npm - ltcai - Versions diffs - 0.1.28 → 0.1.30 - Mend

ltcai 0.1.28 → 0.1.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +42 -16
package/auto_setup.py +605 -0
package/docs/CHANGELOG.md +57 -0
package/docs/images/lattice-ai-demo.gif +0 -0
package/docs/images/screenshot-admin.png +0 -0
package/docs/images/screenshot-chat.png +0 -0
package/docs/images/screenshot-graph.png +0 -0
package/kg_schema.py +723 -0
package/llm_router.py +4 -4
package/mcp_registry.py +791 -0
package/package.json +5 -1
package/requirements.txt +1 -0
package/server.py +738 -823
package/static/account.html +5 -616
package/static/admin.html +236 -1371
package/static/chat.html +204 -7146
package/static/graph.html +15 -1436
package/static/lattice-reference.css +6557 -71
package/static/scripts/account.js +230 -0
package/static/scripts/admin.js +1198 -0
package/static/scripts/chat.js +4634 -0
package/static/scripts/graph.js +1059 -0
package/static/sw.js +11 -1

package/server.py CHANGED Viewed

@@ -12,6 +12,7 @@ import json
 import logging
 import os
 import platform
+import queue
 import re
 import secrets
 import threading
@@ -46,6 +47,15 @@ from PIL import Image
 from llm_router import AsyncOpenAI, LLMRouter, OPENAI_COMPATIBLE_PROVIDERS, HF_MODELS_ROOT, ensure_mlx_runtime, hf_model_dir, parse_model_ref, mx, normalize_branding
 from knowledge_graph import KnowledgeGraphStore
+import mcp_registry
+from mcp_registry import (
+    MCP_REGISTRY, _THIRD_PARTY_SKILL_SOURCES, _KNOWN_REPO_LICENSES,
+    _MARKETPLACE_RAW, _MARKETPLACE_API,
+    _fetch_remote_mcp_registry, _get_combined_registry,
+    _extract_skill_desc, _fetch_plugin_skills,
+    _fetch_skills_marketplace, _fetch_plugin_directory,
+    _OPEN_LICENSES, install_skill, SKILLS_DIR,
+)
 from p_reinforce import BRAIN_DIR, PReinforceGardener
 from setup import get_recommendations, install_stream, open_url, scan_environment
 from auto_setup import (
@@ -211,19 +221,24 @@ SSO_CLIENT_SECRET = env_value("OIDC_CLIENT_SECRET", "")
 SSO_REDIRECT_URI = env_value("OIDC_REDIRECT_URI", "http://localhost:4825/auth/sso/callback")
 SSO_PROVIDER_NAME = env_value("OIDC_PROVIDER_NAME", "SSO")
 _sso_discovery_cache: Optional[Dict] = None
+_sso_discovery_cache_url: str = ""
 _sso_states: Dict[str, float] = {}  # state → timestamp (CSRF protection)
 async def _get_sso_discovery() -> Optional[Dict]:
-    global _sso_discovery_cache
-    if _sso_discovery_cache:
+    global _sso_discovery_cache, _sso_discovery_cache_url
+    settings = get_sso_settings()
+    discovery_url = settings.get("discovery_url", "")
+    if _sso_discovery_cache and _sso_discovery_cache_url == discovery_url:
         return _sso_discovery_cache
-    if not SSO_DISCOVERY_URL:
+    if not discovery_url:
         return None
     try:
         import httpx as _httpx
         async with _httpx.AsyncClient() as c:
-            r = await c.get(SSO_DISCOVERY_URL, timeout=10)
+            r = await c.get(discovery_url, timeout=10)
+            r.raise_for_status()
             _sso_discovery_cache = r.json()
+            _sso_discovery_cache_url = discovery_url
     except Exception as e:
         logging.warning("SSO discovery failed: %s", e)
         return None
@@ -254,7 +269,7 @@ def verify_and_migrate_password(email: str, plain: str, stored: str, users: Dict
             append_audit_event("password_migrated_from_plaintext", user_email=email)
         except Exception as e:
             logging.warning("audit log failed on password migration: %s", e)
-        logging.info("Migrated plaintext password to bcrypt hash for %s", email)
+        logging.info("Migrated plaintext password to scrypt hash for %s", email)
         return True
     return False
@@ -357,11 +372,12 @@ HISTORY_FILE = DATA_DIR / "chat_history.json"
 VPC_FILE = DATA_DIR / "vpc_config.json"
 MCP_FILE = DATA_DIR / "mcp_installs.json"
 AUDIT_FILE = DATA_DIR / "audit_log.json"
+SSO_FILE = DATA_DIR / "sso_config.json"
 KNOWLEDGE_GRAPH = KnowledgeGraphStore(DATA_DIR / "knowledge_graph.sqlite", DATA_DIR / "knowledge_graph_blobs") if ENABLE_GRAPH else None
 def _require_graph():
     if not ENABLE_GRAPH or KNOWLEDGE_GRAPH is None:
-        raise HTTPException(status_code=404, detail="Data Graph is disabled. Set LATTICEAI_ENABLE_GRAPH=true in .env to enable.")
+        raise HTTPException(status_code=404, detail="지식 그래프가 비활성화되어 있습니다. LATTICEAI_ENABLE_GRAPH=true 설정 후 다시 시도해 주세요.")
 class UserRegister(BaseModel):
     email: str
@@ -387,6 +403,75 @@ class VpcConfigUpdate(BaseModel):
     peering_status: Optional[str] = None
     notes: Optional[str] = None
+class SsoConfigUpdate(BaseModel):
+    enabled: Optional[bool] = None
+    provider_name: Optional[str] = None
+    discovery_url: Optional[str] = None
+    client_id: Optional[str] = None
+    client_secret: Optional[str] = None
+    redirect_uri: Optional[str] = None
+    scopes: Optional[str] = None
+def _sso_env_defaults() -> Dict[str, object]:
+    return {
+        "enabled": bool(SSO_DISCOVERY_URL and SSO_CLIENT_ID and SSO_CLIENT_SECRET),
+        "provider_name": SSO_PROVIDER_NAME,
+        "discovery_url": SSO_DISCOVERY_URL,
+        "client_id": SSO_CLIENT_ID,
+        "client_secret": SSO_CLIENT_SECRET,
+        "redirect_uri": SSO_REDIRECT_URI,
+        "scopes": "openid email profile",
+    }
+def load_sso_config() -> Dict[str, object]:
+    config = _sso_env_defaults()
+    if SSO_FILE.exists():
+        try:
+            data = json.loads(SSO_FILE.read_text(encoding="utf-8"))
+            if isinstance(data, dict):
+                config.update({k: v for k, v in data.items() if v is not None})
+        except Exception as e:
+            logging.warning("load_sso_config failed (using env/defaults): %s", e)
+    config["provider_name"] = str(config.get("provider_name") or "SSO")
+    config["discovery_url"] = str(config.get("discovery_url") or "")
+    config["client_id"] = str(config.get("client_id") or "")
+    config["client_secret"] = str(config.get("client_secret") or "")
+    config["redirect_uri"] = str(config.get("redirect_uri") or SSO_REDIRECT_URI)
+    config["scopes"] = str(config.get("scopes") or "openid email profile")
+    config["enabled"] = bool(config.get("enabled")) and bool(
+        config["discovery_url"] and config["client_id"] and config["client_secret"]
+    )
+    return config
+def get_sso_settings() -> Dict[str, object]:
+    return load_sso_config()
+def public_sso_config(config: Optional[Dict[str, object]] = None) -> Dict[str, object]:
+    cfg = config or get_sso_settings()
+    return {
+        "enabled": bool(cfg.get("enabled")),
+        "provider_name": cfg.get("provider_name") or "",
+        "discovery_url": cfg.get("discovery_url") or "",
+        "client_id": cfg.get("client_id") or "",
+        "redirect_uri": cfg.get("redirect_uri") or SSO_REDIRECT_URI,
+        "scopes": cfg.get("scopes") or "openid email profile",
+        "secret_configured": bool(cfg.get("client_secret")),
+    }
+def save_sso_config(update: Dict[str, object]) -> Dict[str, object]:
+    global _sso_discovery_cache, _sso_discovery_cache_url
+    current = load_sso_config()
+    if update.get("client_secret") == "":
+        update.pop("client_secret", None)
+    current.update({k: v for k, v in update.items() if v is not None})
+    current["enabled"] = bool(current.get("enabled")) and bool(
+        current.get("discovery_url") and current.get("client_id") and current.get("client_secret")
+    )
+    SSO_FILE.write_text(json.dumps(current, ensure_ascii=False, indent=2), encoding="utf-8")
+    _sso_discovery_cache = None
+    _sso_discovery_cache_url = ""
+    return current
 class McpRecommendRequest(BaseModel):
     query: str
     limit: int = 5
@@ -429,782 +514,6 @@ DEFAULT_VPC_CONFIG = {
     "updated_at": None,
 }
-MCP_REGISTRY = [
-    {
-        "id": "presentations",
-        "name": "Presentations MCP",
-        "category": "PPT / slides",
-        "install_mode": "bundled",
-        "description": "PowerPoint, Google Slides용 발표자료를 만들고 렌더링 검수까지 이어갑니다.",
-        "keywords": ["ppt", "powerpoint", "slides", "slide", "deck", "presentation", "발표", "피피티", "프레젠테이션", "슬라이드", "제안서"],
-        "capabilities": ["PPTX 생성", "슬라이드 구조화", "차트 중심 스토리", "렌더링 검수"],
-    },
-    {
-        "id": "documents",
-        "name": "Documents MCP",
-        "category": "Docs / reports",
-        "install_mode": "bundled",
-        "description": "Word 문서, 보고서, 계약서 초안, 문서 redline 및 시각 검수를 처리합니다.",
-        "keywords": ["docx", "word", "docs", "document", "report", "문서", "보고서", "계약서", "기획서", "레포트"],
-        "capabilities": ["DOCX 생성", "문서 편집", "코멘트/수정", "PDF 렌더 확인"],
-    },
-    {
-        "id": "spreadsheets",
-        "name": "Spreadsheets MCP",
-        "category": "Sheets / data",
-        "install_mode": "bundled",
-        "description": "Excel/CSV/Google Sheets형 데이터 분석, 수식, 표, 차트를 만듭니다.",
-        "keywords": ["xlsx", "excel", "spreadsheet", "sheet", "csv", "data", "엑셀", "스프레드시트", "표", "데이터", "차트"],
-        "capabilities": ["XLSX 생성", "수식/서식", "데이터 분석", "차트"],
-    },
-    {
-        "id": "browser",
-        "name": "Browser MCP",
-        "category": "Web / dashboard QA",
-        "install_mode": "bundled",
-        "description": "로컬 웹앱, 대시보드, 폼, 페이지 렌더링을 브라우저에서 확인합니다.",
-        "keywords": ["dashboard", "web", "website", "frontend", "ui", "browser", "localhost", "대시보드", "웹", "사이트", "프론트", "화면", "검수"],
-        "capabilities": ["로컬 페이지 열기", "스크린샷", "DOM 검사", "UI 회귀 확인"],
-    },
-    {
-        "id": "chrome",
-        "name": "Chrome MCP",
-        "category": "Browser / authenticated web",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/chrome",
-        "external_url": "codex://plugins/chrome",
-        "description": "사용자 Chrome 프로필, 로그인 세션, 기존 탭을 활용하는 브라우저 자동화 브리지입니다.",
-        "keywords": ["chrome", "browser", "cookie", "session", "login", "크롬", "브라우저", "로그인", "세션", "탭"],
-        "capabilities": ["Chrome 탭 확인", "로그인 세션 활용", "프로필 기반 웹 자동화"],
-    },
-    {
-        "id": "computer-use",
-        "name": "Computer Use MCP",
-        "category": "Desktop / Mac UI",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/computer-use",
-        "external_url": "codex://plugins/computer-use",
-        "description": "Mac 앱 화면을 읽고 클릭, 타이핑, 스크롤하는 데스크톱 UI 자동화 브리지입니다.",
-        "keywords": ["computer use", "desktop", "mac", "click", "type", "scroll", "컴퓨터", "맥", "앱", "클릭", "타이핑"],
-        "capabilities": ["Mac 앱 UI 조작", "스크린샷 기반 상태 확인", "클릭/입력/스크롤"],
-    },
-    {
-        "id": "filesystem",
-        "name": "Workspace Files MCP",
-        "category": "Files / coding",
-        "install_mode": "builtin",
-        "description": "프로젝트 파일 읽기/쓰기, 검색, 코드 생성, 로컬 preview URL 생성을 수행합니다.",
-        "keywords": ["code", "coding", "file", "folder", "project", "build", "deploy", "구현", "코드", "파일", "폴더", "프로젝트", "빌드", "배포"],
-        "capabilities": ["파일 생성", "코드 검색", "빌드 스크립트", "배포 스크립트"],
-    },
-    {
-        "id": "google-drive",
-        "name": "Google Drive Connector",
-        "category": "File sharing",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/google-drive",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "Drive/Docs/Sheets/Slides 파일 공유, 검색, 협업 워크플로에 사용합니다.",
-        "keywords": ["share", "sharing", "drive", "google drive", "file share", "공유", "파일공유", "드라이브", "구글드라이브", "협업"],
-        "capabilities": ["파일 공유", "Drive 검색", "Google Docs/Sheets/Slides 연결"],
-    },
-    {
-        "id": "github",
-        "name": "GitHub Connector",
-        "category": "Code hosting",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/github",
-        "external_url": "https://github.com/apps",
-        "description": "저장소, 이슈, PR, CI 확인과 코드 배포 워크플로를 연결합니다.",
-        "keywords": ["github", "repo", "repository", "pr", "pull request", "issue", "ci", "깃허브", "저장소", "이슈", "배포"],
-        "capabilities": ["PR 확인", "이슈 탐색", "CI 확인", "릴리즈 준비"],
-    },
-    {
-        "id": "slack",
-        "name": "Slack Connector",
-        "category": "Team sharing",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/slack",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "팀 채널에 결과 공유, 논의 요약, 알림 워크플로를 연결합니다.",
-        "keywords": ["slack", "message", "team", "notify", "공유", "알림", "메시지", "슬랙", "팀"],
-        "capabilities": ["채널 공유", "메시지 작성", "협업 알림"],
-    },
-    {
-        "id": "obsidian-memory",
-        "name": "Obsidian Memory Vault",
-        "category": "Memory / knowledge",
-        "install_mode": "builtin",
-        "description": "Lattice AI의 장기 기억을 Obsidian 호환 Markdown vault에 저장하고 검색합니다.",
-        "keywords": ["memory", "remember", "obsidian", "vault", "knowledge", "기억", "메모리", "옵시디언", "지식", "노트"],
-        "capabilities": ["Markdown vault 저장", "장기 기억 검색", "Obsidian URI 힌트", "프로젝트 로그"],
-    },
-    {
-        "id": "voice-whisper",
-        "name": "Voice STT (Whisper Local)",
-        "category": "Voice / speech-to-text",
-        "install_mode": "pip",
-        "pip_packages": ["openai-whisper"],
-        "description": "로컬 음성 인식(STT) 파이프라인용 Whisper 런타임을 설치합니다.",
-        "keywords": ["voice", "speech", "stt", "whisper", "audio", "음성", "인식", "자막", "전사"],
-        "capabilities": ["로컬 STT 런타임", "오디오 전사 워크플로 준비"],
-    },
-    {
-        "id": "voice-speechrecognition",
-        "name": "Voice STT (SpeechRecognition)",
-        "category": "Voice / speech-to-text",
-        "install_mode": "pip",
-        "pip_packages": ["SpeechRecognition"],
-        "description": "가벼운 음성 인식 실험용 SpeechRecognition 패키지를 설치합니다.",
-        "keywords": ["voice", "speech", "recognition", "stt", "microphone", "음성", "마이크", "받아쓰기"],
-        "capabilities": ["STT 파이썬 패키지", "마이크 입력 인식 실험"],
-    },
-    {
-        "id": "audio-pydub",
-        "name": "Audio Processing (PyDub)",
-        "category": "Voice / audio processing",
-        "install_mode": "pip",
-        "pip_packages": ["pydub"],
-        "description": "오디오 파일 분할/정규화/포맷 변환 워크플로용 패키지를 설치합니다.",
-        "keywords": ["audio", "pydub", "wav", "mp3", "전처리", "오디오", "변환"],
-        "capabilities": ["오디오 전처리", "세그먼트 분할", "포맷 변환"],
-    },
-    {
-        "id": "threejs-workflow",
-        "name": "3D Workflow (Three.js)",
-        "category": "3D / interactive web",
-        "install_mode": "bundled",
-        "description": "브라우저 검수 + 코드 생성 흐름으로 Three.js 기반 3D 화면을 구현/검증합니다.",
-        "keywords": ["3d", "three", "threejs", "webgl", "scene", "3차원", "쓰리제이에스", "렌더링"],
-        "capabilities": ["Three.js 코드 생성", "3D 씬 검수", "브라우저 상호작용 테스트"],
-    },
-    {
-        "id": "figma",
-        "name": "Figma Connector",
-        "category": "Design / handoff",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/figma",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "디자인 파일 참조, 컴포넌트 규칙 확인, 구현 핸드오프를 연결합니다.",
-        "keywords": ["figma", "design", "handoff", "컴포넌트", "디자인", "피그마"],
-        "capabilities": ["디자인 참조", "핸드오프 워크플로", "컴포넌트 맵핑"],
-    },
-    {
-        "id": "notion",
-        "name": "Notion Connector",
-        "category": "Knowledge / docs",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/notion",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "노션 문서/DB와 연동해 구현 노트, 회의 요약, 지식 관리 워크플로를 만듭니다.",
-        "keywords": ["notion", "wiki", "docs", "database", "노션", "위키", "문서", "지식관리"],
-        "capabilities": ["페이지 검색", "문서 작성 보조", "지식 동기화"],
-    },
-    {
-        "id": "linear",
-        "name": "Linear Connector",
-        "category": "Project / issue tracking",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/linear",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "이슈 상태 확인, 우선순위 정리, 릴리즈 태스크 연결에 사용합니다.",
-        "keywords": ["linear", "issue", "project", "sprint", "이슈", "태스크", "프로젝트"],
-        "capabilities": ["이슈 조회", "작업 우선순위", "릴리즈 트래킹"],
-    },
-    {
-        "id": "gmail",
-        "name": "Gmail Connector",
-        "category": "Communication / email",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/gmail",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "이메일 요약, 답장 초안, 업무 메일 정리에 사용합니다.",
-        "keywords": ["gmail", "email", "mail", "inbox", "메일", "지메일", "이메일"],
-        "capabilities": ["메일 검색", "요약", "답장 초안"],
-    },
-    {
-        "id": "google-calendar",
-        "name": "Google Calendar Connector",
-        "category": "Scheduling / calendar",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/google-calendar",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "일정 확인, 미팅 슬롯 탐색, 일정 생성 워크플로를 연결합니다.",
-        "keywords": ["calendar", "schedule", "meeting", "구글캘린더", "일정", "미팅"],
-        "capabilities": ["일정 조회", "빈 시간 탐색", "이벤트 생성"],
-    },
-    {
-        "id": "outlook-email",
-        "name": "Outlook Email Connector",
-        "category": "Communication / email",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/outlook-email",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "Outlook 메일함 연동, 메일 검색/초안/요약 워크플로를 제공합니다.",
-        "keywords": ["outlook", "email", "mail", "아웃룩", "메일"],
-        "capabilities": ["메일 검색", "요약", "초안 작성"],
-    },
-    {
-        "id": "outlook-calendar",
-        "name": "Outlook Calendar Connector",
-        "category": "Scheduling / calendar",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/outlook-calendar",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "Outlook 일정 연동으로 회의 준비/시간 조율 작업을 진행합니다.",
-        "keywords": ["outlook calendar", "calendar", "schedule", "아웃룩 캘린더", "일정"],
-        "capabilities": ["일정 조회", "회의 준비", "시간 조율"],
-    },
-    {
-        "id": "teams",
-        "name": "Microsoft Teams Connector",
-        "category": "Team collaboration",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/teams",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "팀 대화 컨텍스트 기반 업무 자동화와 협업 공유를 지원합니다.",
-        "keywords": ["teams", "microsoft teams", "chat", "협업", "팀즈"],
-        "capabilities": ["팀 대화 공유", "협업 흐름 연결"],
-    },
-    {
-        "id": "sharepoint",
-        "name": "SharePoint Connector",
-        "category": "Enterprise files",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/sharepoint",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "SharePoint 문서 저장소를 검색/참조하는 엔터프라이즈 워크플로를 지원합니다.",
-        "keywords": ["sharepoint", "document", "enterprise", "문서", "셰어포인트"],
-        "capabilities": ["문서 검색", "사내 파일 참조"],
-    },
-    {
-        "id": "canva",
-        "name": "Canva Connector",
-        "category": "Design / visuals",
-        "install_mode": "connector",
-        "connector_url": "/mcp/connectors/canva",
-        "external_url": "https://chatgpt.com/connectors",
-        "description": "디자인 템플릿 기반 이미지/슬라이드 작업을 연동합니다.",
-        "keywords": ["canva", "design", "poster", "card", "캔바", "디자인"],
-        "capabilities": ["디자인 템플릿", "이미지 제작 워크플로"],
-    },
-    # ── 데이터베이스 ─────────────────────────────────────────────────────────
-    {
-        "id": "mcp-postgres",
-        "name": "PostgreSQL MCP",
-        "category": "Database",
-        "install_mode": "npm",
-        "package": "@modelcontextprotocol/server-postgres",
-        "description": "PostgreSQL 데이터베이스에 연결해 쿼리 실행, 스키마 탐색, 데이터 분석을 수행합니다.",
-        "keywords": ["postgres", "postgresql", "database", "sql", "db", "데이터베이스", "쿼리"],
-        "capabilities": ["SQL 쿼리 실행", "스키마 탐색", "테이블 분석"],
-        "env_vars": [{"name": "POSTGRES_CONNECTION_STRING", "description": "postgresql://user:pass@host:5432/db"}],
-    },
-    {
-        "id": "mcp-sqlite",
-        "name": "SQLite MCP",
-        "category": "Database",
-        "install_mode": "npm",
-        "package": "@modelcontextprotocol/server-sqlite",
-        "description": "로컬 SQLite 파일에 쿼리를 실행하고 데이터를 탐색합니다.",
-        "keywords": ["sqlite", "database", "sql", "local", "로컬", "데이터베이스"],
-        "capabilities": ["SQLite 쿼리", "테이블 탐색", "데이터 집계"],
-        "env_vars": [{"name": "SQLITE_DB_PATH", "description": "/path/to/database.db"}],
-    },
-    # ── 검색 / 웹 ────────────────────────────────────────────────────────────
-    {
-        "id": "mcp-brave-search",
-        "name": "Brave Search MCP",
-        "category": "Search / web",
-        "install_mode": "npm",
-        "package": "@modelcontextprotocol/server-brave-search",
-        "description": "Brave Search API로 실시간 웹 검색 결과를 가져옵니다.",
-        "keywords": ["search", "web", "brave", "websearch", "검색", "웹검색"],
-        "capabilities": ["실시간 웹 검색", "뉴스 검색", "이미지 검색"],
-        "env_vars": [{"name": "BRAVE_API_KEY", "description": "Brave Search API 키 (search.brave.com)"}],
-    },
-    {
-        "id": "mcp-tavily",
-        "name": "Tavily Search MCP",
-        "category": "Search / web",
-        "install_mode": "npm",
-        "package": "tavily-mcp",
-        "description": "AI 최적화 웹 검색 엔진 Tavily로 고품질 검색 결과를 가져옵니다.",
-        "keywords": ["search", "tavily", "ai search", "검색", "AI검색"],
-        "capabilities": ["AI 최적화 검색", "요약 검색 결과"],
-        "env_vars": [{"name": "TAVILY_API_KEY", "description": "app.tavily.com에서 발급"}],
-    },
-    {
-        "id": "mcp-puppeteer",
-        "name": "Puppeteer MCP",
-        "category": "Browser automation",
-        "install_mode": "npm",
-        "package": "@modelcontextprotocol/server-puppeteer",
-        "description": "Puppeteer로 브라우저를 제어하고 웹 스크래핑, 스크린샷, 자동화를 수행합니다.",
-        "keywords": ["puppeteer", "browser", "scraping", "screenshot", "automation", "스크래핑", "자동화"],
-        "capabilities": ["웹 스크래핑", "스크린샷", "폼 자동화", "클릭/입력"],
-    },
-    # ── 배포 / 인프라 ─────────────────────────────────────────────────────────
-    {
-        "id": "mcp-vercel",
-        "name": "Vercel MCP",
-        "category": "Deployment",
-        "install_mode": "npm",
-        "package": "@vercel/mcp-adapter",
-        "description": "Vercel 프로젝트 배포 상태 확인, 로그 조회, 환경 변수 관리를 수행합니다.",
-        "keywords": ["vercel", "deploy", "deployment", "serverless", "배포", "버셀"],
-        "capabilities": ["배포 상태 확인", "로그 조회", "환경 변수 관리"],
-        "env_vars": [{"name": "VERCEL_API_TOKEN", "description": "Vercel 계정 토큰"}],
-    },
-    {
-        "id": "mcp-cloudflare",
-        "name": "Cloudflare MCP",
-        "category": "Deployment / CDN",
-        "install_mode": "npm",
-        "package": "@cloudflare/mcp-server-cloudflare",
-        "description": "Cloudflare Workers, KV, R2, D1 등 Cloudflare 서비스를 관리합니다.",
-        "keywords": ["cloudflare", "workers", "cdn", "kv", "r2", "클라우드플레어"],
-        "capabilities": ["Workers 배포", "KV/R2 관리", "DNS 조회", "D1 쿼리"],
-        "env_vars": [{"name": "CLOUDFLARE_API_TOKEN", "description": "Cloudflare API 토큰"}],
-    },
-    {
-        "id": "mcp-docker",
-        "name": "Docker MCP",
-        "category": "Infrastructure",
-        "install_mode": "npm",
-        "package": "docker-mcp",
-        "description": "Docker 컨테이너 목록 조회, 실행/중지, 로그 확인을 수행합니다.",
-        "keywords": ["docker", "container", "devops", "도커", "컨테이너", "인프라"],
-        "capabilities": ["컨테이너 관리", "이미지 조회", "로그 확인", "실행/중지"],
-    },
-    # ── SaaS / 결제 ───────────────────────────────────────────────────────────
-    {
-        "id": "mcp-stripe",
-        "name": "Stripe MCP",
-        "category": "Payments",
-        "install_mode": "npm",
-        "package": "@stripe/agent-toolkit",
-        "description": "Stripe 결제, 고객, 구독, 인보이스를 조회하고 관리합니다.",
-        "keywords": ["stripe", "payment", "billing", "subscription", "결제", "스트라이프"],
-        "capabilities": ["결제 조회", "고객 관리", "구독 확인", "인보이스"],
-        "env_vars": [{"name": "STRIPE_SECRET_KEY", "description": "Stripe Secret Key (sk_...)"}],
-    },
-    {
-        "id": "mcp-supabase",
-        "name": "Supabase MCP",
-        "category": "Database / BaaS",
-        "install_mode": "npm",
-        "package": "@supabase/mcp-server-supabase",
-        "description": "Supabase 프로젝트의 DB 쿼리, Auth 관리, Storage 파일 접근을 수행합니다.",
-        "keywords": ["supabase", "database", "auth", "storage", "supabase", "슈퍼베이스"],
-        "capabilities": ["DB 쿼리", "Auth 사용자 조회", "Storage 파일 관리"],
-        "env_vars": [
-            {"name": "SUPABASE_URL", "description": "https://xxx.supabase.co"},
-            {"name": "SUPABASE_SERVICE_ROLE_KEY", "description": "service_role 키"},
-        ],
-    },
-    {
-        "id": "mcp-hubspot",
-        "name": "HubSpot MCP",
-        "category": "CRM / marketing",
-        "install_mode": "npm",
-        "package": "@hubspot/mcp-server",
-        "description": "HubSpot CRM의 연락처, 딜, 캠페인 데이터를 조회하고 분석합니다.",
-        "keywords": ["hubspot", "crm", "marketing", "sales", "허브스팟", "CRM"],
-        "capabilities": ["연락처 조회", "딜 파이프라인", "캠페인 분석"],
-        "env_vars": [{"name": "HUBSPOT_ACCESS_TOKEN", "description": "HubSpot Private App 토큰"}],
-    },
-    # ── AI / 메모리 ───────────────────────────────────────────────────────────
-    {
-        "id": "mcp-memory",
-        "name": "Memory MCP (공식)",
-        "category": "Memory / knowledge",
-        "install_mode": "npm",
-        "package": "@modelcontextprotocol/server-memory",
-        "description": "대화 간 지속 메모리를 저장하고 검색하는 공식 MCP 서버입니다.",
-        "keywords": ["memory", "remember", "knowledge", "기억", "메모리", "지식"],
-        "capabilities": ["장기 기억 저장", "메모리 검색", "엔티티 추적"],
-    },
-    {
-        "id": "mcp-sequential-thinking",
-        "name": "Sequential Thinking MCP",
-        "category": "AI / reasoning",
-        "install_mode": "npm",
-        "package": "@modelcontextprotocol/server-sequential-thinking",
-        "description": "복잡한 문제를 단계별로 분해해 추론하는 사고 흐름 도구입니다.",
-        "keywords": ["reasoning", "thinking", "chain of thought", "추론", "사고"],
-        "capabilities": ["단계별 추론", "문제 분해", "사고 흐름 추적"],
-    },
-    # ── 커뮤니케이션 ──────────────────────────────────────────────────────────
-    {
-        "id": "mcp-discord",
-        "name": "Discord MCP",
-        "category": "Communication",
-        "install_mode": "npm",
-        "package": "discord-mcp",
-        "description": "Discord 서버 채널 메시지 전송, 읽기, 관리 자동화를 수행합니다.",
-        "keywords": ["discord", "message", "channel", "디스코드", "메시지", "알림"],
-        "capabilities": ["메시지 전송", "채널 읽기", "알림 자동화"],
-        "env_vars": [{"name": "DISCORD_BOT_TOKEN", "description": "Discord Bot 토큰"}],
-    },
-    {
-        "id": "mcp-telegram",
-        "name": "Telegram MCP",
-        "category": "Communication",
-        "install_mode": "npm",
-        "package": "telegram-mcp",
-        "description": "Telegram 봇을 통한 메시지 전송, 수신, 알림 자동화를 수행합니다.",
-        "keywords": ["telegram", "bot", "message", "텔레그램", "봇", "메시지"],
-        "capabilities": ["메시지 전송/수신", "알림 자동화", "그룹 관리"],
-        "env_vars": [{"name": "TELEGRAM_BOT_TOKEN", "description": "BotFather에서 발급한 토큰"}],
-    },
-    # ── 개발 도구 ─────────────────────────────────────────────────────────────
-    {
-        "id": "mcp-everything",
-        "name": "Everything MCP (테스트)",
-        "category": "Developer tools",
-        "install_mode": "npm",
-        "package": "@modelcontextprotocol/server-everything",
-        "description": "MCP 연결 테스트용 모든 기능이 포함된 데모 서버입니다.",
-        "keywords": ["test", "demo", "everything", "테스트", "개발"],
-        "capabilities": ["MCP 기능 테스트", "프로토타입"],
-    },
-]
-# ── Remote MCP Registry (registry.modelcontextprotocol.io) ───────────────────
-_REMOTE_REGISTRY_CACHE: List[Dict] = []
-_REMOTE_REGISTRY_FETCHED_AT: Optional[datetime] = None
-_REMOTE_REGISTRY_TTL = timedelta(hours=1)
-_REMOTE_REGISTRY_URL = "https://registry.modelcontextprotocol.io/v0/servers"
-_LOCAL_IDS = {e["id"] for e in MCP_REGISTRY}
-async def _fetch_remote_mcp_registry() -> List[Dict]:
-    global _REMOTE_REGISTRY_CACHE, _REMOTE_REGISTRY_FETCHED_AT
-    now = datetime.now()
-    if _REMOTE_REGISTRY_FETCHED_AT and (now - _REMOTE_REGISTRY_FETCHED_AT) < _REMOTE_REGISTRY_TTL:
-        return _REMOTE_REGISTRY_CACHE
-    try:
-        result: List[Dict] = []
-        cursor = None
-        async with httpx.AsyncClient(timeout=10.0) as client:
-            while True:
-                params: Dict = {"limit": 100}
-                if cursor:
-                    params["cursor"] = cursor
-                resp = await client.get(_REMOTE_REGISTRY_URL, params=params)
-                resp.raise_for_status()
-                data = resp.json()
-                for s in data.get("servers", []):
-                    srv = s["server"]
-                    meta = s.get("_meta", {}).get("io.modelcontextprotocol.registry/official", {})
-                    if not meta.get("isLatest", True):
-                        continue
-                    pkg = next(
-                        (p for p in srv.get("packages", [])
-                         if p.get("transport", {}).get("type") == "stdio"
-                         and p.get("registryType") in ("npm", "pypi")),
-                        None,
-                    )
-                    if not pkg:
-                        continue
-                    entry_id = srv["name"].replace("/", "-").replace(".", "-")
-                    if entry_id in _LOCAL_IDS:
-                        continue
-                    result.append({
-                        "id": entry_id,
-                        "name": srv.get("title") or srv["name"],
-                        "category": "MCP Registry",
-                        "install_mode": pkg["registryType"],
-                        "package": pkg["identifier"],
-                        "package_version": pkg.get("version"),
-                        "description": srv.get("description", ""),
-                        "keywords": [],
-                        "capabilities": [],
-                        "source": "registry",
-                        "homepage": (srv.get("repository") or {}).get("url"),
-                    })
-                cursor = data.get("nextCursor")
-                if not cursor:
-                    break
-        _REMOTE_REGISTRY_CACHE = result
-        _REMOTE_REGISTRY_FETCHED_AT = now
-        logging.info("Fetched %d stdio MCP servers from remote registry", len(result))
-    except Exception as e:
-        logging.warning("Failed to fetch remote MCP registry: %s", e)
-    return _REMOTE_REGISTRY_CACHE
-async def _get_combined_registry() -> List[Dict]:
-    remote = await _fetch_remote_mcp_registry()
-    return MCP_REGISTRY + remote
-# ── Anthropic Skills Marketplace (Apache 2.0) ─────────────────────────────────
-_MARKETPLACE_RAW = "https://raw.githubusercontent.com/anthropics/claude-plugins-official/main"
-_MARKETPLACE_API = "https://api.github.com/repos/anthropics/claude-plugins-official/contents"
-# 검증된 서드파티 skills 소스 (Apache-2.0 / MIT)
-_THIRD_PARTY_SKILL_SOURCES: List[Dict] = [
-    {
-        "plugin": "adobe-for-creativity", "author": "Adobe", "license": "Apache-2.0",
-        "repo": "adobe/skills", "branch": "main",
-        "plugin_path": "plugins/creative-cloud/adobe-for-creativity",
-        "category": "design",
-    },
-    {
-        "plugin": "airtable", "author": "Airtable", "license": "MIT",
-        "repo": "Airtable/skills", "branch": "main",
-        "plugin_path": "plugins/airtable",
-        "category": "productivity",
-    },
-    {
-        "plugin": "auth0", "author": "Auth0", "license": "Apache-2.0",
-        "repo": "auth0/agent-skills", "branch": "main",
-        "plugin_path": "plugins/auth0",
-        "category": "security",
-    },
-    {
-        "plugin": "expo", "author": "Expo", "license": "MIT",
-        "repo": "expo/skills", "branch": "main",
-        "plugin_path": "plugins/expo",
-        "category": "development",
-    },
-    {
-        "plugin": "logfire", "author": "Pydantic", "license": "MIT",
-        "repo": "pydantic/skills", "branch": "main",
-        "plugin_path": "plugins/logfire",
-        "category": "monitoring",
-    },
-]
-# 검증된 레포 라이선스 맵 (GitHub API 없이 빠르게 조회)
-_KNOWN_REPO_LICENSES: Dict[str, str] = {
-    # Apache-2.0
-    "adobe/skills": "Apache-2.0", "awslabs/agent-plugins": "Apache-2.0",
-    "auth0/agent-skills": "Apache-2.0", "aws/agent-toolkit-for-aws": "Apache-2.0",
-    "carta/plugins": "Apache-2.0", "circlefin/skills": "Apache-2.0",
-    "clickhouse/clickhouse-docs": "Apache-2.0", "cloudflare/agents": "Apache-2.0",
-    "cockroachdb/claude-code": "Apache-2.0", "codspeed-hq/codspeed-claude": "Apache-2.0",
-    "DataDog/datadog-claude-code": "Apache-2.0", "datahub-project/datahub-skills": "Apache-2.0",
-    "neondatabase/agent-skills": "Apache-2.0", "PagerDuty/pd-ai-agents-plugins": "Apache-2.0",
-    "getpostman/postman-mcp-server": "Apache-2.0", "qdrant/qdrant-skills": "Apache-2.0",
-    "rootlyhq/rootly-plugins": "Apache-2.0", "snowflake-labs/snowflake-claude": "Apache-2.0",
-    "sumup/sumup-claude": "Apache-2.0", "zilliz-labs/zilliz-skills": "Apache-2.0",
-    "mercadopago/mercadopago-claude-marketplace": "Apache-2.0",
-    # MIT
-    "Airtable/skills": "MIT", "endorlabs/ai-plugins": "MIT",
-    "apollographql/apollo-claude-skills": "MIT", "appwrite/skills": "MIT",
-    "atlan-inc/claude-code-skills": "MIT", "boxer/boxerbox": "MIT",
-    "buildkite/claude-code": "MIT", "coderabbitai/coderabbit-skills": "MIT",
-    "CrowdStrike/crowdstrike-skills": "MIT", "microsoft/Dataverse-skills": "MIT",
-    "duckdb/duckdb-skills": "MIT", "expo/skills": "MIT",
-    "intercom/intercom-skills": "MIT", "pydantic/skills": "MIT",
-    "mapbox/mapbox-skills": "MIT", "mintlify/mintlify-skills": "MIT",
-    "miroapp/miro-ai": "MIT", "netlify/netlify-skills": "MIT",
-    "pinecone-io/pinecone-skills": "MIT", "railwayapp/railway-skills": "MIT",
-    "resend/resend-skills": "MIT", "sanity-io/sanity-skills": "MIT",
-    "getsentry/sentry-ai-skills": "MIT", "Shopify/liquid-skills": "MIT",
-    "slackapi/slack-skills": "MIT", "stripe/stripe-skills": "MIT",
-    "twilio-labs/twilio-skills": "MIT", "workos/workos-skills": "MIT",
-    "zoom/zoom-skills": "MIT", "aws-samples/sample-claude-code-plugins-for-startups": "MIT-0",
-}
-_SKILLS_MARKETPLACE_CACHE: List[Dict] = []
-_SKILLS_MARKETPLACE_FETCHED_AT: Optional[datetime] = None
-_SKILLS_MARKETPLACE_TTL = timedelta(hours=1)
-def _extract_skill_desc(skill_md: str, fallback: str) -> str:
-    for line in skill_md.splitlines():
-        if line.startswith("description:"):
-            return line.split(":", 1)[1].strip()
-    return fallback
-async def _fetch_plugin_skills(client: httpx.AsyncClient, source: Dict) -> List[Dict]:
-    """단일 소스에서 skill 목록을 fetch해 반환"""
-    repo, branch, plugin_path = source["repo"], source["branch"], source["plugin_path"]
-    raw_base = f"https://raw.githubusercontent.com/{repo}/{branch}"
-    api_base = f"https://api.github.com/repos/{repo}/contents"
-    homepage_base = f"https://github.com/{repo}/tree/{branch}"
-    dir_resp = await client.get(f"{api_base}/{plugin_path}/skills")
-    if dir_resp.status_code != 200:
-        return []
-    skill_dirs = [f["name"] for f in dir_resp.json() if f["type"] == "dir"]
-    skills: List[Dict] = []
-    for skill_name in skill_dirs:
-        skill_md_url = f"{raw_base}/{plugin_path}/skills/{skill_name}/SKILL.md"
-        sm_resp = await client.get(skill_md_url)
-        if sm_resp.status_code != 200:
-            continue
-        skills.append({
-            "plugin":       source["plugin"],
-            "skill":        skill_name,
-            "category":     source.get("category", "development"),
-            "description":  _extract_skill_desc(sm_resp.text, source.get("description", "")),
-            "skill_md_url": skill_md_url,
-            "homepage":     f"{homepage_base}/{plugin_path}/skills/{skill_name}",
-            "license":      source["license"],
-            "author":       source["author"],
-        })
-    return skills
-async def _fetch_skills_marketplace() -> List[Dict]:
-    global _SKILLS_MARKETPLACE_CACHE, _SKILLS_MARKETPLACE_FETCHED_AT
-    now = datetime.now()
-    if _SKILLS_MARKETPLACE_FETCHED_AT and (now - _SKILLS_MARKETPLACE_FETCHED_AT) < _SKILLS_MARKETPLACE_TTL:
-        return _SKILLS_MARKETPLACE_CACHE
-    try:
-        result: List[Dict] = []
-        async with httpx.AsyncClient(timeout=15.0) as client:
-            # ── Anthropic 공식 skills (Apache-2.0) ──────────────────────────
-            mp_resp = await client.get(f"{_MARKETPLACE_RAW}/.claude-plugin/marketplace.json")
-            mp_resp.raise_for_status()
-            marketplace_json = mp_resp.json()
-            anthropic_plugins = [
-                p for p in marketplace_json.get("plugins", [])
-                if (p.get("author") or {}).get("name") == "Anthropic"
-                and isinstance(p.get("source"), str)
-                and p["source"].startswith("./")
-            ]
-            for plugin in anthropic_plugins:
-                plugin_path = plugin["source"].lstrip("./")
-                result.extend(await _fetch_plugin_skills(client, {
-                    "plugin":      plugin["name"],
-                    "author":      "Anthropic",
-                    "license":     "Apache-2.0",
-                    "repo":        "anthropics/claude-plugins-official",
-                    "branch":      "main",
-                    "plugin_path": plugin_path,
-                    "category":    plugin.get("category", "development"),
-                    "description": plugin.get("description", ""),
-                }))
-            # ── 검증된 서드파티 skills ────────────────────────────────────────
-            for source in _THIRD_PARTY_SKILL_SOURCES:
-                result.extend(await _fetch_plugin_skills(client, source))
-        _SKILLS_MARKETPLACE_CACHE = result
-        _SKILLS_MARKETPLACE_FETCHED_AT = now
-        logging.info("Fetched %d skills from marketplace (%d sources)",
-                     len(result), len(anthropic_plugins) + len(_THIRD_PARTY_SKILL_SOURCES))
-    except Exception as e:
-        logging.warning("Failed to fetch skills marketplace: %s", e)
-    return _SKILLS_MARKETPLACE_CACHE
-# ── Plugin Directory ──────────────────────────────────────────────────────────
-_PLUGIN_DIRECTORY_CACHE: List[Dict] = []
-_PLUGIN_DIRECTORY_FETCHED_AT: Optional[datetime] = None
-_PLUGIN_DIRECTORY_TTL = timedelta(hours=1)
-_OPEN_LICENSES = {"Apache-2.0", "MIT", "MIT-0", "CC-BY-4.0"}
-_REPO_LICENSE_CACHE: Dict[str, str] = {}
-async def _get_repo_license(client: httpx.AsyncClient, repo: str) -> str:
-    if repo in _REPO_LICENSE_CACHE:
-        return _REPO_LICENSE_CACHE[repo]
-    if repo in _KNOWN_REPO_LICENSES:
-        _REPO_LICENSE_CACHE[repo] = _KNOWN_REPO_LICENSES[repo]
-        return _KNOWN_REPO_LICENSES[repo]
-    try:
-        r = await client.get(f"https://api.github.com/repos/{repo}", timeout=5.0)
-        lic = (r.json().get("license") or {}).get("spdx_id", "") if r.status_code == 200 else ""
-    except Exception:
-        lic = ""
-    _REPO_LICENSE_CACHE[repo] = lic
-    return lic
-async def _fetch_plugin_directory() -> List[Dict]:
-    global _PLUGIN_DIRECTORY_CACHE, _PLUGIN_DIRECTORY_FETCHED_AT
-    now = datetime.now()
-    if _PLUGIN_DIRECTORY_FETCHED_AT and (now - _PLUGIN_DIRECTORY_FETCHED_AT) < _PLUGIN_DIRECTORY_TTL:
-        return _PLUGIN_DIRECTORY_CACHE
-    try:
-        result: List[Dict] = []
-        async with httpx.AsyncClient(timeout=15.0) as client:
-            mp_resp = await client.get(f"{_MARKETPLACE_RAW}/.claude-plugin/marketplace.json")
-            mp_resp.raise_for_status()
-            plugins = mp_resp.json().get("plugins", [])
-            for p in plugins:
-                author = (p.get("author") or {}).get("name", "")
-                src = p.get("source", {})
-                # Anthropic 같은 레포 플러그인 → Apache-2.0 확인됨
-                if isinstance(src, str) and src.startswith("./") and author == "Anthropic":
-                    plugin_path = src.lstrip("./")
-                    result.append({
-                        "name":        p["name"],
-                        "description": p.get("description", ""),
-                        "category":    p.get("category", ""),
-                        "author":      author,
-                        "license":     "Apache-2.0",
-                        "homepage":    p.get("homepage") or f"https://github.com/anthropics/claude-plugins-official/tree/main/{plugin_path}",
-                        "source_type": "anthropic",
-                    })
-                    continue
-                # 외부 레포 플러그인 → 라이선스 확인
-                if not isinstance(src, dict):
-                    continue
-                repo_url = src.get("url", "").replace("https://github.com/", "").replace(".git", "").split("/tree/")[0]
-                if not repo_url:
-                    continue
-                license_id = await _get_repo_license(client, repo_url)
-                if license_id not in _OPEN_LICENSES:
-                    continue
-                result.append({
-                    "name":        p["name"],
-                    "description": p.get("description", ""),
-                    "category":    p.get("category", ""),
-                    "author":      author or repo_url.split("/")[0],
-                    "license":     license_id,
-                    "homepage":    p.get("homepage") or f"https://github.com/{repo_url}",
-                    "source_type": "third-party",
-                })
-        _PLUGIN_DIRECTORY_CACHE = result
-        _PLUGIN_DIRECTORY_FETCHED_AT = now
-        logging.info("Fetched plugin directory: %d open-source plugins", len(result))
-    except Exception as e:
-        logging.warning("Failed to fetch plugin directory: %s", e)
-    return _PLUGIN_DIRECTORY_CACHE
-# ─────────────────────────────────────────────────────────────────────────────
-SKILLS_DIR = Path(__file__).resolve().parent / "skills"
-async def install_skill(plugin: str, skill: str) -> Dict:
-    marketplace = await _fetch_skills_marketplace()
-    entry = next((s for s in marketplace if s["plugin"] == plugin and s["skill"] == skill), None)
-    if not entry:
-        raise HTTPException(status_code=404, detail=f"Skill '{plugin}/{skill}' not found in marketplace")
-    skill_dir = SKILLS_DIR / skill
-    skill_dir.mkdir(parents=True, exist_ok=True)
-    skill_md_path = skill_dir / "SKILL.md"
-    async with httpx.AsyncClient(timeout=15.0) as client:
-        resp = await client.get(entry["skill_md_url"])
-        resp.raise_for_status()
-        content = resp.text
-    # 출처 표기 (Apache-2.0 / MIT 공통)
-    repo_hint = entry.get("homepage", "")
-    attribution = f"<!-- Source: {repo_hint}, {entry['license']} -->\n"
-    if not content.startswith("<!--"):
-        content = attribution + content
-    skill_md_path.write_text(content, encoding="utf-8")
-    risk_path = skill_dir / "risk.json"
-    if not risk_path.exists():
-        risk_path.write_text(json.dumps({
-            "risk": "read", "destructive": False,
-            "shell": False, "network": False,
-            "auto_approve": True, "sandbox": "workspace", "rollback": "none"
-        }, indent=2), encoding="utf-8")
-    return {
-        "status":  "installed",
-        "plugin":  plugin,
-        "skill":   skill,
-        "path":    str(skill_dir),
-        "license": entry["license"],
-        "author":  entry["author"],
-    }
-# ─────────────────────────────────────────────────────────────────────────────
 def load_users():
     if not os.path.exists(USERS_FILE):
@@ -2216,23 +1525,23 @@ async def login(req: UserLogin, request: Request):
 @app.get("/auth/sso/config")
 async def sso_config():
-    enabled = bool(SSO_DISCOVERY_URL and SSO_CLIENT_ID and SSO_CLIENT_SECRET)
-    return {"enabled": enabled, "provider_name": SSO_PROVIDER_NAME if enabled else ""}
+    return public_sso_config()
 @app.get("/auth/sso/login")
 async def sso_login():
     from urllib.parse import urlencode
     from fastapi.responses import RedirectResponse as _Redirect
+    settings = get_sso_settings()
     discovery = await _get_sso_discovery()
-    if not discovery:
+    if not settings.get("enabled") or not discovery:
         raise HTTPException(status_code=503, detail="SSO가 설정되지 않았습니다.")
     state = secrets.token_urlsafe(16)
     _sso_states[state] = time.time()
     params = urlencode({
-        "client_id": SSO_CLIENT_ID,
+        "client_id": settings["client_id"],
         "response_type": "code",
-        "redirect_uri": SSO_REDIRECT_URI,
-        "scope": "openid email profile",
+        "redirect_uri": settings["redirect_uri"],
+        "scope": settings.get("scopes") or "openid email profile",
         "state": state,
     })
     return _Redirect(f"{discovery['authorization_endpoint']}?{params}")
@@ -2246,17 +1555,18 @@ async def sso_callback(code: str = "", state: str = "", error: str = ""):
     ts = _sso_states.pop(state, None)
     if ts is None or time.time() - ts > 300:
         raise HTTPException(status_code=400, detail="유효하지 않은 SSO 상태입니다.")
+    settings = get_sso_settings()
     discovery = await _get_sso_discovery()
-    if not discovery:
+    if not settings.get("enabled") or not discovery:
         raise HTTPException(status_code=503, detail="SSO 설정 오류입니다.")
     import httpx as _httpx
     async with _httpx.AsyncClient() as c:
         r = await c.post(discovery["token_endpoint"], data={
             "grant_type": "authorization_code",
             "code": code,
-            "redirect_uri": SSO_REDIRECT_URI,
-            "client_id": SSO_CLIENT_ID,
-            "client_secret": SSO_CLIENT_SECRET,
+            "redirect_uri": settings["redirect_uri"],
+            "client_id": settings["client_id"],
+            "client_secret": settings["client_secret"],
         }, headers={"Accept": "application/json"}, timeout=15)
         tokens = r.json()
     id_token = tokens.get("id_token")
@@ -2468,6 +1778,25 @@ async def admin_invite_link(request: Request):
         url = f"{scheme}://{host}/"
     return {"invite_url": url, "invite_code": INVITE_CODE, "gate_enabled": INVITE_GATE_ENABLED}
+@app.get("/admin/sso")
+async def admin_sso(request: Request):
+    require_admin(request)
+    return public_sso_config()
+@app.patch("/admin/sso")
+async def admin_update_sso(req: SsoConfigUpdate, request: Request):
+    admin_email, _ = require_admin(request)
+    update = req.dict(exclude_unset=True)
+    saved = save_sso_config(update)
+    append_audit_event(
+        "sso_config_update",
+        user_email=admin_email,
+        provider_name=saved.get("provider_name"),
+        discovery_url=saved.get("discovery_url"),
+        enabled=bool(saved.get("enabled")),
+    )
+    return public_sso_config(saved)
 # ── Invitation Logic ────────────────────────────────────────────────────────
 INVITE_CODE = env_value("LATTICEAI_INVITE_CODE", "gemma-lattice-ai")
 INVITE_GATE_ENABLED = env_bool("LATTICEAI_INVITE_GATE_ENABLED", default=False)
@@ -2495,7 +1824,7 @@ async def root(request: Request, code: Optional[str] = None, authorized: Optiona
                 <div style="font-size:48px; margin-bottom:20px;">🔒</div>
                 <h1 style="color:#378ADD; margin:0; font-size:24px;">Invitation Required</h1>
                 <p style="color:#94a3b8; margin:20px 0; line-height:1.6;">이 서비스는 비공개로 운영되고 있습니다.<br>선생님께 받은 <b>초대용 전용 링크</b>를 통해 접속해 주세요.</p>
-                <div style="margin-top:30px; padding-top:20px; border-top:1px solid rgba(255,255,255,0.05); font-size:11px; color:rgba(255,255,255,0.2); letter-spacing:1px;">LATTICE AI SECURITY AGENT</div>
+                <div style="margin-top:30px; padding-top:20px; border-top:1px solid rgba(255,255,255,0.05); font-size:11px; color:rgba(255,255,255,0.2); letter-spacing:1px;">LATTICE AI</div>
             </div>
         </body>
     """, status_code=403)
@@ -2550,6 +1879,48 @@ async def status():
     }
+@app.get("/local/sysinfo")
+async def local_sysinfo(request: Request):
+    """CPU / RAM / GPU(MLX) 사용량을 반환합니다."""
+    require_user(request)
+    import subprocess, re as _re
+    result = {"cpu_pct": 0.0, "ram_pct": 0.0, "gpu_mem_pct": 0.0, "gpu_mem_gb": 0.0}
+    try:
+        # CPU
+        top_out = subprocess.run(["top", "-l", "1", "-n", "0"], capture_output=True, text=True, timeout=4).stdout
+        for line in top_out.splitlines():
+            if "CPU usage" in line:
+                m = _re.search(r"([\d.]+)% user.*?([\d.]+)% sys", line)
+                if m:
+                    result["cpu_pct"] = round(float(m.group(1)) + float(m.group(2)), 1)
+        # RAM
+        vm_out = subprocess.run(["vm_stat"], capture_output=True, text=True, timeout=4).stdout
+        page_size = 16384
+        pages: dict = {}
+        for line in vm_out.splitlines():
+            for key in ["Pages free", "Pages active", "Pages inactive", "Pages wired down", "Pages occupied by compressor"]:
+                if line.startswith(key):
+                    m = _re.search(r"(\d+)", line)
+                    if m:
+                        pages[key] = int(m.group(1))
+        total = sum(pages.values())
+        used  = total - pages.get("Pages free", 0)
+        result["ram_pct"] = round(used / total * 100, 1) if total else 0.0
+        # GPU (MLX / Apple Silicon unified memory)
+        try:
+            import mlx.core as _mx
+            hw_out = subprocess.run(["sysctl", "-n", "hw.memsize"], capture_output=True, text=True, timeout=2).stdout
+            total_bytes = int(hw_out.strip())
+            gpu_bytes = _mx.get_active_memory() + _mx.get_cache_memory()
+            result["gpu_mem_gb"]  = round(gpu_bytes / (1024 ** 3), 2)
+            result["gpu_mem_pct"] = round(gpu_bytes / total_bytes * 100, 1) if total_bytes else 0.0
+        except Exception:
+            pass
+    except Exception as e:
+        result["error"] = str(e)
+    return result
 # ── Request / Response Models ──────────────────────────────────────────────────
@@ -3208,31 +2579,224 @@ def hf_model_ready(repo_id: str, provider: str = "local_mlx") -> bool:
     )
     return has_config and has_weights and has_tokenizer
-def download_hf_model(repo_id: str, provider: str = "local_mlx") -> Dict[str, object]:
+def model_download_progress_payload(
+    stage: str,
+    message: str,
+    *,
+    percent: Optional[float] = None,
+    detail: Optional[str] = None,
+    downloaded_bytes: Optional[int] = None,
+    total_bytes: Optional[int] = None,
+    eta_seconds: Optional[float] = None,
+    file: Optional[str] = None,
+    indeterminate: bool = False,
+) -> Dict[str, object]:
+    payload: Dict[str, object] = {
+        "stage": stage,
+        "message": message,
+        "indeterminate": indeterminate,
+        "ts": time.time(),
+    }
+    if percent is not None:
+        payload["percent"] = max(0, min(100, round(float(percent), 1)))
+    if detail:
+        payload["detail"] = detail
+    if downloaded_bytes is not None:
+        payload["downloaded_bytes"] = max(0, int(downloaded_bytes))
+    if total_bytes is not None:
+        payload["total_bytes"] = max(0, int(total_bytes))
+    if eta_seconds is not None:
+        payload["eta_seconds"] = max(0, round(float(eta_seconds)))
+    if file:
+        payload["file"] = file
+    return payload
+def estimate_eta_seconds(started_at: float, percent: Optional[float]) -> Optional[float]:
+    if percent is None or percent <= 0 or percent >= 100:
+        return None
+    elapsed = max(0.0, time.time() - started_at)
+    return elapsed * (100.0 - percent) / percent
+def hf_repo_files_with_sizes(repo_id: str) -> List[Dict[str, object]]:
+    from huggingface_hub import HfApi
+    api = HfApi()
+    try:
+        info = api.model_info(repo_id, files_metadata=True)
+        files = []
+        for sibling in getattr(info, "siblings", []) or []:
+            name = str(getattr(sibling, "rfilename", "") or "").strip()
+            if not name or name.endswith("/"):
+                continue
+            files.append({"name": name, "size": int(getattr(sibling, "size", 0) or 0)})
+        if files:
+            return files
+    except TypeError:
+        pass
+    except Exception as e:
+        logging.warning("huggingface model_info failed for %s: %s", repo_id, e)
+    return [{"name": str(name), "size": 0} for name in api.list_repo_files(repo_id) if str(name).strip()]
+def download_hf_model(
+    repo_id: str,
+    provider: str = "local_mlx",
+    progress_emit=None,
+) -> Dict[str, object]:
     if importlib.util.find_spec("huggingface_hub") is None:
         raise HTTPException(status_code=400, detail="huggingface_hub가 없습니다. 먼저 MLX runtime 설치를 진행해 주세요.")
     target_dir = hf_model_dir(repo_id)
     if hf_model_ready(repo_id, provider):
+        if progress_emit:
+            progress_emit(model_download_progress_payload(
+                "download",
+                "이미 다운로드된 모델을 확인했습니다.",
+                percent=100,
+                downloaded_bytes=0,
+                total_bytes=0,
+                eta_seconds=0,
+            ))
         return {"model": repo_id, "path": str(target_dir), "cached": True}
     target_dir.mkdir(parents=True, exist_ok=True)
     try:
-        from huggingface_hub import HfApi, hf_hub_download, snapshot_download
+        from huggingface_hub import hf_hub_download
+        started_at = time.time()
+        all_files = hf_repo_files_with_sizes(repo_id)
         if provider == "llamacpp":
-            files = HfApi().list_repo_files(repo_id)
-            ggufs = sorted([name for name in files if name.lower().endswith(".gguf")])
+            ggufs = sorted(
+                [item for item in all_files if str(item["name"]).lower().endswith(".gguf")],
+                key=lambda item: str(item["name"]),
+            )
             if not ggufs:
                 raise RuntimeError("GGUF 파일을 찾지 못했습니다.")
             preference = ("q4_k_m", "q4_0", "q4_k_s", "q3_k_m", "q2_k")
-            filename = next(
-                (name for pref in preference for name in ggufs if pref in name.lower()),
-                ggufs[0],
-            )
-            hf_hub_download(repo_id=repo_id, filename=filename, local_dir=str(target_dir))
+            selected_files = [
+                next(
+                    (item for pref in preference for item in ggufs if pref in str(item["name"]).lower()),
+                    ggufs[0],
+                )
+            ]
         else:
-            snapshot_download(repo_id=repo_id, local_dir=str(target_dir), resume_download=True)
+            selected_files = all_files
+        total_bytes = sum(int(item.get("size") or 0) for item in selected_files) or None
+        downloaded_bytes = 0
+        total_files = max(1, len(selected_files))
+        if progress_emit:
+            progress_emit(model_download_progress_payload(
+                "download",
+                "모델 파일 정보를 확인했습니다.",
+                percent=0,
+                downloaded_bytes=0,
+                total_bytes=total_bytes,
+                indeterminate=total_bytes is None,
+            ))
+        for index, item in enumerate(selected_files, start=1):
+            filename = str(item["name"])
+            size = int(item.get("size") or 0)
+            tqdm_class = None
+            if progress_emit:
+                current_percent = (
+                    (downloaded_bytes / total_bytes) * 100 if total_bytes else ((index - 1) / total_files) * 100
+                )
+                progress_emit(model_download_progress_payload(
+                    "download",
+                    "모델 다운로드 중입니다.",
+                    percent=current_percent,
+                    detail=filename,
+                    downloaded_bytes=downloaded_bytes,
+                    total_bytes=total_bytes,
+                    eta_seconds=estimate_eta_seconds(started_at, current_percent),
+                    file=filename,
+                    indeterminate=total_bytes is None and total_files <= 1,
+                ))
+                try:
+                    from tqdm.auto import tqdm as base_tqdm
+                    downloaded_before = downloaded_bytes
+                    last_emit = {"at": 0.0, "percent": -1.0}
+                    def emit_byte_progress(done_bytes: float) -> None:
+                        done = max(0, int(done_bytes or 0))
+                        if total_bytes:
+                            aggregate = min(total_bytes, downloaded_before + done)
+                            percent = (aggregate / total_bytes) * 100
+                        else:
+                            file_total = size or done
+                            file_ratio = min(1.0, done / file_total) if file_total else 0.0
+                            aggregate = downloaded_before + done
+                            percent = ((index - 1) + file_ratio) / total_files * 100
+                        now = time.time()
+                        if percent < 100 and now - last_emit["at"] < 0.5 and percent - last_emit["percent"] < 0.3:
+                            return
+                        last_emit["at"] = now
+                        last_emit["percent"] = percent
+                        progress_emit(model_download_progress_payload(
+                            "download",
+                            "모델 다운로드 중입니다.",
+                            percent=percent,
+                            detail=filename,
+                            downloaded_bytes=aggregate,
+                            total_bytes=total_bytes,
+                            eta_seconds=estimate_eta_seconds(started_at, percent),
+                            file=filename,
+                            indeterminate=total_bytes is None and total_files <= 1,
+                        ))
+                    class ProgressTqdm(base_tqdm):
+                        def update(self, n=1):
+                            result = super().update(n)
+                            emit_byte_progress(float(getattr(self, "n", 0) or 0))
+                            return result
+                    tqdm_class = ProgressTqdm
+                except Exception:
+                    tqdm_class = None
+            local_path = hf_hub_download(
+                repo_id=repo_id,
+                filename=filename,
+                local_dir=str(target_dir),
+                tqdm_class=tqdm_class,
+            )
+            if size <= 0:
+                try:
+                    size = Path(local_path).stat().st_size
+                except OSError:
+                    size = 0
+            downloaded_bytes += size
+            if progress_emit:
+                current_percent = (
+                    (downloaded_bytes / total_bytes) * 100 if total_bytes else (index / total_files) * 100
+                )
+                progress_emit(model_download_progress_payload(
+                    "download",
+                    "모델 다운로드 중입니다.",
+                    percent=current_percent,
+                    detail=filename,
+                    downloaded_bytes=downloaded_bytes,
+                    total_bytes=total_bytes,
+                    eta_seconds=estimate_eta_seconds(started_at, current_percent),
+                    file=filename,
+                    indeterminate=False,
+                ))
+        if progress_emit:
+            progress_emit(model_download_progress_payload(
+                "download",
+                "모델 다운로드가 완료되었습니다.",
+                percent=100,
+                downloaded_bytes=downloaded_bytes,
+                total_bytes=total_bytes or downloaded_bytes,
+                eta_seconds=0,
+            ))
     except Exception as e:
         raise HTTPException(status_code=500, detail=f"{repo_id} 다운로드 실패: {str(e)[-2000:]}")
@@ -3242,6 +2806,75 @@ def download_hf_model(repo_id: str, provider: str = "local_mlx") -> Dict[str, ob
     return {"model": repo_id, "path": str(target_dir), "cached": False}
+def pull_ollama_model_with_progress(model_name: str, progress_emit=None) -> Dict[str, object]:
+    started_at = time.time()
+    if progress_emit:
+        progress_emit(model_download_progress_payload(
+            "download",
+            "Ollama 모델 다운로드를 시작합니다.",
+            percent=0,
+            detail=model_name,
+            indeterminate=True,
+        ))
+    process = subprocess.Popen(
+        ["ollama", "pull", model_name],
+        stdout=subprocess.PIPE,
+        stderr=subprocess.STDOUT,
+        text=True,
+        bufsize=1,
+    )
+    last_percent: Optional[float] = None
+    lines: List[str] = []
+    try:
+        assert process.stdout is not None
+        for raw_line in process.stdout:
+            for part in re.split(r"[\r\n]+", raw_line):
+                line = part.strip()
+                if not line:
+                    continue
+                lines.append(line)
+                match = re.search(r"(\d{1,3}(?:\.\d+)?)\s*%", line)
+                if match:
+                    last_percent = min(100.0, float(match.group(1)))
+                    if progress_emit:
+                        progress_emit(model_download_progress_payload(
+                            "download",
+                            "Ollama 모델 다운로드 중입니다.",
+                            percent=last_percent,
+                            detail=line[-180:],
+                            eta_seconds=estimate_eta_seconds(started_at, last_percent),
+                            indeterminate=False,
+                        ))
+                elif progress_emit:
+                    progress_emit(model_download_progress_payload(
+                        "download",
+                        "Ollama 모델 다운로드 중입니다.",
+                        percent=last_percent,
+                        detail=line[-180:],
+                        eta_seconds=estimate_eta_seconds(started_at, last_percent),
+                        indeterminate=last_percent is None,
+                    ))
+        returncode = process.wait()
+    except Exception:
+        process.kill()
+        raise
+    if returncode != 0:
+        tail = "\n".join(lines[-12:])
+        raise HTTPException(status_code=500, detail=tail[-2000:] or "Ollama 모델 다운로드 실패")
+    if progress_emit:
+        progress_emit(model_download_progress_payload(
+            "download",
+            "Ollama 모델 다운로드가 완료되었습니다.",
+            percent=100,
+            detail=model_name,
+            eta_seconds=0,
+            indeterminate=False,
+        ))
+    return {"provider": "ollama", "model": model_name, "returncode": returncode}
 def get_ollama_pulled_models() -> set:
     if not shutil.which("ollama"):
         return set()
@@ -3806,6 +3439,227 @@ async def prepare_and_load_model(
         "download": download_result,
     }
+def sse_event(event: str, data: Dict[str, object]) -> str:
+    return f"event: {event}\ndata: {json.dumps(data, ensure_ascii=False)}\n\n"
+async def prepare_and_load_model_stream(
+    model_id: str,
+    request: Request,
+    engine: Optional[str] = None,
+    user_email: Optional[str] = None,
+) -> AsyncIterator[str]:
+    model_id = normalize_local_model_request(model_id, engine)
+    if not model_id:
+        raise HTTPException(status_code=400, detail="모델 식별자가 비어 있습니다.")
+    parsed_provider, parsed_model = parse_model_ref(model_id)
+    if parsed_provider == "mlx":
+        parsed_provider = "local_mlx"
+    work_queue: "queue.Queue[Dict[str, object]]" = queue.Queue()
+    work_result: Dict[str, object] = {}
+    def emit_progress(payload: Dict[str, object]) -> None:
+        work_queue.put({"kind": "progress", "data": payload})
+    def blocking_prepare() -> None:
+        try:
+            local_engines = {"local_mlx", "ollama", "vllm", "lmstudio", "llamacpp"}
+            install_result: Dict[str, object] = {}
+            download_result: Optional[Dict[str, object]] = None
+            prepared_model_id = model_id
+            prepared_model_name = parsed_model
+            if parsed_provider in local_engines:
+                emit_progress(model_download_progress_payload(
+                    "engine",
+                    "실행 엔진을 확인하는 중입니다.",
+                    percent=2,
+                    indeterminate=True,
+                ))
+                install_result = ensure_engine_ready(parsed_provider)
+                emit_progress(model_download_progress_payload(
+                    "engine",
+                    "실행 엔진 준비가 완료되었습니다.",
+                    percent=10,
+                    indeterminate=False,
+                ))
+            if parsed_provider == "local_mlx":
+                explicit_path = Path(parsed_model).expanduser()
+                if explicit_path.exists():
+                    download_result = {"model": parsed_model, "path": str(explicit_path), "cached": True}
+                    emit_progress(model_download_progress_payload(
+                        "download",
+                        "로컬 모델 경로를 확인했습니다.",
+                        percent=100,
+                        detail=str(explicit_path),
+                        eta_seconds=0,
+                    ))
+                elif not hf_model_ready(parsed_model, "local_mlx"):
+                    download_result = download_hf_model(parsed_model, "local_mlx", progress_emit=emit_progress)
+                else:
+                    download_result = {"model": parsed_model, "path": str(hf_model_dir(parsed_model)), "cached": True}
+                    emit_progress(model_download_progress_payload(
+                        "download",
+                        "이미 다운로드된 모델을 확인했습니다.",
+                        percent=100,
+                        eta_seconds=0,
+                    ))
+            elif parsed_provider == "ollama":
+                emit_progress(model_download_progress_payload(
+                    "engine",
+                    "Ollama 서버를 확인하는 중입니다.",
+                    percent=12,
+                    indeterminate=True,
+                ))
+                ensure_ollama_server()
+                if parsed_model not in get_ollama_pulled_models():
+                    download_result = pull_ollama_model_with_progress(parsed_model, progress_emit=emit_progress)
+                else:
+                    download_result = {"provider": "ollama", "model": parsed_model, "cached": True}
+                    emit_progress(model_download_progress_payload(
+                        "download",
+                        "이미 다운로드된 Ollama 모델을 확인했습니다.",
+                        percent=100,
+                        detail=parsed_model,
+                        eta_seconds=0,
+                    ))
+            elif parsed_provider == "vllm":
+                if not hf_model_ready(parsed_model, "vllm"):
+                    download_result = download_hf_model(parsed_model, "vllm", progress_emit=emit_progress)
+                else:
+                    download_result = {"provider": "vllm", "model": parsed_model, "cached": True}
+                    emit_progress(model_download_progress_payload(
+                        "download",
+                        "이미 다운로드된 모델을 확인했습니다.",
+                        percent=100,
+                        detail=parsed_model,
+                        eta_seconds=0,
+                    ))
+                emit_progress(model_download_progress_payload(
+                    "server",
+                    "vLLM 서버를 시작하는 중입니다.",
+                    percent=92,
+                    indeterminate=True,
+                ))
+                ensure_vllm_server(parsed_model)
+                download_result = {**(download_result or {}), "provider": "vllm", "model": parsed_model, "server_ready": True}
+            elif parsed_provider == "llamacpp":
+                if not hf_model_ready(parsed_model, "llamacpp"):
+                    download_result = download_hf_model(parsed_model, "llamacpp", progress_emit=emit_progress)
+                else:
+                    download_result = {"provider": "llamacpp", "model": parsed_model, "cached": True}
+                    emit_progress(model_download_progress_payload(
+                        "download",
+                        "이미 다운로드된 GGUF 모델을 확인했습니다.",
+                        percent=100,
+                        detail=parsed_model,
+                        eta_seconds=0,
+                    ))
+                emit_progress(model_download_progress_payload(
+                    "server",
+                    "llama.cpp 서버를 시작하는 중입니다.",
+                    percent=92,
+                    indeterminate=True,
+                ))
+                ensure_llamacpp_server(parsed_model)
+                download_result = {**(download_result or {}), "provider": "llamacpp", "model": parsed_model, "server_ready": True}
+            elif parsed_provider == "lmstudio":
+                emit_progress(model_download_progress_payload(
+                    "download",
+                    "LM Studio 모델을 확인하는 중입니다.",
+                    percent=35,
+                    indeterminate=True,
+                ))
+                ensured = ensure_lmstudio_model(parsed_model)
+                resolved_model = str(
+                    ensured.get("instance_id")
+                    or ensured.get("resolved_model")
+                    or parsed_model
+                ).strip()
+                prepared_model_name = resolved_model
+                prepared_model_id = f"lmstudio:{resolved_model}"
+                download_result = ensured
+            else:
+                emit_progress(model_download_progress_payload(
+                    "engine",
+                    "모델 연결을 준비하는 중입니다.",
+                    percent=30,
+                    indeterminate=True,
+                ))
+            work_result.update({
+                "model_id": prepared_model_id,
+                "parsed_provider": parsed_provider,
+                "parsed_model": prepared_model_name,
+                "install_result": install_result,
+                "download_result": download_result,
+            })
+            work_queue.put({"kind": "done"})
+        except HTTPException as exc:
+            work_queue.put({"kind": "error", "status_code": exc.status_code, "detail": exc.detail})
+        except Exception as exc:
+            logging.exception("model prepare stream worker failed")
+            work_queue.put({"kind": "error", "status_code": 500, "detail": str(exc)[-2000:]})
+    worker = threading.Thread(target=blocking_prepare, daemon=True)
+    worker.start()
+    while True:
+        item = await asyncio.to_thread(work_queue.get)
+        kind = item.get("kind")
+        if kind == "progress":
+            yield sse_event("progress", item["data"])
+        elif kind == "error":
+            raise HTTPException(
+                status_code=int(item.get("status_code") or 500),
+                detail=item.get("detail") or "모델 준비에 실패했습니다.",
+            )
+        elif kind == "done":
+            break
+    prepared_model_id = str(work_result.get("model_id") or model_id)
+    prepared_provider = str(work_result.get("parsed_provider") or parsed_provider)
+    install_result = work_result.get("install_result") or {}
+    download_result = work_result.get("download_result")
+    yield sse_event("progress", model_download_progress_payload(
+        "load",
+        "모델을 메모리에 로드하는 중입니다.",
+        percent=96,
+        indeterminate=True,
+    ))
+    effective_email = (user_email or get_current_user(request) or "").strip()
+    user_api_key = get_user_api_key(effective_email, prepared_provider) if prepared_provider != "local_mlx" else None
+    msg = await router.load_model(
+        prepared_model_id,
+        None,
+        draft_model_id=None,
+        api_key_override=user_api_key,
+        owner=effective_email or None,
+    )
+    result = {
+        "status": "ok",
+        "message": msg,
+        "model": prepared_model_id,
+        "current": router.current_model_id,
+        "engine": prepared_provider,
+        "installed_now": bool(isinstance(install_result, dict) and install_result.get("installed_now")),
+        "download": download_result,
+    }
+    yield sse_event("progress", model_download_progress_payload(
+        "done",
+        "모델 준비가 완료되었습니다.",
+        percent=100,
+        eta_seconds=0,
+    ))
+    yield sse_event("done", result)
 CLOUD_VERIFY_CACHE: Dict[str, Dict] = {}
 CLOUD_VERIFY_TTL_SECONDS = 600
@@ -3964,6 +3818,38 @@ async def engines_prepare_model(req: PrepareModelRequest, request: Request):
     )
+@app.post("/engines/prepare-model/stream")
+async def engines_prepare_model_stream(req: PrepareModelRequest, request: Request):
+    require_user(request)
+    async def event_stream():
+        try:
+            async for chunk in prepare_and_load_model_stream(
+                req.model,
+                request,
+                engine=req.engine,
+                user_email=req.user_email,
+            ):
+                yield chunk
+        except HTTPException as exc:
+            yield sse_event("error", {
+                "status_code": exc.status_code,
+                "detail": exc.detail or "모델 준비에 실패했습니다.",
+            })
+        except Exception as exc:
+            logging.exception("model prepare stream failed")
+            yield sse_event("error", {
+                "status_code": 500,
+                "detail": str(exc)[-1000:] or "모델 준비에 실패했습니다.",
+            })
+    return StreamingResponse(
+        event_stream(),
+        media_type="text/event-stream",
+        headers={"Cache-Control": "no-cache", "X-Accel-Buffering": "no"},
+    )
 @app.post("/setup/set-api-key")
 async def set_api_key(req: SetApiKeyRequest, request: Request):
     from llm_router import OPENAI_COMPATIBLE_PROVIDERS
@@ -4122,14 +4008,14 @@ async def chat(req: ChatRequest, request: Request):
                 logging.warning("knowledge graph clear event ingest failed: %s", e)
         if command == "/clear_all":
             result = clear_history(0)
-            answer = f"채팅창을 정리했습니다. 화면에서 제거 {result.get('removed', 0)}개. 감사 로그와 Data Graph/RAG 데이터는 유지됩니다."
+            answer = f"채팅창을 정리했습니다. 화면에서 제거 {result.get('removed', 0)}개. 감사 로그와 지식 그래프/RAG 데이터는 유지됩니다."
         else:
             if req.conversation_id:
                 result = clear_conversation(req.conversation_id)
-                answer = f"현재 대화방 채팅창을 정리했습니다. 화면에서 제거 {result.get('removed', 0)}개. 감사 로그와 Data Graph/RAG 데이터는 유지됩니다."
+                answer = f"현재 대화방 채팅창을 정리했습니다. 화면에서 제거 {result.get('removed', 0)}개. 감사 로그와 지식 그래프/RAG 데이터는 유지됩니다."
             else:
                 result = clear_history(0)
-                answer = f"채팅창을 정리했습니다. 화면에서 제거 {result.get('removed', 0)}개. 감사 로그와 Data Graph/RAG 데이터는 유지됩니다."
+                answer = f"채팅창을 정리했습니다. 화면에서 제거 {result.get('removed', 0)}개. 감사 로그와 지식 그래프/RAG 데이터는 유지됩니다."
         append_audit_event(
             "clear_command",
             user_email=effective_email,
@@ -5155,10 +5041,7 @@ async def _phase_verify(
         ctx.state = AgentState.ROLLBACK
     elif next_s == "EXECUTING":
         if ctx.retry_count >= max_retry:
-            ctx.final_message = (
-                f"최대 재시도({max_retry}회) 초과로 작업을 종료했습니다. "
-                f"마지막 비판: {verdict.get('reason', '(없음)')}"
-            )
+            ctx.final_message = "처리 중 문제가 발생했습니다. 다시 시도해 주세요."
             ctx.state = AgentState.FAILED
         else:
             ctx.retry_count += 1
@@ -6047,9 +5930,9 @@ async def tools_computer_use_status(request: Request):
     return _tool_response(computer_status)
-# ── Computer Use API ──────────────────────────────────────────────────────────
+# ── 내 컴퓨터 API ──────────────────────────────────────────────────────────
-CU_SYSTEM_PROMPT = """You are Lattice AI Computer Use Agent. You control the Mac desktop using tools.
+CU_SYSTEM_PROMPT = """You are Lattice AI desktop-control agent. You control the Mac desktop using tools.
 Prefer non-visual direct actions when possible. Use screenshots only when you must inspect visible UI state or choose screen coordinates.
 Available actions:
@@ -6185,8 +6068,8 @@ async def cu_drag(req: CuDragRequest, request: Request):
 @app.post("/cu/agent")
 async def cu_agent(req: CuAgentRequest, request: Request):
-    """SSE streaming Computer Use agent loop."""
-    require_admin(request)
+    """SSE streaming desktop-control agent loop."""
+    require_user(request)
     async def _stream():
         task_lower = (req.task or "").lower()
         url_match = re.search(r"(https?://[^\s]+|localhost:\d+[^\s]*|127\.0\.0\.1:\d+[^\s]*)", req.task or "")
@@ -6413,9 +6296,9 @@ _MCP_TOOL_DESCRIPTIONS: Dict[str, str] = {
     "computer_scroll":       "Scroll at screen coordinates.",
     "computer_move":         "Move the mouse to screen coordinates.",
     "computer_drag":         "Drag from (x1,y1) to (x2,y2).",
-    "computer_status":       "Check if Mac Computer Use (pyautogui) is available.",
+    "computer_status":       "Check if Mac desktop control (pyautogui) is available.",
     "chrome_status":         "Report Chrome desktop bridge availability.",
-    "computer_use_status":   "Report Mac Computer Use bridge availability.",
+    "computer_use_status":   "Report Mac desktop-control bridge availability.",
     "knowledge_save":        "Save a note into the local knowledge garden.",
     "knowledge_search":      "Search the local knowledge garden.",
     "knowledge_tree":        "List local knowledge garden markdown files.",
@@ -6517,10 +6400,9 @@ async def mcp_connector(mcp_id: str, request: Request):
 @app.post("/mcp/registry/refresh")
 async def mcp_registry_refresh(request: Request):
     require_user(request)
-    global _REMOTE_REGISTRY_FETCHED_AT
-    _REMOTE_REGISTRY_FETCHED_AT = None
+    mcp_registry._REMOTE_REGISTRY_FETCHED_AT = None
     registry = await _get_combined_registry()
-    return {"status": "ok", "total": len(registry), "remote": len(_REMOTE_REGISTRY_CACHE)}
+    return {"status": "ok", "total": len(registry), "remote": len(mcp_registry._REMOTE_REGISTRY_CACHE)}
 @app.get("/mcp/claude-code-servers")
@@ -6681,8 +6563,7 @@ async def skills_list(request: Request):
 async def skills_marketplace_refresh(request: Request):
     """Skills 마켓플레이스 캐시 강제 갱신"""
     require_user(request)
-    global _SKILLS_MARKETPLACE_FETCHED_AT
-    _SKILLS_MARKETPLACE_FETCHED_AT = None
+    mcp_registry._SKILLS_MARKETPLACE_FETCHED_AT = None
     skills = await _fetch_skills_marketplace()
     by_author = {}
     for s in skills:
@@ -6725,8 +6606,7 @@ async def plugins_directory(
 async def plugins_directory_refresh(request: Request):
     """플러그인 디렉터리 캐시 강제 갱신"""
     require_user(request)
-    global _PLUGIN_DIRECTORY_FETCHED_AT
-    _PLUGIN_DIRECTORY_FETCHED_AT = None
+    mcp_registry._PLUGIN_DIRECTORY_FETCHED_AT = None
     plugins = await _fetch_plugin_directory()
     by_license = {}
     for p in plugins:
@@ -6803,6 +6683,20 @@ def setup_auto_state() -> Dict[str, object]:
         "preset": auto_setup_preset(profile, recommendation),
     }
+def primary_setup_model(recs: Dict[str, object]) -> Optional[Dict[str, object]]:
+    models = recs.get("models") if isinstance(recs, dict) else None
+    if not isinstance(models, list):
+        return None
+    candidates = [
+        item for item in models
+        if isinstance(item, dict) and not item.get("disabled") and (item.get("model_id") or (item.get("action") or {}).get("model_id"))
+    ]
+    if not candidates:
+        return None
+    return next((item for item in candidates if item.get("checked")), candidates[0])
 @app.get("/setup/scan")
 async def setup_scan(request: Request):
     """환경 감지 및 맞춤 추천 반환."""
@@ -6810,6 +6704,27 @@ async def setup_scan(request: Request):
     env  = scan_environment()
     recs = get_recommendations(env)
     zero_config = setup_auto_state()
+    primary_model = primary_setup_model(recs)
+    if primary_model:
+        model_id = primary_model.get("model_id") or (primary_model.get("action") or {}).get("model_id")
+        zero_config.setdefault("recommend", {})["model_id"] = model_id
+        zero_config["recommend"]["runtime"] = "mlx"
+        rationale = [
+            item for item in zero_config["recommend"].get("rationale", [])
+            if not (isinstance(item, str) and item.startswith("RAM ") and "→" in item)
+        ]
+        rationale.append(f"실제 다운로드 및 로드 가능한 MLX 모델 → {model_id}")
+        zero_config["recommend"]["rationale"] = rationale
+        if isinstance(zero_config.get("plan"), dict):
+            zero_config["plan"]["steps"] = [{
+                "name": f"weights:{model_id}",
+                "why": "추론에 사용할 모델 가중치",
+                "command": ["huggingface-cli", "download", model_id, "--quiet"],
+                "requires_admin": False,
+            }]
+        if isinstance(zero_config.get("preset"), dict):
+            zero_config["preset"].setdefault("model", {})["id"] = model_id
+            zero_config["preset"]["model"]["runtime"] = "mlx"
     env["zero_config"] = zero_config
     recs.setdefault("summary", {})["zero_config"] = zero_config["recommend"]
     recs["install_plan"] = zero_config["plan"]