fix(server/comment): remove HTML sanitizer that was corrupting Markdown (#1387) (#1436)

The bluemonday HTML sanitizer applied to comment content (added in #679)
treats Markdown source as HTML, entity-encoding syntactically meaningful
characters and normalizing whitespace. This corrupts user input:

  - "> quote"   -> "> quote"     (blockquote lost, see #1303)
  - '"foo"'     -> '"foo"'    (literal entities visible)
  - "\n\n2." -> " 2."             (ordered list items merged into prose)

Comment content is stored as Markdown source. XSS is already handled at
two layers:

  - Render: rehype-sanitize in packages/ui/markdown and
    packages/views/editor/readonly-content (mention:// allowlist,
    data-href restricted to http(s), class restricted to
    code/div/span/pre).
  - Edit: @tiptap/markdown is configured with html:false, so Markdown
    source containing raw HTML tags is treated as plain text.

Removing the server-side sanitizer therefore does not lower the security
boundary, and restores faithful Markdown round-tripping.

The PR #1342 workaround in the editor serializer can be dropped once
this lands.

Co-authored-by: devv-eve <eve@devv.ai>
Co-authored-by: Eve <eve@multica.ai>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

.env.example

@@ -4,8 +4,23 @@ POSTGRES_USER=multica
 POSTGRES_PASSWORD=multica
 POSTGRES_PORT=5432
 DATABASE_URL=postgres://multica:multica@localhost:5432/multica?sslmode=disable
+# Optional pgxpool tuning. Defaults are 25 / 5 per pod and are usually fine.
+# You can also set pool_max_conns / pool_min_conns as query params on
+# DATABASE_URL; env vars below take precedence over URL params.
+# DATABASE_MAX_CONNS=25
+# DATABASE_MIN_CONNS=5
 
 # Server
+# APP_ENV gates dev-only auth shortcuts (primarily the 888888 master code).
+#   - Docker self-host: docker-compose.selfhost.yml already pins APP_ENV to
+#     "production" by default, so 888888 is DISABLED — a public instance can't
+#     be logged into with any email + 888888.
+#   - Local dev (make dev): leave APP_ENV unset so 888888 works out of the box.
+#   - Docker self-host on a private network you fully control, or evaluation
+#     without Resend: set APP_ENV=development to re-enable 888888. Do NOT
+#     enable on a publicly reachable instance.
+# See SELF_HOSTING.md for the full login setup.
+APP_ENV=
 PORT=8080
 JWT_SECRET=change-me-in-production
 MULTICA_SERVER_URL=ws://localhost:8080/ws
@@ -22,7 +37,8 @@ MULTICA_CODEX_WORKDIR=
 MULTICA_CODEX_TIMEOUT=20m
 
 # Email (Resend)
-# For local/dev use, leave RESEND_API_KEY empty — codes print to stdout, and master code 888888 works.
+# For local/dev use, leave RESEND_API_KEY empty — codes print to stdout, and
+# master code 888888 works (only when APP_ENV != "production"; see above).
 # For production, set your Resend API key and change RESEND_FROM_EMAIL to a domain verified in your Resend account.
 RESEND_API_KEY=
 RESEND_FROM_EMAIL=noreply@multica.ai
@@ -40,6 +56,13 @@ CLOUDFRONT_KEY_PAIR_ID=
 CLOUDFRONT_PRIVATE_KEY_SECRET=multica/cloudfront-signing-key
 CLOUDFRONT_PRIVATE_KEY=
 CLOUDFRONT_DOMAIN=
+# COOKIE_DOMAIN — optional Domain attribute on session + CloudFront cookies.
+# Leave empty for single-host deployments (localhost, LAN IP, or a single
+# hostname) — session cookies become host-only, which is what the browser
+# wants. Only set it when the frontend and backend sit on different
+# subdomains of one registered domain (e.g. ".example.com"). Do NOT set it
+# to an IP address: RFC 6265 forbids IP literals in the cookie Domain
+# attribute and browsers silently drop such cookies.
 COOKIE_DOMAIN=
 
 # Local file storage (fallback when S3_BUCKET is not set)
@@ -63,3 +86,27 @@ NEXT_PUBLIC_WS_URL=
 # Remote API (optional) — set to proxy local frontend to a remote backend
 # Leave empty to use local backend (localhost:8080)
 # REMOTE_API_URL=https://multica-api.copilothub.ai
+
+# ==================== Self-hosting: Control Signups (fixes #930) ====================
+# Set to "false" to completely disable new user signups (recommended for private instances)
+ALLOW_SIGNUP=true
+# Must match ALLOW_SIGNUP for the UI to reflect the same signup setting.
+# Note: in typical Next.js builds, NEXT_PUBLIC_* values are baked into the client bundle,
+# so changing this usually requires rebuilding/redeploying the frontend (not just restarting the backend).
+NEXT_PUBLIC_ALLOW_SIGNUP=true
+
+# Optional: Only allow emails from these domains (comma-separated)
+ALLOWED_EMAIL_DOMAINS=
+
+# Optional: Only allow these exact email addresses (comma-separated)
+ALLOWED_EMAILS=
+
+# ==================== Analytics (PostHog) ====================
+# Product analytics events feed the acquisition → activation → expansion funnel.
+# Leave POSTHOG_API_KEY empty for local dev / self-hosted instances; the server
+# will run a no-op analytics client and ship nothing. See docs/analytics.md.
+POSTHOG_API_KEY=
+POSTHOG_HOST=https://us.i.posthog.com
+# Force the no-op client even when POSTHOG_API_KEY is set (CI / opt-out).
+ANALYTICS_DISABLED=
+

.github/workflows/ci.yml

@@ -30,7 +30,7 @@ jobs:
         run: pnpm install
 
       - name: Build, type check, and test
-        run: pnpm build && pnpm typecheck && pnpm test
+        run: pnpm exec turbo build typecheck test --filter='!@multica/docs'
 
   backend:
     runs-on: ubuntu-latest

.github/workflows/release.yml

@@ -3,7 +3,8 @@ name: Release
 on:
   push:
     tags:
-      - "v*"
+      - "v[0-9]+.[0-9]+.[0-9]+"
+      - "v[0-9]+.[0-9]+.[0-9]+-*"
 
 permissions:
   contents: write
@@ -17,6 +18,15 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Validate tag name
+        run: |
+          tag="${GITHUB_REF_NAME}"
+          echo "Triggered by tag: $tag"
+          if [[ "$tag" == *-dirty* ]]; then
+            echo "::error::Refusing to release from dirty tag '$tag'."
+            exit 1
+          fi
+
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
@@ -34,3 +44,60 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
+
+  # Build the Desktop installers for Linux and Windows and upload them to
+  # the GitHub Release that the `release` job above just published. macOS
+  # Desktop continues to ship via the manual `release-desktop` skill so it
+  # can be signed + notarized with Apple Developer credentials that are
+  # not (yet) wired into CI.
+  desktop:
+    needs: release
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            target: linux
+          - os: windows-latest
+            target: win
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install rpmbuild (Linux)
+        if: matrix.target == 'linux'
+        run: sudo apt-get update && sudo apt-get install -y rpm
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: server/go.mod
+          cache-dependency-path: server/go.sum
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Package Desktop installers (${{ matrix.target }})
+        working-directory: apps/desktop
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # electron-builder's GitHub publisher reads this:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Disable code signing on Linux/Windows for now — the public
+          # release is unsigned for these platforms, the CLI carries the
+          # trust boundary. Set CSC_LINK in repo secrets to enable
+          # Windows signing later.
+          CSC_IDENTITY_AUTO_DISCOVERY: "false"
+        run: node scripts/package.mjs --${{ matrix.target }} --x64 --arm64 --publish always

.goreleaser.yml

@@ -21,12 +21,12 @@ builds:
     goarch:
       - amd64
       - arm64
-    ignore:
-      - goos: windows
-        goarch: arm64
 
 archives:
-  - id: default
+  # Legacy archive name kept so already-released CLIs (whose `multica update`
+  # looks for `multica_{os}_{arch}.{ext}`) can keep self-updating. Remove
+  # once those versions are no longer in use.
+  - id: legacy
     formats:
       - tar.gz
     format_overrides:
@@ -34,6 +34,16 @@ archives:
         formats:
           - zip
     name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
+  # Versioned archive name used by current CLI / install scripts /
+  # desktop bootstrap going forward.
+  - id: versioned
+    formats:
+      - tar.gz
+    format_overrides:
+      - goos: windows
+        formats:
+          - zip
+    name_template: "{{ .ProjectName }}-cli-{{ .Version }}-{{ .Os }}-{{ .Arch }}"
 
 checksum:
   name_template: "checksums.txt"
@@ -48,6 +58,8 @@ changelog:
 
 brews:
   - name: multica
+    ids:
+      - versioned
     repository:
       owner: multica-ai
       name: homebrew-tap

CLAUDE.md

@@ -162,7 +162,7 @@ When the two apps need different behavior for the same concept (e.g., different
 When adding a new page or feature:
 
 1. **New page component** → add to `packages/views/<domain>/`. Never import from `next/*` or `react-router-dom`.
-2. **Wire it in both apps** → add a route in `apps/web/app/` (Next.js page file) AND in the desktop router.
+2. **Wire it in both apps** → add a route in `apps/web/app/` (Next.js page file) AND in the desktop router. **Exception**: pre-workspace transition flows (create workspace, accept invite) are NOT routes on desktop — they're `WindowOverlay` state. See *Desktop-specific Rules → Route categories*.
 3. **Navigation** → use `useNavigation().push()` or `<AppLink>`. Never use framework-specific link/router APIs in shared code.
 4. **Shared guards/providers** → use `DashboardGuard` from `packages/views/layout/`. Don't create separate guard logic per app.
 5. **Platform-specific UI** → if a feature is web-only or desktop-only, keep it in the respective app. Use props slots (`extra`, `topSlot`) on shared layout components to inject platform-specific UI.
@@ -176,6 +176,70 @@ Both apps share the same CSS foundation from `packages/ui/styles/`.
 - **Shared styles** → `packages/ui/styles/`. Never duplicate scrollbar styling, keyframes, or base layer rules in app CSS.
 - **`@source` directives** → both apps scan shared packages so Tailwind sees all class names.
 
+## Desktop-specific Rules
+
+These rules apply to `apps/desktop/` only. Web has different constraints (URL bar, SSR, no tabs) and doesn't share these concerns. Every rule in this section was added after a concrete bug — treat them as enforced, not suggestions.
+
+### Route categories
+
+Every path in the desktop app falls into exactly one category. Choosing the wrong one reproduces bugs we've already fixed.
+
+- **Session routes** — workspace-scoped pages (`/:slug/issues`, `/:slug/settings`). Rendered by the per-tab memory router under `WorkspaceRouteLayout`. These are legitimate tab destinations.
+- **Transition flows** — pre-workspace / one-shot actions (create workspace, accept invite). **NOT routes.** They live as `WindowOverlay` state, dispatched when the navigation adapter sees `push('/workspaces/new')` or `push('/invite/<id>')`. The shared view (`NewWorkspacePage`, `InvitePage`) is the content; the overlay wrapper supplies platform chrome.
+- **Error / stale states** — "workspace not available", tabs pointing at a revoked workspace. **NOT pages.** `WorkspaceRouteLayout` auto-heals by dropping the stale tab group from the store; the user never lands on an explicit error screen. Web keeps `NoAccessPage` (shareable URL makes the error state meaningful); desktop has no URL bar so stale = heal silently.
+
+**Adding a new pre-workspace flow on desktop**: register a new `WindowOverlay` type in `stores/window-overlay-store.ts`. Do NOT add it to `routes.tsx`. If a shared view needs the flow on both platforms, add the route on web (`apps/web/app/(auth)/...`) AND the overlay type on desktop — the shared view component is identical.
+
+### Workspace identity singleton
+
+`setCurrentWorkspace(slug, uuid)` in `@multica/core/platform` is the single source of truth for "which workspace is active right now". Three consumers depend on it:
+
+1. API client's `X-Workspace-Slug` header.
+2. Zustand per-workspace storage namespace.
+3. Chrome gating (`{slug && <AppSidebar />}` on desktop, similar on web).
+
+Normally set by `WorkspaceRouteLayout` when its route mounts. Critically: **unmount does NOT clear it.** Any code that leaves workspace context (leave workspace, delete workspace, force navigation to overlay) must call `setCurrentWorkspace(null, null)` explicitly — otherwise the realtime `workspace:deleted` handler races the mutation, chrome gating stays truthy while the workspace is gone from cache, and `useWorkspaceId` throws.
+
+### Workspace destructive operations
+
+Leave / Delete workspace flows must follow this order:
+
+1. Read destination from cached workspace list (no extra fetch).
+2. `setCurrentWorkspace(null, null)`.
+3. `navigation.push(destination)` — switch to next workspace or open new-workspace overlay.
+4. THEN `await mutation.mutateAsync(workspaceId)`.
+
+Reversing step 4 with steps 1–3 (mutate first, navigate after) causes a three-way race between the mutation's `onSettled` invalidate, the explicit `navigateAway`, and the realtime handler's `relocateAfterWorkspaceLoss` — all refetching the same `workspaces` query concurrently. One gets cancelled, bubbles as `CancelledError`, and triggers `window.location.assign` → full renderer reload / white screen.
+
+### Tab isolation
+
+Tabs are grouped per workspace in `stores/tab-store.ts`. The TabBar shows only the active workspace's tabs; cross-workspace tab leakage is impossible by construction (no flat global tabs array).
+
+Cross-workspace `push(path)` is detected by the navigation adapter (`platform/navigation.tsx`) and translated into `switchWorkspace(slug, targetPath)` — NOT a navigation within the current tab's router. Don't bypass the adapter; always go through `useNavigation()` from shared code.
+
+### Drag region (macOS window-move)
+
+Every full-window desktop view (login, overlay, any page that covers the native title bar) needs a top drag strip so users can move the window. On macOS the traffic lights are hidden via `useImmersiveMode` in overlay-style contexts, so the drag strip also gives back that corner for pointer-drag.
+
+**Pattern**: flex child at top, not absolute overlay.
+
+```tsx
+<div className="fixed inset-0 z-50 flex flex-col bg-background">
+  <div className="h-12 shrink-0" style={{ WebkitAppRegion: "drag" }} />
+  <div className="flex-1 overflow-auto" style={{ WebkitAppRegion: "no-drag" }}>
+    {/* page content — interactive elements need their own "no-drag" */}
+  </div>
+</div>
+```
+
+Why flex, not absolute: the absolute-strip + `z-index` approach relies on stacking-context hit-testing, which isn't reliable for `-webkit-app-region`. A real flex row with no siblings at that pixel is unambiguous. Height matches `MainTopBar` (48px / `h-12`) for consistency.
+
+Canonical examples: `components/window-overlay.tsx`, `pages/login.tsx`.
+
+### UX vs platform chrome
+
+UX affordances (Back button, Log out button, welcome copy, invite card) belong in `packages/views/` so web and desktop render identical content. Platform chrome (drag strip, `useImmersiveMode`, tab system interaction, traffic-light accommodation) lives in desktop-only code. Violating this split always produces platform divergence — if a button exists on desktop but not on web for the same flow, it's a signal the UX escaped into platform code.
+
 ## UI/UX Rules
 
 - Prefer shadcn components over custom implementations. Install via `pnpm ui:add <component>` from project root — adds to `packages/ui/components/ui/`. All components use Base UI primitives (`@base-ui/react`), not Radix.

CLI_AND_DAEMON.md

@@ -278,7 +278,7 @@ multica issue list --priority urgent --assignee "Agent Name"
 multica issue list --limit 20 --output json
 ```
 
-Available filters: `--status`, `--priority`, `--assignee`, `--limit`.
+Available filters: `--status`, `--priority`, `--assignee`, `--project`, `--limit`.
 
 ### Get Issue
 
@@ -293,7 +293,7 @@ multica issue get <id> --output json
 multica issue create --title "Fix login bug" --description "..." --priority high --assignee "Lambda"
 ```
 
-Flags: `--title` (required), `--description`, `--status`, `--priority`, `--assignee`, `--parent`, `--due-date`.
+Flags: `--title` (required), `--description`, `--status`, `--priority`, `--assignee`, `--parent`, `--project`, `--due-date`.
 
 ### Update Issue
 
@@ -332,6 +332,27 @@ multica issue comment add <issue-id> --parent <comment-id> --content "Thanks!"
 multica issue comment delete <comment-id>
 ```
 
+### Subscribers
+
+```bash
+# List subscribers of an issue
+multica issue subscriber list <issue-id>
+
+# Subscribe yourself to an issue
+multica issue subscriber add <issue-id>
+
+# Subscribe another member or agent by name
+multica issue subscriber add <issue-id> --user "Lambda"
+
+# Unsubscribe yourself
+multica issue subscriber remove <issue-id>
+
+# Unsubscribe another member or agent
+multica issue subscriber remove <issue-id> --user "Lambda"
+```
+
+Subscribers receive notifications about issue activity (new comments, status changes, etc.). Without `--user`, the command acts on the caller.
+
 ### Execution History
 
 ```bash
@@ -349,6 +370,70 @@ multica issue run-messages <task-id> --since 42 --output json
 
 The `runs` command shows all past and current executions for an issue, including running tasks. The `run-messages` command shows the detailed message log (tool calls, thinking, text, errors) for a single run. Use `--since` for efficient polling of in-progress runs.
 
+## Projects
+
+Projects group related issues (e.g. a sprint, an epic, a workstream). Every project
+belongs to a workspace and can optionally have a lead (member or agent).
+
+### List Projects
+
+```bash
+multica project list
+multica project list --status in_progress
+multica project list --output json
+```
+
+Available filters: `--status`.
+
+### Get Project
+
+```bash
+multica project get <id>
+multica project get <id> --output json
+```
+
+### Create Project
+
+```bash
+multica project create --title "2026 Week 16 Sprint" --icon "🏃" --lead "Lambda"
+```
+
+Flags: `--title` (required), `--description`, `--status`, `--icon`, `--lead`.
+
+### Update Project
+
+```bash
+multica project update <id> --title "New title" --status in_progress
+multica project update <id> --lead "Lambda"
+```
+
+Flags: `--title`, `--description`, `--status`, `--icon`, `--lead`.
+
+### Change Status
+
+```bash
+multica project status <id> in_progress
+```
+
+Valid statuses: `planned`, `in_progress`, `paused`, `completed`, `cancelled`.
+
+### Delete Project
+
+```bash
+multica project delete <id>
+```
+
+### Associating Issues with Projects
+
+Use the `--project` flag on `issue create` / `issue update` to attach an issue to a
+project, or on `issue list` to filter issues by project:
+
+```bash
+multica issue create --title "Login bug" --project <project-id>
+multica issue update <issue-id> --project <project-id>
+multica issue list --project <project-id>
+```
+
 ## Setup
 
 ```bash
@@ -385,6 +470,63 @@ multica config set app_url https://app.example.com
 multica config set workspace_id <workspace-id>
 ```
 
+## Autopilot Commands
+
+Autopilots are scheduled/triggered automations that dispatch agent tasks (either by creating an issue or by running an agent directly).
+
+### List Autopilots
+
+```bash
+multica autopilot list
+multica autopilot list --status active --output json
+```
+
+### Get Autopilot Details
+
+```bash
+multica autopilot get <id>
+multica autopilot get <id> --output json   # includes triggers
+```
+
+### Create / Update / Delete
+
+```bash
+multica autopilot create \
+  --title "Nightly bug triage" \
+  --description "Scan todo issues and prioritize." \
+  --agent "Lambda" \
+  --mode create_issue
+
+multica autopilot update <id> --status paused
+multica autopilot update <id> --description "New prompt"
+multica autopilot delete <id>
+```
+
+`--mode` currently only accepts `create_issue` (creates a new issue on each run and assigns it to the agent). The server data model also defines `run_only`, but the daemon task path doesn't yet resolve a workspace for runs without an issue, so it's not exposed by the CLI. `--agent` accepts either a name or UUID.
+
+### Manual Trigger
+
+```bash
+multica autopilot trigger <id>            # Fires the autopilot once, returns the run
+```
+
+### Run History
+
+```bash
+multica autopilot runs <id>
+multica autopilot runs <id> --limit 50 --output json
+```
+
+### Schedule Triggers
+
+```bash
+multica autopilot trigger-add <autopilot-id> --cron "0 9 * * 1-5" --timezone "America/New_York"
+multica autopilot trigger-update <autopilot-id> <trigger-id> --enabled=false
+multica autopilot trigger-delete <autopilot-id> <trigger-id>
+```
+
+Only cron-based `schedule` triggers are currently exposed via the CLI. The data model also defines `webhook` and `api` kinds, but there is no server endpoint that fires them yet, so they're not surfaced here.
+
 ## Other Commands
 
 ```bash

CLI_INSTALL.md

@@ -76,7 +76,8 @@ fi
 LATEST=$(curl -sI https://github.com/multica-ai/multica/releases/latest | grep -i '^location:' | sed 's/.*tag\///' | tr -d '\r\n')
 
 # Download and extract
-curl -sL "https://github.com/multica-ai/multica/releases/download/${LATEST}/multica_${OS}_${ARCH}.tar.gz" -o /tmp/multica.tar.gz
+VERSION="${LATEST#v}"
+curl -sL "https://github.com/multica-ai/multica/releases/download/${LATEST}/multica-cli-${VERSION}-${OS}-${ARCH}.tar.gz" -o /tmp/multica.tar.gz
 tar -xzf /tmp/multica.tar.gz -C /tmp multica
 sudo mv /tmp/multica /usr/local/bin/multica
 rm /tmp/multica.tar.gz

Makefile

@@ -66,7 +66,8 @@ selfhost:
 		echo "  Frontend: http://localhost:$${FRONTEND_PORT:-3000}"; \
 		echo "  Backend:  http://localhost:$${PORT:-8080}"; \
 		echo ""; \
-		echo "Log in with any email + verification code: 888888"; \
+		echo "Log in: configure RESEND_API_KEY in .env for email codes,"; \
+		echo "        or set APP_ENV=development in .env (private networks only) to enable code 888888."; \
 		echo ""; \
 		echo "Next — install the CLI and connect your machine:"; \
 		echo "  brew install multica-ai/tap/multica"; \

SELF_HOSTING.md

@@ -26,7 +26,7 @@ multica setup self-host
 
 This clones the repository, starts all services via Docker Compose, installs the `multica` CLI, then configures it for localhost.
 
-Open http://localhost:3000, log in with any email + verification code **`888888`**.
+Open http://localhost:3000. To log in, configure `RESEND_API_KEY` in `.env` for email-based codes (recommended), or set `APP_ENV=development` in `.env` to enable the dev master code **`888888`**. See [Step 2 — Log In](#step-2--log-in) for details.
 
 > **Prerequisites:** Docker and Docker Compose must be installed. The script checks for this and provides install links if missing.
 >
@@ -63,9 +63,13 @@ Once ready:
 
 ### Step 2 — Log In
 
-Open http://localhost:3000 in your browser. Enter any email address and use verification code **`888888`** to log in.
+Open http://localhost:3000 in your browser. The Docker self-host stack defaults to `APP_ENV=production` (set in `docker-compose.selfhost.yml`), so the dev master code is **disabled by default** for safety on public deployments. Pick one of the following to log in:
 
-> This master code works in all non-production environments (i.e. when `APP_ENV` is not set to `production`). For production, configure an email provider — see [Advanced Configuration](SELF_HOSTING_ADVANCED.md#email-required-for-authentication).
+- **Recommended (production):** configure `RESEND_API_KEY` in `.env`, then restart the backend. Real verification codes will be sent to the email address you enter. See [Advanced Configuration → Email](SELF_HOSTING_ADVANCED.md#email-required-for-authentication).
+- **Evaluation / private network:** set `APP_ENV=development` in `.env` and restart the backend. Verification code **`888888`** will then work for any email address.
+- **Without configuring either:** the verification code is generated server-side and printed to the backend container logs (look for `[DEV] Verification code for ...:`). Useful for one-off testing on a single machine.
+
+> **Warning:** do **not** set `APP_ENV=development` on a publicly reachable instance — anyone who knows an email address can then log in with `888888`.
 
 ### Step 3 — Install CLI & Start Daemon
 

SELF_HOSTING_ADVANCED.md

@@ -14,6 +14,15 @@ All configuration is done via environment variables. Copy `.env.example` as a st
 | `JWT_SECRET` | **Must change from default.** Secret key for signing JWT tokens. Use a long random string. | `openssl rand -hex 32` |
 | `FRONTEND_ORIGIN` | URL where the frontend is served (used for CORS) | `https://app.example.com` |
 
+### Database Pool Tuning (Optional)
+
+These have sensible defaults and only need to be set when tuning a large or constrained deployment. Precedence (highest first): env var → `pool_*` query params on `DATABASE_URL` → built-in default.
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `DATABASE_MAX_CONNS` | pgxpool max connections per pod. `pod_count × DATABASE_MAX_CONNS` should stay well below the Postgres `max_connections` ceiling. With a connection pooler (PgBouncer / RDS Proxy / Supavisor) in front, this can be raised significantly. | `25` |
+| `DATABASE_MIN_CONNS` | pgxpool warm baseline connections per pod. Auto-clamped to `DATABASE_MAX_CONNS`. | `5` |
+
 ### Email (Required for Authentication)
 
 Multica uses email-based magic link authentication via [Resend](https://resend.com).
@@ -23,7 +32,7 @@ Multica uses email-based magic link authentication via [Resend](https://resend.c
 | `RESEND_API_KEY` | Your Resend API key |
 | `RESEND_FROM_EMAIL` | Sender email address (default: `noreply@multica.ai`) |
 
-> **Note:** For local/development deployments without email configured, you can use the master verification code `888888` to log in.
+> **Note:** The dev master verification code `888888` is gated by `APP_ENV != "production"`. The Docker self-host stack defaults to `APP_ENV=production` (so `888888` is disabled), which protects publicly reachable instances. For local development without email configured, set `APP_ENV=development` in your `.env` to enable `888888` — never do this on a public instance.
 
 ### Google OAuth (Optional)
 
@@ -44,7 +53,14 @@ For file uploads and attachments, configure S3 and CloudFront:
 | `CLOUDFRONT_DOMAIN` | CloudFront distribution domain |
 | `CLOUDFRONT_KEY_PAIR_ID` | CloudFront key pair ID for signed URLs |
 | `CLOUDFRONT_PRIVATE_KEY` | CloudFront private key (PEM format) |
-| `COOKIE_DOMAIN` | Domain for CloudFront auth cookies |
+
+### Cookies
+
+| Variable | Description |
+|----------|-------------|
+| `COOKIE_DOMAIN` | Optional `Domain` attribute for session + CloudFront cookies. **Leave empty** for single-host deployments (localhost, LAN IP, or a single hostname). Only set it when the frontend and backend sit on different subdomains of one registered domain (e.g. `.example.com`). **Do not use an IP literal** — RFC 6265 forbids IP addresses in the cookie `Domain` attribute and browsers will drop such `Set-Cookie` headers. |
+
+The `Secure` flag on session cookies is derived automatically from the scheme of `FRONTEND_ORIGIN`: HTTPS origins get `Secure` cookies; plain-HTTP origins (LAN / private-network self-host) get non-secure cookies so the browser can actually store them.
 
 ### Server
 

apps/desktop/electron-builder.yml

@@ -21,25 +21,34 @@ mac:
     - zip
   # Hardcoded name avoids the `@multica/desktop-*` subdirectory that
   # `${name}` produces for scoped package names.
-  artifactName: multica-desktop-${version}-${arch}.${ext}
+  # Naming scheme: multica-desktop-<version>-<platform>-<arch>.<ext>
+  # so the filename alone surfaces kind, version, platform, and CPU arch.
+  artifactName: multica-desktop-${version}-mac-${arch}.${ext}
   # Notarize via notarytool. Requires APPLE_ID + APPLE_APP_SPECIFIC_PASSWORD
   # + APPLE_TEAM_ID env vars at package time. Non-mac contributors are
   # unaffected because `pnpm package` already requires the Developer ID
   # signing cert — notarization is a strict superset.
   notarize: true
 dmg:
-  artifactName: multica-desktop-${version}-${arch}.${ext}
+  artifactName: multica-desktop-${version}-mac-${arch}.${ext}
 linux:
   target:
     - AppImage
     - deb
-  artifactName: ${name}-${version}-${arch}.${ext}
+    - rpm
+  artifactName: multica-desktop-${version}-linux-${arch}.${ext}
 win:
   target:
     - nsis
-  artifactName: ${name}-${version}-setup.${ext}
+  artifactName: multica-desktop-${version}-windows-${arch}.${ext}
 publish:
   provider: github
   owner: multica-ai
   repo: multica
+  # Align with our CLI release flow which pre-creates a *published* GitHub
+  # Release via `gh release create`. The electron-builder default of
+  # `releaseType: draft` conflicts with `existingType=release` and causes
+  # uploads of the DMG/ZIP/blockmaps/latest-mac.yml to be silently skipped,
+  # which breaks electron-updater auto-update on installed clients.
+  releaseType: release
 npmRebuild: false

apps/desktop/eslint.config.mjs

@@ -10,4 +10,28 @@ export default [
       globals: { ...globals.node },
     },
   },
+  // Security: every renderer-controlled URL that reaches the OS shell must
+  // flow through openExternalSafely in src/main/external-url.ts (scheme
+  // allowlist). Enforce it statically so a direct shell.openExternal call
+  // cannot silently regress the protection.
+  {
+    files: ["src/main/**/*.ts"],
+    rules: {
+      "no-restricted-syntax": [
+        "error",
+        {
+          selector:
+            "CallExpression[callee.object.name='shell'][callee.property.name='openExternal']",
+          message:
+            "Do not call shell.openExternal directly. Use openExternalSafely from './external-url' so the http/https allowlist stays enforced.",
+        },
+      ],
+    },
+  },
+  {
+    files: ["src/main/external-url.ts"],
+    rules: {
+      "no-restricted-syntax": "off",
+    },
+  },
 ];

apps/desktop/package.json

@@ -13,6 +13,7 @@
     "typecheck": "pnpm run typecheck:node && pnpm run typecheck:web",
     "preview": "electron-vite preview",
     "package": "node scripts/package.mjs",
+    "package:all": "node scripts/package.mjs --all-platforms --publish never",
     "lint": "eslint .",
     "test": "vitest run",
     "postinstall": "electron-builder install-app-deps"

apps/desktop/scripts/bundle-cli.mjs

@@ -13,7 +13,7 @@
 // skip the build and fall through to auto-install at runtime. A genuine
 // Go compile error is fatal — you want that to block dev, not hide.
 
-import { access, chmod, copyFile, mkdir } from "node:fs/promises";
+import { access, chmod, copyFile, mkdir, rm } from "node:fs/promises";
 import { constants } from "node:fs";
 import { execFileSync, execSync } from "node:child_process";
 import { dirname, join, resolve } from "node:path";
@@ -23,8 +23,54 @@ const here = dirname(fileURLToPath(import.meta.url));
 const repoRoot = resolve(here, "..", "..", "..");
 const serverDir = join(repoRoot, "server");
 
-const binName = process.platform === "win32" ? "multica.exe" : "multica";
-const srcBinary = join(serverDir, "bin", binName);
+const PLATFORM_TO_GOOS = {
+  darwin: "darwin",
+  linux: "linux",
+  win32: "windows",
+};
+
+const SUPPORTED_ARCHS = new Set(["x64", "arm64"]);
+
+function runtimePlatformFromArgs(argv) {
+  const flagIndex = argv.indexOf("--target-platform");
+  if (flagIndex === -1) return process.platform;
+  return argv[flagIndex + 1] ?? "";
+}
+
+function runtimeArchFromArgs(argv) {
+  const flagIndex = argv.indexOf("--target-arch");
+  if (flagIndex === -1) return process.arch;
+  return argv[flagIndex + 1] ?? "";
+}
+
+function normalizeRuntimePlatform(platform) {
+  if (platform in PLATFORM_TO_GOOS) return platform;
+  throw new Error(
+    `[bundle-cli] unsupported target platform: ${platform}. ` +
+      "Use darwin, linux, or win32.",
+  );
+}
+
+function normalizeRuntimeArch(arch) {
+  if (SUPPORTED_ARCHS.has(arch)) return arch;
+  throw new Error(
+    `[bundle-cli] unsupported target architecture: ${arch}. ` +
+      "Use x64 or arm64.",
+  );
+}
+
+function binaryNameForPlatform(platform) {
+  return platform === "win32" ? "multica.exe" : "multica";
+}
+
+const targetPlatform = normalizeRuntimePlatform(
+  runtimePlatformFromArgs(process.argv.slice(2)),
+);
+const targetArch = normalizeRuntimeArch(runtimeArchFromArgs(process.argv.slice(2)));
+const goos = PLATFORM_TO_GOOS[targetPlatform];
+const goarch = targetArch === "x64" ? "amd64" : targetArch;
+const binName = binaryNameForPlatform(targetPlatform);
+const srcBinary = join(serverDir, "bin", `${goos}-${goarch}`, binName);
 const destDir = join(repoRoot, "apps", "desktop", "resources", "bin");
 const destBinary = join(destDir, binName);
 
@@ -61,8 +107,9 @@ if (hasGo()) {
   const ldflags = `-X main.version=${version} -X main.commit=${commit} -X main.date=${date}`;
 
   console.log(
-    `[bundle-cli] go build → ${srcBinary} (version=${version} commit=${commit})`,
+    `[bundle-cli] go build → ${srcBinary} (${goos}/${goarch}, version=${version} commit=${commit})`,
   );
+  await mkdir(join(serverDir, "bin", `${goos}-${goarch}`), { recursive: true });
   execFileSync(
     "go",
     [
@@ -70,10 +117,19 @@ if (hasGo()) {
       "-ldflags",
       ldflags,
       "-o",
-      join("bin", binName),
+      srcBinary,
       "./cmd/multica",
     ],
-    { cwd: serverDir, stdio: "inherit" },
+    {
+      cwd: serverDir,
+      stdio: "inherit",
+      env: {
+        ...process.env,
+        CGO_ENABLED: "0",
+        GOOS: goos,
+        GOARCH: goarch,
+      },
+    },
   );
 } else {
   console.warn(
@@ -88,9 +144,11 @@ if (!(await exists(srcBinary))) {
     `[bundle-cli] ${srcBinary} not present — Desktop will fall back to ` +
       `auto-installing the latest release at runtime.`,
   );
+  await rm(destDir, { recursive: true, force: true });
   process.exit(0);
 }
 
+await rm(destDir, { recursive: true, force: true });
 await mkdir(destDir, { recursive: true });
 await copyFile(srcBinary, destBinary);
 await chmod(destBinary, 0o755);

apps/desktop/scripts/package.mjs

@@ -5,11 +5,11 @@
 // binary via the `main.version` ldflag — so a single `vX.Y.Z` tag push
 // produces matching CLI and Desktop versions.
 //
-// Runs bundle-cli.mjs first (so the Go binary is compiled and copied
-// into resources/bin/), then `electron-vite build` to produce the
-// main/preload/renderer bundles under out/, then invokes electron-builder
-// with `-c.extraMetadata.version=<derived>` so the override applies at
-// build time without mutating the tracked package.json.
+// Builds the Electron bundles once, then for each requested target
+// (platform + arch) compiles the matching Go CLI into resources/bin/ and
+// invokes electron-builder with `-c.extraMetadata.version=<derived>` so
+// the override applies at build time without mutating the tracked
+// package.json.
 //
 // The electron-vite step is important: electron-builder only packages
 // whatever is already in out/, so skipping it (or relying on stale
@@ -25,11 +25,50 @@
 // version-derivation logic without shelling out.
 
 import { execFileSync, spawnSync, execSync } from "node:child_process";
-import { dirname, resolve } from "node:path";
+import { delimiter, dirname, resolve } from "node:path";
 import { fileURLToPath, pathToFileURL } from "node:url";
 
 const here = dirname(fileURLToPath(import.meta.url));
 const desktopRoot = resolve(here, "..");
+const bundleCliScript = resolve(here, "bundle-cli.mjs");
+
+const PLATFORM_CONFIG = {
+  mac: {
+    aliases: new Set(["--mac", "--macos", "-m"]),
+    builderFlag: "--mac",
+    runtimePlatform: "darwin",
+    label: "macOS",
+  },
+  win: {
+    aliases: new Set(["--win", "--windows", "-w"]),
+    builderFlag: "--win",
+    runtimePlatform: "win32",
+    label: "Windows",
+  },
+  linux: {
+    aliases: new Set(["--linux", "-l"]),
+    builderFlag: "--linux",
+    runtimePlatform: "linux",
+    label: "Linux",
+  },
+};
+
+const ARCH_FLAGS = new Map([
+  ["--x64", "x64"],
+  ["--arm64", "arm64"],
+  ["--ia32", "ia32"],
+  ["--armv7l", "armv7l"],
+  ["--universal", "universal"],
+]);
+
+const SUPPORTED_CLI_ARCHS = new Set(["x64", "arm64"]);
+const MAC_ALL_PLATFORM_TARGETS = [
+  { platform: "mac", arch: "arm64" },
+  { platform: "win", arch: "x64" },
+  { platform: "win", arch: "arm64" },
+  { platform: "linux", arch: "x64" },
+  { platform: "linux", arch: "arm64" },
+];
 
 function sh(cmd) {
   try {
@@ -77,20 +116,223 @@ function deriveVersion() {
   return normalizeGitVersion(sh("git describe --tags --always --dirty"));
 }
 
-function main() {
-  // Step 1: build + bundle the Go CLI via the existing script.
-  execFileSync("node", [resolve(here, "bundle-cli.mjs")], {
-    stdio: "inherit",
-    cwd: desktopRoot,
-  });
+function uniqueOrdered(values) {
+  return [...new Set(values)];
+}
 
-  // Step 2: build the Electron main/preload/renderer bundles. Without
+export function envWithLocalBins(env = process.env, root = desktopRoot) {
+  const pathKey =
+    Object.keys(env).find((key) => key.toUpperCase() === "PATH") ?? "PATH";
+  const existingPath = env[pathKey] ?? "";
+  const localBins = uniqueOrdered([
+    resolve(root, "node_modules", ".bin"),
+    resolve(root, "..", "..", "node_modules", ".bin"),
+  ]);
+  const mergedPath = uniqueOrdered([
+    ...localBins,
+    ...String(existingPath)
+      .split(delimiter)
+      .filter(Boolean),
+  ]).join(delimiter);
+  return { ...env, [pathKey]: mergedPath };
+}
+
+function hostPlatformKey(platform = process.platform) {
+  if (platform === "darwin") return "mac";
+  if (platform === "win32") return "win";
+  if (platform === "linux") return "linux";
+  throw new Error(`[package] unsupported host platform: ${platform}`);
+}
+
+function hostArchKey(arch = process.arch) {
+  if (SUPPORTED_CLI_ARCHS.has(arch)) return arch;
+  throw new Error(
+    `[package] unsupported host architecture for Desktop CLI bundling: ${arch}`,
+  );
+}
+
+function expandPlatformShorthand(token) {
+  if (!/^-[mwl]{2,}$/.test(token)) return null;
+  const expanded = [];
+  for (const char of token.slice(1)) {
+    if (char === "m") expanded.push("mac");
+    if (char === "w") expanded.push("win");
+    if (char === "l") expanded.push("linux");
+  }
+  return uniqueOrdered(expanded);
+}
+
+function platformKeyForToken(token) {
+  for (const [platform, config] of Object.entries(PLATFORM_CONFIG)) {
+    if (config.aliases.has(token)) return platform;
+  }
+  return null;
+}
+
+function platformTargetsTemplate() {
+  return { mac: [], win: [], linux: [] };
+}
+
+export function parsePackageArgs(argv) {
+  const sharedArgs = [];
+  const platformTargets = platformTargetsTemplate();
+  const requestedPlatforms = [];
+  const requestedArchs = [];
+  let allPlatforms = false;
+
+  for (let i = 0; i < argv.length; i += 1) {
+    const token = argv[i];
+    if (token === "--all-platforms") {
+      allPlatforms = true;
+      continue;
+    }
+
+    const expandedPlatforms = expandPlatformShorthand(token);
+    if (expandedPlatforms) {
+      requestedPlatforms.push(...expandedPlatforms);
+      continue;
+    }
+
+    const platform = platformKeyForToken(token);
+    if (platform) {
+      requestedPlatforms.push(platform);
+      while (i + 1 < argv.length && !argv[i + 1].startsWith("-")) {
+        platformTargets[platform].push(argv[i + 1]);
+        i += 1;
+      }
+      continue;
+    }
+
+    const arch = ARCH_FLAGS.get(token);
+    if (arch) {
+      requestedArchs.push(arch);
+      continue;
+    }
+
+    sharedArgs.push(token);
+  }
+
+  return {
+    allPlatforms,
+    sharedArgs,
+    platformTargets,
+    requestedPlatforms: uniqueOrdered(requestedPlatforms),
+    requestedArchs: uniqueOrdered(requestedArchs),
+  };
+}
+
+export function resolveBuildMatrix(parsed, platform = process.platform, arch = process.arch) {
+  if (parsed.allPlatforms) {
+    if (parsed.requestedPlatforms.length > 0 || parsed.requestedArchs.length > 0) {
+      throw new Error(
+        "[package] --all-platforms cannot be combined with explicit platform or arch flags",
+      );
+    }
+    if (platform !== "darwin") {
+      throw new Error(
+        `[package] --all-platforms is only supported on macOS hosts (current: ${platform})`,
+      );
+    }
+    return MAC_ALL_PLATFORM_TARGETS.map((target) => ({ ...target }));
+  }
+
+  const platforms =
+    parsed.requestedPlatforms.length > 0
+      ? parsed.requestedPlatforms
+      : [hostPlatformKey(platform)];
+  const archs =
+    parsed.requestedArchs.length > 0
+      ? parsed.requestedArchs
+      : [hostArchKey(arch)];
+
+  const unsupported = archs.filter((value) => !SUPPORTED_CLI_ARCHS.has(value));
+  if (unsupported.length > 0) {
+    throw new Error(
+      `[package] unsupported Desktop CLI architecture(s): ${unsupported.join(", ")}. ` +
+        "Use --x64 or --arm64.",
+    );
+  }
+
+  return platforms.flatMap((targetPlatform) =>
+    archs.map((targetArch) => ({
+      platform: targetPlatform,
+      arch: targetArch,
+    })),
+  );
+}
+
+function formatTarget(target) {
+  return `${PLATFORM_CONFIG[target.platform].label} ${target.arch}`;
+}
+
+export function builderArgsForTarget(
+  target,
+  parsed,
+  version,
+  {
+    disableMacNotarize = false,
+    hostPlatform = process.platform,
+    useScopedOutputDir = false,
+  } = {},
+) {
+  const builderArgs = [];
+  if (version) builderArgs.push(`-c.extraMetadata.version=${version}`);
+  if (disableMacNotarize) builderArgs.push("-c.mac.notarize=false");
+  builderArgs.push(PLATFORM_CONFIG[target.platform].builderFlag);
+  const requestedTargets = parsed.platformTargets[target.platform];
+  if (
+    target.platform === "linux" &&
+    hostPlatform !== "linux" &&
+    requestedTargets.length === 0
+  ) {
+    // electron-builder only guarantees AppImage/Snap when cross-building
+    // Linux from macOS/Windows. Keep `package:all` portable by defaulting
+    // to AppImage unless the caller explicitly requests Linux targets.
+    builderArgs.push("AppImage");
+  } else {
+    builderArgs.push(...requestedTargets);
+  }
+  builderArgs.push(`--${target.arch}`);
+  builderArgs.push(...parsed.sharedArgs);
+  if (useScopedOutputDir) {
+    builderArgs.push(
+      `-c.directories.output=dist/${target.platform}-${target.arch}`,
+    );
+  }
+  // electron-builder's update metadata file is `latest.yml` for Windows
+  // regardless of arch (only Linux gets an arch suffix automatically — see
+  // app-builder-lib's getArchPrefixForUpdateFile). Without an explicit
+  // channel override, building Windows x64 and arm64 in two invocations
+  // makes both publish `latest.yml` to the same GitHub Release, so the
+  // second upload overwrites the first and one of the two architectures
+  // ends up with no auto-update metadata. Route Windows arm64 to its own
+  // channel so x64 keeps `latest.yml` and arm64 ships `latest-arm64.yml`;
+  // the renderer-side updater pins the matching channel per arch.
+  if (target.platform === "win" && target.arch === "arm64") {
+    builderArgs.push("-c.publish.channel=latest-arm64");
+  }
+  return builderArgs;
+}
+
+function main() {
+  const passthrough = stripLeadingSeparator(process.argv.slice(2));
+  const parsed = parsePackageArgs(passthrough);
+  const buildMatrix = resolveBuildMatrix(parsed);
+  console.log(
+    `[package] build matrix → ${buildMatrix.map(formatTarget).join(", ")}`,
+  );
+
+  // Step 1: build the Electron main/preload/renderer bundles. Without
   // this step electron-builder silently packages whatever is already in
   // out/, which on a fresh checkout (or after a partial build) ships an
   // app that white-screens because the renderer bundle is missing.
+  //
+  // CI invokes this script via `node scripts/package.mjs`, so we cannot
+  // rely on pnpm/npm to inject package-local binaries into PATH.
   const viteResult = spawnSync("electron-vite", ["build"], {
     stdio: "inherit",
     cwd: desktopRoot,
+    env: envWithLocalBins(),
   });
   if (viteResult.error) {
     console.error(
@@ -103,7 +345,7 @@ function main() {
     process.exit(viteResult.status ?? 1);
   }
 
-  // Step 3: derive the version that should be written into the app.
+  // Step 2: derive the version that should be written into the app.
   const version = deriveVersion();
   if (version) {
     console.log(`[package] Desktop version → ${version} (from git describe)`);
@@ -113,43 +355,59 @@ function main() {
     );
   }
 
-  // Step 4: assemble electron-builder args.
-  const passthrough = stripLeadingSeparator(process.argv.slice(2));
-  const builderArgs = [];
-  if (version) builderArgs.push(`-c.extraMetadata.version=${version}`);
-
-  // Step 5: gracefully degrade for local dev builds. electron-builder.yml
-  // sets `notarize: true` so real releases notarize in-build (keeping the
-  // stapled .app consistent with latest-mac.yml's SHA512). But a mac dev
-  // who just wants to smoke-test a local package doesn't have Apple
-  // credentials, and would otherwise hit a hard failure at the notarize
-  // step. Detect the missing env and flip notarize off for this run only.
-  if (!process.env.APPLE_TEAM_ID) {
+  const disableMacNotarize = !process.env.APPLE_TEAM_ID;
+  if (disableMacNotarize) {
     console.warn(
       "[package] APPLE_TEAM_ID not set — skipping notarization (local dev build). " +
         "Set APPLE_ID + APPLE_APP_SPECIFIC_PASSWORD + APPLE_TEAM_ID for a release build.",
     );
-    builderArgs.push("-c.mac.notarize=false");
   }
 
-  builderArgs.push(...passthrough);
+  const useScopedOutputDir = buildMatrix.length > 1;
 
-  // Step 6: invoke electron-builder. pnpm puts node_modules/.bin on PATH
-  // for the script run, so spawnSync finds the binary without needing a
-  // shell wrapper (avoids any risk of argv interpolation).
-  const result = spawnSync("electron-builder", builderArgs, {
-    stdio: "inherit",
-    cwd: desktopRoot,
-  });
-
-  if (result.error) {
-    console.error(
-      "[package] failed to spawn electron-builder:",
-      result.error.message,
+  // Step 3: for each requested target, build the matching CLI into
+  // resources/bin/ and package that target in isolation.
+  for (const target of buildMatrix) {
+    console.log(`[package] bundling CLI → ${formatTarget(target)}`);
+    execFileSync(
+      "node",
+      [
+        bundleCliScript,
+        "--target-platform",
+        PLATFORM_CONFIG[target.platform].runtimePlatform,
+        "--target-arch",
+        target.arch,
+      ],
+      {
+        stdio: "inherit",
+        cwd: desktopRoot,
+      },
     );
-    process.exit(1);
+
+    const builderArgs = builderArgsForTarget(target, parsed, version, {
+      disableMacNotarize,
+      hostPlatform: process.platform,
+      useScopedOutputDir,
+    });
+
+    // Step 4: invoke electron-builder for the current target only.
+    const result = spawnSync("electron-builder", builderArgs, {
+      stdio: "inherit",
+      cwd: desktopRoot,
+      env: envWithLocalBins(),
+    });
+
+    if (result.error) {
+      console.error(
+        "[package] failed to spawn electron-builder:",
+        result.error.message,
+      );
+      process.exit(1);
+    }
+    if (result.status !== 0) {
+      process.exit(result.status ?? 1);
+    }
   }
-  process.exit(result.status ?? 1);
 }
 
 // Only run when invoked as a CLI, not when imported by a test file.

apps/desktop/scripts/package.test.mjs

@@ -1,5 +1,13 @@
+import { delimiter, resolve } from "node:path";
 import { describe, it, expect } from "vitest";
-import { normalizeGitVersion, stripLeadingSeparator } from "./package.mjs";
+import {
+  builderArgsForTarget,
+  envWithLocalBins,
+  normalizeGitVersion,
+  parsePackageArgs,
+  resolveBuildMatrix,
+  stripLeadingSeparator,
+} from "./package.mjs";
 
 describe("normalizeGitVersion", () => {
   it("returns null for empty / nullish input", () => {
@@ -59,3 +67,207 @@ describe("stripLeadingSeparator", () => {
     expect(stripLeadingSeparator([])).toEqual([]);
   });
 });
+
+describe("parsePackageArgs", () => {
+  it("collects per-platform targets and shared args", () => {
+    expect(
+      parsePackageArgs([
+        "--win", "nsis",
+        "--mac", "dmg", "zip",
+        "--arm64",
+        "--publish", "never",
+      ]),
+    ).toEqual({
+      allPlatforms: false,
+      sharedArgs: ["--publish", "never"],
+      platformTargets: {
+        mac: ["dmg", "zip"],
+        win: ["nsis"],
+        linux: [],
+      },
+      requestedPlatforms: ["win", "mac"],
+      requestedArchs: ["arm64"],
+    });
+  });
+
+  it("expands combined short flags", () => {
+    expect(parsePackageArgs(["-mw", "--x64"]).requestedPlatforms).toEqual([
+      "mac",
+      "win",
+    ]);
+  });
+
+  it("tracks the all-platforms shortcut", () => {
+    expect(parsePackageArgs(["--all-platforms", "--publish", "never"]).allPlatforms).toBe(true);
+  });
+});
+
+describe("resolveBuildMatrix", () => {
+  it("defaults to the current host platform and arch", () => {
+    expect(
+      resolveBuildMatrix(
+        {
+          allPlatforms: false,
+          sharedArgs: [],
+          platformTargets: { mac: [], win: [], linux: [] },
+          requestedPlatforms: [],
+          requestedArchs: [],
+        },
+        "darwin",
+        "arm64",
+      ),
+    ).toEqual([{ platform: "mac", arch: "arm64" }]);
+  });
+
+  it("expands all-platforms on macOS", () => {
+    expect(
+      resolveBuildMatrix(
+        {
+          allPlatforms: true,
+          sharedArgs: [],
+          platformTargets: { mac: [], win: [], linux: [] },
+          requestedPlatforms: [],
+          requestedArchs: [],
+        },
+        "darwin",
+        "arm64",
+      ),
+    ).toEqual([
+      { platform: "mac", arch: "arm64" },
+      { platform: "win", arch: "x64" },
+      { platform: "win", arch: "arm64" },
+      { platform: "linux", arch: "x64" },
+      { platform: "linux", arch: "arm64" },
+    ]);
+  });
+
+  it("rejects unsupported architectures", () => {
+    expect(() =>
+      resolveBuildMatrix(
+        {
+          allPlatforms: false,
+          sharedArgs: [],
+          platformTargets: { mac: [], win: [], linux: [] },
+          requestedPlatforms: ["win"],
+          requestedArchs: ["universal"],
+        },
+        "darwin",
+        "arm64",
+      ),
+    ).toThrow(/unsupported Desktop CLI architecture/);
+  });
+});
+
+describe("builderArgsForTarget", () => {
+  it("adds scoped output directories for multi-target builds", () => {
+    expect(
+      builderArgsForTarget(
+        { platform: "win", arch: "arm64" },
+        {
+          allPlatforms: false,
+          sharedArgs: ["--publish", "never"],
+          platformTargets: { mac: [], win: ["nsis"], linux: [] },
+          requestedPlatforms: ["win"],
+          requestedArchs: ["arm64"],
+        },
+        "1.2.3",
+        {
+          disableMacNotarize: true,
+          hostPlatform: "darwin",
+          useScopedOutputDir: true,
+        },
+      ),
+    ).toEqual([
+      "-c.extraMetadata.version=1.2.3",
+      "-c.mac.notarize=false",
+      "--win",
+      "nsis",
+      "--arm64",
+      "--publish",
+      "never",
+      "-c.directories.output=dist/win-arm64",
+      "-c.publish.channel=latest-arm64",
+    ]);
+  });
+
+  it("does not override the publish channel for Windows x64 (default latest.yml)", () => {
+    expect(
+      builderArgsForTarget(
+        { platform: "win", arch: "x64" },
+        {
+          allPlatforms: false,
+          sharedArgs: ["--publish", "always"],
+          platformTargets: { mac: [], win: ["nsis"], linux: [] },
+          requestedPlatforms: ["win"],
+          requestedArchs: ["x64"],
+        },
+        "1.2.3",
+        { hostPlatform: "win32", useScopedOutputDir: true },
+      ),
+    ).toEqual([
+      "-c.extraMetadata.version=1.2.3",
+      "--win",
+      "nsis",
+      "--x64",
+      "--publish",
+      "always",
+      "-c.directories.output=dist/win-x64",
+    ]);
+  });
+
+  it("defaults linux cross-builds to AppImage on non-Linux hosts", () => {
+    expect(
+      builderArgsForTarget(
+        { platform: "linux", arch: "x64" },
+        {
+          allPlatforms: false,
+          sharedArgs: ["--publish", "never"],
+          platformTargets: { mac: [], win: [], linux: [] },
+          requestedPlatforms: ["linux"],
+          requestedArchs: ["x64"],
+        },
+        "1.2.3",
+        { hostPlatform: "darwin" },
+      ),
+    ).toEqual([
+      "-c.extraMetadata.version=1.2.3",
+      "--linux",
+      "AppImage",
+      "--x64",
+      "--publish",
+      "never",
+    ]);
+  });
+});
+
+describe("envWithLocalBins", () => {
+  it("prepends desktop-local binary directories to PATH", () => {
+    const desktopRoot = "/repo/apps/desktop";
+    const result = envWithLocalBins(
+      { PATH: ["/usr/local/bin", "/usr/bin"].join(delimiter) },
+      desktopRoot,
+    );
+    expect(result.PATH.split(delimiter)).toEqual([
+      resolve(desktopRoot, "node_modules", ".bin"),
+      resolve(desktopRoot, "..", "..", "node_modules", ".bin"),
+      "/usr/local/bin",
+      "/usr/bin",
+    ]);
+  });
+
+  it("preserves an existing Path key and avoids duplicate entries", () => {
+    const desktopRoot = "/repo/apps/desktop";
+    const desktopBin = resolve(desktopRoot, "node_modules", ".bin");
+    const workspaceBin = resolve(desktopRoot, "..", "..", "node_modules", ".bin");
+    const result = envWithLocalBins(
+      { Path: [desktopBin, "runner-bin", workspaceBin].join(delimiter) },
+      desktopRoot,
+    );
+    expect(result).not.toHaveProperty("PATH");
+    expect(result.Path.split(delimiter)).toEqual([
+      desktopBin,
+      workspaceBin,
+      "runner-bin",
+    ]);
+  });
+});

apps/desktop/src/main/cli-bootstrap.ts

@@ -8,35 +8,15 @@ import { pipeline } from "stream/promises";
 import { tmpdir } from "os";
 import { Readable } from "stream";
 
-// Desktop bootstraps its own copy of the `multica` CLI into userData on first
-// launch, so users never have to brew-install anything. Build-time decoupled:
-// we don't bundle the binary into the .app, we download whatever the upstream
-// release is at first run.
+import { selectPlatformReleaseAssetName } from "./cli-release-asset";
+
+// Desktop prefers the bundled `multica` CLI shipped inside the app for
+// same-repo builds, but it can also repair or bootstrap a managed copy in
+// userData on first launch when the bundled binary is missing or unusable.
 
 const GITHUB_LATEST_BASE =
   "https://github.com/multica-ai/multica/releases/latest/download";
 
-function platformAssetName(): string {
-  const osMap: Record<string, string> = {
-    darwin: "darwin",
-    linux: "linux",
-    win32: "windows",
-  };
-  const archMap: Record<string, string> = {
-    x64: "amd64",
-    arm64: "arm64",
-  };
-  const os = osMap[process.platform];
-  const arch = archMap[process.arch];
-  if (!os || !arch) {
-    throw new Error(
-      `unsupported platform for CLI auto-install: ${process.platform}/${process.arch}`,
-    );
-  }
-  const ext = process.platform === "win32" ? "zip" : "tar.gz";
-  return `multica_${os}_${arch}.${ext}`;
-}
-
 function binaryName(): string {
   return process.platform === "win32" ? "multica.exe" : "multica";
 }
@@ -92,14 +72,8 @@ async function sha256OfFile(path: string): Promise<string> {
 async function verifyChecksum(
   archivePath: string,
   assetName: string,
+  expected: string,
 ): Promise<void> {
-  const checksums = await fetchChecksums();
-  const expected = checksums.get(assetName);
-  if (!expected) {
-    throw new Error(
-      `no checksum for ${assetName} in checksums.txt — refusing to install unverified binary`,
-    );
-  }
   const actual = await sha256OfFile(archivePath);
   if (actual.toLowerCase() !== expected) {
     throw new Error(
@@ -118,7 +92,14 @@ async function extractArchive(archive: string, dest: string): Promise<void> {
 
 async function installFresh(): Promise<string> {
   const target = managedCliPath();
-  const assetName = platformAssetName();
+  const checksums = await fetchChecksums();
+  const assetName = selectPlatformReleaseAssetName(checksums.keys());
+  const expectedChecksum = checksums.get(assetName);
+  if (!expectedChecksum) {
+    throw new Error(
+      `no checksum for ${assetName} in checksums.txt — refusing to install unverified binary`,
+    );
+  }
   const url = `${GITHUB_LATEST_BASE}/${assetName}`;
 
   const workDir = join(tmpdir(), `multica-cli-${Date.now()}`);
@@ -130,7 +111,7 @@ async function installFresh(): Promise<string> {
     await downloadToFile(url, archivePath);
 
     console.log(`[cli-bootstrap] verifying ${assetName} against checksums.txt`);
-    await verifyChecksum(archivePath, assetName);
+    await verifyChecksum(archivePath, assetName, expectedChecksum);
 
     console.log(`[cli-bootstrap] extracting ${assetName}`);
     await extractArchive(archivePath, workDir);
@@ -143,6 +124,7 @@ async function installFresh(): Promise<string> {
     }
 
     await mkdir(dirname(target), { recursive: true });
+    await rm(target, { force: true }).catch(() => {});
     await rename(extractedBin, target);
     await chmod(target, 0o755);
 
@@ -166,8 +148,10 @@ async function installFresh(): Promise<string> {
  * the managed userData location, returns it immediately. Otherwise downloads
  * the latest release asset for the current platform and installs it.
  */
-export async function ensureManagedCli(): Promise<string> {
+export async function ensureManagedCli(
+  options: { forceInstall?: boolean } = {},
+): Promise<string> {
   const target = managedCliPath();
-  if (existsSync(target)) return target;
+  if (existsSync(target) && !options.forceInstall) return target;
   return installFresh();
 }

apps/desktop/src/main/cli-release-asset.test.ts

@@ -0,0 +1,59 @@
+import { describe, expect, it } from "vitest";
+
+import { selectPlatformReleaseAssetName } from "./cli-release-asset";
+
+describe("selectPlatformReleaseAssetName", () => {
+  it("prefers the versioned archive name when both exist", () => {
+    const assetNames = [
+      "checksums.txt",
+      "multica_darwin_amd64.tar.gz",
+      "multica-cli-1.2.3-darwin-amd64.tar.gz",
+    ];
+
+    expect(selectPlatformReleaseAssetName(assetNames, "darwin", "x64")).toBe(
+      "multica-cli-1.2.3-darwin-amd64.tar.gz",
+    );
+  });
+
+  it("falls back to the legacy archive name when only legacy is present", () => {
+    const assetNames = ["checksums.txt", "multica_darwin_amd64.tar.gz"];
+
+    expect(selectPlatformReleaseAssetName(assetNames, "darwin", "x64")).toBe(
+      "multica_darwin_amd64.tar.gz",
+    );
+  });
+
+  it("matches the renamed darwin archive from release assets", () => {
+    const assetNames = [
+      "checksums.txt",
+      "multica-cli-1.2.3-darwin-amd64.tar.gz",
+      "multica-cli-1.2.3-darwin-arm64.tar.gz",
+      "multica-cli-1.2.3-linux-amd64.tar.gz",
+    ];
+
+    expect(selectPlatformReleaseAssetName(assetNames, "darwin", "x64")).toBe(
+      "multica-cli-1.2.3-darwin-amd64.tar.gz",
+    );
+  });
+
+  it("matches the renamed windows zip archive", () => {
+    const assetNames = [
+      "multica-cli-1.2.3-windows-amd64.zip",
+      "multica-cli-1.2.3-linux-amd64.tar.gz",
+    ];
+
+    expect(selectPlatformReleaseAssetName(assetNames, "win32", "x64")).toBe(
+      "multica-cli-1.2.3-windows-amd64.zip",
+    );
+  });
+
+  it("fails when the current platform asset is missing", () => {
+    expect(() =>
+      selectPlatformReleaseAssetName(
+        ["multica-cli-1.2.3-linux-amd64.tar.gz", "multica_linux_amd64.tar.gz"],
+        "darwin",
+        "arm64",
+      ),
+    ).toThrow(/no release asset found/);
+  });
+});

apps/desktop/src/main/cli-release-asset.ts

@@ -0,0 +1,62 @@
+const RELEASE_ARCHIVE_PREFIX = "multica-cli-";
+
+function platformArchiveDescriptor(
+  platform: NodeJS.Platform = process.platform,
+  arch: string = process.arch,
+): { os: string; arch: string; ext: string } {
+  const osMap: Record<string, string> = {
+    darwin: "darwin",
+    linux: "linux",
+    win32: "windows",
+  };
+  const archMap: Record<string, string> = {
+    x64: "amd64",
+    arm64: "arm64",
+  };
+  const os = osMap[platform];
+  const mappedArch = archMap[arch];
+  if (!os || !mappedArch) {
+    throw new Error(
+      `unsupported platform for CLI auto-install: ${platform}/${arch}`,
+    );
+  }
+  const ext = platform === "win32" ? "zip" : "tar.gz";
+  return { os, arch: mappedArch, ext };
+}
+
+export function selectPlatformReleaseAssetName(
+  assetNames: Iterable<string>,
+  platform: NodeJS.Platform = process.platform,
+  arch: string = process.arch,
+): string {
+  const { os, arch: mappedArch, ext } = platformArchiveDescriptor(
+    platform,
+    arch,
+  );
+  const names = [...assetNames];
+
+  // Prefer the versioned `multica-cli-<v>-<os>-<arch>.<ext>` name; fall
+  // back to the legacy `multica_<os>_<arch>.<ext>` so older releases that
+  // only ship the legacy archive keep working.
+  const suffix = `-${os}-${mappedArch}.${ext}`;
+  const matches = names.filter(
+    (name) =>
+      name.startsWith(RELEASE_ARCHIVE_PREFIX) && name.endsWith(suffix),
+  );
+
+  if (matches.length === 1) {
+    return matches[0];
+  }
+  if (matches.length > 1) {
+    throw new Error(
+      `multiple release assets matched current platform ${suffix}: ${matches.join(", ")}`,
+    );
+  }
+
+  const legacyName = `multica_${os}_${mappedArch}.${ext}`;
+  if (names.includes(legacyName)) {
+    return legacyName;
+  }
+
+  throw new Error(`no release asset found for current platform: ${suffix}`);
+}

apps/desktop/src/main/daemon-manager.ts

@@ -316,6 +316,36 @@ function bundledCliPath(): string {
   );
 }
 
+async function probeCliBinary(
+  bin: string,
+  source: "bundled" | "managed" | "path",
+): Promise<string | null> {
+  try {
+    const stdout = await new Promise<string>((resolve, reject) => {
+      execFile(
+        bin,
+        ["version", "--output", "json"],
+        { timeout: 5_000 },
+        (err, out) => {
+          if (err) reject(err);
+          else resolve(out);
+        },
+      );
+    });
+    const parsed = JSON.parse(stdout) as { version?: string };
+    if (typeof parsed.version === "string" && parsed.version.length > 0) {
+      return parsed.version;
+    }
+    console.warn(
+      `[daemon] ignoring ${source} CLI at ${bin}: version output was missing or invalid`,
+    );
+    return null;
+  } catch (err) {
+    console.warn(`[daemon] ignoring ${source} CLI at ${bin}:`, err);
+    return null;
+  }
+}
+
 /**
  * Returns a usable `multica` binary path. Priority:
  *   1. Cached result from a previous successful resolve.
@@ -339,27 +369,55 @@ async function resolveCliBinary(): Promise<string | null> {
   cliResolvePromise = (async () => {
     const bundled = bundledCliPath();
     if (existsSync(bundled)) {
-      console.log(`[daemon] using bundled CLI at ${bundled}`);
-      cachedCliBinary = bundled;
-      return bundled;
+      const version = await probeCliBinary(bundled, "bundled");
+      if (version) {
+        console.log(`[daemon] using bundled CLI at ${bundled}`);
+        cachedCliBinary = bundled;
+        cachedCliBinaryVersion = version;
+        return bundled;
+      }
     }
 
     const managed = managedCliPath();
     if (existsSync(managed)) {
-      cachedCliBinary = managed;
-      return managed;
+      const version = await probeCliBinary(managed, "managed");
+      if (version) {
+        cachedCliBinary = managed;
+        cachedCliBinaryVersion = version;
+        return managed;
+      }
     }
 
     try {
-      const installed = await ensureManagedCli();
-      cachedCliBinary = installed;
-      return installed;
+      const installed = await ensureManagedCli({
+        forceInstall: existsSync(managed),
+      });
+      const version = await probeCliBinary(installed, "managed");
+      if (version) {
+        cachedCliBinary = installed;
+        cachedCliBinaryVersion = version;
+        return installed;
+      }
+      console.warn(
+        `[daemon] managed CLI at ${installed} failed validation after install`,
+      );
     } catch (err) {
       console.warn("[daemon] CLI auto-install failed, falling back to PATH:", err);
-      const onPath = findCliOnPath();
-      cachedCliBinary = onPath;
-      return onPath;
     }
+
+    const onPath = findCliOnPath();
+    if (onPath) {
+      const version = await probeCliBinary(onPath, "path");
+      if (version) {
+        cachedCliBinary = onPath;
+        cachedCliBinaryVersion = version;
+        return onPath;
+      }
+    }
+
+    cachedCliBinary = null;
+    cachedCliBinaryVersion = null;
+    return null;
   })();
 
   try {
@@ -370,11 +428,10 @@ async function resolveCliBinary(): Promise<string | null> {
 }
 
 /**
- * Reads the version of the currently resolved CLI binary by invoking
- * `multica version --output json`. Cached for the process lifetime — the
- * bundled binary doesn't change after `bundle-cli.mjs` runs at dev/build time.
+ * Reads the version of the currently resolved CLI binary. Cached for the
+ * process lifetime — the bundled binary doesn't change after bundle time.
  * Returns null on any failure (unknown `go` at bundle time, broken binary,
- * etc.) so callers can fail open.
+ * wrong-arch bundled binary, etc.) so callers can fail open.
  */
 async function getCliBinaryVersion(): Promise<string | null> {
   if (cachedCliBinaryVersion !== undefined) return cachedCliBinaryVersion;
@@ -383,24 +440,7 @@ async function getCliBinaryVersion(): Promise<string | null> {
     cachedCliBinaryVersion = null;
     return null;
   }
-  try {
-    const stdout = await new Promise<string>((resolve, reject) => {
-      execFile(
-        bin,
-        ["version", "--output", "json"],
-        { timeout: 5_000 },
-        (err, out) => {
-          if (err) reject(err);
-          else resolve(out);
-        },
-      );
-    });
-    const parsed = JSON.parse(stdout) as { version?: string };
-    cachedCliBinaryVersion = parsed.version ?? null;
-  } catch (err) {
-    console.warn("[daemon] failed to read CLI binary version:", err);
-    cachedCliBinaryVersion = null;
-  }
+  cachedCliBinaryVersion = await probeCliBinary(bin, "path");
   return cachedCliBinaryVersion;
 }
 

apps/desktop/src/main/external-url.test.ts

@@ -0,0 +1,73 @@
+import { describe, expect, it, vi, beforeEach } from "vitest";
+
+vi.mock("electron", () => ({
+  shell: { openExternal: vi.fn().mockResolvedValue(undefined) },
+}));
+
+import { shell } from "electron";
+import { isSafeExternalHttpUrl, openExternalSafely } from "./external-url";
+
+describe("isSafeExternalHttpUrl", () => {
+  it("allows http and https URLs", () => {
+    expect(isSafeExternalHttpUrl("https://multica.ai")).toBe(true);
+    expect(isSafeExternalHttpUrl("http://localhost:3000/auth")).toBe(true);
+  });
+
+  it("allows https URLs with embedded credentials", () => {
+    // WHATWG URL parses these as https; OS-level handling is the shell's concern.
+    expect(isSafeExternalHttpUrl("https://user:pass@example.com")).toBe(true);
+  });
+
+  it("normalizes scheme casing so uppercase variants can't bypass", () => {
+    expect(isSafeExternalHttpUrl("HTTPS://example.com")).toBe(true);
+    expect(isSafeExternalHttpUrl("FILE:///etc/passwd")).toBe(false);
+  });
+
+  it("rejects dangerous pseudo-schemes", () => {
+    expect(isSafeExternalHttpUrl("javascript:alert(1)")).toBe(false);
+    expect(
+      isSafeExternalHttpUrl("data:text/html,<script>alert(1)</script>"),
+    ).toBe(false);
+  });
+
+  it("rejects filesystem and network transport schemes", () => {
+    expect(isSafeExternalHttpUrl("file:///etc/passwd")).toBe(false);
+    expect(isSafeExternalHttpUrl("ftp://example.com/x")).toBe(false);
+    expect(isSafeExternalHttpUrl("smb://share/x")).toBe(false);
+  });
+
+  it("rejects local-handler schemes used in past RCE chains", () => {
+    expect(isSafeExternalHttpUrl("vscode://file/test")).toBe(false);
+    expect(isSafeExternalHttpUrl("ms-msdt:/id%20PCWDiagnostic")).toBe(false);
+  });
+
+  it("rejects mailto and other non-web schemes", () => {
+    expect(isSafeExternalHttpUrl("mailto:test@example.com")).toBe(false);
+    expect(isSafeExternalHttpUrl("tel:+15551234567")).toBe(false);
+  });
+
+  it("rejects empty, whitespace, and malformed input", () => {
+    expect(isSafeExternalHttpUrl("")).toBe(false);
+    expect(isSafeExternalHttpUrl(" ")).toBe(false);
+    expect(isSafeExternalHttpUrl("not a url")).toBe(false);
+    expect(isSafeExternalHttpUrl("http://")).toBe(false);
+  });
+});
+
+describe("openExternalSafely", () => {
+  beforeEach(() => {
+    vi.mocked(shell.openExternal).mockClear();
+  });
+
+  it("forwards http/https URLs to shell.openExternal", () => {
+    openExternalSafely("https://multica.ai");
+    expect(shell.openExternal).toHaveBeenCalledWith("https://multica.ai");
+  });
+
+  it("does not call shell.openExternal for rejected schemes", () => {
+    openExternalSafely("file:///etc/passwd");
+    openExternalSafely("javascript:alert(1)");
+    openExternalSafely("not a url");
+    expect(shell.openExternal).not.toHaveBeenCalled();
+  });
+});

apps/desktop/src/main/external-url.ts

@@ -0,0 +1,38 @@
+import { shell } from "electron";
+
+// True when the URL parses and uses http/https — the only schemes we let
+// reach `shell.openExternal`. Scheme comparison is safe because the WHATWG
+// URL parser lowercases the protocol field.
+export function isSafeExternalHttpUrl(url: string): boolean {
+  return getHttpProtocol(url) !== null;
+}
+
+// Canonical wrapper around shell.openExternal. All renderer-controlled URLs
+// that eventually reach the OS shell MUST flow through here; direct calls
+// to `shell.openExternal` elsewhere in the main process are banned by the
+// no-restricted-syntax rule in apps/desktop/eslint.config.mjs.
+export function openExternalSafely(url: string): Promise<void> | void {
+  if (getHttpProtocol(url) === null) {
+    console.warn(`[security] blocked openExternal: ${describeScheme(url)}`);
+    return;
+  }
+  return shell.openExternal(url);
+}
+
+function getHttpProtocol(url: string): "http:" | "https:" | null {
+  try {
+    const { protocol } = new URL(url);
+    if (protocol === "http:" || protocol === "https:") return protocol;
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+function describeScheme(url: string): string {
+  try {
+    return `scheme=${new URL(url).protocol}`;
+  } catch {
+    return "invalid URL";
+  }
+}

apps/desktop/src/main/index.ts

@@ -1,10 +1,11 @@
-import { app, shell, BrowserWindow, ipcMain, nativeImage } from "electron";
+import { app, BrowserWindow, ipcMain, nativeImage } from "electron";
 import { homedir } from "os";
 import { join } from "path";
 import { electronApp, optimizer, is } from "@electron-toolkit/utils";
 import fixPath from "fix-path";
 import { setupAutoUpdater } from "./updater";
 import { setupDaemonManager } from "./daemon-manager";
+import { openExternalSafely } from "./external-url";
 
 // Bundled icon used for dev-mode dock/taskbar branding. In production the
 // app bundle icon (from electron-builder) wins; this path is only consumed
@@ -48,6 +49,19 @@ function handleDeepLink(url: string): void {
       if (token && mainWindow) {
         mainWindow.webContents.send("auth:token", token);
       }
+      return;
+    }
+
+    // multica://invite/<invitationId>
+    // Dispatched from the web invite page when the user chooses "Open in
+    // desktop app". The renderer opens the invite overlay — no tab, no
+    // route persistence, so deep-linking the same invite twice stays safe.
+    if (parsed.hostname === "invite") {
+      const id = parsed.pathname.replace(/^\//, "");
+      if (id && mainWindow) {
+        mainWindow.webContents.send("invite:open", decodeURIComponent(id));
+      }
+      return;
     }
   } catch {
     // Ignore malformed URLs
@@ -91,7 +105,7 @@ function createWindow(): void {
   });
 
   mainWindow.webContents.setWindowOpenHandler((details) => {
-    shell.openExternal(details.url);
+    openExternalSafely(details.url);
     return { action: "deny" };
   });
 
@@ -170,9 +184,13 @@ if (!gotTheLock) {
       optimizer.watchWindowShortcuts(window);
     });
 
-    // IPC: open URL in default browser (used by renderer for Google login)
+    // IPC: open URL in default browser (used by renderer for Google login).
+    // All scheme-allowlist enforcement lives in openExternalSafely — this
+    // is the single audit point for renderer-controlled URLs reaching the
+    // OS shell under the app's intentional webSecurity: false + sandbox:
+    // false configuration.
     ipcMain.handle("shell:openExternal", (_event, url: string) => {
-      return shell.openExternal(url);
+      return openExternalSafely(url);
     });
 
     // IPC: toggle immersive mode — hides the macOS traffic lights so full-screen

apps/desktop/src/main/updater.ts

@@ -1,9 +1,31 @@
 import { autoUpdater } from "electron-updater";
-import { BrowserWindow, ipcMain } from "electron";
+import { app, BrowserWindow, ipcMain } from "electron";
 
 autoUpdater.autoDownload = false;
 autoUpdater.autoInstallOnAppQuit = true;
 
+// Windows arm64 ships its own update metadata channel because
+// electron-builder's `latest.yml` is not arch-suffixed on Windows — both
+// arches would otherwise collide on the same file in the GitHub Release.
+// See scripts/package.mjs (builderArgsForTarget) for the publish-side half
+// of this pact. Pin the channel here so arm64 clients fetch
+// `latest-arm64.yml` instead of the x64 metadata.
+if (process.platform === "win32" && process.arch === "arm64") {
+  autoUpdater.channel = "latest-arm64";
+}
+
+const STARTUP_CHECK_DELAY_MS = 5_000;
+const PERIODIC_CHECK_INTERVAL_MS = 60 * 60 * 1000; // 1 hour
+
+export type ManualUpdateCheckResult =
+  | {
+      ok: true;
+      currentVersion: string;
+      latestVersion: string;
+      available: boolean;
+    }
+  | { ok: false; error: string };
+
 export function setupAutoUpdater(getMainWindow: () => BrowserWindow | null): void {
   autoUpdater.on("update-available", (info) => {
     const win = getMainWindow();
@@ -37,10 +59,42 @@ export function setupAutoUpdater(getMainWindow: () => BrowserWindow | null): voi
     autoUpdater.quitAndInstall(false, true);
   });
 
-  // Check for updates after a short delay to avoid blocking startup
+  ipcMain.handle("updater:check", async (): Promise<ManualUpdateCheckResult> => {
+    try {
+      const result = await autoUpdater.checkForUpdates();
+      const currentVersion = app.getVersion();
+      // Trust electron-updater's own decision rather than re-deriving it from
+      // a version-string compare. The two diverge for pre-release channels,
+      // staged rollouts, downgrades, and minimum-system-version gates — in
+      // those cases updateInfo.version differs from app.getVersion() but no
+      // `update-available` event fires, so showing "available" here would
+      // promise a download prompt that never appears.
+      return {
+        ok: true,
+        currentVersion,
+        latestVersion: result?.updateInfo.version ?? currentVersion,
+        available: result?.isUpdateAvailable ?? false,
+      };
+    } catch (err) {
+      return {
+        ok: false,
+        error: err instanceof Error ? err.message : String(err),
+      };
+    }
+  });
+
+  // Initial check shortly after startup so we don't block boot.
   setTimeout(() => {
     autoUpdater.checkForUpdates().catch((err) => {
       console.error("Failed to check for updates:", err);
     });
-  }, 5000);
+  }, STARTUP_CHECK_DELAY_MS);
+
+  // Background poll so long-running sessions still pick up new releases
+  // without requiring the user to restart the app.
+  setInterval(() => {
+    autoUpdater.checkForUpdates().catch((err) => {
+      console.error("Periodic update check failed:", err);
+    });
+  }, PERIODIC_CHECK_INTERVAL_MS);
 }

apps/desktop/src/preload/index.d.ts

@@ -3,6 +3,8 @@ import { ElectronAPI } from "@electron-toolkit/preload";
 interface DesktopAPI {
   /** Listen for auth token delivered via deep link. Returns an unsubscribe function. */
   onAuthToken: (callback: (token: string) => void) => () => void;
+  /** Listen for invitation IDs delivered via deep link. Returns an unsubscribe function. */
+  onInviteOpen: (callback: (invitationId: string) => void) => () => void;
   /** Open a URL in the default browser. */
   openExternal: (url: string) => Promise<void>;
   /** Hide macOS traffic lights for full-screen modals; restore when false. */
@@ -51,6 +53,10 @@ interface UpdaterAPI {
   onUpdateDownloaded: (callback: () => void) => () => void;
   downloadUpdate: () => Promise<void>;
   installUpdate: () => Promise<void>;
+  checkForUpdates: () => Promise<
+    | { ok: true; currentVersion: string; latestVersion: string; available: boolean }
+    | { ok: false; error: string }
+  >;
 }
 
 declare global {

apps/desktop/src/preload/index.ts

@@ -11,6 +11,15 @@ const desktopAPI = {
       ipcRenderer.removeListener("auth:token", handler);
     };
   },
+  /** Listen for invitation IDs delivered via deep link */
+  onInviteOpen: (callback: (invitationId: string) => void) => {
+    const handler = (_event: Electron.IpcRendererEvent, invitationId: string) =>
+      callback(invitationId);
+    ipcRenderer.on("invite:open", handler);
+    return () => {
+      ipcRenderer.removeListener("invite:open", handler);
+    };
+  },
   /** Open a URL in the default browser */
   openExternal: (url: string) => ipcRenderer.invoke("shell:openExternal", url),
   /** Toggle immersive mode — hide macOS traffic lights for full-screen modals */
@@ -87,6 +96,10 @@ const updaterAPI = {
   },
   downloadUpdate: () => ipcRenderer.invoke("updater:download"),
   installUpdate: () => ipcRenderer.invoke("updater:install"),
+  checkForUpdates: (): Promise<
+    | { ok: true; currentVersion: string; latestVersion: string; available: boolean }
+    | { ok: false; error: string }
+  > => ipcRenderer.invoke("updater:check"),
 };
 
 if (process.contextIsolated) {

apps/desktop/src/renderer/src/App.tsx

@@ -1,4 +1,4 @@
-import { useEffect, useRef, useState } from "react";
+import { useEffect, useLayoutEffect, useRef, useState } from "react";
 import { useQuery, useQueryClient } from "@tanstack/react-query";
 import { CoreProvider } from "@multica/core/platform";
 import { useAuthStore } from "@multica/core/auth";
@@ -11,6 +11,8 @@ import { DesktopLoginPage } from "./pages/login";
 import { DesktopShell } from "./components/desktop-layout";
 import { UpdateNotification } from "./components/update-notification";
 import { useTabStore } from "./stores/tab-store";
+import { useWindowOverlayStore } from "./stores/window-overlay-store";
+
 
 function AppContent() {
   const user = useAuthStore((s) => s.user);
@@ -31,6 +33,17 @@ function AppContent() {
     window.daemonAPI.setTargetApiUrl(DAEMON_TARGET_API_URL);
   }, []);
 
+  // Listen for invite IDs delivered via deep link (multica://invite/<id>).
+  // We open the overlay regardless of login state — if the user isn't logged
+  // in, InvitePage's queries will fail and render the "not found" state,
+  // which is acceptable; the expected pre-flight happens in the web app
+  // (login + next=/invite/... dance) before the deep link is ever dispatched.
+  useEffect(() => {
+    return window.desktopAPI.onInviteOpen((invitationId) => {
+      useWindowOverlayStore.getState().open({ type: "invite", invitationId });
+    });
+  }, []);
+
   // Listen for auth token delivered via deep link (multica://auth/callback?token=...).
   // daemonAPI.syncToken is handled separately by the [user] effect below, which
   // fires whenever a user logs in (deep link, session restore, account switch).
@@ -83,22 +96,40 @@ function AppContent() {
   });
   const wsCount = workspaces?.length ?? 0;
 
-  // Validate persisted tab paths against the current user's workspace list.
-  // Tabs survive across app restarts and account switches (persisted to
-  // localStorage `multica_tabs`), so a tab path like `/naiyuan/issues` may
-  // reference a workspace the current user can't access — showing
-  // NoAccessPage every time they open the app.
-  //
-  // Run synchronously in render phase rather than in useEffect so the first
-  // render already sees validated tabs. useEffect runs AFTER commit, which
-  // means the initial render would briefly show NoAccessPage before the
-  // effect resets the tab. Zustand supports render-phase setState; the
-  // validator is idempotent (exits early if nothing changed) so this
-  // doesn't loop.
-  if (workspaces) {
+  // Validate persisted tab state against the current user's workspace list,
+  // and pick an active workspace if none is set. Runs in useLayoutEffect
+  // (synchronously after render, before paint) rather than the render
+  // phase — the original render-phase pattern triggered React's
+  // "Cannot update a component while rendering a different component"
+  // warning because `switchWorkspace` is a Zustand setState that the
+  // TabBar is subscribed to. useLayoutEffect flushes both renders before
+  // the user sees anything, so there's no visible flicker.
+  useLayoutEffect(() => {
+    if (!workspaces) return;
     const validSlugs = new Set(workspaces.map((w) => w.slug));
-    useTabStore.getState().validateWorkspaceSlugs(validSlugs);
-  }
+    const tabStore = useTabStore.getState();
+    tabStore.validateWorkspaceSlugs(validSlugs);
+    if (!tabStore.activeWorkspaceSlug && workspaces.length > 0) {
+      tabStore.switchWorkspace(workspaces[0].slug);
+    }
+  }, [workspaces]);
+
+  // Bidirectional new-workspace overlay: visible when there are no
+  // workspaces to enter, hidden as soon as one exists. Gated on
+  // `workspaceListFetched` so the initial render doesn't flash the
+  // overlay before the list arrives. The overlay's own `invite` type is
+  // not touched here — that's an in-flight task owned by the user.
+  useEffect(() => {
+    if (!user) return;
+    if (!workspaceListFetched) return;
+    const { overlay, open, close } = useWindowOverlayStore.getState();
+    const isEmpty = wsCount === 0;
+    if (isEmpty) {
+      if (!overlay) open({ type: "new-workspace" });
+    } else if (overlay?.type === "new-workspace") {
+      close();
+    }
+  }, [user, workspaceListFetched, wsCount]);
   // null = undecided (pre-login or list hasn't settled yet)
   // true  = session started with zero workspaces; next transition to >=1 triggers restart
   // false = session started with >=1 workspace, OR we've already restarted; skip
@@ -135,9 +166,14 @@ function AppContent() {
 const DAEMON_TARGET_API_URL =
   import.meta.env.VITE_API_URL || "http://localhost:8080";
 
-// On logout, clear any cached PAT and stop the daemon so that a subsequent
-// login as a different user never inherits the previous user's credentials.
+// On logout, wipe desktop-only in-memory state and stop the daemon so that
+// a subsequent login as a different user never inherits the previous user's
+// tabs, overlay, or credentials. Zustand persist only writes to localStorage;
+// useLogout clears the storage key, but the live stores stay populated until
+// we explicitly reset them here.
 async function handleDaemonLogout() {
+  useTabStore.getState().reset();
+  useWindowOverlayStore.getState().close();
   try {
     await window.daemonAPI.clearToken();
   } catch {

apps/desktop/src/renderer/src/components/desktop-layout.tsx

@@ -18,6 +18,7 @@ import { getCurrentSlug, subscribeToCurrentSlug } from "@multica/core/platform";
 import { DesktopNavigationProvider } from "@/platform/navigation";
 import { TabBar } from "./tab-bar";
 import { TabContent } from "./tab-content";
+import { WindowOverlay } from "./window-overlay";
 
 function SidebarTopBar() {
   const { canGoBack, canGoForward, goBack, goForward } = useTabHistory();
@@ -113,7 +114,8 @@ export function DesktopShell() {
           mount WorkspaceRouteLayout, which calls setCurrentWorkspace()
           to populate the slug. The sidebar gates on slug being present
           to avoid the useRequiredWorkspaceSlug throw. Zero-workspace
-          users are routed to /workspaces/new by IndexRedirect. */}
+          users see the window-level overlay (new-workspace flow)
+          triggered by IndexRedirect, not a route. */}
       <WorkspaceSlugProvider slug={slug}>
         <div className="flex h-screen">
           <SidebarProvider className="flex-1">
@@ -132,6 +134,7 @@ export function DesktopShell() {
         </div>
         {slug && <ModalRegistry />}
         {slug && <SearchCommand />}
+        <WindowOverlay />
       </WorkspaceSlugProvider>
     </DesktopNavigationProvider>
   );

apps/desktop/src/renderer/src/components/tab-bar.tsx

@@ -29,8 +29,8 @@ import {
 } from "@dnd-kit/modifiers";
 import { CSS } from "@dnd-kit/utilities";
 import { cn } from "@multica/ui/lib/utils";
-import { useTabStore, resolveRouteIcon, type Tab } from "@/stores/tab-store";
-import { isGlobalPath, paths } from "@multica/core/paths";
+import { useTabStore, useActiveGroup, resolveRouteIcon, type Tab } from "@/stores/tab-store";
+import { paths } from "@multica/core/paths";
 
 const TAB_ICONS: Record<string, LucideIcon> = {
   Inbox,
@@ -67,16 +67,13 @@ function SortableTabItem({ tab, isActive, isOnly }: { tab: Tab; isActive: boolea
   const handleClick = () => {
     if (isActive) return;
     setActiveTab(tab.id);
-    // No navigate() — Activity handles visibility
   };
 
   const handleClose = (e: React.MouseEvent) => {
     e.stopPropagation();
     closeTab(tab.id);
-    // No navigate() — store handles activeTabId switch
   };
 
-  // Stop pointer down on close so it doesn't start a drag on the parent button.
   const stopDragOnClose = (e: React.PointerEvent) => {
     e.stopPropagation();
   };
@@ -125,22 +122,13 @@ function NewTabButton() {
   const setActiveTab = useTabStore((s) => s.setActiveTab);
 
   const handleClick = () => {
-    // Inherit the active tab's workspace. Terminal/IDE convention: new tab
-    // opens in the same context as the active one. Read the slug from the
-    // active tab's path directly rather than from getCurrentSlug(), because
-    // that singleton is "last tab to render" (non-deterministic with N tabs
-    // mounted under <Activity>), while activeTabId is the unambiguous truth.
-    // Falls back to "/" (→ IndexRedirect → first workspace) when the active
-    // tab is on a global route (e.g. /workspaces/new, /login).
-    const { tabs, activeTabId } = useTabStore.getState();
-    const activePath = tabs.find((t) => t.id === activeTabId)?.path ?? "/";
-    let slug: string | null = null;
-    if (activePath !== "/" && !isGlobalPath(activePath)) {
-      slug = activePath.split("/").filter(Boolean)[0] ?? null;
-    }
-    const path = slug ? paths.workspace(slug).issues() : "/";
+    // New tab opens in the currently active workspace — tabs are scoped
+    // per workspace, so there is no cross-workspace ambiguity to resolve.
+    const activeSlug = useTabStore.getState().activeWorkspaceSlug;
+    if (!activeSlug) return;
+    const path = paths.workspace(activeSlug).issues();
     const tabId = addTab(path, "Issues", resolveRouteIcon(path));
-    setActiveTab(tabId);
+    if (tabId) setActiveTab(tabId);
   };
 
   return (
@@ -155,17 +143,17 @@ function NewTabButton() {
 }
 
 export function TabBar() {
-  const tabs = useTabStore((s) => s.tabs);
-  const activeTabId = useTabStore((s) => s.activeTabId);
+  const group = useActiveGroup();
   const moveTab = useTabStore((s) => s.moveTab);
 
-  // distance: 5 — pointer must move 5px to start a drag, otherwise it's a click.
   const sensors = useSensors(
     useSensor(PointerSensor, {
       activationConstraint: { distance: 5 },
     }),
   );
 
+  const tabs = group?.tabs ?? [];
+  const activeTabId = group?.activeTabId ?? "";
   const tabIds = tabs.map((t) => t.id);
 
   const handleDragEnd = (event: DragEndEvent) => {
@@ -195,7 +183,7 @@ export function TabBar() {
           ))}
         </SortableContext>
       </DndContext>
-      <NewTabButton />
+      {group && <NewTabButton />}
     </div>
   );
 }

apps/desktop/src/renderer/src/components/tab-content.tsx

@@ -1,40 +1,52 @@
 import { Activity, useEffect } from "react";
 import { RouterProvider } from "react-router-dom";
-import { useTabStore } from "@/stores/tab-store";
+import { useActiveGroup } from "@/stores/tab-store";
 import { TabNavigationProvider } from "@/platform/navigation";
 import { useTabRouterSync } from "@/hooks/use-tab-router-sync";
+import type { Tab } from "@/stores/tab-store";
 
-/** Inner wrapper rendered inside each tab's RouterProvider. */
-function TabRouterInner({ tabId }: { tabId: string }) {
-  const tab = useTabStore((s) => s.tabs.find((t) => t.id === tabId));
-  useTabRouterSync(tabId, tab!.router);
+/**
+ * Inner wrapper rendered inside each tab's RouterProvider. The router
+ * reference is stable for a tab's lifetime, so passing it in directly
+ * (instead of re-deriving from the store) avoids needless re-renders.
+ */
+function TabRouterInner({ tab }: { tab: Tab }) {
+  useTabRouterSync(tab.id, tab.router);
   return null;
 }
 
 /**
- * Renders all tabs using Activity for state preservation.
+ * Renders the active workspace's tabs using Activity for state preservation.
  * Only the active tab is visible; hidden tabs keep their DOM and React state.
+ *
+ * When switching workspaces, the previous workspace's tabs unmount entirely
+ * and the new workspace's tabs mount fresh — cross-workspace state
+ * preservation is an explicit non-goal (keeping all workspaces' tabs warm
+ * simultaneously would bloat memory and make workspace switching feel
+ * anything but "switching").
  */
 export function TabContent() {
-  const tabs = useTabStore((s) => s.tabs);
-  const activeTabId = useTabStore((s) => s.activeTabId);
+  const group = useActiveGroup();
 
-  // Sync document.title when switching tabs
+  // Sync document.title when switching tabs within the active workspace.
   useEffect(() => {
-    const tab = tabs.find((t) => t.id === activeTabId);
+    if (!group) return;
+    const tab = group.tabs.find((t) => t.id === group.activeTabId);
     if (tab) document.title = tab.title;
-  }, [activeTabId, tabs]);
+  }, [group?.activeTabId, group?.tabs]);
+
+  if (!group) return null;
 
   return (
     <>
-      {tabs.map((tab) => (
+      {group.tabs.map((tab) => (
         <Activity
           key={tab.id}
-          mode={tab.id === activeTabId ? "visible" : "hidden"}
+          mode={tab.id === group.activeTabId ? "visible" : "hidden"}
         >
           <TabNavigationProvider router={tab.router}>
             <RouterProvider router={tab.router} />
-            <TabRouterInner tabId={tab.id} />
+            <TabRouterInner tab={tab} />
           </TabNavigationProvider>
         </Activity>
       ))}

apps/desktop/src/renderer/src/components/updates-settings-tab.tsx

@@ -0,0 +1,86 @@
+import { useCallback, useState } from "react";
+import { AlertCircle, ArrowDownToLine, Check, Loader2 } from "lucide-react";
+import { Button } from "@multica/ui/components/ui/button";
+
+type CheckState =
+  | { status: "idle" }
+  | { status: "checking" }
+  | { status: "up-to-date"; currentVersion: string }
+  | { status: "available"; latestVersion: string }
+  | { status: "error"; message: string };
+
+export function UpdatesSettingsTab() {
+  const [state, setState] = useState<CheckState>({ status: "idle" });
+
+  const handleCheck = useCallback(async () => {
+    setState({ status: "checking" });
+    const result = await window.updater.checkForUpdates();
+    if (!result.ok) {
+      setState({ status: "error", message: result.error });
+      return;
+    }
+    setState(
+      result.available
+        ? { status: "available", latestVersion: result.latestVersion }
+        : { status: "up-to-date", currentVersion: result.currentVersion },
+    );
+  }, []);
+
+  return (
+    <div>
+      <h2 className="text-lg font-semibold">Updates</h2>
+      <p className="text-sm text-muted-foreground mt-1">
+        The desktop app checks for new versions automatically once an hour and
+        shortly after launch.
+      </p>
+
+      <div className="mt-6 divide-y">
+        <div className="flex items-start justify-between gap-6 py-4">
+          <div className="min-w-0">
+            <p className="text-sm font-medium">Check for updates</p>
+            <p className="text-sm text-muted-foreground mt-0.5">
+              Trigger a check now instead of waiting for the next automatic
+              poll. Available updates appear as a notification in the corner.
+            </p>
+            {state.status === "up-to-date" && (
+              <p className="text-sm text-muted-foreground mt-2 inline-flex items-center gap-1.5">
+                <Check className="size-3.5 text-success" />
+                You&apos;re on the latest version (v{state.currentVersion}).
+              </p>
+            )}
+            {state.status === "available" && (
+              <p className="text-sm text-muted-foreground mt-2 inline-flex items-center gap-1.5">
+                <ArrowDownToLine className="size-3.5 text-primary" />
+                v{state.latestVersion} is available — see the download prompt
+                in the corner.
+              </p>
+            )}
+            {state.status === "error" && (
+              <p className="text-sm text-destructive mt-2 inline-flex items-center gap-1.5">
+                <AlertCircle className="size-3.5" />
+                {state.message}
+              </p>
+            )}
+          </div>
+          <div className="shrink-0">
+            <Button
+              variant="outline"
+              size="sm"
+              onClick={handleCheck}
+              disabled={state.status === "checking"}
+            >
+              {state.status === "checking" ? (
+                <>
+                  <Loader2 className="size-3.5 animate-spin" />
+                  Checking…
+                </>
+              ) : (
+                "Check now"
+              )}
+            </Button>
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}

apps/desktop/src/renderer/src/components/window-overlay.tsx

@@ -0,0 +1,85 @@
+import { useQuery } from "@tanstack/react-query";
+import { useImmersiveMode } from "@multica/views/platform";
+import { NewWorkspacePage } from "@multica/views/workspace/new-workspace-page";
+import { InvitePage } from "@multica/views/invite";
+import { useNavigation } from "@multica/views/navigation";
+import { paths } from "@multica/core/paths";
+import { workspaceListOptions } from "@multica/core/workspace/queries";
+import { useWindowOverlayStore } from "@/stores/window-overlay-store";
+
+/**
+ * Window-level transition overlay: renders above the tab system when the
+ * user is in a pre-workspace flow (create workspace, accept invite).
+ *
+ * This component is a thin **platform shell**:
+ *  - Hands the window-drag strip and macOS traffic-light hiding
+ *    (`useImmersiveMode`) — both are platform-specific, web has neither
+ *  - Covers the tab system (fixed inset, z-50) so the Shell's own TabBar
+ *    doesn't leak through
+ *
+ * All UX affordances (Back button, Log out button, welcome copy, invite
+ * card) live inside the shared `NewWorkspacePage` / `InvitePage`
+ * components under `packages/views/`, so web and desktop render identical
+ * content. The platform split is: UX in shared code, chrome here.
+ */
+export function WindowOverlay() {
+  const overlay = useWindowOverlayStore((s) => s.overlay);
+  if (!overlay) return null;
+  return <WindowOverlayInner />;
+}
+
+function WindowOverlayInner() {
+  const overlay = useWindowOverlayStore((s) => s.overlay);
+  const close = useWindowOverlayStore((s) => s.close);
+  const { push } = useNavigation();
+  const { data: wsList = [] } = useQuery(workspaceListOptions());
+
+  useImmersiveMode();
+
+  if (!overlay) return null;
+
+  // Back is only meaningful when there's somewhere to go — i.e. the user
+  // has at least one workspace. Zero-workspace users can only Log out or
+  // complete the flow.
+  const onBack = wsList.length > 0 ? close : undefined;
+
+  return (
+    <div className="fixed inset-0 z-50 flex flex-col bg-background">
+      {/* Window-drag strip. Rendered as a flex *child* (not absolute
+          overlay) so it owns its own 48px of real layout space — the
+          prior absolute-positioned approach relied on z-index stacking
+          to beat the content wrapper's no-drag, which in practice didn't
+          hit-test reliably for `-webkit-app-region` on the welcome
+          screen. A real flex row with nothing else in it has no such
+          ambiguity: any pixel at top-48 is drag, full stop.
+
+          Height matches `MainTopBar` (48px) so the drag-to-grab area
+          feels consistent with the rest of the app. The strip is
+          invisible; macOS traffic lights would normally sit here but
+          `useImmersiveMode` has hidden them for the overlay's lifetime. */}
+      <div
+        aria-hidden
+        className="h-12 shrink-0"
+        style={{ WebkitAppRegion: "drag" } as React.CSSProperties}
+      />
+
+      <div
+        className="flex-1 min-h-0 overflow-auto"
+        style={{ WebkitAppRegion: "no-drag" } as React.CSSProperties}
+      >
+        {overlay.type === "new-workspace" && (
+          <NewWorkspacePage
+            onSuccess={(ws) => push(paths.workspace(ws.slug).issues())}
+            onBack={onBack}
+          />
+        )}
+        {overlay.type === "invite" && (
+          <InvitePage
+            invitationId={overlay.invitationId}
+            onBack={onBack}
+          />
+        )}
+      </div>
+    </div>
+  );
+}

apps/desktop/src/renderer/src/components/workspace-route-layout.tsx

@@ -2,11 +2,14 @@ import { useEffect } from "react";
 import { Outlet, useNavigate, useParams } from "react-router-dom";
 import { useQuery } from "@tanstack/react-query";
 import { WorkspaceSlugProvider, paths } from "@multica/core/paths";
-import { workspaceBySlugOptions } from "@multica/core/workspace";
+import {
+  workspaceBySlugOptions,
+  workspaceListOptions,
+} from "@multica/core/workspace";
 import { setCurrentWorkspace } from "@multica/core/platform";
 import { useAuthStore } from "@multica/core/auth";
-import { NoAccessPage } from "@multica/views/workspace/no-access-page";
 import { useWorkspaceSeen } from "@multica/views/workspace/use-workspace-seen";
+import { useTabStore } from "@/stores/tab-store";
 
 /**
  * Desktop equivalent of apps/web/app/[workspaceSlug]/layout.tsx.
@@ -17,9 +20,13 @@ import { useWorkspaceSeen } from "@multica/views/workspace/use-workspace-seen";
  * guaranteed non-null when called. Two industry-standard identities are
  * kept distinct: slug (URL / browser) and UUID (API / cache keys).
  *
- * If the slug doesn't resolve to any workspace the user has access to,
- * we render NoAccessPage instead of silently redirecting — users get
- * explicit feedback for stale bookmarks or revoked access.
+ * Unlike web, desktop never renders a "workspace not available" page: the
+ * app has no URL bar and no clickable links from outside the session, so
+ * landing on an inaccessible slug can only mean stale state (a persisted
+ * tab group for a workspace the current user no longer has access to, or
+ * active eviction). Both cases resolve by dropping the stale tab group
+ * from the tab store — the TabBar then renders a different workspace or
+ * the WindowOverlay takes over (zero valid workspaces).
  */
 export function WorkspaceRouteLayout() {
   const { workspaceSlug } = useParams<{ workspaceSlug: string }>();
@@ -27,10 +34,7 @@ export function WorkspaceRouteLayout() {
   const user = useAuthStore((s) => s.user);
   const isAuthLoading = useAuthStore((s) => s.isLoading);
 
-  // Workspace routes require auth. If user is unauthenticated (token
-  // expired, logged out from another tab, etc.), bounce to /login.
-  // Without this, the layout renders null and the user sees a blank page
-  // stuck on /{slug}/...
+  // Workspace routes require auth. If user is unauthenticated, bounce to /login.
   useEffect(() => {
     if (!isAuthLoading && !user) navigate(paths.login(), { replace: true });
   }, [isAuthLoading, user, navigate]);
@@ -40,36 +44,41 @@ export function WorkspaceRouteLayout() {
     enabled: !!user && !!workspaceSlug,
   });
 
+  const { data: wsList } = useQuery({
+    ...workspaceListOptions(),
+    enabled: !!user,
+  });
+
   // Feed the URL slug into the platform singleton so the API client's
   // X-Workspace-Slug header and persist namespace follow the active tab.
-  // setCurrentWorkspace self-dedupes on slug equality — safe to call on
-  // every render (matters on desktop, where N tabs each mount their own
-  // layout). Rehydrate is the singleton's internal side effect.
+  // setCurrentWorkspace self-dedupes on slug equality.
   if (workspace && workspaceSlug) {
     setCurrentWorkspace(workspaceSlug, workspace.id);
   }
 
-  // Remember whether this slug has resolved before (see hook docs). Gates
-  // the NoAccessPage render below so active workspace removal doesn't
-  // flash "Workspace not available" before the navigate lands.
   const hasBeenSeen = useWorkspaceSeen(workspaceSlug, !!workspace);
 
+  // Stale-slug auto-heal: when this tab's slug fails to resolve, drop the
+  // whole workspace group from the tab store. Per-workspace tab grouping
+  // means the cleanup is a single validator call — the TabContent will
+  // unmount this tab (and all siblings in the stale group) once the store
+  // updates. We don't navigate this tab's router because the tab's path
+  // is scoped to the stale slug; navigating to "/" would create an
+  // inconsistent "tab in group X with path /" state.
+  useEffect(() => {
+    if (!user) return;
+    if (!listFetched) return;
+    if (workspace) return;
+    if (hasBeenSeen) return; // active eviction in flight — let the other path win
+    if (!wsList) return;
+    const validSlugs = new Set(wsList.map((w) => w.slug));
+    useTabStore.getState().validateWorkspaceSlugs(validSlugs);
+  }, [user, listFetched, workspace, hasBeenSeen, wsList]);
+
   if (isAuthLoading) return null;
   if (!workspaceSlug) return null;
-  // Don't render children until workspace is resolved. useWorkspaceId()
-  // throws when the workspace list hasn't populated or the slug is
-  // unknown — gating here is the single point where that invariant is
-  // enforced, so every descendant can call useWorkspaceId() safely.
   if (!listFetched) return null;
-  if (!workspace) {
-    // Active workspace just removed (delete/leave/realtime eviction) —
-    // navigate is in flight; hold null briefly instead of flashing
-    // NoAccessPage.
-    if (hasBeenSeen) return null;
-    // Genuinely inaccessible slug (stale bookmark, revoked access, or a
-    // link from a former teammate's workspace) → explicit feedback.
-    return <NoAccessPage />;
-  }
+  if (!workspace) return null; // auto-heal effect above handles the cleanup
 
   return (
     <WorkspaceSlugProvider slug={workspaceSlug}>

apps/desktop/src/renderer/src/hooks/use-tab-history.ts

@@ -1,6 +1,6 @@
 import { useCallback } from "react";
 import type { DataRouter } from "react-router-dom";
-import { useTabStore } from "@/stores/tab-store";
+import { useActiveTabRouter, useActiveTabHistory } from "@/stores/tab-store";
 
 /**
  * Shared hint map so useTabRouterSync can distinguish back vs forward POP.
@@ -9,32 +9,32 @@ import { useTabStore } from "@/stores/tab-store";
 export const popDirectionHints = new Map<DataRouter, "back" | "forward">();
 
 /**
- * Per-tab back/forward navigation derived from the active tab's history state.
- * Replaces the old global useNavigationHistory() hook.
+ * Per-tab back/forward navigation derived from the active workspace's
+ * active tab.
+ *
+ * Subscribed via primitive selectors so this hook only re-renders when
+ * the numeric history state actually changes — path ticks on the active
+ * tab (which don't shift historyIndex) don't churn the back/forward
+ * buttons.
  */
 export function useTabHistory() {
-  // Return the actual tab object from the store — stable reference.
-  // Do NOT create a new object in the selector (causes infinite re-renders).
-  const activeTab = useTabStore((s) =>
-    s.tabs.find((t) => t.id === s.activeTabId),
-  );
+  const router = useActiveTabRouter();
+  const { historyIndex, historyLength } = useActiveTabHistory();
 
-  const canGoBack = (activeTab?.historyIndex ?? 0) > 0;
-  const canGoForward =
-    (activeTab?.historyIndex ?? 0) < (activeTab?.historyLength ?? 1) - 1;
+  const canGoBack = historyIndex > 0;
+  const canGoForward = historyIndex < historyLength - 1;
 
   const goBack = useCallback(() => {
-    if (!activeTab || activeTab.historyIndex <= 0) return;
-    popDirectionHints.set(activeTab.router, "back");
-    activeTab.router.navigate(-1);
-  }, [activeTab]);
+    if (!router || historyIndex <= 0) return;
+    popDirectionHints.set(router, "back");
+    router.navigate(-1);
+  }, [router, historyIndex]);
 
   const goForward = useCallback(() => {
-    if (!activeTab || activeTab.historyIndex >= activeTab.historyLength - 1)
-      return;
-    popDirectionHints.set(activeTab.router, "forward");
-    activeTab.router.navigate(1);
-  }, [activeTab]);
+    if (!router || historyIndex >= historyLength - 1) return;
+    popDirectionHints.set(router, "forward");
+    router.navigate(1);
+  }, [router, historyIndex, historyLength]);
 
   return { canGoBack, canGoForward, goBack, goForward };
 }

apps/desktop/src/renderer/src/hooks/use-tab-sync.ts

@@ -2,20 +2,23 @@ import { useEffect } from "react";
 import { useTabStore } from "@/stores/tab-store";
 
 /**
- * Watches document.title via MutationObserver and updates the active tab's title.
- *
- * Pages set document.title via TitleSync (route handle.title) or useDocumentTitle().
- * This observer picks up the change and syncs it to the tab store.
+ * Watches document.title via MutationObserver and updates the active tab's
+ * title. Pages set document.title via TitleSync (route handle.title) or
+ * useDocumentTitle(). This observer picks up the change and syncs it to
+ * the tab store.
  */
 export function useActiveTitleSync() {
   useEffect(() => {
     const observer = new MutationObserver(() => {
       const title = document.title;
       if (!title) return;
-      const { tabs, activeTabId } = useTabStore.getState();
-      const activeTab = tabs.find((t) => t.id === activeTabId);
+      const state = useTabStore.getState();
+      if (!state.activeWorkspaceSlug) return;
+      const group = state.byWorkspace[state.activeWorkspaceSlug];
+      if (!group) return;
+      const activeTab = group.tabs.find((t) => t.id === group.activeTabId);
       if (activeTab && activeTab.title !== title) {
-        useTabStore.getState().updateTab(activeTabId, { title });
+        state.updateTab(activeTab.id, { title });
       }
     });
 

apps/desktop/src/renderer/src/platform/navigation.tsx

@@ -5,7 +5,15 @@ import {
   type NavigationAdapter,
 } from "@multica/views/navigation";
 import { useAuthStore } from "@multica/core/auth";
-import { useTabStore, resolveRouteIcon } from "@/stores/tab-store";
+import { isReservedSlug } from "@multica/core/paths";
+import {
+  useTabStore,
+  resolveRouteIcon,
+  useActiveTabIdentity,
+  useActiveTabRouter,
+  getActiveTab,
+} from "@/stores/tab-store";
+import { useWindowOverlayStore } from "@/stores/window-overlay-store";
 
 // Public web app URL — injected at build time via .env.production. Falls
 // back to the production host for dev builds so "Copy link" yields a URL
@@ -13,8 +21,77 @@ import { useTabStore, resolveRouteIcon } from "@/stores/tab-store";
 const APP_URL = import.meta.env.VITE_APP_URL || "https://multica.ai";
 
 /**
- * Root-level navigation provider for components outside the per-tab RouterProviders
- * (sidebar, search dialog, modals, etc.).
+ * Extract the leading workspace slug from a path, or null if the path isn't
+ * workspace-scoped (root, login, any reserved prefix).
+ */
+function extractWorkspaceSlug(path: string): string | null {
+  const first = path.split("/").filter(Boolean)[0] ?? "";
+  if (!first) return null;
+  if (isReservedSlug(first)) return null;
+  return first;
+}
+
+/**
+ * Intercept navigation to "transition" paths — pre-workspace flows that on
+ * desktop are rendered as a window-level overlay instead of a tab route.
+ * Returns `true` if the navigation was handled (caller should NOT proceed).
+ *
+ * Side effect: when opening the new-workspace overlay, the tab router is
+ * ALSO reset to "/". Rationale — the only way a push lands on
+ * /workspaces/new is that the workspace context is gone (fresh install,
+ * delete-last, leave-last). Leaving the tab parked on a workspace-scoped
+ * path would keep those components mounted under the overlay; the next
+ * render after the list cache updates would then throw (useWorkspaceId
+ * etc) because the slug no longer resolves.
+ */
+function tryRouteToOverlay(path: string, router?: DataRouter): boolean {
+  const overlay = useWindowOverlayStore.getState();
+  if (path === "/workspaces/new") {
+    overlay.open({ type: "new-workspace" });
+    if (router && router.state.location.pathname !== "/") {
+      router.navigate("/", { replace: true });
+    }
+    return true;
+  }
+  if (path.startsWith("/invite/")) {
+    let id = "";
+    try {
+      id = decodeURIComponent(path.slice("/invite/".length));
+    } catch {
+      return true;
+    }
+    if (id) {
+      overlay.open({ type: "invite", invitationId: id });
+      return true;
+    }
+  }
+  // Any other navigation cancels a live overlay.
+  if (overlay.overlay) overlay.close();
+  return false;
+}
+
+/**
+ * Intercept pushes that change workspace. Returns `true` if the navigation
+ * was delegated to the tab store (caller should NOT proceed).
+ *
+ * This is the entry point that makes shared code platform-agnostic:
+ * sidebar dropdown, cmd+k "switch workspace", post-delete redirects,
+ * invite-accept flow — they all call `useNavigation().push(path)` with a
+ * full workspace URL, and on desktop we translate "target slug differs
+ * from active" into "switch the tab-group that's visible in the TabBar".
+ */
+function tryRouteToOtherWorkspace(path: string): boolean {
+  const targetSlug = extractWorkspaceSlug(path);
+  if (!targetSlug) return false;
+  const { activeWorkspaceSlug, switchWorkspace } = useTabStore.getState();
+  if (targetSlug === activeWorkspaceSlug) return false;
+  switchWorkspace(targetSlug, path);
+  return true;
+}
+
+/**
+ * Root-level navigation provider for components outside the per-tab
+ * RouterProviders (sidebar, search dialog, modals, WindowOverlay contents).
  *
  * Reads from the active tab's memory router via router.subscribe().
  * Does NOT use any react-router hooks — it's above all RouterProviders.
@@ -24,50 +101,61 @@ export function DesktopNavigationProvider({
 }: {
   children: React.ReactNode;
 }) {
-  const activeTab = useTabStore((s) => s.tabs.find((t) => t.id === s.activeTabId));
-  const [pathname, setPathname] = useState(activeTab?.path ?? "/issues");
+  // Primitive-only subscriptions so this component doesn't re-render on
+  // unrelated store updates (e.g. an inactive tab's router tick). We
+  // resolve the active router here only to subscribe once per tab switch.
+  const { tabId: activeTabId } = useActiveTabIdentity();
+  const router = useActiveTabRouter();
+  const [pathname, setPathname] = useState(
+    router?.state.location.pathname ?? "/",
+  );
 
-  // Subscribe to the active tab's router for pathname updates
   useEffect(() => {
-    if (!activeTab) return;
-    setPathname(activeTab.router.state.location.pathname);
-    return activeTab.router.subscribe((state) => {
+    if (!router) {
+      setPathname("/");
+      return;
+    }
+    setPathname(router.state.location.pathname);
+    return router.subscribe((state) => {
       setPathname(state.location.pathname);
     });
-  }, [activeTab?.id]); // eslint-disable-line react-hooks/exhaustive-deps
+  }, [activeTabId, router]);
 
   const adapter: NavigationAdapter = useMemo(
     () => ({
       push: (path: string) => {
         if (path === "/login") {
-          // DashboardGuard token expired — force back to login screen
           useAuthStore.getState().logout();
           return;
         }
-        const tab = useTabStore.getState().tabs.find(
-          (t) => t.id === useTabStore.getState().activeTabId,
-        );
-        tab?.router.navigate(path);
+        const active = currentActiveTab();
+        if (tryRouteToOverlay(path, active?.router)) return;
+        if (tryRouteToOtherWorkspace(path)) return;
+        active?.router.navigate(path);
       },
       replace: (path: string) => {
-        const tab = useTabStore.getState().tabs.find(
-          (t) => t.id === useTabStore.getState().activeTabId,
-        );
-        tab?.router.navigate(path, { replace: true });
+        const active = currentActiveTab();
+        if (tryRouteToOverlay(path, active?.router)) return;
+        if (tryRouteToOtherWorkspace(path)) return;
+        active?.router.navigate(path, { replace: true });
       },
       back: () => {
-        const tab = useTabStore.getState().tabs.find(
-          (t) => t.id === useTabStore.getState().activeTabId,
-        );
-        tab?.router.navigate(-1);
+        currentActiveTab()?.router.navigate(-1);
       },
       pathname,
       searchParams: new URLSearchParams(),
       openInNewTab: (path: string, title?: string) => {
-        const icon = resolveRouteIcon(path);
+        // Cross-workspace "open in new tab" switches workspace and opens
+        // the path there; same-workspace just adds a tab in the current group.
+        const slug = extractWorkspaceSlug(path);
         const store = useTabStore.getState();
+        if (slug && slug !== store.activeWorkspaceSlug) {
+          store.switchWorkspace(slug, path);
+          return;
+        }
+        const icon = resolveRouteIcon(path);
         const tabId = store.openTab(path, title ?? path, icon);
-        store.setActiveTab(tabId);
+        if (tabId) store.setActiveTab(tabId);
       },
       getShareableUrl: (path: string) => `${APP_URL}${path}`,
     }),
@@ -77,6 +165,10 @@ export function DesktopNavigationProvider({
   return <NavigationProvider value={adapter}>{children}</NavigationProvider>;
 }
 
+function currentActiveTab() {
+  return getActiveTab(useTabStore.getState());
+}
+
 /**
  * Per-tab navigation provider rendered inside each tab's Activity wrapper.
  * Subscribes to the tab's own router for up-to-date pathname.
@@ -101,16 +193,29 @@ export function TabNavigationProvider({
 
   const adapter: NavigationAdapter = useMemo(
     () => ({
-      push: (path: string) => router.navigate(path),
-      replace: (path: string) => router.navigate(path, { replace: true }),
+      push: (path: string) => {
+        if (tryRouteToOverlay(path, router)) return;
+        if (tryRouteToOtherWorkspace(path)) return;
+        router.navigate(path);
+      },
+      replace: (path: string) => {
+        if (tryRouteToOverlay(path, router)) return;
+        if (tryRouteToOtherWorkspace(path)) return;
+        router.navigate(path, { replace: true });
+      },
       back: () => router.navigate(-1),
       pathname: location.pathname,
       searchParams: new URLSearchParams(location.search),
       openInNewTab: (path: string, title?: string) => {
-        const icon = resolveRouteIcon(path);
+        const slug = extractWorkspaceSlug(path);
         const store = useTabStore.getState();
-        const newTabId = store.openTab(path, title ?? path, icon);
-        store.setActiveTab(newTabId);
+        if (slug && slug !== store.activeWorkspaceSlug) {
+          store.switchWorkspace(slug, path);
+          return;
+        }
+        const icon = resolveRouteIcon(path);
+        const tabId = store.openTab(path, title ?? path, icon);
+        if (tabId) store.setActiveTab(tabId);
       },
       getShareableUrl: (path: string) => `${APP_URL}${path}`,
     }),

apps/desktop/src/renderer/src/routes.tsx

@@ -6,7 +6,6 @@ import {
   useMatches,
 } from "react-router-dom";
 import type { RouteObject } from "react-router-dom";
-import { useQuery } from "@tanstack/react-query";
 import { IssueDetailPage } from "./pages/issue-detail-page";
 import { ProjectDetailPage } from "./pages/project-detail-page";
 import { AutopilotDetailPage } from "./pages/autopilot-detail-page";
@@ -20,13 +19,9 @@ import { DaemonRuntimeCard } from "./components/daemon-runtime-card";
 import { AgentsPage } from "@multica/views/agents";
 import { InboxPage } from "@multica/views/inbox";
 import { SettingsPage } from "@multica/views/settings";
-import { NewWorkspacePage } from "@multica/views/workspace/new-workspace-page";
-import { InvitePage } from "@multica/views/invite";
-import { useNavigation } from "@multica/views/navigation";
-import { paths } from "@multica/core/paths";
-import { workspaceListOptions } from "@multica/core/workspace/queries";
-import { Server } from "lucide-react";
+import { Download, Server } from "lucide-react";
 import { DaemonSettingsTab } from "./components/daemon-settings-tab";
+import { UpdatesSettingsTab } from "./components/updates-settings-tab";
 import { WorkspaceRouteLayout } from "./components/workspace-route-layout";
 
 /**
@@ -59,77 +54,28 @@ function PageShell() {
   );
 }
 
-function NewWorkspaceRoute() {
-  const nav = useNavigation();
-  return (
-    <NewWorkspacePage
-      onSuccess={(ws) => nav.push(paths.workspace(ws.slug).issues())}
-    />
-  );
-}
-
-/**
- * Root index route: resolves the URL-less `/` path to a concrete destination.
- *
- * Runs both on first login (App.tsx seeded the cache) and on app reopen
- * (AuthInitializer seeded the cache). Reading from React Query avoids
- * duplicate fetches across tabs — each tab's memory router hits this
- * component independently but the query is deduped.
- *
- * Sends first-time users without any workspace to /workspaces/new,
- * everyone else to their first workspace's issues page. Persisted tab
- * paths that already carry a workspace slug bypass this component
- * entirely.
- */
-function IndexRedirect() {
-  const { data: wsList, isFetched } = useQuery(workspaceListOptions());
-
-  // Wait for the query to settle so we don't redirect to /workspaces/new
-  // on the initial render before the seeded/fetched data arrives.
-  if (!isFetched) return null;
-
-  const firstWorkspace = wsList?.[0];
-  if (firstWorkspace) {
-    return <Navigate to={paths.workspace(firstWorkspace.slug).issues()} replace />;
-  }
-  return <Navigate to={paths.newWorkspace()} replace />;
-}
-
-function InviteRoute() {
-  const matches = useMatches();
-  const match = matches.find((m) => (m.params as { id?: string }).id);
-  const id = (match?.params as { id?: string })?.id ?? "";
-  return <InvitePage invitationId={id} />;
-}
-
 /**
  * Route definitions shared by all tabs.
  *
- * Structure mirrors the web app's [workspaceSlug]/... layout: all dashboard
- * pages live under /:workspaceSlug, with WorkspaceRouteLayout resolving the
- * slug to a workspace and syncing side-effects (api client, persist namespace,
- * Zustand mirror). Global (pre-workspace) routes — workspaces/new and invite —
- * sit at the top level alongside the workspace wrapper.
+ * Every tab path is workspace-scoped: `/{slug}/{route}/...`. Pre-workspace
+ * flows (create workspace, accept invite) are NOT routes — they render as a
+ * window-level overlay via `WindowOverlay`, dispatched by the navigation
+ * adapter's transition-path interception. The `activeWorkspaceSlug` in the
+ * tab store decides which workspace's tabs are visible in the TabBar;
+ * workspace-less state (zero-workspace user) shows the overlay instead.
+ *
+ * The root index route stays as a harmless safety net. With per-workspace
+ * tabs, nothing should construct a tab at `/` — but if one ever slips
+ * through (malformed persisted state that dodges the migration, direct
+ * router.navigate from unforeseen code), the index falls back to null
+ * rather than 404; App.tsx's bootstrap repoints activeWorkspaceSlug on the
+ * next render pass.
  */
 export const appRoutes: RouteObject[] = [
   {
     element: <PageShell />,
     children: [
-      // Top-level index: no slug yet. `IndexRedirect` reads the workspace
-      // list from React Query cache (seeded by AuthInitializer on reopen
-      // or App.tsx on deep-link login) and bounces to the first
-      // workspace's issues page — or /workspaces/new if the user has none.
-      { index: true, element: <IndexRedirect /> },
-      {
-        path: "workspaces/new",
-        element: <NewWorkspaceRoute />,
-        handle: { title: "Create Workspace" },
-      },
-      {
-        path: "invite/:id",
-        element: <InviteRoute />,
-        handle: { title: "Accept Invite" },
-      },
+      { index: true, element: null },
       {
         path: ":workspaceSlug",
         element: <WorkspaceRouteLayout />,
@@ -185,6 +131,12 @@ export const appRoutes: RouteObject[] = [
                     icon: Server,
                     content: <DaemonSettingsTab />,
                   },
+                  {
+                    value: "updates",
+                    label: "Updates",
+                    icon: Download,
+                    content: <UpdatesSettingsTab />,
+                  },
                 ]}
               />
             ),

apps/desktop/src/renderer/src/stores/tab-store.test.ts

@@ -1,23 +1,42 @@
-import { describe, expect, it, vi } from "vitest";
+import { describe, expect, it, vi, beforeEach } from "vitest";
 
 // createTabRouter transitively pulls in route modules that expect a browser
-// router context. For pure-function tests we stub it out.
+// router context. For pure store tests we stub it to a minimal disposable.
+const createTabRouterMock = vi.hoisted(() =>
+  vi.fn(() => ({
+    dispose: vi.fn(),
+    state: { location: { pathname: "/" } },
+    navigate: vi.fn(),
+    subscribe: vi.fn(() => () => {}),
+  })),
+);
 vi.mock("../routes", () => ({
-  createTabRouter: vi.fn(() => ({ dispose: vi.fn() })),
+  createTabRouter: createTabRouterMock,
 }));
 
-import { sanitizeTabPath } from "./tab-store";
+import {
+  sanitizeTabPath,
+  migrateV1ToV2,
+  useTabStore,
+} from "./tab-store";
+
+beforeEach(() => {
+  createTabRouterMock.mockClear();
+  useTabStore.getState().reset();
+});
 
 describe("sanitizeTabPath", () => {
-  it("passes through root sentinel", () => {
-    expect(sanitizeTabPath("/")).toBe("/");
+  it("rejects the root sentinel — tabs must be workspace-scoped", () => {
+    expect(sanitizeTabPath("/")).toBeNull();
+    expect(sanitizeTabPath("")).toBeNull();
   });
 
-  it("passes through global paths", () => {
-    expect(sanitizeTabPath("/login")).toBe("/login");
-    expect(sanitizeTabPath("/workspaces/new")).toBe("/workspaces/new");
-    expect(sanitizeTabPath("/invite/abc")).toBe("/invite/abc");
-    expect(sanitizeTabPath("/auth/callback")).toBe("/auth/callback");
+  it("silently rejects transition paths (no warn — navigation adapter intercepts them)", () => {
+    const warn = vi.spyOn(console, "warn").mockImplementation(() => {});
+    expect(sanitizeTabPath("/workspaces/new")).toBeNull();
+    expect(sanitizeTabPath("/invite/abc")).toBeNull();
+    expect(warn).not.toHaveBeenCalled();
+    warn.mockRestore();
   });
 
   it("passes through valid workspace-scoped paths", () => {
@@ -25,21 +44,181 @@ describe("sanitizeTabPath", () => {
     expect(sanitizeTabPath("/my-team/projects/abc")).toBe("/my-team/projects/abc");
   });
 
-  it("rejects paths whose first segment is a reserved slug", () => {
-    // A stray "/issues" (pre-refactor leftover, missing workspace prefix)
-    // would be interpreted as workspaceSlug="issues" → NoAccessPage.
+  it("rejects paths whose first segment is a reserved slug (missing workspace prefix)", () => {
     const warn = vi.spyOn(console, "warn").mockImplementation(() => {});
-    expect(sanitizeTabPath("/issues")).toBe("/");
-    expect(sanitizeTabPath("/issues/abc-123")).toBe("/");
-    expect(sanitizeTabPath("/settings")).toBe("/");
+    expect(sanitizeTabPath("/issues")).toBeNull();
+    expect(sanitizeTabPath("/settings")).toBeNull();
     expect(warn).toHaveBeenCalled();
     warn.mockRestore();
   });
 
   it("passes through user slugs that happen to look path-like but aren't reserved", () => {
-    // A workspace owner could legitimately pick "acme-issues" or
-    // "project-x" as their slug — sanitize must not touch these.
     expect(sanitizeTabPath("/acme-issues/issues")).toBe("/acme-issues/issues");
     expect(sanitizeTabPath("/project-x/inbox")).toBe("/project-x/inbox");
   });
 });
+
+describe("migrateV1ToV2", () => {
+  it("groups v1 flat tabs by workspace slug", () => {
+    const v1 = {
+      tabs: [
+        { id: "t1", path: "/acme/issues", title: "Issues", icon: "ListTodo" },
+        { id: "t2", path: "/acme/projects", title: "Projects", icon: "FolderKanban" },
+        { id: "t3", path: "/butter/issues", title: "Issues", icon: "ListTodo" },
+      ],
+      activeTabId: "t2",
+    };
+    const v2 = migrateV1ToV2(v1);
+    expect(Object.keys(v2.byWorkspace).sort()).toEqual(["acme", "butter"]);
+    expect(v2.byWorkspace.acme.tabs).toHaveLength(2);
+    expect(v2.byWorkspace.butter.tabs).toHaveLength(1);
+    expect(v2.byWorkspace.acme.activeTabId).toBe("t2");
+    expect(v2.byWorkspace.butter.activeTabId).toBe("t3"); // first tab in group
+    expect(v2.activeWorkspaceSlug).toBe("acme"); // contained v1.activeTabId
+  });
+
+  it("drops tabs at root / transition / reserved-slug paths", () => {
+    const v1 = {
+      tabs: [
+        { id: "t1", path: "/", title: "Issues", icon: "ListTodo" },
+        { id: "t2", path: "/workspaces/new", title: "New", icon: "Plus" },
+        { id: "t3", path: "/invite/abc", title: "Invite", icon: "Mail" },
+        { id: "t4", path: "/acme/issues", title: "Issues", icon: "ListTodo" },
+      ],
+      activeTabId: "t1",
+    };
+    const v2 = migrateV1ToV2(v1);
+    expect(Object.keys(v2.byWorkspace)).toEqual(["acme"]);
+    expect(v2.byWorkspace.acme.tabs).toHaveLength(1);
+    // v1.activeTabId was dropped; active falls back to first group's first tab.
+    expect(v2.activeWorkspaceSlug).toBe("acme");
+    expect(v2.byWorkspace.acme.activeTabId).toBe("t4");
+  });
+
+  it("handles empty v1 state gracefully", () => {
+    const v2 = migrateV1ToV2({ tabs: [], activeTabId: "" });
+    expect(v2.byWorkspace).toEqual({});
+    expect(v2.activeWorkspaceSlug).toBeNull();
+  });
+
+  it("handles v1 with no tabs field (corrupted state)", () => {
+    const v2 = migrateV1ToV2({});
+    expect(v2.byWorkspace).toEqual({});
+    expect(v2.activeWorkspaceSlug).toBeNull();
+  });
+});
+
+describe("useTabStore actions", () => {
+  it("switchWorkspace creates a new group with a default tab on first entry", () => {
+    useTabStore.getState().switchWorkspace("acme");
+    const s = useTabStore.getState();
+    expect(s.activeWorkspaceSlug).toBe("acme");
+    expect(s.byWorkspace.acme.tabs).toHaveLength(1);
+    expect(s.byWorkspace.acme.tabs[0].path).toBe("/acme/issues");
+  });
+
+  it("switchWorkspace without openPath restores the group's last active tab", () => {
+    const store = useTabStore.getState();
+    store.switchWorkspace("acme");
+    store.addTab("/acme/projects", "Projects", "FolderKanban");
+    const acmeProjectsId = useTabStore.getState().byWorkspace.acme.tabs[1].id;
+    store.setActiveTab(acmeProjectsId);
+
+    // Enter a different workspace then come back
+    store.switchWorkspace("butter");
+    expect(useTabStore.getState().activeWorkspaceSlug).toBe("butter");
+
+    store.switchWorkspace("acme");
+    const s = useTabStore.getState();
+    expect(s.activeWorkspaceSlug).toBe("acme");
+    expect(s.byWorkspace.acme.activeTabId).toBe(acmeProjectsId);
+  });
+
+  it("switchWorkspace with openPath dedupes into an existing tab with same path", () => {
+    const store = useTabStore.getState();
+    store.switchWorkspace("acme"); // creates default /acme/issues
+    store.addTab("/acme/projects", "Projects", "FolderKanban");
+
+    store.switchWorkspace("acme", "/acme/issues");
+    const s = useTabStore.getState();
+    expect(s.byWorkspace.acme.tabs).toHaveLength(2); // no duplicate created
+    const activeTab = s.byWorkspace.acme.tabs.find(
+      (t) => t.id === s.byWorkspace.acme.activeTabId,
+    );
+    expect(activeTab?.path).toBe("/acme/issues");
+  });
+
+  it("switchWorkspace with openPath not matching any tab adds a new tab", () => {
+    const store = useTabStore.getState();
+    store.switchWorkspace("acme");
+    store.switchWorkspace("acme", "/acme/issues/bug-42");
+    const s = useTabStore.getState();
+    expect(s.byWorkspace.acme.tabs).toHaveLength(2);
+    const activeTab = s.byWorkspace.acme.tabs.find(
+      (t) => t.id === s.byWorkspace.acme.activeTabId,
+    );
+    expect(activeTab?.path).toBe("/acme/issues/bug-42");
+  });
+
+  it("openTab dedupes by path within the active workspace", () => {
+    const store = useTabStore.getState();
+    store.switchWorkspace("acme");
+    const id1 = store.openTab("/acme/projects", "Projects", "FolderKanban");
+    const id2 = store.openTab("/acme/projects", "Projects", "FolderKanban");
+    expect(id1).toBe(id2);
+    expect(useTabStore.getState().byWorkspace.acme.tabs).toHaveLength(2); // default + projects
+  });
+
+  it("closeTab on the last tab in a workspace reseeds the default tab", () => {
+    const store = useTabStore.getState();
+    store.switchWorkspace("acme");
+    const onlyTabId = useTabStore.getState().byWorkspace.acme.tabs[0].id;
+    store.closeTab(onlyTabId);
+    const s = useTabStore.getState();
+    expect(s.byWorkspace.acme.tabs).toHaveLength(1);
+    expect(s.byWorkspace.acme.tabs[0].path).toBe("/acme/issues");
+    expect(s.byWorkspace.acme.tabs[0].id).not.toBe(onlyTabId); // fresh tab
+  });
+
+  it("validateWorkspaceSlugs drops groups for slugs not in the valid set and repoints active", () => {
+    const store = useTabStore.getState();
+    store.switchWorkspace("acme");
+    store.switchWorkspace("butter");
+    store.switchWorkspace("acme");
+    expect(useTabStore.getState().activeWorkspaceSlug).toBe("acme");
+
+    // Admin removed the user from acme
+    store.validateWorkspaceSlugs(new Set(["butter"]));
+    const s = useTabStore.getState();
+    expect(Object.keys(s.byWorkspace)).toEqual(["butter"]);
+    expect(s.activeWorkspaceSlug).toBe("butter");
+  });
+
+  it("validateWorkspaceSlugs sets activeWorkspaceSlug to null when all groups are dropped", () => {
+    const store = useTabStore.getState();
+    store.switchWorkspace("acme");
+    store.validateWorkspaceSlugs(new Set());
+    const s = useTabStore.getState();
+    expect(s.byWorkspace).toEqual({});
+    expect(s.activeWorkspaceSlug).toBeNull();
+  });
+
+  it("reset wipes the whole store", () => {
+    const store = useTabStore.getState();
+    store.switchWorkspace("acme");
+    store.switchWorkspace("butter");
+    store.reset();
+    const s = useTabStore.getState();
+    expect(s.activeWorkspaceSlug).toBeNull();
+    expect(s.byWorkspace).toEqual({});
+  });
+
+  it("setActiveTab across workspaces also flips the active workspace", () => {
+    const store = useTabStore.getState();
+    store.switchWorkspace("acme");
+    store.switchWorkspace("butter");
+    const acmeTabId = useTabStore.getState().byWorkspace.acme.tabs[0].id;
+    store.setActiveTab(acmeTabId);
+    expect(useTabStore.getState().activeWorkspaceSlug).toBe("acme");
+  });
+});

apps/desktop/src/renderer/src/stores/tab-store.ts

@@ -3,7 +3,7 @@ import { createJSONStorage, persist } from "zustand/middleware";
 import { arrayMove } from "@dnd-kit/sortable";
 import { createPersistStorage, defaultStorage } from "@multica/core/platform";
 import { createSafeId } from "@multica/core/utils";
-import { isGlobalPath, isReservedSlug } from "@multica/core/paths";
+import { isReservedSlug } from "@multica/core/paths";
 import type { DataRouter } from "react-router-dom";
 import { createTabRouter } from "../routes";
 
@@ -13,6 +13,7 @@ import { createTabRouter } from "../routes";
 
 export interface Tab {
   id: string;
+  /** Every tab path is workspace-scoped: `/{workspaceSlug}/{route}/...`. */
   path: string;
   title: string;
   icon: string;
@@ -21,33 +22,77 @@ export interface Tab {
   historyLength: number;
 }
 
-interface TabStore {
+export interface WorkspaceTabGroup {
   tabs: Tab[];
+  /** Must be a valid tab.id in `tabs`; the empty-tabs state is transient only. */
   activeTabId: string;
+}
 
-  /** Open a background tab. Deduplicates by path. Returns the tab id. */
+interface TabStore {
+  /**
+   * The workspace currently visible in the TabBar / TabContent. Null in three
+   * cases:
+   *   - Fresh install, before any workspace exists or is selected.
+   *   - Logged-out state (reset() wipes it).
+   *   - Every workspace the user had access to got deleted / revoked.
+   * When null, TabContent renders nothing and the WindowOverlay takes over.
+   */
+  activeWorkspaceSlug: string | null;
+
+  /**
+   * Tab groups keyed by workspace slug. Each slug maps to an independent
+   * (tabs, activeTabId) pair; switching workspaces swaps the visible set
+   * without affecting any other group. Cross-workspace tab leakage — the
+   * bug that drove this refactor — is impossible by construction because
+   * there is no global tab array anymore.
+   */
+  byWorkspace: Record<string, WorkspaceTabGroup>;
+
+  /**
+   * Switch to a workspace.
+   *   - If the group doesn't exist yet, create it with a single default tab.
+   *   - If `openPath` is given, find a tab with that exact path and activate
+   *     it; otherwise add a new tab and activate it.
+   *   - If `openPath` is omitted, restore the group's last active tab
+   *     (VSCode / Slack behavior — workspaces resume where you left off).
+   */
+  switchWorkspace: (slug: string, openPath?: string) => void;
+  /** Open-or-activate (dedupes by path) a tab in the active workspace. */
   openTab: (path: string, title: string, icon: string) => string;
-  /** Always create a new tab (no dedup). Returns the tab id. */
+  /** Always creates a new tab (no dedupe) in the active workspace. */
   addTab: (path: string, title: string, icon: string) => string;
-  /** Close a tab. Disposes router. */
+  /**
+   * Close a tab. Finds it across all workspaces (callers like the X button
+   * only know the tab id, not the owning workspace). If this is the last
+   * tab in its workspace, reseed a default tab so the invariant
+   * "every live workspace has at least one tab" holds.
+   */
   closeTab: (tabId: string) => void;
-  /** Switch to a tab by id. */
+  /**
+   * Activate a tab. Finds it across all workspaces. Sets both the owning
+   * workspace as active and that group's activeTabId; needed for any code
+   * path that "jumps" to a tab belonging to a non-active workspace.
+   */
   setActiveTab: (tabId: string) => void;
-  /** Update a tab's metadata (path, title, icon — partial). */
+  /** Patch metadata of a tab (router-sync, title-sync). Finds across groups. */
   updateTab: (tabId: string, patch: Partial<Pick<Tab, "path" | "title" | "icon">>) => void;
-  /** Update a tab's history tracking. */
+  /** Patch history tracking of a tab. Finds across groups. */
   updateTabHistory: (tabId: string, historyIndex: number, historyLength: number) => void;
-  /** Reorder tabs by moving one from fromIndex to toIndex. Preserves router/history. */
+  /** Reorder within the active workspace's group only. */
   moveTab: (fromIndex: number, toIndex: number) => void;
   /**
-   * Reset any tab whose first path segment references a workspace slug the
-   * current user doesn't have access to. Called after login + workspace list
-   * is populated (and on every subsequent list change, e.g. realtime
-   * workspace:deleted). Stale tabs get reset to `/` so IndexRedirect picks
-   * a valid workspace; tabs on global paths (/login, /workspaces/new, etc.)
-   * are untouched.
+   * After the workspace list arrives/changes (login, realtime delete), drop
+   * any tab group whose slug is no longer in `validSlugs`, and repoint
+   * `activeWorkspaceSlug` if it pointed at one of the dropped groups.
    */
   validateWorkspaceSlugs: (validSlugs: Set<string>) => void;
+  /**
+   * Wipe everything. Called from logout so the next user doesn't inherit
+   * the prior user's tabs. Zustand persist only writes to localStorage;
+   * clearing the storage key alone would leave this live store intact
+   * until app restart.
+   */
+  reset: () => void;
 }
 
 // ---------------------------------------------------------------------------
@@ -67,232 +112,594 @@ const ROUTE_ICONS: Record<string, string> = {
 };
 
 /**
- * Resolve a route icon from a pathname. Title is NOT determined here — it
- * comes from document.title.
+ * Resolve a route icon from a pathname.
  *
- * Path shape after the workspace URL refactor:
- *  - workspace-scoped: `/{workspaceSlug}/{route}/...` → use segment index 1
- *  - global (workspaces/new, invite, auth, login): `/{route}/...` → use segment index 0
+ * Tab paths are always workspace-scoped: `/{slug}/{route}/...`, so the route
+ * segment lives at index 1. Pre-workspace flows (create, invite) are rendered
+ * by the window overlay, never as tabs.
  *
- * `isGlobalPath` is the single source of truth for which prefixes are global.
+ * Title is NOT determined here — it comes from document.title.
  */
 export function resolveRouteIcon(pathname: string): string {
   const segments = pathname.split("/").filter(Boolean);
-  const routeSegment = isGlobalPath(pathname)
-    ? (segments[0] ?? "")
-    : (segments[1] ?? "");
-  return ROUTE_ICONS[routeSegment] ?? "ListTodo";
+  return ROUTE_ICONS[segments[1] ?? ""] ?? "ListTodo";
+}
+
+/** Extract the leading workspace slug from a path, or null if the path
+ *  isn't workspace-scoped (global path, root, or empty). */
+function extractWorkspaceSlug(path: string): string | null {
+  const first = path.split("/").filter(Boolean)[0] ?? "";
+  if (!first) return null;
+  if (isReservedSlug(first)) return null;
+  return first;
+}
+
+// ---------------------------------------------------------------------------
+// Path sanitization (defensive)
+// ---------------------------------------------------------------------------
+
+/**
+ * Defensive: catch paths that don't belong in the tab store.
+ *
+ * Two kinds of rejects:
+ *  1. **Transition paths** (`/workspaces/new`, `/invite/...`). These are
+ *     pre-workspace flows rendered by the window overlay on desktop, not
+ *     tab routes. The navigation adapter normally intercepts these before
+ *     they reach the store; this guard catches older persisted state.
+ *  2. **Malformed workspace-scoped paths** like a stray `/issues/abc` that
+ *     was constructed without the workspace prefix. The router would
+ *     interpret `issues` as a workspace slug → NoAccessPage.
+ *
+ * Returns null for rejects (caller decides how to recover — usually by
+ * dropping the tab or substituting a default). Unlike the prior design,
+ * there is no root "/" sentinel — tabs are always scoped.
+ */
+export function sanitizeTabPath(path: string): string | null {
+  const firstSegment = path.split("/").filter(Boolean)[0] ?? "";
+  if (!firstSegment) return null;
+  if (isReservedSlug(firstSegment)) {
+    // Don't log for known transition paths — these are legitimate inputs
+    // at the interception boundary (older persisted state or stale callers).
+    const isTransition = path === "/workspaces/new" || path.startsWith("/invite/");
+    if (!isTransition) {
+      // eslint-disable-next-line no-console
+      console.warn(
+        `[tab-store] tab path "${path}" starts with reserved slug "${firstSegment}" — ` +
+          `caller likely forgot the workspace prefix. Dropping.`,
+      );
+    }
+    return null;
+  }
+  return path;
+}
+
+// ---------------------------------------------------------------------------
+// Tab factory
+// ---------------------------------------------------------------------------
+
+function createId(): string {
+  return createSafeId();
+}
+
+function makeTab(path: string, title: string, icon: string): Tab {
+  return {
+    id: createId(),
+    path,
+    title,
+    icon,
+    router: createTabRouter(path),
+    historyIndex: 0,
+    historyLength: 1,
+  };
+}
+
+/** Default entry point for a workspace — its issues list. */
+function defaultPathFor(slug: string): string {
+  return `/${slug}/issues`;
+}
+
+function defaultTabFor(slug: string): Tab {
+  const path = defaultPathFor(slug);
+  return makeTab(path, "Issues", resolveRouteIcon(path));
+}
+
+// ---------------------------------------------------------------------------
+// Group helpers
+// ---------------------------------------------------------------------------
+
+function findTabLocation(
+  byWorkspace: Record<string, WorkspaceTabGroup>,
+  tabId: string,
+): { slug: string; group: WorkspaceTabGroup; index: number } | null {
+  for (const slug of Object.keys(byWorkspace)) {
+    const group = byWorkspace[slug];
+    const index = group.tabs.findIndex((t) => t.id === tabId);
+    if (index >= 0) return { slug, group, index };
+  }
+  return null;
 }
 
 // ---------------------------------------------------------------------------
 // Store
 // ---------------------------------------------------------------------------
 
-/**
- * Sentinel path for new tabs with no explicit destination. The tab store is
- * workspace-implicit — it doesn't know which workspace is active, so it can't
- * build a `/:slug/issues` path itself. Instead we hand off to the router: `/`
- * matches the top-level index route, which redirects to the workspace default
- * (slug-aware redirect lives in routes.tsx / App.tsx).
- *
- * `title` and `icon` on the placeholder tab get overwritten by
- * useTabRouterSync + useActiveTitleSync once the redirect resolves.
- */
-const DEFAULT_PATH = "/";
-
-function createId(): string {
-  return createSafeId();
-}
-
-/**
- * Defensive: catch tab paths that were constructed without a workspace slug
- * (e.g. a hardcoded "/issues" leftover from before the URL refactor). Such
- * paths would get matched as `workspaceSlug="issues"` by the router and
- * render NoAccessPage. Sanitize by falling back to "/" (IndexRedirect picks
- * a valid workspace).
- *
- * Passes through:
- *  - "/" and global paths (/login, /workspaces/new, /invite/..., /auth/...)
- *  - workspace-scoped paths whose first segment is not a reserved word
- *
- * Rejects (and rewrites to "/"):
- *  - Paths whose first segment is a reserved slug (=/=workspace slug), which
- *    means the caller forgot to prefix the workspace. Logs a warning so the
- *    buggy call site is easy to find.
- */
-export function sanitizeTabPath(path: string): string {
-  if (path === DEFAULT_PATH || isGlobalPath(path)) return path;
-  const firstSegment = path.split("/").filter(Boolean)[0] ?? "";
-  if (isReservedSlug(firstSegment)) {
-    // eslint-disable-next-line no-console
-    console.warn(
-      `[tab-store] tab path "${path}" starts with reserved slug "${firstSegment}" — ` +
-        `caller likely forgot the workspace prefix. Falling back to "/".`,
-    );
-    return DEFAULT_PATH;
-  }
-  return path;
-}
-
-function makeTab(path: string, title: string, icon: string): Tab {
-  const safePath = sanitizeTabPath(path);
-  return {
-    id: createId(),
-    path: safePath,
-    title,
-    icon,
-    router: createTabRouter(safePath),
-    historyIndex: 0,
-    historyLength: 1,
-  };
-}
-
-const initialTab = makeTab(DEFAULT_PATH, "Issues", resolveRouteIcon(DEFAULT_PATH));
-
 export const useTabStore = create<TabStore>()(
   persist(
     (set, get) => ({
-  tabs: [initialTab],
-  activeTabId: initialTab.id,
+      activeWorkspaceSlug: null,
+      byWorkspace: {},
 
-  openTab(path, title, icon) {
-    const { tabs } = get();
-    const existing = tabs.find((t) => t.path === path);
-    if (existing) return existing.id;
+      switchWorkspace(slug, openPath) {
+        // Defensive no-op if slug is empty/invalid — callers like the
+        // NavigationAdapter's path-parser should already have filtered
+        // these, but belt-and-braces keeps garbage out of the store.
+        if (!slug) return;
+        const { byWorkspace } = get();
+        const existing = byWorkspace[slug];
 
-    const tab = makeTab(path, title, icon);
-    set({ tabs: [...tabs, tab] });
-    return tab.id;
-  },
+        // Decide the desired active path for this workspace.
+        const desiredPath = openPath ?? (existing ? null : defaultPathFor(slug));
 
-  addTab(path, title, icon) {
-    const tab = makeTab(path, title, icon);
-    set((s) => ({ tabs: [...s.tabs, tab] }));
-    return tab.id;
-  },
+        if (!existing) {
+          // First time entering this workspace — create the group.
+          const seedPath =
+            desiredPath && sanitizeTabPath(desiredPath) === desiredPath
+              ? desiredPath
+              : defaultPathFor(slug);
+          const tab = makeTab(seedPath, "Issues", resolveRouteIcon(seedPath));
+          set({
+            activeWorkspaceSlug: slug,
+            byWorkspace: {
+              ...byWorkspace,
+              [slug]: { tabs: [tab], activeTabId: tab.id },
+            },
+          });
+          return;
+        }
 
-  closeTab(tabId) {
-    const { tabs, activeTabId } = get();
+        // Workspace already has tabs. Either dedupe into an existing tab or
+        // add a new one (when openPath was supplied and no tab matches it).
+        if (desiredPath) {
+          const clean = sanitizeTabPath(desiredPath);
+          if (clean) {
+            const match = existing.tabs.find((t) => t.path === clean);
+            if (match) {
+              set({
+                activeWorkspaceSlug: slug,
+                byWorkspace: {
+                  ...byWorkspace,
+                  [slug]: { ...existing, activeTabId: match.id },
+                },
+              });
+              return;
+            }
+            const tab = makeTab(clean, "Issues", resolveRouteIcon(clean));
+            set({
+              activeWorkspaceSlug: slug,
+              byWorkspace: {
+                ...byWorkspace,
+                [slug]: {
+                  tabs: [...existing.tabs, tab],
+                  activeTabId: tab.id,
+                },
+              },
+            });
+            return;
+          }
+        }
 
-    const closingTab = tabs.find((t) => t.id === tabId);
+        // No openPath (or openPath was rejected) — just restore the group.
+        set({ activeWorkspaceSlug: slug });
+      },
 
-    // Never close the last tab — replace with default
-    if (tabs.length === 1) {
-      closingTab?.router.dispose();
-      const fresh = makeTab(DEFAULT_PATH, "Issues", resolveRouteIcon(DEFAULT_PATH));
-      set({ tabs: [fresh], activeTabId: fresh.id });
-      return;
-    }
+      openTab(path, title, icon) {
+        const { activeWorkspaceSlug, byWorkspace } = get();
+        const clean = sanitizeTabPath(path);
+        if (!activeWorkspaceSlug || !clean) return "";
+        const group = byWorkspace[activeWorkspaceSlug];
+        if (!group) return "";
 
-    const idx = tabs.findIndex((t) => t.id === tabId);
-    if (idx === -1) return;
+        const existing = group.tabs.find((t) => t.path === clean);
+        if (existing) {
+          set({
+            byWorkspace: {
+              ...byWorkspace,
+              [activeWorkspaceSlug]: { ...group, activeTabId: existing.id },
+            },
+          });
+          return existing.id;
+        }
 
-    closingTab?.router.dispose();
-    const next = tabs.filter((t) => t.id !== tabId);
+        const tab = makeTab(clean, title, icon);
+        set({
+          byWorkspace: {
+            ...byWorkspace,
+            [activeWorkspaceSlug]: {
+              tabs: [...group.tabs, tab],
+              activeTabId: group.activeTabId,
+            },
+          },
+        });
+        return tab.id;
+      },
 
-    if (tabId === activeTabId) {
-      const newActive = next[Math.min(idx, next.length - 1)];
-      set({ tabs: next, activeTabId: newActive.id });
-    } else {
-      set({ tabs: next });
-    }
-  },
+      addTab(path, title, icon) {
+        const { activeWorkspaceSlug, byWorkspace } = get();
+        const clean = sanitizeTabPath(path);
+        if (!activeWorkspaceSlug || !clean) return "";
+        const group = byWorkspace[activeWorkspaceSlug];
+        if (!group) return "";
 
-  setActiveTab(tabId) {
-    set({ activeTabId: tabId });
-  },
+        const tab = makeTab(clean, title, icon);
+        set({
+          byWorkspace: {
+            ...byWorkspace,
+            [activeWorkspaceSlug]: {
+              tabs: [...group.tabs, tab],
+              activeTabId: group.activeTabId,
+            },
+          },
+        });
+        return tab.id;
+      },
 
-  updateTab(tabId, patch) {
-    set((s) => ({
-      tabs: s.tabs.map((t) =>
-        t.id === tabId ? { ...t, ...patch } : t,
-      ),
-    }));
-  },
+      closeTab(tabId) {
+        const { byWorkspace } = get();
+        const hit = findTabLocation(byWorkspace, tabId);
+        if (!hit) return;
+        const { slug, group, index } = hit;
 
-  updateTabHistory(tabId, historyIndex, historyLength) {
-    set((s) => ({
-      tabs: s.tabs.map((t) =>
-        t.id === tabId ? { ...t, historyIndex, historyLength } : t,
-      ),
-    }));
-  },
+        const closing = group.tabs[index];
+        closing.router.dispose();
 
-  moveTab(fromIndex, toIndex) {
-    if (fromIndex === toIndex) return;
-    set((s) => ({ tabs: arrayMove(s.tabs, fromIndex, toIndex) }));
-  },
+        if (group.tabs.length === 1) {
+          // Last tab in this workspace — reseed a default so the workspace
+          // always has at least one tab. Closing a workspace as an explicit
+          // action is a separate concern (Leave/Delete in Settings).
+          const fresh = defaultTabFor(slug);
+          set({
+            byWorkspace: {
+              ...byWorkspace,
+              [slug]: { tabs: [fresh], activeTabId: fresh.id },
+            },
+          });
+          return;
+        }
 
-  validateWorkspaceSlugs(validSlugs) {
-    const { tabs } = get();
-    let changed = false;
-    const nextTabs = tabs.map((t) => {
-      // Skip tabs on non-workspace-scoped paths — nothing to validate.
-      if (t.path === "/" || isGlobalPath(t.path)) return t;
+        const nextTabs = group.tabs.filter((t) => t.id !== tabId);
+        const nextActiveTabId =
+          group.activeTabId === tabId
+            ? nextTabs[Math.min(index, nextTabs.length - 1)].id
+            : group.activeTabId;
 
-      const firstSegment = t.path.split("/").filter(Boolean)[0] ?? "";
-      if (validSlugs.has(firstSegment)) return t;
+        set({
+          byWorkspace: {
+            ...byWorkspace,
+            [slug]: { tabs: nextTabs, activeTabId: nextActiveTabId },
+          },
+        });
+      },
 
-      // Stale slug: dispose the old router and replace with a fresh one
-      // pointing at `/`. IndexRedirect will send the tab to a valid
-      // workspace (or /workspaces/new if the user now has none).
-      changed = true;
-      t.router.dispose();
-      return {
-        ...t,
-        path: DEFAULT_PATH,
-        title: "Issues",
-        icon: resolveRouteIcon(DEFAULT_PATH),
-        router: createTabRouter(DEFAULT_PATH),
-        historyIndex: 0,
-        historyLength: 1,
-      };
-    });
+      setActiveTab(tabId) {
+        const { byWorkspace, activeWorkspaceSlug } = get();
+        const hit = findTabLocation(byWorkspace, tabId);
+        if (!hit) return;
+        const { slug, group } = hit;
+        if (slug === activeWorkspaceSlug && group.activeTabId === tabId) return;
+        set({
+          activeWorkspaceSlug: slug,
+          byWorkspace: {
+            ...byWorkspace,
+            [slug]: { ...group, activeTabId: tabId },
+          },
+        });
+      },
 
-    if (!changed) return;
-    set({ tabs: nextTabs });
-  },
+      updateTab(tabId, patch) {
+        const { byWorkspace } = get();
+        const hit = findTabLocation(byWorkspace, tabId);
+        if (!hit) return;
+        const { slug, group, index } = hit;
+        const current = group.tabs[index];
+        const next: Tab = { ...current, ...patch };
+        const nextTabs = [...group.tabs];
+        nextTabs[index] = next;
+        set({
+          byWorkspace: {
+            ...byWorkspace,
+            [slug]: { ...group, tabs: nextTabs },
+          },
+        });
+      },
+
+      updateTabHistory(tabId, historyIndex, historyLength) {
+        const { byWorkspace } = get();
+        const hit = findTabLocation(byWorkspace, tabId);
+        if (!hit) return;
+        const { slug, group, index } = hit;
+        const current = group.tabs[index];
+        const next: Tab = { ...current, historyIndex, historyLength };
+        const nextTabs = [...group.tabs];
+        nextTabs[index] = next;
+        set({
+          byWorkspace: {
+            ...byWorkspace,
+            [slug]: { ...group, tabs: nextTabs },
+          },
+        });
+      },
+
+      moveTab(fromIndex, toIndex) {
+        if (fromIndex === toIndex) return;
+        const { activeWorkspaceSlug, byWorkspace } = get();
+        if (!activeWorkspaceSlug) return;
+        const group = byWorkspace[activeWorkspaceSlug];
+        if (!group) return;
+        set({
+          byWorkspace: {
+            ...byWorkspace,
+            [activeWorkspaceSlug]: {
+              ...group,
+              tabs: arrayMove(group.tabs, fromIndex, toIndex),
+            },
+          },
+        });
+      },
+
+      validateWorkspaceSlugs(validSlugs) {
+        const { activeWorkspaceSlug, byWorkspace } = get();
+        let changed = false;
+        const nextByWorkspace: Record<string, WorkspaceTabGroup> = {};
+        for (const slug of Object.keys(byWorkspace)) {
+          if (validSlugs.has(slug)) {
+            nextByWorkspace[slug] = byWorkspace[slug];
+          } else {
+            changed = true;
+            for (const t of byWorkspace[slug].tabs) t.router.dispose();
+          }
+        }
+
+        let nextActive = activeWorkspaceSlug;
+        if (nextActive && !validSlugs.has(nextActive)) {
+          nextActive = Object.keys(nextByWorkspace)[0] ?? null;
+          changed = true;
+        }
+
+        if (!changed) return;
+        set({ byWorkspace: nextByWorkspace, activeWorkspaceSlug: nextActive });
+      },
+
+      reset() {
+        const { byWorkspace } = get();
+        for (const slug of Object.keys(byWorkspace)) {
+          for (const t of byWorkspace[slug].tabs) t.router.dispose();
+        }
+        set({ activeWorkspaceSlug: null, byWorkspace: {} });
+      },
     }),
     {
       name: "multica_tabs",
-      version: 1,
+      version: 2,
       storage: createJSONStorage(() => createPersistStorage(defaultStorage)),
+      migrate: (persistedState, version) => {
+        // v1 → v2: flat `tabs` array → per-workspace grouping.
+        // Tabs whose path isn't workspace-scoped (root `/`, login, etc.)
+        // are dropped — they have no workspace to belong to, and the new
+        // model's invariant is "every tab lives in a workspace group".
+        if (version < 2 && persistedState && typeof persistedState === "object") {
+          return migrateV1ToV2(persistedState as Partial<V1Persisted>);
+        }
+        return persistedState as V2Persisted;
+      },
       partialize: (state) => ({
-        tabs: state.tabs.map(
-          ({ router, historyIndex, historyLength, ...rest }) => rest,
+        activeWorkspaceSlug: state.activeWorkspaceSlug,
+        byWorkspace: Object.fromEntries(
+          Object.entries(state.byWorkspace).map(([slug, group]) => [
+            slug,
+            {
+              activeTabId: group.activeTabId,
+              tabs: group.tabs.map(
+                ({ router: _router, historyIndex: _hi, historyLength: _hl, ...rest }) =>
+                  rest,
+              ),
+            },
+          ]),
         ),
-        activeTabId: state.activeTabId,
       }),
       merge: (persistedState, currentState) => {
-        const persisted = persistedState as
-          | Pick<TabStore, "tabs" | "activeTabId">
-          | undefined;
-        if (!persisted?.tabs?.length) return currentState;
+        const persisted = persistedState as Partial<V2Persisted> | undefined;
+        if (!persisted?.byWorkspace) return currentState;
 
-        const tabs: Tab[] = persisted.tabs.map((tab) => {
-          // Sanitize persisted paths against reserved-slug rules. Catches
-          // both pre-refactor paths like "/issues/abc" (missing workspace
-          // slug) and any other malformed paths that slipped past the
-          // write-time guard. The defense across makeTab + merge + runtime
-          // validate ensures stale or malformed paths never reach the
-          // router.
-          const path = sanitizeTabPath(tab.path);
-          return {
-            ...tab,
-            path,
-            router: createTabRouter(path),
-            historyIndex: 0,
-            historyLength: 1,
-          };
-        });
+        const byWorkspace: Record<string, WorkspaceTabGroup> = {};
+        for (const [slug, pGroup] of Object.entries(persisted.byWorkspace)) {
+          const tabs: Tab[] = [];
+          for (const pTab of pGroup.tabs) {
+            const clean = sanitizeTabPath(pTab.path);
+            // Persisted path may have come from a stale version or a
+            // manual edit. Drop rather than rewrite so we never silently
+            // put users on a path that doesn't match the group's slug.
+            if (!clean || extractWorkspaceSlug(clean) !== slug) {
+              // eslint-disable-next-line no-console
+              console.warn(
+                `[tab-store] dropping persisted tab "${pTab.path}" from ` +
+                  `group "${slug}" — path/slug mismatch`,
+              );
+              continue;
+            }
+            tabs.push({
+              id: pTab.id,
+              path: clean,
+              title: pTab.title,
+              icon: pTab.icon,
+              router: createTabRouter(clean),
+              historyIndex: 0,
+              historyLength: 1,
+            });
+          }
+          if (tabs.length === 0) continue;
+          const activeTabId = tabs.some((t) => t.id === pGroup.activeTabId)
+            ? pGroup.activeTabId
+            : tabs[0].id;
+          byWorkspace[slug] = { tabs, activeTabId };
+        }
 
-        // Validate activeTabId — fall back to first tab if stale
-        const activeTabId = tabs.some((t) => t.id === persisted.activeTabId)
-          ? persisted.activeTabId
-          : tabs[0].id;
+        const activeWorkspaceSlug =
+          persisted.activeWorkspaceSlug && byWorkspace[persisted.activeWorkspaceSlug]
+            ? persisted.activeWorkspaceSlug
+            : (Object.keys(byWorkspace)[0] ?? null);
 
-        return { ...currentState, tabs, activeTabId };
+        return { ...currentState, byWorkspace, activeWorkspaceSlug };
       },
     },
   ),
 );
+
+// ---------------------------------------------------------------------------
+// Persisted shapes (for migration)
+// ---------------------------------------------------------------------------
+
+interface V1Tab {
+  id: string;
+  path: string;
+  title: string;
+  icon: string;
+}
+
+interface V1Persisted {
+  tabs: V1Tab[];
+  activeTabId: string;
+}
+
+interface V2PersistedTab {
+  id: string;
+  path: string;
+  title: string;
+  icon: string;
+}
+
+interface V2PersistedGroup {
+  tabs: V2PersistedTab[];
+  activeTabId: string;
+}
+
+interface V2Persisted {
+  activeWorkspaceSlug: string | null;
+  byWorkspace: Record<string, V2PersistedGroup>;
+}
+
+export function migrateV1ToV2(v1: Partial<V1Persisted>): V2Persisted {
+  const byWorkspace: Record<string, V2PersistedGroup> = {};
+  const oldTabs = v1.tabs ?? [];
+  for (const tab of oldTabs) {
+    const slug = extractWorkspaceSlug(tab.path);
+    if (!slug) continue; // drop root / global-path tabs
+    if (!byWorkspace[slug]) byWorkspace[slug] = { tabs: [], activeTabId: "" };
+    byWorkspace[slug].tabs.push({
+      id: tab.id,
+      path: tab.path,
+      title: tab.title,
+      icon: tab.icon,
+    });
+  }
+
+  // Each group needs a valid activeTabId. Prefer the one from v1 if it
+  // landed in this group; otherwise fall back to the first tab.
+  for (const slug of Object.keys(byWorkspace)) {
+    const group = byWorkspace[slug];
+    const hasOldActive = group.tabs.some((t) => t.id === v1.activeTabId);
+    group.activeTabId = hasOldActive
+      ? (v1.activeTabId as string)
+      : group.tabs[0].id;
+  }
+
+  // Active workspace: whichever group inherited the v1 activeTab, falling
+  // back to the first group we created (arbitrary but deterministic given
+  // Object.keys iteration order on string keys).
+  let activeWorkspaceSlug: string | null = null;
+  for (const slug of Object.keys(byWorkspace)) {
+    if (byWorkspace[slug].activeTabId === v1.activeTabId) {
+      activeWorkspaceSlug = slug;
+      break;
+    }
+  }
+  if (!activeWorkspaceSlug) {
+    activeWorkspaceSlug = Object.keys(byWorkspace)[0] ?? null;
+  }
+
+  return { activeWorkspaceSlug, byWorkspace };
+}
+
+// ---------------------------------------------------------------------------
+// Selectors (convenience hooks)
+// ---------------------------------------------------------------------------
+
+/**
+ * Pure non-hook helper — useful from event handlers / effects that already
+ * need `.getState()`. For React subscriptions prefer the stable selectors
+ * below.
+ */
+export function getActiveTab(s: TabStore): Tab | null {
+  if (!s.activeWorkspaceSlug) return null;
+  const group = s.byWorkspace[s.activeWorkspaceSlug];
+  if (!group) return null;
+  return group.tabs.find((t) => t.id === group.activeTabId) ?? null;
+}
+
+/**
+ * The active workspace's tab group, or null when no workspace is active.
+ *
+ * Zustand compares selector returns with `Object.is`. Because `updateTab`
+ * /  `updateTabHistory` replace the group object on every router tick
+ * (immutable update), this selector returns a new reference on every
+ * router event — that's fine for TabBar which needs to observe tab-list
+ * changes, but don't use this selector from components that only care
+ * about one primitive (use `useActiveTabHistory` / `useActiveTabRouter`
+ * instead).
+ */
+export function useActiveGroup(): WorkspaceTabGroup | null {
+  return useTabStore((s) =>
+    s.activeWorkspaceSlug ? (s.byWorkspace[s.activeWorkspaceSlug] ?? null) : null,
+  );
+}
+
+/**
+ * Active tab id + active workspace slug as a compact pair. Both primitives
+ * are stable across unrelated store updates — e.g. an inactive tab's
+ * router tick doesn't churn these, so consumers don't re-render.
+ *
+ * Useful anywhere you'd previously have reached for `useActiveTab()` and
+ * only needed the identity (for memoization, effect deps, ipc).
+ */
+export function useActiveTabIdentity(): { slug: string | null; tabId: string | null } {
+  const slug = useTabStore((s) => s.activeWorkspaceSlug);
+  const tabId = useTabStore((s) =>
+    s.activeWorkspaceSlug
+      ? (s.byWorkspace[s.activeWorkspaceSlug]?.activeTabId ?? null)
+      : null,
+  );
+  return { slug, tabId };
+}
+
+/**
+ * Active tab's router — a stable reference across tab updates, because
+ * routers are created once per tab and never replaced by `updateTab`.
+ * Subscribers only re-render when the active tab *changes*, not on
+ * router events within the current tab.
+ */
+export function useActiveTabRouter(): DataRouter | null {
+  return useTabStore((s) => getActiveTab(s)?.router ?? null);
+}
+
+/**
+ * History tracking for the active tab as primitives. Subscribers re-render
+ * only when the numeric index / length change (i.e. on actual navigations),
+ * not on unrelated store updates.
+ */
+export function useActiveTabHistory(): {
+  historyIndex: number;
+  historyLength: number;
+} {
+  const historyIndex = useTabStore((s) => getActiveTab(s)?.historyIndex ?? 0);
+  const historyLength = useTabStore((s) => getActiveTab(s)?.historyLength ?? 1);
+  return { historyIndex, historyLength };
+}

apps/desktop/src/renderer/src/stores/window-overlay-store.ts

@@ -0,0 +1,29 @@
+import { create } from "zustand";
+
+/**
+ * Window-level transition overlay: pre-workspace flows that are NOT pages
+ * inside a tab. Triggered by navigation-adapter interception, zero-workspace
+ * auto-redirect, or deep link; rendered above the tab system as a full-window
+ * takeover.
+ *
+ * These flows used to be routes (`/workspaces/new`, `/invite/:id`) but on
+ * desktop the URL is invisible to users — routes are an implementation detail
+ * of the tab system. Representing transitions as routes meant tabs tried to
+ * persist them, TabBar rendered on top, and invite deep-linking had no clean
+ * dispatch target. Modeling them as application state removes all three.
+ */
+export type WindowOverlay =
+  | { type: "new-workspace" }
+  | { type: "invite"; invitationId: string };
+
+interface WindowOverlayStore {
+  overlay: WindowOverlay | null;
+  open: (overlay: WindowOverlay) => void;
+  close: () => void;
+}
+
+export const useWindowOverlayStore = create<WindowOverlayStore>((set) => ({
+  overlay: null,
+  open: (overlay) => set({ overlay }),
+  close: () => set({ overlay: null }),
+}));

apps/docs/app/(home)/layout.tsx

@@ -1,7 +0,0 @@
-import type { ReactNode } from "react";
-import { HomeLayout } from "fumadocs-ui/layouts/home";
-import { baseOptions } from "@/app/layout.config";
-
-export default function Layout({ children }: { children: ReactNode }) {
-  return <HomeLayout {...baseOptions}>{children}</HomeLayout>;
-}

apps/docs/app/(home)/page.tsx

@@ -1,29 +0,0 @@
-import Link from "next/link";
-
-export default function HomePage() {
-  return (
-    <main className="flex min-h-screen flex-col items-center justify-center gap-6 text-center px-4">
-      <h1 className="text-4xl font-bold tracking-tight sm:text-5xl">
-        Multica Documentation
-      </h1>
-      <p className="max-w-2xl text-lg text-fd-muted-foreground">
-        The open-source managed agents platform. Turn coding agents into real
-        teammates — assign tasks, track progress, compound skills.
-      </p>
-      <div className="flex gap-4">
-        <Link
-          href="/docs"
-          className="inline-flex items-center rounded-md bg-fd-primary px-6 py-3 text-sm font-medium text-fd-primary-foreground transition-colors hover:bg-fd-primary/90"
-        >
-          Get Started
-        </Link>
-        <Link
-          href="https://github.com/multica-ai/multica"
-          className="inline-flex items-center rounded-md border border-fd-border px-6 py-3 text-sm font-medium transition-colors hover:bg-fd-accent"
-        >
-          GitHub
-        </Link>
-      </div>
-    </main>
-  );
-}

apps/docs/app/[...slug]/page.tsx

@@ -10,7 +10,7 @@ import defaultMdxComponents from "fumadocs-ui/mdx";
 import type { Metadata } from "next";
 
 export default async function Page(props: {
-  params: Promise<{ slug?: string[] }>;
+  params: Promise<{ slug: string[] }>;
 }) {
   const params = await props.params;
   const page = source.getPage(params.slug);
@@ -29,12 +29,12 @@ export default async function Page(props: {
   );
 }
 
-export async function generateStaticParams() {
-  return source.generateParams();
+export function generateStaticParams() {
+  return source.generateParams().filter((p) => p.slug.length > 0);
 }
 
 export async function generateMetadata(props: {
-  params: Promise<{ slug?: string[] }>;
+  params: Promise<{ slug: string[] }>;
 }): Promise<Metadata> {
   const params = await props.params;
   const page = source.getPage(params.slug);

apps/docs/app/docs/layout.tsx

@@ -1,12 +0,0 @@
-import { DocsLayout } from "fumadocs-ui/layouts/docs";
-import type { ReactNode } from "react";
-import { baseOptions } from "@/app/layout.config";
-import { source } from "@/lib/source";
-
-export default function Layout({ children }: { children: ReactNode }) {
-  return (
-    <DocsLayout tree={source.pageTree} {...baseOptions}>
-      {children}
-    </DocsLayout>
-  );
-}

apps/docs/app/layout.config.tsx

@@ -1,5 +1,4 @@
 import type { BaseLayoutProps } from "fumadocs-ui/layouts/shared";
-import { BookOpen, Terminal, Rocket, Code } from "lucide-react";
 
 export const baseOptions: BaseLayoutProps = {
   nav: {
@@ -8,11 +7,6 @@ export const baseOptions: BaseLayoutProps = {
     ),
   },
   links: [
-    {
-      text: "Documentation",
-      url: "/docs",
-      active: "nested-url",
-    },
     {
       text: "GitHub",
       url: "https://github.com/multica-ai/multica",

apps/docs/app/layout.tsx

@@ -1,7 +1,10 @@
 import "./global.css";
 import { RootProvider } from "fumadocs-ui/provider";
+import { DocsLayout } from "fumadocs-ui/layouts/docs";
 import type { ReactNode } from "react";
 import type { Metadata } from "next";
+import { baseOptions } from "@/app/layout.config";
+import { source } from "@/lib/source";
 
 export const metadata: Metadata = {
   title: {
@@ -16,7 +19,11 @@ export default function Layout({ children }: { children: ReactNode }) {
   return (
     <html lang="en" suppressHydrationWarning>
       <body>
-        <RootProvider>{children}</RootProvider>
+        <RootProvider>
+          <DocsLayout tree={source.pageTree} {...baseOptions}>
+            {children}
+          </DocsLayout>
+        </RootProvider>
       </body>
     </html>
   );

apps/docs/app/not-found.tsx

@@ -0,0 +1,18 @@
+import Link from "next/link";
+
+export default function NotFound() {
+  return (
+    <main className="flex flex-1 flex-col items-center justify-center gap-4 px-4 py-24 text-center">
+      <h1 className="text-3xl font-semibold">Page not found</h1>
+      <p className="text-fd-muted-foreground">
+        The page you are looking for doesn&apos;t exist.
+      </p>
+      <Link
+        href="/"
+        className="inline-flex items-center rounded-md bg-fd-primary px-4 py-2 text-sm font-medium text-fd-primary-foreground transition-colors hover:bg-fd-primary/90"
+      >
+        Back to docs
+      </Link>
+    </main>
+  );
+}

apps/docs/app/page.tsx

@@ -0,0 +1,37 @@
+import { source } from "@/lib/source";
+import {
+  DocsPage,
+  DocsBody,
+  DocsDescription,
+  DocsTitle,
+} from "fumadocs-ui/page";
+import { notFound } from "next/navigation";
+import defaultMdxComponents from "fumadocs-ui/mdx";
+import type { Metadata } from "next";
+
+export default function Page() {
+  const page = source.getPage([]);
+  if (!page) notFound();
+
+  const MDX = page.data.body;
+
+  return (
+    <DocsPage toc={page.data.toc}>
+      <DocsTitle>{page.data.title}</DocsTitle>
+      <DocsDescription>{page.data.description}</DocsDescription>
+      <DocsBody>
+        <MDX components={{ ...defaultMdxComponents }} />
+      </DocsBody>
+    </DocsPage>
+  );
+}
+
+export function generateMetadata(): Metadata {
+  const page = source.getPage([]);
+  if (!page) notFound();
+
+  return {
+    title: page.data.title,
+    description: page.data.description,
+  };
+}

apps/docs/content/docs/cli/installation.mdx

@@ -68,7 +68,7 @@ multica setup
 
 This configures the CLI for Multica Cloud, opens your browser for login, discovers your workspaces, and starts the agent daemon.
 
-For self-hosted servers, use `multica setup self-host` instead. See [Self-Hosting](/docs/getting-started/self-hosting) for details.
+For self-hosted servers, use `multica setup self-host` instead. See [Self-Hosting](/getting-started/self-hosting) for details.
 
 ## Verify
 

apps/docs/content/docs/cli/reference.mdx

@@ -212,7 +212,7 @@ multica issue list --priority urgent --assignee "Agent Name"
 multica issue list --limit 20 --output json
 ```
 
-Available filters: `--status`, `--priority`, `--assignee`, `--limit`.
+Available filters: `--status`, `--priority`, `--assignee`, `--project`, `--limit`.
 
 ### Get Issue
 
@@ -227,7 +227,7 @@ multica issue get <id> --output json
 multica issue create --title "Fix login bug" --description "..." --priority high --assignee "Lambda"
 ```
 
-Flags: `--title` (required), `--description`, `--status`, `--priority`, `--assignee`, `--parent`, `--due-date`.
+Flags: `--title` (required), `--description`, `--status`, `--priority`, `--assignee`, `--parent`, `--project`, `--due-date`.
 
 ### Update Issue
 
@@ -281,6 +281,70 @@ multica issue run-messages <task-id> --output json
 multica issue run-messages <task-id> --since 42 --output json
 ```
 
+## Projects
+
+Projects group related issues (e.g. a sprint, an epic, a workstream). Every project
+belongs to a workspace and can optionally have a lead (member or agent).
+
+### List Projects
+
+```bash
+multica project list
+multica project list --status in_progress
+multica project list --output json
+```
+
+Available filters: `--status`.
+
+### Get Project
+
+```bash
+multica project get <id>
+multica project get <id> --output json
+```
+
+### Create Project
+
+```bash
+multica project create --title "2026 Week 16 Sprint" --icon "🏃" --lead "Lambda"
+```
+
+Flags: `--title` (required), `--description`, `--status`, `--icon`, `--lead`.
+
+### Update Project
+
+```bash
+multica project update <id> --title "New title" --status in_progress
+multica project update <id> --lead "Lambda"
+```
+
+Flags: `--title`, `--description`, `--status`, `--icon`, `--lead`.
+
+### Change Status
+
+```bash
+multica project status <id> in_progress
+```
+
+Valid statuses: `planned`, `in_progress`, `paused`, `completed`, `cancelled`.
+
+### Delete Project
+
+```bash
+multica project delete <id>
+```
+
+### Associating Issues with Projects
+
+Use the `--project` flag on `issue create` / `issue update` to attach an issue to a
+project, or on `issue list` to filter issues by project:
+
+```bash
+multica issue create --title "Login bug" --project <project-id>
+multica issue update <issue-id> --project <project-id>
+multica issue list --project <project-id>
+```
+
 ## Configuration
 
 ### View Config

apps/docs/content/docs/getting-started/self-hosting.mdx

@@ -31,7 +31,7 @@ curl -fsSL https://raw.githubusercontent.com/multica-ai/multica/main/scripts/ins
 multica setup self-host
 ```
 
-This clones the repo, starts all services, installs the CLI, and configures it for localhost. Then open http://localhost:3000 — log in with any email + code **`888888`**.
+This clones the repo, starts all services, installs the CLI, and configures it for localhost. Then open http://localhost:3000 and pick a login method: configure `RESEND_API_KEY` in `.env` for email-based codes (recommended), or set `APP_ENV=development` in `.env` to enable the dev master code **`888888`**. See [Step 2 — Log In](#step-2--log-in) for details.
 
 <Callout>
 If the self-host server is already running and you only need the CLI on a macOS/Linux machine, install it with Homebrew: `brew install multica-ai/tap/multica`.
@@ -64,10 +64,14 @@ If you prefer running the Docker Compose steps manually: `cp .env.example .env`,
 
 ### Step 2 — Log In
 
-Open http://localhost:3000. Enter any email address and use verification code **`888888`** to log in.
+Open http://localhost:3000. The Docker self-host stack defaults to `APP_ENV=production` (set in `docker-compose.selfhost.yml`), so the dev master code is **disabled by default** for safety on public deployments. Pick one of the following to log in:
+
+- **Recommended (production):** configure `RESEND_API_KEY` in `.env`, then restart the backend. Real verification codes will be sent to the email address you enter. See [Configuration](#configuration) below.
+- **Evaluation / private network:** set `APP_ENV=development` in `.env` and restart the backend. Verification code **`888888`** will then work for any email address.
+- **Without configuring either:** the verification code is generated server-side and printed to the backend container logs (look for `[DEV] Verification code for ...:`). Useful for one-off testing on a single machine.
 
 <Callout>
-This master code works in all non-production environments (when `APP_ENV` is not set to `production`). For production, configure an email provider — see [Configuration](#configuration) below.
+**Warning:** do **not** set `APP_ENV=development` on a publicly reachable instance — anyone who knows an email address can then log in with `888888`.
 </Callout>
 
 ### Step 3 — Install CLI & Start Daemon
@@ -198,7 +202,14 @@ For file uploads and attachments, configure S3 and CloudFront:
 | `CLOUDFRONT_DOMAIN` | CloudFront distribution domain |
 | `CLOUDFRONT_KEY_PAIR_ID` | CloudFront key pair ID for signed URLs |
 | `CLOUDFRONT_PRIVATE_KEY` | CloudFront private key (PEM format) |
-| `COOKIE_DOMAIN` | Domain for CloudFront auth cookies |
+
+### Cookies
+
+| Variable | Description |
+|----------|-------------|
+| `COOKIE_DOMAIN` | Optional `Domain` attribute for session + CloudFront cookies. **Leave empty** for single-host deployments (localhost, LAN IP, or a single hostname). Only set it when the frontend and backend sit on different subdomains of one registered domain (e.g. `.example.com`). **Do not use an IP literal** — RFC 6265 forbids IP addresses in the cookie `Domain` attribute and browsers will drop such `Set-Cookie` headers. |
+
+The `Secure` flag on session cookies is derived automatically from the scheme of `FRONTEND_ORIGIN`: HTTPS origins get `Secure` cookies; plain-HTTP origins (LAN / private-network self-host) get non-secure cookies so the browser can actually store them.
 
 ### Server
 

apps/docs/content/docs/index.mdx

@@ -41,7 +41,7 @@ No more copy-pasting prompts. No more babysitting runs. Your agents show up on t
 
 ## Next Steps
 
-- [Cloud Quickstart](/docs/getting-started/cloud-quickstart)
-- [Self-Hosting](/docs/getting-started/self-hosting)
-- [CLI Installation](/docs/cli/installation)
-- [Contributing](/docs/developers/contributing)
+- [Cloud Quickstart](/getting-started/cloud-quickstart)
+- [Self-Hosting](/getting-started/self-hosting)
+- [CLI Installation](/cli/installation)
+- [Contributing](/developers/contributing)

apps/docs/lib/source.ts

@@ -2,6 +2,6 @@ import { docs } from "@/.source";
 import { loader } from "fumadocs-core/source";
 
 export const source = loader({
-  baseUrl: "/docs",
+  baseUrl: "/",
   source: docs.toFumadocsSource(),
 });

apps/docs/next.config.mjs

@@ -5,6 +5,7 @@ const withMDX = createMDX();
 /** @type {import('next').NextConfig} */
 const config = {
   reactStrictMode: true,
+  basePath: "/docs",
 };
 
 export default withMDX(config);

apps/web/app/(auth)/invite/[id]/page.tsx

@@ -2,8 +2,10 @@
 
 import { useEffect } from "react";
 import { useRouter, useParams } from "next/navigation";
+import { useQuery } from "@tanstack/react-query";
 import { useAuthStore } from "@multica/core/auth";
 import { paths } from "@multica/core/paths";
+import { workspaceListOptions } from "@multica/core/workspace/queries";
 import { InvitePage } from "@multica/views/invite";
 
 export default function InviteAcceptPage() {
@@ -11,6 +13,10 @@ export default function InviteAcceptPage() {
   const params = useParams<{ id: string }>();
   const user = useAuthStore((s) => s.user);
   const isLoading = useAuthStore((s) => s.isLoading);
+  const { data: wsList = [] } = useQuery({
+    ...workspaceListOptions(),
+    enabled: !!user,
+  });
 
   // Redirect to login if not authenticated, with a redirect back to this page.
   useEffect(() => {
@@ -23,5 +29,8 @@ export default function InviteAcceptPage() {
 
   if (isLoading || !user) return null;
 
-  return <InvitePage invitationId={params.id} />;
+  const onBack =
+    wsList.length > 0 ? () => router.push(paths.root()) : undefined;
+
+  return <InvitePage invitationId={params.id} onBack={onBack} />;
 }

apps/web/app/(auth)/login/page.test.tsx

@@ -11,32 +11,51 @@ function createWrapper() {
   );
 }
 
-const { mockSendCode, mockVerifyCode } = vi.hoisted(() => ({
+const {
+  mockSendCode,
+  mockVerifyCode,
+  mockIssueCliToken,
+  searchParamsState,
+  authStateRef,
+} = vi.hoisted(() => ({
   mockSendCode: vi.fn(),
   mockVerifyCode: vi.fn(),
+  mockIssueCliToken: vi.fn(),
+  searchParamsState: { params: new URLSearchParams() },
+  authStateRef: {
+    state: {
+      sendCode: vi.fn(),
+      verifyCode: vi.fn(),
+      user: null as null | { id: string; email: string },
+      isLoading: false,
+    },
+  },
 }));
 
 // Mock next/navigation
 vi.mock("next/navigation", () => ({
   useRouter: () => ({ push: vi.fn(), replace: vi.fn() }),
   usePathname: () => "/login",
-  useSearchParams: () => new URLSearchParams(),
+  useSearchParams: () => searchParamsState.params,
 }));
 
 // Mock auth store — shared LoginPage uses getState().sendCode/verifyCode,
-// web wrapper uses useAuthStore((s) => s.user/isLoading)
-vi.mock("@multica/core/auth", () => {
-  const authState = {
-    sendCode: mockSendCode,
-    verifyCode: mockVerifyCode,
-    user: null,
-    isLoading: false,
-  };
+// web wrapper uses useAuthStore((s) => s.user/isLoading). Keep the real
+// sanitizeNextUrl so the redirect-sanitization rules are exercised rather
+// than silently drifting behind a mock reimplementation.
+vi.mock("@multica/core/auth", async () => {
+  const actual =
+    await vi.importActual<typeof import("@multica/core/auth")>(
+      "@multica/core/auth",
+    );
+  authStateRef.state.sendCode = mockSendCode;
+  authStateRef.state.verifyCode = mockVerifyCode;
   const useAuthStore = Object.assign(
-    (selector: (s: typeof authState) => unknown) => selector(authState),
-    { getState: () => authState },
+    (selector: (s: typeof authStateRef.state) => unknown) =>
+      selector(authStateRef.state),
+    { getState: () => authStateRef.state },
   );
-  return { useAuthStore };
+  return { ...actual, useAuthStore };
 });
 
 // Mock auth-cookie
@@ -51,6 +70,7 @@ vi.mock("@multica/core/api", () => ({
     verifyCode: vi.fn(),
     setToken: vi.fn(),
     getMe: vi.fn(),
+    issueCliToken: mockIssueCliToken,
   },
 }));
 
@@ -59,6 +79,9 @@ import LoginPage from "./page";
 describe("LoginPage", () => {
   beforeEach(() => {
     vi.clearAllMocks();
+    searchParamsState.params = new URLSearchParams();
+    authStateRef.state.user = null;
+    authStateRef.state.isLoading = false;
   });
 
   it("renders login form with email input and continue button", () => {
@@ -131,4 +154,44 @@ describe("LoginPage", () => {
       expect(screen.getByText("Network error")).toBeInTheDocument();
     });
   });
+
+  // Regression: MUL-1080 — if the user is already authenticated on the web
+  // and the Desktop app redirects them to /login?platform=desktop, the web
+  // must exchange the cookie session for a bearer token and hand it off via
+  // the multica:// deep link, not silently redirect to the workspace page.
+  it("mints a token and deep-links to Desktop when already logged in with platform=desktop", async () => {
+    searchParamsState.params = new URLSearchParams({ platform: "desktop" });
+    authStateRef.state.user = { id: "u1", email: "test@multica.ai" };
+    mockIssueCliToken.mockImplementation(() =>
+      Promise.resolve({ token: "handoff-jwt" }),
+    );
+
+    const hrefSetter = vi.fn();
+    const originalLocation = window.location;
+    Object.defineProperty(window, "location", {
+      configurable: true,
+      value: { ...originalLocation, set href(value: string) { hrefSetter(value); } },
+    });
+
+    try {
+      render(<LoginPage />, { wrapper: createWrapper() });
+
+      await waitFor(() => {
+        expect(mockIssueCliToken).toHaveBeenCalledTimes(1);
+      });
+      await waitFor(() => {
+        expect(hrefSetter).toHaveBeenCalledWith(
+          "multica://auth/callback?token=handoff-jwt",
+        );
+      });
+      expect(
+        await screen.findByRole("button", { name: "Open Multica Desktop" }),
+      ).toBeInTheDocument();
+    } finally {
+      Object.defineProperty(window, "location", {
+        configurable: true,
+        value: originalLocation,
+      });
+    }
+  });
 });

apps/web/app/(auth)/login/page.tsx

@@ -1,12 +1,22 @@
 "use client";
 
-import { Suspense, useEffect } from "react";
+import { Suspense, useEffect, useState } from "react";
 import { useSearchParams, useRouter } from "next/navigation";
 import { useQueryClient } from "@tanstack/react-query";
-import { useAuthStore } from "@multica/core/auth";
+import { sanitizeNextUrl, useAuthStore } from "@multica/core/auth";
 import { workspaceKeys } from "@multica/core/workspace/queries";
 import { paths } from "@multica/core/paths";
+import { api } from "@multica/core/api";
 import type { Workspace } from "@multica/core/types";
+import {
+  Card,
+  CardHeader,
+  CardTitle,
+  CardDescription,
+  CardContent,
+} from "@multica/ui/components/ui/card";
+import { Button } from "@multica/ui/components/ui/button";
+import { Loader2 } from "lucide-react";
 import { setLoggedInCookie } from "@/features/auth/auth-cookie";
 import { LoginPage, validateCliCallback } from "@multica/views/auth";
 
@@ -22,17 +32,39 @@ function LoginPageContent() {
   const cliCallbackRaw = searchParams.get("cli_callback");
   const cliState = searchParams.get("cli_state") || "";
   const platform = searchParams.get("platform");
+  const isDesktopHandoff = platform === "desktop" && !cliCallbackRaw;
   // `next` carries a protected URL the user was originally headed to
   // (e.g. /invite/{id}). With URL-driven workspaces there is no legacy
   // "/issues" default — if `next` is absent we decide after login based on
-  // the user's workspace list.
-  const nextUrl = searchParams.get("next");
+  // the user's workspace list. Sanitize first so a crafted `?next=https://evil`
+  // cannot bounce the user off-origin after a successful login.
+  const nextUrl = sanitizeNextUrl(searchParams.get("next"));
+
+  const [desktopToken, setDesktopToken] = useState<string | null>(null);
+  const [desktopError, setDesktopError] = useState("");
 
   // Already authenticated — honor ?next= or fall back to first workspace
   // (or /workspaces/new if the user has none). Skip this entire path when
   // the user arrived to authorize the CLI.
   useEffect(() => {
     if (isLoading || !user || cliCallbackRaw) return;
+    if (isDesktopHandoff) {
+      // Desktop opened the browser for login but the web session is already
+      // authenticated — mint a bearer token from the cookie session and hand
+      // it off via deep link instead of silently redirecting to the workspace.
+      api
+        .issueCliToken()
+        .then(({ token }) => {
+          setDesktopToken(token);
+          window.location.href = `multica://auth/callback?token=${encodeURIComponent(token)}`;
+        })
+        .catch((err) => {
+          setDesktopError(
+            err instanceof Error ? err.message : "Failed to prepare Desktop sign-in",
+          );
+        });
+      return;
+    }
     if (nextUrl) {
       router.replace(nextUrl);
       return;
@@ -42,7 +74,7 @@ function LoginPageContent() {
     router.replace(
       first ? paths.workspace(first.slug).issues() : paths.newWorkspace(),
     );
-  }, [isLoading, user, router, nextUrl, cliCallbackRaw, qc]);
+  }, [isLoading, user, router, nextUrl, cliCallbackRaw, isDesktopHandoff, qc]);
 
   const handleSuccess = () => {
     if (nextUrl) {
@@ -67,6 +99,52 @@ function LoginPageContent() {
     .filter(Boolean)
     .join(",") || undefined;
 
+  // While the desktop handoff is in progress (or has produced a token/error),
+  // render a dedicated screen instead of flashing the login form or redirecting
+  // away to a workspace page.
+  if (isDesktopHandoff && user) {
+    if (desktopError) {
+      return (
+        <div className="flex min-h-screen items-center justify-center">
+          <Card className="w-full max-w-sm">
+            <CardHeader className="text-center">
+              <CardTitle className="text-2xl">Sign-in Failed</CardTitle>
+              <CardDescription>{desktopError}</CardDescription>
+            </CardHeader>
+          </Card>
+        </div>
+      );
+    }
+    return (
+      <div className="flex min-h-screen items-center justify-center">
+        <Card className="w-full max-w-sm">
+          <CardHeader className="text-center">
+            <CardTitle className="text-2xl">Opening Multica</CardTitle>
+            <CardDescription>
+              {desktopToken
+                ? "You should see a prompt to open the Multica desktop app. If nothing happens, click the button below."
+                : "Preparing Desktop sign-in..."}
+            </CardDescription>
+          </CardHeader>
+          <CardContent className="flex justify-center">
+            {desktopToken ? (
+              <Button
+                variant="outline"
+                onClick={() => {
+                  window.location.href = `multica://auth/callback?token=${encodeURIComponent(desktopToken)}`;
+                }}
+              >
+                Open Multica Desktop
+              </Button>
+            ) : (
+              <Loader2 className="h-6 w-6 animate-spin text-muted-foreground" />
+            )}
+          </CardContent>
+        </Card>
+      </div>
+    );
+  }
+
   return (
     <LoginPage
       onSuccess={handleSuccess}

apps/web/app/(auth)/workspaces/new/page.tsx

@@ -2,14 +2,20 @@
 
 import { useRouter } from "next/navigation";
 import { useEffect } from "react";
+import { useQuery } from "@tanstack/react-query";
 import { useAuthStore } from "@multica/core/auth";
 import { paths } from "@multica/core/paths";
+import { workspaceListOptions } from "@multica/core/workspace/queries";
 import { NewWorkspacePage } from "@multica/views/workspace/new-workspace-page";
 
 export default function Page() {
   const router = useRouter();
   const user = useAuthStore((s) => s.user);
   const isLoading = useAuthStore((s) => s.isLoading);
+  const { data: wsList = [] } = useQuery({
+    ...workspaceListOptions(),
+    enabled: !!user,
+  });
 
   useEffect(() => {
     if (!isLoading && !user) router.replace(paths.login());
@@ -17,9 +23,16 @@ export default function Page() {
 
   if (isLoading || !user) return null;
 
+  // Back goes to the root path — the workspace layout redirects from
+  // there to the user's default workspace. Only show Back when there's
+  // somewhere to go back to (user already has at least one workspace).
+  const onBack =
+    wsList.length > 0 ? () => router.push(paths.root()) : undefined;
+
   return (
     <NewWorkspacePage
       onSuccess={(ws) => router.push(paths.workspace(ws.slug).issues())}
+      onBack={onBack}
     />
   );
 }

apps/web/app/[workspaceSlug]/(dashboard)/loading.tsx

@@ -1,28 +0,0 @@
-import { Skeleton } from "@multica/ui/components/ui/skeleton";
-
-export default function DashboardLoading() {
-  return (
-    <div className="flex flex-1 min-h-0 flex-col">
-      {/* Header skeleton */}
-      <div className="flex h-12 shrink-0 items-center gap-2 border-b px-4">
-        <Skeleton className="h-5 w-5 rounded" />
-        <Skeleton className="h-4 w-32" />
-      </div>
-      {/* Toolbar skeleton */}
-      <div className="flex h-12 shrink-0 items-center justify-between border-b px-4">
-        <Skeleton className="h-5 w-24" />
-        <Skeleton className="h-8 w-24" />
-      </div>
-      {/* Content skeleton */}
-      <div className="flex-1 p-4 space-y-3">
-        {Array.from({ length: 6 }).map((_, i) => (
-          <div key={i} className="flex items-center gap-3">
-            <Skeleton className="h-4 w-4 rounded" />
-            <Skeleton className="h-4 flex-1 max-w-md" />
-            <Skeleton className="h-4 w-16" />
-          </div>
-        ))}
-      </div>
-    </div>
-  );
-}

apps/web/app/[workspaceSlug]/layout.tsx

@@ -8,6 +8,7 @@ import { workspaceBySlugOptions } from "@multica/core/workspace";
 import { setCurrentWorkspace } from "@multica/core/platform";
 import { useAuthStore } from "@multica/core/auth";
 import { NoAccessPage } from "@multica/views/workspace/no-access-page";
+import { MulticaIcon } from "@multica/ui/components/common/multica-icon";
 import { useWorkspaceSeen } from "@multica/views/workspace/use-workspace-seen";
 
 export default function WorkspaceLayout({
@@ -60,11 +61,17 @@ export default function WorkspaceLayout({
   // and we just need to hold null briefly.
   const hasBeenSeen = useWorkspaceSeen(workspaceSlug, !!workspace);
 
-  if (isAuthLoading) return null;
+  const loadingIndicator = (
+    <div className="flex h-svh items-center justify-center">
+      <MulticaIcon className="size-6 animate-pulse" />
+    </div>
+  );
+
+  if (isAuthLoading) return loadingIndicator;
   // Don't render children until workspace is resolved. useWorkspaceId()
   // throws when the list hasn't populated or the slug is unknown — gating
   // here makes that invariant hold for every descendant.
-  if (!listFetched) return null;
+  if (!listFetched) return loadingIndicator;
   if (!workspace) {
     // If we've resolved this slug before in this session, it was just
     // removed from our list (deleted/left/evicted). A navigate is almost

apps/web/app/auth/callback/page.test.tsx

@@ -0,0 +1,86 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { render, waitFor } from "@testing-library/react";
+import { paths } from "@multica/core/paths";
+
+const { mockPush, mockSearchParams, mockLoginWithGoogle, mockListWorkspaces } =
+  vi.hoisted(() => ({
+    mockPush: vi.fn(),
+    mockSearchParams: new URLSearchParams(),
+    mockLoginWithGoogle: vi.fn(),
+    mockListWorkspaces: vi.fn(),
+  }));
+
+vi.mock("next/navigation", () => ({
+  useRouter: () => ({ push: mockPush }),
+  useSearchParams: () => mockSearchParams,
+}));
+
+vi.mock("@tanstack/react-query", () => ({
+  useQueryClient: () => ({ setQueryData: vi.fn() }),
+}));
+
+// Preserve the real sanitizeNextUrl so the "drop unsafe ?next=" behavior is
+// exercised rather than silently diverging from the source of truth.
+vi.mock("@multica/core/auth", async () => {
+  const actual =
+    await vi.importActual<typeof import("@multica/core/auth")>(
+      "@multica/core/auth",
+    );
+  return {
+    ...actual,
+    useAuthStore: (selector: (s: unknown) => unknown) =>
+      selector({ loginWithGoogle: mockLoginWithGoogle }),
+  };
+});
+
+vi.mock("@multica/core/workspace/queries", () => ({
+  workspaceKeys: { list: () => ["workspaces"] },
+}));
+
+vi.mock("@multica/core/api", () => ({
+  api: {
+    listWorkspaces: mockListWorkspaces,
+    googleLogin: vi.fn(),
+  },
+}));
+
+import CallbackPage from "./page";
+
+describe("CallbackPage", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockSearchParams.forEach((_v, k) => mockSearchParams.delete(k));
+    mockSearchParams.set("code", "test-code");
+    mockLoginWithGoogle.mockResolvedValue(undefined);
+    mockListWorkspaces.mockResolvedValue([]);
+  });
+
+  it("falls back to paths.newWorkspace() when no next= is present and the user has no workspace", async () => {
+    render(<CallbackPage />);
+
+    await waitFor(() => {
+      expect(mockPush).toHaveBeenCalledWith(paths.newWorkspace());
+    });
+  });
+
+  it("ignores unsafe next= targets from the OAuth state and still lands on the default destination", async () => {
+    mockSearchParams.set("state", "next:https://evil.example");
+
+    render(<CallbackPage />);
+
+    await waitFor(() => {
+      expect(mockPush).toHaveBeenCalledWith(paths.newWorkspace());
+    });
+    expect(mockPush).not.toHaveBeenCalledWith("https://evil.example");
+  });
+
+  it("honors a safe next= target (e.g. /invite/{id})", async () => {
+    mockSearchParams.set("state", "next:/invite/abc123");
+
+    render(<CallbackPage />);
+
+    await waitFor(() => {
+      expect(mockPush).toHaveBeenCalledWith("/invite/abc123");
+    });
+  });
+});

apps/web/app/auth/callback/page.tsx

@@ -3,7 +3,7 @@
 import { Suspense, useEffect, useState } from "react";
 import { useSearchParams, useRouter } from "next/navigation";
 import { useQueryClient } from "@tanstack/react-query";
-import { useAuthStore } from "@multica/core/auth";
+import { sanitizeNextUrl, useAuthStore } from "@multica/core/auth";
 import { workspaceKeys } from "@multica/core/workspace/queries";
 import { paths } from "@multica/core/paths";
 import { api } from "@multica/core/api";
@@ -42,7 +42,9 @@ function CallbackContent() {
     const stateParts = state.split(",");
     const isDesktop = stateParts.includes("platform:desktop");
     const nextPart = stateParts.find((p) => p.startsWith("next:"));
-    const nextUrl = nextPart ? nextPart.slice(5) : null; // strip "next:" prefix
+    // Strip "next:" prefix, then drop anything that isn't a safe relative path
+    // so an attacker-controlled `state=next:https://evil` cannot redirect here.
+    const nextUrl = sanitizeNextUrl(nextPart ? nextPart.slice(5) : null);
 
     const redirectUri = `${window.location.origin}/auth/callback`;
 

apps/web/components/pageview-tracker.tsx

@@ -0,0 +1,29 @@
+"use client";
+
+import { useEffect } from "react";
+import { usePathname, useSearchParams } from "next/navigation";
+import { capturePageview } from "@multica/core/analytics";
+
+/**
+ * Fires a PostHog $pageview whenever the Next.js App Router path or query
+ * string changes. Mounted once at the root so every route transition is
+ * covered, including transitions into workspace-scoped subtrees.
+ *
+ * PostHog's own `capture_pageview: true` auto-capture is deliberately
+ * disabled in `initAnalytics` so we own the event shape — this component
+ * is what actually fires the event. Before this existed the acquisition
+ * funnel's `/ → signup` step was empty.
+ */
+export function PageviewTracker() {
+  const pathname = usePathname();
+  const searchParams = useSearchParams();
+
+  useEffect(() => {
+    if (!pathname) return;
+    const qs = searchParams?.toString();
+    const url = qs ? `${pathname}?${qs}` : pathname;
+    capturePageview(url);
+  }, [pathname, searchParams]);
+
+  return null;
+}

apps/web/components/web-providers.tsx

@@ -1,11 +1,13 @@
 "use client";
 
+import { Suspense } from "react";
 import { CoreProvider } from "@multica/core/platform";
 import { WebNavigationProvider } from "@/platform/navigation";
 import {
   setLoggedInCookie,
   clearLoggedInCookie,
 } from "@/features/auth/auth-cookie";
+import { PageviewTracker } from "./pageview-tracker";
 
 // Legacy token in localStorage → keep this session in token mode so users who
 // logged in before the cookie-auth migration stay authed. They migrate to
@@ -42,6 +44,11 @@ export function WebProviders({ children }: { children: React.ReactNode }) {
       onLogin={setLoggedInCookie}
       onLogout={clearLoggedInCookie}
     >
+      {/* Suspense boundary is required by Next.js for useSearchParams in
+          a client component mounted this high in the tree. */}
+      <Suspense fallback={null}>
+        <PageviewTracker />
+      </Suspense>
       <WebNavigationProvider>{children}</WebNavigationProvider>
     </CoreProvider>
   );

apps/web/features/landing/components/landing-hero.tsx

@@ -1,6 +1,5 @@
 "use client";
 
-import { useCallback, useState } from "react";
 import Image from "next/image";
 import Link from "next/link";
 import { useAuthStore } from "@multica/core/auth";
@@ -11,8 +10,6 @@ import {
   GeminiCliLogo,
   OpenClawLogo,
   OpenCodeLogo,
-  GitHubMark,
-  githubUrl,
   heroButtonClassName,
 } from "./shared";
 
@@ -66,25 +63,14 @@ export function LandingHero() {
                 </svg>
                 {t.hero.downloadDesktop}
               </Link>
-              <Link
-                href={githubUrl}
-                target="_blank"
-                rel="noreferrer"
-                className={heroButtonClassName("ghost")}
-              >
-                <GitHubMark className="size-4" />
-                GitHub
-              </Link>
             </div>
-
-            <InstallCommand />
           </div>
 
-          <div className="mt-10 flex items-center justify-center gap-8">
+          <div className="mt-10 flex flex-wrap items-center justify-center gap-x-6 gap-y-3">
             <span className="text-[15px] text-white/50">
               {t.hero.worksWith}
             </span>
-            <div className="flex items-center gap-6">
+            <div className="flex flex-wrap items-center justify-center gap-x-5 gap-y-3">
               <div className="flex items-center gap-2.5 text-white/80">
                 <ClaudeCodeLogo className="size-5" />
                 <span className="text-[15px] font-medium">Claude Code</span>
@@ -117,64 +103,6 @@ export function LandingHero() {
   );
 }
 
-const INSTALL_COMMAND =
-  "curl -fsSL https://raw.githubusercontent.com/multica-ai/multica/main/scripts/install.sh | bash";
-
-function InstallCommand() {
-  const [copied, setCopied] = useState(false);
-
-  const handleCopy = useCallback(async () => {
-    try {
-      await navigator.clipboard.writeText(INSTALL_COMMAND);
-      setCopied(true);
-      setTimeout(() => setCopied(false), 2000);
-    } catch {
-      // ignore
-    }
-  }, []);
-
-  return (
-    <div className="mx-auto mt-6 max-w-fit">
-      <button
-        type="button"
-        onClick={handleCopy}
-        className="group flex items-center gap-3 rounded-lg border border-white/10 bg-white/5 px-4 py-2.5 font-mono text-[13px] text-white/70 backdrop-blur-sm transition-colors hover:border-white/20 hover:bg-white/8 hover:text-white/90"
-      >
-        <span className="text-white/40">$</span>
-        <span className="select-all">{INSTALL_COMMAND}</span>
-        <span className="ml-1 flex size-5 shrink-0 items-center justify-center text-white/40 transition-colors group-hover:text-white/70">
-          {copied ? (
-            <svg
-              viewBox="0 0 24 24"
-              fill="none"
-              stroke="currentColor"
-              strokeWidth="2"
-              strokeLinecap="round"
-              strokeLinejoin="round"
-              className="size-3.5 text-green-400"
-            >
-              <polyline points="20 6 9 17 4 12" />
-            </svg>
-          ) : (
-            <svg
-              viewBox="0 0 24 24"
-              fill="none"
-              stroke="currentColor"
-              strokeWidth="2"
-              strokeLinecap="round"
-              strokeLinejoin="round"
-              className="size-3.5"
-            >
-              <rect x="9" y="9" width="13" height="13" rx="2" ry="2" />
-              <path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1" />
-            </svg>
-          )}
-        </span>
-      </button>
-    </div>
-  );
-}
-
 function LandingBackdrop() {
   return (
     <div className="pointer-events-none absolute inset-0">
@@ -182,7 +110,6 @@ function LandingBackdrop() {
         src="/images/landing-bg.jpg"
         alt=""
         fill
-        priority
         className="object-cover object-center"
       />
     </div>
@@ -198,6 +125,7 @@ function ProductImage({ alt }: { alt: string }) {
           alt={alt}
           width={3532}
           height={2382}
+          priority
           className="block h-auto w-full"
           sizes="(max-width: 1320px) 100vw, 1320px"
           quality={85}

apps/web/features/landing/i18n/en.ts

@@ -1,6 +1,8 @@
 import { githubUrl } from "../components/shared";
 import type { LandingDict } from "./types";
 
+export const ALLOW_SIGNUP = process.env.NEXT_PUBLIC_ALLOW_SIGNUP !== "false";
+
 export const en: LandingDict = {
   header: {
     github: "GitHub",
@@ -120,9 +122,10 @@ export const en: LandingDict = {
     headlineFaded: "in the next hour.",
     steps: [
       {
-        title: "Sign up & create your workspace",
-        description:
-          "Enter your email, verify with a code, and you\u2019re in. Your workspace is created automatically \u2014 no setup wizard, no configuration forms.",
+        title: ALLOW_SIGNUP ? "Sign up & create your workspace" : "Login to your workspace",
+        description: ALLOW_SIGNUP
+          ? "Enter your email, verify with a code, and you\u2019re in. Your workspace is created automatically \u2014 no setup wizard, no configuration forms."
+          : "Enter your email, verify with a code, and you\u2019re logged into your workspace \u2014 no setup wizard, no configuration forms.",
       },
       {
         title: "Install the CLI & connect your machine",
@@ -279,6 +282,64 @@ export const en: LandingDict = {
       fixes: "Bug Fixes",
     },
     entries: [
+      {
+        version: "0.2.8",
+        date: "2026-04-20",
+        title: "Per-Agent Models, Kimi Runtime & Self-Host Auth",
+        changes: [],
+        features: [
+          "Per-agent `model` field with a provider-aware dropdown — pick the LLM model for each agent from the UI or via `multica agent create/update --model`, with live discovery from each runtime's CLI",
+          "Kimi CLI as a new agent runtime (Moonshot AI's `kimi-cli` over ACP), with model selection, auto-approved tool permissions, and streaming tool-call rendering",
+          "Expand toggle on inline comment and reply editors for composing long text",
+        ],
+        fixes: [
+          "Posting the result comment is now an explicit, numbered step in agent workflows so final replies reach the issue instead of terminal output",
+          "Agent live status card no longer leaks across issues when switching via Cmd+K",
+          "Self-hosted session cookies honor the `FRONTEND_ORIGIN` scheme — plain-HTTP deployments stop silently dropping cookies, and `COOKIE_DOMAIN=<ip>` now falls back to host-only with a warning instead of breaking login",
+        ],
+      },
+      {
+        version: "0.2.7",
+        date: "2026-04-18",
+        title: "Sub-Issues from Editor, Self-Host Gating & MCP",
+        changes: [],
+        features: [
+          "Create sub-issue directly from selected text in the editor bubble menu",
+          "Self-hosted instance gating — `ALLOW_SIGNUP` and `ALLOWED_EMAIL_*` env vars to restrict account creation",
+          "Per-agent `mcp_config` field to restore MCP access",
+          "Desktop app hourly update poll with manual check button in settings",
+        ],
+        fixes: [
+          "Session hand-off to desktop when already logged in on web",
+          "Open redirect vulnerability on `?next=` validated",
+          "OpenClaw stops passing unsupported flags and properly delivers AgentInstructions",
+        ],
+      },
+      {
+        version: "0.2.5",
+        date: "2026-04-17",
+        title: "CLI Autopilot, Cmd+K & Daemon Identity",
+        changes: [],
+        features: [
+          "CLI `autopilot` commands for managing scheduled and triggered automations",
+          "CLI `issue subscriber` commands for subscription management",
+          "Cmd+K palette extended — theme toggle, quick new issue/project, copy link, switch workspace",
+          "Project and sub-issue progress as optional card properties on the issue list",
+          "Persistent daemon UUID identity — CLI and desktop share one daemon across restarts and machine moves",
+          "Sole-owner workspace leave preflight check",
+          "Persist comment collapse state across sessions",
+        ],
+        fixes: [
+          "Agents now triggered on comments regardless of issue status",
+          "Codex sandbox config fixed for macOS network access",
+          "Editor bubble menu rewritten with @floating-ui/dom for reliable scroll hiding",
+          "Autopilot creator automatically subscribed to autopilot-created issues",
+          "Autopilot workspace ID correctly resolved for run-only tasks",
+          "Desktop restricts `shell.openExternal` to http/https schemes (security)",
+          "Duplicate agent names return 409 instead of silently failing",
+          "New tabs in desktop inherit current workspace",
+        ],
+      },
       {
         version: "0.2.1",
         date: "2026-04-16",

apps/web/features/landing/i18n/zh.ts

@@ -1,6 +1,8 @@
 import { githubUrl } from "../components/shared";
 import type { LandingDict } from "./types";
 
+export const ALLOW_SIGNUP = process.env.NEXT_PUBLIC_ALLOW_SIGNUP !== "false";
+
 export const zh: LandingDict = {
   header: {
     github: "GitHub",
@@ -120,9 +122,10 @@ export const zh: LandingDict = {
     headlineFaded: "\u53ea\u9700\u4e00\u5c0f\u65f6\u3002",
     steps: [
       {
-        title: "\u6ce8\u518c\u5e76\u521b\u5efa\u5de5\u4f5c\u533a",
-        description:
-          "\u8f93\u5165\u90ae\u7bb1\uff0c\u9a8c\u8bc1\u7801\u786e\u8ba4\uff0c\u5373\u53ef\u8fdb\u5165\u3002\u5de5\u4f5c\u533a\u81ea\u52a8\u521b\u5efa\u2014\u2014\u65e0\u9700\u8bbe\u7f6e\u5411\u5bfc\uff0c\u65e0\u9700\u914d\u7f6e\u8868\u5355\u3002",
+        title: ALLOW_SIGNUP ? "注册并创建您的工作空间" : "登录到您的工作空间",
+        description: ALLOW_SIGNUP
+          ? "输入您的邮箱，验证代码后即可使用。工作空间会自动创建——无需设置向导或配置表单。"
+          : "输入您的邮箱，验证代码后即可登录到您的工作空间——无需设置向导或配置表单。",
       },
       {
         title: "\u5b89\u88c5 CLI \u5e76\u8fde\u63a5\u4f60\u7684\u673a\u5668",
@@ -279,6 +282,64 @@ export const zh: LandingDict = {
       fixes: "问题修复",
     },
     entries: [
+      {
+        version: "0.2.8",
+        date: "2026-04-20",
+        title: "Agent 模型选择、Kimi Runtime 与自部署登录",
+        changes: [],
+        features: [
+          "Agent 新增 `model` 字段及按 Provider 聚合的模型下拉框——可在界面或通过 `multica agent create/update --model` 为每个 Agent 选择 LLM 模型，并从各 Runtime CLI 实时发现可用模型",
+          "新增 Kimi CLI Agent Runtime（Moonshot AI 的 `kimi-cli`，基于 ACP），支持模型选择、自动授权工具权限以及流式工具调用渲染",
+          "评论和回复编辑器新增放大按钮，便于撰写长文本",
+        ],
+        fixes: [
+          "Agent 工作流将“发布结果评论”提升为独立的显式步骤，确保最终回复送达 Issue 而不是只留在终端输出",
+          "通过 Cmd+K 切换 Issue 时不再出现其他 Issue 的 Agent 实时状态残留",
+          "自部署会话 Cookie 的 Secure 标志改由 `FRONTEND_ORIGIN` 协议决定——HTTP 部署不再因浏览器丢弃 Cookie 导致登录失败；`COOKIE_DOMAIN=<ip>` 会自动回退到 host-only 并输出警告",
+        ],
+      },
+      {
+        version: "0.2.7",
+        date: "2026-04-18",
+        title: "编辑器创建子 Issue、自部署门禁与 MCP",
+        changes: [],
+        features: [
+          "直接从编辑器气泡菜单将选中文本创建为子 Issue",
+          "自部署实例账户门禁——`ALLOW_SIGNUP` 和 `ALLOWED_EMAIL_*` 环境变量限制注册",
+          "Agent 新增 `mcp_config` 字段恢复 MCP 支持",
+          "桌面应用每小时检查更新，设置中新增手动检查按钮",
+        ],
+        fixes: [
+          "网页已登录时将会话交接给桌面应用",
+          "修复 `?next=` 开放重定向漏洞",
+          "OpenClaw 停止传递不支持的参数，正确传递 AgentInstructions",
+        ],
+      },
+      {
+        version: "0.2.5",
+        date: "2026-04-17",
+        title: "CLI Autopilot、Cmd+K 与 Daemon 身份",
+        changes: [],
+        features: [
+          "CLI `autopilot` 命令，管理定时和触发式自动化",
+          "CLI `issue subscriber` 订阅管理命令",
+          "Cmd+K 命令面板扩展——主题切换、快速创建 Issue/项目、复制链接、切换工作区",
+          "Issue 列表卡片可选显示项目和子 Issue 进度",
+          "Daemon 持久化 UUID 身份——CLI 和桌面应用共用同一个 daemon，跨重启和机器迁移保持一致",
+          "唯一所有者退出工作区的前置检查",
+          "评论折叠状态跨会话持久化",
+        ],
+        fixes: [
+          "Agent 现在在任意 Issue 状态下都会响应评论触发",
+          "修复 Codex 沙箱在 macOS 上的网络访问配置",
+          "编辑器气泡菜单改用 @floating-ui/dom 重写，滚动时正确隐藏",
+          "Autopilot 创建者自动订阅其生成的 Issue",
+          "Autopilot run-only 任务正确解析工作区 ID",
+          "桌面应用 `shell.openExternal` 限制仅允许 http/https 协议（安全）",
+          "重名 Agent 创建返回 409 而非静默失败",
+          "桌面应用新建标签页继承当前工作区",
+        ],
+      },
       {
         version: "0.2.1",
         date: "2026-04-16",

apps/web/next.config.ts

@@ -6,6 +6,7 @@ import { resolve } from "path";
 config({ path: resolve(__dirname, "../../.env") });
 
 const remoteApiUrl = process.env.REMOTE_API_URL || "http://localhost:8080";
+const docsUrl = process.env.DOCS_URL || "http://localhost:4000";
 
 // Parse hostnames from CORS_ALLOWED_ORIGINS so that Next.js dev server
 // allows cross-origin HMR / webpack requests (e.g. from Tailscale IPs).
@@ -32,24 +33,39 @@ const nextConfig: NextConfig = {
     qualities: [75, 80, 85],
   },
   async rewrites() {
-    return [
-      {
-        source: "/api/:path*",
-        destination: `${remoteApiUrl}/api/:path*`,
-      },
-      {
-        source: "/ws",
-        destination: `${remoteApiUrl}/ws`,
-      },
-      {
-        source: "/auth/:path*",
-        destination: `${remoteApiUrl}/auth/:path*`,
-      },
-      {
-        source: "/uploads/:path*",
-        destination: `${remoteApiUrl}/uploads/:path*`,
-      },
-    ];
+    return {
+      // Run before file-system routes so /docs isn't shadowed by the
+      // [workspaceSlug] dynamic segment.
+      beforeFiles: [
+        {
+          source: "/docs",
+          destination: `${docsUrl}/docs`,
+        },
+        {
+          source: "/docs/:path*",
+          destination: `${docsUrl}/docs/:path*`,
+        },
+      ],
+      afterFiles: [
+        {
+          source: "/api/:path*",
+          destination: `${remoteApiUrl}/api/:path*`,
+        },
+        {
+          source: "/ws",
+          destination: `${remoteApiUrl}/ws`,
+        },
+        {
+          source: "/auth/:path*",
+          destination: `${remoteApiUrl}/auth/:path*`,
+        },
+        {
+          source: "/uploads/:path*",
+          destination: `${remoteApiUrl}/uploads/:path*`,
+        },
+      ],
+      fallback: [],
+    };
   },
 };
 

apps/web/test/helpers.tsx

@@ -59,6 +59,7 @@ export const mockAgents: Agent[] = [
     custom_env_redacted: false,
     visibility: "workspace",
     max_concurrent_tasks: 3,
+    model: "",
     owner_id: null,
     skills: [],
     created_at: "2026-01-01T00:00:00Z",

docker-compose.selfhost.yml

@@ -21,6 +21,7 @@ services:
       - "${POSTGRES_PORT:-5432}:5432"
     volumes:
       - pgdata:/var/lib/postgresql/data
+    restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-multica} -d ${POSTGRES_DB:-multica}"]
       interval: 5s
@@ -55,7 +56,9 @@ services:
       CLOUDFRONT_KEY_PAIR_ID: ${CLOUDFRONT_KEY_PAIR_ID:-}
       CLOUDFRONT_PRIVATE_KEY: ${CLOUDFRONT_PRIVATE_KEY:-}
       COOKIE_DOMAIN: ${COOKIE_DOMAIN:-}
+      APP_ENV: ${APP_ENV:-production}
       MULTICA_APP_URL: ${MULTICA_APP_URL:-http://localhost:3000}
+    restart: unless-stopped
 
   frontend:
     build:
@@ -71,6 +74,7 @@ services:
       - "${FRONTEND_PORT:-3000}:3000"
     environment:
       HOSTNAME: "0.0.0.0"
+    restart: unless-stopped
 
 volumes:
   pgdata:

docs/analytics.md

@@ -0,0 +1,207 @@
+# Product Analytics
+
+This document is the source of truth for the analytics events Multica ships
+to PostHog. Events feed the acquisition → activation → expansion funnel that
+drives our weekly Active Workspaces (WAW) north-star metric.
+
+See [MUL-1122](https://github.com/multica-ai/multica) for the design context.
+
+## Configuration
+
+All analytics shipping is toggled by environment variables (see `.env.example`):
+
+| Variable | Meaning | Default |
+|---|---|---|
+| `POSTHOG_API_KEY` | PostHog project API key. Empty = no events are shipped. | `""` |
+| `POSTHOG_HOST` | PostHog host (US or EU cloud, or self-hosted URL). | `https://us.i.posthog.com` |
+| `ANALYTICS_DISABLED` | Set to `true`/`1` to force the no-op client even when `POSTHOG_API_KEY` is set. | `""` |
+
+Local dev and self-hosted instances run with `POSTHOG_API_KEY=""`, so **no
+events leave the process unless the operator explicitly opts in**.
+
+### Self-hosted instances
+
+Self-hosters should **never inherit a Multica-issued `POSTHOG_API_KEY`** —
+that would route their users' behavior to our analytics project. The
+defaults guarantee this:
+
+- `.env.example` ships `POSTHOG_API_KEY=` empty. The Docker self-host
+  compose does not set a default either.
+- With the key unset, `NewFromEnv` returns `NoopClient` and logs
+  `analytics: POSTHOG_API_KEY not set, using noop client` at startup — a
+  visible confirmation that nothing is shipped.
+- Operators who want their own analytics can set `POSTHOG_API_KEY` and
+  `POSTHOG_HOST` to point at their own PostHog project (Cloud or
+  self-hosted PostHog).
+- The frontend receives the key via `/api/config` (planned for PR 2), so
+  self-hosts' blank server config also disables frontend event shipping
+  automatically — no separate frontend opt-out plumbing required.
+
+## Architecture
+
+```
+handler → analytics.Client.Capture(Event)   ← non-blocking, returns immediately
+                    │
+                    ▼
+           bounded queue (1024 events)
+                    │
+                    ▼
+     background worker: batch + POST /batch/
+                    │
+                    ▼
+                PostHog
+```
+
+- `analytics.Capture` is **never allowed to block a request handler**. A
+  broken backend must not degrade the product — when the queue is full,
+  events are dropped and counted (visible via `slog` + the `dropped` counter
+  on shutdown).
+- Batches flush either when `BatchSize` is reached or every `FlushEvery`
+  (default 10 s), whichever comes first.
+- `Close()` drains remaining events during graceful shutdown. Called from
+  `server/cmd/server/main.go` via `defer`.
+
+## Identity model
+
+- **`distinct_id`** — always the user's UUID for logged-in events. The
+  frontend's `posthog.identify(user.id)` merges any prior anonymous events
+  under the same identity, so acquisition attribution (UTM / referrer) stays
+  intact across signup.
+- **`workspace_id`** — added to every event as a property when present. v1
+  uses event property filtering (free tier) rather than PostHog Groups
+  Analytics (paid) to compute workspace-level metrics.
+- **PII** — events carry `email_domain` (e.g. `gmail.com`), not the full
+  email. Full email is stored once in person properties via `$set_once` so
+  it's available for individual debugging but not broadcast with every
+  event.
+
+## Event contract
+
+### `signup`
+
+Fires when a new user is created. Covers both verification-code and Google
+OAuth entry points (`findOrCreateUser` is the single emission site).
+
+| Property | Type | Description |
+|---|---|---|
+| `email_domain` | string | Lower-cased domain portion of the user's email. |
+| `signup_source` | string | Opaque attribution bundle from the frontend cookie `multica_signup_source` (UTM + referrer). Empty when the cookie is absent. |
+| `auth_method` | string | Optional. `"google"` for Google OAuth signups. Absent for verification-code signups. |
+
+Person properties set with `$set_once`:
+
+| Property | Type | Description |
+|---|---|---|
+| `email` | string | Full email. Never broadcast per-event. |
+| `signup_source` | string | Same as above; kept on the person for later segmentation. |
+
+### `workspace_created`
+
+Fires after a `CreateWorkspace` transaction commits successfully.
+
+| Property | Type | Description |
+|---|---|---|
+| `workspace_id` | string (UUID) | Added globally; present here for clarity. |
+
+**Note on "first workspace" segmentation** — we deliberately do *not* stamp
+an `is_first_workspace` boolean at emit time. Computing it correctly would
+require an extra column or transaction-scoped logic that still races under
+concurrent creates. Instead, PostHog answers the same question exactly by
+looking at whether the user has a prior `workspace_created` event (use a
+funnel with "first time user does X" or a cohort on
+`person_properties.$initial_event`). No information is lost.
+
+### `runtime_registered`
+
+Fires the first time a `(workspace_id, daemon_id, provider)` tuple is
+upserted. Heartbeats and repeat registrations never re-emit. First-time
+detection uses Postgres `xmax = 0` on the upsert RETURNING clause — no
+extra query, no race.
+
+| Property | Type | Description |
+|---|---|---|
+| `runtime_id` | string (UUID) | The newly created agent_runtime row id. |
+| `provider` | string | e.g. `"codex"`, `"claude"`. |
+| `runtime_version` | string | Version of the agent runtime binary. |
+| `cli_version` | string | Version of the `multica` CLI that registered it. |
+
+`distinct_id` is the authenticated owner's user id when the daemon was
+registered via a member's JWT/PAT; daemon-token registrations fall back to
+`workspace:<workspace_id>` so PostHog doesn't bucket unrelated daemons
+under a single "anonymous" person.
+
+### `issue_executed`
+
+Fires **at most once per issue** — when the first task on that issue
+reaches terminal `done` state. Backed by an atomic
+`UPDATE issue SET first_executed_at = now() WHERE id = $1 AND first_executed_at IS NULL RETURNING *`;
+retries, re-assignments, and comment-triggered follow-up tasks all hit the
+WHERE clause and no-op, so the `≥1 / ≥2 / ≥5 / ≥10` funnel buckets count
+distinct issues, not tasks.
+
+| Property | Type | Description |
+|---|---|---|
+| `issue_id` | string (UUID) | |
+| `task_duration_ms` | int64 | Wall-clock time between `task.started_at` and `task.completed_at`. Zero when the task was created in a completed state (rare). |
+
+`distinct_id` prefers the issue's human creator so agent-executed events
+flow into the issue-author's person profile (same place `signup` and
+`workspace_created` land). Agent-created issues prefix with `agent:` to
+keep PostHog from merging the agent into a user record.
+
+**Note on workspace-Nth ordinals** — we deliberately do *not* stamp
+`nth_issue_for_workspace` at emit time. Computing it correctly would
+require either a serialised transaction or an advisory lock per workspace;
+two concurrent first-completions could otherwise both read `count=1` and
+emit `n=1`. PostHog answers the same question at query time via
+`row_number() OVER (PARTITION BY properties.workspace_id ORDER BY timestamp)`,
+and funnel steps of the form "workspace has had ≥2 `issue_executed`
+events" are expressible without the property. No information is lost.
+
+### `team_invite_sent`
+
+Fires from `CreateInvitation` after the DB row is written.
+
+| Property | Type | Description |
+|---|---|---|
+| `invited_email_domain` | string | Lower-cased domain; full email lives in the invitation row, not the event. |
+| `invite_method` | string | Currently always `"email"`. Future non-email invite flows (share link, SCIM) should pass their own value. |
+
+`distinct_id` is the inviter's user id.
+
+### `team_invite_accepted`
+
+Fires from `AcceptInvitation` after both the invitation row is marked
+accepted and the member row is inserted in the same transaction.
+
+| Property | Type | Description |
+|---|---|---|
+| `days_since_invite` | int64 | Whole days from invitation creation to acceptance. Lets us segment "accepted same day" (warm) from "dug out of email weeks later" (cold). |
+
+`distinct_id` is the invitee's user id — this is the event that closes the
+expansion funnel.
+
+### Frontend-only events
+
+- `$pageview` — fired by `apps/web/components/pageview-tracker.tsx` on
+  every Next.js App Router path or query-string change. The tracker
+  mounts once under `WebProviders` and drives the acquisition funnel's
+  `/ → signup` step. posthog-js's automatic pageview capture is
+  disabled in `initAnalytics` so we own the event shape.
+- Attribution is NOT a separate event; UTM + referrer origin are written
+  to the `multica_signup_source` cookie on the first anonymous pageview
+  and read by the backend's `signup` emission. The cookie carries a JSON
+  payload URL-encoded at write time (`encodeURIComponent`) and
+  URL-decoded at read time (`url.QueryUnescape`) — the JSON is never
+  mid-truncated; individual values are capped at 96 chars before
+  `JSON.stringify`, and the entire payload is dropped if it still exceeds
+  512 chars. That way PostHog sees either intact JSON or nothing at all.
+
+## Governance
+
+Before adding, renaming, or removing any event:
+
+1. Update this document first.
+2. Update `server/internal/analytics/events.go` constants and helpers to
+   match.
+3. PR description must state which existing funnel / insight is affected.

docs/codex-sandbox-troubleshooting.md

@@ -0,0 +1,107 @@
+# Codex sandbox troubleshooting (macOS `no such host`)
+
+This doc explains the failure mode that caused [MUL-963][mul-963] and the
+matrix the daemon now follows when writing Codex's per-task `config.toml`.
+
+[mul-963]: https://multica-api.copilothub.ai/issues/28c34ad2-102a-4f46-91ac-336ed78c5859
+
+## Symptom fingerprint
+
+| Error text                                                    | Likely cause                                                                    |
+| ------------------------------------------------------------- | ------------------------------------------------------------------------------- |
+| `dial tcp: lookup HOST: no such host`                         | **Codex Seatbelt sandbox blocking DNS** (macOS, `workspace-write` mode). |
+| `dial tcp IP:PORT: connect: connection refused`               | Server/daemon not running on that port (app-level, not sandbox).                |
+| `dial tcp IP:PORT: i/o timeout`                               | Container-level network policy or firewall (not Codex sandbox).                 |
+| `x509: certificate signed by unknown authority`               | TLS/CA issue, unrelated.                                                        |
+
+If you see `no such host` *inside a Codex session on macOS* but `curl https://multica-api.copilothub.ai` from a plain shell on the same machine works, you are hitting the Seatbelt bug below.
+
+## Root cause
+
+Upstream issue: [openai/codex#10390][codex-10390]. On macOS, Codex's Seatbelt
+profile for `sandbox_mode = "workspace-write"` silently ignores the
+`[sandbox_workspace_write] network_access = true` setting. The seatbelt
+policy hard-codes `CODEX_SANDBOX_NETWORK_DISABLED=1`, which blocks DNS/UDP
+syscalls. Go's `net.LookupHost` surfaces that as `no such host`.
+
+Linux (Landlock) is **not** affected — only macOS Seatbelt.
+
+[codex-10390]: https://github.com/openai/codex/issues/10390
+
+## What the daemon does now
+
+The daemon writes a *multica-managed* block into each task's
+`$CODEX_HOME/config.toml`, delimited by `# BEGIN multica-managed` /
+`# END multica-managed` markers. Anything outside the markers is left
+untouched so users can still tune Codex behavior.
+
+Decision matrix (see [`server/internal/daemon/execenv/codex_sandbox.go`](../server/internal/daemon/execenv/codex_sandbox.go)):
+
+| Host OS   | Codex version                                    | Managed block emits                                                       |
+| --------- | ------------------------------------------------ | ------------------------------------------------------------------------- |
+| non-darwin | any                                              | `sandbox_mode = "workspace-write"` + `sandbox_workspace_write.network_access = true` (dotted-key form) |
+| darwin    | ≥ `CodexDarwinNetworkAccessFixedVersion`         | same as above (upstream fix in effect)                                    |
+| darwin    | older / unknown (current default)                | `sandbox_mode = "danger-full-access"` + warn-level log                     |
+
+The managed block is always hoisted to the top of `config.toml` and uses
+TOML dotted-key syntax rather than a `[sandbox_workspace_write]` section
+header. Both are load-bearing: if the block sat after a user table like
+`[permissions.multica]`, a bare `sandbox_mode = "..."` line would be parsed
+as `permissions.multica.sandbox_mode` and Codex would silently ignore it.
+
+`CodexDarwinNetworkAccessFixedVersion` is an empty string today, meaning *no
+known fixed release yet*. Bump it once a tagged Codex release includes the
+upstream fix.
+
+When the daemon falls back to `danger-full-access`, it logs at `WARN`:
+
+```
+codex sandbox: falling back to danger-full-access on macOS
+  reason=codex on macOS: seatbelt ignores sandbox_workspace_write.network_access (openai/codex#10390) ...
+  codex_version=0.121.0
+  hint=upgrade Codex CLI (e.g. `brew upgrade codex` or `npm i -g @openai/codex`) ...
+  config_path=/.../codex-home/config.toml
+```
+
+## Quick self-check commands
+
+From the host shell (outside the sandbox):
+
+```bash
+# Is the Multica API reachable at all?
+curl -sSf https://multica-api.copilothub.ai/healthz
+```
+
+From inside a Codex session (after the daemon writes its config):
+
+```bash
+multica issue list --limit 1 --output json >/dev/null && echo OK
+```
+
+If the host curl works but the Codex-session call fails with `no such host`,
+the sandbox is the culprit; confirm the daemon picked the right policy by
+looking at the managed block in `$CODEX_HOME/config.toml`.
+
+## Options and trade-offs
+
+- **A. Domain-scoped `permissions` profile** (tight): when the upstream
+  `network_access` fix is available, prefer writing a `permissions.multica`
+  profile that allows only `multica-api.copilothub.ai` and
+  `multica-static.copilothub.ai`. Keeps filesystem sandbox intact.
+- **B. `danger-full-access`** (current macOS fallback): drops the whole
+  Seatbelt profile. Simplest reliable workaround until the upstream fix is
+  released.
+- **C. Upgrade Codex CLI**: `brew upgrade codex` or `npm i -g @openai/codex`.
+  Once a release containing [openai/codex#10390][codex-10390] is installed,
+  bump `CodexDarwinNetworkAccessFixedVersion` in `codex_sandbox.go` and
+  option A/the workspace-write path takes over automatically.
+
+## If you need to hand-verify
+
+```bash
+# Inspect the managed block the daemon wrote for a given task.
+sed -n '/# BEGIN multica-managed/,/# END multica-managed/p' \
+  ~/multica_workspaces/$WORKSPACE_ID/$TASK_SHORT/codex-home/config.toml
+```
+
+The block is idempotent — re-running a task rewrites it in place.

packages/core/analytics/index.ts

@@ -0,0 +1,208 @@
+// Frontend analytics glue. Thin wrapper over posthog-js.
+//
+// The source-of-truth event catalog is `docs/analytics.md`. This module only
+// handles the two things the backend can't do itself: attribution capture on
+// first anonymous pageview, and person-identity merge on login. Every funnel
+// event (signup, workspace_created, runtime_registered, issue_executed,
+// invite_sent, invite_accepted) is emitted server-side — see
+// `server/internal/analytics`.
+//
+// Configuration comes from the backend's `/api/config` response (populated
+// from POSTHOG_API_KEY on the server), NOT from NEXT_PUBLIC_* envs. That
+// keeps self-hosted Docker images from leaking our project key — their
+// backend returns an empty key and this module stays inert.
+
+import posthog from "posthog-js";
+
+const SIGNUP_SOURCE_COOKIE = "multica_signup_source";
+// Per-value cap keeps a long utm_content from blowing the budget. We drop
+// the entire cookie if the JSON still exceeds the overall limit — partial
+// JSON is worse than no attribution because PostHog can't parse it.
+const SIGNUP_SOURCE_VALUE_MAX_LEN = 96;
+const SIGNUP_SOURCE_MAX_LEN = 512;
+const UTM_KEYS = [
+  "utm_source",
+  "utm_medium",
+  "utm_campaign",
+  "utm_content",
+  "utm_term",
+] as const;
+
+let initialized = false;
+// auth-initializer fetches /api/config and /api/me in parallel — on a
+// slow-config path, identify() can fire before initAnalytics(). Buffer the
+// most recent pending identify (only one matters, since it's per-session)
+// and flush it inside initAnalytics.
+let pendingIdentify: { userId: string; props?: Record<string, unknown> } | null = null;
+// Likewise pageviews: the initial "/" pageview is the anchor of the
+// acquisition funnel, and the Next.js router fires it on mount before the
+// config fetch resolves. We keep the first pending pageview so that step
+// doesn't silently drop.
+let pendingPageview: string | undefined | null = null;
+
+export interface AnalyticsConfig {
+  key: string;
+  host: string;
+}
+
+/**
+ * Initialize posthog-js if a key is present. Safe to call multiple times;
+ * subsequent calls with the same config are no-ops.
+ *
+ * Returns `true` when analytics is actually running; `false` when disabled
+ * (no key, SSR, or already initialized with a conflicting key — which we
+ * treat as "use the existing instance").
+ */
+export function initAnalytics(config: AnalyticsConfig | null | undefined): boolean {
+  if (typeof window === "undefined") return false;
+  if (!config?.key) return false;
+  if (initialized) return true;
+
+  posthog.init(config.key, {
+    api_host: config.host || "https://us.i.posthog.com",
+    // person_profiles=identified_only keeps anonymous drive-by traffic off
+    // the billed events until they actually identify, which aligns with how
+    // our funnel is set up: signup is the first real funnel step.
+    person_profiles: "identified_only",
+    // Turn off every on-by-default auto-capture surface. Our funnel is
+    // narrow and explicit (the events in docs/analytics.md + a manual
+    // $pageview). Autocapture floods the Activity view with anonymous
+    // "clicked button" / "clicked link" noise, burns the billed event
+    // budget, and risks capturing user-typed content in input values.
+    // Turn things back on deliberately if we ever want them.
+    capture_pageview: false,
+    autocapture: false,
+    capture_heatmaps: false,
+    capture_dead_clicks: false,
+    capture_exceptions: false,
+    disable_session_recording: true,
+    disable_surveys: true,
+  });
+  initialized = true;
+
+  // Flush any identify() that arrived before init resolved.
+  if (pendingIdentify) {
+    posthog.identify(pendingIdentify.userId, pendingIdentify.props);
+    pendingIdentify = null;
+  }
+  // And any first pageview we captured while config was loading.
+  if (pendingPageview !== null) {
+    posthog.capture("$pageview", pendingPageview ? { $current_url: pendingPageview } : undefined);
+    pendingPageview = null;
+  }
+  return true;
+}
+
+/**
+ * Merge the current anonymous session into the logged-in person. Must be
+ * called exactly once per auth transition (login / session-resume). Pulling
+ * attribution properties into person_properties on identify is how we keep
+ * UTM / referrer on the user profile without re-emitting them per event.
+ *
+ * Calls before initAnalytics() are buffered — auth-initializer fetches
+ * config and user in parallel, so identify can arrive first.
+ */
+export function identify(userId: string, userProperties?: Record<string, unknown>): void {
+  if (!initialized) {
+    pendingIdentify = { userId, props: userProperties };
+    return;
+  }
+  posthog.identify(userId, userProperties);
+}
+
+/**
+ * Clear the client-side identity on logout so the next login merges cleanly
+ * and doesn't bleed the previous user's events into a new session.
+ */
+export function resetAnalytics(): void {
+  pendingIdentify = null;
+  pendingPageview = null;
+  if (!initialized) return;
+  posthog.reset();
+}
+
+/**
+ * Capture a page view. Call once per client-side navigation. We disable
+ * posthog's automatic pageview tracking in init() so this module owns the
+ * event shape — that makes it trivial to add properties (e.g. workspace
+ * slug) without fighting the SDK.
+ *
+ * Calls before initAnalytics() buffer the most-recent path so the first
+ * pageview isn't dropped on slow /api/config fetches. Subsequent pre-init
+ * pageviews overwrite the buffer; after init flushes, every navigation
+ * captures synchronously as expected.
+ */
+export function capturePageview(path?: string): void {
+  if (!initialized) {
+    pendingPageview = path ?? "";
+    return;
+  }
+  posthog.capture("$pageview", path ? { $current_url: path } : undefined);
+}
+
+/**
+ * On the very first anonymous pageview in a browser session, read UTM +
+ * referrer and stash them in a cookie that the backend reads during signup.
+ *
+ * Never use raw `document.referrer` as attribution — it can leak OAuth
+ * callback URLs with `code` / `state` in the query string. We keep only the
+ * referrer's origin (scheme + host), which is what a funnel actually needs.
+ *
+ * This cookie is what `signup_source` in the backend's signup event reads
+ * from; both fields are intentionally opaque JSON so the schema can evolve
+ * without a backend deploy.
+ */
+export function captureSignupSource(): void {
+  if (typeof window === "undefined" || typeof document === "undefined") return;
+  if (readCookie(SIGNUP_SOURCE_COOKIE)) return;
+
+  const source: Record<string, string> = {};
+  const cap = (v: string) =>
+    v.length > SIGNUP_SOURCE_VALUE_MAX_LEN ? v.slice(0, SIGNUP_SOURCE_VALUE_MAX_LEN) : v;
+
+  try {
+    const params = new URLSearchParams(window.location.search);
+    for (const key of UTM_KEYS) {
+      const v = params.get(key);
+      if (v) source[key] = cap(v);
+    }
+  } catch {
+    // URL APIs unavailable — skip silently.
+  }
+
+  const refOrigin = safeReferrerOrigin(document.referrer);
+  if (refOrigin) source.referrer_origin = cap(refOrigin);
+
+  if (Object.keys(source).length === 0) return;
+
+  const payload = JSON.stringify(source);
+  // Drop rather than mid-JSON truncate — a half-string would fail to parse
+  // on the backend and the attribution would be worse than missing.
+  if (payload.length > SIGNUP_SOURCE_MAX_LEN) return;
+
+  // 30-day expiry covers the typical signup consideration window. Lax is
+  // the right default — the cookie is only consumed by same-origin auth.
+  const maxAge = 60 * 60 * 24 * 30;
+  document.cookie = `${SIGNUP_SOURCE_COOKIE}=${encodeURIComponent(payload)}; path=/; max-age=${maxAge}; samesite=lax`;
+}
+
+function safeReferrerOrigin(referrer: string): string {
+  if (!referrer) return "";
+  try {
+    const url = new URL(referrer);
+    if (url.origin === window.location.origin) return "";
+    return url.origin;
+  } catch {
+    return "";
+  }
+}
+
+function readCookie(name: string): string {
+  if (typeof document === "undefined") return "";
+  const prefix = `${name}=`;
+  const parts = document.cookie ? document.cookie.split("; ") : [];
+  for (const part of parts) {
+    if (part.startsWith(prefix)) return decodeURIComponent(part.slice(prefix.length));
+  }
+  return "";
+}

packages/core/api/client.ts

@@ -35,6 +35,7 @@ import type {
   RuntimeHourlyActivity,
   RuntimePing,
   RuntimeUpdate,
+  RuntimeModelListRequest,
   TimelineEntry,
   AssigneeFrequencyEntry,
   TaskMessagePayload,
@@ -470,6 +471,17 @@ export class ApiClient {
     return this.fetch(`/api/runtimes/${runtimeId}/update/${updateId}`);
   }
 
+  async initiateListModels(runtimeId: string): Promise<RuntimeModelListRequest> {
+    return this.fetch(`/api/runtimes/${runtimeId}/models`, { method: "POST" });
+  }
+
+  async getListModelsResult(
+    runtimeId: string,
+    requestId: string,
+  ): Promise<RuntimeModelListRequest> {
+    return this.fetch(`/api/runtimes/${runtimeId}/models/${requestId}`);
+  }
+
   async listAgentTasks(agentId: string): Promise<AgentTask[]> {
     return this.fetch(`/api/agents/${agentId}/tasks`);
   }
@@ -530,7 +542,11 @@ export class ApiClient {
   }
 
   // App Config
-  async getConfig(): Promise<{ cdn_domain: string }> {
+  async getConfig(): Promise<{
+    cdn_domain: string;
+    posthog_key?: string;
+    posthog_host?: string;
+  }> {
     return this.fetch("/api/config");
   }
 

packages/core/auth/index.ts

@@ -1,5 +1,6 @@
 export { createAuthStore } from "./store";
 export type { AuthStoreOptions, AuthState } from "./store";
+export { sanitizeNextUrl } from "./utils";
 
 import type { createAuthStore as CreateAuthStoreFn } from "./store";
 

packages/core/auth/store.ts

@@ -1,5 +1,6 @@
 import { create } from "zustand";
 import type { User, StorageAdapter } from "../types";
+import { identify as identifyAnalytics, resetAnalytics } from "../analytics";
 import { ApiError, type ApiClient } from "../api/client";
 import { setCurrentWorkspace } from "../platform/workspace-storage";
 
@@ -84,6 +85,7 @@ export function createAuthStore(options: AuthStoreOptions) {
         api.setToken(token);
       }
       onLogin?.();
+      identifyAnalytics(user.id, { email: user.email, name: user.name });
       set({ user });
       return user;
     },
@@ -95,6 +97,7 @@ export function createAuthStore(options: AuthStoreOptions) {
         api.setToken(token);
       }
       onLogin?.();
+      identifyAnalytics(user.id, { email: user.email, name: user.name });
       set({ user });
       return user;
     },
@@ -104,6 +107,7 @@ export function createAuthStore(options: AuthStoreOptions) {
       api.setToken(token);
       const user = await api.getMe();
       onLogin?.();
+      identifyAnalytics(user.id, { email: user.email, name: user.name });
       set({ user, isLoading: false });
       return user;
     },
@@ -116,6 +120,7 @@ export function createAuthStore(options: AuthStoreOptions) {
       storage.removeItem("multica_token");
       api.setToken(null);
       setCurrentWorkspace(null, null);
+      resetAnalytics();
       onLogout?.();
       set({ user: null });
     },

packages/core/auth/utils.test.ts

@@ -0,0 +1,45 @@
+import { describe, expect, it } from "vitest";
+import { sanitizeNextUrl } from "./utils";
+
+describe("sanitizeNextUrl", () => {
+  it("accepts single-slash relative paths", () => {
+    expect(sanitizeNextUrl("/issues")).toBe("/issues");
+    expect(sanitizeNextUrl("/invite/123")).toBe("/invite/123");
+    expect(sanitizeNextUrl("/issues?tab=assigned#top")).toBe(
+      "/issues?tab=assigned#top",
+    );
+  });
+
+  it("returns null for null or empty input", () => {
+    expect(sanitizeNextUrl(null)).toBeNull();
+    expect(sanitizeNextUrl("")).toBeNull();
+  });
+
+  it("rejects absolute URLs", () => {
+    expect(sanitizeNextUrl("https://evil.example")).toBeNull();
+    expect(sanitizeNextUrl("http://evil.example/path")).toBeNull();
+  });
+
+  it("rejects javascript: and other non-http schemes", () => {
+    // Caught by the leading-slash rule, but named here so future edits
+    // to the regex don't silently drop protection against this vector.
+    expect(sanitizeNextUrl("javascript:alert(1)")).toBeNull();
+    expect(sanitizeNextUrl("data:text/html,<script>")).toBeNull();
+  });
+
+  it("rejects protocol-relative URLs", () => {
+    expect(sanitizeNextUrl("//evil.example")).toBeNull();
+    expect(sanitizeNextUrl("//evil.example/path")).toBeNull();
+  });
+
+  it("rejects paths containing backslashes", () => {
+    expect(sanitizeNextUrl("/\\evil.example")).toBeNull();
+    expect(sanitizeNextUrl("\\\\evil.example")).toBeNull();
+  });
+
+  it("rejects paths containing control characters", () => {
+    expect(sanitizeNextUrl("/safe\u0000bad")).toBeNull();
+    expect(sanitizeNextUrl("/safe\tbad")).toBeNull();
+    expect(sanitizeNextUrl("/safe\r\nbad")).toBeNull();
+  });
+});

packages/core/auth/utils.ts

@@ -0,0 +1,20 @@
+/**
+ * Validate a post-login redirect URL and return it only if safe to follow.
+ *
+ * Only single-slash relative paths (e.g. `/invite/abc`) are accepted. Returns
+ * `null` for unsafe or empty input — call sites decide the fallback so this
+ * helper never overloads a specific path with "user did not pass next".
+ *
+ * Rejects:
+ *   - `null` / empty string
+ *   - absolute URLs (`https://evil.com`, `javascript:alert(1)`, …)
+ *   - protocol-relative URLs (`//evil.com`)
+ *   - paths containing backslashes (Windows-style or `/\\host`)
+ *   - paths containing ASCII control characters (`\x00`–`\x1f`)
+ */
+export function sanitizeNextUrl(raw: string | null): string | null {
+  if (!raw) return null;
+  if (!raw.startsWith("/") || raw.startsWith("//")) return null;
+  if (/[\x00-\x1f\\]/.test(raw)) return null;
+  return raw;
+}

packages/core/issues/stores/view-store.ts

@@ -18,6 +18,8 @@ export interface CardProperties {
   description: boolean;
   assignee: boolean;
   dueDate: boolean;
+  project: boolean;
+  childProgress: boolean;
 }
 
 export interface ActorFilterValue {
@@ -38,6 +40,8 @@ export const CARD_PROPERTY_OPTIONS: { key: keyof CardProperties; label: string }
   { key: "description", label: "Description" },
   { key: "assignee", label: "Assignee" },
   { key: "dueDate", label: "Due date" },
+  { key: "project", label: "Project" },
+  { key: "childProgress", label: "Sub-issue progress" },
 ];
 
 export interface IssueViewState {
@@ -86,6 +90,8 @@ export const viewStoreSlice = (set: StoreApi<IssueViewState>["setState"]): Issue
     description: true,
     assignee: true,
     dueDate: true,
+    project: true,
+    childProgress: true,
   },
   listCollapsedStatuses: [],
 

packages/core/package.json

@@ -63,11 +63,13 @@
     "./logger": "./logger.ts",
     "./utils": "./utils.ts",
     "./constants/*": "./constants/*.ts",
-    "./platform": "./platform/index.ts"
+    "./platform": "./platform/index.ts",
+    "./analytics": "./analytics/index.ts"
   },
   "dependencies": {
     "@tanstack/react-query": "catalog:",
     "@tanstack/react-query-devtools": "^5.96.2",
+    "posthog-js": "catalog:",
     "zustand": "catalog:"
   },
   "peerDependencies": {

packages/core/paths/reserved-slugs.ts

@@ -28,6 +28,9 @@ export const RESERVED_SLUGS = new Set([
   // Platform / marketing routes (current + likely-future)
   "api",
   "admin",
+  "multica", // brand name — prevent impersonation workspaces
+  "www",     // hostname confusable; never a legitimate workspace slug
+  "new",     // ambiguous verb-as-slug; reserved for future global create routes
   "help",
   "about",
   "pricing",

packages/core/platform/auth-initializer.tsx

@@ -4,12 +4,19 @@ import { useEffect, type ReactNode } from "react";
 import { useQueryClient } from "@tanstack/react-query";
 import { getApi } from "../api";
 import { useAuthStore } from "../auth";
+import {
+  captureSignupSource,
+  identify as identifyAnalytics,
+  initAnalytics,
+  resetAnalytics,
+} from "../analytics";
 import { configStore } from "../config";
 import { workspaceKeys } from "../workspace/queries";
 import { createLogger } from "../logger";
 import { defaultStorage } from "./storage";
 import { setCurrentWorkspace } from "./workspace-storage";
 import type { StorageAdapter } from "../types/storage";
+import type { User } from "../types";
 
 const logger = createLogger("auth");
 
@@ -31,10 +38,34 @@ export function AuthInitializer({
   useEffect(() => {
     const api = getApi();
 
-    // Fetch app config (CDN domain, etc.) in the background — non-blocking.
-    api.getConfig().then((cfg) => {
-      if (cfg.cdn_domain) configStore.getState().setCdnDomain(cfg.cdn_domain);
-    }).catch(() => { /* config is optional — legacy file card matching degrades gracefully */ });
+    // Stamp attribution before anything else — the signup event (server-side)
+    // reads this cookie, so it has to be present before the user hits submit.
+    captureSignupSource();
+
+    // Fetch app config (CDN domain, PostHog key, …) in the background — non-blocking.
+    api
+      .getConfig()
+      .then((cfg) => {
+        if (cfg.cdn_domain) configStore.getState().setCdnDomain(cfg.cdn_domain);
+        if (cfg.posthog_key) {
+          initAnalytics({ key: cfg.posthog_key, host: cfg.posthog_host || "" });
+        }
+      })
+      .catch(() => {
+        /* config is optional — legacy file card matching degrades gracefully */
+      });
+
+    const onAuthSuccess = (user: User) => {
+      onLogin?.();
+      useAuthStore.setState({ user, isLoading: false });
+      identifyAnalytics(user.id, { email: user.email, name: user.name });
+    };
+
+    const onAuthFailure = () => {
+      onLogout?.();
+      resetAnalytics();
+      useAuthStore.setState({ user: null, isLoading: false });
+    };
 
     if (cookieAuth) {
       // Cookie mode: the HttpOnly cookie is sent automatically by the browser.
@@ -46,14 +77,12 @@ export function AuthInitializer({
       // selection here.
       Promise.all([api.getMe(), api.listWorkspaces()])
         .then(([user, wsList]) => {
-          onLogin?.();
-          useAuthStore.setState({ user, isLoading: false });
+          onAuthSuccess(user);
           qc.setQueryData(workspaceKeys.list(), wsList);
         })
         .catch((err) => {
           logger.error("cookie auth init failed", err);
-          onLogout?.();
-          useAuthStore.setState({ user: null, isLoading: false });
+          onAuthFailure();
         });
       return;
     }
@@ -70,8 +99,7 @@ export function AuthInitializer({
 
     Promise.all([api.getMe(), api.listWorkspaces()])
       .then(([user, wsList]) => {
-        onLogin?.();
-        useAuthStore.setState({ user, isLoading: false });
+        onAuthSuccess(user);
         // Seed React Query cache so the URL-driven layout can resolve the
         // slug without a second fetch.
         qc.setQueryData(workspaceKeys.list(), wsList);
@@ -81,8 +109,7 @@ export function AuthInitializer({
         api.setToken(null);
         setCurrentWorkspace(null, null);
         storage.removeItem("multica_token");
-        onLogout?.();
-        useAuthStore.setState({ user: null, isLoading: false });
+        onAuthFailure();
       });
   }, []);
 

packages/core/runtimes/hooks.ts

@@ -28,6 +28,11 @@ function runtimeNeedsUpdate(
   if (rt.runtime_mode !== "local") return false;
   // Only show to the user who owns this runtime.
   if (rt.owner_id !== userId) return false;
+  // Desktop-managed runtimes are updated by the Desktop app's own auto-updater;
+  // the platform should not surface CLI update prompts for them.
+  if (rt.metadata && rt.metadata.launched_by === "desktop") {
+    return false;
+  }
   const cliVersion =
     rt.metadata && typeof rt.metadata.cli_version === "string"
       ? rt.metadata.cli_version

packages/core/runtimes/index.ts

@@ -1,3 +1,4 @@
 export * from "./queries";
 export * from "./mutations";
 export * from "./hooks";
+export * from "./models";

packages/core/runtimes/models.ts

@@ -0,0 +1,52 @@
+import { queryOptions } from "@tanstack/react-query";
+import { api } from "../api";
+import type { RuntimeModelsResult } from "../types/agent";
+
+export const runtimeModelsKeys = {
+  all: () => ["runtimes", "models"] as const,
+  forRuntime: (runtimeId: string) =>
+    [...runtimeModelsKeys.all(), runtimeId] as const,
+};
+
+const POLL_INTERVAL_MS = 500;
+const POLL_TIMEOUT_MS = 30_000;
+
+// resolveRuntimeModels initiates a list-models request against the daemon
+// (via heartbeat piggyback) and polls until the daemon reports back or
+// the request times out. Returns both the models list and a
+// `supported` flag: `supported=false` means the provider ignores
+// per-agent model selection entirely (hermes today) — the UI uses
+// this to disable its dropdown instead of accepting a value that
+// wouldn't be honoured at runtime.
+export async function resolveRuntimeModels(
+  runtimeId: string,
+): Promise<RuntimeModelsResult> {
+  const initial = await api.initiateListModels(runtimeId);
+  const start = Date.now();
+  let current = initial;
+  while (current.status === "pending" || current.status === "running") {
+    if (Date.now() - start > POLL_TIMEOUT_MS) {
+      throw new Error("model discovery timed out");
+    }
+    await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));
+    current = await api.getListModelsResult(runtimeId, initial.id);
+  }
+  if (current.status === "failed" || current.status === "timeout") {
+    throw new Error(current.error || "model discovery failed");
+  }
+  return { models: current.models ?? [], supported: current.supported };
+}
+
+export function runtimeModelsOptions(runtimeId: string | null | undefined) {
+  return queryOptions({
+    queryKey: runtimeId
+      ? runtimeModelsKeys.forRuntime(runtimeId)
+      : runtimeModelsKeys.all(),
+    queryFn: () => resolveRuntimeModels(runtimeId as string),
+    enabled: Boolean(runtimeId),
+    // Models rarely change; cache for 60s to match the server-side
+    // cache in agent.ListModels.
+    staleTime: 60_000,
+    retry: false,
+  });
+}

packages/core/types/agent.ts

@@ -11,6 +11,7 @@ export interface RuntimeDevice {
   name: string;
   runtime_mode: AgentRuntimeMode;
   provider: string;
+  launch_header: string;
   status: "online" | "offline";
   device_info: string;
   metadata: Record<string, unknown>;
@@ -53,6 +54,7 @@ export interface Agent {
   visibility: AgentVisibility;
   status: AgentStatus;
   max_concurrent_tasks: number;
+  model: string;
   owner_id: string | null;
   skills: Skill[];
   created_at: string;
@@ -72,6 +74,7 @@ export interface CreateAgentRequest {
   custom_args?: string[];
   visibility?: AgentVisibility;
   max_concurrent_tasks?: number;
+  model?: string;
 }
 
 export interface UpdateAgentRequest {
@@ -86,6 +89,7 @@ export interface UpdateAgentRequest {
   visibility?: AgentVisibility;
   status?: AgentStatus;
   max_concurrent_tasks?: number;
+  model?: string;
 }
 
 // Skills
@@ -186,3 +190,36 @@ export interface RuntimeUpdate {
   created_at: string;
   updated_at: string;
 }
+
+export interface RuntimeModel {
+  id: string;
+  label: string;
+  provider?: string;
+  default?: boolean;
+}
+
+export type RuntimeModelListStatus =
+  | "pending"
+  | "running"
+  | "completed"
+  | "failed"
+  | "timeout";
+
+export interface RuntimeModelListRequest {
+  id: string;
+  runtime_id: string;
+  status: RuntimeModelListStatus;
+  models?: RuntimeModel[];
+  supported: boolean;
+  error?: string;
+  created_at: string;
+  updated_at: string;
+}
+
+// Result shape returned by resolveRuntimeModels — includes the
+// "supported" bit so the UI can distinguish "no models discovered"
+// from "provider does not honour per-agent model selection".
+export interface RuntimeModelsResult {
+  models: RuntimeModel[];
+  supported: boolean;
+}

packages/core/types/index.ts

@@ -20,6 +20,10 @@ export type {
   RuntimePingStatus,
   RuntimeUpdate,
   RuntimeUpdateStatus,
+  RuntimeModel,
+  RuntimeModelListRequest,
+  RuntimeModelListStatus,
+  RuntimeModelsResult,
   IssueUsageSummary,
 } from "./agent";
 export type { Workspace, WorkspaceRepo, Member, MemberRole, User, MemberWithUser, Invitation } from "./workspace";

packages/views/agents/components/agent-detail.tsx

@@ -178,6 +178,7 @@ export function AgentDetail({
         {activeTab === "custom_args" && (
           <CustomArgsTab
             agent={agent}
+            runtimeDevice={runtimeDevice}
             onSave={(updates) => onUpdate(agent.id, updates)}
           />
         )}

packages/views/agents/components/agents-page.tsx

@@ -24,11 +24,10 @@ import { AgentListItem } from "./agent-list-item";
 import { AgentDetail } from "./agent-detail";
 
 export function AgentsPage() {
-  const isLoading = useAuthStore((s) => s.isLoading);
   const currentUser = useAuthStore((s) => s.user);
   const qc = useQueryClient();
   const wsId = useWorkspaceId();
-  const { data: agents = [] } = useQuery(agentListOptions(wsId));
+  const { data: agents = [], isLoading } = useQuery(agentListOptions(wsId));
   const [selectedId, setSelectedId] = useState<string>("");
   const [showArchived, setShowArchived] = useState(false);
   const [showCreate, setShowCreate] = useState(false);

packages/views/agents/components/create-agent-dialog.tsx

@@ -4,6 +4,7 @@ import { useState, useEffect, useMemo } from "react";
 import { Cloud, ChevronDown, Globe, Lock, Loader2 } from "lucide-react";
 import { ProviderLogo } from "../../runtimes/components/provider-logo";
 import { ActorAvatar } from "../../common/actor-avatar";
+import { ModelDropdown } from "./model-dropdown";
 import type {
   AgentVisibility,
   RuntimeDevice,
@@ -48,6 +49,7 @@ export function CreateAgentDialog({
   const [name, setName] = useState("");
   const [description, setDescription] = useState("");
   const [visibility, setVisibility] = useState<AgentVisibility>("private");
+  const [model, setModel] = useState("");
   const [creating, setCreating] = useState(false);
   const [runtimeOpen, setRuntimeOpen] = useState(false);
   const [runtimeFilter, setRuntimeFilter] = useState<RuntimeFilter>("mine");
@@ -89,6 +91,7 @@ export function CreateAgentDialog({
         description: description.trim(),
         runtime_id: selectedRuntime.id,
         visibility,
+        model: model.trim() || undefined,
       });
       onClose();
     } catch (err) {
@@ -275,6 +278,14 @@ export function CreateAgentDialog({
               </PopoverContent>
             </Popover>
           </div>
+
+          <ModelDropdown
+            runtimeId={selectedRuntime?.id ?? null}
+            runtimeOnline={selectedRuntime?.status === "online"}
+            value={model}
+            onChange={setModel}
+            disabled={!selectedRuntime}
+          />
         </div>
 
         <DialogFooter>

packages/views/agents/components/model-dropdown.tsx

@@ -0,0 +1,252 @@
+"use client";
+
+import { useEffect, useMemo, useState } from "react";
+import { useQuery } from "@tanstack/react-query";
+import { ChevronDown, Cpu, Loader2, Plus, Check, Info } from "lucide-react";
+import { runtimeModelsOptions } from "@multica/core/runtimes";
+import type { RuntimeModel } from "@multica/core/types";
+import {
+  Popover,
+  PopoverTrigger,
+  PopoverContent,
+} from "@multica/ui/components/ui/popover";
+import { Input } from "@multica/ui/components/ui/input";
+import { Label } from "@multica/ui/components/ui/label";
+
+// ModelDropdown renders a searchable, creatable model picker for an agent.
+// It fetches the supported-model catalog from the selected runtime — the
+// daemon enumerates models on demand via heartbeat piggyback. Providers
+// that don't honour per-agent model selection at runtime (currently
+// hermes) return supported=false, and the dropdown renders disabled
+// with an explanation instead of silently accepting a value the
+// backend would ignore.
+export function ModelDropdown({
+  runtimeId,
+  runtimeOnline,
+  value,
+  onChange,
+  disabled,
+}: {
+  runtimeId: string | null;
+  runtimeOnline: boolean;
+  value: string;
+  onChange: (value: string) => void;
+  disabled?: boolean;
+}) {
+  const [open, setOpen] = useState(false);
+  const [search, setSearch] = useState("");
+
+  const modelsQuery = useQuery(
+    runtimeModelsOptions(runtimeOnline ? runtimeId : null),
+  );
+
+  const supported = modelsQuery.data?.supported ?? true;
+  const models = modelsQuery.data?.models ?? [];
+  const defaultModel = useMemo(() => models.find((m) => m.default), [models]);
+  const grouped = useMemo(() => groupByProvider(models), [models]);
+
+  // When the selected runtime reports it doesn't support per-agent
+  // model selection, clear any previously-saved value so we don't
+  // persist a ghost configuration that never takes effect.
+  useEffect(() => {
+    if (!supported && value !== "") {
+      onChange("");
+    }
+  }, [supported, value, onChange]);
+
+  const filtered = useMemo(() => {
+    if (!search.trim()) return grouped;
+    const needle = search.toLowerCase();
+    const out: Record<string, RuntimeModel[]> = {};
+    for (const [provider, list] of Object.entries(grouped)) {
+      const matches = list.filter(
+        (m) =>
+          m.id.toLowerCase().includes(needle) ||
+          m.label.toLowerCase().includes(needle),
+      );
+      if (matches.length > 0) out[provider] = matches;
+    }
+    return out;
+  }, [grouped, search]);
+
+  const trimmedSearch = search.trim();
+  const exactMatch = models.some(
+    (m) => m.id === trimmedSearch || m.label === trimmedSearch,
+  );
+  const canCreate = trimmedSearch.length > 0 && !exactMatch;
+
+  const select = (id: string) => {
+    onChange(id);
+    setOpen(false);
+    setSearch("");
+  };
+
+  const triggerLabel =
+    value ||
+    (disabled
+      ? "Select a runtime first"
+      : runtimeOnline
+        ? defaultModel
+          ? `Default — ${defaultModel.label}`
+          : "Default (provider)"
+        : "Runtime offline — enter manually");
+
+  if (!supported && !modelsQuery.isLoading) {
+    // Provider doesn't honour per-agent model selection — show a
+    // clearly-disabled state so the user knows why the control is
+    // inert. (Hermes reads its model from ~/.hermes/.env.)
+    return (
+      <div className="min-w-0">
+        <Label className="text-xs text-muted-foreground">Model</Label>
+        <div className="mt-1.5 flex items-start gap-2 rounded-lg border border-dashed border-border bg-muted/30 px-3 py-2.5 text-sm text-muted-foreground">
+          <Info className="mt-0.5 h-4 w-4 shrink-0" />
+          <div className="min-w-0">
+            <div>Model selection is managed by this runtime.</div>
+            <div className="mt-0.5 text-xs">
+              Configure the model on the runtime host (e.g. Hermes reads it
+              from its own config file).
+            </div>
+          </div>
+        </div>
+      </div>
+    );
+  }
+
+  return (
+    <div className="min-w-0">
+      <div className="flex items-center justify-between">
+        <Label className="text-xs text-muted-foreground">Model</Label>
+        {modelsQuery.isError && (
+          <span className="text-xs text-muted-foreground">discovery failed</span>
+        )}
+      </div>
+      <Popover open={open} onOpenChange={setOpen}>
+        <PopoverTrigger
+          disabled={disabled}
+          className="flex w-full min-w-0 items-center gap-3 rounded-lg border border-border bg-background px-3 py-2.5 mt-1.5 text-left text-sm transition-colors hover:bg-muted disabled:pointer-events-none disabled:opacity-50"
+        >
+          <Cpu className="h-4 w-4 shrink-0 text-muted-foreground" />
+          <div className="min-w-0 flex-1">
+            <div className="truncate font-medium">
+              {triggerLabel}
+            </div>
+            {value && (
+              <div className="truncate text-xs text-muted-foreground">
+                {modelLabel(models, value)}
+              </div>
+            )}
+          </div>
+          <ChevronDown
+            className={`h-4 w-4 shrink-0 text-muted-foreground transition-transform ${open ? "rotate-180" : ""}`}
+          />
+        </PopoverTrigger>
+        <PopoverContent
+          align="start"
+          className="w-[var(--anchor-width)] p-0 overflow-hidden"
+        >
+          <div className="border-b border-border p-2">
+            <Input
+              autoFocus
+              placeholder="Search or type a model ID"
+              value={search}
+              onChange={(e) => setSearch(e.target.value)}
+              className="h-8"
+            />
+          </div>
+          <div className="max-h-72 overflow-y-auto p-1">
+            {modelsQuery.isLoading && (
+              <div className="flex items-center gap-2 px-3 py-6 text-sm text-muted-foreground">
+                <Loader2 className="h-4 w-4 animate-spin" />
+                Discovering models…
+              </div>
+            )}
+
+            {!modelsQuery.isLoading &&
+              Object.entries(filtered).map(([provider, list]) => (
+                <div key={provider} className="mb-1">
+                  {provider && (
+                    <div className="px-2 pt-1.5 pb-0.5 text-xs font-medium uppercase tracking-wide text-muted-foreground">
+                      {provider}
+                    </div>
+                  )}
+                  {list.map((m) => (
+                    <button
+                      key={m.id}
+                      onClick={() => select(m.id)}
+                      className={`flex w-full items-center gap-2 rounded-md px-3 py-2 text-left text-sm transition-colors ${
+                        m.id === value ? "bg-accent" : "hover:bg-accent/50"
+                      }`}
+                    >
+                      <div className="min-w-0 flex-1">
+                        <div className="flex items-center gap-1.5">
+                          <span className="truncate font-medium">{m.label}</span>
+                          {m.default && (
+                            <span className="shrink-0 rounded bg-primary/10 px-1.5 py-0.5 text-xs font-medium text-primary">
+                              default
+                            </span>
+                          )}
+                        </div>
+                        {m.label !== m.id && (
+                          <div className="truncate text-xs text-muted-foreground">
+                            {m.id}
+                          </div>
+                        )}
+                      </div>
+                      {m.id === value && (
+                        <Check className="h-4 w-4 shrink-0 text-primary" />
+                      )}
+                    </button>
+                  ))}
+                </div>
+              ))}
+
+            {!modelsQuery.isLoading &&
+              Object.keys(filtered).length === 0 &&
+              !canCreate && (
+                <div className="px-3 py-6 text-center text-sm text-muted-foreground">
+                  No models available.
+                </div>
+              )}
+
+            {canCreate && (
+              <button
+                onClick={() => select(trimmedSearch)}
+                className="flex w-full items-center gap-2 rounded-md px-3 py-2 text-left text-sm text-primary transition-colors hover:bg-accent/50"
+              >
+                <Plus className="h-4 w-4 shrink-0" />
+                <span className="truncate">
+                  Use “{trimmedSearch}”
+                </span>
+              </button>
+            )}
+
+            {value && (
+              <button
+                onClick={() => select("")}
+                className="mt-1 flex w-full items-center gap-2 border-t border-border px-3 py-2 text-left text-xs text-muted-foreground transition-colors hover:bg-accent/50"
+              >
+                Clear selection (use provider default)
+              </button>
+            )}
+          </div>
+        </PopoverContent>
+      </Popover>
+    </div>
+  );
+}
+
+function groupByProvider(models: RuntimeModel[]): Record<string, RuntimeModel[]> {
+  const out: Record<string, RuntimeModel[]> = {};
+  for (const m of models) {
+    const key = m.provider ?? "";
+    if (!out[key]) out[key] = [];
+    out[key].push(m);
+  }
+  return out;
+}
+
+function modelLabel(models: RuntimeModel[], id: string): string {
+  const found = models.find((m) => m.id === id);
+  if (!found) return "custom";
+  return found.provider ? found.provider : "model";
+}

packages/views/agents/components/tabs/custom-args-tab.tsx

@@ -7,7 +7,8 @@ import {
   Plus,
   Trash2,
 } from "lucide-react";
-import type { Agent } from "@multica/core/types";
+import type { Agent, RuntimeDevice } from "@multica/core/types";
+import { createSafeId } from "@multica/core/utils";
 import { Button } from "@multica/ui/components/ui/button";
 import { Input } from "@multica/ui/components/ui/input";
 import { Label } from "@multica/ui/components/ui/label";
@@ -19,7 +20,7 @@ interface ArgEntry {
 }
 
 function argsToEntries(args: string[]): ArgEntry[] {
-  return args.map((value) => ({ id: crypto.randomUUID(), value }));
+  return args.map((value) => ({ id: createSafeId(), value }));
 }
 
 function entriesToArgs(entries: ArgEntry[]): string[] {
@@ -28,9 +29,11 @@ function entriesToArgs(entries: ArgEntry[]): string[] {
 
 export function CustomArgsTab({
   agent,
+  runtimeDevice,
   onSave,
 }: {
   agent: Agent;
+  runtimeDevice?: RuntimeDevice;
   onSave: (updates: Partial<Agent>) => Promise<void>;
 }) {
   const [entries, setEntries] = useState<ArgEntry[]>(
@@ -43,7 +46,7 @@ export function CustomArgsTab({
   const dirty = JSON.stringify(currentArgs) !== JSON.stringify(originalArgs);
 
   const addEntry = () => {
-    setEntries([...entries, { id: crypto.randomUUID(), value: "" }]);
+    setEntries([...entries, { id: createSafeId(), value: "" }]);
   };
 
   const removeEntry = (index: number) => {
@@ -68,6 +71,8 @@ export function CustomArgsTab({
     }
   };
 
+  const launchHeader = runtimeDevice?.launch_header;
+
   return (
     <div className="max-w-lg space-y-4">
       <div className="flex items-center justify-between">
@@ -76,9 +81,17 @@ export function CustomArgsTab({
             Custom Arguments
           </Label>
           <p className="text-xs text-muted-foreground mt-0.5">
-            Additional CLI arguments appended to the agent command at launch
-            (e.g. --model claude-sonnet-4-20250514)
+            Additional CLI arguments appended to the agent command at launch.
+            Supported flags depend on the agent's CLI.
           </p>
+          {launchHeader && (
+            <p className="mt-2 text-xs text-muted-foreground">
+              Launch mode:{" "}
+              <code className="rounded bg-muted px-1 py-0.5 font-mono text-[11px]">
+                {launchHeader} &lt;your args&gt;
+              </code>
+            </p>
+          )}
         </div>
         <Button
           type="button"
@@ -98,7 +111,7 @@ export function CustomArgsTab({
               <Input
                 value={entry.value}
                 onChange={(e) => updateEntry(index, e.target.value)}
-                placeholder="--model claude-sonnet-4-20250514"
+                placeholder="--flag value"
                 className="flex-1 font-mono text-xs"
               />
               <button

packages/views/agents/components/tabs/settings-tab.tsx

@@ -23,6 +23,7 @@ import { api } from "@multica/core/api";
 import { useFileUpload } from "@multica/core/hooks/use-file-upload";
 import { ActorAvatar } from "../../../common/actor-avatar";
 import { ProviderLogo } from "../../../runtimes/components/provider-logo";
+import { ModelDropdown } from "../model-dropdown";
 
 type RuntimeFilter = "mine" | "all";
 
@@ -44,6 +45,7 @@ export function SettingsTab({
   const [visibility, setVisibility] = useState<AgentVisibility>(agent.visibility);
   const [maxTasks, setMaxTasks] = useState(agent.max_concurrent_tasks);
   const [selectedRuntimeId, setSelectedRuntimeId] = useState(agent.runtime_id);
+  const [model, setModel] = useState(agent.model ?? "");
   const [runtimeOpen, setRuntimeOpen] = useState(false);
   const [runtimeFilter, setRuntimeFilter] = useState<RuntimeFilter>("mine");
   const [saving, setSaving] = useState(false);
@@ -90,7 +92,8 @@ export function SettingsTab({
     description !== (agent.description ?? "") ||
     visibility !== agent.visibility ||
     maxTasks !== agent.max_concurrent_tasks ||
-    selectedRuntimeId !== agent.runtime_id;
+    selectedRuntimeId !== agent.runtime_id ||
+    model !== (agent.model ?? "");
 
   const handleSave = async () => {
     if (!name.trim()) {
@@ -106,6 +109,7 @@ export function SettingsTab({
         visibility,
         max_concurrent_tasks: maxTasks,
         runtime_id: selectedRuntimeId,
+        model,
       });
       toast.success("Settings saved");
     } catch {
@@ -321,6 +325,14 @@ export function SettingsTab({
         </Popover>
       </div>
 
+      <ModelDropdown
+        runtimeId={selectedRuntime?.id ?? null}
+        runtimeOnline={selectedRuntime?.status === "online"}
+        value={model}
+        onChange={setModel}
+        disabled={!selectedRuntime}
+      />
+
       <Button onClick={handleSave} disabled={!dirty || saving} size="sm">
         {saving ? <Loader2 className="h-3.5 w-3.5 mr-1.5 animate-spin" /> : <Save className="h-3.5 w-3.5 mr-1.5" />}
         Save Changes

packages/views/agents/components/tabs/tasks-tab.test.tsx

@@ -0,0 +1,175 @@
+// @vitest-environment jsdom
+
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { render, screen, waitFor } from "@testing-library/react";
+import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
+import type { Agent, AgentTask, Issue } from "@multica/core/types";
+
+const mockListAgentTasks = vi.hoisted(() => vi.fn());
+const mockListIssues = vi.hoisted(() => vi.fn());
+
+vi.mock("@multica/core/hooks", () => ({
+  useWorkspaceId: () => "ws-1",
+}));
+
+vi.mock("@multica/core/paths", async () => {
+  const actual = await vi.importActual<typeof import("@multica/core/paths")>(
+    "@multica/core/paths",
+  );
+  return {
+    ...actual,
+    useWorkspacePaths: () => actual.paths.workspace("test"),
+  };
+});
+
+vi.mock("@multica/core/api", () => ({
+  api: {
+    listAgentTasks: (...args: unknown[]) => mockListAgentTasks(...args),
+    listIssues: (...args: unknown[]) => mockListIssues(...args),
+  },
+}));
+
+vi.mock("../../../navigation", () => ({
+  AppLink: ({ children, href, ...props }: any) => (
+    <a href={href} {...props}>
+      {children}
+    </a>
+  ),
+}));
+
+import { TasksTab } from "./tasks-tab";
+
+const agent: Agent = {
+  id: "agent-1",
+  workspace_id: "ws-1",
+  runtime_id: "runtime-1",
+  name: "Agent",
+  description: "",
+  instructions: "",
+  avatar_url: null,
+  runtime_mode: "local",
+  runtime_config: {},
+  custom_env: {},
+  custom_args: [],
+  custom_env_redacted: false,
+  visibility: "workspace",
+  status: "idle",
+  max_concurrent_tasks: 1,
+  model: "",
+  owner_id: null,
+  skills: [],
+  created_at: "2026-04-16T00:00:00Z",
+  updated_at: "2026-04-16T00:00:00Z",
+  archived_at: null,
+  archived_by: null,
+};
+
+function renderTasksTab(tasks: AgentTask[], issues: Issue[]) {
+  mockListAgentTasks.mockResolvedValue(tasks);
+  mockListIssues.mockImplementation(
+    ({ open_only, status }: { open_only?: boolean; status?: string }) =>
+      Promise.resolve({
+        issues: open_only ? issues : status === "done" ? [] : [],
+        total: open_only ? issues.length : 0,
+      }),
+  );
+
+  const queryClient = new QueryClient({
+    defaultOptions: {
+      queries: {
+        retry: false,
+      },
+    },
+  });
+
+  return render(
+    <QueryClientProvider client={queryClient}>
+      <TasksTab agent={agent} />
+    </QueryClientProvider>,
+  );
+}
+
+describe("TasksTab", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("uses workspace-scoped issue detail paths when issue data is loaded", async () => {
+    renderTasksTab(
+      [
+        {
+          id: "task-1",
+          agent_id: "agent-1",
+          runtime_id: "runtime-1",
+          issue_id: "issue-1",
+          status: "queued",
+          priority: 1,
+          dispatched_at: null,
+          started_at: null,
+          completed_at: null,
+          result: null,
+          error: null,
+          created_at: "2026-04-16T00:00:00Z",
+        },
+      ],
+      [
+        {
+          id: "issue-1",
+          workspace_id: "ws-1",
+          number: 1,
+          identifier: "MUL-1",
+          title: "Fix agent task routing",
+          description: "",
+          status: "todo",
+          priority: "medium",
+          assignee_type: null,
+          assignee_id: null,
+          creator_type: "member",
+          creator_id: "user-1",
+          parent_issue_id: null,
+          project_id: null,
+          position: 1,
+          due_date: null,
+          created_at: "2026-04-16T00:00:00Z",
+          updated_at: "2026-04-16T00:00:00Z",
+        },
+      ],
+    );
+
+    const title = await screen.findByText("Fix agent task routing");
+    const link = title.closest("a");
+
+    expect(link?.getAttribute("href")).toBe("/test/issues/issue-1");
+  });
+
+  it("keeps task rows clickable when the issue is missing from the list query", async () => {
+    renderTasksTab(
+      [
+        {
+          id: "task-2",
+          agent_id: "agent-1",
+          runtime_id: "runtime-1",
+          issue_id: "12345678-fallback",
+          status: "completed",
+          priority: 1,
+          dispatched_at: null,
+          started_at: null,
+          completed_at: "2026-04-16T01:00:00Z",
+          result: null,
+          error: null,
+          created_at: "2026-04-16T00:00:00Z",
+        },
+      ],
+      [],
+    );
+
+    await waitFor(() => {
+      expect(mockListAgentTasks).toHaveBeenCalledWith("agent-1");
+    });
+
+    const title = await screen.findByText("Issue 12345678...");
+    const link = title.closest("a");
+
+    expect(link?.getAttribute("href")).toBe("/test/issues/12345678-fallback");
+  });
+});

packages/views/agents/components/tabs/tasks-tab.tsx

@@ -6,14 +6,17 @@ import type { Agent, AgentTask } from "@multica/core/types";
 import { Skeleton } from "@multica/ui/components/ui/skeleton";
 import { api } from "@multica/core/api";
 import { useWorkspaceId } from "@multica/core/hooks";
+import { useWorkspacePaths } from "@multica/core/paths";
 import { issueListOptions } from "@multica/core/issues/queries";
 import { useQuery } from "@tanstack/react-query";
+import { AppLink } from "../../../navigation";
 import { taskStatusConfig } from "../../config";
 
 export function TasksTab({ agent }: { agent: Agent }) {
   const [tasks, setTasks] = useState<AgentTask[]>([]);
   const [loading, setLoading] = useState(true);
   const wsId = useWorkspaceId();
+  const paths = useWorkspacePaths();
   const { data: issues = [] } = useQuery(issueListOptions(wsId));
 
   useEffect(() => {
@@ -82,18 +85,16 @@ export function TasksTab({ agent }: { agent: Agent }) {
             const issue = issueMap.get(task.issue_id);
             const isActive = task.status === "running" || task.status === "dispatched";
             const isRunning = task.status === "running";
+            const rowClassName = `flex items-center gap-3 rounded-lg border px-4 py-3 transition-shadow hover:shadow-sm ${
+              isRunning
+                ? "border-success/40 bg-success/5"
+                : task.status === "dispatched"
+                  ? "border-info/40 bg-info/5"
+                  : ""
+            }`;
 
-            return (
-              <div
-                key={task.id}
-                className={`flex items-center gap-3 rounded-lg border px-4 py-3 ${
-                  isRunning
-                    ? "border-success/40 bg-success/5"
-                    : task.status === "dispatched"
-                      ? "border-info/40 bg-info/5"
-                      : ""
-                }`}
-              >
+            const content = (
+              <>
                 <Icon
                   className={`h-4 w-4 shrink-0 ${config.color} ${
                     isRunning ? "animate-spin" : ""
@@ -110,7 +111,7 @@ export function TasksTab({ agent }: { agent: Agent }) {
                       {issue?.title ?? `Issue ${task.issue_id.slice(0, 8)}...`}
                     </span>
                   </div>
-                  <div className="text-xs text-muted-foreground mt-0.5">
+                  <div className="mt-0.5 text-xs text-muted-foreground">
                     {isRunning && task.started_at
                       ? `Started ${new Date(task.started_at).toLocaleString()}`
                       : task.status === "dispatched" && task.dispatched_at
@@ -125,7 +126,17 @@ export function TasksTab({ agent }: { agent: Agent }) {
                 <span className={`shrink-0 text-xs font-medium ${config.color}`}>
                   {config.label}
                 </span>
-              </div>
+              </>
+            );
+
+            return (
+              <AppLink
+                key={task.id}
+                href={paths.issueDetail(task.issue_id)}
+                className={`${rowClassName} text-foreground no-underline hover:no-underline`}
+              >
+                {content}
+              </AppLink>
             );
           })}
         </div>

packages/views/autopilots/components/autopilot-detail-page.tsx

@@ -1,7 +1,7 @@
 "use client";
 
 import { useState, useEffect } from "react";
-import { Zap, Play, Pause, Clock, Plus, Trash2, CheckCircle2, XCircle, Loader2, Pencil } from "lucide-react";
+import { Zap, Play, Clock, Plus, Trash2, CheckCircle2, XCircle, Loader2, Pencil } from "lucide-react";
 import { useQuery } from "@tanstack/react-query";
 import { autopilotDetailOptions, autopilotRunsOptions } from "@multica/core/autopilots/queries";
 import {
@@ -20,6 +20,7 @@ import { PageHeader } from "../../layout/page-header";
 import { ActorAvatar } from "../../common/actor-avatar";
 import { Skeleton } from "@multica/ui/components/ui/skeleton";
 import { Button } from "@multica/ui/components/ui/button";
+import { Switch } from "@multica/ui/components/ui/switch";
 import { cn } from "@multica/ui/lib/utils";
 import { toast } from "sonner";
 import {
@@ -51,9 +52,9 @@ function formatDate(date: string): string {
   });
 }
 
-const RUN_STATUS_CONFIG: Record<string, { label: string; color: string; icon: typeof CheckCircle2 }> = {
+const RUN_STATUS_CONFIG: Record<string, { label: string; color: string; icon: typeof CheckCircle2; spin?: boolean }> = {
   issue_created: { label: "Issue Created", color: "text-blue-500", icon: Clock },
-  running: { label: "Running", color: "text-blue-500", icon: Loader2 },
+  running: { label: "Running", color: "text-blue-500", icon: Loader2, spin: true },
   completed: { label: "Completed", color: "text-emerald-500", icon: CheckCircle2 },
   failed: { label: "Failed", color: "text-destructive", icon: XCircle },
 };
@@ -65,7 +66,7 @@ function RunRow({ run }: { run: AutopilotRun }) {
 
   const content = (
     <>
-      <StatusIcon className={cn("h-4 w-4 shrink-0", cfg.color)} />
+      <StatusIcon className={cn("h-4 w-4 shrink-0", cfg.color, cfg.spin && "animate-spin")} />
       <span className={cn("w-24 shrink-0 text-xs font-medium", cfg.color)}>{cfg.label}</span>
       <span className="w-16 shrink-0 text-xs text-muted-foreground capitalize">{run.source}</span>
       <span className="flex-1 min-w-0 text-xs text-muted-foreground truncate">
@@ -384,9 +385,39 @@ export function AutopilotDetailPage({ autopilotId }: { autopilotId: string }) {
 
   if (isLoading) {
     return (
-      <div className="p-6 space-y-4">
-        <Skeleton className="h-8 w-64" />
-        <Skeleton className="h-40 w-full" />
+      <div className="flex h-full flex-col">
+        <div className="flex h-12 shrink-0 items-center gap-2 border-b px-5">
+          <Skeleton className="h-4 w-4" />
+          <span className="text-muted-foreground">/</span>
+          <Skeleton className="h-4 w-32" />
+        </div>
+        <div className="flex-1 overflow-y-auto">
+          <div className="max-w-4xl mx-auto p-6 space-y-8">
+            <section className="space-y-4">
+              <Skeleton className="h-3 w-20" />
+              <div className="grid grid-cols-2 gap-4">
+                <div className="space-y-1">
+                  <Skeleton className="h-3 w-12" />
+                  <Skeleton className="h-5 w-32" />
+                </div>
+                <div className="space-y-1">
+                  <Skeleton className="h-3 w-12" />
+                  <Skeleton className="h-5 w-24" />
+                </div>
+              </div>
+            </section>
+            <section className="space-y-3">
+              <Skeleton className="h-4 w-16" />
+              <Skeleton className="h-10 w-full rounded-md" />
+            </section>
+            <section className="space-y-3">
+              <Skeleton className="h-4 w-24" />
+              {Array.from({ length: 3 }).map((_, i) => (
+                <Skeleton key={i} className="h-10 w-full" />
+              ))}
+            </section>
+          </div>
+        </div>
       </div>
     );
   }
@@ -420,9 +451,8 @@ export function AutopilotDetailPage({ autopilotId }: { autopilotId: string }) {
     }
   };
 
-  const handleToggleStatus = () => {
-    const newStatus = autopilot.status === "active" ? "paused" : "active";
-    updateAutopilot.mutate({ id: autopilotId, status: newStatus });
+  const handleToggleStatus = (checked: boolean) => {
+    updateAutopilot.mutate({ id: autopilotId, status: checked ? "active" : "paused" });
   };
 
   return (
@@ -435,27 +465,29 @@ export function AutopilotDetailPage({ autopilotId }: { autopilotId: string }) {
           </AppLink>
           <span className="text-muted-foreground">/</span>
           <h1 className="text-sm font-medium truncate">{autopilot.title}</h1>
-          <span className={cn(
-            "ml-1 inline-flex items-center gap-1 rounded px-1.5 py-0.5 text-xs font-medium",
-            autopilot.status === "active" ? "bg-emerald-500/10 text-emerald-500" :
-            autopilot.status === "paused" ? "bg-amber-500/10 text-amber-500" :
-            "bg-muted text-muted-foreground",
-          )}>
-            {autopilot.status}
-          </span>
+          <div className="ml-1 flex items-center gap-1.5">
+            <Switch
+              size="sm"
+              checked={autopilot.status === "active"}
+              onCheckedChange={handleToggleStatus}
+              disabled={autopilot.status === "archived"}
+              aria-label={autopilot.status === "active" ? "Pause autopilot" : "Activate autopilot"}
+            />
+            <span className={cn(
+              "text-xs font-medium capitalize",
+              autopilot.status === "active" ? "text-emerald-500" :
+              autopilot.status === "paused" ? "text-amber-500" :
+              "text-muted-foreground",
+            )}>
+              {autopilot.status}
+            </span>
+          </div>
         </div>
         <div className="flex items-center gap-2">
           <Button size="sm" variant="outline" onClick={() => setEditDialogOpen(true)}>
             <Pencil className="h-3.5 w-3.5 mr-1" />
             Edit
           </Button>
-          <Button size="sm" variant="outline" onClick={handleToggleStatus}>
-            {autopilot.status === "active" ? (
-              <><Pause className="h-3.5 w-3.5 mr-1" /> Pause</>
-            ) : (
-              <><Play className="h-3.5 w-3.5 mr-1" /> Activate</>
-            )}
-          </Button>
           <Button size="sm" onClick={handleRunNow} disabled={autopilot.status !== "active" || triggerAutopilot.isPending}>
             <Play className="h-3.5 w-3.5 mr-1" />
             {triggerAutopilot.isPending ? "Running..." : "Run now"}

packages/views/autopilots/components/autopilots-page.tsx

@@ -366,11 +366,21 @@ export function AutopilotsPage() {
       {/* Table */}
       <div className="flex-1 overflow-y-auto">
         {isLoading ? (
-          <div className="p-5 space-y-1">
-            {Array.from({ length: 4 }).map((_, i) => (
-              <Skeleton key={i} className="h-11 w-full" />
-            ))}
-          </div>
+          <>
+            <div className="sticky top-0 z-[1] flex h-8 items-center gap-2 border-b bg-muted/30 px-5">
+              <span className="shrink-0 w-4" />
+              <Skeleton className="h-3 w-12 flex-1 max-w-[48px]" />
+              <Skeleton className="h-3 w-12 shrink-0" />
+              <Skeleton className="h-3 w-10 shrink-0" />
+              <Skeleton className="h-3 w-10 shrink-0" />
+              <Skeleton className="h-3 w-12 shrink-0" />
+            </div>
+            <div className="p-5 pt-1 space-y-1">
+              {Array.from({ length: 4 }).map((_, i) => (
+                <Skeleton key={i} className="h-11 w-full" />
+              ))}
+            </div>
+          </>
         ) : autopilots.length === 0 ? (
           <div className="flex flex-col items-center py-16 px-5">
             <Zap className="h-10 w-10 mb-3 text-muted-foreground opacity-30" />

packages/views/autopilots/components/trigger-config.tsx

@@ -15,7 +15,7 @@ export type TriggerFrequency = "hourly" | "daily" | "weekdays" | "weekly" | "cus
 export interface TriggerConfig {
   frequency: TriggerFrequency;
   time: string; // HH:MM
-  dayOfWeek: number; // 0=Sun … 6=Sat
+  daysOfWeek: number[]; // 0=Sun … 6=Sat — used when frequency === "weekly"
   cronExpression: string; // only used when frequency === "custom"
   timezone: string; // IANA
 }
@@ -28,7 +28,7 @@ const FREQUENCIES: { value: TriggerFrequency; label: string }[] = [
   { value: "hourly", label: "Hourly" },
   { value: "daily", label: "Daily" },
   { value: "weekdays", label: "Weekdays" },
-  { value: "weekly", label: "Weekly" },
+  { value: "weekly", label: "Days" },
   { value: "custom", label: "Custom" },
 ];
 
@@ -102,12 +102,22 @@ export function getDefaultTriggerConfig(): TriggerConfig {
   return {
     frequency: "daily",
     time: "09:00",
-    dayOfWeek: 1,
+    daysOfWeek: [1],
     cronExpression: "0 9 * * 1-5",
     timezone: getLocalTimezone(),
   };
 }
 
+function sortedDays(days: number[]): number[] {
+  return [...new Set(days)].sort((a, b) => a - b);
+}
+
+function formatDayList(days: number[]): string {
+  const sorted = sortedDays(days);
+  if (sorted.length === 0) return "—";
+  return sorted.map((d) => DAYS_OF_WEEK[d]).join(", ");
+}
+
 export function toCronExpression(cfg: TriggerConfig): string {
   const [h, m] = cfg.time.split(":");
   const hour = parseInt(h ?? "9", 10);
@@ -119,8 +129,11 @@ export function toCronExpression(cfg: TriggerConfig): string {
       return `${min} ${hour} * * *`;
     case "weekdays":
       return `${min} ${hour} * * 1-5`;
-    case "weekly":
-      return `${min} ${hour} * * ${cfg.dayOfWeek}`;
+    case "weekly": {
+      const days = sortedDays(cfg.daysOfWeek);
+      const dow = days.length > 0 ? days.join(",") : "1";
+      return `${min} ${hour} * * ${dow}`;
+    }
     case "custom":
       return cfg.cronExpression;
   }
@@ -138,7 +151,7 @@ export function describeTrigger(cfg: TriggerConfig): string {
     case "weekdays":
       return `Runs weekdays at ${formatTime12h(cfg.time)} ${offset}`;
     case "weekly":
-      return `Runs every ${DAYS_OF_WEEK[cfg.dayOfWeek]} at ${formatTime12h(cfg.time)} ${offset}`;
+      return `Runs every ${formatDayList(cfg.daysOfWeek)} at ${formatTime12h(cfg.time)} ${offset}`;
     case "custom":
       return `Custom schedule: ${cfg.cronExpression}`;
   }
@@ -251,26 +264,39 @@ export function TriggerConfigSection({
             )}
           </div>
 
-          {/* Day-of-week selector for weekly */}
+          {/* Day-of-week multi-selector for weekly */}
           {config.frequency === "weekly" && (
             <div>
-              <label className="text-xs text-muted-foreground">Day</label>
+              <label className="text-xs text-muted-foreground">Days</label>
               <div className="flex gap-1 mt-1">
-                {DAYS_OF_WEEK.map((day, i) => (
-                  <button
-                    key={day}
-                    type="button"
-                    className={cn(
-                      "rounded-md px-2.5 py-1 text-xs font-medium transition-colors",
-                      config.dayOfWeek === i
-                        ? "bg-foreground text-background"
-                        : "bg-muted text-muted-foreground hover:text-foreground",
-                    )}
-                    onClick={() => onChange({ ...config, dayOfWeek: i })}
-                  >
-                    {day}
-                  </button>
-                ))}
+                {DAYS_OF_WEEK.map((day, i) => {
+                  const selected = config.daysOfWeek.includes(i);
+                  return (
+                    <button
+                      key={day}
+                      type="button"
+                      aria-pressed={selected}
+                      className={cn(
+                        "rounded-md px-2.5 py-1 text-xs font-medium transition-colors",
+                        selected
+                          ? "bg-foreground text-background"
+                          : "bg-muted text-muted-foreground hover:text-foreground",
+                      )}
+                      onClick={() => {
+                        const next = selected
+                          ? config.daysOfWeek.filter((d) => d !== i)
+                          : [...config.daysOfWeek, i];
+                        // Keep at least one day selected so the cron stays valid.
+                        onChange({
+                          ...config,
+                          daysOfWeek: next.length > 0 ? next : config.daysOfWeek,
+                        });
+                      }}
+                    >
+                      {day}
+                    </button>
+                  );
+                })}
               </div>
             </div>
           )}

packages/views/chat/components/chat-message-list.tsx

@@ -3,6 +3,7 @@
 import { useState, useRef } from "react";
 import { useQuery } from "@tanstack/react-query";
 import { cn } from "@multica/ui/lib/utils";
+import { Skeleton } from "@multica/ui/components/ui/skeleton";
 import {
   Collapsible,
   CollapsibleContent,
@@ -86,16 +87,16 @@ export function ChatMessageSkeleton() {
     <div className="flex-1 overflow-hidden">
       <div className="mx-auto w-full max-w-4xl px-5 py-4 space-y-5">
         <div className="space-y-2">
-          <div className="h-3.5 w-3/4 rounded bg-muted animate-pulse" />
-          <div className="h-3.5 w-1/2 rounded bg-muted animate-pulse" />
+          <Skeleton className="h-3.5 w-3/4" />
+          <Skeleton className="h-3.5 w-1/2" />
         </div>
         <div className="flex justify-end">
-          <div className="h-8 w-48 rounded-2xl bg-muted animate-pulse" />
+          <Skeleton className="h-8 w-48 rounded-2xl" />
         </div>
         <div className="space-y-2">
-          <div className="h-3.5 w-2/3 rounded bg-muted animate-pulse" />
-          <div className="h-3.5 w-5/6 rounded bg-muted animate-pulse" />
-          <div className="h-3.5 w-1/3 rounded bg-muted animate-pulse" />
+          <Skeleton className="h-3.5 w-2/3" />
+          <Skeleton className="h-3.5 w-5/6" />
+          <Skeleton className="h-3.5 w-1/3" />
         </div>
       </div>
     </div>