@nordbyte/nordrelay 0.6.0 → 0.8.0

package/dist/webui-assets/dashboard.js

@@ -20,6 +20,17 @@
     { re: /^\/api\/agent-update\/[^\/]+\/input$/, methods: ["POST"] },
     { re: /^\/api\/agent-update\/[^\/]+\/cancel$/, methods: ["POST"] },
     { path: "/api/adapters/health", methods: ["GET"] },
+    { path: "/api/adapters/conformance", methods: ["GET"] },
+    { path: "/api/peers", methods: ["GET", "POST"] },
+    { path: "/api/peers/invite", methods: ["POST"] },
+    { path: "/api/peers/pair", methods: ["POST"] },
+    { path: "/api/peers/probe", methods: ["POST"] },
+    { path: "/api/peers/global-sessions", methods: ["GET"] },
+    { re: /^\/api\/peers\/invitations\/[^\/]+$/, methods: ["DELETE"] },
+    { re: /^\/api\/peers\/[^\/]+\/health$/, methods: ["GET"] },
+    { re: /^\/api\/peers\/[^\/]+$/, methods: ["PATCH", "DELETE"] },
+    { re: /^\/api\/peers\/[^\/]+\/proxy$/, methods: ["POST"] },
+    { re: /^\/api\/peers\/[^\/]+\/events$/, methods: ["GET"] },
     { path: "/api/permissions", methods: ["GET"] },
     { path: "/api/users", methods: ["GET", "POST"] },
     { re: /^\/api\/users\/[^\/]+$/, methods: ["PATCH"] },
@@ -30,18 +41,23 @@
     { re: /^\/api\/users\/[^\/]+\/telegram\/[^\/]+$/, methods: ["DELETE"] },
     { re: /^\/api\/users\/[^\/]+\/discord$/, methods: ["POST"] },
     { re: /^\/api\/users\/[^\/]+\/discord\/[^\/]+$/, methods: ["DELETE"] },
+    { re: /^\/api\/users\/[^\/]+\/slack$/, methods: ["POST"] },
+    { re: /^\/api\/users\/[^\/]+\/slack\/[^\/]+$/, methods: ["DELETE"] },
     { path: "/api/groups", methods: ["GET", "POST"] },
     { re: /^\/api\/groups\/[^\/]+$/, methods: ["PATCH"] },
     { path: "/api/telegram-chats", methods: ["GET", "POST"] },
     { re: /^\/api\/telegram-chats\/[^\/]+$/, methods: ["PATCH"] },
     { path: "/api/discord-channels", methods: ["GET", "POST"] },
     { re: /^\/api\/discord-channels\/[^\/]+$/, methods: ["PATCH"] },
+    { path: "/api/slack-channels", methods: ["GET", "POST"] },
+    { re: /^\/api\/slack-channels\/[^\/]+$/, methods: ["PATCH"] },
     { path: "/api/audit", methods: ["GET"] },
     { path: "/api/locks", methods: ["GET", "POST", "DELETE"] },
     { path: "/api/auth/status", methods: ["GET"] },
     { path: "/api/auth/login", methods: ["POST"] },
     { path: "/api/auth/logout", methods: ["POST"] },
     { path: "/api/settings", methods: ["GET", "PATCH"] },
+    { path: "/api/settings/wizard/test", methods: ["POST"] },
     { path: "/api/control-options", methods: ["GET"] },
     { path: "/api/sessions", methods: ["GET"] },
     { path: "/api/sessions/new", methods: ["POST"] },
@@ -84,6 +100,32 @@
     const method = normalizeMethod(options.method, options.body);
     const url = apiUrl(path, options.query);
     assertApiRoute(url.pathname, method);
+    if (!options.local && shouldProxyApi(url.pathname)) {
+      const peerId = selectedPeerTarget();
+      const proxyBody = JSON.stringify({
+        method,
+        path: url.pathname,
+        query: queryObject(url),
+        body: bodyObject(options.body),
+        contextKey: "web:dashboard"
+      });
+      const res2 = await fetch("/api/peers/" + encodeURIComponent(peerId) + "/proxy", {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: proxyBody
+      });
+      if (res2.status === 401) {
+        location.reload();
+        return (
+          /** @type {never} */
+          void 0
+        );
+      }
+      const text2 = await res2.text();
+      const data2 = text2 ? JSON.parse(text2) : {};
+      if (!res2.ok) throw new Error(data2.error || res2.statusText);
+      return data2;
+    }
     const body = normalizeBody(options.body);
     const headers = {
       ...body !== void 0 && shouldSendJsonHeader(options.body) ? { "content-type": "application/json" } : {},
@@ -102,6 +144,46 @@
     if (!res.ok) throw new Error(data.error || res.statusText);
     return data;
   }
+  function shouldProxyApi(path) {
+    const peerId = selectedPeerTarget();
+    if (!peerId || peerId === "local") return false;
+    if (!path.startsWith("/api/")) return false;
+    return !(path === "/api/auth/me" || path === "/api/dashboard/logout" || path === "/api/peers" || path === "/api/peers/invite" || path === "/api/peers/pair" || path === "/api/peers/probe" || /^\/api\/peers\/[^/]+(?:\/events|\/proxy)?$/.test(path) || isLocalAdminApi(path));
+  }
+  function isLocalAdminApi(path) {
+    return path === "/api/permissions" || path === "/api/settings" || path === "/api/audit" || path === "/api/locks" || path === "/api/users" || path === "/api/groups" || path === "/api/telegram-chats" || path === "/api/discord-channels" || path === "/api/slack-channels" || /^\/api\/users\//.test(path) || /^\/api\/groups\//.test(path) || /^\/api\/telegram-chats\//.test(path) || /^\/api\/discord-channels\//.test(path) || /^\/api\/slack-channels\//.test(path);
+  }
+  function selectedPeerTarget() {
+    const runtimeState = (
+      /** @type {{ NORDRELAY_WEBUI_RUNTIME_STATE?: { selectedPeer?: string } }} */
+      globalThis.NORDRELAY_WEBUI_RUNTIME_STATE
+    );
+    return runtimeState?.selectedPeer || "local";
+  }
+  function queryObject(url) {
+    const result = {};
+    for (const [key, value] of url.searchParams.entries()) {
+      if (result[key] === void 0) result[key] = value;
+      else if (Array.isArray(result[key])) result[key].push(value);
+      else result[key] = [result[key], value];
+    }
+    return result;
+  }
+  function bodyObject(body) {
+    if (body === void 0 || body === null) return {};
+    if (typeof body === "string") {
+      try {
+        return body ? JSON.parse(body) : {};
+      } catch {
+        return { value: body };
+      }
+    }
+    if (isNativeBody(body)) return {};
+    return (
+      /** @type {Record<string, unknown>} */
+      body
+    );
+  }
   function apiUrl(path, query) {
     const url = new URL(path, location.origin);
     if (query) {
@@ -148,7 +230,8 @@
       throw new Error("Unsupported WebUI API method: " + method + " " + path);
     }
   }
-  const state = { snapshot: null, controls: null, newSessionControls: null, enabledAgents: [], auth: null, permissions: [], settings: [], currentPage: "overview", settingsGroup: null, accessTab: "users", logsPlain: "", logTimer: null, toastTimer: null, cliStatusActive: false, selectedArtifactTurns: /* @__PURE__ */ new Set(), mediaRecorder: null, recordedChunks: [], events: null, reconnectTimer: null, notifications: false, toolTooltipTimer: null, toolTooltipTarget: null, agentUpdateJobs: [], sessionsRequestId: 0, activeSessionsTimer: null };
+  const state = { snapshot: null, controls: null, newSessionControls: null, enabledAgents: [], auth: null, permissions: [], settings: [], currentPage: "overview", settingsGroup: null, settingsWizard: null, accessTab: "users", logsPlain: "", logTimer: null, toastTimer: null, cliStatusActive: false, selectedArtifactTurns: /* @__PURE__ */ new Set(), mediaRecorder: null, recordedChunks: [], events: null, reconnectTimer: null, notifications: false, toolTooltipTimer: null, toolTooltipTarget: null, agentUpdateJobs: [], sessionsRequestId: 0, activeSessions: null, peers: null, peerInviteSecrets: {}, peerProbeResult: null, selectedPeer: localStorage.getItem("nordrelayPeerTarget") || "local" };
+  globalThis.NORDRELAY_WEBUI_RUNTIME_STATE = state;
   function toast(msg, options = {}) {
     const el = document.getElementById("toast");
     el.textContent = msg;
@@ -245,17 +328,20 @@
       ["#abortBtn", "prompt.abort"],
       ["#clearChatBtn", "sessions.write"],
       ["#saveSettingsBtn", "settings.write"],
+      ["#settingsWizardBtn", "settings.write"],
       ["#restartBtn", "system.restart"],
       ["#updateBtn", "updates.run"],
       ["#clearLogsBtn", "logs.clear"],
-      ["#createUserBtn,#createGroupBtn,#createChatBtn,#createDiscordChannelBtn", "users.write"],
+      ["#createUserBtn,#createGroupBtn,#createChatBtn,#createDiscordChannelBtn,#createSlackChannelBtn", "users.write"],
+      ["#createPeerInviteBtn,#addPeerBtn,[data-peer-edit],[data-peer-toggle],[data-peer-revoke],[data-peer-invite-delete]", "peers.write"],
+      ["#checkPeerReachabilityBtn,[data-peer-probe]", "peers.connect"],
       ["#lockSessionBtn,#unlockSessionBtn", "sessions.write"],
       ["[data-switch]", "sessions.write"],
       ["[data-queue],[data-q]", "queue.write"],
       ["[data-del-art],#deleteSelectedArtifactsBtn", "files.write"],
       ["[data-auth-login],[data-auth-logout]", "auth.manage"],
       ["[data-update-agent],[data-update-send],[data-update-cancel],[data-update-delete-log]", "updates.run"],
-      ["[data-user-edit],[data-user-toggle],[data-user-code],[data-user-link],[data-user-discord-code],[data-user-discord-link],[data-user-password],[data-user-revoke],[data-telegram-unlink],[data-discord-unlink],[data-group-edit],[data-chat-edit],[data-chat-toggle],[data-discord-channel-edit],[data-discord-channel-toggle]", "users.write"]
+      ["[data-user-edit],[data-user-toggle],[data-user-code],[data-user-link],[data-user-discord-code],[data-user-discord-link],[data-user-slack-code],[data-user-slack-link],[data-user-password],[data-user-revoke],[data-telegram-unlink],[data-discord-unlink],[data-slack-unlink],[data-group-edit],[data-chat-edit],[data-chat-toggle],[data-discord-channel-edit],[data-discord-channel-toggle],[data-slack-channel-edit],[data-slack-channel-toggle]", "users.write"]
     ];
     disableMap.forEach(([selector, permission]) => document.querySelectorAll(selector).forEach((el) => {
       el.disabled = !can(permission);
@@ -311,6 +397,7 @@
     if (name === "tasks") await loadTasks();
     if (name === "metrics") await loadMetrics();
     if (name === "adapters") await loadAdapterHealth();
+    if (name === "peers") await loadPeers();
     if (name === "access") await loadAccess();
     if (name === "version") await loadVersion();
   }
@@ -354,9 +441,11 @@
   }
   const sessionsPager = createPaginator("sessionsPager", () => loadSessions(false), 50);
   async function loadBootstrap() {
-    const data = await api("/api/bootstrap");
-    state.auth = data.auth || null;
-    state.permissions = data.auth?.permissions || [];
+    const local = await api("/api/bootstrap", { local: true });
+    state.auth = local.auth || null;
+    state.permissions = local.auth?.permissions || [];
+    await loadPeerSelector();
+    const data = state.selectedPeer && state.selectedPeer !== "local" ? await api("/api/bootstrap") : local;
     state.snapshot = data.status.snapshot;
     state.controls = data.controls;
     state.enabledAgents = data.enabledAgents || [];
@@ -368,7 +457,7 @@
     renderAdapters(data.channels, data.agentAdapters);
     document.getElementById("footerVersion").textContent = "NordRelay " + (data.status.health?.version || "");
     document.getElementById("footerHealth").textContent = "Health: " + (data.status.health?.state?.status || "unknown");
-    document.getElementById("footerUser").textContent = "User: " + (data.auth?.user?.email || "-");
+    document.getElementById("footerUser").textContent = "User: " + (local.auth?.user?.email || "-") + (state.selectedPeer && state.selectedPeer !== "local" ? " / target peer" : "");
     const agentSelect = document.getElementById("agentSelect");
     agentSelect.innerHTML = data.enabledAgents.map((a) => '<option value="' + a + '">' + a + "</option>").join("");
     agentSelect.value = state.snapshot.session.agentId;
@@ -385,6 +474,35 @@
     });
     applyPermissions();
   }
+  async function loadPeerSelector() {
+    const peerSelect = document.getElementById("peerSelect");
+    if (!peerSelect) return;
+    if (!can("peers.read")) {
+      peerSelect.innerHTML = '<option value="local">Local</option>';
+      peerSelect.value = "local";
+      state.selectedPeer = "local";
+      return;
+    }
+    try {
+      const peers = await api("/api/peers", { local: true });
+      state.peers = peers;
+      const available = (peers.peers || []).filter((p) => p.enabled && p.url);
+      peerSelect.innerHTML = '<option value="local">Local node</option>' + available.map((p) => '<option value="' + attr(p.id) + '">' + esc(p.name) + "</option>").join("");
+      if (state.selectedPeer !== "local" && !available.some((p) => p.id === state.selectedPeer)) state.selectedPeer = "local";
+      peerSelect.value = state.selectedPeer;
+      peerSelect.onchange = () => safe(async () => {
+        state.selectedPeer = peerSelect.value || "local";
+        localStorage.setItem("nordrelayPeerTarget", state.selectedPeer);
+        connectEvents();
+        toast(state.selectedPeer === "local" ? "Target: local" : "Target: " + peerSelect.options[peerSelect.selectedIndex].text);
+        await loadBootstrap();
+        await reloadCurrentPage();
+      });
+    } catch {
+      peerSelect.innerHTML = '<option value="local">Local node</option>';
+      peerSelect.value = "local";
+    }
+  }
   function renderSnapshot(s) {
     document.getElementById("sessionLine").textContent = (s.session.agentLabel || "Agent") + " / " + (s.session.model || "default") + " / " + (s.session.threadId || "not started");
     document.getElementById("metrics").innerHTML = [
@@ -409,6 +527,7 @@
     renderActiveSessions(data.sessions || []);
   }
   function renderActiveSessions(items) {
+    state.activeSessions = { sessions: items || [], updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
     const box = document.getElementById("activeSessions");
     if (!box) return;
     box.innerHTML = (items || []).map(activeSessionCard).join("") || '<div class="item">No active sessions.</div>';
@@ -456,6 +575,7 @@
     if (source === "cli") return "CLI";
     if (source === "telegram") return "Telegram";
     if (source === "discord") return "Discord";
+    if (source === "slack") return "Slack";
     if (source === "web") return "WebUI";
     return source || "-";
   }
@@ -552,9 +672,6 @@
     if (status === "running") return "planned";
     return "disabled";
   }
-  state.activeSessionsTimer = setInterval(() => {
-    if (state.currentPage === "overview") safe(loadActiveSessions);
-  }, 5e3);
   function scrollChatToBottom() {
     const box = document.getElementById("messages");
     if (!box) return;
@@ -600,7 +717,8 @@
   let currentAgentMessage = null;
   function connectEvents() {
     if (state.events) state.events.close();
-    const events = new EventSource("/api/events");
+    const eventsUrl = state.selectedPeer && state.selectedPeer !== "local" ? "/api/peers/" + encodeURIComponent(state.selectedPeer) + "/events?contextKey=" + encodeURIComponent("web:dashboard") : "/api/events";
+    const events = new EventSource(eventsUrl);
     state.events = events;
     setConnection("Connecting", "warn");
     events.onopen = () => {
@@ -618,6 +736,11 @@
     });
     events.addEventListener("chat_history", (e) => renderChatMessages(JSON.parse(e.data).messages || []));
     events.addEventListener("activity_update", (e) => renderActivity(JSON.parse(e.data).events || []));
+    events.addEventListener("active_sessions_update", (e) => {
+      const d = JSON.parse(e.data);
+      state.activeSessions = d.active || null;
+      if (state.currentPage === "overview") renderActiveSessions(state.activeSessions?.sessions || []);
+    });
     events.addEventListener("session_update", (e) => {
       loadBootstrap();
       loadChatHistory();
@@ -1129,6 +1252,50 @@
     if (kind === "docs") return !/\\.(png|jpe?g|gif|webp|svg)$/i.test(name);
     return true;
   }
+  document.getElementById("reloadArtifactsBtn").onclick = loadArtifacts;
+  document.getElementById("artifactSearch").oninput = renderArtifacts;
+  document.getElementById("artifactKind").onchange = renderArtifacts;
+  document.getElementById("deleteSelectedArtifactsBtn").onclick = () => safe(async () => {
+    if (!can("files.write")) {
+      toast("Permission required: files.write");
+      return;
+    }
+    const turnIds = [...state.selectedArtifactTurns];
+    if (turnIds.length === 0) {
+      toast("No artifact turns selected");
+      return;
+    }
+    if (confirm("Delete " + turnIds.length + " selected artifact turn(s)?")) {
+      const r = await api("/api/artifacts/bulk", { method: "POST", body: JSON.stringify({ action: "delete", turnIds }) });
+      state.selectedArtifactTurns.clear();
+      toast("Deleted " + (r.removed || []).length + " artifact turn(s)");
+      loadArtifacts();
+    }
+  });
+  function highlightCode(text) {
+    return esc(text).replace(/\\b(import|export|const|let|function|return|if|else|for|while|class|interface|type|async|await)\\b/g, '<span class="chip">$1</span>');
+  }
+  function isRemotePeerTarget() {
+    return Boolean(state.selectedPeer && state.selectedPeer !== "local");
+  }
+  function artifactFileHref(turnId, path) {
+    return isRemotePeerTarget() ? "#" : "/api/artifacts/file?turnId=" + encodeURIComponent(turnId) + "&path=" + encodeURIComponent(path);
+  }
+  function artifactZipHref(turnId) {
+    return isRemotePeerTarget() ? "#" : "/api/artifacts/zip?turnId=" + encodeURIComponent(turnId);
+  }
+  async function downloadArtifactFile(turnId, path) {
+    const file = await api("/api/artifacts/file", { query: { turnId, path } });
+    downloadBase64(file.name || path, file.dataBase64 || "", file.mimeType || "application/octet-stream");
+  }
+  async function downloadArtifactZip(turnId) {
+    const file = await api("/api/artifacts/zip", { query: { turnId } });
+    downloadBase64(file.name || "nordrelay-artifacts-" + turnId + ".zip", file.dataBase64 || "", file.mimeType || "application/zip");
+  }
+  async function artifactDataUrl(turnId, path) {
+    const file = await api("/api/artifacts/file", { query: { turnId, path } });
+    return "data:" + (file.mimeType || "application/octet-stream") + ";base64," + (file.dataBase64 || "");
+  }
   function renderArtifacts() {
     const query = (document.getElementById("artifactSearch").value || "").toLowerCase();
     const kind = document.getElementById("artifactKind").value;
@@ -1137,16 +1304,27 @@
       const files = (r.artifacts || []).filter((a) => artifactMatches(a, kind, query));
       if (files.length === 0) return "";
       const gallery = files.map((a) => {
-        const href = "/api/artifacts/file?turnId=" + encodeURIComponent(r.turnId) + "&path=" + encodeURIComponent(a.relativePath);
-        const img = /\\.(png|jpe?g|gif|webp|svg)$/i.test(a.name) ? '<img src="' + href + '">' : "<pre>" + esc(a.name.split(".").pop() || "file") + "</pre>";
-        return '<div class="artifact-card"><label><input type="checkbox" data-artifact-select="' + attr(r.turnId) + '" ' + (state.selectedArtifactTurns.has(r.turnId) ? "checked" : "") + "> " + esc(short(a.name, 32)) + "</label>" + img + "<small>" + esc(fmtBytes(a.sizeBytes)) + '</small><div class="row"><a href="' + href + '">Open</a><button class="secondary" data-preview-turn="' + attr(r.turnId) + '" data-preview-path="' + attr(a.relativePath) + '">Preview</button></div></div>';
+        const href = artifactFileHref(r.turnId, a.relativePath);
+        const isImage = /\.(png|jpe?g|gif|webp|svg)$/i.test(a.name);
+        const img = isImage && !isRemotePeerTarget() ? '<img src="' + href + '">' : "<pre>" + esc(a.name.split(".").pop() || "file") + "</pre>";
+        return '<div class="artifact-card"><label><input type="checkbox" data-artifact-select="' + attr(r.turnId) + '" ' + (state.selectedArtifactTurns.has(r.turnId) ? "checked" : "") + "> " + esc(short(a.name, 32)) + "</label>" + img + "<small>" + esc(fmtBytes(a.sizeBytes)) + '</small><div class="row"><a href="' + href + '" data-open-artifact="' + attr(r.turnId) + '" data-open-path="' + attr(a.relativePath) + '">Open</a><button class="secondary" data-preview-turn="' + attr(r.turnId) + '" data-preview-path="' + attr(a.relativePath) + '">Preview</button></div></div>';
       }).join("");
-      return '<div class="item"><strong>' + esc(r.turnId) + " - " + files.length + "/" + r.fileCount + " files - " + fmtBytes(r.totalSizeBytes) + "</strong><small>" + fmtDate(r.updatedAt) + " / " + esc(r.source || "turn") + '</small><div class="row"><a href="/api/artifacts/zip?turnId=' + encodeURIComponent(r.turnId) + '">Download ZIP</a><button data-del-art="' + esc(r.turnId) + '" class="danger"' + disabledAttr("files.write") + '>Delete</button></div><div class="gallery">' + gallery + "</div></div>";
+      return '<div class="item"><strong>' + esc(r.turnId) + " - " + files.length + "/" + r.fileCount + " files - " + fmtBytes(r.totalSizeBytes) + "</strong><small>" + fmtDate(r.updatedAt) + " / " + esc(r.source || "turn") + '</small><div class="row"><a href="' + artifactZipHref(r.turnId) + '" data-zip-artifact="' + attr(r.turnId) + '">Download ZIP</a><button data-del-art="' + esc(r.turnId) + '" class="danger"' + disabledAttr("files.write") + '>Delete</button></div><div class="gallery">' + gallery + "</div></div>";
     }).join("") || '<div class="item">No artifacts.</div>';
     document.querySelectorAll("[data-artifact-select]").forEach((c) => c.onchange = () => {
       if (c.checked) state.selectedArtifactTurns.add(c.dataset.artifactSelect);
       else state.selectedArtifactTurns.delete(c.dataset.artifactSelect);
     });
+    document.querySelectorAll("[data-open-artifact]").forEach((a) => a.onclick = (e) => {
+      if (!isRemotePeerTarget()) return;
+      e.preventDefault();
+      safe(() => downloadArtifactFile(a.dataset.openArtifact, a.dataset.openPath));
+    });
+    document.querySelectorAll("[data-zip-artifact]").forEach((a) => a.onclick = (e) => {
+      if (!isRemotePeerTarget()) return;
+      e.preventDefault();
+      safe(() => downloadArtifactZip(a.dataset.zipArtifact));
+    });
     document.querySelectorAll("[data-del-art]").forEach((b) => b.onclick = () => safe(async () => {
       if (!can("files.write")) {
         toast("Permission required: files.write");
@@ -1161,37 +1339,14 @@
     document.querySelectorAll("[data-preview-turn]").forEach((b) => b.onclick = () => safe(() => previewArtifact(b.dataset.previewTurn, b.dataset.previewPath)));
     applyPermissions();
   }
-  document.getElementById("reloadArtifactsBtn").onclick = loadArtifacts;
-  document.getElementById("artifactSearch").oninput = renderArtifacts;
-  document.getElementById("artifactKind").onchange = renderArtifacts;
   document.getElementById("zipSelectedArtifactsBtn").onclick = () => {
     const turnIds = [...state.selectedArtifactTurns];
     if (turnIds.length === 0) {
       toast("No artifact turns selected");
       return;
     }
-    turnIds.forEach((turnId) => window.open("/api/artifacts/zip?turnId=" + encodeURIComponent(turnId), "_blank"));
+    turnIds.forEach((turnId) => isRemotePeerTarget() ? safe(() => downloadArtifactZip(turnId)) : window.open("/api/artifacts/zip?turnId=" + encodeURIComponent(turnId), "_blank"));
   };
-  document.getElementById("deleteSelectedArtifactsBtn").onclick = () => safe(async () => {
-    if (!can("files.write")) {
-      toast("Permission required: files.write");
-      return;
-    }
-    const turnIds = [...state.selectedArtifactTurns];
-    if (turnIds.length === 0) {
-      toast("No artifact turns selected");
-      return;
-    }
-    if (confirm("Delete " + turnIds.length + " selected artifact turn(s)?")) {
-      const r = await api("/api/artifacts/bulk", { method: "POST", body: JSON.stringify({ action: "delete", turnIds }) });
-      state.selectedArtifactTurns.clear();
-      toast("Deleted " + (r.removed || []).length + " artifact turn(s)");
-      loadArtifacts();
-    }
-  });
-  function highlightCode(text) {
-    return esc(text).replace(/\\b(import|export|const|let|function|return|if|else|for|while|class|interface|type|async|await)\\b/g, '<span class="chip">$1</span>');
-  }
   async function previewArtifact(turnId, path) {
     const target = document.getElementById("artifactPreview");
     target.innerHTML = '<div class="panel">' + loadingHtml("Loading preview...") + "</div>";
@@ -1199,7 +1354,8 @@
     try {
       const data = await api("/api/artifacts/preview", { query: { turnId, path } });
       if (data.kind === "image") {
-        target.innerHTML = '<div class="panel"><h2>' + esc(data.name) + '</h2><img src="/api/artifacts/file?turnId=' + encodeURIComponent(turnId) + "&path=" + encodeURIComponent(path) + '"></div>';
+        const src = isRemotePeerTarget() ? await artifactDataUrl(turnId, path) : "/api/artifacts/file?turnId=" + encodeURIComponent(turnId) + "&path=" + encodeURIComponent(path);
+        target.innerHTML = '<div class="panel"><h2>' + esc(data.name) + '</h2><img src="' + src + '"></div>';
         return;
       }
       if (data.kind === "text") {
@@ -1296,6 +1452,29 @@
       ["Aborted", jobs.aborted]
     ];
   }
+  function metricProcessRows(d) {
+    const p = d.process || {};
+    const memory = p.memory || {};
+    const cpu = p.cpu || {};
+    const loop = p.eventLoop || {};
+    return [
+      ["PID", p.pid],
+      ["Node", p.nodeVersion],
+      ["Platform", [p.platform, p.arch].filter(Boolean).join(" ")],
+      ["Uptime", fmtDuration(p.uptimeMs)],
+      ["Started", fmtDate(p.startedAt)],
+      ["RSS", fmtBytes(memory.rssBytes || 0)],
+      ["Heap used", fmtBytes(memory.heapUsedBytes || 0)],
+      ["Heap total", fmtBytes(memory.heapTotalBytes || 0)],
+      ["CPU total", fmtDuration(cpu.totalMs)],
+      ["CPU avg", cpu.percentSinceStart === null || cpu.percentSinceStart === void 0 ? "-" : cpu.percentSinceStart + "%"],
+      ["Event loop p95", formatMs(loop.delayP95Ms)],
+      ["Event loop max", formatMs(loop.delayMaxMs)]
+    ];
+  }
+  function formatMs(value) {
+    return value === null || value === void 0 ? "-" : value + "ms";
+  }
   function rateRows(name, rate) {
     return [
       ["Queued", rate?.queued ?? 0],
@@ -1311,7 +1490,8 @@
   }
   function renderMetrics(d) {
     const adapters = d.adapters || {};
-    document.getElementById("metricsPanel").innerHTML = '<div class="metrics-grid">' + card("Runtime", metricStatusRows(d)) + card("Jobs", metricJobRows(d)) + card("Telegram rate limits", rateRows("", adapters.telegram).map(([k, v]) => [String(k).trim(), v])) + card("Discord rate limits", rateRows("", adapters.discord).map(([k, v]) => [String(k).trim(), v])) + "</div>";
+    const adapterCards = Object.entries(adapters).map(([name, rate]) => card(name.charAt(0).toUpperCase() + name.slice(1) + " rate limits", rateRows("", rate).map(([k, v]) => [String(k).trim(), v]))).join("");
+    document.getElementById("metricsPanel").innerHTML = '<div class="metrics-grid">' + card("Runtime", metricStatusRows(d)) + card("Process", metricProcessRows(d)) + card("Jobs", metricJobRows(d)) + adapterCards + "</div>";
   }
   document.getElementById("reloadMetricsBtn").onclick = () => safe(loadMetrics);
   function activityQuery() {
@@ -1329,7 +1509,7 @@
   }
   function activityActorText(e) {
     const a = e.actor || {};
-    return a.label || a.username || a.id || ({ web: "Web user", telegram: "Telegram user", discord: "Discord user", cli: "CLI", system: "System" }[a.channel] || "System");
+    return a.label || a.username || a.id || ({ web: "Web user", telegram: "Telegram user", discord: "Discord user", slack: "Slack user", cli: "CLI", system: "System" }[a.channel] || "System");
   }
   function activityMetaHtml(e) {
     const workspace = activityWorkspace(e);
@@ -1361,12 +1541,14 @@
     URL.revokeObjectURL(a.href);
   };
   async function loadSettings() {
+    state.settingsWizard = null;
+    document.getElementById("settingsTabs").style.display = "";
     setLoading("settingsForm", "Loading settings...");
     const data = await api("/api/settings");
     state.settings = data.settings;
     renderSettings();
   }
-  const settingsGroupOrder = ["Agents", "Codex", "Pi", "Hermes", "OpenClaw", "Claude Code", "Telegram", "Discord", "Operations", "Artifacts", "Workspace", "Voice", "Dashboard"];
+  const settingsGroupOrder = ["Agents", "Codex", "Pi", "Hermes", "OpenClaw", "Claude Code", "Telegram", "Discord", "Slack", "Operations", "Artifacts", "Workspace", "Peers", "Voice", "Dashboard"];
   const agentSettingGroups = ["Codex", "Pi", "Hermes", "OpenClaw", "Claude Code"];
   function orderedSettingsGroups(groups) {
     const known = settingsGroupOrder.filter((name) => groups[name]);
@@ -1505,7 +1687,7 @@
     return '<div class="permission-grid full-span">' + (state.userManagement?.permissions || []).map((p) => '<label class="checkbox"><input type="checkbox" data-permission-choice="' + attr(p) + '" ' + (selectedSet.has(p) ? "checked" : "") + "> " + esc(p) + "</label>").join("") + "</div>";
   }
   function selectedValues(selector) {
-    return Array.from(document.querySelectorAll(selector + ":checked")).map((x) => x.dataset.groupChoice || x.dataset.permissionChoice || x.dataset.discordChannelChoice || x.value).filter(Boolean);
+    return Array.from(document.querySelectorAll(selector + ":checked")).map((x) => x.dataset.groupChoice || x.dataset.permissionChoice || x.dataset.discordChannelChoice || x.dataset.slackChannelChoice || x.value).filter(Boolean);
   }
   function csv(values = []) {
     return (values || []).join(", ");
@@ -1514,6 +1696,7 @@
     const dialog = document.getElementById("adminDialog");
     document.getElementById("adminDialogTitle").textContent = title;
     document.getElementById("adminDialogBody").innerHTML = body;
+    document.getElementById("adminDialogSubmit").textContent = "Save";
     document.getElementById("adminDialogCancel").onclick = () => dialog.close();
     document.getElementById("adminDialogForm").onsubmit = (e) => safe(async () => {
       e.preventDefault();
@@ -1534,10 +1717,15 @@
   }
   function bindAccessTabs() {
     document.querySelectorAll("[data-access-tab]").forEach((b) => b.onclick = () => switchAccessTab(b.dataset.accessTab));
-    const search = document.getElementById("discordChannelSearch");
-    if (search && !search.dataset.bound) {
-      search.dataset.bound = "true";
-      search.oninput = () => renderDiscordChannels();
+    const discordSearch = document.getElementById("discordChannelSearch");
+    if (discordSearch && !discordSearch.dataset.bound) {
+      discordSearch.dataset.bound = "true";
+      discordSearch.oninput = () => renderDiscordChannels();
+    }
+    const slackSearch = document.getElementById("slackChannelSearch");
+    if (slackSearch && !slackSearch.dataset.bound) {
+      slackSearch.dataset.bound = "true";
+      slackSearch.oninput = () => renderSlackChannels();
     }
   }
   function switchAccessTab(tab) {
@@ -1575,16 +1763,46 @@
     bindAccessCopyButtons();
     applyPermissions();
   }
+  function slackChannelLabel(channel) {
+    return channel.title ? channel.title + " (" + channel.channelId + ")" : channel.channelId;
+  }
+  function slackScopeLabel(ids = []) {
+    const channels = state.userManagement?.slackChannels || [];
+    return (ids || []).map((id) => slackChannelLabel(channels.find((c) => c.channelId === id) || { channelId: id })).join(", ");
+  }
+  function slackChannelOptions(selected = []) {
+    const selectedSet = new Set(selected || []);
+    const channels = state.userManagement?.slackChannels || [];
+    return '<div class="permission-grid full-span">' + (channels.map((c) => '<label class="checkbox"><input type="checkbox" data-slack-channel-choice="' + attr(c.channelId) + '" ' + (selectedSet.has(c.channelId) ? "checked" : "") + "> " + esc(slackChannelLabel(c) + " / " + (c.teamId || "team default")) + "</label>").join("") || "<small>No Slack channels registered.</small>") + "</div>";
+  }
+  function slackIdentityHtml(user, identity) {
+    const id = String(identity.slackUserId || "");
+    const team = identity.teamId ? " <span>" + esc(identity.teamId) + "</span>" : "";
+    return '<span class="access-id-row">' + accessCopyButton(id, "Slack user ID copied") + team + (identity.username ? " <span>@" + esc(identity.username) + "</span>" : "") + ' <button class="secondary mini-button" data-slack-user="' + attr(user.id) + '" data-slack-unlink="' + attr(identity.id) + '"' + disabledAttr("users.write") + ">Unlink</button></span>";
+  }
+  function renderSlackChannels(channels = state.userManagement?.slackChannels || []) {
+    const target = document.getElementById("slackChannelsList");
+    if (!target) return;
+    const query = (document.getElementById("slackChannelSearch")?.value || "").toLowerCase();
+    const filtered = (channels || []).filter((c) => !query || [c.title, c.channelId, c.teamId, c.type, groupNames(c.allowedGroupIds)].filter(Boolean).join(" ").toLowerCase().includes(query));
+    target.innerHTML = filtered.map((c) => '<div class="item"><strong>' + esc(c.title || String(c.channelId)) + ' <span class="adapter-status ' + (c.enabled ? "enabled" : "disabled") + '">' + (c.enabled ? "enabled" : "disabled") + '</span></strong><small class="access-id-row">Channel ID: ' + accessCopyButton(c.channelId, "Slack channel ID copied") + '</small><small class="access-id-row">Team ID: ' + accessCopyButton(c.teamId || "", "Slack team ID copied") + "</small><small>" + esc("Type: " + (c.type || "-")) + "</small><small>Groups: " + esc(groupNames(c.allowedGroupIds) || "all groups") + '</small><div class="row"><button data-slack-channel-edit="' + attr(c.id) + '"' + disabledAttr("users.write") + '>Edit</button><button class="secondary" data-slack-channel-toggle="' + attr(c.id) + '"' + disabledAttr("users.write") + ">" + (c.enabled ? "Disable" : "Enable") + "</button></div></div>").join("") || '<div class="item">No Slack channels registered.</div>';
+    bindSlackChannelButtons();
+    bindAccessCopyButtons();
+    applyPermissions();
+  }
   function renderUserManagement(d) {
     document.getElementById("accessPanel").innerHTML = (d.users || []).map((u) => {
       const telegram = (u.telegramIdentities || []).map((t) => t.telegramUserId + (t.username ? " @" + t.username : "") + ' <button class="secondary mini-button" data-telegram-user="' + attr(u.id) + '" data-telegram-unlink="' + attr(t.id) + '"' + disabledAttr("users.write") + ">Unlink</button>").join(" ");
       const discord = (u.discordIdentities || []).map((identity) => discordIdentityHtml(u, identity)).join(" ");
-      return '<div class="item"><strong>' + esc(u.displayName) + ' <span class="adapter-status ' + (u.active ? "enabled" : "disabled") + '">' + (u.active ? "active" : "disabled") + "</span></strong><small>" + esc(u.email + " / " + u.id) + "</small><small>Groups: " + esc((u.groups || []).map((g) => g.name).join(", ") || "-") + "</small><small>Telegram: " + (telegram || "-") + "</small><small>Discord: " + (discord || "-") + "</small><small>Web sessions: " + esc(String((u.webSessions || []).length)) + '</small><div class="row"><button data-user-edit="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Edit</button><button class="secondary" data-user-toggle="' + attr(u.id) + '"' + disabledAttr("users.write") + ">" + (u.active ? "Disable" : "Enable") + '</button><button class="secondary" data-user-code="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Telegram code</button><button class="secondary" data-user-link="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Link Telegram ID</button><button class="secondary" data-user-discord-code="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Discord code</button><button class="secondary" data-user-discord-link="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Link Discord ID</button><button class="secondary" data-user-password="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Set password</button><button class="danger" data-user-revoke="' + attr(u.id) + '"' + disabledAttr("users.write") + ">Revoke sessions</button></div></div>";
+      const slack = (u.slackIdentities || []).map((identity) => slackIdentityHtml(u, identity)).join(" ");
+      return '<div class="item"><strong>' + esc(u.displayName) + ' <span class="adapter-status ' + (u.active ? "enabled" : "disabled") + '">' + (u.active ? "active" : "disabled") + "</span></strong><small>" + esc(u.email + " / " + u.id) + "</small><small>Groups: " + esc((u.groups || []).map((g) => g.name).join(", ") || "-") + "</small><small>Telegram: " + (telegram || "-") + "</small><small>Discord: " + (discord || "-") + "</small><small>Slack: " + (slack || "-") + "</small><small>Web sessions: " + esc(String((u.webSessions || []).length)) + '</small><div class="row"><button data-user-edit="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Edit</button><button class="secondary" data-user-toggle="' + attr(u.id) + '"' + disabledAttr("users.write") + ">" + (u.active ? "Disable" : "Enable") + '</button><button class="secondary" data-user-code="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Telegram code</button><button class="secondary" data-user-link="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Link Telegram ID</button><button class="secondary" data-user-discord-code="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Discord code</button><button class="secondary" data-user-discord-link="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Link Discord ID</button><button class="secondary" data-user-slack-code="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Slack code</button><button class="secondary" data-user-slack-link="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Link Slack ID</button><button class="secondary" data-user-password="' + attr(u.id) + '"' + disabledAttr("users.write") + '>Set password</button><button class="danger" data-user-revoke="' + attr(u.id) + '"' + disabledAttr("users.write") + ">Revoke sessions</button></div></div>";
     }).join("") || '<div class="item">No users.</div>';
-    document.getElementById("groupsList").innerHTML = (d.groups || []).map((g) => '<div class="item"><strong>' + esc(g.name) + " " + (g.system ? '<span class="chip">system</span>' : "") + "</strong><small>" + esc(g.description || "") + "</small><small>Permissions: " + esc((g.permissions || []).join(", ") || "-") + "</small><small>Agent scope: " + esc(csv(g.agentIds) || "all") + "</small><small>Workspace scope: " + esc(csv(g.workspaceRoots) || "all") + "</small><small>Telegram chat scope: " + esc(csv(g.telegramChatIds) || "all") + "</small><small>Discord channel scope: " + esc(discordScopeLabel(g.discordChannelIds) || "all") + '</small><div class="row"><button class="secondary" data-group-edit="' + attr(g.id) + '"' + disabledAttr("users.write") + ">Edit group</button></div></div>").join("") || '<div class="item">No groups.</div>';
+    document.getElementById("groupsList").innerHTML = (d.groups || []).map((g) => '<div class="item"><strong>' + esc(g.name) + " " + (g.system ? '<span class="chip">system</span>' : "") + "</strong><small>" + esc(g.description || "") + "</small><small>Permissions: " + esc((g.permissions || []).join(", ") || "-") + "</small><small>Agent scope: " + esc(csv(g.agentIds) || "all") + "</small><small>Workspace scope: " + esc(csv(g.workspaceRoots) || "all") + "</small><small>Telegram chat scope: " + esc(csv(g.telegramChatIds) || "all") + "</small><small>Discord channel scope: " + esc(discordScopeLabel(g.discordChannelIds) || "all") + "</small><small>Slack channel scope: " + esc(slackScopeLabel(g.slackChannelIds) || "all") + '</small><div class="row"><button class="secondary" data-group-edit="' + attr(g.id) + '"' + disabledAttr("users.write") + ">Edit group</button></div></div>").join("") || '<div class="item">No groups.</div>';
     document.getElementById("telegramChatsList").innerHTML = (d.telegramChats || []).map((c) => '<div class="item"><strong>' + esc(c.title || String(c.chatId)) + ' <span class="adapter-status ' + (c.enabled ? "enabled" : "disabled") + '">' + (c.enabled ? "enabled" : "disabled") + "</span></strong><small>" + esc("Chat ID: " + c.chatId + " / " + (c.type || "-")) + "</small><small>Groups: " + esc(groupNames(c.allowedGroupIds) || "all groups") + '</small><div class="row"><button data-chat-edit="' + attr(c.id) + '"' + disabledAttr("users.write") + '>Edit</button><button class="secondary" data-chat-toggle="' + attr(c.id) + '"' + disabledAttr("users.write") + ">" + (c.enabled ? "Disable" : "Enable") + "</button></div></div>").join("") || '<div class="item">No Telegram group chats registered.</div>';
     renderDiscordChannels(d.discordChannels || []);
+    renderSlackChannels(d.slackChannels || []);
     bindUserButtons();
+    bindSlackUserButtons();
     bindAccessCopyButtons();
     applyPermissions();
   }
@@ -1672,6 +1890,33 @@
       loadAccess();
     }));
   }
+  function bindSlackUserButtons() {
+    document.querySelectorAll("[data-user-slack-code]").forEach((b) => b.onclick = () => safe(async () => {
+      const r = await api("/api/users/" + encodeURIComponent(b.dataset.userSlackCode) + "/slack", { method: "POST", body: JSON.stringify({ createCode: true }) });
+      toast("Slack link code: " + r.linkCode.code + " (expires " + fmtDate(r.linkCode.expiresAt) + ")", { duration: 15e3 });
+    }));
+    document.querySelectorAll("[data-user-slack-link]").forEach((b) => b.onclick = () => openSlackLinkDialog(b.dataset.userSlackLink));
+    document.querySelectorAll("[data-slack-unlink]").forEach((b) => b.onclick = () => safe(async () => {
+      if (confirm("Unlink this Slack identity?")) {
+        await api("/api/users/" + encodeURIComponent(b.dataset.slackUser) + "/slack/" + encodeURIComponent(b.dataset.slackUnlink), { method: "DELETE" });
+        toast("Slack unlinked");
+        loadAccess();
+      }
+    }));
+  }
+  function bindSlackChannelButtons() {
+    document.querySelectorAll("[data-slack-channel-edit]").forEach((b) => b.onclick = () => {
+      const c = (state.userManagement?.slackChannels || []).find((x) => x.id === b.dataset.slackChannelEdit);
+      if (c) openSlackChannelDialog(c);
+    });
+    document.querySelectorAll("[data-slack-channel-toggle]").forEach((b) => b.onclick = () => safe(async () => {
+      const c = (state.userManagement?.slackChannels || []).find((x) => x.id === b.dataset.slackChannelToggle);
+      if (!c) return;
+      await api("/api/slack-channels/" + encodeURIComponent(c.id), { method: "PATCH", body: JSON.stringify({ enabled: !c.enabled }) });
+      toast("Slack channel updated");
+      loadAccess();
+    }));
+  }
   function openUserDialog(u) {
     adminDialog(u ? "Edit user" : "Create user", '<label>Email<input id="dlgEmail" value="' + attr(u?.email || "") + '"></label><label>Display name<input id="dlgName" value="' + attr(u?.displayName || "") + '"></label>' + (!u ? '<label>Password<input id="dlgPassword" type="password" autocomplete="new-password"></label>' : "") + '<label class="checkbox"><input id="dlgActive" type="checkbox" ' + (!u || u.active ? "checked" : "") + '> Active</label><div class="full-span"><strong>Groups</strong><div class="row">' + groupOptions(u ? userGroups(u) : ["user"]) + "</div></div>", async () => {
       const payload = { email: val("dlgEmail"), displayName: val("dlgName"), active: document.getElementById("dlgActive").checked, groupIds: selectedValues("[data-group-choice]") };
@@ -1699,6 +1944,19 @@
       toast("Discord linked");
     });
   }
+  function assertSlackId(value, label, required = true) {
+    const text = String(value || "").trim();
+    if (!text && !required) return "";
+    if (!text) throw new Error(label + " is required");
+    if (!/^[A-Z0-9]{2,64}$/.test(text)) throw new Error(label + " must look like a Slack ID");
+    return text;
+  }
+  function openSlackLinkDialog(id) {
+    adminDialog("Link Slack ID", '<label>Slack user ID<input id="dlgSlackId" placeholder="U..."></label><label>Team ID<input id="dlgSlackTeamId" placeholder="T..."></label><label>Username<input id="dlgSlackUsername"></label>', async () => {
+      await api("/api/users/" + encodeURIComponent(id) + "/slack", { method: "POST", body: JSON.stringify({ slackUserId: assertSlackId(val("dlgSlackId"), "Slack user ID"), teamId: assertSlackId(val("dlgSlackTeamId"), "Slack team ID", false) || void 0, username: val("dlgSlackUsername") || void 0 }) });
+      toast("Slack linked");
+    });
+  }
   function openTelegramLinkDialog(id) {
     adminDialog("Link Telegram ID", '<label>Telegram user ID<input id="dlgTelegramId" type="number"></label><label>Username<input id="dlgUsername"></label>', async () => {
       await api("/api/users/" + encodeURIComponent(id) + "/telegram", { method: "POST", body: JSON.stringify({ telegramUserId: Number(val("dlgTelegramId")), username: val("dlgUsername") || void 0 }) });
@@ -1706,8 +1964,8 @@
     });
   }
   function openGroupDialog(g) {
-    adminDialog(g ? "Edit group" : "Create group", '<label>Name<input id="dlgGroupName" value="' + attr(g?.name || "") + '" ' + (g?.system ? "disabled" : "") + '></label><label>Description<input id="dlgGroupDescription" value="' + attr(g?.description || "") + '"></label><label class="full-span">Agent scope, comma-separated<input id="dlgAgentIds" value="' + attr(csv(g?.agentIds)) + '" placeholder="empty means all"></label><label class="full-span">Workspace scope, comma-separated<input id="dlgWorkspaceRoots" value="' + attr(csv(g?.workspaceRoots)) + '" placeholder="empty means all"></label><label class="full-span">Telegram chat scope, comma-separated<input id="dlgTelegramChatIds" value="' + attr(csv(g?.telegramChatIds)) + '" placeholder="empty means all"></label><div class="full-span"><strong>Discord channel scope</strong>' + discordChannelOptions(g?.discordChannelIds || []) + '<small>Leave empty to allow every registered Discord channel.</small></div><strong class="full-span">Permissions</strong>' + permissionOptions(g?.permissions || ["inspect", "sessions.read"]), async () => {
-      const payload = { name: val("dlgGroupName"), description: val("dlgGroupDescription"), permissions: selectedValues("[data-permission-choice]"), agentIds: csvToList(val("dlgAgentIds")), workspaceRoots: csvToList(val("dlgWorkspaceRoots")), telegramChatIds: csvToList(val("dlgTelegramChatIds")).map(Number).filter(Number.isInteger), discordChannelIds: selectedValues("[data-discord-channel-choice]") };
+    adminDialog(g ? "Edit group" : "Create group", '<label>Name<input id="dlgGroupName" value="' + attr(g?.name || "") + '" ' + (g?.system ? "disabled" : "") + '></label><label>Description<input id="dlgGroupDescription" value="' + attr(g?.description || "") + '"></label><label class="full-span">Agent scope, comma-separated<input id="dlgAgentIds" value="' + attr(csv(g?.agentIds)) + '" placeholder="empty means all"></label><label class="full-span">Workspace scope, comma-separated<input id="dlgWorkspaceRoots" value="' + attr(csv(g?.workspaceRoots)) + '" placeholder="empty means all"></label><label class="full-span">Telegram chat scope, comma-separated<input id="dlgTelegramChatIds" value="' + attr(csv(g?.telegramChatIds)) + '" placeholder="empty means all"></label><div class="full-span"><strong>Discord channel scope</strong>' + discordChannelOptions(g?.discordChannelIds || []) + '<small>Leave empty to allow every registered Discord channel.</small></div><div class="full-span"><strong>Slack channel scope</strong>' + slackChannelOptions(g?.slackChannelIds || []) + '<small>Leave empty to allow every registered Slack channel.</small></div><strong class="full-span">Permissions</strong>' + permissionOptions(g?.permissions || ["inspect", "sessions.read"]), async () => {
+      const payload = { name: val("dlgGroupName"), description: val("dlgGroupDescription"), permissions: selectedValues("[data-permission-choice]"), agentIds: csvToList(val("dlgAgentIds")), workspaceRoots: csvToList(val("dlgWorkspaceRoots")), telegramChatIds: csvToList(val("dlgTelegramChatIds")).map(Number).filter(Number.isInteger), discordChannelIds: selectedValues("[data-discord-channel-choice]"), slackChannelIds: selectedValues("[data-slack-channel-choice]") };
       await api(g ? "/api/groups/" + encodeURIComponent(g.id) : "/api/groups", { method: g ? "PATCH" : "POST", body: JSON.stringify(payload) });
       toast(g ? "Group updated" : "Group created");
     });
@@ -1720,6 +1978,13 @@
       toast(c ? "Discord channel updated" : "Discord channel added");
     });
   }
+  function openSlackChannelDialog(c) {
+    adminDialog(c ? "Edit Slack channel" : "Add Slack channel", '<label>Team ID<input id="dlgSlackTeamId" value="' + attr(c?.teamId || "") + '" ' + (c ? "disabled" : "") + ' placeholder="T..."></label><label>Channel ID<input id="dlgSlackChannelId" value="' + attr(c?.channelId || "") + '" ' + (c ? "disabled" : "") + ' placeholder="C..."></label><label>Title<input id="dlgSlackChannelTitle" value="' + attr(c?.title || "") + '"></label><label>Type<select id="dlgSlackChannelType"><option value="channel" ' + ((c?.type || "channel") === "channel" ? "selected" : "") + '>channel</option><option value="thread" ' + (c?.type === "thread" ? "selected" : "") + '>thread</option><option value="dm" ' + (c?.type === "dm" ? "selected" : "") + '>dm</option></select></label><label class="checkbox"><input id="dlgSlackChannelEnabled" type="checkbox" ' + (!c || c.enabled ? "checked" : "") + '> Enabled</label><div class="full-span"><strong>Allowed groups</strong><div class="row">' + groupOptions(c?.allowedGroupIds || []) + "</div><small>Leave empty to allow every group.</small></div>", async () => {
+      const payload = { teamId: assertSlackId(val("dlgSlackTeamId"), "Team ID", false) || void 0, channelId: assertSlackId(val("dlgSlackChannelId"), "Channel ID"), title: val("dlgSlackChannelTitle") || void 0, type: val("dlgSlackChannelType") || "channel", enabled: document.getElementById("dlgSlackChannelEnabled").checked, allowedGroupIds: selectedValues("[data-group-choice]") };
+      await api(c ? "/api/slack-channels/" + encodeURIComponent(c.id) : "/api/slack-channels", { method: c ? "PATCH" : "POST", body: JSON.stringify(payload) });
+      toast(c ? "Slack channel updated" : "Slack channel added");
+    });
+  }
   function openChatDialog(c) {
     adminDialog(c ? "Edit Telegram chat" : "Add Telegram chat", '<label>Chat ID<input id="dlgChatId" type="number" value="' + attr(c?.chatId || "") + '" ' + (c ? "disabled" : "") + '></label><label>Title<input id="dlgChatTitle" value="' + attr(c?.title || "") + '"></label><label>Type<input id="dlgChatType" value="' + attr(c?.type || "supergroup") + '"></label><label class="checkbox"><input id="dlgChatEnabled" type="checkbox" ' + (!c || c.enabled ? "checked" : "") + '> Enabled</label><div class="full-span"><strong>Allowed groups</strong><div class="row">' + groupOptions(c?.allowedGroupIds || []) + "</div><small>Leave empty to allow every group.</small></div>", async () => {
       const payload = { chatId: Number(val("dlgChatId")), title: val("dlgChatTitle") || void 0, type: val("dlgChatType") || void 0, enabled: document.getElementById("dlgChatEnabled").checked, allowedGroupIds: selectedValues("[data-group-choice]") };
@@ -1758,6 +2023,13 @@
     }
     openDiscordChannelDialog(null);
   };
+  document.getElementById("createSlackChannelBtn").onclick = () => {
+    if (!can("users.write")) {
+      toast("Permission required: users.write");
+      return;
+    }
+    openSlackChannelDialog(null);
+  };
   async function loadLocks() {
     if (!can("sessions.read")) {
       document.getElementById("locksList").innerHTML = '<div class="item">Permission required: sessions.read</div>';
@@ -1873,10 +2145,55 @@
       toast("Cleared " + target + " log");
     }
   });
+  async function loadPeers() {
+    if (!can("peers.read")) {
+      document.getElementById("peersList").innerHTML = '<div class="item">Permission required: peers.read</div>';
+      return;
+    }
+    setLoading("peersList", "Loading peers...");
+    const d = await api("/api/peers", { local: true });
+    state.peers = d;
+    const inviteIds = new Set((d.invitations || []).map((i) => i.id));
+    Object.keys(state.peerInviteSecrets || {}).forEach((id) => {
+      if (!inviteIds.has(id)) delete state.peerInviteSecrets[id];
+    });
+    document.getElementById("peerStatus").innerHTML = peerStatusHtml(d);
+    document.getElementById("peersList").innerHTML = (d.peers || []).map(peerCard).join("") || '<div class="item">No peers configured.</div>';
+    document.getElementById("peerInvites").innerHTML = (d.invitations || []).map(peerInviteCard).join("") || '<div class="item">No open invitations.</div>';
+    ensureGlobalPeerSessionsPanel();
+    bindPeerButtons();
+    await loadPeerSelector();
+    applyPermissions();
+  }
+  function openPeerAddDialog() {
+    adminDialog("Add peer", '<label>Peer URL<input id="dlgPeerAddUrl" placeholder="https://host:31979"></label><label>Pairing code<input id="dlgPeerAddCode"></label><label>Name<input id="dlgPeerAddName" placeholder="optional local label"></label><label>Public URL for this node<input id="dlgPeerAddPublicUrl" placeholder="optional"></label>', async () => {
+      const r = await api("/api/peers/pair", { method: "POST", body: JSON.stringify({ url: val("dlgPeerAddUrl"), code: val("dlgPeerAddCode"), name: val("dlgPeerAddName") || void 0, publicUrl: val("dlgPeerAddPublicUrl") || void 0 }), local: true });
+      toast("Added peer " + (r.peer?.name || ""));
+      await loadPeers();
+    });
+  }
+  document.getElementById("loadPeersBtn").onclick = () => loadPeers();
+  document.getElementById("createPeerInviteBtn").onclick = () => {
+    if (!can("peers.write")) {
+      toast("Permission required: peers.write");
+      return;
+    }
+    openPeerInviteDialog();
+  };
+  document.getElementById("addPeerBtn").onclick = () => {
+    if (!can("peers.write")) {
+      toast("Permission required: peers.write");
+      return;
+    }
+    openPeerAddDialog();
+  };
   async function loadAdapterHealth() {
     setLoading("adapterHealth", "Loading adapters...");
-    const d = await api("/api/adapters/health");
+    setLoading("adapterConformance", "Loading conformance...");
+    const [d, conformance] = await Promise.all([api("/api/adapters/health"), api("/api/adapters/conformance")]);
+    state.adapterConformance = conformance;
     document.getElementById("adapterHealth").innerHTML = (d.adapters || []).map((a) => '<div class="item"><strong>' + esc(a.label) + ' <span class="adapter-status ' + esc(a.status) + '">' + esc(a.status) + "</span></strong><small>" + esc("CLI: " + (a.cli.label || "-") + " / path " + (a.cli.path || "-") + " / version " + (a.cli.version || "-")) + "</small><small>" + esc("Auth: " + (a.auth.supported ? a.auth.authenticated ? "authenticated" : "not authenticated" : "not managed") + " " + (a.auth.detail || "")) + "</small><small>" + esc("Version: " + a.version.installed + " / latest " + (a.version.latest || "-") + " / " + a.version.status) + "</small>" + featureMatrix(a.capabilities) + '<div class="row"><button data-auth-status="' + attr(a.id) + '">Auth status</button><button data-auth-login="' + attr(a.id) + '" class="secondary" ' + (!a.capabilities.login ? "disabled" : "") + disabledAttr("auth.manage") + '>Login</button><button data-auth-logout="' + attr(a.id) + '" class="secondary" ' + (!a.capabilities.logout ? "disabled" : "") + disabledAttr("auth.manage") + ">Logout</button></div></div>").join("") || '<div class="item">No adapters.</div>';
+    renderAdapterConformance(conformance);
     document.querySelectorAll("[data-auth-status]").forEach((b) => b.onclick = () => safe(async () => {
       const r = await api("/api/auth/status", { query: { agent: b.dataset.authStatus } });
       toast(r.agentLabel + ": " + r.detail, { duration: 6e3 });
@@ -1901,6 +2218,22 @@
     }));
     applyPermissions();
   }
+  function renderAdapterConformance(matrix) {
+    const target = document.getElementById("adapterConformance");
+    if (!target) return;
+    const agents = (matrix?.agents || []).map((a) => conformanceCard(a, "agent")).join("");
+    const channels = (matrix?.channels || []).map((c) => conformanceCard(c, "channel")).join("");
+    target.innerHTML = '<div class="conformance-grid"><div><h3>Agent capability contract</h3>' + (agents || '<div class="item">No agent conformance rows.</div>') + "</div><div><h3>Channel command contract</h3>" + (channels || '<div class="item">No channel conformance rows.</div>') + "</div></div>";
+  }
+  function conformanceCard(item, kind) {
+    const missing = (item.unsupported || []).length;
+    const commands = kind === "channel" && item.commands ? "<small>" + esc("Commands: " + item.commands.length + (item.commands.length ? " / " + short(item.commands.join(", "), 180) : "")) + "</small>" : "";
+    const badge = missing === 0 ? "enabled" : item.status === "planned" ? "disabled" : "planned";
+    return '<div class="item"><strong>' + esc(item.label) + ' <span class="adapter-status ' + badge + '">' + esc(missing === 0 ? "complete" : missing + " missing") + "</span></strong><small>" + esc("Status: " + item.status + (item.enabled === void 0 ? "" : " / " + (item.enabled ? "enabled" : "disabled"))) + "</small>" + commands + conformanceFeatureMatrix(item.features || []) + "</div>";
+  }
+  function conformanceFeatureMatrix(features) {
+    return '<div class="feature-matrix">' + (features || []).map((f) => '<span class="feature-chip ' + (f.supported ? "supported" : "unsupported") + '" title="' + attr(f.description || f.key) + '"><span>' + esc(f.label || f.key) + "</span><b>" + (f.supported ? "\u2713" : "-") + "</b></span>").join("") + "</div>";
+  }
   document.getElementById("reloadAdaptersBtn").onclick = () => loadAdapterHealth();
   const versionAgentIds = { codex: "codex", pi: "pi", hermes: "hermes", openclaw: "openclaw", claudeCode: "claude-code" };
   async function loadVersion() {
@@ -2035,20 +2368,37 @@
     document.getElementById("diagnostics").innerHTML = diagnosticsHtml(data);
   }
   const exportDiagnosticsBundleBtn = document.getElementById("exportDiagnosticsBundleBtn");
-  if (exportDiagnosticsBundleBtn) exportDiagnosticsBundleBtn.onclick = () => {
+  if (exportDiagnosticsBundleBtn) exportDiagnosticsBundleBtn.onclick = () => safe(async () => {
     if (!can("diagnostics.read")) {
       toast("Permission required: diagnostics.read");
       return;
     }
-    window.open("/api/diagnostics/bundle", "_blank");
-  };
+    if (!state.selectedPeer || state.selectedPeer === "local") {
+      window.open("/api/diagnostics/bundle", "_blank");
+      return;
+    }
+    const bundle = await api("/api/diagnostics/bundle");
+    downloadBase64(bundle.name || "nordrelay-support-bundle.zip", bundle.dataBase64 || "", bundle.mimeType || "application/zip");
+    toast("Remote diagnostics bundle downloaded");
+  });
+  function downloadBase64(name, dataBase64, mimeType) {
+    const bytes = Uint8Array.from(atob(dataBase64), (c) => c.charCodeAt(0));
+    const blob = new Blob([bytes], { type: mimeType });
+    const a = document.createElement("a");
+    a.href = URL.createObjectURL(blob);
+    a.download = name;
+    a.click();
+    URL.revokeObjectURL(a.href);
+  }
   function diagnosticsHtml(d) {
     const h = d.health || {};
     const s = d.snapshot?.session || {};
     const vc = d.versionChecks || {};
     const caps = s.capabilities || {};
     const agentDiag = d.runtime?.agentDiagnostics;
-    return '<div class="list">' + card("Runtime", [["Status", h.state?.status], ["PID", h.state?.pid], ["App PID", h.state?.appPid], ["State", h.stateFile], ["Log", h.logFile], ["State backend", d.runtime?.stateBackend], ["Uptime", h.uptimeSeconds + "s"]]) + card("Agent", [["Agent", s.agentLabel], ["Thread", s.threadId], ["Workspace", s.workspace], ["Model", s.model], ["Reasoning", s.reasoningEffort], ["Fast", caps.fastMode ? s.fastMode ? "on" : "off" : "n/a"]]) + card("Agent State", (agentDiag?.lines || []).map((x) => [x.label, x.value])) + card("CLI Versions", Object.values(vc).map((v) => [v.label, (v.status === "current" ? "OK " : "WARN ") + (v.installedLabel || "-") + " latest " + (v.latestVersion || "-")])) + card("External Mirror", d.runtime?.externalMirror ? Object.entries(d.runtime.externalMirror) : [["Status", "idle"]]) + "</div>";
+    const slack = d.runtime?.slackDiagnostics;
+    const slackRows = slack ? [["Enabled", slack.enabled ? "yes" : "no"], ["Mode", slack.mode], ["Registered channels", slack.registeredChannels], ...(slack.checks || []).map((x) => [x.status.toUpperCase() + " " + x.label, x.detail]), ...(slack.channelChecks || []).map((x) => [x.status.toUpperCase() + " channel " + x.channelId, x.detail])] : [["Status", "not collected"]];
+    return '<div class="list">' + card("Runtime", [["Status", h.state?.status], ["PID", h.state?.pid], ["App PID", h.state?.appPid], ["State", h.stateFile], ["Log", h.logFile], ["State backend", d.runtime?.stateBackend], ["Uptime", h.uptimeSeconds + "s"]]) + card("Agent", [["Agent", s.agentLabel], ["Thread", s.threadId], ["Workspace", s.workspace], ["Model", s.model], ["Reasoning", s.reasoningEffort], ["Fast", caps.fastMode ? s.fastMode ? "on" : "off" : "n/a"]]) + card("Agent State", (agentDiag?.lines || []).map((x) => [x.label, x.value])) + card("CLI Versions", Object.values(vc).map((v) => [v.label, (v.status === "current" ? "OK " : "WARN ") + (v.installedLabel || "-") + " latest " + (v.latestVersion || "-")])) + card("External Mirror", d.runtime?.externalMirror ? Object.entries(d.runtime.externalMirror) : [["Status", "idle"]]) + card("Slack Readiness", slackRows) + "</div>";
   }
   function card(title, rows) {
     return '<div class="item"><strong>' + esc(title) + "</strong>" + rows.map((r) => "<small>" + esc(r[0]) + ": " + esc(r[1] ?? "-") + "</small>").join("") + "</div>";
@@ -2058,4 +2408,467 @@
     Promise.resolve().then(fn).catch((err) => toast(err.message || String(err)));
   }
   loadBootstrap().then(() => connectEvents()).catch((err) => toast(err.message));
+  function ensureGlobalPeerSessionsPanel() {
+    if (document.getElementById("globalPeerSessionsPanel")) return;
+    const anchor = document.getElementById("peersList");
+    if (!anchor) return;
+    anchor.insertAdjacentHTML("afterend", '<h2>Global sessions</h2><div id="globalPeerSessionsPanel" class="list"><div class="item"><div class="row"><input id="globalPeerSessionSearch" placeholder="Search sessions across peers"><button id="loadGlobalPeerSessionsBtn">Load global sessions</button></div><div id="globalPeerSessionsList"></div></div></div>');
+    document.getElementById("loadGlobalPeerSessionsBtn").onclick = () => safe(loadGlobalPeerSessions);
+  }
+  async function loadGlobalPeerSessions() {
+    const target = document.getElementById("globalPeerSessionsList");
+    target.innerHTML = loadingHtml("Loading global sessions...");
+    const q = document.getElementById("globalPeerSessionSearch").value || "";
+    const d = await api("/api/peers/global-sessions", { local: true, query: { query: q, agent: state.snapshot?.session?.agentId || void 0, limit: 50 } });
+    target.innerHTML = (d.targets || []).map((t) => '<div class="item"><strong>' + esc(t.peerName + " (" + t.peerId + ")") + ' <span class="adapter-status ' + (t.ok ? "enabled" : "disabled") + '">' + (t.ok ? "ok" : "error") + "</span></strong>" + (t.ok ? (t.data?.sessions || []).slice(0, 8).map((s) => "<small>" + esc(short(s.id, 48) + " | " + short(s.cwd || "", 80) + " | " + fmtDate(s.updatedAt)) + "</small>").join("") || "<small>No sessions.</small>" : '<small class="error">' + esc(t.error || "failed") + "</small>") + "</div>").join("") || '<div class="item">No peer sessions found.</div>';
+  }
+  function peerStatusHtml(d) {
+    const r = d.readiness || {};
+    const rows = [["Peer server", d.enabled ? "enabled" : "disabled"], ["Listen URL", d.listenUrl], ["Bind", [r.bindHost || "-", r.port || ""].filter(Boolean).join(":")], ["Local port", r.localListening ? "listening" : "not listening"], ["TLS", r.tlsEnabled ? "enabled" : "disabled"], ["Require TLS", d.requireTls ? "yes" : "no"], ["Node ID", d.identity?.nodeId], ["Fingerprint", d.identity?.fingerprint]];
+    const command = r.manualCheckCommand || "nordrelay peer check " + (d.listenUrl || "");
+    return '<div class="item"><strong>Local peer identity <span class="adapter-status ' + (r.enabled && r.localListening ? "enabled" : r.enabled ? "planned" : "disabled") + '">' + esc(r.enabled ? r.localListening ? "ready" : "not listening" : "disabled") + "</span></strong>" + rows.map((row) => "<small>" + esc(row[0]) + ": " + esc(row[1] ?? "-") + "</small>").join("") + peerWarningsHtml(r.warnings || [], "Peer readiness") + '<div class="peer-invite-details"><small>Manual reachability check</small><button type="button" class="copy-id peer-invite-command" data-peer-invite-copy="' + attr(command) + '" data-peer-invite-copy-label="Peer check command copied">' + esc(command) + '</button><small>Run this on another machine to verify LAN, port-forward, or firewall reachability.</small></div><div class="row"><button id="checkPeerReachabilityBtn" class="secondary"' + disabledAttr("peers.connect") + '>Check local endpoint</button></div><div id="peerProbeResult">' + peerProbeResultHtml(state.peerProbeResult) + "</div></div>";
+  }
+  function peerWarningsHtml(warnings, title) {
+    return (warnings || []).length ? '<div class="peer-warning full-span"><strong>' + esc(title || "Warning") + "</strong>" + warnings.map((w) => "<small>" + esc(w) + "</small>").join("") + "</div>" : "";
+  }
+  function peerProbeResultHtml(result) {
+    if (!result) return "";
+    const probe = result.probe || {};
+    const label = result.type === "remote" ? "Remote probe from " + (result.peerName || result.peerId || "peer") : "Local endpoint check";
+    return '<div class="peer-probe-result ' + (probe.ok ? "ok" : "warn") + '"><strong>' + esc(label) + ' <span class="adapter-status ' + (probe.ok ? "enabled" : "planned") + '">' + esc(probe.status || "unknown") + "</span></strong><small>" + esc("URL: " + (probe.url || result.readiness?.listenUrl || "-")) + "</small>" + (probe.latencyMs !== void 0 ? "<small>" + esc("Latency: " + probe.latencyMs + "ms") + "</small>" : "") + (probe.statusCode !== void 0 ? "<small>" + esc("HTTP: " + probe.statusCode) + "</small>" : "") + (probe.tlsFingerprint ? "<small>" + esc("TLS fingerprint: " + probe.tlsFingerprint) + "</small>" : "") + "<small>" + esc(probe.detail || "") + "</small></div>";
+  }
+  function peerInviteDetails(i) {
+    const details = state.peerInviteSecrets?.[i.id];
+    if (!details) return "";
+    return '<div class="peer-invite-details"><small>Pairing code</small><button type="button" class="copy-id peer-invite-copy" data-peer-invite-copy="' + attr(details.code || "") + '" data-peer-invite-copy-label="Pairing code copied">' + esc(details.code || "") + '</button><small>Peer add command</small><button type="button" class="copy-id peer-invite-command" data-peer-invite-copy="' + attr(details.command || "") + '" data-peer-invite-copy-label="Peer add command copied">' + esc(details.command || "") + "</button></div>";
+  }
+  function peerInviteCard(i) {
+    const open = new Date(i.expiresAt) > /* @__PURE__ */ new Date() && !i.usedAt;
+    const readiness = state.peers?.readiness;
+    return '<div class="item"><strong>' + esc(i.name) + ' <span class="chip">' + esc(open ? "open" : "closed") + "</span></strong><small>" + esc("Expires: " + fmtDate(i.expiresAt)) + "</small><small>" + esc("Scopes: " + (i.scopes || []).join(", ")) + "</small><small>" + esc("Agents: " + ((i.allowedAgents || []).join(", ") || "all")) + "</small>" + (i.usedAt ? "<small>" + esc("Used: " + fmtDate(i.usedAt) + " by " + (i.usedByNodeId || "-")) + "</small>" : "") + (open ? peerWarningsHtml(readiness?.warnings || [], "Pairing warning") + peerInviteDetails(i) + '<div class="row"><button class="danger" data-peer-invite-delete="' + attr(i.id) + '"' + disabledAttr("peers.write") + ">Delete invite</button></div>" : "") + "</div>";
+  }
+  function peerCard(p) {
+    const selected = state.selectedPeer === p.id ? ' <span class="chip">selected</span>' : "";
+    const health = p.remoteStatus || p.lastSeenAt ? "Health: " + (p.remoteStatus || "seen") + (p.lastLatencyMs !== void 0 ? " / " + p.lastLatencyMs + "ms" : "") + (p.remoteVersion ? " / v" + p.remoteVersion : "") : "Health: unchecked";
+    const aliases = Object.entries(p.workspaceAliases || {}).map(([a, w]) => a + "=" + w).join(", ");
+    return '<div class="item"><strong>' + esc(p.name) + ' <span class="adapter-status ' + (p.enabled ? "enabled" : "disabled") + '">' + (p.enabled ? "enabled" : "disabled") + "</span>" + selected + "</strong><small>" + esc("URL: " + (p.url || "-")) + "</small><small>" + esc("Node: " + p.nodeId + " / " + p.fingerprint) + "</small>" + (p.tlsFingerprint ? "<small>" + esc("TLS: " + p.tlsFingerprint) + "</small>" : "") + "<small>" + esc("Direction: " + p.direction + " / scopes " + (p.scopes || []).join(", ")) + "</small><small>" + esc("Agents: " + ((p.allowedAgents || []).join(", ") || "all")) + "</small><small>" + esc("Workspaces: " + ((p.allowedWorkspaceRoots || []).join(", ") || "all")) + "</small>" + (aliases ? "<small>" + esc("Aliases: " + aliases) + "</small>" : "") + "<small>" + esc(health) + "</small>" + (p.lastCheckedAt ? "<small>" + esc("Checked: " + fmtDate(p.lastCheckedAt)) + "</small>" : "") + (p.lastSeenAt ? "<small>" + esc("Last seen: " + fmtDate(p.lastSeenAt)) + "</small>" : "") + (p.lastError ? '<small class="error">' + esc("Last error: " + p.lastError) + "</small>" : "") + '<div class="row"><button data-peer-select="' + attr(p.id) + '">Use target</button><button class="secondary" data-peer-test="' + attr(p.id) + '">Test</button><button class="secondary" data-peer-probe="' + attr(p.id) + '"' + disabledAttr("peers.connect") + '>Probe this node</button><button class="secondary" data-peer-edit="' + attr(p.id) + '"' + disabledAttr("peers.write") + '>Edit</button><button class="secondary" data-peer-toggle="' + attr(p.id) + '"' + disabledAttr("peers.write") + ">" + (p.enabled ? "Disable" : "Enable") + '</button><button class="danger" data-peer-revoke="' + attr(p.id) + '"' + disabledAttr("peers.write") + ">Revoke</button></div></div>";
+  }
+  function openPeerDialog(p) {
+    const aliases = Object.entries(p.workspaceAliases || {}).map(([a, w]) => a + "=" + w).join(", ");
+    adminDialog("Edit peer", '<label>Name<input id="dlgPeerName" value="' + attr(p.name || "") + '"></label><label>URL<input id="dlgPeerUrl" value="' + attr(p.url || "") + '"></label><label class="checkbox"><input id="dlgPeerEnabled" type="checkbox" ' + (p.enabled ? "checked" : "") + '> Enabled</label><label class="full-span">Scopes<input id="dlgPeerScopes" value="' + attr((p.scopes || []).join(", ")) + '"></label><label class="full-span">Allowed agents<input id="dlgPeerAgents" value="' + attr((p.allowedAgents || []).join(", ")) + '"></label><label class="full-span">Allowed workspace roots<input id="dlgPeerWorkspaces" value="' + attr((p.allowedWorkspaceRoots || []).join(", ")) + '"></label><label class="full-span">Workspace aliases<input id="dlgPeerAliases" placeholder="project=/srv/project, demo=/home/me/demo" value="' + attr(aliases) + '"></label>', async () => {
+      await api("/api/peers/" + encodeURIComponent(p.id), { method: "PATCH", body: JSON.stringify({ name: val("dlgPeerName"), url: val("dlgPeerUrl"), enabled: document.getElementById("dlgPeerEnabled").checked, scopes: csvToList(val("dlgPeerScopes")), allowedAgents: csvToList(val("dlgPeerAgents")), allowedWorkspaceRoots: csvToList(val("dlgPeerWorkspaces")), workspaceAliases: aliasMap(val("dlgPeerAliases")) }), local: true });
+      toast("Peer updated");
+      await loadPeers();
+    });
+  }
+  function openPeerInviteDialog() {
+    const warnings = state.peers?.readiness?.warnings || [];
+    const warningHtml = peerWarningsHtml(warnings, "Pairing warning") + (warnings.length ? '<small class="full-span">The invite can still be created, but pairing may fail until the peer endpoint is reachable.</small>' : "");
+    adminDialog("Create peer invite", warningHtml + '<label>Name<input id="dlgPeerInviteName" value="NordRelay peer"></label><label>Expires minutes<input id="dlgPeerInviteExpires" type="number" value="10" min="1" max="1440"></label><label class="full-span">Scopes<input id="dlgPeerInviteScopes" value="inspect, sessions.read, sessions.write, prompt.send, prompt.abort, queue.read, queue.write, files.read, files.write, diagnostics.read, logs.read"></label><label class="full-span">Allowed agents<input id="dlgPeerInviteAgents" value="codex, pi, hermes, openclaw, claude-code"></label><label class="full-span">Allowed workspace roots<input id="dlgPeerInviteWorkspaces" placeholder="empty means all"></label><label class="full-span">Workspace aliases<input id="dlgPeerInviteAliases" placeholder="project=/srv/project, demo=/home/me/demo"></label>', async () => {
+      const r = await api("/api/peers/invite", { method: "POST", body: JSON.stringify({ name: val("dlgPeerInviteName"), expiresMinutes: Number(val("dlgPeerInviteExpires") || 10), scopes: csvToList(val("dlgPeerInviteScopes")), allowedAgents: csvToList(val("dlgPeerInviteAgents")), allowedWorkspaceRoots: csvToList(val("dlgPeerInviteWorkspaces")), workspaceAliases: aliasMap(val("dlgPeerInviteAliases")) }), local: true });
+      if (r.invitation?.id) state.peerInviteSecrets[r.invitation.id] = { code: r.code || "", command: r.command || "" };
+      toast("Peer invite created. Pairing details are shown under Open invitations.", { duration: 8e3 });
+      await loadPeers();
+    });
+    document.getElementById("adminDialogSubmit").textContent = warnings.length ? "Create invite anyway" : "Create invite";
+  }
+  function aliasMap(text) {
+    return Object.fromEntries((text || "").split(",").map((item) => item.split("=", 2).map((part) => part.trim())).filter(([a, w]) => a && w));
+  }
+  function bindPeerButtons() {
+    document.querySelectorAll("[data-peer-select]").forEach((b) => b.onclick = () => safe(async () => {
+      state.selectedPeer = b.dataset.peerSelect || "local";
+      localStorage.setItem("nordrelayPeerTarget", state.selectedPeer);
+      connectEvents();
+      await loadBootstrap();
+      toast("Peer target selected");
+    }));
+    document.querySelectorAll("[data-peer-test]").forEach((b) => b.onclick = () => safe(async () => {
+      const r = await api("/api/peers/" + encodeURIComponent(b.dataset.peerTest) + "/health", { local: true });
+      toast("Peer reachable: " + (r.data?.version ? "v" + r.data.version : "ok"), { duration: 6e3 });
+      loadPeers();
+    }));
+    const localProbe = document.getElementById("checkPeerReachabilityBtn");
+    if (localProbe) localProbe.onclick = () => safe(async () => {
+      if (!can("peers.connect")) {
+        toast("Permission required: peers.connect");
+        return;
+      }
+      state.peerProbeResult = await api("/api/peers/probe", { method: "POST", body: JSON.stringify({}), local: true });
+      document.getElementById("peerProbeResult").innerHTML = peerProbeResultHtml(state.peerProbeResult);
+      toast(state.peerProbeResult.probe?.ok ? "Peer endpoint reachable" : "Peer endpoint not reachable", { duration: 7e3 });
+    });
+    document.querySelectorAll("[data-peer-probe]").forEach((b) => b.onclick = () => safe(async () => {
+      if (!can("peers.connect")) {
+        toast("Permission required: peers.connect");
+        return;
+      }
+      const p = (state.peers?.peers || []).find((x) => x.id === b.dataset.peerProbe);
+      state.peerProbeResult = await api("/api/peers/probe", { method: "POST", body: JSON.stringify({ peerId: b.dataset.peerProbe }), local: true });
+      state.peerProbeResult.peerName = p?.name;
+      document.getElementById("peerProbeResult").innerHTML = peerProbeResultHtml(state.peerProbeResult);
+      toast(state.peerProbeResult.probe?.ok ? "Remote peer can reach this node" : "Remote peer cannot reach this node", { duration: 8e3 });
+    }));
+    document.querySelectorAll("[data-peer-edit]").forEach((b) => b.onclick = () => {
+      const p = (state.peers?.peers || []).find((x) => x.id === b.dataset.peerEdit);
+      if (p) openPeerDialog(p);
+    });
+    document.querySelectorAll("[data-peer-toggle]").forEach((b) => b.onclick = () => safe(async () => {
+      const p = (state.peers?.peers || []).find((x) => x.id === b.dataset.peerToggle);
+      if (!p) return;
+      await api("/api/peers/" + encodeURIComponent(p.id), { method: "PATCH", body: JSON.stringify({ enabled: !p.enabled }), local: true });
+      toast("Peer updated");
+      loadPeers();
+    }));
+    document.querySelectorAll("[data-peer-revoke]").forEach((b) => b.onclick = () => safe(async () => {
+      if (confirm("Revoke this peer?")) {
+        await api("/api/peers/" + encodeURIComponent(b.dataset.peerRevoke), { method: "DELETE", local: true });
+        if (state.selectedPeer === b.dataset.peerRevoke) {
+          state.selectedPeer = "local";
+          localStorage.setItem("nordrelayPeerTarget", "local");
+        }
+        toast("Peer revoked");
+        loadPeers();
+      }
+    }));
+    document.querySelectorAll("[data-peer-invite-copy]").forEach((b) => b.onclick = () => copyText(b.dataset.peerInviteCopy || "", b.dataset.peerInviteCopyLabel || "Copied"));
+    document.querySelectorAll("[data-peer-invite-delete]").forEach((b) => b.onclick = () => safe(async () => {
+      if (confirm("Delete this peer invitation?")) {
+        await api("/api/peers/invitations/" + encodeURIComponent(b.dataset.peerInviteDelete), { method: "DELETE", local: true });
+        delete state.peerInviteSecrets[b.dataset.peerInviteDelete];
+        toast("Peer invitation deleted");
+        loadPeers();
+      }
+    }));
+  }
+  const SETUP_WIZARDS = {
+    telegram: {
+      id: "telegram",
+      label: "Telegram",
+      description: "Create a Telegram bot, choose polling or webhook delivery, and enable the Telegram adapter.",
+      docs: [
+        ["BotFather", "https://t.me/BotFather"],
+        ["Telegram Bot API", "https://core.telegram.org/bots/api"],
+        ["Webhook setup", "https://core.telegram.org/bots/api#setwebhook"]
+      ],
+      defaults: { TELEGRAM_ENABLED: "true", TELEGRAM_TRANSPORT: "polling", TELEGRAM_WEBHOOK_HOST: "127.0.0.1", TELEGRAM_WEBHOOK_PORT: "8080", TELEGRAM_WEBHOOK_PATH: "/telegram/webhook" },
+      required: ["TELEGRAM_BOT_TOKEN"],
+      steps: [
+        { title: "Create the bot", body: "Open BotFather, create a bot with /newbot, then paste only the token value into NordRelay. Do not paste the full BotFather message.", settings: ["TELEGRAM_BOT_TOKEN"], links: [["Open BotFather", "https://t.me/BotFather"]] },
+        { title: "Choose delivery mode", body: "Polling is the simplest setup and works without a public URL. Use webhook only when this NordRelay instance is reachable through HTTPS from Telegram.", settings: ["TELEGRAM_TRANSPORT", "TELEGRAM_WEBHOOK_URL", "TELEGRAM_WEBHOOK_HOST", "TELEGRAM_WEBHOOK_PORT", "TELEGRAM_WEBHOOK_PATH", "TELEGRAM_WEBHOOK_SECRET"], links: [["Webhook documentation", "https://core.telegram.org/bots/api#setwebhook"]] },
+        { title: "Enable and secure access", body: "Enable Telegram only after the token is configured. Access is still controlled by NordRelay users, groups, and linked Telegram identities or registered chats.", settings: ["TELEGRAM_ENABLED"], links: [["Bot API overview", "https://core.telegram.org/bots/api"]] }
+      ]
+    },
+    discord: {
+      id: "discord",
+      label: "Discord",
+      description: "Create a Discord application, configure slash commands or message commands, invite the bot, and enable Discord.",
+      docs: [
+        ["Discord Developer Portal", "https://discord.com/developers/applications"],
+        ["Privileged intents", "https://discord.com/developers/docs/topics/gateway#privileged-intents"],
+        ["OAuth2 bot invite", "https://discord.com/developers/docs/topics/oauth2"]
+      ],
+      defaults: { DISCORD_ENABLED: "true", DISCORD_MESSAGE_CONTENT_ENABLED: "true", DISCORD_COMMAND_MODE: "both", DISCORD_AUTO_REGISTER_COMMANDS: "true" },
+      required: ["DISCORD_BOT_TOKEN", "DISCORD_CLIENT_ID"],
+      steps: [
+        { title: "Create application and bot", body: "Create an application in the Discord Developer Portal, add a bot, copy the bot token, and copy the Application ID from General Information.", settings: ["DISCORD_BOT_TOKEN", "DISCORD_CLIENT_ID"], links: [["Developer Portal", "https://discord.com/developers/applications"]] },
+        { title: "Commands, intents, and invite", body: "For regular text commands, enable Message Content Intent under Bot > Privileged Gateway Intents. Invite the bot with bot and applications.commands scopes.", settings: ["DISCORD_MESSAGE_CONTENT_ENABLED", "DISCORD_COMMAND_MODE", "DISCORD_AUTO_REGISTER_COMMANDS"], links: [["Privileged intents", "https://discord.com/developers/docs/topics/gateway#privileged-intents"], ["OAuth2 scopes", "https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-scopes"]] },
+        { title: "Limit server and channel scope", body: "Enable Discord Developer Mode, then right-click servers and channels to copy IDs. These allow-lists run before the NordRelay user/group access checks.", settings: ["DISCORD_GUILD_IDS", "DISCORD_ALLOWED_GUILD_IDS", "DISCORD_ALLOWED_CHANNEL_IDS"], links: [["Where to find IDs", "https://support.discord.com/hc/en-us/articles/206346498-Where-can-I-find-my-User-Server-Message-ID"]] },
+        { title: "Enable Discord", body: "Enable the adapter after the bot token, client ID, and invite are ready. Users still need NordRelay permissions and linked Discord identities or registered channels.", settings: ["DISCORD_ENABLED"], links: [["Developer Portal", "https://discord.com/developers/applications"]] }
+      ]
+    },
+    slack: {
+      id: "slack",
+      label: "Slack",
+      description: "Create a Slack app, configure Socket Mode or HTTP Events, add slash commands, and enable Slack.",
+      docs: [
+        ["Slack API Apps", "https://api.slack.com/apps"],
+        ["Socket Mode", "https://api.slack.com/apis/connections/socket"],
+        ["Slash commands", "https://api.slack.com/interactivity/slash-commands"]
+      ],
+      defaults: { SLACK_ENABLED: "true", SLACK_SOCKET_MODE: "true", SLACK_PORT: "3000", SLACK_COMMAND: "/nordrelay" },
+      required: ["SLACK_BOT_TOKEN"],
+      steps: [
+        { title: "Create and install the Slack app", body: "Create a Slack app, add bot scopes, install it into the workspace, and copy the OAuth bot token that starts with xoxb-.", settings: ["SLACK_BOT_TOKEN"], links: [["Slack API Apps", "https://api.slack.com/apps"], ["OAuth scopes", "https://api.slack.com/authentication/oauth-v2"]] },
+        { title: "Choose transport mode", body: "Socket Mode is recommended because it avoids exposing a public HTTP endpoint. For Socket Mode, create an app-level token with connections:write. For HTTP Events, use the Signing Secret and configure an externally reachable URL.", settings: ["SLACK_SOCKET_MODE", "SLACK_APP_TOKEN", "SLACK_SIGNING_SECRET", "SLACK_PORT"], links: [["Socket Mode", "https://api.slack.com/apis/connections/socket"], ["Events API", "https://api.slack.com/apis/events-api"]] },
+        { title: "Commands and scope", body: "Configure the slash command in Slack and optionally restrict workspaces or channels before NordRelay user/group permissions are applied.", settings: ["SLACK_COMMAND", "SLACK_ALLOWED_TEAM_IDS", "SLACK_ALLOWED_CHANNEL_IDS", "SLACK_MESSAGE_CONTENT_ENABLED"], links: [["Slash commands", "https://api.slack.com/interactivity/slash-commands"], ["Finding Slack IDs", "https://slack.com/help/articles/221769328-Locate-your-Slack-URL-or-ID"]] },
+        { title: "Enable Slack", body: "Enable the adapter after tokens and command settings are ready. Users still need NordRelay permissions and linked Slack identities or registered channels.", settings: ["SLACK_ENABLED"], links: [["Slack API Apps", "https://api.slack.com/apps"]] }
+      ]
+    }
+  };
+  function settingByKey(key) {
+    return (state.settings || []).find((s) => s.key === key) || null;
+  }
+  function wizardCurrentValue(key) {
+    const values = state.settingsWizard?.values || {};
+    if (Object.prototype.hasOwnProperty.call(values, key)) return values[key];
+    const s = settingByKey(key);
+    return s ? s.configured ? s.value || "" : s.effectiveValue || "" : "";
+  }
+  function wizardOriginalValue(key) {
+    const s = settingByKey(key);
+    return s && s.configured ? s.value : "";
+  }
+  function isMaskedSettingValue(value) {
+    return /^\*+$/.test(String(value || "")) || String(value || "").includes("...");
+  }
+  function wizardKeys(wizard) {
+    return Array.from(new Set(wizard.steps.flatMap((step) => step.settings)));
+  }
+  function safeDocLink(label, url) {
+    return '<a href="' + attr(url) + '" target="_blank" rel="noopener noreferrer">' + esc(label) + "</a>";
+  }
+  function wizardLinkList(links = []) {
+    return links.length ? '<div class="wizard-links">' + links.map(([label, url]) => safeDocLink(label, url)).join("") + "</div>" : "";
+  }
+  function startSettingsWizard(channel) {
+    const wizard = SETUP_WIZARDS[channel];
+    if (!wizard) return;
+    const values = {};
+    for (const [key, value] of Object.entries(wizard.defaults || {})) {
+      const setting = settingByKey(key);
+      if (!setting?.configured || key.endsWith("_ENABLED")) values[key] = value;
+    }
+    state.settingsWizard = { channel, step: 0, values, errors: [], testResult: null };
+    renderSettingsWizardStep();
+  }
+  function openSettingsWizardHome() {
+    if (!can("settings.write")) {
+      toast("Permission required: settings.write");
+      return;
+    }
+    state.settingsWizard = { home: true };
+    renderSettingsWizardHome();
+  }
+  function closeSettingsWizard() {
+    state.settingsWizard = null;
+    document.getElementById("settingsTabs").style.display = "";
+    renderSettings();
+  }
+  function wizardRequiredValuePresent(key) {
+    const value = wizardCurrentValue(key);
+    if (!value) return false;
+    const setting = settingByKey(key);
+    if (isMaskedSettingValue(value)) return setting?.kind === "secret" && (setting.configured || setting.masked);
+    return true;
+  }
+  function wizardMissingRequired(wizard) {
+    return (wizard.required || []).filter((key) => !wizardRequiredValuePresent(key));
+  }
+  function renderSettingsWizardHome() {
+    document.getElementById("settingsTabs").style.display = "none";
+    const cards = Object.values(SETUP_WIZARDS).map((wizard) => {
+      const missing = wizardMissingRequired(wizard);
+      const docs = wizardLinkList(wizard.docs);
+      return '<div class="wizard-card"><strong>' + esc(wizard.label) + ' <span class="adapter-status ' + (missing.length ? "planned" : "enabled") + '">' + esc(missing.length ? missing.length + " missing" : "ready") + "</span></strong><p>" + esc(wizard.description) + "</p><small>" + esc(missing.length ? "Missing: " + missing.join(", ") : "Required values are present or configured.") + "</small>" + docs + '<button type="button" data-start-wizard="' + attr(wizard.id) + '">Start wizard</button></div>';
+    }).join("");
+    document.getElementById("settingsForm").innerHTML = '<div class="settings-wizard"><div class="wizard-header"><div><h2>Setup wizard</h2><p>Choose a chat adapter and follow the guided setup. Bot/app credentials only enable transport; NordRelay user and group permissions still control access.</p></div><button type="button" class="secondary" id="backToSettingsBtn">Back to settings</button></div><div class="wizard-choice-grid">' + cards + "</div></div>";
+    document.getElementById("backToSettingsBtn").onclick = closeSettingsWizard;
+    document.querySelectorAll("[data-start-wizard]").forEach((b) => b.onclick = () => startSettingsWizard(b.dataset.startWizard));
+    applyPermissions();
+  }
+  function wizardSettingInput(s) {
+    const value = wizardCurrentValue(s.key);
+    const attrs = ' data-wizard-setting="' + attr(s.key) + '" data-original-value="' + attr(wizardOriginalValue(s.key)) + '"';
+    if (s.options) {
+      return "<select" + attrs + '><option value="">Unset / inherit active default</option>' + s.options.map((o) => '<option value="' + attr(o) + '" ' + (value === o ? "selected" : "") + ">" + esc(o) + "</option>").join("") + "</select>";
+    }
+    if (s.kind === "boolean") {
+      return "<select" + attrs + '><option value="">Unset / inherit active default</option><option value="true" ' + (value === "true" ? "selected" : "") + '>true</option><option value="false" ' + (value === "false" ? "selected" : "") + ">false</option></select>";
+    }
+    if (s.kind === "json") return '<textarea rows="4"' + attrs + ">" + esc(value) + "</textarea>";
+    return "<input" + attrs + ' value="' + attr(value) + '" ' + (s.kind === "secret" ? 'type="password" autocomplete="new-password"' : "") + ">";
+  }
+  function renderWizardSetting(key) {
+    const s = settingByKey(key);
+    if (!s) return '<div class="setting"><strong>' + esc(key) + "</strong><small>Unknown setting.</small></div>";
+    return '<div class="setting" data-wizard-setting-box="' + attr(key) + '" data-restart-required="' + (s.restartRequired ? "true" : "false") + '">' + settingLabel(s) + wizardSettingInput(s) + "<small>" + esc(s.key + " - " + s.description) + (s.effectiveValue ? " Active: " + esc(s.effectiveValue) + "." : "") + (s.restartRequired ? " Restart required." : "") + '</small><div class="setting-error"></div></div>';
+  }
+  function renderWizardProgress(wizard) {
+    return '<div class="wizard-progress">' + wizard.steps.map((step, index) => '<button type="button" data-wizard-step="' + index + '" class="' + (index === state.settingsWizard.step ? "active" : "") + '">' + esc(String(index + 1) + ". " + step.title) + "</button>").join("") + "</div>";
+  }
+  function renderSettingsWizardStep() {
+    const wizard = SETUP_WIZARDS[state.settingsWizard?.channel];
+    if (!wizard) {
+      renderSettingsWizardHome();
+      return;
+    }
+    const step = wizard.steps[state.settingsWizard.step] || wizard.steps[0];
+    document.getElementById("settingsTabs").style.display = "none";
+    document.getElementById("settingsForm").innerHTML = '<div class="settings-wizard"><div class="wizard-header"><div><h2>' + esc(wizard.label) + " setup wizard</h2><p>" + esc(wizard.description) + '</p></div><button type="button" class="secondary" id="wizardHomeBtn">Wizard home</button></div>' + renderWizardProgress(wizard) + '<div class="wizard-step"><h3>' + esc(step.title) + "</h3><p>" + esc(step.body) + "</p>" + wizardLinkList(step.links) + '<div id="wizardRestartBanner"></div><div class="settings-grid">' + step.settings.map(renderWizardSetting).join("") + '</div><div id="wizardErrors" class="wizard-errors"></div><div id="wizardTestResult" class="wizard-test-result"></div><div class="wizard-actions"><button type="button" id="wizardPrevBtn" class="secondary">Back</button><button type="button" id="wizardNextBtn">' + esc(state.settingsWizard.step === wizard.steps.length - 1 ? "Review" : "Next") + '</button><button type="button" id="wizardTestBtn" class="secondary">Test setup</button><button type="button" id="wizardSaveBtn">Save wizard settings</button><button type="button" id="wizardSaveRestartBtn" class="secondary"' + disabledAttr("system.restart") + '>Save and restart</button></div><div class="setting-help">After transport is configured, link users and register allowed chats or channels in the Users page.</div></div></div>';
+    bindWizardUx();
+    renderWizardValidation();
+  }
+  function bindWizardUx() {
+    document.getElementById("wizardHomeBtn").onclick = renderSettingsWizardHome;
+    document.querySelectorAll("[data-wizard-step]").forEach((b) => b.onclick = () => {
+      collectWizardValues();
+      state.settingsWizard.step = Number(b.dataset.wizardStep) || 0;
+      renderSettingsWizardStep();
+    });
+    document.querySelectorAll("[data-wizard-setting]").forEach((el) => {
+      el.oninput = () => {
+        state.settingsWizard.values[el.dataset.wizardSetting] = el.value;
+        renderWizardValidation();
+      };
+      el.onchange = el.oninput;
+    });
+    document.getElementById("wizardPrevBtn").onclick = () => {
+      collectWizardValues();
+      if (state.settingsWizard.step > 0) {
+        state.settingsWizard.step--;
+        renderSettingsWizardStep();
+      } else renderSettingsWizardHome();
+    };
+    document.getElementById("wizardNextBtn").onclick = () => {
+      collectWizardValues();
+      if (state.settingsWizard.step < SETUP_WIZARDS[state.settingsWizard.channel].steps.length - 1) {
+        state.settingsWizard.step++;
+        renderSettingsWizardStep();
+      } else renderWizardReview();
+    };
+    document.getElementById("wizardSaveBtn").onclick = () => safe(() => saveWizard(false));
+    document.getElementById("wizardSaveRestartBtn").onclick = () => safe(() => saveWizard(true));
+    document.getElementById("wizardTestBtn").onclick = () => safe(testWizardSetup);
+    applyPermissions();
+  }
+  function collectWizardValues() {
+    document.querySelectorAll("[data-wizard-setting]").forEach((el) => {
+      state.settingsWizard.values[el.dataset.wizardSetting] = el.value;
+    });
+  }
+  function collectWizardPatch(wizard) {
+    collectWizardValues();
+    const patch = {};
+    for (const key of wizardKeys(wizard)) {
+      if (!Object.prototype.hasOwnProperty.call(state.settingsWizard.values, key)) continue;
+      const value = state.settingsWizard.values[key];
+      if (value !== wizardOriginalValue(key)) patch[key] = value;
+    }
+    return patch;
+  }
+  function collectWizardSettings(wizard) {
+    collectWizardValues();
+    const settings = {};
+    for (const key of wizardKeys(wizard)) settings[key] = wizardCurrentValue(key);
+    return settings;
+  }
+  function parseList(text) {
+    return String(text || "").split(",").map((item) => item.trim()).filter(Boolean);
+  }
+  function wizardValueBool(value) {
+    return ["true", "1", "yes", "on"].includes(String(value || "").toLowerCase());
+  }
+  function validateSnowflakeList(value, label, required = false) {
+    const items = parseList(value);
+    if (required && items.length === 0) return [label + " is required."];
+    return items.filter((item) => !/^[0-9]{5,32}$/.test(item)).map((item) => label + " contains invalid Discord ID: " + item);
+  }
+  function validateSlackIdList(value, label) {
+    return parseList(value).filter((item) => !/^[A-Z0-9]{2,64}$/.test(item)).map((item) => label + " contains invalid Slack ID: " + item);
+  }
+  function validateWizard(wizard) {
+    const v = Object.fromEntries(wizardKeys(wizard).map((key) => [key, wizardCurrentValue(key)]));
+    const errors = [];
+    const warnings = [];
+    if (wizard.id === "telegram") {
+      if (!v.TELEGRAM_BOT_TOKEN) errors.push("Telegram bot token is required.");
+      else if (!isMaskedSettingValue(v.TELEGRAM_BOT_TOKEN) && !/^[0-9]{5,}:[A-Za-z0-9_-]{20,}$/.test(v.TELEGRAM_BOT_TOKEN)) errors.push("Telegram bot token does not look like a BotFather token.");
+      if (!["polling", "webhook"].includes(v.TELEGRAM_TRANSPORT || "polling")) errors.push("Telegram transport must be polling or webhook.");
+      if ((v.TELEGRAM_TRANSPORT || "polling") === "webhook") {
+        if (!String(v.TELEGRAM_WEBHOOK_URL || "").startsWith("https://")) errors.push("Webhook public URL must be HTTPS.");
+        if (!v.TELEGRAM_WEBHOOK_HOST) errors.push("Webhook bind host is required.");
+        if (!Number.isFinite(Number(v.TELEGRAM_WEBHOOK_PORT))) errors.push("Webhook port must be numeric.");
+        if (!String(v.TELEGRAM_WEBHOOK_PATH || "").startsWith("/")) errors.push("Webhook path must start with /.");
+      }
+    }
+    if (wizard.id === "discord") {
+      if (!v.DISCORD_BOT_TOKEN) errors.push("Discord bot token is required.");
+      else if (!isMaskedSettingValue(v.DISCORD_BOT_TOKEN) && String(v.DISCORD_BOT_TOKEN).length < 20) errors.push("Discord bot token is too short.");
+      if (!v.DISCORD_CLIENT_ID) errors.push("Discord client ID is required.");
+      else errors.push(...validateSnowflakeList(v.DISCORD_CLIENT_ID, "Discord client ID", true));
+      errors.push(...validateSnowflakeList(v.DISCORD_GUILD_IDS, "Discord guild IDs"));
+      errors.push(...validateSnowflakeList(v.DISCORD_ALLOWED_GUILD_IDS, "Allowed Discord guilds"));
+      errors.push(...validateSnowflakeList(v.DISCORD_ALLOWED_CHANNEL_IDS, "Allowed Discord channels"));
+      if (["message", "both"].includes(v.DISCORD_COMMAND_MODE || "both") && !wizardValueBool(v.DISCORD_MESSAGE_CONTENT_ENABLED)) warnings.push("Message command mode needs Message Content Intent enabled in the Discord Developer Portal.");
+    }
+    if (wizard.id === "slack") {
+      if (!v.SLACK_BOT_TOKEN) errors.push("Slack bot token is required.");
+      else if (!isMaskedSettingValue(v.SLACK_BOT_TOKEN) && !String(v.SLACK_BOT_TOKEN).startsWith("xoxb-")) errors.push("Slack bot token should start with xoxb-.");
+      if (wizardValueBool(v.SLACK_SOCKET_MODE)) {
+        if (!v.SLACK_APP_TOKEN) errors.push("Slack app token is required for Socket Mode.");
+        else if (!isMaskedSettingValue(v.SLACK_APP_TOKEN) && !String(v.SLACK_APP_TOKEN).startsWith("xapp-")) errors.push("Slack app token should start with xapp-.");
+      } else {
+        if (!v.SLACK_SIGNING_SECRET) errors.push("Slack signing secret is required when Socket Mode is disabled.");
+        if (!Number.isFinite(Number(v.SLACK_PORT))) errors.push("Slack HTTP port must be numeric.");
+      }
+      if (v.SLACK_COMMAND && !String(v.SLACK_COMMAND).startsWith("/")) errors.push("Slack slash command must start with /.");
+      errors.push(...validateSlackIdList(v.SLACK_ALLOWED_TEAM_IDS, "Allowed Slack teams"));
+      errors.push(...validateSlackIdList(v.SLACK_ALLOWED_CHANNEL_IDS, "Allowed Slack channels"));
+    }
+    return { errors, warnings };
+  }
+  function renderWizardValidation() {
+    const wizard = SETUP_WIZARDS[state.settingsWizard?.channel];
+    if (!wizard) return;
+    const result = validateWizard(wizard);
+    const target = document.getElementById("wizardErrors");
+    if (target) target.innerHTML = [...result.errors.map((e) => '<div class="wizard-error">' + esc(e) + "</div>"), ...result.warnings.map((w) => '<div class="wizard-warning">' + esc(w) + "</div>")].join("");
+    const changed = Object.keys(collectWizardPatch(wizard)).length;
+    const banner = document.getElementById("wizardRestartBanner");
+    if (banner) banner.innerHTML = changed ? '<div class="restart-banner">' + changed + " wizard setting(s) will be saved. A NordRelay restart may be required.</div>" : "";
+    document.getElementById("wizardSaveBtn").disabled = !can("settings.write") || result.errors.length > 0;
+    document.getElementById("wizardSaveRestartBtn").disabled = !can("settings.write") || !can("system.restart") || result.errors.length > 0;
+  }
+  function renderWizardReview() {
+    const wizard = SETUP_WIZARDS[state.settingsWizard.channel];
+    collectWizardValues();
+    const validation = validateWizard(wizard);
+    const patch = collectWizardPatch(wizard);
+    document.getElementById("settingsForm").innerHTML = '<div class="settings-wizard"><div class="wizard-header"><div><h2>' + esc(wizard.label) + ' review</h2><p>Review changed settings before saving. Secret values stay masked when they are already configured.</p></div><button type="button" class="secondary" id="wizardEditBtn">Back to wizard</button></div><div class="list">' + (Object.keys(patch).map((key) => '<div class="item"><strong>' + esc(key) + "</strong><small>" + esc(isMaskedSettingValue(patch[key]) ? "configured secret / unchanged" : patch[key] || "(unset)") + "</small></div>").join("") || '<div class="item">No wizard changes.</div>') + '</div><div id="wizardErrors">' + [...validation.errors.map((e) => '<div class="wizard-error">' + esc(e) + "</div>"), ...validation.warnings.map((w) => '<div class="wizard-warning">' + esc(w) + "</div>")].join("") + '</div><div class="wizard-actions"><button type="button" id="wizardSaveBtn">Save wizard settings</button><button type="button" id="wizardSaveRestartBtn" class="secondary"' + disabledAttr("system.restart") + '>Save and restart</button><button type="button" class="secondary" id="wizardHomeBtn">Wizard home</button></div></div>';
+    document.getElementById("wizardEditBtn").onclick = renderSettingsWizardStep;
+    document.getElementById("wizardHomeBtn").onclick = renderSettingsWizardHome;
+    document.getElementById("wizardSaveBtn").onclick = () => safe(() => saveWizard(false));
+    document.getElementById("wizardSaveRestartBtn").onclick = () => safe(() => saveWizard(true));
+    document.getElementById("wizardSaveBtn").disabled = validation.errors.length > 0;
+    document.getElementById("wizardSaveRestartBtn").disabled = !can("system.restart") || validation.errors.length > 0;
+    applyPermissions();
+  }
+  async function saveWizard(restart) {
+    const wizard = SETUP_WIZARDS[state.settingsWizard.channel];
+    const validation = validateWizard(wizard);
+    if (validation.errors.length) {
+      renderWizardValidation();
+      toast("Wizard settings need attention");
+      return;
+    }
+    const patch = collectWizardPatch(wizard);
+    const r = await api("/api/settings", { method: "PATCH", body: JSON.stringify({ settings: patch }) });
+    if (r.errors && r.errors.length) {
+      document.getElementById("settingsStatus").textContent = "Fix " + r.errors.length + " setting error(s)";
+      toast("Settings need attention");
+      return;
+    }
+    toast("Wizard settings saved" + (r.restartRequired ? " - restart required" : ""));
+    document.getElementById("settingsStatus").textContent = (r.changedKeys?.length ? "Saved " + r.changedKeys.length + " wizard setting(s)" : "No changes") + (r.restartRequired ? " - restart required" : "");
+    if (restart) {
+      await api("/api/runtime/restart", { method: "POST" });
+      toast("Settings saved and restart requested", { duration: 6e3 });
+    }
+    await loadSettings();
+  }
+  async function testWizardSetup() {
+    const wizard = SETUP_WIZARDS[state.settingsWizard.channel];
+    const validation = validateWizard(wizard);
+    if (validation.errors.length) {
+      renderWizardValidation();
+      toast("Fix validation errors before testing");
+      return;
+    }
+    const target = document.getElementById("wizardTestResult");
+    target.innerHTML = loadingHtml("Testing setup...");
+    const result = await api("/api/settings/wizard/test", { method: "POST", body: JSON.stringify({ channel: wizard.id, settings: collectWizardSettings(wizard) }) });
+    target.innerHTML = (result.checks || []).map((check) => '<div class="item"><strong>' + esc(check.label) + ' <span class="adapter-status ' + (check.status === "ok" ? "enabled" : check.status === "warn" ? "planned" : "disabled") + '">' + esc(check.status) + "</span></strong><small>" + esc(check.detail || "") + "</small></div>").join("") || '<div class="item">No checks returned.</div>';
+  }
+  document.getElementById("settingsWizardBtn").onclick = openSettingsWizardHome;
 })();