docs: expand v2.2.0 release notes + README for full 2.2 scope

The pre-existing release notes and README "What's New in 2.2" block only covered the original Project Templates feature. This expands both to reflect everything that's actually shipping in 2.2: - Template Configuration (schemaVersion 2): typed schema, 7 field types, Keychain-backed secrets, configure step in install flow, post-install Configuration editor, model recommendations. - Template Catalog: gh-pages site with live dashboard previews, stdlib-only Python validator mirroring Swift invariants, PR CI gate, install-URL hosting from raw main. - Example template `awizemann/site-status-checker` exercising every v2.2 surface — config form, cron, Site tab webview, dashboard updates. - Site tab — a webview widget in any dashboard exposes a second tab next to Dashboard, rendering a live URL. - UX clarifications: Remove from List (keep files) vs. Uninstall Template (remove installed files), preserved-files banner on uninstall success, Run Now no longer blocks on long agent runs. - Install-time {{PROJECT_DIR}} / {{TEMPLATE_ID}} / {{TEMPLATE_SLUG}} token substitution in cron prompts. Release-notes link + wiki link surfaced at the bottom of the README block so readers have a jump to full details. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fix: Run Now agent-run timing + non-404 webview placeholder
2026-05-10 18:44:45 +00:00 · 2026-04-23 18:12:37 +02:00 · 2026-04-23 17:14:29 +02:00 · 2026-04-23 17:14:29 +02:00 · 2026-04-23 17:14:29 +02:00 · 2026-04-23 17:14:29 +02:00
208 changed files with 55067 additions and 1652 deletions
@@ -0,0 +1,42 @@
 <!--
 Use this template when submitting a new Scarf project template or updating
 an existing one. For regular code/docs PRs, delete this template and write
 your own summary.
 Switch to this template by adding `?template=template-submission.md` to the
 compare URL, or let GitHub pick it up automatically when you touch files
 under templates/.
 -->
 ## What's in this PR
 - [ ] New template: `templates/<your-handle>/<your-template-name>/`
 - [ ] Update to existing template: `templates/<author>/<name>/` (which one and why)
 ## One-line pitch
 _What does this template do for its installers? Two sentences max._
 ## Checklist
 - [ ] I wrote this template, or have the author's explicit permission to submit it.
 - [ ] `AGENTS.md` is present and tells any cross-agent what the project does and how to run it.
 - [ ] `README.md` includes install, customize, and uninstall instructions.
 - [ ] The bundle's `template.json` `contents` claim matches what's actually in the zip.
 - [ ] Cron jobs (if any) ship paused and use self-contained prompts.
 - [ ] No secrets in any file (API keys, tokens, hostnames, IPs, credentials).
 - [ ] No writes to `config.yaml`, `auth.json`, or credential paths — v1 installer will refuse.
 - [ ] `python3 tools/build-catalog.py --check` passes locally.
 - [ ] I installed + uninstalled this template on my machine and verified the `AGENTS.md` contract works end-to-end.
 - [ ] I did **not** edit `templates/catalog.json` — the maintainer regenerates it post-merge.
 ## Testing notes
 _What did you run, what did you see? Paste the log output of the cron job
 firing once, or the chat transcript of asking the agent to do the main
 thing. Reviewers don't have your machine — show, don't tell._
 ## Screenshots (optional)
 _Drop screenshots of the installed dashboard, or the catalog detail page
 rendered locally (`./scripts/catalog.sh preview && open /tmp/scarf-catalog-preview/templates/<slug>/index.html`)._
@@ -0,0 +1,74 @@
 # Validates `.scarftemplate` bundles on PRs that touch templates/.
 #
 # Mirrors the invariants `ProjectTemplateService.verifyClaims` enforces at
 # install time. Runs the same Python script the maintainer uses locally
 # (tools/build-catalog.py --check) so a bundle can't reach main unless the
 # validator is happy.
 #
 # Also runs tools/test_build_catalog.py so drift between the validator and
 # its own test suite is caught on the same PR.
 name: Validate template submissions
 on:
  pull_request:
    paths:
      - 'templates/**'
      - 'tools/build-catalog.py'
      - 'tools/test_build_catalog.py'
      - '.github/workflows/validate-template-pr.yml'
 permissions:
  contents: read
  pull-requests: write
 jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          # Full clone so we can diff against the PR base and scope
          # --only to just the changed templates if we want to later.
          fetch-depth: 0
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          # The validator is stdlib-only and tested against 3.9+ (the
          # system Python on current macOS, what most maintainers run
          # locally). CI uses 3.11 for faster cold-cache times on
          # GitHub Actions runners — same stdlib APIs, same code paths.
          python-version: '3.11'
      - name: Run validator unit tests
        run: python3 tools/test_build_catalog.py -v
      - name: Validate every template
        id: validate
        run: |
          set -o pipefail
          python3 tools/build-catalog.py --check 2>&1 | tee /tmp/validator.log
      - name: Post failure comment
        if: failure() && steps.validate.outcome == 'failure'
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            let body = '## Template validation failed\n\n';
            try {
              const log = fs.readFileSync('/tmp/validator.log', 'utf8');
              body += '```\n' + log.slice(-3000) + '\n```\n';
            } catch (e) {
              body += 'See the failed job log for details.\n';
            }
            body += '\nFix the issues above and push again — the check reruns automatically.\n';
            body += '\nLocal reproduction: `python3 tools/build-catalog.py --check`\n';
            await github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body,
            });
@@ -1,5 +1,7 @@
 # Xcode
 build/
 .gh-pages-worktree/
 .wiki-worktree/
 DerivedData/
 *.pbxuser
 !default.pbxuser
@@ -46,3 +48,11 @@ scarf/standards/backups/
 # Scarf project dashboards (user-specific)
 .scarf/
 # Release artifacts — GitHub Releases hosts the binaries; no need to bloat git
 # history. RELEASE_NOTES.md stays tracked (committed with the version bump).
 releases/v*/*.zip
 releases/v*/appcast-entry.xml
 # Wiki helper: personal patterns (hostnames, IPs) blocked from the wiki push.
 scripts/wiki-blocklist.txt
@@ -39,6 +39,128 @@ scarf/scarf/           Xcode project root (PBXFileSystemSynchronizedRootGroup
 xcodebuild -project scarf/scarf.xcodeproj -scheme scarf -configuration Debug build
 ```
 ## Releases
 Shipped via a single local script. **Never run manual `xcodebuild archive` / `notarytool` / `gh release create` steps — use the script so nothing is skipped or misordered.**
 ```bash
 ./scripts/release.sh <version>           # full release: notarize → appcast → gh-pages → tag
 ./scripts/release.sh <version> --draft   # draft: everything builds + notarizes, but appcast/tag are skipped
 ```
 The script bumps version, archives Universal (arm64 + x86_64) + ARM64-only variants, signs with Developer ID, notarizes via `xcrun notarytool` (keychain profile `scarf-notary`), staples, EdDSA-signs the appcast entry with Sparkle's key, pushes the appcast to `gh-pages`, and creates a GitHub release with both zips attached. Draft mode stops after the release is uploaded so the current version stays "latest" until explicitly promoted.
 **Release notes convention:** write them to `releases/v<version>/RELEASE_NOTES.md` BEFORE running the script — it's auto-included in the version-bump commit and used as the GitHub release body. If absent, a placeholder is used.
 **Canonical prompts (any of these trigger the flow):**
 - "Release v1.6.2" — full release
 - "Release v1.6.2 as draft" — draft mode
 - "Prepare v1.6.2 release notes from recent commits, then release" — generate notes first, then run
 **Prerequisites (one-time, already set up on Alan's machine):** Developer ID Application cert in login Keychain (team `3Q6X2L86C4`), notarytool keychain profile `scarf-notary`, Sparkle EdDSA private key in Keychain item `https://sparkle-project.org`, `gh-pages` branch + GitHub Pages enabled. See the header of [scripts/release.sh](scripts/release.sh) and the Releases section in [README.md](README.md) for details.
 ## Wiki
 Public documentation lives in the GitHub wiki at https://github.com/awizemann/scarf/wiki. The wiki is a separate git repo cloned to `.wiki-worktree/` in the repo root (gitignored, sibling to `.gh-pages-worktree/`). Internal dev notes stay in `scarf/docs/`; the wiki is for public-facing reference.
 **Update the wiki when:**
 - A new feature module is added under `scarf/scarf/scarf/Features/` → extend the relevant User Guide page.
 - A new core service is added under `Core/Services/` → extend `Core-Services.md`.
 - Architecture changes (AppCoordinator, transport, MVVM-F rule, sandbox) → `Architecture-Overview.md` + the specific sub-page.
 - Hermes version bumps in this file → `Hermes-Version-Compatibility.md`.
 - `scripts/release.sh` completes a full (non-draft) release → bump latest-version on `Home.md` + append to `Release-Notes-Index.md`.
 - Keyboard shortcut or sidebar section changes → `Keyboard-Shortcuts.md` / `Sidebar-and-Navigation.md`.
 **Skip for:** bug fixes with no user-observable change, pure refactors, typos, test-only changes, internal cleanups.
 ```bash
 ./scripts/wiki.sh pull                         # always first
 # edit .wiki-worktree/*.md with normal tools
 ./scripts/wiki.sh commit "docs: describe X"   # runs secret-scan
 ./scripts/wiki.sh push                         # runs secret-scan again, then push
 ```
 **Never** commit API keys, tokens, `.env` files, private keys, or real hostnames/IPs to the wiki. The script's two-pass secret-scan blocks common token patterns and a user-maintained blocklist at `scripts/wiki-blocklist.txt` (gitignored). Do not bypass without explicit approval. Full workflow on the wiki itself at `.wiki-worktree/Wiki-Maintenance.md`.
 ## Hermes Version
 Targets Hermes v0.9.0 (v2026.4.13). Log lines may carry an optional `[session_id]` tag between the level and logger name — `HermesLogService.parseLine` treats the session tag as an optional capture group, so older untagged lines still parse.
 ## Project Templates
 Scarf ships a `.scarftemplate` format (v1 as of 2.2.0) for sharing pre-packaged projects across users and machines. A bundle is a zip containing:
 - `template.json` — manifest (id, name, version, `contents` claim)
 - `README.md` — shown in the install preview sheet
 - `AGENTS.md` — required; the [Linux Foundation cross-agent instructions standard](https://agents.md/) — every template is agent-portable out of the box
 - `dashboard.json` — copied to `<project>/.scarf/dashboard.json`
 - `instructions/…` — optional per-agent shims (`CLAUDE.md`, `GEMINI.md`, `.cursorrules`, `.github/copilot-instructions.md`)
 - `skills/<name>/…` — optional; installed to `~/.hermes/skills/templates/<slug>/` (namespaced so uninstall is `rm -rf` on one folder)
 - `cron/jobs.json` — optional; registered via `hermes cron create` with a `[tmpl:<id>] …` name prefix and immediately paused
 - `memory/append.md` — optional; appended to `~/.hermes/memories/MEMORY.md` between `<!-- scarf-template:<id>:begin/end -->` markers
 Key services: [ProjectTemplateService.swift](scarf/scarf/Core/Services/ProjectTemplateService.swift) (inspect + validate + plan), [ProjectTemplateInstaller.swift](scarf/scarf/Core/Services/ProjectTemplateInstaller.swift) (execute a plan), [ProjectTemplateExporter.swift](scarf/scarf/Core/Services/ProjectTemplateExporter.swift) (build a bundle from a project), [ProjectTemplateUninstaller.swift](scarf/scarf/Core/Services/ProjectTemplateUninstaller.swift) (reverse an install using the lock file). UI in [Features/Templates/](scarf/scarf/Features/Templates/). The `scarf://install?url=<https URL>` deep link + `file://` URLs for `.scarftemplate` files are handled by [TemplateURLRouter.swift](scarf/scarf/Core/Services/TemplateURLRouter.swift) and `onOpenURL` in `scarfApp.swift`. A `<project>/.scarf/template.lock.json` uninstall manifest is written after every install and drives the uninstall flow.
 **Uninstall semantics:** driven by the lock file. Only files listed in `lock.projectFiles` are removed from the project dir; user-added files (e.g. a `sites.txt` created on first run) are preserved. If every file in the dir was installed by the template, the dir is removed too; otherwise the dir stays with just the user's files. Skills namespace is always removed wholesale (it's isolated). Cron jobs are removed via `hermes cron remove <id>` after resolving each lock-recorded name. Memory block is stripped between the `begin`/`end` markers, leaving the rest of MEMORY.md intact. No "undo" — uninstall is destructive; to re-install, run the install flow again. Uninstall UI lives on the project-list context menu and the dashboard header (only shown when the selected project has a lock file).
 **Never** let a template write to `config.yaml`, `auth.json`, sessions, or any credential path — the v1 installer refuses. If you extend the format, treat the preview sheet as load-bearing: the user's only trust boundary is that the sheet is honest about everything that's about to be written.
 ### Template configuration (v2.3, schemaVersion 2)
 Templates can declare a typed configuration schema in `template.json`'s new `config` block. The installer renders a **Configure** step between the parent-directory pick and the preview sheet; values land at `<project>/.scarf/config.json` (non-secret) and in the login Keychain (secret). A post-install **Configuration** button on the dashboard header (shown when `<project>/.scarf/manifest.json` exists) opens the same form pre-filled for editing.
 Manifest shape:
 ```json
 {
  "schemaVersion": 2,
  "contents": { "dashboard": true, "agentsMd": true, "config": 2 },
  "config": {
    "schema": [
      {"key": "site_url", "type": "string", "label": "Site URL", "required": true},
      {"key": "api_token", "type": "secret", "label": "API Token", "required": true}
    ],
    "modelRecommendation": {
      "preferred": "claude-sonnet-4.5",
      "rationale": "Tool-heavy workload — reasoning helps."
    }
  }
 }
 ```
 Supported field types: `string`, `text`, `number`, `bool`, `enum` (with `options: [{value, label}]`), `list` (itemType `"string"` only in v1), `secret`. Type-specific constraints (`pattern`, `min`/`max`, `minLength`/`maxLength`, `minItems`/`maxItems`) are optional. `secret` fields **must not** declare a `default` — the validator refuses.
 Key services: [TemplateConfig.swift](scarf/scarf/Core/Models/TemplateConfig.swift) (schema + value models + Keychain ref helpers), [ProjectConfigKeychain.swift](scarf/scarf/Core/Services/ProjectConfigKeychain.swift) (thin `SecItemAdd`/`Copy`/`Delete` wrapper; the only Keychain user in Scarf today), [ProjectConfigService.swift](scarf/scarf/Core/Services/ProjectConfigService.swift) (load/save config.json, resolve secrets, cache manifest, validate schema + values). UI in [Features/Templates/ViewModels/TemplateConfigViewModel.swift](scarf/scarf/Features/Templates/ViewModels/TemplateConfigViewModel.swift) + [Features/Templates/Views/TemplateConfigSheet.swift](scarf/scarf/Features/Templates/Views/TemplateConfigSheet.swift).
 **Secret storage.** Keychain service name is `com.scarf.template.<slug>`, account is `<fieldKey>:<project-path-hash-short>`. The path-hash suffix means two installs of the same template in different dirs don't collide on Keychain entries. Values in `config.json` are `"keychain://service/account"` URIs — never plaintext. The bytes hit the Keychain only on form commit, so cancelling never leaves orphan entries.
 **Uninstall.** `TemplateLock` v2 gains `config_keychain_items` and `config_fields` arrays. The uninstaller iterates each URI through `SecItemDelete` before removing the lock file. Absent items (user hand-cleaned) are no-ops.
 **Exporter.** Carries the *schema* from `<project>/.scarf/manifest.json` through into exported bundles, never values. Exporting never leaks anyone's secrets. `schemaVersion` bumps to 2 only when a schema is forwarded; schema-less exports stay at 1.
 **Catalog site.** [tools/build-catalog.py](tools/build-catalog.py) mirrors the Swift schema validator. Each v2 template's `template.json` is copied into `.gh-pages-worktree/templates/<slug>/manifest.json` and the site's `widgets.js` calls `ScarfWidgets.renderConfigSchema` to display the schema on the detail page (display-only — the form lives in-app).
 **Schema is Swift-primary.** If `TemplateConfigField.FieldType` gains a new case, update in order: `TemplateConfig.swift` (model + validation), `tools/build-catalog.py` (`SUPPORTED_CONFIG_FIELD_TYPES` + type-specific rules), `widgets.js` (`summariseConstraint`), `TemplateConfigSheet.swift` (new control subview), tests on both sides. Schema drift between validator + installer is the kind of bug users only notice after shipping.
 ## Template Catalog
 Shipped community templates live at `templates/<author>/<name>/` (one level down — `templates/CONTRIBUTING.md` explains the submission flow for authors). The catalog site is generated from this directory and served at `awizemann.github.io/scarf/templates/` alongside the Sparkle appcast — the two coexist on the `gh-pages` branch but touch completely disjoint paths.
 Pipeline:
 - **Validator + regenerator:** [tools/build-catalog.py](tools/build-catalog.py) is stdlib-only Python (3.9+). It walks `templates/*/*/`, validates every `.scarftemplate` against its manifest claim (mirrors the Swift `ProjectTemplateService.verifyClaims` invariants), enforces a 5 MB bundle-size cap, scans for high-confidence secret patterns, checks `staging/` matches the built bundle byte-for-byte, and emits `templates/catalog.json`. Tested by [tools/test_build_catalog.py](tools/test_build_catalog.py) — 16 tests covering every validation path.
 - **Wrapper:** [scripts/catalog.sh](scripts/catalog.sh) mirrors the `scripts/wiki.sh` shape with `check / build / preview / serve / publish` subcommands. `publish` runs a second-pass secret-scan against the rendered site before committing + pushing `gh-pages`.
 - **Site source:** `site/index.html.tmpl` + `site/template.html.tmpl` are `{{TOKEN}}`-substitution templates. `site/widgets.js` (~300 lines of vanilla JS) is the dogfood — renders a `ProjectDashboard` JSON into HTML using the same widget vocabulary the Swift app uses, so each template's detail page shows a live preview of its post-install dashboard.
 - **Install-URL hosting:** raw-served from `main` at `https://raw.githubusercontent.com/awizemann/scarf/main/templates/<author>/<name>/<name>.scarftemplate`. No per-template Releases ceremony.
 - **CI gate:** [.github/workflows/validate-template-pr.yml](.github/workflows/validate-template-pr.yml) runs the Python validator + its own test suite on every PR that touches `templates/`, the validator, or its tests. Failures post a comment on the PR with the last 3 KB of the validator log.
 Maintainer workflow on merge to main:
 ```bash
 ./scripts/catalog.sh build       # regenerate templates/catalog.json + .gh-pages-worktree/templates/
 ./scripts/catalog.sh publish     # secret-scan rendered output + commit + push gh-pages
 ```
 Same cadence as `scripts/release.sh` (manual, auditable, no auto-deploy). Runs stay isolated: release.sh only touches `appcast.xml` on gh-pages; catalog.sh only touches `templates/` on gh-pages. Never push catalog output on a release cadence or vice versa.
 **Schema is Swift-primary.** When `ProjectDashboardWidget.type` gains a new case or `ProjectTemplateManifest` adds a field, update Swift first, then mirror into `tools/build-catalog.py` (`SUPPORTED_WIDGET_TYPES`, `_validate_manifest`, `_validate_contents_claim`) so the web validator stays honest. The Python test suite's real-bundle test catches drift on the example template but not on the full widget vocabulary — add a synthetic fixture to `test_build_catalog.py` for any new widget type.
@@ -33,6 +33,27 @@ Rules:
 - The app only reads from `~/.hermes/state.db` (never writes). Memory files are the exception.
 - Swift 6 strict concurrency: `@MainActor` default isolation, `nonisolated` for service methods.
 ## Documentation
 Public docs live in the [GitHub wiki](https://github.com/awizemann/scarf/wiki). Small fixes (typos, clarifications) can be made via the "Edit" button on any wiki page — you need push access to the main repo. For larger changes, clone the wiki locally (`git clone git@github.com:awizemann/scarf.wiki.git`) or open an issue describing the proposed change.
 ## Adding a Language
 Scarf ships with English + Simplified Chinese, German, French, Spanish, Japanese, and Brazilian Portuguese. To add another locale (or improve an existing one):
 1. **Fork** the repo and create a branch.
 2. **Add the locale to `knownRegions`** in `scarf/scarf.xcodeproj/project.pbxproj` — follow the existing list (e.g. add `it` after `"pt-BR"`).
 3. **Drop a new JSON file at `tools/translations/<locale>.json`** — copy an existing one (say `tools/translations/es.json`) as a starting point. Each entry maps the English source string to your translation. Keys you omit fall back to English at runtime — do that for proper nouns (Scarf, Hermes, Anthropic, OAuth, SSH, …) and for anything technical that shouldn't translate.
 4. **Preserve format specifiers exactly**: `%@`, `%lld`, `%d`, positional `%1$@` / `%2$lld`, etc. If word order needs to change in your language, use positional forms (`%1$@ … %2$@`).
 5. **Add your locale to `tools/merge-translations.py`'s `LOCALES` list** and run `python3 tools/merge-translations.py` — this writes your translations into `scarf/scarf/Localizable.xcstrings`.
 6. **Translate `scarf/scarf/InfoPlist.xcstrings`** (the macOS microphone-permission prompt) for your locale. Add a new `stringUnit` under `localizations`.
 7. **Build** (`xcodebuild -project scarf/scarf.xcodeproj -scheme scarf build`) and **sanity-check in Xcode**: Scheme → Run → App Language → your locale. Walk the main views (Dashboard, Chat, Settings) and look for clipping or obvious leaks.
 8. **Open a PR** including the new JSON file, the updated catalog, and the pbxproj / script changes. Mention which routes you spot-checked.
 AI translation is fine for the first pass — it's how the initial six locales landed. Native-speaker review improves quality and is always welcome, either as a follow-up PR or as review comments on the initial one.
 See [scarf/docs/I18N.md](scarf/docs/I18N.md) for deeper context on the String Catalog setup and which strings are intentionally kept verbatim.
 ## Reporting Issues
 Open an issue with:
@@ -13,26 +13,115 @@
  <img src="https://img.shields.io/badge/macOS-14.6+%20Sonoma-blue" alt="macOS">
  <img src="https://img.shields.io/badge/Swift-6-orange" alt="Swift">
  <img src="https://img.shields.io/badge/license-MIT-green" alt="License">
  <br>
  <em>Available in English, 简体中文, Deutsch, Français, Español, 日本語, and Português (Brasil).</em>
  <br><br>
  <a href="https://www.buymeacoffee.com/awizemann"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me a Coffee" height="28"></a>
 </p>
 ## What's New in 2.2
 - **Project Templates** — Scarf projects can now travel. Package a project's dashboard, agent instructions, skills, cron jobs, and a typed configuration schema into a `.scarftemplate` bundle, hand it to anyone, and they install it in one click. Every bundle ships with a cross-agent `AGENTS.md` ([agents.md](https://agents.md/) standard) so the instructions work in Claude Code, Cursor, Codex, Aider, and the 20+ other agents that read it natively. Browser-based one-click install via `scarf://install?url=…` deep links. Export / Install from File / Install from URL live under the new **Templates** menu in the Projects toolbar.
 - **Typed configuration with Keychain-backed secrets** — Templates declare a schema with seven field types (`string`, `text`, `number`, `bool`, `enum`, `list`, `secret`). A **Configure** step in the install flow renders the form, routes secrets to the macOS Keychain, and drops non-secret values into `<project>/.scarf/config.json`. A slider icon in the dashboard header opens the same form post-install for edits — rotate a token, change a site, toggle a feature, and the next cron run picks it up.
 - **Public template catalog** — [awizemann.github.io/scarf/templates/](https://awizemann.github.io/scarf/templates/) is a static catalog site generated from `templates/<author>/<name>/` in this repo. Each template has a detail page with a live dashboard preview, the schema rendered with constraint summaries, and a one-click install button. Community submissions go through a CI-enforced Python validator that mirrors the Swift-side invariants.
 - **Preview-before-apply** — Every install shows a preview sheet listing the exact project directory that will be created, every file inside it, every skill that will be namespaced, every cron job that will be registered (paused by default), every Keychain secret that will be written, and a live diff of any memory appendix. Markdown fields render inline. Nothing writes until you click Install.
 - **Site tab** — A dashboard with at least one `webview` widget gets a second tab next to Dashboard. The example `awizemann/site-status-checker` template uses this to render whatever URL you configured as your first watched site, updating on every cron run.
 - **Safe-by-design** — Skills install into `~/.hermes/skills/templates/<slug>/` so they never collide with your own. Cron jobs carry a `[tmpl:<id>]` tag and start paused. A `template.lock.json` records every file, cron job, Keychain ref, and memory block for one-click uninstall. Exports carry the configuration schema but never the user's values — safe on projects with live config. Templates **never** touch `config.yaml`, `auth.json`, sessions, or credentials.
 See the full [v2.2.0 release notes](https://github.com/awizemann/scarf/releases/tag/v2.2.0) and the [Project Templates wiki page](https://github.com/awizemann/scarf/wiki/Project-Templates).
 ### Previously, in 2.1
 - **Seven languages** — Full UI translations for Simplified Chinese, German, French, Spanish, Japanese, and Brazilian Portuguese on top of English. Scarf respects the system language by default; override per-app via **System Settings → Language & Region → Apps → Scarf**. Contributor workflow for adding more locales is documented in [CONTRIBUTING.md → Adding a Language](CONTRIBUTING.md#adding-a-language).
 - **Locale-aware number formatting** — Currency, byte sizes, compact token counts (`15K`, `1.5M`), and day-of-week charts now follow the user's locale instead of POSIX / English defaults.
 - **Chat slash-command menu** — Type `/` in Rich Chat to browse every command the agent has advertised plus any user-defined `quick_commands:` from config.yaml. ↑/↓ to navigate, Tab/Enter to complete, Esc to dismiss.
 - **Chat polish** — Auto-scroll on send and on prompt completion, a non-blocking loading spinner during session reconnects, properly centered empty state, and the long-standing "session loads with whitespace" bug fixed (LazyVStack → VStack in the message list).
 See the full [v2.1.0 release notes](https://github.com/awizemann/scarf/releases/tag/v2.1.0).
 ### Previously, in 2.0
 - **Multi-server** — Manage multiple Hermes installations (local + any number of remotes) from one app. Each window binds to one server; open them side-by-side.
 - **Remote Hermes over SSH** — Every feature that worked against your local `~/.hermes/` now works against a remote host. File I/O routes through `scp`/`sftp`; chat ACP runs over `ssh -T`; SQLite is served from atomic `.backup` snapshots pulled on file-watcher ticks.
 - **Chat UX overhaul** — No more white-screen flash on first message, no more scroll jumping into whitespace during streaming, failed prompts explain themselves instead of silently spinning forever.
 - **Correctness pass** — Fixed remote WAL error spam, stale-snapshot session resume, auto-resume of dead cron sessions, 230+ Swift 6 concurrency warnings.
 See the [v2.0.0 release notes](https://github.com/awizemann/scarf/releases/tag/v2.0.0) for the full 2.0 series.
 ### Previously, in 1.6
 - **Platforms** — Native GUI setup for all 13 messaging platforms, no more hand-editing `.env`
 - **Credential Pools** — Fixed OAuth flow and API-key handling; pick providers from a catalog
 - **Model Picker** — Hierarchical browser backed by the 111-provider models.dev cache
 - **Settings tabs** — 10 organized tabs covering ~60 previously hidden config fields
 - **Configure sidebar** — Personalities, Quick Commands, Plugins, Webhooks, Profiles
 See the [v1.6.0 release notes](https://github.com/awizemann/scarf/releases/tag/v1.6.0) for the full 1.6 series.
 ## Multi-server, one window per server
 Scarf 2.0 is a multi-window app. Each window is bound to exactly one Hermes server — your local `~/.hermes/` is synthesized automatically, and you can add remotes via **File → Open Server…** → **Add Server** (host, user, port, optional identity file). Open a second window for a different server and the two run side-by-side with independent state.
 Remote Hermes is reached over system SSH — the same `~/.ssh/config`, ssh-agent, ProxyJump, and ControlMaster pooling your terminal uses. File I/O flows through `scp`/`sftp`; SQLite is served from atomic `sqlite3 .backup` snapshots cached under `~/Library/Caches/scarf/snapshots/<server-id>/`; chat (ACP) tunnels as `ssh -T host -- hermes acp` with JSON-RPC over stdio end-to-end. Everything in the feature list below works against remote identically to local.
 ### Remote setup requirements
 The remote host must have:
 1. **SSH access** — key-based auth via your local ssh-agent. Scarf never prompts for passphrases; run `ssh-add` once in Terminal before connecting.
 2. **`sqlite3`** on the remote `$PATH` — needed for the atomic DB snapshots. Install on the remote with `apt install sqlite3` (Ubuntu/Debian), `yum install sqlite` (RHEL/Fedora), or `apk add sqlite` (Alpine).
 3. **`pgrep`** on the remote `$PATH` — used by the Dashboard "is Hermes running" check. Standard on every distro; install `procps` if missing.
 4. **`~/.hermes/` readable by the SSH user**. When Hermes runs as a separate user (systemd service, Docker container), the SSH user needs read access to `config.yaml` and `state.db`. Either (a) SSH as the Hermes user, (b) `chmod` Hermes's home to be group-readable and add your SSH user to that group, or (c) set the **Hermes data directory** field when adding the server to point at the right location (e.g. `/var/lib/hermes/.hermes`).
 ### Troubleshooting remote connections
 If the connection pill is green but the Dashboard shows "Stopped", "unknown", or empty values, the SSH user can't read the Hermes state files. Open **Manage Servers → 🩺 Run Diagnostics** (or click the yellow "Can't read Hermes state" pill in the toolbar). The diagnostics sheet runs fourteen checks in one SSH session — connectivity, `sqlite3` presence, read access to `config.yaml` and `state.db`, the effective non-login `$PATH` — and tells you exactly which one fails and why, with remediation hints for each. Use the **Copy Full Report** button to paste the full output into a bug report.
 For the common "Hermes isn't at the default path" case (systemd services, Docker), **Test Connection** in the Add Server sheet now probes `/var/lib/hermes/.hermes`, `/opt/hermes/.hermes`, `/home/hermes/.hermes`, and `/root/.hermes` when it can't find `state.db` at `~/.hermes/`, and offers a one-click fill if it finds any of them.
 ## Features
 Scarf mirrors Hermes's surface area through a sidebar-based UI. Sections below map 1:1 to the app's sidebar.
 ### Monitor
 - **Dashboard** — System health, token usage, cost tracking, recent sessions with live refresh
 - **Insights** — Usage analytics with token breakdown (including reasoning tokens), cost tracking, model/platform stats, top tools bar chart, activity heatmaps, notable sessions, and time period filtering (7/30/90 days or all time)
 - **Sessions Browser** — Full conversation history with message rendering, model reasoning/thinking display, tool call inspection, full-text search, rename, delete, and JSONL export. Subagent sessions are filtered from the main list and accessible via parent session drill-down
 - **Activity Feed** — Recent tool execution log with filtering by kind and session, detail inspector with pretty-printed arguments and tool output display
 ### Interact
 - **Live Chat** — Two modes: **Rich Chat** streams responses in real-time via the Agent Client Protocol (ACP) with iMessage-style bubbles, markdown rendering, tool call visualization, thinking/reasoning display, permission request dialogs, and a one-click `/compress` focus sheet (when Hermes advertises the command); **Terminal** runs `hermes chat` with full ANSI color and Rich formatting via [SwiftTerm](https://github.com/migueldeicaza/SwiftTerm). Both modes support session persistence, resume/continue previous sessions, auto-reconnection with session recovery, and voice mode controls
 - **Memory Viewer/Editor** — View and edit Hermes's MEMORY.md and USER.md with live file-watcher refresh, external memory provider awareness (Honcho, Supermemory, etc.), and profile-scoped memory support with profile picker
- **Skills Browser** — Browse and edit installed skills by category with file content viewer, file switcher, and required config warnings for skills that need specific settings
+- **Skills Browser** — Browse installed skills by category with file content viewer and required config warnings. **New in 1.6:** Browse the Skills Hub, search by registry (official, skills.sh, well-known, GitHub, ClawHub, LobeHub), install, check for updates, and uninstall — all from the app
- **Tools Manager** — Enable/disable toolsets per platform (CLI, Telegram, Discord, Slack, WhatsApp, Signal, iMessage, Email, Home Assistant, Webhook, Matrix, Feishu, Mattermost) with toggle switches and segmented platform picker, MCP server status
+
 ### Configure *(new in 1.6)*
 - **Platforms** — Native GUI setup for all 13 messaging platforms (Telegram, Discord, Slack, WhatsApp, Signal, Email, Matrix, Mattermost, Feishu, iMessage, Home Assistant, Webhook, CLI). Per-platform forms write credentials to `~/.hermes/.env` and behavior toggles to `~/.hermes/config.yaml`. WhatsApp and Signal pairing use an inline SwiftTerm terminal for QR scan and signal-cli daemon management
 - **Personalities** — List defined personalities, pick the active one, and edit `SOUL.md` inline with markdown preview
 - **Quick Commands** — Editor for custom `/command_name` shell shortcuts with dangerous-pattern detection (`rm -rf`, `mkfs`, etc.)
 - **Credential Pools** — Per-provider credential rotation with a fixed OAuth flow (URL extraction + browser open + code paste) and proper `--type api-key` handling. API keys never stored in UI state — only last-4 preview. Strategy picker (fill_first / round_robin / least_used / random)
 - **Plugins** — Install via Git URL or `owner/repo`, update, remove, enable/disable. Reads `~/.hermes/plugins/` directly for reliable state
 - **Webhooks** — Create, list, test-fire, and remove webhook subscriptions. Detects the "platform not enabled" state and links to gateway setup
 - **Profiles** — Switch between multiple isolated Hermes instances. Create, rename, delete, export (zip), import. Safe-switch warning reminds users to restart Scarf after activating a different profile
 ### Manage
 - **Tools** — Enable/disable toolsets per platform with a connectivity-aware platform menu (green/orange/grey/red dots for connected/configured/offline/error). **Fixed in 1.6:** all 13 platforms now appear (was previously stuck on CLI)
 - **MCP Servers** — Manage Model Context Protocol servers Hermes connects to. Add via curated presets (GitHub, Linear, Notion, Sentry, Stripe, and more) or fully custom (stdio command + args, or HTTP URL with optional bearer auth). Per-server detail view with enable/disable toggle, environment variable + header editor, tool-include/exclude filters, resources/prompts toggles, request and connect timeouts, OAuth token detection + clearing, and one-click "Test Connection" that runs `hermes mcp test` and surfaces the discovered tool list. Gateway-restart banner appears after config changes that require a reload
 - **Gateway Control** — Start/stop/restart the messaging gateway, view platform connection status, manage user pairing (approve/revoke)
- **Cron Manager** — View scheduled jobs with pre-run scripts, delivery failure tracking, timeout info, and `[SILENT]` job indicators
+- **Cron Manager** — View scheduled jobs with pre-run scripts, delivery failure tracking, timeout info, and `[SILENT]` job indicators. **New in 1.6:** full write support — create, edit, pause, resume, run-now, and delete jobs from the app
 - **Health** — Component-level status and diagnostics. **New in 1.6:** inline "Run Dump" and "Share Debug Report" buttons (the latter with an upload-confirmation dialog before sending to Nous support)
 - **Log Viewer** — Real-time log tailing for agent.log, errors.log, and gateway.log with level filtering, component filter (Gateway / Agent / Tools / CLI / Cron), clickable session-ID pills that filter to a single session, and text search
- **Project Dashboards** — Custom, agent-generated dashboards for any project. Define stat boxes, charts, tables, progress bars, checklists, rich text, and embedded web views in a simple JSON file — Scarf renders them with live refresh. Let your Hermes agent build and maintain project-specific visualizations automatically
+- **Settings** — **Restructured in 1.6** into a 10-tab layout: General, Display, Agent, Terminal, Browser, Voice, Memory, Aux Models, Security, Advanced. Exposes ~60 previously hidden config fields including all 8 auxiliary model tasks, container limits, full TTS/STT provider settings, human-delay simulation, compression thresholds, logging rotation, checkpoints, website blocklist, Tirith sandbox, and delegation. One-click **Backup & Restore** via `hermes backup` / `hermes import`. Model picker replaces the old free-text model field, backed by the models.dev cache (111 providers, all major models) with a "Custom…" escape hatch
- **Settings** — Structured config editor for all Hermes settings including model/provider selection, browser backend, reasoning effort, approval mode, cost display, Fast Mode service tier, interim assistant messages, gateway notify interval, force IPv4, context engine, Honcho eager init, Docker environment, command allowlist, credential management, and one-click **Backup & Restore** via `hermes backup` / `hermes import`
+
 ### Project Dashboards
 Custom, agent-generated dashboards for any project. Define stat boxes, charts, tables, progress bars, checklists, rich text, and embedded web views in a simple JSON file — Scarf renders them with live refresh. Let your Hermes agent build and maintain project-specific visualizations automatically. See [Project Dashboards](#project-dashboards-1) below for the full schema.
 ### System
 - **Hermes Process Control** — Start, stop, and restart the Hermes agent directly from Scarf
 - **Menu Bar** — Status icon showing Hermes running state with quick actions
@@ -40,7 +129,8 @@
 - macOS 14.6+ (Sonoma)
 - Xcode 16.0+
- [Hermes agent](https://github.com/hermes-ai/hermes-agent) v0.6.0+ installed at `~/.hermes/` (v0.9.0 recommended for full feature support)
+- [Hermes agent](https://github.com/hermes-ai/hermes-agent) v0.6.0+ installed at `~/.hermes/` on each target host (v0.9.0+ recommended for full feature support)
 - For remote servers: SSH access (key-based), `sqlite3` on the remote (for atomic DB snapshots), and the `hermes` CLI resolvable from the remote user's `PATH` or at a path you specify per server.
 ### Compatibility
@@ -51,7 +141,10 @@ Scarf reads Hermes's SQLite database and parses CLI output from `hermes status`,
 | v0.6.0 (2026-03-30) | Verified |
 | v0.7.0 (2026-04-03) | Verified |
 | v0.8.0 (2026-04-08) | Verified |
-| v0.9.0 (2026-04-13, latest) | Verified |
+| v0.9.0 (2026-04-13) | Verified |
 | v0.10.0 (2026-04-18) | Verified (recommended for full 2.0 feature support) |
 Scarf 2.0 targets Hermes v0.10.0 for the ACP session/fork/list/resume capabilities used by remote chat. Earlier Hermes versions remain supported for monitoring, sessions, and file-based features; ACP-specific behavior may gracefully degrade on older agents.
 If a Hermes update changes the database schema or CLI output format, Scarf may need to be updated. Check the [Health](#features) view for compatibility warnings.
@@ -62,10 +155,12 @@ If a Hermes update changes the database schema or CLI output format, Scarf may n
 Download the latest build from [Releases](https://github.com/awizemann/scarf/releases):
 - `Scarf-vX.X.X-Universal.zip` — Apple Silicon + Intel (recommended)
- `Scarf-vX.X.X-ARM64.zip` — Apple Silicon only (smaller)
+- `Scarf-vX.X.X-ARM64.zip` — Apple Silicon only (smaller download)
 1. Unzip and drag **Scarf.app** to Applications
-2. On first launch, right-click and choose **Open** (or go to System Settings → Privacy & Security → Open Anyway)
+2. Launch normally — builds are Developer ID signed and notarized, so Gatekeeper accepts them on first launch
 Scarf checks for updates automatically on launch via [Sparkle](https://sparkle-project.org) and daily thereafter. You can disable automatic checks or trigger a manual check from **Settings → General → Updates** or the menu bar icon.
 ### Build from Source
@@ -139,6 +234,7 @@ The app opens `state.db` in read-only mode to avoid WAL contention with Hermes.
 | Package | Purpose |
 |---------|---------|
 | [SwiftTerm](https://github.com/migueldeicaza/SwiftTerm) | Terminal emulator for the Chat feature |
 | [Sparkle](https://github.com/sparkle-project/Sparkle) | Auto-updates from the GitHub-hosted appcast |
 Everything else uses system frameworks: SQLite3 C API, Foundation JSON, AttributedString markdown, SwiftUI Charts, GCD file watching.
@@ -288,6 +384,30 @@ Your agent can update the dashboard as part of cron jobs, after builds, or whene
 Each section defines a grid with 1–4 columns. Widgets flow left-to-right, wrapping to new rows. See [DASHBOARD_SCHEMA.md](scarf/docs/DASHBOARD_SCHEMA.md) for the full schema reference with examples of every widget type.
 ## Releases
 Scarf ships through GitHub releases — the App Store is not supported because Scarf spawns the user-installed `hermes` binary and reads `~/.hermes/` directly, both of which App Sandbox forbids.
 Each release goes through a single local script: [scripts/release.sh](scripts/release.sh). The script archives a universal binary, signs it with the Developer ID Application cert, submits to `notarytool`, staples the ticket, produces the distribution zip, signs an appcast entry with Sparkle's EdDSA key, pushes an updated `appcast.xml` to the `gh-pages` branch, creates the GitHub release, and tags `main`.
 The Sparkle appcast is served from [awizemann.github.io/scarf/appcast.xml](https://awizemann.github.io/scarf/appcast.xml).
 Signing prerequisites (one-time):
 - `Developer ID Application` certificate in the login Keychain
 - `scarf-notary` keychain profile registered via `xcrun notarytool store-credentials`
 - Sparkle EdDSA private key in Keychain item `https://sparkle-project.org` (back this up — without it, shipped apps can never receive updates)
 ## Template Catalog
 Community-contributed Scarf project templates live under [`templates/`](templates/) in this repo and are browsable at **[awizemann.github.io/scarf/templates/](https://awizemann.github.io/scarf/templates/)** with live dashboard previews and one-click `scarf://install?url=…` links.
 - **Install from the web** — click "Install with Scarf" on any template's detail page; the app takes over from there.
 - **Install from a local file** — Scarf → Projects → Templates → Install from File…, or double-click any `.scarftemplate` in Finder.
 - **Author a template** — see [`templates/CONTRIBUTING.md`](templates/CONTRIBUTING.md) for the full walkthrough. Fork, drop a template under `templates/<your-github-handle>/<your-name>/`, open a PR; CI validates the bundle automatically.
 The catalog's site is a static HTML + vanilla JS build generated by [`tools/build-catalog.py`](tools/build-catalog.py) and driven by [`scripts/catalog.sh`](scripts/catalog.sh) (check / build / preview / publish). Appcast and main landing page are independent — updating the catalog never disturbs Sparkle.
 ## Contributing
 Contributions are welcome. Please open an issue to discuss what you'd like to change before submitting a PR.
@@ -298,6 +418,8 @@ Contributions are welcome. Please open an issue to discuss what you'd like to ch
 4. Push to the branch (`git push origin feature/my-feature`)
 5. Open a Pull Request
 For template submissions, see [`templates/CONTRIBUTING.md`](templates/CONTRIBUTING.md) — same flow, with a catalog-specific checklist + automated CI validation.
 ## Support
 If you find Scarf useful, consider buying me a coffee.
@@ -0,0 +1,25 @@
 ## What's New in 1.6.1
 ### Auto-updates
 Scarf now ships with [Sparkle](https://sparkle-project.org). On launch (and daily thereafter) it checks an EdDSA-signed appcast at [awizemann.github.io/scarf/appcast.xml](https://awizemann.github.io/scarf/appcast.xml). When a new version is available you'll get an in-app update prompt — no more manually downloading zips and dragging into Applications.
 You can disable automatic checks or trigger a manual one from **Settings → General → Updates**, the menu bar icon, or the **Scarf → Check for Updates…** menu item.
 ### Notarized & Developer ID signed
 This is the first release that's properly Developer ID signed and notarized by Apple. Gatekeeper accepts it on first launch — no more right-click → Open dance, no more "Scarf cannot be opened because the developer cannot be verified" warnings.
 ### Fixes
 - Chat works correctly when no terminal hermes session is running, and surfaces the real error when it can't reach the agent (b6df…)
 ### Under the hood
 - Tracked `Info.plist` (replacing auto-generation) so signing-relevant keys live in version control
 - New `UpdaterService` wraps Sparkle and is injected via SwiftUI `.environment()`
 - One-command release pipeline at [scripts/release.sh](https://github.com/awizemann/scarf/blob/main/scripts/release.sh) handles archive → sign → notarize → staple → appcast → GitHub release → tag
 ---
 **Migrating from 1.6.0:** unzip and replace your existing `Scarf.app` in `/Applications`. After this release, future updates install in-place via Sparkle.
@@ -0,0 +1,13 @@
 ## What's New in 1.6.2
 ### Fixes
 - **No more bogus "missing credentials" banner on Chat.** The orange "No AI provider credentials detected" warning was firing on the Chat tab whenever no session was selected, even for users whose credentials were configured and working. Root cause: the preflight check only inspected `~/.hermes/.env` and shell environment variables, missing the Credential Pools file at `~/.hermes/auth.json` (the in-app flow introduced in 1.6.0) and `api_key:` fields in `config.yaml`. The check now covers all four locations Hermes itself reads at runtime, so if you've added credentials via **Configure → Credential Pools**, the warning stays hidden.
 ### Polish
 - Banner subtitle updated to point users at the in-app Credential Pools flow first, rather than prescribing `.env` edits.
 ---
 **Upgrading from 1.6.1:** Sparkle will offer the update automatically. You can also trigger a check via **Scarf → Check for Updates…** or the menu bar icon.
@@ -0,0 +1,58 @@
 ## What's New in 2.0
 Scarf now manages **multiple Hermes installations** — your local `~/.hermes/` plus any number of remote Hermes instances reached over SSH. Every feature that worked on your Mac now works against a Linux server, a Mac mini on the network, or whatever other host has Hermes installed.
 This is a major version bump because the entire service layer was rewritten around a `ServerContext` + `ServerTransport` abstraction, and because the window model changed from single-window-single-server to multi-window-one-server-per-window.
 ### Multi-server
 - **Manage Servers** sheet lets you add, rename, and remove remote servers. Each entry is an SSH target (`user@host`, port, optional identity file, optional `remoteHome` override if your install isn't at `~/.hermes/`).
 - Each window is bound to exactly one server. Open a second window via **File → Open Server** → pick a different server, and the two run side-by-side with independent state — chat, dashboards, activity, sessions, the lot.
 - The menu bar status icon shows a summary across all registered servers (green hare = any Hermes running anywhere).
 - Window-state restoration: quit + relaunch re-opens every window you had open, each reconnected to its bound server.
 ### Remote over SSH
 - **ControlMaster connection pooling** — after the first auth, each remote primitive is a ~5ms tunnel call. Uses the system `ssh`, `scp`, `sftp` so your `~/.ssh/config`, ssh-agent, 1Password/Secretive SSH agents, and ProxyJump all work unchanged.
 - **DB access via atomic snapshots** — Scarf runs `sqlite3 .backup` on the remote (WAL-safe, won't corrupt), flips the snapshot out of WAL mode, and pulls it down with `scp`. Snapshots are cached under `~/Library/Caches/scarf/snapshots/<server-id>/` and re-pulled when the file watcher sees a change on the remote's `state.db`.
 - **ACP chat over SSH** — the Agent Client Protocol tunnel runs `ssh -T host -- hermes acp`. JSON-RPC over stdio travels end-to-end unmodified, so Rich Chat, streaming, tool calls, permission dialogs, and compression all work against the remote agent identically to local.
 - **File watcher** — local uses FSEvents (instant); remote polls `stat` mtime every 3s with ControlMaster keeping the cost bounded. Views auto-refresh on any tick.
 - **Cleanup on server-remove** — deleting a remote closes its ControlMaster socket (`ssh -O exit`), prunes its snapshot cache, and invalidates any process-wide caches keyed to its ID. App launch also sweeps orphaned snapshot dirs whose UUIDs are no longer in the registry.
 ### Chat UX overhaul
 All of these were visible bugs during remote dogfooding and are now fixed on both local and remote:
 - **No more white-screen flash** on the first message of a session. `RichChatView` used to swap `ContentUnavailableView` out for the message list, which tore down and recreated the entire ScrollView hierarchy. The empty state now lives inside the ScrollView itself.
 - **No more scroll-jumping to whitespace** at stream start/finish. Replaced six racing `onChange`-driven scroll calls with SwiftUI's built-in `.defaultScrollAnchor(.bottom)`, which is implemented inside the layout pass and doesn't overshoot LazyVStack content.
 - **Resuming a session on a remote now shows its full history.** The DB snapshot is refreshed on session-load — previously it was pulled once on first open and never again, so any messages the remote wrote since launch were invisible.
 - **"Continue from last session" surfaces errors** instead of silently doing nothing when SSH is down.
 - **Typing into a blank Chat always creates a new session.** Previously it auto-resumed the most recently active session in the DB, which often picked up a cron-spawned session that Hermes had already garbage-collected — producing a silent prompt failure.
 - **Failed prompts now explain themselves.** When the agent returns `stopReason: "refusal"`, `"error"`, or `"max_tokens"` with no assistant output, a system message appears under your prompt explaining what happened. No more spinning "Agent working…" forever.
 ### Correctness — remote SQLite
 - The WAL-error spam (`cannot open file at line 51044 of [f0ca7bba1c] — os_unix.c:51044: (2) open(/Users/…/state.db-wal) - No such file or directory`) is gone. `sqlite3 .backup` preserves the source DB's journal mode; the scp'd copy used to try to open a WAL sidecar that doesn't exist. The snapshot script now runs `PRAGMA journal_mode=DELETE` after `.backup` on the remote, and Scarf opens remote snapshots with `file:…?immutable=1` as defense-in-depth.
 - **Concurrent snapshot dedupe** — a new `SnapshotCoordinator` actor makes sure that when Dashboard + Sessions + Activity all ask for a fresh snapshot at the same moment (e.g. on a file-watcher tick), only one SSH backup runs; the other callers await the in-flight pull and share the result.
 ### Under the hood
 - New `ServerContext` value type flows through `.environment()` to every view and ViewModel. Every file and process operation routes through `context.makeTransport()` — `LocalTransport` (`FileManager`, `Process`, FSEvents) or `SSHTransport` (ssh, scp, sftp, mtime polling). The protocol is small enough that each transport is ~400 lines.
 - Swift 6 complete-concurrency sweep: ~230 warnings reduced to 1. `ServerContext`, `HermesPathSet`, `ServerTransport`, all service inits, and every value-type accessor are explicitly `nonisolated`. Hand-written `Codable` conformances for the nine types whose synthesized conformances were inferred `@MainActor` by Swift 6's default-isolation rule (`ACPRequest`, `ACPRawMessage`, `GatewayState`, `PlatformState`, `HermesCronJob`, `CronSchedule`, `CronJobsFile`, `AuthFile`, `AuthEntry`).
 - ACP cwd now comes from the *remote* `$HOME`, probed once on first connect and cached per server. Previously it passed your local Mac's home path to the ACP adapter, which only worked by coincidence when the remote username matched.
 ### Compatibility
 Hermes v0.10.0 is now verified alongside v0.6–v0.9. Scarf builds its session/message `SELECT` columns based on an additive schema detection (`hasV07Schema`), so newer Hermes versions with extra columns don't break queries.
 ### Migration from 1.6.x
 - Sparkle will offer the update automatically. Trigger manually via **Scarf → Check for Updates…** or the menu bar.
 - Your local server is synthesized automatically — existing 1.6.x users see "Local" in the server list with no setup needed.
 - `servers.json` is created on first add-remote. Location: `~/Library/Application Support/scarf/servers.json`.
 - Nothing you configured in 1.6.x (OAuth tokens, credential pools, cron jobs, MCP servers, platform setup) is touched. Those live in `~/.hermes/` and remain the source of truth.
 ### Known limitations
 - Remote file watching is 3s mtime polling (vs. FSEvents on local). If you need sub-second updates on a remote, that's a followup.
 - The `session/load` ACP call against an already-deleted session returns success-with-no-body from the Hermes adapter — Scarf now detects the resulting `stopReason: "refusal"` and surfaces it, but the underlying Hermes behavior is an upstream-adapter bug that should also get a proper error response.
@@ -0,0 +1,68 @@
 ## What's New in 2.0.1
 Hotfix for [#19](https://github.com/awizemann/scarf/issues/19) and the related reports from the first day of v2.0: users' remote SSH connections would show a green "Connected" pill but every view (Dashboard, Sessions, Activity, Chat) read as empty / "not running" / "not configured". Three distinct environments reported it — Docker Hermes on a LAN, homelab VM over Tailscale, Ubuntu VPS — and every one was a silent file-access failure on the remote that Scarf wasn't surfacing.
 ### Errors no longer disappear
 Every remote read (`config.yaml`, `gateway_state.json`, `state.db`, `pgrep`) used to silently substitute an empty value on *any* failure — permission denied, missing file, `sqlite3` not installed, connection drop — they all looked identical to the UI. Now:
 - Each failure logs a specific warning via `os.Logger` (visible in Console.app under subsystem `com.scarf`).
 - The Dashboard shows an orange banner above the stats with the exact error (e.g. "Permission denied reading `~/.hermes/state.db`") and a **Run Diagnostics…** button.
 - `HermesDataService` exposes a `lastOpenError` so views can explain *why* state.db couldn't be opened, rather than just rendering zeros.
 - Routine "file doesn't exist" cases (optional `skill.yaml` metadata, `gateway_state.json` before Hermes starts, `memories/USER.md` on fresh installs) are detected and **not** logged as warnings — only real errors (permission denied, connection drops, `sqlite3` missing) hit the log. Prevents Console from filling with false-positive noise when directory walks encounter optional files.
 ### New Remote Diagnostics sheet
 Accessible from **Manage Servers → 🩺** per-server button, or by clicking the orange connection pill when Scarf can see the server but can't read Hermes state. Runs fourteen checks in a single SSH session and shows pass/fail for each, plus a targeted hint per failure:
 - SSH connectivity and auth
 - Remote user identity and `$HOME` resolution
 - `~/.hermes` directory existence and readability
 - `config.yaml` readable (existence *and* actual read access — the old probe only checked existence)
 - `state.db` readable
 - `sqlite3` installed on the remote (required for the atomic snapshot Scarf pulls)
 - `sqlite3` can actually open `state.db`
 - `hermes` binary on the non-login `$PATH` (what runtime uses)
 - `hermes` binary on the login `$PATH` (what the Test Connection probe uses)
 - `pgrep` available (for the "is Hermes running" check)
 One **Copy Full Report** button dumps every check as plain text for bug reports, and a raw-output disclosure panel shows the exact stdout/stderr the remote returned whenever any probe fails — so transport-level problems are self-diagnosing.
 The diagnostics script is piped to `/bin/sh -s` on stdin rather than passed as `sh -c <script>` argv. The latter was getting split line-by-line by the remote's login shell (newlines parsed as command separators), which stranded variables set on line 1 in an ephemeral `sh` subprocess that exited before line 2 could use them. Stdin-piping runs the whole script in one `sh` process with variable scope preserved.
 ### Connection pill gains a "degraded" state
 The pill used to be green as long as SSH connected; now after connectivity passes it runs a second-tier check (`test -r $HOME/.hermes/config.yaml`). If that fails, the pill turns **orange** with "Connected — can't read Hermes state" and clicking it opens Remote Diagnostics directly. This is the exact symptom mode in #19, and it's now one click away from a specific answer.
 The pill's visual also got a pass: the colored dot is replaced with a state-specific SF Symbol (`checkmark.circle.fill` / `stethoscope` / `arrow.triangle.2.circlepath` / `exclamationmark.triangle.fill`), which reads more like a clickable toolbar tool and doubles as the status signal. No custom pill background anymore — the toolbar's native `.principal` bezel is the frame.
 ### Auto-suggest the correct `remoteHome` during Add Server
 When Test Connection can't find `state.db` at the configured (or default) path, it now also probes the common alternate locations — `/var/lib/hermes/.hermes`, `/opt/hermes/.hermes`, `/home/hermes/.hermes`, `/root/.hermes` — and offers a one-click "Use this" fill if it finds one. Removes the need to know that systemd-installed Hermes lives at `/var/lib/hermes/.hermes` by convention.
 ### Clearer copy for the `remoteHome` field
 The Add Server sheet field is now labeled "Hermes data directory" with a description explaining when you'd override it (systemd service installs, Docker sidecars) and noting that Test Connection auto-suggests.
 ### README has a new "Remote setup requirements" section
 Four concrete prerequisites (SSH, `sqlite3`, `pgrep`, read access to `~/.hermes`) and a troubleshooting paragraph pointing at Remote Diagnostics.
 ### Migrating from 2.0.0
 Sparkle will offer the update automatically. Settings and server list are preserved verbatim — this is purely additive (new diagnostics surface, new error banners, auto-suggest in Test Connection). If you were affected by #19, run Remote Diagnostics after updating; the sheet should pinpoint the specific file access issue and suggest a fix.
 ### Under the hood
 - New types: `RemoteDiagnosticsViewModel`, `RemoteDiagnosticsView`. Both are local to Scarf; no new transport protocol.
 - `HermesFileService` gains `loadConfigResult()`, `loadGatewayStateResult()`, `hermesPIDResult()`, `readFileResult()`, `readFileDataResult()` — Result-returning variants that preserve the error. Legacy `loadConfig()` etc. still exist as thin forwarders for callers that don't need diagnostics.
 - `HermesDataService.open()` records `lastOpenError` with humanized hints for "sqlite3 not installed", "permission denied", and "file not found" — the three failure modes that produce 90% of issue #19 symptoms.
 - `ConnectionStatusViewModel` status enum gains `.degraded(reason:)` between `.connected` and `.error`.
 - `TestConnectionProbe` result enum gains `suggestedRemoteHome: String?` carrying any alternate-location hit.
 ### Known follow-ups (not in 2.0.1)
 - `TestConnectionProbe` uses a direct-argv ssh invocation that's functionally correct but fragile (works by accident when split across the login shell). Should be ported to the stdin-pipe pattern the diagnostics sheet now uses.
 - Remaining `try?`-swallowed read paths beyond the four Dashboard-surfacing ones — Cron, Memory, Skills, MCP Servers, Platforms still silently render empty on read errors. Same fix pattern applies, low priority.
 - `hermesBinaryHint` is only populated when the user clicks Test Connection; if they skip it, ACP chat and CLI calls fall back to bare `hermes` which requires it on the non-interactive PATH (rarely true for `~/.local/bin` installs). The connection-pill's second-tier probe could auto-populate this.
 - Docker-host support: when users SSH to a Docker host, `pgrep` and `~/.hermes/` on the host don't see what's inside the container. Needs a `docker exec` wrapping option per server.
@@ -0,0 +1,41 @@
 ## What's New in 2.0.2
 The actual root cause of [#19](https://github.com/awizemann/scarf/issues/19), found and patched by Scarf's first external contributor. v2.0.1 added the diagnostics UI assuming file-perm root cause; v2.0.2 fixes the underlying bug for everyone, regardless of perms.
 ### macOS Unix domain socket path limit (the real #19)
 OpenSSH's ControlMaster multiplexes our bursty stat/cat/cp traffic over one TCP session per host. The socket path is bound by `bind(2)` to a Unix domain socket — and macOS' `sun_path` is **104 bytes including the NUL terminator**.
 Scarf's old socket path was `~/Library/Caches/scarf/ssh/<%C>` where `%C` is OpenSSH's 64-char SHA1 hash of `(local user, host, port, remote user)`. For a username like `alex.maksimchuk`, the full path landed at **105 bytes** — one byte over the limit. ssh exited 255 with `unix_listener: path "..." too long for Unix domain socket`. Our `LogLevel=QUIET` flag (set so ACP's line-delimited JSON stays binary-clean) suppressed the diagnostic, and the user just saw "Remote command exited 255" — which the UI rendered as the silent empty-data state every reporter in #19 described.
 The fix is to use a much shorter path:
 ```swift
 "/tmp/scarf-ssh-\(getuid())"   //  ~17 bytes + 64 hash + sep + NUL = ~83 bytes
 ```
 Per-user uid suffix keeps two local users' sockets from colliding in the shared `/tmp`, and 0700 perms on the dir keep them inaccessible to other users.
 **Massive thanks to Alex Maksimchuk ([@aliatx2017](https://github.com/aliatx2017)) — Scarf's first external PR contributor — for diagnosing and patching this in [#20](https://github.com/awizemann/scarf/pull/20).** That diagnosis only happened because Alex bothered to read the codebase, reproduce against multiple usernames including a Termux/Android instance, and walk back from the cryptic exit code to the actual `bind()` failure. This release wouldn't exist without that work.
 ### Hardening on top of the fix
 Three additions on top of Alex's patch, layered in via separate commits to keep the original change reviewable:
 - **Defensive ownership check on the socket dir.** `/tmp` is world-writable, so a malicious local user could pre-create `/tmp/scarf-ssh-<uid>` and trick Scarf into using a hostile directory (we'd silently fail to chmod it back to 0700, since we wouldn't own it). `ensureControlDir` now uses POSIX `mkdir(0700)` (atomic, sets perms at create time) and on `EEXIST` runs `lstat` to verify the entry is a directory we own with mode 0700 — symlink → refuse, wrong owner → refuse + log to `os.Logger`, wrong mode → repair. Closes the `/tmp` pre-creation hole that's the standard concern for any per-user `/tmp` path.
 - **Launch-time sweep of stale sockets.** `ServerRegistry.sweepOrphanCaches` already prunes orphaned snapshot directories on launch; it now also removes ControlMaster socket files older than 30 minutes. Socket basenames are `%C` hashes (not ServerIDs), so we can't keep "still registered" sockets the way the snapshot sweep does — but `ControlPersist` is 600s, so anything older than 30 minutes is guaranteed to be a dead orphan from a crashed master, an unclean app exit, or a server removed while another Scarf instance was holding the dir. Keeps `/tmp/scarf-ssh-<uid>/` from accumulating indefinitely until reboot, while leaving any concurrent Scarf instance's live sockets untouched.
 - **Regression test for the path-length invariant.** `scarfTests` was a stub — it now has two tests: one asserting `controlDirPath().utf8.count + 1 + 64 + 1 ≤ 104` (would have caught the original #19 bug in CI), one asserting the path includes the current uid (pins the per-user-isolation invariant against a future "simplification" that drops it).
 ### v2.0.1 diagnostics work is still useful
 The diagnostics sheet, orange "degraded" pill, dashboard error banner, and `remoteHome` auto-suggest from v2.0.1 all still ship — they just turn out not to have been the right diagnosis for the original three reporters. They remain valuable for the *other* connection-failure modes they were designed to surface (missing `sqlite3` on the remote, real permission errors, container/host visibility gaps, custom Hermes data directories). If you upgrade to v2.0.2 and *still* see incomplete data, run Remote Diagnostics from **Manage Servers → 🩺** and the sheet will tell you why.
 ### Migrating from 2.0.0 / 2.0.1 / draft 2.0.1
 Sparkle will offer the update automatically. Settings and server list are preserved verbatim. The first time v2.0.2 connects to a remote, it'll create `/tmp/scarf-ssh-<uid>/` with mode 0700; the old `~/Library/Caches/scarf/ssh/` directory becomes unused (you can delete it manually, or leave it — macOS will sweep it eventually).
 The previous v2.0.1 draft download remains available for anyone who already grabbed it — it's still a valid build with the diagnostics work. v2.0.2 is the recommended upgrade path.
 ### Reporters of #19
@cmalpass, @flyespresso, @maikokan — please grab v2.0.2 and confirm the dashboard populates without needing to run Remote Diagnostics first. If it still doesn't, the diagnostics sheet should now have a much better chance of pinpointing what's left.
@@ -0,0 +1,52 @@
 ## What's New in 2.1.0
 Scarf now speaks seven languages and has a proper slash-command menu in the chat. The language work closes [#13](https://github.com/awizemann/scarf/issues/13) and opens the door for community contributions of additional locales.
 ### Multi-language support
 The UI is now fully translated to **Simplified Chinese, German, French, Spanish, Japanese, and Brazilian Portuguese** on top of the existing English. Scarf respects the system language by default; override per-app from **System Settings → Language & Region → Apps → Scarf**.
 - **644 source strings** catalogued. **583 translated per locale** — the remaining ~60 are deliberate fall-throughs to English: proper nouns (Scarf, Hermes, OAuth, MCP, SSH), brand names (Docker, Daytona, Singularity, BlueBubbles), format-only tokens (`%lld`, `·`, `•`), and config-literal placeholders (`my_server`, `npx`, `sk-…`).
 - **Locale-aware number and date formatting.** Previous builds hardcoded POSIX-style decimal separators (`$12.34`) and English unit names (`"MB"`, `"K"`, `"M"`). Currency now routes through `.formatted(.currency(code: "USD"))`, byte sizes through `.byteCount(style: .file)`, token counts through `.notation(.compactName)`, and the day-of-week chart through `Calendar.current.shortWeekdaySymbols` — so German users see `15,2 MB`, Japanese users see `15.5万 tokens`, and the activity heatmap starts on the locale's first weekday.
 - **Microphone permission prompt localized** — the system dialog that appears the first time you enable voice chat now reads in the user's language.
 #### How the translation work shipped
 Three stacked PRs to keep each piece independently reviewable, all AI-translated with the bar explicitly set low so native speakers can iterate:
 1. **[#22](https://github.com/awizemann/scarf/pull/22) — String Catalog infrastructure.** Added `Localizable.xcstrings` + `InfoPlist.xcstrings`, expanded `knownRegions` with the six new locales, and fixed the locale-aware number formatters mentioned above. No user-visible English-locale change; the groundwork only.
 2. **[#24](https://github.com/awizemann/scarf/pull/24) — Audit burn-down.** Swept the codebase for "silently un-localizable" patterns that look fine in Xcode's catalog but leak English at runtime: `Text(cond ? "A" : "B")` routes through the String overload instead of `LocalizedStringKey`, as do `Label(stringVar, systemImage:)`, `.help(stringVar)`, and composite format strings with translatable text suffixes. ~40 sites refactored, covering Chat voice/TTS toggles, Logs pickers, Insights period + day names, MCPServer test result, Profiles, SignalSetup, QuickCommands, ConnectionStatusPill. Without this PR the translations would have landed but ~40 visible strings would still have rendered in English.
 3. **[#25](https://github.com/awizemann/scarf/pull/25) — Translations + contributor path.** The six locale JSONs + a 90-line merge script + a "Adding a Language" section in `CONTRIBUTING.md`. The sidebar and Settings tab bar fix also shipped here after smoke-testing revealed they were still missed — `Label(section.rawValue, …)` goes to the String overload just like the audit cases.
 #### Contributing a new language
 Per-locale source of truth lives in [`tools/translations/<locale>.json`](https://github.com/awizemann/scarf/tree/main/tools/translations). Each entry is a plain `{ "English": "Translation" }` map — keys you omit fall through to English at runtime. Workflow is: fork, drop a JSON, run `python3 tools/merge-translations.py`, open a PR. The full bar is documented in [CONTRIBUTING.md → Adding a Language](https://github.com/awizemann/scarf/blob/main/CONTRIBUTING.md#adding-a-language).
 Native-speaker review of the initial six locales is welcome — AI translation gets us most of the way, but idiom and tone are better with someone who actually uses the language. Post a PR against the relevant `<locale>.json` and it'll land as a follow-up.
 ### Chat slash-command menu
 Type `/` in Rich Chat and a floating menu appears above the input with every command the connected agent has advertised via ACP's `available_commands_update`, plus any user-defined `quick_commands:` from `~/.hermes/config.yaml`. ↑/↓ to navigate, Tab or Enter to complete, Esc to dismiss. Commands with argument hints (e.g. `/compress <topic>`) insert a trailing space so you can start typing the argument immediately.
 The filter uses pure-prefix match and re-renders on every query — the old menu had a description-fallback filter and a cached child view that together pinned `/help` on-screen regardless of what you typed. The dedicated `/compress` button is hidden once the menu has more than one command; it only surfaces when `/compress` is the single advertised slash command, preserving the v2.0 one-click compression flow for that case.
 ### Chat UX polish
 - **Auto-scroll on send and on completion.** `.defaultScrollAnchor(.bottom)` handles slow streaming fine, but rapid slash-command responses (common once the menu lands) outran the anchor and left the reply off-screen. Now the list explicitly scrolls to the latest message when you submit and again when the prompt finishes.
 - **Loading state.** `ChatViewModel.isPreparingSession` is true during Starting / Creating / Loading / Reconnecting. While true, the message list swaps its empty-state placeholder for a spinner — non-blocking, just a view inside the ScrollView.
 - **Empty-state centering.** The "Start a new session or resume an existing one" placeholder was positioned with a fixed `.padding(.vertical, 80)` that looked wrong at extreme window sizes. Replaced with Spacers inside `.containerRelativeFrame(.vertical)` so it sits in the true vertical center of the chat pane.
 - **Session-load whitespace bug.** Opening a session used to render a blank viewport you'd have to scroll up from — the fix was `LazyVStack` → `VStack` in `RichChatMessageList`. LazyVStack's estimated row heights were fooling `.defaultScrollAnchor(.bottom)` into overshooting real content; VStack measures every row upfront so the anchor has real heights to work with.
 ### Under the hood
 - **String Catalog build pipeline.** `SWIFT_EMIT_LOC_STRINGS` + `STRING_CATALOG_GENERATE_SYMBOLS` are enabled; keys extract automatically on IDE build. Headless builds use `xcrun xcstringstool sync` to merge the per-source `.stringsdata` files into the catalog (wrapped by [`tools/merge-translations.py`](https://github.com/awizemann/scarf/blob/main/tools/merge-translations.py) when applying JSON translations).
 - **New docs.** [`scarf/docs/I18N.md`](https://github.com/awizemann/scarf/blob/main/scarf/docs/I18N.md) covers the catalog setup, the patterns that silently bypass localization (and their fixes), and which strings are intentionally kept verbatim. Anyone adding UI copy should read the "Guardrails when writing new UI code" section to avoid re-introducing the leaks #24 cleaned up.
 ### Migrating from 2.0.x
 Sparkle will offer the update automatically. No config migration needed. The first launch after update picks up the system locale — if you want English even on a non-English macOS, set **System Settings → Language & Region → Apps → Scarf → English**.
 ### Thanks
 - [Onion3](https://github.com/Onion3) for filing [#13](https://github.com/awizemann/scarf/issues/13) back in April. The single-locale ask turned into a six-locale rollout.
 - Future translators: if you spot a weird AI translation in your language, open a PR against `tools/translations/<locale>.json`. The bar is explicitly low — we'd rather have a 95%-correct translation shipped and iterated on than hold everything for perfection.
@@ -0,0 +1,94 @@
 ## What's New in 2.2.0
 Scarf projects can now travel. This release introduces **Project Templates** — a shareable `.scarftemplate` bundle format that packages a project's dashboard, agent instructions, skills, cron jobs, and a typed configuration schema into a single file anyone can install with one click. Bundles are agent-portable by design: every template ships with a cross-agent [`AGENTS.md`](https://agents.md/) so the instructions work natively in Claude Code, Cursor, Codex, Aider, Jules, Copilot, Zed, and every other agent that reads the Linux Foundation standard.
 This is also the first release to ship a public **template catalog website** — a static site generated from `templates/<author>/<name>/` in this repo, previewed at [awizemann.github.io/scarf/templates/](https://awizemann.github.io/scarf/templates/), with a CI-enforced validator for community submissions.
 ### Project Templates
 - **Bundle format: `.scarftemplate`.** A zip carrying a `template.json` manifest, the project's dashboard, a required `AGENTS.md` (the [Linux Foundation cross-agent instructions standard](https://agents.md/) — reads natively in Claude Code, Cursor, Codex, Aider, Jules, Copilot, Zed, and more), a README shown in the installer, optional per-agent instruction shims (`CLAUDE.md`, `GEMINI.md`, `.cursorrules`, `.github/copilot-instructions.md`), optional namespaced skills, optional cron job definitions, and an optional memory appendix.
 - **Install preview sheet.** Before anything touches disk, Scarf shows you the exact project directory that will be created, every file inside it, every skill that will be namespaced under `~/.hermes/skills/templates/<slug>/`, every cron job that will be registered (always paused — you enable each one manually), and a live diff of the memory appendix against your existing `MEMORY.md`. Markdown fields — the README, field descriptions, cron prompts — render inline. The manifest's content claim is cross-checked against the actual zip entries so a bundle can't hide files from the preview.
 - **`scarf://install?url=…` deep links.** Register Scarf as the handler for the `scarf` URL scheme so a future catalog site can link one-click installs straight into the app. Only `https://` payloads are accepted; `file://`, `javascript:`, and `http://` are refused on principle. A 50 MB size cap keeps a malicious link from exhausting disk. The URL never auto-installs — the preview sheet is always user-confirmed.
 - **Install-time token substitution.** Template authors use `{{PROJECT_DIR}}`, `{{TEMPLATE_ID}}`, and `{{TEMPLATE_SLUG}}` placeholders in cron prompts; the installer resolves them to absolute paths at install time so the registered cron job works regardless of where Hermes sets CWD.
 - **Export any project as a template.** Select a project, open the new Templates menu in the Projects toolbar, fill in a handful of fields (id, name, version, description, optional author + category + tags), tick the skills and cron jobs you want to include, optionally drop in a memory snippet, and save. The exporter carries the authored configuration schema forward but **never** the user's values — exports are safe on projects with live config.
 - **No-overwrite, reversible by design.** Installed templates drop a `<project>/.scarf/template.lock.json` recording exactly what they wrote — every project file, skill path, cron job name, memory block id, and Keychain reference. Installing the same template id twice is refused at the preview step so you don't accidentally double-append to `MEMORY.md`.
 - **Safe globals.** Skills install to `~/.hermes/skills/templates/<slug>/<skill-name>/` so they never collide with your own skills. Cron jobs are prefixed with `[tmpl:<id>]` and start paused. The installer **never** touches `~/.hermes/config.yaml`, `auth.json`, sessions, or any credential-bearing path.
 ### Template Configuration (schemaVersion 2)
 Templates can now declare a typed configuration schema that drives a form step during install — no more "edit a `sites.txt` file to get started."
 - **Typed field vocabulary.** Seven field types: `string`, `text` (multiline), `number` (with `min`/`max`), `bool`, `enum` (with `{value, label}` options), `list` (of strings, with `minItems`/`maxItems`), and `secret` (routed to the macOS Keychain). Constraints per type — `pattern` for regex, `minLength`/`maxLength` for text, etc. — are enforced at install and at edit time.
 - **Configure step in the install flow.** If the template declares a schema, a **Configure** screen is inserted between "pick parent directory" and the preview sheet. Non-secret values land in `<project>/.scarf/config.json`; secrets land in the macOS Keychain with a service name of `com.scarf.template.<slug>` and an account keyed to the project-directory hash (so two installs of the same template in different dirs don't collide on Keychain entries).
 - **Post-install Configuration editor.** A slider icon in the dashboard header opens the same form pre-filled with the current values. Change a site, rotate a token, toggle a feature — the cron job picks up the new values on its next run. Secrets are never echoed back ("Saved in Keychain — leave empty to keep the stored value").
 - **Model recommendations.** Templates can suggest a preferred model (`claude-sonnet-4.5`, `claude-haiku-4`, `gpt-4.1`, etc.) with a rationale. Scarf surfaces the recommendation in the configure sheet without auto-switching your active model — always your call.
 - **Secrets are tracked in the lock file.** Uninstalling a template runs `SecItemDelete` on every Keychain ref recorded at install, so a full clean-up leaves nothing behind. Absent entries (user already cleaned them) are no-ops.
 ### Template Catalog
 A Sparkle-style pipeline for community-contributed templates, living on the same `gh-pages` branch as the auto-update feed.
 - **Static site.** [awizemann.github.io/scarf/templates/](https://awizemann.github.io/scarf/templates/) — generated from every `templates/<author>/<name>/` directory. Each template gets a detail page showing the README, a live preview of the post-install dashboard, and the configuration schema rendered with human-readable constraint summaries. One-click install via the `scarf://install?url=…` button.
 - **Stdlib-only Python validator.** `tools/build-catalog.py` is a no-external-dependencies Python script that mirrors the Swift-side schema and validation invariants (supported widget types, supported field types, `contents` claim verification, secret-with-default rejection, bundle-size cap, high-confidence secret patterns). Run it locally with `./scripts/catalog.sh check` before submitting a PR.
 - **CI gate on PRs.** [`.github/workflows/validate-template-pr.yml`](https://github.com/awizemann/scarf/blob/main/.github/workflows/validate-template-pr.yml) runs the validator + its 24-test suite on every PR touching `templates/`, the validator itself, or its tests. Failing PRs get an inline comment with the last 3 KB of the validator output; passing PRs get a tailored checklist naming the specific template directory being changed.
 - **Install-URL hosting.** Bundles are raw-served from `main` at `https://raw.githubusercontent.com/awizemann/scarf/main/templates/<author>/<name>/<name>.scarftemplate`. No per-template GitHub Releases ceremony.
 - **Dogfood: the site uses Scarf's dashboard format.** `site/widgets.js` is ~300 lines of vanilla JS that renders a `ProjectDashboard` JSON using the same widget vocabulary the app uses, so each detail page's "live preview" is the actual dashboard the user will get.
 ### Example template: `awizemann/site-status-checker`
 Ships as the first catalog entry and exercises every v2.2 surface. [See it in the catalog →](https://awizemann.github.io/scarf/templates/awizemann-site-status-checker/)
 - Configure step asks for a list of URLs and a per-URL timeout.
 - A paused cron job runs daily at 09:00 (editable from the Cron sidebar), does HTTP GETs with 3-redirect follow, writes a timestamped results table to `status-log.md`, updates the dashboard's Sites Up / Sites Down / Last Checked stat widgets plus the Watched Sites list, and rewrites the Site tab's webview URL to the first configured site.
 - Works in any agent — the `AGENTS.md` is the single source of truth; no per-agent shim needed.
 ### Site tab
 A dashboard with at least one `webview` widget now exposes a **Site** tab next to Dashboard. Useful for templates that watch something renderable (a site, a preview endpoint, a Grafana panel). The `site-status-checker` example rewrites the webview URL to the first configured site on every cron run, so the tab stays in sync with live config.
 ### Using templates
 - **Install from file:** Projects → Templates → *Install from File…*, pick a `.scarftemplate` from disk.
 - **Install from URL:** Projects → Templates → *Install from URL…*, paste an https URL.
 - **Install from the web:** click any `scarf://install?url=…` link in a browser.
 - **Export:** select a project → Projects → Templates → *Export "&lt;name&gt;" as Template…*, fill the form, save.
 - **Edit config post-install:** slider icon in the dashboard header.
 - **Uninstall:** right-click the project in the sidebar → *Uninstall Template (remove installed files)…*, or click the uninstall icon in the dashboard header. The preview sheet lists every file, cron job, Keychain secret, and memory block that will be removed, plus every user-created file that will be preserved.
 ### UX clarifications
 - **Remove from List vs. Uninstall Template.** Sidebar context-menu labels clarified so you can see at a glance whether a click is destructive. *Remove from List (keep files)…* is registry-only — nothing on disk is touched, cron jobs stay, Keychain secrets stay. A confirmation dialog spells this out before the click lands. *Uninstall Template (remove installed files)…* is the full, lock-driven cleanup.
 - **Post-uninstall "folder kept" banner.** When the uninstaller preserves the project directory because the cron wrote a `status-log.md` (or the user dropped files in there), the success view now explicitly lists the preserved paths with a pointer to delete the folder from Finder if desired.
 - **Run Now no longer blocks on agent runs.** The Cron sidebar's Run Now button used to show a "Run failed" toast whenever an agent job ran longer than 60 s — even when the job was finishing correctly in the background. Run Now now shows "Agent started — dashboard will update when it finishes" immediately and the dashboard watcher picks up the completed state when it lands (timeout bumped to 300 s for the catch-stuck-process case).
 ### Uninstall
 - **One-click uninstall** driven by `template.lock.json`. The preview sheet lists every file, cron job, Keychain ref, and memory block that will be removed, and every user-created file that will be preserved.
 - **User content is never removed.** Files you (or the agent) added to the project dir after install — like a `sites.txt` or `status-log.md` — are detected and listed as "keep" in the preview. The project directory itself is removed only if nothing user-owned is left inside.
 - **Clean global state.** The isolated `~/.hermes/skills/templates/<slug>/` namespace is removed wholesale. Tagged cron jobs are removed via `hermes cron remove`. Every recorded Keychain ref is cleared via `SecItemDelete`. The memory block between the `<!-- scarf-template:<id>:begin/end -->` markers is stripped, leaving the rest of MEMORY.md intact. The project registry entry is removed last.
 - **No undo.** Uninstall is destructive — to reinstall, run the install flow again.
 ### Under the hood
 - New models in `Core/Models/ProjectTemplate.swift` (manifest, inspection, install plan, lock file v2) and `Core/Models/TemplateConfig.swift` (schema + typed values + Keychain ref model).
 - `Core/Services/ProjectTemplateService.swift` unzips, parses, and validates; `ProjectTemplateInstaller.swift` executes the plan with preflight + fail-fast semantics; `ProjectTemplateUninstaller.swift` reverses an install driven by the lock file; `ProjectTemplateExporter.swift` builds bundles from a live project + selections.
 - `Core/Services/ProjectConfigService.swift` owns load/save/validation of `<project>/.scarf/config.json` + secret resolution; `Core/Services/ProjectConfigKeychain.swift` is the thin `SecItemAdd`/`Copy`/`Delete` wrapper (the only Keychain consumer in Scarf today).
 - `Core/Services/TemplateURLRouter.swift` is the process-wide landing pad for `scarf://` URLs so a cold-launch browser click still reaches the install sheet.
 - New Swift Testing suites covering 57 tests across the service / installer / uninstaller / exporter / config / Keychain / URL-router paths.
 - New Python validator (`tools/build-catalog.py`) + test suite (`tools/test_build_catalog.py`, 24 tests) mirrors the Swift invariants for the CI gate and the site generator. Schema is Swift-primary — additions go to Swift first, Python mirrors.
 - `scripts/catalog.sh` wraps the validator with `check / build / preview / serve / publish` subcommands that parallel the `scripts/release.sh` shape.
 ### Migrating from 2.1.x
 Sparkle will offer the update automatically. No config migration needed. Existing projects are untouched — templates are additive. If you had a v2.2.0-dev install of the earlier `project-templates` branch, uninstall and reinstall any previously-installed templates to pick up the schema-version-2 lock file.
 ### Documentation
 - [Project Templates wiki page](https://github.com/awizemann/scarf/wiki/Project-Templates) — installing, exporting, configuring, authoring, uninstalling.
 - [Catalog site](https://awizemann.github.io/scarf/templates/) — the public catalog with live dashboard previews.
 - [`templates/CONTRIBUTING.md`](https://github.com/awizemann/scarf/blob/main/templates/CONTRIBUTING.md) — how to submit a template via PR.
 - [Architecture notes in root `CLAUDE.md`](https://github.com/awizemann/scarf/blob/main/CLAUDE.md#project-templates) — service-layer map, Keychain scheme, schema-drift discipline.
 ### Thanks
 Thanks to everyone who tested drafts of the install flow, caught the "Run Now blocks on agent" bug, and pushed on the Remove-vs-Uninstall UX until it was clear. A 2.3 follow-up will extend the catalog validator to enforce per-field-type constraints at PR-time (currently enforced on install but not at submission).
@@ -0,0 +1,84 @@
 # Internationalization (i18n)
 Scarf uses Apple's modern **String Catalog** workflow. Source strings are auto-extracted from `Text("…")` and `String(localized: …)` literals into [`scarf/scarf/Localizable.xcstrings`](../scarf/Localizable.xcstrings) at build time (when built in Xcode.app; `xcodebuild` alone emits per-source `.stringsdata` but does not merge back into the catalog). Info.plist keys are localized via [`scarf/scarf/InfoPlist.xcstrings`](../scarf/InfoPlist.xcstrings).
 ## Languages
 | Locale | Status |
 |---|---|
 | `en` (English) | Base / source |
 | `zh-Hans` (Simplified Chinese) | AI-translated, native-speaker review welcome |
 | `de` (German) | AI-translated, native-speaker review welcome |
 | `fr` (French) | AI-translated, native-speaker review welcome |
 | `es` (Spanish) | AI-translated, native-speaker review welcome |
 | `ja` (Japanese) | AI-translated, native-speaker review welcome |
 | `pt-BR` (Portuguese, Brazil) | AI-translated, native-speaker review welcome |
 Canadian French users are served by base `fr`. `fr-CA` will be added only if a concrete Québec-specific bug is reported.
 ### Translation workflow
 Source-of-truth per locale lives in `tools/translations/<locale>.json` — a flat `{ "English": "Translation" }` map. The merge step writes those into `scarf/scarf/Localizable.xcstrings` via:
 ```bash
 python3 tools/merge-translations.py
 ```
 Keys absent from a locale file fall back to English at runtime — this is deliberate for proper nouns (Scarf, Hermes, Anthropic, OAuth, SSH…) and format-only strings (`%lld`, `%@ → %@`, `•`). Re-running the merge is idempotent; iterate on a JSON and re-merge.
 Contributor path for new languages is documented in the repo root [CONTRIBUTING.md](../../CONTRIBUTING.md#adding-a-language).
 ## Adding a new language
 1. Xcode → Project → Info → Localizations → `+` (add locale).
 2. Ensure the locale code is also listed in `knownRegions` of `scarf.xcodeproj/project.pbxproj`.
 3. Open `Localizable.xcstrings` in Xcode; the new locale appears as an empty column — translate or use Xcode's AI suggestions.
 4. Repeat for `InfoPlist.xcstrings` (microphone usage, etc.).
 5. Smoke-test via scheme language override (Edit Scheme → Run → App Language).
 ## Adding translations (AI-first workflow)
 For the three supported non-English locales we use Xcode's built-in AI translation:
 1. Open `Localizable.xcstrings` in Xcode.
 2. Select untranslated rows for a locale → right-click → **Translate** (Xcode 26+ provides GPT-backed suggestions with context from the surrounding code comment).
 3. Review each suggestion before marking **Translated**.
 4. For terms that should NOT translate (proper nouns like *Scarf*, *Hermes*, *Anthropic*; env var names; file paths), wrap the source site in `Text(verbatim: "…")` so the key never hits the catalog.
 ## Guardrails when writing new UI code
 `Text("literal")` auto-localizes. These patterns **silently leak English** and need explicit handling:
 | Pattern | Fix |
 |---|---|
 | `Text(someStringVar)` | `Text(LocalizedStringResource("key"))` or pass a `LocalizedStringKey` down the view tree |
 | `"Hello " + name` | `String(localized: "Hello \(name)")` |
 | `String(format: "$%.2f", cost)` | `cost.formatted(.currency(code: "USD").precision(.fractionLength(2)))` |
 | `String(format: "%.1f MB", size)` | `Int64(size).formatted(.byteCount(style: .file))` |
 | `String(format: "%.1fM", n)` | `n.formatted(.number.notation(.compactName))` |
 | Custom `DateFormatter` with fixed `dateFormat` | `date.formatted(.dateTime.month().day().year())` |
 | `.help(stringVar)` | Compute a `LocalizedStringKey` or use `.help(Text(…))` |
 | `Button(stringVar)` | `Button(LocalizedStringResource("key")) { … }` |
 Strings that are **user data** (session titles, memory file contents, log lines, shell commands shown in UI, file paths) should pass through without localization — this happens naturally when the value is a `String` variable, since those overloads skip the catalog.
 ## Audit status
 Phase 1b (the `multi-language` PR) closed every tracked site from the original audit:
 - **Category A high-priority (ternary UI copy)** — converted to `Text`-ternary form so each branch routes through `LocalizedStringKey`.
 - **Category A medium-priority (enum `.rawValue` displays)** — each enum now exposes `displayName: LocalizedStringResource` and call sites use it. `LogEntry.LogLevel` (technical jargon) stays verbatim.
 - **Category A lower-priority (displayName passthroughs)** — wrapped with `Text(verbatim:)` for proper nouns / user data (`HermesToolPlatform`, `ServerRegistry.Entry`, `MCPServerPreset`). `MCPTransport.displayName` promoted to `LocalizedStringResource`.
 - **Category B (composite format strings)** — migrated to `Text("\(arg) suffix")` with `LocalizedStringKey` or to `.percent` / `.currency` FormatStyle.
 - **Category C (hard-coded day names)** — replaced with `Calendar.current.shortWeekdaySymbols`, re-indexed to match the existing Mon=0 data model.
 - **Category D (`.help(stringVar)` sites)** — `ConnectionStatusPill` now returns `Text` from its `labelText` / `tooltipText` properties.
 If you spot a new silently-un-localizable site during translation review, prefer the patterns in the table above over one-off workarounds.
 ### Non-blocking (intentional verbatim)
 The following are correct as-is because they pass user data or machine-readable content through to the UI:
 - Session titles, message content, memory / skill / YAML file contents, log lines, shell commands, file paths, session IDs, model IDs, credential sources, URL strings.
 If we later need to badge these (e.g. "(empty)" placeholder), the badge itself becomes a localizable key while the data passthrough stays verbatim.
@@ -8,6 +8,7 @@
 /* Begin PBXBuildFile section */
 		53495AB62F7B992C00BD31AD /* SwiftTerm in Frameworks */ = {isa = PBXBuildFile; productRef = 53SWIFTTERM0001 /* SwiftTerm */; };
 		53SPARKLE00010 /* Sparkle in Frameworks */ = {isa = PBXBuildFile; productRef = 53SPARKLE00011 /* Sparkle */; };
 /* End PBXBuildFile section */
 /* Begin PBXContainerItemProxy section */
@@ -33,9 +34,22 @@
 		534959592F7B83B700BD31AD /* scarfUITests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = scarfUITests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
 /* End PBXFileReference section */
 /* Begin PBXFileSystemSynchronizedBuildFileExceptionSet section */
 		534959AA2F7B83B600BD31AD /* Exceptions for "scarf" folder in "scarf" target */ = {
 			isa = PBXFileSystemSynchronizedBuildFileExceptionSet;
 			membershipExceptions = (
 				Info.plist,
 			);
 			target = 5349593F2F7B83B600BD31AD /* scarf */;
 		};
 /* End PBXFileSystemSynchronizedBuildFileExceptionSet section */
 /* Begin PBXFileSystemSynchronizedRootGroup section */
 		534959422F7B83B600BD31AD /* scarf */ = {
 			isa = PBXFileSystemSynchronizedRootGroup;
 			exceptions = (
 				534959AA2F7B83B600BD31AD /* Exceptions for "scarf" folder in "scarf" target */,
 			);
 			path = scarf;
 			sourceTree = "<group>";
 		};
@@ -57,6 +71,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				53495AB62F7B992C00BD31AD /* SwiftTerm in Frameworks */,
 				53SPARKLE00010 /* Sparkle in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -118,6 +133,7 @@
 			name = scarf;
 			packageProductDependencies = (
 				53SWIFTTERM0001 /* SwiftTerm */,
 				53SPARKLE00011 /* Sparkle */,
 			);
 			productName = scarf;
 			productReference = 534959402F7B83B600BD31AD /* scarf.app */;
@@ -198,11 +214,18 @@
 			knownRegions = (
 				en,
 				Base,
 				"zh-Hans",
 				de,
 				fr,
 				es,
 				ja,
 				"pt-BR",
 			);
 			mainGroup = 534959372F7B83B600BD31AD;
 			minimizedProjectReferenceProxies = 1;
 			packageReferences = (
 				53SWIFTTERM0002 /* XCRemoteSwiftPackageReference "SwiftTerm" */,
 				53SPARKLE00012 /* XCRemoteSwiftPackageReference "Sparkle" */,
 			);
 			preferredProjectObjectVersion = 77;
 			productRefGroup = 534959412F7B83B600BD31AD /* Products */;
@@ -283,6 +306,7 @@
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
 				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
 				CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES;
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
@@ -312,6 +336,7 @@
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				COPY_PHASE_STRIP = NO;
 				DEAD_CODE_STRIPPING = YES;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				DEVELOPMENT_TEAM = 3Q6X2L86C4;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
@@ -337,6 +362,7 @@
 				MTL_FAST_MATH = YES;
 				ONLY_ACTIVE_ARCH = YES;
 				SDKROOT = macosx;
 				STRING_CATALOG_GENERATE_SYMBOLS = YES;
 				SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)";
 				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
 			};
@@ -347,6 +373,7 @@
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
 				ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES;
 				CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES;
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++20";
@@ -376,6 +403,7 @@
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				COPY_PHASE_STRIP = NO;
 				DEAD_CODE_STRIPPING = YES;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				DEVELOPMENT_TEAM = 3Q6X2L86C4;
 				ENABLE_NS_ASSERTIONS = NO;
@@ -394,6 +422,7 @@
 				MTL_ENABLE_DEBUG_INFO = NO;
 				MTL_FAST_MATH = YES;
 				SDKROOT = macosx;
 				STRING_CATALOG_GENERATE_SYMBOLS = YES;
 				SWIFT_COMPILATION_MODE = wholemodule;
 			};
 			name = Release;
@@ -407,23 +436,21 @@
 				CODE_SIGN_ENTITLEMENTS = scarf/scarf.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 10;
+				CURRENT_PROJECT_VERSION = 22;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = 3Q6X2L86C4;
 				ENABLE_APP_SANDBOX = NO;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_PREVIEWS = YES;
-				GENERATE_INFOPLIST_FILE = YES;
+				GENERATE_INFOPLIST_FILE = NO;
-				INFOPLIST_KEY_CFBundleDisplayName = Scarf;
+				INFOPLIST_FILE = scarf/Info.plist;
 				INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.utilities";
 				INFOPLIST_KEY_NSHumanReadableCopyright = "";
 				INFOPLIST_KEY_NSMicrophoneUsageDescription = "Scarf uses the microphone for Hermes voice chat.";
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14.6;
-				MARKETING_VERSION = 1.5.8;
+				MARKETING_VERSION = 2.1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = com.scarf;
+				PRODUCT_BUNDLE_IDENTIFIER = com.scarf.app;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
 				STRING_CATALOG_GENERATE_SYMBOLS = YES;
@@ -444,23 +471,21 @@
 				CODE_SIGN_ENTITLEMENTS = scarf/scarf.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 10;
+				CURRENT_PROJECT_VERSION = 22;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = 3Q6X2L86C4;
 				ENABLE_APP_SANDBOX = NO;
 				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_PREVIEWS = YES;
-				GENERATE_INFOPLIST_FILE = YES;
+				GENERATE_INFOPLIST_FILE = NO;
-				INFOPLIST_KEY_CFBundleDisplayName = Scarf;
+				INFOPLIST_FILE = scarf/Info.plist;
 				INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.utilities";
 				INFOPLIST_KEY_NSHumanReadableCopyright = "";
 				INFOPLIST_KEY_NSMicrophoneUsageDescription = "Scarf uses the microphone for Hermes voice chat.";
 				LD_RUNPATH_SEARCH_PATHS = (
 					"$(inherited)",
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 14.6;
-				MARKETING_VERSION = 1.5.8;
+				MARKETING_VERSION = 2.1.0;
-				PRODUCT_BUNDLE_IDENTIFIER = com.scarf;
+				PRODUCT_BUNDLE_IDENTIFIER = com.scarf.app;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
 				STRING_CATALOG_GENERATE_SYMBOLS = YES;
@@ -477,11 +502,12 @@
 			buildSettings = {
 				BUNDLE_LOADER = "$(TEST_HOST)";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 4;
+				CURRENT_PROJECT_VERSION = 22;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = 3Q6X2L86C4;
 				GENERATE_INFOPLIST_FILE = YES;
 				MACOSX_DEPLOYMENT_TARGET = 26.2;
-				MARKETING_VERSION = 1.5.0;
+				MARKETING_VERSION = 2.1.0;
 				PRODUCT_BUNDLE_IDENTIFIER = com.scarfTests;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				STRING_CATALOG_GENERATE_SYMBOLS = NO;
@@ -498,11 +524,12 @@
 			buildSettings = {
 				BUNDLE_LOADER = "$(TEST_HOST)";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 4;
+				CURRENT_PROJECT_VERSION = 22;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = 3Q6X2L86C4;
 				GENERATE_INFOPLIST_FILE = YES;
 				MACOSX_DEPLOYMENT_TARGET = 26.2;
-				MARKETING_VERSION = 1.5.0;
+				MARKETING_VERSION = 2.1.0;
 				PRODUCT_BUNDLE_IDENTIFIER = com.scarfTests;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				STRING_CATALOG_GENERATE_SYMBOLS = NO;
@@ -518,10 +545,11 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 4;
+				CURRENT_PROJECT_VERSION = 22;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = 3Q6X2L86C4;
 				GENERATE_INFOPLIST_FILE = YES;
-				MARKETING_VERSION = 1.5.0;
+				MARKETING_VERSION = 2.1.0;
 				PRODUCT_BUNDLE_IDENTIFIER = com.scarfUITests;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				STRING_CATALOG_GENERATE_SYMBOLS = NO;
@@ -537,10 +565,11 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 4;
+				CURRENT_PROJECT_VERSION = 22;
 				DEAD_CODE_STRIPPING = YES;
 				DEVELOPMENT_TEAM = 3Q6X2L86C4;
 				GENERATE_INFOPLIST_FILE = YES;
-				MARKETING_VERSION = 1.5.0;
+				MARKETING_VERSION = 2.1.0;
 				PRODUCT_BUNDLE_IDENTIFIER = com.scarfUITests;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				STRING_CATALOG_GENERATE_SYMBOLS = NO;
@@ -594,6 +623,14 @@
 /* End XCConfigurationList section */
 /* Begin XCRemoteSwiftPackageReference section */
 		53SPARKLE00012 /* XCRemoteSwiftPackageReference "Sparkle" */ = {
 			isa = XCRemoteSwiftPackageReference;
 			repositoryURL = "https://github.com/sparkle-project/Sparkle";
 			requirement = {
 				kind = upToNextMajorVersion;
 				minimumVersion = 2.6.0;
 			};
 		};
 		53SWIFTTERM0002 /* XCRemoteSwiftPackageReference "SwiftTerm" */ = {
 			isa = XCRemoteSwiftPackageReference;
 			repositoryURL = "https://github.com/migueldeicaza/SwiftTerm.git";
@@ -605,6 +642,11 @@
 /* End XCRemoteSwiftPackageReference section */
 /* Begin XCSwiftPackageProductDependency section */
 		53SPARKLE00011 /* Sparkle */ = {
 			isa = XCSwiftPackageProductDependency;
 			package = 53SPARKLE00012 /* XCRemoteSwiftPackageReference "Sparkle" */;
 			productName = Sparkle;
 		};
 		53SWIFTTERM0001 /* SwiftTerm */ = {
 			isa = XCSwiftPackageProductDependency;
 			package = 53SWIFTTERM0002 /* XCRemoteSwiftPackageReference "SwiftTerm" */;
@@ -0,0 +1,100 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Scheme
   LastUpgradeVersion = "2620"
   version = "1.7">
   <BuildAction
      parallelizeBuildables = "YES"
      buildImplicitDependencies = "YES"
      buildArchitectures = "Automatic">
      <BuildActionEntries>
         <BuildActionEntry
            buildForTesting = "YES"
            buildForRunning = "YES"
            buildForProfiling = "YES"
            buildForArchiving = "YES"
            buildForAnalyzing = "YES">
            <BuildableReference
               BuildableIdentifier = "primary"
               BlueprintIdentifier = "5349593F2F7B83B600BD31AD"
               BuildableName = "scarf.app"
               BlueprintName = "scarf"
               ReferencedContainer = "container:scarf.xcodeproj">
            </BuildableReference>
         </BuildActionEntry>
      </BuildActionEntries>
   </BuildAction>
   <TestAction
      buildConfiguration = "Debug"
      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
      shouldUseLaunchSchemeArgsEnv = "YES"
      shouldAutocreateTestPlan = "YES">
      <Testables>
         <TestableReference
            skipped = "NO">
            <BuildableReference
               BuildableIdentifier = "primary"
               BlueprintIdentifier = "5349594E2F7B83B700BD31AD"
               BuildableName = "scarfTests.xctest"
               BlueprintName = "scarfTests"
               ReferencedContainer = "container:scarf.xcodeproj">
            </BuildableReference>
         </TestableReference>
         <TestableReference
            skipped = "NO">
            <BuildableReference
               BuildableIdentifier = "primary"
               BlueprintIdentifier = "534959582F7B83B700BD31AD"
               BuildableName = "scarfUITests.xctest"
               BlueprintName = "scarfUITests"
               ReferencedContainer = "container:scarf.xcodeproj">
            </BuildableReference>
         </TestableReference>
      </Testables>
   </TestAction>
   <LaunchAction
      buildConfiguration = "Debug"
      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
      launchStyle = "0"
      useCustomWorkingDirectory = "NO"
      ignoresPersistentStateOnLaunch = "NO"
      debugDocumentVersioning = "YES"
      debugServiceExtension = "internal"
      allowLocationSimulation = "YES">
      <BuildableProductRunnable
         runnableDebuggingMode = "0">
         <BuildableReference
            BuildableIdentifier = "primary"
            BlueprintIdentifier = "5349593F2F7B83B600BD31AD"
            BuildableName = "scarf.app"
            BlueprintName = "scarf"
            ReferencedContainer = "container:scarf.xcodeproj">
         </BuildableReference>
      </BuildableProductRunnable>
   </LaunchAction>
   <ProfileAction
      buildConfiguration = "Release"
      shouldUseLaunchSchemeArgsEnv = "YES"
      savedToolIdentifier = ""
      useCustomWorkingDirectory = "NO"
      debugDocumentVersioning = "YES">
      <BuildableProductRunnable
         runnableDebuggingMode = "0">
         <BuildableReference
            BuildableIdentifier = "primary"
            BlueprintIdentifier = "5349593F2F7B83B600BD31AD"
            BuildableName = "scarf.app"
            BlueprintName = "scarf"
            ReferencedContainer = "container:scarf.xcodeproj">
         </BuildableReference>
      </BuildableProductRunnable>
   </ProfileAction>
   <AnalyzeAction
      buildConfiguration = "Debug">
   </AnalyzeAction>
   <ArchiveAction
      buildConfiguration = "Release"
      revealArchiveInOrganizer = "YES">
   </ArchiveAction>
 </Scheme>
@@ -2,48 +2,79 @@ import SwiftUI
 struct ContentView: View {
    @Environment(AppCoordinator.self) private var coordinator
    @Environment(\.serverContext) private var serverContext
    /// Per-window connection status. Constructed from the window's
    /// `serverContext` once; lifetime matches the window.
    @State private var connectionStatus: ConnectionStatusViewModel
    init() {
        _connectionStatus = State(initialValue: ConnectionStatusViewModel(context: .local))
    }
    var body: some View {
        NavigationSplitView {
            SidebarView()
                .navigationSplitViewColumnWidth(min: 180, ideal: 240, max: 360)
        } detail: {
            detailView
                .toolbar {
                    ToolbarItem(placement: .navigation) {
                        ServerSwitcherToolbar()
                    }
                    if serverContext.isRemote {
                        // `.principal` centers the pill in the toolbar —
                        // the native emphasis bezel is the intended frame;
                        // the pill's own visual content (icon + label, no
                        // background) sits inside it in balance.
                        ToolbarItem(placement: .principal) {
                            ConnectionStatusPill(status: connectionStatus)
                        }
                    }
                }
                .onAppear {
                    // The actual context is injected via @Environment, which
                    // isn't available in `init`. Rebuild the monitor here
                    // the first time we know the real context. Safe to call
                    // repeatedly; `startMonitoring()` cancels + restarts.
                    if connectionStatus.context.id != serverContext.id {
                        connectionStatus = ConnectionStatusViewModel(context: serverContext)
                    }
                    connectionStatus.startMonitoring()
                }
                .onDisappear { connectionStatus.stopMonitoring() }
        }
    }
    @ViewBuilder
    private var detailView: some View {
        // Each routed view receives the window's `serverContext` in its
        // init so its `@State` ViewModel is constructed bound to the right
        // server. This is what makes multi-window work — without it,
        // every window's VMs default-construct with `.local` even though
        // the surrounding env has the right context.
        switch coordinator.selectedSection {
-        case .dashboard:
+        case .dashboard:        DashboardView(context: serverContext)
-            DashboardView()
+        case .insights:         InsightsView(context: serverContext)
-        case .insights:
+        case .sessions:         SessionsView(context: serverContext)
-            InsightsView()
+        case .activity:         ActivityView(context: serverContext)
-        case .sessions:
+        case .projects:         ProjectsView(context: serverContext)
-            SessionsView()
+        case .chat:             ChatView()
-        case .activity:
+        case .memory:           MemoryView(context: serverContext)
-            ActivityView()
+        case .skills:           SkillsView(context: serverContext)
-        case .projects:
+        case .platforms:        PlatformsView(context: serverContext)
-            ProjectsView()
+        case .personalities:    PersonalitiesView(context: serverContext)
-        case .chat:
+        case .quickCommands:    QuickCommandsView(context: serverContext)
-            ChatView()
+        case .credentialPools:  CredentialPoolsView(context: serverContext)
-        case .memory:
+        case .plugins:          PluginsView(context: serverContext)
-            MemoryView()
+        case .webhooks:         WebhooksView(context: serverContext)
-        case .skills:
+        case .profiles:         ProfilesView(context: serverContext)
-            SkillsView()
+        case .tools:            ToolsView(context: serverContext)
-        case .tools:
+        case .mcpServers:       MCPServersView(context: serverContext)
-            ToolsView()
+        case .gateway:          GatewayView(context: serverContext)
-        case .mcpServers:
+        case .cron:             CronView(context: serverContext)
-            MCPServersView()
+        case .health:           HealthView(context: serverContext)
-        case .gateway:
+        case .logs:             LogsView(context: serverContext)
-            GatewayView()
+        case .settings:         SettingsView(context: serverContext)
        case .cron:
            CronView()
        case .health:
            HealthView()
        case .logs:
            LogsView()
        case .settings:
            SettingsView()
        }
    }
 }
@@ -2,39 +2,83 @@ import Foundation
 // MARK: - JSON-RPC Transport
-struct ACPRequest: Encodable {
+// Hand-written `encode(to:)` / `init(from:)` with explicit `nonisolated` so
-    let jsonrpc = "2.0"
+// Swift 6's default-isolation doesn't synthesize a MainActor-isolated
-    let id: Int
+// conformance — which would prevent these payloads from being encoded or
-    let method: String
+// decoded inside `ACPClient`'s actor context (the JSON-RPC read/write loop).
-    let params: [String: AnyCodable]
+// The member list must stay in sync with the stored properties above.
 struct ACPRequest: Encodable, Sendable {
    nonisolated let jsonrpc = "2.0"
    nonisolated let id: Int
    nonisolated let method: String
    nonisolated let params: [String: AnyCodable]
    enum CodingKeys: String, CodingKey { case jsonrpc, id, method, params }
    nonisolated func encode(to encoder: any Encoder) throws {
        var c = encoder.container(keyedBy: CodingKeys.self)
        try c.encode(jsonrpc, forKey: .jsonrpc)
        try c.encode(id, forKey: .id)
        try c.encode(method, forKey: .method)
        try c.encode(params, forKey: .params)
    }
 }
-struct ACPRawMessage: Decodable {
+struct ACPRawMessage: Decodable, Sendable {
-    let jsonrpc: String?
+    nonisolated let jsonrpc: String?
-    let id: Int?
+    nonisolated let id: Int?
-    let method: String?
+    nonisolated let method: String?
-    let result: AnyCodable?
+    nonisolated let result: AnyCodable?
-    let error: ACPError?
+    nonisolated let error: ACPError?
-    let params: AnyCodable?
+    nonisolated let params: AnyCodable?
-    var isResponse: Bool { id != nil && method == nil }
+    nonisolated var isResponse: Bool { id != nil && method == nil }
-    var isNotification: Bool { method != nil && id == nil }
+    nonisolated var isNotification: Bool { method != nil && id == nil }
-    var isRequest: Bool { method != nil && id != nil }
+    nonisolated var isRequest: Bool { method != nil && id != nil }
    enum CodingKeys: String, CodingKey { case jsonrpc, id, method, result, error, params }
    nonisolated init(from decoder: any Decoder) throws {
        let c = try decoder.container(keyedBy: CodingKeys.self)
        self.jsonrpc = try c.decodeIfPresent(String.self, forKey: .jsonrpc)
        self.id      = try c.decodeIfPresent(Int.self, forKey: .id)
        self.method  = try c.decodeIfPresent(String.self, forKey: .method)
        self.result  = try c.decodeIfPresent(AnyCodable.self, forKey: .result)
        self.error   = try c.decodeIfPresent(ACPError.self, forKey: .error)
        self.params  = try c.decodeIfPresent(AnyCodable.self, forKey: .params)
    }
 }
 struct ACPError: Decodable, Sendable {
-    let code: Int
+    nonisolated let code: Int
-    let message: String
+    nonisolated let message: String
    enum CodingKeys: String, CodingKey { case code, message }
    nonisolated init(from decoder: any Decoder) throws {
        let c = try decoder.container(keyedBy: CodingKeys.self)
        self.code = try c.decode(Int.self, forKey: .code)
        self.message = try c.decode(String.self, forKey: .message)
    }
 }
 // MARK: - AnyCodable (for dynamic JSON)
-struct AnyCodable: Codable, Sendable {
+struct AnyCodable: Codable, @unchecked Sendable {
-    let value: Any
+    nonisolated let value: Any
-    init(_ value: Any) { self.value = value }
+    nonisolated init(_ value: Any) { self.value = value }
-    init(from decoder: Decoder) throws {
+    // NOT marked `nonisolated`: Swift's default-isolation treats writes to a
    // `let value: Any` stored property as MainActor-isolated even when the
    // property is declared nonisolated (Any can't be strictly Sendable, so
    // the compiler can't prove the write is safe off-main). Leaving the
    // init as default-isolated silences the mutation warnings; the Decodable
    // conformance is still usable from ACPClient's nonisolated read loop
    // because all callers are already @preconcurrency with respect to
    // `AnyCodable` (it's @unchecked Sendable).
    init(from decoder: any Decoder) throws {
        let container = try decoder.singleValueContainer()
        if container.decodeNil() {
            value = NSNull()
@@ -55,7 +99,7 @@ struct AnyCodable: Codable, Sendable {
        }
    }
-    func encode(to encoder: Encoder) throws {
+    func encode(to encoder: any Encoder) throws {
        var container = encoder.singleValueContainer()
        switch value {
        case is NSNull:
@@ -79,10 +123,10 @@ struct AnyCodable: Codable, Sendable {
    // MARK: - Accessors
-    var stringValue: String? { value as? String }
+    nonisolated var stringValue: String? { value as? String }
-    var intValue: Int? { value as? Int }
+    nonisolated var intValue: Int? { value as? Int }
-    var dictValue: [String: Any]? { value as? [String: Any] }
+    nonisolated var dictValue: [String: Any]? { value as? [String: Any] }
-    var arrayValue: [Any]? { value as? [Any] }
+    nonisolated var arrayValue: [Any]? { value as? [Any] }
 }
 // MARK: - ACP Events (parsed from session/update notifications)
@@ -154,7 +198,7 @@ struct ACPPromptResult: Sendable {
 // MARK: - Event Parsing
 enum ACPEventParser {
-    static func parse(notification: ACPRawMessage) -> ACPEvent? {
+    nonisolated static func parse(notification: ACPRawMessage) -> ACPEvent? {
        guard notification.method == "session/update",
              let params = notification.params?.dictValue,
              let sessionId = params["sessionId"] as? String,
@@ -202,7 +246,7 @@ enum ACPEventParser {
        }
    }
-    static func parsePermissionRequest(_ message: ACPRawMessage) -> ACPEvent? {
+    nonisolated static func parsePermissionRequest(_ message: ACPRawMessage) -> ACPEvent? {
        guard message.method == "session/request_permission",
              let params = message.params?.dictValue,
              let sessionId = params["sessionId"] as? String,
@@ -226,7 +270,7 @@ enum ACPEventParser {
    // MARK: - Content Extraction
-    private static func extractContentText(from update: [String: Any]) -> String {
+    nonisolated private static func extractContentText(from update: [String: Any]) -> String {
        if let content = update["content"] as? [String: Any],
           let text = content["text"] as? String {
            return text
@@ -234,7 +278,7 @@ enum ACPEventParser {
        return ""
    }
-    private static func extractContentArrayText(from update: [String: Any]) -> String {
+    nonisolated private static func extractContentArrayText(from update: [String: Any]) -> String {
        if let contentArray = update["content"] as? [[String: Any]] {
            return contentArray.compactMap { item -> String? in
                guard let inner = item["content"] as? [String: Any] else { return nil }
@@ -1,6 +1,304 @@
 import Foundation
 /// Settings for one of hermes's auxiliary model tasks (vision, compression, approvals, etc.).
 /// Every auxiliary task follows the same provider/model/base_url/api_key/timeout pattern.
 struct AuxiliaryModel: Sendable, Equatable {
    var provider: String
    var model: String
    var baseURL: String
    var apiKey: String
    var timeout: Int
    nonisolated static let empty = AuxiliaryModel(provider: "auto", model: "", baseURL: "", apiKey: "", timeout: 30)
 }
 /// Group of display-related settings mirroring the `display:` block in config.yaml.
 struct DisplaySettings: Sendable, Equatable {
    var skin: String
    var compact: Bool
    var resumeDisplay: String           // "full" | "minimal"
    var bellOnComplete: Bool
    var inlineDiffs: Bool
    var toolProgressCommand: Bool
    var toolPreviewLength: Int
    var busyInputMode: String           // e.g. "interrupt"
    nonisolated static let empty = DisplaySettings(
        skin: "default",
        compact: false,
        resumeDisplay: "full",
        bellOnComplete: false,
        inlineDiffs: true,
        toolProgressCommand: false,
        toolPreviewLength: 0,
        busyInputMode: "interrupt"
    )
 }
 /// Container/terminal backend options. These map to `terminal.*` keys in config.yaml.
 struct TerminalSettings: Sendable, Equatable {
    var cwd: String
    var timeout: Int
    var envPassthrough: [String]
    var persistentShell: Bool
    var dockerImage: String
    var dockerMountCwdToWorkspace: Bool
    var dockerForwardEnv: [String]
    var dockerVolumes: [String]
    var containerCPU: Int               // 0 = unlimited
    var containerMemory: Int            // MB, 0 = unlimited
    var containerDisk: Int              // MB, 0 = unlimited
    var containerPersistent: Bool
    var modalImage: String
    var modalMode: String               // "auto" | other
    var daytonaImage: String
    var singularityImage: String
    nonisolated static let empty = TerminalSettings(
        cwd: ".",
        timeout: 180,
        envPassthrough: [],
        persistentShell: true,
        dockerImage: "",
        dockerMountCwdToWorkspace: false,
        dockerForwardEnv: [],
        dockerVolumes: [],
        containerCPU: 0,
        containerMemory: 0,
        containerDisk: 0,
        containerPersistent: false,
        modalImage: "",
        modalMode: "auto",
        daytonaImage: "",
        singularityImage: ""
    )
 }
 /// Browser automation tuning (`browser.*`).
 struct BrowserSettings: Sendable, Equatable {
    var inactivityTimeout: Int
    var commandTimeout: Int
    var recordSessions: Bool
    var allowPrivateURLs: Bool
    var camofoxManagedPersistence: Bool
    nonisolated static let empty = BrowserSettings(
        inactivityTimeout: 120,
        commandTimeout: 30,
        recordSessions: false,
        allowPrivateURLs: false,
        camofoxManagedPersistence: false
    )
 }
 /// Voice push-to-talk plus TTS/STT provider settings.
 struct VoiceSettings: Sendable, Equatable {
    var recordKey: String
    var maxRecordingSeconds: Int
    var silenceDuration: Double
    // TTS
    var ttsProvider: String
    var ttsEdgeVoice: String
    var ttsElevenLabsVoiceID: String
    var ttsElevenLabsModelID: String
    var ttsOpenAIModel: String
    var ttsOpenAIVoice: String
    var ttsNeuTTSModel: String
    var ttsNeuTTSDevice: String
    // STT
    var sttEnabled: Bool
    var sttProvider: String
    var sttLocalModel: String
    var sttLocalLanguage: String
    var sttOpenAIModel: String
    var sttMistralModel: String
    nonisolated static let empty = VoiceSettings(
        recordKey: "ctrl+b",
        maxRecordingSeconds: 120,
        silenceDuration: 3.0,
        ttsProvider: "edge",
        ttsEdgeVoice: "en-US-AriaNeural",
        ttsElevenLabsVoiceID: "",
        ttsElevenLabsModelID: "eleven_multilingual_v2",
        ttsOpenAIModel: "gpt-4o-mini-tts",
        ttsOpenAIVoice: "alloy",
        ttsNeuTTSModel: "neuphonic/neutts-air-q4-gguf",
        ttsNeuTTSDevice: "cpu",
        sttEnabled: true,
        sttProvider: "local",
        sttLocalModel: "base",
        sttLocalLanguage: "",
        sttOpenAIModel: "whisper-1",
        sttMistralModel: "voxtral-mini-latest"
    )
 }
 /// Eight sub-models that share the same provider/model/base_url/api_key/timeout shape.
 struct AuxiliarySettings: Sendable, Equatable {
    var vision: AuxiliaryModel
    var webExtract: AuxiliaryModel
    var compression: AuxiliaryModel
    var sessionSearch: AuxiliaryModel
    var skillsHub: AuxiliaryModel
    var approval: AuxiliaryModel
    var mcp: AuxiliaryModel
    var flushMemories: AuxiliaryModel
    nonisolated static let empty = AuxiliarySettings(
        vision: .empty,
        webExtract: .empty,
        compression: .empty,
        sessionSearch: .empty,
        skillsHub: .empty,
        approval: .empty,
        mcp: .empty,
        flushMemories: .empty
    )
 }
 /// Security/redaction/firewall config. Website blocklist is nested in YAML.
 struct SecuritySettings: Sendable, Equatable {
    var redactSecrets: Bool
    var redactPII: Bool                 // from privacy.redact_pii
    var tirithEnabled: Bool
    var tirithPath: String
    var tirithTimeout: Int
    var tirithFailOpen: Bool
    var blocklistEnabled: Bool
    var blocklistDomains: [String]
    nonisolated static let empty = SecuritySettings(
        redactSecrets: true,
        redactPII: false,
        tirithEnabled: true,
        tirithPath: "tirith",
        tirithTimeout: 5,
        tirithFailOpen: true,
        blocklistEnabled: false,
        blocklistDomains: []
    )
 }
 /// Human-delay simulates realistic typing pace (`human_delay.*`).
 struct HumanDelaySettings: Sendable, Equatable {
    var mode: String                    // "off" | "natural" | "custom"
    var minMS: Int
    var maxMS: Int
    nonisolated static let empty = HumanDelaySettings(mode: "off", minMS: 800, maxMS: 2500)
 }
 /// Compression / context routing.
 struct CompressionSettings: Sendable, Equatable {
    var enabled: Bool
    var threshold: Double
    var targetRatio: Double
    var protectLastN: Int
    nonisolated static let empty = CompressionSettings(enabled: true, threshold: 0.5, targetRatio: 0.2, protectLastN: 20)
 }
 struct CheckpointSettings: Sendable, Equatable {
    var enabled: Bool
    var maxSnapshots: Int
    nonisolated static let empty = CheckpointSettings(enabled: true, maxSnapshots: 50)
 }
 struct LoggingSettings: Sendable, Equatable {
    var level: String                   // DEBUG | INFO | WARNING | ERROR
    var maxSizeMB: Int
    var backupCount: Int
    nonisolated static let empty = LoggingSettings(level: "INFO", maxSizeMB: 5, backupCount: 3)
 }
 struct DelegationSettings: Sendable, Equatable {
    var model: String
    var provider: String
    var baseURL: String
    var apiKey: String
    var maxIterations: Int
    nonisolated static let empty = DelegationSettings(model: "", provider: "", baseURL: "", apiKey: "", maxIterations: 50)
 }
 /// Discord-specific platform settings (`discord.*`). Other platforms currently have thinner schemas.
 struct DiscordSettings: Sendable, Equatable {
    var requireMention: Bool
    var freeResponseChannels: String
    var autoThread: Bool
    var reactions: Bool
    nonisolated static let empty = DiscordSettings(requireMention: true, freeResponseChannels: "", autoThread: true, reactions: true)
 }
 /// Telegram settings under `telegram.*` in config.yaml. Most Telegram tuning is
 /// done via environment variables (`TELEGRAM_*`) — this is the subset that lives
 /// in the YAML.
 struct TelegramSettings: Sendable, Equatable {
    var requireMention: Bool
    var reactions: Bool
    nonisolated static let empty = TelegramSettings(requireMention: true, reactions: false)
 }
 /// Slack settings under `platforms.slack.*` (and a couple of top-level keys).
 struct SlackSettings: Sendable, Equatable {
    var replyToMode: String         // "off" | "first" | "all"
    var requireMention: Bool
    var replyInThread: Bool
    var replyBroadcast: Bool
    nonisolated static let empty = SlackSettings(replyToMode: "first", requireMention: true, replyInThread: true, replyBroadcast: false)
 }
 /// Matrix settings under `matrix.*`.
 struct MatrixSettings: Sendable, Equatable {
    var requireMention: Bool
    var autoThread: Bool
    var dmMentionThreads: Bool
    nonisolated static let empty = MatrixSettings(requireMention: true, autoThread: true, dmMentionThreads: false)
 }
 /// Mattermost settings. Mattermost is mostly driven by env vars; config.yaml
 /// currently just exposes `group_sessions_per_user` at the top level, but we
 /// reserve this struct for future expansion so the form has a stable type.
 struct MattermostSettings: Sendable, Equatable {
    var requireMention: Bool
    var replyMode: String           // "thread" | "off"
    nonisolated static let empty = MattermostSettings(requireMention: true, replyMode: "off")
 }
 /// WhatsApp settings under `whatsapp.*`.
 struct WhatsAppSettings: Sendable, Equatable {
    var unauthorizedDMBehavior: String  // "pair" | "ignore"
    var replyPrefix: String
    nonisolated static let empty = WhatsAppSettings(unauthorizedDMBehavior: "pair", replyPrefix: "")
 }
 /// Home Assistant filters under `platforms.homeassistant.extra`. Hermes ignores
 /// every state change by default; users must opt-in via at least one filter.
 struct HomeAssistantSettings: Sendable, Equatable {
    var watchDomains: [String]
    var watchEntities: [String]
    var watchAll: Bool
    var ignoreEntities: [String]
    var cooldownSeconds: Int
    nonisolated static let empty = HomeAssistantSettings(watchDomains: [], watchEntities: [], watchAll: false, ignoreEntities: [], cooldownSeconds: 30)
 }
 // MARK: - Root Config
 struct HermesConfig: Sendable {
    // Original fields — preserved for zero breakage with existing call sites.
    var model: String
    var provider: String
    var maxTurns: Int
@@ -30,7 +328,38 @@ struct HermesConfig: Sendable {
    var interimAssistantMessages: Bool
    var honchoInitOnSessionStart: Bool
-    static let empty = HermesConfig(
+    // Phase 1 additions
    var timezone: String
    var userProfileEnabled: Bool
    var toolUseEnforcement: String      // "auto" | "true" | "false" | comma list
    var gatewayTimeout: Int
    var approvalTimeout: Int
    var fileReadMaxChars: Int
    var cronWrapResponse: Bool
    var prefillMessagesFile: String
    var skillsExternalDirs: [String]
    // Grouped blocks
    var display: DisplaySettings
    var terminal: TerminalSettings
    var browser: BrowserSettings
    var voice: VoiceSettings
    var auxiliary: AuxiliarySettings
    var security: SecuritySettings
    var humanDelay: HumanDelaySettings
    var compression: CompressionSettings
    var checkpoints: CheckpointSettings
    var logging: LoggingSettings
    var delegation: DelegationSettings
    var discord: DiscordSettings
    var telegram: TelegramSettings
    var slack: SlackSettings
    var matrix: MatrixSettings
    var mattermost: MattermostSettings
    var whatsapp: WhatsAppSettings
    var homeAssistant: HomeAssistantSettings
    nonisolated static let empty = HermesConfig(
        model: "unknown",
        provider: "unknown",
        maxTurns: 0,
@@ -58,17 +387,47 @@ struct HermesConfig: Sendable {
        forceIPv4: false,
        contextEngine: "compressor",
        interimAssistantMessages: true,
-        honchoInitOnSessionStart: false
+        honchoInitOnSessionStart: false,
        timezone: "",
        userProfileEnabled: true,
        toolUseEnforcement: "auto",
        gatewayTimeout: 1800,
        approvalTimeout: 60,
        fileReadMaxChars: 100_000,
        cronWrapResponse: true,
        prefillMessagesFile: "",
        skillsExternalDirs: [],
        display: .empty,
        terminal: .empty,
        browser: .empty,
        voice: .empty,
        auxiliary: .empty,
        security: .empty,
        humanDelay: .empty,
        compression: .empty,
        checkpoints: .empty,
        logging: .empty,
        delegation: .empty,
        discord: .empty,
        telegram: .empty,
        slack: .empty,
        matrix: .empty,
        mattermost: .empty,
        whatsapp: .empty,
        homeAssistant: .empty
    )
 }
 // Hand-written `init(from:)` so Swift 6 doesn't synthesize a
 // MainActor-isolated Decodable conformance (which would fail to be used from
 // `HermesFileService.loadGatewayState()`, a nonisolated method).
 struct GatewayState: Sendable, Codable {
-    let pid: Int?
+    nonisolated let pid: Int?
-    let kind: String?
+    nonisolated let kind: String?
-    let gatewayState: String?
+    nonisolated let gatewayState: String?
-    let exitReason: String?
+    nonisolated let exitReason: String?
-    let platforms: [String: PlatformState]?
+    nonisolated let platforms: [String: PlatformState]?
-    let updatedAt: String?
+    nonisolated let updatedAt: String?
    enum CodingKeys: String, CodingKey {
        case pid, kind
@@ -78,16 +437,50 @@ struct GatewayState: Sendable, Codable {
        case updatedAt = "updated_at"
    }
-    var isRunning: Bool {
+    nonisolated init(from decoder: any Decoder) throws {
        let c = try decoder.container(keyedBy: CodingKeys.self)
        self.pid          = try c.decodeIfPresent(Int.self, forKey: .pid)
        self.kind         = try c.decodeIfPresent(String.self, forKey: .kind)
        self.gatewayState = try c.decodeIfPresent(String.self, forKey: .gatewayState)
        self.exitReason   = try c.decodeIfPresent(String.self, forKey: .exitReason)
        self.platforms    = try c.decodeIfPresent([String: PlatformState].self, forKey: .platforms)
        self.updatedAt    = try c.decodeIfPresent(String.self, forKey: .updatedAt)
    }
    nonisolated func encode(to encoder: any Encoder) throws {
        var c = encoder.container(keyedBy: CodingKeys.self)
        try c.encodeIfPresent(pid, forKey: .pid)
        try c.encodeIfPresent(kind, forKey: .kind)
        try c.encodeIfPresent(gatewayState, forKey: .gatewayState)
        try c.encodeIfPresent(exitReason, forKey: .exitReason)
        try c.encodeIfPresent(platforms, forKey: .platforms)
        try c.encodeIfPresent(updatedAt, forKey: .updatedAt)
    }
    nonisolated var isRunning: Bool {
        gatewayState == "running"
    }
-    var statusText: String {
+    nonisolated var statusText: String {
        gatewayState ?? "unknown"
    }
 }
 struct PlatformState: Sendable, Codable {
-    let connected: Bool?
+    nonisolated let connected: Bool?
-    let error: String?
+    nonisolated let error: String?
    enum CodingKeys: String, CodingKey { case connected, error }
    nonisolated init(from decoder: any Decoder) throws {
        let c = try decoder.container(keyedBy: CodingKeys.self)
        self.connected = try c.decodeIfPresent(Bool.self, forKey: .connected)
        self.error     = try c.decodeIfPresent(String.self, forKey: .error)
    }
    nonisolated func encode(to encoder: any Encoder) throws {
        var c = encoder.container(keyedBy: CodingKeys.self)
        try c.encodeIfPresent(connected, forKey: .connected)
        try c.encodeIfPresent(error, forKey: .error)
    }
 }
@@ -1,28 +1,70 @@
 import Foundation
 import SQLite3
 /// Deprecated module-level path statics. Preserved as thin forwarders to
 /// `ServerContext.local.paths` so existing call sites continue to compile
 /// while Phase 1 migrates them to a per-server `ServerContext`.
 ///
 /// New code should accept a `ServerContext` and read `context.paths.<field>`.
 enum HermesPaths: Sendable {
-    private nonisolated static let userHome: String = ProcessInfo.processInfo.environment["HOME"]
+    @available(*, deprecated, message: "use ServerContext.paths.home")
-        ?? NSHomeDirectory()
+    nonisolated static var home: String { ServerContext.local.paths.home }
-    nonisolated static let home: String = userHome + "/.hermes"
+    @available(*, deprecated, message: "use ServerContext.paths.stateDB")
-    nonisolated static let stateDB: String = home + "/state.db"
+    nonisolated static var stateDB: String { ServerContext.local.paths.stateDB }
-    nonisolated static let configYAML: String = home + "/config.yaml"
+
-    nonisolated static let memoriesDir: String = home + "/memories"
+    @available(*, deprecated, message: "use ServerContext.paths.configYAML")
-    nonisolated static let memoryMD: String = memoriesDir + "/MEMORY.md"
+    nonisolated static var configYAML: String { ServerContext.local.paths.configYAML }
-    nonisolated static let userMD: String = memoriesDir + "/USER.md"
+
-    nonisolated static let sessionsDir: String = home + "/sessions"
+    @available(*, deprecated, message: "use ServerContext.paths.memoriesDir")
-    nonisolated static let cronJobsJSON: String = home + "/cron/jobs.json"
+    nonisolated static var memoriesDir: String { ServerContext.local.paths.memoriesDir }
-    nonisolated static let cronOutputDir: String = home + "/cron/output"
+
-    nonisolated static let gatewayStateJSON: String = home + "/gateway_state.json"
+    @available(*, deprecated, message: "use ServerContext.paths.memoryMD")
-    nonisolated static let skillsDir: String = home + "/skills"
+    nonisolated static var memoryMD: String { ServerContext.local.paths.memoryMD }
-    nonisolated static let errorsLog: String = home + "/logs/errors.log"
+
-    nonisolated static let agentLog: String = home + "/logs/agent.log"
+    @available(*, deprecated, message: "use ServerContext.paths.userMD")
-    nonisolated static let gatewayLog: String = home + "/logs/gateway.log"
+    nonisolated static var userMD: String { ServerContext.local.paths.userMD }
-    nonisolated static let hermesBinary: String = userHome + "/.local/bin/hermes"
+
-    nonisolated static let scarfDir: String = home + "/scarf"
+    @available(*, deprecated, message: "use ServerContext.paths.sessionsDir")
-    nonisolated static let projectsRegistry: String = scarfDir + "/projects.json"
+    nonisolated static var sessionsDir: String { ServerContext.local.paths.sessionsDir }
-    nonisolated static let mcpTokensDir: String = home + "/mcp-tokens"
+
    @available(*, deprecated, message: "use ServerContext.paths.cronJobsJSON")
    nonisolated static var cronJobsJSON: String { ServerContext.local.paths.cronJobsJSON }
    @available(*, deprecated, message: "use ServerContext.paths.cronOutputDir")
    nonisolated static var cronOutputDir: String { ServerContext.local.paths.cronOutputDir }
    @available(*, deprecated, message: "use ServerContext.paths.gatewayStateJSON")
    nonisolated static var gatewayStateJSON: String { ServerContext.local.paths.gatewayStateJSON }
    @available(*, deprecated, message: "use ServerContext.paths.skillsDir")
    nonisolated static var skillsDir: String { ServerContext.local.paths.skillsDir }
    @available(*, deprecated, message: "use ServerContext.paths.errorsLog")
    nonisolated static var errorsLog: String { ServerContext.local.paths.errorsLog }
    @available(*, deprecated, message: "use ServerContext.paths.agentLog")
    nonisolated static var agentLog: String { ServerContext.local.paths.agentLog }
    @available(*, deprecated, message: "use ServerContext.paths.gatewayLog")
    nonisolated static var gatewayLog: String { ServerContext.local.paths.gatewayLog }
    @available(*, deprecated, message: "use ServerContext.paths.scarfDir")
    nonisolated static var scarfDir: String { ServerContext.local.paths.scarfDir }
    @available(*, deprecated, message: "use ServerContext.paths.projectsRegistry")
    nonisolated static var projectsRegistry: String { ServerContext.local.paths.projectsRegistry }
    @available(*, deprecated, message: "use ServerContext.paths.mcpTokensDir")
    nonisolated static var mcpTokensDir: String { ServerContext.local.paths.mcpTokensDir }
    @available(*, deprecated, message: "use HermesPathSet.hermesBinaryCandidates")
    nonisolated static var hermesBinaryCandidates: [String] {
        HermesPathSet.hermesBinaryCandidates
    }
    @available(*, deprecated, message: "use ServerContext.paths.hermesBinary")
    nonisolated static var hermesBinary: String { ServerContext.local.paths.hermesBinary }
 }
 // MARK: - SQLite Constants
@@ -1,24 +1,24 @@
 import Foundation
 struct HermesCronJob: Identifiable, Sendable, Codable {
-    let id: String
+    nonisolated let id: String
-    let name: String
+    nonisolated let name: String
-    let prompt: String
+    nonisolated let prompt: String
-    let skills: [String]?
+    nonisolated let skills: [String]?
-    let model: String?
+    nonisolated let model: String?
-    let schedule: CronSchedule
+    nonisolated let schedule: CronSchedule
-    let enabled: Bool
+    nonisolated let enabled: Bool
-    let state: String
+    nonisolated let state: String
-    let deliver: String?
+    nonisolated let deliver: String?
-    let nextRunAt: String?
+    nonisolated let nextRunAt: String?
-    let lastRunAt: String?
+    nonisolated let lastRunAt: String?
-    let lastError: String?
+    nonisolated let lastError: String?
-    let preRunScript: String?
+    nonisolated let preRunScript: String?
-    let deliveryFailures: Int?
+    nonisolated let deliveryFailures: Int?
-    let lastDeliveryError: String?
+    nonisolated let lastDeliveryError: String?
-    let timeoutType: String?
+    nonisolated let timeoutType: String?
-    let timeoutSeconds: Int?
+    nonisolated let timeoutSeconds: Int?
-    let silent: Bool?
+    nonisolated let silent: Bool?
    enum CodingKeys: String, CodingKey {
        case id, name, prompt, skills, model, schedule, enabled, state, deliver, silent
@@ -32,7 +32,51 @@ struct HermesCronJob: Identifiable, Sendable, Codable {
        case timeoutSeconds = "timeout_seconds"
    }
-    var stateIcon: String {
+    nonisolated init(from decoder: any Decoder) throws {
        let c = try decoder.container(keyedBy: CodingKeys.self)
        self.id                = try c.decode(String.self, forKey: .id)
        self.name              = try c.decode(String.self, forKey: .name)
        self.prompt            = try c.decode(String.self, forKey: .prompt)
        self.skills            = try c.decodeIfPresent([String].self, forKey: .skills)
        self.model             = try c.decodeIfPresent(String.self, forKey: .model)
        self.schedule          = try c.decode(CronSchedule.self, forKey: .schedule)
        self.enabled           = try c.decode(Bool.self, forKey: .enabled)
        self.state             = try c.decode(String.self, forKey: .state)
        self.deliver           = try c.decodeIfPresent(String.self, forKey: .deliver)
        self.nextRunAt         = try c.decodeIfPresent(String.self, forKey: .nextRunAt)
        self.lastRunAt         = try c.decodeIfPresent(String.self, forKey: .lastRunAt)
        self.lastError         = try c.decodeIfPresent(String.self, forKey: .lastError)
        self.preRunScript      = try c.decodeIfPresent(String.self, forKey: .preRunScript)
        self.deliveryFailures  = try c.decodeIfPresent(Int.self, forKey: .deliveryFailures)
        self.lastDeliveryError = try c.decodeIfPresent(String.self, forKey: .lastDeliveryError)
        self.timeoutType       = try c.decodeIfPresent(String.self, forKey: .timeoutType)
        self.timeoutSeconds    = try c.decodeIfPresent(Int.self, forKey: .timeoutSeconds)
        self.silent            = try c.decodeIfPresent(Bool.self, forKey: .silent)
    }
    nonisolated func encode(to encoder: any Encoder) throws {
        var c = encoder.container(keyedBy: CodingKeys.self)
        try c.encode(id, forKey: .id)
        try c.encode(name, forKey: .name)
        try c.encode(prompt, forKey: .prompt)
        try c.encodeIfPresent(skills, forKey: .skills)
        try c.encodeIfPresent(model, forKey: .model)
        try c.encode(schedule, forKey: .schedule)
        try c.encode(enabled, forKey: .enabled)
        try c.encode(state, forKey: .state)
        try c.encodeIfPresent(deliver, forKey: .deliver)
        try c.encodeIfPresent(nextRunAt, forKey: .nextRunAt)
        try c.encodeIfPresent(lastRunAt, forKey: .lastRunAt)
        try c.encodeIfPresent(lastError, forKey: .lastError)
        try c.encodeIfPresent(preRunScript, forKey: .preRunScript)
        try c.encodeIfPresent(deliveryFailures, forKey: .deliveryFailures)
        try c.encodeIfPresent(lastDeliveryError, forKey: .lastDeliveryError)
        try c.encodeIfPresent(timeoutType, forKey: .timeoutType)
        try c.encodeIfPresent(timeoutSeconds, forKey: .timeoutSeconds)
        try c.encodeIfPresent(silent, forKey: .silent)
    }
    nonisolated var stateIcon: String {
        switch state {
        case "scheduled": return "clock"
        case "running": return "play.circle"
@@ -42,7 +86,7 @@ struct HermesCronJob: Identifiable, Sendable, Codable {
        }
    }
-    var deliveryDisplay: String? {
+    nonisolated var deliveryDisplay: String? {
        guard let deliver, !deliver.isEmpty else { return nil }
        // v0.9.0 extends Discord routing to threads: `discord:<chat>:<thread>`.
        if deliver.hasPrefix("discord:") {
@@ -59,10 +103,10 @@ struct HermesCronJob: Identifiable, Sendable, Codable {
 }
 struct CronSchedule: Sendable, Codable {
-    let kind: String
+    nonisolated let kind: String
-    let runAt: String?
+    nonisolated let runAt: String?
-    let display: String?
+    nonisolated let display: String?
-    let expression: String?
+    nonisolated let expression: String?
    enum CodingKeys: String, CodingKey {
        case kind
@@ -70,14 +114,45 @@ struct CronSchedule: Sendable, Codable {
        case display
        case expression
    }
    nonisolated init(from decoder: any Decoder) throws {
        let c = try decoder.container(keyedBy: CodingKeys.self)
        self.kind       = try c.decode(String.self, forKey: .kind)
        self.runAt      = try c.decodeIfPresent(String.self, forKey: .runAt)
        self.display    = try c.decodeIfPresent(String.self, forKey: .display)
        self.expression = try c.decodeIfPresent(String.self, forKey: .expression)
    }
    nonisolated func encode(to encoder: any Encoder) throws {
        var c = encoder.container(keyedBy: CodingKeys.self)
        try c.encode(kind, forKey: .kind)
        try c.encodeIfPresent(runAt, forKey: .runAt)
        try c.encodeIfPresent(display, forKey: .display)
        try c.encodeIfPresent(expression, forKey: .expression)
    }
 }
 // Hand-written `init(from:)` / `encode(to:)` so Swift 6 doesn't synthesize a
 // MainActor-isolated Codable conformance — `HermesFileService.loadCronJobs`
 // is nonisolated and needs to decode this from a background task.
 struct CronJobsFile: Sendable, Codable {
-    let jobs: [HermesCronJob]
+    nonisolated let jobs: [HermesCronJob]
-    let updatedAt: String?
+    nonisolated let updatedAt: String?
    enum CodingKeys: String, CodingKey {
        case jobs
        case updatedAt = "updated_at"
    }
    nonisolated init(from decoder: any Decoder) throws {
        let c = try decoder.container(keyedBy: CodingKeys.self)
        self.jobs      = try c.decode([HermesCronJob].self, forKey: .jobs)
        self.updatedAt = try c.decodeIfPresent(String.self, forKey: .updatedAt)
    }
    nonisolated func encode(to encoder: any Encoder) throws {
        var c = encoder.container(keyedBy: CodingKeys.self)
        try c.encode(jobs, forKey: .jobs)
        try c.encodeIfPresent(updatedAt, forKey: .updatedAt)
    }
 }
@@ -6,7 +6,7 @@ enum MCPTransport: String, Sendable, Equatable, CaseIterable, Identifiable {
    var id: String { rawValue }
-    var displayName: String {
+    var displayName: LocalizedStringResource {
        switch self {
        case .stdio: return "Local (stdio)"
        case .http: return "Remote (HTTP)"
@@ -99,6 +99,17 @@ enum ToolKind: String, Sendable, CaseIterable {
    case browser
    case other
    var displayName: LocalizedStringResource {
        switch self {
        case .read: return "Read"
        case .edit: return "Edit"
        case .execute: return "Execute"
        case .fetch: return "Fetch"
        case .browser: return "Browser"
        case .other: return "Other"
        }
    }
    var icon: String {
        switch self {
        case .read: return "doc.text.magnifyingglass"
@@ -0,0 +1,92 @@
 import Foundation
 /// The filesystem layout of a Hermes installation, parameterized by the
 /// `home` directory. The same layout is used for local installations (where
 /// `home` is an absolute macOS path like `/Users/alan/.hermes`) and for
 /// remote installations reached over SSH (where `home` is a remote path like
 /// `/home/deploy/.hermes` or an unexpanded `~/.hermes` that the remote shell
 /// will resolve).
 ///
 /// Every path that used to live as a module-level static on `HermesPaths` is
 /// an instance property here. `ServerContext.paths` is the canonical way to
 /// reach these values; the old `HermesPaths` statics are preserved as
 /// deprecated forwarders so Phase 1 can migrate call sites incrementally.
 struct HermesPathSet: Sendable, Hashable {
    let home: String
    /// `true` when this path set belongs to a remote installation. Affects
    /// only `hermesBinary` resolution — every other path is identical in
    /// shape between local and remote.
    let isRemote: Bool
    /// Pre-resolved remote binary path (e.g. `/home/deploy/.local/bin/hermes`).
    /// Populated by `SSHTransport` once `command -v hermes` has run on the
    /// target host. Unused when `isRemote == false`.
    let binaryHint: String?
    // MARK: - Defaults
    /// Absolute path to the local user's `~/.hermes` directory.
    nonisolated static let defaultLocalHome: String = {
        let user = ProcessInfo.processInfo.environment["HOME"] ?? NSHomeDirectory()
        return user + "/.hermes"
    }()
    /// Default remote home when the user doesn't override it in `SSHConfig`.
    /// We leave `~` unexpanded on purpose — the remote shell resolves it.
    nonisolated static let defaultRemoteHome: String = "~/.hermes"
    // MARK: - Paths (mirror of the old HermesPaths layout)
    nonisolated var stateDB: String { home + "/state.db" }
    nonisolated var configYAML: String { home + "/config.yaml" }
    nonisolated var envFile: String { home + "/.env" }
    nonisolated var authJSON: String { home + "/auth.json" }
    nonisolated var soulMD: String { home + "/SOUL.md" }
    nonisolated var pluginsDir: String { home + "/plugins" }
    nonisolated var memoriesDir: String { home + "/memories" }
    nonisolated var memoryMD: String { memoriesDir + "/MEMORY.md" }
    nonisolated var userMD: String { memoriesDir + "/USER.md" }
    nonisolated var sessionsDir: String { home + "/sessions" }
    nonisolated var cronJobsJSON: String { home + "/cron/jobs.json" }
    nonisolated var cronOutputDir: String { home + "/cron/output" }
    nonisolated var gatewayStateJSON: String { home + "/gateway_state.json" }
    nonisolated var skillsDir: String { home + "/skills" }
    nonisolated var errorsLog: String { home + "/logs/errors.log" }
    nonisolated var agentLog: String { home + "/logs/agent.log" }
    nonisolated var gatewayLog: String { home + "/logs/gateway.log" }
    nonisolated var scarfDir: String { home + "/scarf" }
    nonisolated var projectsRegistry: String { scarfDir + "/projects.json" }
    nonisolated var mcpTokensDir: String { home + "/mcp-tokens" }
    // MARK: - Binary resolution
    /// Install locations we probe for the local `hermes` binary, in priority
    /// order. Checked on every access so a user installing via a different
    /// method doesn't need to relaunch Scarf.
    nonisolated static let hermesBinaryCandidates: [String] = {
        let user = ProcessInfo.processInfo.environment["HOME"] ?? NSHomeDirectory()
        return [
            user + "/.local/bin/hermes",   // pipx / pip --user (default)
            "/opt/homebrew/bin/hermes",    // Homebrew on Apple Silicon
            "/usr/local/bin/hermes",       // Homebrew on Intel / manual install
            user + "/.hermes/bin/hermes"   // Some self-install layouts
        ]
    }()
    /// Resolved path to the `hermes` executable for this installation.
    ///
    /// Local: returns the first executable candidate, falling back to the
    /// pipx default so error messages still make sense on a fresh machine.
    ///
    /// Remote: returns `binaryHint` (populated at connect time) or bare
    /// `"hermes"` as a last-resort default that relies on the remote `$PATH`.
    nonisolated var hermesBinary: String {
        if isRemote {
            return binaryHint ?? "hermes"
        }
        for path in Self.hermesBinaryCandidates
        where FileManager.default.isExecutableFile(atPath: path) {
            return path
        }
        return Self.hermesBinaryCandidates[0]
    }
 }
@@ -0,0 +1,17 @@
 import Foundation
 /// A slash command available in chat. Sourced either from the ACP server
 /// (`available_commands_update`) or from user-defined `quick_commands` in
 /// `config.yaml`.
 struct HermesSlashCommand: Identifiable, Sendable, Equatable {
    enum Source: Sendable, Equatable {
        case acp
        case quickCommand
    }
    var id: String { name }
    let name: String
    let description: String
    let argumentHint: String?
    let source: Source
 }
@@ -86,8 +86,8 @@ enum WidgetValue: Codable, Sendable, Hashable {
        case .string(let s): return s
        case .number(let n):
            return n.truncatingRemainder(dividingBy: 1) == 0
-                ? String(Int(n))
+                ? Int(n).formatted(.number)
-                : String(format: "%.1f", n)
+                : n.formatted(.number.precision(.fractionLength(1)))
        }
    }
@@ -0,0 +1,335 @@
 import Foundation
 // MARK: - Manifest (what lives inside the .scarftemplate zip)
 /// On-disk manifest for a Scarf project template. Shipped as `template.json`
 /// at the root of a `.scarftemplate` (zip) bundle.
 ///
 /// The `contents` block is a claim the author makes about what the bundle
 /// ships; the installer verifies the claim against the actual unpacked files
 /// before showing the preview sheet so a malicious bundle can't hide extra
 /// files from the user.
 struct ProjectTemplateManifest: Codable, Sendable, Equatable {
    let schemaVersion: Int
    let id: String
    let name: String
    let version: String
    let minScarfVersion: String?
    let minHermesVersion: String?
    let author: TemplateAuthor?
    let description: String
    let category: String?
    let tags: [String]?
    let icon: String?
    let screenshots: [String]?
    let contents: TemplateContents
    /// Optional configuration schema (added in manifest schemaVersion 2).
    /// When present, the installer presents a form during install and
    /// writes values to `<project>/.scarf/config.json` + the Keychain.
    /// Schema-v1 manifests omit this field entirely — Codable's
    /// optional-field decoding keeps them working unchanged.
    let config: TemplateConfigSchema?
    /// Filesystem-safe slug derived from `id` (`"owner/name"` → `"owner-name"`).
    /// Used for the install directory name, skills namespace, and cron-job tag.
    nonisolated var slug: String {
        let ascii = id.unicodeScalars.map { scalar -> Character in
            let c = Character(scalar)
            if c.isLetter || c.isNumber || c == "-" || c == "_" { return c }
            return "-"
        }
        let collapsed = String(ascii)
            .split(separator: "-", omittingEmptySubsequences: true)
            .joined(separator: "-")
        return collapsed.isEmpty ? "template" : collapsed
    }
 }
 struct TemplateAuthor: Codable, Sendable, Equatable {
    let name: String
    let url: String?
 }
 struct TemplateContents: Codable, Sendable, Equatable {
    let dashboard: Bool
    let agentsMd: Bool
    let instructions: [String]?
    let skills: [String]?
    let cron: Int?
    let memory: TemplateMemoryClaim?
    /// Number of configuration fields the template ships (schemaVersion 2+).
    /// Cross-checked against `manifest.config?.fields.count` by the
    /// validator so a bundle can't hide a schema from the preview.
    /// `nil` or `0` means schema-less (v1-compatible behaviour).
    let config: Int?
 }
 struct TemplateMemoryClaim: Codable, Sendable, Equatable {
    let append: Bool
 }
 // MARK: - Inspection (what we learn by unpacking the zip)
 /// Result of unpacking a `.scarftemplate` into a temp directory and validating
 /// it. Callers hand this to `buildInstallPlan` to produce the concrete
 /// filesystem plan.
 struct TemplateInspection: Sendable {
    let manifest: ProjectTemplateManifest
    /// Absolute path to the temp directory holding the unpacked bundle. The
    /// installer reads files from here; the caller is responsible for
    /// cleaning it up after install (or cancel).
    let unpackedDir: String
    /// Every file found in the unpacked dir, as paths relative to
    /// `unpackedDir`. Verified against the manifest's `contents` claim.
    let files: [String]
    /// Parsed cron jobs (may be empty even if the manifest claims some —
    /// verification catches that mismatch).
    let cronJobs: [TemplateCronJobSpec]
 }
 /// The subset of a Hermes cron job that a template can ship. Only the fields
 /// the `hermes cron create` CLI accepts are included; runtime state
 /// (`enabled`, `state`, `next_run_at`, …) is deliberately omitted so a
 /// template can't arrive already-running.
 struct TemplateCronJobSpec: Codable, Sendable, Equatable {
    let name: String
    let schedule: String
    let prompt: String?
    let deliver: String?
    let skills: [String]?
    let repeatCount: Int?
    enum CodingKeys: String, CodingKey {
        case name, schedule, prompt, deliver, skills
        case repeatCount = "repeat"
    }
 }
 // MARK: - Install Plan (the preview sheet reads this)
 /// Concrete, reviewed-before-apply filesystem operations the installer will
 /// perform. Every side effect the installer can cause is represented here so
 /// the preview sheet is an honest accounting of what's about to happen.
 struct TemplateInstallPlan: Sendable {
    let manifest: ProjectTemplateManifest
    let unpackedDir: String
    /// Absolute path of the new project directory. Installer refuses if this
    /// already exists.
    let projectDir: String
    /// Files that will be created under `projectDir`, keyed by relative path.
    let projectFiles: [TemplateFileCopy]
    /// Absolute path of the skills namespace dir
    /// (`~/.hermes/skills/templates/<slug>/`). Created if skills are present.
    let skillsNamespaceDir: String?
    /// Files that will be created under the skills namespace dir.
    let skillsFiles: [TemplateFileCopy]
    /// Cron job definitions to register via `hermes cron create`. Each job's
    /// name is already prefixed with the template tag. All will be paused
    /// immediately after creation.
    let cronJobs: [TemplateCronJobSpec]
    /// Memory appendix text (already wrapped in begin/end markers). `nil`
    /// means no memory write happens.
    let memoryAppendix: String?
    /// Target memory path (`~/.hermes/memories/MEMORY.md`). Only used when
    /// `memoryAppendix` is non-nil.
    let memoryPath: String
    /// `ProjectEntry.name` that will be appended to the projects registry.
    let projectRegistryName: String
    /// Configuration schema declared by the template (manifest schemaVersion 2).
    /// `nil` means the template is schema-less — the installer skips the
    /// config sheet and writes no `.scarf/config.json` or manifest cache.
    let configSchema: TemplateConfigSchema?
    /// Values the user entered in the configure sheet. Populated by the
    /// VM just before `install()` runs; empty when `configSchema` is nil.
    /// Secrets appear here as `.keychainRef(...)` — the bytes themselves
    /// were routed straight from the form field into the Keychain and
    /// never held in memory past that point.
    var configValues: [String: TemplateConfigValue]
    /// Path at which the installer will stash a copy of `template.json`
    /// so the post-install Configuration editor can render the form
    /// offline. `nil` when `configSchema` is nil.
    let manifestCachePath: String?
    /// Convenience: total number of writes (files + cron jobs + optional
    /// memory append + registry append + optional config.json + one
    /// entry per secret written to the Keychain). Displayed in the
    /// preview sheet.
    nonisolated var totalWriteCount: Int {
        let configFileCount = (configSchema?.isEmpty ?? true) ? 0 : 1
        let secretCount = configValues.values.filter {
            if case .keychainRef = $0 { return true } else { return false }
        }.count
        return projectFiles.count
            + skillsFiles.count
            + cronJobs.count
            + (memoryAppendix == nil ? 0 : 1)
            + 1  // registry entry
            + configFileCount
            + secretCount
    }
 }
 /// A single file to copy from the unpacked bundle into a target directory.
 struct TemplateFileCopy: Sendable, Equatable {
    /// Path inside `unpackedDir`, e.g. `"AGENTS.md"` or
    /// `"skills/timer/SKILL.md"`.
    let sourceRelativePath: String
    /// Absolute path where the file should land.
    let destinationPath: String
 }
 // MARK: - Lock file (uninstall manifest, dropped into <project>/.scarf/)
 /// Dropped at `<project>/.scarf/template.lock.json` after a successful
 /// install. Records exactly what was written so a future "Uninstall Template"
 /// action can reverse it without guessing.
 struct TemplateLock: Codable, Sendable {
    let templateId: String
    let templateVersion: String
    let templateName: String
    let installedAt: String
    let projectFiles: [String]
    let skillsNamespaceDir: String?
    let skillsFiles: [String]
    let cronJobNames: [String]
    let memoryBlockId: String?
    /// Every `keychain://service/account` URI the installer stored in
    /// the Keychain for this project's secret fields. Empty/nil for
    /// schema-less (v1-style) installs. The uninstaller iterates this
    /// list and calls `SecItemDelete` for each entry; absent on older
    /// lock files so Codable's optional decoding keeps pre-2.3 installs
    /// uninstallable.
    let configKeychainItems: [String]?
    /// Field keys the installer wrote to `<project>/.scarf/config.json`.
    /// Informational — the actual removal of config.json rides on
    /// `projectFiles`. Optional for back-compat.
    let configFields: [String]?
    enum CodingKeys: String, CodingKey {
        case templateId = "template_id"
        case templateVersion = "template_version"
        case templateName = "template_name"
        case installedAt = "installed_at"
        case projectFiles = "project_files"
        case skillsNamespaceDir = "skills_namespace_dir"
        case skillsFiles = "skills_files"
        case cronJobNames = "cron_job_names"
        case memoryBlockId = "memory_block_id"
        case configKeychainItems = "config_keychain_items"
        case configFields = "config_fields"
    }
 }
 // MARK: - Uninstall Plan (the uninstall-preview sheet reads this)
 /// Symmetric with `TemplateInstallPlan` but for removal. Built from the
 /// `<project>/.scarf/template.lock.json` the installer wrote. The preview
 /// sheet lists every path the uninstall would touch; the uninstaller
 /// executes the listed ops and nothing else.
 struct TemplateUninstallPlan: Sendable {
    /// The parsed lock file that seeded this plan. Kept so the sheet can
    /// display the template id, version, and install timestamp.
    let lock: TemplateLock
    /// The registry entry that will be removed on success.
    let project: ProjectEntry
    /// Lock-tracked files still present on disk that will be removed.
    let projectFilesToRemove: [String]
    /// Lock-tracked files that were already missing (e.g. user deleted them
    /// after install). Shown in the sheet so the user isn't surprised that
    /// a file isn't removed; uninstaller skips these.
    let projectFilesAlreadyGone: [String]
    /// User-added files/dirs in the project dir that are NOT in the lock.
    /// These are preserved — the sheet lists them so the user knows the
    /// project dir stays if any exist.
    let extraProjectEntries: [String]
    /// If `true`, the project dir ends up empty after removal and will be
    /// removed along with its files. `false` means user content lives in
    /// the dir and we leave it.
    let projectDirBecomesEmpty: Bool
    /// Lock-recorded skills namespace dir. `nil` means the template never
    /// installed skills. Uninstaller removes the entire dir recursively.
    let skillsNamespaceDir: String?
    /// Cron jobs that will be removed, as (id, name) pairs. Ids were looked
    /// up at plan time by matching lock names against the live cron list.
    let cronJobsToRemove: [(id: String, name: String)]
    /// Names recorded in the lock that we couldn't find in the current cron
    /// list (user-deleted, renamed, etc.). Shown in the sheet; skipped on
    /// uninstall.
    let cronJobsAlreadyGone: [String]
    /// `true` if MEMORY.md still contains the template's begin/end markers
    /// and those bytes will be stripped on uninstall. `false` means no
    /// memory block was ever installed OR the user removed it by hand.
    let memoryBlockPresent: Bool
    /// Hermes-side path to MEMORY.md. Only touched when
    /// `memoryBlockPresent` is true.
    let memoryPath: String
    nonisolated var totalRemoveCount: Int {
        projectFilesToRemove.count
            + (skillsNamespaceDir == nil ? 0 : 1)
            + cronJobsToRemove.count
            + (memoryBlockPresent ? 1 : 0)
            + 1 // registry entry
    }
 }
 // MARK: - Errors
 enum ProjectTemplateError: LocalizedError, Sendable {
    case unzipFailed(String)
    case manifestMissing
    case manifestParseFailed(String)
    case unsupportedSchemaVersion(Int)
    case requiredFileMissing(String)
    case contentClaimMismatch(String)
    case projectDirExists(String)
    case conflictingFile(String)
    case memoryBlockAlreadyExists(String)
    case cronCreateFailed(job: String, output: String)
    case unsafeZipEntry(String)
    case lockFileMissing(String)
    case lockFileParseFailed(String)
    var errorDescription: String? {
        switch self {
        case .unzipFailed(let s):
            return "Couldn't unpack template archive: \(s)"
        case .manifestMissing:
            return "Template is missing template.json at the archive root."
        case .manifestParseFailed(let s):
            return "Template manifest couldn't be parsed: \(s)"
        case .unsupportedSchemaVersion(let v):
            return "Template uses schemaVersion \(v), which this version of Scarf doesn't understand."
        case .requiredFileMissing(let f):
            return "Template is missing a required file: \(f)"
        case .contentClaimMismatch(let s):
            return "Template manifest doesn't match its contents: \(s)"
        case .projectDirExists(let p):
            return "A directory already exists at \(p). Refusing to overwrite — choose a different parent folder."
        case .conflictingFile(let p):
            return "An existing file would be overwritten at \(p). Refusing to clobber."
        case .memoryBlockAlreadyExists(let id):
            return "A memory block for template '\(id)' already exists in MEMORY.md. Remove it first or install a fresh copy."
        case .cronCreateFailed(let job, let output):
            return "Failed to register cron job '\(job)': \(output)"
        case .unsafeZipEntry(let p):
            return "Template archive contains an unsafe entry: \(p)"
        case .lockFileMissing(let path):
            return "No template.lock.json found at \(path). This project wasn't installed by Scarf's template system — remove it by hand."
        case .lockFileParseFailed(let s):
            return "Couldn't read template.lock.json: \(s)"
        }
    }
 }
@@ -0,0 +1,253 @@
 import Foundation
 import SwiftUI
 import AppKit
 /// Stable identifier for a server entry in the user's registry. Backed by
 /// `UUID` so it round-trips through `servers.json` and SwiftUI window-state
 /// restoration without collisions.
 typealias ServerID = UUID
 /// Connection parameters for a remote Hermes installation reached over SSH.
 /// All fields are optional except `host` — unset values defer to the user's
 /// `~/.ssh/config` and the OpenSSH defaults.
 struct SSHConfig: Sendable, Hashable, Codable {
    /// Hostname or `~/.ssh/config` alias.
    var host: String
    /// Remote username. `nil` → defer to `~/.ssh/config` or the local user.
    var user: String?
    /// TCP port. `nil` → 22 (or whatever `~/.ssh/config` says).
    var port: Int?
    /// Absolute path to a private key. `nil` → defer to ssh-agent /
    /// `~/.ssh/config` identity files.
    var identityFile: String?
    /// Override for the remote `$HOME/.hermes` directory. `nil` uses
    /// `HermesPathSet.defaultRemoteHome` (`~/.hermes`, shell-expanded on the
    /// remote side).
    var remoteHome: String?
    /// Resolved remote path to the `hermes` binary. Populated by
    /// `SSHTransport` after the first `command -v hermes` probe; cached here
    /// so subsequent calls skip the round trip.
    var hermesBinaryHint: String?
 }
 /// Distinguishes a local installation (the user's own `~/.hermes`) from a
 /// remote one reached over SSH. Service behavior is identical in shape but
 /// dispatches to different I/O primitives in Phase 2.
 enum ServerKind: Sendable, Hashable, Codable {
    case local
    case ssh(SSHConfig)
 }
 /// The per-server value that flows through `.environment` and gets handed to
 /// every service and ViewModel in Phase 1. One `ServerContext` corresponds to
 /// one Hermes installation; multi-window scenes in Phase 3 will construct
 /// one per window.
 ///
 /// **Why every member is `nonisolated`.** This file imports `AppKit`
 /// (`NSWorkspace.shared.open` in `openInLocalEditor`), which under Swift 6's
 /// upcoming default-isolation rules pulls the whole struct to `@MainActor`.
 /// `ServerContext` is a plain `Sendable` value — accessing `.local`, `.paths`,
 /// `.isRemote`, or `makeTransport()` from a background actor must not trap
 /// the caller into hopping MainActor. `nonisolated` on each member keeps
 /// them callable from any context; the one MainActor-dependent method
 /// (`openInLocalEditor`) lives in the extension below.
 struct ServerContext: Sendable, Hashable, Identifiable {
    let id: ServerID
    var displayName: String
    var kind: ServerKind
    /// Path layout for this server. Cheap — all path components are computed
    /// on demand from `home`, no I/O.
    nonisolated var paths: HermesPathSet {
        switch kind {
        case .local:
            return HermesPathSet(
                home: HermesPathSet.defaultLocalHome,
                isRemote: false,
                binaryHint: nil
            )
        case .ssh(let config):
            return HermesPathSet(
                home: config.remoteHome ?? HermesPathSet.defaultRemoteHome,
                isRemote: true,
                binaryHint: config.hermesBinaryHint
            )
        }
    }
    nonisolated var isRemote: Bool {
        if case .ssh = kind { return true }
        return false
    }
    /// Construct the `ServerTransport` for this context. Local contexts get
    /// a `LocalTransport`; SSH contexts get an `SSHTransport` configured
    /// from `SSHConfig`. Each call returns a fresh value — transports are
    /// cheap and stateless beyond disk caches.
    nonisolated func makeTransport() -> any ServerTransport {
        switch kind {
        case .local:
            return LocalTransport(contextID: id)
        case .ssh(let config):
            return SSHTransport(contextID: id, config: config, displayName: displayName)
        }
    }
    // MARK: - Well-known singletons
    /// Stable UUID for the built-in "this machine" entry. Hard-coded so the
    /// local context has the same identity across launches, and so persisted
    /// window-state restorations that reference it continue to resolve even
    /// if `servers.json` hasn't been touched yet.
    nonisolated private static let localID = ServerID(uuidString: "00000000-0000-0000-0000-000000000001")!
    /// The default "this machine" context. Used everywhere in Phase 0/1 and
    /// remains the fallback when no remote server is selected.
    nonisolated static let local = ServerContext(
        id: localID,
        displayName: "Local",
        kind: .local
    )
 }
 // MARK: - Remote user-home resolution
 /// Process-wide cache of each server's resolved user `$HOME`. Probed once per
 /// `ServerID` via the transport, then memoized for the app's lifetime — home
 /// directories don't change under us, and the probe is a ~5ms SSH round-trip
 /// with ControlMaster. Used by anything that needs to hand a working
 /// directory to the ACP agent or the Hermes CLI on the correct host.
 private actor UserHomeCache {
    static let shared = UserHomeCache()
    private var cache: [ServerID: String] = [:]
    func resolve(for context: ServerContext) async -> String {
        if let cached = cache[context.id] { return cached }
        let resolved = await probe(context: context)
        cache[context.id] = resolved
        return resolved
    }
    func invalidate(contextID: ServerID) {
        cache.removeValue(forKey: contextID)
    }
    private func probe(context: ServerContext) async -> String {
        if !context.isRemote { return NSHomeDirectory() }
        let transport = context.makeTransport()
        let result = try? transport.runProcess(
            executable: "/bin/sh",
            args: ["-c", "echo $HOME"],
            stdin: nil,
            timeout: 10
        )
        let out = result?.stdoutString.trimmingCharacters(in: .whitespacesAndNewlines) ?? ""
        // Fall back to `~` (unexpanded) so ACP at least gets a plausible cwd
        // rather than a local Mac path. The remote side will expand it if
        // passed through a shell; if not, failures are surfaced by ACP itself.
        return out.isEmpty ? "~" : out
    }
 }
 extension ServerContext {
    /// Resolved absolute path to the user's home directory on the target host.
    /// Local: `NSHomeDirectory()`. Remote: probed `$HOME` over SSH, cached.
    /// Use this — not `NSHomeDirectory()` — whenever you're passing a `cwd`
    /// or user path to a process that runs on the target host.
    func resolvedUserHome() async -> String {
        await UserHomeCache.shared.resolve(for: self)
    }
    /// Called when a server is removed from the registry, so the process-wide
    /// caches keyed by `ServerID` don't hold stale entries forever.
    static func invalidateCaches(for contextID: ServerID) async {
        await UserHomeCache.shared.invalidate(contextID: contextID)
    }
 }
 // MARK: - Convenience file I/O via the right transport
 /// Centralized file I/O entry points for VMs that don't own a service. Every
 /// call goes through the context's transport, so reads/writes hit the local
 /// disk for `.local` and ssh/scp for `.ssh` automatically.
 ///
 /// **Always** prefer `context.readText(...)` over `String(contentsOfFile: ...)`
 /// when the path comes from `context.paths`. The Foundation file APIs are
 /// LOCAL ONLY — using them with a remote path silently returns nil because
 /// the remote path doesn't exist on this Mac.
 extension ServerContext {
    /// Read a UTF-8 text file. `nil` on any error (missing, transport down,
    /// invalid encoding).
    nonisolated func readText(_ path: String) -> String? {
        guard let data = try? makeTransport().readFile(path) else { return nil }
        return String(data: data, encoding: .utf8)
    }
    /// Read raw bytes. `nil` on any error.
    nonisolated func readData(_ path: String) -> Data? {
        try? makeTransport().readFile(path)
    }
    /// Atomic write. Returns `true` on success, `false` on any error
    /// (caller is expected to surface failures via UI when relevant).
    @discardableResult
    nonisolated func writeText(_ path: String, content: String) -> Bool {
        guard let data = content.data(using: .utf8) else { return false }
        do {
            try makeTransport().writeFile(path, data: data)
            return true
        } catch {
            return false
        }
    }
    /// Existence check. Local: `FileManager`. Remote: `ssh test -e`.
    nonisolated func fileExists(_ path: String) -> Bool {
        makeTransport().fileExists(path)
    }
    /// File modification timestamp, or `nil` if the file doesn't exist.
    nonisolated func modificationDate(_ path: String) -> Date? {
        makeTransport().stat(path)?.mtime
    }
    /// Invoke the `hermes` CLI on this server and return its combined output
    /// + exit code. Local: spawns the local binary via `Process`. Remote:
    /// rounds through `ssh host hermes …`. Use this from any VM that needs
    /// to fire off a CLI command — never spawn `hermes` via `Process()`
    /// directly, because that path bypasses the transport for remote.
    @discardableResult
    nonisolated func runHermes(_ args: [String], timeout: TimeInterval = 60, stdin: String? = nil) -> (output: String, exitCode: Int32) {
        let result = HermesFileService(context: self).runHermesCLI(args: args, timeout: timeout, stdinInput: stdin)
        return (result.output, result.exitCode)
    }
    /// Reveal the file at `path` in the user's local editor (via
    /// `NSWorkspace.open`). For remote contexts this is a no-op — the
    /// file doesn't exist on this Mac, so opening it would fail silently
    /// or worse, open the wrong file from the local filesystem.
    /// Returns `true` if opened, `false` if the call was skipped.
    @discardableResult
    func openInLocalEditor(_ path: String) -> Bool {
        guard !isRemote else { return false }
        NSWorkspace.shared.open(URL(fileURLWithPath: path))
        return true
    }
 }
 // MARK: - SwiftUI environment plumbing
 /// `ServerContext` is a value type, so SwiftUI's `.environment(_:)` (which
 /// requires an `@Observable` class) doesn't accept it directly. We expose it
 /// through a custom `EnvironmentKey` — views read it with
 /// `@Environment(\.serverContext) private var serverContext`.
 private struct ServerContextEnvironmentKey: EnvironmentKey {
    static let defaultValue: ServerContext = .local
 }
 extension EnvironmentValues {
    var serverContext: ServerContext {
        get { self[ServerContextEnvironmentKey.self] }
        set { self[ServerContextEnvironmentKey.self] = newValue }
    }
 }
@@ -0,0 +1,278 @@
 import Foundation
 // MARK: - Schema (ships inside template.json as manifest.config)
 /// Author-declared configuration schema for a template. Published as the
 /// `config` block of `template.json` (manifest schemaVersion 2). Users fill
 /// in values at install time via `TemplateConfigSheet`; values land in
 /// `<project>/.scarf/config.json` with secrets resolved through the
 /// macOS Keychain.
 struct TemplateConfigSchema: Codable, Sendable, Equatable {
    let fields: [TemplateConfigField]
    let modelRecommendation: TemplateModelRecommendation?
    enum CodingKeys: String, CodingKey {
        case fields = "schema"
        case modelRecommendation
    }
    nonisolated var isEmpty: Bool { fields.isEmpty }
    /// Fast lookup by key. Validators guarantee keys are unique within a
    /// schema at manifest-parse time, so this is safe.
    nonisolated func field(for key: String) -> TemplateConfigField? {
        fields.first { $0.key == key }
    }
 }
 /// One configurable field the user fills in. Discriminated by `type`.
 /// We keep one flat struct rather than an enum-associated-value encoding
 /// so JSON reads cleanly as a record and authors can hand-edit manifests
 /// without fighting Swift's `"case"` discriminator syntax.
 struct TemplateConfigField: Codable, Sendable, Equatable, Identifiable {
    nonisolated var id: String { key }
    let key: String
    let type: FieldType
    let label: String
    let description: String?
    let required: Bool
    let placeholder: String?
    // Type-specific constraints — all optional. The validator enforces
    // only the ones that apply to `type`; extras are ignored.
    let defaultValue: TemplateConfigValue?
    let options: [EnumOption]?        // type == .enum
    let minLength: Int?               // type == .string / .text
    let maxLength: Int?
    let pattern: String?              // type == .string (regex)
    let minNumber: Double?            // type == .number
    let maxNumber: Double?
    let step: Double?
    let itemType: String?             // type == .list — only "string" supported in v1
    let minItems: Int?
    let maxItems: Int?
    enum CodingKeys: String, CodingKey {
        case key, type, label, description, required, placeholder
        case defaultValue = "default"
        case options
        case minLength, maxLength, pattern
        case minNumber = "min"
        case maxNumber = "max"
        case step
        case itemType, minItems, maxItems
    }
    enum FieldType: String, Codable, Sendable, Equatable {
        case string
        case text
        case number
        case bool
        case `enum`
        case list
        case secret
    }
    /// One option of an `enum` field. `value` is what ends up in
    /// `config.json`; `label` is the human-readable text shown in the UI.
    struct EnumOption: Codable, Sendable, Equatable, Identifiable {
        nonisolated var id: String { value }
        let value: String
        let label: String
    }
 }
 /// Author's model-of-choice hint, shown in the install preview + on the
 /// catalog detail page. Purely advisory — Scarf never auto-switches the
 /// active model. Individual cron jobs can override via
 /// `HermesCronJob.model` if the author wants enforcement.
 struct TemplateModelRecommendation: Codable, Sendable, Equatable {
    let preferred: String
    let rationale: String?
    let alternatives: [String]?
 }
 // MARK: - Values (what lands in config.json and the Keychain)
 /// One configured value. Secrets don't carry their raw bytes — only a
 /// Keychain reference of the form `"keychain://<service>/<account>"` so
 /// serialising config.json to disk never leaks the secret into git or
 /// into backups.
 enum TemplateConfigValue: Codable, Sendable, Equatable {
    case string(String)
    case number(Double)
    case bool(Bool)
    case list([String])
    case keychainRef(String)
    /// Convenience: the string representation suitable for display or
    /// for writing into a placeholder that the agent reads. Keychain
    /// refs return the ref string, not the resolved secret — callers
    /// resolve through `ProjectConfigKeychain` explicitly when they
    /// actually need the plaintext.
    nonisolated var displayString: String {
        switch self {
        case .string(let s): return s
        case .number(let n):
            return n.truncatingRemainder(dividingBy: 1) == 0
                ? String(Int(n))
                : String(n)
        case .bool(let b): return b ? "true" : "false"
        case .list(let items): return items.joined(separator: ", ")
        case .keychainRef(let ref): return ref
        }
    }
    init(from decoder: Decoder) throws {
        let container = try decoder.singleValueContainer()
        if let s = try? container.decode(String.self) {
            // Preserve the keychain:// scheme so secrets round-trip as
            // references, not as plaintext.
            if s.hasPrefix("keychain://") {
                self = .keychainRef(s)
            } else {
                self = .string(s)
            }
        } else if let b = try? container.decode(Bool.self) {
            self = .bool(b)
        } else if let n = try? container.decode(Double.self) {
            self = .number(n)
        } else if let arr = try? container.decode([String].self) {
            self = .list(arr)
        } else {
            throw DecodingError.typeMismatch(
                TemplateConfigValue.self,
                .init(codingPath: decoder.codingPath,
                      debugDescription: "Expected String, Bool, Number, or [String]")
            )
        }
    }
    func encode(to encoder: Encoder) throws {
        var container = encoder.singleValueContainer()
        switch self {
        case .string(let s): try container.encode(s)
        case .number(let n): try container.encode(n)
        case .bool(let b): try container.encode(b)
        case .list(let items): try container.encode(items)
        case .keychainRef(let ref): try container.encode(ref)
        }
    }
 }
 // MARK: - On-disk shape (what's in <project>/.scarf/config.json)
 /// The JSON file the installer writes + the editor reads. Non-secret
 /// values appear inline; secrets are `"keychain://<service>/<account>"`
 /// references that `ProjectConfigService` resolves through the Keychain
 /// on demand.
 struct ProjectConfigFile: Codable, Sendable {
    let schemaVersion: Int
    let templateId: String
    var values: [String: TemplateConfigValue]
    let updatedAt: String
    enum CodingKeys: String, CodingKey {
        case schemaVersion
        case templateId
        case values
        case updatedAt
    }
 }
 // MARK: - Keychain reference helpers
 /// One secret stored via `ProjectConfigKeychain`. We derive both halves
 /// (service + account) from the template slug + project-path hash so two
 /// installs of the same template in different dirs don't collide in the
 /// login Keychain.
 struct TemplateKeychainRef: Sendable, Equatable {
    /// Macro service name, e.g. `com.scarf.template.awizemann-site-status-checker`.
    let service: String
    /// Account name: `<fieldKey>:<projectPathHashShort>`. The hash suffix
    /// guarantees uniqueness across multiple installs of the same template.
    let account: String
    /// `"keychain://<service>/<account>"` — what lands in `config.json`.
    nonisolated var uri: String { "keychain://\(service)/\(account)" }
    /// Parse a `keychain://…` URI back into a ref. Returns `nil` when the
    /// input isn't well-formed so callers can distinguish a missing ref
    /// from a malformed one.
    nonisolated static func parse(_ uri: String) -> TemplateKeychainRef? {
        guard uri.hasPrefix("keychain://") else { return nil }
        let rest = String(uri.dropFirst("keychain://".count))
        guard let slash = rest.firstIndex(of: "/") else { return nil }
        let service = String(rest[..<slash])
        let account = String(rest[rest.index(after: slash)...])
        guard !service.isEmpty, !account.isEmpty else { return nil }
        return TemplateKeychainRef(service: service, account: account)
    }
    /// Build a ref from a template slug + field key + project path.
    /// The hash suffix is a SHA-256-truncated-to-8-hex-chars fingerprint
    /// of the absolute project path. Stable across launches, different
    /// between `/Users/a/proj1` and `/Users/a/proj2`.
    nonisolated static func make(
        templateSlug: String,
        fieldKey: String,
        projectPath: String
    ) -> TemplateKeychainRef {
        TemplateKeychainRef(
            service: "com.scarf.template.\(templateSlug)",
            account: "\(fieldKey):\(Self.shortHash(of: projectPath))"
        )
    }
    nonisolated static func shortHash(of string: String) -> String {
        // 8 hex chars is 32 bits of uniqueness — plenty for
        // distinguishing a handful of project dirs per template install.
        let data = Data(string.utf8)
        var hash: UInt32 = 0x811c9dc5
        for byte in data {
            hash ^= UInt32(byte)
            hash &*= 0x01000193
        }
        return String(format: "%08x", hash)
    }
 }
 // MARK: - Validation
 /// One schema- or value-validation problem. Carries `fieldKey` so the
 /// UI can surface the error inline with the field rather than at the
 /// top of the form.
 struct TemplateConfigValidationError: Error, Sendable, Equatable {
    let fieldKey: String?
    let message: String
 }
 enum TemplateConfigSchemaError: LocalizedError, Sendable {
    case duplicateKey(String)
    case unsupportedType(String)
    case emptyEnumOptions(String)
    case duplicateEnumValue(key: String, value: String)
    case unsupportedListItemType(key: String, itemType: String)
    case secretFieldHasDefault(String)
    case emptyModelPreferred
    var errorDescription: String? {
        switch self {
        case .duplicateKey(let k):
            return "Config schema has duplicate key: \(k)"
        case .unsupportedType(let t):
            return "Config schema uses unsupported field type: \(t)"
        case .emptyEnumOptions(let k):
            return "Enum field '\(k)' must declare at least one option"
        case .duplicateEnumValue(let k, let v):
            return "Enum field '\(k)' has duplicate option value: \(v)"
        case .unsupportedListItemType(let k, let t):
            return "List field '\(k)' uses unsupported itemType '\(t)'. Only 'string' is supported in v1."
        case .secretFieldHasDefault(let k):
            return "Secret field '\(k)' cannot declare a default value — secrets belong only in the Keychain."
        case .emptyModelPreferred:
            return "modelRecommendation.preferred must be a non-empty model id."
        }
    }
 }
@@ -0,0 +1,195 @@
 import Foundation
 import os
 /// Persisted entry for a user-added server. `ServerContext` itself is a value
 /// type we rebuild from these fields at runtime — we persist the minimum that
 /// uniquely identifies a connection, not the whole context struct, so future
 /// fields we add to `ServerContext` don't force a migration.
 struct ServerEntry: Identifiable, Codable, Hashable, Sendable {
    var id: ServerID
    var displayName: String
    var kind: ServerKind
    /// User preference: this server is the one Scarf opens into when a
    /// fresh window has no prior binding (first launch or File → New).
    /// At most one entry should have this set — `ServerRegistry` enforces
    /// mutual exclusivity. If none do, Local is the implicit default.
    var openOnLaunch: Bool = false
    var context: ServerContext {
        ServerContext(id: id, displayName: displayName, kind: kind)
    }
 }
 /// On-disk envelope for `servers.json`. Schema-versioned so future changes
 /// can migrate without losing data.
 private struct RegistryFile: Codable {
    var schemaVersion: Int
    var entries: [ServerEntry]
 }
 /// App-scoped store for user-added servers. `local` is synthesized (not
 /// persisted) and always appears first in `allContexts`. Remote entries are
 /// loaded from `~/Library/Application Support/scarf/servers.json`.
 ///
 /// Observable so SwiftUI views binding to `entries` redraw when a server is
 /// added, renamed, or removed.
@Observable
@MainActor
 final class ServerRegistry {
    private static let logger = Logger(subsystem: "com.scarf", category: "ServerRegistry")
    private static let currentSchemaVersion = 1
    /// Remote (user-added) entries. Observable: views redraw on mutation.
    private(set) var entries: [ServerEntry] = []
    private let storeURL: URL
    init() {
        let support = FileManager.default.urls(for: .applicationSupportDirectory, in: .userDomainMask).first
            ?? URL(fileURLWithPath: NSHomeDirectory() + "/Library/Application Support")
        let dir = support.appendingPathComponent("scarf", isDirectory: true)
        self.storeURL = dir.appendingPathComponent("servers.json")
        load()
    }
    // MARK: - Lookup
    /// The implicit local server plus every persisted remote entry, in list
    /// order. Use this when populating UI like the toolbar switcher.
    var allContexts: [ServerContext] {
        [.local] + entries.map { $0.context }
    }
    /// Resolve an ID to a context, or `nil` if the entry no longer exists.
    /// Used by the multi-window root to detect "this window points at a
    /// server you've since removed" and show a dedicated empty state.
    func context(for id: ServerID) -> ServerContext? {
        if id == ServerContext.local.id { return .local }
        if let entry = entries.first(where: { $0.id == id }) {
            return entry.context
        }
        return nil
    }
    /// The server a fresh window should open into. Returns the ID of the
    /// remote entry flagged `openOnLaunch`, or Local's ID if none is
    /// flagged (or if the flagged entry was removed out from under us).
    /// Consumed by the `WindowGroup`'s `defaultValue` closure.
    var defaultServerID: ServerID {
        entries.first(where: { $0.openOnLaunch })?.id ?? ServerContext.local.id
    }
    /// Flip the default server to `id`. Passing `ServerContext.local.id`
    /// clears the flag on every remote entry, making Local the implicit
    /// default. Passing an unknown ID is a no-op. Persisted on return.
    func setDefaultServer(_ id: ServerID) {
        var changed = false
        for idx in entries.indices {
            let shouldBeDefault = (entries[idx].id == id)
            if entries[idx].openOnLaunch != shouldBeDefault {
                entries[idx].openOnLaunch = shouldBeDefault
                changed = true
            }
        }
        if changed {
            save()
            onEntriesChanged?()
        }
    }
    // MARK: - Mutations
    /// Optional callback fired whenever `entries` changes. The app wires
    /// this to `ServerLiveStatusRegistry.rebuild()` so the menu-bar fanout
    /// stays in sync without polling the entries array.
    var onEntriesChanged: (() -> Void)?
    @discardableResult
    func addServer(displayName: String, config: SSHConfig) -> ServerEntry {
        let entry = ServerEntry(
            id: ServerID(),
            displayName: displayName,
            kind: .ssh(config)
        )
        entries.append(entry)
        save()
        onEntriesChanged?()
        return entry
    }
    func updateServer(_ id: ServerID, displayName: String?, config: SSHConfig?) {
        guard let idx = entries.firstIndex(where: { $0.id == id }) else { return }
        if let name = displayName { entries[idx].displayName = name }
        if let cfg = config { entries[idx].kind = .ssh(cfg) }
        save()
        onEntriesChanged?()
    }
    func removeServer(_ id: ServerID) {
        // Grab the entry BEFORE removing it so we can tear down its transport
        // state. Without this the user would leak a ControlMaster socket
        // (~10min TTL) and a snapshot cache dir (indefinite) per removed
        // server — harmless individually, ugly at scale.
        let removed = entries.first { $0.id == id }
        entries.removeAll { $0.id == id }
        save()
        if let removed, case .ssh(let config) = removed.kind {
            let transport = SSHTransport(contextID: id, config: config, displayName: removed.displayName)
            transport.closeControlMaster()
        }
        SSHTransport.pruneSnapshotCache(for: id)
        // Drop process-wide cache entries keyed on this ServerID so a future
        // re-add with a colliding ID (theoretical — UUIDs are random, but be
        // defensive) doesn't serve stale data.
        Task.detached { await ServerContext.invalidateCaches(for: id) }
        onEntriesChanged?()
    }
    // MARK: - App-launch sweep
    /// Remove snapshot cache directories whose UUID isn't in the current
    /// registry. Handles the case where the user removed a server while the
    /// app was closed — we want the cache to converge to the registry's
    /// state at launch rather than carrying forever.
    func sweepOrphanCaches() {
        var keep: Set<ServerID> = [ServerContext.local.id]
        for entry in entries { keep.insert(entry.id) }
        SSHTransport.sweepOrphanSnapshots(keeping: keep)
        SSHTransport.sweepStaleControlSockets()
    }
    // MARK: - Persistence
    private func load() {
        guard FileManager.default.fileExists(atPath: storeURL.path) else {
            entries = []
            return
        }
        do {
            let data = try Data(contentsOf: storeURL)
            let file = try JSONDecoder().decode(RegistryFile.self, from: data)
            entries = file.entries
        } catch {
            Self.logger.error("Failed to load servers.json: \(error.localizedDescription)")
            entries = []
        }
    }
    private func save() {
        do {
            try FileManager.default.createDirectory(
                at: storeURL.deletingLastPathComponent(),
                withIntermediateDirectories: true
            )
            let file = RegistryFile(schemaVersion: Self.currentSchemaVersion, entries: entries)
            let encoder = JSONEncoder()
            encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
            let data = try encoder.encode(file)
            try data.write(to: storeURL, options: .atomic)
        } catch {
            Self.logger.error("Failed to save servers.json: \(error.localizedDescription)")
        }
    }
 }
@@ -24,6 +24,35 @@ actor ACPClient {
    private(set) var currentSessionId: String?
    private(set) var statusMessage = ""
    let context: ServerContext
    private let transport: any ServerTransport
    init(context: ServerContext = .local) {
        self.context = context
        self.transport = context.makeTransport()
    }
    /// Ring buffer of recent stderr lines from `hermes acp` — used to attach
    /// a diagnostic tail to user-visible errors. Capped to avoid unbounded
    /// growth when the subprocess logs heavily.
    private var stderrBuffer: [String] = []
    private static let stderrBufferMaxLines = 50
    /// Returns the last ~`stderrBufferMaxLines` stderr lines captured from the
    /// `hermes acp` subprocess, joined by newlines.
    var recentStderr: String {
        stderrBuffer.joined(separator: "\n")
    }
    fileprivate func appendStderr(_ text: String) {
        for line in text.split(separator: "\n", omittingEmptySubsequences: true) {
            stderrBuffer.append(String(line))
        }
        if stderrBuffer.count > Self.stderrBufferMaxLines {
            stderrBuffer.removeFirst(stderrBuffer.count - Self.stderrBufferMaxLines)
        }
    }
    /// Check if the underlying process is still alive and connected.
    var isHealthy: Bool {
        guard isConnected, let process else { return false }
@@ -54,9 +83,15 @@ actor ACPClient {
        self._eventStream = stream
        self.eventContinuation = continuation
-        let proc = Process()
+        // For local: Process is `hermes acp` directly.
-        proc.executableURL = URL(fileURLWithPath: HermesPaths.hermesBinary)
+        // For remote: the transport returns a Process configured as
-        proc.arguments = ["acp"]
+        // `/usr/bin/ssh -T <opts> host -- <hermes> acp`. ACP's JSON-RPC
        // over stdio works identically because `-T` keeps the ssh channel
        // byte-clean and stdin/stdout travel end-to-end unmodified.
        let proc = transport.makeProcess(
            executable: context.paths.hermesBinary,
            args: ["acp"]
        )
        let stdin = Pipe()
        let stdout = Pipe()
@@ -67,11 +102,28 @@ actor ACPClient {
        proc.standardError = stderr
        // ACP uses JSON-RPC over pipes — do NOT set TERM to avoid terminal escape pollution.
-        // Use the enriched environment so any tools hermes spawns (MCP servers,
+        if context.isRemote {
-        // shell commands) can find brew/nvm/asdf binaries on PATH.
+            // Remote: this is the LOCAL ssh process spawning `ssh host …
-        var env = HermesFileService.enrichedEnvironment()
+            // hermes acp`. We don't forward our local PATH/credentials to
-        env.removeValue(forKey: "TERM")
+            // the remote (hermes runs under the remote user's login env),
-        proc.environment = env
+            // but the ssh binary itself needs SSH_AUTH_SOCK to reach the
            // local ssh-agent for key-based auth.
            var env = ProcessInfo.processInfo.environment
            let shellEnv = HermesFileService.enrichedEnvironment()
            for key in ["SSH_AUTH_SOCK", "SSH_AGENT_PID"] {
                if env[key] == nil, let v = shellEnv[key], !v.isEmpty {
                    env[key] = v
                }
            }
            env.removeValue(forKey: "TERM")
            proc.environment = env
        } else {
            // Local: enriched env so any tools hermes spawns (MCP servers,
            // shell commands) can find brew/nvm/asdf binaries on PATH.
            var env = HermesFileService.enrichedEnvironment()
            env.removeValue(forKey: "TERM")
            proc.environment = env
        }
        proc.terminationHandler = { [weak self] proc in
            Task { await self?.handleTermination(exitCode: proc.terminationStatus) }
@@ -384,21 +436,22 @@ actor ACPClient {
                    guard !lineData.isEmpty else { continue }
                    if let lineStr = String(data: lineData, encoding: .utf8) {
-                        await self?.logger.debug("ACP recv: \(lineStr.prefix(200))")
+                        self?.logger.debug("ACP recv: \(lineStr.prefix(200))")
                    }
                    do {
                        let message = try JSONDecoder().decode(ACPRawMessage.self, from: lineData)
                        await self?.handleMessage(message)
                    } catch {
-                        await self?.logger.warning("Failed to decode ACP message: \(error.localizedDescription)")
+                        self?.logger.warning("Failed to decode ACP message: \(error.localizedDescription)")
                    }
                }
            }
            await self?.handleReadLoopEnded()
        }
-        // Read stderr in background for diagnostic logging
+        // Read stderr in background for diagnostic logging AND ring-buffer
        // capture so we can attach a tail to user-visible errors.
        stderrTask = Task.detached { [weak self] in
            let handle = stderr.fileHandleForReading
            while !Task.isCancelled {
@@ -406,7 +459,8 @@ actor ACPClient {
                if data.isEmpty { break }
                if let text = String(data: data, encoding: .utf8)?.trimmingCharacters(in: .whitespacesAndNewlines),
                   !text.isEmpty {
-                    await self?.logger.info("ACP stderr: \(text.prefix(500))")
+                    self?.logger.info("ACP stderr: \(text.prefix(500))")
                    await self?.appendStderr(text)
                }
            }
        }
@@ -516,3 +570,35 @@ enum ACPClientError: Error, LocalizedError {
        }
    }
 }
 /// Maps a raw error message (RPC message or captured stderr) to a short
 /// human-readable hint for the chat UI. Pattern-matches the most common
 /// fresh-install failure modes. Returns nil when no known pattern matches.
 enum ACPErrorHint {
    static func classify(errorMessage: String, stderrTail: String) -> String? {
        let haystack = errorMessage + "\n" + stderrTail
        if haystack.range(of: #"No\s+(Anthropic|OpenAI|OpenRouter|Gemini|Google|Groq|Mistral|XAI)?\s*credentials\s+found"#,
                          options: .regularExpression) != nil
            || haystack.contains("ANTHROPIC_API_KEY")
            || haystack.contains("ANTHROPIC_TOKEN")
            || haystack.contains("claude setup-token")
            || haystack.contains("claude /login") {
            return "Hermes can't find your AI provider credentials. Set `ANTHROPIC_API_KEY` (or similar) in `~/.hermes/.env` or your shell profile, then restart Scarf."
        }
        if let match = haystack.range(of: #"No such file or directory:\s*'([^']+)'"#,
                                      options: .regularExpression) {
            let matched = String(haystack[match])
            if let nameStart = matched.range(of: "'"),
               let nameEnd = matched.range(of: "'", range: nameStart.upperBound..<matched.endIndex) {
                let name = String(matched[nameStart.upperBound..<nameEnd.lowerBound])
                return "Hermes couldn't find `\(name)` on PATH. If you use nvm/asdf/mise, make sure it's exported in `~/.zprofile` (not only `~/.zshrc`), then restart Scarf."
            }
            return "Hermes couldn't find a required binary on PATH. Check that your shell's PATH is exported in `~/.zprofile`, then restart Scarf."
        }
        if haystack.localizedCaseInsensitiveContains("rate limit")
            || haystack.localizedCaseInsensitiveContains("429") {
            return "Your AI provider returned a rate-limit error. Try again in a moment."
        }
        return nil
    }
 }
@@ -1,25 +1,151 @@
 import Foundation
 import SQLite3
 import os
 /// Dedupes concurrent `snapshotSQLite` calls for the same server. When the
 /// file watcher ticks, Dashboard + Sessions + Activity (+ Chat's loadHistory)
 /// can all ask for a fresh snapshot within the same millisecond — without
 /// coordination they each spawn their own `ssh host sqlite3 .backup; scp`
 /// round-trip, three parallel backups of the same DB. Callers in flight for
 /// the same `ServerID` await the first caller's Task and share its result.
 actor SnapshotCoordinator {
    static let shared = SnapshotCoordinator()
    private var inFlight: [ServerID: Task<URL, Error>] = [:]
    func snapshot(
        remotePath: String,
        contextID: ServerID,
        transport: any ServerTransport
    ) async throws -> URL {
        if let existing = inFlight[contextID] {
            return try await existing.value
        }
        let task = Task<URL, Error> {
            try transport.snapshotSQLite(remotePath: remotePath)
        }
        inFlight[contextID] = task
        defer { inFlight[contextID] = nil }
        return try await task.value
    }
 }
 actor HermesDataService {
    private static let logger = Logger(subsystem: "com.scarf", category: "HermesDataService")
    private var db: OpaquePointer?
    private var hasV07Schema = false
    /// Local filesystem path we last opened. For remote contexts this is
    /// the cached snapshot under `~/Library/Caches/scarf/snapshots/<id>/`.
    private var openedAtPath: String?
    /// Last error from `open()` / `refresh()`, user-presentable. `nil` means
    /// the last attempt succeeded. Views surface this when their own load
    /// path fails, so the user sees "Permission denied reading state.db"
    /// instead of an empty Dashboard with no explanation.
    private(set) var lastOpenError: String?
-    func open() -> Bool {
+    let context: ServerContext
    private let transport: any ServerTransport
    init(context: ServerContext = .local) {
        self.context = context
        self.transport = context.makeTransport()
    }
    func open() async -> Bool {
        if db != nil { return true }
-        let path = HermesPaths.stateDB
+        let localPath: String
-        guard FileManager.default.fileExists(atPath: path) else { return false }
+        if context.isRemote {
-        let flags = SQLITE_OPEN_READONLY | SQLITE_OPEN_NOMUTEX
+            // Pull a fresh snapshot from the remote host. Uses `sqlite3
-        let result = sqlite3_open_v2(path, &db, flags, nil)
+            // .backup` on the remote, which is WAL-safe; a plain cp would
            // corrupt. Routed through SnapshotCoordinator so concurrent
            // view models don't each spawn a parallel SSH backup for the
            // same server.
            do {
                let url = try await SnapshotCoordinator.shared.snapshot(
                    remotePath: context.paths.stateDB,
                    contextID: context.id,
                    transport: transport
                )
                localPath = url.path
                lastOpenError = nil
            } catch {
                lastOpenError = humanize(error)
                Self.logger.warning("snapshotSQLite failed: \(error.localizedDescription, privacy: .public)")
                return false
            }
        } else {
            localPath = context.paths.stateDB
            guard FileManager.default.fileExists(atPath: localPath) else {
                lastOpenError = "Hermes state database not found at \(localPath)."
                return false
            }
        }
        // Remote snapshots are point-in-time copies that no one writes to;
        // opening them with `immutable=1` tells SQLite to skip WAL/SHM and
        // locking entirely, which is both faster and avoids spurious
        // "unable to open database file" errors if the snapshot ever gets
        // pulled mid-checkpoint. Local points at the live Hermes DB where
        // the process already has WAL enabled in the header, so a plain
        // readonly open is the right thing.
        let flags: Int32
        let openPath: String
        if context.isRemote {
            openPath = "file:\(localPath)?immutable=1"
            flags = SQLITE_OPEN_READONLY | SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_URI
        } else {
            openPath = localPath
            flags = SQLITE_OPEN_READONLY | SQLITE_OPEN_NOMUTEX
        }
        let result = sqlite3_open_v2(openPath, &db, flags, nil)
        guard result == SQLITE_OK else {
            let msg: String
            if let db {
                msg = String(cString: sqlite3_errmsg(db))
            } else {
                msg = "sqlite3_open_v2 returned \(result)"
            }
            lastOpenError = "Couldn't open state.db: \(msg)"
            Self.logger.warning("sqlite3_open_v2 failed (\(result)) at \(localPath, privacy: .public): \(msg, privacy: .public)")
            db = nil
            return false
        }
-        sqlite3_exec(db, "PRAGMA journal_mode=WAL", nil, nil, nil)
+        openedAtPath = localPath
        lastOpenError = nil
        detectSchema()
        return true
    }
    /// Turn a transport error into the one-line string Dashboard shows. Adds
    /// hints for the common "sqlite3 not installed" and "permission denied"
    /// cases so users know what to do.
    private nonisolated func humanize(_ error: Error) -> String {
        let desc = (error as? LocalizedError)?.errorDescription ?? error.localizedDescription
        let lower = desc.lowercased()
        if lower.contains("sqlite3: command not found") || lower.contains("sqlite3: not found") {
            return "sqlite3 is not installed on \(context.displayName). Install it with `apt install sqlite3` (Ubuntu/Debian) or `yum install sqlite` (RHEL/Fedora)."
        }
        if lower.contains("permission denied") {
            return "Permission denied reading Hermes state on \(context.displayName). The SSH user may not have read access to ~/.hermes/state.db — try Run Diagnostics."
        }
        if lower.contains("no such file") {
            return "Hermes state not found at ~/.hermes on \(context.displayName). If Hermes is installed elsewhere, set its data directory in Manage Servers."
        }
        return desc
    }
    /// Force a fresh snapshot pull + reopen. Used on session-load and in
    /// any path that needs the UI to reflect writes Hermes just made.
    /// Without this, remote snapshots would be frozen at the first `open()`
    /// for the app's lifetime — new messages added to a resumed session
    /// would never appear because the snapshot was pulled before they were
    /// written. Local contexts pay essentially nothing: close+reopen on a
    /// live DB is a no-op.
    @discardableResult
    func refresh() async -> Bool {
        close()
        return await open()
    }
    func close() {
        if let db {
            sqlite3_close(db)
@@ -431,11 +557,10 @@ actor HermesDataService {
    }
    func stateDBModificationDate() -> Date? {
-        let walPath = HermesPaths.stateDB + "-wal"
+        // For remote contexts we stat the remote paths. For local it's the
-        let dbPath = HermesPaths.stateDB
+        // same FileManager lookup as before, just via the transport.
-        let fm = FileManager.default
+        let walDate = transport.stat(context.paths.stateDB + "-wal")?.mtime
-        let walDate = (try? fm.attributesOfItem(atPath: walPath))?[.modificationDate] as? Date
+        let dbDate = transport.stat(context.paths.stateDB)?.mtime
        let dbDate = (try? fm.attributesOfItem(atPath: dbPath))?[.modificationDate] as? Date
        if let w = walDate, let d = dbDate {
            return max(w, d)
        }
@@ -0,0 +1,216 @@
 import Foundation
 import os
 /// Read/write `~/.hermes/.env` while preserving comments, blank lines, and the
 /// ordering of keys we don't touch.
 ///
 /// Hermes treats `.env` as a traditional dotenv file: `KEY=value`, `#` comments,
 /// and optional double-quoted values for strings with spaces or special chars.
 /// We do NOT attempt to implement full shell-style escaping; the fields we write
 /// from the GUI are bot tokens, user IDs, URLs, and on/off flags — none of which
 /// contain characters needing escaping beyond double-quoting.
 ///
 /// Design choices:
 /// - **Non-destructive "unset"**: clearing a field comments the line out rather
 ///   than deleting it, so users can restore a key by uncommenting without losing
 ///   their value.
 /// - **Atomic write**: write to `.env.tmp`, then rename. Avoids a partially
 ///   written file if Scarf crashes mid-write.
 /// - **Never logs values**: secrets flow through this service.
 struct HermesEnvService: Sendable {
    private let logger = Logger(subsystem: "com.scarf", category: "HermesEnvService")
    /// Path to `~/.hermes/.env`. Kept configurable for tests.
    let path: String
    let transport: any ServerTransport
    nonisolated init(context: ServerContext = .local) {
        self.path = context.paths.envFile
        self.transport = context.makeTransport()
    }
    /// Escape hatch for tests that want to point at a fixture path directly.
    init(path: String) {
        self.path = path
        self.transport = LocalTransport()
    }
    /// Read the .env file into a `[key: value]` dict. Comments and commented-out
    /// assignments are ignored. Missing file returns an empty dict.
    func load() -> [String: String] {
        guard let data = try? transport.readFile(path),
              let content = String(data: data, encoding: .utf8) else {
            return [:]
        }
        var result: [String: String] = [:]
        for line in content.components(separatedBy: "\n") {
            let trimmed = line.trimmingCharacters(in: .whitespaces)
            // Skip blanks and comments. A line beginning with `#` is either a pure
            // comment or a disabled assignment — both should be treated as "unset".
            if trimmed.isEmpty || trimmed.hasPrefix("#") { continue }
            guard let eq = trimmed.firstIndex(of: "=") else { continue }
            let key = String(trimmed[trimmed.startIndex..<eq]).trimmingCharacters(in: .whitespaces)
            let raw = String(trimmed[trimmed.index(after: eq)...]).trimmingCharacters(in: .whitespaces)
            result[key] = Self.stripEnvQuotes(raw)
        }
        return result
    }
    func get(_ key: String) -> String? {
        load()[key]
    }
    /// Write/update a single key. Preserves the position of existing assignments
    /// (even if they were commented out — the new assignment replaces the comment
    /// line in place). New keys are appended at the end.
    @discardableResult
    func set(_ key: String, value: String) -> Bool {
        setMany([key: value])
    }
    /// Update multiple keys in one atomic rewrite. Use this when a form saves
    /// several fields at once so the file doesn't get repeatedly rewritten.
    ///
    /// Returns `true` on success, `false` if the atomic rewrite failed.
    @discardableResult
    func setMany(_ pairs: [String: String]) -> Bool {
        var remaining = pairs
        var lines: [String]
        // Start from existing file contents, or a minimal header if creating new.
        if let data = try? transport.readFile(path),
           let content = String(data: data, encoding: .utf8) {
            lines = content.components(separatedBy: "\n")
            // Trim a single trailing empty line from splitting the final newline;
            // we'll re-add it on write.
            if lines.last == "" { lines.removeLast() }
        } else {
            lines = ["# Hermes Agent Environment Configuration"]
        }
        // First pass: update in-place (handles both live and commented-out lines).
        for (idx, line) in lines.enumerated() {
            guard let match = Self.extractKey(fromLine: line) else { continue }
            if let newValue = remaining.removeValue(forKey: match.key) {
                // A commented-out `# KEY=...` becomes a live `KEY=...` with the new value.
                lines[idx] = Self.formatLine(key: match.key, value: newValue)
            }
        }
        // Second pass: append any keys that didn't match an existing line.
        if !remaining.isEmpty {
            // Leave a blank line before appending new keys for visual separation.
            if let last = lines.last, !last.isEmpty {
                lines.append("")
            }
            for key in remaining.keys.sorted() {
                lines.append(Self.formatLine(key: key, value: remaining[key]!))
            }
        }
        return atomicWrite(lines.joined(separator: "\n") + "\n")
    }
    /// Comment out a key. The value is preserved so the user can restore by
    /// uncommenting. If the key doesn't exist, this is a no-op.
    @discardableResult
    func unset(_ key: String) -> Bool {
        guard let data = try? transport.readFile(path),
              let content = String(data: data, encoding: .utf8) else {
            return true
        }
        var lines = content.components(separatedBy: "\n")
        if lines.last == "" { lines.removeLast() }
        var changed = false
        for (idx, line) in lines.enumerated() {
            guard let match = Self.extractKey(fromLine: line), match.key == key else { continue }
            // Skip lines that are already commented — nothing to do.
            if Self.isCommentedOutAssignment(line) { continue }
            lines[idx] = "# " + line
            changed = true
        }
        guard changed else { return true }
        return atomicWrite(lines.joined(separator: "\n") + "\n")
    }
    // MARK: - Internals
    /// Writes the entire file in one shot through the transport. For local
    /// contexts this ends up doing the same atomic-rename dance as before
    /// (via `LocalTransport.writeFile`). For remote contexts this goes
    /// through `scp` + remote `mv`, still atomic from Hermes's point of
    /// view.
    private func atomicWrite(_ content: String) -> Bool {
        guard let data = content.data(using: .utf8) else { return false }
        do {
            try transport.writeFile(path, data: data)
            return true
        } catch {
            logger.error("Failed to write .env: \(error.localizedDescription)")
            return false
        }
    }
    /// Extract a key name and whether the line was active or commented-out.
    /// Accepts both `KEY=value` and `# KEY=value` (any amount of whitespace after `#`).
    private static func extractKey(fromLine line: String) -> (key: String, active: Bool)? {
        var work = line.trimmingCharacters(in: .whitespaces)
        var active = true
        if work.hasPrefix("#") {
            active = false
            work = String(work.dropFirst()).trimmingCharacters(in: .whitespaces)
        }
        guard let eq = work.firstIndex(of: "=") else { return nil }
        let key = String(work[work.startIndex..<eq]).trimmingCharacters(in: .whitespaces)
        // Reject non-identifier looking keys to avoid matching prose in comments
        // (e.g. "# This is a note about something = nice").
        guard key.range(of: "^[A-Za-z_][A-Za-z0-9_]*$", options: .regularExpression) != nil else {
            return nil
        }
        return (key, active)
    }
    private static func isCommentedOutAssignment(_ line: String) -> Bool {
        guard let match = extractKey(fromLine: line) else { return false }
        return !match.active
    }
    /// Format a single `KEY=value` line. Values containing whitespace or shell
    /// metacharacters get double-quoted; simple tokens go in unquoted to match
    /// hermes's own output style.
    private static func formatLine(key: String, value: String) -> String {
        if Self.needsQuoting(value) {
            // Escape embedded backslashes and double quotes, then wrap.
            let escaped = value
                .replacingOccurrences(of: "\\", with: "\\\\")
                .replacingOccurrences(of: "\"", with: "\\\"")
            return "\(key)=\"\(escaped)\""
        }
        return "\(key)=\(value)"
    }
    private static func needsQuoting(_ value: String) -> Bool {
        if value.isEmpty { return false }
        // Whitespace, shell metacharacters, or quotes trigger quoting.
        let metacharacters: Set<Character> = [" ", "\t", "#", "$", "`", "\"", "'", "\\", "(", ")", "{", "}", "[", "]", "|", "&", ";", "<", ">", "*", "?"]
        return value.contains(where: { metacharacters.contains($0) })
    }
    /// Strip one layer of matched double or single quotes from a loaded value.
    private static func stripEnvQuotes(_ s: String) -> String {
        guard s.count >= 2 else { return s }
        let first = s.first!
        let last = s.last!
        if (first == "\"" && last == "\"") || (first == "'" && last == "'") {
            var inner = String(s.dropFirst().dropLast())
            if first == "\"" {
                inner = inner
                    .replacingOccurrences(of: "\\\"", with: "\"")
                    .replacingOccurrences(of: "\\\\", with: "\\")
            }
            return inner
        }
        return s
    }
 }
@@ -6,32 +6,66 @@ final class HermesFileWatcher {
    private var coreSources: [DispatchSourceFileSystemObject] = []
    private var projectSources: [DispatchSourceFileSystemObject] = []
    private var timer: Timer?
    /// Remote polling task. Non-nil only when `context.isRemote`. Cancelled
    /// on `stopWatching()`.
    private var remotePollTask: Task<Void, Never>?
    let context: ServerContext
    private let transport: any ServerTransport
    nonisolated init(context: ServerContext = .local) {
        self.context = context
        self.transport = context.makeTransport()
    }
    /// Canonical list of paths we observe. Used for both FSEvents (local)
    /// and mtime polling (remote).
    private var watchedCorePaths: [String] {
        let paths = context.paths
        return [
            paths.stateDB,
            paths.stateDB + "-wal",
            paths.configYAML,
            paths.home + "/.env",
            paths.memoryMD,
            paths.userMD,
            paths.cronJobsJSON,
            paths.gatewayStateJSON,
            paths.agentLog,
            paths.errorsLog,
            paths.gatewayLog,
            paths.projectsRegistry,
            paths.mcpTokensDir
        ]
    }
    func startWatching() {
-        let paths = [
+        if context.isRemote {
-            HermesPaths.stateDB,
+            // FSEvents doesn't reach across SSH. Drive lastChangeDate off
-            HermesPaths.stateDB + "-wal",
+            // the transport's AsyncStream, which polls stat mtime on a
-            HermesPaths.configYAML,
+            // shared ControlMaster channel (~5ms per tick).
-            HermesPaths.memoryMD,
+            let stream = transport.watchPaths(watchedCorePaths)
-            HermesPaths.userMD,
+            remotePollTask = Task { [weak self] in
-            HermesPaths.cronJobsJSON,
+                for await _ in stream {
-            HermesPaths.gatewayStateJSON,
+                    await MainActor.run { [weak self] in
-            HermesPaths.agentLog,
+                        self?.lastChangeDate = Date()
-            HermesPaths.errorsLog,
+                    }
-            HermesPaths.gatewayLog,
+                }
-            HermesPaths.projectsRegistry,
+            }
-            HermesPaths.mcpTokensDir
+            return
-        ]
+        }
-        for path in paths {
+        for path in watchedCorePaths {
            if let source = makeSource(for: path) {
                coreSources.append(source)
            }
        }
-
+        // No heartbeat timer: every observing view runs its `.onChange`
-        timer = Timer.scheduledTimer(withTimeInterval: 5.0, repeats: true) { [weak self] _ in
+        // refresh whenever `lastChangeDate` ticks, so a 5s unconditional
-            self?.lastChangeDate = Date()
+        // tick was triggering wasted reloads across many subscribers
-        }
+        // (Dashboard, Memory, Cron, Gateway, Platforms, Projects, Chat).
        // FSEvents reliably fires on real changes; menu-bar Start/Stop
        // touches `gateway_state.json` which the watcher catches.
    }
    func stopWatching() {
@@ -42,9 +76,15 @@ final class HermesFileWatcher {
        projectSources.removeAll()
        timer?.invalidate()
        timer = nil
        remotePollTask?.cancel()
        remotePollTask = nil
    }
    func updateProjectWatches(_ dashboardPaths: [String]) {
        // Remote contexts don't support per-project FSEvents watches today —
        // the shared mtime poll covers the core set. Adding per-project
        // polling is a Phase 4 polish item.
        guard !context.isRemote else { return }
        for source in projectSources {
            source.cancel()
        }
@@ -33,10 +33,46 @@ actor HermesLogService {
    private var currentPath: String?
    private var entryCounter = 0
    /// Remote tailing state. When set, we're reading from `ssh host tail -F`
    /// instead of a local file. Process stdout pipe drives `readNewLines()`;
    /// process lifecycle is the actor's responsibility.
    private var remoteTailProcess: Process?
    private var remoteTailBuffer: String = ""
    let context: ServerContext
    private let transport: any ServerTransport
    init(context: ServerContext = .local) {
        self.context = context
        self.transport = context.makeTransport()
    }
    func openLog(path: String) {
        closeLog()
        currentPath = path
-        fileHandle = FileHandle(forReadingAtPath: path)
+        if context.isRemote {
            // Spawn `ssh host tail -F` and pipe stdout into our buffer. `-F`
            // follows the file through rotations — important for remote
            // log rotation setups (logrotate).
            let proc = transport.makeProcess(
                executable: "/usr/bin/tail",
                args: ["-n", String(QueryDefaults.logLineLimit), "-F", path]
            )
            let outPipe = Pipe()
            proc.standardOutput = outPipe
            proc.standardError = Pipe()
            do {
                try proc.run()
                remoteTailProcess = proc
                fileHandle = outPipe.fileHandleForReading
            } catch {
                print("[Scarf] Failed to start remote tail: \(error.localizedDescription)")
                remoteTailProcess = nil
                fileHandle = nil
            }
        } else {
            fileHandle = FileHandle(forReadingAtPath: path)
        }
    }
    func closeLog() {
@@ -47,11 +83,29 @@ actor HermesLogService {
        }
        fileHandle = nil
        currentPath = nil
        if let proc = remoteTailProcess, proc.isRunning {
            proc.terminate()
        }
        remoteTailProcess = nil
        remoteTailBuffer = ""
    }
    func readLastLines(count: Int = QueryDefaults.logLineLimit) -> [LogEntry] {
-        guard let path = currentPath,
+        guard let path = currentPath else { return [] }
-              let data = FileManager.default.contents(atPath: path) else { return [] }
+        if context.isRemote {
            // For the initial load we bypass the streaming tail and run a
            // one-shot `tail -n <count>` for a clean bounded read.
            let result = try? transport.runProcess(
                executable: "/usr/bin/tail",
                args: ["-n", String(count), path],
                stdin: nil,
                timeout: 30
            )
            let content = result?.stdoutString ?? ""
            let lines = content.components(separatedBy: "\n").filter { !$0.isEmpty }
            return lines.map { parseLine($0) }
        }
        guard let data = FileManager.default.contents(atPath: path) else { return [] }
        let content = String(data: data, encoding: .utf8) ?? ""
        let lines = content.components(separatedBy: "\n").filter { !$0.isEmpty }
        let lastLines = Array(lines.suffix(count))
@@ -62,13 +116,29 @@ actor HermesLogService {
        guard let handle = fileHandle else { return [] }
        let data = handle.availableData
        guard !data.isEmpty else { return [] }
-        let content = String(data: data, encoding: .utf8) ?? ""
+        let chunk = String(data: data, encoding: .utf8) ?? ""
-        let lines = content.components(separatedBy: "\n").filter { !$0.isEmpty }
+        if context.isRemote {
            // Remote tail emits bytes as they arrive — not line-aligned.
            // Buffer partials across reads so we don't split a line mid-way.
            remoteTailBuffer += chunk
            guard let lastNewline = remoteTailBuffer.lastIndex(of: "\n") else {
                return []
            }
            let complete = String(remoteTailBuffer[..<lastNewline])
            remoteTailBuffer = String(remoteTailBuffer[remoteTailBuffer.index(after: lastNewline)...])
            let lines = complete.components(separatedBy: "\n").filter { !$0.isEmpty }
            return lines.map { parseLine($0) }
        }
        let lines = chunk.components(separatedBy: "\n").filter { !$0.isEmpty }
        return lines.map { parseLine($0) }
    }
    func seekToEnd() {
-        fileHandle?.seekToEndOfFile()
+        // Only meaningful for local FileHandles — remote tail starts at the
        // end implicitly after `readLastLines` drained the initial load.
        if !context.isRemote {
            fileHandle?.seekToEndOfFile()
        }
    }
    private func parseLine(_ line: String) -> LogEntry {
@@ -0,0 +1,210 @@
 import Foundation
 import os
 /// A single model from the models.dev catalog shipped with hermes.
 struct HermesModelInfo: Sendable, Identifiable, Hashable {
    var id: String { providerID + ":" + modelID }
    let providerID: String
    let providerName: String
    let modelID: String
    let modelName: String
    let contextWindow: Int?
    let maxOutput: Int?
    let costInput: Double?      // USD per 1M input tokens
    let costOutput: Double?     // USD per 1M output tokens
    let reasoning: Bool
    let toolCall: Bool
    let releaseDate: String?
    /// Display-friendly cost string, or nil if cost is unknown.
    var costDisplay: String? {
        guard let input = costInput, let output = costOutput else { return nil }
        let currency = FloatingPointFormatStyle<Double>.Currency.currency(code: "USD").precision(.fractionLength(2))
        return "\(input.formatted(currency)) / \(output.formatted(currency))"
    }
    /// Display-friendly context window ("200K", "1M", etc.).
    var contextDisplay: String? {
        guard let ctx = contextWindow else { return nil }
        if ctx >= 1_000_000 { return "\(ctx / 1_000_000)M" }
        if ctx >= 1_000 { return "\(ctx / 1_000)K" }
        return "\(ctx)"
    }
 }
 /// Provider summary — one row in the left column of the picker.
 struct HermesProviderInfo: Sendable, Identifiable, Hashable {
    var id: String { providerID }
    let providerID: String
    let providerName: String
    let envVars: [String]       // e.g. ["ANTHROPIC_API_KEY"]
    let docURL: String?
    let modelCount: Int
 }
 /// Reads the models.dev catalog that hermes caches at
 /// `~/.hermes/models_dev_cache.json`. Offline-capable, fast enough to read per
 /// call (~1500 models across ~110 providers).
 ///
 /// We decode a trimmed subset so unknown fields don't break loading. Every
 /// field we care about is optional on disk — providers may omit cost, context
 /// limits, etc.
 struct ModelCatalogService: Sendable {
    private let logger = Logger(subsystem: "com.scarf", category: "ModelCatalogService")
    let path: String
    let transport: any ServerTransport
    nonisolated init(context: ServerContext = .local) {
        self.path = context.paths.home + "/models_dev_cache.json"
        self.transport = context.makeTransport()
    }
    /// Escape hatch for tests.
    init(path: String) {
        self.path = path
        self.transport = LocalTransport()
    }
    /// All providers, sorted by display name.
    func loadProviders() -> [HermesProviderInfo] {
        guard let catalog = loadCatalog() else { return [] }
        return catalog
            .map { (id, p) in
                HermesProviderInfo(
                    providerID: id,
                    providerName: p.name ?? id,
                    envVars: p.env ?? [],
                    docURL: p.doc,
                    modelCount: p.models?.count ?? 0
                )
            }
            .sorted { $0.providerName.localizedCaseInsensitiveCompare($1.providerName) == .orderedAscending }
    }
    /// Models for one provider, sorted by release date (newest first), then name.
    func loadModels(for providerID: String) -> [HermesModelInfo] {
        guard let catalog = loadCatalog(), let provider = catalog[providerID] else { return [] }
        let providerName = provider.name ?? providerID
        let models = (provider.models ?? [:]).map { (id, m) in
            HermesModelInfo(
                providerID: providerID,
                providerName: providerName,
                modelID: id,
                modelName: m.name ?? id,
                contextWindow: m.limit?.context,
                maxOutput: m.limit?.output,
                costInput: m.cost?.input,
                costOutput: m.cost?.output,
                reasoning: m.reasoning ?? false,
                toolCall: m.tool_call ?? false,
                releaseDate: m.release_date
            )
        }
        return models.sorted { lhs, rhs in
            // Newest-first by release date if both are known; otherwise fall
            // back to alphabetical on display name.
            if let lDate = lhs.releaseDate, let rDate = rhs.releaseDate, lDate != rDate {
                return lDate > rDate
            }
            return lhs.modelName.localizedCaseInsensitiveCompare(rhs.modelName) == .orderedAscending
        }
    }
    /// Find the provider that ships a given model ID. Useful for auto-syncing
    /// provider when the user picks a model from a flat list or types one in.
    func provider(for modelID: String) -> HermesProviderInfo? {
        guard let catalog = loadCatalog() else { return nil }
        for (providerID, p) in catalog {
            if p.models?[modelID] != nil {
                return HermesProviderInfo(
                    providerID: providerID,
                    providerName: p.name ?? providerID,
                    envVars: p.env ?? [],
                    docURL: p.doc,
                    modelCount: p.models?.count ?? 0
                )
            }
        }
        // Handle provider-prefixed IDs like "openai/gpt-4o" — look up the
        // prefix before the slash.
        if let slash = modelID.firstIndex(of: "/") {
            let prefix = String(modelID[modelID.startIndex..<slash])
            if let p = catalog[prefix] {
                return HermesProviderInfo(
                    providerID: prefix,
                    providerName: p.name ?? prefix,
                    envVars: p.env ?? [],
                    docURL: p.doc,
                    modelCount: p.models?.count ?? 0
                )
            }
        }
        return nil
    }
    /// Look up a specific model by provider + ID. Returns nil if not in the
    /// catalog (e.g., free-typed custom model).
    func model(providerID: String, modelID: String) -> HermesModelInfo? {
        guard let catalog = loadCatalog(),
              let provider = catalog[providerID],
              let raw = provider.models?[modelID] else { return nil }
        return HermesModelInfo(
            providerID: providerID,
            providerName: provider.name ?? providerID,
            modelID: modelID,
            modelName: raw.name ?? modelID,
            contextWindow: raw.limit?.context,
            maxOutput: raw.limit?.output,
            costInput: raw.cost?.input,
            costOutput: raw.cost?.output,
            reasoning: raw.reasoning ?? false,
            toolCall: raw.tool_call ?? false,
            releaseDate: raw.release_date
        )
    }
    // MARK: - Decoding
    private func loadCatalog() -> [String: ProviderEntry]? {
        guard let data = try? transport.readFile(path) else {
            return nil
        }
        do {
            return try JSONDecoder().decode([String: ProviderEntry].self, from: data)
        } catch {
            logger.error("Failed to decode models_dev_cache.json: \(error.localizedDescription)")
            return nil
        }
    }
    // Trimmed representations — we decode a subset of fields and tolerate
    // anything new hermes adds later. `snake_case` field names match the file.
    private struct ProviderEntry: Decodable {
        let id: String?
        let name: String?
        let env: [String]?
        let doc: String?
        let models: [String: ModelEntry]?
    }
    private struct ModelEntry: Decodable {
        let name: String?
        let reasoning: Bool?
        let tool_call: Bool?
        let release_date: String?
        let cost: CostEntry?
        let limit: LimitEntry?
    }
    private struct CostEntry: Decodable {
        let input: Double?
        let output: Double?
    }
    private struct LimitEntry: Decodable {
        let context: Int?
        let output: Int?
    }
 }
@@ -0,0 +1,154 @@
 import Foundation
 import Security
 import os
 /// Thin wrapper around the macOS Keychain for template-config secrets.
 /// Scarf doesn't have other Keychain users yet so this file is the one
 /// place that touches the `Security` framework; keep it small and
 /// auditable so a reader can tell at a glance what we store, under what
 /// identifiers, and when items are removed.
 ///
 /// **What we store.** Generic passwords (kSecClassGenericPassword) in
 /// the login Keychain. Each item is identified by a (service, account)
 /// pair derived from the template slug + field key + project-path hash
 /// — see `TemplateKeychainRef.make`. The stored Data is the user's
 /// raw secret bytes; we never transform or encode them.
 ///
 /// **When items are written.** By `ProjectTemplateInstaller` after the
 /// install preview is confirmed and the user has filled in the
 /// configure sheet. By `TemplateConfigSheet` when the user edits a
 /// secret field post-install.
 ///
 /// **When items are removed.** By `ProjectTemplateUninstaller`,
 /// iterating the lock file's `configKeychainItems` list. The login
 /// Keychain is never swept for stray entries — if the lock is out of
 /// sync we log + skip rather than guess which items are ours.
 ///
 /// **What shows to the user.** macOS prompts "Scarf wants to access
 /// the Keychain" the first time we read a secret in a given session.
 /// User approves; subsequent reads in that session are silent. We
 /// never bypass this — the prompt is the user's trust boundary.
 struct ProjectConfigKeychain: Sendable {
    private static let logger = Logger(subsystem: "com.scarf", category: "ProjectConfigKeychain")
    /// Which Keychain to target. The default is the login Keychain
    /// (`nil` uses the user's default chain). Tests pass an explicit
    /// namespace suffix via `testServiceSuffix` — see `TemplateConfigTests` —
    /// so integration tests can roundtrip without polluting real
    /// user state.
    let testServiceSuffix: String?
    nonisolated init(testServiceSuffix: String? = nil) {
        self.testServiceSuffix = testServiceSuffix
    }
    /// Write or overwrite the secret for (service, account). Tests
    /// route their items through a distinct service prefix via
    /// `testServiceSuffix` so they can't leak into the user's real
    /// Keychain.
    nonisolated func set(service: String, account: String, secret: Data) throws {
        let svc = resolved(service: service)
        let query: [String: Any] = [
            kSecClass as String: kSecClassGenericPassword,
            kSecAttrService as String: svc,
            kSecAttrAccount as String: account,
        ]
        // Try update first — cheaper than delete-then-add and doesn't
        // trip macOS's "item already exists" if another thread raced us.
        let update: [String: Any] = [
            kSecValueData as String: secret,
        ]
        let updateStatus = SecItemUpdate(query as CFDictionary, update as CFDictionary)
        if updateStatus == errSecSuccess { return }
        if updateStatus != errSecItemNotFound {
            throw Self.error(status: updateStatus, op: "update")
        }
        var insert = query
        insert[kSecValueData as String] = secret
        // kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly — stays in
        // this device's Keychain, not synced via iCloud, usable after
        // first unlock (so background cron triggers can read).
        insert[kSecAttrAccessible as String] = kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
        let addStatus = SecItemAdd(insert as CFDictionary, nil)
        if addStatus != errSecSuccess {
            throw Self.error(status: addStatus, op: "add")
        }
    }
    /// Retrieve the secret for (service, account). Returns `nil` when
    /// the item simply doesn't exist (user never set it, or an
    /// uninstall already removed it). Throws on every other Keychain
    /// error so callers don't silently treat "access denied" or
    /// "corrupt keychain" as "no value."
    nonisolated func get(service: String, account: String) throws -> Data? {
        let svc = resolved(service: service)
        let query: [String: Any] = [
            kSecClass as String: kSecClassGenericPassword,
            kSecAttrService as String: svc,
            kSecAttrAccount as String: account,
            kSecReturnData as String: true,
            kSecMatchLimit as String: kSecMatchLimitOne,
        ]
        var result: CFTypeRef?
        let status = SecItemCopyMatching(query as CFDictionary, &result)
        if status == errSecItemNotFound { return nil }
        if status != errSecSuccess {
            throw Self.error(status: status, op: "get")
        }
        return result as? Data
    }
    /// Delete the secret for (service, account). Absent item is a
    /// no-op; any other failure throws. Called by
    /// `ProjectTemplateUninstaller` for every item in
    /// `TemplateLock.configKeychainItems`.
    nonisolated func delete(service: String, account: String) throws {
        let svc = resolved(service: service)
        let query: [String: Any] = [
            kSecClass as String: kSecClassGenericPassword,
            kSecAttrService as String: svc,
            kSecAttrAccount as String: account,
        ]
        let status = SecItemDelete(query as CFDictionary)
        if status == errSecItemNotFound || status == errSecSuccess { return }
        throw Self.error(status: status, op: "delete")
    }
    /// Convenience: apply the test suffix when in test mode.
    nonisolated private func resolved(service: String) -> String {
        guard let suffix = testServiceSuffix, !suffix.isEmpty else { return service }
        return "\(service).\(suffix)"
    }
    /// Build a useful NSError from a Keychain OSStatus. Logs at warning
    /// — callers decide whether the failure is fatal.
    nonisolated private static func error(status: OSStatus, op: String) -> NSError {
        let description = (SecCopyErrorMessageString(status, nil) as String?) ?? "Keychain error"
        logger.warning("Keychain \(op, privacy: .public) failed: \(status) \(description, privacy: .public)")
        return NSError(
            domain: "com.scarf.keychain",
            code: Int(status),
            userInfo: [
                NSLocalizedDescriptionKey: "Keychain \(op) failed (\(status)): \(description)"
            ]
        )
    }
 }
 // MARK: - Ref-shaped convenience layer
 extension ProjectConfigKeychain {
    /// Set a secret using a pre-built `TemplateKeychainRef`. Mirrors the
    /// service/account plumbing every caller would otherwise repeat.
    nonisolated func set(ref: TemplateKeychainRef, secret: Data) throws {
        try set(service: ref.service, account: ref.account, secret: secret)
    }
    nonisolated func get(ref: TemplateKeychainRef) throws -> Data? {
        try get(service: ref.service, account: ref.account)
    }
    nonisolated func delete(ref: TemplateKeychainRef) throws {
        try delete(service: ref.service, account: ref.account)
    }
 }
@@ -0,0 +1,318 @@
 import Foundation
 import os
 /// Per-project configuration I/O: reads `<project>/.scarf/config.json`
 /// into typed values, writes them back, resolves Keychain-backed secrets
 /// on demand, and validates user-entered values against the schema.
 ///
 /// Separation of concerns:
 ///
 /// - **Schema authority.** `TemplateConfigSchema` lives in the bundle's
 ///   `template.json` and a copy is stashed at `<project>/.scarf/manifest.json`
 ///   at install time so the post-install editor works offline. This
 ///   service treats the schema as read-only input; `validateSchema`
 ///   checks structural invariants and is called by
 ///   `ProjectTemplateService` during install-plan building.
 /// - **Value storage.** Non-secret values live inline in `config.json`;
 ///   secret values are Keychain references of the form
 ///   `"keychain://<service>/<account>"`. The service owns both halves
 ///   of that storage — callers never open `config.json` or touch the
 ///   Keychain directly.
 /// - **Remote readiness.** All file I/O goes through
 ///   `ServerContext.makeTransport()` so when `ProjectTemplateInstaller`
 ///   eventually supports remote contexts, the config store comes along
 ///   for the ride. Keychain access stays local (it's a macOS-side thing
 ///   by definition — agents on remote Hermes installs would fetch
 ///   values via Scarf's channel, same as today).
 struct ProjectConfigService: Sendable {
    private static let logger = Logger(subsystem: "com.scarf", category: "ProjectConfigService")
    let context: ServerContext
    let keychain: ProjectConfigKeychain
    nonisolated init(
        context: ServerContext = .local,
        keychain: ProjectConfigKeychain = ProjectConfigKeychain()
    ) {
        self.context = context
        self.keychain = keychain
    }
    // MARK: - Paths
    nonisolated static func configPath(for project: ProjectEntry) -> String {
        project.path + "/.scarf/config.json"
    }
    nonisolated static func manifestCachePath(for project: ProjectEntry) -> String {
        project.path + "/.scarf/manifest.json"
    }
    // MARK: - Load / save on-disk config
    /// Read + decode `<project>/.scarf/config.json`. Returns `nil`
    /// cleanly when the file is absent (e.g. a project installed from
    /// a schema-less template, or a hand-added project). Throws on
    /// malformed JSON so the caller can surface a concrete error
    /// rather than silently treating a corrupt file as missing.
    nonisolated func load(project: ProjectEntry) throws -> ProjectConfigFile? {
        let transport = context.makeTransport()
        let path = Self.configPath(for: project)
        guard transport.fileExists(path) else { return nil }
        let data = try transport.readFile(path)
        do {
            return try JSONDecoder().decode(ProjectConfigFile.self, from: data)
        } catch {
            Self.logger.error("couldn't decode config.json at \(path, privacy: .public): \(error.localizedDescription, privacy: .public)")
            throw error
        }
    }
    /// Write `<project>/.scarf/config.json`. Secrets should already be
    /// represented as `TemplateConfigValue.keychainRef` references here
    /// — this service never inspects their plaintext.
    nonisolated func save(
        project: ProjectEntry,
        templateId: String,
        values: [String: TemplateConfigValue]
    ) throws {
        let transport = context.makeTransport()
        let file = ProjectConfigFile(
            schemaVersion: 2,
            templateId: templateId,
            values: values,
            updatedAt: ISO8601DateFormatter().string(from: Date())
        )
        let encoder = JSONEncoder()
        encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
        let data = try encoder.encode(file)
        let parent = (Self.configPath(for: project) as NSString).deletingLastPathComponent
        try transport.createDirectory(parent)
        try transport.writeFile(Self.configPath(for: project), data: data)
    }
    // MARK: - Manifest cache (schema used by post-install editor)
    /// Copy a template's `template.json` into `<project>/.scarf/manifest.json`
    /// so the post-install "Configuration" button can render the form
    /// offline. Called once by the installer after unpack + validate.
    nonisolated func cacheManifest(project: ProjectEntry, manifestData: Data) throws {
        let transport = context.makeTransport()
        let path = Self.manifestCachePath(for: project)
        let parent = (path as NSString).deletingLastPathComponent
        try transport.createDirectory(parent)
        try transport.writeFile(path, data: manifestData)
    }
    /// Load the cached manifest into a `ProjectTemplateManifest` so the
    /// editor can look up field types + labels. Returns `nil` when the
    /// project wasn't installed from a schemaful template.
    nonisolated func loadCachedManifest(project: ProjectEntry) throws -> ProjectTemplateManifest? {
        let transport = context.makeTransport()
        let path = Self.manifestCachePath(for: project)
        guard transport.fileExists(path) else { return nil }
        let data = try transport.readFile(path)
        return try JSONDecoder().decode(ProjectTemplateManifest.self, from: data)
    }
    // MARK: - Secrets
    /// Resolve a `keychainRef` value into the actual secret bytes.
    /// Returns `nil` if the Keychain entry has been removed (e.g.
    /// external user cleanup, a previous uninstall that didn't finish).
    nonisolated func resolveSecret(ref value: TemplateConfigValue) throws -> Data? {
        guard case .keychainRef(let uri) = value,
              let ref = TemplateKeychainRef.parse(uri) else {
            return nil
        }
        return try keychain.get(ref: ref)
    }
    /// Store a freshly-entered secret. Returns the `keychainRef` value
    /// suitable for writing into `config.json`.
    nonisolated func storeSecret(
        templateSlug: String,
        fieldKey: String,
        project: ProjectEntry,
        secret: Data
    ) throws -> TemplateConfigValue {
        let ref = TemplateKeychainRef.make(
            templateSlug: templateSlug,
            fieldKey: fieldKey,
            projectPath: project.path
        )
        try keychain.set(ref: ref, secret: secret)
        return .keychainRef(ref.uri)
    }
    /// Delete every Keychain item tracked in `refs`. Absent items are
    /// fine (uninstall may run after the user manually cleaned an
    /// entry). Any other failure is logged and re-thrown so the
    /// uninstaller can surface it.
    nonisolated func deleteSecrets(refs: [TemplateKeychainRef]) throws {
        for ref in refs {
            try keychain.delete(ref: ref)
        }
    }
    // MARK: - Schema validation (author-facing; called at bundle inspect time)
    /// Verify structural invariants on a schema: unique keys, known
    /// types, enum options, secret-without-default rule, model
    /// recommendation non-empty when present. Called by
    /// `ProjectTemplateService.inspect` before buildPlan runs.
    nonisolated static func validateSchema(_ schema: TemplateConfigSchema) throws {
        var seen = Set<String>()
        for field in schema.fields {
            if !seen.insert(field.key).inserted {
                throw TemplateConfigSchemaError.duplicateKey(field.key)
            }
            switch field.type {
            case .enum:
                let opts = field.options ?? []
                guard !opts.isEmpty else {
                    throw TemplateConfigSchemaError.emptyEnumOptions(field.key)
                }
                var seenValues = Set<String>()
                for opt in opts {
                    if !seenValues.insert(opt.value).inserted {
                        throw TemplateConfigSchemaError.duplicateEnumValue(key: field.key, value: opt.value)
                    }
                }
            case .list:
                let item = field.itemType ?? "string"
                if item != "string" {
                    throw TemplateConfigSchemaError.unsupportedListItemType(key: field.key, itemType: item)
                }
            case .secret:
                if field.defaultValue != nil {
                    throw TemplateConfigSchemaError.secretFieldHasDefault(field.key)
                }
            case .string, .text, .number, .bool:
                break
            }
        }
        if let rec = schema.modelRecommendation {
            if rec.preferred.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty {
                throw TemplateConfigSchemaError.emptyModelPreferred
            }
        }
    }
    // MARK: - Value validation (runs on user input in the configure sheet)
    /// Validate user-entered values against the schema. Returns one
    /// `TemplateConfigValidationError` per problem. Empty array means
    /// the form is submittable.
    nonisolated static func validateValues(
        _ values: [String: TemplateConfigValue],
        against schema: TemplateConfigSchema
    ) -> [TemplateConfigValidationError] {
        var errors: [TemplateConfigValidationError] = []
        for field in schema.fields {
            let value = values[field.key]
            if field.required && !Self.hasMeaningfulValue(value, type: field.type) {
                errors.append(.init(fieldKey: field.key, message: "\(field.label) is required."))
                continue
            }
            guard let value else { continue }
            switch field.type {
            case .string, .text:
                if case .string(let s) = value {
                    if let min = field.minLength, s.count < min {
                        errors.append(.init(fieldKey: field.key,
                                            message: "\(field.label) must be at least \(min) characters."))
                    }
                    if let max = field.maxLength, s.count > max {
                        errors.append(.init(fieldKey: field.key,
                                            message: "\(field.label) must be at most \(max) characters."))
                    }
                    if let pattern = field.pattern,
                       s.range(of: pattern, options: .regularExpression) == nil {
                        errors.append(.init(fieldKey: field.key,
                                            message: "\(field.label) doesn't match the expected format."))
                    }
                } else {
                    errors.append(.init(fieldKey: field.key,
                                        message: "\(field.label) must be a string."))
                }
            case .number:
                if case .number(let n) = value {
                    if let min = field.minNumber, n < min {
                        errors.append(.init(fieldKey: field.key,
                                            message: "\(field.label) must be ≥ \(min)."))
                    }
                    if let max = field.maxNumber, n > max {
                        errors.append(.init(fieldKey: field.key,
                                            message: "\(field.label) must be ≤ \(max)."))
                    }
                } else {
                    errors.append(.init(fieldKey: field.key,
                                        message: "\(field.label) must be a number."))
                }
            case .bool:
                if case .bool = value { /* ok */ } else {
                    errors.append(.init(fieldKey: field.key,
                                        message: "\(field.label) must be true or false."))
                }
            case .enum:
                if case .string(let s) = value {
                    let options = (field.options ?? []).map(\.value)
                    if !options.contains(s) {
                        errors.append(.init(fieldKey: field.key,
                                            message: "\(field.label) must be one of \(options.joined(separator: ", "))."))
                    }
                } else {
                    errors.append(.init(fieldKey: field.key,
                                        message: "\(field.label) must be one of the predefined options."))
                }
            case .list:
                if case .list(let items) = value {
                    if let min = field.minItems, items.count < min {
                        errors.append(.init(fieldKey: field.key,
                                            message: "\(field.label) needs at least \(min) item(s)."))
                    }
                    if let max = field.maxItems, items.count > max {
                        errors.append(.init(fieldKey: field.key,
                                            message: "\(field.label) accepts at most \(max) item(s)."))
                    }
                } else {
                    errors.append(.init(fieldKey: field.key,
                                        message: "\(field.label) must be a list."))
                }
            case .secret:
                if case .keychainRef = value { /* opaque — trust it */ } else {
                    errors.append(.init(fieldKey: field.key,
                                        message: "\(field.label) must be supplied (Keychain entry missing)."))
                }
            }
        }
        return errors
    }
    nonisolated private static func hasMeaningfulValue(
        _ value: TemplateConfigValue?,
        type: TemplateConfigField.FieldType
    ) -> Bool {
        guard let value else { return false }
        switch (type, value) {
        case (.string, .string(let s)), (.text, .string(let s)), (.enum, .string(let s)):
            return !s.isEmpty
        case (.number, .number):
            return true
        case (.bool, .bool):
            return true
        case (.list, .list(let arr)):
            return !arr.isEmpty
        case (.secret, .keychainRef):
            return true
        default:
            return false
        }
    }
 }
@@ -1,45 +1,62 @@
 import Foundation
 import os
 struct ProjectDashboardService: Sendable {
    private static let logger = Logger(subsystem: "com.scarf", category: "ProjectDashboardService")
    let context: ServerContext
    let transport: any ServerTransport
    nonisolated init(context: ServerContext = .local) {
        self.context = context
        self.transport = context.makeTransport()
    }
    // MARK: - Registry
    func loadRegistry() -> ProjectRegistry {
-        guard let data = FileManager.default.contents(atPath: HermesPaths.projectsRegistry) else {
+        guard let data = try? transport.readFile(context.paths.projectsRegistry) else {
            return ProjectRegistry(projects: [])
        }
        do {
            return try JSONDecoder().decode(ProjectRegistry.self, from: data)
        } catch {
-            print("[Scarf] Failed to decode project registry: \(error.localizedDescription)")
+            Self.logger.error("Failed to decode project registry: \(error.localizedDescription, privacy: .public)")
            return ProjectRegistry(projects: [])
        }
    }
-    func saveRegistry(_ registry: ProjectRegistry) {
+    /// Persist the project registry to `~/.hermes/scarf/projects.json`.
-        let dir = HermesPaths.scarfDir
+    ///
-        if !FileManager.default.fileExists(atPath: dir) {
+    /// **Throws** on every non-success path — the previous version of
-            do {
+    /// this method silently swallowed `createDirectory` and `writeFile`
-                try FileManager.default.createDirectory(atPath: dir, withIntermediateDirectories: true)
+    /// failures with `try?`, which meant the installer could return a
-            } catch {
+    /// valid-looking `ProjectEntry` while the registry on disk never
-                print("[Scarf] Failed to create scarf directory: \(error.localizedDescription)")
+    /// received the new row (project would complete install, show a
-                return
+    /// success screen, then be invisible in the sidebar). Callers that
-            }
+    /// want fire-and-forget behaviour can still use `try?`, but the
    /// choice is now theirs.
    func saveRegistry(_ registry: ProjectRegistry) throws {
        let dir = context.paths.scarfDir
        if !transport.fileExists(dir) {
            try transport.createDirectory(dir)
        }
-        guard let data = try? JSONEncoder().encode(registry) else { return }
+        let data = try JSONEncoder().encode(registry)
-        // Pretty-print for readability (agents may read this file)
+        // Pretty-print for readability (agents may read this file).
        let writeData: Data
        if let pretty = try? JSONSerialization.jsonObject(with: data),
           let formatted = try? JSONSerialization.data(withJSONObject: pretty, options: [.prettyPrinted, .sortedKeys]) {
-            FileManager.default.createFile(atPath: HermesPaths.projectsRegistry, contents: formatted)
+            writeData = formatted
        } else {
-            FileManager.default.createFile(atPath: HermesPaths.projectsRegistry, contents: data)
+            writeData = data
        }
        try transport.writeFile(context.paths.projectsRegistry, data: writeData)
    }
    // MARK: - Dashboard
    func loadDashboard(for project: ProjectEntry) -> ProjectDashboard? {
-        guard let data = FileManager.default.contents(atPath: project.dashboardPath) else {
+        guard let data = try? transport.readFile(project.dashboardPath) else {
            return nil
        }
        do {
@@ -51,13 +68,10 @@ struct ProjectDashboardService: Sendable {
    }
    func dashboardExists(for project: ProjectEntry) -> Bool {
-        FileManager.default.fileExists(atPath: project.dashboardPath)
+        transport.fileExists(project.dashboardPath)
    }
    func dashboardModificationDate(for project: ProjectEntry) -> Date? {
-        guard let attrs = try? FileManager.default.attributesOfItem(atPath: project.dashboardPath) else {
+        transport.stat(project.dashboardPath)?.mtime
            return nil
        }
        return attrs[.modificationDate] as? Date
    }
 }
@@ -0,0 +1,336 @@
 import Foundation
 import os
 /// Builds a `.scarftemplate` bundle from an existing Scarf project plus the
 /// caller's selection of skills and cron jobs. Symmetric with the
 /// `ProjectTemplateService` + `ProjectTemplateInstaller` pair — the output
 /// of this exporter can be fed straight back to `inspect()` + `install()`.
 struct ProjectTemplateExporter: Sendable {
    private static let logger = Logger(subsystem: "com.scarf", category: "ProjectTemplateExporter")
    let context: ServerContext
    nonisolated init(context: ServerContext = .local) {
        self.context = context
    }
    /// Known filenames in the project root that map to specific agents. When
    /// the author opts to include them, each is copied verbatim into
    /// `instructions/` in the bundle.
    nonisolated static let knownInstructionFiles: [String] = [
        "CLAUDE.md",
        "GEMINI.md",
        ".cursorrules",
        ".github/copilot-instructions.md"
    ]
    /// Author-facing description of what `export` will do with the given
    /// selections. Shown in the export sheet so the user knows exactly
    /// what's about to go into the bundle before saving.
    struct ExportPlan: Sendable {
        let templateId: String
        let templateName: String
        let templateVersion: String
        let projectDir: String
        let dashboardPresent: Bool
        let agentsMdPresent: Bool
        let readmePresent: Bool
        let instructionFiles: [String]
        let skillIds: [String]
        let cronJobs: [HermesCronJob]
        let memoryAppendix: String?
    }
    /// Inputs collected by the export sheet.
    struct ExportInputs: Sendable {
        let project: ProjectEntry
        let templateId: String
        let templateName: String
        let templateVersion: String
        let description: String
        let authorName: String?
        let authorUrl: String?
        let category: String?
        let tags: [String]
        let includeSkillIds: [String]
        let includeCronJobIds: [String]
        /// Raw markdown the author wants appended to installers' MEMORY.md.
        /// `nil` to skip.
        let memoryAppendix: String?
    }
    /// Scan the project dir and report what a fresh export would include
    /// given the caller's inputs. Does not write anything.
    ///
    /// Existence checks go through the context's transport — the project
    /// path comes from the registry on the active server and may be on a
    /// remote filesystem (future remote-install support), where
    /// `FileManager.default.fileExists` would silently return `false`.
    nonisolated func previewPlan(for inputs: ExportInputs) -> ExportPlan {
        let dir = inputs.project.path
        let transport = context.makeTransport()
        let dashboard = transport.fileExists(dir + "/.scarf/dashboard.json")
        let readme = transport.fileExists(dir + "/README.md")
        let agents = transport.fileExists(dir + "/AGENTS.md")
        let instructions = Self.knownInstructionFiles.filter {
            transport.fileExists(dir + "/" + $0)
        }
        let allJobs = HermesFileService(context: context).loadCronJobs()
        let picked = allJobs.filter { inputs.includeCronJobIds.contains($0.id) }
        return ExportPlan(
            templateId: inputs.templateId,
            templateName: inputs.templateName,
            templateVersion: inputs.templateVersion,
            projectDir: dir,
            dashboardPresent: dashboard,
            agentsMdPresent: agents,
            readmePresent: readme,
            instructionFiles: instructions,
            skillIds: inputs.includeSkillIds,
            cronJobs: picked,
            memoryAppendix: inputs.memoryAppendix
        )
    }
    /// Build the bundle and write it to `outputZipPath`. Throws if any
    /// required file is missing or the zip step fails.
    nonisolated func export(
        inputs: ExportInputs,
        outputZipPath: String
    ) throws {
        let stagingDir = NSTemporaryDirectory() + "scarf-template-export-" + UUID().uuidString
        try FileManager.default.createDirectory(atPath: stagingDir, withIntermediateDirectories: true)
        defer { try? FileManager.default.removeItem(atPath: stagingDir) }
        let plan = previewPlan(for: inputs)
        guard plan.dashboardPresent else {
            throw ProjectTemplateError.requiredFileMissing("dashboard.json (expected at \(plan.projectDir)/.scarf/dashboard.json)")
        }
        guard plan.readmePresent else {
            throw ProjectTemplateError.requiredFileMissing("README.md (expected at \(plan.projectDir)/README.md)")
        }
        guard plan.agentsMdPresent else {
            throw ProjectTemplateError.requiredFileMissing("AGENTS.md (expected at \(plan.projectDir)/AGENTS.md)")
        }
        // Required files. All source reads go through the context's
        // transport — project paths come from the registry on the active
        // server and may be on a remote filesystem. Destinations are in
        // the local staging dir so Foundation writes are correct.
        let transport = context.makeTransport()
        try copyFromHermes(plan.projectDir + "/.scarf/dashboard.json", to: stagingDir + "/dashboard.json", transport: transport)
        try copyFromHermes(plan.projectDir + "/README.md", to: stagingDir + "/README.md", transport: transport)
        try copyFromHermes(plan.projectDir + "/AGENTS.md", to: stagingDir + "/AGENTS.md", transport: transport)
        // Optional per-agent instruction shims
        for relative in plan.instructionFiles {
            let source = plan.projectDir + "/" + relative
            let destination = stagingDir + "/instructions/" + relative
            try createParent(of: destination)
            try copyFromHermes(source, to: destination, transport: transport)
        }
        // Skills (copied from the global skills dir)
        if !plan.skillIds.isEmpty {
            let skillsRoot = stagingDir + "/skills"
            try FileManager.default.createDirectory(atPath: skillsRoot, withIntermediateDirectories: true)
            let allSkills = HermesFileService(context: context).loadSkills()
                .flatMap(\.skills)
            for skillId in plan.skillIds {
                guard let skill = allSkills.first(where: { $0.id == skillId }) else {
                    throw ProjectTemplateError.requiredFileMissing("skills/" + skillId)
                }
                // The bundle uses a flat `skills/<name>/` layout (no
                // category), matching what the installer expects. If two
                // categories ship skills with the same `name`, the second
                // collides — warn by refusing rather than silently
                // overwriting.
                let targetDir = skillsRoot + "/" + skill.name
                if FileManager.default.fileExists(atPath: targetDir) {
                    throw ProjectTemplateError.conflictingFile(targetDir)
                }
                try FileManager.default.createDirectory(atPath: targetDir, withIntermediateDirectories: true)
                for file in skill.files {
                    try copyFromHermes(skill.path + "/" + file, to: targetDir + "/" + file, transport: transport)
                }
            }
        }
        // Cron jobs (stripped to the create-CLI-shaped spec)
        if !plan.cronJobs.isEmpty {
            let specs = plan.cronJobs.map { Self.strip($0) }
            let encoder = JSONEncoder()
            encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
            let data = try encoder.encode(specs)
            let cronDir = stagingDir + "/cron"
            try FileManager.default.createDirectory(atPath: cronDir, withIntermediateDirectories: true)
            try data.write(to: URL(fileURLWithPath: cronDir + "/jobs.json"))
        }
        // Memory appendix. A write failure here would silently produce a
        // bundle whose manifest claims `memory.append = true` but ships an
        // empty/missing file — installers would then fail on
        // contentClaimMismatch with no breadcrumb pointing back at the
        // export step. Let the error propagate.
        if let appendix = plan.memoryAppendix, !appendix.isEmpty {
            let memDir = stagingDir + "/memory"
            try FileManager.default.createDirectory(atPath: memDir, withIntermediateDirectories: true)
            guard let data = appendix.data(using: .utf8) else {
                throw ProjectTemplateError.requiredFileMissing("memory/append.md (non-UTF8)")
            }
            try data.write(to: URL(fileURLWithPath: memDir + "/append.md"))
        }
        // If the source project was itself installed from a schemaful
        // template, its `.scarf/manifest.json` carries the schema we
        // want to forward to the exported bundle. We carry only the
        // SCHEMA — never user values. Exporting must be safe on a
        // project with live config: the schema is author-supplied
        // metadata; the values in `config.json` are the current user's
        // secrets or personal settings.
        let forwardedSchema: TemplateConfigSchema? = try Self.readCachedSchema(
            from: plan.projectDir
        )
        // Bump schemaVersion to 2 when a schema is carried through;
        // remain on 1 otherwise so schema-less exports stay
        // byte-compatible with existing v2.2 catalog validators.
        let schemaVersion = forwardedSchema == nil ? 1 : 2
        // Manifest — claims exactly what we just wrote
        let manifest = ProjectTemplateManifest(
            schemaVersion: schemaVersion,
            id: inputs.templateId,
            name: inputs.templateName,
            version: inputs.templateVersion,
            minScarfVersion: nil,
            minHermesVersion: nil,
            author: inputs.authorName.map {
                TemplateAuthor(name: $0, url: inputs.authorUrl)
            },
            description: inputs.description,
            category: inputs.category,
            tags: inputs.tags.isEmpty ? nil : inputs.tags,
            icon: nil,
            screenshots: nil,
            contents: TemplateContents(
                dashboard: true,
                agentsMd: true,
                instructions: plan.instructionFiles.isEmpty ? nil : plan.instructionFiles,
                skills: plan.skillIds.isEmpty ? nil : plan.skillIds.compactMap { $0.split(separator: "/").last.map(String.init) },
                cron: plan.cronJobs.isEmpty ? nil : plan.cronJobs.count,
                memory: (inputs.memoryAppendix?.isEmpty == false) ? TemplateMemoryClaim(append: true) : nil,
                config: forwardedSchema?.fields.count
            ),
            config: forwardedSchema
        )
        let manifestEncoder = JSONEncoder()
        manifestEncoder.outputFormatting = [.prettyPrinted, .sortedKeys]
        let manifestData = try manifestEncoder.encode(manifest)
        try manifestData.write(to: URL(fileURLWithPath: stagingDir + "/template.json"))
        try zip(stagingDir: stagingDir, outputPath: outputZipPath)
    }
    // MARK: - Private
    /// Copy a file whose source lives on the Hermes side (possibly remote)
    /// into a local destination path under the staging dir. Using the
    /// transport for the read keeps the exporter remote-ready; the write
    /// goes through Foundation because the staging dir is always local to
    /// the Mac running Scarf.
    nonisolated private func copyFromHermes(
        _ source: String,
        to destination: String,
        transport: any ServerTransport
    ) throws {
        let data = try transport.readFile(source)
        try createParent(of: destination)
        try data.write(to: URL(fileURLWithPath: destination))
    }
    nonisolated private func createParent(of path: String) throws {
        let parent = (path as NSString).deletingLastPathComponent
        if !FileManager.default.fileExists(atPath: parent) {
            try FileManager.default.createDirectory(atPath: parent, withIntermediateDirectories: true)
        }
    }
    /// Read the cached manifest from `<project>/.scarf/manifest.json` (if
    /// present) and pull out just the config schema. Values in
    /// `.scarf/config.json` are intentionally ignored — an exported
    /// bundle carries the schema's shape, never the current user's
    /// configured values.
    nonisolated private static func readCachedSchema(from projectDir: String) throws -> TemplateConfigSchema? {
        let manifestPath = projectDir + "/.scarf/manifest.json"
        guard FileManager.default.fileExists(atPath: manifestPath) else { return nil }
        let data = try Data(contentsOf: URL(fileURLWithPath: manifestPath))
        // Use a bespoke decode rather than ProjectTemplateManifest so
        // this helper stays resilient if the manifest shape evolves
        // incompatibly in a future release.
        struct OnlyConfig: Decodable { let config: TemplateConfigSchema? }
        let onlyConfig = try JSONDecoder().decode(OnlyConfig.self, from: data)
        return onlyConfig.config
    }
    /// Convert a live cron job (with runtime state) into the spec the
    /// installer will feed back to `hermes cron create`. Only preserves
    /// fields the CLI accepts.
    nonisolated private static func strip(_ job: HermesCronJob) -> TemplateCronJobSpec {
        let schedule: String = {
            if let expr = job.schedule.expression, !expr.isEmpty { return expr }
            if let runAt = job.schedule.runAt, !runAt.isEmpty { return runAt }
            return job.schedule.display ?? ""
        }()
        return TemplateCronJobSpec(
            name: job.name,
            schedule: schedule,
            prompt: job.prompt.isEmpty ? nil : job.prompt,
            deliver: job.deliver?.isEmpty == false ? job.deliver : nil,
            skills: (job.skills?.isEmpty == false) ? job.skills : nil,
            repeatCount: nil
        )
    }
    /// Shell out to `/usr/bin/zip -r` so the file ordering is deterministic
    /// and the archive is standard — Apple-provided tools (and the system
    /// `unzip` the installer uses) will read it without trouble.
    nonisolated private func zip(stagingDir: String, outputPath: String) throws {
        // `zip` writes relative paths based on the cwd it's invoked in. Chdir
        // via Process.currentDirectoryURL so entries are `template.json`,
        // `AGENTS.md`, etc., not absolute paths.
        let process = Process()
        process.executableURL = URL(fileURLWithPath: "/usr/bin/zip")
        process.currentDirectoryURL = URL(fileURLWithPath: stagingDir)
        process.arguments = ["-qq", "-r", outputPath, "."]
        let outPipe = Pipe()
        let errPipe = Pipe()
        process.standardOutput = outPipe
        process.standardError = errPipe
        // Close both ends of each Pipe so we don't leak 4 fds per zip call.
        func closePipes() {
            try? outPipe.fileHandleForReading.close()
            try? outPipe.fileHandleForWriting.close()
            try? errPipe.fileHandleForReading.close()
            try? errPipe.fileHandleForWriting.close()
        }
        do {
            try process.run()
        } catch {
            closePipes()
            throw ProjectTemplateError.unzipFailed("zip failed to launch: \(error.localizedDescription)")
        }
        process.waitUntilExit()
        let errData = try? errPipe.fileHandleForReading.readToEnd()
        closePipes()
        guard process.terminationStatus == 0 else {
            let err = errData.flatMap { String(data: $0, encoding: .utf8) } ?? ""
            throw ProjectTemplateError.unzipFailed(err.isEmpty ? "exit \(process.terminationStatus)" : err)
        }
    }
 }
@@ -0,0 +1,303 @@
 import Foundation
 import os
 /// Executes a `TemplateInstallPlan`. All writes happen in one pass with
 /// early-fail semantics: if any step throws, later steps don't run (but
 /// earlier ones aren't reversed — v1 doesn't ship an atomic rollback). The
 /// plan has already verified `projectDir` doesn't exist and no conflicting
 /// file exists at target paths, so by the time we start writing, the
 /// expected-error surface is small (mostly I/O failures).
 struct ProjectTemplateInstaller: Sendable {
    private static let logger = Logger(subsystem: "com.scarf", category: "ProjectTemplateInstaller")
    let context: ServerContext
    nonisolated init(context: ServerContext = .local) {
        self.context = context
    }
    /// Apply the plan. On success, returns the `ProjectEntry` that was added
    /// to the registry so the caller can set `AppCoordinator.selectedProjectName`.
    @discardableResult
    nonisolated func install(plan: TemplateInstallPlan) throws -> ProjectEntry {
        try preflight(plan: plan)
        try createProjectFiles(plan: plan)
        try createSkillsFiles(plan: plan)
        try appendMemoryIfNeeded(plan: plan)
        let cronJobNames = try createCronJobs(plan: plan)
        let entry = try registerProject(plan: plan)
        try writeLockFile(plan: plan, cronJobNames: cronJobNames)
        Self.logger.info("installed template \(plan.manifest.id, privacy: .public) v\(plan.manifest.version, privacy: .public) into \(plan.projectDir, privacy: .public)")
        return entry
    }
    // MARK: - Preflight
    nonisolated private func preflight(plan: TemplateInstallPlan) throws {
        // Plan was built on a recent snapshot of the filesystem; re-check the
        // invariants at install time so concurrent activity between
        // preview-and-confirm can't slip past us.
        //
        // All existence and read checks for paths that come from
        // `context.paths` go through the transport — not `FileManager` —
        // so this code works identically against a future remote
        // `ServerContext`. See the warning on `ServerContext.readText`:
        // "Foundation file APIs are LOCAL ONLY — using them with a remote
        // path silently returns nil because the remote path doesn't exist
        // on this Mac."
        let transport = context.makeTransport()
        if transport.fileExists(plan.projectDir) {
            throw ProjectTemplateError.projectDirExists(plan.projectDir)
        }
        for copy in plan.projectFiles where transport.fileExists(copy.destinationPath) {
            throw ProjectTemplateError.conflictingFile(copy.destinationPath)
        }
        for copy in plan.skillsFiles where transport.fileExists(copy.destinationPath) {
            throw ProjectTemplateError.conflictingFile(copy.destinationPath)
        }
        // Memory appendix collision: re-scan MEMORY.md for an existing block
        // with the same template id so two installs of v1.0.0 can't
        // double-append. A missing MEMORY.md is fine (treated as empty),
        // but any *other* read failure (permissions, bad file type) gets
        // logged + surfaced so we don't silently pretend MEMORY.md is empty
        // and append over a broken file.
        if plan.memoryAppendix != nil {
            let existing: String
            if transport.fileExists(plan.memoryPath) {
                do {
                    let data = try transport.readFile(plan.memoryPath)
                    existing = String(data: data, encoding: .utf8) ?? ""
                } catch {
                    Self.logger.error("failed to read MEMORY.md at \(plan.memoryPath, privacy: .public): \(error.localizedDescription, privacy: .public)")
                    throw error
                }
            } else {
                existing = ""
            }
            let marker = ProjectTemplateService.memoryBlockBeginMarker(templateId: plan.manifest.id)
            if existing.contains(marker) {
                throw ProjectTemplateError.memoryBlockAlreadyExists(plan.manifest.id)
            }
        }
    }
    // MARK: - Project files
    nonisolated private func createProjectFiles(plan: TemplateInstallPlan) throws {
        let transport = context.makeTransport()
        try transport.createDirectory(plan.projectDir)
        for copy in plan.projectFiles {
            let parent = (copy.destinationPath as NSString).deletingLastPathComponent
            try transport.createDirectory(parent)
            // Empty `sourceRelativePath` is the "synthesized content"
            // sentinel used by `buildPlan` for `.scarf/config.json`.
            // The installer materialises config.json from
            // `plan.configValues` here rather than copying a bundle
            // file that doesn't exist.
            if copy.sourceRelativePath.isEmpty {
                if copy.destinationPath.hasSuffix("/.scarf/config.json") {
                    let data = try encodeConfigFile(plan: plan)
                    try transport.writeFile(copy.destinationPath, data: data)
                    continue
                }
                throw ProjectTemplateError.requiredFileMissing(
                    "synthesized file with unknown destination: \(copy.destinationPath)"
                )
            }
            let source = plan.unpackedDir + "/" + copy.sourceRelativePath
            let data = try Data(contentsOf: URL(fileURLWithPath: source))
            try transport.writeFile(copy.destinationPath, data: data)
        }
    }
    /// Serialise `plan.configValues` into the `<project>/.scarf/config.json`
    /// shape. Secrets appear as `keychainRef` URIs — the raw bytes were
    /// routed into the Keychain by the VM before `install()` was called.
    nonisolated private func encodeConfigFile(plan: TemplateInstallPlan) throws -> Data {
        let file = ProjectConfigFile(
            schemaVersion: 2,
            templateId: plan.manifest.id,
            values: plan.configValues,
            updatedAt: ISO8601DateFormatter().string(from: Date())
        )
        let encoder = JSONEncoder()
        encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
        return try encoder.encode(file)
    }
    // MARK: - Skills
    nonisolated private func createSkillsFiles(plan: TemplateInstallPlan) throws {
        guard let namespaceDir = plan.skillsNamespaceDir else { return }
        let transport = context.makeTransport()
        try transport.createDirectory(namespaceDir)
        for copy in plan.skillsFiles {
            let source = plan.unpackedDir + "/" + copy.sourceRelativePath
            let data = try Data(contentsOf: URL(fileURLWithPath: source))
            let parent = (copy.destinationPath as NSString).deletingLastPathComponent
            try transport.createDirectory(parent)
            try transport.writeFile(copy.destinationPath, data: data)
        }
    }
    // MARK: - Memory
    nonisolated private func appendMemoryIfNeeded(plan: TemplateInstallPlan) throws {
        guard let appendix = plan.memoryAppendix else { return }
        let transport = context.makeTransport()
        let existing = (try? transport.readFile(plan.memoryPath)).flatMap { String(data: $0, encoding: .utf8) } ?? ""
        let combined = existing + appendix
        guard let data = combined.data(using: .utf8) else {
            throw ProjectTemplateError.requiredFileMissing("memory/append.md (non-UTF8)")
        }
        let parent = (plan.memoryPath as NSString).deletingLastPathComponent
        try transport.createDirectory(parent)
        try transport.writeFile(plan.memoryPath, data: data)
    }
    // MARK: - Cron
    /// Create each cron job via `hermes cron create`, then immediately pause
    /// it (Hermes creates jobs enabled). Returns the list of resolved job
    /// names, which is what the lock file records — we don't know the job
    /// ids without parsing the create output, but the name is enough to
    /// find + remove them later.
    nonisolated private func createCronJobs(plan: TemplateInstallPlan) throws -> [String] {
        guard !plan.cronJobs.isEmpty else { return [] }
        let existingBefore = Set(HermesFileService(context: context).loadCronJobs().map(\.id))
        var createdNames: [String] = []
        for job in plan.cronJobs {
            var args = ["cron", "create", "--name", job.name]
            if let deliver = job.deliver, !deliver.isEmpty { args += ["--deliver", deliver] }
            if let repeatCount = job.repeatCount { args += ["--repeat", String(repeatCount)] }
            for skill in job.skills ?? [] where !skill.isEmpty {
                args += ["--skill", skill]
            }
            args.append(job.schedule)
            if let prompt = job.prompt, !prompt.isEmpty {
                // Substitute template-author tokens with install-time
                // values. Hermes doesn't set a CWD for cron runs — when
                // the agent fires the prompt, any relative path
                // (`.scarf/config.json`, `status-log.md`, etc.) resolves
                // against the agent's own dir, not the project. Templates
                // use `{{PROJECT_DIR}}` as a placeholder for the absolute
                // path; we swap in the real project dir here so the
                // registered cron job carries a fully-qualified prompt
                // that works regardless of CWD.
                let resolvedPrompt = Self.substituteCronTokens(prompt, plan: plan)
                args.append(resolvedPrompt)
            }
            let (output, exit) = context.runHermes(args)
            guard exit == 0 else {
                throw ProjectTemplateError.cronCreateFailed(job: job.name, output: output)
            }
            createdNames.append(job.name)
        }
        // Diff the current job set against the snapshot we took before
        // creating — anything new belongs to this install and gets paused.
        // We pause by id (not name) because `cron pause` takes an id.
        let currentJobs = HermesFileService(context: context).loadCronJobs()
        let newJobs = currentJobs.filter { !existingBefore.contains($0.id) && createdNames.contains($0.name) }
        for job in newJobs {
            let (_, exit) = context.runHermes(["cron", "pause", job.id])
            if exit != 0 {
                Self.logger.warning("couldn't pause newly-created cron job \(job.id, privacy: .public) — leaving enabled")
            }
        }
        return createdNames
    }
    // MARK: - Registry
    nonisolated private func registerProject(plan: TemplateInstallPlan) throws -> ProjectEntry {
        let service = ProjectDashboardService(context: context)
        var registry = service.loadRegistry()
        let entry = ProjectEntry(name: plan.projectRegistryName, path: plan.projectDir)
        registry.projects.append(entry)
        // Must throw on failure — silent failure here used to make the
        // installer return a valid entry while the registry on disk
        // never got updated, producing the "install completed but the
        // project doesn't show up in the sidebar" bug. If the registry
        // write fails, the whole install is surfaced as failed so the
        // user can see + address the underlying problem.
        try service.saveRegistry(registry)
        return entry
    }
    // MARK: - Token substitution (install-time placeholder resolution)
    /// Supported placeholders for template-author prompts. Keep the set
    /// intentionally small — every token here becomes a load-bearing
    /// part of the template format that we can't rename without
    /// breaking existing bundles.
    ///
    /// - `{{PROJECT_DIR}}`: absolute path of the newly-created project
    ///   directory. Required for cron prompts because Hermes doesn't
    ///   establish a CWD when firing cron jobs; relative paths would
    ///   resolve against whatever dir Hermes happens to be in.
    ///
    /// - `{{TEMPLATE_ID}}`: the `owner/name` id from the manifest.
    ///   Less load-bearing; occasionally useful for tagging or
    ///   delivery targets that reference the template.
    ///
    /// - `{{TEMPLATE_SLUG}}`: the sanitised slug the installer used
    ///   for the skills namespace and project dir name.
    nonisolated static func substituteCronTokens(
        _ prompt: String,
        plan: TemplateInstallPlan
    ) -> String {
        var out = prompt
        out = out.replacingOccurrences(of: "{{PROJECT_DIR}}", with: plan.projectDir)
        out = out.replacingOccurrences(of: "{{TEMPLATE_ID}}", with: plan.manifest.id)
        out = out.replacingOccurrences(of: "{{TEMPLATE_SLUG}}", with: plan.manifest.slug)
        return out
    }
    // MARK: - Lock file
    nonisolated private func writeLockFile(
        plan: TemplateInstallPlan,
        cronJobNames: [String]
    ) throws {
        // Every value that ended up as a keychainRef in config.json gets
        // tracked in the lock so the uninstaller can SecItemDelete each
        // entry. Field keys are recorded separately for informational
        // display in the uninstall preview sheet.
        let keychainItems: [String]? = {
            let refs = plan.configValues.compactMap { (_, value) -> String? in
                if case .keychainRef(let uri) = value { return uri } else { return nil }
            }
            return refs.isEmpty ? nil : refs.sorted()
        }()
        let configFields: [String]? = {
            guard let schema = plan.configSchema, !schema.isEmpty else { return nil }
            return schema.fields.map(\.key)
        }()
        let lock = TemplateLock(
            templateId: plan.manifest.id,
            templateVersion: plan.manifest.version,
            templateName: plan.manifest.name,
            installedAt: ISO8601DateFormatter().string(from: Date()),
            projectFiles: plan.projectFiles.map(\.destinationPath),
            skillsNamespaceDir: plan.skillsNamespaceDir,
            skillsFiles: plan.skillsFiles.map(\.destinationPath),
            cronJobNames: cronJobNames,
            memoryBlockId: plan.memoryAppendix == nil ? nil : plan.manifest.id,
            configKeychainItems: keychainItems,
            configFields: configFields
        )
        let encoder = JSONEncoder()
        encoder.outputFormatting = [.prettyPrinted, .sortedKeys]
        let data = try encoder.encode(lock)
        let path = plan.projectDir + "/.scarf/template.lock.json"
        try context.makeTransport().writeFile(path, data: data)
    }
 }
@@ -0,0 +1,500 @@
 import Foundation
 import os
 /// Reads, validates, and plans the install of a `.scarftemplate` bundle. Pure
 /// — owns no state across calls. The installer (see
 /// `ProjectTemplateInstaller`) consumes the `TemplateInstallPlan` this
 /// produces.
 ///
 /// Responsibilities:
 /// 1. Unpack a `.scarftemplate` zip into a caller-owned temp directory.
 /// 2. Parse `template.json` and validate it against the schema we know about.
 /// 3. Walk the unpacked contents and verify they match the manifest's
 ///    `contents` claim (so a malicious bundle can't hide files from the
 ///    preview sheet).
 /// 4. Produce a `TemplateInstallPlan` describing every concrete filesystem
 ///    op the installer will perform, given a parent directory the user
 ///    picked.
 struct ProjectTemplateService: Sendable {
    private static let logger = Logger(subsystem: "com.scarf", category: "ProjectTemplateService")
    let context: ServerContext
    nonisolated init(context: ServerContext = .local) {
        self.context = context
    }
    // MARK: - Inspection
    /// Unpack the zip at `zipPath` into a fresh temp directory, parse and
    /// validate the manifest, and walk the contents. Throws on any
    /// inconsistency. On success, the caller owns `inspection.unpackedDir`
    /// and must remove it once they're done.
    nonisolated func inspect(zipPath: String) throws -> TemplateInspection {
        let unpackedDir = try makeTempDir()
        try unzip(zipPath: zipPath, intoDir: unpackedDir)
        let manifestPath = unpackedDir + "/template.json"
        guard FileManager.default.fileExists(atPath: manifestPath) else {
            throw ProjectTemplateError.manifestMissing
        }
        let manifestData: Data
        do {
            manifestData = try Data(contentsOf: URL(fileURLWithPath: manifestPath))
        } catch {
            throw ProjectTemplateError.manifestParseFailed(error.localizedDescription)
        }
        let manifest: ProjectTemplateManifest
        do {
            manifest = try JSONDecoder().decode(ProjectTemplateManifest.self, from: manifestData)
        } catch {
            throw ProjectTemplateError.manifestParseFailed(error.localizedDescription)
        }
        // schemaVersion 1 is the original v2.2 bundle; 2 adds the
        // optional `config` block. Both are valid. Newer versions get
        // refused so the installer never silently misinterprets a
        // future-shape bundle.
        guard manifest.schemaVersion == 1 || manifest.schemaVersion == 2 else {
            throw ProjectTemplateError.unsupportedSchemaVersion(manifest.schemaVersion)
        }
        // Validate the optional config schema at inspect time — a
        // malformed schema (duplicate keys, secret-with-default, etc.)
        // gets rejected before the user ever sees the preview sheet.
        if let schema = manifest.config {
            do {
                try ProjectConfigService.validateSchema(schema)
            } catch {
                throw ProjectTemplateError.manifestParseFailed(
                    "invalid config schema: \(error.localizedDescription)"
                )
            }
        }
        let files = try Self.walk(unpackedDir)
        let cronJobs = try Self.readCronJobs(unpackedDir: unpackedDir)
        try Self.verifyClaims(manifest: manifest, files: files, cronJobCount: cronJobs.count)
        return TemplateInspection(
            manifest: manifest,
            unpackedDir: unpackedDir,
            files: files,
            cronJobs: cronJobs
        )
    }
    // MARK: - Planning
    /// Turn an inspection into a concrete install plan given the parent
    /// directory the user picked. The plan is deterministic — two calls with
    /// the same inputs produce the same ops.
    nonisolated func buildPlan(
        inspection: TemplateInspection,
        parentDir: String
    ) throws -> TemplateInstallPlan {
        let manifest = inspection.manifest
        let slug = manifest.slug
        let projectDir = parentDir + "/" + slug
        if FileManager.default.fileExists(atPath: projectDir) {
            throw ProjectTemplateError.projectDirExists(projectDir)
        }
        var projectFiles: [TemplateFileCopy] = [
            TemplateFileCopy(
                sourceRelativePath: "README.md",
                destinationPath: projectDir + "/README.md"
            ),
            TemplateFileCopy(
                sourceRelativePath: "AGENTS.md",
                destinationPath: projectDir + "/AGENTS.md"
            ),
            TemplateFileCopy(
                sourceRelativePath: "dashboard.json",
                destinationPath: projectDir + "/.scarf/dashboard.json"
            )
        ]
        // Optional per-agent instruction shims. Each is copied verbatim to
        // its conventional project-root path; we don't try to be clever.
        let instructionRoot = "instructions"
        for relative in (manifest.contents.instructions ?? []) {
            let source = instructionRoot + "/" + relative
            guard inspection.files.contains(source) else {
                throw ProjectTemplateError.requiredFileMissing(source)
            }
            projectFiles.append(
                TemplateFileCopy(
                    sourceRelativePath: source,
                    destinationPath: projectDir + "/" + relative
                )
            )
        }
        // Namespaced skills: copied wholesale from skills/<name>/** into
        // ~/.hermes/skills/templates/<slug>/<name>/**.
        var skillsFiles: [TemplateFileCopy] = []
        var skillsNamespaceDir: String? = nil
        if let skillNames = manifest.contents.skills, !skillNames.isEmpty {
            let namespaceDir = context.paths.skillsDir + "/templates/" + slug
            skillsNamespaceDir = namespaceDir
            for skillName in skillNames {
                let prefix = "skills/" + skillName + "/"
                let skillFiles = inspection.files.filter { $0.hasPrefix(prefix) }
                guard !skillFiles.isEmpty else {
                    throw ProjectTemplateError.requiredFileMissing(prefix)
                }
                for relative in skillFiles {
                    let suffix = String(relative.dropFirst("skills/".count))
                    skillsFiles.append(
                        TemplateFileCopy(
                            sourceRelativePath: relative,
                            destinationPath: namespaceDir + "/" + suffix
                        )
                    )
                }
            }
        }
        // Cron jobs: always prefix name with the template tag so users can
        // find and remove them later. Jobs ship disabled — the installer
        // pauses each one immediately after `cron create`.
        let cronJobs: [TemplateCronJobSpec] = inspection.cronJobs.map { job in
            TemplateCronJobSpec(
                name: "[tmpl:\(manifest.id)] \(job.name)",
                schedule: job.schedule,
                prompt: job.prompt,
                deliver: job.deliver,
                skills: job.skills,
                repeatCount: job.repeatCount
            )
        }
        // Memory appendix: wrap whatever the template ships in
        // begin/end markers so an uninstall can find and remove exactly the
        // bytes this template added. `verifyClaims` already guaranteed the
        // file is present — so a read error here means something unusual
        // (permissions, encoding, etc.); surface it with the real
        // `error.localizedDescription` rather than hiding behind a
        // generic "file missing."
        var memoryAppendix: String? = nil
        if manifest.contents.memory?.append == true {
            let appendSource = inspection.unpackedDir + "/memory/append.md"
            let raw: String
            do {
                raw = try String(contentsOf: URL(fileURLWithPath: appendSource), encoding: .utf8)
            } catch {
                Self.logger.error("failed to read memory/append.md in unpacked bundle: \(error.localizedDescription, privacy: .public)")
                throw ProjectTemplateError.manifestParseFailed("memory/append.md: \(error.localizedDescription)")
            }
            memoryAppendix = Self.wrapMemoryBlock(
                templateId: manifest.id,
                templateVersion: manifest.version,
                body: raw.trimmingCharacters(in: .whitespacesAndNewlines)
            )
        }
        // Configuration schema + manifest cache. The installer writes
        // `.scarf/config.json` (non-secret values) + `.scarf/manifest.json`
        // (schema cache used by the post-install editor) when the
        // template declares a non-empty schema. Both paths go into
        // projectFiles so the uninstaller picks them up via the lock.
        var configSchema: TemplateConfigSchema? = nil
        var manifestCachePath: String? = nil
        if let schema = manifest.config, !schema.isEmpty {
            configSchema = schema
            let configPath = projectDir + "/.scarf/config.json"
            projectFiles.append(
                // Source is synthesized by the installer from configValues;
                // no file in the unpacked bundle maps to this entry. We use
                // an empty `sourceRelativePath` as the "no physical source"
                // sentinel — the installer special-cases it below (see
                // ProjectTemplateInstaller.createProjectFiles).
                TemplateFileCopy(
                    sourceRelativePath: "",
                    destinationPath: configPath
                )
            )
            let cachePath = projectDir + "/.scarf/manifest.json"
            manifestCachePath = cachePath
            projectFiles.append(
                TemplateFileCopy(
                    sourceRelativePath: "template.json",
                    destinationPath: cachePath
                )
            )
        }
        return TemplateInstallPlan(
            manifest: manifest,
            unpackedDir: inspection.unpackedDir,
            projectDir: projectDir,
            projectFiles: projectFiles,
            skillsNamespaceDir: skillsNamespaceDir,
            skillsFiles: skillsFiles,
            cronJobs: cronJobs,
            memoryAppendix: memoryAppendix,
            memoryPath: context.paths.memoryMD,
            projectRegistryName: Self.uniqueProjectName(preferred: manifest.name, context: context),
            configSchema: configSchema,
            configValues: [:],   // filled in by TemplateInstallerViewModel before install()
            manifestCachePath: manifestCachePath
        )
    }
    // MARK: - Cleanup
    /// Remove a temp dir created by `inspect`. Safe to call if it already
    /// doesn't exist (install or cancel flows both end here).
    nonisolated func cleanupTempDir(_ path: String) {
        try? FileManager.default.removeItem(atPath: path)
    }
    // MARK: - Memory block helpers (installer + future uninstaller share these)
    nonisolated static func memoryBlockBeginMarker(templateId: String) -> String {
        "<!-- scarf-template:\(templateId):begin -->"
    }
    nonisolated static func memoryBlockEndMarker(templateId: String) -> String {
        "<!-- scarf-template:\(templateId):end -->"
    }
    nonisolated static func wrapMemoryBlock(
        templateId: String,
        templateVersion: String,
        body: String
    ) -> String {
        let begin = memoryBlockBeginMarker(templateId: templateId)
        let end = memoryBlockEndMarker(templateId: templateId)
        return "\n\n\(begin) v\(templateVersion)\n\(body)\n\(end)\n"
    }
    // MARK: - Private
    private nonisolated func makeTempDir() throws -> String {
        let base = NSTemporaryDirectory() + "scarf-template-" + UUID().uuidString
        try FileManager.default.createDirectory(
            atPath: base,
            withIntermediateDirectories: true
        )
        return base
    }
    /// Shell out to `/usr/bin/unzip` — matches the existing profile-export
    /// pattern (`hermes profile import` shells to `unzip`) and avoids
    /// pulling in a third-party zip library.
    private nonisolated func unzip(zipPath: String, intoDir: String) throws {
        let process = Process()
        process.executableURL = URL(fileURLWithPath: "/usr/bin/unzip")
        process.arguments = ["-qq", "-o", zipPath, "-d", intoDir]
        let outPipe = Pipe()
        let errPipe = Pipe()
        process.standardOutput = outPipe
        process.standardError = errPipe
        // Foundation dup()s these handles into the child on `run()`, but the
        // parent copies stay open until explicitly released. Both ends must
        // be closed or each Process spawn leaks 4 fds.
        func closePipes() {
            try? outPipe.fileHandleForReading.close()
            try? outPipe.fileHandleForWriting.close()
            try? errPipe.fileHandleForReading.close()
            try? errPipe.fileHandleForWriting.close()
        }
        do {
            try process.run()
        } catch {
            closePipes()
            throw ProjectTemplateError.unzipFailed(error.localizedDescription)
        }
        process.waitUntilExit()
        let errData = try? errPipe.fileHandleForReading.readToEnd()
        closePipes()
        guard process.terminationStatus == 0 else {
            let err = errData.flatMap { String(data: $0, encoding: .utf8) } ?? ""
            throw ProjectTemplateError.unzipFailed(err.isEmpty ? "exit \(process.terminationStatus)" : err)
        }
    }
    /// Recursively walk `dir` and return every file (not directory) as a
    /// path relative to `dir`. Skips symlinks entirely — templates should
    /// never contain them, and following them could escape the unpack dir.
    ///
    /// Both the base dir and the enumerated URLs are resolved via
    /// `resolvingSymlinksInPath` before comparison. On macOS, temp dirs
    /// under `/var/folders/…` resolve to `/private/var/folders/…`, so a
    /// naive string-prefix check would produce malformed relative paths
    /// when the base is unresolved but enumerated URLs are resolved.
    nonisolated private static func walk(_ dir: String) throws -> [String] {
        var results: [String] = []
        let baseURL = URL(fileURLWithPath: dir).resolvingSymlinksInPath()
        let basePath = baseURL.path.hasSuffix("/") ? baseURL.path : baseURL.path + "/"
        let enumerator = FileManager.default.enumerator(
            at: baseURL,
            includingPropertiesForKeys: [.isRegularFileKey, .isSymbolicLinkKey],
            options: [.skipsHiddenFiles]
        )
        while let url = enumerator?.nextObject() as? URL {
            let values = try url.resourceValues(forKeys: [.isRegularFileKey, .isSymbolicLinkKey])
            if values.isSymbolicLink == true {
                throw ProjectTemplateError.unsafeZipEntry(url.path)
            }
            guard values.isRegularFile == true else { continue }
            var full = url.resolvingSymlinksInPath().path
            if full.hasPrefix(basePath) {
                full.removeFirst(basePath.count)
            }
            if full.contains("..") {
                throw ProjectTemplateError.unsafeZipEntry(full)
            }
            results.append(full)
        }
        return results
    }
    nonisolated private static func readCronJobs(unpackedDir: String) throws -> [TemplateCronJobSpec] {
        let path = unpackedDir + "/cron/jobs.json"
        guard FileManager.default.fileExists(atPath: path) else { return [] }
        let data: Data
        do {
            data = try Data(contentsOf: URL(fileURLWithPath: path))
        } catch {
            throw ProjectTemplateError.requiredFileMissing("cron/jobs.json")
        }
        do {
            return try JSONDecoder().decode([TemplateCronJobSpec].self, from: data)
        } catch {
            throw ProjectTemplateError.manifestParseFailed("cron/jobs.json: \(error.localizedDescription)")
        }
    }
    /// Verify the manifest's `contents` claim exactly matches the unpacked
    /// files. Any mismatch — claimed-but-missing or present-but-unclaimed —
    /// throws, so the preview sheet the user sees is always accurate.
    nonisolated private static func verifyClaims(
        manifest: ProjectTemplateManifest,
        files: [String],
        cronJobCount: Int
    ) throws {
        let fileSet = Set(files)
        if manifest.contents.dashboard {
            if !fileSet.contains("dashboard.json") {
                throw ProjectTemplateError.requiredFileMissing("dashboard.json")
            }
        }
        if manifest.contents.agentsMd {
            if !fileSet.contains("AGENTS.md") {
                throw ProjectTemplateError.requiredFileMissing("AGENTS.md")
            }
        }
        // README and AGENTS are always required; dashboard is always required
        // per spec. `contents.dashboard`/`contents.agentsMd` exist so a future
        // schema can relax those rules; for v1 we hard-require them regardless.
        if !fileSet.contains("README.md") {
            throw ProjectTemplateError.requiredFileMissing("README.md")
        }
        if !fileSet.contains("AGENTS.md") {
            throw ProjectTemplateError.requiredFileMissing("AGENTS.md")
        }
        if !fileSet.contains("dashboard.json") {
            throw ProjectTemplateError.requiredFileMissing("dashboard.json")
        }
        if let claimed = manifest.contents.instructions {
            for rel in claimed {
                let full = "instructions/" + rel
                if !fileSet.contains(full) {
                    throw ProjectTemplateError.contentClaimMismatch(
                        "manifest lists \(full) but the file is missing from the bundle"
                    )
                }
            }
            let present = fileSet.filter { $0.hasPrefix("instructions/") }
            let claimedFull = Set(claimed.map { "instructions/" + $0 })
            if let extra = present.first(where: { !claimedFull.contains($0) }) {
                throw ProjectTemplateError.contentClaimMismatch(
                    "bundle contains \(extra) but it's not listed in manifest.contents.instructions"
                )
            }
        } else if fileSet.contains(where: { $0.hasPrefix("instructions/") }) {
            throw ProjectTemplateError.contentClaimMismatch(
                "bundle has instructions/ files but manifest.contents.instructions is missing"
            )
        }
        if let claimed = manifest.contents.skills {
            for name in claimed {
                let prefix = "skills/" + name + "/"
                if !fileSet.contains(where: { $0.hasPrefix(prefix) }) {
                    throw ProjectTemplateError.contentClaimMismatch(
                        "manifest lists skill \(name) but skills/\(name)/ has no files"
                    )
                }
            }
            let presentSkills = Set(fileSet.compactMap { path -> String? in
                guard path.hasPrefix("skills/") else { return nil }
                let rest = path.dropFirst("skills/".count)
                return rest.split(separator: "/", maxSplits: 1).first.map(String.init)
            })
            let claimedSet = Set(claimed)
            if let extra = presentSkills.subtracting(claimedSet).first {
                throw ProjectTemplateError.contentClaimMismatch(
                    "bundle contains skills/\(extra)/ but it's not listed in manifest.contents.skills"
                )
            }
        } else if fileSet.contains(where: { $0.hasPrefix("skills/") }) {
            throw ProjectTemplateError.contentClaimMismatch(
                "bundle contains skills/ but manifest.contents.skills is missing"
            )
        }
        let claimedCron = manifest.contents.cron ?? 0
        if claimedCron != cronJobCount {
            throw ProjectTemplateError.contentClaimMismatch(
                "manifest.contents.cron=\(claimedCron) but bundle contains \(cronJobCount) cron jobs"
            )
        }
        let hasMemoryFile = fileSet.contains("memory/append.md")
        let claimsMemory = manifest.contents.memory?.append == true
        if claimsMemory != hasMemoryFile {
            throw ProjectTemplateError.contentClaimMismatch(
                "manifest.contents.memory.append=\(claimsMemory) disagrees with memory/append.md presence=\(hasMemoryFile)"
            )
        }
        // Config claim must match the schema's actual field count so
        // the preview sheet is honest about the size of the configure
        // step. `nil` in contents means "no schema" just like `0`;
        // we normalise both to 0 before comparing.
        let claimedConfig = manifest.contents.config ?? 0
        let actualConfig = manifest.config?.fields.count ?? 0
        if claimedConfig != actualConfig {
            throw ProjectTemplateError.contentClaimMismatch(
                "manifest.contents.config=\(claimedConfig) but config.schema has \(actualConfig) field(s)"
            )
        }
    }
    /// Resolve a project-registry name that doesn't collide. Deterministic
    /// — given the same existing registry, always returns the same answer.
    nonisolated private static func uniqueProjectName(
        preferred: String,
        context: ServerContext
    ) -> String {
        let existing = Set(ProjectDashboardService(context: context).loadRegistry().projects.map(\.name))
        if !existing.contains(preferred) { return preferred }
        var i = 2
        while existing.contains("\(preferred) \(i)") {
            i += 1
        }
        return "\(preferred) \(i)"
    }
 }
@@ -0,0 +1,329 @@
 import Foundation
 import os
 /// Reverses the work of `ProjectTemplateInstaller`, driven by the
 /// `<project>/.scarf/template.lock.json` the installer dropped. Symmetric
 /// with the installer: `loadUninstallPlan(for:)` builds a plan the preview
 /// sheet can display honestly; `uninstall(plan:)` executes it. No hidden
 /// side effects — every path the uninstaller touches is in the plan.
 ///
 /// **User-added files are preserved.** The lock records exactly what the
 /// installer wrote; any file the user created in the project dir after
 /// install (e.g. a `sites.txt` or `status-log.md` authored by the agent
 /// on first run) is listed as an "extra entry" in the plan and left on
 /// disk. If the project dir ends up empty after removing lock-tracked
 /// files, the dir itself is removed; otherwise the dir (with user content)
 /// stays.
 struct ProjectTemplateUninstaller: Sendable {
    private static let logger = Logger(subsystem: "com.scarf", category: "ProjectTemplateUninstaller")
    let context: ServerContext
    nonisolated init(context: ServerContext = .local) {
        self.context = context
    }
    // MARK: - Detection
    /// Is the given project installed from a template that we can
    /// uninstall cleanly? Cheap — just a file-existence check on the lock
    /// path.
    nonisolated func isTemplateInstalled(project: ProjectEntry) -> Bool {
        context.makeTransport().fileExists(lockPath(for: project))
    }
    // MARK: - Planning
    /// Read the lock file, walk the filesystem + cron list, and produce a
    /// plan listing every op the uninstaller will perform. Does not
    /// modify anything.
    nonisolated func loadUninstallPlan(for project: ProjectEntry) throws -> TemplateUninstallPlan {
        let transport = context.makeTransport()
        let path = lockPath(for: project)
        guard transport.fileExists(path) else {
            throw ProjectTemplateError.lockFileMissing(path)
        }
        let lockData: Data
        do {
            lockData = try transport.readFile(path)
        } catch {
            throw ProjectTemplateError.lockFileParseFailed(error.localizedDescription)
        }
        let lock: TemplateLock
        do {
            lock = try JSONDecoder().decode(TemplateLock.self, from: lockData)
        } catch {
            throw ProjectTemplateError.lockFileParseFailed(error.localizedDescription)
        }
        // Partition tracked project files into present vs. already-gone.
        // The lock file itself is always in `projectFiles` — the installer
        // doesn't explicitly record it, but the preview sheet and the
        // execute step must remove it.
        var lockTrackedFiles = lock.projectFiles
        lockTrackedFiles.append(path)
        var toRemove: [String] = []
        var alreadyGone: [String] = []
        for file in lockTrackedFiles {
            if transport.fileExists(file) {
                toRemove.append(file)
            } else {
                alreadyGone.append(file)
            }
        }
        // Scan the project dir for entries that AREN'T in the lock — these
        // are user-added and we preserve them. An empty project dir (after
        // removing lock-tracked files) gets removed too.
        let trackedSet = Set(lockTrackedFiles)
        let extras = try enumerateProjectDirExtras(
            projectDir: project.path,
            trackedPaths: trackedSet,
            transport: transport
        )
        let projectDirBecomesEmpty = extras.isEmpty
        // Resolve cron job ids by matching lock names against the live
        // list. Names that no longer exist go into the already-gone bucket
        // — the user likely removed them by hand.
        let currentJobs = HermesFileService(context: context).loadCronJobs()
        var cronToRemove: [(id: String, name: String)] = []
        var cronGone: [String] = []
        for name in lock.cronJobNames {
            if let match = currentJobs.first(where: { $0.name == name }) {
                cronToRemove.append((id: match.id, name: match.name))
            } else {
                cronGone.append(name)
            }
        }
        // Memory block detection. The installer wraps its appendix between
        // `<!-- scarf-template:<id>:begin -->` / `:end -->` markers; look
        // for the begin marker in the current MEMORY.md. If it's missing
        // (never installed, or removed by hand) we simply skip the memory
        // strip step.
        let memoryPath = context.paths.memoryMD
        var memoryBlockPresent = false
        if lock.memoryBlockId != nil {
            if transport.fileExists(memoryPath),
               let data = try? transport.readFile(memoryPath),
               let text = String(data: data, encoding: .utf8) {
                let beginMarker = ProjectTemplateService.memoryBlockBeginMarker(
                    templateId: lock.memoryBlockId!
                )
                memoryBlockPresent = text.contains(beginMarker)
            }
        }
        return TemplateUninstallPlan(
            lock: lock,
            project: project,
            projectFilesToRemove: toRemove,
            projectFilesAlreadyGone: alreadyGone,
            extraProjectEntries: extras,
            projectDirBecomesEmpty: projectDirBecomesEmpty,
            skillsNamespaceDir: lock.skillsNamespaceDir,
            cronJobsToRemove: cronToRemove,
            cronJobsAlreadyGone: cronGone,
            memoryBlockPresent: memoryBlockPresent,
            memoryPath: memoryPath
        )
    }
    // MARK: - Execution
    /// Execute the plan. Non-atomic: steps run in order, and if any step
    /// throws, later steps don't run. v1 doesn't ship rollback — the lock
    /// file itself is only removed at the very end, so a mid-flight
    /// failure leaves enough breadcrumbs for the user to retry or finish
    /// by hand.
    nonisolated func uninstall(plan: TemplateUninstallPlan) throws {
        let transport = context.makeTransport()
        // 1. Project files (tracked only — user additions untouched).
        for file in plan.projectFilesToRemove {
            do {
                try transport.removeFile(file)
            } catch {
                Self.logger.warning("couldn't remove project file \(file, privacy: .public): \(error.localizedDescription, privacy: .public)")
                // keep going — partial cleanup is better than bailing and
                // leaving orphan skills/cron state
            }
        }
        if plan.projectDirBecomesEmpty, transport.fileExists(plan.project.path) {
            do {
                try transport.removeFile(plan.project.path)
            } catch {
                Self.logger.warning("couldn't remove empty project dir \(plan.project.path, privacy: .public): \(error.localizedDescription, privacy: .public)")
            }
        }
        // 2. Skills namespace dir (always removed wholesale — it's
        // isolated, never mixed with user skills).
        if let skillsDir = plan.skillsNamespaceDir, transport.fileExists(skillsDir) {
            try removeRecursively(skillsDir, transport: transport)
        }
        // 3. Cron jobs via CLI — `hermes cron remove <id>`. A non-zero
        // exit gets logged but doesn't abort the uninstall; leaving a
        // stray cron job is better than leaving it AND the skills/memory
        // state that was supposed to pair with it.
        for job in plan.cronJobsToRemove {
            let (output, exit) = context.runHermes(["cron", "remove", job.id])
            if exit != 0 {
                Self.logger.warning("failed to remove cron job \(job.id, privacy: .public) \(job.name, privacy: .public): \(output, privacy: .public)")
            }
        }
        // 4. Memory block — strip the bracketed block in place. Safe
        // when the block is absent; we already decided presence in the
        // plan and only come here when `memoryBlockPresent` was true
        // AND the plan recorded a memoryBlockId.
        if plan.memoryBlockPresent, let blockId = plan.lock.memoryBlockId {
            try stripMemoryBlock(blockId: blockId, memoryPath: plan.memoryPath, transport: transport)
        }
        // 4a. Config Keychain items — remove every secret the template's
        // install step stashed in the login Keychain. Items that were
        // already deleted (e.g. user cleaned them with Keychain Access)
        // hit the `errSecItemNotFound` no-op path inside the wrapper, so
        // a stale lock doesn't abort the rest of the uninstall.
        let keychain = ProjectConfigKeychain()
        for uri in plan.lock.configKeychainItems ?? [] {
            guard let ref = TemplateKeychainRef.parse(uri) else {
                Self.logger.warning("lock recorded unparseable keychain uri \(uri, privacy: .public); skipping")
                continue
            }
            do {
                try keychain.delete(ref: ref)
            } catch {
                Self.logger.warning("couldn't delete keychain item \(uri, privacy: .public): \(error.localizedDescription, privacy: .public)")
            }
        }
        // 5. Projects registry — remove the entry by path (more stable
        // than name: user may have renamed the project in the UI).
        let dashboardService = ProjectDashboardService(context: context)
        var registry = dashboardService.loadRegistry()
        registry.projects.removeAll { $0.path == plan.project.path }
        // saveRegistry throws now — log a write failure but don't abort
        // the uninstall. Every earlier step already completed (files
        // removed, skills removed, cron jobs removed, memory stripped,
        // Keychain cleared); failing here leaves a stale registry row
        // pointing at a deleted project — cosmetic and easy to fix
        // from the sidebar.
        do {
            try dashboardService.saveRegistry(registry)
        } catch {
            Self.logger.warning("uninstall couldn't rewrite projects registry: \(error.localizedDescription, privacy: .public)")
        }
        Self.logger.info("uninstalled template \(plan.lock.templateId, privacy: .public) from \(plan.project.path, privacy: .public)")
    }
    // MARK: - Helpers
    nonisolated private func lockPath(for project: ProjectEntry) -> String {
        project.path + "/.scarf/template.lock.json"
    }
    /// Walk the project dir and return the absolute paths of every entry
    /// not in `trackedPaths`. `.scarf/` (and its remaining contents after
    /// the lock is recorded) is filtered out because the installer owns
    /// that directory entirely — if the user dropped a file into it,
    /// that's on them, but the common case is that `.scarf/` only holds
    /// our dashboard.json + template.lock.json.
    nonisolated private func enumerateProjectDirExtras(
        projectDir: String,
        trackedPaths: Set<String>,
        transport: any ServerTransport
    ) throws -> [String] {
        guard transport.fileExists(projectDir) else { return [] }
        var extras: [String] = []
        let entries: [String]
        do {
            entries = try transport.listDirectory(projectDir)
        } catch {
            return []
        }
        for entry in entries {
            let full = projectDir + "/" + entry
            // Skip the .scarf/ dir entirely when deciding "does the
            // project dir have user content?" — the only files we put
            // there (dashboard.json + lock) are tracked already, and
            // if they're still there the overall project is not yet
            // "empty."
            if entry == ".scarf" { continue }
            if trackedPaths.contains(full) { continue }
            extras.append(full)
        }
        return extras
    }
    /// Recursively delete a directory via the transport. The transport's
    /// `removeFile` works on files and on empty directories; we walk
    /// children first, then remove the now-empty parent.
    nonisolated private func removeRecursively(
        _ path: String,
        transport: any ServerTransport
    ) throws {
        guard transport.fileExists(path) else { return }
        if transport.stat(path)?.isDirectory != true {
            try transport.removeFile(path)
            return
        }
        let entries = (try? transport.listDirectory(path)) ?? []
        for entry in entries {
            try removeRecursively(path + "/" + entry, transport: transport)
        }
        try transport.removeFile(path)
    }
    /// Remove the `<!-- scarf-template:<id>:begin --> … :end -->` block
    /// from MEMORY.md, preserving everything else. A missing end marker
    /// is logged but doesn't fail — we strip from the begin marker to
    /// EOF in that case, on the theory that a broken template block is
    /// worse than a slightly aggressive strip.
    nonisolated private func stripMemoryBlock(
        blockId: String,
        memoryPath: String,
        transport: any ServerTransport
    ) throws {
        let beginMarker = ProjectTemplateService.memoryBlockBeginMarker(templateId: blockId)
        let endMarker = ProjectTemplateService.memoryBlockEndMarker(templateId: blockId)
        let data = try transport.readFile(memoryPath)
        guard let text = String(data: data, encoding: .utf8) else { return }
        guard let beginRange = text.range(of: beginMarker) else { return }
        let stripRange: Range<String.Index>
        if let endRange = text.range(of: endMarker, range: beginRange.upperBound..<text.endIndex) {
            // Include the end marker and one trailing newline if present.
            var upper = endRange.upperBound
            if upper < text.endIndex, text[upper] == "\n" {
                upper = text.index(after: upper)
            }
            stripRange = beginRange.lowerBound..<upper
        } else {
            Self.logger.warning("memory block for \(blockId, privacy: .public) has begin marker but no end marker; stripping to EOF")
            stripRange = beginRange.lowerBound..<text.endIndex
        }
        // Also consume one leading blank line that the installer inserts
        // before the begin marker, so repeated install/uninstall cycles
        // don't accumulate blank lines at the insertion site.
        var lower = stripRange.lowerBound
        if lower > text.startIndex {
            let prev = text.index(before: lower)
            if text[prev] == "\n", prev > text.startIndex {
                let prevPrev = text.index(before: prev)
                if text[prevPrev] == "\n" {
                    lower = prev
                }
            }
        }
        let updated = text.replacingCharacters(in: lower..<stripRange.upperBound, with: "")
        guard let outData = updated.data(using: .utf8) else { return }
        try transport.writeFile(memoryPath, data: outData)
    }
 }
@@ -0,0 +1,87 @@
 import Foundation
 import Observation
 import os
 /// Process-wide router for `scarf://install?url=…` URLs. The app delegate's
 /// `onOpenURL` hands the URL in here; the Projects feature observes
 /// `pendingInstallURL` and presents the install sheet when it flips non-nil.
 ///
 /// Lives outside SwiftUI so a URL can arrive before any window exists (cold
 /// launch from a browser link) and still be picked up by the first
 /// `ProjectsView` that appears.
@Observable
@MainActor
 final class TemplateURLRouter {
    private static let logger = Logger(subsystem: "com.scarf", category: "TemplateURLRouter")
    static let shared = TemplateURLRouter()
    /// Non-nil when an install request is waiting to be handled. Can be
    /// either a remote `https://…` URL (from a `scarf://install?url=…` deep
    /// link) or a local `file://…` URL (from a Finder double-click on a
    /// `.scarftemplate` file, or a drag onto the app icon). Observers read
    /// this, dispatch by scheme, present the install sheet, then call
    /// `consume` to clear it. Only one pending install at a time — if a
    /// second arrives before the first is consumed, it replaces the first
    /// (matches browser-link intuition where the latest click wins).
    var pendingInstallURL: URL?
    private init() {}
    /// Parse and validate an inbound URL. Returns `true` if the URL was
    /// recognized and staged for handling. Unknown schemes or malformed
    /// payloads return `false` so the caller can log/ignore. Supports:
    ///
    /// - `scarf://install?url=https://…` — remote template URL from a web link.
    /// - `file:///…/foo.scarftemplate` — local file from a Finder
    ///   double-click or a drag onto the app icon.
    @discardableResult
    func handle(_ url: URL) -> Bool {
        if url.isFileURL {
            return handleFileURL(url)
        }
        if url.scheme?.lowercased() == "scarf" {
            return handleScarfURL(url)
        }
        Self.logger.warning("Ignored URL with unknown scheme: \(url.absoluteString, privacy: .public)")
        return false
    }
    private func handleFileURL(_ url: URL) -> Bool {
        guard url.pathExtension.lowercased() == "scarftemplate" else {
            Self.logger.warning("file:// URL handed to Scarf but not a .scarftemplate: \(url.absoluteString, privacy: .public)")
            return false
        }
        pendingInstallURL = url
        Self.logger.info("file:// install staged \(url.path, privacy: .public)")
        return true
    }
    private func handleScarfURL(_ url: URL) -> Bool {
        guard url.host?.lowercased() == "install" else {
            Self.logger.warning("Ignored unknown scarf:// host: \(url.absoluteString, privacy: .public)")
            return false
        }
        guard let components = URLComponents(url: url, resolvingAgainstBaseURL: false),
              let raw = components.queryItems?.first(where: { $0.name == "url" })?.value,
              let remote = URL(string: raw) else {
            Self.logger.warning("scarf://install missing or invalid ?url=: \(url.absoluteString, privacy: .public)")
            return false
        }
        // Refuse anything but https — defense-in-depth against a browser or
        // mail client that would happily hand us a javascript: or http://
        // URL pointing at something unexpected.
        guard remote.scheme?.lowercased() == "https" else {
            Self.logger.warning("scarf://install refused non-https url=\(remote.absoluteString, privacy: .public)")
            return false
        }
        pendingInstallURL = remote
        Self.logger.info("scarf://install staged \(remote.absoluteString, privacy: .public)")
        return true
    }
    /// Called by the install sheet once it has picked up the URL.
    func consume() {
        pendingInstallURL = nil
    }
 }
@@ -0,0 +1,40 @@
 import Foundation
 import Sparkle
 /// Thin wrapper around Sparkle's `SPUStandardUpdaterController`.
 ///
 /// Sparkle reads `SUFeedURL`, `SUPublicEDKey`, and check-interval defaults from Info.plist.
 /// This service exposes the bits the UI needs: a "check now" trigger, a toggle for automatic
 /// checks, and observable state for the Settings screen.
@MainActor
@Observable
 final class UpdaterService: NSObject {
    private let controller: SPUStandardUpdaterController
    /// User-facing toggle. Mirrors `updater.automaticallyChecksForUpdates`.
    var automaticallyChecksForUpdates: Bool {
        get { controller.updater.automaticallyChecksForUpdates }
        set { controller.updater.automaticallyChecksForUpdates = newValue }
    }
    /// Last time Sparkle checked the appcast (nil before the first check).
    var lastUpdateCheckDate: Date? {
        controller.updater.lastUpdateCheckDate
    }
    override init() {
        // startingUpdater: true → Sparkle scans for updates on launch per Info.plist schedule.
        // Default delegates are sufficient for a non-sandboxed app.
        self.controller = SPUStandardUpdaterController(
            startingUpdater: true,
            updaterDelegate: nil,
            userDriverDelegate: nil
        )
        super.init()
    }
    /// Triggers a user-initiated update check. Sparkle handles the UI (alert, progress, install).
    func checkForUpdates() {
        controller.checkForUpdates(nil)
    }
 }
@@ -0,0 +1,191 @@
 import Foundation
 import os
 /// `ServerTransport` over the local filesystem. Thin wrapper around
 /// `FileManager`, `Process`, and `DispatchSourceFileSystemObject` — the APIs
 /// services were already using before Phase 2.
 struct LocalTransport: ServerTransport {
    nonisolated private static let logger = Logger(subsystem: "com.scarf", category: "LocalTransport")
    let contextID: ServerID
    let isRemote: Bool = false
    nonisolated init(contextID: ServerID = ServerContext.local.id) {
        self.contextID = contextID
    }
    // MARK: - Files
    func readFile(_ path: String) throws -> Data {
        do {
            return try Data(contentsOf: URL(fileURLWithPath: path))
        } catch {
            throw TransportError.fileIO(path: path, underlying: error.localizedDescription)
        }
    }
    func writeFile(_ path: String, data: Data) throws {
        let tmp = path + ".scarf.tmp"
        do {
            try data.write(to: URL(fileURLWithPath: tmp))
            // Preserve `0600` for dotfiles holding secrets (.env, .auth, ...).
            // The existing files already use 0600 via HermesEnvService; we
            // mirror that here so a brand-new file created via this write
            // also starts with safe permissions.
            if Self.shouldEnforcePrivateMode(for: path) {
                try FileManager.default.setAttributes([.posixPermissions: 0o600], ofItemAtPath: tmp)
            }
            // Atomic swap onto the final path.
            let destURL = URL(fileURLWithPath: path)
            let tmpURL = URL(fileURLWithPath: tmp)
            if FileManager.default.fileExists(atPath: path) {
                _ = try FileManager.default.replaceItemAt(destURL, withItemAt: tmpURL)
            } else {
                // Ensure parent exists.
                let parent = (path as NSString).deletingLastPathComponent
                if !parent.isEmpty, !FileManager.default.fileExists(atPath: parent) {
                    try FileManager.default.createDirectory(atPath: parent, withIntermediateDirectories: true)
                }
                try FileManager.default.moveItem(at: tmpURL, to: destURL)
            }
        } catch {
            try? FileManager.default.removeItem(atPath: tmp)
            throw TransportError.fileIO(path: path, underlying: error.localizedDescription)
        }
    }
    func fileExists(_ path: String) -> Bool {
        FileManager.default.fileExists(atPath: path)
    }
    func stat(_ path: String) -> FileStat? {
        guard let attrs = try? FileManager.default.attributesOfItem(atPath: path) else {
            return nil
        }
        let size = (attrs[.size] as? Int64) ?? Int64((attrs[.size] as? Int) ?? 0)
        let mtime = (attrs[.modificationDate] as? Date) ?? Date(timeIntervalSince1970: 0)
        let isDir = (attrs[.type] as? FileAttributeType) == .typeDirectory
        return FileStat(size: size, mtime: mtime, isDirectory: isDir)
    }
    func listDirectory(_ path: String) throws -> [String] {
        do {
            return try FileManager.default.contentsOfDirectory(atPath: path)
        } catch {
            throw TransportError.fileIO(path: path, underlying: error.localizedDescription)
        }
    }
    func createDirectory(_ path: String) throws {
        do {
            try FileManager.default.createDirectory(atPath: path, withIntermediateDirectories: true)
        } catch {
            throw TransportError.fileIO(path: path, underlying: error.localizedDescription)
        }
    }
    func removeFile(_ path: String) throws {
        guard FileManager.default.fileExists(atPath: path) else { return }
        do {
            try FileManager.default.removeItem(atPath: path)
        } catch {
            throw TransportError.fileIO(path: path, underlying: error.localizedDescription)
        }
    }
    // MARK: - Processes
    func runProcess(executable: String, args: [String], stdin: Data?, timeout: TimeInterval?) throws -> ProcessResult {
        let proc = Process()
        proc.executableURL = URL(fileURLWithPath: executable)
        proc.arguments = args
        let stdoutPipe = Pipe()
        let stderrPipe = Pipe()
        let stdinPipe = Pipe()
        proc.standardOutput = stdoutPipe
        proc.standardError = stderrPipe
        if stdin != nil { proc.standardInput = stdinPipe }
        do {
            try proc.run()
        } catch {
            throw TransportError.other(message: "Failed to launch \(executable): \(error.localizedDescription)")
        }
        if let stdin {
            try? stdinPipe.fileHandleForWriting.write(contentsOf: stdin)
            try? stdinPipe.fileHandleForWriting.close()
        }
        // Timeout handling: poll every 100ms up to timeout, kill on overrun.
        if let timeout {
            let deadline = Date().addingTimeInterval(timeout)
            while proc.isRunning && Date() < deadline {
                Thread.sleep(forTimeInterval: 0.1)
            }
            if proc.isRunning {
                proc.terminate()
                let partial = (try? stdoutPipe.fileHandleForReading.readToEnd()) ?? Data()
                try? stdoutPipe.fileHandleForReading.close()
                try? stderrPipe.fileHandleForReading.close()
                throw TransportError.timeout(seconds: timeout, partialStdout: partial)
            }
        } else {
            proc.waitUntilExit()
        }
        let out = (try? stdoutPipe.fileHandleForReading.readToEnd()) ?? Data()
        let err = (try? stderrPipe.fileHandleForReading.readToEnd()) ?? Data()
        try? stdoutPipe.fileHandleForReading.close()
        try? stderrPipe.fileHandleForReading.close()
        try? stdinPipe.fileHandleForWriting.close()
        return ProcessResult(exitCode: proc.terminationStatus, stdout: out, stderr: err)
    }
    func makeProcess(executable: String, args: [String]) -> Process {
        let proc = Process()
        proc.executableURL = URL(fileURLWithPath: executable)
        proc.arguments = args
        return proc
    }
    // MARK: - SQLite
    func snapshotSQLite(remotePath: String) throws -> URL {
        // Local case: no copy needed. Services open the path directly.
        URL(fileURLWithPath: remotePath)
    }
    // MARK: - Watching
    func watchPaths(_ paths: [String]) -> AsyncStream<WatchEvent> {
        AsyncStream { continuation in
            // Build the source list immutably, then hand a value-typed copy
            // to onTermination. Swift 6's concurrent-capture rule rejects a
            // `var sources` shared between the outer builder and the inner
            // termination closure.
            let sources: [DispatchSourceFileSystemObject] = paths.compactMap { path in
                let fd = Darwin.open(path, O_EVTONLY)
                guard fd >= 0 else { return nil }
                let src = DispatchSource.makeFileSystemObjectSource(
                    fileDescriptor: fd,
                    eventMask: [.write, .extend, .rename],
                    queue: .global()
                )
                src.setEventHandler { continuation.yield(.anyChanged) }
                src.setCancelHandler { Darwin.close(fd) }
                src.resume()
                return src
            }
            continuation.onTermination = { _ in
                for s in sources { s.cancel() }
            }
        }
    }
    // MARK: - Helpers
    /// Heuristic: files that conventionally hold secrets should be created
    /// with restrictive permissions so a future `scp` or editor doesn't end
    /// up exposing them.
    private static func shouldEnforcePrivateMode(for path: String) -> Bool {
        let name = (path as NSString).lastPathComponent
        return name == ".env" || name == "auth.json" || name.hasSuffix("-tokens.json")
    }
 }
@@ -0,0 +1,591 @@
 import Foundation
 import os
 /// `ServerTransport` that reaches a remote Hermes installation through the
 /// system `ssh`, `scp`, and `sftp` binaries.
 ///
 /// Why system ssh (not a native library): the user's `~/.ssh/config`,
 /// ssh-agent, 1Password/Secretive agents, ProxyJump, and ControlMaster
 /// multiplexing all work for free. OpenSSH also owns crypto — a smaller
 /// audit surface than dragging libssh2 along.
 ///
 /// **ControlMaster matters.** Without it, every remote primitive (stat, cat,
 /// cp) authenticates from scratch — 500ms-2s per call. With ControlMaster
 /// `auto` + `ControlPersist 600`, the first call authenticates, subsequent
 /// calls reuse the same TCP/crypto session at ~5ms each. We point the
 /// control socket at `~/Library/Caches/scarf/ssh/%C` so multiple Scarf
 /// windows pointed at the same host share one session cleanly.
 struct SSHTransport: ServerTransport {
    nonisolated private static let logger = Logger(subsystem: "com.scarf", category: "SSHTransport")
    let contextID: ServerID
    let isRemote: Bool = true
    let config: SSHConfig
    let displayName: String
    nonisolated init(contextID: ServerID, config: SSHConfig, displayName: String) {
        self.contextID = contextID
        self.config = config
        self.displayName = displayName
    }
    // MARK: - ssh/scp binary discovery
    nonisolated private var sshBinary: String { "/usr/bin/ssh" }
    nonisolated private var scpBinary: String { "/usr/bin/scp" }
    /// The fully-qualified `user@host` spec (or just `host` if no user set).
    nonisolated private var hostSpec: String {
        if let user = config.user, !user.isEmpty { return "\(user)@\(config.host)" }
        return config.host
    }
    /// Absolute path to this server's ControlMaster socket directory. One
    /// socket per server, lives under the app's Caches so macOS can sweep it.
    nonisolated private var controlDir: String { Self.controlDirPath() }
    /// Per-server snapshot cache directory (for SQLite `.backup` drops).
    nonisolated private var snapshotDir: String { Self.snapshotDirPath(for: contextID) }
    /// Shared control-master socket directory (one dir, sockets within it are
    /// per-host via OpenSSH's `%C` token). Exposed as a static so
    /// cleanup paths (`ServerRegistry.removeServer`, app-launch sweep) can
    /// compute it without instantiating a transport.
    ///
    /// Uses a short path under /tmp to stay within the 104-byte macOS
    /// Unix domain socket limit. The Caches path
    /// (~/Library/Caches/scarf/ssh/%C) can exceed this limit when the
    /// username is long, causing ssh to exit 255.
    nonisolated static func controlDirPath() -> String {
        return "/tmp/scarf-ssh-\(getuid())"
    }
    /// Snapshot cache directory for a given server. Stable per-ID so repeated
    /// connections to the same server share the cache, and so cleanup can
    /// find it from the ID alone.
    nonisolated static func snapshotDirPath(for contextID: ServerID) -> String {
        let base = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask).first?.path
            ?? NSHomeDirectory() + "/Library/Caches"
        return base + "/scarf/snapshots/\(contextID.uuidString)"
    }
    /// Root of the snapshot cache (all servers). Used by the app-launch sweep
    /// that prunes dirs whose UUID no longer appears in the registry.
    nonisolated static func snapshotRootPath() -> String {
        let base = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask).first?.path
            ?? NSHomeDirectory() + "/Library/Caches"
        return base + "/scarf/snapshots"
    }
    /// Remove the snapshot directory for a server (no-op if absent). Called
    /// on `removeServer` and on app-launch for orphaned dirs.
    static func pruneSnapshotCache(for contextID: ServerID) {
        let dir = snapshotDirPath(for: contextID)
        try? FileManager.default.removeItem(atPath: dir)
    }
    /// Walk the snapshot root and delete any directory whose UUID isn't in
    /// `keep`. Called once at app launch so snapshots from servers the user
    /// removed while the app was closed don't linger.
    static func sweepOrphanSnapshots(keeping keep: Set<ServerID>) {
        let root = snapshotRootPath()
        guard let entries = try? FileManager.default.contentsOfDirectory(atPath: root) else { return }
        for name in entries {
            if let id = ServerID(uuidString: name), keep.contains(id) { continue }
            try? FileManager.default.removeItem(atPath: root + "/" + name)
        }
    }
    /// Remove ControlMaster socket files older than `staleAfter` seconds.
    ///
    /// Socket basenames are %C hashes (not ServerIDs), so we can't keep "still
    /// registered" sockets the way `sweepOrphanSnapshots` does. But
    /// `ControlPersist` is 600s — anything older than 30 minutes is guaranteed
    /// to be a dead orphan from a crashed master, an unclean app exit, or a
    /// server removed while another Scarf instance was holding the dir.
    /// Wiping these on launch keeps `/tmp/scarf-ssh-<uid>/` from accumulating
    /// indefinitely until reboot, while leaving any concurrent Scarf
    /// instance's live sockets (always <600s old) untouched.
    static func sweepStaleControlSockets(staleAfter: TimeInterval = 1800) {
        let root = controlDirPath()
        guard let entries = try? FileManager.default.contentsOfDirectory(atPath: root) else { return }
        let cutoff = Date().addingTimeInterval(-staleAfter)
        for name in entries {
            let path = root + "/" + name
            guard let attrs = try? FileManager.default.attributesOfItem(atPath: path),
                  let mtime = attrs[.modificationDate] as? Date
            else { continue }
            if mtime < cutoff {
                try? FileManager.default.removeItem(atPath: path)
            }
        }
    }
    /// Ask OpenSSH to shut down this host's ControlMaster socket, so the TCP
    /// session isn't held open after the user removes this server. If no
    /// master is currently running, `ssh -O exit` exits non-zero — we ignore
    /// the exit code because the desired end state (no master) is reached
    /// either way.
    func closeControlMaster() {
        ensureControlDir()
        let args = sshArgs(extra: ["-O", "exit", hostSpec])
        _ = try? runLocal(executable: sshBinary, args: args, stdin: nil, timeout: 10)
    }
    /// Common ssh options used by every invocation. Keep every `-o` flag
    /// here so we never drift between calls.
    ///
    /// - `ControlMaster=auto` + `ControlPersist=600` gives us free connection
    ///   pooling for the bursty stat/cat/cp traffic the services produce.
    /// - `StrictHostKeyChecking=accept-new` writes new hosts to
    ///   `known_hosts` silently the first time but blocks on key mismatch —
    ///   the UX surfaced by `TransportError.hostKeyMismatch`.
    /// - `ServerAliveInterval=30` makes dropped connections surface as a
    ///   process exit rather than a hang.
    /// - `LogLevel=QUIET` suppresses the login banner so ACP's line-delimited
    ///   JSON stays binary-clean.
    nonisolated private func sshArgs(extra: [String] = []) -> [String] {
        var args: [String] = [
            "-o", "ControlMaster=auto",
            "-o", "ControlPath=\(controlDir)/%C",
            "-o", "ControlPersist=600",
            "-o", "ServerAliveInterval=30",
            "-o", "ServerAliveCountMax=3",
            "-o", "ConnectTimeout=10",
            "-o", "StrictHostKeyChecking=accept-new",
            "-o", "LogLevel=QUIET",
            "-o", "BatchMode=yes"  // Never prompt for passphrases; ssh-agent only.
        ]
        if let port = config.port { args += ["-p", String(port)] }
        if let id = config.identityFile, !id.isEmpty {
            args += ["-i", id]
        }
        args += extra
        return args
    }
    /// Ensure the ControlMaster socket directory exists, is a real directory
    /// (not a symlink), is owned by us, and has mode 0700. Called before every
    /// ssh invocation.
    ///
    /// Defensive against `/tmp` pre-creation: any local user can create
    /// `/tmp/scarf-ssh-<uid>` before Scarf launches. Plain `mkdir -p` plus
    /// `setAttributes` would silently accept a hostile dir (since the chmod
    /// fails when we don't own it, and the Foundation API swallows that). So
    /// we use POSIX `mkdir` (atomic, sets perms at create time, doesn't
    /// follow symlinks) and `lstat` to verify ownership when the entry
    /// already exists.
    nonisolated private func ensureControlDir() {
        let path = controlDir
        let mkResult = path.withCString { mkdir($0, 0o700) }
        if mkResult == 0 { return }
        let mkErr = errno
        if mkErr != EEXIST {
            Self.logger.error("Failed to create ControlDir \(path, privacy: .public): errno=\(mkErr)")
            return
        }
        var st = Darwin.stat()
        let lstatResult = path.withCString { lstat($0, &st) }
        guard lstatResult == 0 else {
            Self.logger.error("Could not lstat existing ControlDir \(path, privacy: .public): errno=\(errno)")
            return
        }
        guard (st.st_mode & S_IFMT) == S_IFDIR else {
            Self.logger.error("ControlDir \(path, privacy: .public) exists but is not a directory (possibly a symlink) — refusing to use")
            return
        }
        guard st.st_uid == getuid() else {
            Self.logger.error("ControlDir \(path, privacy: .public) owned by uid \(st.st_uid), expected \(getuid()) — refusing to use")
            return
        }
        if (st.st_mode & 0o777) != 0o700 {
            Self.logger.warning("ControlDir \(path, privacy: .public) had mode \(String(st.st_mode & 0o777, radix: 8), privacy: .public), repairing to 700")
            _ = path.withCString { chmod($0, 0o700) }
        }
    }
    /// Shell-quote a single argument for remote execution. The remote shell
    /// receives our argv joined with spaces, so anything containing
    /// whitespace/metacharacters must be quoted to survive that flattening.
    nonisolated private static func shellQuote(_ s: String) -> String {
        if s.isEmpty { return "''" }
        // Safe subset: alphanumerics + a few shell-inert characters.
        let safe = CharacterSet(charactersIn: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789@%+=:,./-_")
        if s.unicodeScalars.allSatisfy({ safe.contains($0) }) { return s }
        // Wrap in single quotes; close/reopen around any embedded single quote.
        return "'" + s.replacingOccurrences(of: "'", with: "'\\''") + "'"
    }
    /// Format a path for inclusion in a remote `sh -c` command. **Critical**
    /// for any path containing `~/`: bash/zsh do NOT expand `~` inside
    /// quotes (single OR double), so a single-quoted `'~/.hermes/foo'` is
    /// passed to commands as the literal seven-character string
    /// `~/.hermes/foo` and lookups fail. We rewrite the leading `~/` to
    /// `$HOME/` (which DOES expand inside double quotes) and emit the path
    /// double-quoted so embedded spaces / metacharacters are still safe.
    ///
    /// Why not single-quote: that would make `$HOME` literal too. We
    /// specifically need partial-expansion semantics, which is what double
    /// quotes give us.
    nonisolated private static func remotePathArg(_ path: String) -> String {
        var p = path
        if p.hasPrefix("~/") {
            p = "$HOME/" + p.dropFirst(2)
        } else if p == "~" {
            p = "$HOME"
        }
        let escaped = p
            .replacingOccurrences(of: "\\", with: "\\\\")
            .replacingOccurrences(of: "\"", with: "\\\"")
        return "\"\(escaped)\""
    }
    /// Run a remote shell command. Wraps in `sh -c '<command>'` and uses
    /// the standard ssh-after-host placement (no `--` separator — that
    /// would be sent to the remote shell as a literal first token, which
    /// most shells reject as "command not found"). The `command` is
    /// single-quoted via `shellQuote` so ssh's argv-join-by-space doesn't
    /// split it across multiple shell tokens on the remote side.
    @discardableResult
    nonisolated private func runRemoteShell(_ command: String, timeout: TimeInterval? = 60) throws -> ProcessResult {
        var args = sshArgs()
        args.append(hostSpec)
        args.append("sh")
        args.append("-c")
        args.append(Self.shellQuote(command))
        return try runLocal(executable: sshBinary, args: args, stdin: nil, timeout: timeout)
    }
    // MARK: - Files
    func readFile(_ path: String) throws -> Data {
        // `cat` is the simplest portable "give me file bytes" command; we
        // don't need scp's progress machinery for typical config/memory
        // files (<1 MB each).
        let result = try runRemoteShell("cat \(Self.remotePathArg(path))")
        if result.exitCode != 0 {
            let errText = result.stderrString
            // Missing file looks like exit 1 + "No such file" — surface as a
            // typed fileIO error so callers that treat missing == "empty"
            // behave the same as they do locally.
            if errText.contains("No such file") {
                throw TransportError.fileIO(path: path, underlying: "No such file or directory")
            }
            throw TransportError.classifySSHFailure(host: config.host, exitCode: result.exitCode, stderr: errText)
        }
        return result.stdout
    }
    func writeFile(_ path: String, data: Data) throws {
        // Atomic pattern:
        //   1. scp to `<path>.scarf.tmp` on the remote
        //   2. ssh `mv <tmp> <path>` — atomic on POSIX within the same FS
        // Hermes never sees a partial write.
        let tmp = path + ".scarf.tmp"
        // scp from a local temp file (scp reads from disk, not stdin).
        let localTmpURL = FileManager.default.temporaryDirectory.appendingPathComponent(
            "scarf-scp-\(UUID().uuidString).tmp"
        )
        do {
            try data.write(to: localTmpURL)
        } catch {
            throw TransportError.fileIO(path: path, underlying: "local temp write: \(error.localizedDescription)")
        }
        defer { try? FileManager.default.removeItem(at: localTmpURL) }
        ensureControlDir()
        var scpArgs: [String] = [
            "-o", "ControlMaster=auto",
            "-o", "ControlPath=\(controlDir)/%C",
            "-o", "ControlPersist=600",
            "-o", "StrictHostKeyChecking=accept-new",
            "-o", "LogLevel=QUIET",
            "-o", "BatchMode=yes"
        ]
        if let port = config.port { scpArgs += ["-P", String(port)] }
        if let id = config.identityFile, !id.isEmpty { scpArgs += ["-i", id] }
        scpArgs.append(localTmpURL.path)
        scpArgs.append("\(hostSpec):\(tmp)")
        let scpResult = try runLocal(executable: scpBinary, args: scpArgs, stdin: nil, timeout: 60)
        if scpResult.exitCode != 0 {
            throw TransportError.classifySSHFailure(host: config.host, exitCode: scpResult.exitCode, stderr: scpResult.stderrString)
        }
        // Now atomic mv on the remote. Note: scp/sftp DOES expand `~` (it
        // goes through the SSH file transfer protocol, not a remote shell),
        // so the upload landed at the resolved $HOME path. The mv is a
        // shell command and needs the $HOME-rewritten path to find it.
        let mvResult = try runRemoteShell("mv \(Self.remotePathArg(tmp)) \(Self.remotePathArg(path))")
        if mvResult.exitCode != 0 {
            // Best-effort cleanup of the orphan tmp.
            _ = try? runRemoteShell("rm -f \(Self.remotePathArg(tmp))")
            throw TransportError.classifySSHFailure(host: config.host, exitCode: mvResult.exitCode, stderr: mvResult.stderrString)
        }
    }
    func fileExists(_ path: String) -> Bool {
        guard let result = try? runRemoteShell("test -e \(Self.remotePathArg(path))") else {
            return false
        }
        return result.exitCode == 0
    }
    func stat(_ path: String) -> FileStat? {
        // macOS and Linux `stat` differ in flags. `stat -f` is macOS's BSD
        // form; `stat -c` is GNU/Linux. We try the GNU form first (typical
        // remote target) and fall back to BSD. The format strings use
        // double quotes — safe inside our outer single-quoted sh -c.
        let linux = try? runRemoteShell(#"stat -c "%s %Y %F" \#(Self.remotePathArg(path))"#)
        if let result = linux, result.exitCode == 0 {
            return Self.parseStatOutput(result.stdoutString)
        }
        let bsd = try? runRemoteShell(#"stat -f "%z %m %HT" \#(Self.remotePathArg(path))"#)
        if let result = bsd, result.exitCode == 0 {
            return Self.parseStatOutput(result.stdoutString)
        }
        return nil
    }
    private static func parseStatOutput(_ s: String) -> FileStat? {
        // Expected: "<bytes> <unix-epoch-secs> <type>" where <type> is either
        // a GNU word ("regular file", "directory") or a BSD word ("Regular
        // File", "Directory"). Only the first word of <type> matters for
        // isDirectory.
        let parts = s.trimmingCharacters(in: .whitespacesAndNewlines).split(separator: " ", maxSplits: 2)
        guard parts.count >= 2 else { return nil }
        let size = Int64(parts[0]) ?? 0
        let mtimeSecs = TimeInterval(parts[1]) ?? 0
        let typeStr = parts.count == 3 ? parts[2].lowercased() : ""
        let isDir = typeStr.contains("directory")
        return FileStat(size: size, mtime: Date(timeIntervalSince1970: mtimeSecs), isDirectory: isDir)
    }
    func listDirectory(_ path: String) throws -> [String] {
        // `ls -A` lists all entries (incl. dotfiles) except `.`/`..`, one per
        // line. Sort order matches local FileManager.contentsOfDirectory.
        let result = try runRemoteShell("ls -A \(Self.remotePathArg(path))")
        if result.exitCode != 0 {
            if result.stderrString.contains("No such file") {
                throw TransportError.fileIO(path: path, underlying: "No such file or directory")
            }
            throw TransportError.classifySSHFailure(host: config.host, exitCode: result.exitCode, stderr: result.stderrString)
        }
        return result.stdoutString
            .split(separator: "\n", omittingEmptySubsequences: true)
            .map(String.init)
    }
    func createDirectory(_ path: String) throws {
        let result = try runRemoteShell("mkdir -p \(Self.remotePathArg(path))")
        if result.exitCode != 0 {
            throw TransportError.classifySSHFailure(host: config.host, exitCode: result.exitCode, stderr: result.stderrString)
        }
    }
    func removeFile(_ path: String) throws {
        let result = try runRemoteShell("rm -f \(Self.remotePathArg(path))")
        if result.exitCode != 0 {
            throw TransportError.classifySSHFailure(host: config.host, exitCode: result.exitCode, stderr: result.stderrString)
        }
    }
    // MARK: - Processes
    func runProcess(executable: String, args: [String], stdin: Data?, timeout: TimeInterval?) throws -> ProcessResult {
        // Wrap in `sh -c '<exe> <arg> <arg>'` with `~/`-rewritten paths so
        // home-relative args expand on the remote. The executable might be
        // `~/.local/bin/hermes` or just `hermes`; either survives.
        let cmd = ([executable] + args).map { Self.remotePathArg($0) }.joined(separator: " ")
        var sshArgv = sshArgs()
        sshArgv.append(hostSpec)
        sshArgv.append("sh")
        sshArgv.append("-c")
        sshArgv.append(Self.shellQuote(cmd))
        return try runLocal(executable: sshBinary, args: sshArgv, stdin: stdin, timeout: timeout)
    }
    func makeProcess(executable: String, args: [String]) -> Process {
        ensureControlDir()
        // `-T` disables pty allocation — critical for binary-clean stdin/stdout
        // (ACP JSON-RPC, log tail bytes). Same sh -c wrapping as runProcess
        // so home-relative paths in `executable`/`args` actually expand.
        let cmd = ([executable] + args).map { Self.remotePathArg($0) }.joined(separator: " ")
        var sshArgv = sshArgs()
        sshArgv.insert("-T", at: 0)
        sshArgv.append(hostSpec)
        sshArgv.append("sh")
        sshArgv.append("-c")
        sshArgv.append(Self.shellQuote(cmd))
        let proc = Process()
        proc.executableURL = URL(fileURLWithPath: sshBinary)
        proc.arguments = sshArgv
        proc.environment = Self.sshSubprocessEnvironment()
        return proc
    }
    /// Environment for an ssh/scp subprocess: process env merged with
    /// SSH_AUTH_SOCK / SSH_AGENT_PID harvested from the user's login shell.
    /// Without this, GUI-launched Scarf can't reach 1Password / Secretive /
    /// `ssh-add`'d keys that the user's terminal sees fine.
    nonisolated private static func sshSubprocessEnvironment() -> [String: String] {
        var env = ProcessInfo.processInfo.environment
        let shellEnv = HermesFileService.enrichedEnvironment()
        for key in ["SSH_AUTH_SOCK", "SSH_AGENT_PID"] {
            if env[key] == nil, let value = shellEnv[key], !value.isEmpty {
                env[key] = value
            }
        }
        return env
    }
    // MARK: - SQLite snapshot
    func snapshotSQLite(remotePath: String) throws -> URL {
        try? FileManager.default.createDirectory(atPath: snapshotDir, withIntermediateDirectories: true)
        let localPath = snapshotDir + "/state.db"
        // `.backup` is WAL-safe: sqlite takes a consistent snapshot without
        // blocking writers. A plain `cp` of a WAL-mode DB could corrupt.
        let remoteTmp = "/tmp/scarf-snapshot-\(UUID().uuidString).db"
        // sqlite3's `.backup` is a dot-command, not a CLI arg. The whole
        // dot-command must be one shell argument (double-quoted) so sqlite3
        // receives it as a single command; the backup path inside it is
        // single-quoted so sqlite3 parses it correctly. The DB path is a
        // separate shell argument and goes through `remotePathArg`
        // (double-quoted, $HOME-aware) so `~/.hermes/state.db` actually
        // resolves on the remote.
        //
        // The second sqlite3 invocation flips the snapshot out of WAL mode
        // so the scp'd file is self-contained: `.backup` preserves the
        // source's journal_mode in the destination header, so without this
        // step the client would need the `-wal`/`-shm` sidecars too, and
        // every read would fail with "unable to open database file".
        //
        // Final shell command on the remote:
        //   sqlite3 "$HOME/.hermes/state.db" ".backup '/tmp/scarf-snapshot-XYZ.db'" \
        //     && sqlite3 '/tmp/scarf-snapshot-XYZ.db' "PRAGMA journal_mode=DELETE;"
        let backupScript = #"sqlite3 \#(Self.remotePathArg(remotePath)) ".backup '\#(remoteTmp)'" && sqlite3 '\#(remoteTmp)' "PRAGMA journal_mode=DELETE;" > /dev/null"#
        let backup = try runRemoteShell(backupScript)
        if backup.exitCode != 0 {
            throw TransportError.classifySSHFailure(host: config.host, exitCode: backup.exitCode, stderr: backup.stderrString)
        }
        // scp the backup down. scp/sftp expands `~` natively (it goes
        // through the SSH file-transfer protocol, not a remote shell), so
        // remoteTmp's `/tmp/...` absolute path round-trips as-is.
        ensureControlDir()
        var scpArgs: [String] = [
            "-o", "ControlMaster=auto",
            "-o", "ControlPath=\(controlDir)/%C",
            "-o", "ControlPersist=600",
            "-o", "StrictHostKeyChecking=accept-new",
            "-o", "LogLevel=QUIET",
            "-o", "BatchMode=yes"
        ]
        if let port = config.port { scpArgs += ["-P", String(port)] }
        if let id = config.identityFile, !id.isEmpty { scpArgs += ["-i", id] }
        scpArgs.append("\(hostSpec):\(remoteTmp)")
        scpArgs.append(localPath)
        let pull = try runLocal(executable: scpBinary, args: scpArgs, stdin: nil, timeout: 120)
        // Regardless of pull outcome, try to clean up the remote tmp.
        _ = try? runRemoteShell("rm -f \(Self.remotePathArg(remoteTmp))")
        if pull.exitCode != 0 {
            throw TransportError.classifySSHFailure(host: config.host, exitCode: pull.exitCode, stderr: pull.stderrString)
        }
        return URL(fileURLWithPath: localPath)
    }
    // MARK: - Watching
    func watchPaths(_ paths: [String]) -> AsyncStream<WatchEvent> {
        // Polling: call `stat -c %Y` on all paths every 3s and yield a single
        // `.anyChanged` when any mtime changed vs. the prior tick. ControlMaster
        // makes each stat ~5ms so the cost is bounded.
        AsyncStream { continuation in
            let task = Task.detached { [self] in
                var lastSignature: String = ""
                while !Task.isCancelled {
                    // Build one shell command that stats all paths in one
                    // ssh round-trip. Missing paths print "0" which still
                    // participates correctly in change detection. Paths
                    // get the `~`→`$HOME` rewrite via remotePathArg.
                    let argList = paths.map { Self.remotePathArg($0) }.joined(separator: " ")
                    let cmd = "for p in \(argList); do stat -c %Y \"$p\" 2>/dev/null || stat -f %m \"$p\" 2>/dev/null || echo 0; done"
                    do {
                        let result = try runRemoteShell(cmd, timeout: 30)
                        let signature = result.stdoutString.trimmingCharacters(in: .whitespacesAndNewlines)
                        if !signature.isEmpty && signature != lastSignature {
                            if !lastSignature.isEmpty {
                                continuation.yield(.anyChanged)
                            }
                            lastSignature = signature
                        }
                    } catch {
                        // Transient failure (connection drop) — skip this tick.
                        Self.logger.debug("watchPaths poll failed: \(String(describing: error))")
                    }
                    try? await Task.sleep(nanoseconds: 3_000_000_000)
                }
            }
            continuation.onTermination = { _ in task.cancel() }
        }
    }
    // MARK: - Private helpers
    /// Spawn a local process (ssh/scp/etc.) and collect its result. Mirrors
    /// `LocalTransport.runProcess` — duplicated rather than shared because
    /// SSH-specific code paths live on this type and we want all Process
    /// lifecycle in one place per transport.
    nonisolated private func runLocal(executable: String, args: [String], stdin: Data?, timeout: TimeInterval?) throws -> ProcessResult {
        ensureControlDir()
        let proc = Process()
        proc.executableURL = URL(fileURLWithPath: executable)
        proc.arguments = args
        // Inherit the user's shell environment so ssh can reach the
        // ssh-agent socket. GUI-launched apps don't see SSH_AUTH_SOCK by
        // default — without this, terminal ssh works (because the user's
        // shell exports it) but Scarf-launched ssh fails auth with exit 255.
        proc.environment = Self.sshSubprocessEnvironment()
        let stdoutPipe = Pipe()
        let stderrPipe = Pipe()
        let stdinPipe = Pipe()
        proc.standardOutput = stdoutPipe
        proc.standardError = stderrPipe
        if stdin != nil { proc.standardInput = stdinPipe }
        do {
            try proc.run()
        } catch {
            throw TransportError.other(message: "Failed to launch \(executable): \(error.localizedDescription)")
        }
        if let stdin {
            try? stdinPipe.fileHandleForWriting.write(contentsOf: stdin)
            try? stdinPipe.fileHandleForWriting.close()
        }
        if let timeout {
            let deadline = Date().addingTimeInterval(timeout)
            while proc.isRunning && Date() < deadline {
                Thread.sleep(forTimeInterval: 0.1)
            }
            if proc.isRunning {
                proc.terminate()
                let partial = (try? stdoutPipe.fileHandleForReading.readToEnd()) ?? Data()
                try? stdoutPipe.fileHandleForReading.close()
                try? stderrPipe.fileHandleForReading.close()
                throw TransportError.timeout(seconds: timeout, partialStdout: partial)
            }
        } else {
            proc.waitUntilExit()
        }
        let out = (try? stdoutPipe.fileHandleForReading.readToEnd()) ?? Data()
        let err = (try? stderrPipe.fileHandleForReading.readToEnd()) ?? Data()
        try? stdoutPipe.fileHandleForReading.close()
        try? stderrPipe.fileHandleForReading.close()
        try? stdinPipe.fileHandleForWriting.close()
        return ProcessResult(exitCode: proc.terminationStatus, stdout: out, stderr: err)
    }
 }
@@ -0,0 +1,102 @@
 import Foundation
 /// Unified I/O surface shared by local and remote Hermes installations.
 ///
 /// **Design rationale.** The services that read Hermes state (`~/.hermes/…`)
 /// and spawn the `hermes` CLI all boil down to a handful of primitives:
 /// read/write/list files, stat file attributes, run a process to completion,
 /// spawn a long-running stdio process for streaming, take a consistent DB
 /// snapshot, observe file changes. `ServerTransport` exposes exactly those
 /// primitives so the same service code works against either a local
 /// filesystem or a remote host reached over SSH.
 ///
 /// The primitives are deliberately **synchronous where possible** (file I/O,
 /// process `run` + wait) so services don't need to become `async` end-to-end.
 /// The two naturally-streaming cases — log tail and ACP stdio — use
 /// `makeProcess` which returns a configured `Process`; services own the
 /// stdio pipes and lifecycle exactly as they do today.
 protocol ServerTransport: Sendable {
    /// Identifies the context this transport serves. Used for cache
    /// namespacing (e.g. per-server SQLite snapshot directories).
    nonisolated var contextID: ServerID { get }
    /// `true` if this transport talks to a remote host over SSH.
    nonisolated var isRemote: Bool { get }
    // MARK: - Files
    nonisolated func readFile(_ path: String) throws -> Data
    /// Atomic write: the file at `path` is either the previous contents or
    /// the new contents, never a partial write. Preserves `0600` mode for
    /// paths that match `.env` conventions so secrets stay owner-only.
    nonisolated func writeFile(_ path: String, data: Data) throws
    nonisolated func fileExists(_ path: String) -> Bool
    nonisolated func stat(_ path: String) -> FileStat?
    nonisolated func listDirectory(_ path: String) throws -> [String]
    /// Create directories including intermediates. No-op if already present.
    nonisolated func createDirectory(_ path: String) throws
    /// Delete a file. No-op if absent.
    nonisolated func removeFile(_ path: String) throws
    // MARK: - Processes
    /// Run a process to completion and capture its stdout/stderr. For remote
    /// transports this actually invokes `ssh host -- executable args…` under
    /// the hood; for local it spawns `executable` directly.
    nonisolated func runProcess(
        executable: String,
        args: [String],
        stdin: Data?,
        timeout: TimeInterval?
    ) throws -> ProcessResult
    /// Return a `Process` configured for the target — already pointed at the
    /// right executable with the right arguments, but **not yet started**.
    /// Callers attach their own `Pipe`s and call `run()`. Used by ACPClient
    /// (JSON-RPC over stdio) and by `HermesLogService`'s streaming tail.
    ///
    /// Local: `executable` + `args` verbatim.
    /// Remote: `/usr/bin/ssh` + connection flags + `[host, "--", executable, args…]`.
    nonisolated func makeProcess(executable: String, args: [String]) -> Process
    // MARK: - SQLite
    /// Return a local filesystem URL pointing at a fresh, consistent copy of
    /// the SQLite database at `remotePath`. For local transports this is
    /// just the remote path unchanged. For SSH transports this performs
    /// `sqlite3 .backup` on the remote side and scp's the backup into
    /// `~/Library/Caches/scarf/<serverID>/state.db`, returning that URL.
    nonisolated func snapshotSQLite(remotePath: String) throws -> URL
    // MARK: - Watching
    /// Observe changes to a set of paths and yield events when any of them
    /// change. Local: FSEvents. Remote: polls `stat` mtime every 3s.
    nonisolated func watchPaths(_ paths: [String]) -> AsyncStream<WatchEvent>
 }
 /// Stat-style file metadata. `nil` (return value) means the file does not
 /// exist or couldn't be queried.
 struct FileStat: Sendable, Hashable {
    let size: Int64
    let mtime: Date
    let isDirectory: Bool
 }
 /// Result of a one-shot process invocation.
 struct ProcessResult: Sendable {
    let exitCode: Int32
    let stdout: Data
    let stderr: Data
    nonisolated var stdoutString: String { String(data: stdout, encoding: .utf8) ?? "" }
    nonisolated var stderrString: String { String(data: stderr, encoding: .utf8) ?? "" }
 }
 enum WatchEvent: Sendable {
    /// Any path in the watched set changed; implementations may coalesce
    /// rapid changes into one event. Consumers should treat this as "refresh
    /// whatever you were displaying" rather than expecting fine-grained
    /// per-path signals.
    case anyChanged
 }
@@ -0,0 +1,86 @@
 import Foundation
 /// Typed errors surfaced by `ServerTransport` implementations. The UI
 /// distinguishes these so user-visible messages can be specific
 /// ("authentication failed" vs. "command failed") without having to grep
 /// stderr strings.
 enum TransportError: LocalizedError {
    /// `ssh`/`scp` could not reach the host or hit a protocol-level issue
    /// (name resolution, connection refused, route error).
    case hostUnreachable(host: String, stderr: String)
    /// Remote rejected our credentials. Typically means no ssh-agent key is
    /// loaded, or the loaded keys don't match any `authorized_keys` entry.
    case authenticationFailed(host: String, stderr: String)
    /// Remote `~/.ssh/known_hosts` fingerprint no longer matches. Blocking —
    /// we never auto-accept on mismatch.
    case hostKeyMismatch(host: String, stderr: String)
    /// The command ran on the remote but exited non-zero.
    case commandFailed(exitCode: Int32, stderr: String)
    /// Local filesystem operation failed (read/write/stat) with the OS error
    /// message attached.
    case fileIO(path: String, underlying: String)
    /// Timed out waiting for a process to finish. `partialStdout` carries
    /// whatever output was captured before the timer fired.
    case timeout(seconds: TimeInterval, partialStdout: Data)
    /// Something we didn't plan for. Fall-through bucket with enough context
    /// for a bug report.
    case other(message: String)
    var errorDescription: String? {
        switch self {
        case .hostUnreachable(let host, _):
            return "Can't reach \(host). Check the hostname, network, and SSH config."
        case .authenticationFailed(let host, _):
            return "SSH authentication to \(host) failed. Ensure your key is loaded in ssh-agent."
        case .hostKeyMismatch(let host, _):
            return "Host key for \(host) has changed. Inspect ~/.ssh/known_hosts before continuing."
        case .commandFailed(let code, let stderr):
            // Trim stderr to a single line for the summary; full text is in
            // the associated value for disclosure views.
            let firstLine = stderr.split(separator: "\n").first.map(String.init) ?? ""
            return "Remote command exited \(code). \(firstLine)"
        case .fileIO(let path, let msg):
            return "File I/O failed at \(path): \(msg)"
        case .timeout(let secs, _):
            return "Command timed out after \(Int(secs))s."
        case .other(let msg):
            return msg
        }
    }
    /// Full stderr (if any) for display in a disclosure view. Empty string
    /// when there's no additional detail worth showing.
    var diagnosticStderr: String {
        switch self {
        case .hostUnreachable(_, let s),
             .authenticationFailed(_, let s),
             .hostKeyMismatch(_, let s),
             .commandFailed(_, let s):
            return s
        default:
            return ""
        }
    }
    /// Heuristic classifier: convert the ssh/scp stderr of a failed command
    /// into a specific `TransportError`. Used by `SSHTransport` after a
    /// non-zero exit. Defaults to `.commandFailed` when no known marker
    /// matches.
    static func classifySSHFailure(host: String, exitCode: Int32, stderr: String) -> TransportError {
        let s = stderr.lowercased()
        if s.contains("permission denied") || s.contains("authentication failed")
            || s.contains("publickey") && s.contains("denied") {
            return .authenticationFailed(host: host, stderr: stderr)
        }
        if s.contains("host key verification failed")
            || s.contains("remote host identification has changed") {
            return .hostKeyMismatch(host: host, stderr: stderr)
        }
        if s.contains("no route to host") || s.contains("connection refused")
            || s.contains("connection timed out") || s.contains("could not resolve hostname")
            || s.contains("connection closed by") && s.contains("port 22") {
            return .hostUnreachable(host: host, stderr: stderr)
        }
        return .commandFailed(exitCode: exitCode, stderr: stderr)
    }
 }
@@ -2,7 +2,14 @@ import Foundation
@Observable
 final class ActivityViewModel {
-    private let dataService = HermesDataService()
+    let context: ServerContext
    private let dataService: HermesDataService
    init(context: ServerContext = .local) {
        self.context = context
        self.dataService = HermesDataService(context: context)
    }
    var toolMessages: [HermesMessage] = []
    var filterKind: ToolKind?
@@ -45,7 +52,12 @@ final class ActivityViewModel {
    func load() async {
        isLoading = true
-        let opened = await dataService.open()
+        // refresh() = close + reopen, which forces a fresh snapshot pull on
        // remote contexts. Using open() here would short-circuit after the
        // first load and show stale data for the view's lifetime. The DB
        // stays open after load() returns so selectEntry() can read tool
        // results without re-opening — cleanup() closes on disappear.
        let opened = await dataService.refresh()
        guard opened else {
            isLoading = false
            return
@@ -1,8 +1,14 @@
 import SwiftUI
 struct ActivityView: View {
-    @State private var viewModel = ActivityViewModel()
+    @State private var viewModel: ActivityViewModel
    @Environment(AppCoordinator.self) private var coordinator
    @Environment(HermesFileWatcher.self) private var fileWatcher
    init(context: ServerContext) {
        _viewModel = State(initialValue: ActivityViewModel(context: context))
    }
    var body: some View {
        VStack(spacing: 0) {
@@ -17,6 +23,9 @@ struct ActivityView: View {
        }
        .navigationTitle("Activity")
        .task { await viewModel.load() }
        .onChange(of: fileWatcher.lastChangeDate) {
            Task { await viewModel.load() }
        }
        .onDisappear { Task { await viewModel.cleanup() } }
    }
@@ -105,7 +114,7 @@ struct ActivityView: View {
                        VStack(alignment: .leading, spacing: 2) {
                            Text(entry.toolName)
                                .font(.title3.bold().monospaced())
-                            Text(entry.kind.rawValue.capitalized)
+                            Text(entry.kind.displayName)
                                .font(.caption)
                                .foregroundStyle(.secondary)
                        }
@@ -6,8 +6,29 @@ import os
@Observable
 final class ChatViewModel {
    private let logger = Logger(subsystem: "com.scarf", category: "ChatViewModel")
-    private let dataService = HermesDataService()
+    let context: ServerContext
-    private let fileService = HermesFileService()
+    private let dataService: HermesDataService
    private let fileService: HermesFileService
    init(context: ServerContext = .local) {
        self.context = context
        self.dataService = HermesDataService(context: context)
        self.fileService = HermesFileService(context: context)
        self.richChatViewModel = RichChatViewModel(context: context)
        // Probe hermes binary existence once off-main, then cache. Doing
        // this synchronously inside `hermesBinaryExists`'s getter would
        // block main on every chat-body re-evaluation — for a remote
        // context that's a SSH `test -e` round-trip on every streaming
        // chunk, which manifests as the chat screen flashing or going
        // blank during prompts.
        Task.detached(priority: .userInitiated) { [context] in
            let exists = context.fileExists(context.paths.hermesBinary)
            await MainActor.run { [weak self] in
                self?.hermesBinaryExists = exists
            }
        }
    }
    var recentSessions: [HermesSession] = []
    var sessionPreviews: [String: String] = [:]
@@ -17,7 +38,7 @@ final class ChatViewModel {
    var ttsEnabled = false
    var isRecording = false
    var displayMode: ChatDisplayMode = .richChat
-    let richChatViewModel = RichChatViewModel()
+    let richChatViewModel: RichChatViewModel
    private var coordinator: Coordinator?
    // ACP state
@@ -29,14 +50,70 @@ final class ChatViewModel {
    private var isHandlingDisconnect = false
    var isACPConnected: Bool { acpClient != nil && hasActiveProcess }
    var acpStatus: String = ""
    /// True while a session is being established or restored — from the user
    /// kicking off "start chat" or "resume session" until the ACP session is
    /// ready for messages. The chat pane uses this to show a loader in place
    /// of the empty-state placeholder.
    var isPreparingSession: Bool {
        guard hasActiveProcess else { return false }
        switch acpStatus {
        case "Starting...",
             "Creating session...",
             "Creating new session...",
             "Loading session...":
            return true
        default:
            return acpStatus.hasPrefix("Reconnecting")
        }
    }
    var acpError: String?
    /// Human-readable hint derived from error + stderr (e.g. "set ANTHROPIC_API_KEY").
    /// Shown above the raw error in the UI when present.
    var acpErrorHint: String?
    /// Tail of stderr captured from `hermes acp` at the time of the last
    /// failure — shown in a collapsible details section so users can copy/paste.
    var acpErrorDetails: String?
    /// True when `hasAnyAICredential()` returned false at last preflight.
    var missingCredentials: Bool = false
    private static let maxReconnectAttempts = 5
    private static let reconnectBaseDelay: UInt64 = 1_000_000_000 // 1 second
    private static let maxReconnectDelay: UInt64 = 16_000_000_000 // 16 seconds
-    var hermesBinaryExists: Bool {
+    /// Cached result of probing for `hermes` on the target server. Updated
-        FileManager.default.fileExists(atPath: HermesPaths.hermesBinary)
+    /// once at init by a detached task; defaults to `true` so the chat
    /// view doesn't briefly flash "Hermes not found" while the async
    /// probe runs. Set to `false` only after the probe confirms the
    /// binary really isn't there.
    var hermesBinaryExists: Bool = true
    /// Re-checks env + `~/.hermes/.env` for AI-provider credentials and
    /// updates `missingCredentials`. Cheap — safe to call from view `.task`.
    func refreshCredentialPreflight() {
        missingCredentials = !fileService.hasAnyAICredential()
    }
    /// Clears the error/hint/details triplet so future failures overwrite
    /// cleanly instead of stacking on top of stale state.
    private func clearACPErrorState() {
        acpError = nil
        acpErrorHint = nil
        acpErrorDetails = nil
    }
    /// Populates acpError, acpErrorHint, acpErrorDetails from an error + the
    /// stderr tail the ACP client captured, and logs the failure with a
    /// site-specific context label. Call on any failure path.
    @MainActor
    private func recordACPFailure(_ error: Error, client: ACPClient?, context: String) async {
        let msg = error.localizedDescription
        logger.error("\(context): \(msg)")
        let stderrTail = await client?.recentStderr ?? ""
        let hint = ACPErrorHint.classify(errorMessage: msg, stderrTail: stderrTail)
        acpError = msg
        acpErrorHint = hint
        acpErrorDetails = stderrTail.isEmpty ? nil : stderrTail
    }
    // MARK: - Session Lifecycle
@@ -78,7 +155,14 @@ final class ChatViewModel {
            // Find most recent session and resume via ACP
            Task { @MainActor in
                let opened = await dataService.open()
-                guard opened else { return }
+                if !opened {
                    acpError = context.isRemote
                        ? "Couldn't reach \(context.displayName). Check the SSH connection and try again."
                        : "Couldn't open the Hermes state database."
                    acpErrorHint = nil
                    acpErrorDetails = nil
                    return
                }
                let sessionId = await dataService.fetchMostRecentlyActiveSessionId()
                await dataService.close()
                if let sessionId {
@@ -107,23 +191,22 @@ final class ChatViewModel {
        }
    }
-    /// Start ACP for the current or most recent session, then send the queued prompt.
+    /// Start ACP for the current session (or create a new one), then send the
    /// queued prompt. Typing into a blank Chat screen ALWAYS creates a new
    /// session — the "Continue from Last Session" button is the explicit path
    /// for resuming. The previous behavior (falling back to the most recently
    /// active session in the DB) would pick up cron/background sessions the
    /// user never interacted with; those can be garbage-collected by Hermes
    /// between the DB read and ACP `session/load`, producing a silent prompt
    /// failure with no UI feedback.
    private func autoStartACPAndSend(text: String) {
        // Show the user message immediately
        richChatViewModel.addUserMessage(text: text)
        Task { @MainActor in
-            // Find a session to resume: prefer current sessionId, then most recent
+            let sessionToResume = richChatViewModel.sessionId
            var sessionToResume = richChatViewModel.sessionId
            if sessionToResume == nil {
                let opened = await dataService.open()
                if opened {
                    sessionToResume = await dataService.fetchMostRecentlyActiveSessionId()
                    await dataService.close()
                }
            }
-            let client = ACPClient()
+            let client = ACPClient(context: context)
            self.acpClient = client
            do {
@@ -132,7 +215,7 @@ final class ChatViewModel {
                startACPEventLoop(client: client)
                startHealthMonitor(client: client)
-                let cwd = NSHomeDirectory()
+                let cwd = await context.resolvedUserHome()
                hasActiveProcess = true
@@ -157,10 +240,8 @@ final class ChatViewModel {
                // Now send the queued prompt
                sendViaACP(client: client, text: text)
            } catch {
                let msg = error.localizedDescription
                logger.error("Auto-start ACP failed: \(msg)")
                acpStatus = "Failed"
-                acpError = msg
+                await recordACPFailure(error, client: client, context: "Auto-start ACP failed")
                hasActiveProcess = false
                acpClient = nil
            }
@@ -169,6 +250,7 @@ final class ChatViewModel {
    private func sendViaACP(client: ACPClient, text: String) {
        guard let sessionId = richChatViewModel.sessionId else {
            clearACPErrorState()
            acpError = "No session ID — cannot send"
            return
        }
@@ -192,10 +274,8 @@ final class ChatViewModel {
            } catch is CancellationError {
                acpStatus = "Cancelled"
            } catch {
                let msg = error.localizedDescription
                logger.error("ACP prompt failed: \(msg)")
                acpStatus = "Error"
-                acpError = msg
+                await recordACPFailure(error, client: client, context: "ACP prompt failed")
                richChatViewModel.handleACPEvent(
                    .promptComplete(sessionId: sessionId, response: ACPPromptResult(
                        stopReason: "error",
@@ -211,10 +291,10 @@ final class ChatViewModel {
    private func startACPSession(resume sessionId: String?) {
        stopACP()
-        acpError = nil
+        clearACPErrorState()
        acpStatus = "Starting..."
-        let client = ACPClient()
+        let client = ACPClient(context: context)
        self.acpClient = client
        Task { @MainActor in
@@ -225,7 +305,7 @@ final class ChatViewModel {
                startACPEventLoop(client: client)
                startHealthMonitor(client: client)
-                let cwd = NSHomeDirectory()
+                let cwd = await context.resolvedUserHome()
                // Mark active BEFORE setting session ID so .task(id:) sees isACPMode=true
                // and doesn't wipe messages with a DB refresh
@@ -259,10 +339,8 @@ final class ChatViewModel {
                logger.info("ACP session ready: \(resolvedSessionId)")
            } catch {
                let msg = error.localizedDescription
                logger.error("Failed to start ACP session: \(msg)")
                acpStatus = "Failed"
-                acpError = msg
+                await recordACPFailure(error, client: client, context: "Failed to start ACP session")
                hasActiveProcess = false
                acpClient = nil
            }
@@ -333,7 +411,7 @@ final class ChatViewModel {
    private func attemptReconnect(sessionId: String) {
        reconnectTask?.cancel()
-        acpError = nil
+        clearACPErrorState()
        reconnectTask = Task { @MainActor [weak self] in
            guard let self else { return }
@@ -354,11 +432,11 @@ final class ChatViewModel {
                    guard !Task.isCancelled else { return }
                }
-                let client = ACPClient()
+                let client = ACPClient(context: context)
                do {
                    try await client.start()
-                    let cwd = NSHomeDirectory()
+                    let cwd = await context.resolvedUserHome()
                    let resolvedSessionId: String
                    // Try resumeSession first (designed for reconnection), then loadSession.
@@ -379,7 +457,7 @@ final class ChatViewModel {
                    await richChatViewModel.reconcileWithDB(sessionId: resolvedSessionId)
                    acpStatus = "Reconnected (\(resolvedSessionId.prefix(12)))"
-                    acpError = nil
+                    clearACPErrorState()
                    startACPEventLoop(client: client)
                    startHealthMonitor(client: client)
@@ -404,6 +482,7 @@ final class ChatViewModel {
    private func showConnectionFailure() {
        richChatViewModel.handleACPEvent(.connectionLost(reason: "The ACP process terminated unexpectedly"))
        acpStatus = "Connection lost"
        clearACPErrorState()
        acpError = "Connection lost. Use the Session menu to reconnect."
    }
@@ -510,11 +589,44 @@ final class ChatViewModel {
        var env = ProcessInfo.processInfo.environment
        env["TERM"] = "xterm-256color"
        env["COLORTERM"] = "truecolor"
        // Inherit ssh-agent socket for remote so password-less auth works.
        if context.isRemote {
            let shellEnv = HermesFileService.enrichedEnvironment()
            for key in ["SSH_AUTH_SOCK", "SSH_AGENT_PID"] {
                if env[key] == nil, let v = shellEnv[key], !v.isEmpty {
                    env[key] = v
                }
            }
        }
        let envArray = env.map { "\($0.key)=\($0.value)" }
        // For remote: wrap the invocation in `ssh -t host -- hermes <args>`
        // so the embedded terminal opens a pty against the remote and the
        // hermes TUI gets the bytes it expects. `-t` requests a pty (the
        // SwiftTerm view is one).
        let exe: String
        let argv: [String]
        if context.isRemote, case .ssh(let cfg) = context.kind {
            let host = cfg.user.map { "\($0)@\(cfg.host)" } ?? cfg.host
            exe = "/usr/bin/ssh"
            var sshArgs: [String] = ["-t"]
            if let port = cfg.port { sshArgs += ["-p", String(port)] }
            if let id = cfg.identityFile, !id.isEmpty { sshArgs += ["-i", id] }
            sshArgs += ["-o", "StrictHostKeyChecking=accept-new"]
            sshArgs += ["-o", "BatchMode=yes"]
            sshArgs.append(host)
            sshArgs.append("--")
            sshArgs.append(context.paths.hermesBinary)
            sshArgs.append(contentsOf: arguments)
            argv = sshArgs
        } else {
            exe = context.paths.hermesBinary
            argv = arguments
        }
        terminal.startProcess(
-            executable: HermesPaths.hermesBinary,
+            executable: exe,
-            args: arguments,
+            args: argv,
            environment: envArray,
            execName: nil
        )
@@ -25,7 +25,15 @@ struct MessageGroup: Identifiable {
@Observable
 final class RichChatViewModel {
-    private let dataService = HermesDataService()
+    let context: ServerContext
    private let dataService: HermesDataService
    init(context: ServerContext = .local) {
        self.context = context
        self.dataService = HermesDataService(context: context)
        loadQuickCommands()
    }
    var messages: [HermesMessage] = []
    var currentSession: HermesSession?
@@ -42,9 +50,21 @@ final class RichChatViewModel {
    private(set) var acpCachedReadTokens = 0
    /// Slash commands advertised by the ACP server via `available_commands_update`.
-    private(set) var availableCommandNames: Set<String> = []
+    private(set) var acpCommands: [HermesSlashCommand] = []
    /// User-defined commands parsed from `config.yaml` `quick_commands`.
    private(set) var quickCommands: [HermesSlashCommand] = []
-    var supportsCompress: Bool { availableCommandNames.contains("compress") }
+    /// Merged list, ACP-first, de-duplicated by name.
    var availableCommands: [HermesSlashCommand] {
        let acpNames = Set(acpCommands.map(\.name))
        return acpCommands + quickCommands.filter { !acpNames.contains($0.name) }
    }
    var supportsCompress: Bool { availableCommands.contains { $0.name == "compress" } }
    /// True when the menu carries more than just `/compress` — used to hide
    /// the dedicated compress button in favor of the full slash menu.
    var hasBroaderCommandMenu: Bool { availableCommands.count > 1 }
    var hasMessages: Bool { !messages.isEmpty }
@@ -98,8 +118,9 @@ final class RichChatViewModel {
        acpOutputTokens = 0
        acpThoughtTokens = 0
        acpCachedReadTokens = 0
-        availableCommandNames = []
+        acpCommands = []
        pendingPermission = nil
        loadQuickCommands()
    }
    func setSessionId(_ id: String?) {
@@ -149,6 +170,11 @@ final class RichChatViewModel {
        streamingThinkingText = ""
        streamingToolCalls = []
        buildMessageGroups()
        // User just submitted — jump to the bottom so they see their message
        // and the incoming response. `.defaultScrollAnchor(.bottom)` handles
        // slow streaming fine, but rapid responses (slash commands especially)
        // arrive faster than the anchor can track.
        requestScrollToBottom()
    }
    /// Process a streaming ACP event and update the message list.
@@ -174,19 +200,59 @@ final class RichChatViewModel {
        case .connectionLost(let reason):
            handleConnectionLost(reason: reason)
        case .availableCommands(_, let commands):
-            var names: Set<String> = []
+            acpCommands = parseACPCommands(commands)
            for entry in commands {
                if let name = entry["name"] as? String {
                    // Hermes sends names either as "compress" or "/compress"
                    names.insert(name.trimmingCharacters(in: CharacterSet(charactersIn: "/")))
                }
            }
            availableCommandNames = names
        case .unknown:
            break
        }
    }
    private func parseACPCommands(_ commands: [[String: Any]]) -> [HermesSlashCommand] {
        var result: [HermesSlashCommand] = []
        for entry in commands {
            guard let rawName = entry["name"] as? String else { continue }
            // Hermes sends names either as "compress" or "/compress"
            let name = rawName.trimmingCharacters(in: CharacterSet(charactersIn: "/"))
            guard !name.isEmpty else { continue }
            let description = (entry["description"] as? String) ?? ""
            var hint: String? = nil
            if let input = entry["input"] as? [String: Any],
               let h = input["hint"] as? String,
               !h.isEmpty {
                hint = h
            }
            result.append(HermesSlashCommand(
                name: name,
                description: description,
                argumentHint: hint,
                source: .acp
            ))
        }
        return result
    }
    /// Load `quick_commands` from `config.yaml` off the main actor and publish
    /// them as slash commands. Safe to call repeatedly — replaces the existing list.
    func loadQuickCommands() {
        let ctx = context
        Task.detached { [weak self] in
            let loaded = QuickCommandsViewModel.loadQuickCommands(context: ctx)
            let mapped = loaded.map { qc -> HermesSlashCommand in
                let truncated = qc.command.count > 60
                    ? String(qc.command.prefix(60)) + "…"
                    : qc.command
                return HermesSlashCommand(
                    name: qc.name,
                    description: "Run: \(truncated)",
                    argumentHint: nil,
                    source: .quickCommand
                )
            }
            await MainActor.run { [weak self] in
                self?.quickCommands = mapped
            }
        }
    }
    private func appendMessageChunk(text: String) {
        streamingAssistantText += text
        upsertStreamingMessage()
@@ -231,7 +297,44 @@ final class RichChatViewModel {
    }
    private func handlePromptComplete(response: ACPPromptResult) {
        // Detect a failed prompt that produced no assistant output — e.g.
        // Hermes returning `stopReason: "refusal"` when the session was
        // silently garbage-collected, or `"error"` when the ACP call itself
        // threw. Without surfacing this, the user sees their prompt sitting
        // alone under "Agent working…" that never completes with any text.
        let hadAssistantOutput = streamingAssistantText.isEmpty == false
            || messages.last?.isAssistant == true
        finalizeStreamingMessage()
        if !hadAssistantOutput, response.stopReason != "end_turn" {
            let reason: String
            switch response.stopReason {
            case "refusal":
                reason = "The agent refused to respond (the session may have been cleared on the server). Try starting a new session from the Session menu."
            case "error":
                reason = "The prompt failed — check the ACP error banner above for details."
            case "max_tokens":
                reason = "The response was cut off before the agent could produce any output (max_tokens reached before any tokens were emitted)."
            default:
                reason = "The prompt ended without a response (stopReason: \(response.stopReason))."
            }
            let id = nextLocalId
            nextLocalId -= 1
            messages.append(HermesMessage(
                id: id,
                sessionId: sessionId ?? "",
                role: "system",
                content: reason,
                toolCallId: nil,
                toolCalls: [],
                toolName: nil,
                timestamp: Date(),
                tokenCount: nil,
                finishReason: response.stopReason,
                reasoning: nil
            ))
        }
        // Accumulate token usage from this prompt
        acpInputTokens += response.inputTokens
        acpOutputTokens += response.outputTokens
@@ -239,6 +342,10 @@ final class RichChatViewModel {
        acpCachedReadTokens += response.cachedReadTokens
        isAgentWorking = false
        buildMessageGroups()
        // Final position after the prompt settles. Catches fast responses
        // (slash commands, short replies) where `.defaultScrollAnchor(.bottom)`
        // didn't quite track the abrupt content growth.
        requestScrollToBottom()
    }
    private func handleConnectionLost(reason: String) {
@@ -391,7 +498,11 @@ final class RichChatViewModel {
    /// (e.g., CLI session) with the current ACP session.
    func loadSessionHistory(sessionId: String, acpSessionId: String? = nil) async {
        self.sessionId = sessionId
-        let opened = await dataService.open()
+        // Force a fresh snapshot pull on remote contexts. An earlier open()
        // would have cached a stale copy — on resume we need whatever
        // Hermes has actually persisted since then, or the resumed session
        // will show only history up to the moment the snapshot was taken.
        let opened = await dataService.refresh()
        guard opened else { return }
        var allMessages = await dataService.fetchMessages(sessionId: sessionId)
@@ -434,7 +545,10 @@ final class RichChatViewModel {
    }
    func refreshMessages() async {
-        let opened = await dataService.open()
+        // Polling tick (terminal mode): pull a fresh snapshot so remote
        // reflects Hermes writes since the last tick. On local this is a
        // cheap reopen of the live DB.
        let opened = await dataService.refresh()
        guard opened else { return }
        if sessionId == nil {
@@ -3,18 +3,113 @@ import SwiftUI
 struct ChatView: View {
    @Environment(ChatViewModel.self) private var viewModel
    @Environment(HermesFileWatcher.self) private var fileWatcher
    @State private var showErrorDetails = false
    var body: some View {
        @Bindable var vm = viewModel
        VStack(spacing: 0) {
            toolbar
            Divider()
            errorBanner
            chatArea
        }
        .navigationTitle("Chat")
-        .task { await viewModel.loadRecentSessions() }
+        .task {
            await viewModel.loadRecentSessions()
            viewModel.refreshCredentialPreflight()
        }
        .onChange(of: fileWatcher.lastChangeDate) {
            Task { await viewModel.loadRecentSessions() }
            viewModel.refreshCredentialPreflight()
        }
    }
    /// Banner rendered between the toolbar and the chat area when either
    /// (a) a preflight credential check failed, or (b) the ACP subprocess
    /// returned an error we captured. Shows a short hint + expandable raw
    /// details (stderr tail) that the user can copy to the clipboard.
    @ViewBuilder
    private var errorBanner: some View {
        if let err = viewModel.acpError {
            VStack(alignment: .leading, spacing: 6) {
                HStack(alignment: .top, spacing: 8) {
                    Image(systemName: "exclamationmark.triangle.fill")
                        .foregroundStyle(.orange)
                    VStack(alignment: .leading, spacing: 2) {
                        if let hint = viewModel.acpErrorHint {
                            Text(hint)
                                .font(.callout)
                                .textSelection(.enabled)
                        }
                        Text(err)
                            .font(.caption)
                            .foregroundStyle(.secondary)
                            .textSelection(.enabled)
                            .lineLimit(showErrorDetails ? nil : 2)
                    }
                    Spacer()
                    if viewModel.acpErrorDetails != nil {
                        Button(showErrorDetails ? "Hide details" : "Show details") {
                            showErrorDetails.toggle()
                        }
                        .buttonStyle(.borderless)
                        .controlSize(.small)
                    }
                    Button {
                        let payload = [viewModel.acpErrorHint, err, viewModel.acpErrorDetails]
                            .compactMap { $0 }
                            .joined(separator: "\n\n")
                        let pb = NSPasteboard.general
                        pb.clearContents()
                        pb.setString(payload, forType: .string)
                    } label: {
                        Image(systemName: "doc.on.doc")
                    }
                    .buttonStyle(.borderless)
                    .help("Copy error details")
                }
                if showErrorDetails, let details = viewModel.acpErrorDetails {
                    ScrollView {
                        Text(details)
                            .font(.system(.caption2, design: .monospaced))
                            .textSelection(.enabled)
                            .frame(maxWidth: .infinity, alignment: .leading)
                    }
                    .frame(maxHeight: 160)
                    .padding(8)
                    .background(Color(nsColor: .textBackgroundColor))
                    .clipShape(RoundedRectangle(cornerRadius: 6))
                }
            }
            .padding(10)
            .background(Color.orange.opacity(0.08))
            .overlay(
                Rectangle()
                    .fill(Color.orange.opacity(0.25))
                    .frame(height: 1),
                alignment: .bottom
            )
        } else if viewModel.missingCredentials && !viewModel.hasActiveProcess {
            HStack(spacing: 8) {
                Image(systemName: "key.fill")
                    .foregroundStyle(.orange)
                VStack(alignment: .leading, spacing: 2) {
                    Text("No AI provider credentials detected")
                        .font(.callout)
                    Text("Add credentials in **Configure → Credential Pools**, set `ANTHROPIC_API_KEY` (or similar) in `~/.hermes/.env`, or export it in your shell profile, then restart Scarf.")
                        .font(.caption)
                        .foregroundStyle(.secondary)
                }
                Spacer()
            }
            .padding(10)
            .background(Color.orange.opacity(0.08))
            .overlay(
                Rectangle()
                    .fill(Color.orange.opacity(0.25))
                    .frame(height: 1),
                alignment: .bottom
            )
        }
    }
@@ -27,7 +122,7 @@ struct ChatView: View {
                Circle()
                    .fill(.green)
                    .frame(width: 6, height: 6)
-                Text(viewModel.acpStatus.isEmpty ? "Active" : viewModel.acpStatus)
+                (viewModel.acpStatus.isEmpty ? Text("Active") : Text(viewModel.acpStatus))
                    .font(.caption)
                    .foregroundStyle(.secondary)
                    .lineLimit(1)
@@ -143,7 +238,7 @@ struct ChatView: View {
                HStack(spacing: 4) {
                    Image(systemName: viewModel.voiceEnabled ? "mic.fill" : "mic.slash")
                        .foregroundStyle(viewModel.voiceEnabled ? .green : .secondary)
-                    Text(viewModel.voiceEnabled ? "Voice On" : "Voice Off")
+                    (viewModel.voiceEnabled ? Text("Voice On") : Text("Voice Off"))
                        .font(.caption)
                        .foregroundStyle(viewModel.voiceEnabled ? .primary : .secondary)
                }
@@ -158,7 +253,7 @@ struct ChatView: View {
                    HStack(spacing: 4) {
                        Image(systemName: viewModel.ttsEnabled ? "speaker.wave.2.fill" : "speaker.slash")
                            .foregroundStyle(viewModel.ttsEnabled ? .green : .secondary)
-                        Text(viewModel.ttsEnabled ? "TTS On" : "TTS Off")
+                        (viewModel.ttsEnabled ? Text("TTS On") : Text("TTS Off"))
                            .font(.caption)
                            .foregroundStyle(viewModel.ttsEnabled ? .primary : .secondary)
                    }
@@ -173,7 +268,7 @@ struct ChatView: View {
                        Image(systemName: viewModel.isRecording ? "waveform.circle.fill" : "waveform.circle")
                            .foregroundStyle(viewModel.isRecording ? .red : Color.accentColor)
                            .symbolEffect(.pulse, isActive: viewModel.isRecording)
-                        Text(viewModel.isRecording ? "Recording..." : "Push to Talk")
+                        (viewModel.isRecording ? Text("Recording…") : Text("Push to Talk"))
                            .font(.caption)
                    }
                }
@@ -209,7 +304,7 @@ struct ChatView: View {
            ContentUnavailableView(
                "Hermes Not Found",
                systemImage: "terminal",
-                description: Text("Expected at \(HermesPaths.hermesBinary)")
+                description: Text("Expected at \(viewModel.context.paths.hermesBinary)")
            )
            .frame(maxWidth: .infinity, maxHeight: .infinity)
        }
@@ -236,7 +331,7 @@ struct ChatView: View {
                ContentUnavailableView(
                    "Hermes Not Found",
                    systemImage: "terminal",
-                    description: Text("Expected at \(HermesPaths.hermesBinary)")
+                    description: Text("Expected at \(viewModel.context.paths.hermesBinary)")
                )
                .frame(maxWidth: .infinity, maxHeight: .infinity)
            }
@@ -264,7 +359,7 @@ struct ChatView: View {
 // MARK: - Permission Approval View
-extension RichChatViewModel.PendingPermission: @retroactive Identifiable {
+extension RichChatViewModel.PendingPermission: Identifiable {
    var id: Int { requestId }
 }
@@ -3,70 +3,127 @@ import SwiftUI
 struct RichChatInputBar: View {
    let onSend: (String) -> Void
    let isEnabled: Bool
-    var supportsCompress: Bool = false
+    var commands: [HermesSlashCommand] = []
    var showCompressButton: Bool = false
    @State private var text = ""
    @State private var showCompressSheet = false
    @State private var compressFocus = ""
    @State private var showMenu = false
    @State private var selectedIndex = 0
    @FocusState private var isFocused: Bool
    var body: some View {
-        HStack(alignment: .bottom, spacing: 8) {
+        VStack(alignment: .leading, spacing: 0) {
-            if supportsCompress {
+            if showMenu {
                SlashCommandMenu(
                    commands: filteredCommands,
                    agentHasCommands: !commands.isEmpty,
                    selectedIndex: $selectedIndex,
                    onSelect: insertCommand
                )
                .id(menuQuery)
                .background(.regularMaterial)
                .overlay(
                    RoundedRectangle(cornerRadius: 10)
                        .strokeBorder(.separator, lineWidth: 0.5)
                )
                .clipShape(RoundedRectangle(cornerRadius: 10))
                .shadow(color: .black.opacity(0.2), radius: 8, x: 0, y: 2)
                .padding(.horizontal, 12)
                .padding(.top, 8)
            }
            HStack(alignment: .bottom, spacing: 8) {
                if showCompressButton {
                    Button {
                        compressFocus = ""
                        showCompressSheet = true
                    } label: {
                        Image(systemName: "rectangle.compress.vertical")
                            .font(.title3)
                            .foregroundStyle(.secondary)
                    }
                    .buttonStyle(.plain)
                    .disabled(!isEnabled)
                    .help("Compress conversation (/compress)")
                }
                TextEditor(text: $text)
                    .font(.body)
                    .scrollContentBackground(.hidden)
                    .focused($isFocused)
                    .frame(minHeight: 28, maxHeight: 120)
                    .fixedSize(horizontal: false, vertical: true)
                    .padding(.horizontal, 8)
                    .padding(.vertical, 4)
                    .background(.quaternary.opacity(0.5))
                    .clipShape(RoundedRectangle(cornerRadius: 12))
                    .overlay(alignment: .topLeading) {
                        if text.isEmpty {
                            Text("Message Hermes...")
                                .foregroundStyle(.tertiary)
                                .padding(.horizontal, 12)
                                .padding(.vertical, 8)
                                .allowsHitTesting(false)
                        }
                    }
                    .onKeyPress(.upArrow, phases: .down) { _ in
                        guard showMenu, !filteredCommands.isEmpty else { return .ignored }
                        let n = filteredCommands.count
                        selectedIndex = (selectedIndex - 1 + n) % n
                        return .handled
                    }
                    .onKeyPress(.downArrow, phases: .down) { _ in
                        guard showMenu, !filteredCommands.isEmpty else { return .ignored }
                        let n = filteredCommands.count
                        selectedIndex = (selectedIndex + 1) % n
                        return .handled
                    }
                    .onKeyPress(.tab, phases: .down) { _ in
                        guard showMenu,
                              let command = filteredCommands[safe: selectedIndex] else { return .ignored }
                        insertCommand(command)
                        return .handled
                    }
                    .onKeyPress(.escape, phases: .down) { _ in
                        guard showMenu else { return .ignored }
                        showMenu = false
                        return .handled
                    }
                    .onKeyPress(.return, phases: .down) { press in
                        if press.modifiers.contains(.shift) {
                            return .ignored
                        }
                        if showMenu, let command = filteredCommands[safe: selectedIndex] {
                            insertCommand(command)
                            return .handled
                        }
                        send()
                        return .handled
                    }
                Button {
-                    compressFocus = ""
+                    send()
                    showCompressSheet = true
                } label: {
-                    Image(systemName: "rectangle.compress.vertical")
+                    Image(systemName: "arrow.up.circle.fill")
-                        .font(.title3)
+                        .font(.title2)
-                        .foregroundStyle(.secondary)
+                        .foregroundStyle(canSend ? Color.accentColor : .secondary)
                }
                .buttonStyle(.plain)
-                .disabled(!isEnabled)
+                .disabled(!canSend)
-                .help("Compress conversation (/compress)")
+                .help("Send message (Enter)")
            }
-
+            .padding(.horizontal, 12)
-            TextEditor(text: $text)
+            .padding(.vertical, 8)
                .font(.body)
                .scrollContentBackground(.hidden)
                .focused($isFocused)
                .frame(minHeight: 28, maxHeight: 120)
                .fixedSize(horizontal: false, vertical: true)
                .padding(.horizontal, 8)
                .padding(.vertical, 4)
                .background(.quaternary.opacity(0.5))
                .clipShape(RoundedRectangle(cornerRadius: 12))
                .overlay(alignment: .topLeading) {
                    if text.isEmpty {
                        Text("Message Hermes...")
                            .foregroundStyle(.tertiary)
                            .padding(.horizontal, 12)
                            .padding(.vertical, 8)
                            .allowsHitTesting(false)
                    }
                }
                .onKeyPress(.return, phases: .down) { press in
                    if press.modifiers.contains(.shift) {
                        return .ignored
                    }
                    send()
                    return .handled
                }
            Button {
                send()
            } label: {
                Image(systemName: "arrow.up.circle.fill")
                    .font(.title2)
                    .foregroundStyle(canSend ? Color.accentColor : .secondary)
            }
            .buttonStyle(.plain)
            .disabled(!canSend)
            .help("Send message (Enter)")
        }
        .padding(.horizontal, 12)
        .padding(.vertical, 8)
        .background(.bar)
        .onChange(of: text) { _, _ in
            updateMenuState()
        }
        .onChange(of: commands.map(\.id)) { _, _ in
            updateMenuState()
        }
        .sheet(isPresented: $showCompressSheet) {
            compressSheet
        }
@@ -101,10 +158,61 @@ struct RichChatInputBar: View {
        isEnabled && !text.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
    }
    /// Show the slash menu only while the user is typing the command token:
    /// text starts with `/` and contains no whitespace (space or newline).
    private var shouldShowMenu: Bool {
        guard text.hasPrefix("/") else { return false }
        return !text.contains(" ") && !text.contains("\n")
    }
    private var menuQuery: String {
        guard text.hasPrefix("/") else { return "" }
        return String(text.dropFirst())
    }
    private var filteredCommands: [HermesSlashCommand] {
        SlashCommandMenu.filter(commands: commands, query: menuQuery)
    }
    private func updateMenuState() {
        let shouldShow = shouldShowMenu
        if shouldShow != showMenu {
            showMenu = shouldShow
        }
        // Re-clamp selection whenever the filtered list may have shrunk.
        let count = filteredCommands.count
        if count == 0 {
            selectedIndex = 0
        } else if selectedIndex >= count {
            selectedIndex = count - 1
        } else if selectedIndex < 0 {
            selectedIndex = 0
        }
    }
    private func insertCommand(_ command: HermesSlashCommand) {
        if command.argumentHint != nil {
            text = "/\(command.name) "
        } else {
            text = "/\(command.name)"
        }
        showMenu = false
        selectedIndex = 0
        isFocused = true
    }
    private func send() {
        let trimmed = text.trimmingCharacters(in: .whitespacesAndNewlines)
        guard !trimmed.isEmpty, isEnabled else { return }
        onSend(trimmed)
        text = ""
        showMenu = false
        selectedIndex = 0
    }
 }
 private extension Array {
    subscript(safe index: Int) -> Element? {
        indices.contains(index) ? self[index] : nil
    }
 }
@@ -3,22 +3,54 @@ import SwiftUI
 struct RichChatMessageList: View {
    let groups: [MessageGroup]
    let isWorking: Bool
    /// True while the ACP session is being established or restored — used to
    /// swap the empty-state placeholder for a progress indicator so the user
    /// knows something is happening while history loads.
    var isLoadingSession: Bool = false
    /// External trigger to force a scroll-to-bottom (e.g., from "Return to Active Session").
    var scrollTrigger: UUID = UUID()
-    /// Track the last group's assistant content length to detect streaming updates.
+    /// Scrolling strategy: plain `VStack` (not `LazyVStack`) plus
-    private var scrollAnchor: String {
+    /// `.defaultScrollAnchor(.bottom)`.
-        if isWorking { return "typing-indicator" }
+    ///
-        if let last = groups.last { return "group-\(last.id)" }
+    /// `LazyVStack` was causing the classic "loaded session shows whitespace
-        return "scroll-top"
+    /// and the chat is above" bug: lazy rows return estimated heights before
-    }
+    /// they render, `.defaultScrollAnchor(.bottom)` positions the viewport
-
+    /// at the *estimated* bottom (which overshoots the real content), and
    /// when rows materialize and real heights land, the viewport ends up
    /// past the content. Attempts to correct via `proxy.scrollTo(lastID)`
    /// failed because unrendered rows have no resolvable ID.
    ///
    /// Switching to `VStack` materializes every row immediately, so
    /// `.defaultScrollAnchor(.bottom)` has real heights to work with and
    /// can't overshoot. For typical Hermes sessions (<500 messages) the
    /// first-render cost is acceptable. If ever needed for huge sessions
    /// we can reintroduce lazy with a preference-key-based height
    /// measurement, but that's a much larger change.
    var body: some View {
        ScrollViewReader { proxy in
            ScrollView {
-                LazyVStack(alignment: .leading, spacing: 16) {
+                VStack(alignment: .leading, spacing: 16) {
-                    Spacer(minLength: 0)
+                    if groups.isEmpty && !isWorking {
-                        .id("scroll-top")
+                        // Fill the scroll view's visible height so Spacers
                        // can vertically center the placeholder. Previously
                        // `.padding(.vertical, 80)` left the placeholder
                        // floating at whatever y-offset `.defaultScrollAnchor(.bottom)`
                        // settled on — usually near the bottom of the pane.
                        VStack {
                            Spacer(minLength: 0)
                            if isLoadingSession {
                                loadingState
                            } else {
                                emptyState
                            }
                            Spacer(minLength: 0)
                        }
                        .frame(maxWidth: .infinity)
                        .containerRelativeFrame(.vertical)
                        .transition(.opacity)
                    }
                    ForEach(groups) { group in
                        MessageGroupView(group: group)
                            .id("group-\(group.id)")
@@ -30,51 +62,50 @@ struct RichChatMessageList: View {
                    }
                }
                .padding()
                .animation(.easeInOut(duration: 0.15), value: isLoadingSession)
                .animation(.easeInOut(duration: 0.15), value: groups.isEmpty)
            }
            .defaultScrollAnchor(.bottom)
            // Scroll to bottom when view first appears with content
            .onAppear {
                if !groups.isEmpty {
                    DispatchQueue.main.async {
                        scrollToBottom(proxy: proxy, animated: false)
                    }
                }
            }
            // Scroll on new groups
            .onChange(of: groups.count) {
                scrollToBottom(proxy: proxy)
            }
            // Scroll when agent starts/stops working
            .onChange(of: isWorking) {
                scrollToBottom(proxy: proxy)
            }
            // Scroll on streaming content updates (group content changes)
            .onChange(of: scrollAnchor) {
                scrollToBottom(proxy: proxy)
            }
            // Scroll on last message content change (streaming text)
            .onChange(of: groups.last?.assistantMessages.last?.content ?? "") {
                scrollToBottom(proxy: proxy, animated: false)
            }
            // Scroll on tool call count change
            .onChange(of: groups.last?.toolCallCount ?? 0) {
                scrollToBottom(proxy: proxy)
            }
            // Scroll on external trigger (e.g., "Return to Active Session" button)
            .onChange(of: scrollTrigger) {
-                scrollToBottom(proxy: proxy)
+                let target = lastAnchorID
                withAnimation(.easeOut(duration: 0.15)) {
                    proxy.scrollTo(target, anchor: .bottom)
                }
            }
        }
    }
-    private func scrollToBottom(proxy: ScrollViewProxy, animated: Bool = true) {
+    /// Anchor ID used by the explicit scrollTrigger path. Prefers the typing
-        let target = scrollAnchor
+    /// indicator when visible (so we scroll to the very bottom of the
-        if animated {
+    /// current turn), otherwise the last group.
-            withAnimation(.easeOut(duration: 0.15)) {
+    private var lastAnchorID: String {
-                proxy.scrollTo(target, anchor: .bottom)
+        if isWorking { return "typing-indicator" }
-            }
+        if let last = groups.last { return "group-\(last.id)" }
-        } else {
+        return "group-0"
-            proxy.scrollTo(target, anchor: .bottom)
+    }
    private var emptyState: some View {
        VStack(spacing: 12) {
            Image(systemName: "bubble.left.and.text.bubble.right")
                .font(.system(size: 40))
                .foregroundStyle(.tertiary)
            Text("Chat Messages")
                .font(.title3)
                .fontWeight(.semibold)
            Text("Messages will appear here as the conversation progresses.")
                .font(.callout)
                .foregroundStyle(.secondary)
                .multilineTextAlignment(.center)
        }
    }
    private var loadingState: some View {
        VStack(spacing: 14) {
            ProgressView()
                .controlSize(.large)
            Text("Loading session…")
                .font(.callout)
                .foregroundStyle(.secondary)
        }
    }
@@ -108,7 +139,17 @@ struct MessageGroupView: View {
                RichMessageBubble(message: user, toolResults: [:])
            }
-            ForEach(group.assistantMessages.filter(\.isAssistant)) { message in
+            // Identify by array offset rather than `message.id`. The
            // streaming assistant message starts with id=0 and gets a
            // new negative id when finalized — using `\.id` would make
            // SwiftUI think the bubble disappeared and a new one appeared
            // (destroying + recreating the view, which manifests as the
            // chat flashing or jumping right when the prompt completes).
            // Within a single group the assistant messages are
            // append-only, so offset is a stable identity for the
            // group's lifetime.
            let assistantMessages = group.assistantMessages.filter(\.isAssistant)
            ForEach(Array(assistantMessages.enumerated()), id: \.offset) { _, message in
                RichMessageBubble(message: message, toolResults: group.toolResults)
            }
@@ -21,20 +21,16 @@ struct RichChatView: View {
            )
            Divider()
-            if richChat.messageGroups.isEmpty && !richChat.isAgentWorking {
+            // Always mount RichChatMessageList; empty state lives inside it.
-                ContentUnavailableView(
+            // Swapping between a ContentUnavailableView and the ScrollView
-                    "Chat Messages",
+            // hierarchy on first message caused a full view tree rebuild,
-                    systemImage: "bubble.left.and.text.bubble.right",
+            // which manifests as a white flash.
-                    description: Text("Messages will appear here as the conversation progresses.")
+            RichChatMessageList(
-                )
+                groups: richChat.messageGroups,
-                .frame(maxWidth: .infinity, maxHeight: .infinity)
+                isWorking: richChat.isAgentWorking,
-            } else {
+                isLoadingSession: chatViewModel.isPreparingSession,
-                RichChatMessageList(
+                scrollTrigger: richChat.scrollTrigger
-                    groups: richChat.messageGroups,
+            )
                    isWorking: richChat.isAgentWorking,
                    scrollTrigger: richChat.scrollTrigger
                )
            }
            Divider()
            RichChatInputBar(
@@ -42,7 +38,8 @@ struct RichChatView: View {
                    onSend(text)
                },
                isEnabled: isEnabled,
-                supportsCompress: richChat.supportsCompress
+                commands: richChat.availableCommands,
                showCompressButton: richChat.supportsCompress && !richChat.hasBroaderCommandMenu
            )
        }
        // DB polling fallback for terminal mode only — never overwrite ACP messages
@@ -45,7 +45,8 @@ struct SessionInfoBar: View {
                }
                if let cost = session.displayCostUSD {
-                    Label(String(format: "$%.4f%@", cost, session.costIsActual ? "" : " est."), systemImage: "dollarsign.circle")
+                    let formattedCost = cost.formatted(.currency(code: "USD").precision(.fractionLength(4)))
                    Label(session.costIsActual ? formattedCost : "\(formattedCost) est.", systemImage: "dollarsign.circle")
                        .contentTransition(.numericText())
                }
@@ -75,11 +76,6 @@ struct SessionInfoBar: View {
    }
    private func formatTokens(_ count: Int) -> String {
-        if count >= 1_000_000 {
+        count.formatted(.number.notation(.compactName).precision(.fractionLength(0...1)))
            return String(format: "%.1fM", Double(count) / 1_000_000)
        } else if count >= 1_000 {
            return String(format: "%.1fK", Double(count) / 1_000)
        }
        return "\(count)"
    }
 }
@@ -0,0 +1,114 @@
 import SwiftUI
 /// Floating menu of available slash commands shown above the chat input when
 /// the user types `/` as the first character. Purely presentational — the
 /// parent filters the list and owns selection state.
 struct SlashCommandMenu: View {
    /// Pre-filtered commands to display.
    let commands: [HermesSlashCommand]
    /// Whether the agent advertised any commands at all. Lets us distinguish
    /// "agent hasn't sent commands yet" from "filter matched nothing".
    let agentHasCommands: Bool
    @Binding var selectedIndex: Int
    var onSelect: (HermesSlashCommand) -> Void
    /// Case-insensitive prefix match on the command name. Exposed as a static
    /// helper so the parent can share filter logic with its key handlers.
    static func filter(commands: [HermesSlashCommand], query: String) -> [HermesSlashCommand] {
        let q = query.lowercased()
        if q.isEmpty { return commands }
        return commands.filter { $0.name.lowercased().hasPrefix(q) }
    }
    var body: some View {
        if !agentHasCommands {
            VStack(alignment: .leading, spacing: 4) {
                Text("No commands available")
                    .font(.callout)
                    .foregroundStyle(.secondary)
                Text("The agent hasn't advertised any slash commands yet. Keep typing to send as a message, or press Esc.")
                    .font(.caption)
                    .foregroundStyle(.tertiary)
            }
            .padding(12)
            .frame(minWidth: 360, alignment: .leading)
        } else if commands.isEmpty {
            VStack(alignment: .leading, spacing: 4) {
                Text("No matching commands")
                    .font(.callout)
                    .foregroundStyle(.secondary)
                Text("Keep typing to send as a message, or press Esc.")
                    .font(.caption)
                    .foregroundStyle(.tertiary)
            }
            .padding(12)
            .frame(minWidth: 360, alignment: .leading)
        } else {
            ScrollViewReader { proxy in
                ScrollView {
                    LazyVStack(spacing: 0) {
                        ForEach(Array(commands.enumerated()), id: \.element.id) { index, command in
                            SlashCommandRow(
                                command: command,
                                isSelected: index == selectedIndex
                            )
                            .id(index)
                            .contentShape(Rectangle())
                            .onTapGesture {
                                selectedIndex = index
                                onSelect(command)
                            }
                        }
                    }
                }
                .frame(minWidth: 360, maxHeight: 260)
                .onChange(of: selectedIndex) { _, newValue in
                    withAnimation(.easeOut(duration: 0.1)) {
                        proxy.scrollTo(newValue, anchor: .center)
                    }
                }
            }
        }
    }
 }
 private struct SlashCommandRow: View {
    let command: HermesSlashCommand
    let isSelected: Bool
    var body: some View {
        HStack(alignment: .firstTextBaseline, spacing: 8) {
            VStack(alignment: .leading, spacing: 2) {
                HStack(spacing: 6) {
                    Text("/\(command.name)")
                        .font(.system(.body, design: .monospaced))
                        .fontWeight(.semibold)
                    if let hint = command.argumentHint {
                        Text("<\(hint)>")
                            .font(.system(.caption, design: .monospaced))
                            .foregroundStyle(.tertiary)
                    }
                    if command.source == .quickCommand {
                        Text("user")
                            .font(.caption2)
                            .padding(.horizontal, 6)
                            .padding(.vertical, 1)
                            .background(.quaternary.opacity(0.8))
                            .clipShape(Capsule())
                            .foregroundStyle(.secondary)
                    }
                }
                if !command.description.isEmpty {
                    Text(command.description)
                        .font(.caption)
                        .foregroundStyle(.secondary)
                        .lineLimit(2)
                }
            }
            Spacer(minLength: 0)
        }
        .padding(.horizontal, 12)
        .padding(.vertical, 8)
        .background(isSelected ? Color.accentColor.opacity(0.15) : Color.clear)
    }
 }
@@ -0,0 +1,74 @@
 import SwiftUI
 /// Translucent loading overlay used by feature views while their VM's
 /// `load()` runs in the background. Shows a centered ProgressView with
 /// optional label; the underlying content stays visible (just dimmed)
 /// when it's already populated, or the overlay fully covers an empty
 /// section so the user sees activity instead of "nothing here yet".
 ///
 /// Usage:
 /// ```swift
 /// SomeContent()
 ///     .loadingOverlay(viewModel.isLoading, label: "Loading credentials…", isEmpty: viewModel.pools.isEmpty)
 /// ```
 ///
 /// The `isEmpty` flag controls whether the overlay covers the full view
 /// (when there's no stale content to show under it) or just dims it
 /// (when refreshing existing data).
 struct LoadingOverlay: ViewModifier {
    let isLoading: Bool
    let label: String
    let isEmpty: Bool
    func body(content: Content) -> some View {
        content
            .overlay {
                if isLoading {
                    if isEmpty {
                        // Full cover: empty state. User has no data to look at,
                        // so own the whole pane with the spinner.
                        VStack(spacing: 12) {
                            ProgressView()
                                .controlSize(.large)
                            Text(label)
                                .font(.callout)
                                .foregroundStyle(.secondary)
                        }
                        .frame(maxWidth: .infinity, maxHeight: .infinity)
                        .background(Color(NSColor.windowBackgroundColor))
                    } else {
                        // Stale-content refresh: top-trailing pill so the
                        // user sees data is being refreshed without losing
                        // their place.
                        VStack {
                            HStack {
                                Spacer()
                                HStack(spacing: 6) {
                                    ProgressView()
                                        .controlSize(.small)
                                    Text(label)
                                        .font(.caption)
                                        .foregroundStyle(.secondary)
                                }
                                .padding(.horizontal, 10)
                                .padding(.vertical, 5)
                                .background(.thinMaterial, in: Capsule())
                                .padding(8)
                            }
                            Spacer()
                        }
                    }
                }
            }
    }
 }
 extension View {
    /// Show a loading indicator while `isLoading` is true. If `isEmpty` is
    /// also true, the indicator covers the full view; otherwise it shows
    /// as a small refresh pill in the top-trailing corner so existing
    /// content stays visible.
    func loadingOverlay(_ isLoading: Bool, label: String = "Loading…", isEmpty: Bool = false) -> some View {
        modifier(LoadingOverlay(isLoading: isLoading, label: label, isEmpty: isEmpty))
    }
 }
@@ -0,0 +1,268 @@
 import Foundation
 import AppKit
 import os
 /// A single pooled credential for a provider (rotation entry).
 struct HermesCredential: Identifiable, Sendable, Equatable {
    var id: String { "\(provider):\(index):\(internalID)" }
    let internalID: String      // Stable id from auth.json (e.g. "9f8d9b")
    let provider: String
    let index: Int              // 0-based index in the provider's pool
    let label: String           // Human label ("OPENROUTER_API_KEY")
    let authType: String        // "api_key" | "oauth"
    let source: String          // "env:OPENROUTER_API_KEY" | "gh_cli" | "file:..."
    let tokenTail: String       // Last 4 chars of the token — NEVER store full token in UI state
    let lastStatus: String      // "ok" | "cooldown" | "exhausted" | ""
    let requestCount: Int
 }
 /// Summary of one provider's pool with its rotation strategy.
 struct HermesCredentialPool: Identifiable, Sendable {
    var id: String { provider }
    let provider: String
    let strategy: String        // "fill_first" | "round_robin" | "least_used" | "random"
    let credentials: [HermesCredential]
 }
@Observable
@MainActor
 final class CredentialPoolsViewModel {
    private let logger = Logger(subsystem: "com.scarf", category: "CredentialPoolsViewModel")
    let context: ServerContext
    init(context: ServerContext = .local) {
        self.context = context
        self.oauthFlow = OAuthFlowController(context: context)
    }
    var pools: [HermesCredentialPool] = []
    var isLoading = false
    var message: String?
    /// Driver for the OAuth flow. Uses Process + pipes (not SwiftTerm) so we
    /// can extract the authorization URL, pop it open with an explicit button,
    /// and feed the code back via stdin. See OAuthFlowController for why we
    /// moved off the embedded-terminal approach.
    let oauthFlow: OAuthFlowController
    var oauthProvider: String = ""
    /// Convenience — the sheet keys a lot of UI off "is the flow running?".
    var oauthInProgress: Bool { oauthFlow.isRunning }
    let strategyOptions = ["fill_first", "round_robin", "least_used", "random"]
    /// Source of truth is `~/.hermes/auth.json`. Parsing box-drawn `hermes auth list`
    /// output is fragile — the JSON file is structured, stable, and already stores
    /// exactly the pool data the UI needs. We never display full tokens.
    ///
    /// Runs the file reads on a detached task so the synchronous SSH calls
    /// (which can block for hundreds of milliseconds even with ControlMaster
    /// multiplexing) don't freeze the main thread / spin the beach ball.
    func load() {
        isLoading = true
        let ctx = context
        Task.detached { [weak self] in
            let authData = ctx.readData(ctx.paths.authJSON)
            let yaml = ctx.readText(ctx.paths.configYAML) ?? ""
            let strategies = Self.parseStrategies(from: yaml)
            let decodedPools: [HermesCredentialPool]
            if let data = authData,
               let decoded = try? JSONDecoder().decode(AuthFile.self, from: data) {
                decodedPools = Self.buildPools(from: decoded, strategies: strategies)
            } else {
                decodedPools = []
            }
            await MainActor.run { [weak self] in
                self?.pools = decodedPools
                self?.isLoading = false
            }
        }
    }
    /// The `credential_pool_strategies:` map lives in config.yaml as `<provider>: <strategy>`.
    /// Pure-function form so it's safe to call from the detached load task.
    nonisolated private static func parseStrategies(from yaml: String) -> [String: String] {
        guard !yaml.isEmpty else { return [:] }
        let parsed = HermesFileService.parseNestedYAML(yaml)
        return parsed.maps["credential_pool_strategies"] ?? [:]
    }
    nonisolated private static func buildPools(from auth: AuthFile, strategies: [String: String]) -> [HermesCredentialPool] {
        auth.credential_pool.keys.sorted().map { provider in
            let entries = auth.credential_pool[provider] ?? []
            let creds = entries.enumerated().map { index, entry in
                HermesCredential(
                    internalID: entry.id ?? "",
                    provider: provider,
                    index: index,
                    label: entry.label ?? entry.source ?? "",
                    authType: entry.auth_type ?? "",
                    source: entry.source ?? "",
                    tokenTail: Self.tail(of: entry.access_token ?? ""),
                    lastStatus: entry.last_status ?? "",
                    requestCount: entry.request_count ?? 0
                )
            }
            return HermesCredentialPool(
                provider: provider,
                strategy: strategies[provider] ?? "fill_first",
                credentials: creds
            )
        }
    }
    /// Return last 4 chars prefixed with "…", or "" if the token is too short.
    /// Callers MUST NOT pass the full token anywhere user-visible beyond this.
    nonisolated private static func tail(of token: String) -> String {
        guard token.count >= 4 else { return "" }
        return "…" + String(token.suffix(4))
    }
    // MARK: - Mutations (all routed through the hermes CLI so hermes stays authoritative)
    func setStrategy(_ strategy: String, for provider: String) {
        let result = runHermes(["config", "set", "credential_pool_strategies.\(provider)", strategy])
        if result.exitCode == 0 {
            message = "Strategy updated for \(provider)"
            load()
        } else {
            message = "Failed to update strategy"
        }
        DispatchQueue.main.asyncAfter(deadline: .now() + 2) { [weak self] in
            self?.message = nil
        }
    }
    /// Add an API-key credential to a provider's pool. Runs non-interactively.
    ///
    /// **Critical:** we must pass `--type api-key` in addition to `--api-key`.
    /// Without `--type`, hermes falls back to the provider's default (OAuth for
    /// Anthropic, etc.) and launches the browser flow even though the user
    /// just gave us a key.
    func addAPIKey(provider: String, apiKey: String, label: String) {
        var args = ["auth", "add", provider, "--type", "api-key", "--api-key", apiKey]
        let trimmedLabel = label.trimmingCharacters(in: .whitespaces)
        if !trimmedLabel.isEmpty {
            args += ["--label", trimmedLabel]
        }
        let result = runHermes(args)
        if result.exitCode == 0 {
            message = "Credential added"
            load()
        } else {
            logger.warning("Add credential failed: \(result.output)")
            message = "Add failed: \(result.output.prefix(160))"
        }
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
    /// Kick off the OAuth flow. Uses OAuthFlowController (Process + pipes) so
    /// we can detect the authorization URL from hermes's output, open the
    /// browser ourselves, and feed the code back via stdin — avoiding the
    /// subprocess-can't-open-browser problem SwiftTerm had.
    func startOAuth(provider: String, label: String) {
        guard !provider.isEmpty else { return }
        oauthProvider = provider
        oauthFlow.onExit = { [weak self] _ in
            guard let self else { return }
            self.message = self.oauthFlow.succeeded
                ? "OAuth login succeeded"
                : (self.oauthFlow.errorMessage ?? "OAuth login failed or cancelled")
            // Reload regardless — hermes may have written a partial credential
            // even on a soft failure, and we want the list to reflect truth.
            self.load()
            DispatchQueue.main.asyncAfter(deadline: .now() + 4) { [weak self] in
                self?.message = nil
            }
        }
        oauthFlow.start(provider: provider, label: label)
    }
    /// Submit the authorization code the user pasted into the form's text
    /// field. Writes it to hermes's stdin.
    func submitOAuthCode(_ code: String) {
        oauthFlow.submitCode(code)
    }
    /// Cancel an in-progress OAuth attempt (e.g., user closed the sheet).
    func cancelOAuth() {
        oauthFlow.stop()
    }
    func removeCredential(provider: String, index: Int) {
        // The CLI uses 1-based indexing ("#1", "#2" in `hermes auth list`); our
        // stored `index` is 0-based, so add 1 when handing to the CLI.
        let result = runHermes(["auth", "remove", provider, String(index + 1)])
        if result.exitCode == 0 {
            message = "Credential removed"
            load()
        } else {
            message = "Remove failed"
        }
        DispatchQueue.main.asyncAfter(deadline: .now() + 2) { [weak self] in
            self?.message = nil
        }
    }
    func resetProvider(_ provider: String) {
        let result = runHermes(["auth", "reset", provider])
        message = result.exitCode == 0 ? "Cooldowns cleared for \(provider)" : "Reset failed"
        load()
        DispatchQueue.main.asyncAfter(deadline: .now() + 2) { [weak self] in
            self?.message = nil
        }
    }
    @discardableResult
    private func runHermes(_ arguments: [String]) -> (output: String, exitCode: Int32) {
        context.runHermes(arguments)
    }
 }
 // MARK: - auth.json decoding
 // Shape verified against a real `~/.hermes/auth.json` — see sample in plan notes.
 // All fields are optional because the format evolves and we want decoding to
 // succeed even if hermes adds new keys or omits some for certain auth types.
 // Hand-written `init(from:)` so Swift 6 doesn't synthesize a MainActor-
 // isolated conformance — auth.json decode runs in `load()`'s detached task.
 private struct AuthFile: Decodable, Sendable {
    nonisolated let credential_pool: [String: [AuthEntry]]
    enum CodingKeys: String, CodingKey { case credential_pool }
    nonisolated init(from decoder: any Decoder) throws {
        let c = try decoder.container(keyedBy: CodingKeys.self)
        self.credential_pool = try c.decode([String: [AuthEntry]].self, forKey: .credential_pool)
    }
 }
 private struct AuthEntry: Decodable, Sendable {
    nonisolated let id: String?
    nonisolated let label: String?
    nonisolated let auth_type: String?
    nonisolated let source: String?
    nonisolated let access_token: String?
    nonisolated let last_status: String?
    nonisolated let request_count: Int?
    enum CodingKeys: String, CodingKey {
        case id, label, auth_type, source, access_token, last_status, request_count
    }
    nonisolated init(from decoder: any Decoder) throws {
        let c = try decoder.container(keyedBy: CodingKeys.self)
        self.id            = try c.decodeIfPresent(String.self, forKey: .id)
        self.label         = try c.decodeIfPresent(String.self, forKey: .label)
        self.auth_type     = try c.decodeIfPresent(String.self, forKey: .auth_type)
        self.source        = try c.decodeIfPresent(String.self, forKey: .source)
        self.access_token  = try c.decodeIfPresent(String.self, forKey: .access_token)
        self.last_status   = try c.decodeIfPresent(String.self, forKey: .last_status)
        self.request_count = try c.decodeIfPresent(Int.self, forKey: .request_count)
    }
 }
@@ -0,0 +1,267 @@
 import Foundation
 import AppKit
 import os
 /// Drives the `hermes auth add <provider> --type oauth` flow via `Process` +
 /// pipes instead of SwiftTerm. The embedded terminal approach turned out to
 /// have two problems:
 ///
 ///   1. Python's `webbrowser.open` called from a subprocess doesn't reliably
 ///      open the user's browser — the macOS `open` command can fail silently
 ///      depending on how the parent app was launched.
 ///   2. Even when it works, users can't easily copy the URL from a terminal
 ///      emulator to click or share.
 ///
 /// This controller runs hermes with `--no-browser`, captures stdout/stderr,
 /// regex-extracts the authorization URL, and exposes it to the UI as a plain
 /// string. The UI shows a real "Open in Browser" button (via NSWorkspace) and
 /// a code input text field. Submitting writes the code + newline to hermes's
 /// stdin pipe, which Python's `input()` reads normally — verified in shell
 /// testing that hermes accepts piped stdin when a TTY isn't available.
 ///
 /// Hermes exits 0 even on "login did not return credentials" failures, so we
 /// detect success by scanning output for failure markers AND by letting the
 /// calling VM reload `auth.json` to see whether a new credential actually
 /// landed.
@Observable
@MainActor
 final class OAuthFlowController {
    private let logger = Logger(subsystem: "com.scarf", category: "OAuthFlowController")
    let context: ServerContext
    init(context: ServerContext = .local) {
        self.context = context
    }
    // MARK: - Observable state
    /// Accumulated terminal output for display. Grows monotonically during
    /// the flow; cleared on `start(...)`.
    var output: String = ""
    /// Authorization URL extracted from hermes's output. Shown as a prominent
    /// "Open in Browser" button once detected.
    var authorizationURL: String?
    /// True once hermes has printed the "Authorization code:" prompt. Gates
    /// the code submit button so users can't submit too early.
    var awaitingCode: Bool = false
    /// True between `start(...)` and process termination.
    var isRunning: Bool = false
    /// Set when the process exits with a success signal (both zero exit AND
    /// no failure marker in output). The VM checks this + reloads auth.json.
    var succeeded: Bool = false
    /// Human-readable error message if start/submit failed mid-flow.
    var errorMessage: String?
    /// Fired when the process exits, with the raw exit code. Use this to
    /// trigger a UI reload or close the sheet.
    var onExit: ((Int32) -> Void)?
    // MARK: - Private state
    private var process: Process?
    private var stdinPipe: Pipe?
    private var stdoutPipe: Pipe?
    // MARK: - Lifecycle
    /// Start the OAuth flow. Any prior in-flight flow is terminated first.
    func start(provider: String, label: String) {
        stop()
        output = ""
        authorizationURL = nil
        awaitingCode = false
        succeeded = false
        errorMessage = nil
        // Pass --no-browser so hermes doesn't try (and potentially fail) to
        // launch the browser itself — we do it explicitly with the button.
        var args = ["auth", "add", provider, "--type", "oauth", "--no-browser"]
        let trimmedLabel = label.trimmingCharacters(in: .whitespaces)
        if !trimmedLabel.isEmpty {
            args += ["--label", trimmedLabel]
        }
        // Use the transport so OAuth works against remote contexts too:
        // local spawns hermes directly, remote rounds through ssh -T while
        // preserving stdin (for the auth-code prompt) and stdout (for the
        // URL parser).
        let proc = context.makeTransport().makeProcess(
            executable: context.paths.hermesBinary,
            args: args
        )
        if !context.isRemote {
            // Only enrich env locally — the remote ssh process gets the
            // remote login env naturally, and exporting our local API keys
            // into it would be wrong.
            proc.environment = HermesFileService.enrichedEnvironment()
        }
        let outPipe = Pipe()
        let inPipe = Pipe()
        // Merge stderr into stdout: hermes prints the URL + prompt to stdout,
        // but diagnostic messages can land on stderr; we want both interleaved
        // in display order.
        proc.standardOutput = outPipe
        proc.standardError = outPipe
        proc.standardInput = inPipe
        outPipe.fileHandleForReading.readabilityHandler = { [weak self] handle in
            let data = handle.availableData
            if data.isEmpty {
                // EOF — the peer closed its write end. Drop the handler so
                // Foundation doesn't keep calling us with empty reads.
                handle.readabilityHandler = nil
                return
            }
            let chunk = String(data: data, encoding: .utf8) ?? ""
            // Hop onto the main actor to mutate observable state.
            Task { @MainActor [weak self] in
                self?.handleOutputChunk(chunk)
            }
        }
        proc.terminationHandler = { [weak self] p in
            let code = p.terminationStatus
            Task { @MainActor [weak self] in
                outPipe.fileHandleForReading.readabilityHandler = nil
                self?.handleTermination(exitCode: code)
            }
        }
        do {
            try proc.run()
            process = proc
            stdinPipe = inPipe
            stdoutPipe = outPipe
            isRunning = true
        } catch {
            errorMessage = "Failed to start hermes: \(error.localizedDescription)"
            logger.error("Failed to start hermes: \(error.localizedDescription)")
        }
    }
    /// Terminate the in-flight process (if any). Safe to call when nothing is running.
    func stop() {
        stdoutPipe?.fileHandleForReading.readabilityHandler = nil
        process?.terminate()
        process = nil
        stdinPipe = nil
        stdoutPipe = nil
        isRunning = false
        awaitingCode = false
    }
    /// Send the authorization code to hermes's stdin. Called when the user
    /// taps "Submit" in the sheet's code input field.
    func submitCode(_ code: String) {
        let trimmed = code.trimmingCharacters(in: .whitespacesAndNewlines)
        guard !trimmed.isEmpty else {
            errorMessage = "Authorization code is empty"
            return
        }
        guard let stdinPipe else {
            errorMessage = "Process is no longer accepting input"
            return
        }
        let payload = trimmed + "\n"
        guard let data = payload.data(using: .utf8) else {
            errorMessage = "Could not encode code"
            return
        }
        do {
            try stdinPipe.fileHandleForWriting.write(contentsOf: data)
            // After writing, we don't close stdin — hermes might prompt again
            // on failure. Instead we flip `awaitingCode` off so the UI can
            // dim the submit button until another prompt appears.
            awaitingCode = false
        } catch {
            errorMessage = "Failed to send code: \(error.localizedDescription)"
        }
    }
    /// Explicitly open the detected authorization URL in the default browser.
    /// Does nothing if no URL has been detected yet.
    func openURLInBrowser() {
        guard let url = authorizationURL, let parsed = URL(string: url) else { return }
        NSWorkspace.shared.open(parsed)
    }
    // MARK: - Output handling
    private func handleOutputChunk(_ chunk: String) {
        output += chunk
        if authorizationURL == nil, let url = Self.extractAuthURL(from: output) {
            authorizationURL = url
            // Auto-open the browser on first detection, since that's what a
            // well-behaved hermes would have done. We keep the manual button
            // available for retries / copy-paste.
            if let parsed = URL(string: url) {
                NSWorkspace.shared.open(parsed)
            }
        }
        // The prompt may arrive in the same chunk as the URL. Checking
        // cumulative output (rather than just this chunk) is safer.
        if !awaitingCode, output.contains("Authorization code:") {
            awaitingCode = true
        }
    }
    private func handleTermination(exitCode: Int32) {
        isRunning = false
        // Hermes exits 0 even on "login did not return credentials" — detect
        // that failure marker explicitly so we don't report false success.
        let failureMarkers = [
            "did not return credentials",
            "Token exchange failed",
            "OAuth login failed",
            "HTTP Error"
        ]
        let outputFailed = failureMarkers.contains { output.localizedCaseInsensitiveContains($0) }
        succeeded = exitCode == 0 && !outputFailed
        if !succeeded, errorMessage == nil {
            if outputFailed {
                errorMessage = "OAuth did not complete — check the output above for details"
            } else if exitCode != 0 {
                errorMessage = "hermes exited with code \(exitCode)"
            }
        }
        onExit?(exitCode)
    }
    // MARK: - URL extraction
    /// Extract the OAuth authorization URL from hermes's output. Hermes prints
    /// it on its own line in a Rich-rendered box; we want a plain https URL
    /// that looks like a provider OAuth endpoint.
    ///
    /// Priority order:
    ///   1. URLs containing `client_id=` — real OAuth auth URLs always have this.
    ///   2. URLs containing `/authorize` — fallback for providers that don't
    ///      include client_id in the query (unusual but possible).
    ///   3. URLs containing `/oauth/` — last resort.
    ///
    /// Docs URLs and generic callback URLs are filtered out by these checks.
    nonisolated static func extractAuthURL(from text: String) -> String? {
        let pattern = #"https://[^\s\)\]\"'`<>]+"#
        guard let regex = try? NSRegularExpression(pattern: pattern) else { return nil }
        let range = NSRange(text.startIndex..., in: text)
        let urls: [String] = regex.matches(in: text, range: range).compactMap { match in
            Range(match.range, in: text).map { String(text[$0]) }
        }
        // Prefer the strongest signal so we don't accidentally surface the
        // redirect callback URL when both appear unencoded in output.
        if let url = urls.first(where: { $0.contains("client_id=") }) { return url }
        if let url = urls.first(where: { $0.contains("/authorize") }) { return url }
        if let url = urls.first(where: { $0.contains("/oauth/") }) { return url }
        return nil
    }
 }
@@ -0,0 +1,489 @@
 import SwiftUI
 struct CredentialPoolsView: View {
    @State private var viewModel: CredentialPoolsViewModel
    @State private var showAddSheet = false
    @State private var pendingRemove: HermesCredential?
    init(context: ServerContext) {
        _viewModel = State(initialValue: CredentialPoolsViewModel(context: context))
    }
    var body: some View {
        ScrollView {
            VStack(alignment: .leading, spacing: 16) {
                header
                safetyNotice
                if viewModel.isLoading {
                    ProgressView().padding()
                } else if viewModel.pools.isEmpty {
                    emptyState
                } else {
                    ForEach(viewModel.pools) { pool in
                        poolSection(pool)
                    }
                }
            }
            .padding()
            .frame(maxWidth: .infinity, alignment: .topLeading)
        }
        .navigationTitle("Credential Pools")
        .loadingOverlay(
            viewModel.isLoading,
            label: "Loading credentials…",
            isEmpty: viewModel.pools.isEmpty
        )
        .onAppear { viewModel.load() }
        .sheet(isPresented: $showAddSheet) {
            AddCredentialSheet(viewModel: viewModel) {
                showAddSheet = false
            }
        }
        .confirmationDialog(
            pendingRemove.map { "Remove credential for \($0.provider)?" } ?? "",
            isPresented: Binding(get: { pendingRemove != nil }, set: { if !$0 { pendingRemove = nil } })
        ) {
            Button("Remove", role: .destructive) {
                if let target = pendingRemove {
                    viewModel.removeCredential(provider: target.provider, index: target.index)
                }
                pendingRemove = nil
            }
            Button("Cancel", role: .cancel) { pendingRemove = nil }
        } message: {
            Text("This removes the credential from hermes. The upstream provider key is not revoked.")
        }
    }
    private var header: some View {
        HStack {
            if let msg = viewModel.message {
                Label(msg, systemImage: "info.circle.fill")
                    .font(.caption)
                    .foregroundStyle(.secondary)
            }
            Spacer()
            Button {
                showAddSheet = true
            } label: {
                Label("Add Credential", systemImage: "plus")
            }
            .controlSize(.small)
            Button("Reload") { viewModel.load() }
                .controlSize(.small)
        }
    }
    private var safetyNotice: some View {
        HStack(alignment: .top, spacing: 8) {
            Image(systemName: "lock.shield")
                .foregroundStyle(.secondary)
            Text("API keys are never displayed in full. Scarf only shows the last 4 characters for identification. Full key values are stored by hermes in ~/.hermes/auth.json.")
                .font(.caption)
                .foregroundStyle(.secondary)
        }
        .padding(8)
        .background(.quaternary.opacity(0.3))
        .clipShape(RoundedRectangle(cornerRadius: 6))
    }
    private var emptyState: some View {
        VStack(spacing: 8) {
            Image(systemName: "key.horizontal")
                .font(.largeTitle)
                .foregroundStyle(.secondary)
            Text("No credential pools configured")
                .foregroundStyle(.secondary)
            Text("Add rotation credentials so hermes can failover between keys when one hits rate limits.")
                .font(.caption)
                .foregroundStyle(.secondary)
                .multilineTextAlignment(.center)
        }
        .frame(maxWidth: .infinity)
        .padding(.vertical, 40)
    }
    @ViewBuilder
    private func poolSection(_ pool: HermesCredentialPool) -> some View {
        SettingsSection(title: LocalizedStringKey(pool.provider), icon: "key.horizontal") {
            PickerRow(label: "Rotation", selection: pool.strategy, options: viewModel.strategyOptions) { strategy in
                viewModel.setStrategy(strategy, for: pool.provider)
            }
            ForEach(pool.credentials) { cred in
                HStack(spacing: 12) {
                    Image(systemName: cred.authType == "oauth" ? "person.badge.key" : "key.fill")
                        .foregroundStyle(.secondary)
                    VStack(alignment: .leading, spacing: 2) {
                        HStack(spacing: 6) {
                            Text("#\(cred.index + 1)")
                                .font(.system(.caption, design: .monospaced, weight: .bold))
                            if !cred.label.isEmpty {
                                Text(cred.label).font(.caption)
                            }
                            if !cred.authType.isEmpty {
                                Text(cred.authType)
                                    .font(.caption2)
                                    .foregroundStyle(.secondary)
                                    .padding(.horizontal, 5)
                                    .padding(.vertical, 1)
                                    .background(.quaternary)
                                    .clipShape(Capsule())
                            }
                            if !cred.lastStatus.isEmpty {
                                Text(cred.lastStatus)
                                    .font(.caption2)
                                    .foregroundStyle(statusColor(cred.lastStatus))
                            }
                        }
                        HStack(spacing: 8) {
                            Text(cred.tokenTail.isEmpty ? "—" : cred.tokenTail)
                                .font(.system(.caption, design: .monospaced))
                                .foregroundStyle(.secondary)
                            if !cred.source.isEmpty {
                                Text(cred.source)
                                    .font(.caption2)
                                    .foregroundStyle(.tertiary)
                            }
                            if cred.requestCount > 0 {
                                Text("\(cred.requestCount) req")
                                    .font(.caption2)
                                    .foregroundStyle(.tertiary)
                            }
                        }
                    }
                    Spacer()
                    Button("Remove", role: .destructive) { pendingRemove = cred }
                        .controlSize(.small)
                }
                .padding(.horizontal, 12)
                .padding(.vertical, 6)
                .background(.quaternary.opacity(0.3))
            }
            HStack {
                Spacer()
                Button("Reset Cooldowns") { viewModel.resetProvider(pool.provider) }
                    .controlSize(.small)
            }
            .padding(.horizontal, 12)
            .padding(.vertical, 6)
            .background(.quaternary.opacity(0.3))
        }
    }
    private func statusColor(_ status: String) -> Color {
        switch status {
        case "ok", "active": return .green
        case "cooldown": return .orange
        case "exhausted": return .red
        default: return .secondary
        }
    }
 }
 /// Two-step sheet for adding a credential:
 /// 1. Provider picker (populated from the models catalog, falls back to free text)
 ///    + type selector (API Key vs OAuth) + optional label
 /// 2. Either an immediate save (API key) or an embedded terminal running the
 ///    OAuth flow so the user can paste the authorization code back.
 private struct AddCredentialSheet: View {
    @Bindable var viewModel: CredentialPoolsViewModel
    let onDismiss: () -> Void
    enum AuthType: String, CaseIterable, Identifiable {
        case apiKey = "API Key"
        case oauth = "OAuth"
        var id: String { rawValue }
        var displayName: LocalizedStringResource {
            switch self {
            case .apiKey: return "API Key"
            case .oauth: return "OAuth"
            }
        }
    }
    @State private var providerID: String = ""
    @State private var authType: AuthType = .apiKey
    @State private var apiKey: String = ""
    @State private var label: String = ""
    @State private var providers: [HermesProviderInfo] = []
    @State private var oauthStarted: Bool = false
    @State private var authCode: String = ""
    private var catalog: ModelCatalogService { ModelCatalogService(context: viewModel.context) }
    var body: some View {
        VStack(alignment: .leading, spacing: 16) {
            Text("Add Credential")
                .font(.headline)
            if !oauthStarted {
                configSection
            } else {
                oauthSection
            }
            Divider()
            footer
        }
        .padding()
        .frame(minWidth: 600, minHeight: 460)
        .onAppear {
            providers = catalog.loadProviders()
        }
        // Auto-close the sheet once a credential is actually saved. We key
        // off `succeeded` which the controller sets only when hermes exited
        // zero AND the output has no failure markers. The 0.8s delay lets the
        // user see the success banner before the sheet disappears.
        .onChange(of: viewModel.oauthFlow.succeeded) { _, newValue in
            guard newValue else { return }
            DispatchQueue.main.asyncAfter(deadline: .now() + 0.8) {
                onDismiss()
            }
        }
    }
    // MARK: - Step 1: provider + type + label + optional API key
    private var configSection: some View {
        VStack(alignment: .leading, spacing: 10) {
            VStack(alignment: .leading, spacing: 4) {
                Text("Provider").font(.caption).foregroundStyle(.secondary)
                HStack {
                    // Free-text first so providers missing from the catalog
                    // (e.g. "nous") are still addable.
                    TextField("e.g. anthropic", text: $providerID)
                        .textFieldStyle(.roundedBorder)
                        .font(.system(.caption, design: .monospaced))
                    Menu("Browse") {
                        ForEach(providers) { provider in
                            Button(provider.providerName + " (\(provider.providerID))") {
                                providerID = provider.providerID
                            }
                        }
                    }
                    .controlSize(.small)
                }
            }
            VStack(alignment: .leading, spacing: 4) {
                Text("Credential Type").font(.caption).foregroundStyle(.secondary)
                Picker("", selection: $authType) {
                    ForEach(AuthType.allCases) { type in
                        Text(type.displayName).tag(type)
                    }
                }
                .pickerStyle(.segmented)
                .labelsHidden()
            }
            VStack(alignment: .leading, spacing: 4) {
                Text("Label (optional)").font(.caption).foregroundStyle(.secondary)
                TextField("e.g. team-prod", text: $label)
                    .textFieldStyle(.roundedBorder)
            }
            if authType == .apiKey {
                VStack(alignment: .leading, spacing: 4) {
                    Text("API Key").font(.caption).foregroundStyle(.secondary)
                    SecureField("sk-…", text: $apiKey)
                        .textFieldStyle(.roundedBorder)
                        .font(.system(.caption, design: .monospaced))
                }
            } else {
                oauthPreamble
            }
        }
    }
    /// Brief explanation shown before the user clicks "Start OAuth". Sets
    /// expectations about the embedded-terminal flow so the browser window
    /// and code-paste step aren't surprises.
    private var oauthPreamble: some View {
        VStack(alignment: .leading, spacing: 6) {
            Text("Clicking Start OAuth opens the provider's authorization page in your browser. After you approve, copy the code the provider displays and paste it back into the terminal that appears next.")
                .font(.caption)
                .foregroundStyle(.secondary)
            Text("The terminal is a real TTY — paste with ⌘V, press Return, and wait for the process to exit with \"login succeeded\".")
                .font(.caption)
                .foregroundStyle(.secondary)
        }
        .padding(8)
        .background(.quaternary.opacity(0.3))
        .clipShape(RoundedRectangle(cornerRadius: 6))
    }
    // MARK: - Step 2: OAuth — URL button, code field, live output log
    private var oauthSection: some View {
        // Pull the observable controller into a local so the view redraws
        // when its @Observable properties change.
        let flow = viewModel.oauthFlow
        return VStack(alignment: .leading, spacing: 10) {
            oauthHeader(flow: flow)
            urlBlock(flow: flow)
            codeEntryBlock(flow: flow)
            outputLogBlock(flow: flow)
        }
    }
    @ViewBuilder
    private func oauthHeader(flow: OAuthFlowController) -> some View {
        HStack(spacing: 8) {
            Image(systemName: "person.badge.key")
            Text("OAuth login for \(viewModel.oauthProvider)")
                .font(.headline)
            Spacer()
            if flow.isRunning {
                ProgressView().controlSize(.small)
            } else if flow.succeeded {
                Label("Succeeded", systemImage: "checkmark.circle.fill")
                    .font(.caption)
                    .foregroundStyle(.green)
            } else if let err = flow.errorMessage {
                Label(err, systemImage: "exclamationmark.triangle.fill")
                    .font(.caption)
                    .foregroundStyle(.orange)
                    .lineLimit(1)
            }
        }
    }
    /// Authorization URL block. Hermes prints the URL on startup; we detect
    /// it via regex and expose a prominent Open + Copy pair. The URL keeps
    /// showing even after the browser is opened so users can paste it into
    /// a different browser profile if needed.
    @ViewBuilder
    private func urlBlock(flow: OAuthFlowController) -> some View {
        if let url = flow.authorizationURL {
            VStack(alignment: .leading, spacing: 6) {
                Label("Authorization URL", systemImage: "link")
                    .font(.caption.bold())
                    .foregroundStyle(.secondary)
                HStack(spacing: 6) {
                    Text(url)
                        .font(.caption.monospaced())
                        .textSelection(.enabled)
                        .lineLimit(2)
                        .truncationMode(.middle)
                    Spacer()
                    Button {
                        flow.openURLInBrowser()
                    } label: {
                        Label("Open in Browser", systemImage: "safari")
                    }
                    .controlSize(.small)
                    .buttonStyle(.borderedProminent)
                    Button {
                        NSPasteboard.general.clearContents()
                        NSPasteboard.general.setString(url, forType: .string)
                    } label: {
                        Label("Copy", systemImage: "doc.on.doc")
                    }
                    .controlSize(.small)
                }
            }
            .padding(8)
            .background(.blue.opacity(0.08))
            .clipShape(RoundedRectangle(cornerRadius: 6))
        } else if flow.isRunning {
            // Still waiting for hermes to print the URL — usually <1s.
            HStack(spacing: 6) {
                ProgressView().controlSize(.small)
                Text("Waiting for authorization URL…")
                    .font(.caption)
                    .foregroundStyle(.secondary)
            }
        }
    }
    /// Authorization code input. Only active once hermes has printed its
    /// "Authorization code:" prompt so users can't submit before hermes is
    /// ready to receive input.
    @ViewBuilder
    private func codeEntryBlock(flow: OAuthFlowController) -> some View {
        VStack(alignment: .leading, spacing: 4) {
            Label("Authorization Code", systemImage: "keyboard")
                .font(.caption.bold())
                .foregroundStyle(.secondary)
            Text("After approving in your browser, the provider shows a code. Paste it below and submit.")
                .font(.caption)
                .foregroundStyle(.secondary)
            HStack(spacing: 6) {
                TextField("Paste code here…", text: $authCode)
                    .textFieldStyle(.roundedBorder)
                    .font(.system(.caption, design: .monospaced))
                    .disabled(!flow.awaitingCode)
                    .onSubmit { submitCode(flow: flow) }
                Button("Submit") { submitCode(flow: flow) }
                    .controlSize(.small)
                    .buttonStyle(.borderedProminent)
                    .disabled(!flow.awaitingCode || authCode.trimmingCharacters(in: .whitespaces).isEmpty)
            }
            if !flow.awaitingCode && flow.isRunning {
                Text("Waiting for hermes to prompt for the code…")
                    .font(.caption2)
                    .foregroundStyle(.tertiary)
            }
        }
    }
    /// Live output log — useful for diagnostics if the flow stalls or errors.
    @ViewBuilder
    private func outputLogBlock(flow: OAuthFlowController) -> some View {
        VStack(alignment: .leading, spacing: 4) {
            Label("Output", systemImage: "text.alignleft")
                .font(.caption.bold())
                .foregroundStyle(.secondary)
            ScrollView {
                Text(flow.output.isEmpty ? "(no output yet)" : flow.output)
                    .font(.system(.caption, design: .monospaced))
                    .textSelection(.enabled)
                    .frame(maxWidth: .infinity, alignment: .leading)
                    .padding(8)
            }
            .frame(minHeight: 120, maxHeight: 200)
            .background(.quaternary.opacity(0.3))
            .clipShape(RoundedRectangle(cornerRadius: 6))
        }
    }
    private func submitCode(flow: OAuthFlowController) {
        let trimmed = authCode.trimmingCharacters(in: .whitespacesAndNewlines)
        guard !trimmed.isEmpty else { return }
        viewModel.submitOAuthCode(trimmed)
        authCode = ""
    }
    // MARK: - Footer (buttons)
    private var footer: some View {
        HStack {
            Spacer()
            if oauthStarted {
                Button("Close") {
                    // Closing mid-flow terminates hermes so we don't leave a
                    // zombie process waiting for stdin forever.
                    viewModel.cancelOAuth()
                    onDismiss()
                }
            } else {
                Button("Cancel") { onDismiss() }
                if authType == .apiKey {
                    Button("Add") {
                        viewModel.addAPIKey(provider: providerID, apiKey: apiKey, label: label)
                        onDismiss()
                    }
                    .buttonStyle(.borderedProminent)
                    .disabled(providerID.trimmingCharacters(in: .whitespaces).isEmpty || apiKey.trimmingCharacters(in: .whitespaces).isEmpty)
                } else {
                    Button("Start OAuth") {
                        viewModel.startOAuth(provider: providerID, label: label)
                        oauthStarted = true
                    }
                    .buttonStyle(.borderedProminent)
                    .disabled(providerID.trimmingCharacters(in: .whitespaces).isEmpty)
                }
            }
        }
    }
 }
@@ -1,19 +1,180 @@
 import Foundation
 import AppKit
 import os
@Observable
 final class CronViewModel {
-    private let fileService = HermesFileService()
+    private let logger = Logger(subsystem: "com.scarf", category: "CronViewModel")
    let context: ServerContext
    private let fileService: HermesFileService
    init(context: ServerContext = .local) {
        self.context = context
        self.fileService = HermesFileService(context: context)
    }
    var jobs: [HermesCronJob] = []
    var selectedJob: HermesCronJob?
    var jobOutput: String?
    var availableSkills: [String] = []
    var message: String?
    var showCreateSheet = false
    var editingJob: HermesCronJob?
    var isLoading = false
    func load() {
-        jobs = fileService.loadCronJobs()
+        isLoading = true
        let svc = fileService
        let selectedID = selectedJob?.id
        Task.detached { [weak self] in
            // Three sync transport ops on remote — keep them off main.
            let jobs = svc.loadCronJobs()
            let skills = svc.loadSkills().flatMap { $0.skills.map(\.id) }.sorted()
            let refreshed = selectedID.flatMap { id in jobs.first(where: { $0.id == id }) }
            let output = refreshed.flatMap { svc.loadCronOutput(jobId: $0.id) }
            await MainActor.run { [weak self] in
                guard let self else { return }
                self.jobs = jobs
                self.availableSkills = skills
                if let refreshed { self.selectedJob = refreshed }
                if output != nil { self.jobOutput = output }
                self.isLoading = false
            }
        }
    }
    func selectJob(_ job: HermesCronJob) {
        selectedJob = job
-        jobOutput = fileService.loadCronOutput(jobId: job.id)
+        let svc = fileService
        let jobID = job.id
        Task.detached { [weak self] in
            let output = svc.loadCronOutput(jobId: jobID)
            await MainActor.run { [weak self] in self?.jobOutput = output }
        }
    }
    // MARK: - CLI wrappers
    func pauseJob(_ job: HermesCronJob) {
        runAndReload(["cron", "pause", job.id], success: "Paused")
    }
    func resumeJob(_ job: HermesCronJob) {
        runAndReload(["cron", "resume", job.id], success: "Resumed")
    }
    func runNow(_ job: HermesCronJob) {
        // `hermes cron run <id>` only marks the job as due on the next
        // scheduler tick — it doesn't actually execute. If the Hermes
        // gateway's scheduler isn't running (common during dev + right
        // after install), the user's "Run now" click results in zero
        // visible effect because the tick never comes. We follow up
        // with `hermes cron tick` which runs all due jobs once and
        // exits. Redundant-but-harmless when the gateway is running;
        // the actual trigger when it isn't.
        //
        // Feedback model: show a "Agent started" toast as soon as
        // `cron run` succeeds, WITHOUT waiting for `cron tick` to
        // return. Agent jobs routinely run past a minute (network IO +
        // an LLM call + a file rewrite), and earlier versions with a
        // 60s tick timeout surfaced a misleading "Run failed" toast
        // every time while the job kept running in the background.
        // The app's HermesFileWatcher picks up the dashboard.json
        // rewrite that the agent lands at the end — that's what the
        // user actually watches for, not this toast.
        let svc = fileService
        let jobID = job.id
        Task.detached { [weak self] in
            let runResult = svc.runHermesCLI(args: ["cron", "run", jobID], timeout: 30)
            await MainActor.run { [weak self] in
                guard let self else { return }
                if runResult.exitCode != 0 {
                    self.message = "Run failed to queue: \(runResult.output.prefix(200))"
                    self.logger.warning("cron run failed: \(runResult.output)")
                    self.load()
                    DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
                        self?.message = nil
                    }
                    return
                }
                self.message = "Agent started — dashboard will update when it finishes"
                self.load()
            }
            // `cron run` is queued; now force the tick. The 300s
            // timeout catches truly stuck processes without killing
            // the long-but-valid agent case that blew up the 60s
            // version. A timeout here is survivable — the Hermes
            // scheduler re-runs due jobs on its own cadence — so we
            // log but don't surface it as a failure toast.
            try? await Task.sleep(for: .milliseconds(250))
            let tickResult = svc.runHermesCLI(args: ["cron", "tick"], timeout: 300)
            await MainActor.run { [weak self] in
                guard let self else { return }
                if tickResult.exitCode != 0 {
                    self.logger.warning("cron tick exited non-zero (job may still complete via scheduler): \(tickResult.output)")
                }
                self.load()
                DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
                    self?.message = nil
                }
            }
        }
    }
    func deleteJob(_ job: HermesCronJob) {
        runAndReload(["cron", "remove", job.id], success: "Removed")
        if selectedJob?.id == job.id {
            selectedJob = nil
            jobOutput = nil
        }
    }
    func createJob(schedule: String, prompt: String, name: String, deliver: String, skills: [String], script: String, repeatCount: String) {
        var args = ["cron", "create"]
        if !name.isEmpty { args += ["--name", name] }
        if !deliver.isEmpty { args += ["--deliver", deliver] }
        if !repeatCount.isEmpty { args += ["--repeat", repeatCount] }
        for skill in skills where !skill.isEmpty { args += ["--skill", skill] }
        if !script.isEmpty { args += ["--script", script] }
        args.append(schedule)
        if !prompt.isEmpty { args.append(prompt) }
        runAndReload(args, success: "Job created")
    }
    func updateJob(id: String, schedule: String?, prompt: String?, name: String?, deliver: String?, repeatCount: String?, newSkills: [String]?, clearSkills: Bool, script: String?) {
        var args = ["cron", "edit", id]
        if let schedule, !schedule.isEmpty { args += ["--schedule", schedule] }
        if let prompt, !prompt.isEmpty { args += ["--prompt", prompt] }
        if let name, !name.isEmpty { args += ["--name", name] }
        if let deliver { args += ["--deliver", deliver] }
        if let repeatCount, !repeatCount.isEmpty { args += ["--repeat", repeatCount] }
        if clearSkills {
            args.append("--clear-skills")
        } else if let newSkills {
            for skill in newSkills where !skill.isEmpty { args += ["--skill", skill] }
        }
        if let script { args += ["--script", script] }
        runAndReload(args, success: "Updated")
    }
    // MARK: - Private
    private func runAndReload(_ arguments: [String], success: String) {
        Task.detached { [fileService] in
            let result = fileService.runHermesCLI(args: arguments, timeout: 60)
            await MainActor.run {
                if result.exitCode == 0 {
                    self.message = success
                } else {
                    self.message = "Failed: \(result.output.prefix(200))"
                    self.logger.warning("cron command failed: args=\(arguments) output=\(result.output)")
                }
                self.load()
                DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
                    self?.message = nil
                }
            }
        }
    }
 }
@@ -1,61 +1,148 @@
 import SwiftUI
 struct CronView: View {
-    @State private var viewModel = CronViewModel()
+    @State private var viewModel: CronViewModel
    @State private var pendingDelete: HermesCronJob?
    init(context: ServerContext) {
        _viewModel = State(initialValue: CronViewModel(context: context))
    }
    var body: some View {
        HSplitView {
            jobsList
-                .frame(minWidth: 300, idealWidth: 350)
+                .frame(minWidth: 320, idealWidth: 360)
            jobDetail
                .frame(minWidth: 400)
        }
        .navigationTitle("Cron Jobs")
        .loadingOverlay(viewModel.isLoading, label: "Loading cron jobs…", isEmpty: viewModel.jobs.isEmpty)
        .onAppear { viewModel.load() }
        .sheet(isPresented: $viewModel.showCreateSheet) {
            CronJobEditor(mode: .create, availableSkills: viewModel.availableSkills) { form in
                viewModel.createJob(
                    schedule: form.schedule,
                    prompt: form.prompt,
                    name: form.name,
                    deliver: form.deliver,
                    skills: form.skills,
                    script: form.script,
                    repeatCount: form.repeatCount
                )
                viewModel.showCreateSheet = false
            } onCancel: {
                viewModel.showCreateSheet = false
            }
        }
        .sheet(item: $viewModel.editingJob) { job in
            CronJobEditor(mode: .edit(job), availableSkills: viewModel.availableSkills) { form in
                viewModel.updateJob(
                    id: job.id,
                    schedule: form.schedule,
                    prompt: form.prompt,
                    name: form.name,
                    deliver: form.deliver,
                    repeatCount: form.repeatCount,
                    newSkills: form.skills,
                    clearSkills: form.clearSkills,
                    script: form.script
                )
                viewModel.editingJob = nil
            } onCancel: {
                viewModel.editingJob = nil
            }
        }
        .confirmationDialog(
            pendingDelete.map { "Delete \($0.name)?" } ?? "",
            isPresented: Binding(get: { pendingDelete != nil }, set: { if !$0 { pendingDelete = nil } })
        ) {
            Button("Delete", role: .destructive) {
                if let job = pendingDelete { viewModel.deleteJob(job) }
                pendingDelete = nil
            }
            Button("Cancel", role: .cancel) { pendingDelete = nil }
        } message: {
            Text("This removes the scheduled job permanently.")
        }
    }
    private var jobsList: some View {
-        List(selection: Binding(
+        VStack(spacing: 0) {
-            get: { viewModel.selectedJob?.id },
+            HStack {
-            set: { id in
+                if let msg = viewModel.message {
-                if let id, let job = viewModel.jobs.first(where: { $0.id == id }) {
+                    Label(msg, systemImage: "info.circle.fill")
-                    viewModel.selectJob(job)
+                        .font(.caption)
-                } else {
+                        .foregroundStyle(.secondary)
                    viewModel.selectedJob = nil
                    viewModel.jobOutput = nil
                }
                Spacer()
                Button {
                    viewModel.showCreateSheet = true
                } label: {
                    Label("Add", systemImage: "plus")
                }
                .controlSize(.small)
                Button("Reload") { viewModel.load() }
                    .controlSize(.small)
            }
-        )) {
+            .padding(.horizontal)
-            ForEach(viewModel.jobs) { job in
+            .padding(.vertical, 6)
-                HStack {
+            Divider()
-                    Image(systemName: job.stateIcon)
+            List(selection: Binding(
-                        .foregroundStyle(job.enabled ? .primary : .secondary)
+                get: { viewModel.selectedJob?.id },
-                    VStack(alignment: .leading, spacing: 2) {
+                set: { id in
-                        Text(job.name)
+                    if let id, let job = viewModel.jobs.first(where: { $0.id == id }) {
-                            .lineLimit(1)
+                        viewModel.selectJob(job)
-                        Text(job.schedule.display ?? job.schedule.kind)
+                    } else {
-                            .font(.caption)
+                        viewModel.selectedJob = nil
-                            .foregroundStyle(.secondary)
+                        viewModel.jobOutput = nil
-                    }
+                    }
-                    Spacer()
+                }
-                    if job.silent == true {
+            )) {
-                        Text("SILENT")
+                ForEach(viewModel.jobs) { job in
-                            .font(.caption2.bold())
+                    HStack {
-                            .foregroundStyle(.purple)
+                        Image(systemName: job.stateIcon)
-                    }
+                            .foregroundStyle(job.enabled ? .primary : .secondary)
-                    if !job.enabled {
+                        VStack(alignment: .leading, spacing: 2) {
-                        Text("Disabled")
+                            Text(job.name)
-                            .font(.caption2)
+                                .lineLimit(1)
-                            .foregroundStyle(.secondary)
+                            Text(job.schedule.display ?? job.schedule.kind)
                                .font(.caption)
                                .foregroundStyle(.secondary)
                        }
                        Spacer()
                        if job.silent == true {
                            Text("SILENT")
                                .font(.caption2.bold())
                                .foregroundStyle(.purple)
                        }
                        if !job.enabled {
                            Text("Disabled")
                                .font(.caption2)
                                .foregroundStyle(.secondary)
                        }
                    }
                    .tag(job.id)
                    .contextMenu {
                        Button(job.enabled ? "Pause" : "Resume") {
                            if job.enabled {
                                viewModel.pauseJob(job)
                            } else {
                                viewModel.resumeJob(job)
                            }
                        }
                        Button("Run Now") { viewModel.runNow(job) }
                        Button("Edit") { viewModel.editingJob = job }
                        Divider()
                        Button("Delete", role: .destructive) { pendingDelete = job }
                    }
                }
                .tag(job.id)
            }
-        }
+            .listStyle(.inset)
-        .listStyle(.inset)
+            .overlay {
-        .overlay {
+                if viewModel.jobs.isEmpty {
-            if viewModel.jobs.isEmpty {
+                    ContentUnavailableView("No Cron Jobs", systemImage: "clock.arrow.2.circlepath", description: Text("No scheduled jobs configured"))
-                ContentUnavailableView("No Cron Jobs", systemImage: "clock.arrow.2.circlepath", description: Text("No scheduled jobs configured"))
+                }
            }
        }
    }
@@ -65,108 +152,10 @@ struct CronView: View {
        if let job = viewModel.selectedJob {
            ScrollView {
                VStack(alignment: .leading, spacing: 16) {
-                    VStack(alignment: .leading, spacing: 8) {
+                    detailHeader(job)
-                        Text(job.name)
+                    actionBar(job)
                            .font(.title2.bold())
                        HStack(spacing: 16) {
                            Label(job.state, systemImage: job.stateIcon)
                            Label(job.schedule.display ?? job.schedule.kind, systemImage: "clock")
                            Label(job.enabled ? "Enabled" : "Disabled", systemImage: job.enabled ? "checkmark.circle" : "xmark.circle")
                            if let deliver = job.deliveryDisplay {
                                Label("Deliver: \(deliver)", systemImage: "paperplane")
                            }
                        }
                        .font(.caption)
                        .foregroundStyle(.secondary)
                    }
                    Divider()
-                    VStack(alignment: .leading, spacing: 4) {
+                    detailBody(job)
                        Text("Prompt")
                            .font(.caption.bold())
                            .foregroundStyle(.secondary)
                        Text(job.prompt)
                            .textSelection(.enabled)
                            .padding(8)
                            .frame(maxWidth: .infinity, alignment: .leading)
                            .background(.quaternary.opacity(0.5))
                            .clipShape(RoundedRectangle(cornerRadius: 6))
                    }
                    if let script = job.preRunScript, !script.isEmpty {
                        VStack(alignment: .leading, spacing: 4) {
                            Text("Pre-Run Script")
                                .font(.caption.bold())
                                .foregroundStyle(.secondary)
                            Text(script)
                                .font(.system(.caption, design: .monospaced))
                                .textSelection(.enabled)
                                .padding(8)
                                .frame(maxWidth: .infinity, alignment: .leading)
                                .background(.quaternary.opacity(0.5))
                                .clipShape(RoundedRectangle(cornerRadius: 6))
                        }
                    }
                    if let skills = job.skills, !skills.isEmpty {
                        VStack(alignment: .leading, spacing: 4) {
                            Text("Skills")
                                .font(.caption.bold())
                                .foregroundStyle(.secondary)
                            HStack {
                                ForEach(skills, id: \.self) { skill in
                                    Text(skill)
                                        .font(.caption.monospaced())
                                        .padding(.horizontal, 8)
                                        .padding(.vertical, 2)
                                        .background(.quaternary)
                                        .clipShape(Capsule())
                                }
                            }
                        }
                    }
                    if let nextRun = job.nextRunAt {
                        Label("Next run: \(nextRun)", systemImage: "arrow.forward.circle")
                            .font(.caption)
                            .foregroundStyle(.secondary)
                    }
                    if let lastRun = job.lastRunAt {
                        Label("Last run: \(lastRun)", systemImage: "arrow.backward.circle")
                            .font(.caption)
                            .foregroundStyle(.secondary)
                    }
                    if let error = job.lastError {
                        Label(error, systemImage: "exclamationmark.triangle")
                            .font(.caption)
                            .foregroundStyle(.red)
                    }
                    if let timeout = job.timeoutSeconds {
                        Label("Timeout: \(timeout)s (\(job.timeoutType ?? "wall_clock"))", systemImage: "timer")
                            .font(.caption)
                            .foregroundStyle(.secondary)
                    }
                    if let failures = job.deliveryFailures, failures > 0 {
                        Label("\(failures) delivery failure\(failures == 1 ? "" : "s")", systemImage: "exclamationmark.triangle")
                            .font(.caption)
                            .foregroundStyle(.orange)
                    }
                    if let deliveryError = job.lastDeliveryError {
                        Label(deliveryError, systemImage: "paperplane.circle")
                            .font(.caption)
                            .foregroundStyle(.orange)
                    }
                    if let output = viewModel.jobOutput {
                        Divider()
                        VStack(alignment: .leading, spacing: 4) {
                            Text("Last Output")
                                .font(.caption.bold())
                                .foregroundStyle(.secondary)
                            Text(output)
                                .font(.system(.caption, design: .monospaced))
                                .textSelection(.enabled)
                                .padding(8)
                                .frame(maxWidth: .infinity, alignment: .leading)
                                .background(.quaternary.opacity(0.5))
                                .clipShape(RoundedRectangle(cornerRadius: 6))
                        }
                    }
                }
                .padding()
                .frame(maxWidth: .infinity, alignment: .topLeading)
@@ -176,4 +165,257 @@ struct CronView: View {
                .frame(maxWidth: .infinity, maxHeight: .infinity)
        }
    }
    private func detailHeader(_ job: HermesCronJob) -> some View {
        VStack(alignment: .leading, spacing: 8) {
            Text(job.name)
                .font(.title2.bold())
            HStack(spacing: 16) {
                Label(job.state, systemImage: job.stateIcon)
                Label(job.schedule.display ?? job.schedule.kind, systemImage: "clock")
                Label(job.enabled ? "Enabled" : "Disabled", systemImage: job.enabled ? "checkmark.circle" : "xmark.circle")
                if let deliver = job.deliveryDisplay {
                    Label("Deliver: \(deliver)", systemImage: "paperplane")
                }
            }
            .font(.caption)
            .foregroundStyle(.secondary)
        }
    }
    private func actionBar(_ job: HermesCronJob) -> some View {
        HStack(spacing: 8) {
            Button {
                if job.enabled { viewModel.pauseJob(job) } else { viewModel.resumeJob(job) }
            } label: {
                Label(job.enabled ? "Pause" : "Resume", systemImage: job.enabled ? "pause" : "play")
            }
            Button {
                viewModel.runNow(job)
            } label: {
                Label("Run Now", systemImage: "bolt")
            }
            Button {
                viewModel.editingJob = job
            } label: {
                Label("Edit", systemImage: "pencil")
            }
            Spacer()
            Button(role: .destructive) {
                pendingDelete = job
            } label: {
                Label("Delete", systemImage: "trash")
            }
        }
        .controlSize(.small)
    }
    @ViewBuilder
    private func detailBody(_ job: HermesCronJob) -> some View {
        VStack(alignment: .leading, spacing: 4) {
            Text("Prompt")
                .font(.caption.bold())
                .foregroundStyle(.secondary)
            Text(job.prompt)
                .textSelection(.enabled)
                .padding(8)
                .frame(maxWidth: .infinity, alignment: .leading)
                .background(.quaternary.opacity(0.5))
                .clipShape(RoundedRectangle(cornerRadius: 6))
        }
        if let script = job.preRunScript, !script.isEmpty {
            VStack(alignment: .leading, spacing: 4) {
                Text("Pre-Run Script")
                    .font(.caption.bold())
                    .foregroundStyle(.secondary)
                Text(script)
                    .font(.system(.caption, design: .monospaced))
                    .textSelection(.enabled)
                    .padding(8)
                    .frame(maxWidth: .infinity, alignment: .leading)
                    .background(.quaternary.opacity(0.5))
                    .clipShape(RoundedRectangle(cornerRadius: 6))
            }
        }
        if let skills = job.skills, !skills.isEmpty {
            VStack(alignment: .leading, spacing: 4) {
                Text("Skills")
                    .font(.caption.bold())
                    .foregroundStyle(.secondary)
                HStack {
                    ForEach(skills, id: \.self) { skill in
                        Text(skill)
                            .font(.caption.monospaced())
                            .padding(.horizontal, 8)
                            .padding(.vertical, 2)
                            .background(.quaternary)
                            .clipShape(Capsule())
                    }
                }
            }
        }
        if let nextRun = job.nextRunAt {
            Label("Next run: \(nextRun)", systemImage: "arrow.forward.circle")
                .font(.caption)
                .foregroundStyle(.secondary)
        }
        if let lastRun = job.lastRunAt {
            Label("Last run: \(lastRun)", systemImage: "arrow.backward.circle")
                .font(.caption)
                .foregroundStyle(.secondary)
        }
        if let error = job.lastError {
            Label(error, systemImage: "exclamationmark.triangle")
                .font(.caption)
                .foregroundStyle(.red)
        }
        if let timeout = job.timeoutSeconds {
            Label("Timeout: \(timeout)s (\(job.timeoutType ?? "wall_clock"))", systemImage: "timer")
                .font(.caption)
                .foregroundStyle(.secondary)
        }
        if let failures = job.deliveryFailures, failures > 0 {
            Label("\(failures) delivery failure\(failures == 1 ? "" : "s")", systemImage: "exclamationmark.triangle")
                .font(.caption)
                .foregroundStyle(.orange)
        }
        if let deliveryError = job.lastDeliveryError {
            Label(deliveryError, systemImage: "paperplane.circle")
                .font(.caption)
                .foregroundStyle(.orange)
        }
        if let output = viewModel.jobOutput {
            Divider()
            VStack(alignment: .leading, spacing: 4) {
                Text("Last Output")
                    .font(.caption.bold())
                    .foregroundStyle(.secondary)
                Text(output)
                    .font(.system(.caption, design: .monospaced))
                    .textSelection(.enabled)
                    .padding(8)
                    .frame(maxWidth: .infinity, alignment: .leading)
                    .background(.quaternary.opacity(0.5))
                    .clipShape(RoundedRectangle(cornerRadius: 6))
            }
        }
    }
 }
 /// Create/edit sheet. Form fields mirror `hermes cron create|edit` flags.
 struct CronJobEditor: View {
    enum Mode {
        case create
        case edit(HermesCronJob)
    }
    struct FormState {
        var name: String = ""
        var schedule: String = ""
        var prompt: String = ""
        var deliver: String = ""
        var repeatCount: String = ""
        var skills: [String] = []
        var clearSkills: Bool = false
        var script: String = ""
    }
    let mode: Mode
    let availableSkills: [String]
    let onSave: (FormState) -> Void
    let onCancel: () -> Void
    @State private var form = FormState()
    @State private var isEditMode = false
    var body: some View {
        VStack(alignment: .leading, spacing: 12) {
            Text(headerText)
                .font(.headline)
            formField("Name", text: $form.name, placeholder: "Friendly label")
            formField("Schedule", text: $form.schedule, placeholder: "0 9 * * *  or  30m  or  every 2h", mono: true)
            VStack(alignment: .leading, spacing: 4) {
                Text("Prompt")
                    .font(.caption).foregroundStyle(.secondary)
                TextEditor(text: $form.prompt)
                    .font(.system(.caption, design: .monospaced))
                    .frame(minHeight: 100)
                    .padding(4)
                    .background(.quaternary.opacity(0.3))
                    .clipShape(RoundedRectangle(cornerRadius: 6))
            }
            formField("Deliver", text: $form.deliver, placeholder: "origin | local | discord:CHANNEL | telegram:CHAT", mono: true)
            formField("Repeat", text: $form.repeatCount, placeholder: "Optional count")
            formField("Script path", text: $form.script, placeholder: "Python script whose stdout is injected", mono: true)
            if !availableSkills.isEmpty {
                VStack(alignment: .leading, spacing: 4) {
                    Text("Skills")
                        .font(.caption).foregroundStyle(.secondary)
                    ScrollView {
                        VStack(alignment: .leading, spacing: 2) {
                            ForEach(availableSkills, id: \.self) { skill in
                                Toggle(skill, isOn: Binding(
                                    get: { form.skills.contains(skill) },
                                    set: { on in
                                        if on {
                                            form.skills.append(skill)
                                        } else {
                                            form.skills.removeAll { $0 == skill }
                                        }
                                    }
                                ))
                                .font(.caption.monospaced())
                                .toggleStyle(.checkbox)
                            }
                        }
                    }
                    .frame(maxHeight: 120)
                    .padding(6)
                    .background(.quaternary.opacity(0.3))
                    .clipShape(RoundedRectangle(cornerRadius: 6))
                    if isEditMode {
                        Toggle("Clear all skills on save", isOn: $form.clearSkills)
                            .font(.caption)
                    }
                }
            }
            HStack {
                Spacer()
                Button("Cancel") { onCancel() }
                Button("Save") { onSave(form) }
                    .buttonStyle(.borderedProminent)
                    .disabled(form.schedule.isEmpty)
            }
        }
        .padding()
        .frame(minWidth: 560, minHeight: 560)
        .onAppear {
            if case .edit(let job) = mode {
                isEditMode = true
                form.name = job.name
                form.schedule = job.schedule.expression ?? job.schedule.display ?? ""
                form.prompt = job.prompt
                form.deliver = job.deliver ?? ""
                form.skills = job.skills ?? []
                form.script = job.preRunScript ?? ""
            }
        }
    }
    private var headerText: String {
        switch mode {
        case .create: return "Create Cron Job"
        case .edit(let job): return "Edit \(job.name)"
        }
    }
    @ViewBuilder
    private func formField(_ label: String, text: Binding<String>, placeholder: String, mono: Bool = false) -> some View {
        VStack(alignment: .leading, spacing: 4) {
            Text(label).font(.caption).foregroundStyle(.secondary)
            TextField(placeholder, text: text)
                .textFieldStyle(.roundedBorder)
                .font(mono ? .system(.caption, design: .monospaced) : .caption)
        }
    }
 }
@@ -2,8 +2,16 @@ import Foundation
@Observable
 final class DashboardViewModel {
-    private let dataService = HermesDataService()
+    let context: ServerContext
-    private let fileService = HermesFileService()
+    private let dataService: HermesDataService
    private let fileService: HermesFileService
    init(context: ServerContext = .local) {
        self.context = context
        self.dataService = HermesDataService(context: context)
        self.fileService = HermesFileService(context: context)
    }
    var stats = HermesDataService.SessionStats.empty
    var recentSessions: [HermesSession] = []
@@ -13,18 +21,73 @@ final class DashboardViewModel {
    var hermesRunning = false
    var isLoading = true
    /// User-presentable error banner. Set when any of the remote reads
    /// (state.db snapshot, config.yaml, gateway_state.json, pgrep) failed
    /// in a way that's not just "file doesn't exist yet". Dashboard renders
    /// this above the stats with a "Run Diagnostics…" button. `nil` = no
    /// surfaceable error.
    var lastReadError: String?
    func load() async {
        isLoading = true
-        let opened = await dataService.open()
+        // refresh() = close + reopen, forces a fresh remote snapshot. Cheap
        // on local (live DB reopen).
        let opened = await dataService.refresh()
        var collectedErrors: [String] = []
        if opened {
            stats = await dataService.fetchStats()
            recentSessions = await dataService.fetchSessions(limit: 5)
            sessionPreviews = await dataService.fetchSessionPreviews(limit: 5)
            await dataService.close()
        } else if let msg = await dataService.lastOpenError {
            collectedErrors.append(msg)
        }
        // The fileService methods are synchronous and route through the
        // transport. For remote contexts each call is a blocking ssh
        // round-trip — do them off the main thread to avoid spinning the
        // beach ball during the load.
        let svc = fileService
        struct LoadResults: Sendable {
            let cfg: Result<HermesConfig, Error>
            let gw: Result<GatewayState?, Error>
            let running: Result<pid_t?, Error>
        }
        let results = await Task.detached { () -> LoadResults in
            LoadResults(
                cfg: svc.loadConfigResult(),
                gw: svc.loadGatewayStateResult(),
                running: svc.hermesPIDResult()
            )
        }.value
        switch results.cfg {
        case .success(let c): config = c
        case .failure(let e):
            config = .empty
            collectedErrors.append("config.yaml — \(e.localizedDescription)")
        }
        switch results.gw {
        case .success(let g): gatewayState = g
        case .failure(let e):
            gatewayState = nil
            collectedErrors.append("gateway_state.json — \(e.localizedDescription)")
        }
        switch results.running {
        case .success(let pid): hermesRunning = (pid != nil)
        case .failure(let e):
            hermesRunning = false
            collectedErrors.append("pgrep — \(e.localizedDescription)")
        }
        // Only surface when there's a real error AND we're on a remote
        // context. Local contexts rarely hit these paths (live DB, local
        // filesystem), and a transient "file doesn't exist yet" on fresh
        // installs shouldn't scare users.
        if context.isRemote, !collectedErrors.isEmpty {
            lastReadError = collectedErrors.joined(separator: "\n")
        } else {
            lastReadError = nil
        }
        config = fileService.loadConfig()
        gatewayState = fileService.loadGatewayState()
        hermesRunning = fileService.isHermesRunning()
        isLoading = false
    }
 }
@@ -1,13 +1,22 @@
 import SwiftUI
 struct DashboardView: View {
-    @State private var viewModel = DashboardViewModel()
+    @State private var viewModel: DashboardViewModel
    @State private var showDiagnostics = false
    @Environment(AppCoordinator.self) private var coordinator
    @Environment(HermesFileWatcher.self) private var fileWatcher
    init(context: ServerContext) {
        _viewModel = State(initialValue: DashboardViewModel(context: context))
    }
    var body: some View {
        ScrollView {
            VStack(alignment: .leading, spacing: 20) {
                if let err = viewModel.lastReadError {
                    readErrorBanner(err)
                }
                statusSection
                statsSection
                recentSessionsSection
@@ -16,10 +25,53 @@ struct DashboardView: View {
            .frame(maxWidth: .infinity, alignment: .topLeading)
        }
        .navigationTitle("Dashboard")
        .loadingOverlay(
            viewModel.isLoading,
            label: "Loading dashboard…",
            isEmpty: viewModel.recentSessions.isEmpty
        )
        .task { await viewModel.load() }
        .onChange(of: fileWatcher.lastChangeDate) {
            Task { await viewModel.load() }
        }
        .sheet(isPresented: $showDiagnostics) {
            RemoteDiagnosticsView(context: viewModel.context)
        }
    }
    /// Banner shown above the Dashboard when one or more remote reads
    /// failed (permission denied, missing sqlite3, wrong home dir, etc.).
    /// Replaces the old silent-failure mode where empty values just
    /// appeared as "Stopped / unknown / 0" with no explanation.
    private func readErrorBanner(_ err: String) -> some View {
        VStack(alignment: .leading, spacing: 8) {
            HStack(alignment: .top, spacing: 8) {
                Image(systemName: "exclamationmark.triangle.fill")
                    .foregroundStyle(.orange)
                VStack(alignment: .leading, spacing: 4) {
                    Text("Can't read Hermes state on \(viewModel.context.displayName)")
                        .font(.headline)
                    Text(err)
                        .font(.caption.monospaced())
                        .foregroundStyle(.secondary)
                        .textSelection(.enabled)
                        .fixedSize(horizontal: false, vertical: true)
                }
                Spacer()
                Button {
                    showDiagnostics = true
                } label: {
                    Label("Run Diagnostics…", systemImage: "stethoscope")
                }
                .controlSize(.regular)
            }
        }
        .padding(12)
        .background(Color.orange.opacity(0.1), in: RoundedRectangle(cornerRadius: 8))
        .overlay(
            RoundedRectangle(cornerRadius: 8)
                .strokeBorder(Color.orange.opacity(0.3), lineWidth: 1)
        )
    }
    private var statusSection: some View {
@@ -62,7 +114,7 @@ struct DashboardView: View {
                StatCard(label: "Tokens", value: formatTokens(viewModel.stats.totalInputTokens + viewModel.stats.totalOutputTokens))
                let cost = viewModel.stats.totalActualCostUSD > 0 ? viewModel.stats.totalActualCostUSD : viewModel.stats.totalCostUSD
                if cost > 0 {
-                    StatCard(label: "Cost", value: String(format: "$%.2f", cost))
+                    StatCard(label: "Cost", value: cost.formatted(.currency(code: "USD").precision(.fractionLength(2))))
                }
            }
        }
@@ -165,7 +217,7 @@ struct SessionRow: View {
                Label("\(session.messageCount)", systemImage: "bubble.left")
                Label("\(session.toolCallCount)", systemImage: "wrench")
                if let cost = session.displayCostUSD, cost > 0 {
-                    Label(String(format: "$%.4f", cost), systemImage: "dollarsign.circle")
+                    Label(cost.formatted(.currency(code: "USD").precision(.fractionLength(4))), systemImage: "dollarsign.circle")
                }
            }
            .font(.caption)
@@ -37,6 +37,12 @@ struct PendingPairing: Identifiable {
@Observable
 final class GatewayViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) {
        self.context = context
    }
    var gateway = GatewayInfo(pid: nil, state: "unknown", exitReason: nil, startTime: nil, updatedAt: nil, platforms: [], isLoaded: false, isStale: false)
    var approvedUsers: [PairedUser] = []
    var pendingPairings: [PendingPairing] = []
@@ -45,52 +51,26 @@ final class GatewayViewModel {
    func load() {
        isLoading = true
-        loadGatewayStatus()
+        let ctx = context
-        loadPairing()
+        Task.detached { [weak self] in
-        isLoading = false
+            // Two sync transport calls + two CLI invocations — substantial
-    }
+            // remote latency. Detach the whole load and commit at the end.
-
+            let status = Self.fetchGatewayStatus(context: ctx)
-    func startGateway() {
+            let pairing = Self.fetchPairing(context: ctx)
-        runHermes(["gateway", "start"])
+            await MainActor.run { [weak self] in
-        actionMessage = "Gateway start requested"
+                guard let self else { return }
-        DispatchQueue.main.asyncAfter(deadline: .now() + 2) { [weak self] in
+                self.gateway = status
-            self?.loadGatewayStatus()
+                self.approvedUsers = pairing.approved
-            self?.actionMessage = nil
+                self.pendingPairings = pairing.pending
                self.isLoading = false
            }
        }
    }
-    func stopGateway() {
+    /// Static form of the gateway-status walk so the detached load can call
-        runHermes(["gateway", "stop"])
+    /// it without bouncing back to MainActor.
-        actionMessage = "Gateway stop requested"
+    nonisolated private static func fetchGatewayStatus(context: ServerContext) -> GatewayInfo {
-        DispatchQueue.main.asyncAfter(deadline: .now() + 2) { [weak self] in
+        let stateJSON = context.readData(context.paths.gatewayStateJSON)
            self?.loadGatewayStatus()
            self?.actionMessage = nil
        }
    }
    func restartGateway() {
        runHermes(["gateway", "restart"])
        actionMessage = "Gateway restart requested"
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.loadGatewayStatus()
            self?.actionMessage = nil
        }
    }
    func approvePairing(platform: String, code: String) {
        runHermes(["pairing", "approve", platform, code])
        loadPairing()
    }
    func revokeUser(_ user: PairedUser) {
        runHermes(["pairing", "revoke", user.platform, user.userId])
        approvedUsers.removeAll { $0.id == user.id }
    }
    // MARK: - Private
    private func loadGatewayStatus() {
        let stateJSON = FileManager.default.contents(atPath: HermesPaths.gatewayStateJSON)
        var pid: Int?
        var state = "unknown"
        var exitReason: String?
@@ -117,21 +97,21 @@ final class GatewayViewModel {
            }
        }
-        let statusOutput = runHermes(["gateway", "status"]).output
+        let statusOutput = context.runHermes(["gateway", "status"]).output
        let isLoaded = statusOutput.contains("service is loaded")
        let isStale = statusOutput.contains("stale")
-        gateway = GatewayInfo(
+        return GatewayInfo(
            pid: pid, state: state, exitReason: exitReason,
            startTime: startTime, updatedAt: updatedAt,
            platforms: platforms, isLoaded: isLoaded, isStale: isStale
        )
    }
-    private func loadPairing() {
+    nonisolated private static func fetchPairing(context: ServerContext) -> (approved: [PairedUser], pending: [PendingPairing]) {
-        let output = runHermes(["pairing", "list"]).output
+        let output = context.runHermes(["pairing", "list"]).output
-        approvedUsers = []
+        var approved: [PairedUser] = []
-        pendingPairings = []
+        var pending: [PendingPairing] = []
        var inApproved = false
        var inPending = false
@@ -147,31 +127,59 @@ final class GatewayViewModel {
                let platform = String(parts[0])
                let userId = String(parts[1])
                let name = parts[2...].joined(separator: " ")
-                approvedUsers.append(PairedUser(platform: platform, userId: userId, name: name))
+                approved.append(PairedUser(platform: platform, userId: userId, name: name))
-            }
+            } else if inPending && parts.count >= 2 {
            if inPending && parts.count >= 2 {
                let platform = String(parts[0])
                let code = String(parts[1])
-                pendingPairings.append(PendingPairing(platform: platform, code: code))
+                pending.append(PendingPairing(platform: platform, code: code))
            }
        }
        return (approved, pending)
    }
    func startGateway() {
        runHermes(["gateway", "start"])
        actionMessage = "Gateway start requested"
        DispatchQueue.main.asyncAfter(deadline: .now() + 2) { [weak self] in
            self?.load()
            self?.actionMessage = nil
        }
    }
-    @discardableResult
+    func stopGateway() {
-    private func runHermes(_ arguments: [String]) -> (output: String, exitCode: Int32) {
+        runHermes(["gateway", "stop"])
-        let process = Process()
+        actionMessage = "Gateway stop requested"
-        process.executableURL = URL(fileURLWithPath: HermesPaths.hermesBinary)
+        DispatchQueue.main.asyncAfter(deadline: .now() + 2) { [weak self] in
-        process.arguments = arguments
+            self?.load()
-        let pipe = Pipe()
+            self?.actionMessage = nil
        process.standardOutput = pipe
        process.standardError = Pipe()
        do {
            try process.run()
            process.waitUntilExit()
            let data = pipe.fileHandleForReading.readDataToEndOfFile()
            return (String(data: data, encoding: .utf8) ?? "", process.terminationStatus)
        } catch {
            return ("", -1)
        }
    }
    func restartGateway() {
        runHermes(["gateway", "restart"])
        actionMessage = "Gateway restart requested"
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.load()
            self?.actionMessage = nil
        }
    }
    func approvePairing(platform: String, code: String) {
        runHermes(["pairing", "approve", platform, code])
        load()
    }
    func revokeUser(_ user: PairedUser) {
        runHermes(["pairing", "revoke", user.platform, user.userId])
        approvedUsers.removeAll { $0.id == user.id }
    }
    // MARK: - Private
    // (loadGatewayStatus / loadPairing were moved to static helpers above
    // so the detached load() can run them without touching MainActor state.)
    @discardableResult
    private func runHermes(_ arguments: [String]) -> (output: String, exitCode: Int32) {
        context.runHermes(arguments)
    }
 }
@@ -1,9 +1,14 @@
 import SwiftUI
 struct GatewayView: View {
-    @State private var viewModel = GatewayViewModel()
+    @State private var viewModel: GatewayViewModel
    @Environment(HermesFileWatcher.self) private var fileWatcher
    init(context: ServerContext) {
        _viewModel = State(initialValue: GatewayViewModel(context: context))
    }
    var body: some View {
        ScrollView {
            VStack(alignment: .leading, spacing: 24) {
@@ -97,7 +102,7 @@ struct GatewayView: View {
                            Image(systemName: platform.icon)
                                .font(.title2)
                                .foregroundStyle(platform.isConnected ? Color.accentColor : .secondary)
-                            Text(platform.name.capitalized)
+                            Text(verbatim: platform.name.capitalized)
                                .font(.caption.bold())
                            StatusBadge(
                                label: platform.state,
@@ -22,7 +22,14 @@ struct HealthSection: Identifiable {
@Observable
 final class HealthViewModel {
-    private let fileService = HermesFileService()
+    let context: ServerContext
    private let fileService: HermesFileService
    init(context: ServerContext = .local) {
        self.context = context
        self.fileService = HermesFileService(context: context)
    }
    var version = ""
    var updateInfo = ""
@@ -37,21 +44,56 @@ final class HealthViewModel {
    var hermesPID: pid_t?
    var actionMessage: String?
    /// Text output from `hermes dump` / `hermes debug share`. Shown in an expandable panel.
    var diagnosticsOutput: String = ""
    var isSharingDebug = false
    func load() {
        isLoading = true
-        refreshProcessStatus()
+        let ctx = context
-        loadVersion()
+        let svc = fileService
-        let statusOutput = runHermes(["status"]).output
+        // Health runs four sync transport-mediated commands plus a process
-        statusSections = parseOutput(statusOutput)
+        // probe — that's 4-5 ssh round-trips on remote, easily 1-2s. Detach
-        let doctorOutput = runHermes(["doctor"]).output
+        // the whole load.
-        doctorSections = parseOutput(doctorOutput)
+        Task.detached { [weak self] in
-        computeCounts()
+            let pid = svc.hermesPID()
-        isLoading = false
+            let versionOutput = ctx.runHermes(["version"]).output
            let statusOutput = ctx.runHermes(["status"]).output
            let doctorOutput = ctx.runHermes(["doctor"]).output
            let lines = versionOutput.components(separatedBy: "\n")
            let version = lines.first ?? ""
            let updateLine = lines.first(where: { $0.contains("commits behind") })
            let hasUpdate = updateLine != nil
            let updateInfo = updateLine?.trimmingCharacters(in: .whitespaces) ?? ""
            let statusSections = Self.parseOutputStatic(statusOutput)
            let doctorSections = Self.parseOutputStatic(doctorOutput)
            await MainActor.run { [weak self] in
                guard let self else { return }
                self.hermesPID = pid
                self.hermesRunning = pid != nil
                self.version = version
                self.updateInfo = updateInfo
                self.hasUpdate = hasUpdate
                self.statusSections = statusSections
                self.doctorSections = doctorSections
                self.computeCounts()
                self.isLoading = false
            }
        }
    }
    func refreshProcessStatus() {
-        hermesPID = fileService.hermesPID()
+        let svc = fileService
-        hermesRunning = hermesPID != nil
+        Task.detached { [weak self] in
            let pid = svc.hermesPID()
            await MainActor.run { [weak self] in
                self?.hermesPID = pid
                self?.hermesRunning = pid != nil
            }
        }
    }
    func stopHermes() {
@@ -97,6 +139,96 @@ final class HealthViewModel {
        }
    }
    /// Static-callable form for the detached load() task. The instance
    /// `parseOutput` below delegates here so existing call sites still work.
    nonisolated static func parseOutputStatic(_ output: String) -> [HealthSection] {
        var sections: [HealthSection] = []
        var currentTitle = ""
        var currentChecks: [HealthCheck] = []
        for line in output.components(separatedBy: "\n") {
            let trimmed = line.trimmingCharacters(in: .whitespaces)
            if trimmed.hasPrefix("◆ ") {
                if !currentTitle.isEmpty {
                    sections.append(HealthSection(
                        title: currentTitle,
                        icon: iconForSectionStatic(currentTitle),
                        checks: currentChecks
                    ))
                }
                currentTitle = String(trimmed.dropFirst(2))
                currentChecks = []
                continue
            }
            if trimmed.hasPrefix("✓ ") {
                let text = String(trimmed.dropFirst(2))
                let (label, detail) = splitCheckStatic(text)
                currentChecks.append(HealthCheck(label: label, status: .ok, detail: detail))
            } else if trimmed.hasPrefix("⚠ ") || trimmed.hasPrefix("⚠") {
                let text = trimmed.replacingOccurrences(of: "⚠ ", with: "").replacingOccurrences(of: "⚠", with: "")
                let (label, detail) = splitCheckStatic(text)
                currentChecks.append(HealthCheck(label: label, status: .warning, detail: detail))
            } else if trimmed.hasPrefix("✗ ") {
                let text = String(trimmed.dropFirst(2))
                let (label, detail) = splitCheckStatic(text)
                currentChecks.append(HealthCheck(label: label, status: .error, detail: detail))
            } else if trimmed.hasPrefix("→ ") || trimmed.hasPrefix("Error:") {
                if !currentChecks.isEmpty {
                    let last = currentChecks.removeLast()
                    let extra = trimmed.replacingOccurrences(of: "→ ", with: "").replacingOccurrences(of: "Error:", with: "").trimmingCharacters(in: .whitespaces)
                    let combined = [last.detail, extra].compactMap { $0 }.joined(separator: " ")
                    currentChecks.append(HealthCheck(label: last.label, status: last.status, detail: combined))
                }
            } else if !trimmed.isEmpty && trimmed.contains(":") && !trimmed.hasPrefix("┌") && !trimmed.hasPrefix("│") && !trimmed.hasPrefix("└") && !trimmed.hasPrefix("─") && !trimmed.hasPrefix("Run ") && !trimmed.hasPrefix("Found ") && !trimmed.hasPrefix("Tip:") {
                let parts = trimmed.split(separator: ":", maxSplits: 1)
                if parts.count == 2 {
                    let key = parts[0].trimmingCharacters(in: .whitespaces)
                    let val = parts[1].trimmingCharacters(in: .whitespaces)
                    if !key.isEmpty && key.count < 30 {
                        currentChecks.append(HealthCheck(label: key, status: .ok, detail: val))
                    }
                }
            }
        }
        if !currentTitle.isEmpty {
            sections.append(HealthSection(
                title: currentTitle,
                icon: iconForSectionStatic(currentTitle),
                checks: currentChecks
            ))
        }
        return sections
    }
    nonisolated private static func splitCheckStatic(_ text: String) -> (String, String?) {
        if let range = text.range(of: ":") {
            let label = String(text[..<range.lowerBound]).trimmingCharacters(in: .whitespaces)
            let detail = String(text[range.upperBound...]).trimmingCharacters(in: .whitespaces)
            return (label, detail.isEmpty ? nil : detail)
        }
        return (text, nil)
    }
    nonisolated private static func iconForSectionStatic(_ title: String) -> String {
        let lower = title.lowercased()
        if lower.contains("system") || lower.contains("environment") { return "desktopcomputer" }
        if lower.contains("config") { return "doc.text" }
        if lower.contains("model") || lower.contains("provider") { return "brain" }
        if lower.contains("memory") { return "memorychip" }
        if lower.contains("session") { return "list.bullet" }
        if lower.contains("gateway") || lower.contains("platform") { return "antenna.radiowaves.left.and.right" }
        if lower.contains("skill") { return "wrench.and.screwdriver" }
        if lower.contains("mcp") { return "cube.box" }
        if lower.contains("plugin") { return "puzzlepiece" }
        if lower.contains("auth") || lower.contains("credential") { return "key" }
        if lower.contains("disk") || lower.contains("storage") { return "internaldrive" }
        if lower.contains("update") { return "arrow.triangle.2.circlepath" }
        return "circle"
    }
    private func parseOutput(_ output: String) -> [HealthSection] {
        var sections: [HealthSection] = []
        var currentTitle = ""
@@ -201,20 +333,38 @@ final class HealthViewModel {
        }
    }
-    private func runHermes(_ arguments: [String]) -> (output: String, exitCode: Int32) {
+    /// Capture `hermes dump` output — a setup summary used for debugging / support.
-        let process = Process()
+    /// Does NOT upload anything.
-        process.executableURL = URL(fileURLWithPath: HermesPaths.hermesBinary)
+    func runDump() {
-        process.arguments = arguments
+        actionMessage = "Running dump…"
-        let pipe = Pipe()
+        let result = runHermes(["dump"])
-        process.standardOutput = pipe
+        diagnosticsOutput = result.output
-        process.standardError = pipe
+        actionMessage = result.exitCode == 0 ? "Dump captured" : "Dump failed"
-        do {
+        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
-            try process.run()
+            self?.actionMessage = nil
            process.waitUntilExit()
            let data = pipe.fileHandleForReading.readDataToEndOfFile()
            return (String(data: data, encoding: .utf8) ?? "", process.terminationStatus)
        } catch {
            return ("", -1)
        }
    }
    /// Upload a debug report via `hermes debug share`. THIS UPLOADS DATA to Nous
    /// Research support infrastructure — caller must confirm with the user first.
    func runDebugShare() {
        isSharingDebug = true
        actionMessage = "Uploading debug report…"
        Task.detached { [fileService] in
            let result = fileService.runHermesCLI(args: ["debug", "share"], timeout: 120)
            await MainActor.run {
                self.isSharingDebug = false
                self.diagnosticsOutput = result.output
                self.actionMessage = result.exitCode == 0 ? "Upload complete" : "Upload failed"
                DispatchQueue.main.asyncAfter(deadline: .now() + 4) { [weak self] in
                    self?.actionMessage = nil
                }
            }
        }
    }
    @discardableResult
    private func runHermes(_ arguments: [String]) -> (output: String, exitCode: Int32) {
        context.runHermes(arguments)
    }
 }
@@ -1,21 +1,46 @@
 import SwiftUI
 struct HealthView: View {
-    @State private var viewModel = HealthViewModel()
+    @State private var viewModel: HealthViewModel
    @State private var expandedSection: UUID?
    @State private var selectedTab = 0
    @State private var showShareConfirm = false
    @State private var showDiagnostics = false
    init(context: ServerContext) {
        _viewModel = State(initialValue: HealthViewModel(context: context))
    }
    var body: some View {
        VStack(spacing: 0) {
            headerBar
            Divider()
-            Picker("", selection: $selectedTab) {
+            HStack {
-                Text("Status").tag(0)
+                Picker("", selection: $selectedTab) {
-                Text("Diagnostics").tag(1)
+                    Text("Status").tag(0)
                    Text("Diagnostics").tag(1)
                }
                .pickerStyle(.segmented)
                .frame(maxWidth: 300)
                Spacer()
                Button("Run Dump") {
                    viewModel.runDump()
                    showDiagnostics = true
                }
                .controlSize(.small)
                Button("Share Debug Report…") {
                    showShareConfirm = true
                }
                .controlSize(.small)
                .disabled(viewModel.isSharingDebug)
            }
            .pickerStyle(.segmented)
            .frame(maxWidth: 300)
            .padding(.vertical, 8)
            .padding(.horizontal)
            if showDiagnostics && !viewModel.diagnosticsOutput.isEmpty {
                Divider()
                diagnosticsPanel
            }
            Divider()
            ScrollView {
                sectionGrid(selectedTab == 0 ? viewModel.statusSections : viewModel.doctorSections)
@@ -23,7 +48,46 @@ struct HealthView: View {
            }
        }
        .navigationTitle("Health")
        .loadingOverlay(
            viewModel.isLoading,
            label: "Running health checks…",
            isEmpty: viewModel.statusSections.isEmpty && viewModel.doctorSections.isEmpty
        )
        .onAppear { viewModel.load() }
        .confirmationDialog("Upload debug report?", isPresented: $showShareConfirm) {
            Button("Upload", role: .destructive) {
                viewModel.runDebugShare()
                showDiagnostics = true
            }
            Button("Cancel", role: .cancel) {}
        } message: {
            Text("This uploads logs, config (with secrets redacted), and system info to Nous Research support infrastructure. Review the output below before sharing the returned URL.")
        }
    }
    private var diagnosticsPanel: some View {
        VStack(alignment: .leading, spacing: 6) {
            HStack {
                Text("Diagnostic Output")
                    .font(.caption.bold())
                    .foregroundStyle(.secondary)
                Spacer()
                Button("Hide") { showDiagnostics = false }
                    .controlSize(.mini)
            }
            ScrollView {
                Text(viewModel.diagnosticsOutput)
                    .font(.system(.caption, design: .monospaced))
                    .textSelection(.enabled)
                    .padding(8)
                    .frame(maxWidth: .infinity, alignment: .leading)
            }
            .frame(maxHeight: 240)
            .background(.quaternary.opacity(0.5))
            .clipShape(RoundedRectangle(cornerRadius: 6))
        }
        .padding(.horizontal)
        .padding(.vertical, 8)
    }
    // MARK: - Header
@@ -68,7 +132,7 @@ struct HealthView: View {
                    Circle()
                        .fill(viewModel.hermesRunning ? .green : .red)
                        .frame(width: 8, height: 8)
-                    Text(viewModel.hermesRunning ? "Hermes Running" : "Hermes Stopped")
+                    (viewModel.hermesRunning ? Text("Hermes Running") : Text("Hermes Stopped"))
                        .font(.caption.bold())
                    if let pid = viewModel.hermesPID {
                        Text("PID \(pid)")
@@ -8,6 +8,15 @@ enum InsightsPeriod: String, CaseIterable, Identifiable {
    var id: String { rawValue }
    var displayName: LocalizedStringResource {
        switch self {
        case .week: return "7 Days"
        case .month: return "30 Days"
        case .quarter: return "90 Days"
        case .all: return "All Time"
        }
    }
    var sinceDate: Date {
        let calendar = Calendar.current
        switch self {
@@ -56,7 +65,14 @@ struct NotableSession: Identifiable {
@Observable
 final class InsightsViewModel {
-    private let dataService = HermesDataService()
+    let context: ServerContext
    private let dataService: HermesDataService
    init(context: ServerContext = .local) {
        self.context = context
        self.dataService = HermesDataService(context: context)
    }
    var period: InsightsPeriod = .month
    var isLoading = true
@@ -85,7 +101,9 @@ final class InsightsViewModel {
    func load() async {
        isLoading = true
-        let opened = await dataService.open()
+        // refresh() forces a fresh remote snapshot each load. On local it's
        // a cheap reopen of the live DB.
        let opened = await dataService.refresh()
        guard opened else {
            isLoading = false
            return
@@ -1,8 +1,14 @@
 import SwiftUI
 struct InsightsView: View {
-    @State private var viewModel = InsightsViewModel()
+    @State private var viewModel: InsightsViewModel
    @Environment(AppCoordinator.self) private var coordinator
    @Environment(HermesFileWatcher.self) private var fileWatcher
    init(context: ServerContext) {
        _viewModel = State(initialValue: InsightsViewModel(context: context))
    }
    var body: some View {
        ScrollView {
@@ -23,12 +29,15 @@ struct InsightsView: View {
        .onChange(of: viewModel.period) {
            Task { await viewModel.load() }
        }
        .onChange(of: fileWatcher.lastChangeDate) {
            Task { await viewModel.load() }
        }
    }
    private var periodPicker: some View {
        Picker("Period", selection: $viewModel.period) {
            ForEach(InsightsPeriod.allCases) { period in
-                Text(period.rawValue).tag(period)
+                Text(period.displayName).tag(period)
            }
        }
        .pickerStyle(.segmented)
@@ -52,10 +61,10 @@ struct InsightsView: View {
                InsightCard(label: "Cache Write", value: formatTokens(viewModel.totalCacheWriteTokens))
                InsightCard(label: "Reasoning Tokens", value: formatTokens(viewModel.totalReasoningTokens))
                InsightCard(label: "Total Tokens", value: formatTokens(viewModel.totalTokens))
-                InsightCard(label: "Total Cost", value: String(format: "$%.2f", viewModel.totalCost))
+                InsightCard(label: "Total Cost", value: viewModel.totalCost.formatted(.currency(code: "USD").precision(.fractionLength(2))))
                InsightCard(label: "Active Time", value: formatDuration(viewModel.activeTime))
                InsightCard(label: "Avg Session", value: formatDuration(viewModel.avgSessionDuration))
-                InsightCard(label: "Avg Msgs/Session", value: viewModel.sessions.isEmpty ? "0" : String(format: "%.1f", Double(viewModel.totalMessages) / Double(viewModel.sessions.count)))
+                InsightCard(label: "Avg Msgs/Session", value: viewModel.sessions.isEmpty ? "0" : (Double(viewModel.totalMessages) / Double(viewModel.sessions.count)).formatted(.number.precision(.fractionLength(1))))
            }
        }
    }
@@ -81,7 +90,7 @@ struct InsightsView: View {
                        VStack(alignment: .trailing, spacing: 2) {
                            Text("\(model.sessions) sessions")
                                .font(.caption)
-                            Text(formatTokens(model.totalTokens) + " tokens")
+                            Text("\(formatTokens(model.totalTokens)) tokens")
                                .font(.caption)
                                .foregroundStyle(.secondary)
                        }
@@ -155,7 +164,7 @@ struct InsightsView: View {
                            .font(.caption.monospaced())
                            .foregroundStyle(.secondary)
                            .frame(width: 40, alignment: .trailing)
-                        Text(String(format: "%.1f%%", tool.percentage))
+                        Text((tool.percentage / 100).formatted(.percent.precision(.fractionLength(1))))
                            .font(.caption)
                            .foregroundStyle(.tertiary)
                            .frame(width: 50, alignment: .trailing)
@@ -184,12 +193,12 @@ struct InsightsView: View {
            Text("By Day")
                .font(.caption.bold())
                .foregroundStyle(.secondary)
-            let dayNames = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]
+            let dayNames = Calendar.current.shortWeekdaySymbols
            let maxVal = max(1, viewModel.dailyActivity.values.max() ?? 1)
            ForEach(0..<7, id: \.self) { day in
                let count = viewModel.dailyActivity[day] ?? 0
                HStack(spacing: 6) {
-                    Text(dayNames[day])
+                    Text(verbatim: dayNames[(day + 1) % 7])
                        .font(.caption.monospaced())
                        .frame(width: 30, alignment: .trailing)
                    RoundedRectangle(cornerRadius: 2)
@@ -2,7 +2,13 @@ import Foundation
@Observable
 final class LogsViewModel {
-    private let logService = HermesLogService()
+    let context: ServerContext
    private let logService: HermesLogService
    init(context: ServerContext = .local) {
        self.context = context
        self.logService = HermesLogService(context: context)
    }
    var entries: [LogEntry] = []
    var selectedLogFile: LogFile = .agent
@@ -18,15 +24,23 @@ final class LogsViewModel {
        var id: String { rawValue }
-        var path: String {
+        var displayName: LocalizedStringResource {
            switch self {
-            case .agent: return HermesPaths.agentLog
+            case .agent: return "Agent"
-            case .errors: return HermesPaths.errorsLog
+            case .errors: return "Errors"
-            case .gateway: return HermesPaths.gatewayLog
+            case .gateway: return "Gateway"
            }
        }
    }
    private func path(for file: LogFile) -> String {
        switch file {
        case .agent: return context.paths.agentLog
        case .errors: return context.paths.errorsLog
        case .gateway: return context.paths.gatewayLog
        }
    }
    enum LogComponent: String, CaseIterable, Identifiable {
        case all = "All"
        case gateway = "Gateway"
@@ -37,6 +51,17 @@ final class LogsViewModel {
        var id: String { rawValue }
        var displayName: LocalizedStringResource {
            switch self {
            case .all: return "All"
            case .gateway: return "Gateway"
            case .agent: return "Agent"
            case .tools: return "Tools"
            case .cli: return "CLI"
            case .cron: return "Cron"
            }
        }
        var loggerPrefix: String? {
            switch self {
            case .all: return nil
@@ -62,7 +87,7 @@ final class LogsViewModel {
    }
    func load() async {
-        await logService.openLog(path: selectedLogFile.path)
+        await logService.openLog(path: path(for: selectedLogFile))
        entries = await logService.readLastLines(count: 500)
        await logService.seekToEnd()
        startPolling()
@@ -71,7 +96,7 @@ final class LogsViewModel {
    func switchLogFile(_ file: LogFile) async {
        selectedLogFile = file
        entries = []
-        await logService.openLog(path: file.path)
+        await logService.openLog(path: path(for: file))
        entries = await logService.readLastLines(count: 500)
        await logService.seekToEnd()
    }
@@ -1,7 +1,12 @@
 import SwiftUI
 struct LogsView: View {
-    @State private var viewModel = LogsViewModel()
+    @State private var viewModel: LogsViewModel
    init(context: ServerContext) {
        _viewModel = State(initialValue: LogsViewModel(context: context))
    }
    var body: some View {
        VStack(spacing: 0) {
@@ -22,7 +27,7 @@ struct LogsView: View {
                set: { file in Task { await viewModel.switchLogFile(file) } }
            )) {
                ForEach(LogsViewModel.LogFile.allCases) { file in
-                    Text(file.rawValue).tag(file)
+                    Text(file.displayName).tag(file)
                }
            }
            .pickerStyle(.segmented)
@@ -30,7 +35,7 @@ struct LogsView: View {
            Picker("Component", selection: $viewModel.selectedComponent) {
                ForEach(LogsViewModel.LogComponent.allCases) { component in
-                    Text(component.rawValue).tag(component)
+                    Text(component.displayName).tag(component)
                }
            }
            .frame(maxWidth: 140)
@@ -40,7 +45,7 @@ struct LogsView: View {
            Picker("Level", selection: $viewModel.filterLevel) {
                Text("All Levels").tag(LogEntry.LogLevel?.none)
                ForEach(LogEntry.LogLevel.allCases, id: \.rawValue) { level in
-                    Text(level.rawValue).tag(LogEntry.LogLevel?.some(level))
+                    Text(verbatim: level.rawValue).tag(LogEntry.LogLevel?.some(level))
                }
            }
            .frame(maxWidth: 150)
@@ -61,7 +66,7 @@ struct LogsView: View {
                        .font(.caption.monospaced())
                        .foregroundStyle(.secondary)
                        .frame(width: 140, alignment: .leading)
-                    Text(entry.level.rawValue)
+                    Text(verbatim: entry.level.rawValue)
                        .font(.caption.monospaced().bold())
                        .foregroundStyle(colorForLevel(entry.level))
                        .frame(width: 60, alignment: .leading)
@@ -8,7 +8,8 @@ final class MCPServerEditorViewModel {
        var value: String
    }
-    private let fileService = HermesFileService()
+    let context: ServerContext
    private let fileService: HermesFileService
    let server: HermesMCPServer
    var envDraft: [KeyValueRow]
@@ -23,8 +24,10 @@ final class MCPServerEditorViewModel {
    var isSaving: Bool = false
    var saveError: String?
-    init(server: HermesMCPServer) {
+    init(server: HermesMCPServer, context: ServerContext = .local) {
        self.server = server
        self.context = context
        self.fileService = HermesFileService(context: context)
        self.envDraft = server.env.keys.sorted().map { KeyValueRow(key: $0, value: server.env[$0] ?? "") }
        self.headersDraft = server.headers.keys.sorted().map { KeyValueRow(key: $0, value: server.headers[$0] ?? "") }
        self.includeDraft = server.toolsInclude.joined(separator: ", ")
@@ -73,27 +76,33 @@ final class MCPServerEditorViewModel {
        let prompts = promptsEnabled
        Task.detached {
-            var success = true
+            // Compute success as an immutable so the MainActor.run closure
-            switch transport {
+            // captures a value, not a mutable var. Swift 6 rejects
-            case .stdio:
+            // var-captures across concurrent closures as data races.
-                if !service.setMCPServerEnv(name: name, env: envMap) { success = false }
+            let success: Bool = {
-            case .http:
+                var ok = true
-                if !service.setMCPServerHeaders(name: name, headers: headerMap) { success = false }
+                switch transport {
-            }
+                case .stdio:
-            if !service.updateMCPToolFilters(
+                    if !service.setMCPServerEnv(name: name, env: envMap) { ok = false }
-                name: name,
+                case .http:
-                include: include,
+                    if !service.setMCPServerHeaders(name: name, headers: headerMap) { ok = false }
-                exclude: exclude,
+                }
-                resources: resources,
+                if !service.updateMCPToolFilters(
-                prompts: prompts
+                    name: name,
-            ) { success = false }
+                    include: include,
-            if !service.setMCPServerTimeouts(name: name, timeout: timeoutValue, connectTimeout: connectValue) {
+                    exclude: exclude,
-                success = false
+                    resources: resources,
-            }
+                    prompts: prompts
                ) { ok = false }
                if !service.setMCPServerTimeouts(name: name, timeout: timeoutValue, connectTimeout: connectValue) {
                    ok = false
                }
                return ok
            }()
            await MainActor.run {
                self.isSaving = false
                if !success {
-                    self.saveError = "One or more fields could not be written. Check \(HermesPaths.configYAML)."
+                    self.saveError = "One or more fields could not be written. Check \(self.context.paths.configYAML)."
                }
                completion(success)
            }
@@ -2,7 +2,14 @@ import Foundation
@Observable
 final class MCPServersViewModel {
-    private let fileService = HermesFileService()
+    let context: ServerContext
    private let fileService: HermesFileService
    init(context: ServerContext = .local) {
        self.context = context
        self.fileService = HermesFileService(context: context)
    }
    var servers: [HermesMCPServer] = []
    var selectedServerName: String?
@@ -41,10 +48,19 @@ final class MCPServersViewModel {
    func load() {
        isLoading = true
-        servers = fileService.loadMCPServers()
+        let svc = fileService
-        isLoading = false
+        Task.detached { [weak self] in
-        if let name = selectedServerName, !servers.contains(where: { $0.name == name }) {
+            // loadMCPServers reads config.yaml + lists mcp-tokens — both
-            selectedServerName = nil
+            // are sync transport calls that block on remote ssh round-trips.
            let result = svc.loadMCPServers()
            await MainActor.run { [weak self] in
                guard let self else { return }
                self.servers = result
                self.isLoading = false
                if let name = self.selectedServerName, !result.contains(where: { $0.name == name }) {
                    self.selectedServerName = nil
                }
            }
        }
    }
@@ -154,7 +154,7 @@ struct MCPServerDetailView: View {
                        Text(key)
                            .font(.system(.caption, design: .monospaced))
                        Spacer()
-                        Text(String(repeating: "•", count: 10))
+                        Text("••••••••••")
                            .font(.caption.monospaced())
                            .foregroundStyle(.secondary)
                    }
@@ -182,7 +182,7 @@ struct MCPServerDetailView: View {
                        Text(key)
                            .font(.system(.caption, design: .monospaced))
                        Spacer()
-                        Text(String(repeating: "•", count: 10))
+                        Text("••••••••••")
                            .font(.caption.monospaced())
                            .foregroundStyle(.secondary)
                    }
@@ -33,9 +33,9 @@ struct MCPServerPresetPickerView: View {
                }
            }
            VStack(alignment: .leading, spacing: 2) {
-                Text(selectedPreset?.displayName ?? "Add from Preset")
+                (selectedPreset.map { Text(verbatim: $0.displayName) } ?? Text("Add from Preset"))
                    .font(.headline)
-                Text(selectedPreset?.description ?? "Pick an MCP server to add.")
+                (selectedPreset.map { Text(verbatim: $0.description) } ?? Text("Pick an MCP server to add."))
                    .font(.caption)
                    .foregroundStyle(.secondary)
                    .lineLimit(1)
@@ -83,14 +83,14 @@ struct MCPServerPresetPickerView: View {
                    Image(systemName: preset.iconSystemName)
                        .font(.title3)
                        .foregroundStyle(Color.accentColor)
-                    Text(preset.displayName)
+                    Text(verbatim: preset.displayName)
                        .font(.body.bold())
                    Spacer()
                    Image(systemName: preset.transport == .http ? "network" : "terminal")
                        .font(.caption)
                        .foregroundStyle(.secondary)
                }
-                Text(preset.description)
+                Text(verbatim: preset.description)
                    .font(.caption)
                    .foregroundStyle(.secondary)
                    .lineLimit(3)
@@ -10,9 +10,9 @@ struct MCPServerTestResultView: View {
                Image(systemName: result.succeeded ? "checkmark.seal.fill" : "xmark.seal.fill")
                    .foregroundStyle(result.succeeded ? .green : .red)
                VStack(alignment: .leading, spacing: 2) {
-                    Text(result.succeeded ? "Test passed" : "Test failed")
+                    (result.succeeded ? Text("Test passed") : Text("Test failed"))
                        .font(.subheadline.bold())
-                    Text(String(format: "%.1fs · %d tools", result.elapsed, result.tools.count))
+                    Text("\(result.elapsed.formatted(.number.precision(.fractionLength(1))))s · \(result.tools.count) tools")
                        .font(.caption)
                        .foregroundStyle(.secondary)
                }
@@ -20,8 +20,12 @@ struct MCPServerTestResultView: View {
                Button {
                    showOutput.toggle()
                } label: {
-                    Label(showOutput ? "Hide Output" : "Show Output", systemImage: showOutput ? "chevron.up" : "chevron.down")
+                    Label {
-                        .font(.caption)
+                        showOutput ? Text("Hide Output") : Text("Show Output")
                    } icon: {
                        Image(systemName: showOutput ? "chevron.up" : "chevron.down")
                    }
                    .font(.caption)
                }
                .buttonStyle(.borderless)
            }
@@ -1,7 +1,12 @@
 import SwiftUI
 struct MCPServersView: View {
-    @State private var viewModel = MCPServersViewModel()
+    @State private var viewModel: MCPServersViewModel
    init(context: ServerContext) {
        _viewModel = State(initialValue: MCPServersViewModel(context: context))
    }
    var body: some View {
        HSplitView {
@@ -11,6 +16,11 @@ struct MCPServersView: View {
                .frame(minWidth: 500)
        }
        .navigationTitle("MCP Servers (\(viewModel.servers.count))")
        .loadingOverlay(
            viewModel.isLoading,
            label: "Loading MCP servers…",
            isEmpty: viewModel.servers.isEmpty
        )
        .searchable(text: $viewModel.searchText, prompt: "Filter servers...")
        .toolbar {
            ToolbarItemGroup(placement: .primaryAction) {
@@ -118,7 +128,7 @@ struct MCPServersView: View {
            } else if let result = viewModel.testResults[server.name] {
                Image(systemName: result.succeeded ? "checkmark.circle.fill" : "xmark.circle.fill")
                    .foregroundStyle(result.succeeded ? .green : .red)
-                    .help(result.succeeded ? "\(result.tools.count) tools" : "Test failed")
+                    .help(result.succeeded ? Text("\(result.tools.count) tools") : Text("Test failed"))
            }
        }
    }
@@ -2,7 +2,14 @@ import Foundation
@Observable
 final class MemoryViewModel {
-    private let fileService = HermesFileService()
+    let context: ServerContext
    private let fileService: HermesFileService
    init(context: ServerContext = .local) {
        self.context = context
        self.fileService = HermesFileService(context: context)
    }
    var memoryContent = ""
    var userContent = ""
@@ -12,6 +19,7 @@ final class MemoryViewModel {
    var editText = ""
    var profiles: [String] = []
    var activeProfile = ""
    var isLoading = false
    enum EditTarget {
        case memory, user
@@ -30,20 +38,40 @@ final class MemoryViewModel {
    var hasMultipleProfiles: Bool { !profiles.isEmpty }
    func load() {
-        let config = fileService.loadConfig()
+        isLoading = true
-        memoryProvider = config.memoryProvider
+        let svc = fileService
-        profiles = fileService.loadMemoryProfiles()
+        let currentProfile = activeProfile
-        if activeProfile.isEmpty {
+        // Sync transport calls would beach-ball the UI on remote — dispatch
-            activeProfile = config.memoryProfile
+        // off main, then commit results back on MainActor.
        Task.detached { [weak self] in
            let config = svc.loadConfig()
            let profiles = svc.loadMemoryProfiles()
            let profile = currentProfile.isEmpty ? config.memoryProfile : currentProfile
            let memory = svc.loadMemory(profile: profile)
            let user = svc.loadUserProfile(profile: profile)
            await MainActor.run { [weak self] in
                guard let self else { return }
                self.memoryProvider = config.memoryProvider
                self.profiles = profiles
                self.activeProfile = profile
                self.memoryContent = memory
                self.userContent = user
                self.isLoading = false
            }
        }
        memoryContent = fileService.loadMemory(profile: activeProfile)
        userContent = fileService.loadUserProfile(profile: activeProfile)
    }
    func switchProfile(_ profile: String) {
        activeProfile = profile
-        memoryContent = fileService.loadMemory(profile: profile)
+        let svc = fileService
-        userContent = fileService.loadUserProfile(profile: profile)
+        Task.detached { [weak self] in
            let memory = svc.loadMemory(profile: profile)
            let user = svc.loadUserProfile(profile: profile)
            await MainActor.run { [weak self] in
                self?.memoryContent = memory
                self?.userContent = user
            }
        }
    }
    func startEditing(_ target: EditTarget) {
@@ -53,15 +81,24 @@ final class MemoryViewModel {
    }
    func save() {
-        switch editingFile {
+        let svc = fileService
-        case .memory:
+        let target = editingFile
-            fileService.saveMemory(editText, profile: activeProfile)
+        let text = editText
-            memoryContent = editText
+        let profile = activeProfile
-        case .user:
+        Task.detached { [weak self] in
-            fileService.saveUserProfile(editText, profile: activeProfile)
+            switch target {
-            userContent = editText
+            case .memory: svc.saveMemory(text, profile: profile)
            case .user:   svc.saveUserProfile(text, profile: profile)
            }
            await MainActor.run { [weak self] in
                guard let self else { return }
                switch target {
                case .memory: self.memoryContent = text
                case .user:   self.userContent = text
                }
                self.isEditing = false
            }
        }
        isEditing = false
    }
    func cancelEditing() {
@@ -1,9 +1,14 @@
 import SwiftUI
 struct MemoryView: View {
-    @State private var viewModel = MemoryViewModel()
+    @State private var viewModel: MemoryViewModel
    @Environment(HermesFileWatcher.self) private var fileWatcher
    init(context: ServerContext) {
        _viewModel = State(initialValue: MemoryViewModel(context: context))
    }
    var body: some View {
        ScrollView {
            VStack(alignment: .leading, spacing: 20) {
@@ -43,6 +48,11 @@ struct MemoryView: View {
            .frame(maxWidth: .infinity, alignment: .topLeading)
        }
        .navigationTitle("Memory")
        .loadingOverlay(
            viewModel.isLoading,
            label: "Loading memory…",
            isEmpty: viewModel.memoryContent.isEmpty && viewModel.userContent.isEmpty
        )
        .onAppear { viewModel.load() }
        .onChange(of: fileWatcher.lastChangeDate) {
            viewModel.load()
@@ -0,0 +1,125 @@
 import Foundation
 import AppKit
 import os
 /// A personality defined under the `personalities:` block in config.yaml.
 /// Each entry may have a free-form `prompt` string plus arbitrary extra fields.
 struct HermesPersonality: Identifiable, Sendable, Equatable {
    var id: String { name }
    let name: String
    let prompt: String
 }
@Observable
 final class PersonalitiesViewModel {
    private let logger = Logger(subsystem: "com.scarf", category: "PersonalitiesViewModel")
    let context: ServerContext
    private let fileService: HermesFileService
    init(context: ServerContext = .local) {
        self.context = context
        self.fileService = HermesFileService(context: context)
    }
    var personalities: [HermesPersonality] = []
    var activeName: String = ""
    var soulMarkdown: String = ""
    var soulPath: String { context.paths.soulMD }
    var message: String?
    func load() {
        let svc = fileService
        let ctx = context
        let path = soulPath
        Task.detached { [weak self] in
            let config = svc.loadConfig()
            let parsed = Self.parsePersonalitiesBlock(yaml: ctx.readText(ctx.paths.configYAML) ?? "")
            let soul = ctx.readText(path) ?? ""
            await MainActor.run { [weak self] in
                guard let self else { return }
                self.activeName = config.personality
                self.personalities = parsed
                self.soulMarkdown = soul
            }
        }
    }
    /// Static form so the detached load can call into it without touching
    /// MainActor-isolated state. The instance form below remains for any
    /// other callers that need it.
    nonisolated private static func parsePersonalitiesBlock(yaml: String) -> [HermesPersonality] {
        guard !yaml.isEmpty else { return [] }
        let parsed = HermesFileService.parseNestedYAML(yaml)
        var nameSet: Set<String> = []
        for key in parsed.values.keys where key.hasPrefix("personalities.") {
            let parts = key.split(separator: ".", maxSplits: 2, omittingEmptySubsequences: false)
            if parts.count >= 2 { nameSet.insert(String(parts[1])) }
        }
        for key in parsed.lists.keys where key.hasPrefix("personalities.") {
            let parts = key.split(separator: ".", maxSplits: 2, omittingEmptySubsequences: false)
            if parts.count >= 2 { nameSet.insert(String(parts[1])) }
        }
        return nameSet.sorted().map { name in
            let prompt = parsed.values["personalities.\(name).prompt"] ?? ""
            return HermesPersonality(name: name, prompt: HermesFileService.stripYAMLQuotes(prompt))
        }
    }
    /// Parse the `personalities:` section of config.yaml using the nested parser.
    /// Each personality is a top-level key under `personalities`, optionally with
    /// a `prompt:` child.
    private func parsePersonalitiesBlock() -> [HermesPersonality] {
        guard let yaml = context.readText(context.paths.configYAML) else { return [] }
        let parsed = HermesFileService.parseNestedYAML(yaml)
        // Find all keys "personalities.<name>[.subkey]"
        var nameSet: Set<String> = []
        for key in parsed.values.keys where key.hasPrefix("personalities.") {
            let parts = key.split(separator: ".", maxSplits: 2, omittingEmptySubsequences: false)
            if parts.count >= 2 { nameSet.insert(String(parts[1])) }
        }
        for key in parsed.lists.keys where key.hasPrefix("personalities.") {
            let parts = key.split(separator: ".", maxSplits: 2, omittingEmptySubsequences: false)
            if parts.count >= 2 { nameSet.insert(String(parts[1])) }
        }
        return nameSet.sorted().map { name in
            let prompt = parsed.values["personalities.\(name).prompt"] ?? ""
            return HermesPersonality(name: name, prompt: HermesFileService.stripYAMLQuotes(prompt))
        }
    }
    func setActive(_ name: String) {
        let result = runHermes(["config", "set", "display.personality", name])
        if result.exitCode == 0 {
            activeName = name
            message = "Active personality set to \(name)"
        } else {
            logger.warning("Failed to set personality: \(result.output)")
            message = "Failed to set personality"
        }
        DispatchQueue.main.asyncAfter(deadline: .now() + 2) { [weak self] in
            self?.message = nil
        }
    }
    func saveSOUL(_ content: String) {
        if context.writeText(soulPath, content: content) {
            soulMarkdown = content
            message = "SOUL.md saved"
        } else {
            logger.error("Failed to write SOUL.md to \(self.context.displayName)")
            message = "Save failed"
        }
        DispatchQueue.main.asyncAfter(deadline: .now() + 2) { [weak self] in
            self?.message = nil
        }
    }
    func openConfigInEditor() {
        context.openInLocalEditor(context.paths.configYAML)
    }
    @discardableResult
    private func runHermes(_ arguments: [String]) -> (output: String, exitCode: Int32) {
        context.runHermes(arguments)
    }
 }
@@ -0,0 +1,138 @@
 import SwiftUI
 struct PersonalitiesView: View {
    @State private var viewModel: PersonalitiesViewModel
    @State private var soulDraft = ""
    @State private var editingSOUL = false
    init(context: ServerContext) {
        _viewModel = State(initialValue: PersonalitiesViewModel(context: context))
    }
    var body: some View {
        ScrollView {
            VStack(alignment: .leading, spacing: 20) {
                header
                activeSection
                listSection
                soulSection
            }
            .padding()
            .frame(maxWidth: .infinity, alignment: .topLeading)
        }
        .navigationTitle("Personalities")
        .onAppear {
            viewModel.load()
            soulDraft = viewModel.soulMarkdown
        }
    }
    private var header: some View {
        HStack {
            if let msg = viewModel.message {
                Label(msg, systemImage: "checkmark.circle.fill")
                    .font(.caption)
                    .foregroundStyle(.green)
            }
            Spacer()
            Button("Edit config.yaml") { viewModel.openConfigInEditor() }
                .controlSize(.small)
            Button("Reload") { viewModel.load(); soulDraft = viewModel.soulMarkdown }
                .controlSize(.small)
        }
    }
    private var activeSection: some View {
        SettingsSection(title: "Active Personality", icon: "theatermasks.fill") {
            if viewModel.personalities.isEmpty {
                ReadOnlyRow(label: "Current", value: viewModel.activeName.isEmpty ? "default" : viewModel.activeName)
                ReadOnlyRow(label: "Defined", value: "None in config.yaml — add under `personalities:` to customize.")
            } else {
                PickerRow(label: "Active", selection: viewModel.activeName, options: viewModel.personalities.map(\.name)) { viewModel.setActive($0) }
            }
        }
    }
    @ViewBuilder
    private var listSection: some View {
        if !viewModel.personalities.isEmpty {
            SettingsSection(title: "Defined Personalities", icon: "list.bullet") {
                ForEach(viewModel.personalities) { personality in
                    VStack(alignment: .leading, spacing: 4) {
                        HStack {
                            Text(personality.name)
                                .font(.system(.body, design: .monospaced, weight: .medium))
                            if personality.name == viewModel.activeName {
                                Text("active")
                                    .font(.caption2.bold())
                                    .foregroundStyle(.green)
                                    .padding(.horizontal, 6)
                                    .padding(.vertical, 1)
                                    .background(.green.opacity(0.15))
                                    .clipShape(Capsule())
                            }
                            Spacer()
                        }
                        if !personality.prompt.isEmpty {
                            Text(personality.prompt)
                                .font(.caption)
                                .foregroundStyle(.secondary)
                                .lineLimit(6)
                                .textSelection(.enabled)
                        }
                    }
                    .padding(.horizontal, 12)
                    .padding(.vertical, 8)
                    .background(.quaternary.opacity(0.3))
                }
            }
        }
    }
    private var soulSection: some View {
        VStack(alignment: .leading, spacing: 10) {
            HStack {
                Label("SOUL.md", systemImage: "sparkles")
                    .font(.headline)
                Spacer()
                if editingSOUL {
                    Button("Cancel") {
                        editingSOUL = false
                        soulDraft = viewModel.soulMarkdown
                    }
                    .controlSize(.small)
                    Button("Save") {
                        viewModel.saveSOUL(soulDraft)
                        editingSOUL = false
                    }
                    .controlSize(.small)
                    .keyboardShortcut("s", modifiers: .command)
                } else {
                    Button("Edit") { editingSOUL = true }
                        .controlSize(.small)
                }
            }
            Text("SOUL.md describes the agent's voice, values, and personality at ~/.hermes/SOUL.md. It is injected into every session's context.")
                .font(.caption)
                .foregroundStyle(.secondary)
            if editingSOUL {
                TextEditor(text: $soulDraft)
                    .font(.system(.caption, design: .monospaced))
                    .frame(minHeight: 220)
                    .padding(6)
                    .background(.quaternary.opacity(0.3))
                    .clipShape(RoundedRectangle(cornerRadius: 6))
            } else {
                Text(viewModel.soulMarkdown.isEmpty ? "(empty)" : viewModel.soulMarkdown)
                    .font(.system(.caption, design: .monospaced))
                    .foregroundStyle(viewModel.soulMarkdown.isEmpty ? .secondary : .primary)
                    .textSelection(.enabled)
                    .frame(maxWidth: .infinity, alignment: .leading)
                    .padding(8)
                    .background(.quaternary.opacity(0.3))
                    .clipShape(RoundedRectangle(cornerRadius: 6))
            }
        }
    }
 }
@@ -0,0 +1,67 @@
 import Foundation
 import os
 /// Discord setup. Bot token + user IDs in `.env`, behavior knobs in `discord.*`.
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/discord
@Observable
@MainActor
 final class DiscordSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) { self.context = context }
    var botToken: String = ""
    var allowedUsers: String = ""
    var homeChannel: String = ""
    var homeChannelName: String = ""
    var allowBots: String = "none"        // "none" | "mentions" | "all"
    var replyToMode: String = "first"     // "off" | "first" | "all"
    // config.yaml — these mirror the existing `HermesConfig.discord` block so we
    // stay consistent with whatever the Settings UI shows.
    var requireMention: Bool = true
    var freeResponseChannels: String = ""
    var autoThread: Bool = true
    var reactions: Bool = true
    var message: String?
    let allowBotsOptions = ["none", "mentions", "all"]
    let replyToModeOptions = ["off", "first", "all"]
    func load() {
        let env = HermesEnvService(context: context).load()
        botToken = env["DISCORD_BOT_TOKEN"] ?? ""
        allowedUsers = env["DISCORD_ALLOWED_USERS"] ?? ""
        homeChannel = env["DISCORD_HOME_CHANNEL"] ?? ""
        homeChannelName = env["DISCORD_HOME_CHANNEL_NAME"] ?? ""
        allowBots = env["DISCORD_ALLOW_BOTS"] ?? "none"
        replyToMode = env["DISCORD_REPLY_TO_MODE"] ?? "first"
        let cfg = HermesFileService(context: context).loadConfig().discord
        requireMention = cfg.requireMention
        freeResponseChannels = cfg.freeResponseChannels
        autoThread = cfg.autoThread
        reactions = cfg.reactions
    }
    func save() {
        let envPairs: [String: String] = [
            "DISCORD_BOT_TOKEN": botToken,
            "DISCORD_ALLOWED_USERS": allowedUsers,
            "DISCORD_HOME_CHANNEL": homeChannel,
            "DISCORD_HOME_CHANNEL_NAME": homeChannelName,
            "DISCORD_ALLOW_BOTS": allowBots == "none" ? "" : allowBots, // default is "none", don't persist
            "DISCORD_REPLY_TO_MODE": replyToMode == "first" ? "" : replyToMode
        ]
        let configKV: [String: String] = [
            "discord.require_mention": PlatformSetupHelpers.envBool(requireMention),
            "discord.free_response_channels": freeResponseChannels,
            "discord.auto_thread": PlatformSetupHelpers.envBool(autoThread),
            "discord.reactions": PlatformSetupHelpers.envBool(reactions)
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: configKV)
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
@@ -0,0 +1,86 @@
 import Foundation
 /// Email setup. IMAP/SMTP with app passwords — no OAuth.
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/email
@Observable
@MainActor
 final class EmailSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) {
        self.context = context
    }
    var address: String = ""
    var password: String = ""
    var imapHost: String = ""
    var smtpHost: String = ""
    var imapPort: String = "993"
    var smtpPort: String = "587"
    var pollInterval: String = "15"
    var allowedUsers: String = ""
    var homeAddress: String = ""
    var allowAllUsers: Bool = false
    var skipAttachments: Bool = false
    var message: String?
    /// Common provider presets so users don't have to look up IMAP/SMTP servers.
    struct Preset {
        let name: String
        let imap: String
        let smtp: String
    }
    let presets: [Preset] = [
        Preset(name: "Gmail", imap: "imap.gmail.com", smtp: "smtp.gmail.com"),
        Preset(name: "Outlook", imap: "outlook.office365.com", smtp: "smtp.office365.com"),
        Preset(name: "iCloud", imap: "imap.mail.me.com", smtp: "smtp.mail.me.com"),
        Preset(name: "Fastmail", imap: "imap.fastmail.com", smtp: "smtp.fastmail.com"),
        Preset(name: "Yahoo", imap: "imap.mail.yahoo.com", smtp: "smtp.mail.yahoo.com")
    ]
    func load() {
        let env = HermesEnvService(context: context).load()
        address = env["EMAIL_ADDRESS"] ?? ""
        password = env["EMAIL_PASSWORD"] ?? ""
        imapHost = env["EMAIL_IMAP_HOST"] ?? ""
        smtpHost = env["EMAIL_SMTP_HOST"] ?? ""
        imapPort = env["EMAIL_IMAP_PORT"] ?? "993"
        smtpPort = env["EMAIL_SMTP_PORT"] ?? "587"
        pollInterval = env["EMAIL_POLL_INTERVAL"] ?? "15"
        allowedUsers = env["EMAIL_ALLOWED_USERS"] ?? ""
        homeAddress = env["EMAIL_HOME_ADDRESS"] ?? ""
        allowAllUsers = PlatformSetupHelpers.parseEnvBool(env["EMAIL_ALLOW_ALL_USERS"])
        // skip_attachments lives in config.yaml.
        let yaml = context.readText(context.paths.configYAML) ?? ""
        let parsed = HermesFileService.parseNestedYAML(yaml)
        skipAttachments = (parsed.values["platforms.email.skip_attachments"] ?? "false") == "true"
    }
    func applyPreset(_ preset: Preset) {
        imapHost = preset.imap
        smtpHost = preset.smtp
    }
    func save() {
        let envPairs: [String: String] = [
            "EMAIL_ADDRESS": address,
            "EMAIL_PASSWORD": password,
            "EMAIL_IMAP_HOST": imapHost,
            "EMAIL_SMTP_HOST": smtpHost,
            "EMAIL_IMAP_PORT": imapPort,
            "EMAIL_SMTP_PORT": smtpPort,
            "EMAIL_POLL_INTERVAL": pollInterval,
            "EMAIL_ALLOWED_USERS": allowAllUsers ? "" : allowedUsers,
            "EMAIL_HOME_ADDRESS": homeAddress,
            "EMAIL_ALLOW_ALL_USERS": allowAllUsers ? "true" : ""
        ]
        let configKV: [String: String] = [
            "platforms.email.skip_attachments": PlatformSetupHelpers.envBool(skipAttachments)
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: configKV)
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
@@ -0,0 +1,50 @@
 import Foundation
 /// Feishu/Lark setup. Choose domain (feishu = China, lark = international).
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/feishu
@Observable
@MainActor
 final class FeishuSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) { self.context = context }
    var appID: String = ""
    var appSecret: String = ""
    var domain: String = "lark"
    var encryptKey: String = ""
    var verificationToken: String = ""
    var allowedUsers: String = ""
    var connectionMode: String = "websocket"  // "websocket" | "webhook"
    var message: String?
    let domainOptions = ["feishu", "lark"]
    let connectionOptions = ["websocket", "webhook"]
    func load() {
        let env = HermesEnvService(context: context).load()
        appID = env["FEISHU_APP_ID"] ?? ""
        appSecret = env["FEISHU_APP_SECRET"] ?? ""
        domain = env["FEISHU_DOMAIN"] ?? "lark"
        encryptKey = env["FEISHU_ENCRYPT_KEY"] ?? ""
        verificationToken = env["FEISHU_VERIFICATION_TOKEN"] ?? ""
        allowedUsers = env["FEISHU_ALLOWED_USERS"] ?? ""
        connectionMode = env["FEISHU_CONNECTION_MODE"] ?? "websocket"
    }
    func save() {
        let envPairs: [String: String] = [
            "FEISHU_APP_ID": appID,
            "FEISHU_APP_SECRET": appSecret,
            "FEISHU_DOMAIN": domain,
            "FEISHU_ENCRYPT_KEY": encryptKey,
            "FEISHU_VERIFICATION_TOKEN": verificationToken,
            "FEISHU_ALLOWED_USERS": allowedUsers,
            "FEISHU_CONNECTION_MODE": connectionMode == "websocket" ? "" : connectionMode
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: [:])
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
@@ -0,0 +1,73 @@
 import Foundation
 import AppKit
 /// Home Assistant setup. Long-lived access token in `.env`, scalar filters via
 /// `hermes config set` under `platforms.homeassistant.extra.*`.
 ///
 /// **List fields** (`watch_domains`, `watch_entities`, `ignore_entities`) are
 /// NOT editable in the form. `hermes config set` stores array arguments as
 /// quoted strings instead of YAML lists, which hermes would then reject as
 /// invalid. Users edit these directly in config.yaml — the view shows the
 /// current values (read-only) and an "Edit in config.yaml" button that opens
 /// the file.
 ///
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/homeassistant
@Observable
@MainActor
 final class HomeAssistantSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) {
        self.context = context
    }
    var url: String = "http://homeassistant.local:8123"
    var token: String = ""
    // Scalar filters — writable via hermes config set.
    var watchAll: Bool = false
    var cooldownSeconds: Int = 30
    // List filters — read-only; user must edit config.yaml manually.
    var watchDomains: [String] = []
    var watchEntities: [String] = []
    var ignoreEntities: [String] = []
    var message: String?
    func load() {
        let env = HermesEnvService(context: context).load()
        url = env["HASS_URL"] ?? "http://homeassistant.local:8123"
        token = env["HASS_TOKEN"] ?? ""
        let cfg = HermesFileService(context: context).loadConfig().homeAssistant
        watchAll = cfg.watchAll
        cooldownSeconds = cfg.cooldownSeconds
        watchDomains = cfg.watchDomains
        watchEntities = cfg.watchEntities
        ignoreEntities = cfg.ignoreEntities
    }
    func save() {
        let envPairs: [String: String] = [
            "HASS_URL": url,
            "HASS_TOKEN": token
        ]
        // Only scalar config values — lists are skipped intentionally; see
        // file header comment for rationale.
        let configKV: [String: String] = [
            "platforms.homeassistant.extra.watch_all": PlatformSetupHelpers.envBool(watchAll),
            "platforms.homeassistant.extra.cooldown_seconds": String(cooldownSeconds)
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: configKV)
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
    /// Open config.yaml in the user's default editor so they can manually edit
    /// the list-valued filter fields.
    func openConfigForLists() {
        context.openInLocalEditor(context.paths.configYAML)
    }
 }
@@ -0,0 +1,54 @@
 import Foundation
 /// iMessage via BlueBubbles. Requires a BlueBubbles Server running on a Mac
 /// that's always on, with an Apple ID signed into Messages.app.
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/bluebubbles
@Observable
@MainActor
 final class IMessageSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) { self.context = context }
    var serverURL: String = ""
    var password: String = ""
    var webhookHost: String = "127.0.0.1"
    var webhookPort: String = "8645"
    var webhookPath: String = ""
    var allowedUsers: String = ""
    var homeChannel: String = ""
    var allowAllUsers: Bool = false
    var sendReadReceipts: Bool = false
    var message: String?
    func load() {
        let env = HermesEnvService(context: context).load()
        serverURL = env["BLUEBUBBLES_SERVER_URL"] ?? ""
        password = env["BLUEBUBBLES_PASSWORD"] ?? ""
        webhookHost = env["BLUEBUBBLES_WEBHOOK_HOST"] ?? "127.0.0.1"
        webhookPort = env["BLUEBUBBLES_WEBHOOK_PORT"] ?? "8645"
        webhookPath = env["BLUEBUBBLES_WEBHOOK_PATH"] ?? ""
        allowedUsers = env["BLUEBUBBLES_ALLOWED_USERS"] ?? ""
        homeChannel = env["BLUEBUBBLES_HOME_CHANNEL"] ?? ""
        allowAllUsers = PlatformSetupHelpers.parseEnvBool(env["BLUEBUBBLES_ALLOW_ALL_USERS"])
        sendReadReceipts = PlatformSetupHelpers.parseEnvBool(env["BLUEBUBBLES_SEND_READ_RECEIPTS"])
    }
    func save() {
        let envPairs: [String: String] = [
            "BLUEBUBBLES_SERVER_URL": serverURL,
            "BLUEBUBBLES_PASSWORD": password,
            "BLUEBUBBLES_WEBHOOK_HOST": webhookHost,
            "BLUEBUBBLES_WEBHOOK_PORT": webhookPort,
            "BLUEBUBBLES_WEBHOOK_PATH": webhookPath,
            "BLUEBUBBLES_ALLOWED_USERS": allowAllUsers ? "" : allowedUsers,
            "BLUEBUBBLES_HOME_CHANNEL": homeChannel,
            "BLUEBUBBLES_ALLOW_ALL_USERS": allowAllUsers ? "true" : "",
            "BLUEBUBBLES_SEND_READ_RECEIPTS": sendReadReceipts ? "true" : ""
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: [:])
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
@@ -0,0 +1,65 @@
 import Foundation
 /// Matrix setup. Supports both access-token and password auth. No SSO.
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/matrix
@Observable
@MainActor
 final class MatrixSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) { self.context = context }
    var homeserver: String = ""
    var accessToken: String = ""        // preferred
    var userID: String = ""
    var password: String = ""           // alternative to accessToken
    var allowedUsers: String = ""
    var homeRoom: String = ""
    var recoveryKey: String = ""
    var encryption: Bool = false
    // config.yaml
    var requireMention: Bool = true
    var autoThread: Bool = true
    var dmMentionThreads: Bool = false
    var message: String?
    func load() {
        let env = HermesEnvService(context: context).load()
        homeserver = env["MATRIX_HOMESERVER"] ?? ""
        accessToken = env["MATRIX_ACCESS_TOKEN"] ?? ""
        userID = env["MATRIX_USER_ID"] ?? ""
        password = env["MATRIX_PASSWORD"] ?? ""
        allowedUsers = env["MATRIX_ALLOWED_USERS"] ?? ""
        homeRoom = env["MATRIX_HOME_ROOM"] ?? ""
        recoveryKey = env["MATRIX_RECOVERY_KEY"] ?? ""
        encryption = PlatformSetupHelpers.parseEnvBool(env["MATRIX_ENCRYPTION"])
        let cfg = HermesFileService(context: context).loadConfig().matrix
        requireMention = cfg.requireMention
        autoThread = cfg.autoThread
        dmMentionThreads = cfg.dmMentionThreads
    }
    func save() {
        let envPairs: [String: String] = [
            "MATRIX_HOMESERVER": homeserver,
            "MATRIX_ACCESS_TOKEN": accessToken,
            "MATRIX_USER_ID": userID,
            "MATRIX_PASSWORD": password,
            "MATRIX_ALLOWED_USERS": allowedUsers,
            "MATRIX_HOME_ROOM": homeRoom,
            "MATRIX_RECOVERY_KEY": recoveryKey,
            "MATRIX_ENCRYPTION": encryption ? "true" : ""
        ]
        let configKV: [String: String] = [
            "matrix.require_mention": PlatformSetupHelpers.envBool(requireMention),
            "matrix.auto_thread": PlatformSetupHelpers.envBool(autoThread),
            "matrix.dm_mention_threads": PlatformSetupHelpers.envBool(dmMentionThreads)
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: configKV)
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
@@ -0,0 +1,51 @@
 import Foundation
 /// Mattermost setup. Server URL + personal access token (or bot token).
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/mattermost
@Observable
@MainActor
 final class MattermostSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) { self.context = context }
    var serverURL: String = ""
    var token: String = ""
    var allowedUsers: String = ""
    var homeChannel: String = ""
    var freeResponseChannels: String = ""
    var replyMode: String = "off"
    var requireMention: Bool = true
    var message: String?
    let replyModeOptions = ["off", "thread"]
    func load() {
        let env = HermesEnvService(context: context).load()
        serverURL = env["MATTERMOST_URL"] ?? ""
        token = env["MATTERMOST_TOKEN"] ?? ""
        allowedUsers = env["MATTERMOST_ALLOWED_USERS"] ?? ""
        homeChannel = env["MATTERMOST_HOME_CHANNEL"] ?? ""
        freeResponseChannels = env["MATTERMOST_FREE_RESPONSE_CHANNELS"] ?? ""
        replyMode = env["MATTERMOST_REPLY_MODE"] ?? "off"
        let cfg = HermesFileService(context: context).loadConfig().mattermost
        requireMention = cfg.requireMention
    }
    func save() {
        let envPairs: [String: String] = [
            "MATTERMOST_URL": serverURL,
            "MATTERMOST_TOKEN": token,
            "MATTERMOST_ALLOWED_USERS": allowedUsers,
            "MATTERMOST_HOME_CHANNEL": homeChannel,
            "MATTERMOST_FREE_RESPONSE_CHANNELS": freeResponseChannels,
            "MATTERMOST_REPLY_MODE": replyMode == "off" ? "" : replyMode,
            "MATTERMOST_REQUIRE_MENTION": PlatformSetupHelpers.envBool(requireMention)
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: [:])
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
@@ -0,0 +1,94 @@
 import Foundation
 import AppKit
 import os
 /// Shared helpers used by every per-platform setup view model.
 ///
 /// Each platform form follows the same pattern:
 /// 1. Load current values from `.env` + config.yaml into local `@Observable` state.
 /// 2. Present them in a form where changes happen in-memory.
 /// 3. On save, write env vars via `HermesEnvService.setMany` and config.yaml keys
 ///    via `hermes config set`, then surface a success/error toast.
 ///
 /// Putting the save logic here keeps each per-platform VM focused on its own
 /// field set without re-implementing the write plumbing 12 times.
@MainActor
 enum PlatformSetupHelpers {
    static let logger = Logger(subsystem: "com.scarf", category: "PlatformSetup")
    /// Apply a form save in one atomic batch against a specific server.
    ///
    /// - `context`: the server whose `.env` and `config.yaml` we're writing.
    ///   Local goes through `LocalTransport`; remote rounds through ssh+scp.
    /// - `envPairs`: values to write into `.env`. Empty strings trigger `unset()`
    ///   (commenting the line out) rather than storing a literal empty value.
    /// - `configKV`: scalar config.yaml paths to set via `hermes config set`.
    ///   Empty strings still produce a `config set <key> ""` call because
    ///   some fields accept an explicit empty string (e.g., `display.skin: ""`).
    ///
    /// Returns a user-facing summary message.
    @discardableResult
    static func saveForm(context: ServerContext, envPairs: [String: String], configKV: [String: String]) -> String {
        let envService = HermesEnvService(context: context)
        // Split env pairs into set vs. unset.
        var toSet: [String: String] = [:]
        var toUnset: [String] = []
        for (k, v) in envPairs {
            if v.isEmpty {
                toUnset.append(k)
            } else {
                toSet[k] = v
            }
        }
        var envOK = true
        if !toSet.isEmpty {
            envOK = envService.setMany(toSet)
        }
        for key in toUnset {
            _ = envService.unset(key)
        }
        var configFailures: [String] = []
        for (key, value) in configKV {
            let result = runHermesCLI(context: context, args: ["config", "set", key, value])
            if result.exitCode != 0 {
                configFailures.append(key)
                logger.warning("hermes config set \(key) failed: \(result.output)")
            }
        }
        if !envOK { return "Failed to write .env" }
        if !configFailures.isEmpty { return "Saved, but failed to update: \(configFailures.joined(separator: ", "))" }
        return "Saved — restart gateway to apply"
    }
    /// Synchronous hermes CLI invocation against the given server. Use only
    /// for fast commands like `config set`; longer commands should use
    /// `HermesFileService.runHermesCLI` from a `Task.detached`.
    static func runHermesCLI(context: ServerContext, args: [String], timeout: TimeInterval = 15) -> (exitCode: Int32, output: String) {
        HermesFileService(context: context).runHermesCLI(args: args, timeout: timeout)
    }
    /// Ask the user's default browser to open a URL (typically a hermes doc page
    /// or a platform developer portal).
    static func openURL(_ string: String) {
        guard let url = URL(string: string) else { return }
        NSWorkspace.shared.open(url)
    }
    /// Bool <-> "true"/"false" round-trip for env vars. Hermes accepts both
    /// "true"/"false" and "1"/"0"; we emit the string form for readability.
    static func envBool(_ on: Bool) -> String { on ? "true" : "false" }
    /// Parse an env string as a bool. Treats missing/empty as `false`.
    /// "true", "1", "yes", "on" (case-insensitive) are true.
    static func parseEnvBool(_ s: String?) -> Bool {
        guard let s else { return false }
        switch s.lowercased() {
        case "true", "1", "yes", "on": return true
        default: return false
        }
    }
 }
@@ -0,0 +1,119 @@
 import Foundation
 /// Signal setup. Users must install `signal-cli` externally (needs Java), link
 /// their account via `signal-cli link -n ...`, and run a daemon on an HTTP port
 /// that hermes talks to. We expose an embedded terminal for both the link and
 /// daemon commands.
 ///
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/signal
@Observable
@MainActor
 final class SignalSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) { self.context = context }
    var httpURL: String = "http://127.0.0.1:8080"
    var account: String = ""            // E.164 phone, e.g. +15551234567
    var allowedUsers: String = ""
    var groupAllowedUsers: String = ""
    var homeChannel: String = ""
    var allowAllUsers: Bool = false
    var message: String?
    let terminalController = EmbeddedSetupTerminalController()
    var signalCLIInstalled: Bool = false
    var activeTask: SignalTerminalTask = .none
    enum SignalTerminalTask: Equatable {
        case none
        case link
        case daemon
    }
    func load() {
        let env = HermesEnvService(context: context).load()
        httpURL = env["SIGNAL_HTTP_URL"] ?? "http://127.0.0.1:8080"
        account = env["SIGNAL_ACCOUNT"] ?? ""
        allowedUsers = env["SIGNAL_ALLOWED_USERS"] ?? ""
        groupAllowedUsers = env["SIGNAL_GROUP_ALLOWED_USERS"] ?? ""
        homeChannel = env["SIGNAL_HOME_CHANNEL"] ?? ""
        allowAllUsers = PlatformSetupHelpers.parseEnvBool(env["SIGNAL_ALLOW_ALL_USERS"])
        signalCLIInstalled = Self.detectSignalCLI()
    }
    /// Best-effort `signal-cli` binary lookup on the login-shell PATH.
    private static func detectSignalCLI() -> Bool {
        let env = HermesFileService.enrichedEnvironment()
        let paths = env["PATH"]?.split(separator: ":").map(String.init) ?? []
        for dir in paths {
            if FileManager.default.isExecutableFile(atPath: dir + "/signal-cli") {
                return true
            }
        }
        return false
    }
    func save() {
        let envPairs: [String: String] = [
            "SIGNAL_HTTP_URL": httpURL,
            "SIGNAL_ACCOUNT": account,
            "SIGNAL_ALLOWED_USERS": allowAllUsers ? "" : allowedUsers,
            "SIGNAL_GROUP_ALLOWED_USERS": groupAllowedUsers,
            "SIGNAL_HOME_CHANNEL": homeChannel,
            "SIGNAL_ALLOW_ALL_USERS": allowAllUsers ? "true" : ""
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: [:])
        clearMessageAfterDelay()
    }
    /// Run `signal-cli link -n HermesAgent` to generate a QR code.
    func startLink() {
        guard signalCLIInstalled else {
            message = "signal-cli not found on PATH — install it first"
            clearMessageAfterDelay()
            return
        }
        activeTask = .link
        terminalController.onExit = { [weak self] _ in
            self?.activeTask = .none
            self?.message = "Link step exited — save credentials and start the daemon next"
            self?.clearMessageAfterDelay()
        }
        terminalController.start(executable: "/usr/bin/env", arguments: ["signal-cli", "link", "-n", "HermesAgent"])
    }
    /// Run the signal-cli daemon. Users can stop it by closing the panel.
    func startDaemon() {
        guard !account.isEmpty else {
            message = "Enter your Signal account (E.164 format) first"
            clearMessageAfterDelay()
            return
        }
        guard signalCLIInstalled else {
            message = "signal-cli not found on PATH"
            clearMessageAfterDelay()
            return
        }
        activeTask = .daemon
        let bind = httpURL.replacingOccurrences(of: "http://", with: "").replacingOccurrences(of: "https://", with: "")
        terminalController.onExit = { [weak self] _ in
            self?.activeTask = .none
        }
        terminalController.start(
            executable: "/usr/bin/env",
            arguments: ["signal-cli", "--account", account, "daemon", "--http", bind]
        )
    }
    func stopTerminal() {
        terminalController.stop()
        activeTask = .none
    }
    private func clearMessageAfterDelay() {
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
@@ -0,0 +1,61 @@
 import Foundation
 /// Slack setup. Requires two tokens (bot + app-level for Socket Mode).
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/slack
@Observable
@MainActor
 final class SlackSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) { self.context = context }
    var botToken: String = ""           // xoxb-...
    var appToken: String = ""           // xapp-...
    var allowedUsers: String = ""
    var homeChannel: String = ""
    var homeChannelName: String = ""
    var replyToMode: String = "first"
    var requireMention: Bool = true
    var replyInThread: Bool = true
    var replyBroadcast: Bool = false
    var message: String?
    let replyToModeOptions = ["off", "first", "all"]
    func load() {
        let env = HermesEnvService(context: context).load()
        botToken = env["SLACK_BOT_TOKEN"] ?? ""
        appToken = env["SLACK_APP_TOKEN"] ?? ""
        allowedUsers = env["SLACK_ALLOWED_USERS"] ?? ""
        homeChannel = env["SLACK_HOME_CHANNEL"] ?? ""
        homeChannelName = env["SLACK_HOME_CHANNEL_NAME"] ?? ""
        let cfg = HermesFileService(context: context).loadConfig().slack
        replyToMode = cfg.replyToMode
        requireMention = cfg.requireMention
        replyInThread = cfg.replyInThread
        replyBroadcast = cfg.replyBroadcast
    }
    func save() {
        let envPairs: [String: String] = [
            "SLACK_BOT_TOKEN": botToken,
            "SLACK_APP_TOKEN": appToken,
            "SLACK_ALLOWED_USERS": allowedUsers,
            "SLACK_HOME_CHANNEL": homeChannel,
            "SLACK_HOME_CHANNEL_NAME": homeChannelName
        ]
        // Slack uses the modern `platforms.slack.*` schema.
        let configKV: [String: String] = [
            "platforms.slack.reply_to_mode": replyToMode,
            "platforms.slack.require_mention": PlatformSetupHelpers.envBool(requireMention),
            "platforms.slack.extra.reply_in_thread": PlatformSetupHelpers.envBool(replyInThread),
            "platforms.slack.extra.reply_broadcast": PlatformSetupHelpers.envBool(replyBroadcast)
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: configKV)
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
@@ -0,0 +1,64 @@
 import Foundation
 import os
 /// Telegram platform setup. Credentials live in `.env` (`TELEGRAM_*`); mention /
 /// reactions toggles live in `config.yaml` under `telegram.*`.
 ///
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/telegram
@Observable
@MainActor
 final class TelegramSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) { self.context = context }
    // Required
    var botToken: String = ""
    var allowedUsers: String = ""
    // Optional
    var homeChannel: String = ""
    var webhookURL: String = ""
    var webhookPort: String = ""
    var webhookSecret: String = ""
    // Config.yaml toggles
    var requireMention: Bool = true
    var reactions: Bool = false
    var message: String?
    func load() {
        let env = HermesEnvService(context: context).load()
        botToken = env["TELEGRAM_BOT_TOKEN"] ?? ""
        allowedUsers = env["TELEGRAM_ALLOWED_USERS"] ?? ""
        homeChannel = env["TELEGRAM_HOME_CHANNEL"] ?? ""
        webhookURL = env["TELEGRAM_WEBHOOK_URL"] ?? ""
        webhookPort = env["TELEGRAM_WEBHOOK_PORT"] ?? ""
        webhookSecret = env["TELEGRAM_WEBHOOK_SECRET"] ?? ""
        let cfg = HermesFileService(context: context).loadConfig()
        requireMention = cfg.telegram.requireMention
        reactions = cfg.telegram.reactions
    }
    func save() {
        let envPairs: [String: String] = [
            "TELEGRAM_BOT_TOKEN": botToken,
            "TELEGRAM_ALLOWED_USERS": allowedUsers,
            "TELEGRAM_HOME_CHANNEL": homeChannel,
            "TELEGRAM_WEBHOOK_URL": webhookURL,
            "TELEGRAM_WEBHOOK_PORT": webhookPort,
            "TELEGRAM_WEBHOOK_SECRET": webhookSecret
        ]
        let configKV: [String: String] = [
            "telegram.require_mention": PlatformSetupHelpers.envBool(requireMention),
            "telegram.reactions": PlatformSetupHelpers.envBool(reactions)
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: configKV)
        clearMessageAfterDelay()
    }
    private func clearMessageAfterDelay() {
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
@@ -0,0 +1,37 @@
 import Foundation
 /// Webhook platform setup. Just the global enable/port/secret — per-subscription
 /// routes live in the Webhooks sidebar feature.
 ///
 /// Field reference: https://hermes-agent.nousresearch.com/docs/user-guide/messaging/webhooks
@Observable
@MainActor
 final class WebhookSetupViewModel {
    let context: ServerContext
    init(context: ServerContext = .local) { self.context = context }
    var enabled: Bool = false
    var port: String = "8644"
    var secret: String = ""
    var message: String?
    func load() {
        let env = HermesEnvService(context: context).load()
        enabled = PlatformSetupHelpers.parseEnvBool(env["WEBHOOK_ENABLED"])
        port = env["WEBHOOK_PORT"] ?? "8644"
        secret = env["WEBHOOK_SECRET"] ?? ""
    }
    func save() {
        let envPairs: [String: String] = [
            "WEBHOOK_ENABLED": enabled ? "true" : "",
            "WEBHOOK_PORT": port,
            "WEBHOOK_SECRET": secret
        ]
        message = PlatformSetupHelpers.saveForm(context: context, envPairs: envPairs, configKV: [:])
        DispatchQueue.main.asyncAfter(deadline: .now() + 3) { [weak self] in
            self?.message = nil
        }
    }
 }
--- a/Show More
+++ b/Show More