace' }, profileDir)).toBe(join(profileDir, 'workspace'))
+  })
+
+  it('uses absolute configured cwd when it exists', () => {
+    const profileDir = makeTmpRoot()
+    const cwd = makeTmpRoot()
+    expect(resolveTerminalCwd({ cwd }, profileDir)).toBe(cwd)
+  })
+
+  it('falls back to the profile directory when configured cwd is missing', () => {
+    const profileDir = makeTmpRoot()
+    expect(resolveTerminalCwd({ cwd: 'missing' }, profileDir)).toBe(profileDir)
+  })
+})
diff --git a/tests/server/update-controller.test.ts b/tests/server/update-controller.test.ts
new file mode 100644
index 0000000..e9918ee
--- /dev/null
+++ b/tests/server/update-controller.test.ts
@@ -0,0 +1,309 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { delimiter, dirname, join } from 'path'
+
+type UpdateControllerMocks = {
+  execFile: ReturnType<typeof vi.fn>
+  execFileSync: ReturnType<typeof vi.fn>
+  spawn: ReturnType<typeof vi.fn>
+  unref: ReturnType<typeof vi.fn>
+  existsSync: ReturnType<typeof vi.fn>
+  readFileSync: ReturnType<typeof vi.fn>
+  appendFileSync: ReturnType<typeof vi.fn>
+}
+
+async function loadUpdateController(overrides: Partial<UpdateControllerMocks> = {}) {
+  const execFile = overrides.execFile ?? vi.fn((_command: string, _args: string[], _options: any, callback: any) => callback(null, '', ''))
+  const execFileSync = overrides.execFileSync ?? vi.fn().mockReturnValue('updated')
+  const unref = overrides.unref ?? vi.fn()
+  const spawn = overrides.spawn ?? vi.fn(() => ({ unref, on: vi.fn() }))
+  const existsSync = overrides.existsSync ?? vi.fn(() => true)
+  const readFileSync = overrides.readFileSync ?? vi.fn(() => JSON.stringify({
+    name: 'hermes-web-ui',
+    version: '0.0.0',
+    repository: { url: 'https://github.com/EKKOLearnAI/hermes-web-ui.git' },
+  }))
+  const appendFileSync = overrides.appendFileSync ?? vi.fn()
+
+  vi.resetModules()
+  vi.doMock('child_process', () => ({ execFile, execFileSync, spawn }))
+  vi.doMock('fs', () => ({
+    appendFileSync,
+    closeSync: vi.fn(),
+    existsSync,
+    mkdirSync: vi.fn(),
+    openSync: vi.fn(() => 1),
+    readFileSync,
+    rmSync: vi.fn(),
+    writeFileSync: vi.fn(),
+  }))
+
+  const mod = await import('../../packages/server/src/controllers/update')
+  return {
+    ...mod,
+    mocks: { execFile, execFileSync, spawn, unref, existsSync, readFileSync, appendFileSync },
+  }
+}
+
+function createMockCtx() {
+  return {
+    status: 200,
+    body: null as unknown,
+  }
+}
+
+function getNodeBinDir() {
+  return dirname(process.execPath)
+}
+
+function getNodePrefix() {
+  return process.platform === 'win32' ? getNodeBinDir() : dirname(getNodeBinDir())
+}
+
+function getNpmCliPath() {
+  const prefix = getNodePrefix()
+  return process.platform === 'win32'
+    ? join(prefix, 'node_modules', 'npm', 'bin', 'npm-cli.js')
+    : join(prefix, 'lib', 'node_modules', 'npm', 'bin', 'npm-cli.js')
+}
+
+function getGlobalCliScript(prefix: string) {
+  return process.platform === 'win32'
+    ? join(prefix, 'node_modules', 'hermes-web-ui', 'bin', 'hermes-web-ui.mjs')
+    : join(prefix, 'lib', 'node_modules', 'hermes-web-ui', 'bin', 'hermes-web-ui.mjs')
+}
+
+describe('update controller', () => {
+  const originalPort = process.env.PORT
+  const exitSpy = vi.spyOn(process, 'exit').mockImplementation((() => undefined) as never)
+
+  beforeEach(() => {
+    vi.useFakeTimers()
+    vi.clearAllMocks()
+  })
+
+  afterEach(() => {
+    vi.useRealTimers()
+    vi.doUnmock('child_process')
+    vi.doUnmock('fs')
+    vi.unstubAllGlobals()
+    if (originalPort === undefined) {
+      delete process.env.PORT
+    } else {
+      process.env.PORT = originalPort
+    }
+    delete process.env.HERMES_WEB_UI_PREVIEW_REPO
+  })
+
+  it('updates and restarts through the running Node executable, not PATH shims', async () => {
+    process.env.PORT = '9129'
+    const nodeBinDir = getNodeBinDir()
+    const npmCli = getNpmCliPath()
+    const globalPrefix = getNodePrefix()
+    const cliScript = getGlobalCliScript(globalPrefix)
+    const execFileSync = vi.fn((_command: string, args: string[]) => {
+      if (args[1] === 'root') {
+        return process.platform === 'win32'
+          ? join(globalPrefix, 'node_modules')
+          : join(globalPrefix, 'lib', 'node_modules')
+      }
+      return 'updated'
+    })
+    const { handleUpdate, mocks } = await loadUpdateController({ execFileSync })
+    const ctx = createMockCtx()
+
+    await handleUpdate(ctx)
+
+    expect(mocks.execFileSync).toHaveBeenCalledWith(
+      process.execPath,
+      [npmCli, 'install', '-g', 'hermes-web-ui@latest'],
+      expect.objectContaining({
+        encoding: 'utf-8',
+        timeout: 10 * 60 * 1000,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        windowsHide: true,
+        env: expect.objectContaining({
+          npm_node_execpath: process.execPath,
+          PATH: expect.stringContaining(`${nodeBinDir}${delimiter}`),
+        }),
+      }),
+    )
+    expect(ctx.body).toEqual({ success: true, message: 'updated' })
+
+    vi.runAllTimers()
+
+    expect(mocks.execFileSync).toHaveBeenCalledWith(
+      process.execPath,
+      [npmCli, 'root', '-g'],
+      expect.objectContaining({
+        encoding: 'utf-8',
+        stdio: ['pipe', 'pipe', 'pipe'],
+        windowsHide: true,
+        env: expect.objectContaining({ npm_node_execpath: process.execPath }),
+      }),
+    )
+    expect(mocks.spawn).toHaveBeenCalledWith(
+      process.execPath,
+      [cliScript, 'restart', '--port', '9129'],
+      expect.objectContaining({
+        detached: true,
+        stdio: 'ignore',
+        windowsHide: true,
+        env: expect.objectContaining({ npm_node_execpath: process.execPath }),
+      }),
+    )
+    expect(mocks.unref).toHaveBeenCalledOnce()
+  })
+
+  it('falls back to the default port when PORT is not set', async () => {
+    delete process.env.PORT
+    const { handleUpdate, mocks } = await loadUpdateController()
+    const ctx = createMockCtx()
+
+    await handleUpdate(ctx)
+    vi.runAllTimers()
+
+    expect(mocks.spawn).toHaveBeenCalledWith(
+      process.execPath,
+      [expect.any(String), 'restart', '--port', '8648'],
+      expect.objectContaining({ detached: true, stdio: 'ignore', windowsHide: true }),
+    )
+  })
+
+  it('does not log a restart error when the restart helper exits successfully', async () => {
+    const handlers = new Map<string, (...args: any[]) => void>()
+    const errorSpy = vi.spyOn(console, 'error').mockImplementation(() => undefined)
+    const unref = vi.fn()
+    const restart = {
+      unref,
+      on: vi.fn((event: string, handler: (...args: any[]) => void) => {
+        handlers.set(event, handler)
+        return restart
+      }),
+    }
+    const spawn = vi.fn(() => restart)
+    const { handleUpdate } = await loadUpdateController({ spawn, unref })
+    const ctx = createMockCtx()
+
+    await handleUpdate(ctx)
+    vi.runAllTimers()
+    handlers.get('exit')?.(0, null)
+
+    expect(errorSpy).not.toHaveBeenCalled()
+    errorSpy.mockRestore()
+  })
+
+  it('returns a 500 with stderr when installation fails', async () => {
+    const execFileSync = vi.fn(() => {
+      const error = new Error('install failed') as Error & { stderr?: string }
+      error.stderr = 'engine mismatch'
+      throw error
+    })
+    const { handleUpdate, mocks } = await loadUpdateController({ execFileSync })
+    const ctx = createMockCtx()
+
+    await handleUpdate(ctx)
+
+    expect(ctx.status).toBe(500)
+    expect(ctx.body).toEqual({ success: false, message: 'engine mismatch' })
+    expect(mocks.spawn).not.toHaveBeenCalled()
+    expect(exitSpy).not.toHaveBeenCalled()
+  })
+
+  it('loads preview tags through async git with a short timeout', async () => {
+    process.env.HERMES_WEB_UI_PREVIEW_REPO = 'https://github.com/EKKOLearnAI/hermes-web-ui'
+    const execFile = vi.fn((_command: string, _args: string[], _options: any, callback: any) => {
+      callback(null, [
+        'abc123\trefs/tags/v0.6.6',
+        'def456\trefs/tags/v0.6.7',
+      ].join('\n'), '')
+    })
+    const execFileSync = vi.fn(() => 'git version 2.0.0')
+    const { previewTags, mocks } = await loadUpdateController({ execFile, execFileSync })
+    const ctx = createMockCtx()
+
+    await previewTags(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(ctx.body).toEqual({
+      tags: [
+        { name: 'main', sha: '' },
+        { name: 'v0.6.7', sha: 'def456' },
+        { name: 'v0.6.6', sha: 'abc123' },
+      ],
+    })
+    expect(mocks.execFile).toHaveBeenCalledWith(
+      'git',
+      ['ls-remote', '--tags', '--refs', 'https://github.com/EKKOLearnAI/hermes-web-ui.git'],
+      expect.objectContaining({ timeout: 8000 }),
+      expect.any(Function),
+    )
+  })
+
+  it('falls back to GitHub API when async git tag loading fails', async () => {
+    process.env.HERMES_WEB_UI_PREVIEW_REPO = 'https://github.com/EKKOLearnAI/hermes-web-ui'
+    const execFile = vi.fn((_command: string, _args: string[], _options: any, callback: any) => {
+      callback(new Error('git timeout'), '', '')
+    })
+    const execFileSync = vi.fn(() => 'git version 2.0.0')
+    const fetchMock = vi.fn(async () => ({
+      ok: true,
+      json: async () => [
+        { name: 'v0.6.7', commit: { sha: 'def456' } },
+        { name: 'v0.6.6', commit: { sha: 'abc123' } },
+      ],
+    }))
+    vi.stubGlobal('fetch', fetchMock)
+    const { previewTags } = await loadUpdateController({ execFile, execFileSync })
+    const ctx = createMockCtx()
+
+    await previewTags(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(ctx.body).toEqual({
+      tags: [
+        { name: 'main', sha: '' },
+        { name: 'v0.6.7', sha: 'def456' },
+        { name: 'v0.6.6', sha: 'abc123' },
+      ],
+    })
+    expect(fetchMock).toHaveBeenCalledWith(
+      'https://api.github.com/repos/EKKOLearnAI/hermes-web-ui/tags?per_page=100',
+      expect.objectContaining({
+        headers: { 'User-Agent': 'hermes-web-ui-preview' },
+        signal: expect.any(AbortSignal),
+      }),
+    )
+  })
+
+  it('runs preview npm install through async execFile', async () => {
+    const npmCli = getNpmCliPath()
+    const execFile = vi.fn((_command: string, _args: string[], _options: any, callback: any) => {
+      callback(null, 'installed', '')
+    })
+    const execFileSync = vi.fn(() => '')
+    const { installPreview, mocks } = await loadUpdateController({ execFile, execFileSync })
+    const ctx = createMockCtx()
+
+    await installPreview(ctx)
+
+    expect(ctx.status).toBe(202)
+    expect((ctx.body as any).success).toBe(true)
+    expect((ctx.body as any).accepted).toBe(true)
+    expect((ctx.body as any).active_action).toBe('install')
+    expect(mocks.execFile).toHaveBeenCalledWith(
+      process.execPath,
+      [npmCli, 'install', '--include=dev', '--ignore-scripts'],
+      expect.objectContaining({
+        timeout: 15 * 60 * 1000,
+        cwd: expect.any(String),
+      }),
+      expect.any(Function),
+    )
+    expect(mocks.execFileSync).not.toHaveBeenCalledWith(
+      process.execPath,
+      [npmCli, 'install', '--include=dev', '--ignore-scripts'],
+      expect.any(Object),
+    )
+  })
+
+})
diff --git a/tests/server/upload-controller.test.ts b/tests/server/upload-controller.test.ts
new file mode 100644
index 0000000..13167bf
--- /dev/null
+++ b/tests/server/upload-controller.test.ts
@@ -0,0 +1,63 @@
+import { Readable } from 'stream'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const mkdirMock = vi.hoisted(() => vi.fn())
+const writeFileMock = vi.hoisted(() => vi.fn())
+
+vi.mock('fs/promises', async () => {
+  const actual = await vi.importActual<typeof import('fs/promises')>('fs/promises')
+  return {
+    ...actual,
+    mkdir: mkdirMock,
+    writeFile: writeFileMock,
+  }
+})
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileName: vi.fn(() => 'default'),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/upload-paths', () => ({
+  getProfileUploadDir: vi.fn((profile: string) => `/tmp/hermes-web-ui/upload/${profile}`),
+}))
+
+function multipartBody(boundary: string, name: string, content: string): Buffer {
+  return Buffer.from([
+    `--${boundary}`,
+    `Content-Disposition: form-data; name="file"; filename="${name}"`,
+    'Content-Type: text/plain',
+    '',
+    content,
+    `--${boundary}--`,
+    '',
+  ].join('\r\n'))
+}
+
+describe('upload controller', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mkdirMock.mockResolvedValue(undefined)
+    writeFileMock.mockResolvedValue(undefined)
+  })
+
+  it('stores chat uploads under the request-scoped profile upload directory', async () => {
+    const boundary = 'test-boundary'
+    const { handleUpload } = await import('../../packages/server/src/controllers/upload')
+    const ctx: any = {
+      get: vi.fn((header: string) => header === 'content-type' ? `multipart/form-data; boundary=${boundary}` : ''),
+      req: Readable.from([multipartBody(boundary, 'note.txt', 'hello')]),
+      state: { profile: { name: 'research' } },
+      body: undefined,
+      status: 200,
+    }
+
+    await handleUpload(ctx)
+
+    expect(mkdirMock).toHaveBeenCalledWith('/tmp/hermes-web-ui/upload/research', { recursive: true })
+    expect(writeFileMock).toHaveBeenCalledOnce()
+    const [savedPath, data] = writeFileMock.mock.calls[0]
+    expect(savedPath).toMatch(/^\/tmp\/hermes-web-ui\/upload\/research\/[a-f0-9]+\.txt$/)
+    expect(data.toString('utf-8')).toBe('hello')
+    expect(ctx.body.files[0]).toMatchObject({ name: 'note.txt', path: savedPath })
+  })
+})
diff --git a/tests/server/usage-analytics-db.test.ts b/tests/server/usage-analytics-db.test.ts
new file mode 100644
index 0000000..cc19556
--- /dev/null
+++ b/tests/server/usage-analytics-db.test.ts
@@ -0,0 +1,249 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdtempSync, rmSync } from 'node:fs'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { DatabaseSync } from 'node:sqlite'
+
+const profileMock = vi.hoisted(() => ({
+  getActiveProfileDir: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+  getActiveProfileDir: profileMock.getActiveProfileDir,
+  getProfileDir: vi.fn(),
+}))
+
+function createStateDb(withApiCallCount = true): string {
+  const dir = mkdtempSync(join(tmpdir(), 'hermes-usage-'))
+  const db = new DatabaseSync(join(dir, 'state.db'))
+  db.exec(`
+    CREATE TABLE sessions (
+      id TEXT PRIMARY KEY,
+      source TEXT,
+      model TEXT,
+      started_at INTEGER,
+      input_tokens INTEGER DEFAULT 0,
+      output_tokens INTEGER DEFAULT 0,
+      cache_read_tokens INTEGER DEFAULT 0,
+      cache_write_tokens INTEGER DEFAULT 0,
+      reasoning_tokens INTEGER DEFAULT 0,
+      estimated_cost_usd REAL DEFAULT 0,
+      actual_cost_usd REAL${withApiCallCount ? ', api_call_count INTEGER DEFAULT 0' : ''}
+    )
+  `)
+  db.close()
+  return dir
+}
+
+function insertSession(
+  dir: string,
+  row: {
+    id: string
+    source?: string
+    model?: string | null
+    started_at: number
+    input_tokens?: number
+    output_tokens?: number
+    cache_read_tokens?: number
+    cache_write_tokens?: number
+    reasoning_tokens?: number
+    estimated_cost_usd?: number
+    actual_cost_usd?: number | null
+    api_call_count?: number
+  },
+  withApiCallCount = true,
+) {
+  const db = new DatabaseSync(join(dir, 'state.db'))
+  const baseParams = {
+    id: row.id,
+    source: row.source ?? 'cli',
+    model: row.model ?? null,
+    started_at: row.started_at,
+    input_tokens: row.input_tokens ?? 0,
+    output_tokens: row.output_tokens ?? 0,
+    cache_read_tokens: row.cache_read_tokens ?? 0,
+    cache_write_tokens: row.cache_write_tokens ?? 0,
+    reasoning_tokens: row.reasoning_tokens ?? 0,
+    estimated_cost_usd: row.estimated_cost_usd ?? 0,
+    actual_cost_usd: row.actual_cost_usd ?? null,
+  }
+
+  if (withApiCallCount) {
+    db.prepare(`
+      INSERT INTO sessions (
+        id, source, model, started_at, input_tokens, output_tokens,
+        cache_read_tokens, cache_write_tokens, reasoning_tokens,
+        estimated_cost_usd, actual_cost_usd, api_call_count
+      ) VALUES (
+        $id, $source, $model, $started_at, $input_tokens, $output_tokens,
+        $cache_read_tokens, $cache_write_tokens, $reasoning_tokens,
+        $estimated_cost_usd, $actual_cost_usd, $api_call_count
+      )
+    `).run({ ...baseParams, api_call_count: row.api_call_count ?? 0 })
+  } else {
+    db.prepare(`
+      INSERT INTO sessions (
+        id, source, model, started_at, input_tokens, output_tokens,
+        cache_read_tokens, cache_write_tokens, reasoning_tokens,
+        estimated_cost_usd, actual_cost_usd
+      ) VALUES (
+        $id, $source, $model, $started_at, $input_tokens, $output_tokens,
+        $cache_read_tokens, $cache_write_tokens, $reasoning_tokens,
+        $estimated_cost_usd, $actual_cost_usd
+      )
+    `).run(baseParams)
+  }
+  db.close()
+}
+
+function day(seconds: number): string {
+  return new Date(seconds * 1000).toISOString().slice(0, 10)
+}
+
+describe('native-style Hermes usage analytics DB aggregation', () => {
+  let profileDir: string | null = null
+
+  beforeEach(() => {
+    vi.resetModules()
+    profileMock.getActiveProfileDir.mockReset()
+  })
+
+  afterEach(() => {
+    if (profileDir) rmSync(profileDir, { recursive: true, force: true })
+    profileDir = null
+  })
+
+  it('sums direct state.db rows in the period', async () => {
+    const now = 1_700_000_000
+    profileDir = createStateDb(true)
+    profileMock.getActiveProfileDir.mockReturnValue(profileDir)
+
+    insertSession(profileDir, {
+      id: 'root',
+      source: 'cli',
+      model: 'gpt-5',
+      started_at: now - 60,
+      input_tokens: 100,
+      output_tokens: 50,
+      cache_read_tokens: 10,
+      cache_write_tokens: 2,
+      reasoning_tokens: 5,
+      estimated_cost_usd: 0.02,
+      actual_cost_usd: null,
+      api_call_count: 1,
+    })
+    insertSession(profileDir, {
+      id: 'tool-child',
+      source: 'tool',
+      model: 'tool-model',
+      started_at: now - 90,
+      input_tokens: 30,
+      output_tokens: 20,
+      cache_read_tokens: 5,
+      cache_write_tokens: 1,
+      reasoning_tokens: 2,
+      estimated_cost_usd: 0.01,
+      actual_cost_usd: 0.015,
+      api_call_count: 2,
+    })
+    insertSession(profileDir, {
+      id: 'compress_1',
+      source: 'cli',
+      model: 'gpt-5',
+      started_at: now - 86400,
+      input_tokens: 7,
+      output_tokens: 3,
+      cache_read_tokens: 1,
+      estimated_cost_usd: 0.005,
+    })
+    insertSession(profileDir, {
+      id: 'null-model',
+      source: 'cli',
+      model: null,
+      started_at: now - 120,
+      input_tokens: 1,
+      output_tokens: 2,
+      estimated_cost_usd: 0.003,
+    })
+    insertSession(profileDir, {
+      id: 'web-local-copy',
+      source: 'api_server',
+      model: 'gpt-5',
+      started_at: now - 30,
+      input_tokens: 500,
+      output_tokens: 500,
+      estimated_cost_usd: 5,
+      api_call_count: 5,
+    })
+    insertSession(profileDir, {
+      id: 'old',
+      source: 'cli',
+      model: 'old-model',
+      started_at: now - 31 * 86400,
+      input_tokens: 999,
+      output_tokens: 999,
+      estimated_cost_usd: 9,
+      api_call_count: 9,
+    })
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const result = await mod.getUsageStatsFromDb(30, now)
+
+    expect(result).toMatchObject({
+      input_tokens: 638,
+      output_tokens: 575,
+      cache_read_tokens: 16,
+      cache_write_tokens: 3,
+      reasoning_tokens: 7,
+      sessions: 5,
+      total_api_calls: 8,
+    })
+    expect(result.cost).toBeCloseTo(5.043)
+    expect(result.by_model).toEqual([
+      { model: 'gpt-5', input_tokens: 607, output_tokens: 553, cache_read_tokens: 11, cache_write_tokens: 2, reasoning_tokens: 5, sessions: 3 },
+      { model: 'tool-model', input_tokens: 30, output_tokens: 20, cache_read_tokens: 5, cache_write_tokens: 1, reasoning_tokens: 2, sessions: 1 },
+    ])
+    expect(result.by_day).toHaveLength(2)
+    expect(result.by_day[0]).toEqual({
+      date: day(now - 86400),
+      input_tokens: 7,
+      output_tokens: 3,
+      cache_read_tokens: 1,
+      cache_write_tokens: 0,
+      sessions: 1,
+      errors: 0,
+      cost: 0.005,
+    })
+    expect(result.by_day[1]).toMatchObject({
+      date: day(now),
+      input_tokens: 631,
+      output_tokens: 572,
+      cache_read_tokens: 15,
+      cache_write_tokens: 3,
+      sessions: 4,
+      errors: 0,
+    })
+    expect(result.by_day[1].cost).toBeCloseTo(5.038)
+  })
+
+  it('keeps analytics working against older state.db schemas without api_call_count', async () => {
+    const now = 1_700_000_000
+    profileDir = createStateDb(false)
+    profileMock.getActiveProfileDir.mockReturnValue(profileDir)
+    insertSession(profileDir, {
+      id: 'legacy',
+      model: 'legacy-model',
+      started_at: now - 60,
+      input_tokens: 4,
+      output_tokens: 6,
+      estimated_cost_usd: 0.001,
+    }, false)
+
+    const mod = await import('../../packages/server/src/db/hermes/sessions-db')
+    const result = await mod.getUsageStatsFromDb(30, now)
+
+    expect(result.input_tokens).toBe(4)
+    expect(result.output_tokens).toBe(6)
+    expect(result.total_api_calls).toBe(0)
+  })
+})
diff --git a/tests/server/usage-store.test.ts b/tests/server/usage-store.test.ts
new file mode 100644
index 0000000..f4afaa1
--- /dev/null
+++ b/tests/server/usage-store.test.ts
@@ -0,0 +1,212 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest'
+
+// Mock the db index module so we can test usage-store in isolation
+const { mockEnsureTable, mockJsonSet, mockJsonGet, mockJsonGetAll, mockJsonDelete } = vi.hoisted(() => ({
+  mockEnsureTable: vi.fn(),
+  mockJsonSet: vi.fn(),
+  mockJsonGet: vi.fn(),
+  mockJsonGetAll: vi.fn(),
+  mockJsonDelete: vi.fn(),
+}))
+
+vi.mock('../../packages/server/src/db/index', () => ({
+  isSqliteAvailable: () => false, // Force JSON fallback path
+  ensureTable: mockEnsureTable,
+  getDb: () => null,
+  jsonSet: mockJsonSet,
+  jsonGet: mockJsonGet,
+  jsonGetAll: mockJsonGetAll,
+  jsonDelete: mockJsonDelete,
+}))
+
+import {
+  updateUsage,
+  getUsage,
+  getUsageBatch,
+  deleteUsage,
+} from '../../packages/server/src/db/hermes/usage-store'
+
+describe('Usage Store (JSON fallback)', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+
+  it('updateUsage writes via jsonSet', () => {
+    updateUsage('session-1', { inputTokens: 100, outputTokens: 50 })
+    expect(mockJsonSet).toHaveBeenCalledWith(
+      'session_usage',
+      'session-1',
+      expect.objectContaining({
+        input_tokens: 100,
+        output_tokens: 50,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        model: '',
+        profile: 'default',
+        created_at: expect.any(Number),
+      }),
+    )
+  })
+
+  it('getUsage reads via jsonGet', () => {
+    mockJsonGet.mockReturnValue({ input_tokens: 200, output_tokens: 80 })
+    const result = getUsage('session-1')
+    expect(result).toEqual({
+      input_tokens: 200,
+      output_tokens: 80,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      model: '',
+      profile: 'default',
+      created_at: 0,
+    })
+    expect(mockJsonGet).toHaveBeenCalledWith('session_usage', 'session-1')
+  })
+
+  it('getUsage returns undefined when jsonGet returns nothing', () => {
+    mockJsonGet.mockReturnValue(undefined)
+    const result = getUsage('nonexistent')
+    expect(result).toBeUndefined()
+  })
+
+  it('getUsageBatch returns empty map for empty input', () => {
+    const result = getUsageBatch([])
+    expect(result).toEqual({})
+    expect(mockJsonGetAll).not.toHaveBeenCalled()
+  })
+
+  it('getUsageBatch returns matching records', () => {
+    mockJsonGetAll.mockReturnValue({
+      'session-1': { input_tokens: 100, output_tokens: 50 },
+      'session-2': { input_tokens: 200, output_tokens: 80 },
+      'session-3': { input_tokens: 300, output_tokens: 120 },
+    })
+    const result = getUsageBatch(['session-1', 'session-3', 'session-missing'])
+    expect(result).toEqual({
+      'session-1': {
+        input_tokens: 100,
+        output_tokens: 50,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        model: '',
+        profile: 'default',
+        created_at: 0,
+      },
+      'session-3': {
+        input_tokens: 300,
+        output_tokens: 120,
+        cache_read_tokens: 0,
+        cache_write_tokens: 0,
+        reasoning_tokens: 0,
+        model: '',
+        profile: 'default',
+        created_at: 0,
+      },
+    })
+  })
+
+  it('deleteUsage calls jsonDelete', () => {
+    deleteUsage('session-1')
+    expect(mockJsonDelete).toHaveBeenCalledWith('session_usage', 'session-1')
+  })
+})
+
+// Test with SQLite available (mocked)
+describe('Usage Store (SQLite path)', () => {
+  let runMock: ReturnType<typeof vi.fn>
+  let getMock: ReturnType<typeof vi.fn>
+  let allMock: ReturnType<typeof vi.fn>
+  let deleteMock: ReturnType<typeof vi.fn>
+
+  beforeEach(() => {
+    vi.resetModules()
+
+    runMock = vi.fn()
+    getMock = vi.fn()
+    allMock = vi.fn()
+    deleteMock = vi.fn()
+
+    vi.doMock('../../packages/server/src/db/index', () => ({
+      isSqliteAvailable: () => true,
+      ensureTable: vi.fn(),
+      getDb: () => ({
+        prepare: vi.fn((sql: string) => {
+          if (sql.includes('INSERT') || sql.includes('UPDATE')) return { run: runMock }
+          if (sql.includes('SELECT') && sql.includes('WHERE session_id = ?')) return { get: getMock }
+          if (sql.includes('SELECT') && sql.includes('IN')) return { all: allMock }
+          if (sql.includes('DELETE')) return { run: deleteMock }
+          return { run: runMock, get: getMock, all: allMock }
+        }),
+      }),
+      jsonSet: vi.fn(),
+      jsonGet: vi.fn(),
+      jsonGetAll: vi.fn(),
+      jsonDelete: vi.fn(),
+    }))
+  })
+
+  it('updateUsage runs INSERT ... ON CONFLICT query', async () => {
+    const { updateUsage } = await import('../../packages/server/src/db/hermes/usage-store')
+    updateUsage('s1', { inputTokens: 500, outputTokens: 200 })
+    expect(runMock).toHaveBeenCalledWith(
+      's1',
+      500,
+      200,
+      0, // cacheReadTokens
+      0, // cacheWriteTokens
+      0, // reasoningTokens
+      '', // model
+      'default', // profile
+      expect.any(Number), // created_at
+    )
+  })
+
+  it('getUsage queries by session_id', async () => {
+    getMock.mockReturnValue({
+      input_tokens: 999,
+      output_tokens: 111,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      model: '',
+      profile: 'default',
+      created_at: 0,
+    })
+    const { getUsage } = await import('../../packages/server/src/db/hermes/usage-store')
+    const result = getUsage('s1')
+    expect(getMock).toHaveBeenCalledWith('s1')
+    expect(result).toEqual({
+      input_tokens: 999,
+      output_tokens: 111,
+      cache_read_tokens: 0,
+      cache_write_tokens: 0,
+      reasoning_tokens: 0,
+      model: '',
+      profile: 'default',
+      created_at: 0,
+    })
+  })
+
+  it('getUsageBatch queries with IN clause', async () => {
+    allMock.mockReturnValue([
+      { session_id: 'a', input_tokens: 1, output_tokens: 2, cache_read_tokens: 0, cache_write_tokens: 0, reasoning_tokens: 0, model: '', profile: 'default', created_at: 0 },
+      { session_id: 'b', input_tokens: 3, output_tokens: 4, cache_read_tokens: 0, cache_write_tokens: 0, reasoning_tokens: 0, model: '', profile: 'default', created_at: 0 },
+    ])
+    const { getUsageBatch } = await import('../../packages/server/src/db/hermes/usage-store')
+    const result = getUsageBatch(['a', 'b', 'c'])
+    expect(allMock).toHaveBeenCalledWith('a', 'b', 'c')
+    expect(result).toEqual({
+      a: { input_tokens: 1, output_tokens: 2, cache_read_tokens: 0, cache_write_tokens: 0, reasoning_tokens: 0, model: '', profile: 'default', created_at: 0 },
+      b: { input_tokens: 3, output_tokens: 4, cache_read_tokens: 0, cache_write_tokens: 0, reasoning_tokens: 0, model: '', profile: 'default', created_at: 0 },
+    })
+  })
+
+  it('deleteUsage runs DELETE query', async () => {
+    const { deleteUsage } = await import('../../packages/server/src/db/hermes/usage-store')
+    deleteUsage('s1')
+    expect(deleteMock).toHaveBeenCalledWith('s1')
+  })
+})
diff --git a/tests/server/user-auth.test.ts b/tests/server/user-auth.test.ts
new file mode 100644
index 0000000..0f45fa4
--- /dev/null
+++ b/tests/server/user-auth.test.ts
@@ -0,0 +1,338 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+describe('user auth tables and middleware', () => {
+  let db: any = null
+
+  beforeEach(async () => {
+    vi.resetModules()
+    vi.stubEnv('AUTH_JWT_SECRET', 'test-secret')
+    const { DatabaseSync } = await import('node:sqlite')
+    db = new DatabaseSync(':memory:')
+    vi.doMock('../../packages/server/src/db/index', () => ({
+      getDb: () => db,
+      getStoragePath: () => ':memory:',
+    }))
+  })
+
+  afterEach(() => {
+    db?.close()
+    db = null
+    vi.doUnmock('../../packages/server/src/db/index')
+    vi.doUnmock('../../packages/server/src/services/hermes/hermes-profile')
+    vi.unstubAllEnvs()
+    vi.resetModules()
+  })
+
+  async function initUsers() {
+    const schemas = await import('../../packages/server/src/db/hermes/schemas')
+    schemas.initAllHermesTables()
+    return {
+      schemas,
+      users: await import('../../packages/server/src/db/hermes/users-store'),
+      auth: await import('../../packages/server/src/middleware/user-auth'),
+    }
+  }
+
+  function makeCtx(user: any, profile: string) {
+    return {
+      state: { user },
+      query: { profile },
+      request: { body: {} },
+      get: vi.fn((name: string) => name.toLowerCase() === 'x-hermes-profile' ? '' : ''),
+      status: 200,
+      body: null,
+    } as any
+  }
+
+  it('creates the default super admin without profile bindings', async () => {
+    const { schemas, users } = await initUsers()
+
+    const created = users.bootstrapDefaultSuperAdmin('admin', '123456')
+    expect(created?.id).toBe(1)
+
+    const row = db.prepare(`SELECT * FROM ${schemas.USERS_TABLE} WHERE id = ?`).get(1) as any
+    expect(row.username).toBe('admin')
+    expect(row.role).toBe('super_admin')
+    expect(row.status).toBe('active')
+    expect(row.password_hash).not.toBe('123456')
+    expect(users.verifyPassword('123456', row.password_hash)).toBe(true)
+
+    const profileCount = db.prepare(`SELECT COUNT(*) as count FROM ${schemas.USER_PROFILES_TABLE} WHERE user_id = ?`).get(1) as any
+    expect(profileCount.count).toBe(0)
+  })
+
+  it('allows super admin to access profiles without explicit binding', async () => {
+    const { users, auth } = await initUsers()
+    const created = users.bootstrapDefaultSuperAdmin('admin', '123456')
+    expect(created?.role).toBe('super_admin')
+
+    const ctx = makeCtx({ id: created?.id, username: 'admin', role: 'super_admin' }, 'research')
+    const next = vi.fn(async () => {})
+
+    await auth.resolveUserProfile(ctx, next)
+
+    expect(ctx.state.profile).toEqual({ name: 'research' })
+    expect(next).toHaveBeenCalledOnce()
+  })
+
+  it('requires regular admins to be associated with the requested profile', async () => {
+    const { schemas, users, auth } = await initUsers()
+    const now = Date.now()
+    db.prepare(
+      `INSERT INTO ${schemas.USERS_TABLE} (username, password_hash, role, status, created_at, updated_at)
+       VALUES (?, ?, ?, ?, ?, ?)`
+    ).run('ops', users.hashPassword('secret'), 'admin', 'active', now, now)
+    const admin = users.findUserByUsername('ops')
+    expect(admin?.id).toBe(1)
+
+    const deniedCtx = makeCtx({ id: admin!.id, username: 'ops', role: 'admin' }, 'research')
+    await auth.resolveUserProfile(deniedCtx, vi.fn(async () => {}))
+    expect(deniedCtx.status).toBe(403)
+
+    db.prepare(
+      `INSERT INTO ${schemas.USER_PROFILES_TABLE} (user_id, profile_name, is_default, created_at)
+       VALUES (?, ?, 1, ?)`
+    ).run(admin!.id, 'research', now)
+
+    const allowedCtx = makeCtx({ id: admin!.id, username: 'ops', role: 'admin' }, 'research')
+    const next = vi.fn(async () => {})
+    await auth.resolveUserProfile(allowedCtx, next)
+
+    expect(allowedCtx.state.profile).toEqual({ name: 'research' })
+    expect(next).toHaveBeenCalledOnce()
+  })
+
+  it('does not infer a profile when the frontend does not send one', async () => {
+    const { auth } = await initUsers()
+    const ctx = makeCtx({ id: 1, username: 'admin', role: 'super_admin' }, '')
+    const next = vi.fn(async () => {})
+
+    await auth.resolveUserProfile(ctx, next)
+
+    expect(ctx.state.profile).toBeUndefined()
+    expect(next).toHaveBeenCalledOnce()
+
+    await auth.requireUserProfile(ctx, vi.fn(async () => {}))
+    expect(ctx.status).toBe(400)
+    expect(ctx.body).toEqual({ error: 'Profile is required' })
+  })
+
+  it('ignores stale profile headers for the aggregate available-models endpoint', async () => {
+    const { auth } = await initUsers()
+    const ctx = {
+      path: '/api/hermes/available-models',
+      state: { user: { id: 1, username: 'ops', role: 'admin' } },
+      query: {},
+      request: { body: {} },
+      get: vi.fn((name: string) => name.toLowerCase() === 'x-hermes-profile' ? 'private' : ''),
+      status: 200,
+      body: null,
+    } as any
+    const next = vi.fn(async () => {})
+
+    await auth.resolveUserProfile(ctx, next)
+
+    expect(ctx.state.profile).toBeUndefined()
+    expect(next).toHaveBeenCalledOnce()
+  })
+
+  it('does not create the default super admin until first valid bootstrap login', async () => {
+    const { schemas, users } = await initUsers()
+
+    expect(users.countUsers()).toBe(0)
+    expect(users.bootstrapDefaultSuperAdmin('admin', 'bad-password')).toBeNull()
+    expect(users.countUsers()).toBe(0)
+
+    const created = users.bootstrapDefaultSuperAdmin('admin', '123456')
+    expect(created?.role).toBe('super_admin')
+    expect(users.countUsers()).toBe(1)
+
+    const userCount = db.prepare(`SELECT COUNT(*) as count FROM ${schemas.USERS_TABLE}`).get() as any
+    expect(userCount.count).toBe(1)
+  })
+
+  it('signs and verifies user JWTs', async () => {
+    const { auth } = await initUsers()
+    const token = auth.signUserJwt({ id: 1, username: 'admin', role: 'super_admin' }, 'secret', 1000)
+
+    const payload = auth.verifyUserJwt(token, 'secret', 1000)
+    expect(payload?.sub).toBe('1')
+    expect(payload?.username).toBe('admin')
+    expect(payload?.role).toBe('super_admin')
+
+    expect(auth.verifyUserJwt(token, 'wrong', 1000)).toBeNull()
+  })
+
+  it('authenticates JWTs passed as query tokens for download and websocket URLs', async () => {
+    const { users, auth } = await initUsers()
+    const user = users.bootstrapDefaultSuperAdmin('admin', '123456')!
+    const token = auth.signUserJwt(user, 'test-secret')
+    const ctx = {
+      path: '/api/hermes/download',
+      headers: {},
+      query: { token },
+      state: {},
+      request: { body: {} },
+      status: 200,
+      body: null,
+    } as any
+    const next = vi.fn(async () => {})
+
+    await auth.requireUserJwt(ctx, next)
+
+    expect(ctx.state.user).toEqual({ id: user.id, username: 'admin', role: 'super_admin' })
+    expect(next).toHaveBeenCalledOnce()
+  })
+
+  it('lets SPA and static asset paths pass through without a JWT', async () => {
+    const { auth } = await initUsers()
+    const ctx = {
+      path: '/',
+      headers: {},
+      query: {},
+      state: {},
+      request: { body: {} },
+      status: 200,
+      body: null,
+    } as any
+    const next = vi.fn(async () => {})
+
+    await auth.requireUserJwt(ctx, next)
+
+    expect(next).toHaveBeenCalledOnce()
+    expect(ctx.status).toBe(200)
+    expect(ctx.body).toBeNull()
+  })
+
+  it('still requires a JWT for protected API paths', async () => {
+    const { auth } = await initUsers()
+    const ctx = {
+      path: '/api/hermes/sessions',
+      headers: {},
+      query: {},
+      state: {},
+      request: { body: {} },
+      status: 200,
+      body: null,
+    } as any
+    const next = vi.fn(async () => {})
+
+    await auth.requireUserJwt(ctx, next)
+
+    expect(next).not.toHaveBeenCalled()
+    expect(ctx.status).toBe(401)
+    expect(ctx.body).toEqual({ error: 'Unauthorized' })
+  })
+
+  it('bootstraps the default super admin through password login and returns a user JWT', async () => {
+    await initUsers()
+    const ctrl = await import('../../packages/server/src/controllers/auth')
+    const ctx = {
+      request: { body: { username: 'admin', password: '123456' } },
+      headers: {},
+      ip: '127.0.0.1',
+      status: 200,
+      body: null,
+    } as any
+
+    await ctrl.login(ctx)
+
+    expect(ctx.status).toBe(200)
+    expect(ctx.body.token).toMatch(/^[^.]+\.[^.]+\.[^.]+$/)
+  })
+
+  it('marks only admin with password 123456 as requiring a credential change', async () => {
+    const { users } = await initUsers()
+    const admin = users.bootstrapDefaultSuperAdmin('admin', '123456')!
+    const ctrl = await import('../../packages/server/src/controllers/auth')
+
+    const defaultCtx = {
+      state: { user: { id: admin.id, username: 'admin', role: 'super_admin' } },
+      status: 200,
+      body: null,
+    } as any
+    await ctrl.currentUser(defaultCtx)
+    expect(defaultCtx.body.user.requiresCredentialChange).toBe(true)
+
+    users.updateUserPassword(admin.id, 'stronger-password')
+    const passwordChangedCtx = {
+      state: { user: { id: admin.id, username: 'admin', role: 'super_admin' } },
+      status: 200,
+      body: null,
+    } as any
+    await ctrl.currentUser(passwordChangedCtx)
+    expect(passwordChangedCtx.body.user.requiresCredentialChange).toBe(false)
+
+    users.updateUserPassword(admin.id, '123456')
+    users.updateUsername(admin.id, 'owner')
+    const usernameChangedCtx = {
+      state: { user: { id: admin.id, username: 'owner', role: 'super_admin' } },
+      status: 200,
+      body: null,
+    } as any
+    await ctrl.currentUser(usernameChangedCtx)
+    expect(usernameChangedCtx.body.user.requiresCredentialChange).toBe(false)
+  })
+
+  it('lets super admins create regular admins with profile bindings', async () => {
+    const { users } = await initUsers()
+    vi.doMock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+      listProfileNamesFromDisk: () => ['default', 'research'],
+    }))
+    const ctrl = await import('../../packages/server/src/controllers/auth')
+    const ctx = {
+      state: { user: { id: 1, username: 'admin', role: 'super_admin' } },
+      request: {
+        body: {
+          username: 'ops',
+          password: 'secret1',
+          role: 'admin',
+          status: 'active',
+          profiles: ['research'],
+        },
+      },
+      status: 200,
+      body: null,
+    } as any
+
+    await ctrl.createManagedUser(ctx)
+
+    expect(ctx.status).toBe(201)
+    const created = users.findUserByUsername('ops')
+    expect(created?.role).toBe('admin')
+    expect(users.listUserProfiles(created!.id).map(profile => profile.profile_name)).toEqual(['research'])
+  })
+
+  it('does not allow disabling the last active super admin', async () => {
+    const { users } = await initUsers()
+    const admin = users.bootstrapDefaultSuperAdmin('admin', '123456')!
+    vi.doMock('../../packages/server/src/services/hermes/hermes-profile', () => ({
+      listProfileNamesFromDisk: () => ['default'],
+    }))
+    const ctrl = await import('../../packages/server/src/controllers/auth')
+    const ctx = {
+      state: { user: { id: admin.id, username: 'admin', role: 'super_admin' } },
+      params: { id: String(admin.id) },
+      request: { body: { status: 'disabled' } },
+      status: 200,
+      body: null,
+    } as any
+
+    await ctrl.updateManagedUser(ctx)
+
+    expect(ctx.status).toBe(400)
+    expect(ctx.body).toEqual({ error: 'You cannot disable your own account' })
+  })
+
+  it('requires super admin for super-admin-only middleware', async () => {
+    const { auth } = await initUsers()
+    const adminCtx = makeCtx({ id: 2, username: 'ops', role: 'admin' }, 'default')
+    await auth.requireSuperAdmin(adminCtx, vi.fn(async () => {}))
+    expect(adminCtx.status).toBe(403)
+
+    const superCtx = makeCtx({ id: 1, username: 'admin', role: 'super_admin' }, 'default')
+    const next = vi.fn(async () => {})
+    await auth.requireSuperAdmin(superCtx, next)
+    expect(next).toHaveBeenCalledOnce()
+  })
+})
diff --git a/tests/server/weixin-controller.test.ts b/tests/server/weixin-controller.test.ts
new file mode 100644
index 0000000..6c1336e
--- /dev/null
+++ b/tests/server/weixin-controller.test.ts
@@ -0,0 +1,90 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import { mkdir, mkdtemp, readFile, rm, writeFile } from 'fs/promises'
+import { join } from 'path'
+import { tmpdir } from 'os'
+
+const { mockRestartGatewayForProfile } = vi.hoisted(() => ({
+  mockRestartGatewayForProfile: vi.fn().mockResolvedValue({ running: true, profile: 'research' }),
+}))
+
+vi.mock('../../packages/server/src/services/hermes/gateway-autostart', () => ({
+  restartGatewayForProfile: mockRestartGatewayForProfile,
+}))
+
+let hermesHome = ''
+const originalHermesHome = process.env.HERMES_HOME
+
+async function loadController() {
+  vi.resetModules()
+  process.env.HERMES_HOME = hermesHome
+  return import('../../packages/server/src/controllers/hermes/weixin')
+}
+
+function makeCtx(body: Record<string, any>, profile = 'research'): any {
+  return {
+    request: { body },
+    state: { profile: { name: profile } },
+    status: 200,
+    body: undefined,
+  }
+}
+
+describe('weixin controller', () => {
+  beforeEach(async () => {
+    vi.clearAllMocks()
+    hermesHome = await mkdtemp(join(tmpdir(), 'hwui-weixin-controller-'))
+    await mkdir(join(hermesHome, 'profiles', 'research'), { recursive: true })
+    await writeFile(join(hermesHome, '.env'), [
+      'WEIXIN_ACCOUNT_ID=keep-default-account',
+      'WEIXIN_TOKEN=keep-default-token',
+      '',
+    ].join('\n'), 'utf-8')
+    await writeFile(join(hermesHome, 'profiles', 'research', '.env'), [
+      'OPENROUTER_API_KEY=keep-research-openrouter',
+      'WEIXIN_ACCOUNT_ID=old-research-account',
+      'WEIXIN_TOKEN=old-research-token',
+      '',
+    ].join('\n'), 'utf-8')
+  })
+
+  afterEach(async () => {
+    vi.resetModules()
+    if (originalHermesHome === undefined) delete process.env.HERMES_HOME
+    else process.env.HERMES_HOME = originalHermesHome
+    if (hermesHome) await rm(hermesHome, { recursive: true, force: true })
+    hermesHome = ''
+  })
+
+  it('saves scanned Weixin credentials to the request-scoped profile env only', async () => {
+    const { save } = await loadController()
+    const ctx = makeCtx({
+      account_id: 'new-research-account',
+      token: 'new-research-token',
+      base_url: 'https://weixin.invalid',
+    })
+
+    await save(ctx)
+
+    expect(ctx.body).toEqual({ success: true })
+    expect(mockRestartGatewayForProfile).toHaveBeenCalledWith('research')
+    expect(await readFile(join(hermesHome, '.env'), 'utf-8')).toContain('WEIXIN_TOKEN=keep-default-token')
+    const researchEnv = await readFile(join(hermesHome, 'profiles', 'research', '.env'), 'utf-8')
+    expect(researchEnv).toContain('OPENROUTER_API_KEY=keep-research-openrouter')
+    expect(researchEnv).toContain('WEIXIN_ACCOUNT_ID=new-research-account')
+    expect(researchEnv).toContain('WEIXIN_TOKEN=new-research-token')
+    expect(researchEnv).toContain('WEIXIN_BASE_URL=https://weixin.invalid')
+  })
+
+  it('rejects missing required credentials without touching the profile env', async () => {
+    const { save } = await loadController()
+    const ctx = makeCtx({ account_id: 'new-research-account' })
+    const envBefore = await readFile(join(hermesHome, 'profiles', 'research', '.env'), 'utf-8')
+
+    await save(ctx)
+
+    expect(ctx.status).toBe(400)
+    expect(ctx.body).toEqual({ error: 'Missing account_id or token' })
+    expect(mockRestartGatewayForProfile).not.toHaveBeenCalled()
+    await expect(readFile(join(hermesHome, 'profiles', 'research', '.env'), 'utf-8')).resolves.toBe(envBefore)
+  })
+})
diff --git a/tests/server/xai-auth-controller.test.ts b/tests/server/xai-auth-controller.test.ts
new file mode 100644
index 0000000..e7c1e3c
--- /dev/null
+++ b/tests/server/xai-auth-controller.test.ts
@@ -0,0 +1,123 @@
+import { afterEach, beforeEach, describe, expect, it } from 'vitest'
+import { existsSync, mkdirSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'fs'
+import { dirname, join } from 'path'
+import { tmpdir } from 'os'
+import YAML from 'js-yaml'
+import { applyXaiOAuthDefaultModel, saveXaiOAuthTokensForProfile, status } from '../../packages/server/src/controllers/hermes/xai-auth'
+
+let hermesHome = ''
+
+function writeFile(relativePath: string, content: string) {
+  const target = join(hermesHome, relativePath)
+  mkdirSync(dirname(target), { recursive: true })
+  writeFileSync(target, content)
+}
+
+function readYaml(relativePath: string) {
+  return YAML.load(readFileSync(join(hermesHome, relativePath), 'utf-8')) as any
+}
+
+function readJson(relativePath: string) {
+  return JSON.parse(readFileSync(join(hermesHome, relativePath), 'utf-8'))
+}
+
+function makeCtx(profile: string): any {
+  return {
+    state: { profile: { name: profile } },
+    query: {},
+    request: { body: {} },
+    get: () => '',
+    status: 200,
+    body: undefined as unknown,
+  }
+}
+
+describe('xAI auth controller', () => {
+  beforeEach(() => {
+    hermesHome = mkdtempSync(join(tmpdir(), 'hwui-xai-auth-'))
+    process.env.HERMES_HOME = hermesHome
+  })
+
+  afterEach(() => {
+    delete process.env.HERMES_HOME
+    if (hermesHome) rmSync(hermesHome, { recursive: true, force: true })
+    hermesHome = ''
+  })
+
+  it('does not keep a non-xAI model when switching the default provider to xai-oauth', () => {
+    const config = applyXaiOAuthDefaultModel({
+      model: {
+        default: 'glm-5-turbo',
+        provider: 'custom:glm-coding-plan',
+        base_url: 'https://api.z.ai/api/anthropic',
+        api_key: 'secret',
+      },
+    })
+
+    expect(config.model).toEqual({
+      default: 'grok-4.3',
+      provider: 'xai-oauth',
+    })
+  })
+
+  it('preserves an existing Grok model when refreshing xai-oauth credentials', () => {
+    const config = applyXaiOAuthDefaultModel({
+      model: {
+        default: 'grok-4.20-reasoning',
+        provider: 'xai-oauth',
+      },
+    })
+
+    expect(config.model).toEqual({
+      default: 'grok-4.20-reasoning',
+      provider: 'xai-oauth',
+    })
+  })
+
+  it('persists OAuth credentials and default model in the request-scoped profile only', async () => {
+    mkdirSync(join(hermesHome, 'profiles', 'research'), { recursive: true })
+    writeFile('config.yaml', 'model:\n  provider: deepseek\n  default: deepseek-chat\n')
+    writeFile('profiles/research/config.yaml', 'model:\n  provider: openrouter\n  default: openrouter-model\n')
+
+    await saveXaiOAuthTokensForProfile(
+      'research',
+      {
+        discovery: { token_endpoint: 'https://auth.x.ai/oauth/token' },
+        redirectUri: 'http://127.0.0.1:56121/callback',
+      },
+      {
+        access_token: 'research-access-token',
+        refresh_token: 'research-refresh-token',
+        expires_in: 3600,
+        token_type: 'Bearer',
+      },
+    )
+
+    expect(existsSync(join(hermesHome, 'auth.json'))).toBe(false)
+    const auth = readJson('profiles/research/auth.json')
+    expect(auth.providers['xai-oauth'].tokens.access_token).toBe('research-access-token')
+    expect(auth.credential_pool['xai-oauth'][0].refresh_token).toBe('research-refresh-token')
+
+    expect(readYaml('config.yaml').model).toEqual({ provider: 'deepseek', default: 'deepseek-chat' })
+    expect(readYaml('profiles/research/config.yaml').model).toEqual({ provider: 'xai-oauth', default: 'grok-4.3' })
+  })
+
+  it('checks xAI OAuth status against the request-scoped profile', async () => {
+    mkdirSync(join(hermesHome, 'profiles', 'research'), { recursive: true })
+    writeFile('auth.json', JSON.stringify({ version: 1, providers: {}, credential_pool: {} }, null, 2))
+    writeFile('profiles/research/auth.json', JSON.stringify({
+      version: 1,
+      providers: {
+        'xai-oauth': {
+          last_refresh: '2026-06-02T00:00:00.000Z',
+          tokens: { access_token: 'research-access-token' },
+        },
+      },
+    }, null, 2))
+
+    const ctx = makeCtx('research')
+    await status(ctx)
+
+    expect(ctx.body).toEqual({ authenticated: true, last_refresh: '2026-06-02T00:00:00.000Z' })
+  })
+})
diff --git a/tests/setup.ts b/tests/setup.ts
new file mode 100644
index 0000000..3915cba
--- /dev/null
+++ b/tests/setup.ts
@@ -0,0 +1,34 @@
+import { vi } from 'vitest'
+
+// Vite injects this at build time; unit tests need a stable fallback.
+;(globalThis as any).__APP_VERSION__ = 'test'
+// Client-only setup (window/localStorage only exist in jsdom)
+if (typeof window !== 'undefined') {
+  // Mock window.matchMedia
+  Object.defineProperty(window, 'matchMedia', {
+    writable: true,
+    value: vi.fn().mockImplementation((query: string) => ({
+      matches: false,
+      media: query,
+      onchange: null,
+      addListener: vi.fn(),
+      removeListener: vi.fn(),
+      addEventListener: vi.fn(),
+      removeEventListener: vi.fn(),
+      dispatchEvent: vi.fn(),
+    })),
+  })
+
+  // Mock localStorage
+  const store: Record<string, string> = {}
+  Object.defineProperty(window, 'localStorage', {
+    value: {
+      getItem: vi.fn((key: string) => store[key] ?? null),
+      setItem: vi.fn((key: string, value: string) => { store[key] = value }),
+      removeItem: vi.fn((key: string) => { delete store[key] }),
+      clear: vi.fn(() => { for (const k of Object.keys(store)) delete store[k] }),
+      get length() { return Object.keys(store).length },
+      key: vi.fn((i: number) => Object.keys(store)[i] ?? null),
+    },
+  })
+}
diff --git a/tests/shared/provider-presets.test.ts b/tests/shared/provider-presets.test.ts
new file mode 100644
index 0000000..eed7e52
--- /dev/null
+++ b/tests/shared/provider-presets.test.ts
@@ -0,0 +1,105 @@
+import { describe, expect, it } from 'vitest'
+
+import {
+  PROVIDER_PRESETS as SERVER_PROVIDER_PRESETS,
+  buildProviderModelMap as buildServerProviderModelMap,
+} from '../../packages/server/src/shared/providers'
+import { PROVIDER_ENV_MAP } from '../../packages/server/src/services/config-helpers'
+
+const OPENAI_CODEX_PROVIDER = 'openai-codex'
+const COPILOT_PROVIDER = 'copilot'
+const FUN_CODEX_PROVIDER = 'fun-codex'
+const KIMI_CODING_PROVIDER = 'kimi-coding'
+const KIMI_CODING_CN_PROVIDER = 'kimi-coding-cn'
+const MINIMAX_PROVIDER = 'minimax'
+const MINIMAX_CN_PROVIDER = 'minimax-cn'
+const NOUS_PROVIDER = 'nous'
+const STEPFUN_PROVIDER = 'stepfun'
+const XAI_OAUTH_PROVIDER = 'xai-oauth'
+const GPT_5_5_MODEL = 'gpt-5.5'
+
+function modelsForProvider(providerPresets: Array<{ value: string; models: string[] }>, provider: string): string[] {
+  const preset = providerPresets.find((candidate) => candidate.value === provider)
+  expect(preset).toBeDefined()
+  return preset?.models ?? []
+}
+
+describe('provider presets', () => {
+  it('routes apikey.fun Codex through the Responses transport', () => {
+    const preset = SERVER_PROVIDER_PRESETS.find((candidate) => candidate.value === FUN_CODEX_PROVIDER)
+    expect(preset?.api_mode).toBe('codex_responses')
+  })
+
+  it('lists GPT-5.5 for OpenAI Codex', () => {
+    expect(modelsForProvider(SERVER_PROVIDER_PRESETS, OPENAI_CODEX_PROVIDER)).toContain(GPT_5_5_MODEL)
+  })
+
+  it('exposes GPT-5.5 through provider model maps', () => {
+    expect(buildServerProviderModelMap()[OPENAI_CODEX_PROVIDER]).toContain(GPT_5_5_MODEL)
+  })
+
+  it('treats xAI OAuth as OAuth-only for availability checks', () => {
+    expect(PROVIDER_ENV_MAP[XAI_OAUTH_PROVIDER]).toEqual({ api_key_env: '', base_url_env: '' })
+  })
+
+  it('keeps Kimi Coding Plan and China credentials distinct without duplicate Moonshot presets', () => {
+    expect(PROVIDER_ENV_MAP[KIMI_CODING_PROVIDER]).toEqual({ api_key_env: 'KIMI_API_KEY', base_url_env: 'KIMI_BASE_URL' })
+    expect(PROVIDER_ENV_MAP[KIMI_CODING_CN_PROVIDER]).toEqual({ api_key_env: 'KIMI_CN_API_KEY', base_url_env: '' })
+    expect(PROVIDER_ENV_MAP).not.toHaveProperty('moonshot')
+
+    expect(SERVER_PROVIDER_PRESETS.find(candidate => candidate.value === KIMI_CODING_PROVIDER)?.base_url).toBe('https://api.kimi.com/coding/v1')
+    expect(SERVER_PROVIDER_PRESETS.find(candidate => candidate.value === KIMI_CODING_CN_PROVIDER)?.base_url).toBe('https://api.kimi.cn/coding/v1')
+    expect(SERVER_PROVIDER_PRESETS.find(candidate => candidate.value === KIMI_CODING_CN_PROVIDER)?.label).toBe('Kimi for Coding China')
+    expect(SERVER_PROVIDER_PRESETS.find(candidate => candidate.value === 'moonshot')).toBeUndefined()
+  })
+
+  it('does not expose incomplete built-in provider presets', () => {
+    expect(PROVIDER_ENV_MAP).not.toHaveProperty('azure-foundry')
+    expect(SERVER_PROVIDER_PRESETS.find(candidate => candidate.value === 'azure-foundry')).toBeUndefined()
+    expect(SERVER_PROVIDER_PRESETS.filter(candidate => candidate.builtin && !candidate.base_url && candidate.models.length === 0)).toEqual([])
+  })
+
+  it('includes Step 3.7 Flash in the StepFun fallback catalog', () => {
+    expect(modelsForProvider(SERVER_PROVIDER_PRESETS, STEPFUN_PROVIDER)).toContain('step-3.7-flash')
+  })
+
+  it('keeps MiniMax M3 first while retaining currently supported M2.x Anthropic models', () => {
+    expect(PROVIDER_ENV_MAP[MINIMAX_PROVIDER]).toEqual({ api_key_env: 'MINIMAX_API_KEY', base_url_env: 'MINIMAX_BASE_URL' })
+    expect(PROVIDER_ENV_MAP[MINIMAX_CN_PROVIDER]).toEqual({ api_key_env: 'MINIMAX_CN_API_KEY', base_url_env: 'MINIMAX_CN_BASE_URL' })
+
+    for (const provider of [MINIMAX_PROVIDER, MINIMAX_CN_PROVIDER]) {
+      const models = modelsForProvider(SERVER_PROVIDER_PRESETS, provider)
+      expect(models[0]).toBe('MiniMax-M3')
+      expect(models).toEqual(expect.arrayContaining([
+        'MiniMax-M2.7',
+        'MiniMax-M2.7-highspeed',
+        'MiniMax-M2.5',
+        'MiniMax-M2.5-highspeed',
+        'MiniMax-M2.1',
+        'MiniMax-M2.1-highspeed',
+        'MiniMax-M2',
+      ]))
+    }
+  })
+
+  it('includes current GitHub Copilot fallback models', () => {
+    const models = modelsForProvider(SERVER_PROVIDER_PRESETS, COPILOT_PROVIDER)
+    expect(models).toEqual(expect.arrayContaining([
+      'gpt-5.5',
+      'gpt-5.4',
+      'gpt-5.4-nano',
+      'claude-opus-4.8',
+      'gemini-3.5-flash',
+      'raptor-mini',
+    ]))
+    expect(models).not.toContain('grok-code-fast-1')
+  })
+
+  it('hardcodes current Nous catalog and recommended models', () => {
+    const models = modelsForProvider(SERVER_PROVIDER_PRESETS, NOUS_PROVIDER)
+    expect(models).toContain('anthropic/claude-opus-4.8')
+    expect(models).toContain('qwen/qwen3.7-max')
+    expect(models).toContain('qwen/qwen3.6-35b-a3b')
+    expect(buildServerProviderModelMap()[NOUS_PROVIDER]).toContain('qwen/qwen3.7-max')
+  })
+})
diff --git a/tsconfig.app.json b/tsconfig.app.json
new file mode 100644
index 0000000..5f0e33f
--- /dev/null
+++ b/tsconfig.app.json
@@ -0,0 +1,18 @@
+{
+  "extends": "@vue/tsconfig/tsconfig.dom.json",
+  "compilerOptions": {
+    "lib": ["ES2025", "DOM", "DOM.Iterable"],
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
+    "types": ["vite/client", "vitest/globals"],
+    "ignoreDeprecations": "6.0",
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["packages/client/src/*"]
+    },
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true
+  },
+  "include": ["packages/client/src/**/*.ts", "packages/client/src/**/*.tsx", "packages/client/src/**/*.vue"]
+}
diff --git a/tsconfig.json b/tsconfig.json
new file mode 100644
index 0000000..e9d1e0e
--- /dev/null
+++ b/tsconfig.json
@@ -0,0 +1,8 @@
+{
+  "files": [],
+  "references": [
+    { "path": "./tsconfig.app.json" },
+    { "path": "./tsconfig.node.json" },
+    { "path": "./tsconfig.website.json" }
+  ]
+}
diff --git a/tsconfig.node.json b/tsconfig.node.json
new file mode 100644
index 0000000..d3c52ea
--- /dev/null
+++ b/tsconfig.node.json
@@ -0,0 +1,24 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
+    "target": "es2023",
+    "lib": ["ES2023"],
+    "module": "esnext",
+    "types": ["node"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+
+    /* Linting */
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true
+  },
+  "include": ["vite.config.ts"]
+}
diff --git a/tsconfig.website.json b/tsconfig.website.json
new file mode 100644
index 0000000..9b1ce43
--- /dev/null
+++ b/tsconfig.website.json
@@ -0,0 +1,19 @@
+{
+  "extends": "@vue/tsconfig/tsconfig.dom.json",
+  "compilerOptions": {
+    "lib": ["ES2025", "DOM", "DOM.Iterable"],
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.website.tsbuildinfo",
+    "types": ["vite/client"],
+    "ignoreDeprecations": "6.0",
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["packages/website/src/*"],
+      "@client/*": ["packages/client/src/*"]
+    },
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true
+  },
+  "include": ["packages/website/src/**/*.ts", "packages/website/src/**/*.tsx", "packages/website/src/**/*.vue"]
+}
diff --git a/vite.config.ts b/vite.config.ts
new file mode 100644
index 0000000..9d3f413
--- /dev/null
+++ b/vite.config.ts
@@ -0,0 +1,109 @@
+import { defineConfig } from 'vite'
+import vue from '@vitejs/plugin-vue'
+import type { ProxyOptions } from 'vite'
+import { resolve } from 'path'
+import pkg from './package.json'
+
+const FRONTEND_PORT = Number(process.env.HERMES_WEB_UI_FRONTEND_PORT || 8649)
+const BACKEND_PORT = process.env.HERMES_WEB_UI_BACKEND_PORT || '8648'
+const BACKEND = `http://127.0.0.1:${BACKEND_PORT}`
+
+function createProxyConfig(): ProxyOptions {
+  return {
+    target: BACKEND,
+    changeOrigin: true,
+    ws: true,
+    configure: (proxy) => {
+      proxy.on('proxyReq', (proxyReq) => {
+        proxyReq.removeHeader('origin')
+        proxyReq.removeHeader('referer')
+      })
+      proxy.on('proxyRes', (proxyRes) => {
+        proxyRes.headers['cache-control'] = 'no-cache'
+        proxyRes.headers['x-accel-buffering'] = 'no'
+      })
+    },
+  }
+}
+
+export default defineConfig({
+  root: 'packages/client',
+  plugins: [vue()],
+  define: {
+    __APP_VERSION__: JSON.stringify(pkg.version),
+  },
+  resolve: {
+    alias: {
+      '@': resolve(__dirname, 'packages/client/src'),
+    },
+  },
+  build: {
+    outDir: '../../dist/client',
+    emptyOutDir: true,
+    // Use esbuild for minification (much faster than terser)
+    minify: 'esbuild',
+    // Disable sourcemap generation for faster builds
+    sourcemap: false,
+    target: 'es2020',
+    // Increase chunk size warning limit (default: 500KB)
+    chunkSizeWarningLimit: 1000,
+    // CSS code splitting for better caching
+    cssCodeSplit: true,
+    rollupOptions: {
+      output: {
+        // Manual chunk splitting to speed up rendering
+        manualChunks(id) {
+          // Separate large heavy packages to avoid blocking other chunks
+          if (id.includes('node_modules/monaco-editor')) {
+            return 'monaco-editor'
+          }
+          if (id.includes('node_modules/mermaid')) {
+            return 'mermaid'
+          }
+          if (id.includes('node_modules/@xterm')) {
+            return 'xterm'
+          }
+          if (id.includes('node_modules')) {
+            if (id.includes('vue') || id.includes('pinia') || id.includes('vue-router')) {
+              return 'vue-vendor'
+            }
+            if (id.includes('naive-ui')) {
+              return 'ui-vendor'
+            }
+            return 'vendor'
+          }
+        },
+        // Optimize chunk file names for better caching
+        chunkFileNames: 'assets/js/[name]-[hash].js',
+        entryFileNames: 'assets/js/[name]-[hash].js',
+        assetFileNames: 'assets/[ext]/[name]-[hash].[ext]',
+      },
+    },
+  },
+  optimizeDeps: {
+    // Pre-bundle all large dependencies for faster builds
+    include: [
+      'monaco-editor',
+      'mermaid',
+      'vue',
+      'vue-router',
+      'pinia',
+      'naive-ui',
+    ],
+  },
+  server: {
+    port: FRONTEND_PORT,
+    strictPort: true,
+    proxy: {
+      '/api': createProxyConfig(),
+      '/v1': createProxyConfig(),
+      '/health': createProxyConfig(),
+      '/upload': createProxyConfig(),
+      '/webhook': createProxyConfig(),
+      '/socket.io': {
+        target: BACKEND,
+        ws: true,
+      },
+    },
+  },
+})
diff --git a/vite.config.website.ts b/vite.config.website.ts
new file mode 100644
index 0000000..903b012
--- /dev/null
+++ b/vite.config.website.ts
@@ -0,0 +1,54 @@
+import { defineConfig } from 'vite'
+import vue from '@vitejs/plugin-vue'
+import { resolve } from 'path'
+import pkg from './package.json'
+
+export default defineConfig({
+  root: 'packages/website',
+  plugins: [vue()],
+  define: {
+    __APP_VERSION__: JSON.stringify(pkg.version),
+  },
+  resolve: {
+    alias: {
+      '@': resolve(__dirname, 'packages/website/src'),
+      '@client': resolve(__dirname, 'packages/client/src'),
+    },
+  },
+  css: {
+    preprocessorOptions: {
+      scss: {
+        additionalData: `@use "@/styles/variables" as *;\n`,
+      },
+    },
+  },
+  build: {
+    outDir: '../../dist/website',
+    emptyOutDir: true,
+    minify: 'esbuild',
+    sourcemap: false,
+    target: 'es2020',
+    cssCodeSplit: true,
+    rollupOptions: {
+      output: {
+        manualChunks(id) {
+          if (id.includes('node_modules')) {
+            if (id.includes('vue') || id.includes('vue-router') || id.includes('vue-i18n') || id.includes('pinia')) {
+              return 'vue-vendor'
+            }
+            if (id.includes('naive-ui')) {
+              return 'ui-vendor'
+            }
+            return 'vendor'
+          }
+        },
+        chunkFileNames: 'assets/js/[name]-[hash].js',
+        entryFileNames: 'assets/js/[name]-[hash].js',
+        assetFileNames: 'assets/[ext]/[name]-[hash].[ext]',
+      },
+    },
+  },
+  server: {
+    port: 3000,
+  },
+})
diff --git a/vitest.config.ts b/vitest.config.ts
new file mode 100644
index 0000000..850ca0b
--- /dev/null
+++ b/vitest.config.ts
@@ -0,0 +1,17 @@
+import { defineConfig } from 'vitest/config'
+import vue from '@vitejs/plugin-vue'
+import { resolve } from 'path'
+
+export default defineConfig({
+  plugins: [vue()],
+  resolve: {
+    alias: {
+      '@': resolve(__dirname, 'packages/client/src'),
+      '/logo.png': resolve(__dirname, 'packages/client/src/assets/logo.png'),
+    },
+  },
+  test: {
+    include: ['tests/**/*.test.ts'],
+    setupFiles: ['tests/setup.ts'],
+  },
+})