agentgui 1.0.973 → 1.0.975

package/AGENTS.md

@@ -1,5 +1,17 @@
 # AgentGUI — Agent Notes
 
+## Design-maturity sweep + dead-code + secret-hardening (2026-06-18) — sixteenth run
+
+Same mandate ("fix every aspect, all design lives in ../design, fan out subagents, track with a workflow"). One tracking Workflow **`gui-design-16` (run `wf_6479308b-24f`, 12 lenses chat-thread/composer-input/files-browser/sessions-dashboard/shell-chrome/tokens-theme/a11y-motion/history-settings/marketing-site/glyph-residue/dead-code/server-security): 54 agents -> hunt -> adversarial verify -> 40 confirmed findings, ~2.7M tokens.** Applied via a clean per-file subagent fan-out (one agent per physical file, zero edit conflicts).
+
+**Kit fixes (ALL in `/config/workspace/design`):** chat.js ToolCallNode now gates the `args` section on real args (`hasArgs`) so result-only/arg-less cards no longer show `args {}` + composer `<textarea>` binds the `disabled` prop; agent-chat.js cwd input emits `aria-busy` while checking; content.js EventList now forwards `detail/actions/highlight/meta` to Row (expanded history events were dropping toolInput detail + copy + search-highlight) + TextField gained a full invalid/error state (`error`/`aria-invalid`/`aria-describedby`/`.ds-field-error` role=alert); interaction-primitives.js ShortcutList splits combos into discrete `.ds-kbd` caps (`.ds-kbd-caps`/`.ds-kbd-sep` + CSS) instead of one wide cap; sessions.js ConversationList rail filter migrated from bespoke `.ds-session-search` to the shared `SearchInput`/`.ds-search-input` (one filter control across rail + dashboard); shell.js WsResizer adds `aria-valuetext "<n> pixels"`; voice.js `×`->`Icon('x')`, community.js `⋯`->`'more'` (glyph residue). chat.css: cwd `.is-checking` hint tone + `aria-busy` field cue + cwd-btn `6px`->`var(--r-1)`, breakdown idle disc moved off the connecting-amber to canonical `--stale` double-inset, breakdown running disc shape-ring, `.ds-dash-clear` hover/focus-visible, `.chat-tool-copy:focus-visible`, errors-toggle AA fix, ds-session-search base block removed. app-shell.css: composer + WorkspaceShell (`.ws-rail/.ws-pane/.ws-sessions/.ws-scrim`) reduced-motion guards, `.ds-file-row.is-locked/.is-restricted` + `.ds-file-perm-tag` chip, `.ws-drawer-toggle` 44px coarse floor, `.ds-density-btn.active`/`.ds-filter-pill.active` AA contrast (`color:var(--fg)`), ShortcutList legend rules. editor-primitives.css `#000` dock shadow->`var(--shadow-3)` + checkbox `#fff` fallback dropped. app-surfaces.css `@media print` re-asserts paper-tuned signal tokens. community.css `:focus-visible` for ThreadPanel/Forum/Page + forum-search. marketing.css NEW `.site-footer` family (theme.mjs footers migrated off the in-app `.app-status` strip that suppressed content <=1100px) + `.site-cli` baseline+card-chrome + token paddings + `100dvh` embed.
+
+**Server secret-hardening (`lib/http-handler.js`, the high-sev cluster):** the module-level `SECRET_RE` (already blocking `/api/file`+`/api/download`) is now ALSO applied to `/api/upload-file`, `/api/mkdir`, `/api/rename` (403 on a secret/dotfile target name — was an overwrite-a-secret hole) and `/api/list` (filters secret-named dirents from the listing — was enumerating `.env`/`.pem` the preview/download routes block); `/api/download` Content-Disposition is now RFC-5987 encoded (ASCII `filename=` fallback + `filename*=UTF-8''<pct>`) so a CJK/emoji name no longer throws `ERR_INVALID_CHAR`. `validate-mutations.mjs` 26/26 PASS, no regression.
+
+**Dead-code removal:** agentgui `site/app/vendor/cdn/` (36 dead files — marked/dompurify/prismjs/fonts, zero refs; markdown stack fetches jsDelivr at runtime), `scripts/harvest-fixtures.mjs` (zero refs), and the 3 `node scripts/copy-vendor.js` lines in `.github/workflows/build-platforms.yml` (script deleted in the 15th run — CI was broken); kit `scripts/bundle-markdown.mjs` (orphaned, superseded by src/markdown.js). 
+
+**Witnessed** (localhost:3009/gm/?token, PASSWORD=`123,slam,123,slam`, fresh server + re-vendored dist, via gm `browser` verb): readyState complete, `ds-247420` dark body `rgb(19,19,24)`, 3 resizers, hScroll 0, rail `ds-search-input`=1 / bespoke `ds-session-search`=0 (consolidation landed), `ds-file-perm-tag`/`site-footer`/`ds-kbd-caps` rules all resolve, **0 console errors**. Kit build all 4 lints PASS. `test.js` 10 pass/0 fail. Re-vendored `dist/247420.{css,js}`.
+
 ## Design-maturity sweep + dead-code + server-hardening (2026-06-18) — fifteenth run
 
 Mandate: "fix every aspect, update ../design, all design content lives there, fan out subagents, track with a workflow." Two tracking Workflows ran. **`gui-design-15` (run `wf_7ba315a1-9a9`, 8 lenses composer-input/chat-thread/files/sessions/shell/tokens-theme/a11y-motion/glyph-residue): 59 agents -> 42 findings -> 35 confirmed -> 33 applied across 9 kit files** + 2 deferred fixes implemented after (shell pane-toggle relocated into `.ws-crumb` as a `ws-desktop-toggle`; files density picker made icon-led with 3 NEW shell.js icons `rows`/`rows-tight`/`grid` + `DENSITY_ICONS` + `.ds-density-btn` 28px square). **`gui-design-15b` (run `wf_5b2861b2-717`, 3 lenses history-settings/server-boundary/security): 25 agents -> 22 findings -> 18 confirmed**, all landed. Total ~95 agents, ~4M tokens.
@@ -14,15 +26,11 @@ Mandate: "fix every aspect, update ../design, all design content lives there, fa
 
 ## Design-maturity sweep + marketing-site consolidation (2026-06-18) — fourteenth run
 
-Continues the 13th run's "all design lives in the kit" mandate to the LAST residue surface + a kit design-maturity sweep. **`site/theme.mjs` (the flatspace marketing/landing renderer, NOT the SPA) was the remaining residue**: it carried an inline `<style>` with hardcoded hex (`#FBF6EB`/`#1F1B16`), ~12 inline `style=` props, deprecated `C.Btn({primary})`, and two `↗` arrow glyphs. ALL migrated: a new kit **`marketing.css`** `.site-*` family (`.site-panel`/`.site-hero`/`.site-hero-h`/`.site-hero-body`/`.site-chip-row`/`.site-cta-row`/`.site-cli`+`.cli`/`.prompt`/`.cmd`/`.site-embed`, pre-scoped `.ds-247420`, wired into `build.mjs` cssParts + `lint-glyphs` `SCAN_ROOT_FILES`); kit `Panel`/`Heading` gained a **`class` prop** (they only accepted `style`) so consumers attach classes instead of inline styles; `Btn({primary})` -> `Btn({variant:'primary'})`; `↗` -> `->`. theme.mjs head now render-blocking-`<link>`s the kit `247420.css` (it loaded the kit via JS importmap only, so the inline `<style>` was its pre-JS FOUC guard) — the kit already owns the base surface (`app-surfaces.css:27` `.ds-247420 body { background:var(--bg); color:var(--fg); font-family:var(--ff-display) }`). flatspace is NOT a dep here; theme.mjs is a pure render fn witnessed by loading its `renderHtml()` output. **The marketing site tracks unpkg@latest (importmap+CSS link); the SPA ships the pinned vendored dist — two intentional load strategies.**
-
-**Workflow `gui-design-14` (via the Workflow tool, run `wf_50751bd9-a43`, 7 lenses: chat-thread/files/sessions/shell-chrome/tokens-theme/a11y-motion/marketing-residue): 46 agents -> 39 findings -> 28 adversarially confirmed** (`PUNCHLIST-DESIGN-14.md`; 2 lens connection-failures: tokens-theme hunt + marketing-residue verify). ALL landed in the kit. **chat:** ThinkingNode base CSS (`.chat-thinking`/`-text`/`-dots` had ZERO base rules outside `.agentchat-working`), markdown `table`/`th`/`td`/`hr` (were unstyled -> bare cells), dead `.chat-tick` inline-code class given a rule, composer toolbar unified on 32px/`--r-1` (was 40px-round vs 36px-square), flat `.chat-md` rhythm+inset, streaming `.chat-stream-pre` persistent chrome, tool/code `:has()` measure-breakout. **files:** FileSkeleton container was a single 48px shimmer bar collapsing all rows (now inner `.ds-skel`-only), filter folded into one `.ds-file-controls` toolbar row, per-type cell icon tints, dead `data-columns` card-mode removed (+ `FILE_GRID_MIN_COL`/`columns` param), `.ds-file-check` dead font/color decls dropped + `.ds-check-box` rest border -> `--fg-3`. **sessions:** stale disc own tone (was sharing `--amber` with connecting) + connecting now a hollow ring, dead duplicate `.ds-dash-status.is-running` removed + running unified on `--accent` across disc/breakdown/card, `.seg.is-idle` weight 600, reduced-motion live-disc static-ring fallback, mixed-tick thickened 1.5px->2px, card cost as emphasized `.ds-dash-stat-cost`, conv-list unread -> hollow ring (shape-distinct from running). **shell:** resizers hidden past their staging breakpoints (`@media` 1480/1100/900 — were dead handles dragging vars into a fixed drawer), coarse-pointer 16px hit target, `WS_RESIZE_CLAMP` reconciled to the CSS `clamp()` floors/ceilings, localStorage committed on pointerup (not per-move), separator `aria-valuemin/max/now`. **a11y:** voice `vx-*` added to `community.css` reduced-motion guard, status discs given non-colour SHAPE channels, `.ds-input-bare` `:focus`->`:focus-visible`+ring. **Status-disc shape rule:** live=solid+pulse(or static ring under reduced-motion), error=solid+halo, connecting=hollow ring, stale=muted solid — four channels, not colour-only. Witnessed live (localhost:3009/gm/?token, PASSWORD=`123,slam,123,slam`): 0 console/page errors, dark body surface painted by kit, 3 resizers, no h-scroll, migrated classes resolve. Kit pushed `3704876`; rebased onto a concurrent CI `v0.0.211` bump.
+`site/theme.mjs` (marketing renderer, NOT the SPA) was the last design residue -> migrated to a NEW kit `marketing.css` `.site-*` family; `Panel`/`Heading` gained a `class` prop; `Btn({primary})`->`Btn({variant:'primary'})`. Workflow `gui-design-14` (`wf_50751bd9-a43`, 7 lenses) 46 agents -> 28 confirmed, all in the kit (ThinkingNode/markdown-table/status-disc shape channels/shell resizer breakpoints). **Status-disc shape rule: live=solid+pulse, error=solid+halo, connecting=hollow ring, stale=muted solid.** Full detail in rs-learn (recall "agentgui 14th run marketing-site consolidation").
 
 ## Design-content consolidation — ALL design lives in the kit now (2026-06-18) — thirteenth run
 
-The mandate: every design decision must live in the kit (`../design` = `/config/workspace/design`), none in the agentgui app. **`site/app/index.html` no longer carries an inline `<style>` block** — the ~240-line block (28 classes: `.pill`/`.cwd-bar`/`.resume-banner`/`.health-chip`/`.settings-grid`/`.history-empty`/`.boot-splash`/`.chat-controls`/`.status-dot`/`.ds-event-list` overrides + `event-flash` keyframe + scrollbar theming + focus rings + responsive + print) moved to a NEW kit file **`../design/app-surfaces.css`** (wired into `scripts/build.mjs` CSS_FILES, scoped `.ds-247420`, reads kit tokens directly with NO `--agentgui-*` fallbacks — those local color vars are deleted). `app.js` carries **zero inline `style=` props** (the 6 margin literals -> `.agentgui-field-mb`/`.agentgui-field-my` kit utilities; the `mainStyle` layout string -> `.agentgui-main`/`.agentgui-main-chat` kit rules). **Rule going forward: no design content in agentgui — new surface styling is a kit CSS rule, never an inline `<style>` or `style=`.** `app-surfaces.css` selectors are written pre-scoped `.ds-247420 ...` so the build's selector-prefixer (handles `:root`/`html`/`body`, compounds `[attr]`/`*`) leaves them untouched. Because `247420.css` is a render-blocking `<link>` in head and `<html class="ds-247420">` is static, there is NO FOUC from moving the base/boot-splash styling into the kit.
-
-**Workflow `.claude/workflows/gui-design-consolidation.js`** (residue-first 13th run, 6 lenses: design-residue/chat-thread/files-live/shell-chrome/tokens-theme/a11y-motion) ran 44 agents -> 19 confirmed findings (`PUNCHLIST-DESIGN.md`), ALL landed in the kit: composer send-row `.chat-composer-toolbar` (was unstyled), role-monotonic chat hover tints, tool-card `done` success tone, base-`Chat` `.chat-empty-suggestion` styling, error-card flame inset rail, `.ds-check-box` CSS-drawn multi-select checkbox (replaced the `[x]/[ ]` bracket text in files.js+sessions.js with a bordered box that fills on `.is-marked`/`[aria-checked]` — border-drawn tick, NOT a glyph), thin 26px status strip, status-item ellipsis, `.ws-crumb` gutter align, fluid `clamp()` shell width tokens, `:focus`->`:focus-visible` (no ring on mouse click), `--warn`/`--sky` dark-theme pairs, unified `--focus-*` tokens, reduced-motion skeleton static-fill, color-blind-safe rail SHAPE differentiation + sr-only status word in `Row()`. Amber/purple hardcoded `var(--token, #hex)` fallbacks stripped (the dark-hex could wrongly paint the light theme). **`lint-glyphs` was extended** with `SCAN_ROOT_FILES` (app-shell/chat/colors_and_type/community/community-app/editor-primitives/app-surfaces.css) — the root bundled CSS previously escaped the glyph lint, which is how 39 box-drawing comment dividers in app-shell.css slipped in (now converted to ASCII). Witnessed live (localhost:3009/gm/, fresh bundle): 0 console/page errors, migrated classes resolve from the kit bundle (`.pill` cursor:pointer/radius 999px, `.ds-check-box` 15px, cwd mono), no h-scroll.
+The mandate's origin: every design decision lives in the kit (`../design`), none in agentgui. `site/app/index.html` lost its ~240-line inline `<style>` (moved to NEW kit `app-surfaces.css`); `app.js` carries zero inline `style=` props. **Rule going forward: no design content in agentgui — new surface styling is a kit CSS rule, never an inline `<style>` or `style=`.** `lint-glyphs` extended with `SCAN_ROOT_FILES` so root bundled CSS no longer escapes the glyph lint. Workflow `gui-design-consolidation.js` (6 lenses) 44 agents -> 19 confirmed. Full detail in rs-learn (recall "agentgui 13th run design-content consolidation").
 
 ## CRITICAL — `authedFetch` must NOT set `Authorization: Bearer` behind an nginx Basic-Auth proxy (2026-06-18)
 

package/lib/http-handler.js

@@ -37,6 +37,12 @@ export function confineToRoots(inputPath, allowRoots) {
   return { ok: true, realPath };
 }
 
+// Secret-bearing basenames that must never be readable through ANY confined
+// raw-bytes route (preview or download), even when they sit inside an allowed
+// root: dotfiles, env/key/cert material, and credential stores. One const so
+// /api/file and /api/download can never drift apart.
+export const SECRET_RE = /(^\.|\.(env|pem|key|crt|p12|pfx)$|secret|credential|\.npmrc$|\.netrc$)/i;
+
 // The allowlist the Files surface operates within: server cwd + Claude
 // projects dir, widened via FS_ROOTS (path-separated). One construction so
 // /api/list,file,download and the mutation routes can never drift apart.
@@ -95,19 +101,15 @@ function isAllowRoot(realPath, allowRoots) {
 
 export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, serveFile, staticDir, messageQueues, getWss, activeExecutions, getACPStatus, discoveredAgents, PKG_VERSION, RATE_LIMIT_MAX, rateLimitMap, routes, PORT }) {
   return async function httpHandler(req, res) {
-    // CORS: when PASSWORD is set the server holds credentials a cross-origin
-    // page must not be able to spend, so we do NOT advertise a wildcard origin
-    // (a wildcard + a leaked Bearer/token would let any site the user visits
-    // drive this server). Reflect an explicitly-allowed origin (CORS_ORIGIN)
-    // when configured, else same-origin only. With no PASSWORD the server is
-    // already open, so the permissive wildcard is harmless and kept for tools.
+    // CORS: emit ACAO only when CORS_ORIGIN is explicitly set. A wildcard would
+    // let any webpage the user visits make credentialless fetches to /api/list,
+    // /api/file/*, etc. and read ~/.claude/projects content — even on a no-
+    // PASSWORD localhost deploy. Set CORS_ORIGIN=<origin> for cross-origin tools.
     const _corsOrigin = process.env.CORS_ORIGIN;
     if (_corsOrigin) {
       res.setHeader('Access-Control-Allow-Origin', _corsOrigin);
       res.setHeader('Vary', 'Origin');
-    } else if (!process.env.PASSWORD) {
-      res.setHeader('Access-Control-Allow-Origin', '*');
-    } // else: no ACAO header -> browsers block cross-origin reads (same-origin still works)
+    } // no ACAO header -> browsers enforce same-origin by default
     res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
     res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
     // The password can ride in a ?token= query param (EventSource/deep-links
@@ -403,7 +405,7 @@ export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, ser
             for (const [t, exts] of Object.entries(EXT_TYPE)) if (exts.includes(ext)) return t;
             return 'other';
           };
-          const dirents = fs.readdirSync(normalizedPath, { withFileTypes: true });
+          const dirents = fs.readdirSync(normalizedPath, { withFileTypes: true }).filter((d) => !SECRET_RE.test(d.name));
           const entries = dirents.map((d) => {
             const full = path.join(normalizedPath, d.name);
             let size = null, modified = null, permissions;
@@ -449,7 +451,6 @@ export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, ser
         // material, and credential stores must never be readable through the
         // Files preview even when they sit inside an allowed root.
         const base = path.basename(normalizedPath);
-        const SECRET_RE = /(^\.|\.(env|pem|key|crt|p12|pfx)$|secret|credential|\.npmrc$|\.netrc$)/i;
         if (SECRET_RE.test(base)) { res.writeHead(403); res.end('Forbidden'); return; }
         // Only known text/code extensions (images go through /api/image). An
         // unknown/binary extension is rejected, never served as octet-stream.
@@ -493,15 +494,19 @@ export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, ser
         const conf = confineToRoots(decodedPath, allowRoots);
         if (!conf.ok) { res.writeHead(conf.reason === 'not found' ? 404 : 403); res.end('Forbidden'); return; }
         const normalizedPath = conf.realPath;
+        // Same secret-name block as /api/file: a download must not exfiltrate
+        // .env/.pem/.key/credential material just because it streams bytes.
+        if (SECRET_RE.test(path.basename(normalizedPath))) { res.writeHead(403); res.end('Forbidden'); return; }
         try {
           const st = fs.statSync(normalizedPath);
           if (!st.isFile()) { res.writeHead(400); res.end('Not a file'); return; }
           const MAX = 50 * 1024 * 1024; // 50MB cap so a download can't exhaust memory
           if (st.size > MAX) { res.writeHead(413); res.end('File too large to download'); return; }
-          const name = path.basename(normalizedPath).replace(/["\r\n]/g, '');
+          const base = path.basename(normalizedPath);
+          const asciiName = base.replace(/[\\"\r\n]/g, '').replace(/[^\x20-\x7e]/g, '_');
           res.writeHead(200, {
             'Content-Type': 'application/octet-stream',
-            'Content-Disposition': 'attachment; filename="' + name + '"',
+            'Content-Disposition': 'attachment; filename="' + asciiName + '"; filename*=UTF-8\'\'' + encodeURIComponent(base),
             'Content-Length': String(st.size),
             'Cache-Control': 'no-cache',
           });
@@ -533,6 +538,7 @@ export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, ser
         if (isAllowRoot(conf.realPath, allowRoots)) { sendJSON(req, res, 403, { error: 'forbidden: cannot rename an allowed root' }); return; }
         const newName = sanitizeEntryName(body.newName);
         if (!newName) { sendJSON(req, res, 400, { error: 'invalid name' }); return; }
+        if (SECRET_RE.test(newName)) { sendJSON(req, res, 403, { error: 'forbidden: secret/dotfile name' }); return; }
         const target = path.join(path.dirname(conf.realPath), newName);
         // The target stays in the same (already-confined) directory by
         // construction, but re-check anyway so the invariant is local.
@@ -622,6 +628,7 @@ export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, ser
         if (!conf.ok) { sendJSON(req, res, conf.reason === 'not found' ? 404 : 403, { error: 'forbidden: ' + conf.reason }); return; }
         const name = sanitizeEntryName(body.name);
         if (!name) { sendJSON(req, res, 400, { error: 'invalid name' }); return; }
+        if (SECRET_RE.test(name)) { sendJSON(req, res, 403, { error: 'forbidden: secret/dotfile name' }); return; }
         const target = path.join(conf.realPath, name);
         if (fs.existsSync(target)) { sendJSON(req, res, 409, { error: 'a file with that name already exists' }); return; }
         try { fs.mkdirSync(target); sendJSON(req, res, 200, { ok: true, path: target }); }
@@ -641,6 +648,7 @@ export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, ser
         if (!conf.ok) { sendJSON(req, res, conf.reason === 'not found' ? 404 : 403, { error: 'forbidden: ' + conf.reason }); return; }
         const name = sanitizeEntryName(qs.get('name'));
         if (!name) { sendJSON(req, res, 400, { error: 'invalid name' }); return; }
+        if (SECRET_RE.test(name)) { sendJSON(req, res, 403, { error: 'forbidden: secret/dotfile name' }); return; }
         const target = path.join(conf.realPath, name);
         if (fs.existsSync(target) && qs.get('overwrite') !== '1') { sendJSON(req, res, 409, { error: 'a file with that name already exists' }); return; }
         let buf;
@@ -672,12 +680,14 @@ export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, ser
         const normalizedPath = conf.realPath;
         try {
           const ext = path.extname(normalizedPath).toLowerCase();
-          const mimeTypes = { '.png': 'image/png', '.jpg': 'image/jpeg', '.jpeg': 'image/jpeg', '.gif': 'image/gif', '.webp': 'image/webp', '.svg': 'image/svg+xml' };
-          // Only serve known image types - never an octet-stream fallback, which
-          // would turn this into a generic file reader for any extension.
+          const mimeTypes = { '.png': 'image/png', '.jpg': 'image/jpeg', '.jpeg': 'image/jpeg', '.gif': 'image/gif', '.webp': 'image/webp' };
+          // SVG is intentionally excluded: browsers render SVG as a live document
+          // in the app's origin, so an agent-written SVG with a <script src=CDN>
+          // would execute in the agentgui origin (CSP allows unpkg/jsdelivr).
+          // Files preview uses /api/file/download (attachment) for SVG.
           const contentType = mimeTypes[ext];
           if (!contentType) { res.writeHead(403); res.end('Forbidden'); return; }
-          res.writeHead(200, { 'Content-Type': contentType, 'Cache-Control': 'no-cache' });
+          res.writeHead(200, { 'Content-Type': contentType, 'Cache-Control': 'no-cache', 'X-Content-Type-Options': 'nosniff' });
           res.end(fs.readFileSync(normalizedPath));
         } catch (err) { sendJSON(req, res, 400, { error: err.message }); }
         return;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentgui",
-  "version": "1.0.973",
+  "version": "1.0.975",
   "description": "Multi-agent ACP client with real-time communication",
   "type": "module",
   "main": "electron/main.js",

package/scripts/validate-mutations.mjs

@@ -28,6 +28,9 @@ const TRAVERSAL = join(ROOT, '..', '..', ...(WIN ? ['Windows', 'win.ini'] : ['et
 await check('rename-traversal', 403, await post('/api/rename', { path: TRAVERSAL, newName: 'x.txt' }));
 await check('delete-out-of-roots', 403, await post('/api/delete', { path: OUTSIDE }));
 await check('delete-root-refused', 403, await post('/api/delete', { path: ROOT }));
+await check('rename-to-secret-403', 403, await post('/api/rename', { path: join(ROOT, 'package.json'), newName: '.env' }));
+await check('upload-secret-403', 403, await fetch(BASE + '/api/upload-file?dir=' + encodeURIComponent(ROOT) + '&name=.env', { method: 'PUT', headers: AUTH, body: 'secret' }).then(async r => ({ status: r.status, body: await r.text() })));
+await check('mkdir-secret-403', 403, await post('/api/mkdir', { dir: ROOT, name: '.env' }));
 await check('mkdir-reserved-name', 400, await post('/api/mkdir', { dir: ROOT, name: 'CON' }));
 await check('mkdir-name-with-separator', 400, await post('/api/mkdir', { dir: ROOT, name: 'a/b' }));
 await check('mkdir-name-trailing-dot', 400, await post('/api/mkdir', { dir: ROOT, name: 'evil.' }));

package/site/app/js/app.js

@@ -415,6 +415,7 @@ function openLiveStream() {
           // Dedupe against the snapshot/prior pushes by event index - a
           // reconnect or overlap would otherwise double-append the same event.
           if (ev.i == null || !state.events.some(e => e.i === ev.i)) {
+            ev._idx = state.events.length;
             state.events.push(ev);
             // Cap retained events so a long live session can't grow unbounded.
             if (state.events.length > 2000) state.events.splice(0, state.events.length - 2000);
@@ -1699,7 +1700,9 @@ function appendText(parts, text) {
 // standalone tool_result part. Sets the card's result + done/error status.
 function applyToolResult(parts, block) {
   const id = block.tool_use_id || block.id || null;
-  const content = block?.content ?? block?.output ?? block;
+  const raw = block?.content ?? block?.output ?? block;
+  // Claude API delivers content as an array of {type,text} objects; flatten to plain text.
+  const content = Array.isArray(raw) ? (raw.filter(b => b.type === 'text').map(b => b.text).join('\n') || JSON.stringify(raw, null, 2)) : raw;
   const isError = !!(block?.is_error);
   const byId = id ? [...parts].reverse().find(p => p && p.kind === 'tool' && p._id === id) : null;
   const target = byId || [...parts].reverse().find(p => p && p.kind === 'tool' && p.status === 'running');
@@ -2323,6 +2326,9 @@ async function sendChat(textArg) {
   } finally {
     state.chat.busy = false;
     state.chat.abort = null;
+    // Prune an empty assistant shell (WS-drop before any content arrived).
+    const msgs = state.chat.messages;
+    if (msgs.length && isEmptyTurn(msgs[msgs.length - 1])) msgs.pop();
     persistChat();
     refreshActive();   // settle the running panel/dashboard now, not at the next poll
     render();
@@ -2479,6 +2485,13 @@ function historyMain() {
     onSelect: (id) => { state.eventFilter = id && id.id ? id.id : id; render(); },
     label: 'Filter events by type',
   });
+  // Single pass over state.events for all three counters (replaces three separate .filter() calls).
+  const evCounters = state.events.reduce((c, e) => {
+    if (e.role === 'user') c.turns++;
+    if (e.type === 'tool_use') c.tools++;
+    if (e.isError) c.errors++;
+    return c;
+  }, { turns: 0, tools: 0, errors: 0 });
   const meta = SessionMeta({
     items: [
       sess && sess.cwd ? { label: 'cwd', value: sess.cwd, title: sess.cwd } : null,
@@ -2487,9 +2500,9 @@ function historyMain() {
       // Spelled counter vocabulary in the detail strip (events/turns/tools/
       // errors); the abbreviated 'ev/tools/err' triple stays compact-row-only.
       { label: 'events', value: String(state.events.length) },
-      { label: 'turns', value: String(sess?.userTurns ?? state.events.filter(e => e.role === 'user').length) },
-      { label: 'tools', value: String(state.events.filter(e => e.type === 'tool_use').length) },
-      { label: 'errors', value: String(state.events.filter(e => e.isError).length) },
+      { label: 'turns', value: String(sess?.userTurns ?? evCounters.turns) },
+      { label: 'tools', value: String(evCounters.tools) },
+      { label: 'errors', value: String(evCounters.errors) },
     ].filter(Boolean),
   });
   if (filteredEvents.length === 0) {
@@ -2506,10 +2519,7 @@ function historyMain() {
   const shown = filteredEvents.slice(-limit);
   const hiddenCount = total - shown.length;
   // Keys of the currently-shown rows, so expand-all toggles only what's rendered.
-  const shownKeys = shown.map((e, i) => {
-    const absIdx = total - shown.length + i;
-    return e.i != null ? 'ev' + e.i : 'ev-' + (e.ts || 0) + '-' + (e.type || '') + '-' + absIdx;
-  });
+  const shownKeys = shown.map((e, i) => e.i != null ? 'ev' + e.i : 'ev-' + (e.ts || 0) + '-' + (e.type || '') + '-' + (e._idx ?? (total - shown.length + i)));
   const allExpanded = shownKeys.length > 0 && shownKeys.every(k => state.expandedEvents.has(k));
   const eventControls = h('div', { key: 'evctrl', class: 'history-actions', role: 'group', 'aria-label': 'event controls' },
     Btn({ key: 'expall', onClick: () => {
@@ -2535,8 +2545,7 @@ function historyMain() {
           // Stable key: server event index when present, else ts + the event's
           // ABSOLUTE position in state.events (not the sliced-view index, which
           // shifts when live events append and would collide loaded vs live rows).
-          const absIdx = total - shown.length + i;
-          const key = e.i != null ? 'ev' + e.i : 'ev-' + (e.ts || 0) + '-' + (e.type || '') + '-' + absIdx;
+          const key = e.i != null ? 'ev' + e.i : 'ev-' + (e.ts || 0) + '-' + (e.type || '') + '-' + (e._idx ?? (total - shown.length + i));
           const role = e.role || '?';
           const type = e.type || '?';
           const tool = e.tool ? ' · tool: ' + e.tool : '';
@@ -2890,8 +2899,7 @@ function settingsMain() {
           label: 'backend url',
           value: state.backendDraft,
           placeholder: '(blank = same origin)',
-          'aria-describedby': !isValid ? 'backend-url-error' : undefined,
-          'aria-invalid': !isValid ? 'true' : 'false',
+          error: !isValid ? 'Invalid URL format' : undefined,
           title: isValid ? 'Enter a valid URL or leave blank for same-origin' : 'Invalid URL format',
           onInput: (v) => {
             state.backendDraft = v;
@@ -2900,7 +2908,6 @@ function settingsMain() {
             render();
           },
         }),
-        !isValid ? h('p', { key: 'err', id: 'backend-url-error', class: 'lede field-error', role: 'alert' }, 'Invalid URL format') : null,
         state.backendStatus === 'connecting' ? h('p', { key: 'bst-connecting', class: 'lede', role: 'status' }, 'connecting…') : null,
         state.backendStatus === 'ok' ? h('p', { key: 'bst-ok', class: 'lede', role: 'status' }, 'connected') : null,
         state.backendStatus === 'failed' ? h('p', { key: 'bst-failed', class: 'lede field-error', role: 'alert' }, 'connection failed - check the URL') : null,
@@ -2977,6 +2984,8 @@ function clearLocalData() {
   // defaults with the keys gone.
   state.chat.abort?.abort(); // stop any in-flight stream before we drop the page
   for (const k of ['agentgui.chat', 'agentgui.agent', 'agentgui.model', 'agentgui.cwd', 'agentgui.backend', 'agentgui.live', 'agentgui.files']) lsRemove(k);
+  // Also wipe kit WorkspaceShell layout keys (collapse state + resizer widths).
+  try { for (let i = localStorage.length - 1; i >= 0; i--) { const k = localStorage.key(i); if (k && k.startsWith('ds.ws.')) localStorage.removeItem(k); } } catch {}
   state.chat = { messages: [], busy: false, abort: null, draft: '', resumeSid: null, confirmingEdit: null, totalCost: 0 };
   location.reload();
 }
@@ -3013,7 +3022,7 @@ function preferencesPanel() {
       state.confirmingClearData
         ? Alert({ key: 'cld', kind: 'warn', title: 'Clear all local data?',
             children: [
-              h('span', { key: 'cldtxt' }, 'Removes saved chat, agent/model/cwd, and backend from this browser. This cannot be undone. '),
+              h('span', { key: 'cldtxt' }, 'Removes saved chat, agent/model/cwd, backend, and layout preferences from this browser. This cannot be undone. '),
               Btn({ key: 'cldno', onClick: () => { state.confirmingClearData = false; render(); }, children: 'cancel' }),
               Btn({ key: 'cldyes', danger: true, onClick: clearLocalData, children: 'clear' })] })
         : Btn({ key: 'cldbtn', onClick: clearLocalData, children: 'clear local data' }),
@@ -3046,7 +3055,9 @@ function agentsPanel() {
           const bits = [PROTOCOL_WORDS[a.protocol] || 'agent'];
           if (!avail) bits.push(a.npxInstallable ? 'runs via npx' : 'not installed');
           if (acp) bits.push(acp.healthy ? 'running healthy' : (acp.running ? 'running' : 'stopped'));
-          if (acp && acp.restartCount > 1) bits.push('restarted ' + acp.restartCount + ' times');
+          if (acp && acp.restartCount >= 1) bits.push('restarted ' + acp.restartCount + (acp.restartCount === 1 ? ' time' : ' times'));
+          if (acp && !acp.healthy && acp.providerInfo?.error) bits.push(acp.providerInfo.error);
+          if (acp && acp.idleMs > 3_600_000) bits.push(fmtDuration(acp.idleMs) + ' idle');
           return Row({
             key: 'ag' + a.id,
             rank: String(i + 1).padStart(3, '0'),
@@ -3192,6 +3203,8 @@ async function loadSession(sid, { focusEventI = null, focusEventTs = null, fromH
     // whole session) - cap in-memory state at the most-recent 5000 so a
     // monster session can't pin the tab; the render window stays 300+load-older.
     if (state.events.length > 5000) state.events = state.events.slice(-5000);
+    // Stamp stable _idx so EventList keys are stable regardless of slice/cap.
+    state.events.forEach((e, i) => { if (e._idx == null) e._idx = i; });
     clearTimeout(slowTimer);
     state.eventsSlow = false;
     state.eventsLoaded = true;

package/site/app/vendor/anentrypoint-design/247420.css

@@ -1809,7 +1809,7 @@
   transition: background var(--dur-snap) var(--ease), color var(--dur-snap) var(--ease);
 }
 .ds-247420 .ds-density-btn:hover { color: var(--fg); }
-.ds-247420 .ds-density-btn.active { background: var(--accent-tint); color: var(--accent); }
+.ds-247420 .ds-density-btn.active { background: var(--accent-tint); color: var(--fg); }
 .ds-247420 .ds-density-btn:focus-visible { outline: 2px solid var(--accent); outline-offset: 1px; }
 
 /* Compact density — tighter rows for long listings. */
@@ -1834,6 +1834,10 @@
 .ds-247420 .ds-file-cell.active { border-color: var(--accent); background: var(--accent-tint); }
 .ds-247420 .ds-file-cell.is-marked { border-color: var(--accent); background: var(--accent-tint); }
 .ds-247420 .ds-file-cell.is-locked { opacity: 0.6; }
+.ds-247420 .ds-file-row.is-locked { opacity: 0.6; }
+.ds-247420 .ds-file-row.is-restricted .title { color: var(--fg-2); }
+.ds-247420 .ds-file-perm-tag { font-family: var(--ff-mono); font-size: var(--fs-micro); color: var(--fg-3); padding: 1px 6px; border: var(--bw-hair) solid var(--rule); border-radius: var(--r-1); white-space: nowrap; }
+.ds-247420 .ds-file-perm-tag.is-noaccess { color: var(--flame); border-color: color-mix(in srgb, var(--flame) 40%, transparent); }
 .ds-247420 .ds-file-cell-open {
   display: flex; flex-direction: column; align-items: stretch; gap: var(--space-1);
   width: 100%; padding: var(--space-1); margin: 0;
@@ -2230,6 +2234,10 @@
   border-radius: var(--r-2); font-size: var(--fs-xs);
 }
 .ds-247420 .ds-shortcut-row { display: flex; align-items: center; gap: var(--space-2); }
+.ds-247420 .ds-shortcuts-hint .ds-kbd-label { flex: 1 1 auto; opacity: .85; }
+.ds-247420 .ds-shortcuts-hint .ds-kbd { white-space: normal; max-width: 100%; }
+.ds-247420 .ds-kbd-caps { display: inline-flex; flex-wrap: wrap; align-items: center; gap: 4px; }
+.ds-247420 .ds-kbd-sep { color: var(--fg-3); font-size: var(--fs-micro); padding: 0 2px; }
 .ds-247420 .ds-kbd {
   display: inline-block; min-width: 0;
   padding: 2px 7px; border-radius: 6px;
@@ -2667,9 +2675,10 @@
      re-declare it; the sizing block now states the truth). */
   line-height: 1.5; resize: none;
   min-height: 28px; max-height: 200px;
-  box-sizing: border-box; overflow-y: auto;
+  box-sizing: border-box; overflow-y: hidden;
   scrollbar-width: thin;
 }
+.ds-247420 .chat-composer textarea:focus { overflow-y: auto; }
 .ds-247420 .chat-composer textarea::placeholder { color: var(--fg-3); }
 .ds-247420 .chat-composer textarea:focus { background: none; border: none; box-shadow: none; outline: none; }
 .ds-247420 .chat-composer .send {
@@ -2702,6 +2711,12 @@
 .ds-247420 .chat-composer .send:disabled {
   background: var(--bg-3); color: var(--fg-3); cursor: not-allowed; transform: none;
 }
+@media (prefers-reduced-motion: reduce) {
+  .ds-247420 .chat-composer,
+  .ds-247420 .chat-composer textarea,
+  .ds-247420 .chat-composer .send,
+  .ds-247420 .composer-btn { transition: none; }
+}
 
 .ds-247420 .aicat-portrait { display: inline-flex; align-items: center; gap: 10px; padding: 4px 0; }
 .ds-247420 .aicat-face {
@@ -3694,6 +3709,8 @@
 .ds-247420 .ws-pane-collapsed .ws-pane > * { display: none; }
 @media (pointer: coarse) {
   .ds-247420 .ws-rail-toggle { width: 44px; height: 44px; }
+  .ds-247420 .ws-drawer-toggle { width: 44px; height: 44px; }
+  .ds-247420 .ws-desktop-toggle { width: 44px; height: 44px; }
 }
 
 /* Drawer toggles and the scrim are hidden by default and revealed by the staged
@@ -3711,6 +3728,7 @@
    pane becomes a mobile overlay drawer at <=1480px, reached via its own
    drawer-toggle), so hide this crumb control past that breakpoint. */
 @media (max-width: 1480px) { .ds-247420 .ws-pane-toggle { display: none; } }
+@media (max-width: 480px) { .ds-247420 .ws-crumb { padding-left: var(--space-2); padding-right: var(--space-2); } }
 .ds-247420 .ws-scrim { display: none; }
 
 /* Responsive: the columns yield to the CONTENT in stages - the main column is
@@ -3819,6 +3837,11 @@
 .ds-247420 .ws-drawer-toggle:hover { background: var(--bg-2); color: var(--fg); }
 .ds-247420 .ws-drawer-toggle:focus-visible { outline: 2px solid var(--accent); outline-offset: 2px; }
 
+@media (prefers-reduced-motion: reduce) {
+  .ds-247420 .ws-shell, .ds-247420 .ws-rail, .ds-247420 .ws-pane, .ds-247420 .ws-sessions, .ds-247420 .ws-scrim { transition: none; }
+  .ds-247420 .ws-resizer::after { transition: none; }
+}
+
 /* ============================================================
    Row title highlight, expanded-row actions, filter pills.
    ============================================================ */
@@ -3849,7 +3872,7 @@
   transition: background var(--dur-snap) var(--ease), color var(--dur-snap) var(--ease);
 }
 .ds-247420 .ds-filter-pill:hover { background: var(--bg-3); color: var(--fg); }
-.ds-247420 .ds-filter-pill.active { background: var(--accent-tint); color: var(--accent); border-color: var(--accent); }
+.ds-247420 .ds-filter-pill.active { background: var(--accent-tint); color: var(--fg); border-color: var(--accent); }
 .ds-247420 .ds-filter-pill:focus-visible { outline: 2px solid var(--accent); outline-offset: 1px; }
 
 /* Touch floor for the new small controls. */
@@ -4907,6 +4930,16 @@
   border-radius: var(--r-1);
 }
 
+/* ThreadPanel / Forum / Page interactive elements */
+.ds-247420 .cm-tp-item:focus-visible,
+.ds-247420 .cm-forum-item:focus-visible { outline: 2px solid var(--accent); outline-offset: -2px; border-radius: var(--r-1); }
+.ds-247420 .cm-tp-new:focus-visible,
+.ds-247420 .cm-tp-close:focus-visible,
+.ds-247420 .cm-forum-new:focus-visible,
+.ds-247420 .cm-forum-sort:focus-visible,
+.ds-247420 .cm-page-edit:focus-visible { outline: 2px solid var(--accent); outline-offset: 2px; border-radius: var(--r-1); }
+.ds-247420 .cm-forum-search:focus-visible { outline: none; box-shadow: inset 0 0 0 2px var(--accent); }
+
 /* ---------- mobile header ---------- */
 .ds-247420 .cm-mobile-header {
   display: flex;
@@ -5487,7 +5520,7 @@
   background: none;
   border: 1px solid var(--rule);
   color: inherit;
-  border-radius: 6px;
+  border-radius: var(--r-1);
   padding: 2px 8px;
   cursor: pointer;
   font: inherit;
@@ -5506,6 +5539,7 @@
 }
 .ds-247420 .agentchat-cwd-input:focus-visible { outline: none; box-shadow: var(--focus-ring-inset); }
 .ds-247420 .agentchat-cwd-input[aria-invalid='true'] { border-color: var(--flame); box-shadow: inset 0 0 0 var(--bw-hair) var(--flame); }
+.ds-247420 .agentchat-cwd-input[aria-busy='true'] { border-color: var(--fg-3); box-shadow: inset 0 0 0 var(--bw-hair) var(--fg-3); }
 
 /* head + thread */
 .ds-247420 .agentchat-head {
@@ -5756,18 +5790,14 @@
 }
 .ds-247420 .ds-session-new > span { display: none; }
 .ds-247420 .ds-session-new:hover { background: var(--bg-2); color: var(--fg); }
-.ds-247420 .ds-session-search { order: 1; flex: 1 1 auto; min-width: 0; }
+/* Rail filter uses the shared .ds-search-input primitive (provides bg/border/
+   radius/focus-ring); only the rail layout + touch floor live here. */
+.ds-247420 .ds-session-head .ds-search-input { order: 1; flex: 1 1 auto; min-width: 0; }
 .ds-247420 .ds-session-new:focus-visible { outline: 2px solid var(--accent); outline-offset: 2px; }
-.ds-247420 .ds-session-search {
-  width: 100%; padding: var(--space-1) var(--space-3); min-height: 36px;
-  background: var(--bg-2); border: var(--bw-hair) solid var(--bg-3); color: var(--fg);
-  border-radius: var(--r-1); font-family: var(--ff-body); font-size: var(--fs-sm);
-}
-.ds-247420 .ds-session-search:focus-visible { outline: none; box-shadow: inset 0 0 0 2px var(--accent); }
 /* Touch floor (must FOLLOW the base rules - same specificity, order decides). */
 @media (pointer: coarse) {
   .ds-247420 .ds-session-new { width: 44px; min-height: 44px; }
-  .ds-247420 .ds-session-search { min-height: 44px; }
+  .ds-247420 .ds-session-head .ds-search-input { min-height: 44px; }
 }
 .ds-247420 .ds-session-list, .ds-247420 .ds-session-groups { flex: 1; min-height: 0; overflow-y: auto; padding: var(--space-2); }
 /* Grouped rows (Today/Yesterday/...) lay out like the flat list; the section
@@ -5946,7 +5976,7 @@
   border-radius: var(--r-1); background: var(--bg-2); color: var(--fg-2);
   cursor: pointer; font-family: var(--ff-body); font-size: var(--fs-tiny);
 }
-.ds-247420 .ds-dash-errors-toggle.active { background: var(--accent-tint); color: var(--accent); border-color: var(--accent); }
+.ds-247420 .ds-dash-errors-toggle.active { background: var(--accent-tint); color: var(--fg); border-color: var(--accent); }
 .ds-247420 .ds-dash-errors-toggle:focus-visible { outline: 2px solid var(--accent); outline-offset: 1px; }
 
 /* --- C3: per-card select checkbox. --- */
@@ -6114,6 +6144,7 @@
 /* Inline cwd validation line (checking / error) under the cwd input. */
 .ds-247420 .agentchat-cwd-hint { font-size: var(--fs-tiny); color: var(--fg-3); }
 .ds-247420 .agentchat-cwd-hint.is-error { color: var(--flame); }
+.ds-247420 .agentchat-cwd-hint.is-checking { color: var(--fg-2); font-style: italic; }
 
 /* Dashboard: shared session title heading (same string as the rails). */
 .ds-247420 .ds-dash-title {
@@ -6213,6 +6244,7 @@
 }
 .ds-247420 .chat-msg .chat-tool .chat-tool-head::-webkit-details-marker { display: none; }
 .ds-247420 .chat-msg .chat-tool .chat-tool-head:hover { background: var(--bg-2); }
+.ds-247420 .chat-msg .chat-tool .chat-tool-head:focus-visible { outline: 2px solid var(--accent); outline-offset: -2px; }
 .ds-247420 .chat-tool-icon { display: inline-flex; color: var(--fg-3); }
 .ds-247420 .chat-tool-name { font-family: var(--ff-mono); font-weight: 600; color: var(--fg); }
 .ds-247420 .chat-tool-label { color: var(--fg-3); font-size: var(--fs-tiny); overflow: hidden; text-overflow: ellipsis; white-space: nowrap; min-width: 0; }
@@ -6233,6 +6265,7 @@
 .ds-247420 .chat-tool-section-label { display: flex; align-items: center; justify-content: space-between; gap: var(--space-2); font-size: var(--fs-tiny); font-weight: 600; text-transform: uppercase; letter-spacing: var(--tr-caps); color: var(--fg-3); }
 .ds-247420 .chat-tool-copy { position: static; opacity: 0; }
 .ds-247420 .chat-tool-section:hover .chat-tool-copy, .ds-247420 .chat-tool-section:focus-within .chat-tool-copy { opacity: 1; }
+.ds-247420 .chat-tool-copy:focus-visible { outline: 2px solid var(--accent); outline-offset: 1px; opacity: 1; }
 .ds-247420 .chat-tool-pre { margin: 0; padding: var(--space-2); background: var(--bg-2); border-radius: var(--r-1); font-family: var(--ff-mono); font-size: var(--fs-tiny); line-height: 1.45; overflow-x: auto; max-height: 320px; overflow-y: auto; }
 .ds-247420 .chat-tool-pre.is-error { color: var(--flame); }
 .ds-247420 .chat-tool-pre.chat-tool-empty { color: var(--fg-3); }
@@ -6288,15 +6321,17 @@
 .ds-247420 .ds-dash-breakdown .seg { display: inline-flex; align-items: center; gap: var(--space-1); font-weight: 600; }
 .ds-247420 .ds-dash-breakdown .seg::before { content: ''; width: 7px; height: 7px; border-radius: 50%; flex: none; }
 .ds-247420 .ds-dash-breakdown .seg.is-running { color: var(--accent); }
-.ds-247420 .ds-dash-breakdown .seg.is-running::before { background: var(--accent); }
+.ds-247420 .ds-dash-breakdown .seg.is-running::before { background: var(--accent); box-shadow: 0 0 0 1.5px color-mix(in oklab, var(--accent) 30%, transparent); }
 .ds-247420 .ds-dash-breakdown .seg.is-error { color: var(--flame); }
 .ds-247420 .ds-dash-breakdown .seg.is-error::before { background: var(--flame); box-shadow: 0 0 0 1.5px color-mix(in oklab, var(--flame) 38%, transparent); }
-.ds-247420 .ds-dash-breakdown .seg.is-idle { color: var(--amber); }
-.ds-247420 .ds-dash-breakdown .seg.is-idle::before { background: transparent; box-shadow: inset 0 0 0 2px var(--amber); }
+.ds-247420 .ds-dash-breakdown .seg.is-idle { color: var(--stale); }
+.ds-247420 .ds-dash-breakdown .seg.is-idle::before { background: transparent; box-shadow: inset 0 0 0 1px var(--stale), inset 0 0 0 3px var(--bg); }
 .ds-247420 .ds-dash-stream-disc { display: inline-flex; align-items: center; gap: var(--space-1); }
 .ds-247420 .ds-dash-selectall { display: inline-flex; align-items: center; gap: var(--space-1); font-size: var(--fs-tiny); color: var(--fg-2); cursor: pointer; background: none; border: none; padding: var(--space-1); }
 .ds-247420 .ds-dash-selectall:focus-visible { outline: 2px solid var(--accent); outline-offset: 1px; }
 .ds-247420 .ds-dash-clear { background: none; border: none; color: var(--fg-3); cursor: pointer; font-size: var(--fs-tiny); text-decoration: underline dotted; padding: var(--space-1); }
+.ds-247420 .ds-dash-clear:hover { color: var(--fg); }
+.ds-247420 .ds-dash-clear:focus-visible { outline: 2px solid var(--accent); outline-offset: 1px; border-radius: var(--r-1); }
 
 /* Conversation-rail loading skeleton (cold ccsniff walk). */
 .ds-247420 .ds-session-row-skeleton { display: flex; flex-direction: column; gap: 6px; padding: var(--space-2) var(--space-3); }
@@ -7504,7 +7539,7 @@
 .ds-247420 .ds-input-check:checked { background: var(--accent); border-color: var(--accent); }
 .ds-247420 .ds-input-check:checked::after {
     content: ''; position: absolute; left: 4px; top: 1px;
-    width: 4px; height: 8px; border: solid var(--accent-fg, #fff);
+    width: 4px; height: 8px; border: solid var(--accent-fg);
     border-width: 0 2px 2px 0; transform: rotate(45deg);
 }
 .ds-247420 .ds-input-check:focus-visible { outline: 2px solid var(--accent); outline-offset: 2px; }
@@ -7546,7 +7581,7 @@
     -webkit-backdrop-filter: blur(10px); backdrop-filter: blur(10px);
     border: 1px solid var(--rule);
     border-radius: var(--r-2, 8px);
-    box-shadow: 0 6px 24px color-mix(in oklab, #000 28%, transparent);
+    box-shadow: var(--shadow-3);
     color: var(--panel-text);
     overflow: hidden;
 }
@@ -7870,9 +7905,6 @@
 .ds-247420 .ds-event-list .row[role="button"]:hover { background: color-mix(in srgb, var(--fg) 5%, transparent); }
 .ds-247420 .ds-event-list .row.event-flash { animation: agentgui-event-flash 2s ease-out; }
 
-/* Chat composer: hide the idle scrollbar on the (empty/short) textarea. */
-.ds-247420 .chat-composer textarea { overflow-y: auto; scrollbar-width: thin; }
-.ds-247420 .chat-composer textarea:not(:focus) { overflow-y: hidden; }
 
 /* Generic interactive focus ring for app-emitted controls. */
 .ds-247420 button:focus-visible,
@@ -7913,6 +7945,10 @@
 }
 
 @media print {
+  /* Re-assert the paper-tuned signal tokens so token-derived foregrounds
+     (status discs, error text, tool cards) print with light-theme colours
+     rather than the dark-theme-derived values inherited under auto-dark. */
+  .ds-247420 { --flame:#C53E00; --amber:#8A6512; --warn:#E0241A; --sky:#3A6EFF; --bg:var(--paper); --fg:var(--ink); }
   .ds-247420 #app { min-height: auto; display: block; height: auto; }
   .ds-247420 .skip-link, .ds-247420 .status-dot, .ds-247420 .history-actions, .ds-247420 .chat-composer { display: none !important; }
   .ds-247420 .app, .ds-247420 .app-main, .ds-247420 .panel, .ds-247420 .chat, .ds-247420 .chat-thread {
@@ -7930,20 +7966,28 @@
 .ds-247420 .site-panel { margin: var(--space-2); }
 
 /* Hero block */
-.ds-247420 .site-hero { padding: 24px 22px; }
+.ds-247420 .site-hero { padding: var(--space-4); }
 .ds-247420 .site-hero-h { margin: 0 0 var(--space-2); }
 .ds-247420 .site-hero-body { margin: var(--space-2) 0 var(--space-3); color: var(--fg-2); max-width: 64ch; }
 .ds-247420 .site-chip-row { display: flex; gap: 6px; flex-wrap: wrap; margin: 0 0 var(--space-3); }
 .ds-247420 .site-cta-row { display: flex; gap: var(--space-2); flex-wrap: wrap; }
 
 /* Quickstart CLI block — these .cli/.prompt/.cmd nodes were previously unstyled. */
-.ds-247420 .site-cli { padding: 16px 22px; }
-.ds-247420 .site-cli .cli { display: flex; gap: var(--space-2); font-family: var(--ff-mono); font-size: var(--fs-sm); padding: 2px 0; }
+.ds-247420 .site-cli { padding: var(--space-3); background: var(--bg); border: var(--bw-hair, 1px) solid var(--rule); border-radius: var(--r-1); }
+.ds-247420 .site-cli .cli { display: flex; align-items: baseline; gap: var(--space-2); font-family: var(--ff-mono); font-size: var(--fs-sm); padding: 2px 0; }
 .ds-247420 .site-cli .prompt { color: var(--fg-3); user-select: none; flex: 0 0 auto; }
 .ds-247420 .site-cli .cmd { color: var(--fg); white-space: pre-wrap; word-break: break-word; }
 
-/* Embedded legacy doc (iframe wrapper) */
-.ds-247420 .site-embed { width: 100%; height: calc(100vh - 180px); min-height: 520px; border: 0; border-radius: var(--r-1); background: var(--bg-2); display: block; }
+/* Embedded legacy doc (iframe wrapper). 180px = the page chrome (topbar +
+ * crumb + footer) sitting above the embed; dvh keeps it mobile-safe. */
+.ds-247420 .site-embed { width: 100%; height: calc(100dvh - 180px); min-height: 320px; border: 0; border-radius: var(--r-1); background: var(--bg-2); display: block; }
+
+/* Marketing footer family (the in-app .app-status strip suppresses content
+ * below 1100px; the site footer always shows its credits row). */
+.ds-247420 .site-footer { display: flex; flex-wrap: wrap; align-items: center; gap: var(--space-2) var(--space-3); width: 100%; padding: var(--space-3) var(--space-4); font-family: var(--ff-body); font-size: var(--fs-sm); line-height: 1.4; color: var(--fg-3); border-top: 1px solid var(--rule); }
+.ds-247420 .site-footer .item { color: inherit; }
+.ds-247420 .site-footer .item:first-of-type { color: var(--accent); }
+.ds-247420 .site-footer .spread { flex: 1; }
 
 /* spoint/loading-screen.css */
 /* Loading-screen kit styles. Scoped under .ds-247420 at build time.