mop-agent 0.1.8 → 0.1.10

package/README.md

@@ -5,8 +5,8 @@ through MOP-FLOW. It stores project memory, performs semantic recall and
 consolidation, serves grounded chat, and can request approved actions from a
 linked FLOW node.
 
-> **Release status:** npm package `mop-agent@0.1.8` contains the corrected VPS
-> installer, first-run Admin/Assistant flow, and shared retro application shell.
+> **Release status:** npm package `mop-agent@0.1.10` contains the corrected VPS
+> installer, one-time Admin setup/login flow, and shared retro application shell.
 > The canonical installation command is exactly `npx mop-agent`.
 
 ## Current status
@@ -55,7 +55,8 @@ The first run copies the npm-packaged runtime from the temporary npx cache into
 
 - `Install` — installs nginx/Certbot and immediately continues through the
   complete domain, SQLite, HTTPS, and systemd setup.
-- `Update` — updates only MOP-AGENT, migrates/builds, and restarts it.
+- `Update` — migrates/builds/restarts MOP-AGENT, restores the installer-owned
+  nginx vhost, reloads nginx, and verifies both local and domain proxy health.
 - `Status` — reports service health and filesystem locations.
 - `Delete` — removes the service and nginx configuration while preserving data
   unless purge is explicitly requested.
@@ -63,12 +64,15 @@ The first run copies the npm-packaged runtime from the temporary npx cache into
 After installation, open the configured URL in a browser. The application flow
 is intentionally separate from the server installer:
 
-1. On a fresh database, `/` redirects to **Create Admin account**.
+1. On a fresh database, `/setup` shows **Create Admin account** once.
 2. Creating the first Admin also signs that account in.
-3. Returning users are shown the login form.
-4. Successful setup/login opens the main **Assistant**. It can be used before
+3. After an Admin exists, `/setup` always redirects to `/login` when signed out
+   or `/assistant` when already signed in.
+4. Admin creates ready-to-login accounts under **Settings → Users**; there is
+   no public invited-account signup link.
+5. Successful setup/login opens the main **Assistant**. It can be used before
    any project is linked; Brain is the optional memory/project control surface.
-5. Add OpenRouter or Anthropic under **Providers** for full model responses.
+6. Add OpenRouter or Anthropic under **Settings → Providers** for full model responses.
    Until then, the built-in offline echo provider confirms the chat pipeline.
 
 During `setup`, choose one deployment mode:

package/apps/web/app/api/members/route.ts

@@ -1,4 +1,5 @@
-/** GET /api/members — list users + roles (owner). */
+/** GET/POST /api/members — list users or create a login directly (owner). */
+import { auth } from "@/lib/auth";
 import { getSqlite } from "@/lib/db/client";
 import { requireRole } from "@/lib/authz";
 
@@ -14,3 +15,40 @@ export async function GET(req: Request): Promise<Response> {
     .all();
   return Response.json({ members });
 }
+
+export async function POST(req: Request): Promise<Response> {
+  const access = await requireRole(req, ["owner"]);
+  if (!access.ok) return access.response;
+
+  const body = (await req.json()) as { name?: string; email?: string; password?: string; role?: "member" | "owner" };
+  const name = body.name?.trim();
+  const email = body.email?.trim().toLowerCase();
+  const password = body.password ?? "";
+  const role = body.role === "owner" ? "owner" : "member";
+  if (!name || !email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+    return Response.json({ error: "invalid_name_or_email" }, { status: 400 });
+  }
+  if (password.length < 8) return Response.json({ error: "password_too_short" }, { status: 400 });
+
+  const sqlite = getSqlite();
+  const exists = sqlite.prepare("SELECT 1 FROM user WHERE lower(email) = lower(?) LIMIT 1").get(email);
+  if (exists) return Response.json({ error: "user_already_exists" }, { status: 409 });
+
+  const now = Date.now();
+  sqlite.prepare(
+    `INSERT INTO invite(email, role, expires_at, used_at, invited_by, created_at)
+     VALUES(?, ?, ?, NULL, ?, ?)
+     ON CONFLICT(email) DO UPDATE SET role=excluded.role, expires_at=excluded.expires_at,
+       used_at=NULL, invited_by=excluded.invited_by`,
+  ).run(email, role, now + 10 * 60_000, access.userId, now);
+
+  try {
+    await auth.api.signUpEmail({ body: { name, email, password } });
+  } catch (error) {
+    sqlite.prepare("DELETE FROM invite WHERE email = ? AND used_at IS NULL").run(email);
+    const message = error instanceof Error ? error.message : "create_user_failed";
+    return Response.json({ error: message }, { status: 400 });
+  }
+
+  return Response.json({ ok: true, user: { name, email, role } }, { status: 201 });
+}

package/apps/web/app/assistant/page.tsx

@@ -2,16 +2,13 @@
 
 import type { CSSProperties } from "react";
 import { useEffect, useRef, useState } from "react";
+import { useMemoryCore } from "@/components/AppShell";
 
 type Turn = { role: "user" | "assistant"; content: string };
-type Project = { id: string; name: string; status: string };
-type ProviderState = { configured: boolean; provider?: string; model?: string | null };
 
 export default function AssistantPage() {
+  const { selectedProject, setSelectedProject, projects, provider } = useMemoryCore();
   const [turns, setTurns] = useState<Turn[]>([]);
-  const [projects, setProjects] = useState<Project[]>([]);
-  const [selectedProject, setSelectedProject] = useState("");
-  const [provider, setProvider] = useState<ProviderState>({ configured: false });
   const [name, setName] = useState("Admin");
   const [input, setInput] = useState("");
   const [busy, setBusy] = useState(false);
@@ -19,17 +16,12 @@ export default function AssistantPage() {
   const endRef = useRef<HTMLDivElement>(null);
 
   useEffect(() => {
-    Promise.all([
-      fetch("/api/projects").then((r) => r.json()),
-      fetch("/api/providers").then((r) => r.json()),
-      fetch("/api/me").then((r) => r.json()),
-    ]).then(([projectData, providerData, me]) => {
-      setProjects(projectData.projects ?? []);
-      setProvider(providerData.config ?? { configured: false });
+    fetch("/api/me").then((r) => r.json()).then((me) => {
       setName(me.user?.name || me.user?.email || "Admin");
     }).catch(() => {});
   }, []);
 
+
   async function send(prefill?: string) {
     const message = (prefill ?? input).trim();
     if (!message || busy) return;
@@ -77,22 +69,6 @@ export default function AssistantPage() {
 
   return (
     <section className="mop-assistant-page">
-      <div className="mop-assistant-toolbar">
-        <div>
-          <strong style={{ fontFamily: '"SFMono-Regular", Consolas, monospace', color: "#742220" }}>LIVE ASSISTANT</strong>
-          <span style={{ color: "rgba(45,74,62,.62)", marginLeft: 10, fontSize: 12 }}>
-            {provider.configured ? `${provider.provider}${provider.model ? ` · ${provider.model}` : ""}` : "offline demo"}
-          </span>
-        </div>
-        <label style={{ color: "#2d4a3e", fontSize: 12 }}>
-          MEMORY SCOPE&nbsp;
-          <select value={selectedProject} onChange={(e) => setSelectedProject(e.target.value)} style={selectStyle}>
-            <option value="">All memory</option>
-            {projects.map((project) => <option key={project.id} value={project.id}>{project.name}</option>)}
-          </select>
-        </label>
-      </div>
-
       <div className="mop-assistant-conversation">
         {turns.length === 0 ? (
           <div className="mop-assistant-welcome">
@@ -152,7 +128,7 @@ export default function AssistantPage() {
 }
 
 const selectStyle: CSSProperties = { color: "#2d4a3e", border: "1px solid rgba(45,74,62,.42)", padding: "6px 8px", background: "#fffdf2" };
-const assistantLogo: CSSProperties = { width: 86, height: 86, display: "grid", placeItems: "center", overflow: "hidden", background: "#2d4a3e", border: "2px solid #742220", boxShadow: "5px 5px 0 rgba(45,74,62,.18)" };
+const assistantLogo: CSSProperties = { width: 86, height: 86, display: "grid", placeItems: "center" };
 const promptGrid: CSSProperties = { width: "min(100%, 650px)", display: "grid", gridTemplateColumns: "repeat(2,minmax(0,1fr))", gap: 10, marginTop: 28 };
 const promptCard: CSSProperties = { display: "flex", justifyContent: "space-between", padding: "14px 15px", border: "1px solid rgba(45,74,62,.38)", borderBottomWidth: 3, background: "#fffdf2", color: "#2d4a3e", cursor: "pointer", textAlign: "left" };
 const botAvatar: CSSProperties = { width: 32, height: 32, display: "grid", placeItems: "center", background: "#742220", color: "#fef9e1" };

package/apps/web/app/globals.css

@@ -411,11 +411,12 @@ button {
 
 .mop-settings-grid {
   display: grid;
-  grid-template-columns: 210px minmax(0, 1fr);
+  grid-template-columns: 1fr;
   gap: 18px;
   align-items: start;
 }
 
+
 .mop-settings-nav { padding: 9px; }
 .mop-settings-nav button {
   width: 100%;
@@ -504,4 +505,65 @@ button {
   .mop-settings-nav { display: flex; gap: 7px; }
   .mop-settings-nav button { justify-content: center; }
   .mop-user-invite-form { grid-template-columns: 1fr !important; }
+  .mop-settings-sidebar {
+    position: fixed;
+    top: 62px;
+    left: 0;
+    bottom: 0;
+    width: min(82vw, 280px);
+    height: auto;
+    transform: translateX(-105%);
+    transition: transform 160ms steps(4, end);
+    display: flex !important;
+    flex-direction: column !important;
+  }
+  .mop-settings-sidebar.is-open {
+    transform: translateX(0);
+  }
+}
+
+.mop-settings-sidebar {
+  grid-area: sidebar;
+  position: sticky;
+  top: 70px;
+  height: calc(100vh - 70px);
+  z-index: 40;
+  display: flex;
+  flex-direction: column;
+  overflow-y: auto;
+  padding: 15px 9px 12px;
+  border-right: 2px solid rgba(45, 74, 62, .46);
+}
+
+.mop-back-workspace-btn {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: 8px;
+  width: 100%;
+  min-height: 40px;
+  margin-bottom: 9px;
+  padding: 9px 12px;
+  border: 1px solid var(--mop-red);
+  background: var(--mop-red);
+  color: var(--mop-cream);
+  font-family: "SFMono-Regular", Consolas, monospace;
+  font-size: 11px;
+  font-weight: 900;
+  text-decoration: none;
+  cursor: pointer;
+  transition: transform 80ms steps(2, end), box-shadow 80ms steps(2, end);
+  box-shadow: 2px 2px 0 rgba(45, 74, 62, .17);
+}
+
+.mop-back-workspace-btn:hover {
+  transform: translate(-1px, -1px);
+  box-shadow: 3px 3px 0 rgba(45, 74, 62, .24);
+  color: var(--mop-cream);
+}
+
+.mop-back-workspace-btn:active {
+  transform: translate(1px, 1px);
+  box-shadow: 0 0 0 rgba(45, 74, 62, 0);
 }
+

package/apps/web/app/login/layout.tsx

@@ -0,0 +1,16 @@
+import type { ReactNode } from "react";
+import { unstable_noStore as noStore } from "next/cache";
+import { headers } from "next/headers";
+import { redirect } from "next/navigation";
+import { auth, ownerExists } from "@/lib/auth";
+
+export const dynamic = "force-dynamic";
+export const revalidate = 0;
+
+export default async function LoginLayout({ children }: { children: ReactNode }) {
+  noStore();
+  if (!ownerExists()) redirect("/setup");
+  const session = await auth.api.getSession({ headers: await headers() });
+  if (session) redirect("/assistant");
+  return children;
+}

package/apps/web/app/login/page.tsx

@@ -0,0 +1,83 @@
+"use client";
+
+import { useState } from "react";
+import { signIn } from "@/lib/auth-client";
+
+type SetupStatus = { authenticated: boolean };
+
+async function waitForSession(): Promise<boolean> {
+  for (let attempt = 0; attempt < 5; attempt += 1) {
+    try {
+      const response = await fetch(`/api/setup/status?t=${Date.now()}`, { cache: "no-store", credentials: "include" });
+      const status = await response.json() as SetupStatus;
+      if (status.authenticated) return true;
+    } catch {
+      // Retry a short proxy/session propagation gap.
+    }
+    await new Promise((resolve) => setTimeout(resolve, 250));
+  }
+  return false;
+}
+
+export default function LoginPage() {
+  const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
+  const [msg, setMsg] = useState("");
+  const [busy, setBusy] = useState(false);
+
+  async function submit(e: React.FormEvent) {
+    e.preventDefault();
+    setBusy(true);
+    setMsg("");
+    const result = await signIn.email({ email, password });
+    if (result.error) {
+      setMsg(result.error.message ?? "Sign in failed.");
+      setBusy(false);
+      return;
+    }
+    if (await waitForSession()) {
+      window.location.replace(`/assistant?auth=${Date.now()}`);
+      return;
+    }
+    setMsg("Sign in succeeded, but the session cookie was not accepted. Use the configured domain and HTTPS address.");
+    setBusy(false);
+  }
+
+  return (
+    <main className="mop-setup-shell" style={shell}>
+      <section className="mop-setup-brand" style={brandPanel}>
+        <img src="/icon.svg" alt="MOP-AGENT" style={heroLogo} />
+      </section>
+      <section className="mop-setup-form" style={formWrap}>
+        <div style={formCard}>
+          <p style={eyebrow}>WELCOME BACK</p>
+          <h1 style={{ fontSize: 27, margin: "8px 0" }}>Sign in to MOP-AGENT</h1>
+          <p style={description}>Use the account created for you by the Administrator.</p>
+          <form onSubmit={submit} style={{ display: "grid", gap: 14, marginTop: 28 }}>
+            <label style={label}>Email
+              <input placeholder="you@example.com" type="email" autoComplete="email" required value={email} onChange={(e) => setEmail(e.target.value)} style={inputStyle} />
+            </label>
+            <label style={label}>Password
+              <input placeholder="Your password" type="password" autoComplete="current-password" required value={password} onChange={(e) => setPassword(e.target.value)} style={inputStyle} />
+            </label>
+            <button type="submit" disabled={busy} style={{ ...buttonStyle, opacity: busy ? 0.65 : 1 }}>
+              {busy ? "Signing in…" : "Sign in"}
+            </button>
+          </form>
+          {msg && <p role="alert" style={{ marginTop: 16, color: "#742220" }}>{msg}</p>}
+        </div>
+      </section>
+    </main>
+  );
+}
+
+const shell: React.CSSProperties = { minHeight: "100vh", display: "grid", gridTemplateColumns: "minmax(0, 1.25fr) minmax(380px, .75fr)", background: "#fef9e1" };
+const brandPanel: React.CSSProperties = { padding: "clamp(48px, 8vw, 110px)", display: "flex", alignItems: "center", justifyContent: "center", overflow: "hidden", background: "radial-gradient(circle at 50% 45%, #49685c 0, #2d4a3e 58%, #21382f 100%)" };
+const heroLogo: React.CSSProperties = { display: "block", width: "min(72%, 560px)", height: "auto", maxHeight: "72vh", objectFit: "contain", filter: "drop-shadow(0 24px 34px rgba(0,0,0,.28))" };
+const formWrap: React.CSSProperties = { display: "flex", alignItems: "center", justifyContent: "center", padding: 28, background: "#fef9e1", borderLeft: "1px solid #2d4a3e" };
+const formCard: React.CSSProperties = { width: "min(100%, 430px)", padding: "38px 34px", border: "1px solid rgba(45,74,62,.45)", borderRadius: 18, background: "#fffdf2", boxShadow: "0 24px 70px rgba(45,74,62,.14)" };
+const eyebrow: React.CSSProperties = { margin: "20px 0 0", color: "#742220", fontSize: 12, fontWeight: 800, letterSpacing: ".16em" };
+const description: React.CSSProperties = { color: "#7f8da2", lineHeight: 1.55, marginTop: 0 };
+const label: React.CSSProperties = { display: "grid", gap: 7, color: "#2d4a3e", fontSize: 13, fontWeight: 650 };
+const inputStyle: React.CSSProperties = { padding: "12px 13px", borderRadius: 9, border: "1px solid rgba(45,74,62,.42)", outline: "none", background: "#fef9e1", color: "#2d4a3e", fontSize: 15 };
+const buttonStyle: React.CSSProperties = { marginTop: 4, padding: "12px 14px", borderRadius: 9, border: "1px solid #742220", background: "#742220", color: "#fef9e1", fontWeight: 750, fontSize: 15, cursor: "pointer" };

package/apps/web/app/settings/page.tsx

@@ -2,14 +2,13 @@
 
 import type { CSSProperties } from "react";
 import { useEffect, useState } from "react";
+import { useMemoryCore } from "@/components/AppShell";
 
-type Section = "providers" | "users";
 type Masked = { configured: boolean; provider?: string; model?: string | null; keyHint?: string };
 type Member = { id: string; email: string; name: string; role: string };
-type Invite = { email: string; role: string; expiresAt: number; usedAt: number | null };
 
 export default function SettingsPage() {
-  const [section, setSection] = useState<Section>("providers");
+  const { settingsSection: section } = useMemoryCore();
   const [config, setConfig] = useState<Masked>({ configured: false });
   const [env, setEnv] = useState<{ anthropic: boolean; openrouter: boolean }>({ anthropic: false, openrouter: false });
   const [provider, setProvider] = useState<"anthropic" | "openrouter">("openrouter");
@@ -17,8 +16,9 @@ export default function SettingsPage() {
   const [model, setModel] = useState("");
   const [providerMsg, setProviderMsg] = useState("");
   const [members, setMembers] = useState<Member[]>([]);
-  const [invites, setInvites] = useState<Invite[]>([]);
+  const [userName, setUserName] = useState("");
   const [email, setEmail] = useState("");
+  const [password, setPassword] = useState("");
   const [role, setRole] = useState<"member" | "owner">("member");
   const [userMsg, setUserMsg] = useState("");
 
@@ -31,21 +31,13 @@ export default function SettingsPage() {
 
   function loadUsers() {
     fetch("/api/members").then((r) => (r.ok ? r.json() : { members: [] })).then((data) => setMembers(data.members ?? [])).catch(() => {});
-    fetch("/api/invites").then((r) => (r.ok ? r.json() : { invites: [] })).then((data) => setInvites(data.invites ?? [])).catch(() => {});
   }
 
   useEffect(() => {
-    const requested = new URLSearchParams(window.location.search).get("section");
-    if (requested === "users") setSection("users");
     loadProvider();
     loadUsers();
   }, []);
 
-  function chooseSection(next: Section) {
-    setSection(next);
-    const url = next === "providers" ? "/settings" : "/settings?section=users";
-    window.history.replaceState(null, "", url);
-  }
 
   async function saveProvider(e: React.FormEvent) {
     e.preventDefault();
@@ -61,21 +53,21 @@ export default function SettingsPage() {
     if (response.ok) setConfig(data.config);
   }
 
-  async function invite(e: React.FormEvent) {
+  async function createUser(e: React.FormEvent) {
     e.preventDefault();
-    setUserMsg("Creating invite…");
-    const response = await fetch("/api/invites", {
+    setUserMsg("Creating user…");
+    const response = await fetch("/api/members", {
       method: "POST",
       headers: { "content-type": "application/json" },
-      body: JSON.stringify({ email, role }),
+      body: JSON.stringify({ name: userName, email, password, role }),
     });
-    setUserMsg(response.ok ? `Invite created for ${email}.` : `Unable to invite (error ${response.status}).`);
-    if (response.ok) setEmail("");
-    loadUsers();
-  }
-
-  async function revoke(inviteEmail: string) {
-    await fetch(`/api/invites?email=${encodeURIComponent(inviteEmail)}`, { method: "DELETE" });
+    const data = await response.json();
+    setUserMsg(response.ok ? `User ${email} created and ready to sign in.` : `Unable to create user: ${data.error ?? response.status}`);
+    if (response.ok) {
+      setUserName("");
+      setEmail("");
+      setPassword("");
+    }
     loadUsers();
   }
 
@@ -91,15 +83,6 @@ export default function SettingsPage() {
       </header>
 
       <div className="mop-settings-grid">
-        <aside className="mop-settings-nav mop-panel" aria-label="Settings sections">
-          <button className={section === "providers" ? "is-active" : ""} onClick={() => chooseSection("providers")}>
-            <span>◇</span><strong>Providers</strong>
-          </button>
-          <button className={section === "users" ? "is-active" : ""} onClick={() => chooseSection("users")}>
-            <span>♙</span><strong>Users</strong>
-          </button>
-        </aside>
-
         <section className="mop-settings-content mop-panel">
           {section === "providers" ? (
             <>
@@ -166,29 +149,21 @@ export default function SettingsPage() {
                 </table>
               </div>
 
-              <div style={invitePanel}>
-                <h3 style={{ margin: 0, fontSize: 15 }}>Invite a user</h3>
-                <form onSubmit={invite} style={{ display: "grid", gridTemplateColumns: "minmax(180px,1fr) 130px auto", gap: 9, marginTop: 13 }} className="mop-user-invite-form">
+              <div style={userPanel}>
+                <h3 style={{ margin: 0, fontSize: 15 }}>Add a user</h3>
+                <p style={{ ...muted, margin: "6px 0 0", fontSize: 12 }}>Create the account here, then give the user their email and temporary password.</p>
+                <form onSubmit={createUser} style={{ display: "grid", gridTemplateColumns: "minmax(140px,.8fr) minmax(190px,1fr) minmax(150px,.8fr) 110px auto", gap: 9, marginTop: 13 }} className="mop-user-invite-form">
+                  <input placeholder="Display name" required value={userName} onChange={(e) => setUserName(e.target.value)} style={inputStyle} />
                   <input placeholder="user@example.com" type="email" required value={email} onChange={(e) => setEmail(e.target.value)} style={inputStyle} />
+                  <input placeholder="Temporary password" type="password" minLength={8} required value={password} onChange={(e) => setPassword(e.target.value)} style={inputStyle} />
                   <select value={role} onChange={(e) => setRole(e.target.value as "member" | "owner")} style={inputStyle}>
                     <option value="member">Member</option>
                     <option value="owner">Admin</option>
                   </select>
-                  <button type="submit" style={primaryButton}>CREATE INVITE</button>
+                  <button type="submit" style={primaryButton}>ADD USER</button>
                 </form>
                 {userMsg && <p style={messageStyle}>{userMsg}</p>}
               </div>
-
-              <h3 style={{ margin: "26px 0 10px", fontSize: 14 }}>Pending invites</h3>
-              <div style={{ display: "grid", gap: 7 }}>
-                {invites.filter((item) => !item.usedAt).map((item) => (
-                  <div key={item.email} style={inviteRow}>
-                    <span><strong>{item.email}</strong><small style={{ ...muted, marginLeft: 8 }}>{item.role === "owner" ? "admin" : "member"}</small></span>
-                    <button onClick={() => revoke(item.email)} style={secondaryButton}>REVOKE</button>
-                  </div>
-                ))}
-                {invites.filter((item) => !item.usedAt).length === 0 && <p style={muted}>No pending invites.</p>}
-              </div>
             </>
           )}
         </section>
@@ -207,11 +182,9 @@ const formGrid: CSSProperties = { display: "grid", gap: 13, marginTop: 20 };
 const labelStyle: CSSProperties = { display: "grid", gap: 6, color: "#742220", fontFamily: '"SFMono-Regular", Consolas, monospace', fontSize: 11, fontWeight: 800, letterSpacing: ".07em", textTransform: "uppercase" };
 const inputStyle: CSSProperties = { width: "100%", minHeight: 40, padding: "9px 11px", border: "1px solid rgba(45,74,62,.4)", background: "#fffdf2", color: "#2d4a3e" };
 const primaryButton: CSSProperties = { minHeight: 40, padding: "9px 15px", border: "1px solid #742220", background: "#742220", color: "#fef9e1", fontFamily: '"SFMono-Regular", Consolas, monospace', fontSize: 10, fontWeight: 900, cursor: "pointer" };
-const secondaryButton: CSSProperties = { padding: "6px 10px", border: "1px solid #742220", background: "transparent", color: "#742220", fontSize: 9, fontWeight: 900, cursor: "pointer" };
 const messageStyle: CSSProperties = { padding: "9px 11px", borderLeft: "3px solid #742220", background: "rgba(116,34,32,.06)", fontSize: 13 };
 const tableStyle: CSSProperties = { width: "100%", borderCollapse: "collapse", fontSize: 13 };
 const miniAvatar: CSSProperties = { width: 28, height: 28, display: "inline-grid", placeItems: "center", marginRight: 9, background: "#2d4a3e", color: "#fef9e1", fontWeight: 900 };
 const ownerRole: CSSProperties = { padding: "4px 7px", background: "#742220", color: "#fef9e1", fontSize: 9, fontWeight: 900 };
 const memberRole: CSSProperties = { ...ownerRole, color: "#2d4a3e", background: "rgba(45,74,62,.12)" };
-const invitePanel: CSSProperties = { marginTop: 26, padding: 16, border: "1px solid rgba(45,74,62,.27)", background: "rgba(254,249,225,.55)" };
-const inviteRow: CSSProperties = { display: "flex", alignItems: "center", justifyContent: "space-between", gap: 12, padding: 10, border: "1px solid rgba(45,74,62,.22)" };
+const userPanel: CSSProperties = { marginTop: 26, padding: 16, border: "1px solid rgba(45,74,62,.27)", background: "rgba(254,249,225,.55)" };

package/apps/web/app/setup/layout.tsx

@@ -0,0 +1,15 @@
+import type { ReactNode } from "react";
+import { unstable_noStore as noStore } from "next/cache";
+import { headers } from "next/headers";
+import { redirect } from "next/navigation";
+import { auth, ownerExists } from "@/lib/auth";
+
+export const dynamic = "force-dynamic";
+export const revalidate = 0;
+
+export default async function SetupLayout({ children }: { children: ReactNode }) {
+  noStore();
+  if (!ownerExists()) return children;
+  const session = await auth.api.getSession({ headers: await headers() });
+  redirect(session ? "/assistant" : "/login");
+}

package/apps/web/app/setup/page.tsx

@@ -1,6 +1,6 @@
 "use client";
 
-import { useEffect, useState } from "react";
+import { useState } from "react";
 import { signIn, signUp } from "@/lib/auth-client";
 
 type SetupStatus = { ownerExists: boolean; authenticated: boolean };
@@ -20,7 +20,7 @@ async function waitForSession(): Promise<boolean> {
     try {
       if ((await getSetupStatus()).authenticated) return true;
     } catch {
-      // A short deployment/network gap should not strand the form in busy mode.
+      // Allow a short deployment/network gap before falling back to Login.
     }
     await new Promise((resolve) => setTimeout(resolve, 250));
   }
@@ -28,78 +28,34 @@ async function waitForSession(): Promise<boolean> {
 }
 
 export default function SetupPage() {
-  const [ownerExists, setOwnerExists] = useState<boolean | null>(null);
   const [email, setEmail] = useState("");
   const [password, setPassword] = useState("");
   const [name, setName] = useState("");
   const [msg, setMsg] = useState("");
   const [busy, setBusy] = useState(false);
-  const [mode, setMode] = useState<"signup" | "signin">("signup");
-
-  useEffect(() => {
-    getSetupStatus()
-      .then((status) => {
-        if (status.authenticated) {
-          window.location.replace(`/assistant?auth=${Date.now()}`);
-          return;
-        }
-        setOwnerExists(status.ownerExists);
-        setMode(status.ownerExists ? "signin" : "signup");
-      })
-      .catch(() => setMsg("Unable to reach MOP-AGENT. Please refresh."));
-  }, []);
 
   async function submit(e: React.FormEvent) {
     e.preventDefault();
     setBusy(true);
     setMsg("");
 
-    if (mode === "signup") {
-      const res = await signUp.email({ email, password, name: name.trim() || email });
-      if (res.error) {
-        setMsg(res.error.message ?? "Account setup failed.");
-        setBusy(false);
-        return;
-      }
-      // Verify the cookie before entering a server-protected route. If the
-      // signup response did not establish it, explicitly sign in once.
-      if (!(await waitForSession())) {
-        const login = await signIn.email({ email, password });
-        if (login.error) {
-          setMode("signin");
-          setOwnerExists(true);
-          setMsg(login.error.message ?? "Admin created, but sign in failed. Please sign in below.");
-          setBusy(false);
-          return;
-        }
-      }
-      if (await waitForSession()) {
-        window.location.replace(`/assistant?auth=${Date.now()}`);
-        return;
-      }
-      setMode("signin");
-      setOwnerExists(true);
-      setMsg("Admin created, but the session cookie was not accepted. Please sign in again.");
+    const result = await signUp.email({ email, password, name: name.trim() || email });
+    if (result.error) {
+      setMsg(result.error.message ?? "Admin setup failed.");
       setBusy(false);
       return;
     }
 
-    const res = await signIn.email({ email, password });
-    if (res.error) {
-      setMsg(res.error.message ?? "Sign in failed.");
-      setBusy(false);
-      return;
-    }
+    // Better Auth normally creates the session during signup. Explicitly sign
+    // in once if a proxy/browser did not retain that first response cookie.
+    if (!(await waitForSession())) await signIn.email({ email, password });
     if (await waitForSession()) {
       window.location.replace(`/assistant?auth=${Date.now()}`);
       return;
     }
-    setMsg("Sign in succeeded, but the session cookie was not accepted. Check that you are using the configured HTTPS domain.");
-    setBusy(false);
+    window.location.replace("/login?admin-created=1");
   }
 
-  const loading = ownerExists === null && !msg;
-
   return (
     <main className="mop-setup-shell" style={shell}>
       <section className="mop-setup-brand" style={brandPanel}>
@@ -108,45 +64,26 @@ export default function SetupPage() {
 
       <section className="mop-setup-form" style={formWrap}>
         <div style={formCard}>
-          <p style={eyebrow}>{mode === "signup" ? "FIRST-RUN SETUP" : "WELCOME BACK"}</p>
-          <h2 style={{ fontSize: 27, margin: "8px 0" }}>
-            {loading ? "Checking server…" : mode === "signup" ? "Create Admin account" : "Sign in to MOP-AGENT"}
-          </h2>
-          <p style={{ color: "#8c9bb0", lineHeight: 1.55, marginTop: 0 }}>
-            {mode === "signup"
-              ? "This first account controls providers, team access, projects, and system memory."
-              : "Use your Admin or invited team account."}
-          </p>
-
-          {!loading && (
-            <form onSubmit={submit} style={{ display: "grid", gap: 14, marginTop: 28 }}>
-              {mode === "signup" && (
-                <label style={label}>Display name
-                  <input placeholder="Admin" autoComplete="name" value={name} onChange={(e) => setName(e.target.value)} style={inputStyle} />
-                </label>
-              )}
-              <label style={label}>Email
-                <input placeholder="admin@example.com" type="email" autoComplete="email" required value={email} onChange={(e) => setEmail(e.target.value)} style={inputStyle} />
-              </label>
-              <label style={label}>Password
-                <input placeholder="Minimum 8 characters" type="password" autoComplete={mode === "signup" ? "new-password" : "current-password"} required minLength={8} value={password} onChange={(e) => setPassword(e.target.value)} style={inputStyle} />
-              </label>
-              <button type="submit" disabled={busy} style={{ ...buttonStyle, opacity: busy ? 0.65 : 1 }}>
-                {busy ? "Please wait…" : mode === "signup" ? "Create Admin & continue" : "Sign in"}
-              </button>
-            </form>
-          )}
+          <p style={eyebrow}>FIRST-RUN SETUP</p>
+          <h1 style={{ fontSize: 27, margin: "8px 0" }}>Create Admin account</h1>
+          <p style={description}>This one-time account controls providers, users, projects, and system memory.</p>
+
+          <form onSubmit={submit} style={{ display: "grid", gap: 14, marginTop: 28 }}>
+            <label style={label}>Display name
+              <input placeholder="Admin" autoComplete="name" value={name} onChange={(e) => setName(e.target.value)} style={inputStyle} />
+            </label>
+            <label style={label}>Email
+              <input placeholder="admin@example.com" type="email" autoComplete="email" required value={email} onChange={(e) => setEmail(e.target.value)} style={inputStyle} />
+            </label>
+            <label style={label}>Password
+              <input placeholder="Minimum 8 characters" type="password" autoComplete="new-password" required minLength={8} value={password} onChange={(e) => setPassword(e.target.value)} style={inputStyle} />
+            </label>
+            <button type="submit" disabled={busy} style={{ ...buttonStyle, opacity: busy ? 0.65 : 1 }}>
+              {busy ? "Creating Admin…" : "Create Admin & continue"}
+            </button>
+          </form>
 
           {msg && <p role="alert" style={{ marginTop: 16, color: "#742220" }}>{msg}</p>}
-
-          {!loading && (
-            <p style={{ marginTop: 22, fontSize: 13, color: "#7f8da2" }}>
-              {mode === "signin" ? "Invited team member? " : "Already created an account? "}
-              <button type="button" onClick={() => { setMode(mode === "signin" ? "signup" : "signin"); setMsg(""); }} style={textButton}>
-                {mode === "signin" ? "Create invited account" : "Sign in"}
-              </button>
-            </p>
-          )}
         </div>
       </section>
     </main>
@@ -159,7 +96,7 @@ const heroLogo: React.CSSProperties = { display: "block", width: "min(72%, 560px
 const formWrap: React.CSSProperties = { display: "flex", alignItems: "center", justifyContent: "center", padding: 28, background: "#fef9e1", borderLeft: "1px solid #2d4a3e" };
 const formCard: React.CSSProperties = { width: "min(100%, 430px)", padding: "38px 34px", border: "1px solid rgba(45,74,62,.45)", borderRadius: 18, background: "#fffdf2", boxShadow: "0 24px 70px rgba(45,74,62,.14)" };
 const eyebrow: React.CSSProperties = { margin: "20px 0 0", color: "#742220", fontSize: 12, fontWeight: 800, letterSpacing: ".16em" };
+const description: React.CSSProperties = { color: "#7f8da2", lineHeight: 1.55, marginTop: 0 };
 const label: React.CSSProperties = { display: "grid", gap: 7, color: "#2d4a3e", fontSize: 13, fontWeight: 650 };
 const inputStyle: React.CSSProperties = { padding: "12px 13px", borderRadius: 9, border: "1px solid rgba(45,74,62,.42)", outline: "none", background: "#fef9e1", color: "#2d4a3e", fontSize: 15 };
 const buttonStyle: React.CSSProperties = { marginTop: 4, padding: "12px 14px", borderRadius: 9, border: "1px solid #742220", background: "#742220", color: "#fef9e1", fontWeight: 750, fontSize: 15, cursor: "pointer" };
-const textButton: React.CSSProperties = { padding: 0, border: 0, background: "none", color: "#742220", cursor: "pointer" };

package/apps/web/components/AppShell.tsx

@@ -2,7 +2,7 @@
 
 import type { ReactNode } from "react";
 import { usePathname } from "next/navigation";
-import { useState } from "react";
+import { useState, useEffect, createContext, useContext } from "react";
 import { signOut } from "@/lib/auth-client";
 
 export type AppViewer = {
@@ -11,6 +11,31 @@ export type AppViewer = {
   role: "owner" | "member";
 };
 
+export type Project = { id: string; name: string; status: string };
+export type ProviderState = { configured: boolean; provider?: string; model?: string | null };
+
+interface MemoryCoreContextType {
+  selectedProject: string;
+  setSelectedProject: (id: string) => void;
+  projects: Project[];
+  provider: ProviderState;
+  settingsSection: "providers" | "users";
+  setSettingsSection: (section: "providers" | "users") => void;
+}
+
+const MemoryCoreContext = createContext<MemoryCoreContextType | undefined>(undefined);
+
+export function useMemoryCore() {
+  const context = useContext(MemoryCoreContext);
+  if (!context) {
+    throw new Error("useMemoryCore must be used within a MemoryCoreProvider");
+  }
+  return context;
+}
+
+const selectStyle = { color: "#2d4a3e", border: "1px solid rgba(45,74,62,.42)", padding: "6px 8px", background: "#fffdf2" };
+
+
 function pageTitle(pathname: string): string {
   if (pathname === "/assistant") return "Assistant";
   if (pathname === "/brain/graph") return "Knowledge Graph";
@@ -27,84 +52,156 @@ export function AppShell({ viewer, children }: { viewer: AppViewer; children: Re
   const isAdmin = viewer.role === "owner";
   const title = pageTitle(pathname);
 
+  const [projects, setProjects] = useState<Project[]>([]);
+  const [provider, setProvider] = useState<ProviderState>({ configured: false });
+  const [selectedProject, setSelectedProject] = useState("");
+  const [settingsSection, setSettingsSection] = useState<"providers" | "users">("providers");
+
+  useEffect(() => {
+    Promise.all([
+      fetch("/api/projects").then((r) => r.json()),
+      fetch("/api/providers").then((r) => r.json()),
+    ]).then(([projectData, providerData]) => {
+      setProjects(projectData.projects ?? []);
+      setProvider(providerData.config ?? { configured: false });
+    }).catch(() => {});
+
+    const requested = new URLSearchParams(window.location.search).get("section");
+    if (requested === "users") setSettingsSection("users");
+  }, []);
+
   async function logout() {
     await signOut();
-    window.location.replace("/setup");
+    window.location.replace("/login");
   }
 
+  const selectSection = (sec: "providers" | "users") => {
+    setSettingsSection(sec);
+    const url = sec === "providers" ? "/settings" : "/settings?section=users";
+    window.history.replaceState(null, "", url);
+  };
+
+  const isSettings = pathname.startsWith("/settings");
+
   const nav = [
     { href: "/assistant", label: "Assistant", icon: "✦", active: pathname.startsWith("/assistant") || pathname.startsWith("/chat/") },
     { href: "/brain", label: "Brain", icon: "◉", active: pathname.startsWith("/brain") },
   ];
 
   return (
-    <div className="mop-app-frame">
-      <header className="mop-app-topbar">
-        <a className="mop-app-brand" href="/assistant" aria-label="MOP-AGENT home">
-          <img src="/icon.svg" alt="" />
-          <span>MOP-AGENT</span>
-        </a>
-        <div className="mop-app-topbar-main">
-          <button
-            className="mop-menu-toggle"
-            type="button"
-            aria-label="Toggle navigation"
-            aria-expanded={menuOpen}
-            onClick={() => setMenuOpen((open) => !open)}
-          >
-            ☰
-          </button>
-          <div className="mop-topbar-title">
-            <span className="mop-live-dot" />
-            <strong>{title}</strong>
-          </div>
-          <div className="mop-topbar-center">MOP MEMORYCORE</div>
-          <div className="mop-topbar-meta">
-            <span>{isAdmin ? "ADMIN" : "MEMBER"}</span>
-            <span className="mop-version">v0.1.8</span>
-          </div>
-        </div>
-      </header>
-
-      {menuOpen && <button className="mop-sidebar-scrim" aria-label="Close navigation" onClick={() => setMenuOpen(false)} />}
-
-      <aside className={`mop-app-sidebar${menuOpen ? " is-open" : ""}`}>
-        <div className="mop-nav-section">
-          <p>WORKSPACE</p>
-          <nav>
-            {nav.map((item) => (
-              <a key={item.href} href={item.href} className={item.active ? "is-active" : ""} onClick={() => setMenuOpen(false)}>
-                <span className="mop-nav-icon">{item.icon}</span>
-                <span>{item.label}</span>
-              </a>
-            ))}
-          </nav>
-        </div>
-
-        {isAdmin && (
-          <div className="mop-nav-section">
-            <p>ADMIN</p>
-            <nav>
-              <a href="/settings" className={pathname.startsWith("/settings") ? "is-active" : ""} onClick={() => setMenuOpen(false)}>
-                <span className="mop-nav-icon">⚙</span>
-                <span>Settings</span>
-              </a>
-            </nav>
+    <MemoryCoreContext.Provider value={{ selectedProject, setSelectedProject, projects, provider, settingsSection, setSettingsSection }}>
+      <div className="mop-app-frame">
+        <header className="mop-app-topbar">
+          <a className="mop-app-brand" href="/assistant" aria-label="MOP-AGENT home">
+            <img src="/icon.svg" alt="" />
+            <span>MOP-AGENT</span>
+          </a>
+          <div className="mop-app-topbar-main">
+            <button
+              className="mop-menu-toggle"
+              type="button"
+              aria-label="Toggle navigation"
+              aria-expanded={menuOpen}
+              onClick={() => setMenuOpen((open) => !open)}
+            >
+              ☰
+            </button>
+            {pathname === "/assistant" ? (
+              <div className="mop-assistant-toolbar" style={{ border: 0, padding: 0, margin: 0, background: "transparent", width: "100%", display: "flex", justifyContent: "space-between", alignItems: "center" }}>
+                <div>
+                  <strong style={{ fontFamily: '"SFMono-Regular", Consolas, monospace', color: "#742220" }}>LIVE ASSISTANT</strong>
+                  <span style={{ color: "rgba(45,74,62,.62)", marginLeft: 10, fontSize: 12 }}>
+                    {provider.configured ? `${provider.provider}${provider.model ? ` · ${provider.model}` : ""}` : "offline demo"}
+                  </span>
+                </div>
+                <label style={{ color: "#2d4a3e", fontSize: 12 }}>
+                  MEMORY SCOPE&nbsp;
+                  <select value={selectedProject} onChange={(e) => setSelectedProject(e.target.value)} style={selectStyle}>
+                    <option value="">All memory</option>
+                    {projects.map((project) => <option key={project.id} value={project.id}>{project.name}</option>)}
+                  </select>
+                </label>
+              </div>
+            ) : (
+              <>
+                <div className="mop-topbar-title">
+                  <span className="mop-live-dot" />
+                  <strong>{title}</strong>
+                </div>
+                <div className="mop-topbar-center">MOP MEMORYCORE</div>
+                <div className="mop-topbar-meta">
+                  <span>{isAdmin ? "ADMIN" : "MEMBER"}</span>
+                  <span className="mop-version">v0.1.10</span>
+                </div>
+              </>
+            )}
           </div>
-        )}
-
-        <div className="mop-sidebar-spacer" />
-        <button className="mop-account-card" type="button" onClick={logout} title="Sign out">
-          <span className="mop-account-avatar">{viewer.name.slice(0, 1).toUpperCase()}</span>
-          <span className="mop-account-copy">
-            <strong>{viewer.name}</strong>
-            <small>{isAdmin ? "Administrator" : "Member"}</small>
-          </span>
-          <span aria-hidden="true">↪</span>
-        </button>
-      </aside>
-
-      <main className="mop-app-main">{children}</main>
-    </div>
+        </header>
+
+        {menuOpen && <button className="mop-sidebar-scrim" aria-label="Close navigation" onClick={() => setMenuOpen(false)} />}
+
+        <aside className={isSettings 
+          ? `mop-settings-nav mop-panel mop-settings-sidebar${menuOpen ? " is-open" : ""}` 
+          : `mop-app-sidebar${menuOpen ? " is-open" : ""}`}
+        >
+          {isSettings ? (
+            <>
+              <button className={settingsSection === "providers" ? "is-active" : ""} onClick={() => { selectSection("providers"); setMenuOpen(false); }}>
+                <span>◇</span><strong>Providers</strong>
+              </button>
+              <button className={settingsSection === "users" ? "is-active" : ""} onClick={() => { selectSection("users"); setMenuOpen(false); }}>
+                <span>♙</span><strong>Users</strong>
+              </button>
+            </>
+          ) : (
+            <>
+              <div className="mop-nav-section">
+                <p>WORKSPACE</p>
+                <nav>
+                  {nav.map((item) => (
+                    <a key={item.href} href={item.href} className={item.active ? "is-active" : ""} onClick={() => setMenuOpen(false)}>
+                      <span className="mop-nav-icon">{item.icon}</span>
+                      <span>{item.label}</span>
+                    </a>
+                  ))}
+                </nav>
+              </div>
+
+              {isAdmin && (
+                <div className="mop-nav-section">
+                  <p>ADMIN</p>
+                  <nav>
+                    <a href="/settings" className={pathname.startsWith("/settings") ? "is-active" : ""} onClick={() => setMenuOpen(false)}>
+                      <span className="mop-nav-icon">⚙</span>
+                      <span>Settings</span>
+                    </a>
+                  </nav>
+                </div>
+              )}
+            </>
+          )}
+
+          <div className="mop-sidebar-spacer" />
+
+          {isSettings && (
+            <a href="/assistant" className="mop-back-workspace-btn">
+              <span>← BACK TO WORKSPACE</span>
+            </a>
+          )}
+
+          <button className="mop-account-card" type="button" onClick={logout} title="Sign out">
+            <span className="mop-account-avatar">{viewer.name.slice(0, 1).toUpperCase()}</span>
+            <span className="mop-account-copy">
+              <strong>{viewer.name}</strong>
+              <small>{isAdmin ? "Administrator" : "Member"}</small>
+            </span>
+            <span aria-hidden="true">↪</span>
+          </button>
+        </aside>
+
+        <main className="mop-app-main">{children}</main>
+      </div>
+    </MemoryCoreContext.Provider>
   );
 }
+

package/apps/web/lib/page-auth.ts

@@ -10,7 +10,7 @@ export async function requirePageSession() {
   if (!ownerExists()) redirect("/setup");
 
   const session = await auth.api.getSession({ headers: await headers() });
-  if (!session) redirect("/setup");
+  if (!session) redirect("/login");
   return session;
 }
 

package/installer/mop-agent.mjs

@@ -12,7 +12,7 @@
  */
 import { spawnSync } from "node:child_process";
 import { randomBytes } from "node:crypto";
-import { chmodSync, writeFileSync, mkdirSync, existsSync } from "node:fs";
+import { chmodSync, writeFileSync, mkdirSync, existsSync, readFileSync } from "node:fs";
 import { createInterface } from "node:readline/promises";
 import { stdin as input, stdout as output } from "node:process";
 import { dirname, resolve } from "node:path";
@@ -102,6 +102,57 @@ function q(value) {
   return `'${String(value).replaceAll("'", `'"'"'`)}'`;
 }
 
+function readRuntimeConfig() {
+  const envPath = `${APP_DIR}/apps/web/.env`;
+  if (!existsSync(envPath)) throw new Error(`Runtime environment is missing: ${envPath}`);
+  const env = {};
+  for (const raw of readFileSync(envPath, "utf8").split(/\r?\n/)) {
+    const line = raw.trim();
+    if (!line || line.startsWith("#")) continue;
+    const at = line.indexOf("=");
+    if (at < 1) continue;
+    env[line.slice(0, at)] = line.slice(at + 1).replace(/^(['"])(.*)\1$/, "$2");
+  }
+  const port = env.PORT || "3000";
+  if (!isValidPort(port)) throw new Error(`Invalid PORT in ${envPath}: ${port}`);
+  let publicUrl;
+  try {
+    publicUrl = new URL(env.BETTER_AUTH_URL || `http://localhost:${port}`);
+  } catch {
+    throw new Error(`Invalid BETTER_AUTH_URL in ${envPath}`);
+  }
+  return { env, port, publicUrl };
+}
+
+/** Restore the installer-owned vhost after every update, including TLS. */
+function reconcileNginx() {
+  const os = detectOS();
+  const { port, publicUrl } = readRuntimeConfig();
+  const domain = publicUrl.hostname;
+  if (!isValidDomain(domain) && domain !== "localhost") {
+    throw new Error(`Invalid domain in BETTER_AUTH_URL: ${domain}`);
+  }
+  const nginx = nginxPaths(os.family);
+  const certDir = `/etc/letsencrypt/live/${domain}`;
+  const hasTls = publicUrl.protocol === "https:" && existsSync(`${certDir}/fullchain.pem`) && existsSync(`${certDir}/privkey.pem`);
+  const vhost = hasTls ? renderNginxTlsVhost({ domain, port }) : renderNginxVhost({ domain, port });
+
+  console.log(c("cyan", "▸ Restore nginx reverse proxy"));
+  writeConf(nginx.conf, vhost, { privileged: true });
+  runSteps([
+    ...(nginx.enabled ? [{ label: "Enable nginx vhost", cmd: `ln -sf ${nginx.conf} ${nginx.enabled}` }] : []),
+    { label: "Verify nginx configuration", cmd: "nginx -t" },
+    { label: "Enable + start nginx", cmd: "systemctl enable --now nginx" },
+    { label: "Reload nginx", cmd: "systemctl reload nginx" },
+    { label: "Verify local application", cmd: `curl --fail --silent --show-error --max-time 15 ${q(`http://127.0.0.1:${port}/api/setup/status`)} >/dev/null` },
+    {
+      label: "Verify domain reverse proxy",
+      cmd: `curl --fail --silent --show-error --max-time 15 --resolve ${q(`${domain}:${hasTls ? "443" : "80"}:127.0.0.1`)} ${q(`${hasTls ? "https" : "http"}://${domain}/api/setup/status`)} >/dev/null`,
+    },
+  ], { privileged: true });
+  return { domain, port, protocol: hasTls ? "https" : "http" };
+}
+
 // ---- commands ----------------------------------------------------------
 
 async function cmdInstall() {
@@ -242,21 +293,29 @@ function cmdUpdate() {
     { label: "Start new service", cmd: "systemctl start mop-agent", privileged: true },
     { label: "Verify service", cmd: "sleep 2 && systemctl is-active --quiet mop-agent", privileged: true },
   ]);
-  console.log(c("green", "\n✓ updated, rebuilt, and service verified\n"));
+  const proxy = reconcileNginx();
+  console.log(c("green", `\n✓ updated and verified through ${proxy.protocol}://${proxy.domain}\n`));
 }
 
 function cmdStatus() {
   banner();
   if (!printInstallLocations()) return;
+  let runtime;
+  try { runtime = readRuntimeConfig(); } catch { runtime = null; }
+  const os = detectOS();
+  const nginx = nginxPaths(os.family);
   const checks = [
     ["service", "systemctl is-active mop-agent 2>/dev/null || echo inactive"],
     ["nginx", "systemctl is-active nginx 2>/dev/null || echo inactive"],
+    ["nginx conf", `test -f ${q(nginx.conf)} && echo present || echo missing`],
+    ...(nginx.enabled ? [["nginx link", `test -L ${q(nginx.enabled)} && echo present || echo missing`]] : []),
     [".env", existsSync(`${APP_DIR}/apps/web/.env`) ? "echo present" : "echo missing"],
+    ...(runtime ? [["local app", `curl --silent --output /dev/null --write-out '%{http_code}' --max-time 5 ${q(`http://127.0.0.1:${runtime.port}/api/setup/status`)} || echo failed`]] : []),
   ];
   for (const [label, cmd] of checks) {
     const r = run(cmd, { capture: true });
     const val = DRY ? "(dry-run)" : r.stdout.trim();
-    console.log(`  ${label.padEnd(10)} ${val === "active" || val === "present" ? c("green", val) : c("yellow", val)}`);
+    console.log(`  ${label.padEnd(10)} ${val === "active" || val === "present" || val === "200" ? c("green", val) : c("yellow", val)}`);
   }
   console.log("");
 }

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "mop-agent",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "mop-agent",
-      "version": "0.1.8",
+      "version": "0.1.10",
       "license": "UNLICENSED",
       "workspaces": [
         "packages/*",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mop-agent",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "Self-hosted AI assistant with persistent cross-project memory, installed with npx mop-agent.",
   "author": "BURHANDEV ENTERPRISE",
   "license": "UNLICENSED",