mixdog 0.7.1

package/setup/setup-server.mjs

@@ -0,0 +1,3206 @@
+#!/usr/bin/env bun
+import { exec, execSync, spawn, spawnSync } from 'child_process';
+import { existsSync, readFileSync, writeFileSync, createWriteStream, mkdirSync, renameSync, unlinkSync, readdirSync, rmSync, statSync, openSync, readSync, closeSync } from 'fs';
+import { join, dirname, basename } from 'path';
+import { homedir, arch, platform } from 'os';
+import { fileURLToPath } from 'url';
+import http from 'http';
+import https from 'https';
+import { DEFAULT_MAINTENANCE, MAINTENANCE_SLOTS, DEFAULT_PRESETS, getPluginData } from '../src/agent/orchestrator/config.mjs';
+import { getOpenAIOAuthModelCatalogError, hasOpenAIOAuthCredentials } from '../src/agent/orchestrator/providers/openai-oauth.mjs';
+import { hasAnthropicOAuthCredentials } from '../src/agent/orchestrator/providers/anthropic-oauth.mjs';
+import { hasGrokOAuthCredentials, loginOAuth as loginGrokOAuth } from '../src/agent/orchestrator/providers/grok-oauth.mjs';
+import { resolvePluginData } from '../src/shared/plugin-paths.mjs';
+import { listSchedules } from '../src/shared/schedules-store.mjs';
+import { ensureDataSeeds } from '../src/shared/seed.mjs';
+import { backupUserData, markUserDataInitialized, shouldSeedMissingUserData } from '../src/shared/user-data-guard.mjs';
+import { tmpdir } from 'os';
+import { readSection, writeSection, updateSection, saveSecret, deleteSecret, hasStoredSecret, SECRET_ACCOUNTS, getSearchApiKey, getAgentApiKey, getDiscordToken, getWebhookAuthtoken, diagnoseDiscordTokenValue } from '../src/shared/config.mjs';
+import { applyDefaults as applyChannelsDefaults } from '../src/channels/lib/config.mjs';
+import { validateCronExpression } from '../src/channels/lib/scheduler.mjs';
+import { mergeAgentConfig, mergeMemoryConfig, mergeSearchConfig, mergeConfig, mergeEndpointConfig, mergeWebhookEndpointConfig } from './config-merge.mjs';
+
+// C2 — Origin/Referer guard for mutating routes.
+// Returns true when the request is safe to handle (same-origin loopback UI,
+// or direct curl/native-client that sends no browser Origin or Referer).
+// Empty Origin alone is no longer trusted — browsers always send Origin on
+// cross-origin requests; same-origin browser requests may omit Origin but
+// will carry a matching Referer, handled by the loopback regex below.
+function isAllowedOrigin(req) {
+  const origin = req.headers.origin || '';
+  const referer = req.headers.referer || '';
+  // No Origin AND no Referer → direct curl / native client → allow.
+  if (!origin && !referer) return true;
+  // Origin present → must match our loopback UI port.
+  if (origin) return /^http:\/\/(localhost|127\.0\.0\.1):3458(\/|$)/.test(origin);
+  // Origin absent but Referer present → allow only if Referer is loopback UI.
+  return /^http:\/\/(localhost|127\.0\.0\.1):3458(\/|$)/.test(referer);
+}
+
+// sanitizeName — reject path-traversal in user-supplied names used as
+// directory/filename components (schedules, webhooks, presets, etc.).
+function sanitizeName(n) {
+  if (!n || typeof n !== 'string') return null;
+  if (n !== basename(n)) return null;
+  if (n.includes('..') || n.startsWith('.')) return null;
+  return n;
+}
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const isWin = process.platform === 'win32';
+
+// MIXDOG_DEBUG_SETUP=1 gates verbose tracing for the chrome launcher and the
+// /open / /req HTTP path. The previous unconditional console.error calls
+// produced a wall of [open-debug] / [req-trace] noise on every config-UI
+// session even when nothing was wrong; gating preserves the diagnostic
+// power without filling supervisor.log on the happy path.
+function debugSetup(msg) {
+  if (!process.env.MIXDOG_DEBUG_SETUP) return;
+  try { console.error(`${new Date().toISOString()} ${msg}`); } catch { /* best-effort */ }
+}
+const home = homedir();
+
+// -- Channels paths --
+const DATA_DIR = resolvePluginData();
+const MIXDOG_CONFIG_PATH = join(DATA_DIR, 'mixdog-config.json');
+const STATUS_SNAPSHOT_PATH = join(DATA_DIR, 'channels', 'status-snapshot.json');
+
+// -- Workflow paths --
+const USER_WORKFLOW_PATH = join(DATA_DIR, 'user-workflow.json');
+const USER_WORKFLOW_MD_PATH = join(DATA_DIR, 'user-workflow.md');
+
+// Plugin-shipped defaults loaded from <plugin-root>/defaults/. Keeps the
+// canonical user-facing seed templates editable as plain files instead of
+// inline string constants. See defaults/user-workflow.{json,md}.
+const DEFAULTS_DIR = join(__dirname, '..', 'defaults');
+const DEFAULT_USER_WORKFLOW = JSON.parse(readFileSync(join(DEFAULTS_DIR, 'user-workflow.json'), 'utf8'));
+const DEFAULT_USER_WORKFLOW_MD = readFileSync(join(DEFAULTS_DIR, 'user-workflow.md'), 'utf8');
+
+const PORT = 3458;
+const APP_WIDTH = 950;
+const APP_HEIGHT = 900;
+const HTML_PATH = join(__dirname, 'setup.html');
+
+// Drop runtime-provider model caches on boot and after provider saves so the
+// Config UI re-fetches fresh catalogs. Caches can get stuck on partial/stale
+// responses (e.g. Codex /backend-api/codex/models returning just one model).
+function dropRuntimeModelCaches() {
+  for (const name of ['openai-oauth-models.json', 'anthropic-oauth-models.json', 'grok-oauth-models.json']) {
+    try { rmSync(join(getPluginData(), name), { force: true }); } catch {}
+  }
+}
+dropRuntimeModelCaches();
+
+// Seed user-workflow.json and user-workflow.md on first launch so Smart
+// Bridge has sensible role→preset mappings and the Lead has a baseline
+// workflow description out of the box. Leaves existing files untouched.
+try {
+  if (!existsSync(USER_WORKFLOW_PATH) && shouldSeedMissingUserData(DATA_DIR, 'user-workflow.json')) {
+    mkdirSync(DATA_DIR, { recursive: true });
+    writeFileSync(USER_WORKFLOW_PATH, JSON.stringify(DEFAULT_USER_WORKFLOW, null, 2));
+    markUserDataInitialized(DATA_DIR);
+  }
+  if (!existsSync(USER_WORKFLOW_MD_PATH) && shouldSeedMissingUserData(DATA_DIR, 'user-workflow.md')) {
+    mkdirSync(DATA_DIR, { recursive: true });
+    writeFileSync(USER_WORKFLOW_MD_PATH, DEFAULT_USER_WORKFLOW_MD);
+    markUserDataInitialized(DATA_DIR);
+  }
+} catch {}
+
+// Seed plugin-owned scaffolding files (memory-config.json, etc.).
+// Idempotent — ensureDataSeeds skips existing files; fatal throw propagates
+// anything that already exists, so the agent/index.mjs call and this one
+// can both run without colliding.
+ensureDataSeeds(DATA_DIR);
+
+// -- Helpers --
+
+function readJsonFile(path) {
+  try { return JSON.parse(readFileSync(path, 'utf8')); }
+  catch { return {}; }
+}
+
+function writeJsonFile(path, data) {
+  mkdirSync(dirname(path), { recursive: true });
+  if (path === MIXDOG_CONFIG_PATH || path === USER_WORKFLOW_PATH) {
+    try { backupUserData(DATA_DIR, path === USER_WORKFLOW_PATH ? 'pre-workflow-write' : 'pre-config-write'); } catch {}
+  }
+  const tmp = path + '.tmp';
+  writeFileSync(tmp, JSON.stringify(data, null, 2) + '\n', 'utf8');
+  renameSync(tmp, path);
+  if (path === MIXDOG_CONFIG_PATH || path === USER_WORKFLOW_PATH) {
+    try { markUserDataInitialized(DATA_DIR); } catch {}
+    try { backupUserData(DATA_DIR, path === USER_WORKFLOW_PATH ? 'post-workflow-write' : 'post-config-write'); } catch {}
+  }
+}
+
+function readConfig() { return readSection('channels'); }
+function writeConfig(data) { writeSection('channels', data); }
+
+function readAgentConfig() { return readSection('agent'); }
+function writeAgentConfig(data) { writeSection('agent', data); }
+
+function readMemoryConfig() { return readSection('memory'); }
+function writeMemoryConfig(data) { writeSection('memory', data); }
+
+function readSearchConfig() { return readSection('search'); }
+function writeSearchConfig(data) { writeSection('search', data); }
+
+// Provider availability — credential resolution follows the invariant declared
+// in Core Memory: `search.credentials → agent.providers.<x>-oauth →
+// agent.providers.<x>.apiKey`, first match. Returns the subset of the 9
+// supported providers whose credentials are already registered, so the Setup
+// UI dropdown can show only selectable options.
+const SUPPORTED_PROVIDERS = [
+  'anthropic-oauth', 'openai-oauth', 'openai-api', 'gemini-api', 'xai-api', 'grok-oauth',
+  'tavily', 'firecrawl', 'exa',
+];
+const AGENT_KEY_PROVIDER_IDS = ['openai', 'anthropic', 'gemini', 'deepseek', 'xai', 'nvidia'];
+const SEARCH_KEY_PROVIDER_IDS = ['firecrawl', 'tavily', 'exa'];
+const AGENT_PROVIDER_ENV = Object.freeze({
+  openai: 'OPENAI_API_KEY',
+  anthropic: 'ANTHROPIC_API_KEY',
+  gemini: 'GEMINI_API_KEY',
+  deepseek: 'DEEPSEEK_API_KEY',
+  xai: 'XAI_API_KEY',
+  nvidia: 'NVIDIA_API_KEY',
+});
+
+function envSecretPresent(account) {
+  const key = 'MIXDOG_' + String(account || '').replace(/[.\s]+/g, '_').toUpperCase();
+  if (process.env[key]) return true;
+  const agentMatch = String(account || '').match(/^agent\.([^.]+)\.apiKey$/);
+  if (agentMatch) {
+    const std = AGENT_PROVIDER_ENV[agentMatch[1]];
+    if (std && process.env[std]) return true;
+  }
+  return false;
+}
+
+function getSecretByAccount(account) {
+  if (account === SECRET_ACCOUNTS.discordToken) return getDiscordToken();
+  if (account === SECRET_ACCOUNTS.webhookAuth) return getWebhookAuthtoken();
+  const searchMatch = String(account || '').match(/^search\.([^.]+)\.apiKey$/);
+  if (searchMatch) return getSearchApiKey(searchMatch[1]);
+  const agentMatch = String(account || '').match(/^agent\.([^.]+)\.apiKey$/);
+  if (agentMatch) return getAgentApiKey(agentMatch[1]);
+  return null;
+}
+
+function keychainSecretPresent(account) {
+  if (hasStoredSecret(account)) return true;
+  // Cross-check through the canonical getters. On Windows the setup server can
+  // occasionally see a false negative from the low-level presence check while
+  // the normal read path succeeds; the UI cares whether the credential is
+  // actually available to runtime.
+  if (envSecretPresent(account)) return false;
+  return !!getSecretByAccount(account);
+}
+
+function secretPresence(account) {
+  return {
+    keychain: keychainSecretPresent(account),
+    env: envSecretPresent(account),
+  };
+}
+
+function fullSecretStatus(channelsConfig = null) {
+  const agent = {};
+  for (const id of AGENT_KEY_PROVIDER_IDS) agent[id] = secretPresence(SECRET_ACCOUNTS.agentApiKey(id));
+  const search = {};
+  for (const id of SEARCH_KEY_PROVIDER_IDS) search[id] = secretPresence(SECRET_ACCOUNTS.searchApiKey(id));
+  const discordToken = secretPresence(SECRET_ACCOUNTS.discordToken);
+  const discordProblem = diagnoseDiscordTokenValue(getDiscordToken(), channelsConfig || {});
+  if (discordProblem) {
+    discordToken.invalid = true;
+    discordToken.problem = discordProblem;
+  }
+  return {
+    channels: {
+      discordToken,
+      webhookAuth: secretPresence(SECRET_ACCOUNTS.webhookAuth),
+    },
+    agent,
+    memory: {
+      // Memory provider keys reuse the same provider keychain accounts as Agent.
+      agent,
+    },
+    search,
+  };
+}
+
+function saveSecretChecked(account, rawValue, label) {
+  const value = typeof rawValue === 'string' ? rawValue.trim() : '';
+  if (!value) {
+    return { attempted: false, stored: keychainSecretPresent(account), env: envSecretPresent(account), inputLength: 0 };
+  }
+  saveSecret(account, value);
+  const stored = keychainSecretPresent(account);
+  if (!stored && !envSecretPresent(account)) {
+    throw new Error(`${label}: keychain write completed but secret is not readable`);
+  }
+  return { attempted: true, stored, env: envSecretPresent(account), inputLength: value.length };
+}
+
+function deleteSecretIfCurrentValue(account, value) {
+  if (!value) return false;
+  try {
+    if (getSecretByAccount(account) !== value) return false;
+    deleteSecret(account);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function saveDiscordTokenChecked(rawValue, config) {
+  const value = typeof rawValue === 'string' ? rawValue.trim() : '';
+  if (!value) {
+    return { attempted: false, stored: keychainSecretPresent(SECRET_ACCOUNTS.discordToken), env: envSecretPresent(SECRET_ACCOUNTS.discordToken), inputLength: 0 };
+  }
+  const problem = diagnoseDiscordTokenValue(value, config || {});
+  if (problem) {
+    const removed = deleteSecretIfCurrentValue(SECRET_ACCOUNTS.discordToken, value);
+    throw new Error(`channels.discord.token: ${problem}${removed ? ' Removed the invalid saved value.' : ''}`);
+  }
+  return saveSecretChecked(SECRET_ACCOUNTS.discordToken, value, 'channels.discord.token');
+}
+
+function pruneInvalidDiscordToken(config) {
+  const value = getDiscordToken();
+  const problem = diagnoseDiscordTokenValue(value, config || {});
+  if (!problem) return null;
+  const removed = deleteSecretIfCurrentValue(SECRET_ACCOUNTS.discordToken, value);
+  return { invalid: true, removed, problem };
+}
+
+function computeAvailableProviders() {
+  const isAvailable = (id) => {
+    if (id === 'anthropic-oauth') return hasAnthropicOAuthCredentials();
+    if (id === 'openai-oauth') return hasOpenAIOAuthCredentials();
+    if (id === 'grok-oauth') return hasGrokOAuthCredentials();
+    if (id === 'openai-api') return !!getAgentApiKey('openai');
+    if (id === 'gemini-api') return !!getAgentApiKey('gemini');
+    if (id === 'xai-api') return !!getAgentApiKey('xai');
+    if (id === 'firecrawl' || id === 'tavily' || id === 'exa') return !!getSearchApiKey(id);
+    return false;
+  };
+  return SUPPORTED_PROVIDERS.filter(isAvailable);
+}
+
+function readUserWorkflow() {
+  if (!existsSync(USER_WORKFLOW_PATH)) return DEFAULT_USER_WORKFLOW;
+  try { return JSON.parse(readFileSync(USER_WORKFLOW_PATH, 'utf8')); }
+  catch { return DEFAULT_USER_WORKFLOW; }
+}
+// Phase C Ship 3 — the `worker` role is reserved and non-deletable. Smart
+// Bridge's router dispatches any request with `role: "worker"` to the
+// `worker-full` profile; if the role goes missing the router has nowhere to
+// send Worker calls. Every persist path funnels through here, so reinstating
+// the role on save keeps the contract intact regardless of how the caller
+// mutated the roster (UI drag-delete, raw MD edit, direct JSON PUT).
+function writeUserWorkflow(data) {
+  const roles = Array.isArray(data?.roles) ? data.roles.slice() : [];
+  if (!roles.some(r => r?.name === 'worker')) {
+    const existing = readUserWorkflow();
+    const preservedWorker = existing?.roles?.find(r => r?.name === 'worker');
+    const seedWorker = DEFAULT_USER_WORKFLOW.roles.find(r => r?.name === 'worker');
+    roles.unshift(preservedWorker || seedWorker);
+  }
+  const sanitizedRoles = roles.map(r => {
+    if (!r || typeof r !== "object") return r;
+    const name = sanitizeName(r.name);
+    if (name == null) throw new Error('invalid role name: ' + r.name);
+    return { ...r, name };
+  });
+  // Intentional full replace: POST /workflow/save sends the complete workflow
+  // document; no unmanaged top-level sidecar fields on user-workflow.json.
+  writeJsonFile(USER_WORKFLOW_PATH, { ...data, roles: sanitizedRoles });
+}
+
+function readUserWorkflowMd() {
+  if (!existsSync(USER_WORKFLOW_MD_PATH)) return DEFAULT_USER_WORKFLOW_MD;
+  try { return readFileSync(USER_WORKFLOW_MD_PATH, 'utf8'); }
+  catch { return DEFAULT_USER_WORKFLOW_MD; }
+}
+function writeUserWorkflowMd(content) {
+  // Intentional full replace: the UI owns the entire user-workflow.md body.
+  mkdirSync(dirname(USER_WORKFLOW_MD_PATH), { recursive: true });
+  try { backupUserData(DATA_DIR, 'pre-workflow-md-write'); } catch {}
+  const tmp = USER_WORKFLOW_MD_PATH + '.tmp';
+  writeFileSync(tmp, content, 'utf8');
+  renameSync(tmp, USER_WORKFLOW_MD_PATH);
+  try { markUserDataInitialized(DATA_DIR); } catch {}
+  try { backupUserData(DATA_DIR, 'post-workflow-md-write'); } catch {}
+}
+
+// -- HTTPS helpers --
+
+function httpGetJson(url, headers) {
+  return new Promise((resolve, reject) => {
+    const u = new URL(url);
+    const lib = u.protocol === 'https:' ? https : http;
+    const req = lib.request({
+      hostname: u.hostname, port: u.port, path: u.pathname + u.search,
+      method: 'GET', headers, timeout: 10000,
+    }, res => {
+      let body = '';
+      res.on('data', c => { body += c; });
+      res.on('end', () => { res.statusCode < 400 ? resolve(JSON.parse(body)) : reject(); });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => { req.destroy(); reject(); });
+    req.end();
+  });
+}
+
+function httpPostJson(url, data, headers) {
+  return new Promise((resolve, reject) => {
+    const u = new URL(url);
+    const body = JSON.stringify(data);
+    const lib = u.protocol === 'https:' ? https : http;
+    const req = lib.request({
+      hostname: u.hostname, port: u.port, path: u.pathname,
+      method: 'POST',
+      headers: { ...headers, 'Content-Length': Buffer.byteLength(body) },
+      timeout: 10000,
+    }, res => {
+      let buf = '';
+      res.on('data', c => { buf += c; });
+      res.on('end', () => { res.statusCode < 400 ? resolve(JSON.parse(buf)) : reject(); });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => { req.destroy(); reject(); });
+    req.write(body);
+    req.end();
+  });
+}
+
+function pingLocalHttp(url, timeoutMs = 1500) {
+  return new Promise((resolve) => {
+    try {
+      const u = new URL(url);
+      const req = http.request({
+        hostname: u.hostname, port: u.port,
+        path: u.pathname + u.search,
+        method: 'GET', timeout: timeoutMs,
+      }, res => { res.resume(); resolve(res.statusCode > 0 && res.statusCode < 500); });
+      req.on('error', () => resolve(false));
+      req.on('timeout', () => { req.destroy(); resolve(false); });
+      req.end();
+    } catch { resolve(false); }
+  });
+}
+
+// -- Agent key validation --
+
+async function validateAgentKey(provider, key) {
+  if (!key) return 'empty';
+  try {
+    switch (provider) {
+      case 'openai':
+        await httpGetJson('https://api.openai.com/v1/models', { 'Authorization': `Bearer ${key}` });
+        return 'valid';
+      case 'anthropic':
+        await httpPostJson('https://api.anthropic.com/v1/messages',
+          { model: 'claude-haiku-4-5-20251001', max_tokens: 1, messages: [{ role: 'user', content: 'hi' }] },
+          { 'x-api-key': key, 'Content-Type': 'application/json', 'anthropic-version': '2023-06-01' });
+        return 'valid';
+      case 'gemini':
+        await httpGetJson(`https://generativelanguage.googleapis.com/v1beta/models?key=${key}`, {});
+        return 'valid';
+      case 'groq':
+        await httpGetJson('https://api.groq.com/openai/v1/models', { 'Authorization': `Bearer ${key}` });
+        return 'valid';
+      case 'openrouter':
+        await httpGetJson('https://openrouter.ai/api/v1/models', { 'Authorization': `Bearer ${key}` });
+        return 'valid';
+      case 'xai':
+        await httpPostJson('https://api.x.ai/v1/chat/completions',
+          { model: 'grok-3-mini-fast', messages: [{ role: 'user', content: 'hi' }], max_tokens: 1 },
+          { 'Authorization': `Bearer ${key}`, 'Content-Type': 'application/json' });
+        return 'valid';
+      case 'nvidia':
+        await httpPostJson('https://integrate.api.nvidia.com/v1/chat/completions',
+          { model: 'meta/llama-3.3-70b-instruct', messages: [{ role: 'user', content: 'hi' }], max_tokens: 1 },
+          { 'Authorization': `Bearer ${key}`, 'Content-Type': 'application/json' });
+        return 'valid';
+      default: return 'valid';
+    }
+  } catch { return 'invalid'; }
+}
+
+// -- Search key validation --
+
+async function validateSearchKey(provider, key) {
+  if (!key) return 'empty';
+  try {
+    switch (provider) {
+      case 'serper':
+        await httpPostJson('https://google.serper.dev/search', { q: 'test' },
+          { 'X-API-KEY': key, 'Content-Type': 'application/json' });
+        return 'valid';
+      case 'brave':
+        await httpGetJson('https://api.search.brave.com/res/v1/web/search?q=test&count=1',
+          { 'X-Subscription-Token': key });
+        return 'valid';
+      case 'xai':
+        await httpPostJson('https://api.x.ai/v1/chat/completions',
+          { model: 'grok-3-mini-fast', messages: [{ role: 'user', content: 'hi' }], max_tokens: 1 },
+          { 'Authorization': `Bearer ${key}`, 'Content-Type': 'application/json' });
+        return 'valid';
+      case 'perplexity':
+        await httpPostJson('https://api.perplexity.ai/chat/completions',
+          { model: 'sonar', messages: [{ role: 'user', content: 'hi' }], max_tokens: 1 },
+          { 'Authorization': `Bearer ${key}`, 'Content-Type': 'application/json' });
+        return 'valid';
+      case 'firecrawl':
+        await httpGetJson('https://api.firecrawl.dev/v1/crawl', { 'Authorization': `Bearer ${key}` });
+        return 'valid';
+      case 'tavily':
+        await httpPostJson('https://api.tavily.com/search',
+          { api_key: key, query: 'test', max_results: 1 },
+          { 'Content-Type': 'application/json' });
+        return 'valid';
+      default: return 'valid';
+    }
+  } catch { return 'invalid'; }
+}
+
+// -- Auth detection (shared by agent & memory) --
+
+async function detectAuth(config = {}) {
+  const result = {};
+  // Single source of truth: same predicate the runtime uses to decide
+  // whether to register the provider. Avoids the UI showing "Set" while
+  // runtime disables the provider (or vice versa) when only one of the
+  // candidate paths is populated.
+  result.codexOAuth = hasOpenAIOAuthCredentials();
+  result.anthropicOAuth = hasAnthropicOAuthCredentials();
+  result.grokOAuth = hasGrokOAuthCredentials();
+  const configDir = isWin
+    ? (process.env.LOCALAPPDATA || join(home, 'AppData', 'Local'))
+    : join(home, '.config');
+  result.copilot = existsSync(join(configDir, 'github-copilot', 'hosts.json'))
+    || existsSync(join(configDir, 'github-copilot', 'apps.json'));
+  result.envKeys = {};
+  for (const [name, envKey] of [
+    ['openai', 'OPENAI_API_KEY'], ['anthropic', 'ANTHROPIC_API_KEY'],
+    ['gemini', 'GEMINI_API_KEY'], ['deepseek', 'DEEPSEEK_API_KEY'],
+    ['xai', 'XAI_API_KEY'], ['nvidia', 'NVIDIA_API_KEY'],
+  ]) { result.envKeys[name] = !!process.env[envKey]; }
+  // GROK_API_KEY is the last-resort xAI env alias honored by getAgentApiKey('xai')
+  // (shared/config.mjs is the SSOT); mirror it here so a GROK_API_KEY-only env
+  // shows xAI as available. keyStored semantics (keychain-only) stay unchanged.
+  result.envKeys.xai = result.envKeys.xai || !!process.env.GROK_API_KEY;
+  // Keychain-stored provider keys. Only this boolean is sent to the browser —
+  // the secret value never leaves the server, so the UI can show "Set" without
+  // exposing the key.
+  result.keyStored = {};
+  for (const name of ['openai', 'anthropic', 'gemini', 'deepseek', 'xai', 'nvidia']) {
+    result.keyStored[name] = hasStoredSecret(SECRET_ACCOUNTS.agentApiKey(name));
+  }
+  const ollamaUrl = config?.providers?.ollama?.baseURL || 'http://localhost:11434/v1';
+  const lmstudioUrl = config?.providers?.lmstudio?.baseURL || 'http://localhost:1234/v1';
+  const [ollamaUp, lmstudioUp] = await Promise.all([
+    pingLocalHttp(ollamaUrl + '/models'),
+    pingLocalHttp(lmstudioUrl + '/models'),
+  ]);
+  result.ollama = ollamaUp;
+  result.lmstudio = lmstudioUp;
+  return result;
+}
+
+// -- Provider model listing --
+
+// Static model fallback removed: model lists must come from the live
+// provider (registry.mjs `provider.listModels()` or the provider's REST
+// endpoint). Hard-coded lists drift behind real releases (e.g. opus-4-6
+// vs opus-4-7) and silently mis-resolve saved presets. Empty result on
+// missing credentials is the correct invariant — only show models the
+// user can actually use.
+
+// Try the live provider registry first (dynamic catalog via /v1/models,
+// Codex /backend-api/codex/models, Gemini /v1beta/models). Returns null on
+// any failure so the caller uses the direct HTTP endpoint handlers below.
+// Preserves full metadata (tier, family, latest,
+// contextWindow, reasoningLevels, pricing) so the UI can build tier-grouped
+// dropdowns and adapt effort options per model.
+//
+// registry.mjs populates its provider Map only after initProviders(cfg) is
+// called, so setup-server (which never runs the agent's normal boot path)
+// must force-init before querying — otherwise getProvider() returns
+// undefined and listModels() never runs.
+// Provider IDs registry.mjs actually knows. Listing anything else makes
+// initProviders throw `unknown enabled provider: …`, which the outer catch
+// swallows — silently nuking every model lookup for every provider. Keep
+// in sync with src/agent/orchestrator/providers/registry.mjs.
+const _RUNTIME_PROVIDER_NAMES = [
+  'anthropic', 'anthropic-oauth', 'openai', 'openai-oauth',
+  'gemini', 'deepseek', 'xai', 'grok-oauth', 'nvidia',
+  'ollama', 'lmstudio',
+];
+
+async function getRuntimeProviderModels(providerId, cfg, opts = {}) {
+  try {
+    const { initProviders, getProvider } = await import('../src/agent/orchestrator/providers/registry.mjs');
+    const initCfg = {};
+    for (const name of _RUNTIME_PROVIDER_NAMES) {
+      initCfg[name] = { ...(cfg?.providers?.[name] || {}), enabled: true };
+    }
+    await initProviders(initCfg);
+    const provider = getProvider(providerId);
+    if (!provider) return null;
+    let models = null;
+    if (opts.forceRefresh && typeof provider._refreshModelCache === 'function') {
+      models = await provider._refreshModelCache();
+    }
+    if (!Array.isArray(models) || models.length === 0) models = await provider.listModels();
+    if (!Array.isArray(models) || models.length === 0) return null;
+    return models
+      .map(m => {
+        if (typeof m === 'string') return { id: m };
+        const id = m?.id || m?.name;
+        if (!id) return null;
+        return { ...m, id: String(id) };
+      })
+      .filter(Boolean);
+  } catch { return null; }
+}
+
+function _idOnly(id) { return id ? { id: String(id) } : null; }
+
+// Per-provider id blocklist applied to dynamic and direct-HTTP catalogs.
+// Pro tier models are surfaced by /v1/models but not usable through the
+// standard chat/responses paths we support, so they get filtered out at
+// catalog level rather than per-UI.
+const _MODEL_ID_BLOCKLIST = {
+  openai: [/^gpt-\d+(\.\d+)?-pro(-|$)/i, /^o\d+-pro(-|$)/i, /^sora-\d+-pro(-|$)/i],
+  'openai-oauth': [/^gpt-\d+(\.\d+)?-pro(-|$)/i],
+};
+function _applyModelBlocklist(providerId, models) {
+  const rules = _MODEL_ID_BLOCKLIST[providerId];
+  if (!rules || !Array.isArray(models)) return models;
+  return models.filter(m => {
+    const id = typeof m === 'string' ? m : m?.id;
+    if (!id) return true;
+    return !rules.some(re => re.test(id));
+  });
+}
+
+function _configuredProviderModels(providerId, cfg) {
+  const provider = normalizeAgentProviderId(providerId);
+  const presets = Array.isArray(cfg?.presets) ? cfg.presets : [];
+  const seen = new Set();
+  const out = [];
+  for (const p of presets) {
+    const modelId = String(p?.model || '').trim();
+    if (!modelId || seen.has(modelId)) continue;
+    if (normalizeAgentProviderId(p?.provider) !== provider) continue;
+    seen.add(modelId);
+    out.push(_modelFromConfiguredId(modelId, provider));
+  }
+  return out;
+}
+
+function _modelFromConfiguredId(id, provider) {
+  const family = _familyFromModelId(id);
+  return {
+    id,
+    display: _displayFromModelId(id),
+    provider,
+    family,
+    tier: /-\d{8}$/.test(id) ? 'dated' : /-\d+-\d+/.test(id) ? 'version' : undefined,
+    latest: true,
+    contextWindow: _contextWindowFromModelId(id),
+    mode: 'chat',
+  };
+}
+
+function _familyFromModelId(id) {
+  const claude = String(id || '').match(/^claude-(opus|sonnet|haiku)/i);
+  if (claude) return claude[1].toLowerCase();
+  const gpt = String(id || '').match(/^(gpt-\d+)/i);
+  if (gpt) return gpt[1].toLowerCase();
+  return undefined;
+}
+
+function _displayFromModelId(id) {
+  const m = String(id || '').match(/^claude-(opus|sonnet|haiku)-(\d+)-(\d+)(?:-\d{8})?$/i);
+  if (!m) return id;
+  const family = m[1].charAt(0).toUpperCase() + m[1].slice(1).toLowerCase();
+  return `Claude ${family} ${m[2]}.${m[3]}`;
+}
+
+function _contextWindowFromModelId(id) {
+  const v = String(id || '').toLowerCase();
+  if (/^claude-opus-4-(6|7|8)(?:$|-)/.test(v)) return 1000000;
+  if (/^claude-sonnet-4-6(?:$|-)/.test(v)) return 1000000;
+  if (/^claude-haiku-4-5/.test(v)) return 200000;
+  if (/^gpt-5(?:\.|-|$)/.test(v)) return 1000000;
+  return null;
+}
+
+function _hasAllConfiguredModels(providerId, cfg, models) {
+  const ids = new Set((models || []).map(m => typeof m === 'string' ? m : m?.id).filter(Boolean).map(String));
+  return _configuredProviderModels(providerId, cfg).every(m => ids.has(m.id));
+}
+
+function _mergeConfiguredModels(providerId, cfg, models) {
+  const out = Array.isArray(models) ? models.slice() : [];
+  const ids = new Set(out.map(m => typeof m === 'string' ? m : m?.id).filter(Boolean).map(String));
+  for (const model of _configuredProviderModels(providerId, cfg).reverse()) {
+    if (ids.has(model.id)) continue;
+    out.unshift(model);
+    ids.add(model.id);
+  }
+  return out;
+}
+
+async function listProviderModels(providerId, cfg) {
+  // Search backends use suffix-tagged IDs (openai-api / gemini-api / xai-api)
+  // that share their model catalog with the bare provider. Alias them ONLY
+  // for the direct-HTTP fallback path. The runtime registry has its own
+  // provider entry per auth shape (`anthropic-oauth` ≠ `anthropic`), so the
+  // runtime call must keep the original ID.
+  const HTTP_ALIAS = {
+    'openai-api': 'openai',
+    'gemini-api': 'gemini',
+    'xai-api': 'xai',
+  };
+  const httpLookupId = HTTP_ALIAS[providerId] || providerId;
+  const pcfg = cfg?.providers?.[providerId] || cfg?.providers?.[httpLookupId] || {};
+  // 1. Runtime provider (dynamic catalog, cached 24h). Try the original ID
+  // first (oauth providers expose their own model catalog), then the bare
+  // alias (gemini-api → gemini etc. where the registry only knows the
+  // unsuffixed entry).
+  let runtime = await getRuntimeProviderModels(providerId, cfg);
+  if ((!runtime || runtime.length === 0) && httpLookupId !== providerId) {
+    runtime = await getRuntimeProviderModels(httpLookupId, cfg);
+  }
+  if (runtime && runtime.length > 0 && !_hasAllConfiguredModels(providerId, cfg, runtime)) {
+    const refreshed = await getRuntimeProviderModels(providerId, cfg, { forceRefresh: true });
+    if (refreshed && refreshed.length > 0) runtime = refreshed;
+  }
+  if (runtime && runtime.length > 0) {
+    return _applyModelBlocklist(providerId, _mergeConfiguredModels(providerId, cfg, runtime));
+  }
+  // 2. Direct HTTP model list for key-based providers.
+  const KNOWN_ENDPOINTS = {
+    openai: { url: 'https://api.openai.com/v1/models', auth: k => ({ 'Authorization': `Bearer ${k}` }) },
+    xai: { url: 'https://api.x.ai/v1/models', auth: k => ({ 'Authorization': `Bearer ${k}` }) },
+    deepseek: { url: 'https://api.deepseek.com/v1/models', auth: k => ({ 'Authorization': `Bearer ${k}` }) },
+    nvidia: { url: 'https://integrate.api.nvidia.com/v1/models', auth: k => ({ 'Authorization': `Bearer ${k}` }) },
+  };
+  const ep = KNOWN_ENDPOINTS[httpLookupId];
+  if (ep && pcfg.apiKey) {
+    try {
+      const json = await httpGetJson(ep.url, ep.auth(pcfg.apiKey));
+      const data = Array.isArray(json?.data) ? json.data : [];
+      // Preserve `created` (UNIX timestamp) so the UI can apply its 6-month
+      // freshness cutoff. Without it the dropdown silently includes legacy
+      // generations (gpt-3.5-turbo, gpt-4-0613, …) because the filter has
+      // no date to compare against.
+      const mapped = data
+        .map(m => {
+          const id = m?.id || m?.name;
+          if (!id) return null;
+          const entry = { id: String(id) };
+          if (typeof m.created === 'number' && m.created > 0) entry.created = m.created;
+          return entry;
+        })
+        .filter(Boolean)
+        .sort((a, b) => (b.created || 0) - (a.created || 0) || a.id.localeCompare(b.id));
+      return _applyModelBlocklist(providerId, mapped);
+    } catch { /* runtime+HTTP both unavailable → fall through to [] */ }
+  }
+
+  const LOCAL_DEFAULTS = { ollama: 'http://localhost:11434/v1/models', lmstudio: 'http://localhost:1234/v1/models' };
+  if (LOCAL_DEFAULTS[providerId]) {
+    const baseURL = pcfg.baseURL || LOCAL_DEFAULTS[providerId].replace(/\/models$/, '');
+    const url = `${baseURL.replace(/\/$/, '')}/models`;
+    try {
+      const json = await httpGetJson(url, {});
+      const data = Array.isArray(json?.data) ? json.data : [];
+      return data
+        .map(m => _idOnly(m.id || m.name))
+        .filter(Boolean)
+        .sort((a, b) => a.id.localeCompare(b.id));
+    } catch { return []; }
+  }
+  return [];
+}
+
+// -- Presets (shared logic for agent & memory) --
+
+const VALID_TOOLS = new Set(['full', 'readonly', 'mcp']);
+const VALID_EFFORTS = new Set(['none', 'low', 'medium', 'high', 'xhigh', 'max']);
+const AGENT_PROVIDER_ALIASES = Object.freeze({
+  'openai-api': 'openai',
+  'gemini-api': 'gemini',
+  'xai-api': 'xai',
+});
+const FAST_CAPABLE_PRESET_PROVIDERS = new Set([
+  'anthropic',
+  'anthropic-oauth',
+  'openai',
+  'openai-oauth',
+]);
+function normalizeAgentProviderId(provider) {
+  const id = String(provider || '').trim();
+  return AGENT_PROVIDER_ALIASES[id] || id;
+}
+
+function normalizePreset(input) {
+  if (!input || typeof input !== 'object') throw new Error('preset must be an object');
+  const id = String(input.id || '').trim();
+  if (!id) throw new Error('preset.id is required');
+  if (!/^[a-zA-Z0-9._-]+$/.test(id)) throw new Error('preset.id must be alphanumeric (._- allowed)');
+  const model = String(input.model || '').trim();
+  if (!model) throw new Error('preset.model is required');
+  const provider = normalizeAgentProviderId(input.provider);
+  if (!provider) throw new Error('preset.provider is required');
+  const tools = String(input.tools || 'full');
+  if (!VALID_TOOLS.has(tools)) throw new Error(`preset.tools must be one of ${[...VALID_TOOLS].join(', ')}`);
+  const out = { id, type: 'bridge', model, provider, tools };
+  if (typeof input.name === 'string' && input.name.trim()) out.name = input.name.trim();
+  if (input.effort != null && input.effort !== '') {
+    const effort = String(input.effort);
+    if (!VALID_EFFORTS.has(effort)) throw new Error(`preset.effort must be one of ${[...VALID_EFFORTS].join(', ')}`);
+    out.effort = effort;
+  }
+  if (input.fast === true && FAST_CAPABLE_PRESET_PROVIDERS.has(provider)) out.fast = true;
+  return out;
+}
+
+function readAgentPresets() {
+  const cfg = readAgentConfig();
+  // Migrated/unified configs may have no agent.presets key (vs an explicit
+  // empty array, which the user may have intentionally cleared). Fall back
+  // to the seeded defaults only when the key is absent so the Custom
+  // Workflow dropdowns render real options on first load. An explicit
+  // empty array stays empty — matches the "No presets yet" UI path.
+  const raw = Array.isArray(cfg.presets)
+    ? cfg.presets
+    : DEFAULT_PRESETS.map((p) => ({ ...p }));
+  return raw.map((p) => {
+    try { return normalizePreset(p); }
+    catch { return p; }
+  });
+}
+
+function writeAgentPresets(list) {
+  const cfg = readAgentConfig();
+  // Intentional presets-array replace inside read-modify-write agent section
+  // (other agent keys preserved via writeAgentConfig).
+  cfg.presets = Array.isArray(list) ? list.map((p) => normalizePreset(p)) : [];
+  if ('defaultPreset' in cfg) delete cfg.defaultPreset;
+  const validKeys = cfg.presets.map(p => p.id || p.name).filter(Boolean);
+  if (!cfg.default || !validKeys.includes(cfg.default)) cfg.default = validKeys[0] || null;
+  writeAgentConfig(cfg);
+}
+
+function readMemoryPresets() {
+  const cfg = readMemoryConfig();
+  return Array.isArray(cfg.presets) ? cfg.presets : [];
+}
+
+function writeMemoryPresets(list) {
+  const cfg = readMemoryConfig();
+  // Intentional presets-array replace inside read-modify-write memory section.
+  cfg.presets = list;
+  writeMemoryConfig(cfg);
+}
+
+function getMemoryServicePort() {
+  const active = JSON.parse(readFileSync(join(tmpdir(), 'mixdog', 'active-instance.json'), 'utf8'));
+  const port = Number(active && active.memory_port);
+  if (!Number.isFinite(port) || port <= 0) {
+    throw new Error('active-instance.json missing memory_port');
+  }
+  return port;
+}
+
+function memoryServiceCall(method, urlPath, body, timeoutMs = 600000) {
+  return new Promise((resolve, reject) => {
+    const port = getMemoryServicePort();
+    const payload = body ? JSON.stringify(body) : null;
+    const req = http.request({
+      hostname: '127.0.0.1',
+      port,
+      path: urlPath,
+      method,
+      headers: payload
+        ? { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) }
+        : {},
+      timeout: Math.max(1, timeoutMs),
+    }, (res) => {
+      const chunks = [];
+      res.on('data', (c) => chunks.push(c));
+      res.on('end', () => {
+        const text = Buffer.concat(chunks).toString('utf8');
+        let parsed;
+        try { parsed = JSON.parse(text); }
+        catch (e) { reject(new Error(`memory-service ${urlPath} invalid JSON: ${e.message}`)); return; }
+        resolve({ statusCode: res.statusCode, body: parsed });
+      });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => { req.destroy(new Error('memory-service timeout')); });
+    if (payload) req.write(payload);
+    req.end();
+  });
+}
+
+const WINDOWS_BROWSER_CANDIDATES = [
+  { label: 'Chrome (user)', env: 'LOCALAPPDATA', parts: ['Google', 'Chrome', 'Application', 'chrome.exe'] },
+  { label: 'Chrome (Program Files)', env: 'PROGRAMFILES', parts: ['Google', 'Chrome', 'Application', 'chrome.exe'] },
+  { label: 'Chrome (Program Files x86)', env: 'PROGRAMFILES(X86)', parts: ['Google', 'Chrome', 'Application', 'chrome.exe'] },
+  { label: 'Edge (user)', env: 'LOCALAPPDATA', parts: ['Microsoft', 'Edge', 'Application', 'msedge.exe'] },
+  { label: 'Edge (Program Files)', env: 'PROGRAMFILES', parts: ['Microsoft', 'Edge', 'Application', 'msedge.exe'] },
+  { label: 'Edge (Program Files x86)', env: 'PROGRAMFILES(X86)', parts: ['Microsoft', 'Edge', 'Application', 'msedge.exe'] },
+  { label: 'Brave (user)', env: 'LOCALAPPDATA', parts: ['BraveSoftware', 'Brave-Browser', 'Application', 'brave.exe'] },
+  { label: 'Brave (Program Files)', env: 'PROGRAMFILES', parts: ['BraveSoftware', 'Brave-Browser', 'Application', 'brave.exe'] },
+  { label: 'Brave (Program Files x86)', env: 'PROGRAMFILES(X86)', parts: ['BraveSoftware', 'Brave-Browser', 'Application', 'brave.exe'] },
+  { label: 'Vivaldi (user)', env: 'LOCALAPPDATA', parts: ['Vivaldi', 'Application', 'vivaldi.exe'] },
+  { label: 'Vivaldi (Program Files)', env: 'PROGRAMFILES', parts: ['Vivaldi', 'Application', 'vivaldi.exe'] },
+  { label: 'Vivaldi (Program Files x86)', env: 'PROGRAMFILES(X86)', parts: ['Vivaldi', 'Application', 'vivaldi.exe'] },
+];
+
+function getBrowserPath() {
+  const checked = [];
+  const missingEnv = new Set();
+  const seenPaths = new Set();
+
+  for (const candidate of WINDOWS_BROWSER_CANDIDATES) {
+    const base = process.env[candidate.env];
+    if (!base) {
+      missingEnv.add(candidate.env);
+      continue;
+    }
+
+    const browserPath = join(base, ...candidate.parts);
+    if (seenPaths.has(browserPath)) continue;
+    seenPaths.add(browserPath);
+    checked.push({ label: candidate.label, path: browserPath });
+    if (existsSync(browserPath)) return browserPath;
+  }
+
+  const checkedText = checked.length
+    ? checked.map(item => `${item.label}: ${item.path}`).join('; ')
+    : 'no candidate paths because required environment variables were missing';
+  const missingText = missingEnv.size ? ` Missing env vars: ${[...missingEnv].join(', ')}.` : '';
+  console.error(`[setup] No supported Chromium browser found for Config UI app mode. Checked ${checked.length} path(s): ${checkedText}.${missingText}`);
+  return null;
+}
+
+// One stable chrome profile dir reused across /mixdog:config invocations.
+//
+// Previous design created a fresh `chrome-app-<unix-ms>` per call to sidestep
+// the singleton-lock issue, but that forced chrome through its full first-run
+// path every time: many short-lived helper subprocesses (component update,
+// crash handler, network service, gpu, renderer warmups, etc.), each
+// allocating a conhost window even with the cmd.exe console-inherit trick.
+// Users saw this as repeated terminal flashes throughout the loading
+// spinner. Stable profile means first-run happens once; subsequent launches
+// open the popup directly with no helper churn.
+//
+// Singleton-lock collision is handled in the launch path: the vbs that
+// ShellExecutes chrome first taskkill-s any existing `MIXDOG CONFIG` window,
+// so the profile lock is released before the new chrome boots. The kill
+// runs hidden+synchronous via WScript.Shell.Run, no extra spawn flash.
+//
+// Sweep legacy `chrome-app-<unix-ms>` dirs (from the fresh-profile era) so
+// they don't bloat the data dir.
+const CHROME_PROFILE_DIR = 'chrome-app-profile';
+const CHROME_PROFILE_LEGACY_PREFIX = 'chrome-app-';
+function ensureStableChromeProfileDir() {
+  const root = DATA_DIR;
+  // Sweep old `chrome-app-<digits>` directories (legacy, not the stable one).
+  try {
+    const entries = readdirSync(root, { withFileTypes: true });
+    for (const e of entries) {
+      if (!e.isDirectory()) continue;
+      if (e.name === CHROME_PROFILE_DIR) continue;
+      if (!e.name.startsWith(CHROME_PROFILE_LEGACY_PREFIX)) continue;
+      const suffix = e.name.slice(CHROME_PROFILE_LEGACY_PREFIX.length);
+      if (!/^\d+$/.test(suffix)) continue;
+      try { rmSync(join(root, e.name), { recursive: true, force: true }); } catch {}
+    }
+  } catch {}
+  const profileDir = join(root, CHROME_PROFILE_DIR);
+  try { mkdirSync(profileDir, { recursive: true }); } catch {}
+  // Suppress chrome's password-save prompt and autofill prompts inside the
+  // config UI popup. The setup window only renders local form fields (API
+  // keys, tokens) that chrome would otherwise treat as login fields and pop
+  // a "save password?" bubble on every edit. Writing the Preferences file
+  // before chrome's first launch with this profile dir is the only reliable
+  // way to disable the password manager — command-line flags alone don't
+  // suppress the bubble in current chrome versions. Only seed on first
+  // launch (file absent); preserve user-mutated state otherwise.
+  try {
+    const defaultDir = join(profileDir, 'Default');
+    mkdirSync(defaultDir, { recursive: true });
+    const prefsPath = join(defaultDir, 'Preferences');
+    if (!existsSync(prefsPath)) {
+      writeFileSync(
+        prefsPath,
+        JSON.stringify({
+          credentials_enable_service: false,
+          credentials_enable_autosignin: false,
+          profile: { password_manager_enabled: false },
+          autofill: { enabled: false, profile_enabled: false, credit_card_enabled: false },
+        }),
+        'utf8',
+      );
+    }
+  } catch {}
+  return profileDir;
+}
+
+// killChromesUsingProfile() and the makeFreshChromeProfileDir alias were
+// removed: with per-launch profile dirs there is no singleton contention
+// to clean up, and the alias only ever pointed at ensureStableChromeProfileDir
+// from a single call site.
+
+// Terminate every chrome.exe whose command line references a mixdog
+// per-launch profile dir (matched by prefix `chrome-app-`). Runs before
+// each new `--app=` spawn so old popups die and release their keepalive
+// HTTP connections to setup-server; without this the connections pile up
+// in ESTABLISHED state and exhaust the listener's accept queue (visible
+// to the user as `/mixdog:config` printing "Config UI" but every
+// subsequent fetch — including F5 — hanging forever).
+function killAllMixdogChromes() {
+  if (!isWin) return;
+  debugSetup(`[open-debug] killAllMixdogChromes spawnSync powershell`);
+  const script =
+    "Get-CimInstance Win32_Process -Filter \"Name='chrome.exe'\" -ErrorAction SilentlyContinue | " +
+    "Where-Object { $_.CommandLine -and $_.CommandLine -match 'chrome-app-' } | " +
+    "ForEach-Object { Stop-Process -Id $_.ProcessId -Force -ErrorAction SilentlyContinue }";
+  try {
+    spawnSync(
+      'powershell.exe',
+      ['-NoProfile', '-NonInteractive', '-WindowStyle', 'Hidden', '-Command', script],
+      { encoding: 'utf8', windowsHide: true, stdio: ['ignore', 'ignore', 'ignore'], timeout: 6000 },
+    );
+  } catch {
+    // Best-effort. If chrome stays alive the next spawn may still succeed
+    // (different profile dir), at worst the user gets a duplicate window.
+  }
+}
+
+// Bring the most recently spawned MIXDOG CONFIG window to the foreground.
+// Bring the newest MIXDOG CONFIG window to the foreground. WScript.Shell
+// AppActivate only — no Add-Type / P-Invoke. Add-Type compiles C# at runtime
+// via csc.exe, which flashes a conhost window and adds ~1-2s; AppActivate is a
+// script-context activation Windows allows with no compile. A SendKeys('%')
+// first synthesizes an Alt input event from this process, lifting the
+// foreground restriction so AppActivate reliably promotes the window. Detached
+// PowerShell — does not block the /open response. Polls up to ~3s (Chrome may
+// take 400-900ms to bind its window title after launch).
+function focusNewestMixdogWindow() {
+  if (!isWin) return;
+  debugSetup(`[open-debug] focusNewestMixdogWindow spawn powershell`);
+  const psScript =
+    "$sh = New-Object -ComObject WScript.Shell;\n" +
+    "for ($i = 0; $i -lt 12; $i++) {\n" +
+    "  Start-Sleep -Milliseconds 250;\n" +
+    "  $p = Get-Process | Where-Object { $_.MainWindowTitle -eq 'MIXDOG CONFIG' } | Sort-Object StartTime -Descending | Select-Object -First 1;\n" +
+    "  if ($p -and $p.MainWindowHandle -ne 0) {\n" +
+    "    try { $sh.SendKeys('%') } catch {}\n" +
+    "    $sh.AppActivate($p.Id) | Out-Null;\n" +
+    "    break;\n" +
+    "  }\n" +
+    "}";
+  try {
+    const child = spawn(
+      'powershell.exe',
+      ['-NoProfile', '-NonInteractive', '-WindowStyle', 'Hidden', '-Command', psScript],
+      { detached: true, stdio: 'ignore', windowsHide: true },
+    );
+    child.unref();
+  } catch {
+    // best-effort — window still opens, just may stay buried
+  }
+}
+
+function getCenteredWindowPosition() {
+  if (!isWin) return null;
+  debugSetup(`[open-debug] getCenteredWindowPosition spawnSync powershell`);
+  // Center on whichever monitor the cursor is on, not unconditionally on
+  // PrimaryScreen. With a two-monitor setup the popup used to land on the
+  // primary at (805, 246) even when the user was working on the secondary —
+  // so they reported the window as "not showing" while it was actually
+  // visible on the other monitor. Pick the active monitor via
+  // Cursor.Position → Screen.FromPoint.
+  const script = [
+    "[void][Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms')",
+    "$p=[System.Windows.Forms.Cursor]::Position",
+    "$s=[System.Windows.Forms.Screen]::FromPoint($p)",
+    "$a=$s.WorkingArea",
+    'Write-Output "$($a.X),$($a.Y),$($a.Width),$($a.Height)"',
+  ].join(';');
+  try {
+    const result = spawnSync('powershell.exe', ['-NoProfile', '-NonInteractive', '-WindowStyle', 'Hidden', '-Command', script], {
+      encoding: 'utf8',
+      windowsHide: true,
+      stdio: ['ignore', 'pipe', 'ignore'],
+    });
+    if (result.status !== 0) return null;
+    const [x, y, width, height] = (result.stdout || '').trim().split(',').map(Number);
+    if ([x, y, width, height].some(Number.isNaN)) return null;
+    return {
+      x: Math.max(0, Math.round(x + ((width - APP_WIDTH) / 2))),
+      y: Math.max(0, Math.round(y + ((height - APP_HEIGHT) / 2))),
+    };
+  } catch {
+    return null;
+  }
+}
+
+function formatOpenError(error) {
+  return error instanceof Error ? error.message : String(error);
+}
+
+function describeSpawnSyncResult(result) {
+  if (result.error) return formatOpenError(result.error);
+  const details = [];
+  if (typeof result.status === 'number') details.push(`exit status ${result.status}`);
+  if (result.signal) details.push(`signal ${result.signal}`);
+  const stderr = (result.stderr || '').toString().trim();
+  const stdout = (result.stdout || '').toString().trim();
+  if (stderr) details.push(`stderr: ${stderr}`);
+  if (stdout) details.push(`stdout: ${stdout}`);
+  return details.join('; ') || 'unknown launch failure';
+}
+
+function logOpenFailure(method, message) {
+  console.error(`[setup] Failed to open Config UI window via ${method}: ${message}`);
+}
+
+function tryDetachedOpen(method, command, args, attempts) {
+  return new Promise(resolve => {
+    let child;
+    let settled = false;
+    const finish = ok => {
+      if (settled) return;
+      settled = true;
+      resolve(ok);
+    };
+
+    try {
+      child = spawn(command, args, {
+        detached: true,
+        stdio: 'ignore',
+        windowsHide: true,
+      });
+    } catch (error) {
+      const message = formatOpenError(error);
+      attempts.push({ method, ok: false, error: message });
+      logOpenFailure(method, message);
+      finish(false);
+      return;
+    }
+
+    child.once('error', error => {
+      const message = formatOpenError(error);
+      attempts.push({ method, ok: false, error: message });
+      logOpenFailure(method, message);
+      finish(false);
+    });
+    child.once('spawn', () => {
+      child.unref();
+      attempts.push({ method, ok: true });
+      finish(true);
+    });
+  });
+}
+
+function trySyncOpen(method, command, args, attempts) {
+  debugSetup(`[open-debug] trySyncOpen method=${method} command=${command}`);
+  let result;
+  try {
+    result = spawnSync(command, args, {
+      encoding: 'utf8',
+      windowsHide: true,
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+  } catch (error) {
+    const message = formatOpenError(error);
+    attempts.push({ method, ok: false, error: message });
+    logOpenFailure(method, message);
+    return false;
+  }
+
+  if (!result.error && result.status === 0) {
+    attempts.push({ method, ok: true });
+    return true;
+  }
+
+  const message = describeSpawnSyncResult(result);
+  attempts.push({ method, ok: false, error: message });
+  logOpenFailure(method, message);
+  return false;
+}
+
+function quotePowerShellString(value) {
+  return `'${String(value).replace(/'/g, "''")}'`;
+}
+
+// Serialize every window-open sequence through one in-process chain. All
+// /open requests (and the open-on-start path) funnel through this single
+// server process, so concurrent opens would otherwise race the FindChromePid
+// existence gate: open #2 runs while open #1's browser has spawned but is not
+// yet discoverable, sees pid=0, and deletes the LIVE owner's Singleton* files
+// then respawns. The lock holds (see openAppWindowSequence's win32 path) until
+// the spawned browser is discoverable or its launcher child exits, so by the
+// time the next sequence runs the existence check is stable.
+let openWindowChain = Promise.resolve();
+function openAppWindow() {
+  // Run after the previous sequence settles (success OR failure), ignoring its
+  // result; keep the chain alive with a rejection-swallowing tail so one
+  // failed open never poisons later opens.
+  const run = openWindowChain.then(openAppWindowSequence, openAppWindowSequence);
+  openWindowChain = run.then(() => {}, () => {});
+  return run;
+}
+
+async function openAppWindowSequence() {
+  const appUrl = `http://localhost:${PORT}`;
+  const attempts = [];
+
+  if (isWin) {
+    const browser = getBrowserPath();
+    if (browser) {
+      // Chrome `--app=` mode renders the frameless standalone popup the
+      // user wants. Two pitfalls handled:
+      // 1. Singleton lock: shared user-data-dir + stale chrome session →
+      //    IPC reuse → silent no-op when prior window was closed. Sidestep
+      //    via unique per-launch profile dir.
+      // 2. Socket-leak deadlock: each chrome holds persistent keepalive
+      //    HTTP connections to setup-server. Repeated launches without
+      //    closing earlier popups accumulate ESTABLISHED/CLOSE_WAIT entries
+      //    until the server can't accept new requests (F5 hangs forever).
+      //    Sweep any mixdog-owned chrome before spawning so connections
+      //    are released and only one popup is ever live.
+      // killAllMixdogChromes / getCenteredWindowPosition / focusNewestMixdogWindow
+      // were each spawning a PowerShell child (3 console-flash sources per
+      // /open). Removing them eliminates the conhost flashes. Trade-offs: old
+      // popups stay alive until the user closes them, the new window opens at
+      // chrome's default position rather than centered on the cursor's
+      // monitor, and it spawns behind whatever was foregrounded. Use a fresh
+      // per-launch profile dir to guarantee a new window even without the
+      // singleton kill.
+      const chromeProfile = ensureStableChromeProfileDir();
+      debugSetup(`[open-debug] chromeProfile=${chromeProfile}`);
+      const args = [
+        `--app=${appUrl}`,
+        `--user-data-dir=${chromeProfile}`,
+        `--window-size=${APP_WIDTH},${APP_HEIGHT}`,
+        '--no-first-run',
+        '--no-default-browser-check',
+        // Password/autofill suppression defensive belt to the Preferences
+        // file suspenders above (some code paths key off the flag instead).
+        '--password-store=basic',
+        // Helper-subprocess minimization (verified safe). --no-zygote and
+        // the other startup-stripping flags broke renderer init (blank
+        // page), so this set is the maximum that keeps chrome rendering:
+        //   Audio in-process via --disable-features below.
+        //   --disable-logging / --log-level=3: suppress chrome's stderr
+        //     pipe so helpers don't allocate a console.
+        //   --enable-features=...:disable trims a few background services.
+        // Removed in this revision:
+        //   --in-process-gpu: produced a white screen on the --app window
+        //     (renderer JS executed, .main.ready class landed, /generation
+        //     polled; but the compositor never painted). The cmd.exe show=0
+        //     wrapper above already hides every helper conhost, so this
+        //     optimization saved one process at the cost of breaking
+        //     rendering — keep the default out-of-process GPU.
+        //   --no-sandbox: did not reduce helper count (sandbox is per-
+        //     renderer, not a separate process). It only triggered chrome's
+        //     "unsupported command-line flag" warning bar on top of the
+        //     --app window. Zero ergonomic benefit, real UX regression.
+        '--disable-logging',
+        '--log-level=3',
+        '--disable-features=PasswordManagerOnboarding,AutofillServerCommunication,PasswordCheck,AudioServiceOutOfProcess,RendererCodeIntegrity,CalculateNativeWinOcclusion',
+      ];
+
+      // Direct chrome.exe spawn with detached + ignored stdio + windowsHide.
+      // The previous `cmd /c start` path made chrome inherit cmd's console
+      // handle; its --type=renderer/gpu helpers then attached conhost.exe
+      // windows that flashed visibly on screen during open (5-10 flashes
+      // observed). Direct spawn keeps the entire chrome process tree
+      // consoleless. detached:true puts chrome in its own process group so
+      // it stays alive after this wrapper exits.
+      debugSetup(`[open-debug] chrome via wscript: ${browser}`);
+      let chromeSpawnOk = false;
+      try {
+        // Bun 1.3.13 spawn() on Windows lets CreateProcess flash a console
+        // for the child (and chrome's helpers) before windowsHide takes
+        // effect, even with stdio:'ignore'. wscript.exe is a GUI-mode
+        // scripting host with no console of its own, but Win11 can ignore
+        // Shell.Application.ShellExecute(..., show=0) for cmd.exe and leave
+        // the empty conhost visible. Use WMI Win32_Process.Create instead:
+        // Win32_ProcessStartup.ShowWindow=0 is applied to the actual
+        // CreateProcess call that creates cmd.exe, so cmd's console is born
+        // hidden rather than hidden after ShellExecute creates it. Do NOT
+        // set CREATE_NO_WINDOW; chrome helpers need a real hidden console to
+        // inherit so they do not allocate their own conhost instances.
+        const escVbs = s => String(s).replace(/"/g, '""');
+        const argsStr = args.join(' ');
+        // Warm open + cold-open invariant. The profile dir is stable per
+        // install (CHROME_PROFILE_DIR) and chrome enforces ONE singleton per
+        // --user-data-dir, so two facts decide the action:
+        //
+        //  1. A live mixdog chrome already owns the profile (FindChromePid by
+        //     --app + --user-data-dir, ignoring --type= helpers) → just focus
+        //     it. Killing+respawning a live window is wasteful and races the
+        //     /generation self-close poll. (warm open)
+        //
+        //  2. No live owner → the profile may still carry a STALE singleton
+        //     lock (SingletonLock/Socket/Cookie) left by a prior chrome that
+        //     was force-killed (takeover taskkill /T /F) or lost to sleep/
+        //     crash. A fresh `--app` launch then rendezvouses with that dead
+        //     instance over the singleton socket, forwards its URL, and exits
+        //     WITHOUT opening a window — the reported cold-open bug (URL
+        //     printed, no window, a later /open works once the lock is reaped).
+        //     Deleting the stale Singleton* files first guarantees chrome
+        //     boots a real window instead of IPC-forwarding to a ghost. This
+        //     is the invariant ("spawn into a clean singleton when no live
+        //     owner"), not a retry. The title-scoped taskkill is kept only as
+        //     a defensive belt for a same-title window with a non-matching
+        //     command line; it is a no-op in the common case.
+        //
+        // The taskkill → chrome chain runs under one hidden cmd.exe (one
+        // cmd.exe per /open). `&` runs both regardless of exit code (taskkill
+        // exits 128 when nothing matches — must not abort the chain). cmd /c
+        // waits until chrome exits, then exits with it.
+        const cmdArg = `/d /c taskkill /F /FI "WINDOWTITLE eq MIXDOG CONFIG" >NUL 2>&1 & "${browser}" ${argsStr} >NUL 2>&1`;
+        const appNeedle = `--app=${appUrl}`;
+        const profileNeedle = `--user-data-dir=${chromeProfile}`;
+        // Process-name needle derived from the ACTUAL chosen browser exe
+        // (chrome.exe / msedge.exe / brave.exe / vivaldi.exe). Hardcoding
+        // chrome.exe made FindChromePid always return 0 under Edge/Brave/
+        // Vivaldi, so the cold branch deleted a LIVE owner's Singleton* files
+        // and respawned instead of focusing.
+        const procName = basename(browser);
+        const vbsLines = [
+          'Option Explicit',
+          'Const HIDDEN_WINDOW = 0',
+          'Dim Wmi, Startup, Wsh, cmdLine, cmdPid, rc, appNeedle, profileNeedle, existingPid, profileDir, procName',
+          'Set Wmi = GetObject("winmgmts:{impersonationLevel=impersonate}!\\\\.\\root\\cimv2")',
+          'Set Wsh = CreateObject("WScript.Shell")',
+          `appNeedle = "${escVbs(appNeedle)}"`,
+          `profileNeedle = "${escVbs(profileNeedle)}"`,
+          `profileDir = "${escVbs(chromeProfile)}"`,
+          `procName = "${escVbs(procName)}"`,
+          'existingPid = FindChromePid(Wmi, appNeedle, profileNeedle)',
+          'If existingPid = 0 Then',
+          '  Call ClearSingletonLocks(profileDir)',
+          '  Set Startup = Wmi.Get("Win32_ProcessStartup").SpawnInstance_',
+          '  Startup.ShowWindow = HIDDEN_WINDOW',
+          `  cmdLine = "cmd.exe ${escVbs(cmdArg)}"`,
+          '  rc = Wmi.Get("Win32_Process").Create(cmdLine, Null, Startup, cmdPid)',
+          '  If rc <> 0 Then WScript.Quit rc',
+          'End If',
+          'Call FocusMixdogWindow(Wmi, Wsh, appNeedle, profileNeedle)',
+          '',
+          'Sub ClearSingletonLocks(profileDir)',
+          '  Dim Fso, names, i, p',
+          '  On Error Resume Next',
+          '  Set Fso = CreateObject("Scripting.FileSystemObject")',
+          '  names = Array("SingletonLock", "SingletonSocket", "SingletonCookie")',
+          '  For i = 0 To UBound(names)',
+          '    p = Fso.BuildPath(profileDir, names(i))',
+          '    If Fso.FileExists(p) Then Fso.DeleteFile p, True',
+          '  Next',
+          '  On Error GoTo 0',
+          'End Sub',
+          '',
+          'Sub FocusMixdogWindow(Wmi, Wsh, appNeedle, profileNeedle)',
+          '  Dim i, pid, activated',
+          '  On Error Resume Next',
+          '  For i = 1 To 40',
+          '    WScript.Sleep 150',
+          '    pid = FindChromePid(Wmi, appNeedle, profileNeedle)',
+          '    activated = False',
+          '    If pid <> 0 Then',
+          '      Wsh.SendKeys "%"',
+          '      WScript.Sleep 25',
+          '      activated = Wsh.AppActivate(CLng(pid))',
+          '    End If',
+          '    If Not activated And (pid <> 0 Or i > 8) Then',
+          '      Wsh.SendKeys "%"',
+          '      WScript.Sleep 25',
+          '      activated = Wsh.AppActivate("MIXDOG CONFIG")',
+          '    End If',
+          '    If activated Then Exit For',
+          '  Next',
+          '  On Error GoTo 0',
+          'End Sub',
+          '',
+          'Function FindChromePid(Wmi, appNeedle, profileNeedle)',
+          '  Dim proc, newestPid, newestCreated, commandLine',
+          '  newestPid = 0',
+          '  newestCreated = ""',
+          '  For Each proc In Wmi.ExecQuery("SELECT ProcessId,CommandLine,CreationDate FROM Win32_Process WHERE Name = \'" & procName & "\'")',
+          '    commandLine = ""',
+          '    If Not IsNull(proc.CommandLine) Then commandLine = CStr(proc.CommandLine)',
+          '    If InStr(1, commandLine, appNeedle, vbTextCompare) > 0 Then',
+          '      If InStr(1, commandLine, profileNeedle, vbTextCompare) > 0 Then',
+          '        If InStr(1, commandLine, "--type=", vbTextCompare) = 0 Then',
+          '          If newestCreated = "" Or CStr(proc.CreationDate) > newestCreated Then',
+          '            newestCreated = CStr(proc.CreationDate)',
+          '            newestPid = CLng(proc.ProcessId)',
+          '          End If',
+          '        End If',
+          '      End If',
+          '    End If',
+          '  Next',
+          '  FindChromePid = newestPid',
+          'End Function',
+        ];
+        const vbsPath = join(tmpdir(), `mixdog-chrome-launch-${Date.now()}.vbs`);
+        writeFileSync(vbsPath, vbsLines.join('\r\n'), 'utf8');
+        // Hold the open mutex until this launcher exits. The wscript host
+        // runs ClearSingletonLocks→spawn→FocusMixdogWindow, whose loop polls
+        // FindChromePid until the browser is discoverable (or its bounded
+        // ~6s/40-tick loop expires), then exits. Awaiting it guarantees the
+        // next queued open sees a stable existence check — the spawned
+        // browser is discoverable (so it focuses) rather than racing the
+        // pid=0 gate into a stale-Singleton delete of a live owner.
+        //
+        // Bounded await: if wscript/WMI/CreateProcess hangs before exiting,
+        // an unbounded wait would leave openAppWindowSequence() pending →
+        // openWindowChain stuck → every future /open queued forever (the
+        // client-side requestOpen timeout never settles the server chain).
+        // Race the child's exit against a server-side deadline a few seconds
+        // above the VBS focus loop's own ~6s bound; on deadline, kill the
+        // wscript child (tree) and report a failed open so the chain advances.
+        // Killing wscript cannot touch the browser: the VBS spawns it via WMI
+        // Win32_Process.Create (cmd.exe → browser), an independent process not
+        // parented to wscript, so a tree-kill of wscript reaps only the focus
+        // loop.
+        const WSCRIPT_OPEN_DEADLINE_MS = 12000;
+        const timedOut = await new Promise(resolve => {
+          const wscriptChild = spawn('wscript.exe', ['//B', '//NoLogo', vbsPath], {
+            stdio: 'ignore', windowsHide: true,
+          });
+          let settled = false;
+          const finish = via => { if (settled) return; settled = true; clearTimeout(timer); resolve(via); };
+          const timer = setTimeout(() => {
+            // Tree-kill the wscript launcher only; the detached browser lives on.
+            try { spawnSync('taskkill', ['/F', '/T', '/PID', String(wscriptChild.pid)], { windowsHide: true, stdio: 'ignore', timeout: 4000 }); } catch {}
+            try { wscriptChild.kill(); } catch {}
+            finish(true);
+          }, WSCRIPT_OPEN_DEADLINE_MS);
+          if (typeof timer.unref === 'function') timer.unref();
+          wscriptChild.once('error', () => finish(false));
+          wscriptChild.once('exit', () => finish(false));
+        });
+        if (timedOut) {
+          const err = `wscript launcher did not exit within ${WSCRIPT_OPEN_DEADLINE_MS}ms; killed launcher (browser left running)`;
+          attempts.push({ method: 'browser app mode (wscript)', ok: false, error: err });
+          logOpenFailure('browser app mode (wscript)', err);
+        } else {
+          chromeSpawnOk = true;
+          attempts.push({ method: 'browser app mode (wscript)', ok: true });
+        }
+      } catch (error) {
+        attempts.push({ method: 'browser app mode (wscript)', ok: false, error: formatOpenError(error) });
+        logOpenFailure('browser app mode (wscript)', formatOpenError(error));
+      }
+      if (chromeSpawnOk) {
+        return { ok: true, method: 'browser app mode (wscript)', attempts };
+      }
+    } else {
+      attempts.push({ method: 'browser app mode', ok: false, error: 'No supported Chromium browser path found' });
+    }
+
+    if (trySyncOpen('cmd start', 'cmd', ['/c', 'start', '', appUrl], attempts)) {
+      return {
+        ok: true,
+        method: 'cmd start',
+        warning: browser ? undefined : 'Supported Chromium browser not found; opened with the default browser instead of app mode.',
+        attempts,
+      };
+    }
+
+    const psCommand = `Start-Process -FilePath ${quotePowerShellString(appUrl)}`;
+    if (trySyncOpen('PowerShell Start-Process', 'powershell.exe', ['-NoProfile', '-NonInteractive', '-WindowStyle', 'Hidden', '-Command', psCommand], attempts)) {
+      return { ok: true, method: 'PowerShell Start-Process', attempts };
+    }
+
+    return { ok: false, error: 'Failed to launch Config UI window', attempts };
+  }
+
+  if (process.platform === 'darwin') {
+    const macResult = await new Promise(resolve => {
+      const child = spawn('open', [appUrl], { stdio: 'ignore' });
+      let timer = setTimeout(() => {
+        try { child.kill(); } catch {}
+        resolve({ ok: false, error: 'open-timeout' });
+      }, 5000);
+      child.once('error', err => resolve({ ok: false, error: err.message }));
+      child.once('close', code => {
+        clearTimeout(timer);
+        resolve(code === 0 ? { ok: true } : { ok: false, error: `exit ${code}` });
+      });
+    });
+    const macAttempt = { method: 'macOS open', ...macResult };
+    if (!macResult.ok) logOpenFailure('macOS open', macResult.error);
+    return { ...macResult, method: 'macOS open', attempts: [macAttempt] };
+  }
+
+  const xdgResult = await new Promise(resolve => {
+    const child = spawn('xdg-open', [appUrl], { stdio: 'ignore' });
+    let timer = setTimeout(() => {
+      try { child.kill(); } catch {}
+      resolve({ ok: false, error: 'open-timeout' });
+    }, 5000);
+    child.once('error', err => resolve({ ok: false, error: err.message }));
+    child.once('close', code => {
+      clearTimeout(timer);
+      resolve(code === 0 ? { ok: true } : { ok: false, error: `exit ${code}` });
+    });
+  });
+  const xdgAttempt = { method: 'xdg-open', ...xdgResult };
+  if (!xdgResult.ok) logOpenFailure('xdg-open', xdgResult.error);
+  return { ...xdgResult, method: 'xdg-open', attempts: [xdgAttempt] };
+}
+
+// -- CLI check --
+
+// Direct spawn of `where.exe` / `which` (shell:false) skips Node's default
+// cmd.exe-wrapped exec on Windows. The cmd.exe wrapper allocates a console
+// that flashed conhost on /cli-check during config-UI boot even with
+// windowsHide:true. Direct spawn keeps the lookup consoleless.
+//
+// 6s timeout + auto-resolve {installed:false} guards against a where.exe
+// PATH-resolution hang. The /cli-check route is one of the 9 loaders the
+// setup-html boot path Promise.allSettled-s on before flipping .main.ready;
+// without a timeout, a hung lookup would leave the page on a white screen
+// indefinitely (loader never settles → spinner never hides → no UI render).
+// 2s was too tight: on cold-cache page-boot the bun spawn → where.exe →
+// close-event roundtrip was empirically 1.5-2.4s on Windows, so the timer
+// raced the close handler and intermittently returned `installed:false`
+// for an actually-installed binary (user-visible "ngrok not found" after
+// fresh /mixdog:config). 6s keeps the hang-guard intact while clearing
+// the spawn-overhead band by ~3x.
+function checkCli(name) {
+  return new Promise(resolve => {
+    const tool = isWin ? 'where.exe' : 'which';
+    let settled = false;
+    const finish = result => { if (!settled) { settled = true; resolve(result); } };
+    let child;
+    try {
+      child = spawn(tool, [name], {
+        windowsHide: true,
+        stdio: ['ignore', 'pipe', 'ignore'],
+        shell: false,
+      });
+    } catch {
+      finish({ installed: false });
+      return;
+    }
+    const timer = setTimeout(() => {
+      try { child.kill('SIGKILL'); } catch {}
+      finish({ installed: false });
+    }, 6000);
+    let out = '';
+    if (child.stdout) child.stdout.on('data', chunk => { out += chunk; });
+    child.once('error', () => { clearTimeout(timer); finish({ installed: false }); });
+    child.once('close', code => {
+      clearTimeout(timer);
+      if (code !== 0 || !out.trim()) finish({ installed: false });
+      else finish({ installed: true, path: out.trim().split(/\r?\n/)[0] });
+    });
+  });
+}
+
+// -- HTTP body reader --
+// An empty/whitespace body resolves to {} (action endpoints POST with no
+// body). A NON-empty body that fails JSON.parse is rejected with a tagged
+// error instead of being silently coerced to {} — previously a truncated or
+// malformed payload parsed as {} and the save handler still returned success,
+// masking a failed save (defaults written, real data lost). The request
+// handler converts BadJsonError into a 400 so the client sees the failure.
+class BadJsonError extends Error {
+  constructor(message) { super(message); this.name = 'BadJsonError'; this.statusCode = 400; }
+}
+function readBody(req) {
+  return new Promise((resolve, reject) => {
+    let body = '';
+    req.on('data', c => { body += c; });
+    req.on('end', () => {
+      if (!body.trim()) { resolve({}); return; }
+      try { resolve(JSON.parse(body)); }
+      catch (e) { reject(new BadJsonError(`malformed JSON body: ${e.message}`)); }
+    });
+    req.on('error', reject);
+  });
+}
+
+// -- Server --
+let openGeneration = 0;
+let windowOpen = false;
+
+const server = http.createServer(async (req, res) => {
+  // Outer guard: most handlers await readBody() outside their own try/catch,
+  // so a rejected body parse (BadJsonError) would otherwise be an unhandled
+  // rejection that leaves the request hanging. Map it to a JSON error response
+  // (400 for malformed input, 500 otherwise) so malformed saves fail loudly.
+  try {
+    await handleRequest(req, res);
+  } catch (e) {
+    const code = Number.isInteger(e?.statusCode) ? e.statusCode : 500;
+    if (!res.headersSent) {
+      res.writeHead(code, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e?.message || String(e) }));
+    } else {
+      try { res.end(); } catch {}
+    }
+  }
+});
+
+async function handleRequest(req, res) {
+  const url = new URL(req.url, `http://localhost:${PORT}`);
+  const path = url.pathname;
+
+  // Reflective CORS — echo Origin only when it is our loopback UI port;
+  // otherwise omit the header so browsers block the cross-origin response.
+  const _reqOrigin = req.headers.origin || '';
+  if (_reqOrigin && /^http:\/\/(localhost|127\.0\.0\.1):3458(\/|$)/.test(_reqOrigin)) {
+    res.setHeader('Access-Control-Allow-Origin', _reqOrigin);
+    res.setHeader('Access-Control-Allow-Credentials', 'true');
+  }
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+  if (req.method === 'OPTIONS') { res.writeHead(204); res.end(); return; }
+
+  // Global CSRF guard — POST/PUT/DELETE require an allowed origin.
+  if ((req.method === 'POST' || req.method === 'PUT' || req.method === 'DELETE') && !isAllowedOrigin(req)) {
+    res.writeHead(403, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/') {
+    res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+    res.end(readFileSync(HTML_PATH, 'utf8'));
+    return;
+  }
+
+  // Phase D-2 — Smart Bridge cache dashboard (provider × profile matrix).
+  // Each workflow role exposes one `shards` map keyed by provider so callers
+  // can show, for example, that a role is warm on anthropic-oauth but cold on
+  // openai-oauth without either row overwriting the other.
+  if (req.method === 'GET' && path === '/bridge/stats') {
+    try {
+      const { CacheRegistry } = await import('../src/agent/orchestrator/smart-bridge/registry.mjs');
+      const registry = CacheRegistry.shared();
+      const stats = registry.getStats();
+      const profiles = {};
+      let warmShards = 0;
+      for (const [profileId, providers] of Object.entries(stats.profiles || {})) {
+        const shards = {};
+        for (const [provider, entry] of Object.entries(providers)) {
+          const hit = entry.hitCount || 0;
+          const miss = entry.missCount || 0;
+          const total = hit + miss;
+          const expiresInMs = Math.max(0, entry.expiresIn || 0);
+          const warm = expiresInMs > 0 && entry.observedOnly !== true;
+          if (warm) warmShards += 1;
+          shards[provider] = {
+            prefixHash: entry.prefixHash || null,
+            hitCount: hit,
+            missCount: miss,
+            hitRate: total > 0 ? hit / total : 0,
+            warm,
+            expiresInMs,
+            createdAt: entry.createdAt ? new Date(entry.createdAt).toISOString() : null,
+            observedOnly: entry.observedOnly === true,
+          };
+        }
+        profiles[profileId] = {
+          id: profileId,
+          taskType: null,
+          behavior: null,
+          fallbackPreset: null,
+          description: '(workflow role)',
+          shards,
+        };
+      }
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({
+        profileCount: stats.profileCount || Object.keys(profiles).length,
+        shardCount: stats.shardCount || 0,
+        warmShardCount: warmShards,
+        openaiKeyCount: stats.openaiKeyCount || 0,
+        updatedAt: registry.data.updatedAt,
+        profiles,
+      }));
+    } catch (e) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: String(e?.message || e) }));
+    }
+    return;
+  }
+
+  // ── GET /bridge/status ──────────────────────────────────────────────
+  // Cheap, read-only, loopback-only. Returns mixdog runtime state as
+  // either a JSON object (?format=json) or a single-line statusline
+  // string (?format=text or Accept: text/plain).
+  // No Origin guard needed — read-only endpoint (C2 convention, v0.1.14).
+  // 0.1.26: aggregation logic lives in src/status/aggregator.mjs so the
+  // MCP-embedded status server shares the same implementation.
+  if (req.method === 'GET' && path === '/bridge/status') {
+    try {
+      const { buildBridgeStatus, renderBridgeStatusText } = await import('../src/status/aggregator.mjs');
+      const wantText = url.searchParams.get('format') === 'text'
+        || (req.headers['accept'] || '').includes('text/plain');
+      const payload = await buildBridgeStatus(DATA_DIR);
+      if (wantText) {
+        res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' });
+        res.end(renderBridgeStatusText(payload));
+      } else {
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(payload));
+      }
+    } catch (e) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: String(e?.message || e) }));
+    }
+    return;
+  }
+
+
+  // ── GET /api/plugin-path ─────────────────────────────────────────────────
+  // Returns the absolute directory of the plugin install (parent of setup/).
+  // Used by setup.html to render the correct statusline.sh path in the snippet.
+  if (req.method === 'GET' && path === '/api/plugin-path') {
+    const pluginRoot = join(__dirname, '..');
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ path: pluginRoot }));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/config') {
+    const raw = readConfig();
+    const config = applyChannelsDefaults(raw);
+    const invalidDiscordToken = pruneInvalidDiscordToken(config);
+    // Re-hydrate secrets from the keychain so the UI password inputs round-
+    // trip. mergeConfig() routes discord.token / webhook.authtoken to the
+    // keychain on save and deletes them from the JSON (keychain is the
+    // canonical source of truth); without re-hydration here, every reload
+    // shows blank password fields and users assume the save failed.
+    const dToken = getDiscordToken();
+    if (dToken && !invalidDiscordToken) config.discord = { ...(config.discord || {}), token: dToken };
+    const wAuth = getWebhookAuthtoken();
+    if (wAuth) config.webhook = { ...(config.webhook || {}), authtoken: wAuth };
+    if (invalidDiscordToken) config._secretDiagnostics = { discordToken: invalidDiscordToken };
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(config));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/config/secrets') {
+    const channelsConfig = applyChannelsDefaults(readConfig());
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(fullSecretStatus(channelsConfig)));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/config') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const secrets = {};
+    try {
+      // RMW inside the config lock: compute mergeConfig() against the value
+      // read under the same lock that guards the write, so overlapping saves
+      // can't clobber each other (read-then-write outside the lock raced).
+      let merged;
+      updateSection('channels', (current) => {
+        merged = mergeConfig(current, data, secrets);
+        return merged;
+      });
+      console.log(`  Config saved: channels secrets=${JSON.stringify(secrets)}`);
+
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: true, secrets, secretStatus: fullSecretStatus(merged) }));
+    } catch (e) {
+      process.stderr.write('[setup] /config failed: ' + (e?.stack || e?.message || String(e)) + '\n');
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e?.message || String(e), secrets }));
+    }
+    return;
+  }
+
+// -- B6 General module toggles (channels / memory / search / agent) --
+  // Stored as a top-level `modules` section inside mixdog-config.json.
+  // Missing keys default to enabled:true so pre-B6 configs keep all
+  // modules on. Changes require a plugin restart to take effect.
+  if (req.method === 'GET' && path === '/modules') {
+    const raw = readSection('modules');
+    const out = {};
+    for (const name of ['channels', 'memory', 'search', 'agent']) {
+      const entry = raw && typeof raw === 'object' ? raw[name] : null;
+      const enabled = entry && typeof entry === 'object' && entry.enabled === false ? false : true;
+      out[name] = { enabled };
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(out));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/modules') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const sanitized = {};
+    for (const name of ['channels', 'memory', 'search', 'agent']) {
+      const entry = data && typeof data === 'object' ? data[name] : null;
+      const enabled = entry && typeof entry === 'object' && entry.enabled === false ? false : true;
+      sanitized[name] = { enabled };
+    }
+    // Serialize through updateSection (file lock + atomic RMW + backup
+    // restore) instead of read→merge→whole-file write. A bare
+    // readJsonFile()→{} on a transient read failure here used to drop
+    // every other section when the thin object was written back.
+    // Intentional full replace: the modules section schema is only {enabled}
+    // per module; the UI owns the complete map.
+    updateSection('modules', () => sanitized);
+    console.log('  Config saved: modules');
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, modules: sanitized }));
+    return;
+  }
+
+  // -- B2 Security capabilities (homeAccess) ---------------------------
+  // Stored as a top-level `capabilities` section inside mixdog-config.json.
+  // Missing keys default to `false` so out-of-the-box installs stay
+  // cwd-only; flipping a toggle takes effect on the next tool call
+  // (capability is re-read per invocation in builtin.mjs/patch.mjs).
+  if (req.method === 'GET' && path === '/capabilities') {
+    const raw = readSection('capabilities');
+    const out = { homeAccess: !!(raw && typeof raw === 'object' && raw.homeAccess === true) };
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(out));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/capabilities') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const sanitized = { homeAccess: !!(data && typeof data === 'object' && data.homeAccess === true) };
+    // Serialize through updateSection (file lock + atomic RMW + backup
+    // restore); see /modules POST above for why the read→merge→whole-file
+    // write was unsafe.
+    // Intentional full replace: capabilities is a flat toggle map (homeAccess);
+    // no unmanaged sidecar fields today.
+    updateSection('capabilities', () => sanitized);
+    console.log('  Config saved: capabilities');
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, capabilities: sanitized }));
+    return;
+  }
+
+  // -- Schedules CRUD --
+  const SCHEDULES_DIR = join(DATA_DIR, 'schedules');
+
+  if (req.method === 'GET' && path === '/schedules') {
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(listSchedules()));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/schedules') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const sc = await readBody(req);
+    const name = sanitizeName(sc.name);
+    if (!name) { res.writeHead(400); res.end('name required or invalid'); return; }
+    if (!sc.time) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'time required' }));
+      return;
+    }
+    const isCronLike = sc.time.trim().split(/\s+/).length >= 5;
+    const isHHMM = /^([01]?\d|2[0-3]):[0-5]\d$/.test(sc.time);
+    const isLegacy = /^(every\d+m|hourly|daily)$/.test(sc.time);
+    if (isCronLike) {
+      try { validateCronExpression(sc.time); } catch (e) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: e.message }));
+        return;
+      }
+    } else if (!isHHMM && !isLegacy) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'invalid time format: must be HH:MM, cron expression, or every<N>m|hourly|daily' }));
+      return;
+    }
+    if (isHHMM) {
+      // The scheduler registers cron expressions only — convert on save so
+      // UI-created entries actually fire instead of being skipped at reload.
+      const [h, m] = sc.time.split(':');
+      // Encode the legacy `days` field into the day-of-week slot.
+      const dow = sc.days === 'weekday' ? '1-5' : (sc.days === 'weekend' ? '0,6' : '*');
+      sc.time = `${Number(m)} ${Number(h)} * * ${dow}`;
+    } else if (isLegacy) {
+      const everyM = sc.time.match(/^every(\d+)m$/);
+      if (everyM) {
+        const n = Math.min(Math.max(Number(everyM[1]), 1), 59);
+        sc.time = `*/${n} * * * *`;
+      } else if (sc.time === 'hourly') {
+        sc.time = '0 * * * *';
+      } else {
+        sc.time = '0 0 * * *';
+      }
+    }
+    const dir = join(SCHEDULES_DIR, name);
+    mkdirSync(dir, { recursive: true });
+    const prompt = sc.prompt || '';
+    delete sc.prompt;
+    delete sc.name;
+    const configPath = join(dir, 'config.json');
+    const merged = mergeEndpointConfig(readJsonFile(configPath), sc);
+    writeFileSync(configPath, JSON.stringify(merged, null, 2));
+    writeFileSync(join(dir, 'instructions.md'), prompt);
+    console.log('  Schedule saved:', name);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'DELETE' && path === '/schedules') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const name = sanitizeName(url.searchParams.get('name'));
+    if (!name) { res.writeHead(400); res.end('name required or invalid'); return; }
+    const dir = join(SCHEDULES_DIR, name);
+    if (existsSync(dir)) { rmSync(dir, { recursive: true }); console.log('  Schedule deleted:', name); }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'GET' && path.startsWith('/schedules/file/')) {
+    if (!isAllowedOrigin(req)) { res.writeHead(403, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' })); return; }
+    const name = sanitizeName(decodeURIComponent(path.slice('/schedules/file/'.length)));
+    if (!name) { res.writeHead(400); res.end('invalid schedule name'); return; }
+    const filePath = join(SCHEDULES_DIR, name, 'instructions.md');
+    if (!existsSync(filePath)) { mkdirSync(join(SCHEDULES_DIR, name), { recursive: true }); writeFileSync(filePath, '', 'utf8'); }
+    if (isWin) { spawn('cmd', ['/c', 'start', '""', filePath.replace(/[&^"<>|]/g, '^$&')], { detached: true, stdio: 'ignore', windowsHide: true, windowsVerbatimArguments: false }).unref(); }
+    else { spawn('open', [filePath], { detached: true, stdio: 'ignore' }).unref(); }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  // -- Webhooks CRUD --
+  const WEBHOOKS_DIR = join(DATA_DIR, 'webhooks');
+
+  if (req.method === 'GET' && path === '/webhooks') {
+    const result = [];
+    if (existsSync(WEBHOOKS_DIR)) {
+      for (const name of readdirSync(WEBHOOKS_DIR, { withFileTypes: true }).filter(d => d.isDirectory()).map(d => d.name)) {
+        const cfg = readJsonFile(join(WEBHOOKS_DIR, name, 'config.json')) || {};
+        let instructions = '';
+        try { instructions = readFileSync(join(WEBHOOKS_DIR, name, 'instructions.md'), 'utf8'); } catch {}
+        result.push({ name, ...cfg, instructions });
+      }
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(result));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/webhooks') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const wh = await readBody(req);
+    const name = sanitizeName(wh.name);
+    if (!name) { res.writeHead(400); res.end('name required or invalid'); return; }
+    const dir = join(WEBHOOKS_DIR, name);
+    mkdirSync(dir, { recursive: true });
+    const instructions = wh.instructions || '';
+    delete wh.instructions;
+    delete wh.name;
+    // Invariant: webhook delegate dispatch is bound to the internal
+    // `webhook-handler` hidden role. The UI no longer exposes a role
+    // picker, and any role value posted by a third-party client is
+    // overwritten here so dispatch always lands on the plugin-managed
+    // hidden role rather than a user-workflow role.
+    const configPath = join(dir, 'config.json');
+    const merged = mergeWebhookEndpointConfig(readJsonFile(configPath), wh);
+    writeFileSync(configPath, JSON.stringify(merged, null, 2));
+    writeFileSync(join(dir, 'instructions.md'), instructions);
+    console.log('  Webhook saved:', name);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'DELETE' && path === '/webhooks') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const name = sanitizeName(url.searchParams.get('name'));
+    if (!name) { res.writeHead(400); res.end('name required or invalid'); return; }
+    const dir = join(WEBHOOKS_DIR, name);
+    if (existsSync(dir)) { rmSync(dir, { recursive: true }); console.log('  Webhook deleted:', name); }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'GET' && path.startsWith('/webhooks/file/')) {
+    if (!isAllowedOrigin(req)) { res.writeHead(403, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' })); return; }
+    const name = sanitizeName(decodeURIComponent(path.slice('/webhooks/file/'.length)));
+    if (!name) { res.writeHead(400); res.end('invalid webhook name'); return; }
+    const filePath = join(WEBHOOKS_DIR, name, 'instructions.md');
+    if (!existsSync(filePath)) { mkdirSync(join(WEBHOOKS_DIR, name), { recursive: true }); writeFileSync(filePath, '', 'utf8'); }
+    if (isWin) { spawn('cmd', ['/c', 'start', '""', filePath.replace(/[&^"<>|]/g, '^$&')], { detached: true, stdio: 'ignore', windowsHide: true, windowsVerbatimArguments: false }).unref(); }
+    else { spawn('open', [filePath], { detached: true, stdio: 'ignore' }).unref(); }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  // -- Delivery log --
+  // Each endpoint keeps an append-only JSONL under its folder. Lists are
+  // latest-wins merged by id, filtered by ?name= / ?status=, sorted ts desc.
+  if (req.method === 'GET' && path === '/webhooks/deliveries') {
+    const name = url.searchParams.get('name') || null;
+    const status = url.searchParams.get('status') || null;
+    const limitRaw = parseInt(url.searchParams.get('limit') || '100', 10);
+    const limit = Number.isFinite(limitRaw) && limitRaw > 0 ? Math.min(limitRaw, 500) : 100;
+    try {
+      const mod = await import('../src/channels/lib/webhook.mjs');
+      const list = mod.listAllDeliveries({ endpoint: name, status, limit });
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(list));
+    } catch (err) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ error: String(err?.message || err) }));
+    }
+    return;
+  }
+
+  // Retry: payload is only preserved as a 512-char preview, so a silent
+  // replay would be misleading. Return 400 and ask the sender to redeliver.
+  if (req.method === 'POST' && path.startsWith('/webhooks/deliveries/') && path.endsWith('/retry')) {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const id = decodeURIComponent(path.slice('/webhooks/deliveries/'.length, -'/retry'.length));
+    res.writeHead(400, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({
+      ok: false,
+      id,
+      error: 'payload not retained — use the upstream Redeliver action (GitHub webhooks UI → Recent Deliveries → Redeliver)',
+    }));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/cli-check') {
+    let whisperInstalled = false;
+    let voiceMeta = null;
+    let binaryReady = false;
+    let modelReady = false;
+    let ffmpegReady = false;
+    try {
+      const { resolveVoiceRuntime } = await import('../src/channels/lib/voice-runtime-fetcher.mjs');
+      const runtime = resolveVoiceRuntime(DATA_DIR);
+      const whisperCmd = runtime?.whisperCmd || '';
+      const modelPath = runtime?.modelPath || '';
+      const ffmpegPath = runtime?.ffmpegPath || '';
+      binaryReady = !!runtime?.binary;
+      modelReady = !!runtime?.model;
+      ffmpegReady = !!runtime?.ffmpeg;
+      if (whisperCmd || modelPath || ffmpegPath || runtime?.kind) {
+        voiceMeta = {
+          kind: runtime?.kind || '',
+          label: runtime?.label || '',
+          commandName: whisperCmd ? basename(whisperCmd) : '',
+          commandPath: whisperCmd || '',
+          modelName: modelPath ? basename(modelPath) : '',
+          modelPath: modelPath || '',
+          ffmpegName: ffmpegPath ? basename(ffmpegPath) : '',
+          ffmpegPath: ffmpegPath || '',
+        };
+      }
+    } catch {}
+    whisperInstalled = binaryReady && modelReady && ffmpegReady;
+    const ngrok = await checkCli('ngrok');
+    const cliPayload = {
+      whisper: { installed: whisperInstalled, binary: binaryReady, model: modelReady, ffmpeg: ffmpegReady },
+      ngrok,
+    };
+    if (voiceMeta) cliPayload.voice = voiceMeta;
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(cliPayload));
+    return;
+  }
+
+  // ============================================================
+  // AGENT MODULE ROUTES
+  // ============================================================
+
+  if (req.method === 'GET' && path === '/agent/config') {
+    const config = readAgentConfig();
+    const auth = await detectAuth(config);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ config, auth }));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/agent/config') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const secrets = {};
+    try {
+      // RMW inside the config lock (see /config) so concurrent agent saves
+      // serialize through updateSection instead of racing a read→merge→write.
+      let merged;
+      updateSection('agent', (current) => {
+        merged = mergeAgentConfig(current, data, secrets);
+        return merged;
+      });
+      if (data?.providers && typeof data.providers === 'object') dropRuntimeModelCaches();
+      console.log(`  Config saved: agent secrets=${JSON.stringify(secrets)}`);
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: true, secrets, secretStatus: fullSecretStatus() }));
+    } catch (e) {
+      process.stderr.write('[setup] /agent/config failed: ' + (e?.stack || e?.message || String(e)) + '\n');
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e?.message || String(e), secrets }));
+    }
+    return;
+  }
+
+  // Grok CLI OAuth login ("Grok Build"). An existing `grok` CLI login under
+  // ~/.grok/auth.json is auto-detected; this route is for signing in directly
+  // from Setup when no CLI login exists. Blocking: waits (up to 5 min) for the
+  // loopback callback on 127.0.0.1:56121, then persists to the own token store.
+  if (req.method === 'POST' && path === '/agent/grok-oauth/login') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    try {
+      const tokens = await loginGrokOAuth();
+      if (!tokens?.access_token) {
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: 'login cancelled or timed out' }));
+        return;
+      }
+      dropRuntimeModelCaches();
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: true }));
+    } catch (e) {
+      process.stderr.write('[setup] /agent/grok-oauth/login failed: ' + (e?.stack || e?.message || String(e)) + '\n');
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e?.message || String(e) }));
+    }
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/agent/presets') {
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ presets: readAgentPresets() }));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/agent/presets') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    let preset;
+    try { preset = normalizePreset(data); }
+    catch (err) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: err.message }));
+      return;
+    }
+    const list = readAgentPresets();
+    const idx = list.findIndex(p => p.id === preset.id);
+    if (idx >= 0) list[idx] = preset; else list.push(preset);
+    writeAgentPresets(list);
+    console.log(`  Agent preset saved: ${preset.id}`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, preset }));
+    return;
+  }
+
+  if (req.method === 'DELETE' && path === '/agent/presets') {
+    const id = url.searchParams.get('id');
+    if (!id) { res.writeHead(400, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ ok: false, error: 'id required' })); return; }
+    const list = readAgentPresets().filter(p => p.id !== id);
+    writeAgentPresets(list);
+    console.log(`  Agent preset deleted: ${id}`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  // -- Agent maintenance presets --
+  if (req.method === 'GET' && path === '/agent/maintenance') {
+    const cfg = readAgentConfig();
+    const rawMaint = cfg.maintenance || {};
+    // Strip legacy keys that no longer belong in maintenance
+    // (classification/recap were retired with the cycle1 split;
+    // scheduler/webhook keep their model per-entry).
+    // Persist back when the stored config carried any of them so the Setup
+    // panel and the runtime resolver stop having to dual-match name vs id.
+    const allowedKeys = new Set([...Object.keys(DEFAULT_MAINTENANCE), ...MAINTENANCE_SLOTS]);
+    const cleanMaint = {};
+    let changed = false;
+    for (const [k, v] of Object.entries(rawMaint)) {
+      if (allowedKeys.has(k)) cleanMaint[k] = v;
+      else changed = true;
+    }
+    if (changed) {
+      cfg.maintenance = cleanMaint;
+      try { writeAgentConfig(cfg); }
+      catch (e) { process.stderr.write(`[setup] maintenance legacy-key cleanup write failed: ${e.message}\n`); }
+    }
+    const merged = { ...DEFAULT_MAINTENANCE, ...cleanMaint };
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ maintenance: merged, defaults: { ...DEFAULT_MAINTENANCE } }));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/agent/maintenance') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const cfg = readAgentConfig();
+    const validIds = new Set([
+      ...(cfg.presets || []).map(p => p.id),
+      ...DEFAULT_PRESETS.map(p => p.id),
+    ]);
+    const allowedKeys = new Set([...Object.keys(DEFAULT_MAINTENANCE), ...MAINTENANCE_SLOTS]);
+    const unknownKeys = Object.keys(data).filter(k => !allowedKeys.has(k));
+    if (unknownKeys.length) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: `Unknown maintenance task(s): ${unknownKeys.join(', ')} (per-entry model required for scheduler/webhook)` }));
+      return;
+    }
+    const invalid = Object.entries(data)
+      .filter(([k, v]) => v && !validIds.has(v))
+      .map(([k, v]) => `${k}: ${v}`);
+    if (invalid.length) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: `Unknown preset(s): ${invalid.join(', ')}` }));
+      return;
+    }
+    const nextMaint = { ...(cfg.maintenance || {}) };
+    for (const [k, v] of Object.entries(data)) {
+      if (v == null || v === '') delete nextMaint[k];   // inherit → remove override
+      else nextMaint[k] = v;
+    }
+    cfg.maintenance = nextMaint;
+    writeAgentConfig(cfg);
+    console.log('  Maintenance presets saved');
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/agent/models') {
+    const provider = url.searchParams.get('provider');
+    if (!provider) { res.writeHead(400, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ ok: false, error: 'provider required' })); return; }
+    const cfg = readAgentConfig();
+    const models = await listProviderModels(provider, cfg);
+    if (provider === 'openai-oauth' && (!Array.isArray(models) || models.length === 0) && hasOpenAIOAuthCredentials()) {
+      const detail = getOpenAIOAuthModelCatalogError();
+      const error = detail
+        ? `OpenAI OAuth model catalog unavailable: ${detail}`
+        : 'OpenAI OAuth model catalog unavailable. Run codex login, then reopen this setup page.';
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, provider, models: [], error }));
+      return;
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, provider, models }));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/agent/validate') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const validation = {};
+    const checks = [];
+    for (const [id, key] of Object.entries(data.keys || {})) {
+      if (key) checks.push(validateAgentKey(id, key).then(r => { validation[id] = r; }));
+    }
+    await Promise.all(checks);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, validation }));
+    return;
+  }
+
+  // ============================================================
+  // MEMORY MODULE ROUTES
+  // ============================================================
+
+  if (req.method === 'GET' && path === '/memory/config') {
+    const config = readMemoryConfig();
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(config));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/memory/config') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const secrets = {};
+    try {
+      // RMW inside the config lock (see /config) so concurrent memory saves
+      // serialize through updateSection instead of racing a read→merge→write.
+      let merged;
+      updateSection('memory', (current) => {
+        merged = mergeMemoryConfig(current, data, secrets);
+        return merged;
+      });
+      console.log(`  Config saved: memory secrets=${JSON.stringify(secrets)}`);
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: true, secrets, secretStatus: fullSecretStatus() }));
+    } catch (e) {
+      process.stderr.write('[setup] /memory/config failed: ' + (e?.stack || e?.message || String(e)) + '\n');
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e?.message || String(e), secrets }));
+    }
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/memory/auth') {
+    const cfg = readMemoryConfig();
+    const result = await detectAuth(cfg);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(result));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/memory/presets') {
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ presets: readMemoryPresets() }));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/memory/presets') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    let preset;
+    try { preset = normalizePreset(data); }
+    catch (err) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: err.message }));
+      return;
+    }
+    const list = readMemoryPresets();
+    const idx = list.findIndex(p => p.id === preset.id);
+    if (idx >= 0) list[idx] = preset; else list.push(preset);
+    writeMemoryPresets(list);
+    console.log(`  Memory preset saved: ${preset.id}`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, preset }));
+    return;
+  }
+
+  if (req.method === 'PUT' && path === '/memory/presets') {
+    const data = await readBody(req);
+    if (!Array.isArray(data.presets)) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'presets array required' }));
+      return;
+    }
+    const normalized = data.presets.map(p => normalizePreset(p));
+    writeMemoryPresets(normalized);
+    console.log(`  Memory presets reordered: ${normalized.length} items`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'DELETE' && path === '/memory/presets') {
+    const id = url.searchParams.get('id');
+    if (!id) { res.writeHead(400, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ ok: false, error: 'id required' })); return; }
+    const list = readMemoryPresets().filter(p => p.id !== id);
+    writeMemoryPresets(list);
+    console.log(`  Memory preset deleted: ${id}`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/memory/models') {
+    const provider = url.searchParams.get('provider');
+    if (!provider) { res.writeHead(400, { 'Content-Type': 'application/json' }); res.end(JSON.stringify({ ok: false, error: 'provider required' })); return; }
+    const cfg = readMemoryConfig();
+    const models = await listProviderModels(provider, cfg);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, provider, models }));
+    return;
+  }
+  const MEMORY_FILE_WHITELIST = ['user.md', 'bot.md'];
+  const HISTORY_DIR = join(DATA_DIR, 'history');
+
+  if (req.method === 'GET' && path === '/memory/files') {
+    const result = {};
+    for (const name of MEMORY_FILE_WHITELIST) {
+      const filePath = join(HISTORY_DIR, name);
+      try { result[name] = readFileSync(filePath, 'utf8'); }
+      catch { result[name] = ''; }
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(result));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/memory/files') {
+    const data = await readBody(req);
+    const keys = Object.keys(data);
+    for (const key of keys) {
+      if (!MEMORY_FILE_WHITELIST.includes(key)) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: `disallowed file name: ${key}` }));
+        return;
+      }
+    }
+    mkdirSync(HISTORY_DIR, { recursive: true });
+    for (const name of MEMORY_FILE_WHITELIST) {
+      if (!(name in data)) continue;
+      const filePath = join(HISTORY_DIR, name);
+      const tmp = filePath + '.tmp';
+      writeFileSync(tmp, String(data[name]), 'utf8');
+      renameSync(tmp, filePath);
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  {
+    const fileNameMatch = path.match(/^\/memory\/file\/([^/]+)$/);
+    if (req.method === 'GET' && fileNameMatch) {
+      const name = fileNameMatch[1];
+      if (!MEMORY_FILE_WHITELIST.includes(name)) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: `disallowed file name: ${name}` }));
+        return;
+      }
+      const filePath = join(HISTORY_DIR, name);
+      if (!existsSync(filePath)) {
+        res.writeHead(404, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: 'not found' }));
+        return;
+      }
+      res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' });
+      res.end(readFileSync(filePath, 'utf8'));
+      return;
+    }
+  }
+
+  if (req.method === 'GET' && path === '/api/memory/entries/active') {
+    try {
+      const r = await memoryServiceCall('GET', '/admin/entries/active', null, 30000);
+      res.writeHead(r.statusCode, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(r.body));
+    } catch (e) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e.message }));
+    }
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/api/memory/core') {
+    try {
+      const r = await memoryServiceCall('GET', '/admin/core/entries', null, 30000);
+      res.writeHead(r.statusCode, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(r.body));
+    } catch (e) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e.message }));
+    }
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/api/memory/core') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    try {
+      const r = await memoryServiceCall('POST', '/admin/core/entries', {
+        element: data.element,
+        summary: data.summary,
+        category: data.category,
+        project_id: data.project_id,
+      }, 30000);
+      if (r.body?.ok) console.log(`  Core memory saved: ${r.body.item?.id ?? '?'}`);
+      res.writeHead(r.statusCode, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(r.body));
+    } catch (e) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e.message }));
+    }
+    return;
+  }
+
+  {
+    const coreDeleteMatch = req.method === 'POST' && path.match(/^\/api\/memory\/core\/(\d+)\/delete$/);
+    if (coreDeleteMatch && !isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    if (coreDeleteMatch) {
+      const id = Number(coreDeleteMatch[1]);
+      try {
+        const r = await memoryServiceCall('POST', '/admin/core/entries/delete', { id }, 30000);
+        console.log(`  Core memory #${id} deleted`);
+        res.writeHead(r.statusCode, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(r.body));
+      } catch (e) {
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: e.message }));
+      }
+      return;
+    }
+  }
+
+  {
+    const statusMatch = req.method === 'POST' && path.match(/^\/api\/memory\/entries\/(\d+)\/status$/);
+    if (statusMatch && !isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    if (statusMatch) {
+      const id = Number(statusMatch[1]);
+      const data = await readBody(req);
+      const VALID = ['pending', 'active', 'archived'];
+      const status = String(data.status ?? '').trim().toLowerCase();
+      if (!Number.isInteger(id) || id <= 0 || !VALID.includes(status)) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: 'valid id and status required' }));
+        return;
+      }
+      try {
+        const r = await memoryServiceCall('POST', '/admin/entries/status', { id, status }, 30000);
+        console.log(`  Entry #${id} → ${status} (changes=${r.body?.changes ?? '?'})`);
+        res.writeHead(r.statusCode, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(r.body));
+      } catch (e) {
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: e.message }));
+      }
+      return;
+    }
+  }
+
+  if (req.method === 'POST' && path === '/api/memory/entries') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    try {
+      const r = await memoryServiceCall('POST', '/admin/entries/add', {
+        element: data.element,
+        summary: data.summary,
+        category: data.category,
+      }, 30000);
+      if (r.body?.ok) console.log(`  Remembered entry #${r.body.id}: ${r.body.text || ''}`);
+      res.writeHead(r.statusCode, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(r.body));
+    } catch (e) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e.message }));
+    }
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/memory/backfill') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const requestedWindow = data.window || '7d';
+    try {
+      console.log(`[backfill] start window=${requestedWindow}`);
+      // Backfill iterates transcripts and runs cycle1/cycle2 — long, no fixed
+      // upper bound. Pass a generous timeout (1h) and let memory-service's
+      // _cycle1InFlight guard serialise overlapping requests.
+      const r = await memoryServiceCall('POST', '/admin/backfill', {
+        window: requestedWindow,
+        scope: 'all',
+      }, 3_600_000);
+      console.log(`[backfill] ${r.body?.text || JSON.stringify(r.body)}`);
+      res.writeHead(r.statusCode, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(r.body));
+    } catch (err) {
+      console.error(`[backfill] failed: ${err.message}`);
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: err.message }));
+    }
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/memory/delete') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    try {
+      const r = await memoryServiceCall('POST', '/admin/purge', {
+        confirm: data?.confirm,
+      }, 60000);
+      res.writeHead(r.statusCode, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(r.body));
+    } catch (err) {
+      console.error(`[memory delete] failed: ${err.message}`);
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: err.message }));
+    }
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/memory/validate') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const validation = {};
+    const checks = [];
+    for (const [id, key] of Object.entries(data.keys || {})) {
+      if (key) checks.push(validateAgentKey(id, key).then(r => { validation[id] = r; }));
+    }
+    await Promise.all(checks);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, validation }));
+    return;
+  }
+
+  // ============================================================
+  // SEARCH MODULE ROUTES
+  // ============================================================
+
+  if (req.method === 'GET' && path === '/search/config') {
+    const config = readSearchConfig();
+    if (config.rawSearch && config.rawSearch.credentials) {
+      for (const [id, cred] of Object.entries(config.rawSearch.credentials)) {
+        const secret = getSearchApiKey(id);
+        if (secret) {
+          config.rawSearch.credentials[id] = { ...(cred || {}), apiKey: secret };
+        }
+      }
+    }
+    config.availableProviders = computeAvailableProviders();
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(config));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/search/config') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const secrets = {};
+    try {
+      // RMW inside the config lock (see /config) so concurrent search saves
+      // serialize through updateSection instead of racing a read→merge→write.
+      let merged;
+      updateSection('search', (current) => {
+        merged = mergeSearchConfig(current, data, secrets);
+        return merged;
+      });
+      console.log(`  Config saved: search secrets=${JSON.stringify(secrets)}`);
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: true, secrets, secretStatus: fullSecretStatus() }));
+    } catch (e) {
+      process.stderr.write('[setup] /search/config failed: ' + (e?.stack || e?.message || String(e)) + '\n');
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: e?.message || String(e), secrets }));
+    }
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/search/validate') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const validation = {};
+    const checks = [];
+    for (const [id, val] of Object.entries(data.searchProviders || {})) {
+      const key = typeof val === 'object' ? val.key : val;
+      if (key) checks.push(validateSearchKey(id, key).then(r => { validation[id] = r; }));
+    }
+    for (const [id, val] of Object.entries(data.aiProviders || {})) {
+      if (val && val !== 'cli') checks.push(validateSearchKey(id, val).then(r => { validation[id] = r; }));
+    }
+    await Promise.all(checks);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, validation }));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/search/cli-check') {
+    // Previously three serial `execSync(`${cmd} --version`)` calls — each
+    // wrapped by Node in cmd.exe which flashed a conhost window even with
+    // windowsHide:true, and each blocking the server thread for up to 5s
+    // (15s worst case if all three CLIs are missing). Switch to non-shell
+    // existence-only checks via `where.exe` / `which`, in parallel: no
+    // cmd.exe wrapper → no flash, and the request returns in one round-trip.
+    const check = (cmd) => new Promise(resolve => {
+      const tool = isWin ? 'where.exe' : 'which';
+      const child = spawn(tool, [cmd], {
+        windowsHide: true,
+        stdio: 'ignore',
+        shell: false,
+      });
+      child.once('error', () => resolve(false));
+      child.once('close', code => resolve(code === 0));
+    });
+    const [codex, claude, gemini] = await Promise.all([
+      check('codex'), check('claude'), check('gemini'),
+    ]);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ codex, claude, gemini }));
+    return;
+  }
+
+  // ============================================================
+  // CHANNELS MODULE ROUTES (continued)
+  // ============================================================
+
+  if (req.method === 'POST' && path === '/install') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const tool = data.tool;
+    if (!tool || !['ngrok'].includes(tool)) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'Invalid tool' }));
+      return;
+    }
+    try {
+      const { stdout } = await new Promise((resolve, reject) => {
+        exec('npm install -g ngrok', { timeout: 120000, windowsHide: true }, (err, stdout, stderr) => {
+          if (err) reject(err);
+          else resolve({ stdout, stderr });
+        });
+      });
+      console.log(`  Installed ${tool}`);
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: true, tool, output: stdout.trim() }));
+    } catch (e) {
+      console.log(`  Install ${tool} failed: ${e.message}`);
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, tool, error: e.message }));
+    }
+    return;
+  }
+
+  // POST /install/voice-runtime — single-shot voice install: binary + model.
+  // Sequentially fetches the platform-matched whisper.cpp runtime and the
+  // large-v3-turbo model from the managed manifest. Both are idempotent: if
+  // the cached binary exists and the model's sha256 matches, the call returns
+  // without re-downloading. The endpoint completes only after both are ready.
+  if (req.method === 'POST' && path === '/install/voice-runtime') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    res.writeHead(200, { 'Content-Type': 'application/x-ndjson', 'Cache-Control': 'no-cache' });
+    const send = (obj) => { try { res.write(JSON.stringify(obj) + '\n'); } catch {} };
+    try {
+      const { ensureWhisperRuntime, ensureWhisperModel, ensureFfmpegRuntime } = await import(new URL('../src/channels/lib/voice-runtime-fetcher.mjs', import.meta.url).href);
+      const onProgress = (p) => send({ type: 'progress', ...p });
+      const runtime = await ensureWhisperRuntime(DATA_DIR, onProgress);
+      const model = await ensureWhisperModel(DATA_DIR, onProgress);
+      const ffmpeg = await ensureFfmpegRuntime(DATA_DIR, onProgress);
+      send({ type: 'done', ok: true, runtime, model, ffmpeg });
+    } catch (e) {
+      send({ type: 'error', ok: false, error: e?.message || String(e) });
+    } finally {
+      res.end();
+    }
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/general/config') {
+    const config = readConfig();
+    const pi = (config && typeof config.promptInjection === 'object' && config.promptInjection) || {};
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({
+      promptInjection: {
+        mode: pi.mode === 'hook' ? 'hook' : 'claude_md',
+        targetPath: typeof pi.targetPath === 'string' && pi.targetPath ? pi.targetPath : '~/.claude/CLAUDE.md',
+      },
+    }));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/general/save') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    const existing = readConfig();
+    const next = { ...existing };
+    const prev = (existing && typeof existing.promptInjection === 'object' && existing.promptInjection) || {};
+    const merged = { ...prev };
+    if (data && (data.mode === 'hook' || data.mode === 'claude_md')) {
+      merged.mode = data.mode;
+    }
+    if (data && typeof data.targetPath === 'string' && data.targetPath.trim()) {
+      merged.targetPath = data.targetPath.trim();
+    }
+    if (!merged.mode) merged.mode = 'claude_md';
+    if (!merged.targetPath) merged.targetPath = '~/.claude/CLAUDE.md';
+    next.promptInjection = merged;
+    writeConfig(next);
+    console.log('  Config saved: general/promptInjection');
+    // Update CLAUDE.md managed block when mode is claude_md
+    let claudeMdResult = null;
+    if (merged.mode === 'claude_md') {
+      claudeMdResult = { ok: false, error: 'generateClaudeMdBlock not available' };
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true, promptInjection: merged, claudeMd: claudeMdResult }));
+    return;
+  }
+
+  // ============================================================
+  // MD LIBRARY ROUTES — Project MD + per-role MD (Common MD moved to
+  // plugin rules/agent.md and is no longer user-editable).
+  // ============================================================
+
+  if (req.method === 'GET' && path === '/md/project') {
+    const indexPath = join(getPluginData(), 'project-md-index.json');
+    let registry = { paths: [] };
+    try { registry = JSON.parse(readFileSync(indexPath, 'utf8')); } catch {}
+    const items = [];
+    for (const cwd of registry.paths || []) {
+      let content = '';
+      try { content = readFileSync(join(cwd, 'PROJECT.md'), 'utf8'); } catch {}
+      items.push({ path: cwd, content });
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ items }));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/md/project') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const body = await readBody(req);
+    const cwd = String(body?.path || '').trim();
+    const content = String(body?.content ?? '');
+    if (!cwd) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'path required' }));
+      return;
+    }
+    try {
+      mkdirSync(cwd, { recursive: true });
+      const _pTmp = join(cwd, 'PROJECT.md.tmp');
+      writeFileSync(_pTmp, content, 'utf8');
+      renameSync(_pTmp, join(cwd, 'PROJECT.md'));
+    } catch (err) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: `Cannot write PROJECT.md: ${err.message}` }));
+      return;
+    }
+    // Update registry
+    const indexPath = join(getPluginData(), 'project-md-index.json');
+    let registry = { paths: [] };
+    try { registry = JSON.parse(readFileSync(indexPath, 'utf8')); } catch {}
+    if (!registry.paths.includes(cwd)) registry.paths.push(cwd);
+    mkdirSync(dirname(indexPath), { recursive: true });
+    // Intentional full replace of project-md-index.json (paths registry only).
+    try {
+      const _regTmp = indexPath + '.tmp';
+      writeFileSync(_regTmp, JSON.stringify(registry, null, 2), 'utf8');
+      renameSync(_regTmp, indexPath);
+    } catch (err) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: `Cannot write registry: ${err.message}` }));
+      return;
+    }
+    console.log(`  Config saved: project MD (${cwd})`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'DELETE' && path === '/md/project') {
+    const qs = new URL(req.url, 'http://x').searchParams;
+    const cwd = String(qs.get('path') || '').trim();
+    if (!cwd) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'path required' }));
+      return;
+    }
+    const indexPath = join(getPluginData(), 'project-md-index.json');
+    let registry = { paths: [] };
+    try { registry = JSON.parse(readFileSync(indexPath, 'utf8')); } catch {}
+    registry.paths = (registry.paths || []).filter(p => p !== cwd);
+    mkdirSync(dirname(indexPath), { recursive: true });
+    // Intentional full replace of project-md-index.json (paths registry only).
+    try {
+      const _regTmp = indexPath + '.tmp';
+      writeFileSync(_regTmp, JSON.stringify(registry, null, 2), 'utf8');
+      renameSync(_regTmp, indexPath);
+    } catch (err) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: `Cannot write registry: ${err.message}` }));
+      return;
+    }
+    console.log(`  Config removed from registry: ${cwd} (PROJECT.md file kept)`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  // ROLE MD ROUTES (Phase B §4) — UI-managed agent role files.
+  // Each role lives at <data>/roles/<name>.md with frontmatter
+  // (name, description, permission) + optional body. Permission is one of
+  // "read" | "read-write" | "mcp".
+
+  if (req.method === 'GET' && path === '/md/role') {
+    const rolesDir = join(getPluginData(), 'roles');
+    const items = [];
+    try {
+      mkdirSync(rolesDir, { recursive: true });
+      const files = (await import('fs')).readdirSync(rolesDir).filter(f => f.endsWith('.md'));
+      for (const f of files) {
+        const name = f.replace(/\.md$/, '');
+        let raw = '';
+        try { raw = readFileSync(join(rolesDir, f), 'utf8'); } catch {}
+        const fmMatch = raw.match(/^---\n([\s\S]*?)\n---\n*/);
+        const fm = fmMatch ? fmMatch[1] : '';
+        const body = fmMatch ? raw.slice(fmMatch[0].length).trim() : raw.trim();
+        const description = (fm.match(/^description:\s*["']?(.+?)["']?\s*$/m)?.[1] || '').trim();
+        const permission = (fm.match(/^permission:\s*["']?(.+?)["']?\s*$/m)?.[1] || '').trim().toLowerCase();
+        items.push({ name, description, permission, body });
+      }
+    } catch {}
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ items }));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/md/role') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const body = await readBody(req);
+    const name = String(body?.name || '').trim().toLowerCase().replace(/[^a-z0-9_-]/g, '');
+    const description = String(body?.description ?? '').trim();
+    const permission = String(body?.permission ?? '').trim().toLowerCase();
+    const note = String(body?.body ?? '').trim();
+    if (!name) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'name required' }));
+      return;
+    }
+    if (permission && permission !== 'read' && permission !== 'read-write' && permission !== 'mcp') {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'permission must be "read", "read-write", or "mcp"' }));
+      return;
+    }
+    const fmLines = [`name: ${name}`];
+    if (description) fmLines.push(`description: ${description.replace(/\n/g, ' ')}`);
+    if (permission) fmLines.push(`permission: ${permission}`);
+    const content = `---\n${fmLines.join('\n')}\n---\n${note ? `\n${note}\n` : ''}`;
+    const p = join(getPluginData(), 'roles', `${name}.md`);
+    // Intentional full replace: POST /md/role owns the entire role markdown file.
+    try {
+      mkdirSync(dirname(p), { recursive: true });
+      const _rTmp = p + '.tmp';
+      writeFileSync(_rTmp, content, 'utf8');
+      renameSync(_rTmp, p);
+    } catch (err) {
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'Cannot write role: ' + err.message }));
+      return;
+    }
+    console.log(`  Config saved: role MD (${name})`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'DELETE' && path === '/md/role') {
+    const qs = new URL(req.url, 'http://x').searchParams;
+    const name = String(qs.get('name') || '').trim().toLowerCase().replace(/[^a-z0-9_-]/g, '');
+    if (!name) {
+      res.writeHead(400, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'name required' }));
+      return;
+    }
+    const p = join(getPluginData(), 'roles', `${name}.md`);
+    try { (await import('fs')).unlinkSync(p); } catch (err) {
+      if (err.code !== 'ENOENT') {
+        res.writeHead(500, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: 'Cannot delete role: ' + err.message }));
+        return;
+      }
+    }
+    console.log(`  Config removed: role MD (${name})`);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  // ============================================================
+  // WORKFLOW MODULE ROUTES
+  // ============================================================
+
+  if (req.method === 'GET' && path === '/workflow/load') {
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(readUserWorkflow()));
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/workflow/save') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    const data = await readBody(req);
+    writeUserWorkflow(data);
+    console.log('  Config saved: user-workflow');
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/workflow/md') {
+    res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' });
+    res.end(readUserWorkflowMd());
+    return;
+  }
+
+  if (req.method === 'POST' && path === '/workflow/md') {
+    if (!isAllowedOrigin(req)) {
+      res.writeHead(403, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ ok: false, error: 'forbidden: cross-origin' }));
+      return;
+    }
+    let body = '';
+    await new Promise((resolve, reject) => {
+      req.on('data', c => { body += c; });
+      req.on('end', resolve);
+      req.on('error', reject);
+    });
+    writeUserWorkflowMd(body);
+    console.log('  Config saved: user-workflow.md');
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/workflow/file') {
+    if (!existsSync(USER_WORKFLOW_MD_PATH)) {
+      if (!shouldSeedMissingUserData(DATA_DIR, 'user-workflow.md')) {
+        res.writeHead(409, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ ok: false, error: 'user-workflow.md missing; restore from backup or intentionally reset user data' }));
+        return;
+      }
+      mkdirSync(dirname(USER_WORKFLOW_MD_PATH), { recursive: true });
+      writeFileSync(USER_WORKFLOW_MD_PATH, DEFAULT_USER_WORKFLOW_MD, 'utf8');
+      markUserDataInitialized(DATA_DIR);
+    }
+    if (isWin) { spawn('cmd', ['/c', 'start', '', USER_WORKFLOW_MD_PATH], { detached: true, stdio: 'ignore', windowsHide: true }).unref(); }
+    else { spawn('open', [USER_WORKFLOW_MD_PATH], { detached: true, stdio: 'ignore' }).unref(); }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ ok: true }));
+    return;
+  }
+
+  if (path === '/close') {
+    windowOpen = false;
+    res.writeHead(200);
+    res.end();
+    console.log('  Window closed');
+    return;
+  }
+
+  debugSetup(`[req-trace] ${req.method} ${path}`);
+  if (path === '/open') {
+    debugSetup(`[open-debug] /open request received`);
+    const result = await openAppWindow();
+    debugSetup(`[open-debug] /open result=${JSON.stringify(result)}`);
+    if (!result.ok) {
+      windowOpen = false;
+      res.writeHead(500, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify(result));
+      return;
+    }
+
+    windowOpen = true;
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(result));
+    return;
+  }
+
+  if (req.method === 'GET' && path === '/generation') {
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ generation: openGeneration }));
+    return;
+  }
+
+  res.writeHead(404);
+  res.end('Not found');
+}
+
+// Fire-and-forget warm-up of the model catalogs the Config UI will request.
+// Collects every provider referenced by the current agent config's presets,
+// then drives each through listProviderModels — the exact path /agent/models
+// serves — so the 24h runtime cache is populated by the time the UI asks.
+// Errors per provider are logged and swallowed; this never throws.
+function prefetchModelCatalogs() {
+  // Config reads can rethrow non-ENOENT I/O failures (EACCES/EIO) through
+  // readJsonFile; this runs unguarded inside the listen callback, so contain
+  // them here — a failed prefetch must never take the server down.
+  let cfg;
+  const providers = new Set();
+  try {
+    cfg = readAgentConfig();
+    for (const preset of readAgentPresets()) {
+      const id = normalizeAgentProviderId(preset?.provider);
+      if (id) providers.add(id);
+    }
+  } catch (err) {
+    console.error(`[setup] model catalog prefetch skipped: ${err?.message || err}`);
+    return;
+  }
+  for (const id of providers) {
+    listProviderModels(id, cfg).catch(err => {
+      console.error(`[setup] model catalog prefetch failed for ${id}: ${err?.message || err}`);
+    });
+  }
+}
+
+server.listen(PORT, '127.0.0.1', () => { // localhost-only — config UI holds secrets
+  console.log(`\n  MIXDOG CONFIG`);
+  console.log(`  http://localhost:${PORT}\n`);
+  // Warm model catalogs in the background so the Config UI's provider
+  // dropdowns fill without a cold network round-trip. Boot drops the runtime
+  // caches (dropRuntimeModelCaches above), so the first /agent/models request
+  // would otherwise pay full fetch latency while the user waits on a disabled
+  // dropdown. Fire-and-forget through the same listProviderModels path the UI
+  // uses; errors are logged and never thrown.
+  prefetchModelCatalogs();
+  if (process.env.MIXDOG_SETUP_OPEN_ON_START === '1') {
+    openGeneration++;
+    windowOpen = true;
+    openAppWindow().then(result => {
+      if (!result?.ok) {
+        windowOpen = false;
+        console.error(`[setup] openAppWindow failed: ${result?.error || JSON.stringify(result?.attempts)}`);
+      }
+    }).catch(err => {
+      windowOpen = false;
+      console.error(`[setup] openAppWindow threw: ${err?.message || err}`);
+    });
+  }
+});
+
+// Parent-PID watchdog: setup-server is launched detached/unref'd (see
+// setup/launch.mjs), so losing Claude Code does not reap it. Poll the
+// launcher's parent PID (the Claude Code CLI) and exit when it dies. This is
+// the detached-process equivalent of the run-mcp.mjs stdin-close pattern
+// applied to memory/channels workers in v0.6.0.
+(() => {
+  const parentPid = parseInt(process.env.MIXDOG_SETUP_PARENT_PID || '', 10);
+  if (!Number.isFinite(parentPid) || parentPid <= 0) return;
+  const tick = () => {
+    try {
+      process.kill(parentPid, 0);
+    } catch {
+      process.exit(0);
+    }
+  };
+  const timer = setInterval(tick, 5000);
+  if (typeof timer.unref === 'function') timer.unref();
+})();