commit a4e2174c29b34a95f7123b732634afa696e60564
Author: Nathan Esquenazi <nesquena@gmail.com>
Date:   Mon Mar 30 20:40:19 2026 -0700

    Hermes WebUI v0.1.0 — initial public release

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..c5381d2
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,28 @@
+# Hermes Web UI -- local machine config template
+# Copy this to .env and fill in your values.
+# start.sh sources .env automatically if present.
+# All values are optional -- auto-discovery will fill in anything left blank.
+
+# Path to your hermes-agent checkout (the repo that contains run_agent.py)
+# HERMES_WEBUI_AGENT_DIR=/path/to/hermes-agent
+
+# Python executable to use (defaults to the agent venv if found)
+# HERMES_WEBUI_PYTHON=/path/to/python
+
+# Bind address (default: 127.0.0.1 -- loopback only, safe default)
+# HERMES_WEBUI_HOST=127.0.0.1
+
+# Port to listen on (default: 8787)
+# HERMES_WEBUI_PORT=8787
+
+# Where to store sessions, workspaces, and other state (default: ~/.hermes/webui-mvp)
+# HERMES_WEBUI_STATE_DIR=~/.hermes/webui-mvp
+
+# Default workspace directory shown on first launch
+# HERMES_WEBUI_DEFAULT_WORKSPACE=~/workspace
+
+# Base directory for all Hermes state (affects all paths above if set)
+# HERMES_HOME=~/.hermes
+
+# Path to your Hermes config.yaml (for toolsets and model config)
+# HERMES_CONFIG_PATH=~/.hermes/config.yaml
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..01e44a7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,26 @@
+# Python cache
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+
+# Backup and temporary files
+*.bak
+*.swp
+*.swo
+
+# Archive directory (pre-git backups, kept on disk but not tracked)
+archive/
+
+# Local environment and secrets (but keep the example template)
+.env
+.env.*
+!.env.example
+
+# Generated screenshots and transient artifacts
+screenshot-*.png
+full-UI.png
+
+# OS files
+.DS_Store
+Thumbs.db
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..dd92404
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,53 @@
+# Web UI MVP Instructions
+
+Canonical source: <repo>/
+Symlink (for imports): <agent-dir>/webui-mvp -> <repo>
+Runtime state: ~/.hermes/webui-mvp/sessions/
+
+Purpose:
+- Claude-style web UI for Hermes. Chat, workspace file browser, cron/skills/memory viewers.
+
+Start server:
+  cd <agent-dir>
+  nohup venv/bin/python <repo>/server.py > /tmp/webui-mvp.log 2>&1 &
+  # OR: <repo>/start.sh
+
+Run tests:
+  cd <agent-dir>
+  venv/bin/python -m pytest <repo>/tests/ -v
+
+Health check: curl http://127.0.0.1:8787/health
+Logs: tail -f /tmp/webui-mvp.log
+SSH tunnel from Mac: ssh -N -L 8787:127.0.0.1:8787 <user>@<your-server>
+
+Living documents (always update after a sprint):
+  <repo>/ROADMAP.md
+  <repo>/ARCHITECTURE.md
+  <repo>/TESTING.md
+
+Sprint process skill: webui-sprint-loop
+
+# Workspace Convention (Web UI Sessions)
+
+When running as an agent invoked from the web UI, each user message is prefixed with:
+
+  [Workspace: /absolute/path/to/workspace]
+
+This tag is the single authoritative source of the active workspace. It reflects
+whichever workspace the user has selected in the UI at the moment they sent that message.
+It updates on every message, so if the user switches workspaces mid-session, the very
+next message will carry the new path. Always use the value from the most recent tag.
+
+This tag overrides any prior workspace mentioned in the system prompt, memory, or
+conversation history. Never infer or fall back to a hardcoded path like
+~/workspace when this tag is present.
+
+Apply it as the default working directory for ALL file operations:
+
+  - write_file: resolve relative paths against this workspace
+  - read_file / search_files: resolve paths relative to this workspace
+  - terminal workdir: set to this path unless the user explicitly says otherwise
+  - patch: resolve file paths relative to this workspace
+
+If no [Workspace: ...] tag is present (e.g., CLI sessions), fall back to
+~/workspace as the default.
diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md
new file mode 100644
index 0000000..bdaafba
--- /dev/null
+++ b/ARCHITECTURE.md
@@ -0,0 +1,1588 @@
+# Hermes Web UI: Developer and Architecture Guide
+
+> This document is the canonical reference for anyone (human or agent) working on the
+> Hermes Web UI. It covers the exact current state of the code, every design decision and
+> quirk discovered during development, and a phased architecture improvement roadmap that
+> runs in parallel with the feature roadmap in ROADMAP.md.
+>
+> Keep this document updated as architecture changes are made.
+
+---
+
+## 1. Overview and Purpose
+
+The Hermes Web UI is a lightweight, single-file web application that gives you
+a browser-based interface to the Hermes agent that is functionally equivalent to the CLI.
+It is modeled on the Claude interface: a three-panel layout with a sidebar for
+session management, a central chat area, and a right panel for workspace file browsing.
+
+The design philosophy is deliberately minimal. There is no build step, no bundler, no
+frontend framework. Everything ships from a single Python file. This makes the code easy
+to modify from a terminal or by an agent, but it creates architectural debt that grows as
+the feature set expands.
+
+---
+
+## 2. File Inventory
+
+    <agent-dir>/webui-mvp/
+    server.py          Main server file. ~1150 lines. Pure Python.
+                       HTTP server, all API handlers, Session model, SSE engine,
+                       approval wiring, file upload parser. No inline HTML/CSS/JS.
+                       (Phase A+E complete: HTML/CSS/JS all extracted to static/)
+    server.py.bak      Backup from a prior iteration. Kept for reference.
+    server_new.py      Intermediate ~900-line draft. Superseded by server.py.
+                       Safe to delete once Wave 1 begins.
+    start.sh           Convenience script: kills running instance, starts server.py
+                       via nohup, writes stdout/stderr to /tmp/webui-mvp.log
+    AGENTS.md          Instruction file for agents working in this directory.
+    ROADMAP.md         Feature and product roadmap document.
+    ARCHITECTURE.md    THIS FILE.
+
+State directory (runtime data, separate from source):
+
+    ~/.hermes/webui-mvp/
+    sessions/          One JSON file per session: {session_id}.json
+    test-workspace/    Default empty workspace used during development
+
+Log file:
+
+    /tmp/webui-mvp.log   stdout/stderr from the background server process
+
+---
+
+## 3. Runtime Environment
+
+- Python interpreter: <agent-dir>/venv/bin/python
+- The venv has all Hermes agent dependencies (run_agent, tools/*, cron/*)
+- Server binds to 127.0.0.1:8787 (localhost only, not public internet)
+- Access from Mac: SSH tunnel: ssh -N -L 8787:127.0.0.1:8787 <user>@<your-server>
+- The server imports Hermes modules via sys.path.insert(0, parent_dir)
+
+Environment variables controlling behavior:
+
+    HERMES_WEBUI_HOST              Bind address (default: 127.0.0.1)
+    HERMES_WEBUI_PORT              Port (default: 8787)
+    HERMES_WEBUI_DEFAULT_WORKSPACE Default workspace path for new sessions
+    HERMES_WEBUI_STATE_DIR         Where sessions/ folder lives
+    HERMES_CONFIG_PATH             Path to ~/.hermes/config.yaml
+    HERMES_WEBUI_DEFAULT_MODEL     Default LLM model string
+
+Test isolation environment variables (set by conftest.py):
+
+    HERMES_WEBUI_PORT=8788                           Isolated test port
+    HERMES_WEBUI_STATE_DIR=~/.hermes/webui-mvp-test  Isolated test state
+    HERMES_WEBUI_DEFAULT_WORKSPACE=.../test-workspace Isolated test workspace
+
+Tests NEVER talk to the production server (port 8787).
+The test state dir is wiped before each test session and deleted after.
+See: <repo>/tests/conftest.py
+
+Per-request environment variables (set by chat handler, restored after):
+
+    TERMINAL_CWD         Set to session.workspace before running agent.
+                         The terminal tool reads this to default cwd.
+    HERMES_EXEC_ASK      Set to "1" to enable approval gate for dangerous commands.
+    HERMES_SESSION_KEY   Set to session_id. The approval tool keys pending entries
+                         by this value, enabling per-session approval state.
+
+WARNING: These env vars are process-global. Two concurrent chat requests will clobber
+each other. This is safe only for single-user, single-concurrent-request use.
+See Architecture Phase B for the fix.
+
+---
+
+## 4. Server Architecture: Current State
+
+### 4.1 HTTP Server Layer
+
+Python stdlib ThreadingHTTPServer (from http.server). Each HTTP request runs in its own
+thread. The Handler class subclasses BaseHTTPRequestHandler with two methods:
+
+    do_GET    Routes: /, /health, /api/session, /api/sessions, /api/list,
+                      /api/chat/stream, /api/file, /api/approval/pending
+    do_POST   Routes: /api/upload, /api/session/new, /api/session/update,
+                      /api/session/delete, /api/chat/start, /api/chat,
+                      /api/approval/respond
+
+Routing is a flat if/elif chain inside each method. No routing framework.
+
+Helper functions used by all handlers:
+
+    j(handler, payload, status=200)     Sends JSON response with correct headers
+    t(handler, payload, status=200, ct) Sends plain text or HTML response
+    read_body(handler)                  Reads and JSON-parses the POST body
+
+CRITICAL ORDERING RULE in do_POST:
+The /api/upload check MUST appear BEFORE calling read_body(). read_body() calls
+handler.rfile.read() which consumes the HTTP body stream. The upload handler also
+needs rfile (to read the multipart payload). If read_body() runs first on a multipart
+request, the upload handler receives an empty body and the upload silently fails.
+
+### 4.2 Session Model
+
+Session is a plain Python class (not a dataclass, not SQLAlchemy):
+
+    Fields:
+      session_id    hex string, 12 chars (uuid4().hex[:12])
+      title         string, auto-set from first user message
+      workspace     absolute path string, resolved at creation
+      model         OpenRouter model ID string (e.g. "anthropic/claude-sonnet-4.6")
+      messages      list of OpenAI-format message dicts
+      created_at    float Unix timestamp
+      updated_at    float Unix timestamp, updated on every save()
+
+    Key methods:
+      path (property)  Returns SESSION_DIR/{session_id}.json
+      save()           Writes __dict__ as pretty JSON to path, updates updated_at
+      load(cls, sid)   Class method: reads JSON from disk, returns Session or None
+      compact()        Returns metadata-only dict (no messages) for the session list
+
+    In-memory cache:
+      SESSIONS = {}    dict: session_id -> Session object
+      LOCK = threading.Lock()   defined but NOT currently used around SESSIONS access
+
+    get_session(sid): checks SESSIONS cache, loads from disk on miss, raises KeyError
+    new_session(workspace, model): creates Session, caches in SESSIONS, saves, returns
+    all_sessions(): scans SESSION_DIR/*.json + SESSIONS, deduplicates, sorts by updated_at,
+                    returns list of compact() dicts
+
+    all_sessions() does a full directory scan on every call.
+    With 10 sessions: negligible. With 1000+: will be slow.
+    See Architecture Phase C for the index file fix.
+
+title_from(): takes messages list, finds first user message, returns first 64 chars.
+Called after run_conversation() completes to set the session title retroactively.
+
+### 4.3 SSE Streaming Engine
+
+This is the most architecturally interesting part. Two endpoints cooperate:
+
+    POST /api/chat/start     Receives the user message. Creates a queue.Queue, stores it
+                             in STREAMS[stream_id], spawns a daemon thread running
+                             _run_agent_streaming(), returns {stream_id} immediately.
+
+    GET  /api/chat/stream    Long-lived SSE connection. Reads from STREAMS[stream_id]
+                             and forwards events to the browser until 'done' or 'error'.
+
+Queue registry:
+
+    STREAMS = {}               dict: stream_id -> queue.Queue
+    STREAMS_LOCK = threading.Lock()
+
+SSE event types and their data shapes:
+
+    token       {"text": "..."}                         LLM token delta
+    tool        {"name": "...", "preview": "..."}       Tool invocation started
+    approval    {"command": "...", "description": "...", "pattern_keys": [...]}
+    done        {"session": {compact_fields + messages}} Agent finished successfully
+    error       {"message": "...", "trace": "..."}       Agent threw exception
+
+The SSE handler loop:
+    - Blocks on queue.get(timeout=30)
+    - On timeout (no events in 30s): sends a heartbeat comment (": heartbeat
+
+")
+      to keep the connection alive through proxies and firewalls
+    - On 'done' or 'error' event: breaks the loop and returns
+    - Catches BrokenPipeError and ConnectionResetError silently (browser disconnected)
+
+Stream cleanup: _run_agent_streaming() pops its stream_id from STREAMS in a finally
+block. If the browser disconnects mid-stream, the daemon thread runs to completion and
+then cleans up. The queue fills and the put_nowait() calls fail silently (queue.Full
+is caught).
+
+Fallback sync endpoint: POST /api/chat still exists and holds the connection open until
+the agent finishes. The frontend never uses it but it can be useful for debugging.
+
+### 4.4 Agent Invocation (_run_agent_streaming)
+
+    def _run_agent_streaming(session_id, msg_text, model, workspace, stream_id):
+
+1. Fetches session from SESSIONS (not from disk -- session was just updated by /api/chat/start)
+2. Sets TERMINAL_CWD, HERMES_EXEC_ASK, HERMES_SESSION_KEY env vars
+3. Creates AIAgent with:
+   - model=model, platform='cli', quiet_mode=True
+   - enabled_toolsets=CLI_TOOLSETS (from config.yaml or hardcoded default)
+   - session_id=session_id
+   - stream_delta_callback=on_token (fires per token)
+   - tool_progress_callback=on_tool (fires per tool invocation)
+4. Calls agent.run_conversation(user_message=msg_text, conversation_history=s.messages,
+                                 task_id=session_id)
+   NOTE: keyword is task_id NOT session_id (common mistake, documented in skill)
+5. On return: updates s.messages, calls title_from(), saves session
+6. Puts ('done', {session: ...}) into queue
+7. Finally block: restores env vars, pops stream_id from STREAMS
+
+on_token callback:
+    if text is None: return  # end-of-stream sentinel from AIAgent
+    put('token', {'text': text})
+
+on_tool callback:
+    put('tool', {'name': name, 'preview': preview})
+    # Also immediately surface any pending approval:
+    if has_pending(session_id):
+        with _lock: p = dict(_pending.get(session_id, {}))
+        if p: put('approval', p)
+
+The approval surface-on-tool logic means approvals appear immediately after the tool
+fires (within the same SSE stream), without waiting for the next poll cycle.
+
+### 4.5 Approval System Integration
+
+The approval system uses the existing Hermes gateway module at tools/approval.py.
+All state lives in module-level variables in that file:
+
+    _pending = {}        dict: session_key -> pending_entry_dict
+    _lock = Lock()       protects _pending
+    _permanent_approved  set of permanently approved pattern keys
+
+Because server.py imports tools.approval at module load time and everything runs in the
+same process, this state IS shared between HTTP threads and agent daemon threads.
+
+Important: this only works because Python imports are cached (sys.modules). The same
+module object is used everywhere. If the approval module were ever imported in a subprocess
+or via importlib.reload(), this would break.
+
+GET /api/approval/pending:
+    - Peeks at _pending[sid] without removing it
+    - Returns {pending: entry} or {pending: null}
+    - Called by the browser every 1500ms while S.busy is true (polling fallback)
+
+POST /api/approval/respond:
+    - Pops _pending[sid] (removes it)
+    - For choice "once" or "session": calls approve_session(sid, pattern_key) for each key
+    - For choice "always": calls approve_session + approve_permanent + save_permanent_allowlist
+    - For choice "deny": just pops, does nothing (agent gets denied result)
+    - Returns {ok: true, choice: choice}
+
+### 4.6 File Upload Parser
+
+parse_multipart(rfile, content_type, content_length):
+    - Reads all content_length bytes from rfile into memory (up to MAX_UPLOAD_BYTES = 20MB)
+    - Extracts boundary from Content-Type header
+    - Splits raw bytes on b'--' + boundary
+    - For each part: parses MIME headers via email.parser.HeaderParser
+    - Returns (fields, files) where fields is {name: value} and files is {name: (filename, bytes)}
+
+handle_upload(handler):
+    - Calls parse_multipart()
+    - Validates: file field present, filename present, session exists
+    - Sanitizes filename: replaces non-word chars with _, truncates to 200 chars
+    - Writes bytes to session.workspace / safe_name
+    - Returns {filename, path, size}
+
+Why not cgi.FieldStorage:
+    - Deprecated in Python 3.11+
+    - Broken for binary files (silently corrupts or throws)
+    - The manual parser handles all file types correctly
+
+### 4.7 File System Operations
+
+safe_resolve(root, requested):
+    - Resolves requested path relative to root
+    - Calls .relative_to(root) to assert the result is inside root
+    - Raises ValueError on path traversal (../../etc/passwd)
+
+list_dir(workspace, rel='.'):
+    - Calls safe_resolve, then iterdir()
+    - Sorts: directories first, then files, case-insensitive alpha within each group
+    - Returns up to 200 entries with {name, path, type, size}
+
+read_file_content(workspace, rel):
+    - Calls safe_resolve
+    - Enforces MAX_FILE_BYTES = 200KB size limit
+    - Reads as UTF-8 with errors='replace' (binary files show replacement chars)
+    - Returns {path, content, size, lines}
+
+---
+
+## 5. Frontend Architecture: Current State
+
+### 5.1 Structure
+
+The entire frontend is ~750 lines inside the HTML Python raw string.
+Structure: <head> with CSS only (no external stylesheets), <body> with three-panel layout,
+<script> with all JavaScript (no external libraries).
+
+Three-panel layout:
+
+    <aside class="sidebar">    Left panel: session list, model selector, workspace path
+    <main class="main">        Center: topbar, messages area, approval card, composer
+    <aside class="rightpanel"> Right panel: workspace file tree and file preview
+
+### 5.2 Global State
+
+    const S = {
+      session:      null,   // current Session compact dict (includes model, workspace, title)
+      messages:     [],     // full messages array for current session
+      entries:      [],     // current directory listing
+      busy:         false,  // true while agent is running (disables Send button)
+      pendingFiles: []      // File objects queued for upload with next message
+    }
+
+    const INFLIGHT = {}
+    // keyed by session_id while a request is in-flight for that session
+    // value: {messages: [...snapshot...], uploaded: [...filenames...]}
+    // Purpose: if user switches sessions while a request is pending,
+    //   switching back shows the in-progress state instead of the saved state
+
+### 5.3 Key Functions Reference
+
+Session management:
+    newSession()          POST /api/session/new, update S.session, save to localStorage
+    loadSession(sid)      GET /api/session?session_id=X, check INFLIGHT first, update S
+    deleteSession(sid)    POST /api/session/delete, handle active/inactive cases correctly
+    renderSessionList()   GET /api/sessions, rebuild #sessionList DOM
+
+Chat:
+    send()                Main action: upload files, POST /api/chat/start, open EventSource
+    uploadPendingFiles()  Upload each file in S.pendingFiles, return filenames array
+    appendThinking()      Adds three-dot animation to message list
+    removeThinking()      Removes thinking dots (called on first token or on error)
+
+Rendering:
+    renderMessages()      Full rebuild of #msgInner from S.messages
+    renderMd(raw)         Homegrown markdown renderer (see 5.4 for known gaps)
+    syncTopbar()          Updates topbar title, meta, model chip, workspace chip
+    renderTray()          Updates attach tray showing pending files
+
+Approval:
+    showApprovalCard(p)   Shows the approval card with command/description text
+    hideApprovalCard()    Hides approval card, clears text
+    respondApproval(ch)   POST /api/approval/respond, hide card
+    startApprovalPolling  setInterval 1500ms GET /api/approval/pending
+    stopApprovalPolling   clearInterval
+
+UI helpers:
+    setStatus(t)          Updates #statusText in composer footer
+    setBusy(v)            Sets S.busy, disables/enables Send button, clears status on false
+    showToast(msg, ms)    Bottom-center fade toast (default 2800ms)
+    autoResize()          Auto-resize #msg textarea up to 200px
+
+Files:
+    loadDir(path)         GET /api/list, rebuild #fileTree
+    openFile(path)        GET /api/file, show in #previewArea
+
+Transcript:
+    transcript()          Builds markdown string from S.messages for download
+
+Boot IIFE:
+    localStorage key 'hermes-webui-session' stores last session_id
+    On load: try to loadSession(saved), fall back to empty state if missing or fails
+    NEVER auto-creates a session on boot
+
+### 5.4 Markdown Renderer (renderMd)
+
+A hand-rolled regex chain. Processes in this order:
+1. Code blocks (``` lang ... ```) -> <pre><code> with language header
+2. Inline code (`...`) -> <code>
+3. Bold+italic (***..***) -> <strong><em>
+4. Bold (**...**) -> <strong>
+5. Italic (*...*) -> <em>
+6. Headings (# ## ###) -> <h1> <h2> <h3>
+7. Horizontal rules (---+) -> <hr>
+8. Blockquotes (> ...) -> <blockquote>
+9. Unordered lists (- or * or + at line start) -> <ul><li>
+10. Ordered lists (N. at line start) -> <ol><li>
+11. Links ([text](https://...)) -> <a href target=_blank>
+12. Paragraph wrapping: remaining double-newline-separated blocks -> <p>
+
+Known gaps:
+- Tables: not supported, render as plain text
+- Nested lists: single regex pass, multi-level indentation not handled
+- Mixed bold+link in same line: may produce garbled output
+- Inline HTML: not sanitized (esc() only runs on code content)
+
+### 5.5 Model Chip Label (Fixed in Sprint 1)
+
+B3 was resolved in Sprint 1. Current code uses a MODEL_LABELS dict:
+
+    const MODEL_LABELS = {
+      'openai/gpt-5.4-mini': 'GPT-5.4 Mini', 'openai/gpt-4o': 'GPT-4o',
+      'openai/o3': 'o3', 'openai/o4-mini': 'o4-mini',
+      'anthropic/claude-sonnet-4.6': 'Sonnet 4.6', 'anthropic/claude-sonnet-4-5': 'Sonnet 4.5',
+      'anthropic/claude-haiku-3-5': 'Haiku 3.5', 'google/gemini-2.5-pro': 'Gemini 2.5 Pro',
+      'deepseek/deepseek-chat-v3-0324': 'DeepSeek V3', 'meta-llama/llama-4-scout': 'Llama 4 Scout',
+    };
+    $('modelChip').textContent = MODEL_LABELS[m] || (m.split('/').pop() || 'Unknown');
+
+Fallback: any unlisted model shows its short ID (after the last /) rather than a wrong label.
+To add a new model: add an entry to MODEL_LABELS and add an <option> to the <select>.
+
+### 5.6 Session Delete Rules (from skill)
+
+These rules are critical. GPT-5.4-mini has repeatedly re-introduced broken versions.
+
+1. deleteSession() NEVER calls newSession(). Deleting does not create.
+2. If deleted session was active AND other sessions exist: load sessions[0] (most recent).
+3. If deleted session was active AND no sessions remain: show empty state.
+4. If deleted session was not active: just re-render the list.
+5. Always show toast("Conversation deleted") after any delete.
+
+### 5.7 Send() Session Guard
+
+Before any async operations in send():
+    const activeSid = S.session.session_id;
+
+After the agent completes:
+    if (S.session && S.session.session_id === activeSid) {
+      // apply result, re-render
+      setBusy(false);
+    } else {
+      // user switched sessions mid-flight
+      // only refresh sidebar, do NOT call setBusy(false) on the new session
+      await renderSessionList();
+    }
+
+This prevents a session switch mid-flight from either clobbering the new session's state
+or unlocking the Send button on the wrong session.
+
+---
+
+## 6. Data Flow: Full Chat Round Trip
+
+Step-by-step trace of what happens when you type a message and press Send:
+
+1.  User types, presses Enter. send() is called.
+2.  Guard: return if (!text && !pendingFiles) || S.busy
+3.  If S.session is null: await newSession(), await renderSessionList()
+4.  Capture activeSid = S.session.session_id (before any awaits)
+5.  uploadPendingFiles(): POST each file in S.pendingFiles to /api/upload
+    - Shows upload progress bar
+    - Clears S.pendingFiles on completion
+    - Returns array of uploaded filenames
+6.  Build msgText from text + file note
+7.  Build userMsg {role:'user', content: displayText, attachments?: filenames}
+8.  Push userMsg to S.messages, call renderMessages(), appendThinking()
+9.  setBusy(true), setStatus('Hermes is thinking...')
+10. INFLIGHT[activeSid] = {messages: [...S.messages], uploaded}
+11. startApprovalPolling(activeSid)
+12. POST /api/chat/start {session_id, message, model, workspace}
+    Server: saves session, creates queue.Queue, starts daemon thread, returns {stream_id}
+13. Browser opens EventSource('/api/chat/stream?stream_id=X')
+14. In the SSE loop:
+    - 'token': assistantText += d.text, ensureAssistantRow(), render markdown
+    - 'tool': setStatus('tool name...')
+    - 'approval': showApprovalCard(d)
+    - 'done': sync S from d.session, renderMessages(), loadDir, renderSessionList,
+               setBusy(false), delete INFLIGHT[activeSid]
+    - 'error': show error message, setBusy(false)
+    - es.onerror: handle network drops (show error, setBusy(false))
+15. If approval needed: user clicks a button, respondApproval() fires
+    POST /api/approval/respond -> server pops _pending, calls approve_*
+    Agent retries the command (now is_approved() returns True) and continues
+
+---
+
+## 7. Dependency Map
+
+Direct imports in server.py:
+
+    run_agent.AIAgent              Main agent class. Wraps LLM + tool execution.
+    tools.approval.*               Module-level approval state.
+    yaml                           Config loading.
+    Standard library: json, os, re, sys, threading, time, traceback, uuid,
+                      http.server, pathlib, urllib.parse, email.parser, queue
+
+AIAgent constructor parameters used:
+
+    model=               OpenRouter model ID string
+    platform='cli'       Sets the platform context for tool selection
+    quiet_mode=True      Suppresses agent's own stdout output
+    enabled_toolsets=    List of toolset names from config.yaml
+    session_id=          Used for tool state keying (memory, todos, etc.)
+    stream_delta_callback=   Called per token delta (or None as sentinel)
+    tool_progress_callback=  Called per tool invocation (name, preview, args)
+
+AIAgent.run_conversation() parameters:
+
+    user_message=           The human turn text
+    conversation_history=   Prior messages list (OpenAI format)
+    task_id=                Session ID (NOTE: NOT session_id=, it is task_id=)
+
+Return value:
+
+    {
+      'messages': [...],          Full conversation including new turns
+      'final_response': '...',    Last assistant text response
+      'completed': True/False,    Whether the conversation completed normally
+      ...other fields
+    }
+
+---
+
+## 8. Configuration Loading
+
+On startup, server.py reads ~/.hermes/config.yaml:
+
+    cfg = yaml.safe_load(CONFIG_PATH.read_text())
+    CLI_TOOLSETS = cfg.get('platform_toolsets', {}).get('cli', [...default...])
+
+Default toolset list (hardcoded fallback):
+    browser, clarify, code_execution, cronjob, delegation, file,
+    image_gen, memory, session_search, skills, terminal, todo, tts, vision, web
+
+The web UI always runs with the full CLI toolset. There is no per-session toolset
+restriction from the UI yet (see ROADMAP.md Wave 4 for the plan).
+
+---
+
+## 9. Known Bugs and Technical Debt Summary
+
+| ID  | Severity | Description                                          | Status           | Fix              |
+|-----|----------|------------------------------------------------------|------------------|------------------|
+| B1  | Critical | Approval wiring untested; pattern_keys not shown     | FIXED Sprint 1   | Card shows keys; inject_test endpoint added for verification |
+| B2  | High     | File input no accept attribute                       | FIXED Sprint 1   | accept= added with image/*, text/*, pdf, code extensions |
+| B3  | High     | Model chip label hardcodes sonnet substring check    | FIXED Sprint 1   | MODEL_LABELS map; fallback to short model ID |
+| B4  | High     | Reload mid-stream: stream_id lost, no reconnect      | FIXED Sprint 1   | stream/status endpoint; reconnect banner via localStorage |
+| B5  | High     | INFLIGHT in-memory only, lost on reload              | FIXED Sprint 1   | markInflight/clearInflight in localStorage |
+| B6  | Medium   | New sessions always use DEFAULT_WORKSPACE            | FIXED Sprint 3   | newSession() passes S.session.workspace to /api/session/new |
+| B7  | Medium   | Sidebar title overflow: missing min-width:0          | FIXED Sprint 1   | min-width:0 on .session-item |
+| B8  | Medium   | renderMd missing tables, nested lists                | PARTIAL Sprint 4 | Tables Sprint 2; nested lists improved Sprint 4; full fix still Phase E |
+| B9  | Medium   | Empty assistant messages can render                  | FIXED Sprint 1   | loadSession() filters empty-text assistant messages |
+| B10 | Low      | Thinking dots stay during tool-running               | FIXED Sprint 3   | removeThinking() on first tool event; compact 'Running X...' row shown |
+| B11 | Low      | GET /api/session no-ID silently creates session      | FIXED Sprint 1   | Returns 400 with error message |
+| B12 | Low      | Preview panel display:none to flex layout jump       | FIXED Sprint 4   | visibility/opacity transition replaces display:none toggle |
+| B13 | Low      | No CORS headers                                      | Open             | Phase H |
+| B14 | Low      | No keyboard shortcut for new chat                    | FIXED Sprint 3   | Cmd/Ctrl+K triggers newSession() from anywhere |
+| TD1 | Critical | Env vars are process-global (concurrent request bug) | PARTIAL Sprint 5 | Thread-local _set_thread_env() added. Per-session lock from Sprint 4. Process-level env still written as fallback. Full fix needs terminal tool to read thread-local. |
+| TD2 | High     | SESSIONS cache: no eviction, locking missing         | FIXED Sprint 5   | OrderedDict + LRU cap 100 + move_to_end on access. LOCK from Sprint 1. Complete. |
+| TD3 | High     | No test coverage                                     | PARTIAL Sprint 1 | 19 HTTP integration tests added; unit tests pending Phase A split |
+| TD4 | Medium   | All code in one file (HTML/CSS/JS/Python mingled)    | FIXED Sprint 5   | JS extracted to static/app.js in Sprint 5 (Sprint 9: app.js deleted, replaced by 6 modules). Phase A complete. |
+| TD5 | Medium   | No request validation (KeyError -> 500 + traceback)  | FIXED Sprint 4   | All endpoints hardened: /api/list, /api/file, /api/crons/* all return clean 400/404 |
+| TD6 | Low      | all_sessions() full directory scan every call        | FIXED Sprint 5   | Session index file (_index.json) built on every save. all_sessions() reads index O(1). Phase C partial. |
+| TD7 | Low      | No structured logging                                | FIXED Sprint 1   | log_request() override emits JSON per request |
+
+---
+
+## 10. Architecture Improvement Roadmap
+
+These phases run in parallel with the feature roadmap. Each phase targets software
+quality: testability, resilience, maintainability, and modularity.
+
+### Phase A: File Separation (Priority: High, Effort: Medium)
+
+Split server.py into a proper package.
+
+Target structure:
+
+    webui-mvp/
+      server.py               Entry point: starts server, imports api/
+      api/
+        __init__.py
+        handlers.py           do_GET / do_POST routing and dispatch
+        session_store.py      Session class, get_session, new_session, all_sessions, SESSIONS
+        streaming.py          _run_agent_streaming, STREAMS, STREAMS_LOCK, _sse()
+        upload.py             parse_multipart, handle_upload
+        files.py              safe_resolve, list_dir, read_file_content
+        approval.py           Thin wrapper around tools.approval for the HTTP API
+        config.py             Configuration loading (env vars, config.yaml)
+      static/
+        index.html            HTML document (served directly from disk)
+        style.css             All CSS
+        [app.js deleted]      Replaced by 6 modules: ui.js, workspace.js, sessions.js,
+                              messages.js, panels.js, boot.js
+      tests/
+        test_session_crud.py
+        test_upload.py
+        test_streaming.py
+        test_approval.py
+        test_files.py
+        frontend/
+          test_markdown.html
+          test_session_state.html
+
+Implementation steps:
+1. Extract CSS and HTML to static/style.css and static/index.html. No content changes.
+   Server serves index.html from disk: handler reads Path('static/index.html').read_text()
+2. Extract JS to 6 static modules (complete -- app.js deleted Sprint 9)
+   Add GET /static/* handler in do_GET.
+3. Extract Session class and helpers to api/session_store.py
+4. Extract _run_agent_streaming and SSE helpers to api/streaming.py
+5. Extract parse_multipart and handle_upload to api/upload.py
+6. Extract list_dir and friends to api/files.py
+7. Refactor handlers.py to import from the above modules
+8. server.py becomes: config setup, start server, import Handler from handlers.py
+
+Benefit: Each file is under ~200 lines. Agents can read and modify individual files
+without loading the full 1100-line blob.
+
+### Phase B: Thread-Safe Request Context (Priority: Critical, Effort: Medium)
+
+Replace process-global env vars with thread-local or explicit parameter passing.
+
+Root cause: TERMINAL_CWD, HERMES_EXEC_ASK, HERMES_SESSION_KEY are set via os.environ
+in _run_agent_streaming(). Two concurrent sessions clobber each other.
+
+Fix options (in order of preference):
+
+Option 1 (best): Check if AIAgent constructor accepts a context dict. Pass workspace,
+exec_ask, and session_key directly. Zero env var usage in server code.
+
+Option 2: Use threading.local():
+    _ctx = threading.local()
+    # In _run_agent_streaming:
+    _ctx.workspace = str(workspace)
+    _ctx.session_key = session_id
+    # In tools that read env vars: check _ctx first, fall back to os.environ
+
+Option 3 (interim, safe for single-user): Wrap the env var block in a per-session lock:
+    SESSION_AGENT_LOCKS = {}  # session_id -> Lock
+    # Only one agent run per session at a time
+    with SESSION_AGENT_LOCKS.setdefault(session_id, threading.Lock()):
+        os.environ[...] = ...
+        result = agent.run_conversation(...)
+
+Phase B also includes: review all other os.environ reads/writes in the codebase for
+similar thread-safety issues.
+
+### Phase C: Session Store Improvements (Priority: Medium, Effort: Medium)
+
+Three problems to fix:
+
+1. Unbounded SESSIONS cache:
+   Replace dict with functools.lru_cache wrapper or a simple OrderedDict with max size.
+   Evict LRU entries when size exceeds 100.
+
+2. No locking around SESSIONS:
+   Wrap all SESSIONS dict reads and writes with LOCK (already defined, just unused).
+   Pattern: with LOCK: s = SESSIONS.get(sid)
+
+3. O(n) directory scan in all_sessions():
+   Add an index file: SESSION_DIR/index.json
+   Contents: list of compact() dicts, sorted by updated_at
+   Maintained on every Session.save() and every delete.
+   all_sessions() reads index.json (one file read) instead of scanning all JSONs.
+   get_session() still loads the full {session_id}.json on cache miss.
+   Index rebuild tool: a function that regenerates index.json from all *.json files.
+
+### Phase D: Input Validation and Error Handling (Priority: Medium, Effort: Low)
+
+1. Add a validate() helper:
+   def validate(body, *required_fields):
+       missing = [f for f in required_fields if not body.get(f)]
+       if missing: raise ValueError(f"Missing required fields: {missing}")
+
+2. Refine the outer try/except in do_GET and do_POST:
+   except ValueError as e:
+       return j(self, {'error': str(e)}, status=400)
+   except KeyError as e:
+       return j(self, {'error': f'Not found: {e}'}, status=404)
+   except Exception as e:
+       log.exception('Unhandled error')
+       return j(self, {'error': 'Internal server error'}, status=500)
+   # Never expose tracebacks to the client (security risk even on localhost)
+
+3. Add request duration logging:
+   Log at INFO level: {method} {path} -> {status} in {duration}ms
+
+### Phase E: Frontend Modularization (Priority: Medium, Effort: High)
+
+After Phase A splits the HTML/JS into files, Phase E improves the JavaScript itself.
+
+1. Switch to ES Modules (type="module"):
+   app.js deleted Sprint 9 -- replaced by 6 modules:
+   - state.js: export S, INFLIGHT
+   - sessions.js: session CRUD functions
+   - chat.js: send(), SSE handling
+   - files.js: loadDir(), openFile()
+   - upload.js: uploadPendingFiles(), addFiles(), renderTray()
+   - approval.js: approval card and polling
+   - markdown.js: renderMd()
+   - ui.js: setStatus, setBusy, showToast, syncTopbar
+   Each module imports what it needs from state.js and other modules.
+
+2. Replace renderMd with marked.js:
+   CDN: https://cdn.jsdelivr.net/npm/marked/marked.min.js
+   No bundler needed, ~50KB, handles tables, nested lists, HTML sanitization.
+   Usage: marked.parse(raw) -- drop-in replacement.
+   Add DOMPurify alongside for XSS sanitization of rendered HTML.
+
+3. Add Prism.js for syntax highlighting:
+   CDN: https://cdn.jsdelivr.net/npm/prismjs
+   Apply after renderMd: Prism.highlightAllUnder(element)
+   Supports 200+ languages with auto-detection.
+
+### Phase F: API Design Cleanup (Priority: Low, Effort: Medium)
+
+1. Version prefix: add /api/v1/ to all new endpoints.
+   Keep /api/* as aliases for backward compatibility.
+
+2. Standard response envelope:
+   Success: {"ok": true, "data": {...}}
+   Error: {"ok": false, "error": "message", "code": "ERROR_CODE"}
+
+3. Session list pagination:
+   GET /api/v1/sessions?limit=30&offset=0
+   Response: {"ok": true, "data": {"sessions": [...], "total": N, "has_more": false}}
+
+4. Consistent naming: use snake_case for all JSON keys.
+
+### Phase G: Observability (Priority: Low, Effort: Low)
+
+1. Structured JSON logging to /tmp/webui-mvp.log:
+   {"ts": "...", "method": "POST", "path": "/api/chat/start", "status": 200, "ms": 12}
+
+2. Enhanced /health response:
+   {"status": "ok", "sessions": 10, "active_streams": 2, "uptime_s": 3600, "version": "0.3"}
+
+3. GET /api/debug/stats (localhost only):
+   {"sessions_cached": N, "streams_active": M, "memory_mb": X}
+
+### Phase H: Authentication (Priority: Low, Effort: Medium)
+
+Optional password gate for non-SSH-tunnel deployments.
+
+1. HERMES_WEBUI_PASSWORD env var enables auth
+2. Login page: minimal dark form, POST /api/auth/login
+3. Server sets HttpOnly + SameSite=Strict cookie on successful login
+4. All API endpoints check cookie if HERMES_WEBUI_PASSWORD is set
+5. Cookie validity: 30 days from last activity
+
+### Phase I: Test Infrastructure (Priority: High, Effort: High)
+
+No tests exist today. This is the highest-risk technical debt.
+
+1. Python unit tests (pytest):
+   - tests/test_session_crud.py: Session class, get_session, new_session, all_sessions
+   - tests/test_upload.py: parse_multipart directly with known byte payloads
+   - tests/test_files.py: safe_resolve, list_dir, read_file_content with tmp dirs
+   - tests/test_streaming.py: mock AIAgent, verify event sequence
+   - tests/test_approval.py: approval state machine
+
+2. HTTP integration tests:
+   - Start a test server on a random port
+   - Drive it with httpx or requests
+   - Verify all API endpoints return correct shapes and status codes
+
+3. Frontend tests (no build step):
+   - tests/frontend/test_markdown.html: known input -> expected HTML output assertions
+   - Run via: python3 -m http.server and open in browser, or use playwright
+
+4. CI (GitHub Actions):
+   - .github/workflows/test.yml: on push, run pytest + ruff lint
+   - Target: zero test failures before merging any feature branch
+
+### Phase J: Performance (Priority: Low, Effort: High)
+
+For scale beyond single-user casual use.
+
+1. Session index (Phase C prerequisite): O(1) session list loads
+2. Message pagination: /api/session returns last 50 messages, paginate older ones
+3. Frontend virtual scroll: IntersectionObserver for both message list and session list
+4. Stream cleanup background thread: evict STREAMS entries older than 5 minutes
+5. File tree lazy loading: expand-on-click fetches subdirectory contents
+
+---
+
+## 11. How To Add a New API Endpoint
+
+Follow this exact pattern. Review existing handlers in do_GET/do_POST for reference.
+
+### Backend (server.py -> future: api/handlers.py)
+
+GET endpoint:
+
+    # Inside do_GET, before the 404 fallback line:
+    if parsed.path == '/api/your/endpoint':
+        qs = parse_qs(parsed.query)
+        param = qs.get('param', [''])[0]
+        if not param:
+            return j(self, {'error': 'param is required'}, status=400)
+        # do work
+        return j(self, {'result': value})
+
+POST endpoint (AFTER /api/upload check, body already parsed):
+
+    if parsed.path == '/api/your/endpoint':
+        value = body.get('field', '')
+        if not value:
+            return j(self, {'error': 'field is required'}, status=400)
+        # do work
+        return j(self, {'ok': True, 'data': result})
+
+Endpoint requiring a valid session:
+
+    sid = body.get('session_id', '')
+    try:
+        s = get_session(sid)
+    except KeyError:
+        return j(self, {'error': 'Session not found'}, status=404)
+
+Endpoint that calls Hermes Python modules:
+
+    # Example: calling cron.jobs
+    import sys
+    sys.path.insert(0, str(Path(__file__).parent.parent))
+    from cron.jobs import list_jobs
+    jobs = list_jobs(include_disabled=True)
+    return j(self, {'jobs': jobs})
+
+### Frontend (6 static JS modules: ui.js, workspace.js, sessions.js, messages.js, panels.js, boot.js)
+
+Simple GET fetch:
+
+    const data = await api('/api/your/endpoint?param=' + encodeURIComponent(value));
+    // data is parsed JSON response, throws on error
+
+POST:
+
+    const data = await api('/api/your/endpoint', {
+      method: 'POST',
+      body: JSON.stringify({field: value})
+    });
+
+The api() helper:
+
+    async function api(path, opts={}) {
+      const r = await fetch(path, {headers:{'Content-Type':'application/json'},...opts});
+      const d = await r.json();
+      if (!r.ok) throw new Error(d.error || r.statusText);
+      return d;
+    }
+
+---
+
+## 12. Common Debugging Commands
+
+    # Server health and session count
+    curl -s http://127.0.0.1:8787/health | python3 -m json.tool
+
+    # Tail the server log live
+    tail -f /tmp/webui-mvp.log
+
+    # List all sessions (metadata only)
+    curl -s http://127.0.0.1:8787/api/sessions | python3 -m json.tool
+
+    # Inspect a full session with messages
+    SID=your_session_id_here
+    curl -s "http://127.0.0.1:8787/api/session?session_id=$SID" | python3 -m json.tool
+
+    # Kill and restart server cleanly
+    pkill -f "python.*webui-mvp/server.py"
+    <agent-dir>/webui-mvp/start.sh
+
+    # Check if server process is running
+    ps aux | grep "webui-mvp/server.py"
+
+    # Inspect session files on disk
+    ls -lt ~/.hermes/webui-mvp/sessions/
+    cat ~/.hermes/webui-mvp/sessions/SESSION_ID.json | python3 -m json.tool
+
+    # Count messages in a session
+    python3 -c "import json; d=json.load(open('sessions/SID.json')); print(len(d['messages']))"
+
+    # Check approval module state
+    cd <agent-dir>
+    venv/bin/python -c "from tools.approval import _pending; print(_pending)"
+
+    # Check active SSE streams (requires server access)
+    curl -s http://127.0.0.1:8787/health  # streams not exposed yet, add in Phase G
+
+    # Find all sessions with messages (not Untitled empty)
+    ls ~/.hermes/webui-mvp/sessions/ | xargs -I{} python3 -c "
+    import json, sys
+    d = json.load(open('~/.hermes/webui-mvp/sessions/{}'))
+    if d['messages']: print('{}', d['title'][:50])
+    " 2>/dev/null
+
+---
+
+## 13. Architecture Decision Records
+
+### ADR-001: Single-File Server
+Decision: All code in server.py
+Rationale: No build step, easy agent modification, zero deployment complexity.
+Trade-off: Maintenance burden grows with file size.
+Resolution: Phase A splits the file.
+
+### ADR-002: HTML as Python Raw String
+Decision: Frontend embedded in server.py as r"""..."""
+Rationale: Simplest way to serve frontend without static file server or build system.
+Trade-off: No editor syntax highlighting, complex patching, base64 gymnastics for large edits.
+Resolution: Phase A moves to static/index.html served from disk.
+
+### ADR-003: ThreadingHTTPServer
+Decision: Python stdlib, synchronous threads, not asyncio.
+Rationale: No dependencies, synchronous agent calls fit naturally in threads.
+Trade-off: Memory scales linearly with concurrent users. Thread pool is unbounded.
+Resolution: Acceptable for single-user. Phase J adds concurrency limits if needed.
+
+### ADR-004: SSE over WebSockets
+Decision: Server-Sent Events for streaming.
+Rationale: Simpler than WebSockets, unidirectional, no upgrade handshake, EventSource is
+standard browser API.
+Trade-off: Server-to-client only. Approval events use SSE from agent thread + polling fallback.
+Resolution: No plan to switch. SSE is sufficient.
+
+### ADR-005: Module-Level Approval State
+Decision: tools/approval.py uses module-level _pending dict shared across all threads.
+Rationale: The approval system was pre-existing; sharing state via same Python process works.
+Trade-off: Breaks if ever moved to multi-process (gunicorn workers) or subprocess.
+Resolution: Document the constraint. Move to SQLite if scaling is ever needed.
+
+### ADR-006: No Authentication
+Decision: No auth initially.
+Rationale: Localhost-only via SSH tunnel. Auth adds complexity without security benefit
+when the transport layer (SSH) is already authenticated.
+Trade-off: Anyone on the VPS with localhost access can use the server.
+Resolution: Phase H adds optional password gate for direct-access deployments.
+
+### ADR-007: Approval State via Environment Variables
+Decision: HERMES_EXEC_ASK and HERMES_SESSION_KEY passed via os.environ.
+Rationale: tools/approval.py and terminal_tool.py already read these env vars.
+Trade-off: Process-global. Two concurrent chat requests clobber each other.
+Resolution: Phase B replaces with thread-local or explicit parameter passing.
+
+---
+
+## 14. Version History
+
+    v0.1  Initial MVP: single-file server, sync /api/chat, no streaming
+    v0.2  SSE streaming via /api/chat/start + /api/chat/stream
+    v0.2  INFLIGHT session guard, session delete rules, toast UI
+    v0.2  Binary file upload fixed (replaced cgi.FieldStorage with parse_multipart)
+    v0.2  Approval card UI wired to tools/approval.py
+    v0.2  Approval SSE event (immediate surface on tool invocation)
+    v0.3  Sprint 1 (March 30, 2026):
+            Bug fixes: B1 B2 B3 B4/B5 B7 B9 B11 all resolved
+            Architecture: LOCK on SESSIONS, section headers, structured JSON logging
+            Tests: 19/19 HTTP integration tests passing
+            Features: 10-model dropdown with provider groups, reconnect banner,
+                       GET /api/chat/stream/status, GET /api/approval/inject_test
+    v0.4  Sprint 2 (March 30, 2026):
+            Features: image preview via /api/file/raw, rendered markdown in right panel,
+                       table support in renderMd(), smart file icons, type badge in path bar
+            Tests: 8 new tests, 27/27 total passing
+    v0.5  [Planned] Wave 1 features: cron viewer, skills viewer, memory viewer
+    v0.5  Sprint 3 (March 30, 2026):
+            Features: sidebar nav tabs (Chat/Tasks/Skills/Memory), cron viewer,
+                       skills viewer (search + SKILL.md preview), memory viewer
+            Bug fixes: B6, B10, B14
+            Arch: Phase D partial (require()/bad() validation helpers)
+            New endpoints: /api/crons, /api/crons/output, /api/crons/run, /api/crons/pause,
+                           /api/crons/resume, /api/skills, /api/skills/content, /api/memory
+            Tests: 21 new tests, 48/48 total
+    v0.6  Sprint 4 (March 30, 2026):
+            Relocation: source moved to <repo>/, symlink back
+            Phase A partial: CSS extracted to static/style.css, served from disk
+            Phase B partial: per-session agent lock (SESSION_AGENT_LOCKS)
+            Features: session rename (inline), session search, file delete, file create
+            Bug fixes: B12, B8 improved, TD5 completed
+            New endpoints: /api/session/rename, /api/sessions/search, /api/file/delete, /api/file/create, GET /static/*
+            Tests: 20 new tests, 68/68 total
+    v0.7  Sprint 5 (March 30, 2026):
+            Arch: Phase A complete (JS -> static/app.js), TD2 LRU cache, TD1 thread-local, Phase C index
+            Features: workspace management panel + topbar quick-switch, copy message, inline file editor
+            New endpoints: /api/workspaces, /api/workspaces/add, /api/workspaces/remove, /api/workspaces/rename, /api/file/save
+            New state files: workspaces.json, last_workspace.txt, sessions/_index.json
+            Tests: 18 new tests, 86/86 total
+    v0.8  Sprint 6 (March 31, 2026):
+            Phase E complete: HTML to static/index.html (server.py now 903 lines, pure Python)
+            Phase D complete: all endpoints validated
+            Features: resizable panels (localStorage), cron create from UI, session JSON export
+            Bug fix: Escape from file editor now cancels edits
+            New endpoints: POST /api/crons/create, GET /api/session/export
+            Tests: 16 new, 106/106 total
+    v0.0.6  Sprint 8 (March 31, 2026):
+            Features: edit+regenerate messages, regenerate last response, clear conversation,
+                       Prism.js syntax highlighting, message queue (MSG_QUEUE + drain on idle),
+                       INFLIGHT-first loadSession (message persists on switch-away/back)
+            Bug fixes: A1 (reconnect banner false positive), A2 (session list scroll clip)
+            New endpoints: POST /api/session/clear, POST /api/session/truncate
+            Tests: 14 new, 139/139 total
+            JS: MSG_QUEUE global, updateQueueBadge(), setBusy drain logic, send() queues when busy,
+                loadSession checks INFLIGHT before server fetch
+    v0.1.0 Concurrency sweeps (March 31, 2026):
+            R10-R15: approval cross-session, activity bar per-session, live card
+            restore on switch-back, settled cards after done, model source,
+            newSession card clear. 190/190 tests.
+    v0.0.8  Sprint 10 (March 31, 2026):
+            Arch: server.py split into api/ modules (config, helpers, models, workspace, upload, streaming)
+            Features: background task cancel, cron run history, tool card UX polish
+            Post-sprint fixes: SSE cancel event breaks loop, Cancel button always hidden on setBusy(false),
+              S.activeStreamId initialized, tool-card show-more uses data attributes, version label v0.0.8,
+              Session.__init__ **kwargs forward-compat, test cron isolation via HERMES_HOME,
+              last_workspace reset in conftest between tests, tool cards grouped by assistant turn
+            Tests: 18 new, 167/167 total
+            Regressions fixed: uuid, AIAgent, has_pending, SSE cancel loop, Session.__init__ tool_calls
+            test_regressions.py: 10 tests -- one per introduced bug, permanent regression gate
+            Total after fixes: 177/177
+    v0.0.7  Sprint 9 (March 31, 2026):
+            Arch: app.js deleted; replaced by ui.js, workspace.js, sessions.js, messages.js, panels.js, boot.js
+            Features: tool call cards (inline collapsible, live + history), attachment persistence,
+                       todo list panel (parses tool results from session history)
+            Tests: 10 new, 149/149 total
+    v0.9  Sprint 7 (March 31, 2026):
+            Features: cron edit+delete, skill create/edit/delete, memory write, session content search
+            Arch: Phase G partial (active_streams+uptime in /health), git init
+            Bug fixes: A1 (activity bar min-height), A2 (model chip sync), A3 (cron output overflow)
+            New endpoints: /api/crons/update, /api/crons/delete, /api/skills/save, /api/skills/delete,
+                           /api/memory/write, /api/sessions/search (extended)
+            Tests: 19 new, 125/125 total
+
+
+---
+
+## 15. Sprint Log
+
+This section records what was actually built and changed in each sprint. It is the
+permanent history of the codebase. Update it at the end of every sprint.
+
+### Sprint 1 (March 30, 2026): Bug Fixes, Arch Foundations, First Tests
+
+**Tracks:** Bug fixes (7), Architecture (3), Tests (1)
+**Test result:** 19/19 passing
+**Backup:** server.py.sprint1.bak
+
+#### Bug Fixes Applied
+
+| ID  | Description                          | Change                                                                 |
+|-----|--------------------------------------|------------------------------------------------------------------------|
+| B3  | Model chip label wrong for new models | Replaced substring check with MODEL_LABELS dict; 10 models supported  |
+| B7  | Sidebar title overflow                | Added min-width:0 to .session-item                                     |
+| B11 | /api/session GET creates session silently | Returns 400 with error message when session_id is missing          |
+| B2  | File input no accept attribute        | Added accept= with image/*, text/*, pdf, json, common code extensions  |
+| B9  | Empty assistant messages render       | loadSession() filters out empty-text assistant messages before render  |
+| B1  | Approval card missing pattern context | showApprovalCard() now appends pattern_keys to description text        |
+| B4/B5 | Reload mid-stream loses context     | markInflight/clearInflight in localStorage; checkInflightOnBoot() shows gold reconnect banner; GET /api/chat/stream/status endpoint added |
+
+Model dropdown also expanded from 2 options to 10, grouped by provider in <optgroup>.
+
+#### Architecture Improvements Applied
+
+| Item   | Description                          | Change                                                                    |
+|--------|--------------------------------------|---------------------------------------------------------------------------|
+| Arch-1 | Section headers                      | 8 clear # === SECTION === banners dividing server.py into logical zones   |
+| Arch-2 | LOCK around SESSIONS dict            | get_session, new_session, delete now hold LOCK; eliminates race condition |
+| Arch-3 | Structured request logging           | log_request() override emits JSON per request to /tmp/webui-mvp.log      |
+
+Request log format:
+    {"ts": "2026-03-30T17:30:08Z", "method": "GET", "path": "/health", "status": 200, "ms": 0.1}
+
+#### Test Suite Added
+
+File: webui-mvp/tests/test_sprint1.py (19 tests)
+File: webui-mvp/tests/__init__.py
+
+Test categories:
+    Health check (1)
+    Session CRUD: create, load, update, delete, sort, B11 footgun (6)
+    Multipart parser unit tests: text file, binary/PNG (2)
+    HTTP upload: success, too large, no file, bad session (4)
+    Approval API: pending/none, inject+deny, inject+session-approve (3)
+    Stream status endpoint (1)
+    File browser: list dir, path traversal block (2)
+
+Run tests:
+    cd <agent-dir>
+    venv/bin/python -m pytest webui-mvp/tests/test_sprint1.py -v
+
+#### Section 5.5 Update (B3 resolved)
+
+The model chip label bug is now fixed. The MODEL_LABELS object in syncTopbar():
+
+    const MODEL_LABELS = {
+      'openai/gpt-5.4-mini':             'GPT-5.4 Mini',
+      'openai/gpt-4o':                   'GPT-4o',
+      'openai/o3':                       'o3',
+      'openai/o4-mini':                  'o4-mini',
+      'anthropic/claude-sonnet-4.6':     'Sonnet 4.6',
+      'anthropic/claude-sonnet-4-5':     'Sonnet 4.5',
+      'anthropic/claude-haiku-3-5':      'Haiku 3.5',
+      'google/gemini-2.5-pro':           'Gemini 2.5 Pro',
+      'deepseek/deepseek-chat-v3-0324':  'DeepSeek V3',
+      'meta-llama/llama-4-scout':        'Llama 4 Scout',
+    };
+    $('modelChip').textContent = MODEL_LABELS[m] || (m.split('/').pop() || 'Unknown');
+
+Fallback: splits on '/' and uses the last segment, so any unlisted model shows its
+short identifier rather than a wrong hardcoded label.
+
+#### Version History Update
+
+    v0.3  Sprint 1: B3/B7/B11/B2/B9/B1/B4/B5 bug fixes
+    v0.3  Sprint 1: Model dropdown expanded to 10 models in provider groups
+    v0.3  Sprint 1: LOCK added around SESSIONS dict (thread safety)
+    v0.3  Sprint 1: Section headers added throughout server.py
+    v0.3  Sprint 1: Structured JSON request logging via log_request() override
+    v0.3  Sprint 1: GET /api/chat/stream/status endpoint
+    v0.3  Sprint 1: Reconnect banner (markInflight/clearInflight/checkInflightOnBoot)
+    v0.3  Sprint 1: GET /api/approval/inject_test endpoint (test-only)
+    v0.3  Sprint 1: First pytest suite, 19 tests, all passing
+
+---
+
+## 16. Architecture Phase Priority Matrix
+
+Quick-reference table for prioritizing architecture work. Phases are from Section 10.
+
+| Phase | Name                        | Priority | Effort | Blocks         | Status     |
+|-------|-----------------------------|----------|--------|----------------|------------|
+| A+E   | File Separation + Frontend  | High     | Medium | F              | COMPLETE Sprint 6+9 (HTML->index.html, JS->6 modules, app.js deleted; server.py pure Python ~1150 lines) |
+| B     | Thread-Safe Request Context | Critical | Medium | nothing        | PARTIAL (Sprint 4: per-session lock added; global env vars still used) |
+| C     | Session Store Improvements  | Medium   | Medium | J              | PARTIAL Sprint 5 (index file + LRU cache; LRU eviction policy and pagination still open) |
+| D     | Input Validation            | Medium   | Low    | nothing        | COMPLETE Sprint 6 (approval/respond + file/raw hardened; all endpoints validated) |
+| E     | Frontend Modularization     | Medium   | High   | requires A     | Pending    |
+| F     | API Design Cleanup          | Low      | Medium | requires A     | Pending    |
+| G     | Observability               | Low      | Low    | nothing        | Partial (Sprint 7: active_streams+uptime added to /health; log rotation still pending) |
+| H     | Authentication              | Low      | Medium | nothing        | Pending    |
+| I     | Test Infrastructure         | High     | High   | requires A,D   | Partial(*) |
+| J     | Performance                 | Low      | High   | requires C     | Pending    |
+
+(*) Phase G is partial: structured request logging done in Sprint 1. Full observability
+    (health detail, debug/stats endpoint, log rotation) remains.
+(*) Phase I is partial: HTTP integration test suite started in Sprint 1. Unit tests for
+    isolated modules require Phase A file split first.
+
+Recommended execution order:
+    1. Phase B (thread safety): critical, low risk, no file changes needed
+    2. Phase D (input validation): low effort, improves error messages immediately
+    3. Phase A (file split): enables E, F, and full Phase I
+    4. Phase G remainder (health detail, debug endpoint): 1-2 hours
+    5. Phase C (session index): needed as session count grows
+    6. Phase E (frontend modules + marked.js): biggest UX improvement
+    7. Phase I (full test suite): after A gives us importable modules
+    8. Phase F, H, J: lower priority, tackle when needed
+
+---
+
+## 17. Working Conventions for Agent Contributors
+
+This section is specifically for agents (Hermes instances, subagents, Codex, etc.) that
+will be working on this codebase. Read this before touching any file.
+
+### Before Making Any Change
+
+1. Read this document (ARCHITECTURE.md) fully. Especially sections 4, 5, and the ADRs.
+2. Read the relevant section of server.py by searching for the SECTION header.
+3. Check the Sprint Log (Section 15) to understand what was recently changed.
+4. Run the test suite first to confirm baseline: cd <agent-dir> &&
+   venv/bin/python -m pytest webui-mvp/tests/test_sprint1.py -v
+5. Check server health: curl -s http://127.0.0.1:8787/health
+
+### Making Changes
+
+Always back up server.py before a non-trivial change:
+    cp server.py server.py.$(date +%Y%m%d_%H%M).bak
+
+Use exact string matching when patching. The pitfalls are documented in the
+hermes-webui-mvp skill. Key ones:
+- Never use sed on this file from the shell. Use execute_code with Python string replace.
+- Always assert the old string is found before replacing (prevents silent no-op patches).
+- Unicode escape sequences in JS (\u2026) exist as literal backslash-u in the file.
+  Match the file's raw content, not interpreted Python strings.
+- The HTML block is a Python raw string (r"""..."""). Standard triple-quote escaping
+  rules do not apply inside it, but Python escape sequences \n etc. work in JS strings
+  inside it as literal two-character sequences.
+
+After any change:
+    venv/bin/python -m py_compile webui-mvp/server.py   # syntax check
+    curl -s http://127.0.0.1:8787/health                # server still alive
+    venv/bin/python -m pytest webui-mvp/tests/ -v       # tests still pass
+
+### Critical Rules (do NOT regress these)
+
+These patterns have been broken and fixed multiple times. Do not re-introduce them.
+
+RULE-1: deleteSession() must NEVER call newSession().
+    Deleting does not create. If the deleted session was active and others remain,
+    load sessions[0]. If none remain, show empty state. See Section 5.6.
+
+RULE-2: /api/upload must be checked BEFORE read_body() in do_POST.
+    read_body() consumes the request body. Upload parsing also needs the body.
+    Order matters. See Section 4.1.
+
+RULE-3: run_conversation() takes task_id=, NOT session_id=.
+    task_id is the correct keyword argument. session_id= raises TypeError silently.
+
+RULE-4: stream_delta_callback receives None as end-of-stream sentinel.
+    The on_token callback must guard: if text is None: return
+
+RULE-5: send() must capture activeSid BEFORE any await.
+    The active session can change while awaits are pending. Capture first, guard on return.
+
+RULE-6: Boot IIFE must never auto-create a session.
+    Only two places create sessions: the + button and send() when S.session is null.
+
+RULE-7: All SESSIONS dict accesses must hold LOCK.
+    LOCK is a module-level threading.Lock(). Use: with LOCK: ...
+
+RULE-8: do NOT expose tracebacks to API clients.
+    500 responses should return {"error": "Internal server error"}, not the full traceback.
+    (Currently traceback is exposed; fix in Phase D. Do not make it worse.)
+
+RULE-9: Pattern_keys, not pattern_key, for multi-pattern approvals.
+    The approval module may include both pattern_key (singular, legacy) and pattern_keys
+    (plural, all matched patterns). Always iterate pattern_keys when approving.
+
+### Adding New API Endpoints
+
+See Section 11 for the exact code pattern. Short version:
+- GET: add before the 404 fallback in do_GET
+- POST: add after /api/upload check and after read_body(), before 404 fallback in do_POST
+- Always validate required fields, return 400 for missing/invalid input
+- Always use get_session(sid) with try/except KeyError -> 400 or 404
+- Add a test in test_sprint1.py or a new test file
+
+### Updating This Document
+
+Update ARCHITECTURE.md whenever you:
+- Fix a bug listed in Section 9 (update its row, mark resolved)
+- Complete an architecture phase (update Section 16 matrix)
+- Add a new endpoint (add to Section 4.1 routing table)
+- Discover a new pitfall or rule (add to Section 17)
+- Complete a sprint (add a new entry to Section 15)
+
+This document is the memory of the codebase. If it is not updated, future agents will
+make the same mistakes again.
+
+---
+
+## 18. Endpoint Reference (Current)
+
+Complete list of all HTTP endpoints as of Sprint 1 (v0.3).
+
+### GET Endpoints
+
+    /                          Returns full HTML app (index page)
+    /index.html                Same as /
+    /health                    {"status":"ok","sessions":N}
+    /api/session               ?session_id=X -> full session + messages. 400 if no ID.
+    /api/sessions              List of all session compact() dicts, sorted by updated_at
+    /api/list                  ?session_id=X&path=. -> directory listing for session workspace
+    /api/file                  ?session_id=X&path=rel -> file content (text, 200KB limit)
+    /api/chat/stream           ?stream_id=X -> SSE stream. Long-lived. Emits token/tool/
+                               approval/done/error events.
+    /api/chat/stream/status    ?stream_id=X -> {"active": true/false, "stream_id": X}
+    /api/approval/pending      ?session_id=X -> {"pending": entry_or_null}
+    /api/approval/inject_test  ?session_id=X&pattern_key=K&command=C -> test-only endpoint.
+                               Injects a pending approval entry into the server process.
+    /api/file/raw              ?session_id=X&path=P -> raw file bytes with correct MIME type.
+                               Used for image preview. Path traversal protected via safe_resolve.
+                               Returns 404 JSON if file not found.
+
+### POST Endpoints
+
+    /api/upload                multipart/form-data. Fields: session_id, file. Returns filename.
+    /api/session/new           {"model"?, "workspace"?} -> new session
+    /api/session/update        {"session_id", "workspace"?, "model"?} -> updated session
+    /api/session/delete        {"session_id"} -> {"ok": true}
+    /api/chat/start            {"session_id", "message", "model"?, "workspace"?}
+                               -> {"stream_id", "session_id"}. Starts agent daemon thread.
+    /api/chat                  (fallback, sync) {"session_id", "message", "model"?, "workspace"?}
+                               -> blocks until agent finishes. Returns full result.
+    /api/approval/respond      {"session_id", "choice": once|session|always|deny}
+                               -> {"ok": true, "choice": choice}
+
+### GET Endpoints Added in Sprint 3
+
+    /api/crons                 All cron jobs. Returns {jobs: [...]}.
+    /api/crons/output          ?job_id=X&limit=N -> {outputs: [{filename, content}]}
+    /api/skills                All skills. Returns {skills: [{name, description, category}]}
+    /api/skills/content        ?name=X -> full skill data including SKILL.md content
+    /api/memory                MEMORY.md + USER.md. Returns {memory, user, *_path, *_mtime}
+
+### POST Endpoints Added in Sprint 3
+
+    /api/crons/run             {job_id} -> triggers run in daemon thread. Returns {ok, status}.
+    /api/crons/pause           {job_id} -> {ok, job} or 404.
+    /api/crons/resume          {job_id} -> {ok, job} or 404.
+
+---
+
+## Sprint 2 Log Entry (March 30, 2026)
+
+Added to Section 15 Sprint Log.
+
+### Sprint 2: Rich File Preview (March 30, 2026)
+
+**Tracks:** Features (4 sub-features), Tests (8 new)
+**Test result:** 27/27 passing (19 Sprint 1 + 8 Sprint 2)
+**Backup:** server.py.sprint1.bak (Sprint 1 backup; Sprint 2 is incremental)
+
+#### Features Implemented
+
+**Image Preview (GET /api/file/raw)**
+
+New endpoint in do_GET:
+
+    GET /api/file/raw?session_id=X&path=relative/path
+
+- Reads raw bytes from workspace file via safe_resolve() (path traversal protected)
+- Looks up MIME type from MIME_MAP constant keyed by lowercase extension
+- Falls back to 'application/octet-stream' for unknown types
+- Serves bytes directly with correct Content-Type header
+- No MAX_FILE_BYTES size limit (images can be large; the browser handles progressive load)
+- Returns JSON 404 if file not found or not a file
+
+Frontend: openFile() checks IMAGE_EXTS set. If image, sets <img src="/api/file/raw?...">
+and calls showPreview('image'). The browser loads the image natively. onerror handler
+shows a status message if load fails.
+
+**Rendered Markdown Preview**
+
+Frontend only -- uses existing GET /api/file endpoint for text content.
+openFile() checks MD_EXTS set. If markdown, fetches text then calls:
+
+    $('previewMd').innerHTML = renderMd(data.content);
+
+Preview renders in .preview-md container with full typography CSS separate from the
+chat bubble .msg-body CSS (allows different sizing/spacing for the narrower side panel).
+
+**Table Support in renderMd()**
+
+Added a regex pass before paragraph wrapping:
+- Detects blocks of pipe-delimited rows where row[1] is a separator (|---|---|)
+- Converts to <table><thead><tbody> HTML
+- Handles any number of columns
+- This partially resolves B8 (renderMd missing tables)
+
+**Smart File Icons in renderFileTree()**
+
+New fileIcon(name, type) function maps extensions to emoji icons:
+- Directories: folder icon
+- Images: camera icon
+- Markdown: notepad icon
+- Python: snake icon
+- JS/TS/JSX/TSX: circuit icon
+- JSON/YAML/TOML: gear icon
+- Shell scripts: terminal icon
+- Everything else: document icon
+
+**Preview Path Bar with Type Badge**
+
+previewPath bar now has two elements:
+- #previewPathText: the relative file path
+- #previewBadge: colored badge with type label (image/md/extension)
+  Blue for images, gold for markdown, gray for code
+
+#### New Constants Added
+
+    IMAGE_EXTS   set of image extensions: .png .jpg .jpeg .gif .svg .webp .ico .bmp
+    MD_EXTS      set of markdown extensions: .md .markdown .mdown
+    CODE_EXTS    set of code/text extensions for reference
+    MIME_MAP     dict: extension -> MIME type string
+
+#### New HTML Elements
+
+    #previewPathText   span inside preview path bar (was direct textContent on #previewPath)
+    #previewBadge      colored type badge span
+    #previewImgWrap    div centering the preview image
+    #previewImg        <img> element for image preview
+    #previewMd         div for rendered markdown HTML
+
+#### Endpoint Reference Update
+
+Added to Section 18:
+
+    GET /api/file/raw   ?session_id=X&path=P -> raw file bytes with correct MIME type.
+                        Path traversal protected. 404 JSON if not found.
+
+#### B8 Status Update (Section 9)
+
+B8 (renderMd missing tables) is now PARTIAL: table parsing added in Sprint 2.
+Nested lists and complex inline HTML still not handled. Full fix remains Phase E
+(replace renderMd with marked.js).
+
+
+### Sprint 3 (March 30, 2026): Panel Navigation + Feature Viewers
+
+**Tracks:** Bug fixes (3), Features (3 panels + 8 API endpoints), Arch Phase D (partial)
+**Tests:** 48/48 passing
+**Backup:** server.py.sprint2.bak
+
+#### New Sidebar Navigation
+
+Four tabs at the top of the sidebar: Chat (default), Tasks, Skills, Memory.
+Implemented via `.nav-tab` / `.panel-view` CSS classes. `switchPanel(name)` activates
+the correct tab and panel-view, then lazy-loads panel data on first open.
+
+#### Tasks Panel (Cron viewer)
+
+`loadCrons()` fetches GET /api/crons, renders each job as a collapsible `.cron-item`.
+`toggleCron(id)` expands/collapses the body. `loadCronOutput(jobId)` auto-loads the last
+output file from GET /api/crons/output for each job.
+
+Run Now: POST /api/crons/run starts the job in a daemon thread, returns immediately.
+Pause/Resume: POST /api/crons/pause and /api/crons/resume call the cron.jobs functions.
+
+#### Skills Panel
+
+`loadSkills()` fetches GET /api/skills, caches in `_skillsData`. `renderSkills()` groups
+by category, filters by search input. Clicking a skill calls `openSkill(name)` which
+fetches GET /api/skills/content and renders in the right panel using `showPreview('md')`.
+
+#### Memory Panel
+
+`loadMemory()` fetches GET /api/memory (reads MEMORY.md + USER.md from
+~/.hermes/memories/), renders both as markdown via renderMd() with timestamps.
+
+#### New API Endpoints (Section 18 update)
+
+    GET  /api/crons              All jobs from cron.jobs.list_jobs(include_disabled=True)
+    GET  /api/crons/output       ?job_id=X&limit=N -> last N output .md files for a job
+    POST /api/crons/run          {job_id} -> triggers run_job() in daemon thread
+    POST /api/crons/pause        {job_id} -> pause_job(job_id)
+    POST /api/crons/resume       {job_id} -> resume_job(job_id)
+    GET  /api/skills             All skills via tools.skills_tool.skills_list()
+    GET  /api/skills/content     ?name=X -> full skill data via skill_view(name)
+    GET  /api/memory             MEMORY.md + USER.md content and mtimes
+
+#### Phase D Input Validation Applied
+
+    require(body, *fields)   raises ValueError with clean message on missing fields
+    bad(handler, msg, status=400)  returns clean JSON error response
+
+Endpoints hardened: /api/session/update, /api/session/delete, /api/chat/start.
+Unknown session ID on /api/session/update now returns 404 instead of 500.
+
+#### Bug Fix Details
+
+B6: `newSession()` now passes `inheritWs = S.session?.workspace` to /api/session/new.
+    Backend already accepted `workspace` param in session/new but it was never sent.
+
+B10: `es.addEventListener('tool', ...)` now calls `removeThinking()` before updating
+     status and shows a compact `.msg-role + .msg-body` tool-running row. `ensureAssistantRow()`
+     also removes `#toolRunningRow` when first token arrives.
+
+B14: `document.addEventListener('keydown', ...)` at global scope catches Cmd/Ctrl+K
+     and calls `newSession()` if not busy.
+
+
+### Sprint 4 (March 30, 2026): Relocation + Session Power Features + Phase A/B
+
+**Tracks:** Bugs (B12, B8, TD5), Features (rename, search, file ops), Arch (Phase A/B start), Relocation
+**Tests:** 68/68 passing
+**Backup:** server.py.sprint2.bak (last full backup; Sprint 3 and 4 are incremental)
+
+#### Source Relocation
+
+Moved <agent-dir>/webui-mvp/ to <repo>/.
+Symlink: <agent-dir>/webui-mvp -> <repo>
+The symlink means all existing import paths (sys.path.insert for hermes-agent modules)
+continue working unchanged. start.sh updated to reference new canonical path.
+
+Safe from: git pull, git reset --hard, git stash on hermes-agent repo.
+NOT safe from: git clean -fd (would delete symlink but not the target).
+Disk failure: still a single-copy risk. Use git init + push when ready.
+
+#### Phase A: CSS Extracted
+
+<repo>/static/style.css: the 23KB CSS block from the Python raw string.
+server.py no longer contains any CSS. GET /static/* handler serves disk files.
+server.py shrunk by ~200 lines.
+
+#### Phase B: Per-Session Agent Lock
+
+SESSION_AGENT_LOCKS = {} keyed by session_id, each value is a threading.Lock().
+_get_session_agent_lock(sid) returns the lock, creating it if needed.
+_run_agent_streaming() wraps the env var block with: with _agent_lock: ...
+This prevents two concurrent requests for the same session from overwriting env vars
+mid-execution. Two concurrent requests for DIFFERENT sessions are still unsafe (env vars
+are process-global). Full fix requires removing env var usage entirely (Phase B complete).
+
+#### New Endpoints
+
+    GET  /static/*             Serves files from <repo>/static/ with
+                               correct Content-Type. Currently serves style.css.
+    POST /api/session/rename   {session_id, title} -> {session: compact}. Truncates to 80 chars.
+    GET  /api/sessions/search  ?q=X -> sessions whose title contains q (case-insensitive).
+                               Empty q returns all sessions (same as /api/sessions).
+    POST /api/file/delete      {session_id, path} -> {ok: true}. Path traversal protected.
+    POST /api/file/create      {session_id, path, content?} -> {ok, path}. Errors if exists.
+
+
+### Sprint 5 (March 30, 2026): Phase A Complete + Workspace + Edit + Copy
+
+**Tracks:** Arch (Phase A complete, TD1/TD2/TD6/Phase C), Features (3), Tests (18)
+**Tests:** 86/86 passing
+
+#### Phase A Complete: static/app.js
+
+Extracted 902-line JavaScript from server.py HTML string to <repo>/static/app.js.
+server.py now: Python code + thin HTML skeleton (~875 lines, down from 1778).
+Layout: server.py imports nothing from static/; the HTML just has <link> and <script src>.
+Served via GET /static/* handler added in Sprint 4.
+node --check validates app.js on every sprint.
+
+#### TD2: LRU SESSIONS Cache
+
+SESSIONS changed to collections.OrderedDict.
+get_session(): SESSIONS.move_to_end(sid) on hit; on miss: load from disk, add, move_to_end, evict if over SESSIONS_MAX=100.
+new_session(): same eviction logic on insert.
+Result: memory usage capped regardless of session count.
+
+#### TD1: Thread-Local Env Context
+
+_thread_ctx = threading.local() added to Server Globals.
+_set_thread_env(**kwargs) and _clear_thread_env() set/clear _thread_ctx.env.
+_run_agent_streaming() calls _set_thread_env() before env var writes, _clear_thread_env() in outer finally.
+Process-level os.environ writes still exist as fallback (needed until terminal tool reads thread-local).
+
+#### Phase C: Session Index File
+
+SESSION_INDEX_FILE = SESSION_DIR / '_index.json'.
+_write_session_index(): builds compact() list from SESSIONS + disk files, writes JSON.
+Called in Session.save() -- keeps index always current.
+all_sessions(): reads index JSON first (one file read); overlays in-memory SESSIONS; falls back to full glob scan on error.
+Index files starting with '_' are skipped during full scan to avoid recursion.
+
+#### New Workspace Infrastructure
+
+WORKSPACES_FILE = ~/.hermes/webui-mvp/workspaces.json
+LAST_WORKSPACE_FILE = ~/.hermes/webui-mvp/last_workspace.txt
+load_workspaces() / save_workspaces() / get_last_workspace() / set_last_workspace() helpers.
+new_session() now calls get_last_workspace() as default instead of DEFAULT_WORKSPACE.
+set_last_workspace() called in /api/session/update and /api/chat/start.
+
+#### New Endpoints (Sprint 5)
+
+    GET  /api/workspaces           {workspaces: [...], last: path}
+    POST /api/workspaces/add       {path, name?} -- validates exists+dir, no duplicates
+    POST /api/workspaces/remove    {path} -- removes from list, ok even if not present
+    POST /api/workspaces/rename    {path, name} -- updates display name, 404 if not found
+    POST /api/file/save            {session_id, path, content} -- write text to existing file
+
+
+### Sprint 6 (March 31, 2026): Polish + Resize + Cron Create + Phase E
+
+**Tests:** 106/106 passing
+**Backup:** server.py.sprint5.bak
+
+#### Phase E Complete: static/index.html
+
+The HTML = r triple-quoted string (197 lines, 12682 chars) was extracted to
+<repo>/static/index.html and served via disk read on each request.
+server.py is now pure Python: zero HTML/CSS/JS inline. All static content is in static/.
+
+Static file layout (final):
+  static/index.html  (Sprint 6)  -- HTML template
+  static/style.css   (Sprint 4)  -- all CSS
+  static/app.js      (Sprint 5)  -- all JavaScript
+
+server.py line count progression: 1778 (S1) -> 1042 (S5) -> 903 (S6)
+
+#### Phase D Complete
+
+/api/approval/respond: validates session_id present; choice must be one of
+(once, session, always, deny); returns 400 on invalid.
+/api/file/raw: validates session_id present; try/except KeyError returns 404.
+
+#### New Endpoints
+
+    POST /api/crons/create   {prompt, schedule, name?, deliver?, skills?, model?}
+                             -> {ok: true, job: {...}} or 400 on invalid schedule/missing fields.
+                             Uses cron.jobs.create_job() directly.
+    GET  /api/session/export ?session_id=X
+                             -> full session JSON with Content-Disposition: attachment header.
+                             Includes all messages, workspace, model, timestamps.
+
+#### Resizable Panels
+
+_initResizePanels() called from boot IIFE. Creates mousedown listeners on #sidebarResize
+and #rightpanelResize. On mousemove: computes delta and clamps to min/max. On mouseup:
+saves width to localStorage. Widths restored at boot via localStorage.getItem().
+CSS: .resize-handle with position:absolute, width:5px, cursor:col-resize.
+body.resizing added during drag to suppress text selection.
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..88e602a
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,312 @@
+# Hermes WebUI -- Changelog
+
+> Living document. Updated at the end of every sprint.
+> Source: <repo>/
+> Repository: https://github.com/<your-username>/hermes-webui
+
+---
+
+## [v0.1.0] Concurrency + Correctness Sweeps
+*March 31, 2026 | 190 tests*
+
+Two systematic audits of all concurrent multi-session scenarios. Each finding
+became a regression test so it cannot silently return.
+
+### Sweep 1 (R10-R12)
+- **R10: Approval response to wrong session.** `respondApproval()` used
+  `S.session.session_id` -- whoever you were viewing. If session A triggered
+  a dangerous command requiring approval and you switched to B then clicked
+  Allow, the approval went to B's session_id. Agent on A stayed stuck. Fixed:
+  approval events tag `_approvalSessionId`; `respondApproval()` uses that.
+- **R11: Activity bar showed cross-session tool status.** Session A's tool
+  name appeared in session B's activity bar while you were viewing B. Fixed:
+  `setStatus()` in the tool SSE handler is now inside the `activeSid` guard.
+- **R12: Live tool cards vanished on switch-away and back.** Switching back to
+  an in-flight session showed empty live cards even though tools had fired.
+  Fixed: `loadSession()` INFLIGHT branch now restores cards from `S.toolCalls`.
+
+### Sweep 2 (R13-R15)
+- **R13: Settled tool cards never rendered after response completes.**
+  `renderMessages()` has a `!S.busy` guard on tool card rendering. It was
+  called with `S.busy=true` in the done handler -- tool cards were skipped
+  every time. Fixed: `S.busy=false` set inline before `renderMessages()`.
+- **R14: Wrong model sent for sessions with unlisted model.** `send()` used
+  `$('modelSelect').value` which could be stale if the session's model isn't
+  in the dropdown. Fixed: now uses `S.session.model || $('modelSelect').value`.
+- **R15: Stale live tool cards in new sessions.** `newSession()` didn't call
+  `clearLiveToolCards()`. Fixed.
+
+---
+
+## [v0.0.9] Sprint 10 Post-Release Fixes
+*March 31, 2026 | 177 tests*
+
+Critical regressions introduced during the server.py split, caught by users and fixed immediately.
+
+- **`uuid` not imported in server.py** -- `chat/start` returned 500 (NameError) on every new message
+- **`AIAgent` not imported in api/streaming.py** -- agent thread crashed immediately, SSE returned 404
+- **`has_pending` not imported in api/streaming.py** -- NameError during tool approval checks
+- **`Session.__init__` missing `tool_calls` param** -- 500 on any session with tool history
+- **SSE loop did not break on `cancel` event** -- connection hung after cancel
+- **Regression test file added** (`tests/test_regressions.py`): 10 tests, one per introduced bug. These form a permanent regression gate so each class of error can never silently return.
+
+---
+
+## [v0.0.8] Sprint 10 -- Server Health + Operational Polish
+*March 31, 2026 | 167 tests*
+
+### Post-sprint Bug Fixes
+- SSE loop now breaks on `cancel` event (was hanging after cancel)
+- `setBusy(false)` now always hides the Cancel button
+- `S.activeStreamId` properly initialized in the S global state object
+- Tool card "Show more" button uses data attributes instead of inline JSON.stringify (XSS/parse safety)
+- Version label updated to v0.0.8
+- `Session.__init__` accepts `**kwargs` for forward-compatibility with future JSON fields
+- Test cron jobs now isolated via `HERMES_HOME` env var in conftest (no more pollution of real jobs.json)
+- `last_workspace` reset after each test in conftest (prevents workspace state bleed between tests)
+- Tool cards now grouped per assistant turn instead of piled before last message
+- Tool card insertion uses `data-msg-idx` attribute correctly (was `msgIdx`, matching HTML5 dataset API)
+
+### Architecture
+- **server.py split into api/ modules.** 1,150 lines -> 673 lines in server.py.
+  Extracted modules: `api/config.py` (101), `api/helpers.py` (57), `api/models.py` (114),
+  `api/workspace.py` (77), `api/upload.py` (77), `api/streaming.py` (187).
+  server.py is now the thin routing shell only. All business logic is independently importable.
+
+### Features
+- **Background task cancel.** Red "Cancel" button appears in the activity bar while a task
+  is running. Calls `GET /api/chat/cancel?stream_id=X`. The agent thread receives a cancel
+  event, emits a 'cancel' SSE event, and the UI shows "*Task cancelled.*" in the conversation.
+  Note: a tool call already in progress (e.g. a long terminal command) completes before
+  the cancel takes effect -- same behavior as CLI Ctrl+C.
+- **Cron run history viewer.** Each job in the Tasks panel now has an "All runs" button.
+  Click to expand a list of up to 20 past runs with timestamps, each collapsible to show
+  the full output. Click again to hide.
+- **Tool card UX polish.** Three improvements:
+  1. Pulsing blue dot on cards for in-progress tools (distinct from completed cards)
+  2. Smart snippet truncation at sentence boundaries instead of hard byte cutoff
+  3. "Show more / Show less" toggle on tool results longer than 220 chars
+
+---
+
+## [v0.0.7] Sprint 9 -- Codebase Health + Daily Driver Gaps
+*March 31, 2026 | 149 tests*
+
+The sprint that closed the last gaps for heavy agentic use.
+
+### Architecture
+- **app.js replaced by 6 modules.** `app.js` is deleted. The browser now loads 6 focused files:
+  `ui.js` (530), `workspace.js` (132), `sessions.js` (189), `messages.js` (221),
+  `panels.js` (555), `boot.js` (142). The modules are a superset of the original app.js
+  (two functions -- `loadTodos`, `toolIcon` -- were added directly to the modules after the split).
+  No single file exceeds 555 lines.
+
+### Features
+- **Tool call cards inline.** Every tool Hermes uses now appears as a collapsible card
+  in the conversation between the user message and the response. Live during streaming,
+  restored from session history on reload. Shows tool name, preview, args, result snippet.
+- **Attachment metadata persists on reload.** File badges on user messages survive page
+  refresh. Server stores filenames on the user message in session JSON.
+- **Todo list panel.** New checkmark tab in the sidebar. Shows current task list parsed
+  from the most recent todo tool result in message history. Status icons: pending (○),
+  in-progress (◉), completed (✓), cancelled (✗). Auto-refreshes when panel is active.
+- **Model preference persists.** Last-used model saved to localStorage. Restored on page
+  load. New sessions inherit it automatically.
+
+### Bug Fixes
+- Tool card toggle arrow only shown when card has expandable content
+- Attachment tagging matches by message content to avoid wrong-turn tagging
+- SSE tool event was missing `args` field
+- `/api/session` GET was not returning `tool_calls` (history lost on reload)
+
+---
+
+## [v0.0.6] Sprint 8 -- Daily Driver Finish Line
+*March 31, 2026 | 139 tests*
+
+### Features
+- **Edit user message + regenerate.** Hover any user bubble, click the pencil icon.
+  Inline textarea, Enter submits, Escape cancels. Truncates session at that point and re-runs.
+- **Regenerate last response.** Retry icon on the last assistant bubble only.
+- **Clear conversation.** "Clear" button in topbar. Wipes messages, keeps session slot.
+- **Syntax highlighting.** Prism.js via CDN (deferred). Python, JS, bash, JSON, SQL and more.
+
+### Bug Fixes
+- Reconnect banner false positive on normal loads (90-second window)
+- Session list clipping on short screens
+- Favicon 404 console noise (server now returns 204)
+- Edit textarea auto-resize on open
+- Send button guard while inline edit is active
+- Escape closes dropdown, clears search, cancels active edit
+- Approval polling not restarted on INFLIGHT session switch-back
+- Version label updated to v0.0.6
+
+### Hotfix: Message Queue + INFLIGHT
+- **Message queue.** Sending while busy queues the message with toast + badge.
+  Drains automatically on completion. Cleared on session switch.
+- **Message stays visible on switch-away/back.** loadSession checks INFLIGHT before
+  server fetch, so sent message and thinking dots persist correctly.
+
+---
+
+## [v0.9] Sprint 7 -- Wave 2 Core: CRUD + Search
+*March 31, 2026 | 125 tests*
+
+### Features
+- **Cron edit + delete.** Inline edit form per job, save and delete with confirmation.
+- **Skill create, edit, delete.** "+ New skill" form in Skills panel. Writes to `~/.hermes/skills/`.
+- **Memory inline edit.** "Edit" button opens textarea for MEMORY.md. Saves via `/api/memory/write`.
+- **Session content search.** Filter box searches message text (up to 5 messages per session)
+  in addition to titles. Debounced API call, results appended below title matches.
+
+### Architecture
+- `/health` now returns `active_streams` and `uptime_seconds`
+- `git init` on `<repo>/`, pushed to GitHub
+
+### Bug Fixes
+- Activity bar overlap on short viewports
+- Model chip stale after session switch
+- Cron output overflow in tasks panel
+
+---
+
+## [v0.8] Sprint 6 -- Polish + Phase E Complete
+*March 31, 2026 | 106 tests*
+
+### Architecture
+- **Phase E complete.** HTML extracted to `static/index.html`. server.py now pure Python.
+  Line count progression: 1778 (Sprint 1) → 1042 (Sprint 5) → 903 (Sprint 6).
+- **Phase D complete.** All endpoints validated with proper 400/404 responses.
+
+### Features
+- **Resizable panels.** Sidebar and workspace panel drag-resizable. Widths persisted to localStorage.
+- **Create cron job from UI.** "+ New job" form in Tasks panel with name, schedule, prompt, delivery.
+- **Session JSON export.** Downloads full session as JSON via "JSON" button in sidebar footer.
+- **Escape from file editor.** Cancels inline file edit without saving.
+
+---
+
+## [v0.7] Sprint 5 -- Phase A Complete + Workspace Management
+*March 30, 2026 | 86 tests*
+
+### Architecture
+- **Phase A complete.** JS extracted to `static/app.js`. server.py: 1778 → 1042 lines.
+- **LRU session cache.** `collections.OrderedDict` with cap of 100, oldest evicted automatically.
+- **Session index.** `sessions/_index.json` for O(1) session list loads.
+- **Isolated test server.** Port 8788 with own state dir, conftest autouse cleanup.
+
+### Features
+- **Workspace management panel.** Add/remove/rename workspaces. Persisted to `workspaces.json`.
+- **Topbar workspace quick-switch.** Dropdown chip lists all workspaces, switches on click.
+- **New sessions inherit last workspace.** `last_workspace.txt` tracks last used.
+- **Copy message to clipboard.** Hover icon on each bubble with checkmark confirmation.
+- **Inline file editor.** Preview any file, click Edit to modify, Save writes to disk.
+
+---
+
+## [v0.6] Sprint 4 -- Relocation + Session Power Features
+*March 30, 2026 | 68 tests*
+
+### Architecture
+- **Source relocated** to `<repo>/` outside the hermes-agent git repo.
+  Safe from `git pull`, `git reset`, `git stash`. Symlink maintained at `hermes-agent/webui-mvp`.
+- **CSS extracted (Phase A start).** All CSS moved to `static/style.css`.
+- **Per-session agent lock (Phase B).** Prevents concurrent requests to same session from
+  corrupting environment variables.
+
+### Features
+- **Session rename.** Double-click any title in sidebar to edit inline. Enter saves, Escape cancels.
+- **Session search/filter.** Live client-side filter box above session list.
+- **File delete.** Hover trash icon on workspace files. Confirm dialog.
+- **File create.** "+" button in workspace panel header.
+
+---
+
+## [v0.5] Sprint 3 -- Panel Navigation + Feature Viewers
+*March 30, 2026 | 48 tests*
+
+### Features
+- **Sidebar panel navigation.** Four tabs: Chat, Tasks, Skills, Memory. Lazy-loads on first open.
+- **Tasks panel.** Lists scheduled cron jobs with status badges. Run now, Pause, Resume.
+  Shows last run output automatically.
+- **Skills panel.** All skills grouped by category. Search/filter. Click to preview SKILL.md.
+- **Memory panel.** Renders MEMORY.md and USER.md as formatted markdown with timestamps.
+
+### Bug Fixes
+- B6: New session inherits current workspace
+- B10: Tool events replace thinking dots (not stacked alongside)
+- B14: Cmd/Ctrl+K creates new chat from anywhere
+
+---
+
+## [v0.4] Sprint 2 -- Rich File Preview
+*March 30, 2026 | 27 tests*
+
+### Features
+- **Image preview.** PNG, JPG, GIF, SVG, WEBP displayed inline in workspace panel.
+- **Rendered markdown.** `.md` files render as formatted HTML in the preview panel.
+- **Table support.** Pipe-delimited markdown tables render as HTML tables.
+- **Smart file icons.** Type-appropriate icons by extension in the file tree.
+- **Preview path bar with type badge.** Colored badge shows file type.
+
+---
+
+## [v0.3] Sprint 1 -- Bug Fixes + Foundations
+*March 30, 2026 | 19 tests*
+
+The first sprint. Established the test suite, fixed critical bugs.
+
+### Bug Fixes
+- B1: Approval card now shows pattern keys
+- B2: File input accepts valid types only
+- B3: Model chip label correct for all 10 models (replaced substring check with dict)
+- B4/B5: Reconnect banner on mid-stream reload (localStorage inflight tracking)
+- B7: Session titles no longer overflow sidebar
+- B9: Empty assistant messages no longer render as blank bubbles
+- B11: `/api/session` GET returns 400 (not silent session creation) when ID missing
+
+### Architecture
+- Thread lock on SESSIONS dict
+- Structured JSON request logging
+- 10-model dropdown with 3 provider groups (OpenAI, Anthropic, Other)
+- First test suite: 19 HTTP integration tests
+
+---
+
+## [v0.2] UI Polish Pass
+*March 30, 2026*
+
+Visual audit via screenshot analysis. No new features -- design refinement only.
+
+- Nav tabs: icon-only with CSS tooltip (5 tabs, no overflow)
+- Session list: grouped by Today / Yesterday / Earlier
+- Active session: blue left border accent
+- Role labels: Title Case, softened color, circular icons
+- Code blocks: connected language header with separator
+- Send button: gradient + hover lift
+- Composer: blue glow ring on focus
+- Toast: frosted glass with float animation
+- Tool status moved from composer footer to activity bar above composer
+- Empty session flood fixed (filter + cleanup endpoint + test autouse)
+
+---
+
+## [v0.1] Initial Build
+*March 30, 2026*
+
+Single-file web UI for Hermes. stdlib HTTP server, no external dependencies.
+Three-panel layout: sessions sidebar, chat area, workspace panel.
+
+**Core capabilities:**
+- Send messages, receive SSE-streamed responses
+- Session create/load/delete, auto-title from first message
+- File upload with manual multipart parser
+- Workspace file tree with directory navigation
+- Tool approval card (4 choices: once, session, always, deny)
+- INFLIGHT session-switch guard
+- 10-model dropdown (OpenAI, Anthropic, Other)
+- SSH tunnel access on port 8787
+
+---
+
+*Last updated: Sprint 9, March 31, 2026 | Tests: 149/149*
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..b1beedc
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Hermes Web UI Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a35f274
--- /dev/null
+++ b/README.md
@@ -0,0 +1,213 @@
+# Hermes Web UI
+
+A lightweight, dark-themed browser interface for Hermes.
+Full parity with the CLI experience -- everything you can do from a terminal,
+you can do from this UI. No build step, no framework, no bundler. Just Python
+and vanilla JS.
+
+Layout: three-panel Claude-style. Left sidebar for sessions and tools,
+center for chat, right for workspace file browsing.
+
+---
+
+## Quick start
+
+```bash
+git clone <this-repo> hermes-webui
+cd hermes-webui
+./start.sh
+```
+
+That is it. The script will:
+
+1. Locate your Hermes agent checkout automatically.
+2. Find (or create) a Python environment with the required dependencies.
+3. Start the server.
+4. Print the URL (and SSH tunnel command if you are on a remote machine).
+
+---
+
+## What start.sh discovers automatically
+
+| Thing | How it finds it |
+|---|---|
+| Hermes agent dir | `HERMES_WEBUI_AGENT_DIR` env, then `~/.hermes/hermes-agent`, then sibling `../hermes-agent` |
+| Python executable | Agent venv first, then `.venv` in this repo, then system `python3` |
+| State directory | `HERMES_WEBUI_STATE_DIR` env, then `~/.hermes/webui-mvp` |
+| Default workspace | `HERMES_WEBUI_DEFAULT_WORKSPACE` env, then `~/workspace`, then state dir |
+| Port | `HERMES_WEBUI_PORT` env or first argument, default `8787` |
+
+If discovery finds everything, nothing else is required.
+
+---
+
+## Overrides (only needed if auto-detection misses)
+
+```bash
+export HERMES_WEBUI_AGENT_DIR=/path/to/hermes-agent
+export HERMES_WEBUI_PYTHON=/path/to/python
+export HERMES_WEBUI_PORT=9000
+./start.sh
+```
+
+Or inline:
+
+```bash
+HERMES_WEBUI_AGENT_DIR=/custom/path ./start.sh 9000
+```
+
+Full list of environment variables:
+
+| Variable | Default | Description |
+|---|---|---|
+| `HERMES_WEBUI_AGENT_DIR` | auto-discovered | Path to the hermes-agent checkout |
+| `HERMES_WEBUI_PYTHON` | auto-discovered | Python executable |
+| `HERMES_WEBUI_HOST` | `127.0.0.1` | Bind address |
+| `HERMES_WEBUI_PORT` | `8787` | Port |
+| `HERMES_WEBUI_STATE_DIR` | `~/.hermes/webui-mvp` | Where sessions and state are stored |
+| `HERMES_WEBUI_DEFAULT_WORKSPACE` | `~/workspace` | Default workspace |
+| `HERMES_WEBUI_DEFAULT_MODEL` | `openai/gpt-5.4-mini` | Default model |
+| `HERMES_HOME` | `~/.hermes` | Base directory for Hermes state (affects all paths above) |
+| `HERMES_CONFIG_PATH` | `~/.hermes/config.yaml` | Path to Hermes config file |
+
+---
+
+## Accessing from a remote machine
+
+The server binds to `127.0.0.1` by default (loopback only). If you are running
+Hermes on a VPS or remote server, use an SSH tunnel from your local machine:
+
+```bash
+ssh -N -L <local-port>:127.0.0.1:<remote-port> <user>@<server-host>
+```
+
+Example:
+
+```bash
+ssh -N -L 8787:127.0.0.1:8787 user@your.server.com
+```
+
+Then open `http://localhost:8787` in your local browser.
+
+`start.sh` will print this command for you automatically when it detects you
+are running over SSH.
+
+---
+
+## Manual launch (without start.sh)
+
+If you prefer to launch the server directly:
+
+```bash
+cd /path/to/hermes-agent          # or wherever sys.path can find Hermes modules
+HERMES_WEBUI_PORT=8787 python /path/to/hermes-webui/server.py
+```
+
+Health check:
+
+```bash
+curl http://127.0.0.1:8787/health
+```
+
+---
+
+## Running tests
+
+Tests discover the repo and the Hermes agent dynamically -- no hardcoded paths.
+
+```bash
+cd hermes-webui
+python -m pytest tests/ -v
+```
+
+Or using the agent venv explicitly:
+
+```bash
+/path/to/hermes-agent/venv/bin/python -m pytest tests/ -v
+```
+
+Tests run against an isolated server on port 8788 with a separate state directory.
+Production data and real cron jobs are never touched.
+
+---
+
+## Features
+
+### Chat and agent
+- Streaming responses via SSE (tokens appear as they are generated)
+- 10+ models across OpenAI, Anthropic, and other providers; last-used model persists
+- Send a message while one is processing -- it queues automatically
+- Edit any past user message inline and regenerate from that point
+- Retry the last assistant response with one click
+- Cancel a running task from the activity bar
+- Tool call cards inline -- each shows the tool name, args, and result snippet
+- Approval card for dangerous shell commands (allow once / session / always / deny)
+- File attachments persist across page reloads
+
+### Sessions
+- Create, rename, delete, search by title and message content
+- Grouped by Today / Yesterday / Earlier in the sidebar
+- Download as Markdown transcript or full JSON export
+- Sessions persist across page reloads and SSH tunnel reconnects
+
+### Workspace file browser
+- Browse directory tree with type icons
+- Preview text, code, Markdown (rendered), and images inline
+- Edit files in the browser
+- Create and delete files
+- Right panel is drag-resizable
+
+### Panels
+- **Chat** -- session list, search, new conversation
+- **Tasks** -- view, create, edit, run, pause/resume, delete cron jobs
+- **Skills** -- list all skills by category, search, preview, create/edit
+- **Memory** -- view and edit MEMORY.md and USER.md inline
+- **Todos** -- live task list from the current session
+- **Spaces** -- add, rename, remove workspaces; quick-switch from topbar
+
+---
+
+## Architecture
+
+```
+server.py               HTTP routing shell
+api/
+  config.py             Discovery + globals (HOST, PORT, SESSIONS, etc.)
+  helpers.py            HTTP helpers: j(), bad(), require(), safe_resolve()
+  models.py             Session model + CRUD
+  workspace.py          File ops: list_dir, read_file_content, workspace helpers
+  upload.py             Multipart parser, file upload handler
+  streaming.py          SSE engine, run_agent integration, cancel support
+static/
+  index.html            HTML template
+  style.css             All CSS
+  ui.js                 DOM helpers, renderMd, tool cards
+  workspace.js          File tree, preview, file ops
+  sessions.js           Session CRUD, list rendering, search
+  messages.js           send(), SSE event handlers, approval, transcript
+  panels.js             Cron, skills, memory, workspace, todo, switchPanel
+  boot.js               Event wiring + boot IIFE
+tests/
+  conftest.py           Isolated test server (port 8788, separate HERMES_HOME)
+  test_sprint1-10.py    Feature tests per sprint
+  test_regressions.py   Permanent regression gate
+```
+
+State lives outside the repo at `~/.hermes/webui-mvp/` by default
+(sessions, workspaces, last_workspace). Override with `HERMES_WEBUI_STATE_DIR`.
+
+---
+
+## Docs
+
+- `ROADMAP.md` -- feature roadmap and sprint history
+- `ARCHITECTURE.md` -- system design, all API endpoints, implementation notes
+- `TESTING.md` -- manual browser test plan and automated coverage reference
+- `CHANGELOG.md` -- release notes
+- `PORTABILITY.md` -- full portability design spec
+
+## Repo
+
+```
+git@github.com:<your-username>/hermes-webui.git
+```
diff --git a/ROADMAP.md b/ROADMAP.md
new file mode 100644
index 0000000..4ffa9cf
--- /dev/null
+++ b/ROADMAP.md
@@ -0,0 +1,309 @@
+# Hermes WebUI: Full Parity Roadmap
+
+> Goal: Full 1:1 parity with the Hermes CLI experience via a clean dark web UI.
+> Everything you can do from the CLI terminal, you can do from this UI.
+>
+> Last updated: Post-Sprint 10 bug sweeps (March 31, 2026)
+> Tests: 190/190 passing
+> Source: <repo>/
+
+---
+
+## Sprint History (Completed)
+
+| Sprint | Theme | Highlights | Tests |
+|--------|-------|-----------|-------|
+| Sprint 1 | Bug fixes + foundations | B1-B11 fixed, LOCK on SESSIONS, section headers, request logging | 19 |
+| Sprint 2 | Rich file preview | Image preview, rendered markdown, table support, smart icons | 27 |
+| Sprint 3 | Panel nav + viewers | Sidebar tabs, cron/skills/memory panels, B6/B10/B14, Phase D start | 48 |
+| Sprint 4 | Relocation + power features | Source to <repo>/, CSS extracted, session rename/search, file ops | 68 |
+| Sprint 5 | Phase A complete + workspace | JS extracted (server.py 1778->1042 lines), workspace management, copy message, file editor, session index | 86 |
+| Test hardening | Isolated test environment | Port 8788 test server, conftest autouse, cleanup_zero_message, 5 test files rewritten | 90 |
+| Sprint 6 | Polish + Phase E complete | HTML to static/, resizable panels, cron create, session JSON export, Escape from editor | 106 |
+| Sprint 7 | Wave 2 Core: CRUD + Search | Cron edit/delete, skill create/edit/delete, memory write, session content search, health improvements, git init | 125 |
+| Sprint 8 | Daily Driver Finish Line | Edit+regenerate user messages, regenerate last response, clear conversation, Prism.js syntax highlighting, reconnect banner fix, session list scroll fix | 139 |
+| Sprint 8 hotfix | Message queue + INFLIGHT fix | Queue messages while busy (toast + badge + auto-drain), INFLIGHT-first loadSession (message stays on switch-away/back) | 139 |
+| Sprint 9 | Codebase health + daily driver gaps | app.js deleted and replaced by 6 modules, tool call cards inline, attachment persistence on reload, todo list panel | 149 |
+| Sprint 10 | Server health + operational polish | server.py split into api/ modules, background task cancel, cron run history viewer, tool card UX polish | 167 |
+| Sprint 10 fixes | Import regressions + regression tests | uuid, AIAgent, has_pending, SSE cancel loop, Session.__init__ tool_calls; test_regressions.py | 177 |
+| Concurrency sweeps | Multi-session correctness | Approval cross-session (R10), activity bar per-session (R11), live cards on switch-back (R12), tool cards after done (R13), session model authoritative (R14), newSession cards (R15) | 190 |
+
+---
+
+## Current Architecture Status
+
+| Layer | Location | Status |
+|-------|----------|--------|
+| Python server | <repo>/server.py (~1100 lines) | Pure Python, no inline HTML/CSS/JS |
+| HTML template | <repo>/static/index.html | Served from disk |
+| CSS | <repo>/static/style.css | Served from disk |
+| JavaScript | <repo>/static/app.js | Served from disk |
+| Runtime state | ~/.hermes/webui-mvp/sessions/ | Session JSON files |
+| Test server | Port 8788, state dir ~/.hermes/webui-mvp-test/ | Isolated, wiped per run |
+| Production server | Port 8787 | SSH tunnel from Mac |
+
+---
+
+## Feature Parity Checklist
+
+### Chat and Agent
+- [x] Send messages, get SSE-streaming responses
+- [x] Switch models per session (10 models, grouped by provider)
+- [x] Upload files to workspace (drag-drop, click, clipboard paste)
+- [x] File tray with remove button
+- [x] Tool progress shown in activity bar above composer
+- [x] Approval card for dangerous commands (Allow once/session/always, Deny)
+- [x] Approval polling + SSE-pushed approval events
+- [x] INFLIGHT guard: switch sessions mid-request without losing response
+- [x] Session restores from localStorage on page load
+- [x] Reconnect banner if page reloaded mid-stream
+- [x] Copy message to clipboard (hover icon on each bubble)
+- [x] Edit last user message and regenerate
+- [ ] Branch/fork conversation (Wave 3)
+- [ ] Token/cost estimate per message (Wave 3)
+
+### Tool Visibility
+- [x] Tool progress in activity bar (moved out of composer footer)
+- [x] Approval card with all 4 choices
+- [x] Tool call cards inline (collapsed, show name/args/result)
+
+### Workspace / Files
+- [x] Browse workspace directory tree with type icons
+- [x] Preview text/code files (read-only)
+- [x] Preview markdown files (rendered, tables supported)
+- [x] Preview image files (PNG, JPG, GIF, SVG, WEBP inline)
+- [x] Edit files inline (Edit button, Enter to save, Escape to cancel)
+- [x] Create new file (+ button in panel header)
+- [x] Delete file (hover trash, confirm dialog)
+- [x] File name truncation with tooltip for long names
+- [x] Right panel resizable (drag inner edge)
+- [x] Syntax highlighted code preview (Prism.js)
+- [ ] Rename file (Wave 3)
+- [ ] Create folder (Wave 3)
+
+### Sessions
+- [x] Create session (+ button or Cmd/Ctrl+K)
+- [x] Load session (click in sidebar)
+- [x] Delete session (hover trash, toast, correct fallback)
+- [x] Auto-title from first user message
+- [x] Rename session title (double-click in sidebar, Enter saves, Escape cancels)
+- [x] Filter/search sessions by title (live filter box)
+- [x] Date group headers (Today / Yesterday / Earlier)
+- [x] Download session as Markdown transcript
+- [x] Export session as JSON (full messages + metadata)
+- [x] Session inherits last-used workspace on creation
+- [x] Session content search (search message text across sessions)
+- [ ] Session tags / labels (Wave 5)
+- [ ] Archive sessions (Wave 5)
+- [x] Clear conversation (wipe messages, keep session) (Wave 3)
+- [ ] Import session from JSON (Wave 3)
+
+### Workspace Management
+- [x] Add workspace with path validation (must be existing directory)
+- [x] Remove workspace
+- [x] Rename workspace display name
+- [x] Quick-switch workspace from topbar dropdown
+- [x] Sidebar live workspace display (name + path, updates in real time)
+- [x] New sessions inherit last used workspace
+- [x] Workspace list persists to workspaces.json
+- [ ] Workspace reorder (drag) (Wave 2)
+
+### Scheduled Tasks (Cron)
+- [x] View all cron jobs (Tasks sidebar tab)
+- [x] View last run output per job (auto-loaded on expand)
+- [x] Expand job to see prompt, schedule, last output
+- [x] Run job manually (Run now button)
+- [x] Pause / Resume job
+- [x] Create cron job from UI (+ New job form with name, schedule, prompt, delivery)
+- [x] Edit existing cron job
+- [x] Delete cron job
+- [x] View full cron run history (expandable per job)
+- [ ] Skill picker in cron create form (Wave 3)
+
+### Skills
+- [x] List all skills grouped by category (Skills sidebar tab)
+- [x] Search/filter skills by name, description, category
+- [x] View full SKILL.md content in right preview panel
+- [x] Create skill
+- [x] Edit skill
+- [x] Delete skill
+- [ ] View skill linked files (Wave 3)
+
+### Memory
+- [x] View personal notes (MEMORY.md) rendered as markdown (Memory tab)
+- [x] View user profile (USER.md) rendered as markdown (Memory tab)
+- [x] Last-modified timestamp on each section
+- [x] Add/edit memory entry inline
+
+### Configuration
+- [ ] Settings panel (default model, workspace, toolsets) (Wave 4)
+- [ ] Enable/disable toolsets per session (Wave 4)
+
+### Notifications
+- [ ] Cron job completion alerts (Wave 4)
+- [ ] Background agent error alerts (Wave 4)
+
+### Advanced / Future
+- [ ] Voice input via Whisper (Wave 6)
+- [ ] TTS playback of responses (Wave 6)
+- [ ] Subagent delegation cards (Wave 6)
+- [x] Background task cancel (activity bar Cancel button)
+- [ ] Code execution cell (Wave 6)
+- [ ] Password authentication (Wave 7)
+- [ ] HTTPS / reverse proxy (Wave 7)
+- [ ] Mobile responsive layout (Wave 7)
+- [ ] Virtual scroll for large lists (Wave 7)
+
+---
+
+## Sprint 7: Wave 2 Core -- Cron/Skill/Memory CRUD + Session Content Search (COMPLETED)
+
+**Theme:** "Wave 2 Core -- Cron/Skill/Memory CRUD + Session Content Search"
+
+### Track A: Bug Fixes
+| Item | Description |
+|------|-------------|
+| Activity bar sizing | Activity bar sometimes overlaps first message on short viewports |
+| Model dropdown sync | Model chip in topbar sometimes shows stale model after session switch |
+| Cron output truncation | Long cron output in the tasks panel overflows its container |
+
+### Track B: Features
+| Feature | What | Value |
+|---------|------|-------|
+| Session content search | Search message text across all sessions, not just titles. GET /api/sessions/search already does title search; extend to message content with a configurable depth limit | High: the single most-requested nav feature after rename |
+| Cron edit + delete | Edit an existing cron job (name, schedule, prompt, delivery) inline in the tasks panel. Delete with confirm. POST /api/crons/update and /api/crons/delete | High: closes the cron CRUD gap (create was Sprint 6) |
+| Skill create + edit | A "New skill" form in the Skills panel. Name, category, SKILL.md content in a textarea editor. Save calls POST /api/skills/save (writes to ~/.hermes/skills/). Edit opens existing skill in the same editor | High: biggest remaining CLI gap after cron |
+
+### Track C: Architecture
+| Item | What |
+|------|------|
+| Phase E: app.js module split (start) | Split app.js (1332 lines) into logical modules: sessions.js, chat.js, workspace.js, panels.js, ui.js. Serve via ES module imports in index.html. This is Phase E completion. |
+| Health endpoint improvement | Add active_streams, uptime_seconds to /health response (Phase G) |
+| Git init | git init <repo>, first commit, push to private GitHub repo |
+
+### Tests
+- ~20 new pytest tests (cron update/delete, skill save, session content search)
+- TESTING.md: Sections 29-31 (cron edit, skill edit, session search)
+- Estimated total after Sprint 7: ~126
+
+---
+
+## Wave 2: Full CRUD and Interaction Parity
+
+**Status:** In progress. Sprint 6 completed cron create and workspace management.
+Remaining Wave 2 items targeted for Sprints 7-8.
+
+### Sprint 2.0: Workspace Management (COMPLETE Sprint 5+6)
+All workspace features delivered: add/validate/remove/rename workspaces, topbar quick-switch,
+sidebar live display, new sessions inherit last workspace. See Sprint 5 completed section.
+
+### Sprint 2.1: Cron Job Management (Partial -- Sprint 7 for remaining)
+- [x] View all jobs (Sprint 3)
+- [x] Run / pause / resume (Sprint 3)
+- [x] Create job from UI (Sprint 6)
+- [x] Edit job
+- [x] Delete job
+- [x] Full cron run history
+
+### Sprint 2.2: Skill Management (Partial -- Sprint 7 for remaining)
+- [x] List all skills with categories (Sprint 3)
+- [x] View SKILL.md content (Sprint 3)
+- [x] Create skill
+- [x] Edit skill
+- [x] Delete skill
+
+### Sprint 2.3: Memory Write (Sprint 7)
+- [x] View notes + profile (Sprint 3)
+- [x] Edit notes inline
+
+### Sprint 2.4: Todo Management (Wave 2)
+- [x] View current todo list (sidebar Todo panel, parsed from session history)
+
+### Sprint 2.5: Session Content Search (Sprint 7)
+- [x] Session title search (Sprint 4)
+- [x] Message content search across sessions
+
+### Sprint 2.6: Session Rename (COMPLETE Sprint 4)
+Double-click any session title in the left sidebar to edit inline.
+Enter saves, Escape cancels. Topbar updates immediately.
+
+---
+
+## Wave 3: Power Features and Developer Experience
+
+### Sprint 3.1: Tool Call Visibility Inline
+Show tool calls as collapsible cards in the conversation.
+Collapsed: tool name badge + one-line preview. Expanded: full args + result.
+
+### Sprint 3.2: Multi-Model Expansion
+Add more models. Group by provider. Model info tooltip on hover.
+(Partially done: 10 models in dropdown from Sprint 1.)
+
+### Sprint 3.2b: Resizable Panel Widths (COMPLETE Sprint 6)
+Both sidebar and workspace panel are drag-resizable with localStorage persistence.
+
+### Sprint 3.3: Workspace File Actions
+- [ ] Rename file (inline, double-click) (Wave 3)
+- [ ] Create folder (Wave 3)
+- [x] Syntax highlighted code preview (Prism.js)
+
+### Sprint 3.4: Conversation Controls
+- [x] Copy message (Sprint 5)
+- [x] Edit last user message + regenerate
+- [x] Regenerate last assistant response
+- [x] Clear conversation (wipe messages, keep session)
+
+---
+
+## Wave 4: Settings, Configuration, Notifications
+
+### Sprint 4.1: Settings Panel
+Full settings overlay: default model, default workspace, enabled toolsets, config viewer.
+
+### Sprint 4.2: Notification Panel
+Bell icon with unread count. SSE endpoint for cron completions and errors. Toast pop-ups.
+
+### Sprint 4.3: Delivery Target Config
+Configure and test-ping delivery targets (Discord, Telegram, Slack, email) for cron jobs.
+
+---
+
+## Wave 5: Honcho Integration and Long-term Memory
+
+### Sprint 5.1: Honcho Memory Panel
+User representation panel, cross-session context, Honcho search, memory write.
+
+### Sprint 5.2: Session Continuity Features
+"What were we working on?" button, session tags, session archive.
+
+---
+
+## Wave 6: Realtime and Agentic Features
+
+### Sprint 6.1: Background Task Monitor
+Live list of running agent threads. Cancel button. Queue visibility.
+
+### Sprint 6.2: Subagent Delegation Cards
+When delegate_task fires, show subagent progress inline in chat.
+
+### Sprint 6.3: Code Execution Panel
+Jupyter-style inline code cell. Stateful kernel per session.
+
+### Sprint 6.4: Voice Mode
+Push-to-talk mic button. Whisper transcription. Optional TTS playback.
+
+---
+
+## Wave 7: Production Hardening and Mobile
+
+### Sprint 7.1: Authentication
+HERMES_WEBUI_PASSWORD env var gate. Signed cookie. Login page.
+
+### Sprint 7.2: HTTPS and Reverse Proxy
+Nginx + Let's Encrypt. CORS headers for external domain.
+
+### Sprint 7.3: Mobile Responsive Layout
+Collapsible sidebar hamburger. Touch-friendly controls. Swipe gestures.
+
+### Sprint 7.4: Performance and Scale
+Virtual scroll for session/message lists. Incremental message loading.
diff --git a/SPRINTS.md b/SPRINTS.md
new file mode 100644
index 0000000..79a106c
--- /dev/null
+++ b/SPRINTS.md
@@ -0,0 +1,407 @@
+# Hermes WebUI -- Forward Sprint Plan
+
+> Current state: v0.1.0 | 190 tests | Daily driver ready
+> This document plans the path from here to two targets:
+>
+> Target A: 1:1 feature parity with the Hermes CLI (everything you can do from the
+>           terminal, you can do from the browser)
+>
+> Target B: 1:1 parity with Claude's reproducible features (the full Claude
+>           browser UI experience, minus things only Anthropic can build)
+>
+> Sprints are ordered by impact. Each builds on the one before.
+> Past sprint history lives in CHANGELOG.md.
+
+---
+
+## Where we are now (v0.1.0)
+
+**CLI parity: ~80% complete.** Core agent loop, all tools visible, workspace
+file ops, cron/skills/memory CRUD, session management, streaming, cancel --
+all solid. Gaps are configuration, subagent visibility, and runtime controls.
+
+**Claude parity: ~55% complete.** Chat, streaming, file browser,
+session management, tool cards, syntax highlighting, model switching -- all
+present. Gaps are project organization, artifacts, voice, sharing, mobile.
+
+---
+
+## Sprint 11 -- Streaming Smoothness + Tool Card Incremental Render
+
+**Theme:** Make heavy agentic work feel fast and fluid.
+
+**Why now:** The biggest remaining daily friction point. During a 20-step task,
+every tool event triggers a full renderMessages() re-render of the entire
+message list. On fast tasks you can see flicker. This is the last thing that
+makes the UI feel noticeably worse than watching the CLI.
+
+### Track A: Bugs
+- Tool card DOM thrash: renderMessages() rebuilds all cards on each tool event.
+  Switch to incremental append (append new card to existing group, no full rebuild).
+- Scroll position lost on re-render during streaming (messages jump).
+
+### Track B: Features
+- **Incremental tool card streaming:** Instead of renderMessages() on each
+  tool event, maintain a live card group element per turn and append/update
+  cards in place. The assistant text row below the cards also updates
+  incrementally (already does via assistantBody.innerHTML).
+- **Tool card collapse-all / expand-all:** A small toggle in the topbar or
+  per-message to collapse all tool cards in a response. Useful when a response
+  has 10+ tool calls.
+- **Smooth scroll:** Pin scroll to bottom during streaming unless user has
+  manually scrolled up (read-back mode). Resume pinning when user scrolls
+  back to bottom.
+
+### Track C: Architecture
+- `api/routes.py`: extract the 49 if/elif route handlers from server.py's
+  Handler class into a dedicated routes module. server.py becomes a true
+  ~50-line shell: imports, Handler stub that delegates to routes, main().
+  Completes the server split started in Sprint 10.
+
+**Tests:** ~12 new. Total: ~196.
+**Hermes CLI parity impact:** Low (smoothness, not features)
+**Claude parity impact:** Low
+
+---
+
+## Sprint 12 -- Settings Panel + Toolset Control
+
+**Theme:** Configuration you can actually reach from the UI.
+
+**Why now:** Last remaining thing that forces a trip to the CLI or config files
+for basic setup. The model dropdown works but defaults aren't persisted
+server-side. Toolsets can't be toggled per session.
+
+### Track A: Bugs
+- Model dropdown doesn't sync when a session was created with a model not in
+  the current dropdown list (edge case from model additions).
+- Workspace validation on add doesn't check symlinks (shows as invalid when
+  it's actually a valid symlink to a directory).
+
+### Track B: Features
+- **Settings panel:** A gear icon in the topbar opens a slide-in settings panel.
+  Sections: Default Model (writes HERMES_WEBUI_DEFAULT_MODEL to a settings file),
+  Default Workspace (writes HERMES_WEBUI_DEFAULT_WORKSPACE), UI preferences
+  (font size, message density). Persisted server-side in `~/.hermes/webui-mvp/settings.json`.
+- **Toolset control per session:** A "Tools" chip in the session topbar opens
+  a popover listing all available toolsets (terminal, web, file, memory, etc.)
+  with toggles. Selected toolsets stored on the session and passed to AIAgent.
+  Matches the `--tools` flag behavior in the CLI.
+- **Rename file / Create folder:** Two small file tree ops that close the last
+  workspace management gap. Inline rename on double-click (same pattern as
+  session rename). Create folder via + menu next to the existing + file button.
+
+### Track C: Architecture
+- Settings schema: `settings.json` with typed fields, validated on load, with
+  sane defaults. Served via `GET /api/settings`, written via `POST /api/settings`.
+
+**Tests:** ~15 new. Total: ~211.
+**Hermes CLI parity impact:** High (toolset control is the last major CLI feature)
+**Claude parity impact:** Medium (settings exist in Claude as a panel)
+
+---
+
+## Sprint 13 -- Notification System + Background Visibility
+
+**Theme:** Know what Hermes is doing even when you're not watching.
+
+**Why now:** Cron jobs run silently. Background errors surface nowhere. You have
+no way to know a long-running task finished (or failed) while you were on another
+tab. This is a meaningful daily driver gap for anyone using cron heavily.
+
+### Track A: Bugs
+- Cron "Run now" button shows no feedback if the job errors immediately.
+- Sessions with very long message histories (100+ messages) cause noticeable
+  render lag on load (no virtual scroll yet).
+
+### Track B: Features
+- **Cron completion alerts:** When a cron job finishes (success or error), push
+  a toast notification to the UI. Use a polling endpoint (`GET /api/crons/status`)
+  that the UI checks every 30s while the window is focused. Badge count on the
+  Tasks tab icon when there are unread completions.
+- **Background agent error alerts:** When a streaming session errors out (network
+  drop, model error, tool failure), and the user is not currently viewing that
+  session, show a persistent banner: "Session X encountered an error." Clicking
+  it navigates to that session.
+- **Virtual scroll for session list:** Session list currently renders all sessions
+  in the DOM. Above ~100 sessions, the sidebar gets slow. Implement simple virtual
+  scroll: render only ~20 visible rows, reuse DOM nodes on scroll.
+
+### Track C: Architecture
+- SSE reconnect: if the SSE connection drops mid-stream, auto-reconnect once
+  (with the same stream_id). Currently a network blip ends the response silently.
+
+**Tests:** ~14 new. Total: ~225.
+**Hermes CLI parity impact:** High (cron visibility, error surfacing)
+**Claude parity impact:** Medium (Claude has notification panel)
+
+---
+
+## Sprint 14 -- Project Organization + Session Management
+
+**Theme:** Organize work the way you think, not just chronologically.
+
+**Why now:** After 100+ sessions the sidebar is a flat chronological list.
+Finding sessions from 2 weeks ago, or keeping a "MyProject" workspace separate
+from personal work, requires the search box. This is the biggest remaining
+daily organizational gap vs. Claude's project folders.
+
+### Track A: Bugs
+- Session search content scan (depth=5) is slow on large session histories.
+  Add server-side caching of search index.
+- Date group headers ("Today / Yesterday / Earlier") use updated_at which can
+  be misleading for sessions touched by automated title-setting. Use created_at
+  for initial grouping, updated_at for sort order.
+
+### Track B: Features
+- **Session folders / projects:** A "Projects" section above the session list.
+  Each project is a named group. Sessions can be dragged into projects or
+  assigned via right-click. Stored in `projects.json`. Projects collapse/expand.
+  This is the single biggest Claude parity feature missing.
+- **Pin sessions:** Star icon on any session to pin it to the top of the list
+  above date groups. Persisted on the session JSON as `pinned: true`.
+- **Session tags:** Inline `#tag` syntax in session titles gets extracted and
+  shown as colored chips. Clicking a tag filters the list. No backend change
+  needed -- parsed client-side from title text.
+- **Archive sessions:** A "More" overflow menu on each session (right-click or
+  long-press) with: Archive (hides from main list, accessible via filter),
+  Duplicate (new session with same workspace/model), Export JSON.
+- **Import session from JSON:** Drag a `.json` export file into the sidebar to
+  restore it as a new session. Mirrors the existing JSON export.
+
+### Track C: Architecture
+- Session index v2: extend `_index.json` to include `tags`, `pinned`, and
+  `project_id` fields. Rebuild on session save. Enables fast client-side
+  filtering without disk reads.
+
+**Tests:** ~16 new. Total: ~241.
+**Hermes CLI parity impact:** Low (CLI has no session organization)
+**Claude parity impact:** Very High (projects are a core Claude concept)
+
+---
+
+## Sprint 15 -- Artifacts + Code Execution
+
+**Theme:** See outputs, not just text.
+
+**Why now:** Claude's most distinctive feature is the artifact panel --
+code runs inline, HTML renders in a sandboxed iframe, SVGs show as images.
+This is the largest single capability gap between what we have and what Claude
+feels like. It also directly enables the Hermes "code execution cell" feature
+(Jupyter-style in-browser execution).
+
+### Track A: Bugs
+- Prism.js autoloader makes one CDN request per language encountered. On a
+  code-heavy session this causes noticeable latency. Bundle the top 10 languages
+  (Python, JS, bash, JSON, SQL, YAML, TypeScript, CSS, HTML, Rust) locally.
+- Code blocks in long responses sometimes re-highlight on every renderMessages()
+  call. Debounce highlightCode() with requestAnimationFrame.
+
+### Track B: Features
+- **Artifact panel:** When Hermes produces a code block tagged as `html`, `svg`,
+  or `react`, a "Preview" button appears on that code block. Clicking it opens
+  a sandboxed `<iframe>` in the right panel showing the rendered output. The
+  preview updates live if Hermes edits the artifact in a follow-up.
+- **Code execution cell:** A "Run" button on Python code blocks. Sends the code
+  to a new server endpoint (`POST /api/execute`) which runs it in a subprocess
+  with a 30-second timeout and streams stdout/stderr back as SSE. Output appears
+  below the code block inline. This is the Jupyter cell experience without
+  needing a kernel.
+- **Mermaid diagram rendering:** Mermaid.js CDN (deferred). Code blocks tagged
+  as `mermaid` render as flow/sequence/gantt diagrams inline.
+
+### Track C: Architecture
+- Sandbox safety: `/api/execute` runs in a restricted subprocess (no network,
+  limited filesystem via a temp directory). Returns exit code, stdout, stderr,
+  and execution time.
+- Artifact state: artifacts are tracked in `S.artifacts = {}` (code block hash
+  -> rendered content). Persisted in session JSON as `artifacts` array.
+
+**Tests:** ~18 new. Total: ~259.
+**Hermes CLI parity impact:** High (code execution closes the Jupyter gap)
+**Claude parity impact:** Very High (artifacts are Claude's signature feature)
+
+---
+
+## Sprint 16 -- Voice + Multimodal Input
+
+**Theme:** Input beyond the keyboard.
+
+**Why now:** Voice is a meaningful quality-of-life feature for longer sessions
+and is achievable with Whisper. Image input closes the last modality gap with
+Claude (Claude accepts image paste natively -- we do too, but only as
+file uploads, not clipboard screenshots into the conversation directly).
+
+### Track A: Bugs
+- Image paste currently requires a click-to-attach flow. Direct paste into the
+  message textarea should embed the image inline (as a preview chip) and queue
+  it for upload on Send. (Partially works -- clean up edge cases.)
+- Large image uploads (>5MB) time out the upload step silently.
+
+### Track B: Features
+- **Voice input (Whisper):** A microphone icon in the composer. Hold to record,
+  release to transcribe via `POST /api/transcribe` (calls local Whisper or
+  OpenAI Whisper API). Transcribed text appears in the message input, editable
+  before send. Supports the full "voice -> text -> Hermes response" loop.
+- **TTS playback:** A speaker icon on assistant messages. Calls a TTS endpoint
+  (ElevenLabs or OpenAI TTS) and plays the audio. Toggle per-message. Optional
+  auto-play mode in settings.
+- **Vision input improvements:** Paste a screenshot directly from clipboard into
+  the conversation (not just the tray). Shows as an inline preview chip with
+  the image thumbnail. On Send, uploads and includes in the message.
+
+### Track C: Architecture
+- Audio pipeline: `POST /api/transcribe` streams audio bytes, returns transcript.
+  `GET /api/tts?text=...` returns audio/mpeg. Both use lazy import of Whisper
+  and TTS libraries to keep cold start fast.
+
+**Tests:** ~12 new. Total: ~271.
+**Hermes CLI parity impact:** Medium (voice not in CLI, but adds capability)
+**Claude parity impact:** High (Claude has native voice mode)
+
+---
+
+## Sprint 17 -- Subagent Visibility + Agentic Transparency
+
+**Theme:** Watch Hermes think, not just respond.
+
+**Why now:** When Hermes delegates to subagents (delegate_task, spawns parallel
+workstreams), the UI shows nothing. On long multi-agent tasks you have no idea
+what's happening. This is the last major "CLI feels better" gap for power users.
+
+### Track A: Bugs
+- Tool cards for delegate_task show no information about what the subagent was
+  asked to do or what it returned.
+- The activity bar text truncates at 55 chars -- tool previews for long terminal
+  commands show nothing useful.
+
+### Track B: Features
+- **Subagent delegation cards:** When `delegate_task` fires, show an expandable
+  card with the subagent's goal, status (pending/running/done), and result
+  summary. Multiple subagents from one call appear as a card group. Uses the
+  existing tool card infrastructure.
+- **Background task monitor:** A "Tasks" indicator in the topbar (separate from
+  the cron Tasks panel). Shows count of active agent threads. Click opens a
+  popover listing all in-flight streams with session names and elapsed times.
+  Cancel any individual thread. This is the full job queue visibility the CLI
+  implicitly has via `ps aux`.
+- **Thinking/reasoning display:** When the model emits reasoning tokens (o3,
+  Claude extended thinking), show them in a collapsible "Reasoning" card above
+  the response. Collapsed by default. This matches Claude's reasoning display.
+
+### Track C: Architecture
+- Task registry: extend STREAMS to include session name, start time, and task
+  description. New `GET /api/tasks/active` endpoint returns all running streams
+  with metadata.
+
+**Tests:** ~14 new. Total: ~285.
+**Hermes CLI parity impact:** Very High (subagent and task visibility is the
+  last major CLI gap)
+**Claude parity impact:** High (Claude shows reasoning, tool use visibly)
+
+---
+
+## Sprint 18 -- Auth, HTTPS, and Production Hardening
+
+**Theme:** Make this safe to leave running.
+
+**Why now:** Everything else is done. This is the sprint you run when you want
+to expose the UI beyond localhost -- to a team, a mobile device, or a public
+address.
+
+### Track A: Bugs
+- Server has no request size limit on non-upload endpoints (potential DoS).
+- Session JSON files have no size cap (a runaway agent could write GBs).
+
+### Track B: Features
+- **Password authentication:** A login page with a configurable password
+  (HERMES_WEBUI_PASSWORD env var). Signed cookie session (24h expiry).
+  Single-user model -- no accounts, no registration.
+- **HTTPS / reverse proxy guide:** A one-page `DEPLOY.md` with instructions
+  for running behind nginx + Let's Encrypt on a VPS. Configuration snippets
+  for systemd service, nginx config, certbot.
+- **Mobile responsive layout:** Collapsible sidebar (hamburger). Touch-friendly
+  session list (swipe to delete, tap to navigate). Composer expands on focus.
+  Right panel hidden by default on mobile, accessible via a Files tab.
+- **Rate limiting:** Simple per-IP token bucket on the chat/start endpoint
+  (configurable, default 10 req/min) to prevent accidental hammering.
+
+### Track C: Architecture
+- Helmet headers: X-Content-Type-Options, X-Frame-Options, HSTS (when served
+  over HTTPS). Simple middleware in the Handler.
+
+**Tests:** ~12 new. Total: ~297.
+**Hermes CLI parity impact:** Low (CLI has no auth/HTTPS concerns)
+**Claude parity impact:** Very High (Claude is authenticated, HTTPS only)
+
+---
+
+## Feature Parity Summary
+
+### After Sprint 17 (Hermes CLI parity: complete)
+
+| CLI Feature | Status |
+|-------------|--------|
+| Chat / agent loop | Done (v0.3) |
+| Streaming responses | Done (v0.5) |
+| Tool call visibility | Done (v0.0.7) |
+| File ops (read/write/search/patch) | Done (v0.6) |
+| Terminal commands | Done via workspace |
+| Cron job management | Done (v0.9) |
+| Skills management | Done (v0.9) |
+| Memory read/write | Done (v0.9) |
+| Session history | Done (v0.3) |
+| Workspace switching | Done (v0.7) |
+| Model selection | Done (v0.3) |
+| Toolset control | Sprint 12 |
+| Settings persistence | Sprint 12 |
+| Subagent visibility | Sprint 17 |
+| Background task monitor | Sprint 17 |
+| Code execution (Jupyter) | Sprint 15 |
+| Cron completion alerts | Sprint 13 |
+| Virtual scroll (perf) | Sprint 13 |
+
+### After Sprint 18 (Claude parity: ~90% complete)
+
+| Claude Feature | Status |
+|----------------|--------|
+| Dark theme, 3-panel layout | Done (v0.1) |
+| Streaming chat | Done (v0.5) |
+| Model switching | Done (v0.3) |
+| File attachments | Done (v0.6) |
+| Syntax highlighting | Done (v0.0.6) |
+| Tool use visibility | Done (v0.0.7) |
+| Edit/regenerate messages | Done (v0.0.6) |
+| Session management | Done (v0.6) |
+| Artifacts (HTML/SVG preview) | Sprint 15 |
+| Code execution inline | Sprint 15 |
+| Mermaid diagrams | Sprint 15 |
+| Projects / folders | Sprint 14 |
+| Pinned/starred sessions | Sprint 14 |
+| Reasoning display | Sprint 17 |
+| Voice input | Sprint 16 |
+| TTS playback | Sprint 16 |
+| Notifications | Sprint 13 |
+| Settings panel | Sprint 12 |
+| Auth / login | Sprint 18 |
+| HTTPS | Sprint 18 |
+| Mobile layout | Sprint 18 |
+| Sharing / public URLs | Not planned (requires server infra) |
+| Claude-specific features | Not replicable (Projects AI, artifacts sync) |
+
+### What is intentionally not planned
+
+- **Sharing / public conversation URLs:** Requires a hosted backend with access
+  control and CDN. Out of scope for a personal VPS deployment.
+- **Claude-specific model features:** Claude-native Projects memory, extended
+  artifacts sync, Anthropic's proprietary reasoning UI. These are Anthropic
+  infrastructure, not reproducible.
+- **Real-time collaboration:** Multiple users in the same session simultaneously.
+  Single-user assumption throughout.
+- **Plugin marketplace:** Hermes skills cover this use case already.
+
+---
+
+*Last updated: March 31, 2026*
+*Current version: v0.1.0 | 190 tests*
+*Next sprint: Sprint 11 (streaming smoothness + api/routes.py split)*
diff --git a/TESTING.md b/TESTING.md
new file mode 100644
index 0000000..79ac959
--- /dev/null
+++ b/TESTING.md
@@ -0,0 +1,1600 @@
+# Hermes WebUI: Browser Testing Plan
+
+> This document is for manual browser testing by you or by a Claude browser agent.
+> It covers every user-facing feature of the UI through Sprint 2.
+> Each section is written as a step-by-step test procedure with expected outcomes.
+> A browser agent (e.g. Claude with Chrome access) can execute this plan directly.
+>
+> Prerequisites: SSH tunnel is active on port 8787. Open http://localhost:8787 in browser.
+> Server health check: curl http://127.0.0.1:8787/health should return {"status":"ok"}.
+
+---
+
+## How to Use This Document
+
+Each test has:
+- SETUP: what to do before the test
+- STEPS: numbered actions to perform
+- EXPECT: what you should see (pass criteria)
+- FAIL: what a failure looks like
+
+Work through sections in order. Each section builds on the previous.
+
+---
+
+## Section 1: Initial Load and Empty State
+
+### T1.1: Fresh Load Shows Empty State
+SETUP: Clear localStorage (DevTools > Application > Local Storage > delete hermes-webui-session) or open in incognito.
+STEPS:
+  1. Navigate to http://localhost:8787
+EXPECT:
+  - Dark background, Hermes logo in sidebar header
+  - Center area shows "What can I help with?" heading with suggestion buttons
+  - Session list in sidebar is empty or shows existing sessions
+  - No session is highlighted active
+  - Send button is present but there is no input focus by default
+FAIL: Page shows error, blank white screen, or auto-creates a new session without user action.
+
+### T1.2: Suggestion Buttons Work
+SETUP: T1.1 complete, no active session.
+STEPS:
+  1. Click "What files are in this workspace?" suggestion button
+EXPECT:
+  - A new session is created automatically (since none existed)
+  - The text "What files are in this workspace?" appears as the user message
+  - Thinking dots appear below the user message
+  - After a few seconds, Hermes responds
+FAIL: Button does nothing, error appears, or page crashes.
+
+---
+
+## Section 2: Session Management
+
+### T2.1: Create New Session via + Button
+SETUP: Any state.
+STEPS:
+  1. Click the "+ New conversation" button in the sidebar
+EXPECT:
+  - A new session named "Untitled" appears highlighted in the session list
+  - The center area shows the empty state ("What can I help with?")
+  - The + button is the ONLY way to create a session (no auto-create on load)
+FAIL: Multiple sessions created, error thrown, or empty state not shown.
+
+### T2.2: Send a Message and See Response
+SETUP: Active session exists.
+STEPS:
+  1. Click in the message input at the bottom
+  2. Type: "Say hello in exactly three words"
+  3. Press Enter (not Shift+Enter)
+EXPECT:
+  - User message appears immediately in chat
+  - Thinking dots (three animated dots) appear below
+  - Status bar shows "Hermes is thinking..."
+  - Send button becomes disabled (grayed out)
+  - Within 10-30 seconds, Hermes responds with a three-word greeting
+  - Thinking dots disappear
+  - Send button re-enables
+  - Session title in sidebar updates to reflect the first message
+FAIL: Message never appears, thinking dots never go away, Send button stays disabled forever.
+
+### T2.3: Shift+Enter Creates Newline (Does Not Send)
+SETUP: Active session, input focused.
+STEPS:
+  1. Click the message input
+  2. Type "Line one"
+  3. Press Shift+Enter
+  4. Type "Line two"
+EXPECT:
+  - Two lines of text appear in the input box
+  - No message is sent (no user message appears in chat)
+FAIL: Message sent on Shift+Enter.
+
+### T2.4: Reload Restores Session
+SETUP: A session exists with at least one exchange (user + assistant).
+STEPS:
+  1. Note the session title and last message content
+  2. Reload the page (Cmd+R or F5)
+EXPECT:
+  - The same session loads automatically (no empty state)
+  - All messages from before the reload are visible
+  - Session title in topbar and sidebar matches what it was before
+FAIL: Session lost on reload, empty state shown, or messages missing.
+
+### T2.5: Delete Active Session
+SETUP: At least two sessions exist. One is active.
+STEPS:
+  1. Hover over the active session in the sidebar (trash icon appears)
+  2. Click the trash icon on the active session
+EXPECT:
+  - A "Conversation deleted" toast appears at the bottom for ~3 seconds
+  - The deleted session disappears from the sidebar list
+  - The next most recent session automatically loads (or empty state if none remain)
+  - NO new session is auto-created
+FAIL: Session not removed, new session auto-created, error shown, or wrong session loaded.
+
+### T2.6: Delete Non-Active Session
+SETUP: At least two sessions exist. Session B is not active.
+STEPS:
+  1. Hover over a session that is NOT currently active
+  2. Click its trash icon
+EXPECT:
+  - Toast "Conversation deleted" appears
+  - That session disappears from list
+  - Currently active session remains active and unchanged
+FAIL: Active session changes, multiple sessions deleted, or error.
+
+### T2.7: Delete Last Session Shows Empty State
+SETUP: Exactly one session exists.
+STEPS:
+  1. Delete that session via the trash icon
+EXPECT:
+  - Session list is empty
+  - Center area shows "What can I help with?" empty state
+  - No session is auto-created
+FAIL: New session created, error thrown, or UI breaks.
+
+---
+
+## Section 3: Model Selection
+
+### T3.1: Model Dropdown Shows All Options
+SETUP: Any active session.
+STEPS:
+  1. Look at the sidebar bottom: "Model" label and a dropdown
+  2. Click the dropdown to expand it
+EXPECT:
+  - Provider groups visible: OpenAI, Anthropic, Other
+  - OpenAI group: GPT-5.4 Mini, GPT-4o, o3, o4-mini
+  - Anthropic group: Claude Sonnet 4.6, Claude Sonnet 4.5, Claude Haiku 3.5
+  - Other group: Gemini 2.5 Pro, DeepSeek V3, Llama 4 Scout
+FAIL: Only 2 options visible, no groups, or missing models.
+
+### T3.2: Model Chip Reflects Selection
+SETUP: Active session.
+STEPS:
+  1. Change model dropdown to "Claude Sonnet 4.6"
+EXPECT:
+  - The blue chip in the topbar right updates to "Sonnet 4.6" immediately
+  - NOT "GPT-5.4 Mini" (this was Bug B3, now fixed)
+STEPS (continued):
+  2. Change model to "Gemini 2.5 Pro"
+EXPECT:
+  - Chip updates to "Gemini 2.5 Pro" (not "GPT-5.4 Mini")
+FAIL: Chip shows wrong model name for any non-Sonnet selection.
+
+---
+
+## Section 4: File Upload
+
+### T4.1: Click-to-Attach Opens File Picker
+SETUP: Active session.
+STEPS:
+  1. Click the paperclip icon in the composer footer
+EXPECT:
+  - OS file picker dialog opens
+  - Accepted types filter visible (images, text, PDF, common code files)
+FAIL: Nothing happens, error thrown.
+
+### T4.2: Attach a Text File and Send
+SETUP: Have a small .txt or .py file ready to upload.
+STEPS:
+  1. Click the paperclip, select the file
+  2. File chip appears in the composer tray above the input
+  3. Type "What is in this file?" in the input
+  4. Press Enter
+EXPECT:
+  - Upload progress bar briefly appears
+  - User message shows the message text plus a file badge with the filename
+  - Hermes responds describing or reading the file content
+FAIL: Upload fails, file badge never appears, Hermes does not mention the file.
+
+### T4.3: Drag and Drop a File
+SETUP: Active session, a file ready on your desktop.
+STEPS:
+  1. Drag a file from Finder/Explorer over the composer area
+EXPECT:
+  - Blue dashed border and "Drop files to upload to workspace" overlay appear
+STEPS (continued):
+  2. Drop the file
+EXPECT:
+  - File chip appears in the tray
+  - Overlay disappears
+FAIL: No drag visual feedback, file not accepted, error on drop.
+
+### T4.4: Paste Screenshot from Clipboard
+SETUP: Take a screenshot (Cmd+Shift+4 on Mac, saves to clipboard).
+STEPS:
+  1. Click in the message input
+  2. Press Cmd+V (paste)
+EXPECT:
+  - An image file chip appears in the tray: "screenshot-{timestamp}.png"
+  - Status bar briefly shows "Image pasted: screenshot-..."
+FAIL: Nothing pasted, error, or raw binary data appears in input.
+
+### T4.5: Remove a File from Tray
+SETUP: At least one file in the attach tray.
+STEPS:
+  1. Click the X button on a file chip in the tray
+EXPECT:
+  - That file is removed from the tray
+  - If it was the only file, tray collapses
+FAIL: File not removed, error.
+
+---
+
+## Section 5: Workspace File Browser
+
+### T5.1: File Tree Loads on Session Start
+SETUP: Active session with workspace set.
+EXPECT:
+  - Right panel shows "WORKSPACE" header
+  - File tree lists files and directories in the workspace
+  - Directories have folder icons
+  - Files have type-appropriate icons (camera for images, notepad for markdown, etc.)
+FAIL: Right panel is blank, error, or all files show generic icon regardless of type.
+
+### T5.2: Navigate Into a Directory
+SETUP: Workspace has at least one subdirectory.
+STEPS:
+  1. Click a directory name in the file tree
+EXPECT:
+  - File tree updates to show contents of that directory
+  - A ".." or breadcrumb is NOT shown (current behavior: flat navigation)
+FAIL: Click does nothing, error, or entire page breaks.
+
+### T5.3: Preview a Code File
+SETUP: Workspace has a .py or .js or .txt file.
+STEPS:
+  1. Click the file name in the tree
+EXPECT:
+  - Right panel switches from file tree to preview area
+  - File path shown at top with file extension badge (gray)
+  - File contents shown as monospace text (raw code)
+  - File tree is hidden, preview is visible
+FAIL: Nothing happens, binary gibberish shown, crash.
+
+### T5.4: Close Preview Returns to File Tree
+SETUP: T5.3 complete, preview is showing.
+STEPS:
+  1. Click the X button in the panel header
+EXPECT:
+  - Preview closes
+  - File tree is visible again
+  - Preview area is hidden
+  - Reopening the same file shows fresh content (no stale cached text)
+FAIL: X button does nothing, tree does not reappear.
+
+### T5.5: Preview an Image File (Sprint 2)
+SETUP: Upload a PNG, JPG, or any image file to the workspace, OR the workspace already contains one.
+STEPS:
+  1. Click an image file (e.g. .png or .jpg) in the file tree
+EXPECT:
+  - Preview area shows the actual image rendered inline (NOT a blob of bytes or placeholder)
+  - Image is centered, fits within the panel width
+  - Path bar shows "image" badge in blue
+  - Image maintains aspect ratio
+FAIL: Raw binary text displayed, broken image icon, error message, or nothing happens.
+
+### T5.6: Preview a Markdown File (Sprint 2)
+SETUP: Workspace has a .md file (or create one: upload a file named README.md with some markdown content).
+STEPS:
+  1. Click the .md file in the file tree
+EXPECT:
+  - Preview shows formatted, rendered markdown (NOT raw text with asterisks)
+  - Headings render as large bold text
+  - **bold** renders as bold, *italic* as italic
+  - Bullet lists render as actual list items
+  - Code blocks render in monospace with dark background
+  - Path bar shows "md" badge in gold
+FAIL: Raw markdown text with asterisks/hashes shown, or no preview at all.
+
+### T5.7: Markdown Preview Renders Tables (Sprint 2)
+SETUP: Upload or create a .md file with a table like:
+  | Name | Value |
+  |------|-------|
+  | foo  | bar   |
+STEPS:
+  1. Click the file in the file tree
+EXPECT:
+  - Table renders as an actual HTML table with borders
+  - Column headers (Name, Value) are bold/highlighted
+  - Data rows alternate subtle background
+FAIL: Table displayed as raw pipe-separated text.
+
+### T5.8: Refresh Files Button
+SETUP: Active session, workspace has files.
+STEPS:
+  1. Click the "Files" refresh button in the sidebar bottom actions
+EXPECT:
+  - File tree reloads
+  - If a file was added externally, it now appears
+FAIL: Error, spinner never stops, tree clears without reloading.
+
+---
+
+## Section 6: Workspace Path
+
+### T6.1: Change Workspace Path
+SETUP: Active session.
+STEPS:
+  1. Click the workspace path display in the sidebar bottom (shows current path)
+  2. A prompt dialog appears
+  3. Enter a new valid path (e.g. /tmp)
+  4. Click OK
+EXPECT:
+  - Workspace chip in topbar updates to show the last segment of the new path
+  - File tree refreshes to show files at the new path
+  - Next message sent uses the new workspace
+FAIL: Dialog does not appear, path not saved, error on invalid path.
+
+---
+
+## Section 7: Tool Approval
+
+### T7.1: Dangerous Command Shows Approval Card
+SETUP: Active session with a test-workspace (NOT a production directory).
+STEPS:
+  1. Type: "Run the command: rm -rf /tmp/hermes_test_delete_me"
+  2. Send the message
+EXPECT:
+  - Thinking dots appear
+  - An orange/red approval card appears above the composer:
+    "Dangerous command - approval required"
+  - The card shows the command text
+  - The card shows the pattern description (e.g. "recursive delete [recursive_delete]")
+  - Four buttons: Allow once, Allow this session, Always allow, Deny
+FAIL: No card appears, agent executes without asking, page crashes.
+
+### T7.2: Deny Approval Blocks the Command
+SETUP: T7.1 complete, card is showing.
+STEPS:
+  1. Click "Deny"
+EXPECT:
+  - Approval card disappears
+  - Agent responds with a message indicating the command was denied/blocked
+  - No file was deleted
+FAIL: Command executes despite deny, card stays up, error.
+
+### T7.3: Allow Once Executes the Command
+SETUP: Create a safe test: type "Run: touch /tmp/hermes_approval_test.txt"
+STEPS:
+  1. Send the message
+  2. When approval card appears, click "Allow once"
+EXPECT:
+  - Approval card disappears
+  - Agent continues and reports the command ran successfully
+  - Verify: open a terminal and run: ls /tmp/hermes_approval_test.txt
+FAIL: Command blocked after Allow once, card stays, error.
+
+---
+
+## Section 8: Transcript Download
+
+### T8.1: Download Conversation as Markdown
+SETUP: A session with at least 2 messages (1 user + 1 assistant).
+STEPS:
+  1. Click the "Transcript" download button in the sidebar bottom
+EXPECT:
+  - Browser downloads a .md file named hermes-{session_id}.md
+  - Opening the file shows the conversation in markdown format:
+    ## user
+    (message text)
+    ## assistant
+    (response text)
+FAIL: No download triggered, file is empty, file is corrupted JSON instead of markdown.
+
+---
+
+## Section 9: Reconnect Banner (Sprint 1 - B4/B5)
+
+### T9.1: Reconnect Banner After Mid-Stream Reload
+NOTE: This test requires deliberate timing. Best done with a slow/long agent request.
+SETUP: Active session.
+STEPS:
+  1. Send a message that will take a while (e.g. "Write me a 500-word short story")
+  2. While thinking dots are showing (within the first 5 seconds), reload the page (Cmd+R)
+EXPECT:
+  - Page reloads and restores the session
+  - A gold/amber banner appears near the top: "A response may have been in progress..."
+  - Two buttons on the banner: "Dismiss" and "Reload"
+  - Clicking "Reload" fetches fresh messages from server
+  - Clicking "Dismiss" removes the banner
+FAIL: No banner shown, page crashes, banner appears on normal reloads with no in-flight request.
+
+---
+
+## Section 10: Multi-Session and Concurrent Behavior
+
+### T10.1: Switch Sessions While Response Is Loading
+SETUP: Active session, agent running (thinking dots visible from a previous message).
+STEPS:
+  1. While thinking dots are showing, click a DIFFERENT session in the sidebar
+EXPECT:
+  - The new session loads cleanly (its messages show)
+  - The Send button for the NEW session is NOT disabled (it's not busy)
+  - The original session's response is still being generated in the background
+  - Clicking back to the original session shows the thinking dots still running
+  - When the original request finishes, its messages update correctly
+FAIL: New session shows busy state, switching breaks messages, response lands in wrong session.
+
+### T10.2: Multiple Sessions in List (Up to 30)
+SETUP: Create enough sessions to have at least 5 in the sidebar.
+EXPECT:
+  - Sessions listed most-recently-updated first
+  - Long titles truncate with "..." and do not overflow the sidebar width
+  - Hover shows the trash icon on any session
+FAIL: Titles overflow sidebar, order is wrong, trash icon never appears.
+
+---
+
+## Section 11: Visual and Layout Checks
+
+### T11.1: Right Panel Hidden on Small Screens
+STEPS:
+  1. Resize browser window to below 900px width
+EXPECT:
+  - Right panel (workspace) disappears
+  - Chat area expands to fill the full width
+FAIL: Right panel overlaps chat or causes horizontal scroll.
+
+### T11.2: Sidebar Hidden on Very Small Screens
+STEPS:
+  1. Resize browser window to below 640px width
+EXPECT:
+  - Left sidebar disappears
+  - Chat area takes full width
+FAIL: Sidebar causes layout overflow or blocks chat.
+
+### T11.3: Structured Log Output
+SETUP: SSH access to the server.
+STEPS:
+  1. In a terminal: tail -f /tmp/webui-mvp.log
+  2. In browser: perform any action (load page, send message, click file)
+EXPECT:
+  - Log entries appear in terminal as JSON: {"ts":"...","method":"GET","path":"/health","status":200,"ms":0.1}
+  - Every request produces one log line
+  - Status codes are correct (200 for success, 400 for bad requests)
+FAIL: No log output, log shows Apache-style text instead of JSON, log file not created.
+
+---
+
+## Section 12: Error Handling
+
+### T12.1: Send Button Disabled When Busy
+SETUP: Message is sending (thinking dots visible).
+EXPECT:
+  - Send button is visually grayed out
+  - Pressing Enter does NOT send another message
+  - Clicking Send button does nothing
+FAIL: Multiple messages sent while one is in flight.
+
+### T12.2: Upload Failure Shows Status
+SETUP: Active session.
+STEPS:
+  1. Try to attach a file larger than 20MB (if available)
+EXPECT:
+  - Status bar shows an error message about file size or the upload is rejected
+  - The chat is not broken (can still send messages)
+FAIL: Uncaught error, page crashes, or no feedback given.
+
+### T12.3: File Preview for Binary Non-Image
+SETUP: Workspace has a .zip or .bin file.
+STEPS:
+  1. Click the binary file in the file tree
+EXPECT:
+  - Code preview shows some text (may be replacement characters for binary content)
+  - OR a "File too large" or "Could not open file" error in the status bar
+  - Page does NOT crash
+FAIL: Browser freezes, crash, or security issue.
+
+---
+
+## Automated Test Coverage Reference
+
+These behaviors are verified by pytest (run: venv/bin/python -m pytest webui-mvp/tests/ -v):
+
+Sprint 1 tests (test_sprint1.py):
+  - Server health, session CRUD (create/load/update/delete/sort)
+  - B11 footgun fix (/api/session 400 on missing ID)
+  - Multipart parser: text file, binary PNG
+  - HTTP upload: success, too large, no file field, bad session
+  - Approval API: pending, inject+deny, inject+session-approve
+  - Stream status endpoint
+  - File listing, path traversal block
+
+Sprint 2 tests (test_sprint2.py):
+  - GET /api/file/raw: PNG, JPEG, SVG content-types
+  - GET /api/file/raw: path traversal blocked, missing file 404
+  - GET /api/file: markdown content returned as text
+  - GET /api/file: markdown with table content preserved
+  - GET /api/list: image and markdown files appear in directory listing
+
+Manual-only tests (not covered by automation):
+  - All browser rendering tests (T5.5, T5.6, T5.7 -- visual verification)
+  - T7.1-T7.3 -- tool approval card (requires live agent execution)
+  - T9.1 -- reconnect banner timing
+  - T10.1 -- concurrent session switching
+  - T11.1, T11.2 -- responsive layout
+  - T11.3 -- log output verification
+  - All visual/CSS checks
+
+---
+
+## Claude Browser Agent Instructions
+
+If you are a Claude agent with browser access, follow these instructions:
+
+1. Navigate to http://localhost:8787 (assumes SSH tunnel is active from your Mac).
+2. Execute tests in order. For each test:
+   a. Follow SETUP instructions.
+   b. Perform each STEP using browser tools (click, type, navigate).
+   c. Use browser_vision or browser_snapshot to verify EXPECT conditions.
+   d. Record PASS or FAIL with a brief note on what you observed.
+3. For tests requiring file uploads: use the browser's file picker; you may need to
+   create test files in /tmp first via terminal.
+4. For T7.x (approval tests): the agent running inside Hermes needs to detect a
+   dangerous command. Ask Hermes to "run: rm -rf /tmp/test_hermes_approval" and watch
+   for the card. The actual rm will not run in a safe test workspace.
+5. Skip T9.1 (reconnect banner) unless you can precisely time a page reload during an
+   active SSE stream.
+6. Report results as a checklist at the end.
+
+---
+
+*Last updated: Sprint 2, March 30, 2026*
+*Server version: v0.4 (server.py in webui-mvp/)*
+*Run automated tests: python -m pytest tests/ -v*
+
+---
+
+## Section 13: Sidebar Panel Navigation (Sprint 3)
+
+### T13.1: Four Tabs Visible in Sidebar
+EXPECT:
+  - Four tabs at top of sidebar: Chat, Tasks, Skills, Memory (with icons)
+  - Chat tab is active/highlighted by default on load
+FAIL: Only one section visible, no tabs shown.
+
+### T13.2: Tab Switching Preserves Chat State
+STEPS:
+  1. Send a message, get a response (so chat has content)
+  2. Click the "Tasks" tab
+  3. Click the "Chat" tab
+EXPECT:
+  - When on Tasks tab: session list disappears, cron list appears
+  - When back on Chat: full conversation is still there, session list returns
+  - Send button still works after switching back
+FAIL: Messages lost, session list blank, Send button broken.
+
+---
+
+## Section 14: Tasks Panel (Cron Viewer) (Sprint 3)
+
+### T14.1: Tasks Tab Shows Cron Jobs
+STEPS:
+  1. Click the "Tasks" tab in the sidebar
+EXPECT:
+  - A list of scheduled jobs appears
+  - Each job shows its name and a status badge (active/paused/error/off)
+  - At least one job visible ("Morning Crypto Update" or similar)
+FAIL: Empty list, loading spinner forever, error message.
+
+### T14.2: Expand a Job Row
+STEPS:
+  1. Click a job name/row in the Tasks panel
+EXPECT:
+  - Row expands to show: schedule string, prompt text (truncated), action buttons
+  - "Run now" button (blue), "Pause" or "Resume" button
+  - Last output section showing timestamp and content from the last run
+FAIL: Click does nothing, no expansion, buttons missing.
+
+### T14.3: Pause and Resume a Job
+STEPS:
+  1. Expand an active job
+  2. Click "Pause"
+EXPECT:
+  - Toast: job paused
+  - Job list reloads, status badge changes to "paused"
+  - Button changes to "Resume"
+STEPS (continued):
+  3. Click "Resume"
+EXPECT:
+  - Toast: job resumed
+  - Status badge returns to "active"
+FAIL: Status doesn't change, error toast.
+
+### T14.4: Last Output Shows Real Content
+SETUP: At least one job has run at least once.
+STEPS:
+  1. Expand a job that has run
+EXPECT:
+  - Last output section shows a timestamp (e.g. "2026-03-30_16-00-37")
+  - Content preview of the last run output (first ~600 chars)
+FAIL: "(no runs yet)" shown even though job has run, or content is garbled.
+
+---
+
+## Section 15: Skills Panel (Sprint 3)
+
+### T15.1: Skills Tab Shows Categorized List
+STEPS:
+  1. Click the "Skills" tab
+EXPECT:
+  - A search box at the top
+  - Skills grouped by category with folder icons and count (e.g. "autonomous-ai-agents (4)")
+  - Individual skill items with name and short description excerpt
+FAIL: Loading forever, empty list, uncategorized blob.
+
+### T15.2: Search Filters Skills
+STEPS:
+  1. Click the Skills tab
+  2. Type "github" in the search box
+EXPECT:
+  - List narrows to only skills matching "github" in name, description, or category
+  - Categories with no matches are hidden
+STEPS (continued):
+  3. Clear the search box
+EXPECT:
+  - Full list returns
+FAIL: Search does nothing, list disappears entirely.
+
+### T15.3: Click Skill Opens SKILL.md in Right Panel
+STEPS:
+  1. Click the Skills tab
+  2. Click any skill name (e.g. "dogfood")
+EXPECT:
+  - The right workspace panel switches to preview mode
+  - The skill's SKILL.md content renders as formatted markdown
+  - Path bar shows the skill name with gold "skill" badge
+  - Headings, bold, lists all render correctly (not raw asterisks)
+FAIL: Nothing happens in right panel, raw markdown text shown, error.
+
+---
+
+## Section 16: Memory Panel (Sprint 3)
+
+### T16.1: Memory Tab Shows Personal Notes
+STEPS:
+  1. Click the "Memory" tab
+EXPECT:
+  - Two sections: "My Notes" and "User Profile"
+  - Each section has a last-modified timestamp in the header
+  - Content renders as formatted markdown (not raw text)
+FAIL: Blank, loading forever, error, raw text with § symbols.
+
+### T16.2: Memory Content is Accurate
+STEPS:
+  1. Open Memory tab
+  2. Check a fact you know is in memory (e.g. your Pacific Time preference)
+EXPECT:
+  - The fact appears in the correct section (User Profile or My Notes)
+FAIL: Wrong content shown, different user's data, empty even though memory exists.
+
+---
+
+## Section 17: Bug Fix Verification (Sprint 3)
+
+### T17.1: B6 - New Session Inherits Workspace
+SETUP: Active session with workspace changed to a non-default path (e.g. /tmp).
+STEPS:
+  1. Click + New conversation while workspace is set to /tmp
+EXPECT:
+  - New session shows /tmp in the workspace chip and path display
+  - File tree shows files from /tmp
+FAIL: New session resets to default test-workspace.
+
+### T17.2: B10 - Tool Events Replace Thinking Dots
+SETUP: Send a message that will trigger tool use (e.g. "What files are in /tmp?").
+STEPS:
+  1. Watch the chat area carefully after sending
+EXPECT:
+  - Thinking dots appear immediately
+  - When first tool fires: dots disappear, replaced by a compact "Running terminal..." row
+  - When first token arrives: tool row disappears, streaming text begins
+  - NOT: thinking dots AND "Running..." AND streaming text all visible at once
+FAIL: Thinking dots stay while tool runs, or multiple rows stacked confusingly.
+
+### T17.3: B14 - Cmd/Ctrl+K Creates New Chat
+STEPS:
+  1. Press Cmd+K (Mac) or Ctrl+K (Windows/Linux) while on the Chat tab
+EXPECT:
+  - A new "Untitled" session is created
+  - Empty state shown, input focused
+  - Does NOT work if a request is in-flight (Send is disabled)
+FAIL: Nothing happens, browser intercepts shortcut for its own purpose, crash.
+
+---
+
+## Automated Test Coverage (Updated Sprint 3)
+
+Sprint 3 tests (test_sprint3.py) - 21 tests:
+  - Cron API: list, required fields, output, pause/resume validation, run nonexistent
+  - Skills API: list, required fields, content for known skill, name required
+  - Memory API: both files returned, string types, mtime keys present
+  - Input validation: session/update, session/delete, chat/start require fields;
+    chat/start requires message; session/update unknown ID returns 404
+  - B6: new session with workspace param sets it correctly
+
+Manual-only (not covered by automation):
+  - T13.x - T16.x: all visual panel rendering tests
+  - T17.1-T17.3: bug fix verification (B6/B10/B14)
+  - All previous manual tests from Sections 1-12
+
+---
+
+*Last updated: Sprint 3, March 30, 2026*
+*Total automated tests: 48/48*
+*Run: python -m pytest tests/ -v*
+
+---
+
+## Section 18: Source Relocation Verification (Sprint 4)
+
+### T18.1: UI Loads and CSS Renders Correctly After Relocation
+STEPS:
+  1. Open http://localhost:8787
+EXPECT:
+  - Dark background, correct colors, sidebar visible
+  - Open DevTools Network tab: verify style.css loads from /static/style.css (not inline)
+  - No CSS errors in console
+FAIL: Plain unstyled HTML, white background, console errors about missing stylesheet.
+
+---
+
+## Section 19: Session Rename (Sprint 4)
+
+### T19.1: Double-Click to Rename a Session
+SETUP: At least one session in the sidebar.
+STEPS:
+  1. Double-click on a session title in the sidebar
+EXPECT:
+  - The title text is replaced by an editable input field, pre-selected
+  - Input has a blue border style
+  - Sidebar click does NOT navigate away (click is stopped)
+FAIL: Nothing happens, navigation fires, input not focused.
+
+### T19.2: Enter Commits the Rename
+STEPS (continued from T19.1):
+  1. Clear the input and type "My Renamed Session"
+  2. Press Enter
+EXPECT:
+  - Input disappears, replaced by the new title text
+  - Sidebar shows "My Renamed Session"
+  - If this was the active session, topbar title also updates immediately
+  - Page reload: title persists
+FAIL: Title reverts, topbar doesn't update, enter not handled.
+
+### T19.3: Escape Cancels the Rename
+STEPS:
+  1. Double-click a session to start editing
+  2. Type some changes
+  3. Press Escape
+EXPECT:
+  - Input disappears, original title restored (no change)
+FAIL: Title changed despite Escape, crash.
+
+### T19.4: Blur (Click Away) Commits the Rename
+STEPS:
+  1. Double-click a session, type a new name
+  2. Click somewhere else on the page (not the input)
+EXPECT:
+  - New title is committed (same as pressing Enter)
+FAIL: Title reverts on blur.
+
+---
+
+## Section 20: Session Search (Sprint 4)
+
+### T20.1: Search Box Filters Sessions
+SETUP: Multiple sessions with different titles (including at least one you renamed in T19).
+STEPS:
+  1. Verify the Chat tab is active in the sidebar
+  2. Type part of a known session title in the "Filter conversations..." box
+EXPECT:
+  - List updates live as you type, showing only matching sessions
+  - Non-matching sessions disappear
+  - No network request (filtering is instant, client-side)
+FAIL: All sessions shown regardless, search causes page reload, error.
+
+### T20.2: Clear Search Restores Full List
+STEPS (continued):
+  1. Clear the search input
+EXPECT:
+  - Full session list returns immediately
+FAIL: List stays filtered after clearing.
+
+### T20.3: No Match Shows Empty List
+STEPS:
+  1. Type "zzznomatch9999" in the search box
+EXPECT:
+  - Session list is empty (no items)
+  - No error message, just empty
+FAIL: Error shown, crash, or unfiltered list still displayed.
+
+---
+
+## Section 21: Workspace File Operations (Sprint 4)
+
+### T21.1: Delete Button Appears on File Hover
+SETUP: Workspace has at least one file.
+STEPS:
+  1. Hover over a file in the right panel file tree
+EXPECT:
+  - A small trash icon appears on the right side of the file row
+  - Hovering away hides it again
+FAIL: No icon ever appears, icon always visible (not hover-only).
+
+### T21.2: Delete a File with Confirmation
+STEPS:
+  1. Hover over a file and click its trash icon
+  2. A browser confirm dialog appears: "Delete [filename]?"
+  3. Click OK
+EXPECT:
+  - Toast: "Deleted [filename]"
+  - File disappears from the tree
+  - If the file was open in the preview panel, preview closes
+FAIL: File not deleted, no confirmation dialog, error.
+
+### T21.3: Cancel Delete Does Nothing
+STEPS:
+  1. Hover over a file and click its trash icon
+  2. Click Cancel on the confirm dialog
+EXPECT:
+  - File remains in the tree
+  - No toast, no error
+FAIL: File deleted despite cancel.
+
+### T21.4: Create a New File
+STEPS:
+  1. Click the + button in the workspace panel header
+  2. A prompt dialog appears: "New file name (e.g. notes.md):"
+  3. Type "test-sprint4.md" and click OK
+EXPECT:
+  - Toast: "Created test-sprint4.md"
+  - File appears in the tree
+  - File opens immediately in the preview panel
+  - File is empty (no content)
+FAIL: Nothing happens, error, file not created.
+
+### T21.5: Create File Validates Name
+STEPS:
+  1. Click + for a new file
+  2. Press Cancel or leave name empty
+EXPECT:
+  - Nothing created, no error
+FAIL: Empty-named file created, crash.
+
+---
+
+## Automated Test Coverage (Updated Sprint 4)
+
+Sprint 4 tests (test_sprint4.py) - 20 tests:
+  - Relocation: server health, static CSS served, unknown static 404
+  - Session rename: success, persistence, truncation, missing fields, unknown ID
+  - Session search: matches found, empty query, no results
+  - File create: success, missing fields, duplicate rejected
+  - File delete: success, missing file 404, path traversal blocked
+  - Validation: /api/list and /api/file require session_id and path
+
+Total automated: 68/68 passing.
+
+Manual-only for Sprint 4:
+  - T18.1: visual CSS verification
+  - T19.1-T19.4: inline rename UX
+  - T20.1-T20.3: live search UX
+  - T21.1-T21.5: file operations UX
+
+---
+
+
+
+---
+
+## Section 22: Workspace Management (Sprint 5)
+
+### T22.1: Spaces Tab Shows Configured Workspaces
+STEPS:
+  1. Click the "Spaces" tab in the sidebar (folder icon)
+EXPECT:
+  - A list of workspaces with name and path
+  - At least the default workspace (test-workspace) listed
+  - An "Add workspace path" input at the bottom
+  - Each workspace has "Use" and X (remove) buttons
+FAIL: Empty panel, loading forever, error.
+
+### T22.2: Add a Valid Workspace Path
+STEPS:
+  1. Type "/tmp" in the add input and click + Add
+EXPECT:
+  - "/tmp" appears in the list with name "tmp"
+  - Toast: "Workspace added"
+FAIL: Error shown, path not saved, no feedback.
+
+### T22.3: Add an Invalid Path is Rejected
+STEPS:
+  1. Type "/this/path/does/not/exist" in the add input and click + Add
+EXPECT:
+  - Status bar shows an error (e.g. "Path does not exist")
+  - Path is NOT added to the list
+FAIL: Invalid path added, no error.
+
+### T22.4: Remove a Workspace
+STEPS:
+  1. Click the X button next to any non-default workspace
+  2. Confirm the dialog
+EXPECT:
+  - Workspace disappears from the list
+  - Toast: "Workspace removed"
+FAIL: Workspace stays, no confirmation, error.
+
+### T22.5: Topbar Workspace Chip is a Dropdown
+STEPS:
+  1. In any active chat session, look at the topbar right side
+  2. Click the workspace chip (shows folder icon + workspace name + arrow)
+EXPECT:
+  - A dropdown appears listing all configured workspaces
+  - Current workspace is highlighted
+  - A "Manage workspaces" link at the bottom
+FAIL: Nothing happens, no dropdown, error.
+
+### T22.6: Quick-Switch Workspace via Topbar
+SETUP: At least two workspaces configured (add /tmp if needed via Spaces tab).
+STEPS:
+  1. Click the workspace chip to open the dropdown
+  2. Click a different workspace than the current one
+EXPECT:
+  - Dropdown closes
+  - Toast: "Switched to [name]"
+  - Workspace chip in topbar updates to the new workspace name
+  - File tree in right panel refreshes to show files in the new workspace
+  - Current session is now using the new workspace
+FAIL: Workspace chip doesn't update, file tree unchanged, error.
+
+### T22.7: New Session Inherits Last Used Workspace
+SETUP: Switch to a non-default workspace (e.g. /tmp) via the topbar dropdown.
+STEPS:
+  1. Click + New conversation
+EXPECT:
+  - New session's workspace chip shows the same workspace you last switched to (/tmp)
+  - File tree shows files from /tmp
+FAIL: New session defaults back to test-workspace.
+
+---
+
+## Section 23: Copy Message to Clipboard (Sprint 5)
+
+### T23.1: Copy Icon Appears on Hover
+SETUP: A chat session with at least one message.
+STEPS:
+  1. Hover over any chat message (user or assistant)
+EXPECT:
+  - A small clipboard icon appears in the message header row (right side of "You" or "Hermes")
+  - Icon is not visible when not hovering
+FAIL: No icon ever appears, always visible.
+
+### T23.2: Copy Puts Text in Clipboard
+STEPS:
+  1. Hover over an assistant message
+  2. Click the clipboard icon
+EXPECT:
+  - Icon briefly shows a checkmark (✓) then reverts to clipboard
+  - Paste (Cmd+V) elsewhere shows the full text of that message
+FAIL: No visual feedback, clipboard empty or wrong content.
+
+---
+
+## Section 24: Inline File Editor (Sprint 5)
+
+### T24.1: Code File Opens in Read-Only Mode
+STEPS:
+  1. Click any .py, .js, or .txt file in the workspace file tree
+EXPECT:
+  - File content shows in read-only monospace view
+  - An "✎ Edit" button is visible in the preview path bar
+  - Content is NOT editable (clicking in it does nothing)
+FAIL: Content immediately editable, no Edit button.
+
+### T24.2: Edit Button Enters Edit Mode
+STEPS:
+  1. Click "✎ Edit" on a code file preview
+EXPECT:
+  - Read-only view replaced by an editable textarea
+  - Content of the file is pre-populated in the textarea
+  - Button changes to "💾 Save"
+FAIL: Nothing changes, button doesn't change.
+
+### T24.3: Save Writes Changes to Disk
+STEPS:
+  1. In edit mode, change some text
+  2. Click "💾 Save"
+EXPECT:
+  - Read-only view returns, showing the updated content
+  - Toast: "Saved"
+  - Verify: refreshing the file tree and reopening the file shows the new content
+FAIL: Save does nothing, content reverts, error.
+
+### T24.4: Dirty Indicator Shows Unsaved Changes
+STEPS:
+  1. Enter edit mode on a file
+  2. Make any change (type a character)
+EXPECT:
+  - Button shows "💾 Save*" (asterisk indicates unsaved changes)
+FAIL: No asterisk, button stays as "💾 Save".
+
+### T24.5: Markdown File Edit-Save Roundtrip
+STEPS:
+  1. Click a .md file in the workspace
+  2. Click Edit
+  3. Add a new line: "## Added by Sprint 5 test"
+  4. Click Save
+EXPECT:
+  - Save succeeds (toast)
+  - Markdown view re-renders showing the new heading
+FAIL: Save fails, markdown not re-rendered.
+
+---
+
+## Automated Test Coverage (Updated Sprint 5)
+
+Sprint 5 tests (test_sprint5.py) - 18 tests:
+  - Phase A: app.js served correctly
+  - Workspace CRUD: list, add valid, add invalid path, add invalid dir, add duplicate, requires path, remove, rename, rename unknown
+  - Last workspace tracking: updates on session/update, new session inherits last
+  - File save: success, missing fields, nonexistent file 404, path traversal blocked
+  - Session index: created after save, sessions sorted correctly
+
+Total automated: 86/86 passing.
+
+Manual-only for Sprint 5:
+  - T22.1-T22.7: workspace UI (tabs, dropdown, switching, inheritance)
+  - T23.1-T23.2: copy to clipboard UX
+  - T24.1-T24.5: inline file editor UX
+
+---
+
+*Last updated: Sprint 5, March 30, 2026*
+*Total automated tests: 86/86*
+*Run: python -m pytest tests/ -v*
+*Source: <repo>/ | Static: static/style.css + static/app.js*
+
+---
+
+## Section 25: UI Polish Pass (Post-Sprint 5 Visual Audit)
+
+These are visual regression checks. Take a screenshot after loading the UI and compare
+against each criterion below. A Claude browser agent can verify these with browser_vision.
+
+### T25.1: Sidebar Nav Tabs are Icon-Only
+EXPECT:
+  - Five icon-only tabs in the sidebar nav row: 💬 ⏱️ 📚 🧠 📁
+  - No text labels visible by default (text removed to prevent overflow)
+  - Hovering a tab shows a tooltip with the label (Chat/Tasks/Skills/Memory/Spaces)
+  - Active tab has a blue underline, icon brighter blue
+  - All five icons fit in the sidebar width without clipping
+FAIL: Text labels showing alongside icons causing overflow, "Spaces" tab cut off.
+
+### T25.2: Message Role Labels are Softer
+EXPECT:
+  - "You" and "Hermes" labels appear in slightly muted blue/gold (not full-brightness)
+  - Labels use Title Case not ALL CAPS
+  - Role icons are circles (not squares) with a subtle border
+  - The role label area does not visually overpower the message content below
+FAIL: Bright gold "HERMES" and blue "YOU" in caps drawing eye away from content.
+
+### T25.3: Code Blocks Have a Connected Language Header
+EXPECT:
+  - When a code block has a language, the header bar is connected (no gap) to the code
+  - Header has a small colored dot on the left and the language name
+  - Background: slightly lighter than the code body to distinguish it
+FAIL: Header floats above the code block with visible gap.
+
+### T25.4: Send Button Has Depth
+EXPECT:
+  - Send button has a subtle gradient (lighter at top, slightly darker at bottom)
+  - Hover: button shifts very slightly upward (1px transform)
+  - Visual distinction from the blue link/chip color
+FAIL: Send button is same flat blue as all other blue elements.
+
+### T25.5: Session List Shows Date Groups
+EXPECT:
+  - Sessions grouped under "Today", "Yesterday", "Earlier" headers
+  - Headers are small, all-caps, muted gray
+  - Active session has a blue left border accent
+FAIL: No grouping, flat list, no visual hierarchy.
+
+### T25.6: Empty State Logo is Distinct
+EXPECT:
+  - The "H" logo on the empty state is a frosted-glass circle outline style (blue tint)
+  - NOT the same orange/red gradient as the sidebar header logo
+  - They should look different so it's clear they're two different things
+FAIL: Both logos look identical.
+
+### T25.7: New Conversation Button is Blue-Tinted
+EXPECT:
+  - The "New conversation" button has a subtle blue background tint
+  - Blue-colored text (not plain white/muted)
+  - Feels clickable and primary (not the same style as the secondary sm-btn buttons)
+FAIL: Button looks same as other secondary buttons.
+
+### T25.8: Suggestion Buttons Slide on Hover
+EXPECT:
+  - On the empty state, hovering a suggestion button shifts it slightly right (2px)
+  - Border turns blue on hover
+  - Subtle background tint on hover
+FAIL: No hover movement, generic hover state.
+
+### T25.9: Toast Notification is Premium
+EXPECT:
+  - Toast appears at bottom center with blur/frosted-glass background
+  - Subtle shadow behind the toast
+  - Toast slightly floats up (translateY) when appearing
+FAIL: Plain flat dark box, no blur, no movement.
+
+### T25.10: Composer Input Has Glow on Focus
+EXPECT:
+  - Clicking in the composer/message input shows a blue glow ring around the box
+  - (box-shadow: 0 0 0 3px rgba(124,185,255,0.08))
+  - Border also brightens to a stronger blue
+FAIL: Only border color change, no glow ring.
+
+---
+
+## Section 26: Resizable Panels (Sprint 6)
+
+### T26.1: Sidebar Can Be Resized by Dragging
+STEPS:
+  1. Hover over the right edge of the left sidebar (between sidebar and chat area)
+EXPECT:
+  - Cursor changes to col-resize (double-headed horizontal arrow)
+  - A subtle blue glow appears on the edge
+STEPS (continued):
+  2. Click and drag the edge to the right
+EXPECT:
+  - Sidebar widens in real time as you drag
+  - Chat area compresses to compensate
+  - Minimum width ~180px, maximum ~420px
+  - Releasing the mouse commits the new width
+  - Hard-refreshing the page restores the saved width
+FAIL: Cursor doesn't change, panel doesn't resize, width not saved.
+
+### T26.2: Workspace Panel Can Be Resized by Dragging
+STEPS:
+  1. Hover over the left edge of the right workspace panel
+  2. Drag left to narrow, drag right to widen
+EXPECT:
+  - Panel resizes within 180-500px range
+  - Width persists across page reload (stored in localStorage)
+FAIL: Panel not resizable.
+
+---
+
+## Section 27: Cron Job Create (Sprint 6)
+
+### T27.1: New Job Button Opens Form
+STEPS:
+  1. Click the Tasks tab in the sidebar
+  2. Click the "+ New job" button at the top of the Tasks panel
+EXPECT:
+  - A form slides in below the header with:
+    - Name input (optional)
+    - Schedule input (cron expression or natural language)
+    - Prompt textarea
+    - Delivery target dropdown
+    - Create job and Cancel buttons
+FAIL: Nothing happens, no form appears.
+
+### T27.2: Create a Job Successfully
+STEPS:
+  1. Open the create form (T27.1)
+  2. Fill in: Name "Test Job", Schedule "every 999h", Prompt "Say hello"
+  3. Click Create job
+EXPECT:
+  - Form closes
+  - Toast: "Job created ✓"
+  - New job appears in the cron list with status "active"
+FAIL: Error shown, job not created, form stays open.
+
+### T27.3: Invalid Schedule Shows Error
+STEPS:
+  1. Open the create form
+  2. Leave schedule empty or type "not_a_schedule"
+  3. Click Create job
+EXPECT:
+  - Error message appears below the form: "Schedule is required" or parse error
+  - Form stays open (not dismissed)
+FAIL: Form closes without feedback, generic error.
+
+### T27.4: Cancel Closes Form Without Creating
+STEPS:
+  1. Open the create form, fill in some fields
+  2. Click Cancel
+EXPECT:
+  - Form closes
+  - No new job created
+  - No toast
+FAIL: Job created, form doesn't close.
+
+---
+
+## Section 28: Session JSON Export (Sprint 6)
+
+### T28.1: JSON Export Button Downloads File
+SETUP: Active session with at least a few messages.
+STEPS:
+  1. Click the "JSON" button in the sidebar footer (next to Transcript)
+EXPECT:
+  - Browser downloads a file named hermes-{session_id}.json
+  - Opening the file shows valid JSON with: session_id, title, messages array,
+    workspace, model, created_at, updated_at
+  - messages array contains objects with role and content fields
+FAIL: No download triggered, file is empty, file is not valid JSON.
+
+### T28.2: Escape Cancels File Editor
+SETUP: Open a text file in the workspace right panel (click any .py or .md file).
+STEPS:
+  1. Click "Edit" button in the preview path bar
+  2. Make some changes in the textarea
+  3. Press Escape
+EXPECT:
+  - Textarea disappears, read-only view returns
+  - Original content is shown (changes discarded)
+  - File on disk is unchanged (verify by closing and reopening the file)
+FAIL: Escape does nothing, changes are saved, crash.
+
+---
+
+## Automated Test Coverage (Updated Sprint 6)
+
+Sprint 6 tests (test_sprint6.py) - 16 tests:
+  - Phase E: HTML served from static/index.html, server.py has no inline HTML
+  - Phase D: approval/respond requires session_id and valid choice; file/raw validates session
+  - Cron create: requires prompt, requires schedule, invalid schedule returns 400, success
+  - Session export: requires session_id, unknown session 404, valid JSON with session_id
+  - Resize: static files contain resize handles and resize JS logic
+
+Total automated: 106/106 passing.
+
+Manual-only for Sprint 6:
+  - T26.1-T26.2: resize drag UX
+  - T27.1-T27.4: cron create form UX
+  - T28.1: JSON export download
+  - T28.2: Escape from file editor
+
+---
+
+
+*Static: static/index.html + static/style.css + static/app.js*
+
+
+---
+
+## Section 29: Cron Edit and Delete (Sprint 7)
+
+### T29.1: Edit Button Opens Inline Form
+SETUP: At least one cron job exists. Tasks tab open.
+STEPS:
+  1. Click a cron job to expand it
+  2. Click the "Edit" (pencil) button
+EXPECT:
+  - An inline form appears inside the expanded cron body
+  - Name, schedule, and prompt fields are pre-filled with current values
+FAIL: Nothing happens, new form not shown.
+
+### T29.2: Save Edit Updates the Job
+STEPS (continued from T29.1):
+  1. Change the name field to "Renamed Job"
+  2. Click Save
+EXPECT:
+  - Form closes, toast "Job updated ✓"
+  - Job header shows new name
+FAIL: Save fails, name unchanged.
+
+### T29.3: Delete Button Removes the Job
+SETUP: A cron job you can safely delete (or a test job created for this).
+STEPS:
+  1. Expand the job, click "Delete"
+  2. Confirm the dialog
+EXPECT:
+  - Toast: "Job deleted"
+  - Job disappears from the list
+FAIL: Job stays, no confirmation dialog.
+
+---
+
+## Section 30: Skill Create and Edit (Sprint 7)
+
+### T30.1: New Skill Button Opens Form
+STEPS:
+  1. Click the Skills tab
+  2. Click "+ New skill" button
+EXPECT:
+  - A form appears with name, category, and content textarea fields
+FAIL: Nothing happens.
+
+### T30.2: Create a Skill and See it in List
+STEPS:
+  1. Fill in: Name "test-ui-skill", Content "---
+name: test-ui-skill
+description: UI test.
+tags: [test]
+---
+
+# Test"
+  2. Click Save skill
+EXPECT:
+  - Toast "Skill created ✓", form closes
+  - Skill appears in the skills list
+FAIL: Error, skill not in list.
+
+### T30.3: Cancel Closes Form Without Creating
+STEPS:
+  1. Open new skill form, fill some fields, click Cancel
+EXPECT:
+  - Form closes, no skill created
+FAIL: Skill created, form stays.
+
+---
+
+## Section 31: Memory Inline Edit (Sprint 7)
+
+### T31.1: Edit Button Opens Memory Edit Form
+STEPS:
+  1. Click the Memory tab
+  2. Click the "Edit" (pencil) button in the header
+EXPECT:
+  - An edit form appears below the memory panel with a textarea pre-filled with MEMORY.md content
+FAIL: Nothing happens, no form.
+
+### T31.2: Save Writes Changes
+STEPS:
+  1. In edit mode, add a line to the textarea
+  2. Click Save
+EXPECT:
+  - Toast "Memory saved ✓", form closes
+  - Memory panel reloads showing the updated content
+FAIL: Save fails, content unchanged.
+
+### T31.3: Cancel Discards Changes
+STEPS:
+  1. Open edit form, change content, click Cancel
+EXPECT:
+  - Form closes, original content unchanged
+FAIL: Changes saved despite cancel.
+
+---
+
+## Automated Test Coverage (Updated Sprint 7)
+
+Sprint 7 tests (test_sprint7.py) - 19 tests:
+  - Health: active_streams field, uptime_seconds field
+  - Session search: empty query, content+depth params accepted, count returned
+  - Cron update: requires job_id, unknown job 404
+  - Cron delete: requires job_id, unknown job 404
+  - Skill save: requires name, requires content, invalid name rejected, create+delete roundtrip
+  - Skill delete: requires name, unknown skill 404
+  - Memory write: requires section, requires content, invalid section, write+read roundtrip
+
+Total automated: 125/125 passing.
+
+Manual-only for Sprint 7:
+  - T29.1-T29.3: cron edit/delete UX
+  - T30.1-T30.3: skill create UX
+  - T31.1-T31.3: memory edit UX
+
+---
+
+
+
+---
+
+## Section 32: Edit User Message + Regenerate (Sprint 8)
+
+### T32.1: Edit Icon Appears on Hover
+SETUP: Active session with at least one user message.
+STEPS:
+  1. Hover over any user message bubble
+EXPECT:
+  - A pencil (edit) icon appears in the message header row, right side
+  - Icon not visible when not hovering
+FAIL: No icon, always visible, wrong position.
+
+### T32.2: Click Edit Opens Textarea
+STEPS:
+  1. Hover over a user message and click the pencil icon
+EXPECT:
+  - Message body is replaced by an editable textarea pre-filled with the original text
+  - "Send edit" and "Cancel" buttons appear below
+  - Textarea has a blue border glow (focused style)
+FAIL: Nothing happens, empty textarea, crash.
+
+### T32.3: Cancel Restores Original
+STEPS (continued from T32.2):
+  1. Make a change in the textarea
+  2. Click Cancel
+EXPECT:
+  - Original message text restored exactly
+  - No messages sent, no API call
+FAIL: Original text lost, message sent.
+
+### T32.4: Escape Also Cancels
+STEPS:
+  1. Enter edit mode on a user message
+  2. Press Escape
+EXPECT:
+  - Textarea dismissed, original restored
+FAIL: Escape does nothing.
+
+### T32.5: Send Edit Truncates and Regenerates
+STEPS:
+  1. Click edit on a user message that has a response after it
+  2. Change the text
+  3. Click "Send edit" (or press Enter)
+EXPECT:
+  - All messages after the edited message are removed
+  - The edited text is sent as a new user message
+  - Hermes streams a fresh response
+FAIL: Old messages remain, double messages, crash.
+
+---
+
+## Section 33: Regenerate Last Response (Sprint 8)
+
+### T33.1: Retry Icon on Last Assistant Bubble Only
+SETUP: Session with at least one complete exchange.
+EXPECT:
+  - A retry (↻) icon appears on hover over the LAST assistant message only
+  - Not on user messages
+  - Not on older assistant messages
+FAIL: Icon on every message, or not on last.
+
+### T33.2: Regenerate Re-Runs Last User Message
+STEPS:
+  1. Hover the last assistant bubble and click the retry icon
+EXPECT:
+  - The last assistant message is removed
+  - The previous user message is re-sent
+  - Hermes streams a new response
+FAIL: Both messages removed, wrong message sent, crash.
+
+---
+
+## Section 34: Clear Conversation (Sprint 8)
+
+### T34.1: Clear Button Appears When Session Has Messages
+SETUP: Session with at least one message.
+EXPECT:
+  - A "🗑 Clear" chip appears in the topbar right side (next to the workspace chip)
+  - Button NOT visible when session has no messages / empty state
+FAIL: Button always visible, never visible.
+
+### T34.2: Clear Wipes Messages and Resets Title
+STEPS:
+  1. Click the Clear button in the topbar
+  2. Confirm the dialog
+EXPECT:
+  - All messages disappear from the chat area
+  - Empty state ("What can I help with?") reappears
+  - Session title in sidebar resets to "Untitled"
+  - Toast: "Conversation cleared"
+  - Session still in the sidebar (not deleted)
+FAIL: Session deleted, messages remain, title not reset.
+
+### T34.3: Cancel Clear Does Nothing
+STEPS:
+  1. Click Clear, then click Cancel in the confirm dialog
+EXPECT:
+  - All messages still present
+  - No toast, no change
+FAIL: Messages cleared despite cancel.
+
+---
+
+## Section 35: Syntax Highlighting (Sprint 8)
+
+### T35.1: Code Blocks Have Syntax Colors
+SETUP: Ask Hermes something that produces a code response (e.g. "Show me a Python hello world").
+EXPECT:
+  - The code block has syntax-colored tokens (keywords in one color, strings in another)
+  - NOT all plain white/gray monospace text
+  - Dark background with Prism Tomorrow theme colors
+FAIL: All plain text, no colors, broken layout.
+
+### T35.2: Code in Workspace Preview Also Highlighted
+SETUP: Open a .py or .js file in the workspace panel.
+EXPECT:
+  - File content has syntax highlighting (Prism autoloader)
+FAIL: Plain monospace text only.
+
+---
+
+## Automated Test Coverage (Updated Sprint 8)
+
+Sprint 8 tests (test_sprint8.py) - 14 tests:
+  - session/clear: requires session_id, unknown 404, wipes messages+resets title, returns compact
+  - session/truncate: requires session_id, requires keep_count, unknown 404, returns messages array
+  - Static file checks: app.js has editMessage, regenerateResponse, clearConversation, highlightCode
+  - index.html: contains Prism CDN link, contains btnClearConv + clearConversation
+
+Total automated: 139/139 passing.
+
+Manual-only for Sprint 8:
+  - T32.1-T32.5: edit message UX
+  - T33.1-T33.2: regenerate UX
+  - T34.1-T34.3: clear conversation UX
+  - T35.1-T35.2: syntax highlighting visual
+
+---
+
+*Last updated: Sprint 10 complete, March 31, 2026*
+*Total automated tests: 177/177*
+*Regression gate: tests/test_regressions.py (10 tests, one per introduced bug)*
+*Run: python -m pytest tests/ -v*
+*Source: <repo>/*
+*Modules: ui.js, workspace.js, sessions.js, messages.js, panels.js, boot.js (app.js deleted)*
+
+---
+
+## Section 36: Message Queue (Sprint 8 hotfix)
+
+### T36.1: Typing While Busy Queues the Message
+SETUP: Active session, a response is currently streaming (thinking dots visible).
+STEPS:
+  1. While Hermes is responding, type a new message and press Enter
+EXPECT:
+  - Input clears immediately
+  - A small toast appears: "Queued: [your message]"
+  - A badge appears in the bottom-right: "1 message queued"
+  - The current response continues uninterrupted
+FAIL: Message dropped silently, duplicate send triggered, error.
+
+### T36.2: Queued Message Sends Automatically After Response
+STEPS (continued from T36.1):
+  1. Wait for the current response to finish
+EXPECT:
+  - As soon as the response completes, the queued message is automatically sent
+  - Badge disappears
+  - New thinking dots appear for the queued message
+FAIL: Queued message never sends, badge stays, double-send.
+
+### T36.3: Queue Badge Shows Count for Multiple Messages
+STEPS:
+  1. While busy, type and send two separate messages
+EXPECT:
+  - Badge reads "2 messages queued"
+  - They drain one at a time, each waiting for the previous response
+FAIL: Only first message queued, count wrong.
+
+### T36.4: Switch Session Clears Queue
+STEPS:
+  1. Queue a message in session A
+  2. Click to session B before it drains
+EXPECT:
+  - Queue badge disappears
+  - The queued message does NOT fire in session B
+FAIL: Queued message fires in session B.
+
+---
+
+## Section 37: Message Persists on Switch-Away (Sprint 8 hotfix)
+
+### T37.1: Sent Message Stays Visible After Switch-Away and Back
+SETUP: Active session.
+STEPS:
+  1. Send a message (thinking dots appear)
+  2. Immediately click to a different session
+  3. Click back to the original session
+EXPECT:
+  - The user message you sent is still visible in the chat
+  - Thinking dots are still animating
+  - Session is still in busy state (Send button disabled)
+  - When response arrives, it appears normally
+FAIL: User message gone, blank chat, response lands in wrong session.
+
+---
+
+*Last updated: Post-Sprint 10 concurrency sweeps, March 31, 2026*
+*Total automated tests: 190/190*
+*Regression gate: tests/test_regressions.py (23 tests, one per introduced bug)*
+*Run: python -m pytest tests/ -v*
+*Source: <repo>/*
diff --git a/api/__init__.py b/api/__init__.py
new file mode 100644
index 0000000..90efcb5
--- /dev/null
+++ b/api/__init__.py
@@ -0,0 +1 @@
+"""Hermes WebUI -- API modules."""
diff --git a/api/config.py b/api/config.py
new file mode 100644
index 0000000..91050f6
--- /dev/null
+++ b/api/config.py
@@ -0,0 +1,273 @@
+"""
+Hermes WebUI -- Shared configuration, constants, and global state.
+Imported by all other api/* modules and by server.py.
+
+Discovery order for all paths:
+  1. Explicit environment variable
+  2. Filesystem heuristics (sibling checkout, parent dir, common install locations)
+  3. Hardened defaults relative to $HOME
+  4. Fail loudly with a human-readable fix-it message if required modules are missing
+"""
+import collections
+import json
+import os
+import sys
+import threading
+import time
+import traceback
+import uuid
+from pathlib import Path
+from urllib.parse import parse_qs, urlparse
+
+# ── Basic layout ──────────────────────────────────────────────────────────────
+HOME    = Path.home()
+# REPO_ROOT is the directory that contains this file's parent (api/ -> repo root)
+REPO_ROOT = Path(__file__).parent.parent.resolve()
+
+# ── Network config (env-overridable) ─────────────────────────────────────────
+HOST = os.getenv('HERMES_WEBUI_HOST', '127.0.0.1')
+PORT = int(os.getenv('HERMES_WEBUI_PORT', '8787'))
+
+# ── State directory (env-overridable, never inside repo) ──────────────────────
+STATE_DIR = Path(os.getenv(
+    'HERMES_WEBUI_STATE_DIR',
+    str(HOME / '.hermes' / 'webui-mvp')
+)).expanduser().resolve()
+
+SESSION_DIR           = STATE_DIR / 'sessions'
+WORKSPACES_FILE       = STATE_DIR / 'workspaces.json'
+SESSION_INDEX_FILE    = SESSION_DIR / '_index.json'
+LAST_WORKSPACE_FILE   = STATE_DIR / 'last_workspace.txt'
+
+# ── Hermes agent directory discovery ─────────────────────────────────────────
+def _discover_agent_dir() -> Path:
+    """
+    Locate the hermes-agent checkout using a multi-strategy search.
+
+    Priority:
+      1. HERMES_WEBUI_AGENT_DIR env var  -- explicit override always wins
+      2. HERMES_HOME / hermes-agent      -- e.g. ~/.hermes/hermes-agent
+      3. Sibling of this repo            -- ../hermes-agent
+      4. Parent of this repo             -- ../../hermes-agent (nested layout)
+      5. Common install paths            -- ~/.hermes/hermes-agent (again as fallback)
+      6. HOME / hermes-agent             -- ~/hermes-agent (simple flat layout)
+    """
+    candidates = []
+
+    # 1. Explicit env var
+    if os.getenv('HERMES_WEBUI_AGENT_DIR'):
+        candidates.append(Path(os.getenv('HERMES_WEBUI_AGENT_DIR')).expanduser().resolve())
+
+    # 2. HERMES_HOME / hermes-agent
+    hermes_home = os.getenv('HERMES_HOME', str(HOME / '.hermes'))
+    candidates.append(Path(hermes_home).expanduser() / 'hermes-agent')
+
+    # 3. Sibling: <repo-root>/../hermes-agent
+    candidates.append(REPO_ROOT.parent / 'hermes-agent')
+
+    # 4. Parent is the agent repo itself (repo cloned inside hermes-agent/)
+    if (REPO_ROOT.parent / 'run_agent.py').exists():
+        candidates.append(REPO_ROOT.parent)
+
+    # 5. ~/.hermes/hermes-agent (explicit common path)
+    candidates.append(HOME / '.hermes' / 'hermes-agent')
+
+    # 6. ~/hermes-agent
+    candidates.append(HOME / 'hermes-agent')
+
+    for path in candidates:
+        if path.exists() and (path / 'run_agent.py').exists():
+            return path.resolve()
+
+    return None
+
+
+def _discover_python(agent_dir: Path) -> str:
+    """
+    Locate a Python executable that has the Hermes agent dependencies installed.
+
+    Priority:
+      1. HERMES_WEBUI_PYTHON env var
+      2. Agent venv at <agent_dir>/venv/bin/python
+      3. Local .venv inside this repo
+      4. System python3
+    """
+    if os.getenv('HERMES_WEBUI_PYTHON'):
+        return os.getenv('HERMES_WEBUI_PYTHON')
+
+    if agent_dir:
+        venv_py = agent_dir / 'venv' / 'bin' / 'python'
+        if venv_py.exists():
+            return str(venv_py)
+
+        # Windows layout
+        venv_py_win = agent_dir / 'venv' / 'Scripts' / 'python.exe'
+        if venv_py_win.exists():
+            return str(venv_py_win)
+
+    # Local .venv inside this repo
+    local_venv = REPO_ROOT / '.venv' / 'bin' / 'python'
+    if local_venv.exists():
+        return str(local_venv)
+
+    # Fall back to system python3
+    import shutil
+    for name in ('python3', 'python'):
+        found = shutil.which(name)
+        if found:
+            return found
+
+    return 'python3'
+
+
+# Run discovery
+_AGENT_DIR = _discover_agent_dir()
+PYTHON_EXE = _discover_python(_AGENT_DIR)
+
+# ── Inject agent dir into sys.path so Hermes modules are importable ───────────
+if _AGENT_DIR is not None:
+    if str(_AGENT_DIR) not in sys.path:
+        sys.path.insert(0, str(_AGENT_DIR))
+    _HERMES_FOUND = True
+else:
+    _HERMES_FOUND = False
+
+# ── Config file (optional YAML) ──────────────────────────────────────────────
+CONFIG_PATH = Path(os.getenv(
+    'HERMES_CONFIG_PATH',
+    str(HOME / '.hermes' / 'config.yaml')
+)).expanduser()
+
+try:
+    import yaml as _yaml
+    cfg = _yaml.safe_load(CONFIG_PATH.read_text()) if CONFIG_PATH.exists() else {}
+except Exception:
+    cfg = {}
+
+# ── Default workspace discovery ───────────────────────────────────────────────
+def _discover_default_workspace() -> Path:
+    """
+    Resolve the default workspace in order:
+      1. HERMES_WEBUI_DEFAULT_WORKSPACE env var
+      2. ~/workspace (common Hermes convention)
+      3. STATE_DIR / workspace (isolated fallback)
+    """
+    if os.getenv('HERMES_WEBUI_DEFAULT_WORKSPACE'):
+        return Path(os.getenv('HERMES_WEBUI_DEFAULT_WORKSPACE')).expanduser().resolve()
+
+    common = HOME / 'workspace'
+    if common.exists():
+        return common.resolve()
+
+    return (STATE_DIR / 'workspace').resolve()
+
+DEFAULT_WORKSPACE = _discover_default_workspace()
+DEFAULT_MODEL     = os.getenv('HERMES_WEBUI_DEFAULT_MODEL', 'openai/gpt-5.4-mini')
+
+# ── Startup diagnostics ───────────────────────────────────────────────────────
+def print_startup_config():
+    """Print detected configuration at startup so the user can verify what was found."""
+    ok   = '\033[32m[ok]\033[0m'
+    warn = '\033[33m[!!]\033[0m'
+    err  = '\033[31m[XX]\033[0m'
+
+    lines = [
+        '',
+        '  Hermes Web UI -- startup config',
+        '  --------------------------------',
+        f'  repo root   : {REPO_ROOT}',
+        f'  agent dir   : {_AGENT_DIR if _AGENT_DIR else "NOT FOUND"}  {ok if _AGENT_DIR else err}',
+        f'  python      : {PYTHON_EXE}',
+        f'  state dir   : {STATE_DIR}',
+        f'  workspace   : {DEFAULT_WORKSPACE}',
+        f'  host:port   : {HOST}:{PORT}',
+        f'  config file : {CONFIG_PATH}  {"(found)" if CONFIG_PATH.exists() else "(not found, using defaults)"}',
+        '',
+    ]
+    print('\n'.join(lines), flush=True)
+
+    if not _HERMES_FOUND:
+        print(
+            f'{err}  Could not find the Hermes agent directory.\n'
+            '      The server will start but agent features will not work.\n'
+            '\n'
+            '      To fix, set one of:\n'
+            '        export HERMES_WEBUI_AGENT_DIR=/path/to/hermes-agent\n'
+            '        export HERMES_HOME=/path/to/.hermes\n'
+            '\n'
+            '      Or clone hermes-agent as a sibling of this repo:\n'
+            '        git clone <hermes-agent-repo> ../hermes-agent\n',
+            flush=True
+        )
+
+def verify_hermes_imports():
+    """
+    Attempt to import the key Hermes modules.
+    Returns (ok: bool, missing: list[str]).
+    """
+    required = ['run_agent']
+    missing  = []
+    for mod in required:
+        try:
+            __import__(mod)
+        except ImportError:
+            missing.append(mod)
+    return (len(missing) == 0), missing
+
+# ── Limits ───────────────────────────────────────────────────────────────────
+MAX_FILE_BYTES   = 200_000
+MAX_UPLOAD_BYTES = 20 * 1024 * 1024
+
+# ── File type maps ───────────────────────────────────────────────────────────
+IMAGE_EXTS = {'.png', '.jpg', '.jpeg', '.gif', '.svg', '.webp', '.ico', '.bmp'}
+MD_EXTS    = {'.md', '.markdown', '.mdown'}
+CODE_EXTS  = {'.py', '.js', '.ts', '.jsx', '.tsx', '.css', '.html', '.json',
+              '.yaml', '.yml', '.toml', '.sh', '.bash', '.txt', '.log', '.env',
+              '.csv', '.xml', '.sql', '.rs', '.go', '.java', '.c', '.cpp', '.h'}
+MIME_MAP = {
+    '.png':'image/png', '.jpg':'image/jpeg', '.jpeg':'image/jpeg',
+    '.gif':'image/gif', '.svg':'image/svg+xml', '.webp':'image/webp',
+    '.ico':'image/x-icon', '.bmp':'image/bmp',
+    '.pdf':'application/pdf', '.json':'application/json',
+}
+
+# ── Toolsets (from config.yaml or hardcoded default) ─────────────────────────
+CLI_TOOLSETS = cfg.get('platform_toolsets', {}).get('cli', [
+    'browser', 'clarify', 'code_execution', 'cronjob', 'delegation', 'file',
+    'image_gen', 'memory', 'session_search', 'skills', 'terminal', 'todo',
+    'web', 'webhook',
+])
+
+# ── Static file path ─────────────────────────────────────────────────────────
+_INDEX_HTML_PATH = REPO_ROOT / 'static' / 'index.html'
+
+# ── Thread synchronisation ───────────────────────────────────────────────────
+LOCK              = threading.Lock()
+SESSIONS_MAX      = 100
+CHAT_LOCK         = threading.Lock()
+STREAMS: dict     = {}
+STREAMS_LOCK      = threading.Lock()
+CANCEL_FLAGS: dict = {}
+SERVER_START_TIME = time.time()
+
+# ── Thread-local env context ─────────────────────────────────────────────────
+_thread_ctx = threading.local()
+
+def _set_thread_env(**kwargs):
+    _thread_ctx.env = kwargs
+
+def _clear_thread_env():
+    _thread_ctx.env = {}
+
+# ── Per-session agent locks ───────────────────────────────────────────────────
+SESSION_AGENT_LOCKS: dict = {}
+SESSION_AGENT_LOCKS_LOCK  = threading.Lock()
+
+def _get_session_agent_lock(session_id: str) -> threading.Lock:
+    with SESSION_AGENT_LOCKS_LOCK:
+        if session_id not in SESSION_AGENT_LOCKS:
+            SESSION_AGENT_LOCKS[session_id] = threading.Lock()
+        return SESSION_AGENT_LOCKS[session_id]
+
+# ── SESSIONS in-memory cache (LRU OrderedDict) ───────────────────────────────
+SESSIONS: collections.OrderedDict = collections.OrderedDict()
diff --git a/api/helpers.py b/api/helpers.py
new file mode 100644
index 0000000..f95b445
--- /dev/null
+++ b/api/helpers.py
@@ -0,0 +1,57 @@
+"""
+Hermes WebUI -- HTTP helper functions.
+"""
+import json as _json
+from pathlib import Path
+from api.config import IMAGE_EXTS, MD_EXTS
+
+
+def require(body: dict, *fields):
+    """Phase D: Validate required fields. Raises ValueError with clean message."""
+    missing = [f for f in fields if not body.get(f) and body.get(f) != 0]
+    if missing:
+        raise ValueError(f"Missing required field(s): {', '.join(missing)}")
+
+
+def bad(handler, msg, status=400):
+    """Return a clean JSON error response."""
+    return j(handler, {'error': msg}, status=status)
+
+
+def safe_resolve(root: Path, requested: str) -> Path:
+    """Resolve a relative path inside root, raising ValueError on traversal."""
+    resolved = (root / requested).resolve()
+    resolved.relative_to(root.resolve())  # raises ValueError if outside root
+    return resolved
+
+
+def j(handler, payload, status=200):
+    """Send a JSON response."""
+    body = _json.dumps(payload, ensure_ascii=False, indent=2).encode('utf-8')
+    handler.send_response(status)
+    handler.send_header('Content-Type', 'application/json; charset=utf-8')
+    handler.send_header('Content-Length', str(len(body)))
+    handler.send_header('Cache-Control', 'no-store')
+    handler.end_headers()
+    handler.wfile.write(body)
+
+
+def t(handler, payload, status=200, content_type='text/plain; charset=utf-8'):
+    """Send a plain text or HTML response."""
+    body = payload if isinstance(payload, bytes) else str(payload).encode('utf-8')
+    handler.send_response(status)
+    handler.send_header('Content-Type', content_type)
+    handler.send_header('Content-Length', str(len(body)))
+    handler.send_header('Cache-Control', 'no-store')
+    handler.end_headers()
+    handler.wfile.write(body)
+
+
+def read_body(handler):
+    """Read and JSON-parse a POST request body."""
+    length = int(handler.headers.get('Content-Length', 0))
+    raw = handler.rfile.read(length) if length else b'{}'
+    try:
+        return _json.loads(raw)
+    except Exception:
+        return {}
diff --git a/api/models.py b/api/models.py
new file mode 100644
index 0000000..b35440a
--- /dev/null
+++ b/api/models.py
@@ -0,0 +1,114 @@
+"""
+Hermes WebUI -- Session model and in-memory session store.
+"""
+import collections
+import json
+import time
+import uuid
+from pathlib import Path
+
+from api.config import (
+    SESSION_DIR, SESSION_INDEX_FILE, SESSIONS, SESSIONS_MAX,
+    LOCK, DEFAULT_WORKSPACE, DEFAULT_MODEL
+)
+from api.workspace import get_last_workspace
+
+
+def _write_session_index():
+    """Rebuild the session index file for O(1) future reads."""
+    entries = []
+    for p in SESSION_DIR.glob('*.json'):
+        if p.name.startswith('_'): continue
+        try:
+            s = Session.load(p.stem)
+            if s: entries.append(s.compact())
+        except Exception:
+            pass
+    with LOCK:
+        for s in SESSIONS.values():
+            if not any(e['session_id'] == s.session_id for e in entries):
+                entries.append(s.compact())
+    entries.sort(key=lambda s: s['updated_at'], reverse=True)
+    SESSION_INDEX_FILE.write_text(json.dumps(entries, ensure_ascii=False, indent=2), encoding='utf-8')
+
+
+class Session:
+    def __init__(self, session_id=None, title='Untitled', workspace=str(DEFAULT_WORKSPACE), model=DEFAULT_MODEL, messages=None, created_at=None, updated_at=None, tool_calls=None, **kwargs):
+        self.session_id = session_id or uuid.uuid4().hex[:12]; self.title = title; self.workspace = str(Path(workspace).expanduser().resolve()); self.model = model; self.messages = messages or []; self.tool_calls = tool_calls or []; self.created_at = created_at or time.time(); self.updated_at = updated_at or time.time()
+    @property
+    def path(self): return SESSION_DIR / f'{self.session_id}.json'
+    def save(self): self.updated_at = time.time(); self.path.write_text(json.dumps(self.__dict__, ensure_ascii=False, indent=2), encoding='utf-8'); _write_session_index()
+    @classmethod
+    def load(cls, sid):
+        p = SESSION_DIR / f'{sid}.json'
+        if not p.exists(): return None
+        return cls(**json.loads(p.read_text(encoding='utf-8')))
+    def compact(self): return {'session_id': self.session_id, 'title': self.title, 'workspace': self.workspace, 'model': self.model, 'message_count': len(self.messages), 'created_at': self.created_at, 'updated_at': self.updated_at}
+
+def get_session(sid):
+    with LOCK:
+        if sid in SESSIONS:
+            SESSIONS.move_to_end(sid)  # LRU: mark as recently used
+            return SESSIONS[sid]
+    s = Session.load(sid)
+    if s:
+        with LOCK:
+            SESSIONS[sid] = s
+            SESSIONS.move_to_end(sid)
+            while len(SESSIONS) > SESSIONS_MAX:
+                SESSIONS.popitem(last=False)  # evict least recently used
+        return s
+    raise KeyError(sid)
+
+def new_session(workspace=None, model=None):
+    s = Session(workspace=workspace or get_last_workspace(), model=model or DEFAULT_MODEL)
+    with LOCK:
+        SESSIONS[s.session_id] = s
+        SESSIONS.move_to_end(s.session_id)
+        while len(SESSIONS) > SESSIONS_MAX:
+            SESSIONS.popitem(last=False)
+    s.save()
+    return s
+
+def all_sessions():
+    # Phase C: try index first for O(1) read; fall back to full scan
+    if SESSION_INDEX_FILE.exists():
+        try:
+            index = json.loads(SESSION_INDEX_FILE.read_text(encoding='utf-8'))
+            # Overlay any in-memory sessions that may be newer than the index
+            index_map = {s['session_id']: s for s in index}
+            with LOCK:
+                for s in SESSIONS.values():
+                    index_map[s.session_id] = s.compact()
+            result = sorted(index_map.values(), key=lambda s: s['updated_at'], reverse=True)
+            # Hide empty Untitled sessions from the UI (created by tests, page refreshes, etc.)
+            result = [s for s in result if not (s.get('title','Untitled')=='Untitled' and s.get('message_count',0)==0)]
+            return result
+        except Exception:
+            pass  # fall through to full scan
+    # Full scan fallback
+    out = []
+    for p in SESSION_DIR.glob('*.json'):
+        if p.name.startswith('_'): continue
+        try:
+            s = Session.load(p.stem)
+            if s: out.append(s)
+        except Exception:
+            pass
+    for s in SESSIONS.values():
+        if all(s.session_id != x.session_id for x in out): out.append(s)
+    out.sort(key=lambda s: s.updated_at, reverse=True)
+    return [s.compact() for s in out if not (s.title=='Untitled' and len(s.messages)==0)]
+
+
+def title_from(messages, fallback='Untitled'):
+    """Derive a session title from the first user message."""
+    for m in messages:
+        if m.get('role') == 'user':
+            c = m.get('content', '')
+            if isinstance(c, list):
+                c = ' '.join(p.get('text', '') for p in c if isinstance(p, dict) and p.get('type') == 'text')
+            text = str(c).strip()
+            if text:
+                return text[:64]
+    return fallback
diff --git a/api/streaming.py b/api/streaming.py
new file mode 100644
index 0000000..ceadf99
--- /dev/null
+++ b/api/streaming.py
@@ -0,0 +1,218 @@
+"""
+Hermes WebUI -- SSE streaming engine and agent thread runner.
+Includes Sprint 10 cancel support via CANCEL_FLAGS.
+"""
+import json
+import os
+import queue
+import threading
+import time
+import traceback
+from pathlib import Path
+
+from api.config import (
+    STREAMS, STREAMS_LOCK, CANCEL_FLAGS, CLI_TOOLSETS,
+    _get_session_agent_lock, _set_thread_env, _clear_thread_env,
+)
+
+# Lazy import to avoid circular deps -- hermes-agent is on sys.path via api/config.py
+try:
+    from run_agent import AIAgent
+except ImportError:
+    AIAgent = None
+from api.models import get_session, title_from
+from api.workspace import set_last_workspace
+
+
+def _sse(handler, event, data):
+    """Write one SSE event to the response stream."""
+    payload = f"event: {event}\ndata: {json.dumps(data, ensure_ascii=False)}\n\n"
+    handler.wfile.write(payload.encode('utf-8'))
+    handler.wfile.flush()
+
+
+def _run_agent_streaming(session_id, msg_text, model, workspace, stream_id, attachments=None):
+    """Run agent in background thread, writing SSE events to STREAMS[stream_id]."""
+    q = STREAMS.get(stream_id)
+    if q is None:
+        return
+
+    # Sprint 10: create a cancel event for this stream
+    cancel_event = threading.Event()
+    with STREAMS_LOCK:
+        CANCEL_FLAGS[stream_id] = cancel_event
+
+    def put(event, data):
+        # If cancelled, drop all further events except the cancel event itself
+        if cancel_event.is_set() and event not in ('cancel', 'error'):
+            return
+        try:
+            q.put_nowait((event, data))
+        except Exception:
+            pass
+
+    try:
+        s = get_session(session_id)
+        s.workspace = str(Path(workspace).expanduser().resolve())
+        s.model = model
+
+        _agent_lock = _get_session_agent_lock(session_id)
+        # TD1: set thread-local env context so concurrent sessions don't clobber globals
+        # Check for pre-flight cancel (user cancelled before agent even started)
+        if cancel_event.is_set():
+            put('cancel', {'message': 'Cancelled before start'})
+            return
+
+        _set_thread_env(
+            TERMINAL_CWD=str(s.workspace),
+            HERMES_EXEC_ASK='1',
+            HERMES_SESSION_KEY=session_id,
+        )
+        # Still set process-level env as fallback for tools that bypass thread-local
+        with _agent_lock:
+          old_cwd = os.environ.get('TERMINAL_CWD')
+          old_exec_ask = os.environ.get('HERMES_EXEC_ASK')
+          old_session_key = os.environ.get('HERMES_SESSION_KEY')
+          os.environ['TERMINAL_CWD'] = str(s.workspace)
+          os.environ['HERMES_EXEC_ASK'] = '1'
+          os.environ['HERMES_SESSION_KEY'] = session_id
+
+          try:
+            def on_token(text):
+                if text is None:
+                    return  # end-of-stream sentinel
+                put('token', {'text': text})
+
+            def on_tool(name, preview, args):
+                args_snap = {}
+                if isinstance(args, dict):
+                    for k, v in list(args.items())[:4]:
+                        s2 = str(v); args_snap[k] = s2[:120]+('...' if len(s2)>120 else '')
+                put('tool', {'name': name, 'preview': preview, 'args': args_snap})
+                # also check for pending approval and surface it immediately
+                from tools.approval import has_pending as _has_pending, _pending, _lock
+                if _has_pending(session_id):
+                    with _lock:
+                        p = dict(_pending.get(session_id, {}))
+                    if p:
+                        put('approval', p)
+
+            if AIAgent is None:
+                raise ImportError("AIAgent not available -- check that hermes-agent is on sys.path")
+            agent = AIAgent(
+                model=model,
+                platform='cli',
+                quiet_mode=True,
+                enabled_toolsets=CLI_TOOLSETS,
+                session_id=session_id,
+                stream_delta_callback=on_token,
+                tool_progress_callback=on_tool,
+            )
+            # Prepend workspace context so the agent always knows which directory
+            # to use for file operations, regardless of session age or AGENTS.md defaults.
+            workspace_ctx = f"[Workspace: {s.workspace}]\n"
+            workspace_system_msg = (
+                f"Active workspace at session start: {s.workspace}\n"
+                "Every user message is prefixed with [Workspace: /absolute/path] indicating the "
+                "workspace the user has selected in the web UI at the time they sent that message. "
+                "This tag is the single authoritative source of the active workspace and updates "
+                "with every message. It overrides any prior workspace mentioned in this system "
+                "prompt, memory, or conversation history. Always use the value from the most recent "
+                "[Workspace: ...] tag as your default working directory for ALL file operations: "
+                "write_file, read_file, search_files, terminal workdir, and patch. "
+                "Never fall back to a hardcoded path when this tag is present."
+            )
+            result = agent.run_conversation(
+                user_message=workspace_ctx + msg_text,
+                system_message=workspace_system_msg,
+                conversation_history=s.messages,
+                task_id=session_id,
+                persist_user_message=msg_text,
+            )
+            s.messages = result.get('messages') or s.messages
+            s.title = title_from(s.messages, s.title)
+            # Extract tool call metadata grouped by assistant message index
+            # Each tool call gets assistant_msg_idx so the client can render
+            # cards inline with the assistant bubble that triggered them.
+            tool_calls = []
+            pending_names = {}   # tool_call_id -> name
+            pending_asst_idx = {} # tool_call_id -> index in s.messages
+            for msg_idx, m in enumerate(s.messages):
+                if m.get('role') == 'assistant':
+                    c = m.get('content', '')
+                    if isinstance(c, list):
+                        for p in c:
+                            if isinstance(p, dict) and p.get('type') == 'tool_use':
+                                tid = p.get('id', '')
+                                pending_names[tid] = p.get('name', 'tool')
+                                pending_asst_idx[tid] = msg_idx
+                elif m.get('role') == 'tool':
+                    tid = m.get('tool_call_id') or m.get('tool_use_id', '')
+                    name = pending_names.get(tid, 'tool')
+                    asst_idx = pending_asst_idx.get(tid, -1)
+                    raw = str(m.get('content', ''))
+                    try:
+                        import json as _j2
+                        rd = _j2.loads(raw)
+                        snippet = str(rd.get('output') or rd.get('result') or rd.get('error') or raw)[:200]
+                    except Exception:
+                        snippet = raw[:200]
+                    tool_calls.append({
+                        'name': name, 'snippet': snippet, 'tid': tid,
+                        'assistant_msg_idx': asst_idx,
+                    })
+            s.tool_calls = tool_calls
+            # Tag the matching user message with attachment filenames for display on reload
+            # Only tag a user message whose content relates to this turn's text
+            # (msg_text is the full message including the [Attached files: ...] suffix)
+            if attachments:
+                for m in reversed(s.messages):
+                    if m.get('role') == 'user':
+                        content = str(m.get('content', ''))
+                        # Match if content is part of the sent message or vice-versa
+                        base_text = msg_text.split('\n\n[Attached files:')[0].strip()
+                        if base_text[:60] in content or content[:60] in msg_text:
+                            m['attachments'] = attachments
+                            break
+            s.save()
+            put('done', {'session': s.compact() | {'messages': s.messages, 'tool_calls': tool_calls}})
+          finally:
+            if old_cwd is None: os.environ.pop('TERMINAL_CWD', None)
+            else: os.environ['TERMINAL_CWD'] = old_cwd
+            if old_exec_ask is None: os.environ.pop('HERMES_EXEC_ASK', None)
+            else: os.environ['HERMES_EXEC_ASK'] = old_exec_ask
+            if old_session_key is None: os.environ.pop('HERMES_SESSION_KEY', None)
+            else: os.environ['HERMES_SESSION_KEY'] = old_session_key
+
+    except Exception as e:
+        put('error', {'message': str(e), 'trace': traceback.format_exc()})
+    finally:
+        _clear_thread_env()  # TD1: always clear thread-local context
+        with STREAMS_LOCK:
+            STREAMS.pop(stream_id, None)
+            CANCEL_FLAGS.pop(stream_id, None)
+
+# ============================================================
+# SECTION: HTTP Request Handler
+# do_GET: read-only API endpoints + SSE stream + static HTML
+# do_POST: mutating endpoints (session CRUD, chat, upload, approval)
+# Routing is a flat if/elif chain. See ARCHITECTURE.md section 4.1.
+# ============================================================
+
+
+def cancel_stream(stream_id: str) -> bool:
+    """Signal an in-flight stream to cancel. Returns True if the stream existed."""
+    with STREAMS_LOCK:
+        if stream_id not in STREAMS:
+            return False
+        flag = CANCEL_FLAGS.get(stream_id)
+        if flag:
+            flag.set()
+        # Put a cancel sentinel into the queue so the SSE handler wakes up
+        q = STREAMS.get(stream_id)
+        if q:
+            try:
+                q.put_nowait(('cancel', {'message': 'Cancelled by user'}))
+            except Exception:
+                pass
+    return True
diff --git a/api/upload.py b/api/upload.py
new file mode 100644
index 0000000..1e1bba1
--- /dev/null
+++ b/api/upload.py
@@ -0,0 +1,77 @@
+"""
+Hermes WebUI -- File upload: multipart parser and upload handler.
+"""
+import re as _re
+import email.parser
+from pathlib import Path
+
+from api.config import MAX_UPLOAD_BYTES
+from api.helpers import j, bad
+from api.models import get_session
+from api.workspace import safe_resolve_ws
+
+
+def parse_multipart(rfile, content_type, content_length):
+    import re as _re, email.parser as _ep
+    m = _re.search(r'boundary=([^;\s]+)', content_type)
+    if not m:
+        raise ValueError('No boundary in Content-Type')
+    boundary = m.group(1).strip('"').encode()
+    raw = rfile.read(content_length)
+    fields = {}
+    files = {}
+    delimiter = b'--' + boundary
+    end_marker = b'--' + boundary + b'--'
+    parts = raw.split(delimiter)
+    for part in parts[1:]:
+        stripped = part.lstrip(b'\r\n')
+        if stripped.startswith(b'--'):
+            break
+        sep = b'\r\n\r\n' if b'\r\n\r\n' in part else b'\n\n'
+        if sep not in part:
+            continue
+        header_raw, body = part.split(sep, 1)
+        if body.endswith(b'\r\n'):
+            body = body[:-2]
+        elif body.endswith(b'\n'):
+            body = body[:-1]
+        header_text = header_raw.lstrip(b'\r\n').decode('utf-8', errors='replace')
+        msg = _ep.HeaderParser().parsestr(header_text)
+        disp = msg.get('Content-Disposition', '')
+        name_m = _re.search(r'name="([^"]*)"', disp)
+        file_m = _re.search(r'filename="([^"]*)"', disp)
+        if not name_m:
+            continue
+        name = name_m.group(1)
+        if file_m:
+            files[name] = (file_m.group(1), body)
+        else:
+            fields[name] = body.decode('utf-8', errors='replace')
+    return fields, files
+
+
+def handle_upload(handler):
+    import re as _re, traceback as _tb
+    try:
+        content_type = handler.headers.get('Content-Type', '')
+        content_length = int(handler.headers.get('Content-Length', 0) or 0)
+        if content_length > MAX_UPLOAD_BYTES:
+            return j(handler, {'error': f'File too large (max {MAX_UPLOAD_BYTES//1024//1024}MB)'}, status=413)
+        fields, files = parse_multipart(handler.rfile, content_type, content_length)
+        session_id = fields.get('session_id', '')
+        if 'file' not in files:
+            return j(handler, {'error': 'No file field in request'}, status=400)
+        filename, file_bytes = files['file']
+        if not filename:
+            return j(handler, {'error': 'No filename in upload'}, status=400)
+        try:
+            s = get_session(session_id)
+        except KeyError:
+            return j(handler, {'error': 'Session not found'}, status=404)
+        workspace = Path(s.workspace)
+        safe_name = _re.sub(r'[^\w.\-]', '_', Path(filename).name)[:200]
+        dest = workspace / safe_name
+        dest.write_bytes(file_bytes)
+        return j(handler, {'filename': safe_name, 'path': str(dest), 'size': dest.stat().st_size})
+    except Exception as e:
+        return j(handler, {'error': str(e), 'trace': _tb.format_exc()}, status=500)
diff --git a/api/workspace.py b/api/workspace.py
new file mode 100644
index 0000000..9dfa17d
--- /dev/null
+++ b/api/workspace.py
@@ -0,0 +1,77 @@
+"""
+Hermes WebUI -- Workspace and file system helpers.
+"""
+import json
+import os
+from pathlib import Path
+
+from api.config import (
+    WORKSPACES_FILE, LAST_WORKSPACE_FILE, DEFAULT_WORKSPACE,
+    MAX_FILE_BYTES, IMAGE_EXTS, MD_EXTS
+)
+
+
+def load_workspaces() -> list:
+    if WORKSPACES_FILE.exists():
+        try:
+            return json.loads(WORKSPACES_FILE.read_text(encoding='utf-8'))
+        except Exception:
+            pass
+    return [{'path': str(DEFAULT_WORKSPACE), 'name': 'default'}]
+
+
+def save_workspaces(workspaces: list):
+    WORKSPACES_FILE.write_text(json.dumps(workspaces, ensure_ascii=False, indent=2), encoding='utf-8')
+
+
+def get_last_workspace() -> str:
+    if LAST_WORKSPACE_FILE.exists():
+        try:
+            p = LAST_WORKSPACE_FILE.read_text(encoding='utf-8').strip()
+            if p and Path(p).is_dir():
+                return p
+        except Exception:
+            pass
+    return str(DEFAULT_WORKSPACE)
+
+
+def set_last_workspace(path: str):
+    try:
+        LAST_WORKSPACE_FILE.write_text(str(path), encoding='utf-8')
+    except Exception:
+        pass
+
+
+def safe_resolve_ws(root: Path, requested: str) -> Path:
+    """Resolve a relative path inside a workspace root, raising ValueError on traversal."""
+    resolved = (root / requested).resolve()
+    resolved.relative_to(root.resolve())
+    return resolved
+
+
+def list_dir(workspace: Path, rel='.'):
+    target = safe_resolve_ws(workspace, rel)
+    if not target.is_dir():
+        raise FileNotFoundError(f"Not a directory: {rel}")
+    entries = []
+    for item in sorted(target.iterdir(), key=lambda p: (p.is_file(), p.name.lower())):
+        entries.append({
+            'name': item.name,
+            'path': str(item.relative_to(workspace)),
+            'type': 'dir' if item.is_dir() else 'file',
+            'size': item.stat().st_size if item.is_file() else None,
+        })
+        if len(entries) >= 200:
+            break
+    return entries
+
+
+def read_file_content(workspace: Path, rel: str):
+    target = safe_resolve_ws(workspace, rel)
+    if not target.is_file():
+        raise FileNotFoundError(f"Not a file: {rel}")
+    size = target.stat().st_size
+    if size > MAX_FILE_BYTES:
+        raise ValueError(f"File too large ({size} bytes, max {MAX_FILE_BYTES})")
+    content = target.read_text(encoding='utf-8', errors='replace')
+    return {'path': rel, 'content': content, 'size': size, 'lines': content.count('\n') + 1}
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..1b92cde
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,4 @@
+# Hermes Web UI -- minimal Python dependencies
+# The server uses only stdlib + pyyaml.
+# All heavy ML/agent deps live in the Hermes agent venv.
+pyyaml>=6.0
diff --git a/server.py b/server.py
new file mode 100644
index 0000000..8bcb519
--- /dev/null
+++ b/server.py
@@ -0,0 +1,704 @@
+"""
+Hermes WebUI -- Main server entry point.
+HTTP Handler (routing) + startup. All business logic lives in api/*.
+"""
+import json
+import os
+import queue
+import sys
+import threading
+import time
+import traceback
+import uuid
+from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
+from pathlib import Path
+from urllib.parse import parse_qs, urlparse
+
+# ── API modules ───────────────────────────────────────────────────────────────
+from api.config import (
+    HOST, PORT, STATE_DIR, SESSION_DIR, DEFAULT_WORKSPACE, DEFAULT_MODEL,
+    SESSIONS, SESSIONS_MAX, LOCK, STREAMS, STREAMS_LOCK, CANCEL_FLAGS,
+    SERVER_START_TIME, CLI_TOOLSETS, _INDEX_HTML_PATH,
+    IMAGE_EXTS, MD_EXTS, MIME_MAP, MAX_FILE_BYTES, MAX_UPLOAD_BYTES,
+    _get_session_agent_lock, SESSION_AGENT_LOCKS, SESSION_AGENT_LOCKS_LOCK,
+)
+from api.helpers import require, bad, safe_resolve, j, t, read_body
+from api.models import (
+    Session, get_session, new_session, all_sessions, title_from,
+    _write_session_index, SESSION_INDEX_FILE,
+)
+from api.workspace import (
+    load_workspaces, save_workspaces, get_last_workspace, set_last_workspace,
+    list_dir, read_file_content, safe_resolve_ws,
+)
+from api.upload import parse_multipart, handle_upload
+from api.streaming import _sse, _run_agent_streaming, cancel_stream
+
+# Approval system
+try:
+    from tools.approval import (
+        has_pending, pop_pending, submit_pending,
+        approve_session, approve_permanent, save_permanent_allowlist,
+        is_approved,
+    )
+except ImportError:
+    def has_pending(*a, **k): return False
+    def pop_pending(*a, **k): return None
+    def submit_pending(*a, **k): pass
+    def approve_session(*a, **k): pass
+    def approve_permanent(*a, **k): pass
+    def save_permanent_allowlist(*a, **k): pass
+    def is_approved(*a, **k): return True
+
+
+class Handler(BaseHTTPRequestHandler):
+    server_version = 'HermesWebUI/0.1.0'
+    def log_message(self, fmt, *args): pass  # suppress default Apache-style log
+
+    def log_request(self, code='-', size='-'):
+        """Override BaseHTTPRequestHandler.log_request to emit structured JSON logs."""
+        import json as _json
+        duration_ms = round((time.time() - getattr(self, '_req_t0', time.time())) * 1000, 1)
+        record = _json.dumps({
+            'ts': time.strftime('%Y-%m-%dT%H:%M:%SZ', time.gmtime()),
+            'method': self.command or '-',
+            'path': self.path or '-',
+            'status': int(code) if str(code).isdigit() else code,
+            'ms': duration_ms,
+        })
+        print(f'[webui] {record}', flush=True)
+
+    def _log_request(self, method, path, status, duration_ms):
+        pass  # kept for backward compat with error path calls; log_request handles it now
+    def do_GET(self):
+        _t0 = time.time()
+        self._req_t0 = _t0
+        try:
+            parsed = urlparse(self.path)
+            if parsed.path in ('/', '/index.html'): return t(self, _INDEX_HTML_PATH.read_text(encoding='utf-8'), content_type='text/html; charset=utf-8')
+            if parsed.path == '/favicon.ico':
+                self.send_response(204); self.end_headers(); return
+            if parsed.path == '/health':
+                with STREAMS_LOCK: n_streams = len(STREAMS)
+                return j(self, {'status':'ok','sessions':len(SESSIONS),'active_streams':n_streams,'uptime_seconds':round(time.time()-SERVER_START_TIME,1)})
+            if parsed.path.startswith('/static/'):
+                # Phase A: serve static assets from disk
+                static_file = Path(__file__).parent / parsed.path.lstrip('/')
+                if not static_file.exists() or not static_file.is_file():
+                    return j(self, {'error': 'not found'}, status=404)
+                ext = static_file.suffix.lower()
+                ct = {'css': 'text/css', 'js': 'application/javascript', 'html': 'text/html'}.get(ext.lstrip('.'), 'text/plain')
+                self.send_response(200)
+                self.send_header('Content-Type', f'{ct}; charset=utf-8')
+                self.send_header('Cache-Control', 'no-store')
+                raw = static_file.read_bytes()
+                self.send_header('Content-Length', str(len(raw)))
+                self.end_headers()
+                self.wfile.write(raw)
+                return
+            if parsed.path == '/api/session':
+                sid = parse_qs(parsed.query).get('session_id', [''])[0]
+                if not sid:
+                    return j(self, {'error': 'session_id is required'}, status=400)
+                s = get_session(sid); return j(self, {'session': s.compact() | {'messages': s.messages, 'tool_calls': getattr(s, 'tool_calls', [])}})
+            if parsed.path == '/api/sessions': return j(self, {'sessions': all_sessions()})
+            if parsed.path == '/api/session/export':
+                sid = parse_qs(parsed.query).get('session_id', [''])[0]
+                if not sid: return bad(self, 'session_id is required')
+                try: s = get_session(sid)
+                except KeyError: return bad(self, 'Session not found', 404)
+                import json as _json_exp
+                payload = _json_exp.dumps(s.__dict__, ensure_ascii=False, indent=2)
+                self.send_response(200)
+                self.send_header('Content-Type', 'application/json; charset=utf-8')
+                self.send_header('Content-Disposition', f'attachment; filename="hermes-{sid}.json"')
+                self.send_header('Content-Length', str(len(payload.encode('utf-8'))))
+                self.send_header('Cache-Control', 'no-store')
+                self.end_headers()
+                self.wfile.write(payload.encode('utf-8'))
+                return
+            if parsed.path == '/api/workspaces':
+                return j(self, {'workspaces': load_workspaces(), 'last': get_last_workspace()})
+            if parsed.path == '/api/sessions/search':
+                qs2 = parse_qs(parsed.query)
+                q = qs2.get('q', [''])[0].lower().strip()
+                content_search = qs2.get('content', ['1'])[0] == '1'  # default: search message content too
+                depth = int(qs2.get('depth', ['5'])[0])  # max messages per session to scan
+                if not q: return j(self, {'sessions': all_sessions()})
+                results = []
+                for s in all_sessions():
+                    title_match = q in (s.get('title') or '').lower()
+                    if title_match:
+                        results.append(dict(s, match_type='title'))
+                        continue
+                    if content_search:
+                        # Load full session to search message content
+                        try:
+                            sess = get_session(s['session_id'])
+                            msgs = sess.messages[:depth] if depth else sess.messages
+                            for m in msgs:
+                                c = m.get('content') or ''
+                                if isinstance(c, list):
+                                    c = ' '.join(p.get('text','') for p in c if isinstance(p,dict) and p.get('type')=='text')
+                                if q in str(c).lower():
+                                    results.append(dict(s, match_type='content'))
+                                    break
+                        except (KeyError, Exception):
+                            pass
+                return j(self, {'sessions': results, 'query': q, 'count': len(results)})
+            if parsed.path == '/api/list':
+                qs2 = parse_qs(parsed.query)
+                sid2 = qs2.get('session_id', [''])[0]
+                if not sid2: return bad(self, 'session_id is required')
+                try: s = get_session(sid2)
+                except KeyError: return bad(self, 'Session not found', 404)
+                try: return j(self, {'entries': list_dir(Path(s.workspace), qs2.get('path', ['.'])[0]), 'path': qs2.get('path', ['.'])[0]})
+                except (FileNotFoundError, ValueError) as e: return bad(self, str(e), 404)
+            if parsed.path == '/api/chat/stream/status':
+                stream_id = parse_qs(parsed.query).get('stream_id', [''])[0]
+                active = stream_id in STREAMS
+                return j(self, {'active': active, 'stream_id': stream_id})
+            if parsed.path == '/api/chat/cancel':
+                # Sprint 10: cancel an in-flight stream
+                stream_id = parse_qs(parsed.query).get('stream_id', [''])[0]
+                if not stream_id:
+                    return bad(self, 'stream_id required')
+                cancelled = cancel_stream(stream_id)
+                return j(self, {'ok': True, 'cancelled': cancelled, 'stream_id': stream_id})
+            if parsed.path == '/api/chat/stream':
+                stream_id = parse_qs(parsed.query).get('stream_id', [''])[0]
+                q = STREAMS.get(stream_id)
+                if q is None: return j(self, {'error': 'stream not found'}, status=404)
+                self.send_response(200)
+                self.send_header('Content-Type', 'text/event-stream; charset=utf-8')
+                self.send_header('Cache-Control', 'no-cache')
+                self.send_header('X-Accel-Buffering', 'no')
+                self.send_header('Connection', 'keep-alive')
+                self.end_headers()
+                try:
+                    while True:
+                        try:
+                            event, data = q.get(timeout=30)
+                        except queue.Empty:
+                            self.wfile.write(b': heartbeat\n\n'); self.wfile.flush(); continue
+                        _sse(self, event, data)
+                        if event in ('done', 'error', 'cancel'): break
+                except (BrokenPipeError, ConnectionResetError): pass
+                return
+            if parsed.path == '/api/file/raw':
+                # Serve raw file bytes (for images and downloads).
+                # Pass ?download=1 to force Content-Disposition: attachment (save to disk).
+                qs = parse_qs(parsed.query)
+                _raw_sid = qs.get('session_id', [''])[0]
+                if not _raw_sid: return bad(self, 'session_id is required')
+                try: s = get_session(_raw_sid)
+                except KeyError: return bad(self, 'Session not found', 404)
+                rel = qs.get('path', [''])[0]
+                force_download = qs.get('download', [''])[0] == '1'
+                target = safe_resolve(Path(s.workspace), rel)
+                if not target.exists() or not target.is_file():
+                    return j(self, {'error': 'not found'}, status=404)
+                ext = target.suffix.lower()
+                mime = MIME_MAP.get(ext, 'application/octet-stream')
+                raw_bytes = target.read_bytes()
+                import urllib.parse as _up
+                safe_name = _up.quote(target.name, safe='')
+                self.send_response(200)
+                self.send_header('Content-Type', mime)
+                self.send_header('Content-Length', str(len(raw_bytes)))
+                self.send_header('Cache-Control', 'no-store')
+                if force_download:
+                    self.send_header('Content-Disposition', f'attachment; filename="{target.name}"; filename*=UTF-8\'\'{safe_name}')
+                self.end_headers()
+                self.wfile.write(raw_bytes)
+                return
+            if parsed.path == '/api/file':
+                qs3 = parse_qs(parsed.query)
+                sid3 = qs3.get('session_id', [''])[0]
+                if not sid3: return bad(self, 'session_id is required')
+                try: s = get_session(sid3)
+                except KeyError: return bad(self, 'Session not found', 404)
+                rel3 = qs3.get('path', [''])[0]
+                if not rel3: return bad(self, 'path is required')
+                try: return j(self, read_file_content(Path(s.workspace), rel3))
+                except (FileNotFoundError, ValueError) as e: return bad(self, str(e), 404)
+            if parsed.path == '/api/approval/pending':
+                sid = parse_qs(parsed.query).get('session_id', [''])[0]
+                if has_pending(sid):
+                    # peek without removing
+                    import threading as _t
+                    from tools.approval import _pending, _lock
+                    with _lock:
+                        p = dict(_pending.get(sid, {}))
+                    return j(self, {'pending': p})
+                return j(self, {'pending': None})
+            # Test-only: inject a pending approval entry directly (no agent needed)
+            if parsed.path == '/api/approval/inject_test':
+                qs2 = parse_qs(parsed.query)
+                sid = qs2.get('session_id', [''])[0]
+                key = qs2.get('pattern_key', ['test_pattern'])[0]
+                cmd = qs2.get('command', ['rm -rf /tmp/test'])[0]
+                if sid:
+                    submit_pending(sid, {
+                        'command': cmd, 'pattern_key': key,
+                        'pattern_keys': [key], 'description': 'test pattern',
+                    })
+                    return j(self, {'ok': True, 'session_id': sid})
+                return j(self, {'error': 'session_id required'}, status=400)
+            self._log_request(self.command, self.path, 404, (time.time()-_t0)*1000)
+            # ── Cron API ──
+            if parsed.path == '/api/crons':
+                sys.path.insert(0, str(Path(__file__).parent.parent))
+                from cron.jobs import list_jobs, OUTPUT_DIR as CRON_OUT
+                jobs = list_jobs(include_disabled=True)
+                return j(self, {'jobs': jobs})
+            if parsed.path == '/api/crons/output':
+                from cron.jobs import OUTPUT_DIR as CRON_OUT
+                job_id = parse_qs(parsed.query).get('job_id', [''])[0]
+                limit = int(parse_qs(parsed.query).get('limit', ['5'])[0])
+                if not job_id: return j(self, {'error': 'job_id required'}, status=400)
+                out_dir = CRON_OUT / job_id
+                outputs = []
+                if out_dir.exists():
+                    files = sorted(out_dir.glob('*.md'), reverse=True)[:limit]
+                    for f in files:
+                        try:
+                            txt_content = f.read_text(encoding='utf-8', errors='replace')
+                            outputs.append({'filename': f.name, 'content': txt_content[:8000]})
+                        except Exception: pass
+                return j(self, {'job_id': job_id, 'outputs': outputs})
+            # ── Skills API ──
+            if parsed.path == '/api/skills':
+                from tools.skills_tool import skills_list as _skills_list
+                import json as _j
+                raw = _skills_list()
+                data = _j.loads(raw) if isinstance(raw, str) else raw
+                return j(self, {'skills': data.get('skills', [])})
+            if parsed.path == '/api/skills/content':
+                from tools.skills_tool import skill_view as _skill_view
+                import json as _j
+                name = parse_qs(parsed.query).get('name', [''])[0]
+                if not name: return j(self, {'error': 'name required'}, status=400)
+                raw = _skill_view(name)
+                data = _j.loads(raw) if isinstance(raw, str) else raw
+                return j(self, data)
+            # ── Memory API ──
+            if parsed.path == '/api/memory':
+                mem_dir = Path.home() / '.hermes' / 'memories'
+                mem_file = mem_dir / 'MEMORY.md'
+                user_file = mem_dir / 'USER.md'
+                memory = mem_file.read_text(encoding='utf-8', errors='replace') if mem_file.exists() else ''
+                user = user_file.read_text(encoding='utf-8', errors='replace') if user_file.exists() else ''
+                return j(self, {
+                    'memory': memory, 'user': user,
+                    'memory_path': str(mem_file), 'user_path': str(user_file),
+                    'memory_mtime': mem_file.stat().st_mtime if mem_file.exists() else None,
+                    'user_mtime': user_file.stat().st_mtime if user_file.exists() else None,
+                })
+            if parsed.path == '/api/crons/run':
+                job_id = body.get('job_id', '')
+                if not job_id: return bad(self, 'job_id required')
+                from cron.jobs import get_job
+                from cron.scheduler import run_job
+                import threading as _threading
+                job = get_job(job_id)
+                if not job: return bad(self, 'Job not found', 404)
+                # Run in a background thread so the request returns immediately
+                _threading.Thread(target=run_job, args=(job,), daemon=True).start()
+                return j(self, {'ok': True, 'job_id': job_id, 'status': 'triggered'})
+            if parsed.path == '/api/crons/pause':
+                job_id = body.get('job_id', '')
+                if not job_id: return bad(self, 'job_id required')
+                from cron.jobs import pause_job
+                result = pause_job(job_id, reason=body.get('reason'))
+                if result: return j(self, {'ok': True, 'job': result})
+                return bad(self, 'Job not found', 404)
+            if parsed.path == '/api/crons/resume':
+                job_id = body.get('job_id', '')
+                if not job_id: return bad(self, 'job_id required')
+                from cron.jobs import resume_job
+                result = resume_job(job_id)
+                if result: return j(self, {'ok': True, 'job': result})
+                return bad(self, 'Job not found', 404)
+            self._log_request(self.command, self.path, 404, (time.time()-_t0)*1000)
+            if parsed.path == '/api/skills/save':
+                # Create or update a skill's SKILL.md content
+                try: require(body, 'name', 'content')
+                except ValueError as e: return bad(self, str(e))
+                skill_name = body['name'].strip().lower().replace(' ', '-')
+                if not skill_name or '/' in skill_name or '..' in skill_name:
+                    return bad(self, 'Invalid skill name')
+                category = body.get('category', '').strip()
+                from tools.skills_tool import SKILLS_DIR
+                if category:
+                    skill_dir = SKILLS_DIR / category / skill_name
+                else:
+                    skill_dir = SKILLS_DIR / skill_name
+                skill_dir.mkdir(parents=True, exist_ok=True)
+                skill_file = skill_dir / 'SKILL.md'
+                skill_file.write_text(body['content'], encoding='utf-8')
+                return j(self, {'ok': True, 'name': skill_name, 'path': str(skill_file)})
+            if parsed.path == '/api/skills/delete':
+                try: require(body, 'name')
+                except ValueError as e: return bad(self, str(e))
+                from tools.skills_tool import SKILLS_DIR
+                import shutil as _shutil
+                # Search for the skill directory by name
+                matches = list(SKILLS_DIR.rglob(f'{body["name"]}/SKILL.md'))
+                if not matches: return bad(self, 'Skill not found', 404)
+                skill_dir = matches[0].parent
+                _shutil.rmtree(str(skill_dir))
+                return j(self, {'ok': True, 'name': body['name']})
+            if parsed.path == '/api/memory/write':
+                # Write to MEMORY.md or USER.md
+                try: require(body, 'section', 'content')
+                except ValueError as e: return bad(self, str(e))
+                mem_dir = Path.home() / '.hermes' / 'memories'
+                mem_dir.mkdir(parents=True, exist_ok=True)
+                section = body['section']
+                if section == 'memory':
+                    target = mem_dir / 'MEMORY.md'
+                elif section == 'user':
+                    target = mem_dir / 'USER.md'
+                else:
+                    return bad(self, 'section must be "memory" or "user"')
+                target.write_text(body['content'], encoding='utf-8')
+                return j(self, {'ok': True, 'section': section, 'path': str(target)})
+            return j(self, {'error':'not found'}, status=404)
+        except Exception as e:
+            self._log_request(self.command, self.path, 500, (time.time()-_t0)*1000)
+            return j(self, {'error': str(e), 'trace': traceback.format_exc()}, status=500)
+    def do_POST(self):
+        _t0 = time.time()
+        self._req_t0 = _t0
+        try:
+            parsed = urlparse(self.path)
+            if parsed.path == '/api/upload':
+                return handle_upload(self)
+            body = read_body(self)
+            if parsed.path == '/api/session/new':
+                s = new_session(workspace=body.get('workspace'), model=body.get('model')); return j(self, {'session': s.compact() | {'messages': s.messages}})
+            if parsed.path == '/api/sessions/cleanup':
+                # Delete all sessions with no messages and title == Untitled (legacy)
+                cleaned = 0
+                for p in SESSION_DIR.glob('*.json'):
+                    if p.name.startswith('_'): continue
+                    try:
+                        s = Session.load(p.stem)
+                        if s and s.title == 'Untitled' and len(s.messages) == 0:
+                            with LOCK: SESSIONS.pop(p.stem, None)
+                            p.unlink(missing_ok=True)
+                            cleaned += 1
+                    except Exception: pass
+                if SESSION_INDEX_FILE.exists():
+                    SESSION_INDEX_FILE.unlink(missing_ok=True)
+                return j(self, {'ok': True, 'cleaned': cleaned})
+            if parsed.path == '/api/sessions/cleanup_zero_message':
+                # Delete ALL sessions with 0 messages (used by test teardown)
+                cleaned = 0
+                for p in SESSION_DIR.glob('*.json'):
+                    if p.name.startswith('_'): continue
+                    try:
+                        s = Session.load(p.stem)
+                        if s and len(s.messages) == 0:
+                            with LOCK: SESSIONS.pop(p.stem, None)
+                            p.unlink(missing_ok=True)
+                            cleaned += 1
+                    except Exception: pass
+                if SESSION_INDEX_FILE.exists():
+                    SESSION_INDEX_FILE.unlink(missing_ok=True)
+                return j(self, {'ok': True, 'cleaned': cleaned})
+            if parsed.path == '/api/session/rename':
+                try: require(body, 'session_id', 'title')
+                except ValueError as e: return bad(self, str(e))
+                try: s = get_session(body['session_id'])
+                except KeyError: return bad(self, 'Session not found', 404)
+                s.title = str(body['title']).strip()[:80] or 'Untitled'
+                s.save()
+                return j(self, {'session': s.compact()})
+            if parsed.path == '/api/session/update':
+                try: require(body, 'session_id')
+                except ValueError as e: return bad(self, str(e))
+                try: s = get_session(body['session_id'])
+                except KeyError: return bad(self, 'Session not found', 404)
+                new_ws = str(Path(body.get('workspace', s.workspace)).expanduser().resolve())
+                s.workspace = new_ws; s.model = body.get('model', s.model); s.save()
+                set_last_workspace(new_ws)  # persist for new session inheritance
+                return j(self, {'session': s.compact() | {'messages': s.messages}})
+            if parsed.path == '/api/session/delete':
+                sid = body.get('session_id','')
+                if not sid: return bad(self, 'session_id is required')
+                with LOCK: SESSIONS.pop(sid, None)
+                p = SESSION_DIR / f'{sid}.json'
+                try: p.unlink(missing_ok=True)
+                except Exception: pass
+                # Invalidate index so the deleted session stops appearing in lists
+                try: SESSION_INDEX_FILE.unlink(missing_ok=True)
+                except Exception: pass
+                return j(self, {'ok': True})
+            if parsed.path == '/api/session/clear':
+                # Wipe all messages from a session, keep session metadata
+                try: require(body, 'session_id')
+                except ValueError as e: return bad(self, str(e))
+                try: s = get_session(body['session_id'])
+                except KeyError: return bad(self, 'Session not found', 404)
+                s.messages = []
+                s.tool_calls = []
+                s.title = 'Untitled'
+                s.save()
+                return j(self, {'ok': True, 'session': s.compact()})
+            if parsed.path == '/api/session/truncate':
+                # Truncate messages at a given index (keep messages[:index])
+                # Used by edit+regenerate: trim everything from the edited message onward
+                try: require(body, 'session_id')
+                except ValueError as e: return bad(self, str(e))
+                if body.get('keep_count') is None: return bad(self, 'Missing required field(s): keep_count')
+                try: s = get_session(body['session_id'])
+                except KeyError: return bad(self, 'Session not found', 404)
+                keep = int(body['keep_count'])
+                s.messages = s.messages[:keep]
+                s.save()
+                return j(self, {'ok': True, 'session': s.compact() | {'messages': s.messages}})
+            if parsed.path == '/api/chat/start':
+                try: require(body, 'session_id')
+                except ValueError as e: return bad(self, str(e))
+                try: s = get_session(body['session_id'])
+                except KeyError: return bad(self, 'Session not found', 404)
+                msg = str(body.get('message', '')).strip()
+                if not msg: return bad(self, 'message is required')
+                attachments = [str(a) for a in (body.get('attachments') or [])][:20]
+                workspace = str(Path(body.get('workspace') or s.workspace).expanduser().resolve())
+                model = body.get('model') or s.model
+                s.workspace = workspace; s.model = model; s.save()
+                set_last_workspace(workspace)  # persist for new session inheritance
+                stream_id = uuid.uuid4().hex
+                q = queue.Queue()
+                with STREAMS_LOCK: STREAMS[stream_id] = q
+                t = threading.Thread(target=_run_agent_streaming,
+                    args=(s.session_id, msg, model, workspace, stream_id, attachments), daemon=True)
+                t.start()
+                return j(self, {'stream_id': stream_id, 'session_id': s.session_id})
+            if parsed.path == '/api/chat':
+                s = get_session(body['session_id']); msg = str(body.get('message', '')).strip()
+                if not msg: return j(self, {'error':'empty message'}, status=400)
+                workspace = Path(body.get('workspace') or s.workspace).expanduser().resolve(); s.workspace = str(workspace); s.model = body.get('model') or s.model
+                old_cwd = os.environ.get('TERMINAL_CWD'); os.environ['TERMINAL_CWD'] = str(workspace)
+                old_exec_ask = os.environ.get('HERMES_EXEC_ASK')
+                old_session_key = os.environ.get('HERMES_SESSION_KEY')
+                os.environ['HERMES_EXEC_ASK'] = '1'
+                os.environ['HERMES_SESSION_KEY'] = s.session_id
+                try:
+                    with CHAT_LOCK:
+                        agent = AIAgent(model=s.model, platform='cli', quiet_mode=True, enabled_toolsets=CLI_TOOLSETS, session_id=s.session_id)
+                        workspace_ctx = f"[Workspace: {s.workspace}]\n"
+                        workspace_system_msg = (
+                            f"Active workspace at session start: {s.workspace}\n"
+                            "Every user message is prefixed with [Workspace: /absolute/path] indicating the "
+                            "workspace the user has selected in the web UI at the time they sent that message. "
+                            "This tag is the single authoritative source of the active workspace and updates "
+                            "with every message. It overrides any prior workspace mentioned in this system "
+                            "prompt, memory, or conversation history. Always use the value from the most recent "
+                            "[Workspace: ...] tag as your default working directory for ALL file operations: "
+                            "write_file, read_file, search_files, terminal workdir, and patch. "
+                            "Never fall back to a hardcoded path when this tag is present."
+                        )
+                        result = agent.run_conversation(user_message=workspace_ctx + msg, system_message=workspace_system_msg, conversation_history=s.messages, task_id=s.session_id, persist_user_message=msg)
+                finally:
+                    if old_cwd is None: os.environ.pop('TERMINAL_CWD', None)
+                    else: os.environ['TERMINAL_CWD'] = old_cwd
+                    if old_exec_ask is None: os.environ.pop('HERMES_EXEC_ASK', None)
+                    else: os.environ['HERMES_EXEC_ASK'] = old_exec_ask
+                    if old_session_key is None: os.environ.pop('HERMES_SESSION_KEY', None)
+                    else: os.environ['HERMES_SESSION_KEY'] = old_session_key
+                s.messages = result.get('messages') or s.messages; s.title = title_from(s.messages, s.title); s.save()
+                return j(self, {'answer': result.get('final_response') or '', 'status': 'done' if result.get('completed', True) else 'partial', 'session': s.compact() | {'messages': s.messages}, 'result': {k:v for k,v in result.items() if k != 'messages'}})
+            if parsed.path == '/api/crons/create':
+                try: require(body, 'prompt', 'schedule')
+                except ValueError as e: return bad(self, str(e))
+                try:
+                    from cron.jobs import create_job
+                    job = create_job(
+                        prompt=body['prompt'],
+                        schedule=body['schedule'],
+                        name=body.get('name') or None,
+                        deliver=body.get('deliver') or 'local',
+                        skills=body.get('skills') or [],
+                        model=body.get('model') or None,
+                    )
+                    return j(self, {'ok': True, 'job': job})
+                except Exception as e:
+                    return j(self, {'error': str(e)}, status=400)
+            if parsed.path == '/api/crons/update':
+                try: require(body, 'job_id')
+                except ValueError as e: return bad(self, str(e))
+                from cron.jobs import update_job
+                updates = {k: v for k, v in body.items() if k != 'job_id' and v is not None}
+                job = update_job(body['job_id'], updates)
+                if not job: return bad(self, 'Job not found', 404)
+                return j(self, {'ok': True, 'job': job})
+            if parsed.path == '/api/crons/delete':
+                try: require(body, 'job_id')
+                except ValueError as e: return bad(self, str(e))
+                from cron.jobs import remove_job
+                ok = remove_job(body['job_id'])
+                if not ok: return bad(self, 'Job not found', 404)
+                return j(self, {'ok': True, 'job_id': body['job_id']})
+            if parsed.path == '/api/file/delete':
+                try: require(body, 'session_id', 'path')
+                except ValueError as e: return bad(self, str(e))
+                try: s = get_session(body['session_id'])
+                except KeyError: return bad(self, 'Session not found', 404)
+                try:
+                    target = safe_resolve(Path(s.workspace), body['path'])
+                    if not target.exists(): return bad(self, 'File not found', 404)
+                    if target.is_dir(): return bad(self, 'Cannot delete directories via this endpoint')
+                    target.unlink()
+                    return j(self, {'ok': True, 'path': body['path']})
+                except (ValueError, PermissionError) as e: return bad(self, str(e))
+            if parsed.path == '/api/file/save':
+                try: require(body, 'session_id', 'path')
+                except ValueError as e: return bad(self, str(e))
+                try: s = get_session(body['session_id'])
+                except KeyError: return bad(self, 'Session not found', 404)
+                try:
+                    target = safe_resolve(Path(s.workspace), body['path'])
+                    if not target.exists(): return bad(self, 'File not found', 404)
+                    if target.is_dir(): return bad(self, 'Cannot save: path is a directory')
+                    target.write_text(body.get('content', ''), encoding='utf-8')
+                    return j(self, {'ok': True, 'path': body['path'], 'size': target.stat().st_size})
+                except (ValueError, PermissionError) as e: return bad(self, str(e))
+            if parsed.path == '/api/file/create':
+                try: require(body, 'session_id', 'path')
+                except ValueError as e: return bad(self, str(e))
+                try: s = get_session(body['session_id'])
+                except KeyError: return bad(self, 'Session not found', 404)
+                try:
+                    target = safe_resolve(Path(s.workspace), body['path'])
+                    if target.exists(): return bad(self, 'File already exists')
+                    target.parent.mkdir(parents=True, exist_ok=True)
+                    target.write_text(body.get('content', ''), encoding='utf-8')
+                    return j(self, {'ok': True, 'path': str(target.relative_to(Path(s.workspace)))})
+                except (ValueError, PermissionError) as e: return bad(self, str(e))
+            if parsed.path == '/api/workspaces/add':
+                path_str = body.get('path', '').strip()
+                name = body.get('name', '').strip()
+                if not path_str: return bad(self, 'path is required')
+                p = Path(path_str).expanduser().resolve()
+                if not p.exists(): return bad(self, f'Path does not exist: {p}')
+                if not p.is_dir(): return bad(self, f'Path is not a directory: {p}')
+                wss = load_workspaces()
+                if any(w['path'] == str(p) for w in wss):
+                    return bad(self, 'Workspace already in list')
+                wss.append({'path': str(p), 'name': name or p.name})
+                save_workspaces(wss)
+                return j(self, {'ok': True, 'workspaces': wss})
+            if parsed.path == '/api/workspaces/remove':
+                path_str = body.get('path', '').strip()
+                if not path_str: return bad(self, 'path is required')
+                wss = load_workspaces()
+                wss = [w for w in wss if w['path'] != path_str]
+                save_workspaces(wss)
+                return j(self, {'ok': True, 'workspaces': wss})
+            if parsed.path == '/api/workspaces/rename':
+                path_str = body.get('path', '').strip()
+                name = body.get('name', '').strip()
+                if not path_str or not name: return bad(self, 'path and name are required')
+                wss = load_workspaces()
+                for w in wss:
+                    if w['path'] == path_str:
+                        w['name'] = name; break
+                else:
+                    return bad(self, 'Workspace not found', 404)
+                save_workspaces(wss)
+                return j(self, {'ok': True, 'workspaces': wss})
+            if parsed.path == '/api/approval/respond':
+                sid = body.get('session_id', '')
+                if not sid: return bad(self, 'session_id is required')
+                choice = body.get('choice', 'deny')
+                if choice not in ('once','session','always','deny'):
+                    return bad(self, f'Invalid choice: {choice}')
+                from tools.approval import _pending, _lock, _permanent_approved
+                with _lock:
+                    pending = _pending.pop(sid, None)
+                if pending:
+                    keys = pending.get('pattern_keys') or [pending.get('pattern_key', '')]
+                    if choice in ('once', 'session'):
+                        for k in keys: approve_session(sid, k)
+                    elif choice == 'always':
+                        for k in keys:
+                            approve_session(sid, k); approve_permanent(k)
+                        save_permanent_allowlist(_permanent_approved)
+                return j(self, {'ok': True, 'choice': choice})
+            if parsed.path == '/api/skills/save':
+                # Create or update a skill's SKILL.md content
+                try: require(body, 'name', 'content')
+                except ValueError as e: return bad(self, str(e))
+                skill_name = body['name'].strip().lower().replace(' ', '-')
+                if not skill_name or '/' in skill_name or '..' in skill_name:
+                    return bad(self, 'Invalid skill name')
+                category = body.get('category', '').strip()
+                from tools.skills_tool import SKILLS_DIR
+                if category:
+                    skill_dir = SKILLS_DIR / category / skill_name
+                else:
+                    skill_dir = SKILLS_DIR / skill_name
+                skill_dir.mkdir(parents=True, exist_ok=True)
+                skill_file = skill_dir / 'SKILL.md'
+                skill_file.write_text(body['content'], encoding='utf-8')
+                return j(self, {'ok': True, 'name': skill_name, 'path': str(skill_file)})
+            if parsed.path == '/api/skills/delete':
+                try: require(body, 'name')
+                except ValueError as e: return bad(self, str(e))
+                from tools.skills_tool import SKILLS_DIR
+                import shutil as _shutil
+                matches = list(SKILLS_DIR.rglob(f'{body["name"]}/SKILL.md'))
+                if not matches: return bad(self, 'Skill not found', 404)
+                skill_dir = matches[0].parent
+                _shutil.rmtree(str(skill_dir))
+                return j(self, {'ok': True, 'name': body['name']})
+            if parsed.path == '/api/memory/write':
+                # Write to MEMORY.md or USER.md
+                try: require(body, 'section', 'content')
+                except ValueError as e: return bad(self, str(e))
+                mem_dir = Path.home() / '.hermes' / 'memories'
+                mem_dir.mkdir(parents=True, exist_ok=True)
+                section = body['section']
+                if section == 'memory':
+                    target = mem_dir / 'MEMORY.md'
+                elif section == 'user':
+                    target = mem_dir / 'USER.md'
+                else:
+                    return bad(self, 'section must be "memory" or "user"')
+                target.write_text(body['content'], encoding='utf-8')
+                return j(self, {'ok': True, 'section': section, 'path': str(target)})
+            return j(self, {'error':'not found'}, status=404)
+        except Exception as e:
+            self._log_request(self.command, self.path, 500, (time.time()-_t0)*1000)
+            return j(self, {'error': str(e), 'trace': traceback.format_exc()}, status=500)
+
+
+def main():
+    from api.config import print_startup_config, verify_hermes_imports, _HERMES_FOUND
+    print_startup_config()
+
+    if not _HERMES_FOUND:
+        ok, missing = verify_hermes_imports()
+    else:
+        ok, missing = verify_hermes_imports()
+        if not ok:
+            print(f'[!!] Warning: Hermes agent found but missing modules: {missing}', flush=True)
+            print('     Agent features may not work correctly.', flush=True)
+
+    STATE_DIR.mkdir(parents=True, exist_ok=True)
+    SESSION_DIR.mkdir(parents=True, exist_ok=True)
+    DEFAULT_WORKSPACE.mkdir(parents=True, exist_ok=True)
+    httpd = ThreadingHTTPServer((HOST, PORT), Handler)
+    print(f'  Hermes WebUI listening on http://{HOST}:{PORT}', flush=True)
+    if HOST == '127.0.0.1':
+        print(f'  Remote access: ssh -N -L {PORT}:127.0.0.1:{PORT} <user>@<your-server>', flush=True)
+    print(f'  Then open:     http://localhost:{PORT}', flush=True)
+    print('', flush=True)
+    httpd.serve_forever()
+
+if __name__ == '__main__':
+    main()
diff --git a/start.sh b/start.sh
new file mode 100755
index 0000000..f1744ec
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,260 @@
+#!/usr/bin/env bash
+# ============================================================
+# Hermes Web UI -- portable bootstrap
+# Usage: ./start.sh [port]
+#
+# One-command startup. Discovers your Hermes install, sets up
+# a local virtualenv if needed, installs dependencies, then
+# launches the server and prints everything you need to know.
+#
+# Override any step with environment variables:
+#   HERMES_WEBUI_AGENT_DIR   path to hermes-agent checkout
+#   HERMES_WEBUI_PYTHON      python executable to use
+#   HERMES_WEBUI_PORT        port to listen on (default: 8787)
+#   HERMES_WEBUI_HOST        bind address (default: 127.0.0.1)
+#   HERMES_HOME              override ~/.hermes base
+#   HERMES_WEBUI_STATE_DIR   override state directory
+# ============================================================
+
+set -euo pipefail
+
+# ── Load .env if present (machine-local overrides, not committed) ─────────────
+_SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+if [[ -f "${_SCRIPT_DIR}/.env" ]]; then
+    set -a
+    # shellcheck source=/dev/null
+    source "${_SCRIPT_DIR}/.env"
+    set +a
+fi
+
+# ── Colours ──────────────────────────────────────────────────────────────────
+RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'
+CYAN='\033[0;36m'; BOLD='\033[1m'; RESET='\033[0m'
+ok()   { echo -e "${GREEN}[ok]${RESET} $*"; }
+warn() { echo -e "${YELLOW}[!!]${RESET} $*"; }
+die()  { echo -e "${RED}[XX]${RESET} $*" >&2; exit 1; }
+info() { echo -e "${CYAN}[--]${RESET} $*"; }
+hdr()  { echo -e "\n${BOLD}$*${RESET}"; }
+
+# ── Resolve repo root (the directory this script lives in) ───────────────────
+REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+info "Repo root: ${REPO_ROOT}"
+
+# ── Port ─────────────────────────────────────────────────────────────────────
+PORT="${1:-${HERMES_WEBUI_PORT:-8787}}"
+export HERMES_WEBUI_PORT="${PORT}"
+
+# ── Python discovery ─────────────────────────────────────────────────────────
+hdr "Discovering Python..."
+
+_find_python() {
+    # 1. Explicit env var
+    if [[ -n "${HERMES_WEBUI_PYTHON:-}" ]]; then
+        echo "${HERMES_WEBUI_PYTHON}"; return
+    fi
+
+    # 2. Agent venv (discovered below -- call again after agent dir found)
+    # (handled after agent dir discovery)
+
+    # 3. Local .venv in repo
+    if [[ -x "${REPO_ROOT}/.venv/bin/python" ]]; then
+        echo "${REPO_ROOT}/.venv/bin/python"; return
+    fi
+
+    # 4. System python3
+    if command -v python3 &>/dev/null; then
+        echo "$(command -v python3)"; return
+    fi
+
+    echo ""
+}
+
+PYTHON="$(_find_python)"
+
+# ── Hermes agent discovery ────────────────────────────────────────────────────
+hdr "Discovering Hermes agent..."
+
+HERMES_HOME="${HERMES_HOME:-${HOME}/.hermes}"
+AGENT_DIR=""
+
+_find_agent() {
+    local candidates=(
+        "${HERMES_WEBUI_AGENT_DIR:-}"
+        "${HERMES_HOME}/hermes-agent"
+        "${REPO_ROOT}/../hermes-agent"
+        "${HOME}/.hermes/hermes-agent"
+        "${HOME}/hermes-agent"
+    )
+
+    for d in "${candidates[@]}"; do
+        [[ -z "$d" ]] && continue
+        d="$(cd "${d}" 2>/dev/null && pwd || true)"
+        if [[ -n "$d" && -f "${d}/run_agent.py" ]]; then
+            echo "$d"; return
+        fi
+    done
+    echo ""
+}
+
+AGENT_DIR="$(_find_agent)"
+
+if [[ -n "${AGENT_DIR}" ]]; then
+    ok "Hermes agent: ${AGENT_DIR}"
+    export HERMES_WEBUI_AGENT_DIR="${AGENT_DIR}"
+
+    # Now that we have agent dir, prefer its venv if we don't already have a python
+    if [[ -z "${HERMES_WEBUI_PYTHON:-}" && -x "${AGENT_DIR}/venv/bin/python" ]]; then
+        PYTHON="${AGENT_DIR}/venv/bin/python"
+    fi
+else
+    warn "Hermes agent not found. Agent features will not work."
+    warn "Fix with: export HERMES_WEBUI_AGENT_DIR=/path/to/hermes-agent"
+fi
+
+if [[ -n "${PYTHON}" ]]; then
+    ok "Python: ${PYTHON}  ($(${PYTHON} --version 2>&1))"
+else
+    warn "No Python found. Attempting to install..."
+    if command -v apt-get &>/dev/null; then
+        sudo apt-get install -y python3 python3-venv python3-pip
+    elif command -v brew &>/dev/null; then
+        brew install python3
+    else
+        die "Could not find or install Python. Please install Python 3.8+ and re-run."
+    fi
+    PYTHON="$(command -v python3)"
+    ok "Python installed: ${PYTHON}"
+fi
+
+# ── Minimum Python version check ─────────────────────────────────────────────
+PY_VER="$(${PYTHON} -c 'import sys; print(f"{sys.version_info.major}.{sys.version_info.minor}")')"
+PY_MAJOR="$(echo "${PY_VER}" | cut -d. -f1)"
+PY_MINOR="$(echo "${PY_VER}" | cut -d. -f2)"
+if [[ "${PY_MAJOR}" -lt 3 || ( "${PY_MAJOR}" -eq 3 && "${PY_MINOR}" -lt 8 ) ]]; then
+    die "Python 3.8+ required. Found: ${PY_VER}"
+fi
+
+# ── Dependency check / local venv setup ──────────────────────────────────────
+hdr "Checking dependencies..."
+
+VENV_NEEDED=false
+VENV_PATH="${REPO_ROOT}/.venv"
+
+# If the chosen python is already the agent venv, its deps are already installed.
+# If it is a system python, check if we can import the webui deps, create a local
+# .venv if not.
+_check_deps() {
+    "${PYTHON}" -c "import yaml" 2>/dev/null
+}
+
+if ! _check_deps; then
+    info "PyYAML not found in ${PYTHON}. Creating local .venv..."
+
+    if [[ ! -d "${VENV_PATH}" ]]; then
+        "${PYTHON}" -m venv "${VENV_PATH}" || die "Failed to create virtualenv at ${VENV_PATH}"
+    fi
+
+    VENV_PY="${VENV_PATH}/bin/python"
+    "${VENV_PY}" -m pip install --quiet --upgrade pip
+
+    if [[ -f "${REPO_ROOT}/requirements.txt" ]]; then
+        info "Installing from requirements.txt..."
+        "${VENV_PY}" -m pip install --quiet -r "${REPO_ROOT}/requirements.txt"
+    else
+        info "Installing minimal deps (pyyaml)..."
+        "${VENV_PY}" -m pip install --quiet pyyaml
+    fi
+
+    PYTHON="${VENV_PY}"
+    ok "Local venv ready: ${VENV_PATH}"
+else
+    ok "Dependencies satisfied."
+fi
+
+# ── Kill any stale instance on the same port ─────────────────────────────────
+hdr "Checking for existing instances..."
+
+EXISTING=$(lsof -ti tcp:"${PORT}" 2>/dev/null || true)
+if [[ -n "${EXISTING}" ]]; then
+    warn "Killing existing process on port ${PORT} (PID ${EXISTING})"
+    kill "${EXISTING}" 2>/dev/null || true
+    sleep 0.5
+fi
+
+# Also kill any server.py process from this repo
+pkill -f "${REPO_ROOT}/server.py" 2>/dev/null || true
+
+# ── Set up working directory for Hermes imports ───────────────────────────────
+# server.py / api/config.py inject agent dir into sys.path at import time,
+# but we also cd into the agent dir so relative imports in run_agent work.
+if [[ -n "${AGENT_DIR}" ]]; then
+    WORKDIR="${AGENT_DIR}"
+else
+    WORKDIR="${REPO_ROOT}"
+fi
+
+# ── Launch ───────────────────────────────────────────────────────────────────
+hdr "Starting Hermes Web UI..."
+
+LOG="/tmp/hermes-webui-${PORT}.log"
+export HERMES_WEBUI_HOST="${HERMES_WEBUI_HOST:-127.0.0.1}"
+export HERMES_WEBUI_STATE_DIR="${HERMES_WEBUI_STATE_DIR:-${HERMES_HOME}/webui-mvp}"
+
+nohup "${PYTHON}" "${REPO_ROOT}/server.py" \
+    > "${LOG}" 2>&1 &
+PID=$!
+
+echo -e "\n${CYAN}  PID ${PID} starting...${RESET}"
+sleep 1.5
+
+# ── Health check ─────────────────────────────────────────────────────────────
+HEALTH_URL="http://${HERMES_WEBUI_HOST:-127.0.0.1}:${PORT}/health"
+MAX_WAIT=15
+ELAPSED=0
+while [[ $ELAPSED -lt $MAX_WAIT ]]; do
+    if curl -sf "${HEALTH_URL}" | grep -q '"status"' 2>/dev/null; then
+        break
+    fi
+    sleep 0.5
+    ELAPSED=$((ELAPSED + 1))
+done
+
+if ! curl -sf "${HEALTH_URL}" | grep -q '"status"' 2>/dev/null; then
+    warn "Health check did not pass within ${MAX_WAIT}s. Check log:"
+    tail -20 "${LOG}"
+    echo ""
+    warn "Server may still be starting. Try: curl ${HEALTH_URL}"
+else
+    ok "Server is healthy."
+fi
+
+# ── Print access instructions ─────────────────────────────────────────────────
+BIND_HOST="${HERMES_WEBUI_HOST:-127.0.0.1}"
+
+echo ""
+echo -e "${BOLD}========================================${RESET}"
+echo -e "${GREEN}  Hermes Web UI is running${RESET}"
+echo -e "${BOLD}========================================${RESET}"
+echo ""
+
+if [[ "${BIND_HOST}" == "127.0.0.1" || "${BIND_HOST}" == "localhost" ]]; then
+    # Server is bound to loopback -- detect if we are on a remote machine
+    # by checking if $SSH_CLIENT or $SSH_TTY is set
+    if [[ -n "${SSH_CLIENT:-}" || -n "${SSH_TTY:-}" ]]; then
+        SERVER_IP="$(hostname -I 2>/dev/null | awk '{print $1}' || echo "<your-server-ip>")"
+        echo -e "  You are on a remote machine. To access from your local browser:"
+        echo ""
+        echo -e "  ${CYAN}ssh -N -L ${PORT}:127.0.0.1:${PORT} \$(whoami)@${SERVER_IP}${RESET}"
+        echo ""
+        echo -e "  Then open: ${BOLD}http://localhost:${PORT}${RESET}"
+    else
+        echo -e "  Open: ${BOLD}http://localhost:${PORT}${RESET}"
+    fi
+else
+    echo -e "  Open: ${BOLD}http://${BIND_HOST}:${PORT}${RESET}"
+fi
+
+echo ""
+echo -e "  Log:  ${LOG}"
+echo -e "  PID:  ${PID}"
+echo ""
diff --git a/static/boot.js b/static/boot.js
new file mode 100644
index 0000000..5e04bdc
--- /dev/null
+++ b/static/boot.js
@@ -0,0 +1,152 @@
+async function cancelStream(){
+  const streamId = S.activeStreamId;
+  if(!streamId) return;
+  try{
+    await fetch(`/api/chat/cancel?stream_id=${encodeURIComponent(streamId)}`);
+    const btn=$('btnCancel');if(btn)btn.style.display='none';
+    setStatus('Cancelling…');
+  }catch(e){setStatus('Cancel failed: '+e.message);}
+}
+
+$('btnSend').onclick=send;
+$('btnAttach').onclick=()=>$('fileInput').click();
+$('fileInput').onchange=e=>{addFiles(Array.from(e.target.files));e.target.value='';};
+$('btnNewChat').onclick=async()=>{await newSession();await renderSessionList();$('msg').focus();};
+$('btnDownload').onclick=()=>{
+  if(!S.session)return;
+  const blob=new Blob([transcript()],{type:'text/markdown'});
+  const a=document.createElement('a');a.href=URL.createObjectURL(blob);
+  a.download=`hermes-${S.session.session_id}.md`;a.click();URL.revokeObjectURL(a.href);
+};
+$('btnExportJSON').onclick=()=>{
+  if(!S.session)return;
+  const url=`/api/session/export?session_id=${encodeURIComponent(S.session.session_id)}`;
+  const a=document.createElement('a');a.href=url;
+  a.download=`hermes-${S.session.session_id}.json`;a.click();
+};
+// btnRefreshFiles is now panel-icon-btn in header (see HTML)
+$('btnClearPreview').onclick=()=>{
+  $('previewArea').classList.remove('visible');
+  $('previewImg').src='';
+  $('previewMd').innerHTML='';
+  $('previewCode').textContent='';
+  $('previewPathText').textContent='';
+  $('fileTree').style.display='';
+};
+// workspacePath click handler removed -- use topbar workspace chip dropdown instead
+$('modelSelect').onchange=async()=>{
+  if(!S.session)return;
+  const selectedModel=$('modelSelect').value;
+  localStorage.setItem('hermes-webui-model', selectedModel);
+  await api('/api/session/update',{method:'POST',body:JSON.stringify({session_id:S.session.session_id,workspace:S.session.workspace,model:selectedModel})});
+  S.session.model=selectedModel;syncTopbar();
+};
+$('msg').addEventListener('input',autoResize);
+$('msg').addEventListener('keydown',e=>{if(e.key==='Enter'&&!e.shiftKey){e.preventDefault();send();}});
+// B14: Cmd/Ctrl+K creates a new chat from anywhere
+document.addEventListener('keydown',async e=>{
+  if((e.metaKey||e.ctrlKey)&&e.key==='k'){
+    e.preventDefault();
+    if(!S.busy){await newSession();await renderSessionList();$('msg').focus();}
+  }
+  if(e.key==='Escape'){
+    // Close workspace dropdown
+    closeWsDropdown();
+    // Clear session search
+    const ss=$('sessionSearch');
+    if(ss&&ss.value){ss.value='';filterSessions();}
+    // Cancel any active message edit
+    const editArea=document.querySelector('.msg-edit-area');
+    if(editArea){
+      const bar=editArea.closest('.msg-row')&&editArea.closest('.msg-row').querySelector('.msg-edit-bar');
+      if(bar){const cancel=bar.querySelector('.msg-edit-cancel');if(cancel)cancel.click();}
+    }
+  }
+});
+$('msg').addEventListener('paste',e=>{
+  const items=Array.from(e.clipboardData?.items||[]);
+  const imageItems=items.filter(i=>i.type.startsWith('image/'));
+  if(!imageItems.length)return;
+  e.preventDefault();
+  const files=imageItems.map(i=>{
+    const blob=i.getAsFile();
+    const ext=i.type.split('/')[1]||'png';
+    return new File([blob],`screenshot-${Date.now()}.${ext}`,{type:i.type});
+  });
+  addFiles(files);
+  setStatus(`Image pasted: ${files.map(f=>f.name).join(', ')}`);
+});
+document.querySelectorAll('.suggestion').forEach(btn=>{
+  btn.onclick=()=>{$('msg').value=btn.dataset.msg;send();};
+});
+
+// Boot: restore last session or start fresh
+// ── Resizable panels ──────────────────────────────────────────────────────
+(function(){
+  const SIDEBAR_MIN=180, SIDEBAR_MAX=420;
+  const PANEL_MIN=180,   PANEL_MAX=500;
+
+  function initResize(handleId, targetEl, edge, minW, maxW, storageKey){
+    const handle = $(handleId);
+    if(!handle || !targetEl) return;
+
+    // Restore saved width
+    const saved = localStorage.getItem(storageKey);
+    if(saved) targetEl.style.width = saved + 'px';
+
+    let startX=0, startW=0;
+
+    handle.addEventListener('mousedown', e=>{
+      e.preventDefault();
+      startX = e.clientX;
+      startW = targetEl.getBoundingClientRect().width;
+      handle.classList.add('dragging');
+      document.body.classList.add('resizing');
+
+      const onMove = ev=>{
+        const delta = edge==='right' ? ev.clientX - startX : startX - ev.clientX;
+        const newW = Math.min(maxW, Math.max(minW, startW + delta));
+        targetEl.style.width = newW + 'px';
+      };
+      const onUp = ()=>{
+        handle.classList.remove('dragging');
+        document.body.classList.remove('resizing');
+        localStorage.setItem(storageKey, parseInt(targetEl.style.width));
+        document.removeEventListener('mousemove', onMove);
+        document.removeEventListener('mouseup', onUp);
+      };
+      document.addEventListener('mousemove', onMove);
+      document.addEventListener('mouseup', onUp);
+    });
+  }
+
+  // Run after DOM ready (called from boot)
+  window._initResizePanels = function(){
+    const sidebar    = document.querySelector('.sidebar');
+    const rightpanel = document.querySelector('.rightpanel');
+    initResize('sidebarResize',    sidebar,    'right', SIDEBAR_MIN, SIDEBAR_MAX, 'hermes-sidebar-w');
+    initResize('rightpanelResize', rightpanel, 'left',  PANEL_MIN,   PANEL_MAX,   'hermes-panel-w');
+  };
+})();
+
+(async()=>{
+  // Restore last-used model preference
+  const savedModel=localStorage.getItem('hermes-webui-model');
+  if(savedModel && $('modelSelect')){
+    $('modelSelect').value=savedModel;
+    // If the value didn't take (model not in list), clear the bad pref
+    if($('modelSelect').value!==savedModel) localStorage.removeItem('hermes-webui-model');
+  }
+  // Pre-load workspace list so sidebar name is correct from first render
+  await loadWorkspaceList();
+  _initResizePanels();
+  const saved=localStorage.getItem('hermes-webui-session');
+  if(saved){
+    try{await loadSession(saved);await renderSessionList();await checkInflightOnBoot(saved);return;}
+    catch(e){localStorage.removeItem('hermes-webui-session');}
+  }
+  // no saved session - show empty state, wait for user to hit +
+  $('emptyState').style.display='';
+  await renderSessionList();
+})();
+
diff --git a/static/index.html b/static/index.html
new file mode 100644
index 0000000..7016ca2
--- /dev/null
+++ b/static/index.html
@@ -0,0 +1,264 @@
+<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Hermes</title>
+<link rel="stylesheet" href="/static/style.css">
+  <!-- Prism.js syntax highlighting (loaded async, non-blocking) -->
+  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/prismjs@1.29.0/themes/prism-tomorrow.min.css">
+  <script src="https://cdn.jsdelivr.net/npm/prismjs@1.29.0/components/prism-core.min.js" defer></script>
+  <script src="https://cdn.jsdelivr.net/npm/prismjs@1.29.0/plugins/autoloader/prism-autoloader.min.js" defer></script>
+</head>
+<body>
+<div class="layout">
+  <aside class="sidebar">
+    <div class="sidebar-header"><div class="logo">H</div><div><h1 style="margin:0;font-size:15px;font-weight:700;letter-spacing:-.01em">Hermes</h1><div style="font-size:10px;color:var(--muted);opacity:.8;margin-top:1px">v0.1.0 · WebUI</div></div></div>
+    <div class="sidebar-nav">
+      <button class="nav-tab active" data-panel="chat" data-label="Chat" onclick="switchPanel('chat')" title="Chat">&#128172;</button>
+      <button class="nav-tab" data-panel="tasks" data-label="Tasks" onclick="switchPanel('tasks')" title="Tasks">&#128197;</button>
+      <button class="nav-tab" data-panel="skills" data-label="Skills" onclick="switchPanel('skills')" title="Skills">&#129513;</button>
+      <button class="nav-tab" data-panel="memory" data-label="Memory" onclick="switchPanel('memory')" title="Memory">&#129504;</button>
+      <button class="nav-tab" data-panel="workspaces" data-label="Spaces" onclick="switchPanel('workspaces')" title="Spaces">&#128193;</button>
+      <button class="nav-tab" data-panel="todos" data-label="Todos" onclick="switchPanel('todos')" title="Current task list">&#9989;</button>
+    </div>
+    <!-- Chat panel -->
+    <div class="panel-view active" id="panelChat">
+      <div class="sidebar-section">
+        <button class="new-chat-btn" id="btnNewChat">
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5"><line x1="12" y1="5" x2="12" y2="19"/><line x1="5" y1="12" x2="19" y2="12"/></svg>
+          New conversation <span style="font-size:10px;opacity:.5;margin-left:4px">&#8984;K</span>
+        </button>
+      </div>
+      <div class="session-search"><input id="sessionSearch" placeholder="Filter conversations..." oninput="filterSessions()"></div>
+      <div class="session-list" id="sessionList"></div>
+    </div>
+    <!-- Tasks (cron) panel -->
+    <div class="panel-view" id="panelTasks">
+      <div class="sidebar-section" style="padding-bottom:4px;display:flex;align-items:center;justify-content:space-between">
+        <div style="font-size:11px;color:var(--muted)">Scheduled jobs</div>
+        <button class="cron-btn run" style="padding:3px 8px;font-size:10px" onclick="toggleCronForm()">+ New job</button>
+      </div>
+      <!-- Create job form (hidden by default) -->
+      <div id="cronCreateForm" style="display:none;padding:8px 12px;border-bottom:1px solid var(--border);flex-shrink:0">
+        <input id="cronFormName" placeholder="Job name (optional)" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;margin-bottom:6px">
+        <input id="cronFormSchedule" placeholder="Schedule: '0 9 * * *' or 'every 1h'" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;margin-bottom:6px">
+        <textarea id="cronFormPrompt" rows="3" placeholder="Prompt (must be self-contained)" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;resize:none;font-family:inherit;margin-bottom:6px"></textarea>
+        <select id="cronFormDeliver" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;margin-bottom:8px">
+          <option value="local">Local (save output only)</option>
+          <option value="discord">Discord</option>
+          <option value="telegram">Telegram</option>
+        </select>
+        <div style="display:flex;gap:6px">
+          <button class="cron-btn run" style="flex:1" onclick="submitCronCreate()">Create job</button>
+          <button class="cron-btn" style="flex:1" onclick="toggleCronForm()">Cancel</button>
+        </div>
+        <div id="cronFormError" style="font-size:11px;color:var(--accent);margin-top:6px;display:none"></div>
+      </div>
+      <div class="cron-list" id="cronList"><div style="padding:12px;color:var(--muted);font-size:12px">Loading...</div></div>
+    </div>
+    <!-- Skills panel -->
+    <div class="panel-view" id="panelSkills">
+      <div class="sidebar-section" style="padding-bottom:4px;display:flex;align-items:center;justify-content:space-between">
+        <div class="skills-search" style="flex:1;padding:0"><input id="skillsSearch" placeholder="Search skills..." oninput="filterSkills()"></div>
+        <button class="cron-btn run" style="padding:3px 8px;font-size:10px;flex-shrink:0;margin-left:6px" onclick="toggleSkillForm()">+ New skill</button>
+      </div>
+      <!-- Skill create/edit form (hidden by default) -->
+      <div id="skillCreateForm" style="display:none;padding:8px 12px;border-bottom:1px solid var(--border);flex-shrink:0">
+        <input id="skillFormName" placeholder="Skill name (e.g. my-skill)" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;margin-bottom:6px;box-sizing:border-box">
+        <input id="skillFormCategory" placeholder="Category (optional, e.g. devops)" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;margin-bottom:6px;box-sizing:border-box">
+        <textarea id="skillFormContent" rows="6" placeholder="SKILL.md content (YAML frontmatter + markdown body)" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;resize:vertical;font-family:'SF Mono',ui-monospace,monospace;margin-bottom:6px;box-sizing:border-box"></textarea>
+        <div style="display:flex;gap:6px">
+          <button class="cron-btn run" style="flex:1" onclick="submitSkillSave()">Save skill</button>
+          <button class="cron-btn" style="flex:1" onclick="toggleSkillForm()">Cancel</button>
+        </div>
+        <div id="skillFormError" style="font-size:11px;color:var(--accent);margin-top:6px;display:none"></div>
+      </div>
+      <div class="skills-list" id="skillsList"><div style="padding:12px;color:var(--muted);font-size:12px">Loading...</div></div>
+    </div>
+    <!-- Memory panel -->
+    <div class="panel-view" id="panelMemory">
+      <div style="padding:8px 12px 4px;display:flex;align-items:center;justify-content:space-between;flex-shrink:0">
+        <span style="font-size:11px;color:var(--muted)">Personal memory</span>
+        <button class="cron-btn run" id="memEditBtn" style="padding:3px 8px;font-size:10px" onclick="toggleMemoryEdit()">&#9998; Edit</button>
+      </div>
+      <div class="memory-panel" id="memoryPanel"><div style="color:var(--muted);font-size:12px">Loading...</div></div>
+      <!-- Memory edit form (hidden by default) -->
+      <div id="memoryEditForm" style="display:none;padding:8px 12px;border-top:1px solid var(--border);flex-shrink:0">
+        <div style="font-size:11px;color:var(--muted);margin-bottom:4px">Editing: <span id="memEditSection">memory</span></div>
+        <textarea id="memEditContent" rows="10" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:11px;outline:none;resize:vertical;font-family:'SF Mono',ui-monospace,monospace;box-sizing:border-box;margin-bottom:6px;line-height:1.5"></textarea>
+        <div style="display:flex;gap:6px">
+          <button class="cron-btn run" style="flex:1" onclick="submitMemorySave()">Save</button>
+          <button class="cron-btn" style="flex:1" onclick="closeMemoryEdit()">Cancel</button>
+        </div>
+        <div id="memEditError" style="font-size:11px;color:var(--accent);margin-top:6px;display:none"></div>
+      </div>
+    </div>
+    <!-- Todo panel -->
+    <div class="panel-view" id="panelTodos">
+      <div style="padding:10px 12px 4px;font-size:11px;color:var(--muted);flex-shrink:0">Current task list</div>
+      <div id="todoPanel" style="flex:1;overflow-y:auto;padding:8px 12px"></div>
+    </div>
+    <!-- Workspaces panel -->
+    <div class="panel-view" id="panelWorkspaces">
+      <div style="padding:10px 12px 4px;font-size:11px;color:var(--muted)">Add and switch workspaces for your sessions.</div>
+      <div style="flex:1;overflow-y:auto;padding:0 12px 12px" id="workspacesPanel"><div style="color:var(--muted);font-size:12px">Loading...</div></div>
+    </div>
+    <div class="sidebar-bottom">
+      <div class="field-label" style="font-size:10px;letter-spacing:.07em;margin-bottom:4px">MODEL</div>
+      <select id="modelSelect">
+        <optgroup label="OpenAI">
+          <option value="openai/gpt-5.4-mini">GPT-5.4 Mini</option>
+          <option value="openai/gpt-4o">GPT-4o</option>
+          <option value="openai/o3">o3</option>
+          <option value="openai/o4-mini">o4-mini</option>
+        </optgroup>
+        <optgroup label="Anthropic">
+          <option value="anthropic/claude-sonnet-4.6">Claude Sonnet 4.6</option>
+          <option value="anthropic/claude-sonnet-4-5">Claude Sonnet 4.5</option>
+          <option value="anthropic/claude-haiku-3-5">Claude Haiku 3.5</option>
+        </optgroup>
+        <optgroup label="Other">
+          <option value="google/gemini-2.5-pro">Gemini 2.5 Pro</option>
+          <option value="deepseek/deepseek-chat-v3-0324">DeepSeek V3</option>
+          <option value="meta-llama/llama-4-scout">Llama 4 Scout</option>
+        </optgroup>
+      </select>
+      <div id="sidebarWsDisplay" style="display:flex;align-items:center;gap:7px;padding:0 0 8px;cursor:pointer;border-radius:8px;transition:background .15s" onclick="toggleWsDropdown()" title="Switch workspace">
+        <span style="font-size:14px;opacity:.7">&#128193;</span>
+        <div style="min-width:0;flex:1">
+          <div style="font-size:11px;font-weight:600;color:var(--text);overflow:hidden;text-overflow:ellipsis;white-space:nowrap" id="sidebarWsName">Workspace</div>
+          <div style="font-size:10px;color:var(--muted);overflow:hidden;text-overflow:ellipsis;white-space:nowrap;margin-top:1px" id="sidebarWsPath"></div>
+        </div>
+        <span style="font-size:10px;color:var(--muted);flex-shrink:0">&#9662;</span>
+      </div>
+      <div class="sidebar-actions">
+        <button class="sm-btn" id="btnDownload" title="Download as Markdown">&#8595; Transcript</button>
+        <button class="sm-btn" id="btnExportJSON" title="Export full session as JSON">&#10092;/&#10093; JSON</button>
+      </div>
+    </div>
+  <div class="resize-handle" id="sidebarResize"></div>
+  </aside>
+  <main class="main">
+    <div class="topbar">
+      <div style="flex:1;min-width:0;overflow:hidden"><div class="topbar-title" id="topbarTitle">Hermes</div><div class="topbar-meta" id="topbarMeta">Start a new conversation</div></div>
+      <div class="topbar-chips">
+        <div class="chip model" id="modelChip">GPT-5.4 Mini</div>
+        <div id="wsChipWrap" style="position:relative">
+          <div class="chip ws-chip" id="wsChip" onclick="toggleWsDropdown()" title="Switch workspace" style="cursor:pointer">&#128193; test-workspace &#9662;</div>
+          <div class="ws-dropdown" id="wsDropdown"></div>
+        </div>
+        <button class="chip clear-btn" id="btnClearConv" onclick="clearConversation()" title="Clear all messages in this conversation" style="display:none">&#128465; Clear</button>
+      </div>
+    </div>
+    <div class="messages" id="messages">
+      <div class="empty-state" id="emptyState">
+        <div class="empty-logo">🦉</div>
+        <h2>What can I help with?</h2>
+        <p>Ask anything, run commands, explore files, or manage your scheduled tasks.</p>
+        <div class="suggestion-grid">
+          <button class="suggestion" data-msg="What files are in this workspace?">📁 What files are in this workspace?</button>
+          <button class="suggestion" data-msg="What's on my schedule today?">📋 What's on my schedule today?</button>
+          <button class="suggestion" data-msg="Help me plan a small project.">🗺 Help me plan a small project.</button>
+        </div>
+      </div>
+      <div class="messages-inner" id="msgInner"></div>
+      <div id="liveToolCards" style="display:none;max-width:800px;margin:0 auto;width:100%;padding:0 24px;"></div>
+    </div>
+    <div class="reconnect-banner" id="reconnectBanner">
+      <span id="reconnectMsg">&#9888; A response may have been in progress when you last left. Reload messages?</span>
+      <div style="display:flex;gap:8px;flex-shrink:0">
+        <button class="reconnect-btn" onclick="dismissReconnect()">Dismiss</button>
+        <button class="reconnect-btn" onclick="refreshSession()">&#8635; Reload</button>
+      </div>
+    </div>
+    <div class="approval-card" id="approvalCard">
+      <div class="approval-inner">
+        <div class="approval-header">
+          <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"/><line x1="12" y1="9" x2="12" y2="13"/><line x1="12" y1="17" x2="12.01" y2="17"/></svg>
+          Dangerous command — approval required
+        </div>
+        <div class="approval-desc" id="approvalDesc"></div>
+        <div class="approval-cmd" id="approvalCmd"></div>
+        <div class="approval-btns">
+          <button class="approval-btn once" onclick="respondApproval('once')">&#10003; Allow once</button>
+          <button class="approval-btn session" onclick="respondApproval('session')">&#128274; Allow this session</button>
+          <button class="approval-btn always" onclick="respondApproval('always')">&#9734; Always allow</button>
+          <button class="approval-btn deny" onclick="respondApproval('deny')">&#10005; Deny</button>
+        </div>
+      </div>
+    </div>
+    <!-- Activity bar: shows tool progress / status above composer (not inside input) -->
+    <div id="activityBar" style="display:none;max-width:800px;margin:0 auto;width:100%;padding:0 24px;">
+      <div id="activityBarInner" style="display:flex;align-items:center;gap:8px;padding:6px 12px;border-radius:8px;background:rgba(255,255,255,.04);border:1px solid rgba(255,255,255,.07);font-size:12px;color:var(--muted);animation:fadeIn .15s ease;">
+        <span id="activityIcon" style="font-size:13px;opacity:.6">&#9881;</span>
+        <span id="activityText" style="flex:1;overflow:hidden;text-overflow:ellipsis;white-space:nowrap"></span>
+        <button id="btnCancel" onclick="cancelStream()" style="display:none;background:rgba(233,69,96,.12);border:1px solid rgba(233,69,96,.35);color:#e94560;font-size:11px;font-weight:600;padding:3px 10px;border-radius:6px;cursor:pointer;flex-shrink:0;transition:background .15s" title="Cancel this task">&#9632; Cancel</button>
+        <button id="btnDismissStatus" onclick="setStatus('')" style="display:none;background:none;border:none;color:var(--muted);font-size:14px;line-height:1;cursor:pointer;padding:0 2px;opacity:.5;flex-shrink:0" title="Dismiss">&#x2715;</button>
+        <span id="activityDots" style="display:flex;gap:3px;align-items:center">
+          <span style="width:4px;height:4px;border-radius:50%;background:var(--blue);opacity:.3;animation:pulse 1.4s ease-in-out infinite"></span>
+          <span style="width:4px;height:4px;border-radius:50%;background:var(--blue);opacity:.3;animation:pulse 1.4s ease-in-out .22s infinite"></span>
+          <span style="width:4px;height:4px;border-radius:50%;background:var(--blue);opacity:.3;animation:pulse 1.4s ease-in-out .44s infinite"></span>
+        </span>
+      </div>
+    </div>
+    <div class="composer-wrap" id="composerWrap">
+      <div class="composer-box" id="composerBox">
+        <div class="drop-hint" id="dropHint">
+          <svg width="28" height="28" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5"><path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/><polyline points="17 8 12 3 7 8"/><line x1="12" y1="3" x2="12" y2="15"/></svg>
+          Drop files to upload to workspace
+        </div>
+        <div class="attach-tray" id="attachTray"></div>
+        <textarea id="msg" rows="1" placeholder="Message Hermes…"></textarea>
+        <div class="composer-footer">
+          <div class="composer-left">
+            <input type="file" id="fileInput" multiple accept="image/*,text/*,application/pdf,application/json,.md,.py,.js,.ts,.yaml,.yml,.toml,.csv,.sh,.txt,.log,.env" style="display:none">
+            <button class="icon-btn" id="btnAttach" title="Attach files">
+              <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M21.44 11.05l-9.19 9.19a6 6 0 0 1-8.49-8.49l9.19-9.19a4 4 0 0 1 5.66 5.66l-9.2 9.19a2 2 0 0 1-2.83-2.83l8.49-8.48"/></svg>
+            </button>
+          </div>
+          <div class="composer-right">
+            <button class="send-btn" id="btnSend">
+              <svg width="14" height="14" viewBox="0 0 24 24" fill="currentColor"><path d="M2.01 21L23 12 2.01 3 2 10l15 2-15 2z"/></svg>
+              Send
+            </button>
+          </div>
+        </div>
+        <div class="upload-bar-wrap" id="uploadBarWrap"><div class="upload-bar" id="uploadBar"></div></div>
+      </div>
+    </div>
+  </main>
+  <aside class="rightpanel">
+    <div class="resize-handle" id="rightpanelResize"></div>
+    <div class="panel-header">
+      <span>Workspace</span>
+      <div class="panel-actions">
+        <button class="panel-icon-btn" id="btnNewFile" title="New file" onclick="promptNewFile()">&#43;</button>
+        <button class="panel-icon-btn" id="btnRefreshPanel" title="Refresh" onclick="if(S.session)loadDir('.')">&#8635;</button>
+        <button class="panel-icon-btn close-preview" id="btnClearPreview" title="Close preview">&#10005;</button>
+      </div>
+    </div>
+    <div class="file-tree" id="fileTree"></div>
+    <div class="preview-area" id="previewArea">
+      <div class="preview-path" id="previewPath">
+        <span id="previewPathText"></span>
+        <span class="preview-badge" id="previewBadge"></span>
+        <button id="btnDownloadFile" class="panel-icon-btn" style="margin-left:auto;font-size:12px;width:auto;padding:2px 8px" onclick="downloadFile(_previewCurrentPath)" title="Download file to your computer">&#8681; Download</button>
+        <button id="btnEditFile" class="panel-icon-btn" style="font-size:12px;width:auto;padding:2px 8px;display:none" onclick="toggleEditMode()">&#9998; Edit</button>
+      </div>
+      <pre class="preview-code" id="previewCode"></pre>
+      <div class="preview-img-wrap" id="previewImgWrap" style="display:none"><img class="preview-img" id="previewImg" src="" alt=""></div>
+      <div class="preview-md" id="previewMd" style="display:none"></div>
+      <textarea id="previewEditArea" style="display:none;flex:1;width:100%;background:var(--code-bg);color:#e2e8f0;border:1px solid var(--border2);border-radius:8px;padding:12px;font-family:'SF Mono',ui-monospace,monospace;font-size:12px;line-height:1.6;resize:none;outline:none" oninput="_previewDirty=true;updateEditBtn()"></textarea>
+    </div>
+  </aside>
+</div>
+<div class="toast" id="toast"></div>
+<script src="/static/ui.js"></script>
+<script src="/static/workspace.js"></script>
+<script src="/static/sessions.js"></script>
+<script src="/static/messages.js"></script>
+<script src="/static/panels.js"></script>
+<script src="/static/boot.js"></script>
+</body>
+</html>
\ No newline at end of file
diff --git a/static/messages.js b/static/messages.js
new file mode 100644
index 0000000..31a619a
--- /dev/null
+++ b/static/messages.js
@@ -0,0 +1,310 @@
+async function send(){
+  const text=$('msg').value.trim();
+  if(!text&&!S.pendingFiles.length)return;
+  // Don't send while an inline message edit is active
+  if(document.querySelector('.msg-edit-area'))return;
+  // If busy, queue the message instead of dropping it
+  if(S.busy){
+    if(text){
+      MSG_QUEUE.push(text);
+      $('msg').value='';autoResize();
+      updateQueueBadge();
+      showToast(`Queued: "${text.slice(0,40)}${text.length>40?'\u2026':''}"`,2000);
+    }
+    return;
+  }
+  if(!S.session){await newSession();await renderSessionList();}
+
+  const activeSid=S.session.session_id;
+
+  setStatus(S.pendingFiles&&S.pendingFiles.length?'Uploading…':'Sending…');
+  let uploaded=[];
+  try{uploaded=await uploadPendingFiles();}
+  catch(e){if(!text){setStatus(`❌ ${e.message}`);return;}}
+
+  let msgText=text;
+  if(uploaded.length&&!msgText)msgText=`I've uploaded ${uploaded.length} file(s): ${uploaded.join(', ')}`;
+  else if(uploaded.length)msgText=`${text}\n\n[Attached files: ${uploaded.join(', ')}]`;
+  if(!msgText){setStatus('Nothing to send');return;}
+
+  $('msg').value='';autoResize();
+  const displayText=text||(uploaded.length?`Uploaded: ${uploaded.join(', ')}`:'(file upload)');
+  const userMsg={role:'user',content:displayText,attachments:uploaded.length?uploaded:undefined};
+  S.toolCalls=[];  // clear tool calls from previous turn
+  clearLiveToolCards();  // clear any leftover live cards from last turn
+  S.messages.push(userMsg);renderMessages();appendThinking();setBusy(true);  // activity bar shown via setBusy
+  INFLIGHT[activeSid]={messages:[...S.messages],uploaded};
+  startApprovalPolling(activeSid);
+  S.activeStreamId = null;  // will be set after stream starts
+
+  // Set provisional title from user message immediately so session appears
+  // in the sidebar right away with a meaningful name (server may refine later)
+  if(S.session&&(S.session.title==='Untitled'||!S.session.title)){
+    const provisionalTitle=displayText.slice(0,64);
+    S.session.title=provisionalTitle;
+    syncTopbar();
+    // Persist it and refresh the sidebar now -- don't wait for done
+    api('/api/session/rename',{method:'POST',body:JSON.stringify({
+      session_id:activeSid, title:provisionalTitle
+    })}).catch(()=>{});  // fire-and-forget, server refines on done
+    renderSessionList();  // session appears in sidebar immediately
+  } else {
+    renderSessionList();  // ensure it's visible even if already titled
+  }
+
+  // Start the agent via POST, get a stream_id back
+  let streamId;
+  try{
+    const startData=await api('/api/chat/start',{method:'POST',body:JSON.stringify({
+      session_id:activeSid,message:msgText,
+      model:S.session.model||$('modelSelect').value,workspace:S.session.workspace,
+      attachments:uploaded.length?uploaded:undefined
+    })});
+    streamId=startData.stream_id;
+    S.activeStreamId = streamId;
+    markInflight(activeSid, streamId);
+    // Show Cancel button
+    const cancelBtn=$('btnCancel');
+    if(cancelBtn) cancelBtn.style.display='';
+  }catch(e){
+    delete INFLIGHT[activeSid];
+    stopApprovalPolling();
+    // Only hide approval card if it belongs to the session that just finished
+    if(!_approvalSessionId || _approvalSessionId===activeSid) hideApprovalCard();removeThinking();
+    S.messages.push({role:'assistant',content:`**Error:** ${e.message}`});
+    renderMessages();setBusy(false);setStatus('Error: '+e.message);
+    return;
+  }
+
+  // Open SSE stream and render tokens live
+  let assistantText='';
+  let assistantRow=null;
+  let assistantBody=null;
+
+  function ensureAssistantRow(){
+    if(assistantRow)return;
+    removeThinking();
+    const tr=$('toolRunningRow');if(tr)tr.remove();
+    $('emptyState').style.display='none';
+    assistantRow=document.createElement('div');assistantRow.className='msg-row';
+    assistantBody=document.createElement('div');assistantBody.className='msg-body';
+    const role=document.createElement('div');role.className='msg-role assistant';
+    const icon=document.createElement('div');icon.className='role-icon assistant';icon.textContent='H';
+    const lbl=document.createElement('span');lbl.style.fontSize='12px';lbl.textContent='Hermes';
+    role.appendChild(icon);role.appendChild(lbl);
+    assistantRow.appendChild(role);assistantRow.appendChild(assistantBody);
+    $('msgInner').appendChild(assistantRow);
+  }
+
+  const es=new EventSource(`/api/chat/stream?stream_id=${encodeURIComponent(streamId)}`);
+
+  es.addEventListener('token',e=>{
+    // Guard: if the user switched sessions, don't write tokens to the wrong DOM
+    if(!S.session||S.session.session_id!==activeSid) return;
+    const d=JSON.parse(e.data);
+    assistantText+=d.text;
+    ensureAssistantRow();
+    assistantBody.innerHTML=renderMd(assistantText);
+    $('messages').scrollTop=$('messages').scrollHeight;
+  });
+
+  es.addEventListener('tool',e=>{
+    const d=JSON.parse(e.data);
+    // Only update activity bar if viewing this session
+    if(S.session&&S.session.session_id===activeSid){
+      setStatus(`${d.name}${d.preview?' · '+d.preview.slice(0,55):''}`);
+    }
+    if(!S.session||S.session.session_id!==activeSid) return;
+    removeThinking();
+    const oldRow=$('toolRunningRow');if(oldRow)oldRow.remove();
+    // Append card to the stable live container -- no renderMessages() call
+    const tc={name:d.name, preview:d.preview||'', args:d.args||{}, snippet:'', done:false};
+    S.toolCalls.push(tc);
+    appendLiveToolCard(tc);
+    $('messages').scrollTop=$('messages').scrollHeight;
+  });
+
+  es.addEventListener('approval',e=>{
+    const d=JSON.parse(e.data);
+    // Tag the approval with the session that owns it so respondApproval uses correct sid
+    d._session_id=activeSid;
+    showApprovalCard(d);
+  });
+
+  es.addEventListener('done',e=>{
+    es.close();
+    const d=JSON.parse(e.data);
+    delete INFLIGHT[activeSid];
+    clearInflight();
+    stopApprovalPolling();
+    // Only hide approval card if it belongs to the session that just finished
+    if(!_approvalSessionId || _approvalSessionId===activeSid) hideApprovalCard();
+    // Only clear active stream state if this is the currently viewed session
+    if(S.session&&S.session.session_id===activeSid){
+      S.activeStreamId=null;
+      const _cb=$('btnCancel');if(_cb)_cb.style.display='none';
+    }
+    if(S.session&&S.session.session_id===activeSid){
+      S.session=d.session;S.messages=d.session.messages||[];
+      // Populate tool calls from server-extracted metadata (has snippets)
+      if(d.session.tool_calls&&d.session.tool_calls.length){
+        S.toolCalls=d.session.tool_calls.map(tc=>({...tc,done:true}));
+      } else {
+        S.toolCalls=S.toolCalls.map(tc=>({...tc,done:true}));
+      }
+      if(uploaded.length){
+        const lastUser=[...S.messages].reverse().find(m=>m.role==='user');
+        if(lastUser)lastUser.attachments=uploaded;
+      }
+      clearLiveToolCards();
+      // Set S.busy=false BEFORE renderMessages so the settled tool card
+      // block (!S.busy guard) can render the final grouped cards.
+      S.busy=false;
+      syncTopbar();renderMessages();loadDir('.');
+    }
+    renderSessionList();setBusy(false);setStatus('');
+  });
+
+  es.addEventListener('error',e=>{
+    es.close();
+    delete INFLIGHT[activeSid];
+    clearInflight();
+    stopApprovalPolling();
+    // Only hide approval card if it belongs to the session that just finished
+    if(!_approvalSessionId || _approvalSessionId===activeSid) hideApprovalCard();
+    if(S.session&&S.session.session_id===activeSid){
+      S.activeStreamId=null;
+      const _cbe=$('btnCancel');if(_cbe)_cbe.style.display='none';
+    }
+    let msg='Connection error';
+    try{const d=JSON.parse(e.data);msg=d.message||msg;}catch(_){}
+    if(S.session&&S.session.session_id===activeSid){
+      clearLiveToolCards();
+      if(!assistantText){removeThinking();}
+      S.messages.push({role:'assistant',content:`**Error:** ${msg}`});
+      renderMessages();
+    }
+    if(!S.session || !INFLIGHT[S.session.session_id]){
+      setBusy(false);setStatus('Error: '+msg);
+    }
+  });
+
+  es.addEventListener('cancel',e=>{
+    es.close();
+    delete INFLIGHT[activeSid];
+    clearInflight();
+    stopApprovalPolling();
+    // Only hide approval card if it belongs to the session that just finished
+    if(!_approvalSessionId || _approvalSessionId===activeSid) hideApprovalCard();
+    if(S.session&&S.session.session_id===activeSid){
+      S.activeStreamId=null;
+      const _cbc=$('btnCancel');if(_cbc)_cbc.style.display='none';
+    }
+    if(S.session&&S.session.session_id===activeSid){
+      clearLiveToolCards();
+      if(!assistantText){removeThinking();}
+      S.messages.push({role:'assistant',content:'*Task cancelled.*'});
+      renderMessages();
+    }
+    renderSessionList();
+    if(!S.session || !INFLIGHT[S.session.session_id]){
+      setBusy(false);setStatus('');
+    }
+  });
+
+  // Handle SSE connection errors (network drop etc)
+  es.onerror=()=>{
+    if(es.readyState===EventSource.CLOSED){
+      delete INFLIGHT[activeSid];
+      stopApprovalPolling();
+    // Only hide approval card if it belongs to the session that just finished
+    if(!_approvalSessionId || _approvalSessionId===activeSid) hideApprovalCard();
+      if(S.session&&S.session.session_id===activeSid){
+        S.activeStreamId=null;
+        const _cbo=$('btnCancel');if(_cbo)_cbo.style.display='none';
+      }
+      if(!assistantText&&S.session&&S.session.session_id===activeSid){
+        removeThinking();
+        S.messages.push({role:'assistant',content:'**Error:** Connection lost'});
+        renderMessages();
+      }
+      if(!S.session || !INFLIGHT[S.session.session_id]){
+        setBusy(false);setStatus('');
+      }
+    }
+  };
+}
+
+function transcript(){
+  const lines=[`# Hermes session ${S.session?.session_id||''}`,``,
+    `Workspace: ${S.session?.workspace||''}`,`Model: ${S.session?.model||''}`,``];
+  for(const m of S.messages){
+    if(!m||m.role==='tool')continue;
+    let c=m.content||'';
+    if(Array.isArray(c))c=c.filter(p=>p&&p.type==='text').map(p=>p.text||'').join('\n');
+    const ct=String(c).trim();
+    if(!ct&&!m.attachments?.length)continue;
+    const attach=m.attachments?.length?`\n\n_Files: ${m.attachments.join(', ')}_`:'';
+    lines.push(`## ${m.role}`,'',ct+attach,'');
+  }
+  return lines.join('\n');
+}
+
+function autoResize(){const el=$('msg');el.style.height='auto';el.style.height=Math.min(el.scrollHeight,200)+'px';}
+
+
+// ── Approval polling ──
+let _approvalPollTimer = null;
+
+// showApprovalCard moved above respondApproval
+
+function hideApprovalCard() {
+  $("approvalCard").classList.remove("visible");
+  $("approvalCmd").textContent = "";
+  $("approvalDesc").textContent = "";
+}
+
+// Track session_id of the active approval so respond goes to the right session
+let _approvalSessionId = null;
+
+function showApprovalCard(pending) {
+  $("approvalDesc").textContent = pending.description || "";
+  $("approvalCmd").textContent = pending.command || "";
+  const keys = pending.pattern_keys || (pending.pattern_key ? [pending.pattern_key] : []);
+  $("approvalDesc").textContent = (pending.description || "") + (keys.length ? " [" + keys.join(", ") + "]" : "");
+  _approvalSessionId = pending._session_id || (S.session && S.session.session_id) || null;
+  $("approvalCard").classList.add("visible");
+}
+
+async function respondApproval(choice) {
+  const sid = _approvalSessionId || (S.session && S.session.session_id);
+  if (!sid) return;
+  hideApprovalCard();
+  _approvalSessionId = null;
+  try {
+    await api("/api/approval/respond", {
+      method: "POST",
+      body: JSON.stringify({ session_id: sid, choice })
+    });
+  } catch(e) { setStatus("Approval error: " + e.message); }
+}
+
+function startApprovalPolling(sid) {
+  stopApprovalPolling();
+  _approvalPollTimer = setInterval(async () => {
+    if (!S.busy || !S.session || S.session.session_id !== sid) {
+      stopApprovalPolling(); hideApprovalCard(); return;
+    }
+    try {
+      const data = await api("/api/approval/pending?session_id=" + encodeURIComponent(sid));
+      if (data.pending) { data.pending._session_id=sid; showApprovalCard(data.pending); }
+      else { hideApprovalCard(); }
+    } catch(e) { /* ignore poll errors */ }
+  }, 1500);
+}
+
+function stopApprovalPolling() {
+  if (_approvalPollTimer) { clearInterval(_approvalPollTimer); _approvalPollTimer = null; }
+}
+// ── Panel navigation (Chat / Tasks / Skills / Memory) ──
+
diff --git a/static/panels.js b/static/panels.js
new file mode 100644
index 0000000..cf36959
--- /dev/null
+++ b/static/panels.js
@@ -0,0 +1,600 @@
+let _currentPanel = 'chat';
+let _skillsData = null; // cached skills list
+
+async function switchPanel(name) {
+  _currentPanel = name;
+  // Update nav tabs
+  document.querySelectorAll('.nav-tab').forEach(t => t.classList.toggle('active', t.dataset.panel === name));
+  // Update panel views
+  document.querySelectorAll('.panel-view').forEach(p => p.classList.remove('active'));
+  const panelEl = $('panel' + name.charAt(0).toUpperCase() + name.slice(1));
+  if (panelEl) panelEl.classList.add('active');
+  // Lazy-load panel data
+  if (name === 'tasks') await loadCrons();
+  if (name === 'skills') await loadSkills();
+  if (name === 'memory') await loadMemory();
+  if (name === 'workspaces') await loadWorkspacesPanel();
+  if (name === 'todos') loadTodos();
+}
+
+// ── Cron panel ──
+async function loadCrons() {
+  const box = $('cronList');
+  try {
+    const data = await api('/api/crons');
+    if (!data.jobs || !data.jobs.length) {
+      box.innerHTML = '<div style="padding:16px;color:var(--muted);font-size:12px">No scheduled jobs found.</div>';
+      return;
+    }
+    box.innerHTML = '';
+    for (const job of data.jobs) {
+      const item = document.createElement('div');
+      item.className = 'cron-item';
+      item.id = 'cron-' + job.id;
+      const statusClass = job.enabled === false ? 'disabled' : job.state === 'paused' ? 'paused' : job.last_status === 'error' ? 'error' : 'active';
+      const statusLabel = job.enabled === false ? 'off' : job.state === 'paused' ? 'paused' : job.last_status === 'error' ? 'error' : 'active';
+      const nextRun = job.next_run_at ? new Date(job.next_run_at).toLocaleString() : 'N/A';
+      const lastRun = job.last_run_at ? new Date(job.last_run_at).toLocaleString() : 'never';
+      item.innerHTML = `
+        <div class="cron-header" onclick="toggleCron('${job.id}')">
+          <span class="cron-name" title="${esc(job.name)}">${esc(job.name)}</span>
+          <span class="cron-status ${statusClass}">${statusLabel}</span>
+        </div>
+        <div class="cron-body" id="cron-body-${job.id}">
+          <div class="cron-schedule">&#128337; ${esc(job.schedule_display || job.schedule?.expression || '')} &nbsp;|&nbsp; Next: ${esc(nextRun)} &nbsp;|&nbsp; Last: ${esc(lastRun)}</div>
+          <div class="cron-prompt">${esc((job.prompt||'').slice(0,300))}${(job.prompt||'').length>300?'…':''}</div>
+          <div class="cron-actions">
+            <button class="cron-btn run" onclick="cronRun('${job.id}')">&#9654; Run now</button>
+            ${statusLabel==='paused'
+              ? `<button class="cron-btn" onclick="cronResume('${job.id}')">&#9654;&#9474; Resume</button>`
+              : `<button class="cron-btn pause" onclick="cronPause('${job.id}')">&#9646;&#9646; Pause</button>`}
+            <button class="cron-btn" onclick="cronEditOpen('${job.id}',${JSON.stringify(job).replace(/"/g,'&quot;')})">&#9998; Edit</button>
+            <button class="cron-btn" style="border-color:rgba(201,168,76,.3);color:var(--accent)" onclick="cronDelete('${job.id}')">&#128465; Delete</button>
+          </div>
+          <!-- Inline edit form, hidden by default -->
+          <div id="cron-edit-${job.id}" style="display:none;margin-top:8px;border-top:1px solid var(--border);padding-top:8px">
+            <input id="cron-edit-name-${job.id}" placeholder="Job name" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;margin-bottom:5px;box-sizing:border-box">
+            <input id="cron-edit-schedule-${job.id}" placeholder="Schedule" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;margin-bottom:5px;box-sizing:border-box">
+            <textarea id="cron-edit-prompt-${job.id}" rows="3" placeholder="Prompt" style="width:100%;background:rgba(255,255,255,.05);border:1px solid var(--border2);border-radius:6px;color:var(--text);padding:5px 8px;font-size:12px;outline:none;resize:none;font-family:inherit;margin-bottom:5px;box-sizing:border-box"></textarea>
+            <div id="cron-edit-err-${job.id}" style="font-size:11px;color:var(--accent);display:none;margin-bottom:5px"></div>
+            <div style="display:flex;gap:6px">
+              <button class="cron-btn run" style="flex:1" onclick="cronEditSave('${job.id}')">Save</button>
+              <button class="cron-btn" style="flex:1" onclick="cronEditClose('${job.id}')">Cancel</button>
+            </div>
+          </div>
+          <div id="cron-output-${job.id}">
+            <div class="cron-last-header" style="display:flex;align-items:center;justify-content:space-between">
+              <span>Last output</span>
+              <button class="cron-btn" style="padding:1px 8px;font-size:10px" onclick="loadCronHistory('${job.id}',this)">All runs</button>
+            </div>
+            <div class="cron-last" id="cron-out-text-${job.id}" style="color:var(--muted);font-size:11px">Loading…</div>
+            <div id="cron-history-${job.id}" style="display:none"></div>
+          </div>
+        </div>`;
+      box.appendChild(item);
+      // Eagerly load last output for visible items
+      loadCronOutput(job.id);
+    }
+  } catch(e) { box.innerHTML = `<div style="padding:12px;color:var(--accent);font-size:12px">Error: ${esc(e.message)}</div>`; }
+}
+
+function toggleCronForm(){
+  const form=$('cronCreateForm');
+  if(!form)return;
+  const open=form.style.display!=='none';
+  form.style.display=open?'none':'';
+  if(!open){
+    $('cronFormName').value='';
+    $('cronFormSchedule').value='';
+    $('cronFormPrompt').value='';
+    $('cronFormDeliver').value='local';
+    $('cronFormError').style.display='none';
+    $('cronFormName').focus();
+  }
+}
+
+async function submitCronCreate(){
+  const name=$('cronFormName').value.trim();
+  const schedule=$('cronFormSchedule').value.trim();
+  const prompt=$('cronFormPrompt').value.trim();
+  const deliver=$('cronFormDeliver').value;
+  const errEl=$('cronFormError');
+  errEl.style.display='none';
+  if(!schedule){errEl.textContent='Schedule is required (e.g. "0 9 * * *" or "every 1h")';errEl.style.display='';return;}
+  if(!prompt){errEl.textContent='Prompt is required';errEl.style.display='';return;}
+  try{
+    await api('/api/crons/create',{method:'POST',body:JSON.stringify({name:name||undefined,schedule,prompt,deliver})});
+    toggleCronForm();
+    showToast('Job created ✓');
+    await loadCrons();
+  }catch(e){
+    errEl.textContent='Error: '+e.message;errEl.style.display='';
+  }
+}
+
+function _cronOutputSnippet(content) {
+  // Extract the response body from a cron output .md file
+  const lines = content.split('\n');
+  const responseIdx = lines.findIndex(l => l.startsWith('## Response') || l.startsWith('# Response'));
+  const body = (responseIdx >= 0 ? lines.slice(responseIdx + 1) : lines).join('\n').trim();
+  return body.slice(0, 600) || '(empty)';
+}
+
+async function loadCronOutput(jobId) {
+  try {
+    const data = await api(`/api/crons/output?job_id=${encodeURIComponent(jobId)}&limit=1`);
+    const el = $('cron-out-text-' + jobId);
+    if (!el) return;
+    if (!data.outputs || !data.outputs.length) { el.textContent = '(no runs yet)'; return; }
+    const out = data.outputs[0];
+    const ts = out.filename.replace('.md','').replace(/_/g,' ');
+    el.textContent = ts + '\n\n' + _cronOutputSnippet(out.content);
+  } catch(e) { /* ignore */ }
+}
+
+async function loadCronHistory(jobId, btn) {
+  const histEl = $('cron-history-' + jobId);
+  if (!histEl) return;
+  // Toggle: if already open, close it
+  if (histEl.style.display !== 'none') {
+    histEl.style.display = 'none';
+    if (btn) btn.textContent = 'All runs';
+    return;
+  }
+  if (btn) btn.textContent = 'Loading…';
+  try {
+    const data = await api(`/api/crons/output?job_id=${encodeURIComponent(jobId)}&limit=20`);
+    if (!data.outputs || !data.outputs.length) {
+      histEl.innerHTML = '<div style="font-size:11px;color:var(--muted);padding:4px 0">(no runs yet)</div>';
+    } else {
+      histEl.innerHTML = data.outputs.map((out, i) => {
+        const ts = out.filename.replace('.md','').replace(/_/g,' ');
+        const snippet = _cronOutputSnippet(out.content);
+        const id = `cron-hist-run-${jobId}-${i}`;
+        return `<div style="border-top:1px solid var(--border);padding:6px 0">
+          <div style="display:flex;align-items:center;justify-content:space-between;cursor:pointer" onclick="document.getElementById('${id}').style.display=document.getElementById('${id}').style.display==='none'?'':'none'">
+            <span style="font-size:11px;font-weight:600;color:var(--muted)">${esc(ts)}</span>
+            <span style="font-size:10px;color:var(--muted);opacity:.6">▸</span>
+          </div>
+          <div id="${id}" style="display:none;font-size:11px;color:var(--muted);white-space:pre-wrap;line-height:1.5;margin-top:4px;max-height:200px;overflow-y:auto">${esc(snippet)}</div>
+        </div>`;
+      }).join('');
+    }
+    histEl.style.display = '';
+    if (btn) btn.textContent = 'Hide runs';
+  } catch(e) {
+    if (btn) btn.textContent = 'All runs';
+  }
+}
+
+function toggleCron(id) {
+  const body = $('cron-body-' + id);
+  if (body) body.classList.toggle('open');
+}
+
+async function cronRun(id) {
+  try {
+    await api('/api/crons/run', {method:'POST', body: JSON.stringify({job_id: id})});
+    showToast('Job triggered ✓');
+    setTimeout(() => loadCronOutput(id), 5000);
+  } catch(e) { showToast('Run failed: ' + e.message, 4000); }
+}
+
+async function cronPause(id) {
+  try {
+    await api('/api/crons/pause', {method:'POST', body: JSON.stringify({job_id: id})});
+    showToast('Job paused');
+    await loadCrons();
+  } catch(e) { showToast('Pause failed: ' + e.message, 4000); }
+}
+
+async function cronResume(id) {
+  try {
+    await api('/api/crons/resume', {method:'POST', body: JSON.stringify({job_id: id})});
+    showToast('Job resumed ✓');
+    await loadCrons();
+  } catch(e) { showToast('Resume failed: ' + e.message, 4000); }
+}
+
+function cronEditOpen(id, job) {
+  const form = $('cron-edit-' + id);
+  if (!form) return;
+  $('cron-edit-name-' + id).value = job.name || '';
+  $('cron-edit-schedule-' + id).value = job.schedule_display || (job.schedule && job.schedule.expression) || job.schedule || '';
+  $('cron-edit-prompt-' + id).value = job.prompt || '';
+  const errEl = $('cron-edit-err-' + id);
+  if (errEl) errEl.style.display = 'none';
+  form.style.display = '';
+}
+
+function cronEditClose(id) {
+  const form = $('cron-edit-' + id);
+  if (form) form.style.display = 'none';
+}
+
+async function cronEditSave(id) {
+  const name = $('cron-edit-name-' + id).value.trim();
+  const schedule = $('cron-edit-schedule-' + id).value.trim();
+  const prompt = $('cron-edit-prompt-' + id).value.trim();
+  const errEl = $('cron-edit-err-' + id);
+  if (!schedule) { errEl.textContent = 'Schedule is required'; errEl.style.display = ''; return; }
+  if (!prompt) { errEl.textContent = 'Prompt is required'; errEl.style.display = ''; return; }
+  try {
+    const updates = {job_id: id, schedule, prompt};
+    if (name) updates.name = name;
+    await api('/api/crons/update', {method:'POST', body: JSON.stringify(updates)});
+    showToast('Job updated ✓');
+    await loadCrons();
+  } catch(e) { errEl.textContent = 'Error: ' + e.message; errEl.style.display = ''; }
+}
+
+async function cronDelete(id) {
+  if (!confirm('Delete this cron job? This cannot be undone.')) return;
+  try {
+    await api('/api/crons/delete', {method:'POST', body: JSON.stringify({job_id: id})});
+    showToast('Job deleted');
+    await loadCrons();
+  } catch(e) { showToast('Delete failed: ' + e.message, 4000); }
+}
+
+function loadTodos() {
+  const panel = $('todoPanel');
+  if (!panel) return;
+  // Parse the most recent todo state from message history
+  let todos = [];
+  for (let i = S.messages.length - 1; i >= 0; i--) {
+    const m = S.messages[i];
+    if (m && m.role === 'tool') {
+      try {
+        const d = JSON.parse(typeof m.content === 'string' ? m.content : JSON.stringify(m.content));
+        if (d && Array.isArray(d.todos) && d.todos.length) {
+          todos = d.todos;
+          break;
+        }
+      } catch(e) {}
+    }
+  }
+  if (!todos.length) {
+    panel.innerHTML = '<div style="color:var(--muted);font-size:12px;padding:4px 0">No active task list in this session.</div>';
+    return;
+  }
+  const statusIcon = {pending:'○', in_progress:'◉', completed:'✓', cancelled:'✗'};
+  const statusColor = {pending:'var(--muted)', in_progress:'var(--blue)', completed:'rgba(100,200,100,.8)', cancelled:'rgba(200,100,100,.5)'};
+  panel.innerHTML = todos.map(t => `
+    <div style="display:flex;align-items:flex-start;gap:10px;padding:6px 0;border-bottom:1px solid var(--border);">
+      <span style="font-size:14px;flex-shrink:0;margin-top:1px;color:${statusColor[t.status]||'var(--muted)'}">${statusIcon[t.status]||'○'}</span>
+      <div style="flex:1;min-width:0">
+        <div style="font-size:13px;color:${t.status==='completed'?'var(--muted)':t.status==='in_progress'?'var(--text)':'var(--text)'};${t.status==='completed'?'text-decoration:line-through;opacity:.5':''};line-height:1.4">${esc(t.content)}</div>
+        <div style="font-size:10px;color:var(--muted);margin-top:2px;opacity:.6">${esc(t.id)} · ${esc(t.status)}</div>
+      </div>
+    </div>`).join('');
+}
+
+async function clearConversation() {
+  if(!S.session) return;
+  if(!confirm('Clear all messages in this conversation? This cannot be undone.')) return;
+  try {
+    const data = await api('/api/session/clear', {method:'POST',
+      body: JSON.stringify({session_id: S.session.session_id})});
+    S.session = data.session;
+    S.messages = [];
+    S.toolCalls = [];
+    syncTopbar();
+    renderMessages();
+    showToast('Conversation cleared');
+  } catch(e) { setStatus('Clear failed: ' + e.message); }
+}
+
+// ── Skills panel ──
+async function loadSkills() {
+  if (_skillsData) { renderSkills(_skillsData); return; }
+  const box = $('skillsList');
+  try {
+    const data = await api('/api/skills');
+    _skillsData = data.skills || [];
+    renderSkills(_skillsData);
+  } catch(e) { box.innerHTML = `<div style="padding:12px;color:var(--accent);font-size:12px">Error: ${esc(e.message)}</div>`; }
+}
+
+function renderSkills(skills) {
+  const query = ($('skillsSearch').value || '').toLowerCase();
+  const filtered = query ? skills.filter(s =>
+    (s.name||'').toLowerCase().includes(query) ||
+    (s.description||'').toLowerCase().includes(query) ||
+    (s.category||'').toLowerCase().includes(query)
+  ) : skills;
+  // Group by category
+  const cats = {};
+  for (const s of filtered) {
+    const cat = s.category || '(general)';
+    if (!cats[cat]) cats[cat] = [];
+    cats[cat].push(s);
+  }
+  const box = $('skillsList');
+  box.innerHTML = '';
+  if (!filtered.length) { box.innerHTML = '<div style="padding:12px;color:var(--muted);font-size:12px">No skills match.</div>'; return; }
+  for (const [cat, items] of Object.entries(cats).sort()) {
+    const sec = document.createElement('div');
+    sec.className = 'skills-category';
+    sec.innerHTML = `<div class="skills-cat-header">&#128193; ${esc(cat)} <span style="opacity:.5">(${items.length})</span></div>`;
+    for (const skill of items.sort((a,b) => a.name.localeCompare(b.name))) {
+      const el = document.createElement('div');
+      el.className = 'skill-item';
+      el.innerHTML = `<span class="skill-name">${esc(skill.name)}</span><span class="skill-desc">${esc(skill.description||'')}</span>`;
+      el.onclick = () => openSkill(skill.name, el);
+      sec.appendChild(el);
+    }
+    box.appendChild(sec);
+  }
+}
+
+function filterSkills() {
+  if (_skillsData) renderSkills(_skillsData);
+}
+
+async function openSkill(name, el) {
+  // Highlight active skill
+  document.querySelectorAll('.skill-item').forEach(e => e.classList.remove('active'));
+  if (el) el.classList.add('active');
+  try {
+    const data = await api(`/api/skills/content?name=${encodeURIComponent(name)}`);
+    // Show skill content in right panel preview
+    $('previewPathText').textContent = name + '.md';
+    $('previewBadge').textContent = 'skill';
+    $('previewBadge').className = 'preview-badge md';
+    showPreview('md');
+    $('previewMd').innerHTML = renderMd(data.content || '(no content)');
+    $('previewArea').classList.add('visible');
+    $('fileTree').style.display = 'none';
+  } catch(e) { setStatus('Could not load skill: ' + e.message); }
+}
+
+// ── Skill create/edit form ──
+let _editingSkillName = null;
+
+function toggleSkillForm(prefillName, prefillCategory, prefillContent) {
+  const form = $('skillCreateForm');
+  if (!form) return;
+  const open = form.style.display !== 'none';
+  if (open) { form.style.display = 'none'; _editingSkillName = null; return; }
+  $('skillFormName').value = prefillName || '';
+  $('skillFormCategory').value = prefillCategory || '';
+  $('skillFormContent').value = prefillContent || '';
+  $('skillFormError').style.display = 'none';
+  _editingSkillName = prefillName || null;
+  form.style.display = '';
+  $('skillFormName').focus();
+}
+
+async function submitSkillSave() {
+  const name = ($('skillFormName').value||'').trim().toLowerCase().replace(/\s+/g, '-');
+  const category = ($('skillFormCategory').value||'').trim();
+  const content = $('skillFormContent').value;
+  const errEl = $('skillFormError');
+  errEl.style.display = 'none';
+  if (!name) { errEl.textContent = 'Skill name is required'; errEl.style.display = ''; return; }
+  if (!content.trim()) { errEl.textContent = 'Content is required'; errEl.style.display = ''; return; }
+  try {
+    await api('/api/skills/save', {method:'POST', body: JSON.stringify({name, category: category||undefined, content})});
+    showToast(_editingSkillName ? 'Skill updated ✓' : 'Skill created ✓');
+    _skillsData = null;
+    toggleSkillForm();
+    await loadSkills();
+  } catch(e) { errEl.textContent = 'Error: ' + e.message; errEl.style.display = ''; }
+}
+
+// ── Memory inline edit ──
+let _memoryData = null;
+
+function toggleMemoryEdit() {
+  const form = $('memoryEditForm');
+  if (!form) return;
+  const open = form.style.display !== 'none';
+  if (open) { form.style.display = 'none'; return; }
+  $('memEditSection').textContent = 'memory (notes)';
+  $('memEditContent').value = _memoryData ? (_memoryData.memory || '') : '';
+  $('memEditError').style.display = 'none';
+  form.style.display = '';
+}
+
+function closeMemoryEdit() {
+  const form = $('memoryEditForm');
+  if (form) form.style.display = 'none';
+}
+
+async function submitMemorySave() {
+  const content = $('memEditContent').value;
+  const errEl = $('memEditError');
+  errEl.style.display = 'none';
+  try {
+    await api('/api/memory/write', {method:'POST', body: JSON.stringify({section: 'memory', content})});
+    showToast('Memory saved ✓');
+    closeMemoryEdit();
+    await loadMemory(true);
+  } catch(e) { errEl.textContent = 'Error: ' + e.message; errEl.style.display = ''; }
+}
+
+// ── Workspace management ──
+let _workspaceList = [];  // cached from /api/workspaces
+
+function getWorkspaceFriendlyName(path){
+  // Look up the friendly name from the workspace list cache, fallback to last path segment
+  if(_workspaceList && _workspaceList.length){
+    const match=_workspaceList.find(w=>w.path===path);
+    if(match && match.name) return match.name;
+  }
+  return path.split('/').filter(Boolean).pop()||path;
+}
+
+async function loadWorkspaceList(){
+  try{
+    const data = await api('/api/workspaces');
+    _workspaceList = data.workspaces || [];
+    // Refresh sidebar display if we have a current session
+    if(S.session && S.session.workspace) {
+      const sidebarName=$('sidebarWsName');
+      const sidebarPath=$('sidebarWsPath');
+      if(sidebarName) sidebarName.textContent=getWorkspaceFriendlyName(S.session.workspace);
+      if(sidebarPath) sidebarPath.textContent=S.session.workspace;
+    }
+    return data;
+  }catch(e){ return {workspaces:[], last:''}; }
+}
+
+function renderWorkspaceDropdown(workspaces, currentWs){
+  const dd = $('wsDropdown');
+  if(!dd)return;
+  dd.innerHTML='';
+  for(const w of workspaces){
+    const opt=document.createElement('div');
+    opt.className='ws-opt'+(w.path===currentWs?' active':'');
+    opt.innerHTML=`<span class="ws-opt-name">${esc(w.name)}</span><span class="ws-opt-path">${esc(w.path)}</span>`;
+    opt.onclick=async()=>{
+      closeWsDropdown();
+      if(!S.session||w.path===S.session.workspace)return;
+      await api('/api/session/update',{method:'POST',body:JSON.stringify({
+        session_id:S.session.session_id, workspace:w.path, model:S.session.model
+      })});
+      S.session.workspace=w.path;
+      syncTopbar();
+      await loadDir('.');
+      showToast(`Switched to ${w.name}`);
+    };
+    dd.appendChild(opt);
+  }
+  // Divider + Manage link
+  const div=document.createElement('div');div.className='ws-divider';dd.appendChild(div);
+  const mgmt=document.createElement('div');mgmt.className='ws-opt ws-manage';
+  mgmt.innerHTML='&#9881; Manage workspaces';
+  mgmt.onclick=()=>{closeWsDropdown();switchPanel('workspaces');};
+  dd.appendChild(mgmt);
+}
+
+function toggleWsDropdown(){
+  const dd=$('wsDropdown');
+  if(!dd)return;
+  const open=dd.classList.contains('open');
+  if(open){closeWsDropdown();}
+  else{
+    loadWorkspaceList().then(data=>{
+      renderWorkspaceDropdown(data.workspaces, S.session?S.session.workspace:'');
+      dd.classList.add('open');
+    });
+  }
+}
+
+function closeWsDropdown(){
+  const dd=$('wsDropdown');
+  if(dd)dd.classList.remove('open');
+}
+document.addEventListener('click',e=>{
+  if(!e.target.closest('#wsChipWrap'))closeWsDropdown();
+});
+
+async function loadWorkspacesPanel(){
+  const panel=$('workspacesPanel');
+  if(!panel)return;
+  const data=await loadWorkspaceList();
+  renderWorkspacesPanel(data.workspaces);
+}
+
+function renderWorkspacesPanel(workspaces){
+  const panel=$('workspacesPanel');
+  panel.innerHTML='';
+  for(const w of workspaces){
+    const row=document.createElement('div');row.className='ws-row';
+    row.innerHTML=`
+      <div class="ws-row-info">
+        <div class="ws-row-name">${esc(w.name)}</div>
+        <div class="ws-row-path">${esc(w.path)}</div>
+      </div>
+      <div class="ws-row-actions">
+        <button class="ws-action-btn" title="Use in current session" onclick="switchToWorkspace('${esc(w.path)}','${esc(w.name)}')">&#8594; Use</button>
+        <button class="ws-action-btn danger" title="Remove" onclick="removeWorkspace('${esc(w.path)}')">&#10005;</button>
+      </div>`;
+    panel.appendChild(row);
+  }
+  const addRow=document.createElement('div');addRow.className='ws-add-row';
+  addRow.innerHTML=`
+    <input id="wsAddInput" placeholder="Add workspace path (e.g. /home/user/my-project)" style="flex:1;background:rgba(255,255,255,.06);border:1px solid var(--border2);border-radius:7px;color:var(--text);padding:7px 10px;font-size:12px;outline:none;">
+    <button class="ws-action-btn" onclick="addWorkspace()">&#43; Add</button>`;
+  panel.appendChild(addRow);
+  const hint=document.createElement('div');
+  hint.style.cssText='font-size:11px;color:var(--muted);padding:4px 0 8px';
+  hint.textContent='Paths are validated as existing directories before saving.';
+  panel.appendChild(hint);
+}
+
+async function addWorkspace(){
+  const input=$('wsAddInput');
+  const path=(input?input.value:'').trim();
+  if(!path)return;
+  try{
+    const data=await api('/api/workspaces/add',{method:'POST',body:JSON.stringify({path})});
+    _workspaceList=data.workspaces;
+    renderWorkspacesPanel(data.workspaces);
+    if(input)input.value='';
+    showToast('Workspace added');
+  }catch(e){setStatus('Add failed: '+e.message);}
+}
+
+async function removeWorkspace(path){
+  if(!confirm(`Remove workspace "${path}"?`))return;
+  try{
+    const data=await api('/api/workspaces/remove',{method:'POST',body:JSON.stringify({path})});
+    _workspaceList=data.workspaces;
+    renderWorkspacesPanel(data.workspaces);
+    showToast('Workspace removed');
+  }catch(e){setStatus('Remove failed: '+e.message);}
+}
+
+async function switchToWorkspace(path,name){
+  if(!S.session)return;
+  try{
+    await api('/api/session/update',{method:'POST',body:JSON.stringify({
+      session_id:S.session.session_id, workspace:path, model:S.session.model
+    })});
+    S.session.workspace=path;
+    syncTopbar();
+    await loadDir('.');
+    showToast(`Switched to ${name}`);
+  }catch(e){setStatus('Switch failed: '+e.message);}
+}
+
+// ── Memory panel ──
+async function loadMemory(force) {
+  const panel = $('memoryPanel');
+  try {
+    const data = await api('/api/memory');
+    _memoryData = data;  // cache for edit form
+    const fmtTime = ts => ts ? new Date(ts*1000).toLocaleString() : '';
+    panel.innerHTML = `
+      <div class="memory-section">
+        <div class="memory-section-title">
+          &#129504; My Notes
+          <span class="memory-mtime">${fmtTime(data.memory_mtime)}</span>
+        </div>
+        ${data.memory
+          ? `<div class="memory-content preview-md">${renderMd(data.memory)}</div>`
+          : '<div class="memory-empty">No notes yet.</div>'}
+      </div>
+      <div class="memory-section">
+        <div class="memory-section-title">
+          &#128100; User Profile
+          <span class="memory-mtime">${fmtTime(data.user_mtime)}</span>
+        </div>
+        ${data.user
+          ? `<div class="memory-content preview-md">${renderMd(data.user)}</div>`
+          : '<div class="memory-empty">No profile yet.</div>'}
+      </div>`;
+  } catch(e) { panel.innerHTML = `<div style="color:var(--accent);font-size:12px">Error: ${esc(e.message)}</div>`; }
+}
+
+// Drag and drop
+const wrap=$('composerWrap');let dragCounter=0;
+document.addEventListener('dragover',e=>e.preventDefault());
+document.addEventListener('dragenter',e=>{e.preventDefault();if(e.dataTransfer.types.includes('Files')){dragCounter++;wrap.classList.add('drag-over');}});
+document.addEventListener('dragleave',e=>{dragCounter--;if(dragCounter<=0){dragCounter=0;wrap.classList.remove('drag-over');}});
+document.addEventListener('drop',e=>{e.preventDefault();dragCounter=0;wrap.classList.remove('drag-over');const files=Array.from(e.dataTransfer.files);if(files.length){addFiles(files);$('msg').focus();}});
+
+// Event wiring
diff --git a/static/sessions.js b/static/sessions.js
new file mode 100644
index 0000000..172a105
--- /dev/null
+++ b/static/sessions.js
@@ -0,0 +1,206 @@
+async function newSession(flash){
+  MSG_QUEUE.length=0;updateQueueBadge();
+  S.toolCalls=[];
+  clearLiveToolCards();
+  const inheritWs=S.session?S.session.workspace:null;
+  const data=await api('/api/session/new',{method:'POST',body:JSON.stringify({model:$('modelSelect').value,workspace:inheritWs})});
+  S.session=data.session;S.messages=data.session.messages||[];
+  if(flash)S.session._flash=true;
+  localStorage.setItem('hermes-webui-session',S.session.session_id);
+  syncTopbar();await loadDir('.');renderMessages();
+  // don't call renderSessionList here - callers do it when needed
+}
+
+async function loadSession(sid){
+  stopApprovalPolling();hideApprovalCard();
+  const data=await api(`/api/session?session_id=${encodeURIComponent(sid)}`);
+  S.session=data.session;
+  localStorage.setItem('hermes-webui-session',S.session.session_id);
+  // B9: sanitize empty assistant messages that can appear when agent only ran tool calls
+  data.session.messages=(data.session.messages||[]).filter(m=>{
+    if(!m||!m.role)return false;
+    if(m.role==='tool')return false;
+    if(m.role==='assistant'){let c=m.content||'';if(Array.isArray(c))c=c.filter(p=>p&&p.type==='text').map(p=>p.text||'').join('');return String(c).trim().length>0;}
+    return true;
+  });
+  if(INFLIGHT[sid]){
+    S.messages=INFLIGHT[sid].messages;
+    // Restore live tool cards for this in-flight session
+    clearLiveToolCards();
+    for(const tc of (S.toolCalls||[])){
+      if(tc&&tc.name) appendLiveToolCard(tc);
+    }
+    syncTopbar();await loadDir('.');renderMessages();appendThinking();
+    setBusy(true);setStatus('Hermes is thinking\u2026');
+    startApprovalPolling(sid);
+  }else{
+    MSG_QUEUE.length=0;updateQueueBadge();  // clear queue for the viewed session
+    S.messages=data.session.messages||[];
+    S.toolCalls=(data.session.tool_calls||[]).map(tc=>({...tc,done:true}));
+    // Reset per-session visual state: the viewed session is idle even if another
+    // session's stream is still running in the background.
+    // We directly update the DOM instead of calling setBusy(false), because
+    // setBusy(false) drains MSG_QUEUE which we don't want here.
+    S.busy=false;
+    S.activeStreamId=null;
+    $('btnSend').disabled=false;
+    $('btnSend').style.opacity='1';
+    const _dots=$('activityDots');if(_dots)_dots.style.display='none';
+    const _cb=$('btnCancel');if(_cb)_cb.style.display='none';
+    setStatus('');
+    clearLiveToolCards();
+    syncTopbar();await loadDir('.');renderMessages();highlightCode();
+  }
+}
+
+let _allSessions = [];  // cached for search filter
+let _renamingSid = null;  // session_id currently being renamed (blocks list re-renders)
+
+async function renderSessionList(){
+  try{
+    if(!($('sessionSearch').value||'').trim()) _contentSearchResults = [];
+    const data=await api('/api/sessions');
+    _allSessions = data.sessions||[];
+    renderSessionListFromCache();  // no-ops if rename is in progress
+  }catch(e){console.warn('renderSessionList',e);}
+}
+
+let _searchDebounceTimer = null;
+let _contentSearchResults = [];  // results from /api/sessions/search content scan
+
+function filterSessions(){
+  // Immediate client-side title filter (no flicker)
+  renderSessionListFromCache();
+  // Debounced content search via API for message text
+  const q = ($('sessionSearch').value || '').trim();
+  clearTimeout(_searchDebounceTimer);
+  if (!q) { _contentSearchResults = []; return; }
+  _searchDebounceTimer = setTimeout(async () => {
+    try {
+      const data = await api(`/api/sessions/search?q=${encodeURIComponent(q)}&content=1&depth=5`);
+      const titleIds = new Set(_allSessions.filter(s => (s.title||'Untitled').toLowerCase().includes(q.toLowerCase())).map(s=>s.session_id));
+      _contentSearchResults = (data.sessions||[]).filter(s => s.match_type === 'content' && !titleIds.has(s.session_id));
+      renderSessionListFromCache();
+    } catch(e) { /* ignore */ }
+  }, 350);
+}
+
+function renderSessionListFromCache(){
+  // Don't re-render while user is actively renaming a session (would destroy the input)
+  if(_renamingSid) return;
+  const q=($('sessionSearch').value||'').toLowerCase();
+  const titleMatches=q?_allSessions.filter(s=>(s.title||'Untitled').toLowerCase().includes(q)):_allSessions;
+  // Merge content matches (deduped): content matches appended after title matches
+  const titleIds=new Set(titleMatches.map(s=>s.session_id));
+  const sessions=q?[...titleMatches,..._contentSearchResults.filter(s=>!titleIds.has(s.session_id))]:titleMatches;
+  const list=$('sessionList');list.innerHTML='';
+  // Date grouping: Today / Yesterday / Earlier
+  const now=Date.now();
+  const ONE_DAY=86400000;
+  let lastGroup='';
+  for(const s of sessions.slice(0,50)){
+    const ts=(s.updated_at||0)*1000;
+    const group=ts>now-ONE_DAY?'Today':ts>now-2*ONE_DAY?'Yesterday':'Earlier';
+    if(group!==lastGroup){
+      lastGroup=group;
+      const hdr=document.createElement('div');
+      hdr.style.cssText='font-size:10px;font-weight:700;text-transform:uppercase;letter-spacing:.08em;color:var(--muted);padding:10px 10px 4px;opacity:.8;';
+      hdr.textContent=group;
+      list.appendChild(hdr);
+    }
+    const el=document.createElement('div');
+    const isActive=S.session&&s.session_id===S.session.session_id;
+    el.className='session-item'+(isActive?' active':'')+(isActive&&S.session&&S.session._flash?' new-flash':'');
+    if(isActive&&S.session&&S.session._flash)delete S.session._flash;
+    const title=document.createElement('span');
+    title.className='session-title';title.textContent=s.title||'Untitled';
+    title.title='Double-click to rename';
+
+    // Rename: called directly when we confirm it's a double-click
+    const startRename=()=>{
+      _renamingSid = s.session_id;
+      const inp=document.createElement('input');
+      inp.className='session-title-input';
+      inp.value=s.title||'Untitled';
+      ['click','mousedown','dblclick','pointerdown'].forEach(ev=>
+        inp.addEventListener(ev, e2=>e2.stopPropagation())
+      );
+      const finish=async(save)=>{
+        _renamingSid = null;
+        if(save){
+          const newTitle=inp.value.trim()||'Untitled';
+          title.textContent=newTitle;
+          s.title=newTitle;
+          if(S.session&&S.session.session_id===s.session_id){S.session.title=newTitle;syncTopbar();}
+          try{await api('/api/session/rename',{method:'POST',body:JSON.stringify({session_id:s.session_id,title:newTitle})});}
+          catch(err){setStatus('Rename failed: '+err.message);}
+        }
+        inp.replaceWith(title);
+        // Allow list re-renders again after a short delay
+        setTimeout(()=>{ if(_renamingSid===null) renderSessionListFromCache(); },50);
+      };
+      inp.onkeydown=e2=>{
+        if(e2.key==='Enter'){e2.preventDefault();e2.stopPropagation();finish(true);}
+        if(e2.key==='Escape'){e2.preventDefault();e2.stopPropagation();finish(false);}
+      };
+      // onblur: cancel only -- no accidental saves
+      inp.onblur=()=>{ if(_renamingSid===s.session_id) finish(false); };
+      title.replaceWith(inp);
+      setTimeout(()=>{inp.focus();inp.select();},10);
+    };
+
+    const trash=document.createElement('button');
+    trash.className='session-trash';trash.innerHTML='&#128465;';trash.title='Delete';
+    trash.onclick=async(e)=>{e.stopPropagation();e.preventDefault();await deleteSession(s.session_id);};
+    el.appendChild(title);el.appendChild(trash);
+
+    // Use a click timer to distinguish single-click (navigate) from double-click (rename).
+    // This prevents loadSession from firing on the first click of a double-click,
+    // which would re-render the list and destroy the dblclick target before it fires.
+    let _clickTimer=null;
+    el.onclick=async(e)=>{
+      if(_renamingSid) return; // ignore while any rename is active
+      if(e.target===trash||trash.contains(e.target)) return; // trash handles itself
+      clearTimeout(_clickTimer);
+      _clickTimer=setTimeout(async()=>{
+        _clickTimer=null;
+        if(_renamingSid) return;
+        await loadSession(s.session_id);renderSessionListFromCache();
+      }, 220);
+    };
+    el.ondblclick=async(e)=>{
+      e.stopPropagation();
+      e.preventDefault();
+      clearTimeout(_clickTimer); // cancel the pending single-click navigation
+      _clickTimer=null;
+      startRename();
+    };
+    list.appendChild(el);
+  }
+}
+
+async function deleteSession(sid){
+  if(!confirm('Delete this conversation?'))return;
+  try{
+    await api('/api/session/delete',{method:'POST',body:JSON.stringify({session_id:sid})});
+  }catch(e){setStatus(`Delete failed: ${e.message}`);return;}
+  if(S.session&&S.session.session_id===sid){
+    S.session=null;S.messages=[];S.entries=[];
+    localStorage.removeItem('hermes-webui-session');
+    // load the most recent remaining session, or show blank if none left
+    const remaining=await api('/api/sessions');
+    if(remaining.sessions&&remaining.sessions.length){
+      await loadSession(remaining.sessions[0].session_id);
+    }else{
+      $('topbarTitle').textContent='Hermes';
+      $('topbarMeta').textContent='Start a new conversation';
+      $('msgInner').innerHTML='';
+      $('emptyState').style.display='';
+      $('fileTree').innerHTML='';
+    }
+  }
+  showToast('Conversation deleted');
+  await renderSessionList();
+}
+
+
diff --git a/static/style.css b/static/style.css
new file mode 100644
index 0000000..3e3b218
--- /dev/null
+++ b/static/style.css
@@ -0,0 +1,450 @@
+  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+  :root {
+    --bg:#1a1a2e;--sidebar:#16213e;--border:rgba(255,255,255,0.08);--border2:rgba(255,255,255,0.14);
+    --text:#e8e8f0;--muted:#8888aa;--accent:#e94560;--blue:#7cb9ff;--gold:#c9a84c;--code-bg:#0d1117;
+    font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",system-ui,sans-serif;font-size:14px;line-height:1.6;
+  }
+  body{background:var(--bg);color:var(--text);height:100vh;overflow:hidden;display:flex;}
+  .layout{display:flex;width:100%;height:100vh;}
+  .sidebar{width:300px;background:var(--sidebar);border-right:1px solid var(--border);display:flex;flex-direction:column;overflow:hidden;flex-shrink:0;}
+  .sidebar-header{padding:16px 18px 14px;border-bottom:1px solid var(--border);display:flex;align-items:center;gap:10px;}
+  .logo{width:32px;height:32px;border-radius:9px;background:linear-gradient(145deg,#e8a030,var(--accent));display:flex;align-items:center;justify-content:center;font-weight:800;font-size:14px;color:#fff;flex-shrink:0;box-shadow:0 2px 8px rgba(233,69,96,.3);}
+  .sidebar-header h1{font-size:15px;font-weight:600;}
+  .sidebar-section{padding:14px 14px 8px;}
+  .new-chat-btn{width:100%;padding:9px 12px;border-radius:9px;background:rgba(124,185,255,0.07);border:1px solid rgba(124,185,255,0.18);color:var(--blue);font-size:13px;cursor:pointer;display:flex;align-items:center;gap:8px;transition:all .15s;margin-bottom:8px;font-weight:500;}
+  .new-chat-btn:hover{background:rgba(124,185,255,0.13);border-color:rgba(124,185,255,.3);}
+  .session-list{flex:1;overflow-y:auto;padding:0 8px 8px;min-height:0;}
+  .session-search{padding:4px 10px 8px;flex-shrink:0;}
+  .session-search input{width:100%;background:rgba(255,255,255,.04);border:1px solid rgba(255,255,255,.08);border-radius:8px;color:var(--text);padding:7px 12px;font-size:12px;outline:none;transition:all .15s;}
+  .session-search input:focus{border-color:rgba(124,185,255,.35);background:rgba(255,255,255,.06);box-shadow:0 0 0 2px rgba(124,185,255,.07);}
+  .session-search input::placeholder{color:var(--muted);opacity:.7;}
+  /* Inline session title edit */
+  .session-title-input{flex:1;background:rgba(20,32,60,.9);border:1px solid rgba(124,185,255,.6);border-radius:6px;color:var(--text);padding:3px 8px;font-size:13px;outline:none;min-width:0;box-shadow:0 0 0 2px rgba(124,185,255,.15);font-family:inherit;}
+  .session-item{padding:8px 10px 8px 8px;border-radius:8px;cursor:pointer;font-size:13px;color:var(--muted);white-space:nowrap;overflow:hidden;text-overflow:ellipsis;transition:background .15s,color .15s,border-color .15s;display:flex;align-items:center;gap:6px;min-width:0;border-left:2px solid transparent;}
+  .session-item:hover{background:rgba(255,255,255,0.06);color:var(--text);}
+  .session-item.active{background:rgba(124,185,255,0.1);color:var(--blue);border-left:2px solid var(--blue);padding-left:8px;}
+  .session-title{flex:1;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;}
+  .session-trash{flex-shrink:0;opacity:0;font-size:13px;color:var(--muted);background:none;border:none;cursor:pointer;padding:0 2px;line-height:1;transition:opacity .15s,color .15s;}
+  .session-item:hover .session-trash{opacity:1;}
+  .session-trash:hover{color:var(--accent)!important;}
+  @keyframes newflash{0%{background:rgba(124,185,255,0.22);color:var(--blue);}100%{background:transparent;color:var(--muted);}}
+  .session-item.new-flash{animation:newflash 1.4s ease-out forwards;}
+  .toast{position:fixed;bottom:24px;left:50%;transform:translateX(-50%);background:rgba(20,30,50,.95);backdrop-filter:blur(12px);border:1px solid rgba(124,185,255,0.25);color:var(--text);font-size:13px;padding:10px 20px;border-radius:12px;pointer-events:none;opacity:0;transition:opacity .2s,transform .2s;z-index:100;box-shadow:0 4px 20px rgba(0,0,0,.3);letter-spacing:.01em;}
+  .toast.show{opacity:1;transform:translateX(-50%) translateY(-2px);}
+  .reconnect-banner{display:none;background:#1a2535;border:1px solid rgba(201,168,76,0.4);border-radius:10px;padding:10px 16px;margin:10px auto;max-width:780px;font-size:13px;color:var(--gold);display:none;align-items:center;justify-content:space-between;gap:12px;}
+  .reconnect-banner.visible{display:flex;}
+  .reconnect-btn{padding:5px 12px;border-radius:7px;font-size:12px;font-weight:600;background:rgba(201,168,76,0.15);border:1px solid rgba(201,168,76,0.4);color:var(--gold);cursor:pointer;}
+  .reconnect-btn:hover{background:rgba(201,168,76,0.25);}
+  /* ── Approval card ── */
+  .approval-card{display:none;max-width:780px;margin:0 auto 0;padding:0 20px 12px;}
+  .approval-card.visible{display:block;}
+  .approval-inner{background:rgba(20,30,50,.95);backdrop-filter:blur(8px);border:1px solid rgba(233,69,96,0.35);border-radius:14px;padding:14px 16px;}
+  .approval-header{display:flex;align-items:center;gap:8px;margin-bottom:10px;font-size:13px;font-weight:600;color:#e94560;}
+  .approval-desc{font-size:12px;color:var(--muted);margin-bottom:8px;}
+  .approval-cmd{background:var(--code-bg);border:1px solid rgba(255,255,255,.08);border-radius:8px;padding:8px 12px;font-family:"SF Mono",ui-monospace,monospace;font-size:12px;color:#e2e8f0;white-space:pre-wrap;word-break:break-all;margin-bottom:12px;max-height:120px;overflow-y:auto;}
+  .approval-btns{display:flex;gap:8px;flex-wrap:wrap;}
+  .approval-btn{padding:6px 14px;border-radius:8px;font-size:12px;font-weight:600;border:1px solid var(--border2);background:rgba(255,255,255,0.06);color:var(--text);cursor:pointer;transition:all .15s;}
+  .approval-btn:hover{background:rgba(255,255,255,0.12);}
+  .approval-btn.once{border-color:rgba(124,185,255,0.5);color:var(--blue);}
+  .approval-btn.once:hover{background:rgba(124,185,255,0.15);}
+  .approval-btn.session{border-color:rgba(124,185,255,0.3);color:var(--blue);}
+  .approval-btn.always{border-color:rgba(201,168,76,0.5);color:var(--gold);}
+  .approval-btn.deny{border-color:rgba(233,69,96,0.5);color:var(--accent);}
+  .approval-btn.deny:hover{background:rgba(233,69,96,0.12);}
+  /* Sidebar navigation tabs */
+  .sidebar-nav{display:flex;border-bottom:1px solid var(--border);flex-shrink:0;padding:6px 8px 0;gap:2px;}
+  .nav-tab{flex:1;padding:10px 4px 8px;font-size:20px;text-align:center;cursor:pointer;color:var(--muted);border:none;background:none;transition:color .15s;border-bottom:2px solid transparent;white-space:nowrap;overflow:hidden;position:relative;}
+  .nav-tab:hover{color:var(--text);}
+  .nav-tab:hover::after{content:attr(data-label);position:absolute;bottom:calc(100% + 8px);left:50%;transform:translateX(-50%);background:rgba(15,22,40,.98);border:1px solid rgba(124,185,255,0.3);color:var(--blue);font-size:12px;font-weight:700;letter-spacing:.02em;padding:5px 11px;border-radius:7px;white-space:nowrap;pointer-events:none;z-index:50;box-shadow:0 4px 12px rgba(0,0,0,.3);}
+  .nav-tab.active{color:var(--blue);}
+  .nav-tab.active::before{content:'';position:absolute;bottom:0;left:50%;transform:translateX(-50%);width:20px;height:2px;background:var(--blue);border-radius:2px 2px 0 0;}
+  /* Panel content areas (swapped by tab) */
+  .panel-view{display:none;flex:1;overflow:hidden;flex-direction:column;}
+  .panel-view.active{display:flex;}
+  /* Cron panel */
+  .cron-list{flex:1;overflow-y:auto;padding:8px;}
+  .cron-item{border-radius:10px;border:1px solid rgba(255,255,255,.08);margin-bottom:6px;overflow:hidden;transition:border-color .15s,background .15s;background:rgba(255,255,255,.02);}
+  .cron-item:hover{border-color:var(--border2);}
+  .cron-header{display:flex;align-items:center;gap:8px;padding:9px 11px;cursor:pointer;}
+  .cron-name{flex:1;font-size:13px;color:var(--text);font-weight:500;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;}
+  .cron-status{font-size:10px;font-weight:700;padding:2px 7px;border-radius:99px;flex-shrink:0;}
+  .cron-status.active{background:rgba(34,197,94,.15);color:#4ade80;}
+  .cron-status.paused{background:rgba(201,168,76,.15);color:var(--gold);}
+  .cron-status.disabled{background:rgba(255,255,255,.07);color:var(--muted);}
+  .cron-status.error{background:rgba(233,69,96,.15);color:var(--accent);}
+  .cron-body{display:none;padding:0 11px 10px;border-top:1px solid var(--border);overflow:hidden;}
+  .cron-body.open{display:block;}
+  .cron-schedule{font-size:11px;color:var(--muted);margin:8px 0 6px;}
+  .cron-prompt{font-size:11px;color:var(--muted);line-height:1.55;max-height:80px;overflow-y:auto;background:rgba(0,0,0,.2);padding:6px 8px;border-radius:6px;white-space:pre-wrap;margin-bottom:8px;box-sizing:border-box;}
+  .cron-actions{display:flex;gap:6px;margin-bottom:8px;}
+  .cron-btn{padding:4px 10px;border-radius:6px;font-size:11px;font-weight:600;border:1px solid var(--border2);background:rgba(255,255,255,.05);color:var(--muted);cursor:pointer;transition:all .15s;}
+  .cron-btn:hover{background:rgba(255,255,255,.1);color:var(--text);}
+  .cron-btn.run{border-color:rgba(124,185,255,.4);color:var(--blue);}
+  .cron-btn.run:hover{background:rgba(124,185,255,.12);}
+  .cron-btn.pause{border-color:rgba(201,168,76,.4);color:var(--gold);}
+  .cron-last{font-size:11px;color:var(--muted);border-top:1px solid var(--border);padding-top:8px;max-height:220px;overflow-y:auto;white-space:pre-wrap;line-height:1.5;word-break:break-word;}
+  .cron-last-header{font-size:10px;font-weight:600;text-transform:uppercase;letter-spacing:.06em;color:var(--muted);margin-bottom:4px;}
+  /* Skills panel */
+  .skills-search{padding:8px;flex-shrink:0;}
+  .skills-search input{width:100%;background:rgba(255,255,255,.06);border:1px solid var(--border2);border-radius:7px;color:var(--text);padding:6px 10px;font-size:12px;outline:none;}
+  .skills-search input::placeholder{color:var(--muted);}
+  .skills-list{flex:1;overflow-y:auto;padding:0 8px 8px;}
+  .skills-category{margin-bottom:4px;}
+  .skills-cat-header{font-size:10px;font-weight:700;text-transform:uppercase;letter-spacing:.08em;color:var(--muted);padding:8px 6px 4px;cursor:pointer;display:flex;align-items:center;gap:4px;}
+  .skills-cat-header:hover{color:var(--text);}
+  .skill-item{padding:7px 10px;border-radius:7px;cursor:pointer;font-size:12px;color:var(--muted);display:flex;align-items:flex-start;gap:6px;transition:all .12s;line-height:1.4;}
+  .skill-item:hover{background:rgba(255,255,255,.06);color:var(--text);}
+  .skill-item.active{background:rgba(124,185,255,.1);color:var(--blue);}
+  .skill-name{font-weight:500;flex-shrink:0;}
+  .skill-desc{overflow:hidden;text-overflow:ellipsis;white-space:nowrap;flex:1;font-size:11px;opacity:.7;}
+  /* Memory panel */
+  .memory-panel{flex:1;overflow-y:auto;padding:12px;}
+  .memory-section{margin-bottom:16px;}
+  .memory-section-title{font-size:10px;font-weight:700;text-transform:uppercase;letter-spacing:.08em;color:var(--muted);margin-bottom:8px;display:flex;align-items:center;justify-content:space-between;}
+  .memory-mtime{font-size:10px;font-weight:400;text-transform:none;opacity:.6;}
+  .memory-content{font-size:12px;line-height:1.7;color:var(--text);}
+  .memory-content p{margin-bottom:6px;}
+  .memory-empty{color:var(--muted);font-size:12px;font-style:italic;}
+  .sidebar-bottom{border-top:1px solid var(--border);padding:12px 14px;flex-shrink:0;}
+  .field-label{font-size:10px;font-weight:700;text-transform:uppercase;letter-spacing:.08em;color:var(--muted);margin-bottom:5px;opacity:.8;}
+  select{width:100%;background:rgba(255,255,255,0.04);border:1px solid rgba(255,255,255,.1);border-radius:8px;color:var(--text);padding:7px 28px 7px 10px;font-size:12px;outline:none;appearance:none;margin-bottom:6px;cursor:pointer;background-image:url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='10' height='6' viewBox='0 0 10 6'%3E%3Cpath d='M1 1l4 4 4-4' stroke='%238888aa' stroke-width='1.5' fill='none' stroke-linecap='round'/%3E%3C/svg%3E");background-repeat:no-repeat;background-position:right 10px center;}
+  select:focus{border-color:rgba(124,185,255,.4);box-shadow:0 0 0 2px rgba(124,185,255,.08);}
+  optgroup{color:var(--muted);font-size:11px;font-weight:700;}
+  option{background:#1a1a2e;color:var(--text);padding:6px;}
+  .sidebar-actions{display:flex;gap:6px;}
+  .sm-btn{flex:1;padding:7px 0;border-radius:8px;font-size:11px;font-weight:500;background:rgba(255,255,255,0.04);border:1px solid rgba(255,255,255,.08);color:var(--muted);cursor:pointer;transition:all .15s;text-align:center;letter-spacing:.02em;}
+  .sm-btn:hover{background:rgba(255,255,255,0.09);color:var(--text);border-color:rgba(255,255,255,.15);}
+  .main{flex:1;display:flex;flex-direction:column;overflow:hidden;min-width:0;background:rgba(26,26,46,0.5);}
+  .topbar{padding:12px 20px;border-bottom:1px solid var(--border);background:rgba(22,33,62,.98);backdrop-filter:blur(12px);display:flex;align-items:center;justify-content:space-between;flex-shrink:0;}
+  .topbar-title{font-size:15px;font-weight:600;letter-spacing:-.01em;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;}
+  .topbar-meta{font-size:11px;color:var(--muted);margin-top:3px;opacity:.75;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;}
+  .topbar-chips{display:flex;gap:6px;align-items:center;flex-shrink:0;}
+  .chip{font-size:11px;padding:4px 10px;border-radius:999px;background:rgba(255,255,255,0.05);border:1px solid rgba(255,255,255,.1);color:var(--muted);font-weight:500;}
+  .chip.model{color:var(--blue);border-color:rgba(124,185,255,0.35);background:rgba(124,185,255,0.1);}
+  .messages{flex:1;overflow-y:auto;display:flex;flex-direction:column;min-height:0;}
+  .messages-inner{max-width:800px;margin:0 auto;width:100%;padding:20px 24px 32px;display:flex;flex-direction:column;}
+  .msg-row{padding:10px 0;}
+  .msg-row+.msg-row{border-top:none;}
+  .msg-role{font-size:12px;font-weight:500;letter-spacing:.01em;margin-bottom:8px;display:flex;align-items:center;gap:8px;}
+  .msg-role.user{color:rgba(124,185,255,0.65);}
+  .msg-role.assistant{color:rgba(201,168,76,0.6);}
+  .role-icon{width:22px;height:22px;border-radius:50%;display:flex;align-items:center;justify-content:center;font-size:10px;font-weight:700;flex-shrink:0;}
+  .role-icon.user{background:rgba(124,185,255,0.15);color:var(--blue);border:1px solid rgba(124,185,255,0.2);}
+  .role-icon.assistant{background:rgba(201,168,76,0.15);color:var(--gold);border:1px solid rgba(201,168,76,0.2);}
+  .msg-body{font-size:14px;line-height:1.75;color:var(--text);padding-left:30px;max-width:680px;}
+  .msg-body p{margin-bottom:10px;}.msg-body p:last-child{margin-bottom:0;}
+  .msg-body ul,.msg-body ol{margin:6px 0 10px 20px;}.msg-body li{margin-bottom:3px;}
+  .msg-body h1,.msg-body h2,.msg-body h3{margin:16px 0 6px;font-weight:600;}
+  .msg-body h1{font-size:18px;}.msg-body h2{font-size:16px;}.msg-body h3{font-size:14px;}
+  .msg-body strong{color:#fff;font-weight:600;}.msg-body em{color:#c9c9e8;font-style:italic;}
+  .msg-body code{font-family:"SF Mono","Fira Code",ui-monospace,monospace;font-size:12.5px;background:rgba(0,0,0,.35);padding:1px 5px;border-radius:4px;color:#f0c27f;}
+  .msg-body pre{background:var(--code-bg);border:1px solid rgba(255,255,255,.08);border-radius:10px;padding:14px 16px;overflow-x:auto;margin:10px 0;}
+  .msg-body pre code{background:none;padding:0;border-radius:0;color:#e2e8f0;font-size:13px;line-height:1.6;}
+  .pre-header{font-size:10px;font-weight:600;text-transform:uppercase;letter-spacing:.06em;color:var(--muted);padding:8px 16px 8px;background:rgba(255,255,255,.04);border-radius:10px 10px 0 0;border:1px solid rgba(255,255,255,.08);border-bottom:1px solid rgba(255,255,255,.05);display:flex;align-items:center;gap:6px;}
+  .pre-header::before{content:'';width:8px;height:8px;border-radius:50%;background:var(--muted);opacity:.4;}
+  .pre-header+pre{border-radius:0 0 10px 10px;border-top:none;margin-top:0;}
+  .msg-body blockquote{border-left:3px solid var(--blue);padding-left:14px;color:var(--muted);font-style:italic;margin:10px 0;}
+  .msg-body a{color:var(--blue);text-decoration:underline;}
+  .msg-body hr{border:none;border-top:1px solid var(--border);margin:14px 0;}
+  .msg-files{display:flex;flex-wrap:wrap;gap:6px;padding-left:30px;margin-bottom:10px;}
+  .msg-file-badge{display:flex;align-items:center;gap:5px;background:rgba(124,185,255,0.1);border:1px solid rgba(124,185,255,0.25);border-radius:6px;padding:4px 9px;font-size:12px;color:var(--blue);}
+  .thinking{display:flex;align-items:center;gap:5px;color:var(--muted);font-size:13px;padding-left:30px;}
+  .dot{width:6px;height:6px;border-radius:50%;background:var(--blue);opacity:.3;animation:pulse 1.4s ease-in-out infinite;}
+  .dot:nth-child(2){animation-delay:.22s;}.dot:nth-child(3){animation-delay:.44s;}
+  @keyframes pulse{0%,80%,100%{opacity:.2;transform:scale(.8)}40%{opacity:.8;transform:scale(1)}}
+  .empty-state{flex:1;display:flex;flex-direction:column;align-items:center;justify-content:center;gap:12px;padding:40px;color:var(--muted);}
+  .empty-logo{width:64px;height:64px;border-radius:20px;background:linear-gradient(145deg,rgba(124,185,255,.15),rgba(201,168,76,.1));border:1px solid rgba(124,185,255,.2);display:flex;align-items:center;justify-content:center;font-size:28px;font-weight:700;color:var(--blue);margin-bottom:4px;box-shadow:0 4px 20px rgba(124,185,255,.1);}
+  .empty-state h2{font-size:20px;color:var(--text);font-weight:700;letter-spacing:-.02em;}
+  .empty-state p{font-size:14px;text-align:center;max-width:320px;}
+  .suggestion-grid{display:flex;flex-direction:column;gap:8px;margin-top:12px;width:100%;max-width:380px;}
+  .suggestion{padding:11px 14px;background:rgba(255,255,255,0.04);border:1px solid rgba(255,255,255,.08);border-radius:10px;font-size:13px;color:var(--muted);cursor:pointer;transition:all .15s;text-align:left;}
+  .suggestion:hover{background:rgba(124,185,255,0.07);color:var(--text);border-color:rgba(124,185,255,.3);transform:translateX(2px);}
+  /* ── Composer ── */
+  .composer-wrap{border-top:1px solid var(--border);padding:12px 20px 16px;background:var(--bg);flex-shrink:0;}
+  .composer-box{max-width:780px;margin:0 auto;background:rgba(255,255,255,0.04);border:1px solid rgba(255,255,255,.12);border-radius:16px;display:flex;flex-direction:column;transition:border-color .2s,box-shadow .2s;position:relative;}
+  .composer-box:focus-within{border-color:rgba(124,185,255,0.5);box-shadow:0 0 0 3px rgba(124,185,255,0.08);}
+  .composer-wrap.drag-over .composer-box{border-color:var(--blue);background:rgba(124,185,255,0.06);}
+  .drop-hint{display:none;position:absolute;inset:0;align-items:center;justify-content:center;background:rgba(124,185,255,0.08);border:2px dashed var(--blue);border-radius:14px;font-size:14px;color:var(--blue);pointer-events:none;z-index:10;flex-direction:column;gap:8px;}
+  .composer-wrap.drag-over .drop-hint{display:flex;}
+  .attach-tray{display:none;flex-wrap:wrap;gap:6px;padding:10px 14px 0;}
+  .attach-tray.has-files{display:flex;}
+  .attach-chip{display:flex;align-items:center;gap:5px;background:rgba(124,185,255,0.08);border:1px solid rgba(124,185,255,0.22);border-radius:8px;padding:4px 10px;font-size:11px;font-weight:500;color:var(--blue);}
+  .attach-chip button{background:none;border:none;color:var(--muted);cursor:pointer;font-size:13px;line-height:1;padding:0 0 0 3px;}
+  .attach-chip button:hover{color:var(--accent);}
+  textarea#msg{width:100%;background:transparent;border:none;outline:none;color:var(--text);font-size:14px;line-height:1.65;padding:12px 16px 6px;resize:none;min-height:44px;max-height:200px;font-family:inherit;}
+  textarea#msg::placeholder{color:var(--muted);}
+  .composer-footer{display:flex;align-items:center;justify-content:space-between;padding:6px 10px 10px;}
+  .composer-left{display:flex;gap:2px;align-items:center;}
+  .composer-right{display:flex;gap:6px;align-items:center;}
+  .icon-btn{width:34px;height:34px;border-radius:8px;background:none;border:none;color:var(--muted);cursor:pointer;display:flex;align-items:center;justify-content:center;font-size:16px;transition:all .15s;}
+  .icon-btn{opacity:.75;}
+  .icon-btn:hover{background:rgba(255,255,255,.08);color:var(--text);opacity:1;}
+  .status-text{font-size:11px;color:var(--muted);padding-left:4px;}
+  .send-btn{padding:7px 18px;border-radius:10px;font-size:13px;font-weight:600;background:linear-gradient(135deg,#5ba8f5,#7cb9ff);border:none;color:#0a1628;cursor:pointer;display:flex;align-items:center;gap:6px;transition:all .15s;flex-shrink:0;letter-spacing:.01em;}
+  .send-btn:hover{background:linear-gradient(135deg,#7cb9ff,#a0d0ff);transform:translateY(-1px);}
+  .send-btn:active{transform:translateY(0);}
+  .send-btn:disabled{opacity:.4;cursor:not-allowed;}
+  .upload-bar-wrap{display:none;height:3px;background:rgba(255,255,255,.06);border-radius:0 0 16px 16px;overflow:hidden;}
+  .upload-bar-wrap.active{display:block;}
+  .upload-bar{height:100%;background:linear-gradient(90deg,var(--blue),#a0d0ff);width:0%;transition:width .3s ease;}
+  .rightpanel{width:300px;background:var(--sidebar);border-left:1px solid rgba(255,255,255,.06);display:flex;flex-direction:column;overflow:hidden;flex-shrink:0;}
+  .panel-header{padding:12px 16px;border-bottom:1px solid var(--border);font-size:11px;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:.1em;display:flex;align-items:center;justify-content:space-between;}
+  .panel-actions{display:flex;gap:4px;}
+  .panel-icon-btn{width:24px;height:24px;background:none;border:none;color:var(--muted);cursor:pointer;border-radius:5px;font-size:13px;display:flex;align-items:center;justify-content:center;transition:all .15s;}
+  .panel-icon-btn:hover{background:rgba(255,255,255,.08);color:var(--text);}
+  /* File row actions (shown on hover) */
+  /* file-item-actions removed: delete button is now a flex child */
+  .file-action-btn{width:20px;height:20px;background:rgba(0,0,0,.4);border:none;border-radius:4px;color:var(--muted);cursor:pointer;font-size:11px;display:flex;align-items:center;justify-content:center;}
+  .file-action-btn:hover{color:var(--accent);}
+  .close-preview{cursor:pointer;opacity:.6;}.close-preview:hover{opacity:1;}
+  .file-tree{flex:1;overflow-y:auto;padding:8px;}
+  .file-item{display:flex;align-items:center;gap:6px;padding:6px 10px;border-radius:7px;cursor:pointer;font-size:12px;color:var(--muted);transition:all .12s;min-width:0;}
+  .file-item:hover{background:rgba(255,255,255,.07);color:var(--text);}
+  .file-item.active{background:rgba(124,185,255,.12);color:var(--blue);}
+  .preview-area{flex:1;overflow:auto;padding:14px;flex-direction:column;gap:8px;display:none;opacity:0;transition:opacity .15s;}
+  .preview-area.visible{display:flex;opacity:1;}
+  .preview-path{font-size:11px;color:var(--muted);padding-bottom:8px;border-bottom:1px solid var(--border);flex-shrink:0;}
+  .preview-code{font-family:"SF Mono","Fira Code",ui-monospace,monospace;font-size:12px;line-height:1.6;white-space:pre-wrap;word-break:break-word;color:#cdd6e0;}
+  /* Image preview */
+  .preview-img-wrap{display:flex;align-items:center;justify-content:center;flex:1;padding:8px 0;min-height:0;}
+  .preview-img{max-width:100%;max-height:100%;object-fit:contain;border-radius:6px;box-shadow:0 2px 12px rgba(0,0,0,.4);}
+  /* Markdown rendered preview */
+  .preview-md{font-size:13px;line-height:1.7;color:var(--text);flex:1;overflow-y:auto;min-height:0;}
+  .preview-md p{margin-bottom:10px;}.preview-md p:last-child{margin-bottom:0;}
+  .preview-md h1{font-size:18px;font-weight:700;margin:16px 0 8px;color:#fff;border-bottom:1px solid var(--border);padding-bottom:6px;}
+  .preview-md h2{font-size:15px;font-weight:600;margin:14px 0 6px;color:#fff;}
+  .preview-md h3{font-size:13px;font-weight:600;margin:12px 0 4px;color:#e8e8f0;}
+  .preview-md ul,.preview-md ol{margin:4px 0 10px 18px;}.preview-md li{margin-bottom:3px;}
+  .preview-md code{font-family:"SF Mono",ui-monospace,monospace;font-size:11.5px;background:rgba(0,0,0,.35);padding:1px 5px;border-radius:4px;color:#f0c27f;}
+  .preview-md pre{background:var(--code-bg);border:1px solid rgba(255,255,255,.08);border-radius:8px;padding:10px 12px;overflow-x:auto;margin:8px 0;}
+  .preview-md pre code{background:none;padding:0;color:#e2e8f0;font-size:11.5px;line-height:1.55;}
+  .preview-md blockquote{border-left:3px solid var(--blue);padding-left:12px;color:var(--muted);font-style:italic;margin:8px 0;}
+  .preview-md strong{color:#fff;font-weight:600;}.preview-md em{color:#c9c9e8;}
+  .preview-md a{color:var(--blue);text-decoration:underline;}
+  .preview-md hr{border:none;border-top:1px solid var(--border);margin:12px 0;}
+  .preview-md table{border-collapse:collapse;width:100%;margin:8px 0;font-size:12px;}
+  .preview-md th{background:rgba(255,255,255,.07);padding:6px 10px;text-align:left;font-weight:600;border:1px solid var(--border2);}
+  .preview-md td{padding:5px 10px;border:1px solid rgba(255,255,255,.06);}
+  .preview-md tr:nth-child(even){background:rgba(255,255,255,.03);}
+  /* File type badge in preview path bar */
+  .preview-badge{display:inline-block;font-size:10px;font-weight:600;padding:2px 6px;border-radius:4px;margin-left:8px;text-transform:uppercase;letter-spacing:.06em;}
+  .preview-badge.img{background:rgba(124,185,255,.15);color:var(--blue);}
+  .preview-badge.md{background:rgba(201,168,76,.15);color:var(--gold);}
+  .preview-badge.code{background:rgba(255,255,255,.07);color:var(--muted);}
+  ::-webkit-scrollbar{width:4px;height:4px}
+  ::-webkit-scrollbar-track{background:transparent}
+  ::-webkit-scrollbar-thumb{background:rgba(255,255,255,.1);border-radius:99px;transition:background .2s}
+  ::-webkit-scrollbar-thumb:hover{background:rgba(255,255,255,.22)}
+  @media(max-width:900px){.rightpanel{display:none}}@media(max-width:640px){.sidebar{display:none}}
+
+/* ── Workspace dropdown (topbar) ── */
+.ws-chip{user-select:none;}
+.ws-dropdown{display:none;position:absolute;top:calc(100% + 6px);right:0;min-width:240px;background:#1a2535;border:1px solid var(--border2);border-radius:10px;box-shadow:0 8px 24px rgba(0,0,0,.4);z-index:200;overflow:hidden;max-height:320px;overflow-y:auto;}
+.ws-dropdown.open{display:block;}
+.ws-opt{padding:9px 14px;cursor:pointer;transition:background .12s;}
+.ws-opt:hover{background:rgba(255,255,255,.07);}
+.ws-opt.active{background:rgba(124,185,255,.1);}
+.ws-opt-name{font-size:13px;color:var(--text);font-weight:500;}
+.ws-opt-path{font-size:11px;color:var(--muted);overflow:hidden;text-overflow:ellipsis;white-space:nowrap;}
+.ws-divider{height:1px;background:var(--border);margin:4px 0;}
+.ws-manage{color:var(--muted);font-size:12px;}
+/* ── Workspace management panel ── */
+.ws-row{display:flex;align-items:center;gap:8px;padding:8px 0;border-bottom:1px solid var(--border);}
+.ws-row:last-of-type{border-bottom:none;}
+.ws-row-info{flex:1;min-width:0;}
+.ws-row-name{font-size:13px;font-weight:500;color:var(--text);}
+.ws-row-path{font-size:11px;color:var(--muted);overflow:hidden;text-overflow:ellipsis;white-space:nowrap;}
+.ws-row-actions{display:flex;gap:4px;flex-shrink:0;}
+.ws-action-btn{padding:4px 9px;border-radius:6px;font-size:11px;font-weight:600;border:1px solid var(--border2);background:rgba(255,255,255,.05);color:var(--muted);cursor:pointer;transition:all .15s;white-space:nowrap;}
+.ws-action-btn:hover{background:rgba(255,255,255,.1);color:var(--text);}
+.ws-action-btn.danger:hover{background:rgba(233,69,96,.12);color:var(--accent);border-color:rgba(233,69,96,.3);}
+.ws-add-row{display:flex;gap:8px;align-items:center;padding:10px 0 4px;}
+/* ── Message action buttons (copy, edit, retry) ── */
+.msg-actions{display:flex;align-items:center;gap:2px;opacity:0;transition:opacity .15s;margin-left:auto;}
+.msg-row:hover .msg-actions{opacity:1;}
+.msg-action-btn{background:none;border:none;color:var(--muted);cursor:pointer;font-size:13px;padding:2px 5px;border-radius:5px;transition:color .12s,background .12s;line-height:1;}
+.msg-action-btn:hover{color:var(--blue);background:rgba(124,185,255,.1);}
+
+/* ── Edit message inline ── */
+.msg-edit-area{width:100%;background:rgba(255,255,255,.05);border:1px solid rgba(124,185,255,.35);border-radius:8px;color:var(--text);padding:10px 12px;font-size:14px;font-family:inherit;line-height:1.6;resize:none;outline:none;min-height:60px;box-sizing:border-box;box-shadow:0 0 0 3px rgba(124,185,255,.07);margin-top:4px;}
+.msg-edit-bar{display:flex;gap:8px;margin-top:8px;margin-bottom:4px;}
+.msg-edit-send{background:var(--blue);color:#fff;border:none;border-radius:7px;padding:6px 16px;font-size:13px;font-weight:600;cursor:pointer;transition:opacity .15s;}
+.msg-edit-send:hover{opacity:.85;}
+.msg-edit-cancel{background:rgba(255,255,255,.06);color:var(--muted);border:1px solid var(--border2);border-radius:7px;padding:6px 12px;font-size:13px;cursor:pointer;transition:background .15s;}
+.msg-edit-cancel:hover{background:rgba(255,255,255,.1);}
+
+/* ── Clear conversation chip ── */
+.clear-btn{background:rgba(201,168,76,.06);border:1px solid rgba(201,168,76,.18);color:var(--gold);font-size:11px;padding:4px 10px;cursor:pointer;transition:background .15s;}
+.clear-btn:hover{background:rgba(201,168,76,.12);}
+
+/* ── Copy button on messages ── */
+/* msg-copy-btn styles moved to msg-action-btn */
+/* ── Nav tab nowrap ── */
+/* nav-tab-nowrap-handled-above */
+
+/* ── Final polish additions ── */
+
+/* Smooth hover on file items */
+
+
+/* Sidebar section padding: give the session-section breathing room */
+.sidebar-section{padding:10px 12px 6px;}
+
+/* New chat btn icon - align nicely */
+.new-chat-btn svg{flex-shrink:0;opacity:.8;}
+
+/* Session list: group header spacing */
+.session-list > div[style]{padding-left:12px;}
+
+/* Preview path bar: flex row with nice gap */
+.preview-path{display:flex;align-items:center;gap:6px;flex-wrap:nowrap;overflow:hidden;min-width:0;}
+.preview-path #previewPathText{flex:1;min-width:0;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;}
+.preview-path #previewBadge{flex-shrink:0;white-space:nowrap;}
+.preview-path #btnDownloadFile,.preview-path #btnEditFile{flex-shrink:0;white-space:nowrap;}
+
+/* Preview badge typography */
+.preview-badge{font-size:10px;font-weight:700;letter-spacing:.06em;text-transform:uppercase;}
+
+/* Approval buttons: tab stops */
+.approval-btn:focus{outline:2px solid var(--blue);outline-offset:2px;}
+
+/* Message role: breathing room between icon and name */
+.msg-role > span{line-height:1;}
+
+/* Composer wrap: slightly less padding on smaller heights */
+.composer-wrap{border-top:1px solid rgba(255,255,255,.07);padding:10px 20px 14px;}
+
+/* Cron status badges: pill shape refinement */
+.cron-status{border-radius:99px;font-size:10px;letter-spacing:.04em;}
+
+/* Right panel icons: tighter */
+.panel-actions{gap:2px;}
+
+/* Workspace hint text: no intrusion */
+.sidebar-bottom > div[style*="topbar"]{pointer-events:none;}
+
+/* Topbar: border should match the subtle sidebar border */
+.topbar{border-bottom:1px solid rgba(255,255,255,.07);}
+
+
+
+/* Suggestion grid: consistent width */
+.suggestion-grid{width:100%;max-width:400px;}
+
+/* Empty state: add subtle gradient behind logo */
+.empty-state{background:radial-gradient(ellipse at 50% 20%,rgba(124,185,255,.04) 0%,transparent 60%);}
+
+/* ── Activity bar (tool status above composer) ── */
+@keyframes fadeIn{from{opacity:0;transform:translateY(3px)}to{opacity:1;transform:none}}
+#activityBar{padding-bottom:8px;flex-shrink:0;}
+#activityBarInner{transition:opacity .2s;}
+/* Remove old status-text from composer (kept for error messages only) */
+.status-text{font-size:11px;color:var(--muted);padding-left:2px;display:none;}
+
+/* Sidebar workspace display */
+#sidebarWsDisplay:hover{background:rgba(255,255,255,.05);}
+#sidebarWsDisplay:hover #sidebarWsName{color:var(--blue);}
+
+/* Date group headers in session list */
+.session-list > div[style*="uppercase"] {
+  padding: 8px 10px 3px !important;
+  font-size: 10px !important;
+}
+/* Sidebar bottom: tighten model field */
+.sidebar-bottom { padding: 10px 14px 12px; }
+/* Right panel file tree: more padding for breathing room */
+
+/* Composer footer: even spacing */
+.composer-footer { padding: 4px 10px 8px; }
+
+/* ── File tree: clean delete button via CSS hover ── */
+.file-del-btn{
+  flex-shrink:0;
+  width:0;height:16px;
+  overflow:hidden;
+  background:none;border:none;
+  color:var(--muted);cursor:pointer;
+  font-size:13px;font-weight:300;
+  opacity:0;
+  transition:width .12s,opacity .12s,color .12s;
+  padding:0;border-radius:3px;
+  display:flex;align-items:center;justify-content:center;
+  line-height:1;
+}
+.file-item:hover .file-del-btn{ width:16px;opacity:1;margin-left:2px; }
+.file-del-btn:hover{ color:var(--accent); }
+
+/* file-name must be a flex child that can shrink to zero */
+.file-name{
+  overflow:hidden;
+  text-overflow:ellipsis;
+  white-space:nowrap;
+  flex:1 1 0;
+  min-width:0;
+}
+
+/* file-size: never wraps, shrinks away gracefully */
+.file-size{
+  flex-shrink:0;
+  font-size:10px;
+  color:var(--muted);
+  white-space:nowrap;
+  margin-left:4px;
+  font-variant-numeric:tabular-nums;
+}
+
+/* file-icon: never shrinks */
+.file-icon{
+  flex-shrink:0;
+  font-size:13px;
+  opacity:.7;
+  line-height:1;
+}
+
+/* ── Resizable panels ── */
+.resize-handle{
+  position:absolute;
+  top:0;bottom:0;
+  width:5px;
+  cursor:col-resize;
+  z-index:10;
+  transition:background .15s;
+}
+.resize-handle:hover,.resize-handle.dragging{background:rgba(124,185,255,.35);}
+.sidebar{position:relative;}
+.sidebar .resize-handle{right:-2px;}
+.rightpanel{position:relative;}
+.rightpanel .resize-handle{left:-2px;}
+/* Prevent text selection during drag */
+body.resizing{user-select:none;cursor:col-resize;}
+
+/* ── Tool call cards ── */
+/* Running indicator dot (pulsing) */
+.tool-card-running-dot{width:7px;height:7px;border-radius:50%;background:var(--blue);opacity:.8;flex-shrink:0;animation:pulse 1.2s ease-in-out infinite;}
+/* Show more button inside tool card result */
+.tool-card-more{background:none;border:none;color:var(--blue);font-size:10px;cursor:pointer;padding:3px 0 0;opacity:.7;display:block;}
+.tool-card-more:hover{opacity:1;}
+.tool-card-row{margin:0;padding:1px 0;}
+.tool-card{background:rgba(255,255,255,.03);border:1px solid rgba(255,255,255,.07);border-radius:6px;margin:2px 0 2px 40px;overflow:hidden;transition:border-color .15s;}
+.tool-card:hover{border-color:rgba(255,255,255,.12);}
+.tool-card-running{border-color:rgba(124,185,255,.25);background:rgba(124,185,255,.04);}
+.tool-card-header{display:flex;align-items:center;gap:7px;padding:4px 10px;cursor:pointer;user-select:none;}
+.tool-card-icon{font-size:13px;flex-shrink:0;opacity:.8;}
+.tool-card-name{font-size:12px;font-weight:600;color:var(--muted);font-family:'SF Mono',ui-monospace,monospace;flex-shrink:0;}
+.tool-card-preview{font-size:11px;color:var(--muted);opacity:.6;flex:1;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;}
+.tool-card-toggle{font-size:10px;color:var(--muted);opacity:.5;flex-shrink:0;transition:transform .15s;}
+.tool-card.open .tool-card-toggle{transform:rotate(90deg);}
+.tool-card-detail{display:none;border-top:1px solid rgba(255,255,255,.06);padding:8px 12px;}
+.tool-card.open .tool-card-detail{display:block;}
+.tool-card-args{margin-bottom:6px;}
+.tool-card-args div{font-size:11px;line-height:1.6;}
+.tool-arg-key{color:var(--blue);font-family:'SF Mono',ui-monospace,monospace;font-size:11px;}
+.tool-arg-val{color:var(--muted);font-family:'SF Mono',ui-monospace,monospace;font-size:11px;word-break:break-all;}
+.tool-card-result pre{font-size:11px;color:var(--muted);font-family:'SF Mono',ui-monospace,monospace;white-space:pre-wrap;word-break:break-word;max-height:180px;overflow-y:auto;margin:0;line-height:1.55;}
+
+/* ── Scrollbar polish ── */
+::-webkit-scrollbar{width:5px;height:5px;}
+::-webkit-scrollbar-track{background:transparent;}
+::-webkit-scrollbar-thumb{background:rgba(255,255,255,.12);border-radius:3px;}
+::-webkit-scrollbar-thumb:hover{background:rgba(255,255,255,.22);}
+* { scrollbar-width: thin; scrollbar-color: rgba(255,255,255,.12) transparent; }
diff --git a/static/ui.js b/static/ui.js
new file mode 100644
index 0000000..0d303f5
--- /dev/null
+++ b/static/ui.js
@@ -0,0 +1,589 @@
+const S={session:null,messages:[],entries:[],busy:false,pendingFiles:[],toolCalls:[],activeStreamId:null};
+const INFLIGHT={};  // keyed by session_id while request in-flight
+const MSG_QUEUE=[];  // messages queued while a request is in-flight
+const $=id=>document.getElementById(id);
+const esc=s=>String(s??'').replace(/[&<>"']/g,c=>({'&':'&amp;','<':'&lt;','>':'&gt;','"':'&quot;',"'":'&#39;'}[c]));
+
+function renderMd(raw){
+  let s=raw||'';
+  s=s.replace(/```([\w+-]*)\n?([\s\S]*?)```/g,(_,lang,code)=>{const h=lang?`<div class="pre-header">${esc(lang)}</div>`:'';return `${h}<pre><code>${esc(code.replace(/\n$/,''))}</code></pre>`;});
+  s=s.replace(/`([^`\n]+)`/g,(_,c)=>`<code>${esc(c)}</code>`);
+  s=s.replace(/\*\*\*(.+?)\*\*\*/g,'<strong><em>$1</em></strong>');
+  s=s.replace(/\*\*(.+?)\*\*/g,'<strong>$1</strong>');
+  s=s.replace(/\*([^*\n]+)\*/g,'<em>$1</em>');
+  s=s.replace(/^### (.+)$/gm,'<h3>$1</h3>').replace(/^## (.+)$/gm,'<h2>$1</h2>').replace(/^# (.+)$/gm,'<h1>$1</h1>');
+  s=s.replace(/^---+$/gm,'<hr>');
+  s=s.replace(/^> (.+)$/gm,'<blockquote>$1</blockquote>');
+  // B8: improved list handling supporting up to 2 levels of indentation
+  s=s.replace(/((?:^(?:  )?[-*+] .+\n?)+)/gm,block=>{
+    const lines=block.trimEnd().split('\n');
+    let html='<ul>';
+    for(const l of lines){
+      const indent=/^ {2,}/.test(l);
+      const text=l.replace(/^ {0,4}[-*+] /,'');
+      if(indent) html+=`<li style="margin-left:16px">${text}</li>`;
+      else html+=`<li>${text}</li>`;
+    }
+    return html+'</ul>';
+  });
+  s=s.replace(/((?:^(?:  )?\d+\. .+\n?)+)/gm,block=>{
+    const lines=block.trimEnd().split('\n');
+    let html='<ol>';
+    for(const l of lines){
+      const text=l.replace(/^ {0,4}\d+\. /,'');
+      html+=`<li>${text}</li>`;
+    }
+    return html+'</ol>';
+  });
+  s=s.replace(/\[([^\]]+)\]\((https?:\/\/[^\)]+)\)/g,'<a href="$2" target="_blank" rel="noopener">$1</a>');
+  // Tables: | col | col | header row followed by | --- | --- | separator then data rows
+  s=s.replace(/((?:^\|.+\|\n?)+)/gm,block=>{
+    const rows=block.trim().split('\n').filter(r=>r.trim());
+    if(rows.length<2)return block;
+    const isSep=r=>/^\|[\s|:-]+\|$/.test(r.trim());
+    if(!isSep(rows[1]))return block;
+    const parseRow=r=>r.trim().replace(/^\|/,'').replace(/\|$/,'').split('|').map(c=>`<td>${c.trim()}</td>`).join('');
+    const parseHeader=r=>r.trim().replace(/^\|/,'').replace(/\|$/,'').split('|').map(c=>`<th>${c.trim()}</th>`).join('');
+    const header=`<tr>${parseHeader(rows[0])}</tr>`;
+    const body=rows.slice(2).map(r=>`<tr>${parseRow(r)}</tr>`).join('');
+    return `<table><thead>${header}</thead><tbody>${body}</tbody></table>`;
+  });
+  const parts=s.split(/\n{2,}/);
+  s=parts.map(p=>{p=p.trim();if(!p)return '';if(/^<(h[1-6]|ul|ol|pre|hr|blockquote)/.test(p))return p;return `<p>${p.replace(/\n/g,'<br>')}</p>`;}).join('\n');
+  return s;
+}
+
+function setStatus(t){
+  const bar=$('activityBar');
+  const txt=$('activityText');
+  const dismiss=$('btnDismissStatus');
+  if(!bar||!txt)return;
+  if(!t){
+    bar.style.display='none';
+    txt.textContent='';
+    if(dismiss)dismiss.style.display='none';
+  } else {
+    txt.textContent=t;
+    bar.style.display='';
+    // Show dismiss X only for static/error messages, not transient busy ones
+    const transient = t.endsWith('…') || t === 'Hermes is thinking…';
+    if(dismiss)dismiss.style.display=(!transient && !S.busy)?'inline':'none';
+  }
+}
+function setBusy(v){
+  S.busy=v;
+  $('btnSend').disabled=v;
+  const dots=$('activityDots');
+  if(dots) dots.style.display=v?'flex':'none';
+  if(!v){
+    setStatus('');
+    // Always hide Cancel button when not busy
+    const _cb=$('btnCancel');if(_cb)_cb.style.display='none';
+    updateQueueBadge();
+    // Drain one queued message after UI settles
+    if(MSG_QUEUE.length>0){
+      const next=MSG_QUEUE.shift();
+      updateQueueBadge();
+      setTimeout(()=>{ $('msg').value=next; send(); }, 120);
+    }
+  }
+}
+
+function updateQueueBadge(){
+  let badge=$('queueBadge');
+  if(MSG_QUEUE.length>0){
+    if(!badge){
+      badge=document.createElement('div');
+      badge.id='queueBadge';
+      badge.style.cssText='position:fixed;bottom:80px;right:24px;background:rgba(124,185,255,.18);border:1px solid rgba(124,185,255,.4);color:var(--blue);font-size:12px;font-weight:600;padding:6px 14px;border-radius:20px;z-index:50;pointer-events:none;backdrop-filter:blur(8px);';
+      document.body.appendChild(badge);
+    }
+    badge.textContent=MSG_QUEUE.length===1?'1 message queued':`${MSG_QUEUE.length} messages queued`;
+  } else {
+    if(badge) badge.remove();
+  }
+}
+function showToast(msg,ms){const el=$('toast');el.textContent=msg;el.classList.add('show');clearTimeout(el._t);el._t=setTimeout(()=>el.classList.remove('show'),ms||2800);}
+
+function copyMsg(btn){
+  const row=btn.closest('.msg-row');
+  const text=row?row.dataset.rawText:'';
+  if(!text)return;
+  navigator.clipboard.writeText(text).then(()=>{
+    const orig=btn.innerHTML;btn.innerHTML='&#10003;';btn.style.color='var(--blue)';
+    setTimeout(()=>{btn.innerHTML=orig;btn.style.color='';},1500);
+  }).catch(()=>showToast('Copy failed'));
+}
+
+// ── Reconnect banner (B4/B5: reload resilience) ──
+const INFLIGHT_KEY = 'hermes-webui-inflight'; // localStorage key for in-flight session tracking
+
+function markInflight(sid, streamId) {
+  localStorage.setItem(INFLIGHT_KEY, JSON.stringify({sid, streamId, ts: Date.now()}));
+}
+function clearInflight() {
+  localStorage.removeItem(INFLIGHT_KEY);
+}
+function showReconnectBanner(msg) {
+  $('reconnectMsg').textContent = msg || 'A response may have been in progress when you last left.';
+  $('reconnectBanner').classList.add('visible');
+}
+function dismissReconnect() {
+  $('reconnectBanner').classList.remove('visible');
+  clearInflight();
+}
+async function refreshSession() {
+  dismissReconnect();
+  if (!S.session) return;
+  try {
+    const data = await api(`/api/session?session_id=${encodeURIComponent(S.session.session_id)}`);
+    S.session = data.session;
+    S.messages = (data.session.messages || []).filter(m => {
+      if (!m || !m.role || m.role === 'tool') return false;
+      if (m.role === 'assistant') { let c = m.content || ''; if (Array.isArray(c)) c = c.map(p => p.text||'').join(''); return String(c).trim().length > 0; }
+      return true;
+    });
+    syncTopbar(); renderMessages();
+    showToast('Conversation refreshed');
+  } catch(e) { setStatus('Refresh failed: ' + e.message); }
+}
+async function checkInflightOnBoot(sid) {
+  const raw = localStorage.getItem(INFLIGHT_KEY);
+  if (!raw) return;
+  try {
+    const {sid: inflightSid, streamId, ts} = JSON.parse(raw);
+    if (inflightSid !== sid) { clearInflight(); return; }
+    // Only show banner if the in-flight entry is less than 10 minutes old
+    if (Date.now() - ts > 10 * 60 * 1000) { clearInflight(); return; }
+    // Check if stream is still active
+    const status = await api(`/api/chat/stream/status?stream_id=${encodeURIComponent(streamId || '')}`);
+    if (status.active) {
+      // Stream is genuinely still running -- show the banner
+      showReconnectBanner('A response is still being generated. Reload when ready?');
+    } else {
+      // Stream finished. Only show banner if reload happened within 90 seconds
+      // (longer gap = normal completed session, not a mid-stream reload)
+      if (Date.now() - ts < 90 * 1000) {
+        showReconnectBanner('A response was in progress when you last left. Messages may have updated.');
+      } else {
+        clearInflight();  // completed normally, no banner needed
+      }
+    }
+  } catch(e) { clearInflight(); }
+}
+
+function syncTopbar(){
+  if(!S.session){
+    // Show default workspace name even without a session
+    const sidebarName=$('sidebarWsName');
+    if(sidebarName && sidebarName.textContent==='Workspace'){
+      sidebarName.textContent='No workspace';
+    }
+    return;
+  }
+  $('topbarTitle').textContent=S.session.title||'Untitled';
+  const vis=S.messages.filter(m=>m&&m.role&&m.role!=='tool');
+  $('topbarMeta').textContent=`${vis.length} messages`;
+  const m=S.session.model||'';
+  const MODEL_LABELS={'openai/gpt-5.4-mini':'GPT-5.4 Mini','openai/gpt-4o':'GPT-4o','openai/o3':'o3','openai/o4-mini':'o4-mini','anthropic/claude-sonnet-4.6':'Sonnet 4.6','anthropic/claude-sonnet-4-5':'Sonnet 4.5','anthropic/claude-haiku-3-5':'Haiku 3.5','google/gemini-2.5-pro':'Gemini 2.5 Pro','deepseek/deepseek-chat-v3-0324':'DeepSeek V3','meta-llama/llama-4-scout':'Llama 4 Scout'};
+  $('modelSelect').value=m;  // set dropdown first so chip reads consistent value
+  // Show Clear button only when session has messages
+  const clearBtn=$('btnClearConv');
+  if(clearBtn) clearBtn.style.display=(S.messages&&S.messages.filter(m=>m.role!=='tool').length>0)?'':'none';
+  const displayModel=$('modelSelect').value||m;
+  $('modelChip').textContent=MODEL_LABELS[displayModel]||(displayModel.split('/').pop()||'Unknown');
+  const ws=S.session.workspace||'';
+  $('wsChip').textContent=ws.split('/').slice(-2).join('/')||ws;
+  // Update workspace chip in topbar with friendly name from workspace list
+  const wsChipEl=$('wsChip');
+  if(wsChipEl){
+    const wsFriendly=getWorkspaceFriendlyName(ws);
+    wsChipEl.textContent='\u{1F4C1} '+wsFriendly+' \u25BE';
+  }
+  // Update sidebar workspace display
+  const sidebarName=$('sidebarWsName');
+  const sidebarPath=$('sidebarWsPath');
+  if(sidebarName){
+    sidebarName.textContent=getWorkspaceFriendlyName(ws);
+  }
+  if(sidebarPath){
+    sidebarPath.textContent=ws;
+  }
+  // modelSelect already set above
+}
+
+function msgContent(m){
+  // Extract plain text content from a message for filtering
+  let c=m.content||'';
+  if(Array.isArray(c))c=c.filter(p=>p&&p.type==='text').map(p=>p.text||'').join('').trim();
+  return String(c).trim();
+}
+
+function renderMessages(){
+  const inner=$('msgInner');
+  const vis=S.messages.filter(m=>{
+    if(!m||!m.role||m.role==='tool')return false;
+    return msgContent(m)||m.attachments?.length;
+  });
+  $('emptyState').style.display=vis.length?'none':'';
+  inner.innerHTML='';
+  // Track original indices (in S.messages) so truncate knows the cut point
+  const visWithIdx=[];
+  let rawIdx=0;
+  for(const m of S.messages){
+    if(!m||!m.role||m.role==='tool'){rawIdx++;continue;}
+    if(msgContent(m)||m.attachments?.length) visWithIdx.push({m,rawIdx});
+    rawIdx++;
+  }
+  for(let vi=0;vi<visWithIdx.length;vi++){
+    const {m,rawIdx}=visWithIdx[vi];
+    let content=m.content||'';
+    if(Array.isArray(content))content=content.filter(p=>p&&p.type==='text').map(p=>p.text||p.content||'').join('\n');
+    const isUser=m.role==='user';
+    const isLastAssistant=!isUser&&vi===visWithIdx.length-1;
+    const row=document.createElement('div');row.className='msg-row';
+    row.dataset.msgIdx=rawIdx;
+    let filesHtml='';
+    if(m.attachments&&m.attachments.length)
+      filesHtml=`<div class="msg-files">${m.attachments.map(f=>`<div class="msg-file-badge">&#128206; ${esc(f)}</div>`).join('')}</div>`;
+    const bodyHtml = isUser ? esc(String(content)).replace(/\n/g,'<br>') : renderMd(String(content));
+    // Action buttons for this bubble
+    const editBtn  = isUser  ? `<button class="msg-action-btn" title="Edit message" onclick="editMessage(this)">&#9998;</button>` : '';
+    const retryBtn = isLastAssistant ? `<button class="msg-action-btn" title="Regenerate response" onclick="regenerateResponse(this)">&#8635;</button>` : '';
+    row.innerHTML=`<div class="msg-role ${m.role}"><div class="role-icon ${m.role}">${isUser?'Y':'H'}</div><span style="font-size:12px">${isUser?'You':'Hermes'}</span><span class="msg-actions">${editBtn}<button class="msg-copy-btn msg-action-btn" title="Copy" onclick="copyMsg(this)">&#128203;</button>${retryBtn}</span></div>${filesHtml}<div class="msg-body">${bodyHtml}</div>`;
+    row.dataset.rawText = String(content).trim();
+    inner.appendChild(row);
+  }
+  // Insert settled tool call cards (history view only).
+  // During live streaming, tool cards are rendered in #liveToolCards by the
+  // tool SSE handler and never mixed into the message list until done fires.
+  if(!S.busy && S.toolCalls && S.toolCalls.length){
+    inner.querySelectorAll('.tool-card-row').forEach(el=>el.remove());
+    const byAssistant = {};
+    for(const tc of S.toolCalls){
+      const key = tc.assistant_msg_idx !== undefined ? tc.assistant_msg_idx : -1;
+      if(!byAssistant[key]) byAssistant[key] = [];
+      byAssistant[key].push(tc);
+    }
+    const allRows = Array.from(inner.querySelectorAll('.msg-row[data-msg-idx]'));
+    for(const [key, cards] of Object.entries(byAssistant)){
+      const aIdx = parseInt(key);
+      let insertBefore = null;
+      if(aIdx === -1){
+        for(let i=allRows.length-1;i>=0;i--){
+          const ri=parseInt(allRows[i].dataset.msgIdx||'-1',10);
+          if(ri>=0&&S.messages[ri]&&S.messages[ri].role==='assistant'){insertBefore=allRows[i];break;}
+        }
+      } else {
+        for(const r of allRows){
+          const ri=parseInt(r.dataset.msgIdx||'-1');
+          if(ri>aIdx&&S.messages[ri]&&S.messages[ri].role==='assistant'){insertBefore=r;break;}
+        }
+      }
+      const frag=document.createDocumentFragment();
+      for(const tc of cards){frag.appendChild(buildToolCard(tc));}
+      if(insertBefore) inner.insertBefore(frag,insertBefore);
+      else inner.appendChild(frag);
+    }
+  }
+  $('messages').scrollTop=$('messages').scrollHeight;
+  // Apply syntax highlighting after DOM is built
+  requestAnimationFrame(()=>highlightCode());
+  // Refresh todo panel if it's currently open
+  if(typeof loadTodos==='function' && document.getElementById('panelTodos') && document.getElementById('panelTodos').classList.contains('active')){
+    loadTodos();
+  }
+}
+
+function toolIcon(name){
+  const icons={terminal:'⬛',read_file:'📄',write_file:'✏️',search_files:'🔍',
+    web_search:'🌐',web_extract:'🌐',execute_code:'⚙️',patch:'🔧',
+    memory:'🧠',skill_manage:'📚',todo:'✅',cronjob:'⏱️',delegate_task:'🤖',
+    send_message:'💬',browser_navigate:'🌐',vision_analyze:'👁️'};
+  return icons[name]||'🔧';
+}
+
+function buildToolCard(tc){
+  const row=document.createElement('div');
+  row.className='msg-row tool-card-row';
+  const icon=toolIcon(tc.name);
+  const hasDetail=tc.snippet||(tc.args&&Object.keys(tc.args).length>0);
+  let displaySnippet='';
+  if(tc.snippet){
+    const s=tc.snippet;
+    if(s.length<=220){displaySnippet=s;}
+    else{
+      const cutoff=s.slice(0,220);
+      const lastBreak=Math.max(cutoff.lastIndexOf('. '),cutoff.lastIndexOf('\n'),cutoff.lastIndexOf('; '));
+      displaySnippet=lastBreak>80?s.slice(0,lastBreak+1):cutoff;
+    }
+  }
+  const hasMore=tc.snippet&&tc.snippet.length>displaySnippet.length;
+  const runIndicator=tc.done===false?'<span class="tool-card-running-dot"></span>':'';
+  row.innerHTML=`
+    <div class="tool-card${tc.done===false?' tool-card-running':''}">
+      <div class="tool-card-header" onclick="this.closest('.tool-card').classList.toggle('open')">
+        ${runIndicator}
+        <span class="tool-card-icon">${icon}</span>
+        <span class="tool-card-name">${esc(tc.name)}</span>
+        <span class="tool-card-preview">${esc(tc.preview||displaySnippet||'')}</span>
+        ${hasDetail?'<span class="tool-card-toggle">▸</span>':''}
+      </div>
+      ${hasDetail?`<div class="tool-card-detail">
+        ${tc.args&&Object.keys(tc.args).length?`<div class="tool-card-args">${
+          Object.entries(tc.args).map(([k,v])=>`<div><span class="tool-arg-key">${esc(k)}</span> <span class="tool-arg-val">${esc(String(v))}</span></div>`).join('')
+        }</div>`:''}
+        ${displaySnippet?`<div class="tool-card-result">
+          <pre>${esc(displaySnippet)}</pre>
+          ${hasMore?`<button class="tool-card-more" data-full="${esc(tc.snippet||'').replace(/"/g,'&quot;')}" data-short="${esc(displaySnippet||'').replace(/"/g,'&quot;')}" onclick="event.stopPropagation();const p=this.previousElementSibling;const full=this.dataset.full;const short=this.dataset.short;p.textContent=p.textContent===short?full:short;this.textContent=p.textContent===short?'Show more':'Show less'">Show more</button>`:''}
+        </div>`:''}
+      </div>`:''}
+    </div>`;
+  return row;
+}
+
+// ── Live tool card helpers (called during SSE streaming) ──
+function appendLiveToolCard(tc){
+  const container=$('liveToolCards');
+  if(!container)return;
+  container.style.display='';
+  // Update existing card if same tool call id (e.g. snippet arrives after done)
+  const existing=container.querySelector(`[data-tid="${CSS.escape(tc.tid||'')}"]`);
+  if(existing){existing.replaceWith(buildToolCard(tc));return;}
+  const card=buildToolCard(tc);
+  if(tc.tid)card.dataset.tid=tc.tid;
+  container.appendChild(card);
+}
+
+function clearLiveToolCards(){
+  const container=$('liveToolCards');
+  if(!container)return;
+  container.innerHTML='';
+  container.style.display='none';
+}
+
+// ── Edit + Regenerate ──
+
+function editMessage(btn) {
+  if(S.busy) return;
+  const row = btn.closest('.msg-row');
+  if(!row) return;
+  const msgIdx = parseInt(row.dataset.msgIdx, 10);
+  const originalText = row.dataset.rawText || '';
+  const body = row.querySelector('.msg-body');
+  if(!body || row.dataset.editing) return;
+  row.dataset.editing = '1';
+
+  // Replace msg-body with an editable textarea
+  const ta = document.createElement('textarea');
+  ta.className = 'msg-edit-area';
+  ta.value = originalText;
+  body.replaceWith(ta);
+  // Resize after DOM insertion so scrollHeight is correct
+  requestAnimationFrame(() => { autoResizeTextarea(ta); ta.focus(); ta.setSelectionRange(ta.value.length, ta.value.length); });
+  ta.addEventListener('input', () => autoResizeTextarea(ta));
+
+  // Action bar below the textarea
+  const bar = document.createElement('div');
+  bar.className = 'msg-edit-bar';
+  bar.innerHTML = `<button class="msg-edit-send">Send edit</button><button class="msg-edit-cancel">Cancel</button>`;
+  ta.after(bar);
+
+  bar.querySelector('.msg-edit-send').onclick = async () => {
+    const newText = ta.value.trim();
+    if(!newText) return;
+    await submitEdit(msgIdx, newText);
+  };
+  bar.querySelector('.msg-edit-cancel').onclick = () => cancelEdit(row, originalText, body);
+
+  ta.addEventListener('keydown', e => {
+    if(e.key==='Enter' && !e.shiftKey) { e.preventDefault(); bar.querySelector('.msg-edit-send').click(); }
+    if(e.key==='Escape') { e.preventDefault(); cancelEdit(row, originalText, body); }
+  });
+}
+
+function cancelEdit(row, originalText, originalBody) {
+  delete row.dataset.editing;
+  const ta = row.querySelector('.msg-edit-area');
+  const bar = row.querySelector('.msg-edit-bar');
+  if(ta) ta.replaceWith(originalBody);
+  if(bar) bar.remove();
+}
+
+function autoResizeTextarea(ta) {
+  ta.style.height = 'auto';
+  ta.style.height = Math.min(ta.scrollHeight, 300) + 'px';
+}
+
+async function submitEdit(msgIdx, newText) {
+  if(!S.session || S.busy) return;
+  // Truncate session at msgIdx (keep messages before the edited one)
+  // then re-send the edited text
+  try {
+    await api('/api/session/truncate', {method:'POST', body:JSON.stringify({
+      session_id: S.session.session_id,
+      keep_count: msgIdx  // keep messages[0..msgIdx-1], discard from msgIdx onward
+    })});
+    S.messages = S.messages.slice(0, msgIdx);
+    renderMessages();
+    // Now send the edited message as a new chat
+    $('msg').value = newText;
+    await send();
+  } catch(e) { setStatus('Edit failed: ' + e.message); }
+}
+
+async function regenerateResponse(btn) {
+  if(!S.session || S.busy) return;
+  // Find the last user message and re-run it
+  // Remove the last assistant message first (truncate to before it)
+  const row = btn.closest('.msg-row');
+  if(!row) return;
+  const assistantIdx = parseInt(row.dataset.msgIdx, 10);
+  // Find the last user message text (one before this assistant message)
+  let lastUserText = '';
+  for(let i = assistantIdx - 1; i >= 0; i--) {
+    const m = S.messages[i];
+    if(m && m.role === 'user') { lastUserText = msgContent(m); break; }
+  }
+  if(!lastUserText) return;
+  try {
+    await api('/api/session/truncate', {method:'POST', body:JSON.stringify({
+      session_id: S.session.session_id,
+      keep_count: assistantIdx  // remove the assistant message
+    })});
+    S.messages = S.messages.slice(0, assistantIdx);
+    renderMessages();
+    $('msg').value = lastUserText;
+    await send();
+  } catch(e) { setStatus('Regenerate failed: ' + e.message); }
+}
+
+function highlightCode(container) {
+  // Apply Prism.js syntax highlighting to all code blocks in container (or whole messages area)
+  if(typeof Prism === 'undefined' || !Prism.highlightAllUnder) return;
+  const el = container || $('msgInner');
+  if(!el) return;
+  // Prism autoloader handles language detection via class="language-xxx"
+  Prism.highlightAllUnder(el);
+}
+
+function appendThinking(){
+  $('emptyState').style.display='none';
+  const row=document.createElement('div');row.className='msg-row';row.id='thinkingRow';
+  row.innerHTML=`<div class="msg-role assistant"><div class="role-icon assistant">H</div>Hermes</div><div class="thinking"><div class="dot"></div><div class="dot"></div><div class="dot"></div></div>`;
+  $('msgInner').appendChild(row);$('messages').scrollTop=$('messages').scrollHeight;
+}
+function removeThinking(){const el=$('thinkingRow');if(el)el.remove();}
+
+function fileIcon(name, type){
+  if(type==='dir') return '📁';
+  const e=fileExt(name);
+  if(IMAGE_EXTS.has(e)) return '📷';
+  if(MD_EXTS.has(e))    return '📝';
+  if(typeof DOWNLOAD_EXTS!=='undefined'&&DOWNLOAD_EXTS.has(e)) return '⬇️';
+  if(e==='.py')   return '🐍';
+  if(e==='.js'||e==='.ts'||e==='.jsx'||e==='.tsx') return '⚡';
+  if(e==='.json'||e==='.yaml'||e==='.yml'||e==='.toml') return '⚙';
+  if(e==='.sh'||e==='.bash') return '💻';
+  if(e==='.pdf') return '⬇️';
+  return '📄';
+}
+
+function renderFileTree(){
+  const box=$('fileTree');box.innerHTML='';
+  for(const item of S.entries){
+    const el=document.createElement('div');el.className='file-item';
+
+    // Icon
+    const iconEl=document.createElement('span');
+    iconEl.className='file-icon';iconEl.textContent=fileIcon(item.name,item.type);
+    el.appendChild(iconEl);
+
+    // Name -- takes all remaining space, truncates with ellipsis
+    const nameEl=document.createElement('span');
+    nameEl.className='file-name';nameEl.textContent=item.name;nameEl.title=item.name;
+    el.appendChild(nameEl);
+
+    // Size -- only for files, right-aligned, shrinks but never wraps
+    if(item.type==='file'&&item.size){
+      const sizeEl=document.createElement('span');
+      sizeEl.className='file-size';
+      sizeEl.textContent=`${(item.size/1024).toFixed(1)}k`;
+      el.appendChild(sizeEl);
+    }
+
+    // Delete button -- only for files, shown as a CSS class toggle on hover
+    if(item.type==='file'){
+      const del=document.createElement('button');
+      del.className='file-del-btn';del.title='Delete';del.textContent='×';
+      del.onclick=async(e)=>{e.stopPropagation();await deleteWorkspaceFile(item.path,item.name);};
+      el.appendChild(del);
+    }
+
+    el.onclick=async()=>item.type==='dir'?loadDir(item.path):openFile(item.path);
+    box.appendChild(el);
+  }
+}
+
+async function deleteWorkspaceFile(relPath, name){
+  if(!S.session)return;
+  if(!confirm(`Delete ${name}?`))return;
+  try{
+    await api('/api/file/delete',{method:'POST',body:JSON.stringify({session_id:S.session.session_id,path:relPath})});
+    showToast(`Deleted ${name}`);
+    // Close preview if we just deleted the viewed file
+    if($('previewPathText').textContent===relPath)$('btnClearPreview').onclick();
+    await loadDir('.');
+  }catch(e){setStatus('Delete failed: '+e.message);}
+}
+
+async function promptNewFile(){
+  if(!S.session)return;
+  const name=prompt('New file name (e.g. notes.md):','');
+  if(!name||!name.trim())return;
+  try{
+    await api('/api/file/create',{method:'POST',body:JSON.stringify({session_id:S.session.session_id,path:name.trim(),content:''})});
+    showToast(`Created ${name.trim()}`);
+    await loadDir('.');
+    // Open the new file immediately
+    openFile(name.trim());
+  }catch(e){setStatus('Create failed: '+e.message);}
+}
+
+function renderTray(){
+  const tray=$('attachTray');tray.innerHTML='';
+  if(!S.pendingFiles.length){tray.classList.remove('has-files');return;}
+  tray.classList.add('has-files');
+  S.pendingFiles.forEach((f,i)=>{
+    const chip=document.createElement('div');chip.className='attach-chip';
+    chip.innerHTML=`&#128206; ${esc(f.name)} <button title="Remove">&#10005;</button>`;
+    chip.querySelector('button').onclick=()=>{S.pendingFiles.splice(i,1);renderTray();};
+    tray.appendChild(chip);
+  });
+}
+function addFiles(files){for(const f of files){if(!S.pendingFiles.find(p=>p.name===f.name))S.pendingFiles.push(f);}renderTray();}
+
+async function uploadPendingFiles(){
+  if(!S.pendingFiles.length||!S.session)return[];
+  const names=[];let failures=0;
+  const bar=$('uploadBar');const barWrap=$('uploadBarWrap');
+  barWrap.classList.add('active');bar.style.width='0%';
+  const total=S.pendingFiles.length;
+  for(let i=0;i<total;i++){
+    const f=S.pendingFiles[i];const fd=new FormData();
+    fd.append('session_id',S.session.session_id);fd.append('file',f,f.name);
+    try{
+      const res=await fetch('/api/upload',{method:'POST',body:fd});
+      if(!res.ok){const err=await res.text();throw new Error(err);}
+      const data=await res.json();
+      if(data.error)throw new Error(data.error);
+      names.push(data.filename);
+    }catch(e){failures++;setStatus(`\u274c Upload failed: ${f.name} \u2014 ${e.message}`);}
+    bar.style.width=`${Math.round((i+1)/total*100)}%`;
+  }
+  barWrap.classList.remove('active');bar.style.width='0%';
+  S.pendingFiles=[];renderTray();
+  if(failures===total&&total>0)throw new Error(`All ${total} upload(s) failed`);
+  return names;
+}
+
diff --git a/static/workspace.js b/static/workspace.js
new file mode 100644
index 0000000..9290871
--- /dev/null
+++ b/static/workspace.js
@@ -0,0 +1,168 @@
+async function api(path,opts={}){
+  const res=await fetch(path,{headers:{'Content-Type':'application/json'},...opts});
+  if(!res.ok)throw new Error(await res.text());
+  const ct=res.headers.get('content-type')||'';
+  return ct.includes('application/json')?res.json():res.text();
+}
+
+async function loadDir(path){
+  if(!S.session)return;
+  try{
+    const data=await api(`/api/list?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}`);
+    S.entries=data.entries||[];renderFileTree();
+  }catch(e){console.warn('loadDir',e);}
+}
+
+// File extension sets for preview routing (must match server-side sets)
+const IMAGE_EXTS  = new Set(['.png','.jpg','.jpeg','.gif','.svg','.webp','.ico','.bmp']);
+const MD_EXTS     = new Set(['.md','.markdown','.mdown']);
+// Binary formats that should download rather than preview
+const DOWNLOAD_EXTS = new Set([
+  '.docx','.doc','.xlsx','.xls','.pptx','.ppt','.odt','.ods','.odp',
+  '.pdf','.zip','.tar','.gz','.bz2','.7z','.rar',
+  '.mp3','.mp4','.wav','.m4a','.ogg','.flac','.mov','.avi','.mkv','.webm',
+  '.exe','.dmg','.pkg','.deb','.rpm',
+  '.woff','.woff2','.ttf','.otf','.eot',
+  '.bin','.dat','.db','.sqlite','.pyc','.class','.so','.dylib','.dll',
+]);
+
+function fileExt(p){ const i=p.lastIndexOf('.'); return i>=0?p.slice(i).toLowerCase():''; }
+
+let _previewCurrentPath = '';  // relative path of currently previewed file
+let _previewCurrentMode = '';  // 'code' | 'md' | 'image'
+let _previewDirty = false;     // true when edits are unsaved
+
+function showPreview(mode){
+  // mode: 'code' | 'image' | 'md'
+  $('previewCode').style.display     = mode==='code'  ? '' : 'none';
+  $('previewImgWrap').style.display  = mode==='image' ? '' : 'none';
+  $('previewMd').style.display       = mode==='md'    ? '' : 'none';
+  $('previewEditArea').style.display = 'none';  // start in read-only
+  const badge=$('previewBadge');
+  badge.className='preview-badge '+mode;
+  badge.textContent = mode==='image'?'image':mode==='md'?'md':fileExt($('previewPathText').textContent)||'text';
+  _previewCurrentMode = mode;
+  _previewDirty = false;
+  updateEditBtn();
+}
+
+function updateEditBtn(){
+  const btn=$('btnEditFile');
+  if(!btn)return;
+  const editable = _previewCurrentMode==='code'||_previewCurrentMode==='md';
+  btn.style.display = editable?'':'none';
+  const editing = $('previewEditArea').style.display!=='none';
+  btn.innerHTML = editing ? '&#128190; Save' : '&#9998; Edit';
+  btn.title = editing ? 'Save changes' : 'Edit this file';
+  btn.style.color = editing ? 'var(--blue)' : '';
+  if(_previewDirty) btn.innerHTML = '&#128190; Save*';
+}
+
+async function toggleEditMode(){
+  const editing = $('previewEditArea').style.display!=='none';
+  if(editing){
+    // Save
+    if(!S.session||!_previewCurrentPath)return;
+    const content=$('previewEditArea').value;
+    try{
+      await api('/api/file/save',{method:'POST',body:JSON.stringify({
+        session_id:S.session.session_id, path:_previewCurrentPath, content
+      })});
+      _previewDirty=false;
+      // Update read-only views
+      if(_previewCurrentMode==='code') $('previewCode').textContent=content;
+      else $('previewMd').innerHTML=renderMd(content);
+      $('previewEditArea').style.display='none';
+      if(_previewCurrentMode==='code') $('previewCode').style.display='';
+      else $('previewMd').style.display='';
+      showToast('Saved');
+    }catch(e){setStatus('Save failed: '+e.message);}
+  }else{
+    // Enter edit mode: populate textarea with current content
+    const currentText = _previewCurrentMode==='code'
+      ? $('previewCode').textContent
+      : _previewRawContent||'';
+    $('previewEditArea').value=currentText;
+    $('previewEditArea').style.display='';
+    if(_previewCurrentMode==='code') $('previewCode').style.display='none';
+    else $('previewMd').style.display='none';
+    // Escape cancels the edit without saving
+    $('previewEditArea').onkeydown=e=>{
+      if(e.key==='Escape'){e.preventDefault();cancelEditMode();}
+    };
+  }
+  updateEditBtn();
+}
+
+let _previewRawContent = '';  // raw text for md files (to populate editor)
+
+function cancelEditMode(){
+  // Discard changes and return to read-only view
+  $('previewEditArea').style.display='none';
+  $('previewEditArea').onkeydown=null;
+  if(_previewCurrentMode==='code') $('previewCode').style.display='';
+  else $('previewMd').style.display='';
+  _previewDirty=false;
+  updateEditBtn();
+}
+
+async function openFile(path){
+  if(!S.session)return;
+  const ext=fileExt(path);
+
+  // Binary/download-only formats: trigger browser download, don't preview
+  if(DOWNLOAD_EXTS.has(ext)){
+    downloadFile(path);
+    return;
+  }
+
+  $('previewPathText').textContent=path;
+  $('previewArea').classList.add('visible');
+  $('fileTree').style.display='none';
+
+  _previewCurrentPath = path;
+  if(IMAGE_EXTS.has(ext)){
+    // Image: load via raw endpoint, show as <img>
+    showPreview('image');
+    const url=`/api/file/raw?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}`;
+    $('previewImg').alt=path;
+    $('previewImg').src=url;
+    $('previewImg').onerror=()=>setStatus('Could not load image');
+  } else if(MD_EXTS.has(ext)){
+    // Markdown: fetch text, render with renderMd, display as formatted HTML
+    try{
+      const data=await api(`/api/file?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}`);
+      showPreview('md');
+      _previewRawContent = data.content;
+      $('previewMd').innerHTML=renderMd(data.content);
+    }catch(e){setStatus('Could not open file');}
+  } else {
+    // Plain code / text -- but fall back to download if server signals binary
+    try{
+      const data=await api(`/api/file?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}`);
+      if(data.binary){
+        // Server flagged this as binary content
+        downloadFile(path);
+        return;
+      }
+      showPreview('code');
+      $('previewCode').textContent=data.content;
+    }catch(e){
+      // If it's a 400/too-large error, offer download instead
+      downloadFile(path);
+    }
+  }
+}
+
+function downloadFile(path){
+  if(!S.session)return;
+  // Trigger browser download via the raw file endpoint with content-disposition attachment
+  const url=`/api/file/raw?session_id=${encodeURIComponent(S.session.session_id)}&path=${encodeURIComponent(path)}&download=1`;
+  const filename=path.split('/').pop();
+  const a=document.createElement('a');
+  a.href=url;a.download=filename;
+  document.body.appendChild(a);a.click();
+  setTimeout(()=>document.body.removeChild(a),100);
+  showToast(`Downloading ${filename}\u2026`,2000);
+}
+
diff --git a/tests/__init__.py b/tests/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/tests/conftest.py b/tests/conftest.py
new file mode 100644
index 0000000..5d53f4a
--- /dev/null
+++ b/tests/conftest.py
@@ -0,0 +1,240 @@
+"""
+Shared pytest fixtures for webui-mvp tests.
+
+TEST ISOLATION:
+  Tests run against a SEPARATE server instance on port 8788 with a
+  completely separate state directory. Production data is never touched.
+  The test state dir is wiped before each full test run and again on teardown.
+
+PATH DISCOVERY:
+  No hardcoded paths. Discovery order:
+    1. Environment variables (HERMES_WEBUI_AGENT_DIR, HERMES_WEBUI_PYTHON, etc.)
+    2. Sibling checkout heuristics relative to this repo
+    3. Common install paths (~/.hermes/hermes-agent)
+    4. System python3 as a last resort
+"""
+import json
+import os
+import pathlib
+import shutil
+import subprocess
+import time
+import urllib.request
+import urllib.error
+import pytest
+
+# ── Repo root discovery ────────────────────────────────────────────────────
+# conftest.py lives at <repo>/tests/conftest.py
+TESTS_DIR  = pathlib.Path(__file__).parent.resolve()
+REPO_ROOT  = TESTS_DIR.parent.resolve()
+HOME       = pathlib.Path.home()
+HERMES_HOME = pathlib.Path(os.getenv('HERMES_HOME', str(HOME / '.hermes')))
+
+# ── Test server config ────────────────────────────────────────────────────
+TEST_PORT      = int(os.getenv('HERMES_WEBUI_TEST_PORT', '8788'))
+TEST_BASE      = f"http://127.0.0.1:{TEST_PORT}"
+TEST_STATE_DIR = pathlib.Path(os.getenv(
+    'HERMES_WEBUI_TEST_STATE_DIR',
+    str(HERMES_HOME / 'webui-mvp-test')
+))
+TEST_WORKSPACE = TEST_STATE_DIR / 'test-workspace'
+
+# ── Server script: always relative to repo root ───────────────────────────
+SERVER_SCRIPT = REPO_ROOT / 'server.py'
+if not SERVER_SCRIPT.exists():
+    raise RuntimeError(
+        f"server.py not found at {SERVER_SCRIPT}. "
+        "Is conftest.py in the tests/ subdirectory of the repo?"
+    )
+
+# ── Hermes agent discovery (mirrors api/config._discover_agent_dir) ───────
+def _discover_agent_dir() -> pathlib.Path:
+    candidates = [
+        os.getenv('HERMES_WEBUI_AGENT_DIR', ''),
+        str(HERMES_HOME / 'hermes-agent'),
+        str(REPO_ROOT.parent / 'hermes-agent'),
+        str(HOME / '.hermes' / 'hermes-agent'),
+        str(HOME / 'hermes-agent'),
+    ]
+    for c in candidates:
+        if not c:
+            continue
+        p = pathlib.Path(c).expanduser()
+        if p.exists() and (p / 'run_agent.py').exists():
+            return p.resolve()
+    return None
+
+# ── Python discovery (mirrors api/config._discover_python) ────────────────
+def _discover_python(agent_dir) -> str:
+    if os.getenv('HERMES_WEBUI_PYTHON'):
+        return os.getenv('HERMES_WEBUI_PYTHON')
+    if agent_dir:
+        venv_py = agent_dir / 'venv' / 'bin' / 'python'
+        if venv_py.exists():
+            return str(venv_py)
+    local_venv = REPO_ROOT / '.venv' / 'bin' / 'python'
+    if local_venv.exists():
+        return str(local_venv)
+    return shutil.which('python3') or shutil.which('python') or 'python3'
+
+HERMES_AGENT = _discover_agent_dir()
+VENV_PYTHON  = _discover_python(HERMES_AGENT)
+
+# Work dir: agent dir if found, else repo root
+WORKDIR = str(HERMES_AGENT) if HERMES_AGENT else str(REPO_ROOT)
+
+
+# ── Helpers ──────────────────────────────────────────────────────────────────
+
+def _post(base, path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(
+        base + path, data=data, headers={"Content-Type": "application/json"}
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read())
+    except urllib.error.HTTPError as e:
+        try:
+            return json.loads(e.read())
+        except Exception:
+            return {}
+
+
+def _wait_for_server(base, timeout=20):
+    deadline = time.time() + timeout
+    while time.time() < deadline:
+        try:
+            with urllib.request.urlopen(base + "/health", timeout=2) as r:
+                if json.loads(r.read()).get("status") == "ok":
+                    return True
+        except Exception:
+            time.sleep(0.3)
+    return False
+
+
+# ── Session-scoped test server ────────────────────────────────────────────────
+
+@pytest.fixture(scope="session", autouse=True)
+def test_server():
+    """
+    Start an isolated test server on TEST_PORT with a clean state directory.
+    Paths are discovered dynamically -- no hardcoded absolute path assumptions.
+    """
+    # Clean slate
+    if TEST_STATE_DIR.exists():
+        shutil.rmtree(TEST_STATE_DIR)
+    TEST_STATE_DIR.mkdir(parents=True)
+    TEST_WORKSPACE.mkdir(parents=True)
+
+    # Symlink real skills into test home so skill-related tests work,
+    # but all write-heavy state stays isolated.
+    real_skills  = HERMES_HOME / 'skills'
+    test_skills  = TEST_STATE_DIR / 'skills'
+    if real_skills.exists() and not test_skills.exists():
+        test_skills.symlink_to(real_skills)
+
+    # Isolated cron state
+    (TEST_STATE_DIR / 'cron').mkdir(parents=True, exist_ok=True)
+
+    env = os.environ.copy()
+    env.update({
+        "HERMES_WEBUI_PORT":              str(TEST_PORT),
+        "HERMES_WEBUI_HOST":              "127.0.0.1",
+        "HERMES_WEBUI_STATE_DIR":         str(TEST_STATE_DIR),
+        "HERMES_WEBUI_DEFAULT_WORKSPACE": str(TEST_WORKSPACE),
+        "HERMES_WEBUI_DEFAULT_MODEL":     "openai/gpt-5.4-mini",
+        "HERMES_HOME":                    str(TEST_STATE_DIR),
+    })
+
+    # Pass agent dir if discovered so server.py doesn't have to re-discover
+    if HERMES_AGENT:
+        env["HERMES_WEBUI_AGENT_DIR"] = str(HERMES_AGENT)
+
+    proc = subprocess.Popen(
+        [VENV_PYTHON, str(SERVER_SCRIPT)],
+        cwd=WORKDIR,
+        env=env,
+        stdout=subprocess.DEVNULL,
+        stderr=subprocess.DEVNULL,
+    )
+
+    if not _wait_for_server(TEST_BASE, timeout=20):
+        proc.kill()
+        pytest.fail(
+            f"Test server on port {TEST_PORT} did not start within 20s.\n"
+            f"  server.py : {SERVER_SCRIPT}\n"
+            f"  python    : {VENV_PYTHON}\n"
+            f"  agent dir : {HERMES_AGENT}\n"
+            f"  workdir   : {WORKDIR}\n"
+        )
+
+    yield proc
+
+    proc.terminate()
+    try:
+        proc.wait(timeout=5)
+    except subprocess.TimeoutExpired:
+        proc.kill()
+
+    try:
+        shutil.rmtree(TEST_STATE_DIR)
+    except Exception:
+        pass
+
+
+# ── Test base URL ─────────────────────────────────────────────────────────────
+
+@pytest.fixture(scope="session")
+def base_url():
+    return TEST_BASE
+
+
+# ── Per-test session cleanup ──────────────────────────────────────────────────
+
+@pytest.fixture(autouse=True)
+def cleanup_test_sessions():
+    """
+    Yields a list for tests to register created session IDs.
+    Deletes all registered sessions after each test.
+    Resets last_workspace to the test workspace to prevent state bleed.
+    """
+    created: list[str] = []
+    yield created
+
+    for sid in created:
+        try:
+            _post(TEST_BASE, "/api/session/delete", {"session_id": sid})
+        except Exception:
+            pass
+
+    try:
+        _post(TEST_BASE, "/api/sessions/cleanup_zero_message")
+    except Exception:
+        pass
+
+    try:
+        last_ws_file = TEST_STATE_DIR / "last_workspace.txt"
+        last_ws_file.write_text(str(TEST_WORKSPACE), encoding='utf-8')
+    except Exception:
+        pass
+
+
+# ── Convenience helpers ────────────────────────────────────────────────────────
+
+def make_session_tracked(created_list, ws=None):
+    """
+    Create a session on the test server and register it for cleanup.
+
+    Usage:
+        def test_something(cleanup_test_sessions):
+            sid, ws = make_session_tracked(cleanup_test_sessions)
+    """
+    body = {}
+    if ws:
+        body["workspace"] = str(ws)
+    d = _post(TEST_BASE, "/api/session/new", body)
+    sid = d["session"]["session_id"]
+    ws_path = pathlib.Path(d["session"]["workspace"])
+    created_list.append(sid)
+    return sid, ws_path
diff --git a/tests/test_regressions.py b/tests/test_regressions.py
new file mode 100644
index 0000000..3173cf1
--- /dev/null
+++ b/tests/test_regressions.py
@@ -0,0 +1,416 @@
+"""
+Regression tests -- one test per bug that was introduced and fixed.
+These tests exist specifically to prevent those bugs from silently returning.
+
+Each test is tagged with the sprint/commit where the bug was found and fixed.
+"""
+import json
+import pathlib
+import time
+import urllib.error
+import urllib.request
+import urllib.parse
+REPO_ROOT = pathlib.Path(__file__).parent.parent.resolve()
+
+BASE = "http://127.0.0.1:8788"
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read()), r.status
+
+def get_raw(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return r.read(), r.headers.get("Content-Type",""), r.status
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(
+        BASE + path, data=data, headers={"Content-Type": "application/json"}
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+def make_session(created_list):
+    d, _ = post("/api/session/new", {})
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid
+
+
+# ── R1: uuid not imported in server.py (Sprint 10 split regression) ──────────
+
+def test_chat_start_returns_stream_id(cleanup_test_sessions):
+    """R1: chat/start must return stream_id -- catches missing uuid import.
+    When uuid was missing, this returned 500 (NameError).
+    """
+    sid = make_session(cleanup_test_sessions)
+    data, status = post("/api/chat/start", {
+        "session_id": sid,
+        "message": "ping",
+        "model": "openai/gpt-5.4-mini",
+    })
+    # Must return 200 with a stream_id -- not 500
+    assert status == 200, f"chat/start failed with {status}: {data}"
+    assert "stream_id" in data, "stream_id missing from chat/start response"
+    assert len(data["stream_id"]) > 8, "stream_id looks invalid"
+    post("/api/session/delete", {"session_id": sid})
+    cleanup_test_sessions.clear()
+
+
+# ── R2: AIAgent not imported in api/streaming.py (Sprint 10 split regression) ─
+
+def test_chat_stream_opens_successfully(cleanup_test_sessions):
+    """R2: After chat/start, GET /api/chat/stream must return 200 (SSE opens).
+    When AIAgent was missing, the thread crashed immediately, popped STREAMS,
+    and the SSE GET returned 404.
+    """
+    sid = make_session(cleanup_test_sessions)
+    data, status = post("/api/chat/start", {
+        "session_id": sid,
+        "message": "say: hello",
+        "model": "openai/gpt-5.4-mini",
+    })
+    assert status == 200, f"chat/start failed: {data}"
+    stream_id = data["stream_id"]
+
+    # Open the SSE stream -- must return 200, not 404
+    # We only check headers (don't read the full stream body)
+    req = urllib.request.Request(BASE + f"/api/chat/stream?stream_id={stream_id}")
+    try:
+        r = urllib.request.urlopen(req, timeout=3)
+        assert r.status == 200, f"SSE stream returned {r.status} (expected 200)"
+        ct = r.headers.get("Content-Type", "")
+        assert "text/event-stream" in ct, f"Wrong Content-Type: {ct}"
+        r.close()
+    except urllib.error.HTTPError as e:
+        assert False, f"SSE stream returned {e.code} -- AIAgent may not be imported"
+    except Exception:
+        pass  # timeout or connection close after brief read is fine
+
+    post("/api/session/delete", {"session_id": sid})
+    cleanup_test_sessions.clear()
+
+
+# ── R3: Session.__init__ missing tool_calls param (Sprint 10 split regression) ─
+
+def test_session_with_tool_calls_in_json_loads_ok(cleanup_test_sessions):
+    """R3: Sessions that have tool_calls in their JSON must load without 500.
+    When tool_calls=None was missing from Session.__init__, loading such sessions
+    threw TypeError: unexpected keyword argument.
+    """
+    sid = make_session(cleanup_test_sessions)
+
+    # Manually inject tool_calls into the session's JSON file
+    sessions_dir = pathlib.Path.home() / ".hermes" / "webui-mvp-test" / "sessions"
+    session_file = sessions_dir / f"{sid}.json"
+    if session_file.exists():
+        d = json.loads(session_file.read_text())
+        d["tool_calls"] = [
+            {"name": "terminal", "snippet": "test output", "tid": "test_tid_001", "assistant_msg_idx": 1}
+        ]
+        session_file.write_text(json.dumps(d))
+
+    # Loading the session must return 200, not 500
+    data, status = get(f"/api/session?session_id={urllib.parse.quote(sid)}")
+    assert status == 200, f"Session with tool_calls returned {status}: {data}"
+    assert data["session"]["session_id"] == sid
+
+    post("/api/session/delete", {"session_id": sid})
+    cleanup_test_sessions.clear()
+
+
+# ── R4: has_pending not imported in streaming.py (Sprint 10 split regression) ─
+
+def test_streaming_py_imports_has_pending(cleanup_test_sessions):
+    """R4: api/streaming.py must import or define has_pending.
+    When missing, the approval check mid-stream caused NameError.
+    """
+    src = (REPO_ROOT / "api/streaming.py").read_text()
+    assert "has_pending" in src, "has_pending not found in api/streaming.py"
+    # Verify it's imported (not just used)
+    assert "import" in src and "has_pending" in src, \
+        "has_pending must be imported in api/streaming.py"
+
+
+def test_aiagent_imported_in_streaming(cleanup_test_sessions):
+    """R2b: api/streaming.py must import AIAgent.
+    When missing, the streaming thread crashed immediately after being spawned.
+    """
+    src = (REPO_ROOT / "api/streaming.py").read_text()
+    assert "AIAgent" in src, "AIAgent not referenced in api/streaming.py"
+    assert "from run_agent import AIAgent" in src or "import AIAgent" in src, \
+        "AIAgent must be imported in api/streaming.py"
+
+
+# ── R5: SSE loop did not break on cancel event (Sprint 10 bug) ───────────────
+
+def test_cancel_nonexistent_stream_returns_not_cancelled(cleanup_test_sessions):
+    """R5a: Cancel endpoint works and returns cancelled:false for unknown stream."""
+    data, status = get("/api/chat/cancel?stream_id=nonexistent_test_xyz")
+    assert status == 200
+    assert data["ok"] is True
+    assert data["cancelled"] is False
+
+
+def test_server_py_sse_loop_breaks_on_cancel(cleanup_test_sessions):
+    """R5b: server.py SSE loop must include 'cancel' in the break condition.
+    When missing, the connection hung after the cancel event was processed.
+    """
+    src = (REPO_ROOT / "server.py").read_text()
+    # Find the SSE break condition
+    import re
+    m = re.search(r"if event in \([^)]+\):\s*break", src)
+    assert m, "SSE break condition not found in server.py"
+    assert "cancel" in m.group(), \
+        f"'cancel' missing from SSE break condition: {m.group()}"
+
+
+# ── R6: Test cron isolation (Sprint 10) ──────────────────────────────────────
+
+def test_real_jobs_json_not_polluted_by_tests(cleanup_test_sessions):
+    """R6: Test runs must not write to the real ~/.hermes/cron/jobs.json.
+    When HERMES_HOME isolation was missing, every test run added test-job-* entries.
+    """
+    real_jobs_path = pathlib.Path.home() / ".hermes" / "cron" / "jobs.json"
+    if not real_jobs_path.exists():
+        return  # no jobs file at all -- fine
+
+    jobs = json.loads(real_jobs_path.read_text())
+    if isinstance(jobs, dict):
+        jobs = jobs.get("jobs", [])
+
+    test_jobs = [j for j in jobs if j.get("name", "").startswith("test-job-")]
+    assert len(test_jobs) == 0, \
+        f"Real jobs.json contains {len(test_jobs)} test-job-* entries: " \
+        f"{[j['name'] for j in test_jobs]}"
+
+
+# ── General: api modules all importable ──────────────────────────────────────
+
+def test_all_api_modules_importable(cleanup_test_sessions):
+    """All api/ modules must be importable without NameError or ImportError.
+    Catches missing imports introduced during future module splits.
+    """
+    import ast, pathlib
+    api_dir = REPO_ROOT / "api"
+    for module_file in api_dir.glob("*.py"):
+        src = module_file.read_text()
+        try:
+            ast.parse(src)
+        except SyntaxError as e:
+            assert False, f"{module_file.name} has syntax error: {e}"
+
+
+def test_server_py_importable(cleanup_test_sessions):
+    """server.py must parse without syntax errors after any split."""
+    import ast, pathlib
+    src = (REPO_ROOT / "server.py").read_text()
+    try:
+        ast.parse(src)
+    except SyntaxError as e:
+        assert False, f"server.py has syntax error: {e}"
+
+# ── R7: Cross-session busy state bleed ───────────────────────────────────────
+
+def test_loadSession_resets_busy_state_for_idle_session(cleanup_test_sessions):
+    """R7: sessions.js loadSession for a non-inflight session must reset S.busy to false.
+    When missing, switching from a busy session to an idle one left the Send button
+    disabled, showed the wrong activity bar, and pointed Cancel at the wrong stream.
+    """
+    src = (REPO_ROOT / "static/sessions.js").read_text()
+    # The fix adds explicit S.busy=false in the non-inflight else branch
+    assert "S.busy=false;" in src,         "sessions.js loadSession must set S.busy=false when loading a non-inflight session"
+    # btnSend must be explicitly re-enabled
+    assert "$('btnSend').disabled=false;" in src,         "sessions.js loadSession must enable btnSend for non-inflight sessions"
+
+
+def test_done_handler_guards_setbusy_with_inflight_check(cleanup_test_sessions):
+    """R7b: messages.js done/error handlers must not call setBusy(false) if the
+    currently viewed session is itself still in-flight.
+    When missing, finishing session A while viewing in-flight session B would
+    disable B's Send button.
+    """
+    src = (REPO_ROOT / "static/messages.js").read_text()
+    # The fix wraps setBusy(false) in a guard
+    assert "INFLIGHT[S.session.session_id]" in src,         "messages.js must guard setBusy(false) with INFLIGHT check for current session"
+
+
+def test_cancel_button_not_cleared_across_sessions(cleanup_test_sessions):
+    """R7c: The Cancel button and activeStreamId must only be cleared when the
+    done/error event belongs to the currently viewed session.
+    """
+    src = (REPO_ROOT / "static/messages.js").read_text()
+    # Both clear operations must be inside the activeSid === S.session guard
+    # We check for the pattern added by the fix
+    assert "S.session.session_id===activeSid" in src,         "messages.js must guard activeStreamId/Cancel clearing with session identity check"
+
+# ── R8: Session delete does not invalidate index (ghost sessions) ─────────────
+
+def test_deleted_session_does_not_appear_in_list(cleanup_test_sessions):
+    """R8: After deleting a session, it must not appear in /api/sessions.
+    When _index.json was not invalidated on delete, the session reappeared
+    in the list even after the JSON file was removed.
+    """
+    # Create a session with a title so it shows in the list
+    d, _ = post("/api/session/new", {})
+    sid = d["session"]["session_id"]
+    post("/api/session/rename", {"session_id": sid, "title": "regression-test-delete-R8"})
+
+    # Verify it appears
+    sessions, _ = get("/api/sessions")
+    ids_before = [s["session_id"] for s in sessions["sessions"]]
+    assert sid in ids_before, "Session must appear in list before delete"
+
+    # Delete it
+    result, status = post("/api/session/delete", {"session_id": sid})
+    assert status == 200 and result.get("ok") is True
+
+    # Verify it no longer appears -- even after a second fetch (index rebuild)
+    sessions2, _ = get("/api/sessions")
+    ids_after = [s["session_id"] for s in sessions2["sessions"]]
+    assert sid not in ids_after,         f"Deleted session {sid} still appears in list -- index not invalidated on delete"
+
+
+def test_server_delete_invalidates_index(cleanup_test_sessions):
+    """R8b: server.py session/delete handler must unlink _index.json.
+    Static check that the fix is in place.
+    """
+    src = (REPO_ROOT / "server.py").read_text()
+    # Find the delete handler and verify it unlinks the index
+    delete_idx = src.find("if parsed.path == '/api/session/delete':")
+    assert delete_idx >= 0, "session/delete handler not found"
+    delete_block = src[delete_idx:delete_idx+600]
+    assert "SESSION_INDEX_FILE" in delete_block,         "server.py session/delete must invalidate SESSION_INDEX_FILE"
+
+
+# ── R9: Token/tool SSE events write to wrong session after switch ─────────────
+
+def test_token_handler_guards_session_id(cleanup_test_sessions):
+    """R9a: The SSE token event handler must check activeSid before writing to DOM.
+    When missing, tokens from session A would render into session B's message area
+    if the user switched sessions mid-stream.
+    """
+    src = (REPO_ROOT / "static/messages.js").read_text()
+    # Find the token event handler
+    token_idx = src.find("es.addEventListener('token'")
+    assert token_idx >= 0, "token event handler not found"
+    token_block = src[token_idx:token_idx+300]
+    assert "activeSid" in token_block,         "token handler must check activeSid before writing to DOM"
+    assert "S.session.session_id!==activeSid" in token_block or            "S.session.session_id===activeSid" in token_block,         "token handler must compare current session to activeSid"
+
+
+def test_tool_handler_guards_session_id(cleanup_test_sessions):
+    """R9b: The SSE tool event handler must check activeSid before writing to DOM.
+    When missing, tool cards from session A would render into session B's message area.
+    """
+    src = (REPO_ROOT / "static/messages.js").read_text()
+    tool_idx = src.find("es.addEventListener('tool'")
+    assert tool_idx >= 0, "tool event handler not found"
+    tool_block = src[tool_idx:tool_idx+400]
+    assert "activeSid" in tool_block,         "tool handler must check activeSid before writing to DOM"
+
+# ── R10: respondApproval uses wrong session_id after switch (multi-session) ─
+
+def test_respond_approval_uses_approval_session_id(cleanup_test_sessions):
+    """R10: respondApproval must use the session_id of the session that triggered
+    the approval, not S.session.session_id (which may be a different session
+    if the user switched while approval was pending).
+    """
+    src = (REPO_ROOT / "static/messages.js").read_text()
+    # The fix introduces _approvalSessionId to track the correct session
+    assert "_approvalSessionId" in src,         "messages.js must use _approvalSessionId in respondApproval"
+    # respondApproval must use _approvalSessionId, not S.session.session_id directly
+    idx = src.find("async function respondApproval(")
+    assert idx >= 0, "respondApproval not found"
+    fn_body = src[idx:idx+300]
+    assert "_approvalSessionId" in fn_body,         "respondApproval must read _approvalSessionId, not S.session.session_id"
+
+
+# ── R11: Activity bar shows cross-session tool status ─────────────────────
+
+def test_tool_status_only_shown_for_current_session(cleanup_test_sessions):
+    """R11: The activity bar setStatus() call in the tool SSE handler must only
+    fire when the user is viewing the session that triggered the tool.
+    When missing, session A's tool names would appear in session B's activity bar.
+    """
+    src = (REPO_ROOT / "static/messages.js").read_text()
+    # Find the tool event handler
+    tool_idx = src.find("es.addEventListener('tool'")
+    assert tool_idx >= 0
+    tool_block = src[tool_idx:tool_idx+400]
+    # setStatus must be inside the activeSid guard, not before it
+    status_pos = tool_block.find("setStatus(")
+    guard_pos  = tool_block.find("S.session.session_id===activeSid")
+    assert guard_pos >= 0, "tool handler must guard with activeSid check"
+    # The guard must appear BEFORE or AROUND the setStatus call
+    # (status only fires for the current session)
+    assert status_pos > tool_block.find("activeSid"),         "setStatus in tool handler must be inside the activeSid guard"
+
+
+# ── R12: Live tool cards lost on switch-away and switch-back ──────────────
+
+def test_loadSession_inflight_restores_live_tool_cards(cleanup_test_sessions):
+    """R12: When switching back to an in-flight session, live tool cards in
+    #liveToolCards must be restored from S.toolCalls.
+    When missing, tool cards disappeared on switch-away even though the session
+    was still processing.
+    """
+    src = (REPO_ROOT / "static/sessions.js").read_text()
+    # INFLIGHT branch must call appendLiveToolCard
+    inflight_idx = src.find("if(INFLIGHT[sid]){")
+    assert inflight_idx >= 0, "INFLIGHT branch not found in loadSession"
+    inflight_block = src[inflight_idx:inflight_idx+500]
+    assert "appendLiveToolCard" in inflight_block,         "loadSession INFLIGHT branch must restore live tool cards via appendLiveToolCard"
+    assert "clearLiveToolCards" in inflight_block,         "loadSession INFLIGHT branch must clear old live cards before restoring"
+
+# ── R13: renderMessages() called before S.busy=false in done handler ────────
+
+def test_done_handler_sets_busy_false_before_renderMessages(cleanup_test_sessions):
+    """R13: In the done handler, S.busy must be set to false BEFORE renderMessages()
+    is called for the active session. The !S.busy guard in renderMessages() controls
+    whether settled tool cards are rendered. When S.busy=true during renderMessages(),
+    tool cards are skipped entirely after a response completes.
+    """
+    src = (REPO_ROOT / "static/messages.js").read_text()
+    done_idx = src.find("es.addEventListener('done'")
+    assert done_idx >= 0
+    done_block = src[done_idx:done_idx+1500]
+    # S.busy=false must appear before renderMessages() within the done handler
+    busy_pos = done_block.find("S.busy=false;")
+    render_pos = done_block.find("renderMessages()")
+    assert busy_pos >= 0, "done handler must set S.busy=false before renderMessages()"
+    assert busy_pos < render_pos,         f"S.busy=false (pos {busy_pos}) must come before renderMessages() (pos {render_pos})"
+
+
+# ── R14: send() uses stale modelSelect.value instead of session model ────────
+
+def test_send_uses_session_model_as_authoritative_source(cleanup_test_sessions):
+    """R14: send() must use S.session.model as the authoritative model, not just
+    $('modelSelect').value. When a session was created with a model not in the
+    current dropdown list, the select value would be stale after switching sessions,
+    causing the wrong model to be sent.
+    """
+    src = (REPO_ROOT / "static/messages.js").read_text()
+    # The model field in the chat/start payload must prefer S.session.model
+    chat_start_idx = src.find("/api/chat/start")
+    assert chat_start_idx >= 0
+    payload_block = src[chat_start_idx:chat_start_idx+300]
+    assert "S.session.model" in payload_block,         "send() must use S.session.model in the chat/start payload"
+
+
+# ── R15: newSession does not clear live tool cards ────────────────────────────
+
+def test_newSession_clears_live_tool_cards(cleanup_test_sessions):
+    """R15: newSession() must call clearLiveToolCards() so live cards from a
+    previous in-flight session don't persist when starting a fresh conversation.
+    """
+    src = (REPO_ROOT / "static/sessions.js").read_text()
+    new_sess_idx = src.find("async function newSession(")
+    assert new_sess_idx >= 0
+    # Find end of newSession (next async function)
+    next_fn = src.find("async function ", new_sess_idx + 10)
+    new_sess_body = src[new_sess_idx:next_fn]
+    assert "clearLiveToolCards" in new_sess_body,         "newSession() must call clearLiveToolCards() to clear stale live cards"
diff --git a/tests/test_sprint1.py b/tests/test_sprint1.py
new file mode 100644
index 0000000..8e8893a
--- /dev/null
+++ b/tests/test_sprint1.py
@@ -0,0 +1,437 @@
+"""
+Sprint 1 test suite for the Hermes WebUI.
+
+Tests use the ISOLATED test server running on http://127.0.0.1:8788.
+Production server (port 8787) and your real conversations are never touched.
+Start the server before running:
+    <repo>/start.sh
+    # wait 2 seconds
+    pytest webui-mvp/tests/test_sprint1.py -v
+
+All tests are HTTP-level: they call real API endpoints and verify responses.
+No mocking required for session CRUD, upload parser, or approval API.
+"""
+
+import io
+import json
+import os
+import sys
+import time
+import uuid
+import urllib.request
+import urllib.parse
+import urllib.error
+import tempfile
+import pathlib
+
+# Allow importing server modules directly for unit tests
+sys.path.insert(0, str(pathlib.Path(__file__).parent.parent.parent))
+
+BASE = "http://127.0.0.1:8788"  # test server (isolated from production)
+
+
+# ──────────────────────────────────────────────
+# HTTP helpers
+# ──────────────────────────────────────────────
+
+def get(path):
+    url = BASE + path
+    with urllib.request.urlopen(url, timeout=10) as r:
+        return json.loads(r.read())
+
+
+def post(path, body=None):
+    url = BASE + path
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(url, data=data,
+          headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+
+def post_multipart(path, fields, files):
+    """Post a multipart/form-data request. files: {name: (filename, bytes)}"""
+    boundary = uuid.uuid4().hex.encode()
+    body = b""
+    for name, value in fields.items():
+        body += b"--" + boundary + b"\r\n"
+        body += f"Content-Disposition: form-data; name=\"{name}\"\r\n\r\n".encode()
+        body += value.encode() + b"\r\n"
+    for name, (filename, data) in files.items():
+        body += b"--" + boundary + b"\r\n"
+        body += f"Content-Disposition: form-data; name=\"{name}\"; filename=\"{filename}\"\r\n".encode()
+        body += b"Content-Type: application/octet-stream\r\n\r\n"
+        body += data + b"\r\n"
+    body += b"--" + boundary + b"--\r\n"
+    req = urllib.request.Request(BASE + path, data=body,
+          headers={"Content-Type": f"multipart/form-data; boundary={boundary.decode()}"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+
+def make_session_tracked(created_list, ws=None):
+    """Create a session and register it with the cleanup fixture."""
+    body = {}
+    if ws: body["workspace"] = str(ws)
+    d, _ = post("/api/session/new", body)
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid, pathlib.Path(d["session"]["workspace"])
+
+
+
+# ──────────────────────────────────────────────
+# Health check (prerequisite for all tests)
+# ──────────────────────────────────────────────
+
+def test_health():
+    """Server must be running and healthy."""
+    data = get("/health")
+    assert data["status"] == "ok", f"health not ok: {data}"
+
+
+# ──────────────────────────────────────────────
+# B11: /api/session GET footgun fix
+# ──────────────────────────────────────────────
+
+def test_session_get_no_id_returns_400():
+    """B11: GET /api/session with no session_id must return 400, not silently create."""
+    try:
+        data = get("/api/session")
+        # If we get here, the server returned 200 (old broken behavior)
+        assert False, f"Expected 400 but got 200: {data}"
+    except urllib.error.HTTPError as e:
+        assert e.code == 400, f"Expected 400, got {e.code}"
+        body = json.loads(e.read())
+        assert "error" in body
+
+
+# ──────────────────────────────────────────────
+# Session CRUD
+# ──────────────────────────────────────────────
+
+def test_session_create_and_load():
+    """Create a session, verify it appears in /api/sessions, load it."""
+    data, status = post("/api/session/new", {"model": "openai/gpt-5.4-mini"})
+    assert status == 200, f"Expected 200, got {status}: {data}"
+    assert "session" in data
+    sid = data["session"]["session_id"]
+    assert len(sid) == 12  # uuid4().hex[:12]
+
+    # Give it a title so it's visible in the session list (empty Untitled sessions are filtered)
+    post("/api/session/rename", {"session_id": sid, "title": "test-create-verify"})
+
+    # Verify it appears in /api/sessions list
+    sessions = get("/api/sessions")
+    sids = [s["session_id"] for s in sessions["sessions"]]
+    assert sid in sids, f"New session {sid} not in sessions list"
+
+    # Load it directly
+    loaded = get(f"/api/session?session_id={sid}")
+    assert loaded["session"]["session_id"] == sid
+    assert loaded["session"]["messages"] == []
+
+    # Cleanup
+    post("/api/session/delete", {"session_id": sid})
+
+
+def test_session_update():
+    """Create session, update workspace and model, verify persisted."""
+    data, _ = post("/api/session/new", {})
+    sid = data["session"]["session_id"]
+
+    updated, status = post("/api/session/update", {
+        "session_id": sid,
+        "workspace": "/tmp",
+        "model": "anthropic/claude-sonnet-4.6"
+    })
+    assert status == 200
+    assert updated["session"]["model"] == "anthropic/claude-sonnet-4.6"
+
+    # Reload and verify persistence
+    reloaded = get(f"/api/session?session_id={sid}")
+    assert reloaded["session"]["model"] == "anthropic/claude-sonnet-4.6"
+
+
+def test_session_delete():
+    """Create session, delete it, verify it no longer loads."""
+    data, _ = post("/api/session/new", {})
+    sid = data["session"]["session_id"]
+
+    result, status = post("/api/session/delete", {"session_id": sid})
+    assert status == 200
+    assert result.get("ok") is True
+
+    # Trying to load it should now 404/500 (KeyError -> 500 in current handler)
+    try:
+        get(f"/api/session?session_id={sid}")
+        assert False, "Expected error loading deleted session"
+    except urllib.error.HTTPError as e:
+        assert e.code in (404, 500), f"Expected 404 or 500, got {e.code}"
+
+
+def test_session_delete_nonexistent():
+    """Deleting a nonexistent session should return ok:True (idempotent)."""
+    result, status = post("/api/session/delete", {"session_id": "doesnotexist"})
+    assert status == 200
+    assert result.get("ok") is True
+
+
+def test_sessions_list_sorted():
+    """Sessions list should be sorted most-recently-updated first."""
+    # Create two sessions with a title so they're visible (empty Untitled sessions are filtered)
+    a, _ = post("/api/session/new", {})
+    time.sleep(0.05)
+    b, _ = post("/api/session/new", {})
+    sid_a = a["session"]["session_id"]
+    sid_b = b["session"]["session_id"]
+    post("/api/session/rename", {"session_id": sid_a, "title": "test-sort-a"})
+    time.sleep(0.05)
+    post("/api/session/rename", {"session_id": sid_b, "title": "test-sort-b"})
+
+    sessions = get("/api/sessions")
+    sids = [s["session_id"] for s in sessions["sessions"]]
+
+    # b was updated more recently, should appear before a
+    assert sids.index(sid_b) < sids.index(sid_a), \
+        "Sessions not sorted by updated_at desc"
+
+    # Cleanup
+    post("/api/session/delete", {"session_id": sid_a})
+    post("/api/session/delete", {"session_id": sid_b})
+
+
+# ──────────────────────────────────────────────
+# Upload parser unit tests (pure function, no HTTP)
+# ──────────────────────────────────────────────
+
+def test_parse_multipart_text_file():
+    """parse_multipart correctly parses a text file field."""
+    sys.path.insert(0, str(pathlib.Path(__file__).parent.parent.parent))
+    # Import the function directly from the server module
+    import importlib.util
+    spec = importlib.util.spec_from_file_location(
+        "server",
+        str(pathlib.Path(__file__).parent.parent / "server.py")
+    )
+    # We only need parse_multipart; import it without running the server
+    # Parse manually by reading the source and exec only the function
+    src = pathlib.Path(__file__).parent.parent.joinpath("api/upload.py").read_text()
+    # Extract and exec parse_multipart
+    import re
+    # Find the function
+    m = re.search(r"(def parse_multipart\(.*?)(?=\ndef )", src, re.DOTALL)
+    assert m, "Could not find parse_multipart in server.py"
+    ns = {}
+    exec("import re as _re, email.parser as _ep\n" + m.group(1), ns)
+    parse_multipart = ns["parse_multipart"]
+
+    # Build a minimal multipart body
+    boundary = b"testboundary"
+    body = (
+        b"--testboundary\r\n"
+        b"Content-Disposition: form-data; name=\"session_id\"\r\n\r\n"
+        b"abc123\r\n"
+        b"--testboundary\r\n"
+        b"Content-Disposition: form-data; name=\"file\"; filename=\"hello.txt\"\r\n"
+        b"Content-Type: text/plain\r\n\r\n"
+        b"hello world\r\n"
+        b"--testboundary--\r\n"
+    )
+    fields, files = parse_multipart(
+        io.BytesIO(body),
+        "multipart/form-data; boundary=testboundary",
+        len(body)
+    )
+    assert fields.get("session_id") == "abc123", f"fields: {fields}"
+    assert "file" in files, f"files: {files}"
+    filename, content = files["file"]
+    assert filename == "hello.txt"
+    assert content == b"hello world"
+
+
+def test_parse_multipart_binary_file():
+    """parse_multipart handles binary (PNG header bytes) without corruption."""
+    src = pathlib.Path(__file__).parent.parent.joinpath("api/upload.py").read_text()
+    import re
+    m = re.search(r"(def parse_multipart\(.*?)(?=\ndef )", src, re.DOTALL)
+    ns = {}
+    exec("import re as _re, email.parser as _ep\n" + m.group(1), ns)
+    parse_multipart = ns["parse_multipart"]
+
+    # Fake PNG: first 8 bytes of PNG magic
+    png_magic = b"\x89PNG\r\n\x1a\n"
+    boundary = b"binboundary"
+    body = (
+        b"--binboundary\r\n"
+        b"Content-Disposition: form-data; name=\"session_id\"\r\n\r\n"
+        b"sess1\r\n"
+        b"--binboundary\r\n"
+        b"Content-Disposition: form-data; name=\"file\"; filename=\"test.png\"\r\n"
+        b"Content-Type: image/png\r\n\r\n" + png_magic + b"\r\n"
+        b"--binboundary--\r\n"
+    )
+    fields, files = parse_multipart(
+        io.BytesIO(body),
+        "multipart/form-data; boundary=binboundary",
+        len(body)
+    )
+    assert "file" in files
+    filename, content = files["file"]
+    assert filename == "test.png"
+    assert content == png_magic, f"Binary content corrupted: {content!r}"
+
+
+# ──────────────────────────────────────────────
+# File upload via HTTP
+# ──────────────────────────────────────────────
+
+def test_upload_text_file(cleanup_test_sessions):
+    """Upload a text file to a session workspace, verify it appears in /api/list."""
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+
+    result, status = post_multipart("/api/upload", {"session_id": sid}, {
+        "file": ("test_upload.txt", b"sprint1 test content")
+    })
+    assert status == 200, f"Upload failed {status}: {result}"
+    assert "filename" in result
+    assert result["size"] == len(b"sprint1 test content")
+
+    # Verify file appears in listing
+    listing = get(f"/api/list?session_id={sid}&path=.")
+    names = [e["name"] for e in listing["entries"]]
+    assert result["filename"] in names, f"{result['filename']} not in {names}"
+    # Cleanup the uploaded file
+    post("/api/file/delete", {"session_id": sid, "path": result["filename"]})
+
+
+def test_upload_too_large(cleanup_test_sessions):
+    """Uploading a file over MAX_UPLOAD_BYTES is rejected (413 or connection closed)."""
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+
+    # 21MB > 20MB limit
+    big = b"x" * (21 * 1024 * 1024)
+    try:
+        result, status = post_multipart("/api/upload", {"session_id": sid}, {
+            "file": ("big.bin", big)
+        })
+        # If we get a response it should be 413
+        assert status == 413, f"Expected 413, got {status}: {result}"
+    except (urllib.error.URLError, ConnectionResetError, BrokenPipeError):
+        # Server closed connection after reading Content-Length > limit before body
+        # This is also valid rejection behavior
+        pass
+
+
+def test_upload_no_file_field(cleanup_test_sessions):
+    """Upload with no file field returns 400."""
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post_multipart("/api/upload", {"session_id": sid}, {})
+    assert status == 400, f"Expected 400, got {status}: {result}"
+
+
+def test_upload_bad_session():
+    """Upload to nonexistent session returns 404."""
+    result, status = post_multipart("/api/upload", {"session_id": "nosuchsession"}, {
+        "file": ("x.txt", b"data")
+    })
+    assert status == 404, f"Expected 404, got {status}: {result}"
+
+
+# ──────────────────────────────────────────────
+# Approval API
+# ──────────────────────────────────────────────
+
+def test_approval_pending_none():
+    """GET /api/approval/pending for a session with no pending entry returns null."""
+    data = get("/api/approval/pending?session_id=no_such_session")
+    assert data["pending"] is None
+
+
+def test_approval_submit_and_respond():
+    """Inject a pending approval via server endpoint, retrieve it, respond with deny."""
+    test_sid = f"test-approval-{uuid.uuid4().hex[:6]}"
+    cmd = "rm -rf /tmp/testdir"
+    key = "recursive_delete"
+
+    # Inject into server process via test endpoint (shared module state)
+    inject = get(f"/api/approval/inject_test?session_id={urllib.parse.quote(test_sid)}&pattern_key={key}&command={urllib.parse.quote(cmd)}")
+    assert inject["ok"] is True
+
+    # Poll should now show the pending entry
+    data = get(f"/api/approval/pending?session_id={urllib.parse.quote(test_sid)}")
+    assert data["pending"] is not None, "Pending entry not visible after inject"
+    assert data["pending"]["command"] == cmd
+
+    # Respond with deny
+    result, status = post("/api/approval/respond", {
+        "session_id": test_sid,
+        "choice": "deny"
+    })
+    assert status == 200
+    assert result["ok"] is True
+    assert result["choice"] == "deny"
+
+    # Pending should be gone
+    data2 = get(f"/api/approval/pending?session_id={urllib.parse.quote(test_sid)}")
+    assert data2["pending"] is None, "Pending entry should be cleared after respond"
+
+
+def test_approval_respond_allow_session():
+    """Inject pending entry, respond with session choice, verify cleared (approved)."""
+    test_sid = f"test-approval-sess-{uuid.uuid4().hex[:6]}"
+
+    inject = get(f"/api/approval/inject_test?session_id={urllib.parse.quote(test_sid)}&pattern_key=force_kill&command=pkill+-9+someproc")
+    assert inject["ok"] is True
+
+    result, status = post("/api/approval/respond", {
+        "session_id": test_sid,
+        "choice": "session"
+    })
+    assert status == 200
+    assert result["ok"] is True
+    assert result["choice"] == "session"
+
+    # After session approval, pending should be cleared
+    data = get(f"/api/approval/pending?session_id={urllib.parse.quote(test_sid)}")
+    assert data["pending"] is None, "Pending entry should be cleared after session approval"
+
+
+# ──────────────────────────────────────────────
+# Stream status endpoint (B4/B5)
+# ──────────────────────────────────────────────
+
+def test_stream_status_unknown_id():
+    """GET /api/chat/stream/status for unknown stream_id returns active:false."""
+    data = get("/api/chat/stream/status?stream_id=doesnotexist")
+    assert data["active"] is False
+
+
+# ──────────────────────────────────────────────
+# File browser
+# ──────────────────────────────────────────────
+
+def test_list_dir(cleanup_test_sessions):
+    """List workspace directory for a session."""
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    listing = get(f"/api/list?session_id={sid}&path=.")
+    assert "entries" in listing
+    assert isinstance(listing["entries"], list)
+
+
+def test_list_dir_path_traversal(cleanup_test_sessions):
+    """Path traversal via ../.. should be blocked (500 or 400)."""
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    try:
+        listing = get(f"/api/list?session_id={sid}&path=../../etc")
+        # If server returns entries outside workspace root, that is a bug
+        # (safe_resolve should raise ValueError)
+        assert False, f"Expected error for path traversal, got: {listing}"
+    except urllib.error.HTTPError as e:
+        assert e.code in (400, 404, 500), f"Expected 400/404/500 for traversal, got {e.code}"
diff --git a/tests/test_sprint10.py b/tests/test_sprint10.py
new file mode 100644
index 0000000..8abeff3
--- /dev/null
+++ b/tests/test_sprint10.py
@@ -0,0 +1,139 @@
+"""
+Sprint 10 Tests: server.py split, cancel endpoint, cron history, tool card polish.
+"""
+import json, pathlib, urllib.error, urllib.request, urllib.parse
+REPO_ROOT = pathlib.Path(__file__).parent.parent.resolve()
+
+BASE = "http://127.0.0.1:8788"
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read()), r.status
+
+def get_text(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return r.read().decode(), r.status
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(BASE + path, data=data,
+                                  headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+def make_session(created_list):
+    d, _ = post("/api/session/new", {})
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid
+
+# ── server.py split: api/ modules served / importable ─────────────────────
+
+def test_health_still_works(cleanup_test_sessions):
+    data, status = get("/health")
+    assert status == 200
+    assert data["status"] == "ok"
+    assert "uptime_seconds" in data
+    assert "active_streams" in data
+
+def test_api_modules_exist(cleanup_test_sessions):
+    """All api/ module files must exist on disk."""
+    base = REPO_ROOT / "api"
+    for mod in ["__init__.py", "config.py", "helpers.py", "models.py",
+                "workspace.py", "upload.py", "streaming.py"]:
+        assert (base / mod).exists(), f"Missing api/{mod}"
+
+def test_server_py_under_750_lines(cleanup_test_sessions):
+    """server.py should be under 750 lines after the split."""
+    lines = len((REPO_ROOT / "server.py").read_text().splitlines())
+    assert lines < 750, f"server.py is {lines} lines -- split may not have landed"
+
+def test_api_config_has_cancel_flags(cleanup_test_sessions):
+    src = (REPO_ROOT / "api/config.py").read_text()
+    assert "CANCEL_FLAGS" in src
+    assert "STREAMS" in src
+
+def test_session_crud_still_works(cleanup_test_sessions):
+    """Full session lifecycle works after split."""
+    created = []
+    sid = make_session(created)
+    data, status = get(f"/api/session?session_id={urllib.parse.quote(sid)}")
+    assert status == 200
+    assert data["session"]["session_id"] == sid
+    post("/api/session/delete", {"session_id": sid})
+
+def test_static_files_still_served(cleanup_test_sessions):
+    for f in ["ui.js", "workspace.js", "sessions.js", "messages.js", "panels.js", "boot.js"]:
+        src, status = get_text(f"/static/{f}")
+        assert status == 200, f"/static/{f} returned {status}"
+        assert len(src) > 100
+
+# ── Cancel endpoint ────────────────────────────────────────────────────────
+
+def test_cancel_requires_stream_id(cleanup_test_sessions):
+    try:
+        data, status = get("/api/chat/cancel")
+        assert status == 400
+    except urllib.error.HTTPError as e:
+        assert e.code == 400
+
+def test_cancel_nonexistent_stream(cleanup_test_sessions):
+    data, status = get("/api/chat/cancel?stream_id=nonexistent_xyz")
+    assert status == 200
+    assert data["ok"] is True
+    assert data["cancelled"] is False
+
+def test_cancel_button_in_html(cleanup_test_sessions):
+    src, _ = get_text("/")
+    assert "btnCancel" in src
+    assert "cancelStream" in src
+
+def test_cancel_function_in_boot_js(cleanup_test_sessions):
+    src, _ = get_text("/static/boot.js")
+    assert "async function cancelStream(" in src
+    assert "/api/chat/cancel" in src
+
+# ── Cron history ───────────────────────────────────────────────────────────
+
+def test_crons_output_limit_param(cleanup_test_sessions):
+    """Server accepts limit parameter > 1."""
+    data, status = get("/api/crons/output?job_id=nonexistent&limit=20")
+    # 404 or 200 with empty -- both acceptable for nonexistent job
+    assert status in (200, 404)
+
+def test_cron_history_button_in_panels_js(cleanup_test_sessions):
+    src, _ = get_text("/static/panels.js")
+    assert "loadCronHistory" in src
+    assert "All runs" in src
+
+def test_cron_output_snippet_helper(cleanup_test_sessions):
+    src, _ = get_text("/static/panels.js")
+    assert "_cronOutputSnippet" in src
+
+# ── Tool card polish ───────────────────────────────────────────────────────
+
+def test_tool_card_running_dot_in_css(cleanup_test_sessions):
+    src, _ = get_text("/static/style.css")
+    assert "tool-card-running-dot" in src
+
+def test_tool_card_show_more_in_ui_js(cleanup_test_sessions):
+    src, _ = get_text("/static/ui.js")
+    assert "Show more" in src
+    assert "tool-card-more" in src
+
+def test_tool_card_smart_truncation_in_ui_js(cleanup_test_sessions):
+    src, _ = get_text("/static/ui.js")
+    assert "displaySnippet" in src
+    assert "lastBreak" in src
+
+def test_cancel_sse_event_handler_in_messages_js(cleanup_test_sessions):
+    src, _ = get_text("/static/messages.js")
+    assert "addEventListener('cancel'" in src
+    assert "Task cancelled" in src
+
+def test_active_stream_id_tracked(cleanup_test_sessions):
+    src, _ = get_text("/static/messages.js")
+    assert "S.activeStreamId" in src
diff --git a/tests/test_sprint2.py b/tests/test_sprint2.py
new file mode 100644
index 0000000..0be15a6
--- /dev/null
+++ b/tests/test_sprint2.py
@@ -0,0 +1,106 @@
+"""Sprint 2 tests: image preview, file types, markdown. Uses cleanup_test_sessions fixture."""
+import io, json, uuid, urllib.request, urllib.error, pathlib
+
+BASE = "http://127.0.0.1:8788"  # test server (isolated from production)
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read()), r.status
+
+def get_raw(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return r.read(), r.headers.get('Content-Type', ''), r.status
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(BASE + path, data=data, headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+def make_session_tracked(created_list, ws=None):
+    """Create a session and register it with the cleanup fixture."""
+    import pathlib as _pathlib
+    body = {}
+    if ws: body["workspace"] = str(ws)
+    d, _ = post("/api/session/new", body)
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid, _pathlib.Path(d["session"]["workspace"])
+
+
+
+def test_raw_endpoint_serves_png(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    png = (b"\x89PNG\r\n\x1a\n" b"\x00\x00\x00\rIHDR\x00\x00\x00\x01"
+           b"\x00\x00\x00\x01\x08\x02\x00\x00\x00"
+           b"\x90wS\xde\x00\x00\x00\x0cIDATx\x9cc"
+           b"\xf8\x0f\x00\x00\x01\x01\x00\x05\x18"
+           b"\xd8N\x00\x00\x00\x00IEND\xaeB`\x82")
+    (ws / "test.png").write_bytes(png)
+    raw, ct, status = get_raw(f"/api/file/raw?session_id={sid}&path=test.png")
+    assert status == 200
+    assert "image/png" in ct
+    assert raw == png
+
+def test_raw_endpoint_serves_jpeg(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    jpeg = b"\xff\xd8\xff\xe0\x00\x10JFIF\x00\x01\x01\x00\x00\x01\x00\x01\x00\x00\xff\xd9"
+    (ws / "photo.jpg").write_bytes(jpeg)
+    raw, ct, status = get_raw(f"/api/file/raw?session_id={sid}&path=photo.jpg")
+    assert status == 200
+    assert "image/jpeg" in ct
+
+def test_raw_endpoint_serves_svg(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    svg = b"<svg xmlns=\"http://www.w3.org/2000/svg\" width=\"100\" height=\"100\"><circle/></svg>"
+    (ws / "icon.svg").write_bytes(svg)
+    raw, ct, status = get_raw(f"/api/file/raw?session_id={sid}&path=icon.svg")
+    assert status == 200
+    assert "image/svg" in ct
+
+def test_raw_endpoint_path_traversal_blocked(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    try:
+        get_raw(f"/api/file/raw?session_id={sid}&path=../../etc/passwd")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code in (400, 500)
+
+def test_raw_endpoint_missing_file_returns_404(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    try:
+        get_raw(f"/api/file/raw?session_id={sid}&path=no_such_file.png")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code in (404, 500)
+
+def test_md_file_returns_text_via_api_file(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    md = "# Hello\n\nThis is **bold**.\n"
+    (ws / "README.md").write_text(md)
+    data, status = get(f"/api/file?session_id={sid}&path=README.md")
+    assert status == 200
+    assert data["content"] == md
+
+def test_md_file_with_table(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    md = "| Name | Value |\n|------|-------|\n| foo  | bar   |\n"
+    (ws / "table.md").write_text(md)
+    data, status = get(f"/api/file?session_id={sid}&path=table.md")
+    assert status == 200
+    assert "| Name | Value |" in data["content"]
+
+def test_file_listing_includes_images(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    (ws / "photo.png").write_bytes(b"fake png")
+    (ws / "notes.md").write_text("# Notes")
+    (ws / "script.py").write_text("print('hello')")
+    data, status = get(f"/api/list?session_id={sid}&path=.")
+    assert status == 200
+    names = {e["name"]: e for e in data["entries"]}
+    assert "photo.png" in names
+    assert "notes.md" in names
+    assert "script.py" in names
diff --git a/tests/test_sprint3.py b/tests/test_sprint3.py
new file mode 100644
index 0000000..255801f
--- /dev/null
+++ b/tests/test_sprint3.py
@@ -0,0 +1,144 @@
+"""Sprint 3 tests: cron API, skills API, memory API, input validation."""
+import json, uuid, urllib.request, urllib.error
+
+BASE = "http://127.0.0.1:8788"  # test server (isolated from production)
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read()), r.status
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(BASE + path, data=data, headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+def make_session_tracked(created_list, ws=None):
+    """Create a session and register it with the cleanup fixture."""
+    import pathlib as _pathlib
+    body = {}
+    if ws: body["workspace"] = str(ws)
+    d, _ = post("/api/session/new", body)
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid, _pathlib.Path(d["session"]["workspace"])
+
+
+def test_crons_list():
+    data, status = get("/api/crons")
+    assert status == 200
+    assert "jobs" in data
+
+def test_crons_list_has_required_fields():
+    data, _ = get("/api/crons")
+    if not data["jobs"]: return
+    job = data["jobs"][0]
+    for field in ("id", "name", "prompt", "enabled", "schedule_display"):
+        assert field in job
+
+def test_crons_output_requires_job_id():
+    try:
+        get("/api/crons/output")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code == 400
+
+def test_crons_output_real_job():
+    data, _ = get("/api/crons")
+    if not data["jobs"]: return
+    job_id = data["jobs"][0]["id"]
+    out, status = get(f"/api/crons/output?job_id={job_id}&limit=3")
+    assert status == 200
+    assert "outputs" in out
+
+def test_crons_pause_requires_job_id():
+    result, status = post("/api/crons/pause", {})
+    assert status in (400, 404)
+
+def test_crons_resume_requires_job_id():
+    result, status = post("/api/crons/resume", {})
+    assert status in (400, 404)
+
+def test_crons_run_nonexistent():
+    result, status = post("/api/crons/run", {"job_id": "doesnotexist999"})
+    assert status == 404
+
+def test_skills_list():
+    data, status = get("/api/skills")
+    assert status == 200
+    assert len(data["skills"]) > 0
+
+def test_skills_list_has_required_fields():
+    data, _ = get("/api/skills")
+    skill = data["skills"][0]
+    assert "name" in skill and "description" in skill
+
+def test_skills_content_known():
+    data, status = get("/api/skills/content?name=dogfood")
+    assert status == 200
+    assert len(data["content"]) > 0
+
+def test_skills_content_requires_name():
+    try:
+        get("/api/skills/content")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code == 400
+
+def test_skills_search_returns_subset():
+    data, _ = get("/api/skills")
+    assert len(data["skills"]) > 5
+
+def test_memory_returns_both_files():
+    data, status = get("/api/memory")
+    assert status == 200
+    assert "memory" in data and "user" in data
+
+def test_memory_content_is_string():
+    data, _ = get("/api/memory")
+    assert isinstance(data["memory"], str)
+    assert isinstance(data["user"], str)
+
+def test_memory_has_mtime():
+    data, _ = get("/api/memory")
+    assert "memory_mtime" in data and "user_mtime" in data
+
+def test_session_update_requires_session_id():
+    result, status = post("/api/session/update", {"model": "openai/gpt-5.4-mini"})
+    assert status == 400
+
+def test_session_delete_requires_session_id():
+    result, status = post("/api/session/delete", {})
+    assert status == 400
+
+def test_chat_start_requires_session_id():
+    result, status = post("/api/chat/start", {"message": "hello"})
+    assert status == 400
+
+def test_chat_start_requires_message(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/chat/start", {"session_id": sid, "message": ""})
+    assert status == 400
+
+def test_session_update_unknown_id_returns_404():
+    result, status = post("/api/session/update", {"session_id": "nosuchsession", "model": "openai/gpt-5.4-mini"})
+    assert status == 404
+
+def test_session_search_returns_matches(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    post("/api/session/rename", {"session_id": sid, "title": f"unique-s3-{sid}"})
+    data, status = get(f"/api/sessions/search?q=unique-s3-{sid}")
+    assert status == 200
+    sids = [s["session_id"] for s in data["sessions"]]
+    assert sid in sids
+
+def test_session_search_empty_query_returns_all():
+    data, status = get("/api/sessions/search?q=")
+    assert status == 200 and "sessions" in data
+
+def test_session_search_no_results():
+    data, status = get("/api/sessions/search?q=zzznomatchzzz9999")
+    assert status == 200 and data["sessions"] == []
diff --git a/tests/test_sprint4.py b/tests/test_sprint4.py
new file mode 100644
index 0000000..95ebd20
--- /dev/null
+++ b/tests/test_sprint4.py
@@ -0,0 +1,156 @@
+"""Sprint 4 tests: relocation, session rename, search, file ops, validation."""
+import json, pathlib, uuid, urllib.request, urllib.error
+
+BASE = "http://127.0.0.1:8788"  # test server (isolated from production)
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read()), r.status
+
+def get_raw(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return r.read(), r.headers.get("Content-Type",""), r.status
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(BASE + path, data=data, headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+def make_session_tracked(created_list, ws=None):
+    """Create a session and register it with the cleanup fixture."""
+    import pathlib as _pathlib
+    body = {}
+    if ws: body["workspace"] = str(ws)
+    d, _ = post("/api/session/new", body)
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid, _pathlib.Path(d["session"]["workspace"])
+
+
+def test_server_running_from_new_location():
+    data, status = get("/health")
+    assert status == 200 and data["status"] == "ok"
+
+def test_static_css_served():
+    raw, ct, status = get_raw("/static/style.css")
+    assert status == 200 and "text/css" in ct and b"--bg" in raw
+
+def test_static_unknown_file_404():
+    try:
+        get_raw("/static/doesnotexist.xyz")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code == 404
+
+def test_session_rename(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/session/rename", {"session_id": sid, "title": "Renamed Session"})
+    assert status == 200 and result["session"]["title"] == "Renamed Session"
+
+def test_session_rename_persists(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    post("/api/session/rename", {"session_id": sid, "title": "Persisted"})
+    loaded, _ = get(f"/api/session?session_id={sid}")
+    assert loaded["session"]["title"] == "Persisted"
+
+def test_session_rename_truncates(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/session/rename", {"session_id": sid, "title": "A" * 200})
+    assert status == 200 and len(result["session"]["title"]) <= 80
+
+def test_session_rename_requires_fields():
+    result, status = post("/api/session/rename", {"session_id": "x"})
+    assert status == 400
+    result2, status2 = post("/api/session/rename", {"title": "hi"})
+    assert status2 == 400
+
+def test_session_rename_unknown_id():
+    result, status = post("/api/session/rename", {"session_id": "nosuchid", "title": "hi"})
+    assert status == 404
+
+def test_session_search_returns_matches(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    uid = uuid.uuid4().hex[:8]
+    post("/api/session/rename", {"session_id": sid, "title": f"s4-search-{uid}"})
+    data, status = get(f"/api/sessions/search?q=s4-search-{uid}")
+    assert status == 200
+    sids = [s["session_id"] for s in data["sessions"]]
+    assert sid in sids
+
+def test_session_search_empty_query_returns_all():
+    data, status = get("/api/sessions/search?q=")
+    assert status == 200 and "sessions" in data
+
+def test_session_search_no_results():
+    data, status = get("/api/sessions/search?q=zzznomatchzzz9999")
+    assert status == 200 and data["sessions"] == []
+
+def test_file_create(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    fname = f"test_{uuid.uuid4().hex[:6]}.txt"
+    result, status = post("/api/file/create", {"session_id": sid, "path": fname, "content": "hello sprint4"})
+    assert status == 200 and result["ok"] is True
+    assert (ws / fname).read_text() == "hello sprint4"
+
+def test_file_create_requires_fields(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/file/create", {"session_id": sid})
+    assert status == 400
+    result2, status2 = post("/api/file/create", {"path": "x.txt"})
+    assert status2 == 400
+
+def test_file_create_duplicate_rejected(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    fname = f"dup_{uuid.uuid4().hex[:6]}.txt"
+    post("/api/file/create", {"session_id": sid, "path": fname, "content": ""})
+    result, status = post("/api/file/create", {"session_id": sid, "path": fname, "content": ""})
+    assert status == 400
+
+def test_file_delete(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    (ws / "to_delete.txt").write_text("bye")
+    result, status = post("/api/file/delete", {"session_id": sid, "path": "to_delete.txt"})
+    assert status == 200 and not (ws / "to_delete.txt").exists()
+
+def test_file_delete_missing_returns_404(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/file/delete", {"session_id": sid, "path": "nosuchfile.txt"})
+    assert status == 404
+
+def test_file_delete_path_traversal_blocked(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/file/delete", {"session_id": sid, "path": "../../etc/passwd"})
+    assert status in (400, 500)
+
+def test_list_requires_session_id():
+    try:
+        get("/api/list?path=.")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code == 400
+
+def test_file_requires_session_id():
+    try:
+        get("/api/file?path=readme.txt")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code == 400
+
+def test_file_requires_path(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    try:
+        get(f"/api/file?session_id={sid}")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code == 400
+
+def test_new_session_inherits_workspace(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    post("/api/session/update", {"session_id": sid, "workspace": "/tmp", "model": "openai/gpt-5.4-mini"})
+    sid2, _ = make_session_tracked(cleanup_test_sessions)
+    data, _ = get(f"/api/session?session_id={sid2}")
+    assert data["session"]["workspace"] == "/tmp"
diff --git a/tests/test_sprint5.py b/tests/test_sprint5.py
new file mode 100644
index 0000000..79063af
--- /dev/null
+++ b/tests/test_sprint5.py
@@ -0,0 +1,140 @@
+"""Sprint 5 tests: workspace CRUD, file save, session index, JS serving."""
+import json, pathlib, uuid, urllib.request, urllib.error
+
+BASE = "http://127.0.0.1:8788"  # test server (isolated from production)
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read()), r.status
+
+def get_raw(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return r.read(), r.headers.get("Content-Type",""), r.status
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(BASE + path, data=data, headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+def make_session_tracked(created_list, ws=None):
+    """Create a session and register it with the cleanup fixture."""
+    import pathlib as _pathlib
+    body = {}
+    if ws: body["workspace"] = str(ws)
+    d, _ = post("/api/session/new", body)
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid, _pathlib.Path(d["session"]["workspace"])
+
+
+def test_server_running_from_new_location():
+    data, status = get("/health")
+    assert status == 200 and data["status"] == "ok"
+
+def test_app_js_served():
+    """Sprint 9: app.js replaced by modules. Verify ui.js (contains renderMd) is served."""
+    raw, ct, status = get_raw("/static/ui.js")
+    assert status == 200 and "javascript" in ct and b"renderMd" in raw
+
+def test_workspaces_list():
+    data, status = get("/api/workspaces")
+    assert status == 200 and "workspaces" in data and "last" in data
+
+def test_workspace_add_valid():
+    post("/api/workspaces/remove", {"path": "/tmp"})
+    result, status = post("/api/workspaces/add", {"path": "/tmp", "name": "Temp"})
+    assert status == 200 and any(w["path"]=="/tmp" for w in result["workspaces"])
+    post("/api/workspaces/remove", {"path": "/tmp"})
+
+def test_workspace_add_validates_existence():
+    result, status = post("/api/workspaces/add", {"path": "/tmp/does_not_exist_xyz_999"})
+    assert status == 400
+
+def test_workspace_add_validates_is_dir():
+    result, status = post("/api/workspaces/add", {"path": "/etc/hostname"})
+    assert status == 400
+
+def test_workspace_add_no_duplicate():
+    post("/api/workspaces/remove", {"path": "/tmp"})
+    post("/api/workspaces/add", {"path": "/tmp"})
+    result, status = post("/api/workspaces/add", {"path": "/tmp"})
+    assert status == 400 and "already" in result.get("error","").lower()
+    post("/api/workspaces/remove", {"path": "/tmp"})
+
+def test_workspace_add_requires_path():
+    result, status = post("/api/workspaces/add", {})
+    assert status == 400
+
+def test_workspace_remove():
+    post("/api/workspaces/remove", {"path": "/tmp"})
+    post("/api/workspaces/add", {"path": "/tmp", "name": "Temp"})
+    result, status = post("/api/workspaces/remove", {"path": "/tmp"})
+    assert status == 200 and "/tmp" not in [w["path"] for w in result["workspaces"]]
+
+def test_workspace_rename():
+    post("/api/workspaces/remove", {"path": "/tmp"})
+    post("/api/workspaces/add", {"path": "/tmp", "name": "Temp"})
+    result, status = post("/api/workspaces/rename", {"path": "/tmp", "name": "My Temp"})
+    assert status == 200
+    assert {w["path"]: w["name"] for w in result["workspaces"]}.get("/tmp") == "My Temp"
+    post("/api/workspaces/remove", {"path": "/tmp"})
+
+def test_workspace_rename_unknown():
+    result, status = post("/api/workspaces/rename", {"path": "/no/such/path", "name": "X"})
+    assert status == 404
+
+def test_last_workspace_updates_on_session_update(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    post("/api/session/update", {"session_id": sid, "workspace": "/tmp", "model": "openai/gpt-5.4-mini"})
+    data, _ = get("/api/workspaces")
+    assert data["last"] == "/tmp"
+
+def test_file_save(cleanup_test_sessions):
+    sid, ws = make_session_tracked(cleanup_test_sessions)
+    fname = f"save_{uuid.uuid4().hex[:6]}.txt"
+    (ws / fname).write_text("original content")
+    result, status = post("/api/file/save", {"session_id": sid, "path": fname, "content": "updated"})
+    assert status == 200 and (ws / fname).read_text() == "updated"
+
+def test_file_save_requires_fields(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/file/save", {"session_id": sid})
+    assert status == 400
+
+def test_file_save_nonexistent_returns_404(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/file/save", {"session_id": sid, "path": "no_such.txt", "content": ""})
+    assert status == 404
+
+def test_file_save_path_traversal_blocked(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/file/save", {"session_id": sid, "path": "../../etc/passwd", "content": ""})
+    assert status in (400, 500)
+
+def test_session_index_created_after_save(cleanup_test_sessions):
+    # Index is created in the TEST state dir, not the production dir
+    test_state_dir = pathlib.Path.home() / ".hermes" / "webui-mvp-test"
+    index_path = test_state_dir / "sessions" / "_index.json"
+    make_session_tracked(cleanup_test_sessions)
+    # Index may not exist yet if cleanup already wiped it -- just check the endpoint works
+    data, status = get("/api/sessions")
+    assert status == 200
+    assert isinstance(data["sessions"], list)
+
+def test_sessions_endpoint_returns_sorted():
+    data, status = get("/api/sessions")
+    assert status == 200
+    sessions = data["sessions"]
+    if len(sessions) >= 2:
+        assert sessions[0]["updated_at"] >= sessions[1]["updated_at"]
+
+def test_new_session_inherits_last_workspace(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    post("/api/session/update", {"session_id": sid, "workspace": "/tmp", "model": "openai/gpt-5.4-mini"})
+    sid2, _ = make_session_tracked(cleanup_test_sessions)
+    d, _ = get(f"/api/session?session_id={sid2}")
+    assert d["session"]["workspace"] == "/tmp"
diff --git a/tests/test_sprint6.py b/tests/test_sprint6.py
new file mode 100644
index 0000000..4914c07
--- /dev/null
+++ b/tests/test_sprint6.py
@@ -0,0 +1,151 @@
+"""Sprint 6 tests: Escape from editor, Phase D validation, HTML extraction, cron create, session export."""
+import json, uuid, pathlib, urllib.request, urllib.error
+REPO_ROOT = pathlib.Path(__file__).parent.parent.resolve()
+
+BASE = "http://127.0.0.1:8788"  # isolated test server
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read()), r.status
+
+def get_raw(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return r.read(), r.headers, r.status
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(BASE + path, data=data, headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+def make_session_tracked(created_list, ws=None):
+    body = {}
+    if ws: body["workspace"] = str(ws)
+    d, _ = post("/api/session/new", body)
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid, pathlib.Path(d["session"]["workspace"])
+
+# ── Phase E: HTML served from static/index.html ──
+
+def test_index_html_served():
+    raw, headers, status = get_raw("/")
+    assert status == 200
+    assert b"sidebarResize" in raw, "Resize handle not found in HTML"
+    assert b"cronCreateForm" in raw, "Cron create form not found in HTML"
+    assert b"btnExportJSON" in raw, "Export JSON button not found in HTML"
+
+def test_index_html_file_exists():
+    p = REPO_ROOT / "static/index.html"
+    assert p.exists(), "static/index.html does not exist"
+    assert p.stat().st_size > 5000, "index.html seems too small"
+
+def test_server_py_has_no_html_string():
+    txt = (REPO_ROOT / "server.py").read_text()
+    assert 'HTML = r"""' not in txt, "server.py still contains inline HTML string"
+    assert "doctype html" not in txt.lower(), "server.py still contains raw HTML"
+
+# ── Phase D: remaining endpoint validation ──
+
+def test_approval_respond_requires_session_id():
+    result, status = post("/api/approval/respond", {"choice": "deny"})
+    assert status == 400
+
+def test_approval_respond_rejects_invalid_choice(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    result, status = post("/api/approval/respond", {"session_id": sid, "choice": "INVALID"})
+    assert status == 400
+
+def test_file_raw_requires_session_id():
+    try:
+        get_raw("/api/file/raw?path=test.png")
+        assert False, "Expected 400"
+    except urllib.error.HTTPError as e:
+        assert e.code == 400
+
+def test_file_raw_unknown_session():
+    try:
+        get_raw("/api/file/raw?session_id=nosuchsession&path=test.png")
+        assert False, "Expected 404"
+    except urllib.error.HTTPError as e:
+        assert e.code == 404
+
+# ── Cron create ──
+
+def test_cron_create_requires_prompt():
+    result, status = post("/api/crons/create", {"schedule": "0 9 * * *"})
+    assert status == 400
+    assert "prompt" in result.get("error", "").lower()
+
+def test_cron_create_requires_schedule():
+    result, status = post("/api/crons/create", {"prompt": "Say hello"})
+    assert status == 400
+    assert "schedule" in result.get("error", "").lower()
+
+def test_cron_create_invalid_schedule():
+    result, status = post("/api/crons/create", {
+        "prompt": "Say hello", "schedule": "not_a_valid_schedule_xyz"
+    })
+    assert status == 400
+
+def test_cron_create_success():
+    uid = uuid.uuid4().hex[:6]
+    result, status = post("/api/crons/create", {
+        "name": f"test-job-{uid}",
+        "prompt": "Just say 'hello' and nothing else.",
+        "schedule": "every 999h",  # far future -- won't actually run during test
+        "deliver": "local",
+    })
+    assert status == 200, f"Expected 200 got {status}: {result}"
+    assert result["ok"] is True
+    assert "job" in result
+    job_id = result["job"]["id"]
+    # Verify it appears in the cron list
+    jobs, _ = get("/api/crons")
+    ids = [j["id"] for j in jobs["jobs"]]
+    assert job_id in ids, f"Created job {job_id} not in list"
+
+# ── Session export ──
+
+def test_session_export_requires_session_id():
+    try:
+        get_raw("/api/session/export")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code == 400
+
+def test_session_export_unknown_session():
+    try:
+        get_raw("/api/session/export?session_id=nosuchsession")
+        assert False
+    except urllib.error.HTTPError as e:
+        assert e.code == 404
+
+def test_session_export_returns_json(cleanup_test_sessions):
+    sid, _ = make_session_tracked(cleanup_test_sessions)
+    raw, headers, status = get_raw(f"/api/session/export?session_id={sid}")
+    assert status == 200
+    assert "application/json" in headers.get("Content-Type", "")
+    data = json.loads(raw)
+    assert data["session_id"] == sid
+    assert "messages" in data
+    assert "title" in data
+
+# ── Resizable panels: static files present ──
+
+def test_static_index_has_resize_handles():
+    raw, _, status = get_raw("/")
+    assert status == 200
+    assert b"sidebarResize" in raw
+    assert b"rightpanelResize" in raw
+
+def test_app_js_has_resize_logic():
+    """Sprint 9: app.js replaced by modules. Resize logic lives in boot.js."""
+    raw, _, status = get_raw("/static/boot.js")
+    assert status == 200
+    assert b"_initResizePanels" in raw
+    assert b"hermes-sidebar-w" in raw
+    assert b"hermes-panel-w" in raw
diff --git a/tests/test_sprint7.py b/tests/test_sprint7.py
new file mode 100644
index 0000000..1865653
--- /dev/null
+++ b/tests/test_sprint7.py
@@ -0,0 +1,130 @@
+"""
+Sprint 7 Tests: Cron CRUD, Skill CRUD, Memory Write, Session Content Search, Health
+"""
+import json, pathlib, urllib.error, urllib.parse, urllib.request
+
+BASE = "http://127.0.0.1:8788"
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read())
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(BASE + path, data=data, headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+def make_session_tracked(created_list, ws=None):
+    body = {}
+    if ws: body["workspace"] = str(ws)
+    d, _ = post("/api/session/new", body)
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid, pathlib.Path(d["session"]["workspace"])
+
+# ── Health (Phase G) ──────────────────────────────────────────────
+
+def test_health_has_active_streams():
+    data = get("/health")
+    assert "active_streams" in data
+    assert isinstance(data["active_streams"], int) and data["active_streams"] >= 0
+
+def test_health_has_uptime_seconds():
+    data = get("/health")
+    assert "uptime_seconds" in data
+    assert isinstance(data["uptime_seconds"], (int, float)) and data["uptime_seconds"] >= 0
+
+# ── Session content search ────────────────────────────────────────
+
+def test_session_search_empty_returns_all(cleanup_test_sessions):
+    data = get("/api/sessions/search?q=")
+    assert "sessions" in data
+
+def test_session_search_content_params_accepted(cleanup_test_sessions):
+    data = get("/api/sessions/search?q=hello&content=1&depth=3")
+    assert "sessions" in data and "query" in data and data["query"] == "hello"
+
+def test_session_search_returns_count(cleanup_test_sessions):
+    data = get("/api/sessions/search?q=nonexistent_xyz_9999&content=1")
+    assert "count" in data and data["count"] == 0
+
+# ── Cron update ───────────────────────────────────────────────────
+
+def test_cron_update_requires_job_id(cleanup_test_sessions):
+    data, status = post("/api/crons/update", {"name": "test"})
+    assert status == 400
+
+def test_cron_update_unknown_job_404(cleanup_test_sessions):
+    data, status = post("/api/crons/update", {"job_id": "nonexistent_abc123"})
+    assert status == 404
+
+# ── Cron delete ───────────────────────────────────────────────────
+
+def test_cron_delete_requires_job_id(cleanup_test_sessions):
+    data, status = post("/api/crons/delete", {})
+    assert status == 400
+
+def test_cron_delete_unknown_404(cleanup_test_sessions):
+    data, status = post("/api/crons/delete", {"job_id": "nonexistent_xyz999"})
+    assert status == 404
+
+# ── Skill save ────────────────────────────────────────────────────
+
+def test_skill_save_requires_name(cleanup_test_sessions):
+    data, status = post("/api/skills/save", {"content": "# test"})
+    assert status == 400
+
+def test_skill_save_requires_content(cleanup_test_sessions):
+    data, status = post("/api/skills/save", {"name": "test-no-content"})
+    assert status == 400
+
+def test_skill_save_invalid_name_rejected(cleanup_test_sessions):
+    data, status = post("/api/skills/save", {"name": "../../../etc/passwd", "content": "bad"})
+    assert status == 400
+
+def test_skill_save_delete_roundtrip(cleanup_test_sessions):
+    skill_name = "test-sprint7-skill"
+    content = "---\nname: test-sprint7-skill\ndescription: Sprint 7 test.\ntags: [test]\n---\n\n# Test\n\nSprint 7 test skill."
+    data, status = post("/api/skills/save", {"name": skill_name, "content": content})
+    assert status == 200 and data.get("ok") is True
+    skill_path = pathlib.Path(data["path"])
+    assert skill_path.exists() and skill_path.read_text() == content
+    del_data, del_status = post("/api/skills/delete", {"name": skill_name})
+    assert del_status == 200 and del_data.get("ok") is True
+    assert not skill_path.exists()
+
+def test_skill_delete_requires_name(cleanup_test_sessions):
+    data, status = post("/api/skills/delete", {})
+    assert status == 400
+
+def test_skill_delete_unknown_404(cleanup_test_sessions):
+    data, status = post("/api/skills/delete", {"name": "nonexistent-skill-xyz-9999"})
+    assert status == 404
+
+# ── Memory write ──────────────────────────────────────────────────
+
+def test_memory_write_requires_section(cleanup_test_sessions):
+    data, status = post("/api/memory/write", {"content": "test"})
+    assert status == 400
+
+def test_memory_write_requires_content(cleanup_test_sessions):
+    data, status = post("/api/memory/write", {"section": "memory"})
+    assert status == 400
+
+def test_memory_write_invalid_section(cleanup_test_sessions):
+    data, status = post("/api/memory/write", {"section": "invalid", "content": "test"})
+    assert status == 400
+
+def test_memory_write_read_roundtrip(cleanup_test_sessions):
+    original = get("/api/memory").get("memory", "")
+    test_content = "# Sprint 7 Test\nWritten by test_memory_write_read_roundtrip."
+    data, status = post("/api/memory/write", {"section": "memory", "content": test_content})
+    assert status == 200 and data.get("ok") is True
+    read_back = get("/api/memory").get("memory")
+    assert read_back == test_content
+    # Restore
+    post("/api/memory/write", {"section": "memory", "content": original})
diff --git a/tests/test_sprint8.py b/tests/test_sprint8.py
new file mode 100644
index 0000000..2841a3d
--- /dev/null
+++ b/tests/test_sprint8.py
@@ -0,0 +1,125 @@
+"""
+Sprint 8 Tests: Edit/regenerate, clear conversation, truncate, reconnect banner fix, syntax highlight.
+"""
+import json, pathlib, urllib.error, urllib.parse, urllib.request
+
+BASE = "http://127.0.0.1:8788"
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read())
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(BASE + path, data=data, headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+def make_session_tracked(created_list):
+    d, _ = post("/api/session/new", {})
+    sid = d["session"]["session_id"]
+    created_list.append(sid)
+    return sid
+
+# ── /api/session/clear ─────────────────────────────────────────────
+
+def test_session_clear_requires_session_id(cleanup_test_sessions):
+    data, status = post("/api/session/clear", {})
+    assert status == 400
+
+def test_session_clear_unknown_session_404(cleanup_test_sessions):
+    data, status = post("/api/session/clear", {"session_id": "nonexistent_xyz"})
+    assert status == 404
+
+def test_session_clear_wipes_messages(cleanup_test_sessions):
+    created = []
+    sid = make_session_tracked(created)
+    # Inject a fake message directly into the session via rename (to give it a title first)
+    post("/api/session/rename", {"session_id": sid, "title": "clear-test"})
+    # Manually load and verify session exists
+    sess = get(f"/api/session?session_id={urllib.parse.quote(sid)}")
+    assert sess["session"]["session_id"] == sid
+    # Clear it
+    data, status = post("/api/session/clear", {"session_id": sid})
+    assert status == 200, f"Expected 200, got {status}: {data}"
+    assert data.get("ok") is True
+    assert data.get("session") is not None
+    # Load again and verify messages empty
+    sess2 = get(f"/api/session?session_id={urllib.parse.quote(sid)}")
+    assert sess2["session"]["messages"] == []
+    assert sess2["session"]["title"] == "Untitled"
+    # Cleanup
+    post("/api/session/delete", {"session_id": sid})
+
+def test_session_clear_returns_session_compact(cleanup_test_sessions):
+    created = []
+    sid = make_session_tracked(created)
+    data, status = post("/api/session/clear", {"session_id": sid})
+    assert status == 200
+    assert "session" in data
+    assert data["session"]["session_id"] == sid
+    post("/api/session/delete", {"session_id": sid})
+
+# ── /api/session/truncate ──────────────────────────────────────────
+
+def test_session_truncate_requires_session_id(cleanup_test_sessions):
+    data, status = post("/api/session/truncate", {"keep_count": 2})
+    assert status == 400
+
+def test_session_truncate_requires_keep_count(cleanup_test_sessions):
+    data, status = post("/api/session/truncate", {"session_id": "xyz"})
+    assert status == 400
+
+def test_session_truncate_unknown_session_404(cleanup_test_sessions):
+    data, status = post("/api/session/truncate", {"session_id": "nonexistent_xyz", "keep_count": 0})
+    assert status == 404
+
+def test_session_truncate_returns_messages(cleanup_test_sessions):
+    created = []
+    sid = make_session_tracked(created)
+    data, status = post("/api/session/truncate", {"session_id": sid, "keep_count": 0})
+    assert status == 200
+    assert data.get("ok") is True
+    assert "messages" in data["session"]
+    assert data["session"]["messages"] == []
+    post("/api/session/delete", {"session_id": sid})
+
+# ── Static files contain new features ─────────────────────────────
+
+def test_app_js_contains_edit_message(cleanup_test_sessions):
+    """Verify editMessage function is present in ui.js (Sprint 9: module split)."""
+    with urllib.request.urlopen(BASE + "/static/ui.js", timeout=10) as r:
+        src = r.read().decode()
+    assert "editMessage" in src
+    assert "msg-edit-area" in src
+
+def test_app_js_contains_regenerate(cleanup_test_sessions):
+    with urllib.request.urlopen(BASE + "/static/ui.js", timeout=10) as r:
+        src = r.read().decode()
+    assert "regenerateResponse" in src
+
+def test_app_js_contains_clear_conversation(cleanup_test_sessions):
+    with urllib.request.urlopen(BASE + "/static/panels.js", timeout=10) as r:
+        src = r.read().decode()
+    assert "clearConversation" in src
+    assert "api/session/clear" in src
+
+def test_app_js_contains_highlight_code(cleanup_test_sessions):
+    with urllib.request.urlopen(BASE + "/static/ui.js", timeout=10) as r:
+        src = r.read().decode()
+    assert "highlightCode" in src
+    assert "Prism" in src
+
+def test_index_html_contains_prism(cleanup_test_sessions):
+    with urllib.request.urlopen(BASE + "/", timeout=10) as r:
+        src = r.read().decode()
+    assert "prismjs" in src.lower()
+
+def test_index_html_contains_clear_button(cleanup_test_sessions):
+    with urllib.request.urlopen(BASE + "/", timeout=10) as r:
+        src = r.read().decode()
+    assert "btnClearConv" in src
+    assert "clearConversation" in src
diff --git a/tests/test_sprint9.py b/tests/test_sprint9.py
new file mode 100644
index 0000000..c5482bc
--- /dev/null
+++ b/tests/test_sprint9.py
@@ -0,0 +1,115 @@
+"""
+Sprint 9 Tests: app.js module split verification, tool cards, todo panel.
+Run: python -m pytest tests/test_sprint9.py -v
+"""
+import json, pathlib, urllib.error, urllib.request
+
+BASE = "http://127.0.0.1:8788"
+
+def get_text(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return r.read().decode()
+
+def get(path):
+    with urllib.request.urlopen(BASE + path, timeout=10) as r:
+        return json.loads(r.read())
+
+def post(path, body=None):
+    data = json.dumps(body or {}).encode()
+    req = urllib.request.Request(BASE + path, data=data,
+                                  headers={"Content-Type": "application/json"})
+    try:
+        with urllib.request.urlopen(req, timeout=10) as r:
+            return json.loads(r.read()), r.status
+    except urllib.error.HTTPError as e:
+        return json.loads(e.read()), e.code
+
+# ── Module split: all 6 files served ──────────────────────────────────────
+
+def test_ui_js_served(cleanup_test_sessions):
+    src = get_text("/static/ui.js")
+    assert len(src) > 1000
+    assert "function setBusy" in src
+    assert "function syncTopbar" in src
+    assert "const S=" in src or "const S =" in src
+
+def test_workspace_js_served(cleanup_test_sessions):
+    src = get_text("/static/workspace.js")
+    assert "async function api(" in src
+    assert "async function loadDir(" in src
+    assert "async function openFile(" in src  # renderFileTree is in ui.js
+
+def test_sessions_js_served(cleanup_test_sessions):
+    src = get_text("/static/sessions.js")
+    assert "async function newSession(" in src
+    assert "async function loadSession(" in src
+    assert "async function renderSessionList(" in src
+
+def test_messages_js_served(cleanup_test_sessions):
+    src = get_text("/static/messages.js")
+    assert "async function send(" in src
+    assert "function transcript(" in src
+
+def test_panels_js_served(cleanup_test_sessions):
+    src = get_text("/static/panels.js")
+    assert "async function switchPanel(" in src
+    assert "async function loadCrons(" in src
+    assert "async function loadSkills(" in src
+    assert "async function loadMemory(" in src
+
+def test_boot_js_served(cleanup_test_sessions):
+    src = get_text("/static/boot.js")
+    assert "btnSend" in src
+    assert "btnNewChat" in src
+    # boot IIFE
+    assert "(async()=>{" in src or "(async () => {" in src
+
+def test_app_js_no_longer_referenced_in_html(cleanup_test_sessions):
+    """index.html must not reference the old monolithic app.js."""
+    html = get_text("/")
+    assert 'src="/static/app.js"' not in html
+    # All 6 modules must be present
+    for module in ["ui.js", "workspace.js", "sessions.js", "messages.js", "panels.js", "boot.js"]:
+        assert f'src="/static/{module}"' in html, f"Missing {module} in index.html"
+
+def test_module_load_order_correct(cleanup_test_sessions):
+    """ui.js must appear before sessions.js which must appear before boot.js."""
+    html = get_text("/")
+    ui_pos = html.find('src="/static/ui.js"')
+    ws_pos = html.find('src="/static/workspace.js"')
+    sess_pos = html.find('src="/static/sessions.js"')
+    msg_pos = html.find('src="/static/messages.js"')
+    panels_pos = html.find('src="/static/panels.js"')
+    boot_pos = html.find('src="/static/boot.js"')
+    assert ui_pos < ws_pos < sess_pos < msg_pos < panels_pos < boot_pos
+
+def test_no_duplicate_function_definitions(cleanup_test_sessions):
+    """No function name should appear in more than one module."""
+    import re
+    modules = ["ui.js", "workspace.js", "sessions.js", "messages.js", "panels.js", "boot.js"]
+    seen = {}
+    for m in modules:
+        src = get_text(f"/static/{m}")
+        fns = re.findall(r'(?:async )?function ([a-zA-Z_$][a-zA-Z0-9_$]*)\s*\(', src)
+        for fn in fns:
+            if fn in seen:
+                assert False, f"Duplicate function {fn} in both {seen[fn]} and {m}"
+            seen[fn] = m
+    assert len(seen) > 50, f"Expected 50+ functions, got {len(seen)}"
+
+def test_all_functions_present_across_modules(cleanup_test_sessions):
+    """Key functions must be present somewhere in the split modules."""
+    import re
+    modules = ["ui.js", "workspace.js", "sessions.js", "messages.js", "panels.js", "boot.js"]
+    all_src = ""
+    for m in modules:
+        all_src += get_text(f"/static/{m}")
+    required = [
+        "setBusy", "syncTopbar", "renderMessages", "send", "loadSession",
+        "newSession", "renderSessionList", "loadDir", "switchPanel",
+        "loadCrons", "loadSkills", "loadMemory", "editMessage",
+        "regenerateResponse", "clearConversation", "highlightCode",
+        "toggleSkillForm", "submitSkillSave", "toggleMemoryEdit",
+    ]
+    for fn in required:
+        assert fn in all_src, f"Function {fn} missing from all modules"